I wonder if this is still a problem if nftables was used instead.
nftables has been in mainline linux since 3.13 over a decade ago, and has been in the default in distros for a while (Debian 10 had it as default 6 years ago), but K8s support for it has lagged far behind, with it just recently out of beta in 1.33, and still not the default.
It almost reads as a cliffhanger, the regression was caused by commit that seemed to be related to fixing synchronization issue , so I assume just plain revert wasn’t an option
nftables has been in mainline linux since 3.13 over a decade ago, and has been in the default in distros for a while (Debian 10 had it as default 6 years ago), but K8s support for it has lagged far behind, with it just recently out of beta in 1.33, and still not the default.