External IP of nodes in cluster of Kubernetes Engine

12/15/2020

If the cluster is upgraded or fails, the 3 working nodes in the cluster are deleted and recreated. At this time, the IP of the node exposed to the outside is changed. To solve this problem, is there a way to keep the IP even if I create a new node?

-- 윤준엽
google-cloud-platform
ip
kubernetes

1 Answer

12/17/2020

TL;DR

You can't assign a static IP to a GKE node and expect it to be the same after it was "recreated".

In case of a node failure or a node upgrade it will be recreated with a new IP (previous static IP will remain unused).

You can create a GKE node and then promote your Ephemeral IP to a Static one but after a node failure/upgrade it will be released from a resource (GKE node).

Please take a look on more explanation below.


I've divided this section on 2 parts:

  • Ingress traffic
  • Egress traffic

Ingress traffic (traffic coming into the cluster)

You shouldn't be concerned about the External IP changes of your GKE nodes as the exposed workload should be using either:

  • Service of type LoadBalancer which creates L4 LoadBalancer (with it's own IP) pointing on all of your nodes (in case of a node's failure, the traffic will be sent to other one)
  • Ingress which creates L7 HTTP/HTTPS Loadbalancer (with it's own IP) pointing on all of your nodes. (in case of a node's failure, the traffic will be sent to other one)

Documentation about Services in GKE:

There is an option to expose your workload with Service of type NodePort but it needs to be pointed out that this is still a single point of failure. With a Service of type LoadBalancer the traffic have many paths to take (nodes to choose). With a NodePort in case of a node failure, your app/software will be unavailable.

Egress traffic (traffic coming out of the cluster)

If you are concerned about the traffic that is coming out of the cluster that is destined to some specific whitelisted service (a DB in other location for example) you can use Cloud NAT:

Cloud NAT overview

Cloud NAT (network address translation) lets Google Cloud virtual machine (VM) instances without external IP addresses and private Google Kubernetes Engine (GKE) clusters send outbound packets to the internet and receive any corresponding established inbound response packets.

Cloud.google.com: NAT: Docs: Overview

With that approach you can create a private GKE cluster. Your nodes will only have an internal IP addresses. You can then configure earlier mentioned Cloud NAT so that the nodes will route the packets through a Cloud Router. All of your nodes will be visible in the Internet from the same static IP that will not change in case of any node failure.

Here you have an example setup:


From the perspective of node failure and node upgrades, I encourage you to check the official documentation:

You could also look on:

-- Dawid Kruk
Source: StackOverflow