composer static ip

Composer runs on GKE and can easily be scaled up for increased workload. The downside is that node ips are generally ephemeral (as most elastic services). In order to maintain a static IP for certain external IP firewall rules, a composer environment can be created with VPC/cloud nat and set private IP to be true (to ensure network are not bypassing cloud nat). This is proven to be working, and allows the environment elasticity while make sure external connection can be whitelisted.

Alternatively, one can create a environment with limited nodes (3) and whitelist all 3 external node ips.

The cluster network configurations are difficult to update once the environment is created.