Private Cluster NAT

prvate cluster access to Internet

  1. 创建一台有External IP的机器,系统建议使用ubuntu
  1. 执行以下初始化命令
1
2
3
4
5
6
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

sudo apt update
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf > /dev/null
sudo apt-get install -y iptables-persistent
  1. 添加Firewal rules

souce: gke-node
Targets: gke-nat-proxy-6a6fec9d-node
Protocols and ports:tcp:1-65535,udp:1-65535,icmp

  1. 添加routes

destination:0.0.0.0/0
Priority:900
Instance tags:gke-node
Next hop:gke-nat-proxy-6a6fec9d-node

https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent