Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CFP: don`t EnableIPv4Masquerade=false when lb-only #32494

Open
hhstu opened this issue May 13, 2024 · 4 comments
Open

CFP: don`t EnableIPv4Masquerade=false when lb-only #32494

hhstu opened this issue May 13, 2024 · 4 comments
Labels
kind/feature This introduces new functionality.

Comments

@hhstu
Copy link

hhstu commented May 13, 2024
edited

Cilium Feature Proposal

Is your proposed feature related to a problem?

why should we make EnableIPv4Masquerade=false when lb-only ? I want EnableIPv4Masquerade for Public gateway when use lb-only

switch option.Config.DatapathMode {
	case datapathOption.DatapathModeVeth:
	case datapathOption.DatapathModeLBOnly:
		log.Info("Running in LB-only mode")
		if option.Config.NodePortAcceleration != option.NodePortAccelerationDisabled {
			option.Config.EnablePMTUDiscovery = true
		}
		option.Config.KubeProxyReplacement = option.KubeProxyReplacementFalse
		option.Config.EnableSocketLB = true
		// Socket-LB tracing relies on metadata that's retrieved from Kubernetes.
		option.Config.EnableSocketLBTracing = false
		option.Config.EnableHostPort = false
		option.Config.EnableNodePort = true
		option.Config.EnableExternalIPs = true
		option.Config.RoutingMode = option.RoutingModeNative
		option.Config.EnableHealthChecking = false
		option.Config.EnableIPv4Masquerade = false
		option.Config.EnableIPv6Masquerade = false
		option.Config.InstallIptRules = false
		option.Config.EnableL7Proxy = false

Describe the feature you'd like

Include any specific requirements you need

(Optional) Describe your proposed solution
@hhstu hhstu added the kind/feature This introduces new functionality. label May 13, 2024
@hhstu hhstu closed this as completed May 13, 2024
@hhstu hhstu changed the title CFP: donEnableIPv4Masquerade=false CFP: don`t EnableIPv4Masquerade=false when lb-only May 13, 2024
@hhstu hhstu reopened this May 13, 2024
@hhstu hhstu mentioned this issue May 13, 2024
Merged
@brb
Copy link
Member

brb commented May 13, 2024

Thanks for the issue.

I want EnableIPv4Masquerade for Public gateway when use lb-only

Do you want an LB node to act as an Egress Gateway?

@hhstu
Copy link
Author

hhstu commented May 13, 2024

Yes,and out of k8s cluster. @brb

@brb
Copy link
Member

brb commented May 14, 2024

Did you check that the enabling masquerading allows traffic to be forwarded to outside?

@hhstu
Copy link
Author

hhstu commented May 15, 2024

Not work, I haven't found the reason yet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature This introduces new functionality.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brb @hhstu