Whats happening with internet connectivity on GKE nodes. I can reach docker hub but not www.amazon.com ? Little confused here.
I know it may seem somewhat confusing at first look as you may think that you do have access to Docker Hub. Well, in fact you don’t.
Did you try to
curl https://hub.docker.com/ ? I guess you didn’t. If you did, you’d notice that it also fails.
As you can read here:
Nodes in a private cluster do not have outbound access to the public internet. They have limited access to Google APIs and services, including Container Registry.
So, what’s actually happening here ?
You’re not pulling images directly from Docker Hub, but from a mirror of it, maintained by Google Container Registry. You can check it in a very simple way. If you pull
nginx (which equals to
nginx:latest) it works perfectly, however if you try to pull let’s say
nginx:1.14.2 it will fail. This is because GCR doesn’t keep older versions of all images available on Docker Hub. It’s also mentioned in the official docs:
You cannot fetch images directly from Docker Hub. Instead, use images hosted on Container Registry. Note that while Container Registry’s Docker Hub mirror is accessible from a private cluster, it should not be exclusively relied upon. The mirror is only a cache, so images are periodically removed, and a private cluster is not able to fall back to Docker Hub.
But I can:
$ wget https://www.google.com
Come on, you’re on GCP platform 🙂, so you’re accessing
google.com from within Google’s network and this one is probably not the best choice for testing connectivity with public internet on this specific cloud platform.
CLICK HERE to find out more related problems solutions.