Kops: [Feature Request]: Docker networking (ipTables, ipMasq) on Instance Group level.

Created on 31 Aug 2020  路  5Comments  路  Source: kubernetes/kops

1. Describe IN DETAIL the feature/behavior/change you would like to see.
Release 1.18 has changed default iptables rules. According to docs - to re-enable internet access for docker run containers we need updated cluster level config :

apiVersion: kops.k8s.io/v1alpha2
kind: Cluster
metadata:
  name: foo.dev
spec:
spec:
  docker:
    ipMasq: true
    ipTables: true

I'd like to have an option to configure this rule on a specific Instance Group only.

good first issue hacktoberfest help wanted kinfeature
Source
picture iusergii
👍3

All 5 comments

Thanks for adding this @iusergii
/assign

hakman picture hakman on 1 Sep 2020
1

Just want to +1 on this.

We have some containers that require direct docker socket access to work. To reduce security impact, they are scheduled on dedicated IGs and we don't want to open docker on any other IGs in the cluster.

yuha0 picture yuha0 on 24 Sep 2020

I think this would be a good issue for Hacktoberfest #9920

rifelpet picture rifelpet on 27 Sep 2020
👍1

@rifelpet I'd like to pick this one, can you assign it to me ?

monicagangwar picture monicagangwar on 8 Oct 2020

/assign @monicagangwar

Thanks for picking this up! Feel free to reach out if you have any questions. There is a similar set of fields for Kubelet in the ClusterSpec and InstanceGroupSpec that we could follow as a pattern.

rifelpet picture rifelpet on 8 Oct 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

DocValerian picture DocValerian  路  4Comments
drewfisher314 picture drewfisher314  路  4Comments
argusua picture argusua  路  5Comments
chrislovecnm picture chrislovecnm  路  3Comments
joshbranham picture joshbranham  路  3Comments