Networking Requirements for Host Gateway (L2bridge)
This section describes how to configure custom Windows clusters that are using Host Gateway (L2bridge) mode.
Disabling Private IP Address Checks
If you are using Host Gateway (L2bridge) mode and hosting your nodes on any of the cloud services listed below, you must disable the private IP address checks for both your Linux or Windows hosts on startup. To disable this check for each node, follow the directions provided by each service below.
| Service | Directions to disable private IP address checks |
|---|---|
Amazon EC2 |
|
Google GCE |
Enabling IP Forwarding for Instances (By default, a VM cannot forward a packet originated by another VM) |
Azure VM |
Cloud-hosted VM Routes Configuration
If you are using the Host Gateway (L2bridge) backend of Flannel, all containers on the same node belong to a private subnet, and traffic routes from a subnet on one node to a subnet on another node through the host network.
-
When worker nodes are provisioned on AWS, virtualization clusters, or bare metal servers, make sure they belong to the same layer 2 subnet. If the nodes don’t belong to the same layer 2 subnet,
host-gwnetworking will not work. -
When worker nodes are provisioned on GCE or Azure, they are not on the same layer 2 subnet. Nodes on GCE and Azure belong to a routable layer 3 network. Follow the instructions below to configure GCE and Azure so that the cloud network knows how to route the host subnets on each node.
To configure host subnet routing on GCE or Azure, first run the following command to find out the host subnets on each worker node:
kubectl get nodes -o custom-columns=nodeName:.metadata.name,nodeIP:status.addresses[0].address,routeDestination:.spec.podCIDRThen follow the instructions for each cloud provider to configure routing rules for each node:
| Service | Instructions |
|---|---|
Google GCE |
For GCE, add a static route for each node: Adding a Static Route. |
Azure VM |
For Azure, create a routing table: Custom Routes: User-defined. |