====== 17 Kubernetes IPマスカレード ======

Kubernetes作成したばかりだと、コンテナから外部へ通信できない。
そのためIPマスカレード設定を入れてあげる。


===== 1. DaemonSet用意 =====


<code|DaemonSet.yaml>
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: ip-masq-agent
  namespace: kube-system
spec:
  selector:
    matchLabels:
      k8s-app: ip-masq-agent
  template:
    metadata:
      labels:
        k8s-app: ip-masq-agent
    spec:
      hostNetwork: true
      containers:
      - name: ip-masq-agent
        image: gcr.io/google-containers/ip-masq-agent-amd64:v2.5.0
        args:
            - --masq-chain=IP-MASQ
            # To non-masquerade reserved IP ranges by default, uncomment the line below.
            # - --nomasq-all-reserved-ranges
        securityContext:
          privileged: true
        volumeMounts:
          - name: config
            mountPath: /etc/config
      volumes:
        - name: config
          configMap:
            # Note this ConfigMap must be created in the same namespace as the
            # daemon pods - this spec uses kube-system
            name: ip-masq-agent
            optional: true
            items:
              # The daemon looks for its config in a YAML file at /etc/config/ip-masq-agent
              - key: config
                path: ip-masq-agent
      tolerations:
      - effect: NoSchedule
        operator: Exists
      - effect: NoExecute
        operator: Exists
      - key: "CriticalAddonsOnly"
        operator: "Exists"
</code>

==== create ====

<code>
kubectl create -f DaemonSet.yaml
</code>


===== 2.ConfigMap作成 =====

==== config ====

<code|config>
nonMasqueradeCIDRs:
      - 10.0.0.0/8
resyncInterval: 60s
</code>

<code>
kubectl create configmap ip-masq-agent \
  --from-file config \
  --namespace kube-system
</code>

{{tag>Kubernetes Nat}}