Is there a way to set nat on kubernetes nodes?
Hello Support team,
I hope you are all doing well!
I have a kubernetes cluster. And I have a client that would like to whitelist IP addresses of my cluster. The problem is that the nodes are changing and the IPs are different. Is there a way to configure NAT or some sort of a single static IP that will be used for ALL outbound communication?
5 Replies
jhartman
Linode Staff
By nature of Kubernetes, although cluster Nodes will be administered new IP addresses when they recycle, NodeBalancers do not need to be created/destroyed and will have a static IP. For more information on how to setup a NodeBalancer as an LKE Ingress, be sure to check out the following guide:
Alternatively, you could setup a non-cluster Linode as a Router/NAT to serve as the static frontend of your cluster. This will require additional configuration than a NodeBalancer and some extra consideration since the more traffic your backend receives, the more CPU/RAM resources will be required to support the routing.
For information on setting up a router/forwarding, check out the following:
tlambert
Linode Staff
One potential solution mentioned in the answer in this post titled Static public IP addresses for egress traffic in LKE suggests:
"you could funnel egress to a Linode external of the cluster that could then act as a proxy. This external Linode could then forward the traffic from a static IP address providing the static source IP you are looking for."
You could potentially set up automatic allowlisting from this proxy using the Linode API. You'd need to retrieve a list of your nodes then GET each one and retrieve it's IP address. A requirement for this would be an unrestricted API token on the proxy instance which could be a security risk.
I also suggest checking out the Kubernetes Documentation on Network Policies if you haven't already.