Per discussion from sig-datapath 2020-05-20:
Goal: User-friendly
- Easy to explain
- Easy to observe
- Out-of-the-box for common cloud options
- Use default route,
- K8s node IP
Feature enablement per-device:
- Host fw
- Always enable if CLI flag specified
- XDP
- Only select devices with native XDP support
- User must specify flag to enable feature, autodetect device
- How to override device?
- Masquerade
- Should be run on device with default route
- Primary use: delivering when source is not routable
- Currently relies on nodeport implementation. Desire to split out but not feasible for v1.8.
- Autodetect based on default route
--egress-masquerade-interfaces to override
- V1.8 known limitation: Will autoenable nodeport on this device. We can improve this in v1.9.
- Nodeport
- Should be run on devices where in-cluster communication is performed
- Detect based on devices with k8s IPs in use, apply there. OR user specifies --devices=...
The above is copied from the meeting notes; @brb should have more context but if any of the above is ambiguous then let's discuss on-issue.
Per discussion from sig-datapath 2020-05-20:
Goal: User-friendly
Feature enablement per-device:
--egress-masquerade-interfacesto overrideThe above is copied from the meeting notes; @brb should have more context but if any of the above is ambiguous then let's discuss on-issue.