Search code examples
kuberneteskube-proxy

What does kube-proxy `--masquerade-all=true` mean?

The kube-proxy admin page says:

--masquerade-all       If using the pure iptables proxy, SNAT everything

But it does explain in detail.

  • When should I set --masquerade-all to true?
  • And what problem it solves?
  • What could happen if it set --masquerade-all=false? What is the difference compared to --masqurade-all=true?
Solution

  • If you enable this and route the service IP range to your nodes then it will be possible to reach the service IPs from outside of the cluster.

    The discussion is in Issue #24224 and it's implemented in PR 24429.