easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bugfix: NetworkPolicy 跨节点失效问题

pull/275/head
jmgao 2017-12-06 11:14:22 +08:00
parent 9048ef00ba
commit ec4a07f8ba
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/kube-node/templates/kube-proxy.service.j2
View File

@ -4,13 +4,13 @@ Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target After=network.target
[Service] [Service]
# kube-proxy 根据 --cluster-cidr 判断集群内部和外部流量,指定 --cluster-cidr 或 --masquerade-all 选项后
# kube-proxy 会对访问 Service IP 的请求做 SNAT这个特性与calico 实现 network policy冲突因此禁用
WorkingDirectory=/var/lib/kube-proxy WorkingDirectory=/var/lib/kube-proxy
ExecStart={{ bin_dir }}/kube-proxy \ ExecStart={{ bin_dir }}/kube-proxy \
--bind-address={{ NODE_IP }} \ --bind-address={{ NODE_IP }} \
--hostname-override={{ NODE_IP }} \ --hostname-override={{ NODE_IP }} \
--cluster-cidr={{ SERVICE_CIDR }} \
--kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \ --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \
--masquerade-all=false \
--logtostderr=true \ --logtostderr=true \
--v=2 --v=2
Restart=on-failure Restart=on-failure