当前位置:网站首页>[tke] whether to configure SNAT when the container accesses services outside the node
[tke] whether to configure SNAT when the container accesses services outside the node
2022-06-24 16:38:00 【jokey】
Applicable scenarios
stay TKE Whether it's Global Router still VPC-CNI Network mode , Access the cluster in the container VPC By default, the network segment and container network segment do not SNAT Of , But in addition, you can access other network segments SNAT Of , In some business scenarios, the container source needs to be preserved IP when , We need to modify the relevant configuration to avoid accessing some IP Or network segment SNAT, Thus, the container source is preserved IP The needs of .
Operation steps
When available kubectl Connected to a clustered environment , Execute the following command in the resource "NonMasqueradeCIDRs" Add don't want to do... To the field list SNAT The purpose of the visit IP Or network segment . Corresponding , If you want to access a specific network segment SNAT, Delete a specific network segment from the list :
kubectl edit cm ip-masq-agent-config -n kube-system
The modification description is shown in the following figure ( Be careful YAML Format ):
wait for "ResyncInterval" cycle time ( Default 1 minute ) Post test to see if the configuration is effective .
边栏推荐
- Recent progress of ffmpeg go
- D. Solve the maze (thinking +bfs) codeforces round 648 (Div. 2)
- What is thermal data detection?
- Where is the most formal and safe account opening for speculation futures? How to open a futures account?
- What is the difference between optical fiber jumper and copper wire
- Principle analysis of robot hardware in the loop system
- Virtual machine virtual disk recovery case tutorial
- MySQL Advanced Series: locks - locks in InnoDB
- Fastjson 漏洞利用技巧
- What is the difference between a network card and a port
猜你喜欢
Advanced programmers must know and master. This article explains in detail the principle of MySQL master-slave synchronization
MySQL Advanced Series: Locks - Locks in InnoDB
Some adventurer hybrid versions with potential safety hazards will be recalled
Cognition and difference of service number, subscription number, applet and enterprise number (enterprise wechat)
MySQL進階系列:鎖-InnoDB中鎖的情况
C. K-th not divisible by n (Mathematics + thinking) codeforces round 640 (Div. 4)
Applet - use of template
MySQL Advanced Series: locks - locks in InnoDB
Problems encountered in the work of product manager
A survey of training on graphs: taxonomy, methods, and Applications
随机推荐
Introduction to koa (IV) koa operation database
A survey of training on graphs: taxonomy, methods, and Applications
Recent progress of ffmpeg go
Memo list: useful commands for ffmpeg command line tools
Modern finite element analysis can easily achieve accurate results
PyTorch中的转置卷积详解
How do HPE servers make RAID5 arrays? Teach you step by step today!
FPGA project development: experience sharing of lmk04821 chip project development based on jesd204b (I)
What is a framework?
Ui- first lesson
SQL multi table updating data is very slow
Summer Challenge harmonyos - to do list with date effect
Transpose convolution explanation
What is a server
Global and Chinese markets of Leyte coin exchange 2022-2028: Research Report on technology, participants, trends, market size and share
Batch BOM Bapi test
What is a reptile
Clickhouse high performance column storage core principle
Enterprise security attack surface analysis tool
Tencent on the other hand, I was puzzled by the "horse race" problem