I'm working in DevOps at a small software company and we're migrating our infrastructure from on-prem to the cloud using a GitOps approach with tools like ArgoCD and Flux. For testing purposes, I'm setting up a simple environment on Google Cloud Platform (GCP) which includes a GKE cluster with autoscaling (2-3 node pools), a VPC, a single subnet, and a Cloud Router for NAT. I'm using a Classic IPsec Cloud VPN due to some internal requirements. The VPN status shows "ESTABLISHED" and I've set the necessary routes and firewall rules. However, I'm unable to connect between GKE and my on-prem network – pings fail and traceroutes stop responding after the first hop. I'm wondering if Classic VPN is even suitable for GKE and on-prem connectivity considering BGP was deprecated recently. Any advice or configuration tips?
2 Answers
It sounds like you're dealing with a tricky setup. Classic VPN can work, but it does have limitations. Make sure your routes are accurately configured; sometimes it’s a minor setting that causes the hiccup. Double-check your firewall rules as well, as they can block traffic if not set properly. Also ensure that your GKE cluster has proper permissions to access the VPN. Connectivity issues often come from overlooked details. Good luck!
Honestly, Classic VPN can lead to a lot of issues, especially if you're transitioning from on-prem to cloud. Have you thought about using a different VPN solution? Sometimes, people switch to Cloud VPN or even other solutions for better compatibility with GKE. Just a thought!
Thanks for the suggestion! I'm still getting the hang of GCP, but I'll definitely consider switching VPN types if this keeps being a pain.
That’s good advice! I went through a similar issue and found that adjusting the firewall rules made a big difference for our VPN connections.