kubernetes.io/blog/2025/02/28/nftables-kube-proxy

Preview meta tags from the kubernetes.io website.

Linked Hostnames

21

Search Engine Appearance

Google

https://kubernetes.io/blog/2025/02/28/nftables-kube-proxy

NFTables mode for kube-proxy

A new nftables mode for kube-proxy was introduced as an alpha feature in Kubernetes 1.29. Currently in beta, it is expected to be GA as of 1.33. The new mode fixes long-standing performance problems with the iptables mode and all users running on systems with reasonably-recent kernels are encouraged to try it out. (For compatibility reasons, even once nftables becomes GA, iptables will still be the default.) Why nftables? Part 1: data plane latency The iptables API was designed for implementing simple firewalls, and has problems scaling up to support Service proxying in a large Kubernetes cluster with tens of thousands of Services.



Bing

NFTables mode for kube-proxy

https://kubernetes.io/blog/2025/02/28/nftables-kube-proxy

A new nftables mode for kube-proxy was introduced as an alpha feature in Kubernetes 1.29. Currently in beta, it is expected to be GA as of 1.33. The new mode fixes long-standing performance problems with the iptables mode and all users running on systems with reasonably-recent kernels are encouraged to try it out. (For compatibility reasons, even once nftables becomes GA, iptables will still be the default.) Why nftables? Part 1: data plane latency The iptables API was designed for implementing simple firewalls, and has problems scaling up to support Service proxying in a large Kubernetes cluster with tens of thousands of Services.



DuckDuckGo

https://kubernetes.io/blog/2025/02/28/nftables-kube-proxy

NFTables mode for kube-proxy

A new nftables mode for kube-proxy was introduced as an alpha feature in Kubernetes 1.29. Currently in beta, it is expected to be GA as of 1.33. The new mode fixes long-standing performance problems with the iptables mode and all users running on systems with reasonably-recent kernels are encouraged to try it out. (For compatibility reasons, even once nftables becomes GA, iptables will still be the default.) Why nftables? Part 1: data plane latency The iptables API was designed for implementing simple firewalls, and has problems scaling up to support Service proxying in a large Kubernetes cluster with tens of thousands of Services.

  • General Meta Tags

    11
    • title
      NFTables mode for kube-proxy | Kubernetes
    • charset
      utf-8
    • viewport
      width=device-width,initial-scale=1,shrink-to-fit=no
    • generator
      Hugo 0.133.0
    • robots
      index, follow

  • Open Graph Meta Tags

    6
    • og:url
      https://kubernetes.io/blog/2025/02/28/nftables-kube-proxy/
    • og:site_name
      Kubernetes
    • og:title
      NFTables mode for kube-proxy
    • og:description
      A new nftables mode for kube-proxy was introduced as an alpha feature in Kubernetes 1.29. Currently in beta, it is expected to be GA as of 1.33. The new mode fixes long-standing performance problems with the iptables mode and all users running on systems with reasonably-recent kernels are encouraged to try it out. (For compatibility reasons, even once nftables becomes GA, iptables will still be the default.) Why nftables? Part 1: data plane latency The iptables API was designed for implementing simple firewalls, and has problems scaling up to support Service proxying in a large Kubernetes cluster with tens of thousands of Services.
    • og:locale
      en

  • Twitter Meta Tags

    3
    • twitter:card
      summary
    • twitter:title
      NFTables mode for kube-proxy
    • twitter:description
      A new nftables mode for kube-proxy was introduced as an alpha feature in Kubernetes 1.29. Currently in beta, it is expected to be GA as of 1.33. The new mode fixes long-standing performance problems with the iptables mode and all users running on systems with reasonably-recent kernels are encouraged to try it out. (For compatibility reasons, even once nftables becomes GA, iptables will still be the default.) Why nftables? Part 1: data plane latency The iptables API was designed for implementing simple firewalls, and has problems scaling up to support Service proxying in a large Kubernetes cluster with tens of thousands of Services.

  • Item Prop Meta Tags

    5
    • name
      NFTables mode for kube-proxy
    • description
      A new nftables mode for kube-proxy was introduced as an alpha feature in Kubernetes 1.29. Currently in beta, it is expected to be GA as of 1.33. The new mode fixes long-standing performance problems with the iptables mode and all users running on systems with reasonably-recent kernels are encouraged to try it out. (For compatibility reasons, even once nftables becomes GA, iptables will still be the default.) Why nftables? Part 1: data plane latency The iptables API was designed for implementing simple firewalls, and has problems scaling up to support Service proxying in a large Kubernetes cluster with tens of thousands of Services.
    • datePublished
      2025-02-28T00:00:00+00:00
    • dateModified
      2025-02-11T08:42:17-05:00
    • wordCount
      1784

  • Link Tags

    19
    • alternate
      https://kubernetes.io/feed.xml
    • apple-touch-icon-120x120
      /icons/apple-touch-icon-120x120.png
    • apple-touch-icon-152x152
      /icons/apple-touch-icon-152x152.png
    • apple-touch-icon-160x160
      /icons/apple-touch-icon-160x160.png
    • apple-touch-icon-167x167
      /icons/apple-touch-icon-167x167.png

  • Website Locales

    1
    • CN country flagzh-cn
      https://kubernetes.io/zh-cn/blog/2025/02/28/nftables-kube-proxy/

Links

712