Egress Gateway

There are several use cases where you need a fixed IP address for your microservice. You may have a resource you need to connect to that is protected behind a firewall, or you may need to send data to a monitoring system that needs an IP address to correlate the data sent with the microservice. While it is possible to setup routable IPs in a Kubernetes cluster, routable IPs are a finite resource and will become exhausted as the cluster grows.

The Calico Enterprise Egress Gateway assigns a fixed IP to a namespace and will NAT all egress traffic from that namespace to the fixed IP.

When you deploy your microservice to that namespace, the service gets a consistent IP assigned for all egress. This includes all replicas of your microservice as you scale up and back.

The fixed IP can then be used to create a rule in an external firewall, enforcing access controls at the firewall.

You can also use the fixed IP to represent your microservice within a monitoring platform, enabling monitoring and other systems that collect data from your microservice to correlate the IP to your service.

Interested in trying Calico Enterprise Egress Gateway?

Sign up for our free trial – we’ll even provide sample workloads to test with.