Static outgoing IP in Kubernetes

Question

I run a k8s cluster in google cloud (GKE) and a MySQL server in aws (RDS). Pods need to connect to RDS which only allows connections from certain IP. How can I configure outgoing traffic to have a static IP?

Answer 1

I had the same problem to connect to a sftp server from a Pod. To solve this, first you need to create an external IP address:

gcloud compute addresses create {{ EXT_ADDRESS_NAME }} --region {{ REGION }} 

Then, I suppose that your pod is assigned to your default-pool node cluster. Extract your default-pool node name:

gcloud compute instances list | awk '{ print $1 }' | grep default-pool 

Erase default external ip of the vm instance:

gcloud compute instances delete-access-config {{ VM_DEFAULT-POOL_INSTANCE }} --access-config-name external-nat 

Add your external static ip created before:

gcloud compute instances add-access-config {{ VM_DEFAULT-POOL_INSTANCE }} --access-config-name external-nat --address {{ EXT_ADDRESS_IP }} 

If your Pod is not attached to the default-pool node, don't forget to select it with a nodeSelector:

nodeSelector:     cloud.google.com/gke-nodepool: {{ NODE_NAME }}  

Answer 2

I made some research and I found a couple of things.

The thing we are looking for is called "egress IPs" or NAT-as-a-Service and they are both not yet available in GKE.

In any case we have two different options:

1. create a NAT Gateway VM which acts as an egress proxy. Here is a nice article talking about that (google cloud NAT gateway)
2. assign static IPs to container cluster VM instances

Hope it helps!