How to set the external IP of a specific node in Google Kubernetes Engine?

7/26/2019

Unfortunately, we have to interface with a third-party service which instead of implementing authentication, relies on the request IP to determine if a client is authorized or not.

This is problematic because nodes are started and destroyed by Kubernetes and each time the external IP changes. Is there a way to make sure the external IP is chosen among a fixed set of IPs? That way we could communicate those IPs to the third party and they would be authorized to perform requests. I only found a way to fix the service IP, but that does not change at all the single nodes' IPs.

To be clear, we are using Google's Kubernetes Engine, so a custom solution for that environment would work too.

-- rubik
google-kubernetes-engine
kubernetes
networking

2 Answers

7/26/2019

Yes, it's possible by using KubeIP.

You can create a pool of shareable IP addresses, and use KubeIP to automatically attach IP address from the pool to the Kubernetes node.

IP addresses can be created by:

  1. opening Google Cloud Dashboard
  2. going VPC Network -> External IP addresses
  3. clicking on "Reserve Static Address" and following the wizard (on the Network Service Tier, I think it needs to be a "Premium", for this to work).
-- Pedro Rodrigues
Source: StackOverflow

7/27/2019

The easiest way to have a single static IP for GKE nodes or the entire cluster is to use a NAT.

You can either use a custom NAT solution or use Google Cloud NAT with a private cluster

-- Patrick W
Source: StackOverflow