From 9fe0d74473a4157e658e920bdfa8b6b960b8876f Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Mon, 6 Jul 2015 12:48:59 -0700 Subject: [PATCH] Update networking doc wrt --configure-cbr0 --- docs/networking.md | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/docs/networking.md b/docs/networking.md index 12d030130f..43e32545a4 100644 --- a/docs/networking.md +++ b/docs/networking.md @@ -96,24 +96,16 @@ outbound internet access. A linux bridge (called `cbr0`) is configured to exist on that subnet, and is passed to docker's `--bridge` flag. We start Docker with: - ``` - DOCKER_OPTS="--bridge cbr0 --iptables=false --ip-masq=false" + DOCKER_OPTS="--bridge=cbr0 --iptables=false --ip-masq=false" ``` -We set up this bridge on each node with SaltStack, in -[container_bridge.py](../cluster/saltbase/salt/_states/container_bridge.py). +This bridge is created by Kubelet (controlled by the `--configure-cbr0=true` +flag) according to the `Node`'s `spec.podCIDR`. -``` -cbr0: - container_bridge.ensure: - - cidr: {{ grains['cbr-cidr'] }} - - mtu: 1460 -``` - -Docker will now allocate `Pod` IPs from the `cbr-cidr` block. Containers -can reach each other and `Nodes` over the `cbr0` bridge. Those IPs are all -routable within the GCE project network. +Docker will now allocate IPs from the `cbr-cidr` block. Containers can reach +each other and `Nodes` over the `cbr0` bridge. Those IPs are all routable +within the GCE project network. GCE itself does not know anything about these IPs, though, so it will not NAT them for outbound internet traffic. To achieve that we use an iptables rule to