Retain Source IP of incoming connections

[katsumag]

Hello, I would like to retain the source IP of incoming connections.

Currently, the source address of all incoming connections is set to 10.88.0.1 (10.88.0.0/16 is the address range of my pods), which is the address of the network bridge device (as far as I can tell).

Doing some Googling around this issue, I found it was suggested to make sure that kube-proxy is running in iptables mode, which it is. I have also tried to set the spec.externalTrafficPolicy: Local option on the NodePort service which exposes my pod, to no avail.

After digging around the Usernetes config and boot directories, I have found that IP Masquerading is enabled in two places (as far as I can see):

• The bridge device at config/cni_net.d/50-bridge.conf has ip-masq: true
• boot/flanneld.sh has --ip-masq set

I've also seen from this issue that setting --port-driver=slirp4netns inside of boot/rootlesskit.sh may be helpful.

I have tried changing all three of these values, and using every combination of them, to no avail. In most cases, u7s.target fails to start, or in the only time I could get it to launch, DNS records for services no longer existed, or at least weren't usable from inside pods.

Could you show me how this can achieved please?