kind icon indicating copy to clipboard operation
kind copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Allow kubeProxyMode: "nftables" in the networking configuration

Open uablrek opened this issue 1 year ago • 6 comments

What would you like to be added:

The nftables proxier is added in "alpha" with feature-gate NFTablesProxyMode in K8s v1.29. When it becomes more available, it should be possible to specify:

networking:
  kubeProxyMode: "nftables"

in the kind configuration.

Why is this needed:

For improved UE

Background

To try the nftables proxier before this feature, please use:

featureGates:
  "NFTablesProxyMode": true
nodes:
- role: control-plane
  kubeadmConfigPatches:
  - |
    kind: KubeProxyConfiguration
    mode: "nftables"
    nftables:
      masqueradeAll: false
      masqueradeBit: 14
      minSyncPeriod: 1s
      syncPeriod: 30s

and, use an image built on "master" or K8s v1.29 or later.

Please see also the thread in slack.

uablrek avatar Nov 27 '23 14:11 uablrek

/assign @aojea

uablrek avatar Nov 27 '23 14:11 uablrek

@uablrek since we are already in 1.30 , can you add the new proxy mode?

https://github.com/kubernetes-sigs/kind/blob/40c81f187425254daf2bf84360a6257a278252df/pkg/apis/config/v1alpha4/types.go#L212-L215

aojea avatar Jan 03 '24 23:01 aojea

/assign @uablrek

aojea avatar Jan 03 '24 23:01 aojea

@uablrek oh wait, I read now the slack thread, I forgot the option is feature gated, despite we allow the option we also have to enable the feature gate to be able to use it ... not a nice if :/

aojea avatar Jan 04 '24 09:01 aojea

You could add the enum value now and just note that it also requires setting a feature gate for now.

danwinship avatar Jan 04 '24 14:01 danwinship

les jobs kubernetes/test-infra#31539

the experience is that people don't read and they will be opening bugs, is just because of that, for our needs we can just go with this https://github.com/kubernetes/test-infra/pull/31539

aojea avatar Jan 04 '24 14:01 aojea