Setup Cloud NAT for only 1 node pool in GKE cluster

Question

I have a private gke cluster with multiple node pools, and reading the documentation it seems if I create a Cloud NAT its only possible to do for the whole cluster. Is there a way to configure only a subset of the cluster to have access to send traffic through the NAT? I poked around and it doesn't seem to be possible to assign a network, IP range or subnetwork to a node pool, so I am not sure if this is possible.

Answer 1

You could check old nat gw solution from Google, VM instance-based instead of Cloud NAT, as an example. Possible way to do what you need is following:

1. Create dedicated GKE node pool with tag
2. Create NAT VM instance, using terraform examples above or manually
3. Create default route using created NAT VM instance as destination and apply this route to instances with tag you used to create GKE node pool

Referenced nat gw solution uses similar technique, but it applies route to all node pools using whole cluster tag instead of separate node pool tag.