Possibility of adding custom routes to routing table (Traffic routing control for egress) #1008
Labels
area/networking
Networking related
kind/enhancement
Enhancement, improvement, extension
platform/aws
Amazon web services platform/infrastructure
Comments
gardener-robot
added
area/networking
waheedshahani
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How to categorize this issue?
/area networking
/kind enhancement
/platform aws
What would you like to be added:
When a shoot cluster is created, user shall have possibility to add custom routes (e.g default route) so that one can divert egress traffic for cluster to another VPC/VPG/Transit Gateway in another VPC or firewall instances in same VPC. When custom route for default route is provided then Gardener shall not create any NATGW as it shall rely on existing routing to provide internet connectivity to Gardener seed.
Why is this needed:
By default Gardener creates NAT GW and default routes point to NATGW which allow unrestricted internet access to shoot clusters. This is security risk for many types of deployments where user wants to egress traffic via predefined firewall instances or other VPCs.
The text was updated successfully, but these errors were encountered: