tatdatpham/snat-iptables-common-pii-daemonset.yaml

## snat-iptables-common-pii-daemonset.yaml
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
  name: snat-iptables-rule
  labels:
    app: snat-iptables-rule
spec:
  template:
    metadata:
      labels:
        app: snat-iptables-rule
    spec:
      hostPID: true
      containers:
        - name: startup-script
          image: gcr.io/google-containers/startup-script:v1
          imagePullPolicy: Always
          securityContext:
            privileged: true
          env:
          - name: STARTUP_SCRIPT
            value: |
              #! /bin/bash
              set -o errexit
              set -o pipefail
              set -o nounset

              echo Starting
              iptables-save | grep -q "Added by Flex" || {
                echo Adding iptables rule sNAT
                iptables -t nat -A POSTROUTING \
                  -d 10.2.0.0/20 \
                  -m comment --comment "Added by Flex: SNAT for outbound traffic from FlexCommon to FlexPII" \
                  -m addrtype ! --dst-type LOCAL -j MASQUERADE
              }
              echo done
	kind: DaemonSet
	apiVersion: extensions/v1beta1
	metadata:
	name: snat-iptables-rule
	labels:
	app: snat-iptables-rule
	spec:
	template:
	metadata:
	labels:
	app: snat-iptables-rule
	spec:
	hostPID: true
	containers:
	- name: startup-script
	image: gcr.io/google-containers/startup-script:v1
	imagePullPolicy: Always
	securityContext:
	privileged: true
	env:
	- name: STARTUP_SCRIPT
	value: \|
	#! /bin/bash
	set -o errexit
	set -o pipefail
	set -o nounset

	echo Starting
	iptables-save \| grep -q "Added by Flex" \|\| {
	echo Adding iptables rule sNAT
	iptables -t nat -A POSTROUTING \
	-d 10.2.0.0/20 \
	-m comment --comment "Added by Flex: SNAT for outbound traffic from FlexCommon to FlexPII" \
	-m addrtype ! --dst-type LOCAL -j MASQUERADE
	}
	echo done