GKE Cluster routing internet traffic through basic NAT
This set of scripts creates a Google Cloud Container Engine cluster that routes all outbound internet traffic. Traffic heading for the kubernetes master is routed at a higher priority through the default internet gateway. through a NAT instance.
How it works in a nutshell
- Creates a network
- Creates a subnet for the cluster
- Creates a subnet for the nat instance
- Creates a NAT compute instance
- Creates Firewall rules for NAT instance
- Creates the GKE cluster in the cluster's subnet created from step 2 with tag route-through-nat
- Creates the route from the cluster to the master for instances with tag, route-through-nat
- Creates the NAT route from the cluster to the NAT for all destinations at a lower priority than the master route above for instances with tag route-through-nat
Creating the cluster
Prerequisites
- Updated gcloud sdk
- Updated kubectl cli
- A Project in Google Cloud in which you want to deploy this cluster
- Authenticated to google cloud
Creating the network, subnets, nat, routes, firewall rules and gke cluster
$ git clone https://www.github.com/johnlabarge/gke-nat-example.git
$ cd gke-nat-example
$ ./create
This also runs a quick test for you by
- installing curl on the machine
- curling a well known website
- copying the captured traffic (tcpdump) logs from the Nat computer to the local directory.
Deleting the Cluster
Deleting the network, subnets, nat, routes, firewall rules and gke cluster
$ ./delete