Closed xvdy closed 5 years ago
@xvdy Yep seems like the injected CNI rules capture majority of the traffic and masquerade them. What CNI plugin do you use?
cc @varunmar @grayluck
any change you have "ipMasq": true
on a bridge CNI? this looks like that, if so you should set "ipMasq": false
in the CNI config instead when using the ip masq agent.
Thank you for your help,I find the problem.It's my cni file.
{
"name": "cbr0",
"ipMasq": false, // missed set here which caused the problem
"plugins": [
{
"type": "flannel",
"delegate": {
"ipMasq": false,
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
k8s version: v1.13.2 host version: centos 7.3 behavor: ip-masq-agent not work, the ip in range of 10.0.0.0/8 does SNAT. Any thing wrong with my ip-masq-agent settings?
iptables: