Compatibility regarding nftables #187
Conversation
jetstack-bot
added
the
dco-signoff: no
jetstack-bot
added
needs-rebase
|
Hi @papanito. Thanks for your PR. I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
jetstack-bot
added
size/M
|
@JoshVanL did you already had a chance to look at my PR? |
jetstack-bot
added
the
needs-rebase
jetstack-bot
removed
the
needs-rebase
|
@wallrj can you have a look? |
|
/ok-to-test |
jetstack-bot
added
ok-to-test
and removed
needs-ok-to-test
wallrj
left a comment
wallrj
left a comment
There was a problem hiding this comment.
Thanks @papanito
I forgot to add the /ok-to-test tag in the last review, and now I see that there are some spellcheck errors ....which are difficult to see because the CI output isn't syntax highlighted.
You'll need to add iptables, nftables, distros RHEL etc to the .spelling file in the repo root.
You can also run make verify locally to get clearer spell check output.
(ignore all the grammar and other suggestions that it spits out).
| - [GKE](#gke) | ||
| - [AWS EKS](#aws-eks) | ||
| - [Webhook](#webhook) | ||
| - [iptables vs. nftables](#iptables-vs-nftables) | ||
| - [Switch to `iptables`](#switch-to-iptables) | ||
| - [Configure network provider](#configure-network-provider) | ||
| - [Calico](#calico) |
There was a problem hiding this comment.
Please remove this extra ToC.
There is already a document ToC on the right which is maintained automatically.
There was a problem hiding this comment.
Removed the toc, please have a look again
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: papanito The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
jetstack-bot
added
dco-signoff: no
Fixes #2319 Signed-off-by: papanito <papanito@wyssmann.com>
jetstack-bot
added
dco-signoff: yes
|
@papanito: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Just read your comment, will do the missing stuff as well |
|
Hey @papanito Thanks for the updates. I discussed this with the team at standup this morning and it was mentioned that we should link to the Kubernetes website documentation on nftables compatibility ...but when I went looking I found that they've removed it from the doc: kubernetes/website#19773 because kube-proxy / kubeadm now support nftables (since Kubernetes 1.17)...algthough they didn't remove the documentation until 1.18. So perhaps we should simply link to the original Kubernetes docs for 1.17 and note that this workaround is only necessary on K8S < 1.17? The docs for 1.17 add one extra command than in the 1.16 docs: Anyway, the consensus is that we should try to avoid duplicating workarounds that are already in the Kubernetes docs because ours will likely get out of date. Let me know what you think? |
Fully agree. I will give it a try and improve my changes... |
|
Hey @papanito I'll close this PR now, but if you have time, please followup with a shorter PR which notes the nftables problem and which versions of Kubernetes are affected, with a link to the K8S documented workaround for those versions. Thanks. |
3 participants
Fixes #2319