mirror of https://github.com/k3s-io/k3s
6248939e11
bridge-nf-call-iptables appears to only be relevant when the containers are attached to a Linux bridge, which is usually the case with default Kubernetes setups, docker, and flannel. That ensures that the container traffic is actually subject to the iptables rules since it traverses a Linux bridge and bridged traffic is only subject to iptables when bridge-nf-call-iptables=1. But with other networking solutions (like openshift-sdn) that don't use Linux bridges, bridge-nf-call-iptables may not be not relevant, because iptables is invoked at other points not involving a Linux bridge. The decision to set bridge-nf-call-iptables should be influenced by networking plugins, so push the responsiblity out to them. If no network plugin is specified, fall back to the existing bridge-nf-call-iptables=1 behavior. |
||
|---|---|---|
| .. | ||
| config | ||
| iptables | ||
| userspace | ||
| doc.go | ||
| types.go | ||