EgressGateway

Scope: Cluster
Version: v1alpha1

Interface for configuring a fault-tolerant egress gateway based on a group of nodes.

The configured egress gateways can be used in EgressGatewayPolicy interface to configure egress gateway for application Pods.

  • spec
    object
    • spec.nodeSelector
      object

      The selector for a group of nodes that will transfer network requests to external services. Among these nodes, eligible nodes will be detected and one of them will be assigned as the active one. Signs of an eligible node:

      • The node is in Ready state.
      • Node is not cordoned.
      • The cilium-agent on the node is in the Ready state.

      Different EgressGateways can use common nodes for operation, and active nodes will be selected independently for each EgressGateway, thus distributing the load between them.

      This feature is available in enterprise edition only.

    • spec.sourceIP
      object
      • spec.sourceIP.mode
        string

        Required value

        A method for determining the source IP address to be assigned to requests through this gateway.

        Possible options:

        • PrimaryIPFromEgressGatewayNodeInterface — the primary IP address on the public network interface of the node will be used as the source IP address.

          Particularities:

          • When the active node goes down and a new node is assigned, the outgoing IP address will change.
          • The network subsystem on all egress nodes must be configured in advance:
            • the public interfaces must have the same name (eth1, for example),
            • all necessary routes for access to all external public services must be configured.
        • VirtualIPAddress — explicitly specify the outgoing IP address.

          Particularities:

          • If the active node goes down, the outgoing IP address will not change.
          • The network subsystem on all egress nodes must be configured in advance:
            • all necessary routes for access to all external public services must be configured,
            • the public interface must be prepared to automatically configure a virtual IP as a secondary IP address (if an egress node is designated as active, the address will not appear in the IP list on the public interface, but the node will emulate it with ARP-responses)

        This feature is available in enterprise edition only.

        Allowed values: VirtualIPAddress, PrimaryIPFromEgressGatewayNodeInterface

      • spec.sourceIP.primaryIPFromEgressGatewayNodeInterface
        object
        • spec.sourceIP.primaryIPFromEgressGatewayNodeInterface.interfaceName
          string

          The interface name on the egress nodes through which external requests are processed.

          This feature is available in enterprise edition only.

      • spec.sourceIP.virtualIPAddress
        object
        • spec.sourceIP.virtualIPAddress.interfaces
          array of strings

          The list of network interfaces to which the virtual IP will be simulated.

          Default: []

          This feature is available in enterprise edition only.

        • spec.sourceIP.virtualIPAddress.ip
          string

          The virtual source IP address to be assigned to outgoing requests through the egress gateway.

          This feature is available in enterprise edition only.