Added iptables lock fix and ajusted oom-score
xtables lock was missing. Added new option for oom-score to make sure it's not killed in an OOM situation before regular pods.
This commit is contained in:
Andreas Krüger
GitHub
parent
03c61685fb
commit
41ca67bf54
1 changed files with 8 additions and 0 deletions
|
|
@ -31,6 +31,7 @@ spec:
|
||||||
- --bind-address={{ ip | default(ansible_default_ipv4.address) }}
|
- --bind-address={{ ip | default(ansible_default_ipv4.address) }}
|
||||||
- --cluster-cidr={{ kube_pods_subnet }}
|
- --cluster-cidr={{ kube_pods_subnet }}
|
||||||
- --proxy-mode={{ kube_proxy_mode }}
|
- --proxy-mode={{ kube_proxy_mode }}
|
||||||
|
- --oom-score-adj=-998
|
||||||
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
|
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
|
||||||
- --masquerade-all
|
- --masquerade-all
|
||||||
{% elif kube_proxy_mode == 'ipvs' %}
|
{% elif kube_proxy_mode == 'ipvs' %}
|
||||||
|
|
@ -59,6 +60,9 @@ spec:
|
||||||
- mountPath: /lib/modules
|
- mountPath: /lib/modules
|
||||||
name: lib-modules
|
name: lib-modules
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- mountPath: /run/xtables.lock
|
||||||
|
name: xtables-lock
|
||||||
|
readOnly: false
|
||||||
volumes:
|
volumes:
|
||||||
- name: ssl-certs-host
|
- name: ssl-certs-host
|
||||||
hostPath:
|
hostPath:
|
||||||
|
|
@ -79,3 +83,7 @@ spec:
|
||||||
- hostPath:
|
- hostPath:
|
||||||
path: /lib/modules
|
path: /lib/modules
|
||||||
name: lib-modules
|
name: lib-modules
|
||||||
|
- hostPath:
|
||||||
|
path: /run/xtables.lock
|
||||||
|
type: FileOrCreate
|
||||||
|
name: xtables-lock
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue