Kubernetes中的静态传出IP

Question

I run a k8s cluster in google cloud (GKE) and a MySQL server in aws (RDS). Pods need to connect to RDS which only allows connections from certain IP. How can I configure outgoing traffic to have a static IP?

Answer 1

I had the same problem to connect to a sftp server from a Pod. To solve this, first you need to create an external IP address:

gcloud compute addresses create {{ EXT_ADDRESS_NAME }} --region {{ REGION }}

Then, I suppose that your pod is assigned to your default-pool node cluster. Extract your default-pool node name:

gcloud compute instances list | awk '{ print $1 }' | grep default-pool

Erase default external ip of the vm instance:

gcloud compute instances delete-access-config {{ VM_DEFAULT-POOL_INSTANCE }} --access-config-name external-nat

Add your external static ip created before:

gcloud compute instances add-access-config {{ VM_DEFAULT-POOL_INSTANCE }} --access-config-name external-nat --address {{ EXT_ADDRESS_IP }}

If your Pod is not attached to the default-pool node, don't forget to select it with a nodeSelector:

nodeSelector:
    cloud.google.com/gke-nodepool: {{ NODE_NAME }} 

Answer 2

I made some research and I found a couple of things.

The thing we are looking for is called "egress IPs" or NAT-as-a-Service and they are both not yet available in GKE.

In any case we have two different options:

1. create a NAT Gateway VM which acts as an egress proxy. Here is a nice article talking about that ( google cloud NAT gateway )
2. assign static IPs to container cluster VM instances

Hope it helps!

Answer 3

您可以使用kubeip，一个pod，每个新节点都会从预定义的池中分配IP地址。