CNI plugins is one thing, while k8s subsystems itself still use iptables for KUB... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		betaby on Aug 20, 2021 \| parent \| context \| favorite \| on: Nftables 1.0.0 Released CNI plugins is one thing, while k8s subsystems itself still use iptables for KUBE-FIREWALL, KUBE-FORWARD, KUBE-NODE-PORT. At least that how I understand the k8s internals.

paulfurtado on Aug 20, 2021 [–]

cillium reimplements kube-proxy's functionality. There may still be a couple of features missing, but it can definitely take over service routing more efficiently. I haven't checked in a bit but I'm pretty sure it covers NodePort too

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact