New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for nf_conntrack_tcp_be_liberal
sysctl to kube-proxy
#120354
Add support for nf_conntrack_tcp_be_liberal
sysctl to kube-proxy
#120354
Conversation
Skipping CI for Draft Pull Request. |
/test all |
The open issue talks about parity with the existing TCP options #120214 We expressed several times that kube-proxy should not be too invasive with the node parameters, why do we add /assign @danwinship @khenidak As you commented on the referenced issue |
I said we shouldn't set it by default. I forgot we already had infra for letting the admin configure conntrack-related sysctls. That's fine. |
97f787a
to
7e35e20
Compare
It should behave the same way other flags behave... I think the current expectation is that the command line flags are completely overridden by the config file if you pass |
Yes, if --config is passed command line flags are completely overridden (except hostname). #120354 (comment), here you suggested to manually sync command line flag with config, does this still hold ? I added the logic to give precedence to command line flag over config for this option, the same way we do for hostname. LMK, will remove this logic. kubernetes/cmd/kube-proxy/app/server.go Lines 347 to 359 in f3c13d8
|
oh, sorry, I meant "sync" as in "make sure that the right one overrides the other one". If the command-line flag reads directly into a field in But anyway, we only needed the |
Signed-off-by: Daman Arora <aroradaman@gmail.com>
5473e93
to
9ae7736
Compare
/retitle Add support for `nf_conntrack_tcp_be_liberal_ sysctl to kube-proxy The release note should be updated to reference #94861 and mention that this you can now work around that problem by specifying this option, which will cause kube-proxy to not create the DROP rule that breaks asymmetric routing. Oh, also, the "Fixes" part of the initial comment is wrong now since the UDP stuff got split out, but it should say this fixes 94861. |
LGTM label has been added. Git tree hash: 3e6390648bd8b2fa8c94e33b3a35c77b142658fd
|
nf_conntrack_tcp_be_liberal
sysctl to kube-proxy
/lgtm |
ping @thockin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aroradaman, danwinship, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/triage accepted |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #94861
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: