Kubernetes architecture options with F5 Distributed Cloud Services
Hi Nikoolayy1
Thanks for asking. I am happy to hear you know about CIS and BIG-IP and different CNI's, because that makes understanding the options with XC pretty easy.
With the Security Gateway architecture where the CE is outside of the cluster, you can only expose ClusterIP services if they are reachable from the CE. That means either
1) you have BGP and are using Calico, OR
2) maybe your pods are reachable from the CE because you are using EKS, AKS, GKE, etc, where the pods are on the same subnet as the nodes.
The VXLAN/GENEVE tunnels are not an option at this time. You could also use an ingress controller and expose that via NodePort, but have your backend service be ClusterIP. Foo-Bang_Chan covers some of these options in his article: Multi-Cluster, Multi-Cloud Networking (MCN) for Kubernetes (see architecture #2 in his article).
Feel free to email/message/LinkedIn and we can chat too.
Mike.