EgressGateway
Scope: Cluster
Version: v1alpha1
Interface for configuring a fault-tolerant egress gateway based on a group of nodes.
The configured egress gateways can be used in EgressGatewayPolicy interface to configure egress gateway for application Pods.
- spec
- spec.nodeSelector
The selector for a group of nodes that will transfer network requests to external services. Among these nodes, eligible nodes will be detected and one of them will be assigned as the active one. Signs of an eligible node:
- The node is in Ready state.
- Node is not cordoned.
- The cilium-agent on the node is in the Ready state.
Different EgressGateways can use common nodes for operation, and active nodes will be selected independently for each EgressGateway, thus distributing the load between them.
This feature is available in enterprise edition only.
- spec.sourceIP
- spec.sourceIP.mode
Required value
A method for determining the source IP address to be assigned to requests through this gateway.
Possible options:
-
PrimaryIPFromEgressGatewayNodeInterface
— the primary IP address on the public network interface of the node will be used as the source IP address.Particularities:
- When the active node goes down and a new node is assigned, the outgoing IP address will change.
- The network subsystem on all egress nodes must be configured in advance:
- the public interfaces must have the same name (eth1, for example),
- all necessary routes for access to all external public services must be configured.
-
VirtualIPAddress
— explicitly specify the outgoing IP address.Particularities:
- If the active node goes down, the outgoing IP address will not change.
- The network subsystem on all egress nodes must be configured in advance:
- all necessary routes for access to all external public services must be configured,
- the public interface must be prepared to automatically configure a virtual IP as a secondary IP address (if an egress node is designated as active, the address will not appear in the IP list on the public interface, but the node will emulate it with ARP-responses)
This feature is available in enterprise edition only.
Allowed values:
VirtualIPAddress
,PrimaryIPFromEgressGatewayNodeInterface
-
- spec.sourceIP.primaryIPFromEgressGatewayNodeInterface
- spec.sourceIP.primaryIPFromEgressGatewayNodeInterface.interfaceName
The interface name on the egress nodes through which external requests are processed.
This feature is available in enterprise edition only.
- spec.sourceIP.virtualIPAddress
- spec.sourceIP.virtualIPAddress.interfaces
The list of network interfaces to which the virtual IP will be simulated.
Default:
[]
This feature is available in enterprise edition only.
- spec.sourceIP.virtualIPAddress.ip
The virtual source IP address to be assigned to outgoing requests through the egress gateway.
This feature is available in enterprise edition only.