Investigate NAT-free cluster communication

[TrueGoric]

Possible approaches:

• Multus CNI
  • (-) external dependency
• manually invoke CNI for the tunnel container
  • (?) will network policies apply?
  • (-) this might be problematic from the security perspective (highly elevated permissions would be required)
  • (-) inelegant and hacky
• pod per peer
  • (-) doesn't scale

Challenges:

• we need to ensure that peer CIDRs from NAT-free networks do not collide