You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/nw-egress-ips-about.adoc
+8-5Lines changed: 8 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,10 +18,6 @@ The {product-title} egress IP address functionality allows you to ensure that th
18
18
For example, you might have a pod that periodically queries a database that is hosted on a server outside of your cluster. To enforce access requirements for the server, a packet filtering device is configured to allow traffic only from specific IP addresses.
19
19
To ensure that you can reliably allow access to the server from only that specific pod, you can configure a specific egress IP address for the pod that makes the requests to the server.
20
20
21
-
[NOTE]
22
-
====
23
-
The {rh-openstack} egress IP address feature creates a neutron reservation port called `egressip-<IP address>`. You can assign a floating IP address to this reservation port to have a predictable SNAT address for egress traffic. When an egress IP address on an {rh-openstack} network is moved from one node to another, because of a node failover, for example, the neutron reservation port is removed and recreated. This means that the floating IP association is lost and you need to manually reassign the floating IP address to the new reservation port.
24
-
====
25
21
26
22
An egress IP address assigned to a namespace is different from an egress router, which is used to send traffic to specific destinations.
27
23
@@ -48,7 +44,7 @@ Support for the egress IP address functionality on various platforms is summariz
48
44
49
45
| Bare metal | Yes
50
46
| VMware vSphere | Yes
51
-
| {rh-openstack-first} | No
47
+
| {rh-openstack-first} | Yes
52
48
| Amazon Web Services (AWS) | Yes
53
49
| Google Cloud Platform (GCP) | Yes
54
50
| Microsoft Azure | Yes
@@ -80,6 +76,13 @@ The annotation value is an array with a single object with fields that provide t
80
76
* `ifaddr`: Specifies the subnet mask for one or both IP address families.
81
77
* `capacity`: Specifies the IP address capacity for the node. On AWS, the IP address capacity is provided per IP address family. On Azure and GCP, the IP address capacity includes both IPv4 and IPv6 addresses.
82
78
79
+
Automatic attachment and detachment of egress IP addresses for traffic between nodes are available. This allows for traffic from many pods in namespaces to have a consistent source IP address to locations outside of the cluster. This also supports OpenShift SDN and OVN-Kubernetes, which is the default networking plug-in in Red Hat OpenShift Networking in {product-title} {product-version}.
80
+
81
+
[NOTE]
82
+
====
83
+
The {rh-openstack} egress IP address feature creates a Neutron reservation port called `egressip-<IP address>`. Using the same {rh-openstack} user as the one used for the {product-title} cluster installation, you can assign a floating IP address to this reservation port to have a predictable SNAT address for egress traffic. When an egress IP address on an {rh-openstack} network is moved from one node to another, because of a node failover, for example, the Neutron reservation port is removed and recreated. This means that the floating IP association is lost and you need to manually reassign the floating IP address to the new reservation port.
84
+
====
85
+
83
86
The following examples illustrate the annotation from nodes on several public cloud providers. The annotations are indented for readability.
84
87
85
88
.Example `cloud.network.openshift.io/egress-ipconfig` annotation on AWS
0 commit comments