diff --git a/README.md b/README.md index 3f97168f4..7ac501209 100644 --- a/README.md +++ b/README.md @@ -12,11 +12,13 @@ English | [简体中文](docs/README.zh.md) ## About -EgressGateway is a egress policy solution designed for Kubernetes clusters, with a primary focus on managing the egress traffic of Pods to external networks. It addresses challenges related to inter-cluster communication, egress policy control, and high availability. Additionally, it offers support for various network solutions and custom resource definitions (CRDs), enabling users to configure and manage egress policies with flexibility. +In a Kubernetes (k8s) cluster, when Pods access external services, their Egress IP addresses are not fixed. In the Overlay network, the Egress IP address is determined by the node where the Pod resides. While in the Underlay network, Pods directly use their own IP addresses for external communication. Consequently, when Pods are rescheduled, regardless of the network mode, their IP addresses for external communication change. This instability poses a challenge for system administrators in managing IP addresses, especially as the cluster scales and during network fault diagnostics. Controlling egress traffic based on a Pod's original egress IP outside the cluster becomes difficult. + +To solve this problem, EgressGateway has been introduced into the k8s cluster. It is an open-source EgressGateway designed to resolve egress egress IP address issues across various CNI network modes, such as Calico, Flannel, Weave, and Spiderpool. Through flexible configuration and management of egress policies, EgressGateway allows setting egress IP addresses for tenant-level or cluster-level workloads. When Pods need to access the external network, the system consistently uses the configured Egress IP as the egress address, providing a stable solution for egress traffic management. ## Architecture -![Architecture](docs/architecture.png) +![Architecture](docs/architecture02.png) ## Why EgressGateway diff --git a/docs/README.en.md b/docs/README.en.md index a9edf4fe5..37251488f 100644 --- a/docs/README.en.md +++ b/docs/README.en.md @@ -2,11 +2,13 @@ ## About -EgressGateway is a network management tool designed for Kubernetes clusters, with a primary focus on managing the egress traffic of Pods to external networks. It addresses challenges related to inter-cluster communication, egress policy control, and high availability. Additionally, it offers support for various network solutions and custom resource definitions (CRDs), enabling users to configure and manage egress policies with flexibility. +In a Kubernetes (k8s) cluster, when Pods access external services, their Egress IP addresses are not fixed. In the Overlay network, the Egress IP address is determined by the node where the Pod resides. While in the Underlay network, Pods directly use their own IP addresses for external communication. Consequently, when Pods are rescheduled, regardless of the network mode, their IP addresses for external communication change. This instability poses a challenge for system administrators in managing IP addresses, especially as the cluster scales and during network fault diagnostics. Controlling egress traffic based on a Pod's original egress IP outside the cluster becomes difficult. + +To solve this problem, EgressGateway has been introduced into the k8s cluster. It is an open-source EgressGateway designed to resolve egress egress IP address issues across various CNI network modes, such as Calico, Flannel, Weave, and Spiderpool. Through flexible configuration and management of egress policies, EgressGateway allows setting egress IP addresses for tenant-level or cluster-level workloads. When Pods need to access the external network, the system consistently uses the configured Egress IP as the egress address, providing a stable solution for egress traffic management. ## Architecture -![Architecture](./architecture.png) +![Architecture](./architecture02.png) ## Why EgressGateway diff --git a/docs/README.zh.md b/docs/README.zh.md index 15e157466..4f5a11be4 100644 --- a/docs/README.zh.md +++ b/docs/README.zh.md @@ -1,10 +1,11 @@ # EgressGateway -EgressGateway 是用于 Kubernetes 集群的出口网关策略解决方案,专注于管理 Pods 对外部网络的出口流量,解决多集群通信、出口策略控制和高可用性问题,同时支持多种网络解决方案和自定义资源定义 (CRDs),使用户能够更灵活地配置和管理出口策略。 +在 Kubernetes(k8s)集群中,Pod 访问外部服务时,其出口 IP 地址不是固定的。在 Overlay 网络中,出口 IP 地址为 Pod 所在节点的地址,而在 Underlay 网络中,Pod 直接使用自身的 IP 地址与外部通信。因此,当 Pod 发生新的调度时,无论哪种网络模式,Pod 与外部通信时的 IP 地址都会发生变化。这种不稳定性给系统维护人员带来了 IP 地址管理的挑战。特别是在集群规模扩大以及需要进行网络故障诊断时,在集群外部,基于 Pod 原本的出口 IP 来管控出口流量很难实现。 +为解决这个问题,EgressGateway 被引入到 k8s 集群中,它是一个开源的 Egress 网关,旨在解决在不同CNI网络模式下(Calico、Flannel、Weave、Spiderpool)出口 Egress IP 地址的问题。通过灵活配置和管理出口策略,为租户级或集群级工作负载设置 Egress IP,使得 Pod 访问外部网络时,系统会统一使用这个设置的 Egress IP 作为出口地址,从而提供了稳定的出口流量管理解决方案。 ## 架构 -![Architecture](./architecture.png) +![Architecture](./architecture02.png) ## 为什么选择 EgressGateway diff --git a/docs/architecture02.png b/docs/architecture02.png new file mode 100644 index 000000000..fdca6ffa9 Binary files /dev/null and b/docs/architecture02.png differ