I have a hybrid GKE Cluster running with some Linux and Windows nodes. I followed this how-to (https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent) in order to configure the masquerade for some of my networks and it works like a charm on Linux Nodes. But it doesn't work on the windows hosts, it gives me this error:

Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "ip-masq-agent-pc9vn": Error response from daemon: network host not found

Anyone knows how can I configure masquerade on Windows Nodes?

Adding details:

I know that Linux containers don't run on Windows nodes, so ip-masq-agent won't run on that node and I know that I can use taints or labels to avoid the pods to be scheduled on that node.

I use Windows nodes with kubernetes because I have some .Net Framework applications running on it, and it works fine. My problem is that I need to masquerade the connections from the pod to hosts outside of the cluster because the source connections are the Pod IPs, not the node IP.

On Linux machines, I can do that using ip-masq-agent, that mange Iptables rules to masquerade the traffic. But on Windows, the ip-masq-agent doesn't work, for the reasons that @Rico said in his answer.

I want to know if someone knows another way to achieve the same thing on Windows nodes.

I can use a "NAT Machine" holding all connections in the middle and route all traffic to that machine, but it's a really ugly way to do that.

Solution: I end up allowing the pod network to go through VPN. Thank you for all the replies.