Configuration

A new nftables mode for kube-proxy was introduced as an alpha feature in Kubernetes 1.29. Currently in beta, it is expected to be GA as of 1.33. The new mode fixes long-standing performance problems with the iptables mode and all users running on systems with reasonably-recent kernels are encouraged to try it out. (For compatibility reasons, even once nftables becomes GA, iptables will still be the default.) Why nftables? Part 1: data plane latency The iptables API was designed for implementing simple firewalls, and has problems scaling up to support Service proxying in a large Kubernetes cluster with tens of thousands of Services.

FEATURE STATE: Kubernetes v1.19 [stable] Seccomp stands for secure computing mode and has been a feature of the Linux kernel since version 2.6.12. It can be used to sandbox the privileges of a process, restricting the calls it is able to make from userspace into the kernel. Kubernetes lets you automatically apply seccomp profiles loaded onto a node to your Pods and containers.

Cloud provider for KIND clusters. Contribute to kubernetes-sigs/cloud-provider-kind development by creating an account on GitHub.

Kubernetes IN Docker - local clusters for testing Kubernetes - kubernetes-sigs/kind