I think flannel and weave HAVE to masquerade when crossing virtual network planes.
Non-overlay solutions don't have to, but there are different tradeoffs. Take a look at Service.spec.externalTrafficPolicy On Sat, Sep 30, 2017 at 6:19 PM, Blade Doyle <blade.do...@gmail.com> wrote: > > Kubernetes 1.6.4 on ubuntu16 - same behavior with both flannel and weave > > I am having problems with some services because from within the pod it > appears that (some/many/all?) inbound connections originate from the gateway > address. > > Gateway: 10.244.0.1 > netstat -anp | grep 10.244.0.1 > tcp 0 0 10.244.0.4:8111 10.244.0.1:9872 > ESTABLISHED 1/xxxx > tcp 0 0 10.244.0.4:8111 10.244.0.1:52620 > ESTABLISHED 1/xxxx > tcp 0 0 10.244.0.4:8111 10.244.0.1:52578 > ESTABLISHED 1/xxxx > ... > ... > > The issue is that the application cares about the source address of the > connection. Because connections from many different sources all appears to > come from the same (gatway) address the app is confused and behaves > incorrectly. > > > Is this expected behavior? Suggestions? Woarkarounds? > > -- > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q&A" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
