mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2025-12-13 21:34:40 +03:00
6d37c3cde6
This new version uses the same base image as kube-proxy
(k8s.gcr.io/build-image/debian-iptables)
This allow to automatically pick iptables-legacy or iptables-nft,
and be compatible with RHEL/CentOS 8
https://github.com/kubernetes/dns/pull/367
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit e909f84966)
547 B
547 B
RHEL / CentOS 8
RHEL / CentOS 8 ships only with iptables-nft (ie without iptables-legacy)
The only tested configuration for now is using Calico CNI
You need to use K8S 1.17+ and to add calico_iptables_backend: "NFT" or calico_iptables_backend: "Auto" to your configuration
If you have containers that are using iptables in the host network namespace (hostNetwork=true),
you need to ensure they are using iptables-nft.
An example how k8s do the autodetection can be found in this PR