suggest-to-use-nft-in-centos8 (#8987)

This commit is contained in:
Kay Yan 2022-06-17 16:30:32 +08:00 committed by GitHub
parent 0c203ece2d
commit 890fad389d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -9,7 +9,7 @@ Kubespray supports multiple ansible versions but only the default (5.x) gets wid
CentOS 8 / Oracle Linux 8 / AlmaLinux 8 / Rocky Linux 8 ship only with iptables-nft (ie without iptables-legacy similar to RHEL8) CentOS 8 / Oracle Linux 8 / AlmaLinux 8 / Rocky Linux 8 ship only with iptables-nft (ie without iptables-legacy similar to RHEL8)
The only tested configuration for now is using Calico CNI The only tested configuration for now is using Calico CNI
You need to add `calico_iptables_backend: "NFT"` or `calico_iptables_backend: "Auto"` to your configuration. You need to add `calico_iptables_backend: "NFT"` to your configuration.
If you have containers that are using iptables in the host network namespace (`hostNetwork=true`), If you have containers that are using iptables in the host network namespace (`hostNetwork=true`),
you need to ensure they are using iptables-nft. you need to ensure they are using iptables-nft.