问题
In my Kubernetes cluster I couldn't connect to the internet from my Containers. So after searching, I found a possible solution, that is to turn off "IP Masquerade". But I had no luck turning this off. Whatever I did I cannot get it disabled.
First I change the following,
/etc/kubernetes/cni/docker_opts_cni.env
DOCKER_OPT_BIP=""
DOCKER_OPT_IPMASQ="false"
Then tried
/etc/kubernetes/cni/docker_opts_cni.env
DOCKER_OPT_BIP=""
DOCKER_OPT_IPMASQ="--ip-masq=false"
I'm using the latest Kubernetes version(v 1.6.3) and I have followed this to configure my cluster. I'm using flannel without calico. Can someone guide me on how I can get this disabled? Thanks in advance/
回答1:
This is an example configuration for creating new flannel network using cni for docker.
/etc/kubernetes/cni/net.d/10-flannel.conf
{
"cniVersion": "0.2.0",
"name": "mybridge",
"type": "bridge",
"bridge": "cni_bridge1",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.15.30.0/24",
"routes": [
{ "dst": "0.0.0.0/0" },
{ "dst": "1.1.1.1/32", "gw":"10.15.30.1"}
],
"rangeStart": "10.15.30.100",
"rangeEnd": "10.15.30.200",
"gateway": "10.15.30.99"
}
}
In your configuration file changing ipMasq value for true to false or adding the option if not present should turn off "IP Masquerade"
回答2:
Just a clarification, by flannel with calico do you mean canal ?
If so there is an option to flip in the configuration here.
来源:https://stackoverflow.com/questions/44119425/how-to-turn-off-ip-masquerade-in-flannel