New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
configuring interface prefix for egress-masquerade-interfaces does not work as documented #32184
Comments
Thanks for logging this issue @soer3n. It does seem like that should work, by the documentation. Any chance you could drop some more information in about how you've done the install, and where you set the flag etc? Ideally, https://docs.cilium.io/en/stable/operations/troubleshooting/#automatic-log-state-collection will have everything, but otherwise, the details of how you set the flags would be most useful. |
Yes, sure. Here is the configmap which works as expected:
When editing In the following log output i replaced used public ips with a placeholder called Debug Log of a node with
Debug Log of a node with
I hope the information helps. |
Is there an existing issue for this?
What happened?
Hey.
In the documentation there is a note that a prefix would be possible for configuring
egress-masquerade-interfaces
but this doesn't work for us.When using for example
eth+
and enablingenable-masquerade-to-route-source
, the SNAT rules are completely missing on the nodes.It was possible to fix that by setting
egress-masquerade-interfaces
value explicitly to public and private network interface, for exampleeth0 eth1
, which then adds the required SNAT rules.We migrated from flannel to cilium in native routing mode. Therefore we ran cilium without kube-proxy replacement for now. The nodes have a public and private network interface. Cluster traffic is on the private interface. We had issues to reach servers in the same network which are not part of a cluster due to missing masquerading when using
eth+
for example.Cilium Version
v1.15.1
Kernel Version
Linux 5.15.0-102-generic
Kubernetes Version
Client Version: v1.28.2
Server Version: v1.29.3
Regression
No response
Sysdump
No response
Relevant log output
No response
Anything else?
No response
Cilium Users Document
Code of Conduct
The text was updated successfully, but these errors were encountered: