Internet connectivity for GKE nodes

Whats happening with internet connectivity on GKE nodes. I can reach docker hub but not www.amazon.com ? Little confused here.

I know it may seem somewhat confusing at first look as you may think that you do have access to Docker Hub. Well, in fact you don’t.

Did you try to curl https://hub.docker.com/ ? I guess you didn’t. If you did, you’d notice that it also fails.

As you can read here:

Nodes in a private cluster do not have outbound access to the public internet. They have limited access to Google APIs and services, including Container Registry.

So, what’s actually happening here ?

You’re not pulling images directly from Docker Hub, but from a mirror of it, maintained by Google Container Registry. You can check it in a very simple way. If you pull nginx (which equals to nginx:latest) it works perfectly, however if you try to pull let’s say nginx:1.14.2 it will fail. This is because GCR doesn’t keep older versions of all images available on Docker Hub. It’s also mentioned in the official docs:

You cannot fetch images directly from Docker Hub. Instead, use images hosted on Container Registry. Note that while Container Registry’s Docker Hub mirror is accessible from a private cluster, it should not be exclusively relied upon. The mirror is only a cache, so images are periodically removed, and a private cluster is not able to fall back to Docker Hub.

I explained it in depth some time ago in this answer so you may also want to take a look at it. It is also well explained in the official docs.

But I can:

$ wget https://www.google.com

Come on, you’re on GCP platform 🙂, so you’re accessing google.com from within Google’s network and this one is probably not the best choice for testing connectivity with public internet on this specific cloud platform.

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top