Hey folks, I'm working on migrating our infrastructure from on-premises to the cloud using a GitOps approach (specifically ArgoCD/Flux) at a small software company. Currently, I'm testing a basic setup on Google Cloud Platform with a GKE cluster, which includes autoscaling and a couple of node pools. I've got a single VPC, one subnet, and a Cloud Router for NAT. I'm using a Classic IPsec Cloud VPN for internal reasons. Despite the VPN showing a status of 'ESTABLISHED' and having all necessary routes and firewall rules in place, I'm facing connectivity issues. I can't ping or traceroute from the GKE to my on-prem network or the other way around. I'm wondering if Classic VPN is even a viable solution for connecting GKE to on-premise networks, especially since BGP has been deprecated (as of August 2024). Any configuration tips or advice would be really appreciated! Thanks in advance! By the way, all my connectivity tests are showing green.
2 Answers
From my experience, connectivity issues like yours often stem from misconfigured firewall settings or route tables. Make sure that both the GKE nodes and your on-prem network have the necessary rules set up. It's also worth testing with different protocols just to isolate the problem. Hang in there, you'll get it sorted!
It sounds like you're really diving into the deep end with your first cloud project! Classic VPN can work for GKE to on-prem connections, but there are definitely some quirks. Make sure your firewall rules allow inbound and outbound traffic, and double-check that your routes are correctly pointing to the right targets. A missed route can easily cause those ping issues you're facing. Also, since BGP isn't in play anymore, think about any old config settings that might be hanging around. Good luck!
Yeah, classic setups can sometimes get tricky! Just ensure you're not missing any minor configuration steps. The cloud can behave differently than on-prem for sure.
Thanks for the tips! I’ll double-check the firewall rules and routes again.