Google Container Engine and VPN

Question

I wanna Google Container Engine to host some containers for development environment, and my office connects via VPN.

Question:

1. Is the IP of the Pod visible to me? or only Node is visible to me?
2. The SkyDNS maintained by kubernetes which is available for pod, is that available to me?

Suppose I have a "headless" service created. I can access that via VPN?

{
  "kind": "Service",
  "apiVersion": "v1",
  "metadata": {
    "name": "redis-stage-1"
  },
  "spec": {
    "ports": [{
      "port": 36379,
      "targetPort": 36379
    }],
    "selector": {
      "name": "redis-stage-1"
    }
  }
}

Answer 1

1. The IPs of Pods and Services are selected from the cluster CIDR range for your cluster:

   gcloud container clusters describe my-cluster | grep clusterIpv4Cidr
   

   If you configure your VPN (and probably also configure your GCP network) to forward traffic between your network and your GKE cluster, you should be able to access those IPs.

2. Once you've configured your VPN to communicate with your cluster, you can add the SkyDNS server to your resolv.conf as a secondary DNS server for access to your cluster services. For a headless service, the DNS lookup to SkyDNS should resolve to a Pod IP, which should be able to get over your VPN to your cluster.