Member-only story
Google cloud -Public GKE cluster’s egress traffic via NAT instances for ip whitelisting
In Public GKE cluster —Each node has an ephemeral external IP address and the nodes route all egress traffic through the internet gateway associated with their node cluster.The internet gateway connection, in turn, is defined by the compute Engine network associated with the node cluster. It is not practically possible to whitelist all of your node’s external ip address by your third party network for accepting the incoming traffic. Moreover we scale up and scale down our nodes and each time we do that it takes up a new external ip address.
In the case of a private GKE cluster, all the nodes will have an internal ip address and you can define a cloud NAT for all your egress traffic from the cluster. Suppose for some reason, you still want to use a public GKE cluster and want to have a static external ip for all your egress traffic the below setup will come in handy for your environment.You can also use this setup to pass the egress traffic via your firewall software like paloalto to inspect the outgoing traffic.
Create 3 cloud NAT instances on Ubuntu OS across three zones using the below startup script…
