I need to find a way to have 1 IP that is used by all pods everytime they need to connect to the "outside world".
FULL VERSION:
I'm trying to integrate my application with a Payments Gateway service. However, this service needs to whitelist my servers IP, refusing all other connections for security.
Now, I'm running a GKE (3, actually) cluster with Kubernetes 1.5.2. In this cluster I have around 30 pods and I need 1 in specific to route it's Internet directed traffic through a static, predicatable IP address.
Right now, I have to give a list of my cluster instances external IPs to be whitelisted but this is a problem.
The cluster is setup to autoscale up to 5 instances and also all these instances have an ephemeral IP and 1 – I DON'T want to be forced into turning all these into static IPs.
2 – I also DON'T want to be forced to expose that particular pod through an external endpoint making it available for Internet-to-cluster directed connections.
Is there any way I can say/configure:
- This pod forwards all it's Internet directed connections through X endpoint?
Obviously, this should be something easy to configure to work with 1 pod
or with all of them I so desired.
What's the correct course of action here? How can I achieve this?
I've referenced this SO question and the Source IP docs on Kubernetes as well as this instructions on how to setup a NAT Gateway (which, given the flexible cluster config, I don't think would work)
Best Answer
The only way that is doable, is a NAT gateway.
I assume you are using a kind of HTTP API (REST API) and that needs TCP. TCP needs to finish a handshake so you need to know which node sent the packets to find the way back. That is why NAT is needed.
The instructions you found about how to setup a NAT Gatway should work. You just need to tell your containers to use the NAT instance as gateway.