Skip to content

Created GetIptablesMode to log legacy or nftables backend#3565

Open
cdirubbio wants to merge 1 commit intoaws:masterfrom
cdirubbio:log-iptables-mode
Open

Created GetIptablesMode to log legacy or nftables backend#3565
cdirubbio wants to merge 1 commit intoaws:masterfrom
cdirubbio:log-iptables-mode

Conversation

@cdirubbio
Copy link
Contributor

@cdirubbio cdirubbio commented Jan 8, 2026

What type of PR is this? improvement

Which issue does this PR fix?:

What does this PR do / Why do we need it?: /usr/sbin/iptables-wrapper picks the iptables backend used based on a few conditions. With this change, a method is introduced to get the iptables mode (either nf_tables or legacy) in-use.

The package go-iptables that the vpc cni uses to interact with iptables is no longer being maintained, so this is the current solution. Following this change, we get the following log line during startup, prior to creation and insertion of iptables rules.

{"level":"info","ts":"2026-01-08T00:37:15.024Z","caller":"networkutils/network.go:377","msg":"Using iptables mode (nf_tables)"}

Testing done on this change:

Will this PR introduce any new dependencies?:

Will this break upgrades or downgrades? Has updating a running cluster been tested?:

Does this change require updates to the CNI daemonset config files to work?:

Does this PR introduce any user-facing change?:

Add GetIptablesMode() function to log iptables backend in-use

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@cdirubbio cdirubbio requested a review from a team as a code owner January 8, 2026 00:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cdirubbio