feature request: container egress service

Hi Tomas

Exactly. Using a gateway device or F5 ltm interface per namespace is impractical. Using an address list for the source of a forwarding ip virtual server would give the desired functionality. A reverse CIS solution. An outline of the controller flow. Which will need some more refinement,

watch the configmap
   if a tenant is removed from the configmap then 
      delete the external gateway definition
      delete the forwarding ip virtual server
      delete the address list
      delete the snat pool
   if egress ip is changed then
      update snat pool with new ip address
only for the tenants listed in the configmap
watch the tenant labeled namespaces for AdminPolicyBasedExternalRoute definition
   if AdminPolicyBasedExternalRoute not defined then
      define AdminPolicyBasedExternalRoute
watch the tenant labeled namespaces for pods
   if a pod is created
      if address list does not exist yet then
         create an address list with pod ip.
      else
         add the pod ip address to the address list of the tenant
      if forwarding ip virtual server does not exist then
         if snat pool does not exist then
            create snat pool with tenant ip address from the configmap
         else
            if snat pool ip is not the egress ip then
               update the snat pool ip with the egress ip
         create forwarding ip virtual server with the previously defined snat and address list
   if a pod is deleted then
      delete the pod ip from the address list of the corresponding tenant
   if tenant has no pods and no_tenant_vs = false then
      if exists then delete the virtual server
      if exists then delete the snat pool
      if exists delete the address list
      set no_tenant_vs = true