Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

To Support Configurable Default SNAT Behavior for Antrea Egress #6988

Open
rajnkamr opened this issue Feb 11, 2025 · 0 comments · May be fixed by #7041
Open

To Support Configurable Default SNAT Behavior for Antrea Egress #6988

rajnkamr opened this issue Feb 11, 2025 · 0 comments · May be fixed by #7041
Assignees
@jainpulkit22
Labels
area/transit/egress Issues or PRs related to Egress (SNAT for traffic egressing the cluster). kind/design Categorizes issue or PR as related to design.
Milestone
Antrea v2.4 release

Comments

@rajnkamr
Copy link
Contributor

Describe what you are trying to solve

As discussed in #6228 and #6831

The following considerations should be addressed

1.Configurable Default in Antrea Config: Allowing cluster admins to define a default SNAT behavior at the cluster level.
2.Per-Egress Override: Providing a field in the Egress resource to override the default behavior on a per-Egress basis
3.Policy Enforcement: If admins want to enforce a strict SNAT behavior and prevent deviations, they can use an OPA policy to restrict modifications by application owners.

Describe the solution you have in mind

1.Provide an option for allowing default SNAT behavior

antrea-agent.conf: |
egress:
defaultSNATMode: "Enabled" # Possible values: "Enabled", "Disabled"

2.Provide an option to override per egress basis applicable for static as well as Egress HA

Ex - static egress

apiVersion: crd.antrea.io/v1beta1
kind: Egress
metadata:
name: egress-staging
spec:
egressIP: 192.168.1.100
appliedTo:
podSelector:
matchLabels:
app: web
snatMode: "Enabled" # Possible values: "Enabled", "Disabled" (Optional field)

Describe how your solution impacts user flows

Describe the main design/architecture of your solution

Alternative solutions that you considered

Test plan

Additional context
@rajnkamr rajnkamr added the kind/design Categorizes issue or PR as related to design. label Feb 11, 2025
@rajnkamr rajnkamr added this to the Antrea v2.4 release milestone Feb 11, 2025
This was referenced Feb 11, 2025
Closed
Merged
@rajnkamr rajnkamr added the area/transit/egress Issues or PRs related to Egress (SNAT for traffic egressing the cluster). label Feb 24, 2025
@jainpulkit22 jainpulkit22 linked a pull request Mar 3, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jainpulkit22 jainpulkit22

Labels
area/transit/egress Issues or PRs related to Egress (SNAT for traffic egressing the cluster). kind/design Categorizes issue or PR as related to design.
Projects
None yet
Milestone
Antrea v2.4 release
Development

Successfully merging a pull request may close this issue.

Add more configuration flexibility to Egress for user jainpulkit22/antrea
2 participants
@rajnkamr @jainpulkit22