Expose --conntrack-max-per-core kube-proxy flag #1187

invidian · 2020-11-16T16:02:53Z

This PR exposes --conntrack-max-per-core kube-proxy flag in
kubernetes Helm chart and adds required plumbing to expose it to the
user using HCL.

It also adds sample usage to CI configuration and e2e tests to verify
that settings are properly applied.

Closes #1081

Signed-off-by: Mateusz Gozdek mateusz@kinvolk.io

surajssd · 2020-11-19T12:46:59Z

assets/charts/control-plane/kubernetes/templates/kube-proxy.yaml

@@ -42,6 +42,9 @@ spec:
        - --proxy-mode=iptables
        - --metrics-bind-address=$(HOST_IP)
        - --healthz-bind-address=$(HOST_IP)
+        {{- if not (eq (int .Values.kubeProxy.conntrackMaxPerCore) 32768) }}


We can get rid of this if block if we provide the same default value as whatever is set in the node right now.

This line allows kube-proxy to steer the default value, allowing us to update it asynchronously if it ever changes.

It also reduces final manifest size, I don't see a value in specifying the flag which is exactly the same as default value. I'd prefer to keep it.

assets/terraform-modules/aws/flatcar-linux/kubernetes/variables.tf

assets/terraform-modules/bootkube/assets.tf

assets/terraform-modules/bootkube/variables.tf

assets/terraform-modules/packet/flatcar-linux/kubernetes/variables.tf

pkg/platform/baremetal/template.go

pkg/platform/packet/template.go

ci/aws/aws-cluster.lokocfg.envsubst

johananl · 2020-11-19T17:35:34Z

@invidian I can't review this right now due to load, sorry. Please assign someone else.

assets/terraform-modules/bootkube/assets.tf

knrt10

Nice work, some minor suggestions

test/system/conntrack_clc_test.go

test/system/conntrack_global_test.go

invidian · 2020-11-24T09:03:11Z

@knrt10 addressed your (good) review comments. @surajssd mind approving again please? :)

assets/terraform-modules/aws/flatcar-linux/kubernetes/variables.tf

examples/aws-testing/cluster.lokocfg

pkg/platform/platform.go

test/system/conntrack_clc_test.go

invidian · 2020-11-25T17:52:04Z

Also added configuration validation rules and unit tests for that.

knrt10 · 2020-11-26T06:07:02Z

@invidian can you please check the CI errors?

invidian · 2020-11-27T09:29:11Z

@knrt10 they were caused by Docker Hub limits, which should be now resolves, so I restarted them.

iaguis

lgtm

knrt10 · 2020-12-01T09:57:03Z

Have to re-run the tests again after rebasing for bare metal to pass 😢

Signed-off-by: Mateusz Gozdek <mateusz@kinvolk.io>

Signed-off-by: knrt10 <kautilya@kinvolk.io>

This commit exposes --conntrack-max-per-core kube-proxy flag in kubernetes Helm chart and adds required plumbing to expose it to the user using HCL. It also adds sample usage to CI configuration and e2e tests to verify that settings are properly applied. Closes #1081 Signed-off-by: Mateusz Gozdek <mateusz@kinvolk.io>

invidian requested review from surajssd and johananl November 16, 2020 16:02

invidian mentioned this pull request Nov 16, 2020

Expose --conntrack-max-per-core kube-proxy flag #1081

Closed

invidian force-pushed the invidian/conntrack branch 3 times, most recently from 68aa5ca to b24a57c Compare November 16, 2020 16:42

invidian added the priority/P3 Low priority label Nov 17, 2020

surajssd suggested changes Nov 19, 2020

View reviewed changes

invidian force-pushed the invidian/conntrack branch from b24a57c to 8d45554 Compare November 19, 2020 14:04

invidian requested a review from surajssd November 19, 2020 14:04

johananl removed their request for review November 19, 2020 17:35

invidian force-pushed the invidian/conntrack branch 2 times, most recently from 62f1d0a to 03cfea2 Compare November 23, 2020 12:04

