K
Q

Google Cloud : Outbound IP Address for GKE

9/11/2018

I have the following setup:

  • GKE running in a cloud project with ingress IP restriction
  • Dataflow running in another project that needs to access the API exposed by GKE

Dataflow has variable number of workers and hence, I will have different IP address. Is there any way by which I can setup an outbound IP for all the dataflows (when they send a REST request) so that I can filter those requests out at GKE's end.

I have explored Cloud VPN but that might not work as I do not have control over GKE project. I just want an IP that I can provide to GKE load balancer to white list.

-- Darshan Mehta
google-cloud-dataflow
google-cloud-platform
google-kubernetes-engine

Similar Questions

Google container cluster as config
Kubernetes Hostalias redirecting to Kubernetes service without Request Headers
EKS Elastic IP with service type node port
Kubernetes Services reachable only on POD's host
Kubernetes nginx ingress controller Redirect

1 Answer

9/11/2018

If you can't really ask the other project owners to setup a VPC and create a firewall rule to allow only a specific tag (such as dataflow), then you could use a VM with a static external IP as a proxy to the Kubernetes cluster.

This is because you can not know up front what IPs will the Dataflow workers get, so indeed you will get workers within a very large IP range. I think using a specific network tag would be very helpful in this case, since all the Dataflow workers will get that tag.

-- Héctor Neri
Source: StackOverflow