1
votes

I use external docker registry in my GKE cluster to pull containers. This docker registry has security access list (which is basically list of client's public IP addresses). However, GKE cluster creates nodes with ephemeral IP addresses and makes it inconvenient to add each new IP address into access list.

How can I create proxy or port forwarding in google cloud to forward all requests via one external IP to access my external registry ?

graph

1

1 Answers

2
votes

You should use Cloud NAT. It will act at the proxy in your diagram and you can use the addresses of the NAT in the ACLs of the container registry. Also check out this tutorial on setting up Cloud NAT with GKE.