Currently I am developing nodejs application deployed to GKE cluster in google cloud platform. This application will need to call 3rd Party API which is only accessible through VPN so that I have to establish site to site VPN to the 3rd Party API provider network.
I know that site to site VPN can be implemented using GCP Cloud VPN and I have previous experience using GCP Cloud VPN. But the problem for me is this 3rd Party API will only allow one single IP address from my VPC accessing their network, which is a problem since all pods in the GKE cluster has their own ephemeral IP.
The question is that how I can make the outgoing API call from the GKE cluster to the 3rd party API comes only from one single IP address, so that the 3rd party provider admin can whitelist this single IP address to access their API?
I am thinking about using one linux VM as nat router, so that API call to the 3rd party API will go through this nat router first and then from nat router to the Cloud VPN gateway. But when I take a look at the VPC route table, I just can't see how this method can be implemented, since in the VPC route table I can't specify particular network segment as source. I can only set the destination and the next hop which will affect all the instances in the VPC.
Below is the link to view current topology of my VPC for reference :
Is this something can be done in GCP or maybe am I looking at the problem in the wrong way ?
Thank You
