当前位置:网站首页>[tke] whether to configure SNAT when the container accesses services outside the node
[tke] whether to configure SNAT when the container accesses services outside the node
2022-06-24 16:38:00 【jokey】
Applicable scenarios
stay TKE Whether it's Global Router still VPC-CNI Network mode , Access the cluster in the container VPC By default, the network segment and container network segment do not SNAT Of , But in addition, you can access other network segments SNAT Of , In some business scenarios, the container source needs to be preserved IP when , We need to modify the relevant configuration to avoid accessing some IP Or network segment SNAT, Thus, the container source is preserved IP The needs of .
Operation steps
When available kubectl Connected to a clustered environment , Execute the following command in the resource "NonMasqueradeCIDRs" Add don't want to do... To the field list SNAT The purpose of the visit IP Or network segment . Corresponding , If you want to access a specific network segment SNAT, Delete a specific network segment from the list :
kubectl edit cm ip-masq-agent-config -n kube-system
The modification description is shown in the following figure ( Be careful YAML Format ):
wait for "ResyncInterval" cycle time ( Default 1 minute ) Post test to see if the configuration is effective .
边栏推荐
- Fastjson vulnerability utilization techniques
- 6 things all engineers should know before FEA
- Fastjson 漏洞利用技巧
- Leetcode notes of Google boss | necessary for school recruitment!
- Principle analysis of robot hardware in the loop system
- [tke] troubleshooting tips for container problems
- MySQL date timestamp conversion
- Coding's first closed door meeting on financial technology exchange was successfully held
- ThinkPHP 漏洞利用工具
- A survey of training on graphs: taxonomy, methods, and Applications
猜你喜欢
Applet wxss
C. Three displays codeforces round 485 (Div. 2)
MySQL Advanced Series: Locks - Locks in InnoDB
![[go] concurrent programming channel](/img/6a/d62678467bbc6dfb6a50ae42bacc96.jpg)
[go] concurrent programming channel
A survey on model compression for natural language processing (NLP model compression overview)
B. Terry sequence (thinking + greed) codeforces round 665 (Div. 2)
ZOJ - 4104 sequence in the pocket
Problems encountered in the work of product manager
MySQL Advanced Series: locks - locks in InnoDB
C. K-th Not Divisible by n(数学+思维) Codeforces Round #640 (Div. 4)
随机推荐
Where is the most formal and safe account opening for speculation futures? How to open a futures account?
6 things all engineers should know before FEA
Inter thread communication of embedded development foundation
Leetcode notes of Google boss | necessary for school recruitment!
Memo list: useful commands for ffmpeg command line tools
How do HPE servers make RAID5 arrays? Teach you step by step today!
SQL multi table updating data is very slow
Abnormal dockgeddon causes CPU 100%
Is Shanjin futures safe? What are the procedures for opening futures accounts? How to reduce the futures commission?
FPGA project development: experience sharing of lmk04821 chip project development based on jesd204b (I)
Kubernetes popular series: getting started with container Foundation
TRTC web end imitation Tencent conference microphone mute detection
Heavy release! Tencent cloud ASW workflow, visual orchestration cloud service
对深度可分离卷积、分组卷积、扩张卷积、转置卷积(反卷积)的理解
Mathematics in machine learning -- point estimation (IV): maximum posteriori probability (map)
MySQL進階系列:鎖-InnoDB中鎖的情况
Transpose convolution explanation
The mystery of redis data migration capacity
API documents are simple and beautiful. It only needs three steps to open
Saying "Dharma" Today: the little "secret" of paramter and localparam