To make edge networking working with a kind cluster (macvlan network - 192.168.1.192/27) and a physical edge node (192.168.1.100)
one need to create a virtual device edgefarm0 and perform some routing
#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
IFACE=eth0
DUMMY_IP=192.168.2.1
# Configure edgefarm0
ip link add edgefarm0 type dummy
ip addr add $DUMMY_IP/24 dev edgefarm0
ip link set edgefarm0 up
# Define the VPN client's IP address
VPN_IP=$(ip a l $IFACE | awk '/inet / {print $2}' | cut -d/ -f1)
VPN_SUBNET=$(ip -4 addr show $IFACE | awk '/inet / {print $2}' | cut -d/ -f1 | awk -F'.' '{print $1"."$2"."$3".0/24"}')
# Create the NAT table if it doesn't exist
nft add table ip nat
# Define NAT chains
nft add chain ip nat POSTROUTING { type nat hook postrouting priority srcnat \; }
nft add chain ip nat PREROUTING { type nat hook prerouting priority dstnat \; }
# Add NAT rule for forwarding traffic from VPN to 192.168.1.0/24 via edgefarm0
nft add rule ip nat PREROUTING iifname $IFACE ip daddr $VPN_IP counter dnat to $DUMMY_IP
nft add rule ip nat POSTROUTING oifname "edgefarm0" ip saddr $DUMMY_IP counter snat to $VPN_IP
# Add NAT rule for forwarding traffic from VPN to 192.168.1.0/24 via edgefarm0
nft add rule ip nat POSTROUTING oifname edgefarm0 ip saddr $VPN_IP ip daddr $VPN_SUBNET counter masqueradeThis creates edgefarm0 with 192.168.2.1 and allows software to use this device to contact 192.168.1.0/24.
However, ping -I 192.168.2.1 192.168.1.195 will not work properly unless other devices like 192.168.1.195 know how to reroute
ICMP requests from 192.168.2.1.
On other the other nodes (kind nodes) this route needs to be set
ip route add 192.168.2.0/24 via 192.168.1.100
With this route, traffic is being sent over 192.168.1.100 (LAN IP of physical edge node) making the ping work.