From a7c41b5ae489b5424385778247a259269e278dc8 Mon Sep 17 00:00:00 2001 From: Alejandro Pedraza Date: Thu, 12 Dec 2024 13:51:17 -0500 Subject: [PATCH] feat(linkerd-cni): add support for plain iptables commands (#13457) * feat(linkerd-cni): add support for plain iptables commands This goes along with linkerd/linkerd2-proxy-init#449, that adds a new value for the linkerd2-cni chart's `iptableMode` config. Only a doc change. * s/default/plain --- charts/linkerd2-cni/README.md | 4 ++-- charts/linkerd2-cni/values.yaml | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/linkerd2-cni/README.md b/charts/linkerd2-cni/README.md index 1b050b903..c5eea5f36 100644 --- a/charts/linkerd2-cni/README.md +++ b/charts/linkerd2-cni/README.md @@ -35,7 +35,7 @@ Kubernetes: `>=1.22.0-0` | image.version | string | `"v1.6.0"` | Tag for the CNI container Docker image | | imagePullSecrets | list | `[]` | | | inboundProxyPort | int | `4143` | Inbound port for the proxy container | -| iptablesMode | string | `"legacy"` | Variant of iptables that will be used to configure routing | +| iptablesMode | string | `"legacy"` | Variant of iptables that will be used to configure routing. Allowed values are 'nft', 'legacy' and 'plain'. They invoke 'iptables-nft', 'iptables-legacy' and 'iptables' commands respectively. The 'plain' mode is targeted at RHEL, which ships with an nftables-based 'iptables' command. | | logLevel | string | `"info"` | Log level for the CNI plugin | | outboundProxyPort | int | `4140` | Outbound port for the proxy container | | podLabels | object | `{}` | Additional labels to add to all pods | @@ -68,4 +68,4 @@ Kubernetes: `>=1.22.0-0` | useWaitFlag | bool | `false` | Configures the CNI plugin to use the -w flag for the iptables command | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) +Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) diff --git a/charts/linkerd2-cni/values.yaml b/charts/linkerd2-cni/values.yaml index 6eaa19965..d9fc1398b 100644 --- a/charts/linkerd2-cni/values.yaml +++ b/charts/linkerd2-cni/values.yaml @@ -28,7 +28,10 @@ destCNINetDir: "/etc/cni/net.d" destCNIBinDir: "/opt/cni/bin" # -- Configures the CNI plugin to use the -w flag for the iptables command useWaitFlag: false -# -- Variant of iptables that will be used to configure routing +# -- Variant of iptables that will be used to configure routing. Allowed values +# are 'nft', 'legacy' and 'plain'. They invoke the 'iptables-nft', +# 'iptables-legacy' and 'iptables' commands respectively. The 'plain' mode is +# targeted at RHEL, which ships with an nftables-based 'iptables' command. iptablesMode: "legacy" # -- Disables adding IPv6 rules on top of IPv4 rules disableIPv6: true