How to IP whitelist a Kubernetes cluster

So I have a kubernetes cluster running in Google Cloud. And from pods inside the cluster I need to access an external DB which has IP whitelisting configured. It seems that I need a static, shared IP for the cluster's outgoing traffic, what's the best approach?

Setting up a service IP seems irrelevant as that's for inbound traffic. I looked into Cloud NAT and it seems promising, but I'm not exactly sure about how to set that up. Any docs/tutorial would be helpful, thanks!

Solution

According the docs when traffic goes out of a kubernetes cluster in GKE it will get SNATed with the IP of the node. So you could whitelist the IPs of all GKE kubernetes cluster nodes.

Here is some best practices on connecting to external services from Kubernetes cluster. An example for connecting to Cloud SQL from Google Kubernetes Engine.

An example setup of Cloud NAT on GKE.

Reasons for OOMKilled in kubernetes
Installing multiple nginx ingress controller instances in the same AKS cluster
How to upgrade at once multiple releases with Helm for the same chart
How to pass multiple commands in Kubernetes container?
Envoy Gateway with OIDC and direct bearer token
AKS CrashLoopBackOff for an image working without problem in docker host: logs: error: container containerd://x is not valid for pod flask-app
Helm Convert chart labels multiline string to comma-separated string
What is the relation between "container_memory_working_set_bytes" metric and OOM-killer on the container?
Running the Postgres CLI client from a Kubernetes jumpbox
How to set up RabbitMQ default queue type to quorum queue on bootstrap?
How to pass helm values dynamically
Windows & Linux living together in Kubernetes cluster
NextJS symlinks not updating and crashing the application in Kubernetes deployment
How to parse json format output of : kubectl get pods using jsonpath
I occasionally get such an error "the object has been modified" when I update node or deploy with client-go
Restart Pod when secrets gets updated
kubectl unable to connect to server: x509: certificate signed by unknown authority
kustomization Error: json: cannot unmarshal number into Go struct field Image.images.newTag of type string
Scale deployment with python client in Kubernetes
ValidationError(Ingress.spec.rules[0].http): missing required field "paths"
Execute bash command in pod with kubectl?
Why is my K8s network policy denying access when it should by matching the label
What is the difference between always and on failure for Kubernetes restart policy?
ArgoCd does not trigger on GitOps repo update?
Should I do liveness probe and readiness probe every second?
How to list kubernetes services in k9s?
Connecting K8s and Nomad using a single Consul Server (DC1). Is this even possible or what is the next best way to do so?
What does "eksctl create iamserviceaccount" do under the hood on an EKS cluster?
Helm chart. I cannot send a command to the container via --set
is it possible to shrink the spaces of io.containerd.snapshotter.v1.overlayfs folder in kubernetes