August 15

Lazyjack IPv6 Updates

v1.1

Since its introduction, and as of  V1.2.1 Lazyjack, several new capabilities have been added…

  • Support for PTP CNI plugin. User can specify “ptp” in config.yaml for “General: Plugin”, instead of the default “bridge” setting.
  • DNS64 configuration is stored in a volume, instead of host local file. This provides a more secure setup for the container.
  • Documentation updated to indicate how to use new capabilities, and how to customize cluster setup.
  • NAT64 dynamic IPv4 pool is configurable. The CIDR specified in “nat64: v4_cidr” of config.yaml can be adjusted to allow different subnets to be used, in case of conflicts.
  • Customizable MTU for pod/management network.  The “pod_net: mtu” setting in config.yaml can be used to set the MTU used.
  • Direct access to IPv6 external hosts without using DNS644 prefix. Setting `dns64: allow_aaaa_use` in config.yaml to “true” allows IPv6 capable external sites to be accessed directly.
  • Removed hard-coded Kubernetes version in kubeadm.conf template, so that user can specify version to be used.

Other features, like running kube-proxy in IPVS mode, or selecting CoreDNS as the DNS server, instead of kube-dns, can be enabled, by altering the kubeadm.conf file that is created by the “prepare” step, and then perform the “up” step. see the README.md file for more info.

Note: For security purposes, it is strongly recommended that you set “general: work-area” to an area that has access restricted. The default area, “/tmp”, could be prone to attacks, by users without the required permissions.

 



Copyright 2017-2018. All rights reserved.

Posted August 15, 2018 by pcm in category "Uncategorized