Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
don't set conntrack parameters in kube-proxy
It seems the kernel doesn't allow to set some conntrack fields from non-init netns because they are global, so setting it in a namespaces leaks it to other namespace: netfilter: conntrack: Make global sysctls readonly in non-init netns torvalds/linux@671c54e By default kube-proxy tries to set nf_conntrack_max, that is readonly, hence failing and the kproxy pods fail to start crashlooping.
- Loading branch information