问题
What is "VPC Native" in GKE cluster?
Does "VPC Native disabled GKE cluster" restrict connecting to Cloud SQL via Private IP? We have a GKE cluster whose "VPC Native" is disabled and we have whitelisted GKE cluster in cloud sql, even post that connectivity fails.
Also, what is the recommended way to connect cloud sql from private GKE cluster? Suppose we have an application which we are migrating from AWS to GKE, we don't want to build cloud proxy.
回答1:
The VPC Native in GKE changes the way routes are established to handle pod traffic between nodes.
In fact if you compare two clusters, one using VPC-native and the other using the legacy approach, now inexplicably called “advanced routing,” you’ll find they’re pretty much identical from the inside down to the command line arguments passed to the kubelet, kube-dns and kube-proxy on startup. So you’re not going to break anything switching your workloads to a VPC-native cluster, unless you’re doing something stranger than I can currently imagine as I write this.
See this article to find more details.
what is the recommended way to connect cloud sql from private GKE cluster?
By documentation:
The Cloud SQL Proxy is the recommended way to connect to Cloud SQL, even when using private IP. This is because the proxy provides strong encryption and authentication using IAM, which can help keep your database secure.
Even you want to create a sloud sql proxy, it is the recomentation from documentation. Here you can find more details about CloudSQL connections.
As mentioned in this documentation, you need to have your GKE cluster and CLoudSQL in the same network.
For connecting using private IP, the GKE cluster must be VPC-native and in the same VPC network as the Cloud SQL instance.
来源:https://stackoverflow.com/questions/62994977/gke-vpc-native-cluster-and-connectivity-to-cloud-sql