Currently, I am developing nodejs application deployed to the GKE cluster in google cloud platform. This application will need to call 3rd Party API which is only accessible through VPN so that I have to establish a site to site VPN to the 3rd Party API provider network.
I know that site to site VPN can be implemented using GCP Cloud VPN and I have previous experience using GCP Cloud VPN. But the problem for me is this 3rd Party API will only allow one single IP address from my VPC accessing their network, which is a problem since all pods in the GKE cluster has their own ephemeral IP.
The question is that how I can make the outgoing API call from the GKE cluster to the 3rd party API comes only from one single IP address so that the 3rd party provider admin can whitelist this single IP address to access their API?
I am thinking about using one Linux VM as a nat router so that API call to the 3rd party API will go through this nat router first and then from the nat router to the Cloud VPN gateway. But when I take a look at the VPC route table, I just can't see how this method can be implemented, since in the VPC route table I can't specify a particular network segment as the source. I can only set the destination and the next hop which will affect all the instances in the VPC.
This the current topology of my VPC for reference :

Is this something that can be done in GCP or maybe am I looking at the problem in the wrong way?
Thank You
The question is that how I can make the outgoing API call from the GKE cluster to the 3rd party API comes only from one single IP address
Looks like Cloud NAT can solve your problem here.
If you have a private GKE cluster and Cloud NAT in the same region while creating/configuring the Cloud NAT you can allow traffics from that region to go through that Cloud NAT only.
This way, you have only one caller IP from your entire GKE cluster and the third-party API will not complain about that.
3rd Party API will only allow one single IP address from my VPC
For this, you can reserve an external IP address and assign the same to your Cloud NAT instance. In fact, this can be done on the fly while creating the Cloud NAT instance.
For more details on how to create and use Cloud NAT, you can go through the documentation. There are lots of benefits of using Cloud NAT to avoid showing your external IP to the external internet.
Below are some links:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With