I've been using Canal-node, which combines Calico and Flannel, for my overlay network. Recently, I noticed that the K8s release notes mention a shift towards nftables. According to Flannel's latest documentation, there's an experimental feature called `EnableNFTables`, which allows Flannel to use nftables for traffic masquerading instead of iptables, but it defaults to false. My question is: does anyone have insights on whether Flannel plans to fully support nftables in the future? I've searched but found little discussion on this. I want to avoid switching to pure Calico unless Flannel really isn't planning to embrace nftables. I know there are other solutions, but that's not what I'm after—just information about Flannel's nftables support.
3 Answers
Most Linux distributions have moved towards using 'iptables-nft', which serves as a bridge to manipulate nftables without needing to change much on the user end. The 'EnableNFTables' flag might be prompting Calico/Canal to use the nftables directly instead of iptables. You can verify this by running 'nft list ruleset' to see the current nftables setup.
I haven't seen much from the Flannel maintainers indicating a solid roadmap to move nftables support out of experimental status. There are a few discussions happening, but it doesn't seem to be a primary focus for them right now. If nftables is a must for your setup, it might be best to look elsewhere for the time being.
You might want to consider switching to Cilium instead. Some users find it more robust and feature-rich compared to Flannel, especially concerning compatibility with newer technologies like nftables.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically