From 2c532cb74d282caf22e1e56331c8a28e8ba9f6b7 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <mmosesohn@mirantis.com>
Date: Fri, 10 Feb 2017 13:16:19 +0300
Subject: [PATCH] Disable kube_proxy_masquerade_all

Fixes #1012
---
 roles/kubernetes/node/defaults/main.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 98ba2f064..f9842f46c 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -6,8 +6,9 @@ kube_resolv_conf: "/etc/resolv.conf"
 
 kube_proxy_mode: iptables
 
-# If using the pure iptables proxy, SNAT everything
-kube_proxy_masquerade_all: true
+# If using the pure iptables proxy, SNAT everything. Note that it breaks any
+# policy engine.
+kube_proxy_masquerade_all: false
 
 # Limits for kube components and nginx load balancer app
 kubelet_memory_limit: 512M