Nat – Is it possible to use Cloud NAT with public GKE Cluster

google-kubernetes-enginenat;

I have one public GKE cluster with 2 nodes and with that, 2 public external IPs. I want only one egress IP.

I want to use Cloud NAT for that. It seems it is possible.

An alias IP range assigned to the VM's network interface: Even if the
network interface has an external IP address assigned to it, you can
configure a Cloud NAT gateway to provide NAT for packets whose sources
come from an alias IP range of the interface. An external IP address
on an interface never performs one-to-one NAT for alias IP addresses.

I created a Cloud NAT but it is not working. I use the following commands to get the IP and it always returns one of the IPs of the nodes.

kubectl run -i --tty get-ip-address --image=dwdraju/alpine-curl-jq --restart=Never

and

curl checkip.amazonaws.com

My cluster has VPC native enabled.

Best Answer

Public GKE cluster will give a external IP to each node inside the cluster.

Even if you create a NAT configuration and you can use the external IP addresses for the NAT gateway, the nodes still be reachable by his own external IP.

To ensure use only the external IP addresses for the NAT gateway you need make your cluster as private.

Google have a guide of how to configure a sample Cloud NAT setup with GKE:

Example GKE Setup

By another way if you want to expose some application running inside your GKE cluster via external IP address you need use a service.

For example service of type LoadBalancer make your app accesible via the external IP address of your load balancer created automatically when apply the Service

Best Answer

Related Solutions

Control external IP address range for nodes in kubernetes cluster on Google Cloud

GKE – Stable Public IP or IP Range for Outbound Connections

Related Topic