Document Egress feature

antrea-io · Apr 7, 2021 · 7bef16b · 7bef16b
1 parent 57c16d7
commit 7bef16b
Showing 1 changed file with 47 additions and 0 deletions.
diff --git a/docs/feature-gates.md b/docs/feature-gates.md
@@ -42,6 +42,7 @@ example, to enable `AntreaProxy` on Linux, edit the Agent configuration in the
 | `FlowExporter`          | Agent              | `false` | Alpha | v0.9          | N/A          | N/A        | Yes                |       |
 | `NetworkPolicyStats`    | Agent + Controller | `false` | Alpha | v0.10         | N/A          | N/A        | No                 |       |
 | `NodePortLocal`         | Agent              | `false` | Alpha | v0.13         | N/A          | N/A        | Yes                |       |
+| `Egress`                | Agent + Controller | `false` | Alpha | v1.0          | N/A          | N/A        | Yes                |       |
 
 ## Description and Requirements of Features
 
@@ -188,3 +189,49 @@ Node with IP Address 10.10.10.10.
 #### Requirements for this Feature
 
 This feature is currently only supported for Nodes running Linux with IPv4 addresses.
+
+### Egress
+
+`Egress` enables a CRD API for Antrea that supports specifying which egress
+(SNAT) IP the traffic from the selected Pods to the external network should use.
+Usage example:
+
+```yaml
+apiVersion: crd.antrea.io/v1alpha2
+kind: Egress
+metadata:
+  name: egress-web
+spec:
+  appliedTo:
+    podSelector:
+      matchLabels:
+        role: web
+    namespaceSelector:
+      matchLabels:
+        env: prod
+  egressIP: 10.0.10.8
+```
+
+The `appliedTo` field specifies the grouping criteria of Pods to which the
+Egress applies to. Pods can be selected cluster-wide using `podSelector`. If set
+with a `namespaceSelector`, Pods from Namespaces selected by the
+namespaceSelector will be selected. The field is mandatory.
+
+The `egressIP` field specifies the egress (SNAT) IP the traffic from the
+selected Pods to the external network should use. **The IP must be configured
+on one and only one Node of the cluster.** It can be an IPv4 address or IPv6
+address. The field is mandatory.
+
+**Note**: If more than one Egress applies to a Pod and they specify different
+`egressIP`, the effective egress IP will be selected randomly.
+
+In the above example, the Egress applies to Pods which match the labels
+"role=web" from Namespaces which match the labels "env=prod". The source IPs of
+their egress traffic to external network will be translated to 10.0.10.8.
+
+#### Requirements for this Feature
+
+This feature could only be used in "encap" mode.
+
+This feature is currently only supported for Nodes running Linux. Windows
+support will be added in the future.