On 2019-08-22, 11:16 AM, "Florian Westphal" <fw@xxxxxxxxx> wrote:
Serguei Bezverkhi (sbezverk) <sbezverk@xxxxxxxxx> wrote:
> That was exactly what I thought about "-s !<ClusterCIDR>" when I saw Florian reply. I will use it for now in nft rules which nft kube-proxy builds for this specific case.
I think that in ideal case, no rules would be generated on the fly,
and that instead it should add/remove elements from nftables maps and sets.
Great idea, once we have API implemented for maps I will give it a try to see how it would fit into proxy logic.
