Private GKE cluster means the nodes do not have public IP addresses but you mentioned

the actual outbound transfer goes from the node's IP instead of the NAT's

Looks like you have a public cluster of GKE, you have to use the same NAT option to get outbound egress single IP.

If you are using the ingress which means there is a single point for incoming request to cluster but if your Nodes have public IP PODs will use Node's IP when there is an outgoing request unless you use NAT or so.

Your single outbound IP will be there, so all requests going out of PODs won't have node's IP instead they will use the NAT IP.

how to set up the NAT gateway

https://registry.terraform.io/modules/GoogleCloudPlatform/nat-gateway/google/latest/examples/gke-nat-gateway

Here is terraform ready for the GKE clusters, you just have to run this terraform example bypassing project ID and others vars.

The above terraform example will create the NAT for you and verify the PODs IP as soon as NAT is set. You mostly won't require any changes in NAT terraform script.

GitHub link: https://github.com/GoogleCloudPlatform/terraform-google-nat-gateway/tree/v1.2.3/examples/gke-nat-gateway

if you dont have idea of terraform you can follow this article to setup the NAT which will stop the SNAT for PODs : https://rajathithanrajasekar.medium.com/google-cloud-public-gke-clusters-egress-traffic-via-cloud-nat-for-ip-whitelisting-7fdc5656284a

Private GKE cluster means the nodes do not have public IP addresses. If the service on the other end is receiving packets from node's own IP then you have a public cluster.
You can find further explanation in this document.
If you want a static, public IP for the entire GKE cluster, you should consider Ingress for External Load Balancing. You can find instructions on how to configure it here.