Add support for --masquerade-all in kube-proxy
New boolean var `kube_proxy_masquerade_all` which enables/disables `--masquerade-all` argument for kube-proxy. Closes #524
This commit is contained in:
parent
016b7893c6
commit
fb0ee9d84a
2 changed files with 6 additions and 0 deletions
|
@ -8,6 +8,9 @@ kube_resolv_conf: "/etc/resolv.conf"
|
||||||
|
|
||||||
kube_proxy_mode: iptables
|
kube_proxy_mode: iptables
|
||||||
|
|
||||||
|
# If using the pure iptables proxy, SNAT everything
|
||||||
|
kube_proxy_masquerade_all: true
|
||||||
|
|
||||||
# kube_api_runtime_config:
|
# kube_api_runtime_config:
|
||||||
# - extensions/v1beta1/daemonsets=true
|
# - extensions/v1beta1/daemonsets=true
|
||||||
# - extensions/v1beta1/deployments=true
|
# - extensions/v1beta1/deployments=true
|
||||||
|
|
|
@ -18,6 +18,9 @@ spec:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- --bind-address={{ ip | default(ansible_default_ipv4.address) }}
|
- --bind-address={{ ip | default(ansible_default_ipv4.address) }}
|
||||||
- --proxy-mode={{ kube_proxy_mode }}
|
- --proxy-mode={{ kube_proxy_mode }}
|
||||||
|
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
|
||||||
|
- --masquerade-all
|
||||||
|
{% endif %}
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
|
Loading…
Reference in a new issue