From 296749aa2de8577f6865e4db1870d2566a28d14b Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Thu, 11 Apr 2024 14:47:54 +0000 Subject: [PATCH 1/2] support kube-proxy nftables mode --- pkg/apis/config/v1alpha4/types.go | 4 +++- pkg/cluster/internal/kubeadm/config.go | 2 +- pkg/internal/apis/config/types.go | 4 +++- pkg/internal/apis/config/validate.go | 2 +- site/content/docs/user/configuration.md | 6 +++--- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/pkg/apis/config/v1alpha4/types.go b/pkg/apis/config/v1alpha4/types.go index 308a6853b8..33acf503fd 100644 --- a/pkg/apis/config/v1alpha4/types.go +++ b/pkg/apis/config/v1alpha4/types.go @@ -186,7 +186,7 @@ type Networking struct { // If DisableDefaultCNI is true, kind will not install the default CNI setup. // Instead the user should install their own CNI after creating the cluster. DisableDefaultCNI bool `yaml:"disableDefaultCNI,omitempty" json:"disableDefaultCNI,omitempty"` - // KubeProxyMode defines if kube-proxy should operate in iptables or ipvs mode + // KubeProxyMode defines if kube-proxy should operate in iptables, ipvs or nftables mode // Defaults to 'iptables' mode KubeProxyMode ProxyMode `yaml:"kubeProxyMode,omitempty" json:"kubeProxyMode,omitempty"` // DNSSearch defines the DNS search domain to use for nodes. If not set, this will be inherited from the host. @@ -213,6 +213,8 @@ const ( IPTablesProxyMode ProxyMode = "iptables" // IPVSProxyMode sets ProxyMode to ipvs IPVSProxyMode ProxyMode = "ipvs" + // NFTablesProxyMode sets ProxyMode to nftables + NFTablesProxyMode ProxyMode = "nftables" ) // PatchJSON6902 represents an inline kustomize json 6902 patch diff --git a/pkg/cluster/internal/kubeadm/config.go b/pkg/cluster/internal/kubeadm/config.go index 6aa1758197..20c495956c 100644 --- a/pkg/cluster/internal/kubeadm/config.go +++ b/pkg/cluster/internal/kubeadm/config.go @@ -57,7 +57,7 @@ type ConfigData struct { // The Token for TLS bootstrap Token string - // KubeProxyMode defines the kube-proxy mode between iptables or ipvs + // KubeProxyMode defines the kube-proxy mode between iptables, ipvs or nftables KubeProxyMode string // The subnet used for pods PodSubnet string diff --git a/pkg/internal/apis/config/types.go b/pkg/internal/apis/config/types.go index fed3000798..f93c0e7b19 100644 --- a/pkg/internal/apis/config/types.go +++ b/pkg/internal/apis/config/types.go @@ -148,7 +148,7 @@ type Networking struct { // If DisableDefaultCNI is true, kind will not install the default CNI setup. // Instead the user should install their own CNI after creating the cluster. DisableDefaultCNI bool - // KubeProxyMode defines if kube-proxy should operate in iptables or ipvs mode + // KubeProxyMode defines if kube-proxy should operate in iptables, ipvs or nftables mode KubeProxyMode ProxyMode // DNSSearch defines the DNS search domain to use for nodes. If not set, this will be inherited from the host. DNSSearch *[]string @@ -174,6 +174,8 @@ const ( IPTablesProxyMode ProxyMode = "iptables" // IPVSProxyMode sets ProxyMode to ipvs IPVSProxyMode ProxyMode = "ipvs" + // NFTablesProxyMode sets ProxyMode to nftables + NFTablesProxyMode ProxyMode = "nftables" // NoneProxyMode disables kube-proxy NoneProxyMode ProxyMode = "none" ) diff --git a/pkg/internal/apis/config/validate.go b/pkg/internal/apis/config/validate.go index 1730252cd5..884e5a473b 100644 --- a/pkg/internal/apis/config/validate.go +++ b/pkg/internal/apis/config/validate.go @@ -69,7 +69,7 @@ func (c *Cluster) Validate() error { // KubeProxyMode should be iptables or ipvs if c.Networking.KubeProxyMode != IPTablesProxyMode && c.Networking.KubeProxyMode != IPVSProxyMode && - c.Networking.KubeProxyMode != NoneProxyMode { + c.Networking.KubeProxyMode != NoneProxyMode && c.Networking.KubeProxyMode != NFTablesProxyMode { errs = append(errs, errors.Errorf("invalid kubeProxyMode: %s", c.Networking.KubeProxyMode)) } diff --git a/site/content/docs/user/configuration.md b/site/content/docs/user/configuration.md index 64bb6b5574..6cabb3d516 100644 --- a/site/content/docs/user/configuration.md +++ b/site/content/docs/user/configuration.md @@ -217,14 +217,14 @@ networking: #### kube-proxy mode -You can configure the kube-proxy mode that will be used, between iptables and ipvs. By -default iptables is used +You can configure the kube-proxy mode that will be used, between iptables, ipvs and nftables. +By default iptables is used {{< codeFromInline lang="yaml" >}} kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 networking: - kubeProxyMode: "ipvs" + kubeProxyMode: "nftables" {{< /codeFromInline >}} To disable kube-proxy, set the mode to `"none"`. From 49c2cfb0f19d4bedd14e96e827ce02caef355106 Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Fri, 19 Apr 2024 13:20:01 +0200 Subject: [PATCH 2/2] Update site/content/docs/user/configuration.md Co-authored-by: Benjamin Elder --- site/content/docs/user/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/content/docs/user/configuration.md b/site/content/docs/user/configuration.md index 6cabb3d516..3b1332d85f 100644 --- a/site/content/docs/user/configuration.md +++ b/site/content/docs/user/configuration.md @@ -217,7 +217,7 @@ networking: #### kube-proxy mode -You can configure the kube-proxy mode that will be used, between iptables, ipvs and nftables. +You can configure the kube-proxy mode that will be used, between iptables, nftables (Kubernetes v1.31+), and ipvs. By default iptables is used {{< codeFromInline lang="yaml" >}}