Hi
Thank yo sou much for this article, it is really what I need. but I have some issue with it.
I applied the all steps in the article you shared. I defined the route tables to have all CloudFlare IP ranges and point the NAT gateway if the packet matches with them in order to forward the traffic through the NAT gateway when the services are connecting to the another cluster API, which is using CloudFlare. We expected the route table to only affect the outbound packets, but it started to affect the inbound traffic too.
As a result, it was giving a timeout from Cloudflare-enabled services API URLs. Instead of processing the packets on the server level directly, the route table forwarded all packets regardless of the inbound and the outbound to the NAT gateway side.
do you have any idea about the solving the issue?
Regards
Here is the my public-egress-example.yaml file:
apiVersion: networking.digitalocean.com/v1
kind: StaticRoute
metadata:
name: public-egress
spec:
destinations:
"0.0.0.0/5"
"8.0.0.0/7"
"11.0.0.0/8"
"12.0.0.0/6"
"16.0.0.0/4"
"32.0.0.0/3"
- 64.0.0.0/2 NOT TO BE USED! Overlaps with DO API endpoints.
- 128.0.0.0/3 NOT TO BE USED! Overlaps with DOKS API endpoints.
Hi Thank yo sou much for this article, it is really what I need. but I have some issue with it. I applied the all steps in the article you shared. I defined the route tables to have all CloudFlare IP ranges and point the NAT gateway if the packet matches with them in order to forward the traffic through the NAT gateway when the services are connecting to the another cluster API, which is using CloudFlare. We expected the route table to only affect the outbound packets, but it started to affect the inbound traffic too.
As a result, it was giving a timeout from Cloudflare-enabled services API URLs. Instead of processing the packets on the server level directly, the route table forwarded all packets regardless of the inbound and the outbound to the NAT gateway side. do you have any idea about the solving the issue? Regards
Here is the my public-egress-example.yaml file: apiVersion: networking.digitalocean.com/v1 kind: StaticRoute metadata: name: public-egress spec: destinations:
- 64.0.0.0/2 NOT TO BE USED! Overlaps with DO API endpoints.
- 128.0.0.0/3 NOT TO BE USED! Overlaps with DOKS API endpoints.