Keisson
Networking¶
Keisson is an IPv6-first platform. All Pods and Services are issued public IPv6 addresses which can be used for both cluster-egress, intra-cluster, and cluster-ingress communications.
Pods¶
Pods are issued a public IPv6 address from our platform ranges. These ranges are configured to allow for speedy and efficient routing between physical machines in our infrastructure. This IP address can be used both for traditional egress and pod-to-pod communications, _and_ for cluster-external communication with a Pod.
IPv4 Egress¶
Pods are also assigned a private IPv4 address. This is used to allow your applications to speak out to IPv4-only services on the internet. Traffic leaving a pod will be sNAT’d to one of Keisson’s public IPv4 addresses.
Note
While it is possible to communicate between Pods within a cluster using their private IPv4 addresses, we do not recommend this behaviour, as it is not guaranteed to be supported forever.
IPv4 addresses are provided only to allow for egress to IPv4-only internet services. Whenever possible, IPv6 should be used instead.
IPv4 Ingress¶
IPv4 cluster-external ingress direct to Pods is not supported.
Services¶
Services are single stack - IPv6 only. These are assigned an IPv6 address from a /112 range unique to your cluster.
IPv6 Ingress¶
As Services are issued public IPv6 addresses, they can be accessed from inside or outside of the cluster. This means every Service automatically acts as a viable cluster-external entry point for IPv6 traffic, without the need to resort to other techniques like Ingress or Gateway API.
IPv4 Ingress¶
By default, Services do not support IPv4. If IPv4 ingress is required for a Service, contact us. We can setup specific public IPv4 & port mappings to a Service.
For HTTP(S) ingress traffic, the Keisson provided Ingress Controller can be used.