This page describes the Network Analyzer insights for Google Kubernetes Engine (GKE) on-premises to control plane connectivity. For information about all the insight types, see Insight groups and types.
View insights in the Recommender API
To view these insights in the Google Cloud CLI or the Recommender API, use the following insight type:
google.networkanalyzer.container.connectivityInsight
You need the following permissions:
recommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeConnectivityInsights.get
For more information about using the Recommender API for Network Analyzer insights, see Use the Recommender CLI and API.
GKE on-premises to control plane connectivity missing return route
This analyzer verifies connectivity between your on-premises network and the GKE control plane.
If this analyzer infers that there is a route in your on-premises network that delivers traffic to the control plane, the analyzer also verifies that the return route exists in the control plane's VPC network. This insight is generated when a Cloud Router advertises the control plane's CIDR range to the on-premises network, but the custom route to the on-premises network is not exported to the GKE cluster's VPC Network Peering. When this happens, the analyzer infers that your on-premises network has a route to the control plane's VPC network. However, the GKE control plane does not have a return route to your on-premises network. If this is your intended network configuration, you can dismiss this insight.
This insight includes the following information:
- GKE cluster: Name of the GKE cluster.
- Network: Name of the network where the GKE cluster is configured.
- VPC Network Peering: The name of the VPC peering configuration that connects your GKE cluster to the control plane.
- Associated Cloud Routers: The list of Cloud Routers that are advertising the control plane's address range.
Related topics
For more information, see Connecting to the control plane's private endpoint from on-premises networks.
Recommendations
- Configure your VPC network to export its custom routes in the peering relationship to the control plane's VPC network.