I wonder if this is still a problem if nftables was used instead.
nftables has been in mainline linux since 3.13 over a decade ago, and has been in the default in distros for a while (Debian 10 had it as default 6 years ago), but K8s support for it has lagged far behind, with it just recently out of beta in 1.33, and still not the default.
It almost reads as a cliffhanger, the regression was caused by commit that seemed to be related to fixing synchronization issue , so I assume just plain revert wasn’t an option
I wonder if this is still a problem if nftables was used instead.
nftables has been in mainline linux since 3.13 over a decade ago, and has been in the default in distros for a while (Debian 10 had it as default 6 years ago), but K8s support for it has lagged far behind, with it just recently out of beta in 1.33, and still not the default.
It almost reads as a cliffhanger, the regression was caused by commit that seemed to be related to fixing synchronization issue , so I assume just plain revert wasn’t an option
(January 2025)
Not something recent in the kernel.
I suspect using more than two year old (or even older) kernel versions in production is pretty common.
Anyone have stats on this?