How to allow nodes of one GKE cluster to connect to another GKE

0
votes

I have a GKE clusters setup, dev and stg let's say, and wanted apps running in pods on stg nodes to connect to dev master and execute some commands on that's GKE - I have all the setup I need and when I add from hand IP address of the nodes all works fine but the IP's are changing,

so my question is how can I add to Master authorised networks the ever-changing default-pool IPs of nodes from the other cluster?

EDIT: I think I found the solution, it's not the node IP but the NAT IP I have added to authorized networks, so assuming I don't change those I just need to add the NAT I guess, unless someone knows better solution ?

2
kubernetesgoogle-cloud-platformgoogle-kubernetes-engine
Could you clarify if you have multiple GKE clusters setup or multiple namespaces. Also, what kind of commands to you want issued by pods on stg? Are these Kubernetes API commands or app-to-app commands? Could you give an example?Shawlz
I had deployed Jenkins on one cluster, and he spawned agent which executed some commands on the other cluster - automatic rollback, deployment etc. so pod from node on 1 cluster tell kube-master of another cluster to do some stuffCptDolphin

2 Answers

2
votes

I'm not sure that you are doing the correct things. In kubernetes, your communication is performed between services, that represents deployed pods, on one or several nodes.

When you communicate with the outside, you reach an endpoint (an API or a specific port). The endpoint is materialized by a loadbalancer that routes the traffic.

Only the kubernetes master care about the node as resources (CPU, memory, GPU,...) provider inside the cluster. You should never have to directly reach the node of a cluster without using the standard way.

Potentially you can reach the NodePort service exposal on the NodeIP+servicePort.

1
votes

What you really need to do is configure the kubectl in jenkins pipeline to connect to GKE Master IP. The master is responsible for accepting your commands (rollback, deployment, etc). See Configuring cluster access for kubectl

The Master IP is available in the Kubernetes Engine console along with the Certificate Authority certificate. A good approach is to use a service account token to authenticate with the master. See how to Login to GKE via service account with token.