Enabling --non-masquerade-cidr option #1361
Conversation
parts/kuberneteskubelet.service
Outdated
| @@ -50,6 +50,7 @@ ExecStart=/usr/bin/docker run \ | |||
| --network-plugin=${KUBELET_NETWORK_PLUGIN} \ | |||
| --max-pods=${KUBELET_MAX_PODS} \ | |||
| --node-status-update-frequency=${KUBELET_NODE_STATUS_UPDATE_FREQUENCY} \ | |||
| --non-masquerade-cidr=${KUBELET_NON_MASQUERADE_CIDR} \ | |||
There was a problem hiding this comment.
I don't see this as a valid option on the documentation. Can you confirm? -- https://kubernetes.io/docs/admin/kubelet/
There was a problem hiding this comment.
This page at least mentions it: https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/
Pretty sure I saw it somewhere on the kubelet options previously.
parts/kubernetesagentcustomdata.yml
Outdated
| @@ -115,6 +115,7 @@ write_files: | |||
| KUBE_CTRL_MGR_POD_EVICTION_TIMEOUT={{WrapAsVariable "kubernetesCtrlMgrPodEvictionTimeout"}} | |||
| KUBE_CTRL_MGR_ROUTE_RECONCILIATION_PERIOD={{WrapAsVariable "kubernetesCtrlMgrRouteReconciliationPeriod"}} | |||
| {{if IsKubernetesVersionGe "1.6.0"}} | |||
| KUBELET_NON_MASQUERADE_CIDR={{WrapAsVariable "kubernetesNonMasqueradeCIDR"}} | |||
There was a problem hiding this comment.
Depending on what the option can take. Should this be an array of CIDR blocks?
|
Any news ? Have you watched the pull request? must we do something else? |
|
Whats the status on this one? |
|
We are still waiting for your response |
|
Linking this with issue #425 |
|
According to https://github.com/kubernetes/kubernetes/blob/master/cmd/kubelet/app/options/options.go#L339 |
|
Closing this as |
|
Hello @jackfrancis The high order intention is hopefully explained in #1360 linked issue. We understand the option has been deprecated a month ago in master and will be removed in a future version but :
|
|
@bathizte We did some further investigation, and this is still the only way (as far as we know) to do this in v1.8, so we'll proceed. Thanks! |
ghost
assigned 
… in a network that has already used the 10.0.0.0/8, and therefore activated NAT of a pod to an address in 10.0.0.0/8
* clean * Review change
|
I had a similar PR for this (#1142) but I closed it because if I think I saw that the --non-masquerade-cidr option of kubelet is deprecated. |
|
@jackfrancis when can we get this merged? |
|
Been having trouble getting it to pass Windows e2e, will re-poke. |
|
We'd better begin seeking for new solutions, as @sylr mentioned this flag is deprecated: https://github.com/kubernetes/kubernetes/blob/v1.8.0/cmd/kubelet/app/options/options.go#L340 |
|
@jackfrancis @karataliu I just came across the ip-masq-agent today EDIT I've edited my vnet to be 10.240.0.0/16. My Pod CIDR is 10.244.0.0/16. My third-party vnet is 10.128.0.0/16. With the default config, I was unable to talk to 10.128/16. With this configmap, and the basic ip-masq-agent provided by the authors, everything works nicely: |
What this PR does / why we need it:
This PR enables configuration of the --non-masquerade-cidr option at the kubelet level.
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close that issue when PR gets merged): fixes #1360Special notes for your reviewer:
Release note:
This change is