Enhancing Performance with nftables: Rethinking kube-proxy
ayedo Redaktion 2 Minuten Lesezeit

Enhancing Performance with nftables: Rethinking kube-proxy

Discover how nftables in Kubernetes 1.29 improves the performance of kube-proxy and what it means for your applications.
kubernetes kubernetes-news performance

Introduction

In the world of Kubernetes, there are constant developments aimed at improving the performance and efficiency of applications. One of the most exciting innovations is the introduction of the nftables mode for kube-proxy in Kubernetes 1.29, which is now in beta and is expected to become a stable feature in version 1.33. This new feature aims to address the longstanding performance issues of the previous iptables mode.

What specifically changes for developers/DevOps teams?

The use of nftables brings significant improvements, particularly regarding latency in data traffic. The iptables mode was originally designed for simple firewall applications and struggles to handle the multitude of services in large Kubernetes clusters. The more services there are, the more rules need to be processed in iptables mode, negatively impacting latency on the first request.

In contrast, nftables allows all service requests to be processed with a single rule, significantly reducing latency. Here is an example of how the rules in nftables might look:

nft

table ip kube-proxy { map service-ips { type ipv4_addr . inet_proto . inet_service : verdict comment “ClusterIP, ExternalIP, and LoadBalancer IP traffic” elements = { 172.30.0.41 . tcp . 80 : goto service-ULMVA6XW-namespace1/service1/tcp/p80, 172.30.0.42 . tcp . 443 : goto service-42NFTM6N-namespace2/service2/tcp/p443, 172.30.0.43 . tcp . 80 : goto service-4AT6LBPK-namespace3/service3/tcp/p80, … } } }

Practical examples or use cases

Switching to nftables is recommended for all Kubernetes users working on newer kernels. Especially in large clusters with many services, the latency of the first packet is significantly reduced, improving the overall performance of the application. This is particularly important for companies that rely on fast and reliable network connections.

Another advantage is that even when nftables becomes the stable standard, iptables will remain available as a fallback. This allows teams to transition gradually and ensure their applications continue to run smoothly.

At ayedo, we support companies in optimizing their use of Kubernetes and integrating the benefits of new technologies like nftables. Take this opportunity to optimize your Kubernetes environment and enhance the performance of your applications!

Source: Kubernetes Blog

Vorheriger Post Alle Posts Nächster Post

Ähnliche Artikel