Enterprise Service Cloud - Docs

Configure the egress IP address for a namespace

To communicate outside of their namespace, the pods SNAT their traffic using an externally accessible IP. This IP is assigned randomly to a namespace from the VIP pool. However, you could control the selection of this IP.

You could explicitely define the egress IP address for a namespace by adding the annotation ncp/static_snat_ip to the namespace. For example:

apiVersion: v1
kind: Namespace
metadata:
  name: svc-example
  annotations:
    ncp/static_snat_ip: "1.2.3.4"

If there are no errors, the NCP CNI will create or update a SNAT rule by using the annotated SNAT IP address for this namespace.

The status of configuring the SNAT rule will be annotated with ncp/snat_ip_status in the namespace. The possible values are:

  • IP_ALLOCATED_SUCCESSFULLY
  • IP_ALREADY_ALLOCATED - The IP address has already been allocated.
  • IP_NOT_IN_POOL - The IP address is not in the SNAT IP Pool.
  • IP_NOT_REALIZED - An error occurred in NSX-T.
  • IP_POOL_EXHAUSTED - The SNAT IP Pool is exhausted.
  • SNAT_PROCESS_FAILED - An unknown error occurred.

You could read more about the NCP capabilities hereopen in new window.

Last Updated: