hack: add setup_node_nft_masq

hongliangl · Apr 30, 2021 · 801e754 · 801e754
1 parent d3f47f2
commit 801e754
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/hack/kpng-local-up.sh b/hack/kpng-local-up.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 # build the kpng image...
 
-IMAGE="jayunit100/kpng-server:latest"
+: ${IMAGE:="jayunit100/kpng-server:latest"}
 
 function setup_k8s {
     # make a gopath if not one existing...
@@ -32,6 +32,7 @@ function build {
 
 function install {
     # substitute it with your changes...
+    echo "Applying template with KPNG_IMAGE=$IMAGE"
     cat kpng-deployment-ds.yaml.tmpl | sed "s,KPNG_IMAGE,$IMAGE," > kpng-deployment-ds.yaml
 
     kubectl -n kube-system create sa kpng

diff --git a/hack/setup_node_nft_masq b/hack/setup_node_nft_masq
@@ -0,0 +1,21 @@
+#! /bin/sh
+# this script sets a basic masquerading for pods to reach the outside
+
+set -ex
+apt update
+apt install -y nftables
+
+nft -f - <<EOF
+table ip filter {
+  chain postrouting {
+    type nat hook postrouting priority 0; policy accept;
+    oif "eth0" masquerade
+  }
+}
+table ip6 filter6 {
+  chain postrouting {
+    type nat hook postrouting priority 0; policy accept;
+    oif "eth0" masquerade
+  }
+}
+EOF