I wonder if this is still a problem if nftables was used instead.
nftables has been in mainline linux since 3.13 over a decade ago, and has been in the default in distros for a while (Debian 10 had it as default 6 years ago), but K8s support for it has lagged far behind, with it just recently out of beta in 1.33, and still not the default.
It almost reads as a cliffhanger, the regression was caused by commit that seemed to be related to fixing synchronization issue , so I assume just plain revert wasn’t an option
I wonder if this is still a problem if nftables was used instead.
nftables has been in mainline linux since 3.13 over a decade ago, and has been in the default in distros for a while (Debian 10 had it as default 6 years ago), but K8s support for it has lagged far behind, with it just recently out of beta in 1.33, and still not the default.
(January 2025)
Not something recent in the kernel.
I suspect using more than two year old (or even older) kernel versions in production is pretty common.
Anyone have stats on this?
It almost reads as a cliffhanger, the regression was caused by commit that seemed to be related to fixing synchronization issue , so I assume just plain revert wasn’t an option