Tigera: Reducing Kubernetes Egress Costs: How to secure outbound traffic without a NAT Gateway

Are you a Platform or DevOps engineer struggling with escalating NAT gateway costs? Beyond the high price tag, using cloud-managed NATs often makes it difficult to implement granular security controls for your Kubernetes clusters, such as restricting which pods and namespaces can access specific external services.

In this hands-on demo, we will show you how to implement Calico Egress Gateway to solve both cost and connectivity challenges. You will learn how to architect a solution that provides stable egress IPs for your applications while bypassing the heavy data processing costs of cloud providers.

We will demonstrate how to:

• Reduce Infrastructure Spend: A technical look at how to architect your egress path to bypass cloud-native NAT costs without sacrificing high availability.
• Implement Identity-Aware Egress: How to assign specific egress IPs to specific Kubernetes namespaces, enabling you to easily “allow list” your applications on external firewalls and APIs.
• Enforce Compliance: How to use the Calico Service Graph to track, log, and audit the source of every outbound connection, ensuring no rogue traffic leaves your cluster.