Controlling the source IP seen when traffic leaves the cluster allows groups of pods to be identified by external firewalls, appliances and services (even as the groups are scaled up/down or pods restarted). Calico Cloud controls the source IP by directing traffic through one or more egress gateway pods, which change the source IP of the traffic to their own IP. The egress gateways used can be chosen at the pod or namespace scope allowing for flexibility in how the cluster is seen from outside.
This workshop intends to guide you step-by-step on creating an AWS EKS cluster, installing Calico as CNI, registering the cluster on Calico Cloud and creating an egress gateway for your applications to leave the Kubernetes cluster with a different IP address than the nodes or even with a fixed public IP address towards the Internet.
The estimated time to complete this workshop is 60-90 minutes.
- Cloud Professionals
- DevSecOps Professional
- Site Reliability Engineers (SRE)
- Solutions Architects
- Anyone interested in Calico Cloud :)
- Learn how to configure the Calico Cloud Egress Gateway on an AWS EKS cluster.
- Learn the main use cases for Egress Gateway.
This workshop is organized in sequential modules. One module will build up on top of the previous module, so please, follow the order as proposed below.
Module 1 - Prerequisites
Module 2 - Getting Started
Module 3 - Deploy an AWS EKS cluster using Calico CNI
Module 4 - Connect the AWS EKS cluster to Calico Cloud
Module 5 - Create the test environment
Module 6 - Enable egress gateway support
Module 7 - Deploy Egress Gateway and use a pod selector
Module 8 - Deploy Egress Gateway and use a namespace selector
Module 9 - Deploy Egress Gateway with an AWS elastic IP
Module 10 - Clean up
Note: The examples and sample code provided in this workshop are intended to be consumed as instructional content. These will help you understand how Calico Cloud can be configured to build a functional solution. These examples are not intended for use in production environments.