GKE VPN to on-premise database

0
votes

My question here is maybe simple but I'm missing something. I have a GKE cluster and I want to connect it to an on-premise database. GKE - VPC-native cluster GKE version - 1.17.15-gke.800 POD ip range - 10.0.0.0/14
SERVICES ip range - 10.4.0.0/20

I have a cloud VPN working (policy based connection) and I have a connection from Google's network to the onpremise network. I've tested it from a test instance and from the instances of the GKE cluster. I don't have connection only from the pods. What am I missing here ?

1
google-cloud-platformgoogle-kubernetes-enginevpn
The pods should be able to call private IP addresses which are part of your VPC(and VPN) automatically if there are proper routes and firewall rules configured. Did you check if a firewall rule is blocking the traffic?dishant makwana
Need to agree with a comment from dishant makwana, Also, please tell if there are any database restrictions and if the on-premise database IP doesn't overlap other networks.Dawid Kruk
@MilenTsvetkov glad that you found the solution. Please provide your comment as an answer to this question for better visibility and future readers.Dawid Kruk

1 Answers

1
votes

I managed to find the right answer:

Egress traffic from GKE Pod through VPN

Got it from here, I needed to enable Network Policy for master + nodes and then used the ip-masq-agent config to create a Configmap, then you must delete the pods of ip-masq-agent and when they come up with the new config everything is working fine.