External Routing
To enable external service access, the Kubernetes cluster has certain nodes with external IP addresses. Cilium can be instructed to route traffic through these nodes, allowing NATing with an external IP, thereby making external services reachable.
To route a pod through the external nodes, the pod must have the label egress.k8s.uni-muenster.de/enabled: "true"
.
We have described the usage of the external routing feature in these examples.
For more granular egress rules, take a look at the Istio Egressgateway, which is, however, considerably more complex to configure.
Please note that this feature is currently only available for IPv4. As a result, the nodes currently have an external IPv6 address to route IPv6 traffic directly from the cluster. However, once we can provide this feature, the nodes will be switched to internal IPv6 addresses, and the routing of IPv6 packets will also occur exclusively through the external nodes.