Red Hat

Partner News

Advanced Networking with OpenShift: Accessing External Services using Egress Router


Egress traffic is traffic going from OpenShift pods to external systems, outside of OpenShift. There are two main options for enabling egress traffic. Allow access to external systems from OpenShift physical node IPs or use egress router. In enterprise environments egress routers are often preferred. They allow granular access from a specific pod, group of pods or project to an external system or service. Access via node IP means all pods running on a given node can access external systems.

An egress router is a pod that has two interfaces (eth0) and (macvlan0). Eth0 is sitting on the cluster network in OpenShift (internal) and macvlan0 has an IP and gateway from the external physical network. The network team can allow to external systems using the egress router IP. OpenShift administrators using labels can assign pods access to the egress router service thus enabling them to access external services. The egress router acts as a bridge between pods that can use the service and the external system.