Stay organized with collections Save and categorize content based on your preferences.
A private cluster is a Virtual Private Cloud (VPC)-native cluster that only depends on internal IP addresses. This means that nodes and pods are isolated from the internet by default. This page explains how to use Cloud Code to connect to private clusters with and without public endpoint access and permit private clusters to access resources from outside Google Cloud.
For information about private clusters, see Private clusters. For steps to configure private clusters, see Creating a private cluster.
Add a private GKE cluster to your KubeConfigAdding a private cluster in Cloud Code has the following behavior:
For clusters that have the public endpoint enabled, adding the cluster sets the cluster address in the KubeConfig to the external IP.
For clusters that have the public endpoint turned off, adding the cluster sets the cluster address in the KubeConfig to be the internal VPC IP of the cluster.
To add an authorized network to an existing cluster, make sure you are connected to an authorized network, as this cluster has authorized networks enabled.
To learn more about connecting to VMs without external IP addresses, see Securely connecting to VM instances. To manage/delete the instances that you created, see VM instances.
To successfully connect to the private cluster, Cloud Code must be running on a machine in the cluster's network or be able to access the cluster's network, such as by using a proxy server, Cloud Interconnect, or Cloud VPN.
For steps to create GKE clusters in Cloud Code and add existing GKE clusters to Cloud Code, see create and configure a GKE cluster. Cloud Code opens the Google Cloud console to create your cluster.
After you create the cluster, configure Cloud NAT to enable outbound internet connections from your cluster if this was not set up during cluster creation. To manage/delete the networks that you created, see VPC networks.
Troubleshoot issues connecting to private clustersIf your dev environment isn't configured correctly to access a private cluster, recommendations about how to resolve the issue appear in the following contexts:
In the expanded Kubernetes section, clusters that Cloud Code can't connect to appear with an error icon next to the cluster name. To view possible workarounds and a longer explanation of the potential issue, click the cluster name.
When you try to run operations on a cluster that's inaccessible because of potential issues with the private cluster's configuration, a notification displays an error message with a longer explanation of the potential issue and potential workarounds.
If the control plane API isn't available publicly, such as in a GKE cluster with public endpoint turned off, you can configure Cloud Code to proxy requests to the control plane through a proxy server on the same network or VPC as the cluster:
proxy-url field. The Kubernetes view reloads to display the connected cluster.Right-click the name of a cluster you've configured for Kubernetes proxying and then click Cancel Kubectl Proxying for cluster. Cloud Code stops proxying requests for the cluster by unsetting the proxy-url field in the KubeConfig.
All configurations of GKE private clusters don't provide nodes with internet access. As a result, clusters can't reach APIs on the public internet. Clusters are automatically configured with Private Google Access, which, for example, permits clusters to pull images from Artifact Registry. APIs and image registries outside of Google Cloud are inaccessible without additional configuration to allow outbound internet connections from the nodes. To provide these connections, you can set up Cloud NAT on your VPC from Cloud Code:
Ctrl/Cmd+Shift+P or click View > Command Palette).gcloud compute routers create and gcloud beta compute routers nats create commands to specify the values for your application.Enter.To send feedback, report issues on
GitHub, or ask a question on
Stack Overflow.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-07 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["Private clusters isolate nodes and pods from the internet by default, relying on internal IP addresses within a Virtual Private Cloud (VPC)."],["Cloud Code connects to private clusters by setting the cluster address in the KubeConfig to either the external IP (if the public endpoint is enabled) or the internal VPC IP (if the public endpoint is disabled)."],["To connect to a private cluster, Cloud Code must be on a machine within the cluster's network or have network access, such as through a proxy server, Cloud Interconnect, or Cloud VPN."],["Cloud Code can configure a proxy server to route requests to a private cluster's control plane when the control plane API is not publicly available."],["Cloud Code allows the configuration of Cloud NAT to enable outbound internet connections from private clusters to access APIs and image registries outside of Google Cloud."]]],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4