gce plugin with private access

Hello,
I'm using GCE discovery plugin on GCP VM, and i don't have nat gateway to join metadata.google.internal. I activated private access on my subnet and now i can use private.googleapis.com to ask metadata. But gce-disocvery send me :

Problem fetching instance list for zone europe-west1-c
java.net.SocketTimeoutException: Connect timed out

and tcpdump show me the outgoing request from plugin :

GET /computeMetadata/v1/instance/network-interfaces/0/ip HTTP/1.1
Accept-Encoding: gzip
User-Agent: Google-HTTP-Java-Client/1.44.1 (gzip)
metadata-flavor: Google
Host: metadata.google.internal

I tried to add in my /etc/hosts :

199.36.153.11 metadata.google.internal   //199.36.153.11 is IP for private.googleapis.com

but now i have 401 return code.
So, is there a way to use the plugin in private access ?
Thanks

Welcome!

As I answered on slack, I'm wondering if there's a way with this

And

It's supposed to be for tests only. But may be it would work...

I didn't manage to pass the allow_reroute_gce_settings option but it doesn't matter, I'll do it differently, thank you for your time

1 Like