- I have a VPC called called gke-private which has a subnet called gke-private-1 with CIDR(10.0.0.0/22) where my gke private cluster is hosted with the name gke-private-cluster.
- I have a VM in a VPC called user-vm-private inside the subnet called user-vm-1 with CIDR 10.0.4.0/24.
- I want to access the Private GKE cluster from the VM, the peering between gke-private and user-vm-private is successful but I am not able to reach the Private GKE cluster from my VM.
- I have also added the VM subnet CIDR(10.0.4.0/24) in the Authorized networks in the control plane networking. But still I am not able to access.
- I also have been told that GKE master will be hosted in Google’s VPC and its peered with gke-private VPC but since transitive peering is not supported, I am not able to reach the GKE private IP from my VM.
- Could someone help me to solve this problem
Hi, @Dinsa3467 .
Could you also please check the following?
- Are both VPCs located in the same GCP project?
- Is Private Google Access enabled for the subnet in the both VPC?
- Have you verified that the routing configuration was automatically updated after VPC peering?
- Have you checked if any firewall rules are blocking the traffic?
- Have you tried using curl or ping to test connectivity to the GKE endpoint?
Regards,
Mokit
Hi @Dinsa3467 ,
Welcome to Google Cloud Community!
Here is a basic step-by-step troubleshooting guide for you to follow:
Your GKE control plane has a separate private IP range (masterIpv4CidrBlock) that is not inside your cluster subnet (10.0.0.0/22). You need to find this range.
Run:
gcloud container clusters describe gke-private-cluster \
–region \
–format=“value(privateClusterConfig.masterIpv4CidrBlock)”
Example output (your values will be different):
172.16.0.0/28
- Allow Firewall Rules for GKE Control Plane
Your VM must be able to talk to the GKE control plane over TCP 443.
- Allow Traffic from user-vm-private to GKE Master
gcloud compute firewall-rules create allow-vm-to-gke-master \
–network gke-private \
–allow tcp:443 \
–source-ranges=10.0.4.0/24 \
–destination-ranges=172.16.0.0/28
- Cluster Network Policies: Review the network policies defined in your GKE private cluster. There might be a policy restricting inbound traffic from the user-vm-private subnet.
- Verifying Private GKE Cluster Configuration: Verify that the Private GKE cluster gke-private-cluster is correctly configured and has a valid private IP address.
gcloud container clusters describe gke-private-cluster \
–project=[PROJECT-ID] \
–format=‘getIpv4Addresses’
- Test Connectivity: Try if you can reach the control plane, check the network routes, check firewall rules and try accessing GKE using Internal IP.
If you need further assistance, you can reach out to Google Cloud Support at any time.
Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.
Hi, Were you able to solve this issue? I am facing similiar problem