Static Egress IP for Kubernetes

The Problem: Kubernetes Has Dynamic Egress IPs

Kubernetes workloads are dynamic. When nodes scale or restart, your outbound IP changes.

Dynamic Egress IPs

Pods scale up and down. Nodes rotate. Cloud providers assign dynamic outbound IPs. Your Kubernetes cluster's egress IP constantly changes.

API Blocking

External APIs require IP whitelisting for security. When your Kubernetes cluster's IP changes, your workloads get blocked. Service disruptions follow.

Critical Scenarios

Payment provider APIs, enterprise SaaS integrations, banking or fintech APIs, internal partner systems—all require stable IPs for secure access.

How OutboundGateway Solves This

Kubernetes Pods

Your workloads

HTTPS_PROXY

Environment variables

Static IP Proxy

Fixed EU IP

External API

Whitelisted access

✓ Network Egress Problem

Kubernetes doesn't guarantee fixed outbound IPs by default. Traffic exits through Node IP, Cloud NAT, or managed gateways. When nodes scale, IPs change.

✓ Simple Solution

Route all outbound traffic through our static IP proxy. Set environment variables in your deployment. No custom networking, no VPC changes, no vendor lock-in.

Your Kubernetes Cluster Gets a Permanent Egress Identity

Stop fighting IP whitelisting. Give your Kubernetes workloads the stable infrastructure they need.

Single Static IP

All cluster egress through one fixed IP address. Whitelist once, never update firewall rules again.

Multi-Cluster Support

Works across multiple clusters. Centralize your egress traffic through one static IP across all environments.

No Custom Networking

Minimal configuration. Just set environment variables. No complex VPC routing, no Cloud NAT setup.

Scales Automatically

As your workloads scale, your static IP remains constant. No infrastructure changes needed.

Cloud-Agnostic

Works on AWS EKS, GCP GKE, Azure AKS, and self-hosted Kubernetes. No vendor lock-in.

Ideal for Whitelisting

API allowlists made simple. Payment providers, SaaS integrations, partner systems—all work seamlessly.

Implementation: Static IP for Your Kubernetes Cluster

Get your Kubernetes workloads set up with a static egress IP in minutes.

Option 1: Environment Variables in Deployment

Add proxy environment variables to your Kubernetes Deployment. All pods in the deployment will route outbound traffic through the static IP.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
        - name: app
          image: my-app:latest
          env:
            - name: HTTPS_PROXY
              value: "https://user:pass@eu-01.outboundgateway.com:8443"

💡 Pro Tip: Store proxy credentials in Kubernetes Secrets and reference them in your deployment. Never hardcode credentials in YAML.

Option 2: Namespace-Wide Injection (Advanced)

For automated enforcement across all workloads in a namespace, use a mutating webhook or sidecar injection pattern.

# Use a mutating webhook to automatically inject
# proxy environment variables into all pods
# Enforces consistent egress IP across namespace

# Example: MutatingWebhookConfiguration
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  name: proxy-injector
webhooks:
  - name: proxy-injector.example.com

📖 Advanced Configuration: For complete webhook implementation patterns, sidecar injection examples, and namespace-wide enforcement, see our documentation.

Option 3: CI/CD Runner Pods

If Kubernetes runs your CI/CD agents (GitLab runners, GitHub Actions self-hosted runners, Jenkins agents), configure them with the static IP proxy.

apiVersion: v1
kind: Pod
metadata:
  name: ci-runner
spec:
  containers:
    - name: runner
      image: ci-runner:latest
      env:
        - name: HTTPS_PROXY
          value: "https://user:pass@eu-01.outboundgateway.com:8443"

✅ Benefits: Build pipelines use fixed IP. External registries and APIs can whitelist safely. Consistent egress across all CI/CD workloads.

📝 Note: OutboundGateway is an HTTPS-only proxy service. Use HTTPS_PROXY for all outbound traffic.

Why Not Just Use Cloud NAT?

Compare Kubernetes egress approaches. Static proxy gives you simplicity and portability.

Approach	Complexity	Cost	Portability
Cloud NAT	Medium–High	Variable (often per GB)	Cloud-specific
Self-Managed Gateway	High	Ops overhead	Custom solution
Static IP Proxy	Low	Predictable	Multi-cloud

Why Static IP Proxy?

Cloud NAT works, but it ties you to one cloud provider and adds infrastructure complexity. A static proxy gives you a simple, portable solution that works across all Kubernetes platforms. Set environment variables once, and your workloads have consistent egress IPs forever.

Why DevOps Engineers Choose OutboundGateway

✅ Single static IP for all cluster egress

✅ Works across multiple clusters

✅ No custom networking configuration

✅ Scales with your workloads

✅ Ideal for API whitelisting

✅ Cloud-agnostic, no vendor lock-in

Still Have Questions?

We're here to help you get your Kubernetes cluster set up with a static egress IP.

Contact Our Team →

🇪🇺 Static Egress IP for Kubernetes

Ensure all outbound traffic from your Kubernetes cluster uses a single fixed IP address. Perfect for API whitelisting, third-party integrations, and compliance requirements.