Merge pull request #2241 from aojea/kproxy

don't set conntrack parameters in kube-proxy
kubernetes-sigs · May 12, 2021 · 515fb3a · 515fb3a
2 parents 1d4788d + a66e833
commit 515fb3a
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/pkg/cluster/internal/kubeadm/config.go b/pkg/cluster/internal/kubeadm/config.go
@@ -278,6 +278,10 @@ mode: "{{ .KubeProxyMode }}"
 {{end}}{{end}}
 iptables:
   minSyncPeriod: 1s
+conntrack:
+# Skip setting sysctl value "net.netfilter.nf_conntrack_max"
+# It is a global variable that affects other namespaces
+  maxPerCore: 0
 {{end}}
 `
 
@@ -411,9 +415,11 @@ mode: "{{ .KubeProxyMode }}"
 {{end}}{{end}}
 iptables:
   minSyncPeriod: 1s
-{{if .RootlessProvider}}conntrack:
+conntrack:
 # Skip setting sysctl value "net.netfilter.nf_conntrack_max"
+# It is a global variable that affects other namespaces
   maxPerCore: 0
+{{if .RootlessProvider}}
 # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established"
   tcpEstablishedTimeout: 0s
 # Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close"