I have a workload in GKE cluster and I need to expose one port with both TCP and UDP protocols externally. The complication is that egress and ingress should go through the same external IP in order to make P2P protocol working.
Currently, my cluster is public and I use a trick with hostNetwork: true described here https://stackoverflow.com/a/47887571/803403, but considering moving to a private cluster and using Cloud NAT. However, I did not find a way how to expose that port in this case. I tried to expose it via ClusterIP, but in firewall rules could not map the external port to that ClusterIP port since the last one does not have network tags. And also I'm not sure if firewall rules can be applied to Cloud Router that is bonded to Cloud NAT.
Does anybody have an idea?
Thanks!
it is needed to have external IP address assigned to one of the nodes in clusterWhich is not the case for the private cluster. – azhurb