Thanks to amim and scott for showing this to me today... Heres the results of our testing on azure cloud....
- Antrea egress policies make all pod traffic go through the same outgoing nic so you can allow list IPs to legacy services easily
- Antrea can REUSE a node ip for egress policy
- OR antrea can actually just allocate a new arbitrary IP on the network
We can see here 10.0.1.7 is a NODE IP
FWIW we wanted to know if antrea egress applied
egressIP: 10.0.1.7
We can see when we run tcpdump that the OUTGOING packet is from 10.0.1.7 , which means tcpdump is occuring thankfully AFTER Antrea does its egress routing to the new 10.0.17 nic
No comments:
Post a Comment