If the cluster is upgraded or fails, the 3 working nodes in the cluster are deleted and recreated. At this time, the IP of the node exposed to the outside is changed. To solve this problem, is there a way to keep the IP even if I create a new node?
TL;DR
You can't assign a static IP to a GKE
node and expect it to be the same after it was "recreated".
In case of a node failure or a node upgrade it will be recreated with a new IP (previous static IP will remain unused).
You can create a GKE
node and then promote your Ephemeral
IP to a Static
one but after a node failure/upgrade it will be released from a resource (GKE
node).
Please take a look on more explanation below.
I've divided this section on 2 parts:
You shouldn't be concerned about the External
IP changes of your GKE
nodes as the exposed workload should be using either:
Service
of type LoadBalancer
which creates L4
LoadBalancer (with it's own IP) pointing on all of your nodes (in case of a node's failure, the traffic will be sent to other one) Ingress
which creates L7 HTTP/HTTPS
Loadbalancer (with it's own IP) pointing on all of your nodes. (in case of a node's failure, the traffic will be sent to other one) Documentation about Services
in GKE
:
There is an option to expose your workload with Service
of type NodePort
but it needs to be pointed out that this is still a single point of failure. With a Service
of type LoadBalancer
the traffic have many paths to take (nodes to choose). With a NodePort
in case of a node failure, your app/software will be unavailable.
If you are concerned about the traffic that is coming out of the cluster that is destined to some specific whitelisted service (a DB
in other location for example) you can use Cloud NAT
:
Cloud NAT overview
Cloud NAT (network address translation) lets Google Cloud virtual machine (VM) instances without external IP addresses and private Google Kubernetes Engine (GKE) clusters send outbound packets to the internet and receive any corresponding established inbound response packets.
With that approach you can create a private GKE cluster. Your nodes will only have an internal IP addresses. You can then configure earlier mentioned Cloud NAT so that the nodes will route the packets through a Cloud Router. All of your nodes will be visible in the Internet from the same static IP that will not change in case of any node failure.
Here you have an example setup:
From the perspective of node failure and node upgrades, I encourage you to check the official documentation:
You could also look on: