github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-05 10:19:50 +00:00
Code Issues Projects Releases Wiki Activity

Update networking doc wrt --configure-cbr0

Browse Source
This commit is contained in:
Tim Hockin 2015-07-06 12:48:59 -07:00
parent 6c88401889
commit 9fe0d74473
1 changed files with 6 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/networking.md
View File

@ -96,24 +96,16 @@ outbound internet access. A linux bridge (called `cbr0`) is configured to exist
on that subnet, and is passed to docker's `--bridge` flag. on that subnet, and is passed to docker's `--bridge` flag.
We start Docker with: We start Docker with:
``` ```
DOCKER_OPTS="--bridge cbr0 --iptables=false --ip-masq=false" DOCKER_OPTS="--bridge=cbr0 --iptables=false --ip-masq=false"
``` ```
We set up this bridge on each node with SaltStack, in This bridge is created by Kubelet (controlled by the `--configure-cbr0=true`
[container_bridge.py](../cluster/saltbase/salt/_states/container_bridge.py). flag) according to the `Node`'s `spec.podCIDR`.
``` Docker will now allocate IPs from the `cbr-cidr` block. Containers can reach
cbr0: each other and `Nodes` over the `cbr0` bridge. Those IPs are all routable
container_bridge.ensure: within the GCE project network.
- cidr: {{ grains['cbr-cidr'] }}
- mtu: 1460
```
Docker will now allocate `Pod` IPs from the `cbr-cidr` block. Containers
can reach each other and `Nodes` over the `cbr0` bridge. Those IPs are all
routable within the GCE project network.
GCE itself does not know anything about these IPs, though, so it will not NAT GCE itself does not know anything about these IPs, though, so it will not NAT
them for outbound internet traffic. To achieve that we use an iptables rule to them for outbound internet traffic. To achieve that we use an iptables rule to