When a k8s cluster is created on GKE, we can choose to make it private or public, which means that either the nodes of the cluster will get a public IP, or not. If they don't have a public IP, its not possible to communicate with the internet because how would any server be able to reply?
In a private k8s cluster, the outbound (egress) traffic can acquire an IP from a NAT. On Google cloud, this NAT can be configured to use a set of predefined IPs or automatically adjust its amount etc. In our case, we decided that we would start using ~10 IPs to avoid risks of GitHub for example to give us 429 errors.
When a k8s cluster is created on GKE, we can choose to make it private or public, which means that either the nodes of the cluster will get a public IP, or not. If they don't have a public IP, its not possible to communicate with the internet because how would any server be able to reply?
In a private k8s cluster, the outbound (egress) traffic can acquire an IP from a NAT. On Google cloud, this NAT can be configured to use a set of predefined IPs or automatically adjust its amount etc. In our case, we decided that we would start using ~10 IPs to avoid risks of GitHub for example to give us 429 errors.
These are now our egress IPs configured here in the Cloud NAT section of GCP's web UI.