Google Cloud Kubernetes auto-scaling of proxy with external IP

Question

I want to deploy a proxy servers into my Google Cloud Kubernetes engine. The pod will listen to a specific ports and other deployments will use it proxy service to communicate with the internet.

In order to support scale request, I want my deployment to be able to scale. So I was thinking to expose it, by an internal service (load balancer, round robin).

Up to here, nothing is special.

The problem start when I want that the external IP(s) of my pods will be fixed. In other words, for the outside world it will looks like the request is coming from a fixed IP(s) address (source).

In order to achieve it, I need to reserve an IP address from GCP and be able to associate it with the pod and\or the machine. Assuming I want to allow more than 1 pod, I'll need to associate multiple external IPs to multiple pods.

The main goal here is to contact the outside world from a fixed list of IPs.

Its sounds complicated to implement. So I was thinking that implement it with Template set VMs will make it easier, but its not looks like.

Looking for your advice, how to do it?

Answer 1

You can setup a Cloud NAT for GKE on the VPC network of your nodes and pods that can use a fixed list of external IPs by looking at this guide.

Answer 2

It sounds like your pods in the GKE is trying to communicate with some external API which requires request coming from fixed, whitelisted IP addresses for security reasons.

So creating number of VM as an alternative to GKE is not a good and cost effective option.

you can follow below steps:

1. Reserve multiple static external IP address from GCP
2. Configure Public NAT with GKE so that pods can use these specific IP addresses as the source IP for outgoing traffic.
3. Also if pods want to communicate with external API/service, you need to make sure those are configured to accept the request from these fixed IP address.