Skip to content

Commit

Permalink
bugfix: NetworkPolicy 跨节点失效问题
Browse files Browse the repository at this point in the history
  • Loading branch information
@jmgao1983
jmgao1983 committed Dec 6, 2017
1 parent 9048ef0 commit ec4a07f
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions roles/kube-node/templates/kube-proxy.service.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@ Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target

[Service]
# kube-proxy 根据 --cluster-cidr 判断集群内部和外部流量,指定 --cluster-cidr 或 --masquerade-all 选项后
# kube-proxy 会对访问 Service IP 的请求做 SNAT,这个特性与calico 实现 network policy冲突,因此禁用
WorkingDirectory=/var/lib/kube-proxy
ExecStart={{ bin_dir }}/kube-proxy \
--bind-address={{ NODE_IP }} \
--hostname-override={{ NODE_IP }} \
--cluster-cidr={{ SERVICE_CIDR }} \
--kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \
--masquerade-all=false \
--logtostderr=true \
--v=2
Restart=on-failure
Expand Down

0 comments on commit ec4a07f

Please sign in to comment.