NAT gateway (static ip) about doks HOT 26 OPEN

I think this is really needed feature, I am thinking to move all my cluster from DO to AWS as this is in discussion since 4 years and yet no action on this from DO side.

from doks.

This is really important nowadays. Most people do not want to manage their NAT Gateways or make sure its not a singe point of failure. Any news on that?

from doks.

Hi, We need this too and want to know where are we with this?

from doks.

@rafaelrosafu Do you have any update of this?

from doks.

We would like to see this feature as well

from doks.

Would you be interested in a feature where you can pay to have staticIPs assigned to your nodes so that all your egress traffic keeps coming from the same IPs?

Do you mean a staticIP per node or some sort of gateway so multiple nodes can use the same IP for egress traffic? If it is the latter then yes. Ideally I should be able to scale the cluster up or down, without the IP changing.

from doks.

Yes please, no updates from Nov 2019 almost 4 years :)

from doks.

Hello, I'm the product manager for network at DO. Just to give some context, Nathan is right that we are working on improving how to make gateways at DO, right now our private network has some limitations for that and we are working to make it more flexible early next year. Unfortunately we won't have a fully managed NAT gateway right then, but we want to do so in the future, just a matter of time.

from doks.

for now it's has this: https://github.com/digitalocean/k8s-staticroute-operator/
but any ideas how it make resiliancy or fault tolerance it's not have..

you can create a droplet and make it as your egress gateway, but if this droplet down.. your egress traffic stop working..

from doks.

This feature is currently blocking me from using DOKS

from doks.

👋 Timo here from DO.

Thanks for all the feedback. We're aware that NAT egress gateway continues to be a frequent customer request. It is definitely on our roadmap, though we cannot speak to specific timelines. We do want to make sure that we nail the right customer experiences.

In the meantime, https://github.com/digitalocean/k8s-staticroute-operator may be an acceptable workaround. (Yes, we're aware it has a few gaps and doesn't serve all customers well.)

from doks.

Hey @klausenbusk you are correct that this is more of a general DO feature than k8s specific, but it is a feature that is currently on the product roadmap for the networking team. Timelines can shift dramatically, but I think they are targetting early 2020. Would you be interested in a feature where you can pay to have staticIPs assigned to your nodes so that all your egress traffic keeps coming from the same IPs?

from doks.

Do you mean a staticIP per node

Yes.

or some sort of gateway so multiple nodes can use the same IP for egress traffic

No, but perhaps you could set this up with a service mesh of some kind in conjunction with us creating a staticIP feature.

from doks.

VPC was just released, but we still need a NAT Gateway product.

from doks.

I need it !!

from doks.

@rafaelrosafu a year has nearly passed. Do you have any update on this?

from doks.

Hi @rafaelrosafu any update you can share?

from doks.

Any update on this? thanks

from doks.

Any update? As soon as DO would have NAT gateway, i am migrating from AWS :)

from doks.

Not yet unfortunately, but we do realize it's a frequently requested feature. Will certainly be considered for roadmap planning.

from doks.

Much needed feature

from doks.

For now will be great at least to enable such NAT in Cillium

from doks.

a NAT gateway is really neccesary for VPC networking, it's blocking me from using DOKS

from doks.

I don't think NAT Gateway is planned in near future, best way to go about it is using crossplane. I deployed it for two of my clusters and so far it's working just fine. If you want to give it a try then you can follow the URL : https://github.com/digitalocean/k8s-staticroute-operator/

from doks.

It's unfortunate that this hasn't been added yet; I've been waiting for it since Kubernetes came out on DO.

While it would certainly be possible to manually create a gateway droplet and route egress traffic through it, it adds an additional point of failure for customers.

For SaaS companies to serve certain types of customers (think governments & large companies), providing said customers with a list of IPs that they must add to their allowlist is a hard requirement for them, and I have no doubt that the fact that this feature not being available is deterring smaller companies from using DigitalOcean specifically for that reason.

It would be very nice to have an estimate of when (or whether) this feature will be worked on.
Though I am sure there are more pressing matters at hand for DO, it would at least allow people to plan accordingly.

from doks.

@rafaelrosafu Any updates on this or at least a roadmap?
We have third party services that requires us to add ip addresses to their whitelist so we can use their API. We can't use droplet as a gateaway as this is will be both a bottleneck and a point of failure. Currently we manually added nodes public ip addresses to the whitelist, but we are considering moving to another cloud provider that has this functionallity.

from doks.