C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Added iptables lock fix and ajusted oom-score

Browse source 
xtables lock was missing. Added new option for oom-score to make sure it's not killed in an OOM situation before regular pods.
This commit is contained in:
Andreas Krüger 2018-02-12 10:21:38 +01:00 committed by GitHub
parent 03c61685fb
commit 41ca67bf54
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
View file

@ -31,6 +31,7 @@ spec:
- --bind-address={{ ip | default(ansible_default_ipv4.address) }}
- --cluster-cidr={{ kube_pods_subnet }}
- --proxy-mode={{ kube_proxy_mode }}
- --oom-score-adj=-998
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
- --masquerade-all
{% elif kube_proxy_mode == 'ipvs' %}
@ -59,6 +60,9 @@ spec:
- mountPath: /lib/modules
name: lib-modules
readOnly: true
- mountPath: /run/xtables.lock
name: xtables-lock
readOnly: false
volumes:
- name: ssl-certs-host
hostPath:
@ -79,3 +83,7 @@ spec:
- hostPath:
path: /lib/modules
name: lib-modules
- hostPath:
path: /run/xtables.lock
type: FileOrCreate
name: xtables-lock