diff --git a/e2e/lib.sh b/e2e/lib.sh index 9fc9e776..afee71de 100755 --- a/e2e/lib.sh +++ b/e2e/lib.sh @@ -135,7 +135,14 @@ create_cluster() { block_until_ready_by_name default curl || return 1 _kubectl taint node $KIND_CLUSTER-control-plane node-role.kubernetes.io/control-plane:NoSchedule- _kubectl apply -f https://raw.githubusercontent.com/kilo-io/adjacency/main/example.yaml - block_until_ready_by_name default adjacency + block_until_ready_by_name default adjacency || return 1 + # Install node-local-dns + # shellcheck disable=SC2155 + local kubedns=$(_kubectl get svc kube-dns -n kube-system -o jsonpath='{.spec.clusterIP}') + local localdns=169.254.20.10 + local domain=cluster.local + curl -L https://raw.githubusercontent.com/kubernetes/kubernetes/82a636f1f3c27f511221642d13d91dd09d111fb3/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml | sed "s/__PILLAR__LOCAL__DNS__/$localdns/g; s/__PILLAR__DNS__DOMAIN__/$domain/g; s/__PILLAR__DNS__SERVER__/$kubedns/g" | _kubectl apply -f - + block_until_ready kube_system k8s-app=node-local-dns } delete_cluster () { diff --git a/pkg/mesh/routes.go b/pkg/mesh/routes.go index 279c3d0e..280d04b9 100644 --- a/pkg/mesh/routes.go +++ b/pkg/mesh/routes.go @@ -334,6 +334,7 @@ func (t *Topology) Rules(cni, iptablesForwardRule bool) iptables.RuleSet { rules.AddToAppend(iptables.NewIPv6Chain("nat", "KILO-NAT")) if cni { rules.AddToPrepend(iptables.NewRule(iptables.GetProtocol(t.subnet.IP), "nat", "POSTROUTING", "-s", t.subnet.String(), "-m", "comment", "--comment", "Kilo: jump to KILO-NAT chain", "-j", "KILO-NAT")) + rules.AddToPrepend(iptables.NewRule(iptables.GetProtocol(t.privateIP.IP), "nat", "POSTROUTING", "-s", t.privateIP.String(), "-m", "comment", "--comment", "Kilo: jump to KILO-NAT chain", "-j", "KILO-NAT")) // Some linux distros or docker will set forward DROP in the filter table. // To still be able to have pod to pod communication we need to ALLOW packets from and to pod CIDRs within a location. // Leader nodes will forward packets from all nodes within a location because they act as a gateway for them.