App egress via specific Nic?

JamieV

Cadet
Joined
May 25, 2023
Messages
2
I am evaluating Truenas scale to replace my Unraid server. I would like to control which NIC is used for egress for certain apps to ensure they go via a VPN and not the public internet. For the others they need to go via the public internet.

It seems there are a lot of threads on this but no actual solutions. "K8s networking is very complicated" seems to be the most common answer. Anyway, a lot of those posts seem to be a few years old. Is there an answer to this yet?

Thanks
 

NugentS

MVP
Joined
Apr 16, 2020
Messages
2,945
@JamieV. K3S routing does not support what you are asking for (at this point)
Any traffic leaving the container (pod) goes to the kube-router which then exits out the main NIC and gets sent straight to the default gateway even if its on-net (this is what I have found. It relies on the router directing the traffic back into the LAN). All pod traffic leaves the same way - there appears to be no mechanism of changing this. K3S (as per IX implementation seems to ve in fact very simple - too simple. In my opinion a bug - but IX have declined to fix)

Currently the solution is to run a (for example) debian VM with Portainer with different networks and not use K3S for anything like what you are suggesting
 

JamieV

Cadet
Joined
May 25, 2023
Messages
2
Thanks. This confirms what I found. It is a shame, as the rest of it looks good but this is a deal breaker.
 
Top