diff --git a/cluster/addons/ip-masq-agent/ip-masq-agent.yaml b/cluster/addons/ip-masq-agent/ip-masq-agent.yaml new file mode 100644 index 00000000000..cc24c28d2d5 --- /dev/null +++ b/cluster/addons/ip-masq-agent/ip-masq-agent.yaml @@ -0,0 +1,38 @@ +# https://github.com/kubernetes-incubator/ip-masq-agent/blob/v2.0.0/README.md +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: ip-masq-agent + namespace: kube-system + labels: + addonmanager.kubernetes.io/mode: Reconcile +spec: + template: + metadata: + labels: + k8s-app: ip-masq-agent + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + scheduler.alpha.kubernetes.io/tolerations: | + [{"key": "dedicated", "value": "master", "effect": "NoSchedule" }, + {"key":"CriticalAddonsOnly", "operator":"Exists"}] + spec: + hostNetwork: true + containers: + - name: ip-masq-agent + image: gcr.io/google-containers/ip-masq-agent-amd64:v2.0.0 + securityContext: + privileged: true + volumeMounts: + - name: config + mountPath: /etc/config + volumes: + - name: config + configMap: + # Note this ConfigMap must be created in the same namespace as the daemon pods - this spec uses kube-system + name: ip-masq-agent + optional: true + items: + # The daemon looks for its config in a YAML file at /etc/config/ip-masq-agent + - key: config + path: ip-masq-agent diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh index 4569f4e8959..00eece088ca 100644 --- a/cluster/gce/gci/configure-helper.sh +++ b/cluster/gce/gci/configure-helper.sh @@ -1424,6 +1424,9 @@ function start-kube-addons { if [[ "${ENABLE_DEFAULT_STORAGE_CLASS:-}" == "true" ]]; then setup-addon-manifests "addons" "storage-class/gce" fi + if [[ "${NON_MASQUERADE_CIDR:-}" == "0.0.0.0/0" ]]; then + setup-addon-manifests "addons" "ip-masq-agent" + fi # Place addon manager pod manifest. cp "${src_dir}/kube-addon-manager.yaml" /etc/kubernetes/manifests