Browse Source
Added iptables lock fix and ajusted oom-score
xtables lock was missing. Added new option for oom-score to make sure it's not killed in an OOM situation before regular pods.
pull/2312/head
Andreas Krüger
7 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with
8 additions and
0 deletions
-
roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
|
|
|
@ -31,6 +31,7 @@ spec: |
|
|
|
- --bind-address={{ ip | default(ansible_default_ipv4.address) }} |
|
|
|
- --cluster-cidr={{ kube_pods_subnet }} |
|
|
|
- --proxy-mode={{ kube_proxy_mode }} |
|
|
|
- --oom-score-adj=-998 |
|
|
|
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %} |
|
|
|
- --masquerade-all |
|
|
|
{% elif kube_proxy_mode == 'ipvs' %} |
|
|
|
@ -59,6 +60,9 @@ spec: |
|
|
|
- mountPath: /lib/modules |
|
|
|
name: lib-modules |
|
|
|
readOnly: true |
|
|
|
- mountPath: /run/xtables.lock |
|
|
|
name: xtables-lock |
|
|
|
readOnly: false |
|
|
|
volumes: |
|
|
|
- name: ssl-certs-host |
|
|
|
hostPath: |
|
|
|
@ -79,3 +83,7 @@ spec: |
|
|
|
- hostPath: |
|
|
|
path: /lib/modules |
|
|
|
name: lib-modules |
|
|
|
- hostPath: |
|
|
|
path: /run/xtables.lock |
|
|
|
type: FileOrCreate |
|
|
|
name: xtables-lock |
