diff --git a/docs/calico.md b/docs/calico.md
index a93b5cf5e32f8774f593515ac1d585b398bced16..1473e49fb528eb13d7b5e6df333837994ed351ad 100644
--- a/docs/calico.md
+++ b/docs/calico.md
@@ -72,9 +72,14 @@ calico_pool_cidr_ipv6: fd85:ee78:d8a6:8607::1:0000/112
In some cases you may want to route the pods subnet and so NAT is not needed on the nodes.
For instance if you have a cluster spread on different locations and you want your pods to talk each other no matter where they are located.
-The following variables need to be set:
-`peer_with_router` to enable the peering with the datacenter's border router (default value: false).
-you'll need to edit the inventory and add a hostvar `local_as` by node.
+The following variables need to be set as follow:
+
+```yml
+peer_with_router: true # enable the peering with the datacenter's border router (default value: false).
+nat_outgoing: false # (optional) NAT outgoing (default value: true).
+```
+
+And you'll need to edit the inventory and add a hostvar `local_as` by node.
```ShellSession
node1 ansible_ssh_host=95.54.0.12 local_as=xxxxxx
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index 0405199189fa429985880fffad969108f8297770..d55c910ac2fdc386139d5bd70c5b1640840ae34a 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -227,7 +227,7 @@
"cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
"ipipMode": "{{ calico_ipip_mode }}",
"vxlanMode": "{{ calico_vxlan_mode }}",
- "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }}
+ "natOutgoing": {{ nat_outgoing|default(false) }}
}
}
@@ -266,7 +266,7 @@
"cidr": "{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}",
"ipipMode": "{{ calico_ipip_mode_ipv6 }}",
"vxlanMode": "{{ calico_vxlan_mode_ipv6 }}",
- "natOutgoing": {{ nat_outgoing_ipv6|default(false) and not peer_with_router_ipv6|default(false) }}
+ "natOutgoing": {{ nat_outgoing_ipv6|default(false) }}
}
}