On 2019-08-22, 11:16 AM, "Florian Westphal" <[email protected]> wrote:
Serguei Bezverkhi (sbezverk) <[email protected]> wrote:
> That was exactly what I thought about "-s !<ClusterCIDR>" when I saw
Florian reply. I will use it for now in nft rules which nft kube-proxy builds
for this specific case.
I think that in ideal case, no rules would be generated on the fly,
and that instead it should add/remove elements from nftables maps and sets.
Great idea, once we have API implemented for maps I will give it a try to see
how it would fit into proxy logic.
