Closed nabheet closed 4 years ago
This sounds something similar to:
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle rotten
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /close
@fejta-bot: Closing this issue.
I apologize if I this is not the correct place to ask this question, but I didn't see directions on how/where to ask questions, maybe I missed them. Also, I have a limited understanding of iptables, routing and masquerading.
Like a lot of people on the internet, I have a need to change the source IPs on our outbound SSH connections because the remote SSHD has restrictions by IP address.
Assuming our cluster has, lets say 3, nodes with a fixed IP (Nodes A, B, C), but there are more nodes (lets say 20) in the cluster, is there a way for all the outgoing SSH connections from all the pods (not on Nodes A, B, C) to have the fixed IP from nodes A, B or C.
I am not sure if I am asking this question correctly but I am hoping that someone would say "Oh yeah, thats easy! You forward all your port 22 traffic to Nodes A, B or C round-robinly (or pick one node), and then set up some kind of MASQ rule or something on Nodes A, B and C to forward that one to the remote destination from the ethernet device with the fixed IP." or something ...
I am assuming that using a limited number of fixed public IPs might be better than adding a fixed public IP to every node in the cluster. Also, I am thinking that this might be better than using SSH proxy hops as each SSHD connection would use up a decent chunk of memory/resources on the proxy hop. We make a lot of outbound SSH calls.
Any advice would be greatly appreciated and thank you in advance for your help!