Cilium Egress Gateway

Kubernetes changes the way we think about networking. In an ideal Kubernetes world, the network would be entirely flat and all routing and security between the applications would be controlled by the Pod network, using Network Policies.

In many Enterprise environments, though, the applications hosted on Kubernetes need to communicate with workloads living outside the Kubernetes cluster, which are subject to connectivity constraints and security enforcement. Because of the nature of these networks, traditional firewalling usually relies on static IP addresses (or at least IP ranges). This can make it difficult to integrate a Kubernetes cluster, which has a varying —and at times dynamic— number of nodes into such a network.

Cilium’s Egress Gateway feature changes this, by allowing you to specify which nodes should be used by a pod in order to reach the outside world.

DifficultyIntermediate
VersionOpen Source
TopicsNetworking
ProjectCilium

Main steps in the lab

01🏛️ The Lab Environment

Set up the lab's environment

02🔊 Deploy an Echo Server

Let's deploy an echo server outside of the cluster!

03🚦 Egress Gateway Policy

Let's add an Egress Gateway Policy to route to the echo server!

04👨‍🚀 High Availability (EE)

Load-balance traffic with Egress Gateway HA and set AZ Topology affinities