epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-14 13:54:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Feat: add nftable mode in calico (#12255)

Browse Source 
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
This commit is contained in:
ChengHao Yang
2025-06-16 09:54:58 +08:00
committed by GitHub
parent 6fc1abba2e
commit fa880b6bcc
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/network_plugin/calico/templates/calico-node.yml.j2
View File

@@ -275,6 +275,10 @@ spec:
# Enable or disable usage report # Enable or disable usage report
- name: FELIX_USAGEREPORTINGENABLED - name: FELIX_USAGEREPORTINGENABLED
value: "{{ calico_usage_reporting }}" value: "{{ calico_usage_reporting }}"
{% if calico_version is version('3.29.0', '>=') %}
- name: FELIX_NFTABLESMODE
value: "{{ calico_nftable_mode }}"
{% endif %}
# Set MTU for tunnel device used if ipip is enabled # Set MTU for tunnel device used if ipip is enabled
{% if calico_mtu is defined %} {% if calico_mtu is defined %}
# Set MTU for tunnel device used if ipip is enabled # Set MTU for tunnel device used if ipip is enabled

4
roles/network_plugin/calico_defaults/defaults/main.yml
View File

@@ -101,6 +101,10 @@ calico_iptables_lock_timeout_secs: 10
# Choose Calico iptables backend: "Legacy", "Auto" or "NFT" (FELIX_IPTABLESBACKEND) # Choose Calico iptables backend: "Legacy", "Auto" or "NFT" (FELIX_IPTABLESBACKEND)
calico_iptables_backend: "Auto" calico_iptables_backend: "Auto"
# Calico NFTable Mode Support (tech preview 3.29)
# Valid option: Disabled (default), Enabled
calico_nftable_mode: "Disabled"
# Calico Wireguard support # Calico Wireguard support
calico_wireguard_enabled: false calico_wireguard_enabled: false
calico_wireguard_packages: [] calico_wireguard_packages: []