Browse Source
Make calico iptables lock timeout configurable (#5658)
Adds `calico_iptables_lock_timeout_secs` variable to calico DS yaml.
pull/5661/head
Chad Swenson
4 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with
4 additions and
5 deletions
-
roles/network_plugin/calico/defaults/main.yml
-
roles/network_plugin/calico/templates/calico-node.yml.j2
|
|
|
@ -51,6 +51,9 @@ calico_node_ignorelooserpf: false |
|
|
|
# Define address on which Felix will respond to health requests |
|
|
|
calico_healthhost: "localhost" |
|
|
|
|
|
|
|
# Configure time in seconds that calico will wait for the iptables lock |
|
|
|
calico_iptables_lock_timeout_secs: 10 |
|
|
|
|
|
|
|
# Choose Calico iptables backend: "Iptables" or "NFT" (FELIX_IPTABLESBACKEND) |
|
|
|
calico_iptables_backend: "Iptables" |
|
|
|
|
|
|
|
|
|
|
|
@ -209,12 +209,8 @@ spec: |
|
|
|
- name: FELIX_IPTABLESBACKEND |
|
|
|
value: "{{ calico_iptables_backend }}" |
|
|
|
{% endif %} |
|
|
|
# Prior to v3.2.1 iptables didn't acquire the lock, so Calico's own implementation of the lock should be used, |
|
|
|
# this is not required in later versions https://github.com/projectcalico/calico/issues/2179 |
|
|
|
{% if calico_version is version('v3.2.1', '<') %} |
|
|
|
- name: FELIX_IPTABLESLOCKTIMEOUTSECS |
|
|
|
value: "10" |
|
|
|
{% endif %} |
|
|
|
value: "{{ calico_iptables_lock_timeout_secs }}" |
|
|
|
# should be set in etcd before deployment |
|
|
|
# # Configure the IP Pool from which Pod IPs will be chosen. |
|
|
|
# - name: CALICO_IPV4POOL_CIDR |
|
|
|
|
