[Doc] How to achieve SNAT

[panpan0000]

This is a [Help Needed] first, and maybe a [Doc Enhancement] later.

as we know, Neither native LVS nor keepalived will do SNAT(should be taken care by ourselves), but only DNAT. With the steps in the doc, the vip:port is not accessable. Due to there's no SNAT.

Usually, we will have to set the default route to VIP from real-server(the pods in kube-keepalived-vip scenario) . We use another tricky way to DNAT all in the node (iptables -t nat -I POSTROUTING -d 0.0.0.0/0 -j MASQUERADE) [ we are using IPVS NAT mode]

But handling SNAT seems not being mentioned in kube-keepalived-vip documents any where. Did I miss anything? if not , who is not familiar with LVS may suffer from question like why my vip:port is not achievable outside LVS node..

[panpan0000]

I found we enable net.ipv4.vs.conntrack=1 in the code, but when running a native keepalived service(yum install then service keepalived start), this kernel parameter is not required. This also confuses me .

[panpan0000]

conntrack=1 is required if we use MASQUERADE to achieve SNAT. But not catching what's the recommendation way kube-keepalived-vip officially suggest to achieve SNAT .