How to use cloud NAT in public GKE cluster pods using sourceIP

2/5/2019

As per GCP documentation on Cloud NAT,

Regular (non-private) GKE clusters assign each node an external IP address, so such clusters cannot use Cloud NAT to send packets from the node's primary interface. Pods can still use Cloud NAT if they send packets with source IP addresses set to the pod IP

Question: How do I configure pods to set source IP to pod IP while sending packets to some external service?

-- Saras
google-cloud-platform
google-kubernetes-engine
nat

2 Answers

2/8/2019

Cloud NAT is used to permit GCE instances or GKE clusters that only have internal IP addresses to access public resources on the internet. If you want to use Cloud NAT, you will need to follow the guidelines from the public docs or you can build your own NAT gateway using a GCE Instance which does not require you to use a private cluster.

-- Muhammad Ebaduddin
Source: StackOverflow

4/30/2019

Muhammad's answer is mostly accurate and it is the supported method for GCP. Though there is one addition to address the quoted text.

GKE uses ip masquerade and SNAT when routing traffic between nodes or outside the cluster. As long as pods are routing to traffic within the Masq range, SNAT occurs and the pods use the node's external (or internal) IP address. You'll want to disable SNAT by extending the non-masq range to include all IPs (0.0.0.0/0). You can do this using the ip-masq-agent, which, if not present, you can install.

-- Patrick W
Source: StackOverflow