I've got a database running in a private network (say IP 1.2.3.4).

In my own computer, I can do these steps in order to access the database:

• Start a Docker container using something like docker run --privileged --sysctl net.ipv4.ip_forward=1 ...
• Get the container IP
• Add a routing rule, such as ip route add 1.2.3.4/32 via $container_ip

And then I'm able to connect to the database as usual.

I wonder if there's a way to route traffic through a specific pod in Kubernetes for certain IPs in order to achieve the same results. We use GKE, by the way, I don't know if this helps in any way.

PS: I'm aware of the sidecar pattern, but I don't think this would be ideal for our use case, as our jobs are short-lived tasks, and we are not able to run multiple "gateway" containers at the same time.

CodePudding user response：

I wonder if there's a way to route traffic through a specific pod in Kubernetes for certain IPs in order to achieve the same results. We use GKE, by the way, I don't know if this helps in any way.

You can start a GKE in a fully private network like this, then you run application that needs to be fully private in this cluster. Access to this cluster is only possible when explicitly granted; just like those commands you used in your question, but of course now you will use the cloud platform (eg. service control, bastion etc etc), there is no need to "route traffic through a specific pod in Kubernetes for certain IPs". But if you have to run everything in a cluster, then likely a fully private cluster will not work for you, in this case you can use network policy to control access to your database pod.

CodePudding user response：

GKE doesn't support the use case you mentionned @gabriel Milan.

What's your requirement ? Do you need to know which IP the pod will use to reach the database so you can open a firewall for it ?