IP masquerade agent not applied to new node pool


After changing the number of nodes in the pool to 0 and scaled up again, you observed that the new nodes do not have IP masq configuration.

The ip masq agent DaemonSet shows DaemonSet has no nodes selected  status when checked via Kubernetes Engine > Object Browser > apps > DaemonSet.


  • Google Kubernetes Engine


Confirm the nodeSelector label specified at the DaemonSet object:

  1. The IP masq agent DaemonSet can be automatically installed when the Google Kubernetes Engine cluster satisfies certain conditions. When it is installed automatically the DaemonSet specifies a nodeSelector with 2 conditions:
    • beta.kubernetes.io/os: "linux"
       (value depends on the operating system).
    • node.kubernetes.io/masq-agent-ds-ready=true.
       The node controller is responsible for adding this  label when a new node is created.
  2. When ip-masq-agent DaemonSet is manually installed, the nodeSelector label depends on your configuration. If you have manually installed the ip-masq-agent with node selectors, then based on your use case you can either:
    • Remove the node selector label.
    • Create the node pool with the label.

For applying a simpler configuration without using a node selector, you can refer to the example yaml file in the public documentation. It will create a DaemonSet named ip-masq-agent that is running on all nodes.

When creating the node pool, you can specify kubernetes labels under the Metadata section. So that even though the node pool scales down and up, the nodes will preserve the labels.


The DaemonSet's node selector rules are currently set where none of the currently available nodes meets those rules.