-
Notifications
You must be signed in to change notification settings - Fork 668
add --without-masquerade option to weave expose
#3388
add --without-masquerade option to weave expose
#3388
Conversation
56e05ce
to
16d5462
Compare
…n executing `weave expose` command
16d5462
to
4b9c533
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great, thanks!
Couple of comments below.
weave
Outdated
ipam_cidrs allocate_no_check_alive weave:expose $CIDR_ARGS | ||
for CIDR in $ALL_CIDRS ; do | ||
call_weave "POST" "/expose/$CIDR" | ||
call_weave "POST" "/expose/$CIDR$skipNAT" |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
.gitignore
Outdated
@@ -36,6 +36,9 @@ coverage.html | |||
# Sed backup files | |||
*.bak | |||
|
|||
# JetBrains/GoLand/IntelliJ project file | |||
.idea |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
Updated to address comments. Let me know if there is anything else. |
@leprechau Thanks for your contribution! Mind explaining why someone would want to skip the creation of the NAT rules? Also, noting that we already have a similar flag, please see: #3298. |
We’re using weave in a standard Docker environment without k8s and want external systems (not part of the weave network) to see the container IP and not the IP of the host. In our specific case we are using a helper written in-house (https://github.com/myENA/aardvark) to publish container routes and update the default route within the container when it starts. |
@leprechau Wouldn't |
@brb Trying now ... I see the flag in |
So, the What I did ...
Result ... traffic leaving the container If I remove the MASQ rules via ...
The traffic shows on external hosts as coming from the container and not from the host. |
@brb Am I missing something in how the |
@leprechau
OK, I misread your requirement - I thought that you want external systems to access containers w/o NAT, this is what the |
@brb yes, I'm wanting hosts outside of the weave network to see traffic that originates from a container on the weave network to see the weave assigned IP address of the container. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Add the ability to skip creation of MASQUERADE rules via iptables when executing the
weave expose
command.