Set an LB VIP address in the 'egressIP' of the "Egress" CRD #2671
Comments
|
Could you clarify your use case? If you SNAT Pod traffic and set the source IP to the LB VIP, how will reply traffic be handled? I don't think the issue you referred to (#2128) covers a similar use case. Some of the discussions for that issue mention LB VIP allocation, but it seems pretty orthogonal to your use case. If you define an Adding @tnqn since he is the expert for this feature.
That's an interesting proposal. I can't think of a use case for this, but if you do have one, feel free to open a separate issue to discuss it. On the implementation side, I believe it would be pretty straightforward to do. |
|
This will depend on the type of the LB. If you are using external LB, I assume you mean every Node just SNAT its local Pods directly with same LB VIP, then there will be a problem for the return traffic as @antoninbas mentioned.
This is possible, and recently I heard another similar requirement from @leonstack that he wants traffic to an IPBlock not to be SNATed as the destination is actually in-cluster (Nodes' other IPs) but we couldn't auto-discover it easily. We discussed a way that adds a |
|
Just found the issue is already created: #2707 |
|
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment, or this will be closed in 90 days |
github-actions
bot
added
the
lifecycle/stale
Hello,
In the 'egressIP' field of the "Egress" CRD, can I specify an IP of an LB VIP ? Meaning an IP address which is NOT assigned to any of the nodes in cluster ? .... Similar to the use-case described in the discussion of this issue, my requirement is to SNAT all egress UDP traffic from certain pods, setting the LB VIP as the source IP of these UDP packets.
Is this possible?
Thanks,
Eran.
BTW - Is it possible to specify to SNAT only UDP egress traffic (and not TCP) ?
The text was updated successfully, but these errors were encountered: