K
Q

Exposing internal private cluster nginx ingress

5/31/2019

So I have a private Kubernetes cluster hosted on GKE inside of a Cloud VPC network, essentially the same as discussed in Cloud NAT GKE example.

Thats all working, and now I've setup an Nginx ingress inside the cluster, with setting the annotation:

annotations:
  cloud.google.com/load-balancer-type: "Internal"

This seems to work, as it eventually provisions an internal IP address within the VPC subnet range.

QUESTION:

How do I forward incoming traffic from the Cloud NAT gateway to that internal IP of the Nginx LoadBalancer service?

I want to have both ingress and egress happen on the same IP (so I don't have to expose the LoadBalancer service externally) that is linked to the Cloud NAT, if thats possible.

Thanks!

-- Eric
google-kubernetes-engine
kubernetes
load-balancing
nginx

Similar Questions

Terminate k8s pods faster
Talking to container on Kubernetes (GKE) from other container
Is it possible to deploy a GUI application using Kubernetes?
Istio Gateway and VirtualService issue with Kubernetes Dashboard
move pod manually to another kuberntes

1 Answer

7/4/2019

Cloud NAT enable instances in a private subnet to connect to the internet, but not other way around:

Cloud NAT implements outbound NAT in conjunction with a default route to allow your instances to reach the Internet. It does NOT implement inbound NAT. Hosts outside of your VPC network can only respond to established connections initiated by your instances; they cannot initiate their own, new connections to your instances via NAT.

In a word, you can not NAT incoming traffic with cloud NAT gateway.

-- A_Suh
Source: StackOverflow