search

lyft / cni-ipvlan-vpc-k8s

AWS VPC Kubernetes CNI driver using IPvlan
Apache License 2.0
360 stars 58 forks source link

CNI plugin: `portmap` when chained with cni-ipvlan-vpc-k8s does not work #43

Open chen-anders opened 6 years ago

chen-anders commented 6 years ago

This is my generated conflist that gets picked up by Kubernetes:

{
  "cniVersion": "0.3.1",
  "name": "cni-ipvlan-vpc-k8s",
  "plugins": [
  {
      "cniVersion": "0.3.1",
      "type": "cni-ipvlan-vpc-k8s-ipvlan",
      "mode": "l2",
      "master": "ipam",
      "ipam": {
        "type": "cni-ipvlan-vpc-k8s-ipam",
        "interfaceIndex": 1,
        "subnetTags": {
            "cni-ipvlan-cluster-subnet": "$CLUSTER_NAME"
        },
        "secGroupIds": [
            "$SECURITY_GROUP_ID"
        ],
        "routeToVpcPeers": true,
        "skipDeallocation": $SKIP_DEALLOCATION
      }
    },
    {
        "cniVersion": "0.3.1",
        "type": "cni-ipvlan-vpc-k8s-unnumbered-ptp",
        "hostInterface": "$DEFAULT_NIC",
        "containerInterface": "veth0",
        "ipMasq": true
    },
    {
        "cniVersion": "0.3.1",
        "type": "loopback"
    },
    {
        "type": "portmap",
        "capabilities": {"portMappings": true}
    }
  ]
}

Deploying an nginx ingress + using hostPort does not seem to work. Doing a quick sudo iptables -L -n -t nat in a cluster using a different CNI plugin (e.g. flannel) gives me the expected iptables rules but my test cluster using the cni-ipvlan-vpc-k8s CNI plugin does not.