I would take the YAML any day.
Because if one of those iptables fails above you're in an inconsistent state.
Also if I want to swap from iptables to something like Istio then it's basically the same YAML.
> Because if one of those iptables fails above you're in an inconsistent state.
These days iptables is a legacy interface implemented on top of nftables. And nftables does provide atomic rule replacement: https://wiki.nftables.org/wiki-nftables/index.php/Atomic_rul...
So you would have a file with something like:
table inet filter {
chain input {
tcp dport 8080 accept
}
}
$ nft -f input_fileYou obviously didn't use k8s (or k3s or anything other implementation) a lot, because it also messed us iptables randomly sometimes due to bugs, version miss match etc.
Have been Kubernetes for the last decade across multiple implementations.
Never had an iptable issue and these days eBPF is the standard.