Kay Yan
1 year ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with
0 additions and
8 deletions
-
docs/centos.md
-
docs/rhel.md
|
|
|
@ -7,10 +7,6 @@ Kubespray supports multiple ansible versions but only the default (5.x) gets wid |
|
|
|
|
|
|
|
## CentOS 8 |
|
|
|
|
|
|
|
CentOS 8 / Oracle Linux 8,9 / AlmaLinux 8,9 / Rocky Linux 8,9 ship only with iptables-nft (ie without iptables-legacy similar to RHEL8) |
|
|
|
The only tested configuration for now is using Calico CNI |
|
|
|
You need to add `calico_iptables_backend: "NFT"` to your configuration. |
|
|
|
|
|
|
|
If you have containers that are using iptables in the host network namespace (`hostNetwork=true`), |
|
|
|
you need to ensure they are using iptables-nft. |
|
|
|
An example how k8s do the autodetection can be found [in this PR](https://github.com/kubernetes/kubernetes/pull/82966) |
|
|
|
@ -29,10 +29,6 @@ If the RHEL 7/8 hosts are already registered to a valid Red Hat support subscrip |
|
|
|
|
|
|
|
## RHEL 8 |
|
|
|
|
|
|
|
RHEL 8 ships only with iptables-nft (ie without iptables-legacy) |
|
|
|
The only tested configuration for now is using Calico CNI |
|
|
|
You need to use K8S 1.17+ and to add `calico_iptables_backend: "NFT"` to your configuration |
|
|
|
|
|
|
|
If you have containers that are using iptables in the host network namespace (`hostNetwork=true`), |
|
|
|
you need to ensure they are using iptables-nft. |
|
|
|
An example how k8s do the autodetection can be found [in this PR](https://github.com/kubernetes/kubernetes/pull/82966) |
