Retain Source IP of incoming connections
katsumag opened this issue · comments
Hello, I would like to retain the source IP of incoming connections.
Currently, the source address of all incoming connections is set to 10.88.0.1
(10.88.0.0/16
is the address range of my pods), which is the address of the network bridge device (as far as I can tell).
Doing some Googling around this issue, I found it was suggested to make sure that kube-proxy is running in iptables mode, which it is. I have also tried to set the spec.externalTrafficPolicy: Local
option on the NodePort service which exposes my pod, to no avail.
After digging around the Usernetes config and boot directories, I have found that IP Masquerading is enabled in two places (as far as I can see):
- The bridge device at
config/cni_net.d/50-bridge.conf
hasip-masq: true
boot/flanneld.sh
has--ip-masq
set
I've also seen from this issue that setting --port-driver=slirp4netns
inside of boot/rootlesskit.sh
may be helpful.
I have tried changing all three of these values, and using every combination of them, to no avail. In most cases, u7s.target
fails to start, or in the only time I could get it to launch, DNS records for services no longer existed, or at least weren't usable from inside pods.
Could you show me how this can achieved please?