Browse Source
Feat: add nftable mode in calico (#12255)
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
pull/12313/head
ChengHao Yang
3 months ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with
8 additions and
0 deletions
-
roles/network_plugin/calico/templates/calico-node.yml.j2
-
roles/network_plugin/calico_defaults/defaults/main.yml
|
|
|
@ -275,6 +275,10 @@ spec: |
|
|
|
# Enable or disable usage report |
|
|
|
- name: FELIX_USAGEREPORTINGENABLED |
|
|
|
value: "{{ calico_usage_reporting }}" |
|
|
|
{% if calico_version is version('3.29.0', '>=') %} |
|
|
|
- name: FELIX_NFTABLESMODE |
|
|
|
value: "{{ calico_nftable_mode }}" |
|
|
|
{% endif %} |
|
|
|
# Set MTU for tunnel device used if ipip is enabled |
|
|
|
{% if calico_mtu is defined %} |
|
|
|
# Set MTU for tunnel device used if ipip is enabled |
|
|
|
|
|
|
|
@ -101,6 +101,10 @@ calico_iptables_lock_timeout_secs: 10 |
|
|
|
# Choose Calico iptables backend: "Legacy", "Auto" or "NFT" (FELIX_IPTABLESBACKEND) |
|
|
|
calico_iptables_backend: "Auto" |
|
|
|
|
|
|
|
# Calico NFTable Mode Support (tech preview 3.29) |
|
|
|
# Valid option: Disabled (default), Enabled |
|
|
|
calico_nftable_mode: "Disabled" |
|
|
|
|
|
|
|
# Calico Wireguard support |
|
|
|
calico_wireguard_enabled: false |
|
|
|
calico_wireguard_packages: [] |
|
|
|
|
