Calling an application outside cluster from a pod

There is a web service app running on a Compute Engine and a GKE cluster in the same network.

Is it possible for a pod in the cluster to call the web service app using internal IP address of web service app?

Your answer will be appreciated.



Yes it's possible.

Assuming that you are talking about the Internal IP address of your VM you will need to create a rule allowing traffic from pod address range to your VM.


Assuming that:

  • There is a Compute Engine instance named: nginx and it's configured to run on port 80.
  • There is a Kubernetes Engine within the same network as your GCE instance.

You will need to check the pod ip address range of your GKE cluster. You can do it by either:

  • Cloud Console (Web UI)
  • $ gcloud container clusters describe CLUSTER-NAME --zone=ZONE | grep -i "clusterIpv4Cidr"

The firewall rule could be created by either:

  • Cloud Console (Web UI)
  • gcloud command like below:
gcloud compute --project=PROJECT-ID firewall-rules create pod-to-vm \
--direction=INGRESS --priority=1000 --network=default \
--action=ALLOW --rules=tcp:80 --source-ranges=clusterIpv4Cidr \


  1. Enter the value from last command (describe cluster) in the place of clusterIpv4Cidr
  2. You will need to add pod-traffic to your VM's network tags!

After that you can spawn a pod and check if you can communicate with your VM:

  • $ kubectl run -it ubuntu --image=ubuntu -- /bin/bash
  • $ apt update && apt install -y curl dnsutils

You can communicate with your VM with GKE pods by either:

  • IP address of your VM:
root@ubuntu:/# curl IP_ADDRESS
<p><em>Thank you for using nginx.</em></p>
  • Name of your VM (nginx):
root@ubuntu:/# curl nginx
<p><em>Thank you for using nginx.</em></p>

You can also check if the name is correctly resolved by running:

root@ubuntu:/# nslookup nginx
Server:     DNS-SERVER-IP
Address:    DNS-SERVER-IP#53

Non-authoritative answer:
Name:   nginx.c.PROJECT_ID.internal

