INSTALL: Document kube-proxy settings #391
Conversation
INSTALL.md
Outdated
| @@ -230,6 +230,28 @@ Save the file and confirm that the changes have been applied: | |||
| kubectl describe configmap -n kube-system aws-auth | |||
| ``` | |||
|
|
|||
| ## kube-proxy settings | |||
| By default `kube-proxy` will set the `nf_conntrack_max` kernel parameter to a | |||
| small value, overriding [Thar's default | |||
There was a problem hiding this comment.
I have mixed feelings about this wording since it suggests an issue with the default EKS configuration, when there may not really be an issue.
Maybe we need --conntrack-min 0 to mean "apply the new setting but only if it's an increase over the current system value" i.e. an upstream behavior change.
We could also ask EKS to consider changing --conntrack-min to align with our value.
There was a problem hiding this comment.
@bcressey Are you happier with the new wording?
I'll see if I can dig up some more k8s knowledge on this, I wonder if we can set it as part of
Good point, it would be better to say something more along the lines of "...if these values happen to be different". |
|
In lieu of finding a nicer way to set this, pushed a change to the wording of the instructions. |
I didn't see anything on a quick look over the code that handles this, but I do think we could insert the modification to the DaemonSet during the cluster bootstrapping phase before it starts a node. This would prevent it from making changes between the time we have the Scheduler launch these Pods on a Node and us changing the setting after the fact. |
|
@bcressey can we merge this? |
The kube-proxy configuration must be updated to prevent it from overriding Thar's sysctl change to nf_conntrack_max. Document the steps to update the configuration in the install steps. Fixes #371 for kernel settings. Signed-off-by: Samuel Mendoza-Jonas <[email protected]>
|
Rebased |
Issue #, if available:
#371
Description of changes:
The kube-proxy configuration must be updated to prevent it from
overriding Thar's sysctl change to nf_conntrack_max. Document the steps
to update the configuration in the install steps.
Fixes #371 for kernel settings.
Signed-off-by: Samuel Mendoza-Jonas [email protected]
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.