You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is currently an alpha-level feature and while it probably will not eat your data, it may nibble at it a bit. (It passes e2e testing but has not yet seen real-world use.)
At this point it should be functionally mostly identical to the iptables mode, except that it does not (and will not) support Service NodePorts on 127.0.0.1. (Also note that there are currently no command-line arguments for the nftables-specific config; you will need to use a config file if you want to set the equivalent of any of the --iptables-xxx options.)
As this code is still very new, it has not been heavily optimized yet; while it is expected to eventually have better performance than the iptables backend, very little performance testing has been done so far.
NB: The kube-proxy image will most likely need to include the nft binary for this.
The text was updated successfully, but these errors were encountered:
Tracking issue for supporting the new nftables backend described in KEP-3866 which landed as an alpha feature in Kubernetes 1.29.
Excerpt from the 1.29 changelog:
NB: The kube-proxy image will most likely need to include the
nft
binary for this.The text was updated successfully, but these errors were encountered: