Pods need internet access?
rgarcia89 opened this issue · 7 comments
Hi,
I would need to know if the pods need direct access to the internet.
Can someone please provide me that information?
Can you be a little more specific---which pods, what kind of access, what's the context for this question?
Controller pod and the pods that are created from the daemonset. Background of this question is that I want to deploy the CSI driver in a cluster that is behind a firewall and has no access to the internet. Currently there is only an exception for the kube-system namespace.
Hmm, interesting. It depends how your firewall is setup---since you're running on GCE nodes, there is always some access to the internet. The driver connects to the one platform APIs to talk to GCE persistent disk via the standard www.googleapis.com endpoint, but I'm not sure how that's going to look to your firewall.
It's possible you could test by ssh'ing into one of your VMs and running gcloud commands to create and attach disks, that may be easier to debug than deploying the driver and seeing if it works.
I am running the driver on a self-managed k8s cluster.
However no worries - I will figure it out by myself.
Still thanks and have a good weekend
Oh, it's probably not going to work then. This driver is for using GCE Persistent Disk, which are used with GCE instances.
For an on-prem case you'll need to use something specific to your infrastructure, eg vsphere.
Sorry my mistake - the cluster is of course deployed on GCE.