Hi All,
I am trying to get a static ip for my application hosted in GKE public cluster for whitelisting to a different application, i tried to use NAT gateway and Masquerading outbound traffic. Post installing the agent i am not getting any error and this approach is not working. Can anyone please help me to solve this issue. I followed this blog but no use.
Do you know which IP(s) your Pods are exiting the cluster with?
you can create a simple webserevr, access it from the Pods inside your cluster which are configured for the egress router with a simple curl command, and check if that is the same IP
Yes i followed the same approach and the ip is not the same i can see pod ip and i was not able to see any changes. I am running my GKE cluster in debain 11 os.
sudo iptables -t nat -L IP-MASQ-AGENT
iptables: No chain/target/match by that name
a bit weird that you are getting the Pod IP and not the node IP on a webserver outside the cluster but I might not be getting the layout correctly.
did you change the nonMasqueradeCIDRs to not be 0.0.0.0/0 and add specific CIDRs to which you do not wish to masquerade?
Also, there is a more formal doc from google - maybe try this one:
i am having doubts on what ip to set for nonMasqueradeCIDRs, currently my config file looks like
nonMasqueradeCIDRs:
My instinct is to put the pods cidr and services cidr of your cluster so that pod to pod or pod to service communication will not go through the egress nat
I tried all but still the same error
iptables: No chain/target/match by that name.
I am still getting this error
below is the config file
nonMasqueradeCIDRs: