Skip to content

Commit

Permalink
CNI/bridge: Ensure pod communications are allowed
Browse files Browse the repository at this point in the history
  • Loading branch information
maxbrunet committed Mar 23, 2023
1 parent a61befa commit a0e5cd1
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion pkg/minikube/cni/bridge.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,13 @@ import (
// bridge is what minikube defaulted to when `--enable-default-cni=true`
// ref: https://www.cni.dev/plugins/current/main/bridge/
// ref: https://www.cni.dev/plugins/current/meta/portmap/
// ref: https://www.cni.dev/plugins/current/meta/firewall/

// note: "cannot set hairpin mode and promiscuous mode at the same time"
// ref: https://github.com/containernetworking/plugins/blob/7e9ada51e751740541969e1ea5a803cbf45adcf3/plugins/main/bridge/bridge.go#L424
var bridgeConf = template.Must(template.New("bridge").Parse(`
{
"cniVersion": "0.3.1",
"cniVersion": "0.4.0",
"name": "bridge",
"plugins": [
{
Expand All @@ -56,6 +57,11 @@ var bridgeConf = template.Must(template.New("bridge").Parse(`
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall",
"backend": "iptables",
"ingressPolicy": "same-bridge"
}
]
}
Expand Down

0 comments on commit a0e5cd1

Please sign in to comment.