c12s-kubespray/docs/centos8.md

# RHEL / CentOS 8

RHEL / CentOS 8 ships only with iptables-nft (ie without iptables-legacy)
The only tested configuration for now is using Calico CNI
You need to use K8S 1.17+ and to add `calico_iptables_backend: "NFT"` to your configuration

If you have containers that are using iptables in the host network namespace (`hostNetwork=true`),
you need to ensure they are using iptables-nft.
An exemple how k8s do the autodetection can be found [in this PR](https://github.com/kubernetes/kubernetes/pull/82966)
CentOS 8 CI (#5842) * requirements.txt: Bump versions Ansible 2.8+ allow ansible_python_interpreter autodetection Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> * tests: do not force ansible_python_interpreter we do not expect people to set ansible_python_interpreter, so we should not set it in the CI Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> * Add CentOS 8 Calico to CI Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> 2020-04-07 12:49:43 +00:00			`# RHEL / CentOS 8`

			`RHEL / CentOS 8 ships only with iptables-nft (ie without iptables-legacy)`
			`The only tested configuration for now is using Calico CNI`
			You need to use K8S 1.17+ and to add `calico_iptables_backend: "NFT"` to your configuration

			If you have containers that are using iptables in the host network namespace (`hostNetwork=true`),
			`you need to ensure they are using iptables-nft.`
			`An exemple how k8s do the autodetection can be found [in this PR](https://github.com/kubernetes/kubernetes/pull/82966)`