github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6248939e11
kubernetes/pkg/kubelet/network
History
Dan Williams 6248939e11 Push responsibility for bridge-nf-call-iptables to kubelet network plugins 
bridge-nf-call-iptables appears to only be relevant when the containers are
attached to a Linux bridge, which is usually the case with default Kubernetes
setups, docker, and flannel.  That ensures that the container traffic is
actually subject to the iptables rules since it traverses a Linux bridge
and bridged traffic is only subject to iptables when bridge-nf-call-iptables=1.

But with other networking solutions (like openshift-sdn) that don't use Linux
bridges, bridge-nf-call-iptables may not be not relevant, because iptables is
invoked at other points not involving a Linux bridge.

The decision to set bridge-nf-call-iptables should be influenced by networking
plugins, so push the responsiblity out to them.  If no network plugin is
specified, fall back to the existing bridge-nf-call-iptables=1 behavior.
2016-02-23 09:34:59 -06:00
..
cni rename release_1_2 to internalclientset 2016-02-05 14:02:28 -08:00
exec Send PodCIDR to network plugins as an event 2016-02-03 10:08:07 -06:00
hairpin Don't print hairpin_mode error when not using Linux bridges 2016-01-25 09:01:34 -05:00
kubenet Add a network plugin that duplicates "configureCBR0" functionality 2016-02-03 10:08:08 -06:00
plugins_test.go Make copyright ownership statement generic 2015-05-01 17:49:56 -04:00
plugins.go Push responsibility for bridge-nf-call-iptables to kubelet network plugins 2016-02-23 09:34:59 -06:00
testing.go rename release_1_2 to internalclientset 2016-02-05 14:02:28 -08:00