invidian requested review from knrt10 and iaguis November 23, 2020 12:34

knrt10 reviewed Nov 24, 2020

View reviewed changes

assets/terraform-modules/bootkube/assets.tf Show resolved Hide resolved

knrt10 suggested changes Nov 24, 2020

View reviewed changes

surajssd previously approved these changes Nov 24, 2020

View reviewed changes

invidian dismissed surajssd’s stale review via 5038d83 November 24, 2020 09:02

invidian force-pushed the invidian/conntrack branch from 03cfea2 to 5038d83 Compare November 24, 2020 09:02

invidian requested review from surajssd and knrt10 November 24, 2020 09:02

invidian force-pushed the invidian/conntrack branch from 5038d83 to a28c642 Compare November 24, 2020 09:14

knrt10 previously approved these changes Nov 24, 2020

View reviewed changes

iaguis suggested changes Nov 24, 2020

View reviewed changes

invidian dismissed knrt10’s stale review via 2b5583a November 25, 2020 17:51

invidian force-pushed the invidian/conntrack branch from a28c642 to 2b5583a Compare November 25, 2020 17:51

invidian requested review from knrt10 and iaguis November 25, 2020 17:52

knrt10 previously approved these changes Nov 27, 2020

View reviewed changes

invidian dismissed knrt10’s stale review via 6403492 November 27, 2020 10:02

invidian force-pushed the invidian/conntrack branch from 2b5583a to 6403492 Compare November 27, 2020 10:02

iaguis previously approved these changes Nov 27, 2020

View reviewed changes

surajssd previously approved these changes Nov 27, 2020

View reviewed changes

invidian dismissed stale reviews from surajssd and iaguis via cbd94cf November 30, 2020 21:11

invidian force-pushed the invidian/conntrack branch from 6403492 to cbd94cf Compare November 30, 2020 21:11

surajssd previously approved these changes Dec 1, 2020

View reviewed changes

invidian and others added 3 commits December 1, 2020 14:03

test/system: remove nolint:testpackage requirement

f43b30d

Signed-off-by: Mateusz Gozdek <mateusz@kinvolk.io>

assets/terraform-modules/bootkube: fix formatting

727f0dc

Signed-off-by: knrt10 <kautilya@kinvolk.io>

invidian dismissed surajssd’s stale review via ebf81dd December 1, 2020 13:03

invidian force-pushed the invidian/conntrack branch from cbd94cf to ebf81dd Compare December 1, 2020 13:03

knrt10 approved these changes Dec 1, 2020

View reviewed changes

invidian merged commit 86c67e6 into master Dec 1, 2020

invidian deleted the invidian/conntrack branch December 1, 2020 15:13

invidian mentioned this pull request Dec 7, 2020

Release v0.6.0 #1064

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Expose --conntrack-max-per-core kube-proxy flag #1187

Expose --conntrack-max-per-core kube-proxy flag #1187

invidian commented Nov 16, 2020

surajssd Nov 19, 2020

invidian Nov 19, 2020

johananl commented Nov 19, 2020

knrt10 left a comment

invidian commented Nov 24, 2020

invidian commented Nov 25, 2020

knrt10 commented Nov 26, 2020 •

edited

Loading

invidian commented Nov 27, 2020

iaguis left a comment

knrt10 commented Dec 1, 2020

Expose --conntrack-max-per-core kube-proxy flag #1187

Expose --conntrack-max-per-core kube-proxy flag #1187

Conversation

invidian commented Nov 16, 2020

surajssd Nov 19, 2020

Choose a reason for hiding this comment

invidian Nov 19, 2020

Choose a reason for hiding this comment

johananl commented Nov 19, 2020

knrt10 left a comment

Choose a reason for hiding this comment

invidian commented Nov 24, 2020

invidian commented Nov 25, 2020

knrt10 commented Nov 26, 2020 • edited Loading

invidian commented Nov 27, 2020

iaguis left a comment

Choose a reason for hiding this comment

knrt10 commented Dec 1, 2020

knrt10 commented Nov 26, 2020 •

edited

Loading