Accessing GCP Internal Load Balancer from another region

Question

I need to access an internal application running on GKE Nginx Ingress service riding on Internal Load Balancer, from another GCP region.

I am fully aware that it is

Answer 1

First of all, note that the only way to connect any GCP resource (in this case your GKE cluster) from an on premise location, it’s either through a Cloud Interconnect or VPN set up, which actually they must be in the same region and VPC to be able to communicate with each other.

Having said that, I see you won’t like to do that under the same VPC, therefore a workaround for your scenario could be:

• Creating a Service of type LoadBalancer, so your cluster can be reachable through and external (public) IP by exposing this service. If you are worried about the security, you can use Istio to enforce access policies for example.

• Or, to create an HTTP(S) load balancing with Ingress, so your cluster can be reachable through its external (public) IP. Where again, for security purposes you can use GCP Cloud Armor which actually so far works only for HTTP(S) Load Balancing.