Join Log in
Score:0
user19377190 avatar Server

Getting an IP for whitelisting from a multi-node GCP kubernetes cluster

pa flag
user19377190

I have access to a service (Kafka broker) in our enterprise network that is accessible via the VPN or select whitelisted IPs. I can connect via kafkacat locally (on the vpn or in the office) but not inside GCP (Google Cloud Platform). I get a generic error message "Broker Transport Fail" both in GCP and locally if I'm not on the VPN.

Everything we're running in GCP is cluster (Kubernetes) based, on multiple nodes and potentially multiple clusters. Is there an ideal pattern or a tried and true way to have GCP provision us a single outgoing IP that we can use across all nodes in a given cluster for whitelisting purposes, such that when I access a basic service on the WAN, by default it will go through this IP and be acceptable to the org?

Otherwise I guess we could get multiple IPs at the Node level (if that's where they indeed live) as long as they are static.

It seems that each worker node has a different external IP. I've seen documentation on setting up an IP with a GCP VM but we are not using VMs.

I'm sure others have run into this problem, such that there must be a convenient solution.

Thanks for all your help!

376
1 + 0
ip
Score:0
avatar Server
ru flag
Daniel t.

The recommended approach is to use GKE private with Cloud NAT. As the GKE nodes have private IP address, the egress traffic will go through Cloud NAT. You have to provision Cloud NAT with static IPs, as opposed to the example link which uses auto-allocated IPs.

If you can't use private GKE clusters for valid reasons, then you can try tools like kubeip to assign static external IPs to your GKE nodes.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.