This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

NAT Pod IP to Node IP on GKE GCP or alternative solutions?

Posted on 04-21-2023 08:24 AM
ishanC
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Here's my problem. My GKE GCP node IP addresses have access to an on premise network(private subnet) using ipsec/vpn and on premise firewall rules but my pod IP addresses do not. I want my traffic going from pods to use one of the acceptable node source IP addresses. How can I achieve that? I know IP masquerading is there, but will it work when my destination address is another private subnet range reachable via VPN/IPSeC ? Are there any other solution to achieve it?

Solved Solved
0 1 1,763
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
avinashjha
Staff
Reply posted on --/--/---- --:-- AM

@ishanC 
When packets are sent to private network within VPC (or onprem connected via VPN), your cluster does not masquerade IP address sources and preserves source Pod IP addresses. 
To change this behaviour update the `ip-masq-agent` config map and under `nonMasqueradeCIDRs` remove your onprem subnet range. 
Now when the packets are send to those IP address destination, cluster will use the Node IP address

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
avinashjha
Staff
Reply posted on --/--/---- --:-- AM

@ishanC 
When packets are sent to private network within VPC (or onprem connected via VPN), your cluster does not masquerade IP address sources and preserves source Pod IP addresses. 
To change this behaviour update the `ip-masq-agent` config map and under `nonMasqueradeCIDRs` remove your onprem subnet range. 
Now when the packets are send to those IP address destination, cluster will use the Node IP address

Jump to Solution
Top Labels in this Space
Top Solution Authors
View all