Egress provides a way for an application deployed on OpenShift to access an external URL, such as http://www.example.com.

There are two common types of network types using by OpenShift

• OpenShiftSDN
• OVNKubernetes

The following command can be used to determine if your OpenShift cluster is using OpenShiftSDN or OVNKubernetes.

oc get network.config/cluster --output jsonpath="{.spec.networkType}"

• If your OpenShift cluster is using OpenShiftSDN, then NetNamespace is used to assign an egress IP address to one or more namespaces.
• If your OpenShift cluster is using OVNKubernetes, then EgressIP (this article) is used to assign an egress IP address to one or more namespaces.

EgressIP is used to assign an egress IP address to one or more namespaces, so that all egress traffic from the namespace is using a dedicated IP address. By assigning a specific egress IP address to a namespace, all outbound (egress) requests from applications in the project will come from the dedicated egress IP address, making it easier to find the requests that came from applications in the project. This also makes it possible to have two (or more) different projects share the same egress IP address, as a way to group similar projects together.

An OpenShift route or an Ingress route will provide a URL such as http://route001-project001.apps.openshift.example.com:8080 which is used to route a request onto a service, which is then routed onto a pod, and then to the container in the pod, and finally to the application running in the container.

Let's say you have the following YAML file. This will create the egressip resource mapping IP address 10.11.12.13 to namespace my-project.

apiVersion: k8s.ovn.org/v1
kind: EgressIP
metadata:
  name: my-project
spec:
  egressIPs:
  - 10.11.12.13
  namespaceSelector:
    matchLabels:
      kubernetes.io/metadata.name: my-project

The oc apply command can be used to create the egressip resource.

oc apply --filename egress.yml