Hi to all,
I need to add a second interface to some of the specific K8s pods on GKE that need to be accessible directly from public users on the Internet. So I used Multus with defined a Macvlan CNI.
Pods can get the IP and can talk to each other just on the same node! So, there isn’t any access to other pods on other nodes with a second interface (net1) or VMs internal IPs.
Also, I created a new IP alias (10.20.20.0/24) for K8s and used that range for Macvlan. There is a default route (10.20.20.0/24) for the new range in VPC routes too.
So, what I am missing?
How I should make the second NIC accessible from outside of nodes or Internet?
Is there any restriction policy in GCP that doesn’t let do this?
PS: I did a test with Ipvlan to find if there is a MAC restriction policy on GCP, but the result was the same.
Thanks.
pods on GKE that need to be accessible directly from public users on the Internet
You want the individual pods to be accessible on internet or you want an internet-facing LB in front of a set of pods?
So I used Multus with defined a Macvlan CNI.
MACVLAN does not work on GCP’s network fabric, as you discovered. But even if it did. I don’t quite get what you are trying to achieve. Can you step back and describe the goal?
Thank you @thockin for reply.
We have some applications that they need port ranges (for RTP protocol), so as I investigated we need to run these pods on the host mode and use direct access to overcome this lack of K8s.
I used Multus with Macvlan to add a second NIC to these pods then provide direct access from outside to the second NIC. In this case, we have an access port range on these pods and also pods have communication with other pods and services in K8s.
But it didn’t work and the second NIC is not accessible from outside of the node. I read a lot and it seems it should work! but didn’t.
Please advise if I am in the wrong way.
Hi @H_Yavari
Did you able to resolve the issue mentioned above? I am also having same problem, cannot ping pods across the node. I would appreciate if you share your experince.
Thanks.
Honestly I couldn’t find any solution and I found the GCP fabric doesn’t let to do something like that.
Hope you explore and find some hints.