This is a cache of https://docs.openshift.com/container-platform/4.9/networking/openshift_sdn/configuring-egress-router-configmap.html. It is a snapshot of the page at 2024-11-20T18:12:52.454+0000.
Configuring an egress router pod destination list from a config map - OpenShift SDN default CNI network provider | Networking | OpenShift Container Platform 4.9
×

As a cluster administrator, you can define a configmap object that specifies destination mappings for an egress router pod. The specific format of the configuration depends on the type of egress router pod. For details on the format, refer to the documentation for the specific egress router pod.

Configuring an egress router destination mappings with a config map

For a large or frequently-changing set of destination mappings, you can use a config map to externally maintain the list. An advantage of this approach is that permission to edit the config map can be delegated to users without cluster-admin privileges. Because the egress router pod requires a privileged container, it is not possible for users without cluster-admin privileges to edit the pod definition directly.

The egress router pod does not automatically update when the config map changes. You must restart the egress router pod to get updates.

Prerequisites
  • Install the OpenShift CLI (oc).

  • Log in as a user with cluster-admin privileges.

Procedure
  1. Create a file containing the mapping data for the egress router pod, as in the following example:

    # Egress routes for Project "Test", version 3
    
    80   tcp 203.0.113.25
    
    8080 tcp 203.0.113.26 80
    8443 tcp 203.0.113.26 443
    
    # Fallback
    203.0.113.27

    You can put blank lines and comments into this file.

  2. Create a configmap object from the file:

    $ oc delete configmap egress-routes --ignore-not-found
    $ oc create configmap egress-routes \
      --from-file=destination=my-egress-destination.txt

    In the previous command, the egress-routes value is the name of the configmap object to create and my-egress-destination.txt is the name of the file that the data is read from.

    You can alternatively apply the following YAML to create the config map:

    apiVersion: v1
    kind: configmap
    metadata:
      name: egress-routes
    data:
      destination: |
        # Egress routes for Project "Test", version 3
    
        80   tcp 203.0.113.25
    
        8080 tcp 203.0.113.26 80
        8443 tcp 203.0.113.26 443
    
        # Fallback
        203.0.113.27
  3. Create an egress router pod definition and specify the configmapKeyRef stanza for the EGRESS_DESTINATION field in the environment stanza:

    ...
    env:
    - name: EGRESS_DESTINATION
      valueFrom:
        configmapKeyRef:
          name: egress-routes
          key: destination
    ...