I'd like to propose moving mtaufen/non-masquerade-daemon under the kubernetes-incubator/ org. As this is a network configuration daemon, I believe this effort belongs under sig-network.
The OWNERS file in the above repo should serve as the OWNERS file for this proposal. The README in the above repo provides more details, but I'll summarize here:
This daemon solves the problem of configuring the CIDR ranges for non-masquerade in a cluster (via iptables rules). Today, this is accomplished by passing a --non-masquerade-cidr flag to the Kubelet, which only allows one CIDR to be configured as non-masquerade. RFC 1918, however, defines three ranges (10/8, 172.16/12, 192.168/16) for the private IP address space.
Some users will want to communicate between these ranges without masquerade - for instance, if an organization's existing network uses the 10/8 range, they may wish to run their cluster and Pods in 192.168/16 to avoid IP conflicts. They will also want these Pods to be able to communicate efficiently (no masquerade) with each-other and with their existing network resources in 10/8. This requires that every node in their cluster skips masquerade for both ranges.
We are trying to eliminate networking code from the Kubelet, so rather than extend the Kubelet to accept multiple CIDRs, mtaufen/non-masquerade-daemon allows you to run a DaemonSet that configures a list of CIDRs as non-masquerade.
let-me-masquerade-that-for-you? ;)I like
ip-masquerade-agentorip-masquerade-daemon.controller/configuratorhave too many syllables.ip-masquerade-ctl?