This is a cache of https://docs.okd.io/latest/networking/ovn_kubernetes_network_provider/assigning-egress-ips-ovn.html. It is a snapshot of the page at 2024-11-19T18:33:48.372+0000.
Assigning an egress IP address - OVN-Kubernetes network plugin | Networking | OKD 4
×

As a cluster administrator, you can assign an egress IP address for traffic leaving the cluster from a namespace or from specific pods in a namespace.

Assigning an egress IP address to a namespace

You can assign one or more egress IP addresses to a namespace or to specific pods in a namespace.

Prerequisites
  • Install the OpenShift CLI (oc).

  • Log in to the cluster as a cluster administrator.

  • Configure at least one node to host an egress IP address.

Procedure
  1. Create an EgressIP object:

    1. Create a <egressips_name>.yaml file where <egressips_name> is the name of the object.

    2. In the file that you created, define an EgressIP object, as in the following example:

      apiVersion: k8s.ovn.org/v1
      kind: EgressIP
      metadata:
        name: egress-project1
      spec:
        egressIPs:
        - 192.168.127.10
        - 192.168.127.11
        namespaceSelector:
          matchLabels:
            env: qa
  2. To create the object, enter the following command.

    $ oc apply -f <egressips_name>.yaml (1)
    1 Replace <egressips_name> with the name of the object.
    Example output
    egressips.k8s.ovn.org/<egressips_name> created
  3. Optional: Store the <egressips_name>.yaml file so that you can make changes later.

  4. Add labels to the namespace that requires egress IP addresses. To add a label to the namespace of an EgressIP object defined in step 1, run the following command:

    $ oc label ns <namespace> env=qa (1)
    1 Replace <namespace> with the namespace that requires egress IP addresses.
Verification
  • To show all egress IPs that are in use in your cluster, enter the following command:

    $ oc get egressip -o yaml

    The command oc get egressip only returns one egress IP address regardless of how many are configured. This is not a bug and is a limitation of Kubernetes. As a workaround, you can pass in the -o yaml or -o json flags to return all egress IPs addresses in use.

    Example output
    # ...
    spec:
      egressIPs:
      - 192.168.127.10
      - 192.168.127.11
    # ...

Additional resources