A new [1] packetfilter module was recently added to Submariner,
the packetfilter component provides an API for creating chains, rules and sets in a generic way.
packetfilter supports both Nftables and IPTables underlying implementations ( default is IPTables).
In addition, an nftables-based backend for kube-proxy [2] has also recently been added.
With the changes mentioned above, submariner can be tested in an nftables based environment by:
KIND clusters deployment with kube-proxy backend set to nftables.
Updated submariner to use nftables underlying for packet filtering.
The ability to test Submariner in Nftables environment will help detect bugs and ensure that code changes do not break Submariner Nftables support.
A new [1] packetfilter module was recently added to Submariner, the packetfilter component provides an API for creating chains, rules and sets in a generic way. packetfilter supports both Nftables and IPTables underlying implementations ( default is IPTables).
In addition, an nftables-based backend for kube-proxy [2] has also recently been added.
With the changes mentioned above, submariner can be tested in an nftables based environment by:
The ability to test Submariner in Nftables environment will help detect bugs and ensure that code changes do not break Submariner Nftables support.
[1] https://docs.google.com/document/d/1PAjU61XUGaQ2qZZu_66clxadC997lsBGYcjydYEayR0/edit?usp=sharing [2] https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/3866-nftables-proxy/README.md