Add explanation for Pod IP addresses.

terraform/modules/k8s_workload/ip_masq.tf

@@ -0,0 +1,14 @@
+resource "kubernetes_config_map" "ip_masq_agent" {
+  count = var.enable_snat ? 1 : 0
+
+  metadata {
+    name      = "ip-masq-agent"
+    namespace = "kube-system"
+  }
+
+  data = {
+    config = "nonMasqueradeCIDRs:\n  - 100.64.0.0/19\n  - 240.10.0.0/17\nmasqLinkLocal: false\nresyncInterval: 60s\n"
+  }
+
+  depends_on = [var.node_pool]
+}

terraform/modules/k8s_workload/main.tf

@@ -29,6 +29,11 @@ variable "main_k8s_namespace" {
   type = string
 }
 
+variable "enable_snat" {
+  description = "Whether we should enable source network address translation to the node IP address."
+  type        = bool
+}
+
 # Provide time for Service cleanup
 resource "time_sleep" "wait_service_cleanup" {
   depends_on = [var.cluster]