Hello, I would like to retain the source IP of incoming connections.
Currently, the source address of all incoming connections is set to 10.88.0.1 (10.88.0.0/16 is the address range of my pods), which is the address of the network bridge device (as far as I can tell).
Doing some Googling around this issue, I found it was suggested to make sure that kube-proxy is running in iptables mode, which it is. I have also tried to set the spec.externalTrafficPolicy: Local option on the NodePort service which exposes my pod, to no avail.
After digging around the Usernetes config and boot directories, I have found that IP Masquerading is enabled in two places (as far as I can see):
The bridge device at config/cni_net.d/50-bridge.conf has ip-masq: true
boot/flanneld.sh has --ip-masq set
I've also seen from this issue that setting --port-driver=slirp4netns inside of boot/rootlesskit.sh may be helpful.
I have tried changing all three of these values, and using every combination of them, to no avail. In most cases, u7s.target fails to start, or in the only time I could get it to launch, DNS records for services no longer existed, or at least weren't usable from inside pods.
Hello, I would like to retain the source IP of incoming connections.
Currently, the source address of all incoming connections is set to
10.88.0.1(10.88.0.0/16is the address range of my pods), which is the address of the network bridge device (as far as I can tell).Doing some Googling around this issue, I found it was suggested to make sure that kube-proxy is running in iptables mode, which it is. I have also tried to set the
spec.externalTrafficPolicy: Localoption on the NodePort service which exposes my pod, to no avail.After digging around the Usernetes config and boot directories, I have found that IP Masquerading is enabled in two places (as far as I can see):
config/cni_net.d/50-bridge.confhasip-masq: trueboot/flanneld.shhas--ip-masqsetI've also seen from this issue that setting
--port-driver=slirp4netnsinside ofboot/rootlesskit.shmay be helpful.I have tried changing all three of these values, and using every combination of them, to no avail. In most cases,
u7s.targetfails to start, or in the only time I could get it to launch, DNS records for services no longer existed, or at least weren't usable from inside pods.Could you show me how this can achieved please?