kube-proxy

Implementing iptables rules on Kubernetes nodes

拥有回忆 提交于 2019-12-01 21:13:35
问题 I would like to implement my own iptables rules before Kubernetes (kube-proxy) start doing it's magic and dynamically create rules based on services/pods running on the node. The kube-proxy is running in --proxy-mode=iptables . Whenever I tried to load rules when booting up the node, for example in the INPUT chain, the Kubernetes rules ( KUBE-EXTERNAL-SERVICES and KUBE-FIREWALL ) are inserted on top of the chain even though my rules were also with -I flag. What am I missing or doing wrong? If

Implementing iptables rules on Kubernetes nodes

守給你的承諾、 提交于 2019-12-01 20:47:52
I would like to implement my own iptables rules before Kubernetes (kube-proxy) start doing it's magic and dynamically create rules based on services/pods running on the node. The kube-proxy is running in --proxy-mode=iptables . Whenever I tried to load rules when booting up the node, for example in the INPUT chain, the Kubernetes rules ( KUBE-EXTERNAL-SERVICES and KUBE-FIREWALL ) are inserted on top of the chain even though my rules were also with -I flag. What am I missing or doing wrong? If it is somehow related, I am using weave-net plugin for the pod network. The most common practice is to
订阅 kube-proxy