How to Configure egress IPs for a project/namespace in Openshift?

Reaching an external database from an openshift cluster can be confusing because of the IPs. Will it be pod’s IP or worker nodes’s IP? Actually in default, pods inside the openshift cluster reach an external database with the worker node IP’s pods running on.

For example when we reach an external http server from a specific pod in the cluster we can see the worker node’s IP.

We are in project-poc now.

#oc project project-poc

# oc get pods -o wide
NAME                   READY   STATUS      RESTARTS   AGE   IP           NODE                   
centos-test-1-kqgkh    1/1     Running     0          33d   10.49.0.74   worker1.ocpdomain.com   
# nslookup worker1.ocpdomain.com
Name:   worker1.ocpdomain.com
Address: 192.200.109.11
# oc exec centos-test-1-kqgkh -- curl http://webserver
"run python simple webserver on an external server
we can see the worker node IP address":
[root@webserver ~]# python -m SimpleHTTPServer 80
Serving HTTP on 0.0.0.0 port 80 ...
192.200.109.11 - - [24/Feb/2021 17:39:53] "GET / HTTP/1.1" 200 -

We can configure an egress IP for this project.

And then check again, we will see the egress IP on http server. Please note that If we try from another project we keep seeing the default worker node’s IP.

#run python simple webserver on an external server
we can see the worker node IP address:
[root@webserver ~]# python -m SimpleHTTPServer 80
Serving HTTP on 0.0.0.0 port 80 ...
192.200.109.44 - - [24/Feb/2021 17:41:26] "GET / HTTP/1.1" 200 -

We can set multiple egress IPs like this and use for multiple namespaces. But notes that the egress ip should be in the same subnet of worker nodes. The Ips below selected randomly. Please ignore them.

oc patch hostsubnet worker1 --type=merge -p \
  '{"egressIPs": ["192.168.1.100", "192.168.1.101", "192.168.1.102"]}'

We can see the IPs on worker node with the ip addr or ifconfig commands.

[root@worker1~]# ip a|grep ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.200.109.11/24 brd 192.200.109.255 scope global noprefixroute ens192
    inet 192.200.109.44/24 brd 192.200.109.255 scope global secondary ens192:eip'