-
Notifications
You must be signed in to change notification settings - Fork 39k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Re-allow 0 for kube-proxy conntrack settings
When kube-proxy was refactored to use a configuration file, the ability to use 0 for conntrack min, max, max per core, and tcp timeouts was inadvertently broken; if you specified 0, it would instead apply the default value from defaults.go. This change restores the ability to use 0 to mean 0. Signed-off-by: Andy Goldstein <andy.goldstein@gmail.com>
- Loading branch information
Showing
10 changed files
with
250 additions
and
154 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -146,12 +146,15 @@ func AddFlags(options *Options, fs *pflag.FlagSet) { | |
fs.Float32Var(&options.config.ClientConnection.QPS, "kube-api-qps", options.config.ClientConnection.QPS, "QPS to use while talking with kubernetes apiserver") | ||
fs.IntVar(&options.config.ClientConnection.Burst, "kube-api-burst", options.config.ClientConnection.Burst, "Burst to use while talking with kubernetes apiserver") | ||
fs.DurationVar(&options.config.UDPIdleTimeout.Duration, "udp-timeout", options.config.UDPIdleTimeout.Duration, "How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for proxy-mode=userspace") | ||
fs.Int32Var(&options.config.Conntrack.Max, "conntrack-max", options.config.Conntrack.Max, | ||
if options.config.Conntrack.Max == nil { | ||
options.config.Conntrack.Max = utilpointer.Int32Ptr(0) | ||
} | ||
fs.Int32Var(options.config.Conntrack.Max, "conntrack-max", *options.config.Conntrack.Max, | ||
"Maximum number of NAT connections to track (0 to leave as-is). This overrides conntrack-max-per-core and conntrack-min.") | ||
fs.MarkDeprecated("conntrack-max", "This feature will be removed in a later release.") | ||
fs.Int32Var(&options.config.Conntrack.MaxPerCore, "conntrack-max-per-core", options.config.Conntrack.MaxPerCore, | ||
fs.Int32Var(options.config.Conntrack.MaxPerCore, "conntrack-max-per-core", *options.config.Conntrack.MaxPerCore, | ||
"Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min).") | ||
fs.Int32Var(&options.config.Conntrack.Min, "conntrack-min", options.config.Conntrack.Min, | ||
fs.Int32Var(options.config.Conntrack.Min, "conntrack-min", *options.config.Conntrack.Min, | ||
"Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is).") | ||
fs.DurationVar(&options.config.Conntrack.TCPEstablishedTimeout.Duration, "conntrack-tcp-timeout-established", options.config.Conntrack.TCPEstablishedTimeout.Duration, "Idle timeout for established TCP connections (0 to leave as-is)") | ||
fs.DurationVar( | ||
|
@@ -179,6 +182,17 @@ func (o *Options) Complete() error { | |
o.applyDeprecatedHealthzPortToConfig() | ||
} | ||
|
||
// Load the config file here in Complete, so that Validate validates the fully-resolved config. | ||
if len(o.ConfigFile) > 0 { | ||
if c, err := o.loadConfigFromFile(o.ConfigFile); err != nil { | ||
return err | ||
} else { | ||
o.config = c | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
seh
Contributor
|
||
// Make sure we apply the feature gate settings in the config file. | ||
utilfeature.DefaultFeatureGate.Set(o.config.FeatureGates) | ||
} | ||
} | ||
|
||
return nil | ||
} | ||
|
||
|
@@ -196,23 +210,11 @@ func (o *Options) Validate(args []string) error { | |
} | ||
|
||
func (o *Options) Run() error { | ||
config := o.config | ||
|
||
if len(o.WriteConfigTo) > 0 { | ||
return o.writeConfigFile() | ||
} | ||
|
||
if len(o.ConfigFile) > 0 { | ||
if c, err := o.loadConfigFromFile(o.ConfigFile); err != nil { | ||
return err | ||
} else { | ||
config = c | ||
// Make sure we apply the feature gate settings in the config file. | ||
utilfeature.DefaultFeatureGate.Set(config.FeatureGates) | ||
} | ||
} | ||
|
||
proxyServer, err := NewProxyServer(config, o.CleanupAndExit, o.scheme, o.master) | ||
proxyServer, err := NewProxyServer(o.config, o.CleanupAndExit, o.scheme, o.master) | ||
if err != nil { | ||
return err | ||
} | ||
|
@@ -502,14 +504,14 @@ func (s *ProxyServer) Run() error { | |
} | ||
} | ||
|
||
if s.ConntrackConfiguration.TCPEstablishedTimeout.Duration > 0 { | ||
if s.ConntrackConfiguration.TCPEstablishedTimeout != nil && s.ConntrackConfiguration.TCPEstablishedTimeout.Duration > 0 { | ||
timeout := int(s.ConntrackConfiguration.TCPEstablishedTimeout.Duration / time.Second) | ||
if err := s.Conntracker.SetTCPEstablishedTimeout(timeout); err != nil { | ||
return err | ||
} | ||
} | ||
|
||
if s.ConntrackConfiguration.TCPCloseWaitTimeout.Duration > 0 { | ||
if s.ConntrackConfiguration.TCPCloseWaitTimeout != nil && s.ConntrackConfiguration.TCPCloseWaitTimeout.Duration > 0 { | ||
timeout := int(s.ConntrackConfiguration.TCPCloseWaitTimeout.Duration / time.Second) | ||
if err := s.Conntracker.SetTCPCloseWaitTimeout(timeout); err != nil { | ||
return err | ||
|
@@ -548,16 +550,19 @@ func (s *ProxyServer) birthCry() { | |
} | ||
|
||
func getConntrackMax(config kubeproxyconfig.KubeProxyConntrackConfiguration) (int, error) { | ||
if config.Max > 0 { | ||
if config.MaxPerCore > 0 { | ||
if config.Max != nil && *config.Max > 0 { | ||
if config.MaxPerCore != nil && *config.MaxPerCore > 0 { | ||
return -1, fmt.Errorf("invalid config: Conntrack Max and Conntrack MaxPerCore are mutually exclusive") | ||
} | ||
glog.V(3).Infof("getConntrackMax: using absolute conntrack-max (deprecated)") | ||
return int(config.Max), nil | ||
return int(*config.Max), nil | ||
} | ||
if config.MaxPerCore > 0 { | ||
floor := int(config.Min) | ||
scaled := int(config.MaxPerCore) * goruntime.NumCPU() | ||
if config.MaxPerCore != nil && *config.MaxPerCore > 0 { | ||
floor := 0 | ||
if config.Min != nil { | ||
floor = int(*config.Min) | ||
} | ||
scaled := int(*config.MaxPerCore) * goruntime.NumCPU() | ||
if scaled > floor { | ||
glog.V(3).Infof("getConntrackMax: using scaled conntrack-max-per-core") | ||
return scaled, nil | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 11 additions & 10 deletions
21
pkg/proxy/apis/kubeproxyconfig/v1alpha1/zz_generated.conversion.go
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
50 changes: 47 additions & 3 deletions
50
pkg/proxy/apis/kubeproxyconfig/v1alpha1/zz_generated.deepcopy.go
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
This overwrites any configuration set earlier by the flags that are bound to
o.config
in(*Options).AddFlags
above.Motivating discussion from kubernetes/website#9663.