Closed zvikaga closed 5 years ago
@zvikaga It seems to me it won't matter whether we put IP-MASQ-AGENT at the end or beginning --- traffic will be captured and masqueraded by OPENSHIFT-MASQUERADE rule anyway as it will be eventually traversed?
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle rotten
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /close
@fejta-bot: Closing this issue.
The agent puts the IP-MASQ-AGENT rule at the end of the POSTROUTING chain. In Openshift it does not take any effect as there is already the OPENSHIFT-MASQUERADE at the beginning and being matched.
The following is how this chain looks like in Openshift: