feat(linkerd-cni): add support for plain iptables commands (#13457)

* feat(linkerd-cni): add support for plain iptables commands This goes along with linkerd/linkerd2-proxy-init#449, that adds a new value for the linkerd2-cni chart's `iptableMode` config. Only a doc change. * s/default/plain
linkerd · Dec 12, 2024 · a7c41b5 · a7c41b5
1 parent 9859648
commit a7c41b5
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/charts/linkerd2-cni/README.md b/charts/linkerd2-cni/README.md
@@ -35,7 +35,7 @@ Kubernetes: `>=1.22.0-0`
 | image.version | string | `"v1.6.0"` | Tag for the CNI container Docker image |
 | imagePullSecrets | list | `[]` |  |
 | inboundProxyPort | int | `4143` | Inbound port for the proxy container |
-| iptablesMode | string | `"legacy"` | Variant of iptables that will be used to configure routing |
+| iptablesMode | string | `"legacy"` | Variant of iptables that will be used to configure routing. Allowed values are 'nft', 'legacy' and 'plain'. They invoke 'iptables-nft', 'iptables-legacy' and 'iptables' commands respectively. The 'plain' mode is targeted at RHEL, which ships with an nftables-based 'iptables' command. |
 | logLevel | string | `"info"` | Log level for the CNI plugin |
 | outboundProxyPort | int | `4140` | Outbound port for the proxy container |
 | podLabels | object | `{}` | Additional labels to add to all pods |
@@ -68,4 +68,4 @@ Kubernetes: `>=1.22.0-0`
 | useWaitFlag | bool | `false` | Configures the CNI plugin to use the -w flag for the iptables command |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/charts/linkerd2-cni/values.yaml b/charts/linkerd2-cni/values.yaml
@@ -28,7 +28,10 @@ destCNINetDir:    "/etc/cni/net.d"
 destCNIBinDir:    "/opt/cni/bin"
 # -- Configures the CNI plugin to use the -w flag for the iptables command
 useWaitFlag:      false
-# -- Variant of iptables that will be used to configure routing
+# -- Variant of iptables that will be used to configure routing. Allowed values
+# are 'nft', 'legacy' and 'plain'. They invoke the 'iptables-nft',
+# 'iptables-legacy' and 'iptables' commands respectively. The 'plain' mode is
+# targeted at RHEL, which ships with an nftables-based 'iptables' command.
 iptablesMode: "legacy"
 # -- Disables adding IPv6 rules on top of IPv4 rules
 disableIPv6: true