public-cloud-roadmap
public-cloud-roadmap copied to clipboard
Fixed outgoing IP addresses for managed kubernetes service
As a managed kubernetes user, I want to be able to set static outgoing IP addresses for my entire cluster. Whitelisting and asking clients to whitelist nodes IP is not always a viable solution, especially now with autoscaling scenarios where new nodes can pop "at any time".
This is a must have ! A lot of people are asking for that, and to be able to add PTR too.
EDIT: PTR is possible in the IP list on the OVH account, just be sure the A name has been added in the domain to the IP before adding the reverse dns.
I would also like to have an ability to set the IP address that will be assigned to a given node. With dynamic node address allocation we are unable to filter traffic inside vRack.
Same here
Use cases :
- Whitelisting IP => necessary for security and restrictions, some services are requiring IPs of the server, which can not be done here
- Mail sending => absolutely mandatory to be able to manage reputation on a unique IP, OVH smtp relay is mostly considered as spam, and there is a need here to be able to maintain a correct IP reputation to send mails
I can see two things here:
- Cool: Adding the ability to default the outgoing traffic on each instance to an attached IP, that can be easily migrated to another instance
- Awesome; Having the ability to route (sort of egress) some containers through specific outgoing IPs (like we can do on other cloud providers)
Right now it's possible to mimic that, but it's not practical:
- Adding a failoverIP to the instance
- Adding the IP in the node label on the instance it's associated to
- Using as DaemonSet an elevated start container to re-configure the netplan at machine start
- Using the IP with containers with hostNetwork = true (<- major security issue, but... only way to do right now)
Any news on this? This egress feature is a must for us as we are dealing with some third-parties which whitelist IPs. @mhurtrel I ping you directly on this, sorry for that, but I guess you will have more information as K8S PM.
Thanks!
Hi I understand the need and confirm we will look into a managed solution for this but have no ETA to share yep
Note that for vRack-enabled clusters, this feature will allow to cover most use cases (but will require your to maintain a gateway) : https://github.com/ovh/public-cloud-roadmap/issues/116
Hi OVH,
Any news about this feature ?
Hi @btbenjamin This will be covered after : https://github.com/ovh/public-cloud-roadmap/issues/116 , that we plan to have in the next 2 months
NB : The issue #116 is now available. This allows you to cover this use case if your use private networks/vrack.
Closing this one as MKS is now supporting Default private network gateway (https://github.com/ovh/public-cloud-roadmap/issues/116) that can be used in addition to the OVHcloud Managed Gateway (https://www.ovhcloud.com/fr/public-cloud/gateway/)