From 890fad389dddd80b36a459f27bec089ee4f88ebb Mon Sep 17 00:00:00 2001 From: Kay Yan Date: Fri, 17 Jun 2022 16:30:32 +0800 Subject: [PATCH] suggest-to-use-nft-in-centos8 (#8987) --- docs/centos.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/centos.md b/docs/centos.md index 160e092b1..12c27ea66 100644 --- a/docs/centos.md +++ b/docs/centos.md @@ -9,7 +9,7 @@ Kubespray supports multiple ansible versions but only the default (5.x) gets wid CentOS 8 / Oracle Linux 8 / AlmaLinux 8 / Rocky Linux 8 ship only with iptables-nft (ie without iptables-legacy similar to RHEL8) The only tested configuration for now is using Calico CNI -You need to add `calico_iptables_backend: "NFT"` or `calico_iptables_backend: "Auto"` to your configuration. +You need to add `calico_iptables_backend: "NFT"` to your configuration. If you have containers that are using iptables in the host network namespace (`hostNetwork=true`), you need to ensure they are using iptables-nft.