cloudnativelabs · murali-reddy · Sep 7, 2017 · Sep 7, 2017
diff --git a/Documentation/README.md b/Documentation/README.md
@@ -117,6 +117,7 @@ Usage of ./kube-router:
     --run-firewall                    Enables Network Policy -- sets up iptables to provide ingress firewall for pods. (default true)
     --run-router                      Enables Pod Networking -- Advertises and learns the routes to Pods via iBGP. (default true)
     --run-service-proxy               Enables Service Proxy -- sets up IPVS for Kubernetes Services. (default true)
+    --nodeport-bindon-all-ip          For service of NodePort type create IPVS service that listens on all IP's of the node. (default false)
 ```
 
 ### requirements

diff --git a/app/controllers/network_services_controller.go b/app/controllers/network_services_controller.go
@@ -67,16 +67,17 @@ var (
 
 // NetworkServicesController struct stores information needed by the controller
 type NetworkServicesController struct {
-	nodeIP        net.IP
-	nodeHostName  string
-	syncPeriod    time.Duration
-	mu            sync.Mutex
-	serviceMap    serviceInfoMap
-	endpointsMap  endpointsInfoMap
-	podCidr       string
-	masqueradeAll bool
-	globalHairpin bool
-	client        *kubernetes.Clientset
+	nodeIP              net.IP
+	nodeHostName        string
+	syncPeriod          time.Duration
+	mu                  sync.Mutex
+	serviceMap          serviceInfoMap
+	endpointsMap        endpointsInfoMap
+	podCidr             string
+	masqueradeAll       bool
+	globalHairpin       bool
+	client              *kubernetes.Clientset
+	nodeportBindOnAllIp bool
 }
 
 // internal representation of kubernetes service
@@ -262,12 +263,20 @@ func (nsc *NetworkServicesController) syncIpvsServices(serviceInfoMap serviceInf
 		var ipvsNodeportSvc *ipvs.Service
 		var nodeServiceId string
 		if svc.nodePort != 0 {
-			ipvsNodeportSvc, err = ipvsAddService(nsc.nodeIP, protocol, uint16(svc.nodePort), svc.sessionAffinity)
+			var vip net.IP
+			if vip = nsc.nodeIP; nsc.nodeportBindOnAllIp {
+				vip = net.ParseIP("127.0.0.1")
+			}
+			ipvsNodeportSvc, err = ipvsAddService(vip, protocol, uint16(svc.nodePort), svc.sessionAffinity)
 			if err != nil {
 				glog.Errorf("Failed to create ipvs service for node port")
 				continue
 			}
-			nodeServiceId = generateIpPortId(nsc.nodeIP.String(), svc.protocol, strconv.Itoa(svc.nodePort))
+			if nsc.nodeportBindOnAllIp {
+				nodeServiceId = generateIpPortId("127.0.0.1", svc.protocol, strconv.Itoa(svc.nodePort))
+			} else {
+				nodeServiceId = generateIpPortId(nsc.nodeIP.String(), svc.protocol, strconv.Itoa(svc.nodePort))
+			}
 			activeServiceEndpointMap[nodeServiceId] = make([]string, 0)
 		}
 
@@ -845,6 +854,10 @@ func NewNetworkServicesController(clientset *kubernetes.Clientset, config *optio
 		nsc.masqueradeAll = true
 	}
 
+	if config.NodePortBindOnAllIp {
+		nsc.nodeportBindOnAllIp = true
+	}
+
 	if config.RunRouter {
 		cidr, err := utils.GetPodCidrFromNodeSpec(nsc.client, config.HostnameOverride)
 		if err != nil {

diff --git a/app/options/options.go b/app/options/options.go
@@ -7,27 +7,28 @@ import (
 )
 
 type KubeRouterConfig struct {
-	HelpRequested      bool
-	Kubeconfig         string
-	Master             string
-	ConfigSyncPeriod   time.Duration
-	CleanupConfig      bool
-	IPTablesSyncPeriod time.Duration
-	IpvsSyncPeriod     time.Duration
-	RoutesSyncPeriod   time.Duration
-	RunServiceProxy    bool
-	RunFirewall        bool
-	RunRouter          bool
-	MasqueradeAll      bool
-	ClusterCIDR        string
-	EnablePodEgress    bool
-	HostnameOverride   string
-	AdvertiseClusterIp bool
-	PeerRouter         string
-	ClusterAsn         string
-	PeerAsn            string
-	FullMeshMode       bool
-	GlobalHairpinMode  bool
+	HelpRequested       bool
+	Kubeconfig          string
+	Master              string
+	ConfigSyncPeriod    time.Duration
+	CleanupConfig       bool
+	IPTablesSyncPeriod  time.Duration
+	IpvsSyncPeriod      time.Duration
+	RoutesSyncPeriod    time.Duration
+	RunServiceProxy     bool
+	RunFirewall         bool
+	RunRouter           bool
+	MasqueradeAll       bool
+	ClusterCIDR         string
+	EnablePodEgress     bool
+	HostnameOverride    string
+	AdvertiseClusterIp  bool
+	PeerRouter          string
+	ClusterAsn          string
+	PeerAsn             string
+	FullMeshMode        bool
+	GlobalHairpinMode   bool
+	NodePortBindOnAllIp bool
 }
 
 func NewKubeRouterConfig() *KubeRouterConfig {
@@ -81,4 +82,6 @@ func (s *KubeRouterConfig) AddFlags(fs *pflag.FlagSet) {
 		"Overrides the NodeName of the node. Set this if kube-router is unable to determine your NodeName automatically.")
 	fs.BoolVar(&s.GlobalHairpinMode, "hairpin-mode", false,
 		"Add iptable rules for every Service Endpoint to support hairpin traffic.")
+	fs.BoolVar(&s.NodePortBindOnAllIp, "nodeport-bindon-all-ip", false,
+		"For service of NodePort type create IPVS service that listens on all IP's of the node.")
 }