Skip to content

Commit

Permalink
Merge pull request #263 from ikatson/fix-node-port-return-path-calico
Browse files Browse the repository at this point in the history 
Fix return path of NodePort traffic when using Calico network policy.
  • Loading branch information
@mogren
mogren authored Jan 9, 2019
2 parents 5b560fb + fd086ca commit 1a09859
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 0 deletions.
8 changes: 8 additions & 0 deletions config/v1.2/calico.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,10 @@ spec:
# Disable IPV6 on Kubernetes.
- name: FELIX_IPV6SUPPORT
value: "false"
# This will make Felix honor AWS VPC CNI's mangle table
# rules.
- name: FELIX_IPTABLESMANGLEALLOWACTION
value: Return
# Wait for the datastore.
- name: WAIT_FOR_DATASTORE
value: "true"
Expand Down Expand Up @@ -393,6 +397,10 @@ spec:
value: "1"
- name: TYPHA_HEALTHENABLED
value: "true"
# This will make Felix honor AWS VPC CNI's mangle table
# rules.
- name: FELIX_IPTABLESMANGLEALLOWACTION
value: Return
volumeMounts:
- mountPath: /etc/calico
name: etc-calico
Expand Down
8 changes: 8 additions & 0 deletions config/v1.3/calico.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@ spec:
# Set Felix endpoint to host default action to ACCEPT.
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION
value: "ACCEPT"
# This will make Felix honor AWS VPC CNI's mangle table
# rules.
- name: FELIX_IPTABLESMANGLEALLOWACTION
value: Return
# Disable IPV6 on Kubernetes.
- name: FELIX_IPV6SUPPORT
value: "false"
Expand Down Expand Up @@ -393,6 +397,10 @@ spec:
value: "1"
- name: TYPHA_HEALTHENABLED
value: "true"
# This will make Felix honor AWS VPC CNI's mangle table
# rules.
- name: FELIX_IPTABLESMANGLEALLOWACTION
value: Return
volumeMounts:
- mountPath: /etc/calico
name: etc-calico
Expand Down

0 comments on commit 1a09859

Please sign in to comment.