In this lab you will configure the network between node0 and node1 to ensure cross host connectivity. You will also ensure containers can communicate across hosts and reach the internet.
gcloud compute routes create default-route-10-200-0-0-24 \
--destination-range 10.200.0.0/24 \
--next-hop-instance node0
gcloud compute routes create default-route-10-200-1-0-24 \
--destination-range 10.200.1.0/24 \
--next-hop-instance node1
gcloud compute routes list
gcloud compute firewall-rules create default-allow-kubernetes-secure \
--allow tcp:6443 \
--source-ranges 0.0.0.0/0
gcloud compute firewall-rules create default-allow-local-api \
--allow tcp:8080 \
--source-ranges 10.200.0.0/16
By default GCE will not route traffic to the internet for the container subnet. In this section we will configure NAT to workaround the issue.
gcloud compute ssh node0
sudo iptables -t nat -A POSTROUTING ! -d 10.0.0.0/8 -o ens4v1 -j MASQUERADE
gcloud compute ssh node1
sudo iptables -t nat -A POSTROUTING ! -d 10.0.0.0/8 -o ens4v1 -j MASQUERADE
gcloud compute ssh node0
docker run -t -i --rm busybox /bin/sh
ip -f inet addr show eth0
gcloud compute ssh node1
docker run -t -i --rm busybox /bin/sh
ping -c 3 10.200.0.2
ping -c 3 google.com
Exit both busybox instances.