[manigandham]

How is that related to security policies?

Also you can't run a GKE cluster across multiple regions, only multiple zones. If you have multiple clusters in different regions, you can use a NodePort service on each and manually setup a GSLB with a backend pointing to all of the GKE clusters.

There is a solution being worked on though, called multi-cluster ingress: https://github.com/GoogleCloudPlatform/k8s-multicluster-ingr...

[puzzle]

Running a Kubernetes cluster across multiple regions is not a great idea. You can set up a federation of clusters, but GKE doesn't seem to support that yet, so you need to create and manage the federated control plane yourself. And there's no standard way at the moment to have generic cross-cluster networking, like you easily could with Borg. So you can load balance external requests to a number of clusters, as you explain, but currently it's easier if each cluster is self-sufficient and doesn't need to refer to internal services in other clusters.

[manigandham]

I didn't say anything about K8S across regions, it's fundamentally not designed for it anyway.

GKE doesn't support federation because it's not a final feature either, it was beta at best and is now being revised and renamed to "multi-cluster": https://github.com/kubernetes/community/tree/master/sig-mult...

If you need to reach services between clusters, that's completely different from ingress. Ingress is about external access to cluster services.

You can still use an authentication layer and expose everything through an ingress, or use internal IPs for the services/containers which are already routable in GCP's network across regions. A headless service to get the IPs and a cron job to sync these to a public DNS system will give you the same thing federation does for cross-cluster service discovery. There are also apps like ExternalDNS that'll do it for you: https://github.com/kubernetes-incubator/external-dns