Replies: 3 comments
-
|
@saschagrunert Please suggest |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
CRI-O uses iptables to manage the host ports in https://github.com/cri-o/cri-o/tree/main/internal/hostport (from https://github.com/cri-o/cri-o/blob/main/internal/iptables/iptables.go). We need this feature to make sure the Kubernetes requirements are met means that it's not possible to disable it. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
ok |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
In docker, there is a feature:
Docker will never make changes to your system iptables rules unless you allow it to do so. If you do allow this, Docker server will automatically make any required changes. We recommended letting Docker make changes to iptablesautomatically in order to avoid networking misconfigurations that could affect the communication between containers and with the outside world. Additionally, this reduces the administrative overhead of updating iptablesevery time you add containers or modify networking options.
So, it can be managed with option iptables=false
Is there something similar in CRI-O?
@saschagrunert Please suggest
Beta Was this translation helpful? Give feedback.
All reactions