From 91ed74c0e9024c16b948fc7b9a67bdd5c052deae Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Thu, 25 May 2017 16:44:31 -0700 Subject: [PATCH] Enable the ip-masq-agent on GCE installs Setting this will trigger cluster/addons/ip-masq-agent/ip-masq-agent.yaml to be installed as an addon, which disable configure IP masquerade for all of RFC1918, rather than just 10.0/8. --- cluster/gce/config-default.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cluster/gce/config-default.sh b/cluster/gce/config-default.sh index 5d3f74de520..f5470c647fa 100755 --- a/cluster/gce/config-default.sh +++ b/cluster/gce/config-default.sh @@ -234,6 +234,9 @@ OPENCONTRAIL_PUBLIC_SUBNET="${OPENCONTRAIL_PUBLIC_SUBNET:-10.1.0.0/16}" # Network Policy plugin specific settings. NETWORK_POLICY_PROVIDER="${NETWORK_POLICY_PROVIDER:-none}" # calico +# Should the kubelet configure egress masquerade (old way) or let a daemonset do it? +NON_MASQUERADE_CIDR="0.0.0.0/0" + # How should the kubelet configure hairpin mode? HAIRPIN_MODE="${HAIRPIN_MODE:-promiscuous-bridge}" # promiscuous-bridge, hairpin-veth, none # Optional: if set to true, kube-up will configure the cluster to run e2e tests.