Closed aojea closed 2 months ago
/assign @BenTheElder @danwinship
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: aojea, BenTheElder
The full list of commands accepted by this bot can be found here.
The pull request process is described here
/hold
The TL;DR is that if we don't set this kernel sysctl there is a bug that will reset connections and there is a regression test that keeps failing
https://testgrid.k8s.io/sig-network-kind#sig-network-kind,%20nftables,%20master
In theory new kernels 6.1 https://github.com/torvalds/linux/commit/6e250dcbff1d have this bug fixed, but CI runs with 5.15 and a lot of people use old kernels.
The flag is not set to true by default because we have decided that kube-proxy should not be managing the host kernel stack and more reasons explained in https://github.com/kubernetes/kubernetes/issues/117924
KIND always try to bring sane defaults and a has a more tighter control of the environment, so we set always set tcpBeLiberal to true if kube-proxy uses nftables and is not rootless