Control external IP address range for nodes in kubernetes cluster on Google Cloud

google-cloud-platformgoogle-kubernetes-enginemongodb

I would like to provide a whitelisted range for connections to a MongoDB Atlas instance running on Google Cloud. VPC Peering isn't yet available on Atlas for Google Cloud – Is it possible to provide a CIDR range for external IP addresses allocated to nodes in a kubernetes cluster?

Alternatively, any tips on ensuring the source of connections are from an authorized node? (Other than SSL + username and password)

Best Answer

There is no direct way to determine which external IPs will be used by VMs (unless you have already reserved IPs) or clusters. Nevertheless there are some workarounds you could consider.

One of them is making outgoing connections from the POD via a proxy. The proxy could be an another Pod or a dedicated VM. Some other approaches are described on this discussion

Related Solutions

GKE – Connecting Pods via VPN

Instead of adding each node's pod-CIDR to the VPN config, you could add the entire cluster-CIDR (where any new/recreated nodes will have their pod-CIDRs pulled from).

To find the cluster-cidr:

gcloud container clusters describe your-cluster | grep clusterIpv4Cidr

GKE – Stable Public IP or IP Range for Outbound Connections

Google Cloud now provides a managed NAT Gateway service - Cloud NAT.

This gateway can be used with a GKE cluster, which provides a stable public egress IP to all the pods inside it, which enables them to be whitelisted by third party service providers.

The example implementation for using Cloud NAT with GKE is provided here - https://cloud.google.com/nat/docs/gke-example

Best Answer

Related Solutions

GKE – Connecting Pods via VPN

GKE – Stable Public IP or IP Range for Outbound Connections

Related Topic