Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CI gate for Nftables based environment #3055

Open
yboaron opened this issue Jun 20, 2024 · 0 comments
Open

Add CI gate for Nftables based environment #3055

yboaron opened this issue Jun 20, 2024 · 0 comments
Assignees
@yboaron
Labels
enhancement New feature or request

Comments

@yboaron
Copy link
Contributor

yboaron commented Jun 20, 2024
edited
Loading

A new [1] packetfilter module was recently added to Submariner,
the packetfilter component provides an API for creating chains, rules and sets in a generic way.
packetfilter supports both Nftables and IPTables underlying implementations ( default is IPTables).

In addition, an nftables-based backend for kube-proxy [2] has also recently been added.

With the changes mentioned above, submariner can be tested in an nftables based environment by:

  • KIND clusters deployment with kube-proxy backend set to nftables.
  • Updated submariner to use nftables underlying for packet filtering.

The ability to test Submariner in Nftables environment will help detect bugs and ensure that code changes do not break Submariner Nftables support.

[1]
https://docs.google.com/document/d/1PAjU61XUGaQ2qZZu_66clxadC997lsBGYcjydYEayR0/edit?usp=sharing
[2]
https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/3866-nftables-proxy/README.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yboaron yboaron

Labels
enhancement New feature or request
Projects
Submariner 0.19
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dfarrell07 @yboaron