Please correct me if I'm wrong, but it looks like using a simple NAT gateway breaks inbound traffic to the cluster; by configuring a default outbound route that goes through the gateway, it's now impossible to make an inbound connection directly to the cluster, as the response from the cluster gets sent via the gateway (and therefore gets dropped at the sender, as the response IP doesn't match). This is not good, as it breaks GLB Services.
The best workaround I can come up with is to set the NAT gateway route to just apply to the specific remote IP addresses that require a fixed source; that is more brittle than I'd like though, as any change in remote IP will result in my route not matching any more. Am I missing something? What I really want is for GKE to be able to assign an existing (or allocate a new) static IP to each node in the cluster, and make an effort to move them across node upgrades and cluster resizing. i.e. as long as I have at least one node in my cluster, there should be a static IP "gke-cluster-node-1". Cheers, Paul On Thursday, January 19, 2017 at 8:40:51 PM UTC-8, Tim Hockin wrote: > For now the only way to get a static IP is to use a custom NAT > gateway. https://cloud.google.com/compute/docs/networking#natgateway > > On Fri, Jan 6, 2017 at 5:29 AM, Romain Vrignaud <rvrign...@gmail.com> wrote: > > Hello, > > > > I'm running in a GKE cluster (1.4.x) some application that need to connect > > to a third party API. This third party API has mandatory IP filtering. So in > > order to get API authorized I need to declare what are the public IP that > > I'll use to connect to the API. > > My problem is that public IPs of GKE nodes are not stable accros upgrade and > > it would prevent the use of node autoscaling. > > > > Is there any way to have a stable outbound public IP on GKE ? > > > > Thanks > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Kubernetes user discussion and Q&A" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to kubernetes-users+unsubscr...@googlegroups.com. > > To post to this group, send email to kubernetes-users@googlegroups.com. > > Visit this group at https://groups.google.com/group/kubernetes-users. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
