Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added new flag -iptables-resync #935

Merged
merged 1 commit into from
Jan 29, 2018
Merged

Conversation

SleepyBrett
Copy link
Contributor

Description

Referenced issue: #933

This pull creates a flag that can be used to adjust the resync period of the ensure iptables routine. On a larger cluster with many services we found 5 seconds to be too aggressive and created too much iptables lock contention causing kube-proxy to fail to sync it's tables.

Todos

  • Tests
  • Documentation
  • Release note

Release Note

Adds new flag --iptables-resync, allows adjustment of IPTables "ensure" check. Expects an integer it will then multiply by seconds, defaults to 5. Guidance is to adjust this upwards if you see too much iptables lock contention.

… that is used in network/iptables SetupAndEnsureIPTables to control how often it resync's the iptables rules. We found on a larger cluster that having this value hardcoded to 5 seconds created too much contention on the iptables lock for kube-proxy to properly function
@SleepyBrett
Copy link
Contributor Author

I don't expect i need a test to test that time.Duration(int)*time.Second is functioning properly ;)

@tomdee
Copy link
Contributor

tomdee commented Jan 29, 2018

Looks great, thanks @SleepyBrett

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants