I currently have a kubernates cloud cluster, however due to business needs my pods need to have access to a database IP from another bucket.
I could solve this part with an IP-Masquerade agent or by applying Masquerade at the iptables level.
The problem is that when I apply this configuration, the DNS service does not resolve internal or external services.
CodePudding user response:
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: ip-masq-agent
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: ip-masq-agent
template:
metadata:
labels:
k8s-app: ip-masq-agent
spec:
hostNetwork: true
containers:
- name: ip-masq-agent
image: gcr.io/google-containers/ip-masq-agent-amd64:v2.0.0
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN", "NET_RAW"]
volumeMounts:
- name: config
mountPath: /etc/config
volumes:
- name: config
configMap:
# Note this ConfigMap must be created in the same namespace as the daemon pods - this spec uses kube-system
name: ip-masq-agent
optional: true
items:
# The daemon looks for its config in a YAML file at
/etc/config/ip-masq-agent
- key: config
path: ip-masq-agent
CodePudding user response:
$ cat config
nonMasqueradeCIDRs:
resyncInterval: 6s
masqLinkLocal: true
What I'm telling you here is that I mask all the traffic from the pod and direct it to the node interface. So I have scope to the IP of the database.
kubectl exec -it dnsutils -- ping 10.216.16.54
PING 10.216.16.54 (10.216.16.54) 56(84) bytes of data.
64 bytes from 10.216.16.54: icmp_seq=1 ttl=59 time=0.380 ms
64 bytes from 10.216.16.54: icmp_seq=2 ttl=59 time=0.222 ms
64 bytes from 10.216.16.54: icmp_seq=3 ttl=59 time=0.200 ms
but it does not resolve the dns
kubectl exec -i -t dnsutils -- nslookup kubernetes.default
;; connection timed out; no servers could be reached
command terminated with exit code 1