Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-11-12 08:36:36 -05:00
Code Issues Projects Releases Packages Wiki Activity

helm: masq traffic to the mini-qemu-metadata container so that the join-service can retrieve it's metadata (#2782)

Browse source 
* helm: masq traffic to the mini-qemu-metadata container

* ci: fix waiting for nodes in miniconstellation e2e test
This commit is contained in:
3u13r 2024-01-02 14:33:03 +01:00 committed by GitHub
parent 4d8f45cff6
commit 45479b307e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

11
internal/constellation/helm/overrides.go
View file

@ -59,9 +59,18 @@ func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, ou
extraVals["encryption"] = map[string]any{
"strictMode": strictMode,
}
// On QEMU e.g. the join-service must talk to our mini-qemu-metadata docker container
// This container runs inside the node CIDR, so we need to masq any pod traffic to it
// with the node's IP address. To archive that, we override Cilium's default masq ranges
// with an empty list.
masqCIDRs := []string{}
if provider != cloudprovider.QEMU {
masqCIDRs = append(masqCIDRs, output.IPCidrNode)
}
extraVals["ipMasqAgent"] = map[string]any{
"config": map[string]any{
"nonMasqueradeCIDRs": []string{output.IPCidrNode},
"nonMasqueradeCIDRs": masqCIDRs,
},
}