I have a GKE cluster with a handful of nodes and I would like pods in this cluster to be able to connect to remote hosts on a private network that can be reached via a site-to-site VPN provided by GCE. As far as I can tell, there is no simple way to assign an address to a pod for outbound connections? (It does not seem feasible to add each pod-cidr to VPN configuration each time a node is added or replaced.) Do I have to set up a NAT bradge external to the cluster, or is there some Kubernetes way to control the outbound address of a pod?
GKE – Connecting Pods via VPN
google-kubernetes-enginekubernetesvpn
Best Answer
Instead of adding each node's pod-CIDR to the VPN config, you could add the entire cluster-CIDR (where any new/recreated nodes will have their pod-CIDRs pulled from).
To find the cluster-cidr: