Flannel support for nftables

[pauldw1975]

I am running a Kubernetes cluster using Canal node(Calico+Flannel). Recent Kubernetes documentation has been pushing for the transition away from iptables and IPVS to nftables. The current Flannel configuration documentation states that nftable support is still experimental.

EnableNFTables (bool): (EXPERIMENTAL) If set to true, flannel uses nftables instead of iptables to masquerade the traffic. Default to false

My questions are:

1. What is the state of nftables supports in Flannel?
2. Are there any known issues?
3. What is the roadmap for moving nftables to a GA feature?

[thomasferrandiz]

Essentially nftables support in flannel is identical to the iptables support in terms of features and tests.
It is experimental for now because we don't have user feedback on it.

Once we have some feedback on it we'll move it to GA status.