now i have 4 ubuntu nodes 2 master node and 2 workers node the only node is master node 1 is reachable to internet but the 3 others not connected and i need to apt update and how to use NAT to solve this to reach internet to whole nodes?
This is very definitely NOT a good idea – the nodes of your cluster should NOT be internet accessible. Even making the kube-apiserver internet accessible is probably not a good idea, unless you restrict it to very trusted addresses, and even then, not a great idea. Otherwise, you’ll get hacked.
We can configure networking so that worker nodes can only access external resources (outbound) through a NAT Gateway while only accepting inbound traffic from private networks. In summary, there should be an instance or gateway with a public IP that provides internet access, and all worker nodes should route their outbound traffic through it.
I also agree with Rob that the kube-apiserver (Master node) should remain private and be placed behind a reverse proxy or a load balancer.