Exposing internal private cluster nginx ingress

1
votes

So I have a private Kubernetes cluster hosted on GKE inside of a Cloud VPC network, essentially the same as discussed in Cloud NAT GKE example.

Thats all working, and now I've setup an Nginx ingress inside the cluster, with setting the annotation:

annotations:
  cloud.google.com/load-balancer-type: "Internal"

This seems to work, as it eventually provisions an internal IP address within the VPC subnet range.

QUESTION:

How do I forward incoming traffic from the Cloud NAT gateway to that internal IP of the Nginx LoadBalancer service?

I want to have both ingress and egress happen on the same IP (so I don't have to expose the LoadBalancer service externally) that is linked to the Cloud NAT, if thats possible.

Thanks!

1
nginxkubernetesload-balancinggoogle-kubernetes-engine

1 Answers

1
votes

Cloud NAT enable instances in a private subnet to connect to the internet, but not other way around:

Cloud NAT implements outbound NAT in conjunction with a default route to allow your instances to reach the Internet. It does NOT implement inbound NAT. Hosts outside of your VPC network can only respond to established connections initiated by your instances; they cannot initiate their own, new connections to your instances via NAT.

In a word, you can not NAT incoming traffic with cloud NAT gateway.