Skip to content

cmd/containerboot, cmd/k8s-operator: Add flag to k8s-operator and proxy to enable NFTABLES #8749

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
clarkezone wants to merge 1 commit into from
Closed

cmd/containerboot, cmd/k8s-operator: Add flag to k8s-operator and proxy to enable NFTABLES #8749

clarkezone wants to merge 1 commit into from

Conversation

@clarkezone
Copy link

@clarkezone clarkezone commented Jul 30, 2023
edited
Loading

Add flag to k8s-operator and proxy to enable experimental TS_DEBUG_USE_NETLINK_NFTABLES support in tailscaled that was introduced in #8555

Fixes #8111, #8733
Ref #391

@clarkezone
cmd/containerboot, cmd/k8s-operator:
41dc497 
Add flag to k8s-operator to enable TS_DEBUG_USE_NETLINK_NFTABLES in tailscaled that was introduced in tailscale#8555

Fixes tailscale#8111, tailscale#8733

Signed-off-by: James Clarke <james@clarkezone.net>
@clarkezone clarkezone mentioned this pull request Jul 30, 2023
Closed
@raggi
Copy link
Member

raggi commented Aug 1, 2023

Thanks @clarkezone.

We're adding some heuristics that should correctly detect whether to use iptables or nftables, so as to avoid growing non-debug dependencies on these flags.

If the plan goes well that patch should land this week, perhaps even into unstable.

@clarkezone
Copy link
Author

clarkezone commented Aug 1, 2023

Sounds great. Is there an issue or PR / branch I can watch to follow along?

@Shaxine
Copy link

Shaxine commented Aug 1, 2023

I think the PR you are looking for is #8762

@irbekrm
Copy link
Contributor

irbekrm commented Jun 3, 2024

Thank you for the contributions to the project @clarkezone !

We are now by default attemping to auto-detect whether iptables or nftables should be used for the operator proxies. It is now also possible to force the use of iptables or nftables via proxyConfig.firewallMode helm chart value or PROXY_FIREWALL_MODE env var to the operator deployment.

@irbekrm irbekrm closed this Jun 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

tailscale-operator not working on AKS

4 participants

@clarkezone @raggi @Shaxine @irbekrm