I have a running (production) GKE cluster that stays on the default VPC (10.158.0.0/20 for us). Inside the cluster, to avoid IP clash on some VPNs we choose to use the 192.168.0.0/20 and 192.168.16.0/20 for the internal pod and services.
This is working just fine, but now I need to make a specific POD (that has the 192 IP) to access a system on a VPN (that has the end IP on a 172.16 address). I know that I can find the IP associated with the node created and add it on the VPN, however when this autoscale to more than one node, there'll be a new different IP, and as such I would have to update the VPN again and again, I want to avoid that.
Is there any way I can do this without recreating the entire cluster on a new different subnet? Like some gateway or something that I can route the pod to and then route the gateway to the desired VPN tunnel? OR maybe route the 192 network to the VPN tunnel? That would work as well.
Thank you
Ok, so creating a machine as a NAT, inspired by this blog post, worked, with the routing et all. I did tried with the IP Masquerading as well, and it worked as well, but since the idea is to get more nodes as needed, the client didn't want that, so we had to stuck with the NAT.
Thanks for all the help!