Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove net.ipv4.tcp_max_syn_backlog from sysctl whitelist #32072

Merged
merged 1 commit into from Sep 7, 2016
Merged

Remove net.ipv4.tcp_max_syn_backlog from sysctl whitelist #32072

merged 1 commit into from Sep 7, 2016

Conversation

sttts
Copy link
Contributor

@sttts sttts commented Sep 5, 2016
edited by k8s-oncall

Remove net.ipv4.tcp_max_syn_backlog from sysctl whitelist. This is not namespaced in today's kernels, but must be set on node-level.

Having this on the whitelist, wouldn't harm because the kernel only offers namespaced net.* sysctls in the /proc/sys tree. But having a sysctl on the whitelist, which cannot be used, doesn't make sense either.

1.4 justification:

  • Risk: the whitelist is a published API. We shouldn't have sysctls on there which do not work.
  • Rollback: nothing should depend on this behavior.
  • Cost: the cost of this is relatively low, as no pod with this sysctl will launch.

This change is Reviewable

@sttts
Remove net.ipv4.tcp_max_syn_backlog from sysctl whitelist
9a34eee 
This is not namespaced in today's kernels.
@sttts sttts added kind/bug Categorizes issue or PR as related to a bug. area/kubelet labels Sep 5, 2016
@sttts sttts added this to the v1.4 milestone Sep 5, 2016
@sttts sttts added release-note-none Denotes a PR that doesn't merit a release note. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API labels Sep 5, 2016
@k8s-github-robot k8s-github-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Sep 5, 2016
@k8s-bot
Copy link

k8s-bot commented Sep 5, 2016

GCE e2e build/test passed for commit 9a34eee.

@sttts sttts mentioned this pull request Sep 5, 2016
Closed
@vishh
Copy link
Contributor

vishh commented Sep 6, 2016

LGTM

@vishh vishh added lgtm "Looks good to me", indicates that a PR is ready to be merged. cherrypick-candidate labels Sep 6, 2016
@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-github-robot
Copy link

@k8s-bot test this issue: #IGNORE

Tests have been pending for 24 hours

@k8s-bot
Copy link

k8s-bot commented Sep 7, 2016

GCE e2e build/test passed for commit 9a34eee.

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit a16de4a into kubernetes:master Sep 7, 2016
@sttts sttts mentioned this pull request Sep 9, 2016
Closed
@pwittrock pwittrock added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Sep 10, 2016
@foxish foxish mentioned this pull request Sep 10, 2016
Merged
pwittrock pushed a commit that referenced this pull request Sep 10, 2016
Merge pull request #32443 from foxish/automated-cherry-pick-of-#31947-#…
532f507 
…32072-#32105-#32197-#32181-upstream-release-1.4

Automated cherry pick of #31947 #32072 #32105 #32197 #32181
shyamjvs pushed a commit to shyamjvs/kubernetes that referenced this pull request Dec 1, 2016
Merge pull request kubernetes#32443 from foxish/automated-cherry-pick…
b424f01 
…-of-#31947-kubernetes#32072-kubernetes#32105-kubernetes#32197-kubernetes#32181-upstream-release-1.4

Automated cherry pick of kubernetes#31947 kubernetes#32072 kubernetes#32105 kubernetes#32197 kubernetes#32181
@discordianfish
Copy link
Contributor

@sttts Either this has changed or you mixed it up with net.core.netdev_max_backlog:

$ S=net.ipv4.tcp_max_syn_backlog; docker run -ti --rm --sysctl "$S"=12345 ubuntu sysctl "$S"; docker run -ti --rm ubuntu sysctl "$S"
net.ipv4.tcp_max_syn_backlog = 12345
net.ipv4.tcp_max_syn_backlog = 128
S=net.core.netdev_max_backlog; docker run -ti --rm --sysctl "$S"=12345 ubuntu sysctl "$S"; docker run -ti --rm ubuntu sysctl "$S"
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"write sysctl key net.core.netdev_max_backlog: open /proc/sys/net/core/netdev_max_backlog: no such file or directory\"": unknown.
ERRO[0000] error waiting for container: context canceled
sysctl: cannot stat /proc/sys/net/core/netdev_max_backlog: No such file or directory

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@vishh vishh

Labels
area/kubelet cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
v1.4
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@sttts @k8s-bot @vishh @k8s-github-robot @discordianfish @googlebot @pwittrock @eparis