GCP - Gke standalone, how to masquerade 10.0.0/8 cidr

Question

We are using GKE in kubernatees, and we are using 10.0.0.0/8 cidr range for all our private ips which is shared with our on-prem and AWS network as well.

out pods and service ip from K8 cluster is from non rfs 240.0.120.0/24 cidr range. Now this is the issue, when we try to connect any GCP or AWS resource it's not able to connect and needs masquerading.

However, masquerading document says it's wont' masquerade if destination IP is from cidr 10.0.0.0/8

**links I am referring too **

• https://github.com/kubernetes-sigs/ip-masq-agent#agent-flags
• https://cloud.google.com/kubernetes-engine/docs/concepts/ip-masquerade-agent
• https://cloud.google.com/kubernetes-engine/docs/concepts/ip-masquerade-agent#default-non-masq-dests

I am confuse what to do, there is not section in ConfigMap to add masqueradeCIDRs, it only has a section to add nonMasqueradeCIDRs

Answer 1

You can try enabling IP masquerade. First you identify the network where your GKE cluster is running. Then identify the subnet associated with your GKE cluster within that network. Enable IP masquerading on the subnet using the command below. Make sure to replace [SUBNET_NAME] with the name of your GKE cluster's subnet.

Answer 2

The ConfigMao for ip-masq lists the CIDRs for which you do not want to masquerade. If you don't specify a ConfigMap, then the default includes 10.0.0.0/8 in the non-masquerade list.

You'll need to follow the docs on creating the ConfigMap and you'll need to minimally add the ranges you use for your pods/services (the 240.) to the non-masquerade list. You want to make sure the 10.0.0.0/8 is NOT in the ConfigMap.