Google cloud -Public GKE cluster’s egress traffic via Cloud NAT for ip whitelisting
In my previous post on GKE outbound traffic , i had discussed on how to reroute the egress traffic from public GKE cluster via compute NAT instances for ip-whitelisting by third party systems. The solution is discussed in detail in the below link.
In this post we are going to see how we can reroute the GKE egress traffic via cloud NAT.
Masquerading in GKE
We will use a daemon set in GKE , that will rewrite the ip-table rules in the GKE Nodes to masquerade the outbound traffic.
Basically it will prevent SNAT of the pod’s outbound traffic via Node’s external ip address and retain its internal ip address , so the connection will egress out of the cloud NAT gateway’s external ip address.