このページの翻訳:
- 日本語 (ja)
- English (en)
最近の更新
- 02 Apache2で自己認証ssl [中間証明書の整合性確認]
最近の更新
Kubernetes作成したばかりだと、コンテナから外部へ通信できない。
そのためIPマスカレード設定を入れてあげる。
DaemonSet.yaml
apiVersion: apps/v1 kind: DaemonSet metadata: name: ip-masq-agent namespace: kube-system spec: selector: matchLabels: k8s-app: ip-masq-agent template: metadata: labels: k8s-app: ip-masq-agent spec: hostNetwork: true containers: - name: ip-masq-agent image: gcr.io/google-containers/ip-masq-agent-amd64:v2.5.0 args: - --masq-chain=IP-MASQ # To non-masquerade reserved IP ranges by default, uncomment the line below. # - --nomasq-all-reserved-ranges securityContext: privileged: true volumeMounts: - name: config mountPath: /etc/config volumes: - name: config configMap: # Note this ConfigMap must be created in the same namespace as the # daemon pods - this spec uses kube-system name: ip-masq-agent optional: true items: # The daemon looks for its config in a YAML file at /etc/config/ip-masq-agent - key: config path: ip-masq-agent tolerations: - effect: NoSchedule operator: Exists - effect: NoExecute operator: Exists - key: "CriticalAddonsOnly" operator: "Exists"
kubectl create -f DaemonSet.yaml
config
nonMasqueradeCIDRs: - 10.0.0.0/8 resyncInterval: 60s
kubectl create configmap ip-masq-agent \ --from-file config \ --namespace kube-system