I've just started using Google Kubernetes Engine (GKE) and I love it.
I spent some time getting an Internal Load Balancer working so my app has a 10.128.0.0/16 IP.
Now I am wondering, can I remove the external IP from my cluster?
All I am finding is that Google requires the external IP on the cluster and that it can't be removed. Does anyone have any experience with this?
I'm working with health data and I'm hesitant to deploy a production application into a cluster with an external IP. I think that the firewall on my project provides enough protection but I just feel wrong having system with an external IP if I intend to put individual health data into it. If you don't know the answer to the "can I remove the external IP from my cluster?" question, I would love to get some comments on that. I see GKE is Covered Product in Google's HIPAA Compliance documentation.
Best Answer
It is now possible to create a private Kubernetes cluster on GKE.
The master is inaccessible from the public internet by default and your nodes do not have any public IP addresses.
You still need to access the master, otherwise your cluster will be useless :) For that reason you need to add master authorized networks, where you assign one or more public ip addresses that are allowed to connect to the master instance.