Problem

When working with Databricks clusters on a Google Cloud Platform (GCP) Virtual Private Cloud (VPC), you encounter an issue where backend virtual machines (VMs) receive random public IPs, despite configuring Cloud NAT to enforce static public IPs and enabling No Public IP (NPIP). 

Cause

• The workspace was created with a public Google Kubernetes Engine (GKE) cluster rather than a private one. In such configurations:
  • VM instances are assigned random public IPs by default, even when Cloud NAT is attached.
  • Cloud NAT does not override external IP assignments for VMs in public GKE configurations.
• This configuration typically happens if the Enable private cluster option was deselected during workspace creation.

Solution

1. Recreate the workspace using a private GKE cluster configuration. It is not possible to migrate an existing workspace from public GKE to private GKE. 
2. Alternatively, upgrade to Google Compute Engine (GCE) from GKE. GCE supports private IP configurations for virtual machines, ensuring compliance with security policies and eliminating random public IP assignments. 

For more information, refer to the Update permissions for GCE compute deployment documentation.