Added iptables lock fix and ajusted oom-score

xtables lock was missing. Added new option for oom-score to make sure it's not killed in an OOM situation before regular pods.
This commit is contained in:
Andreas Krüger 2018-02-12 10:21:38 +01:00 committed by GitHub
parent 03c61685fb
commit 41ca67bf54
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -31,6 +31,7 @@ spec:
- --bind-address={{ ip | default(ansible_default_ipv4.address) }} - --bind-address={{ ip | default(ansible_default_ipv4.address) }}
- --cluster-cidr={{ kube_pods_subnet }} - --cluster-cidr={{ kube_pods_subnet }}
- --proxy-mode={{ kube_proxy_mode }} - --proxy-mode={{ kube_proxy_mode }}
- --oom-score-adj=-998
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %} {% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
- --masquerade-all - --masquerade-all
{% elif kube_proxy_mode == 'ipvs' %} {% elif kube_proxy_mode == 'ipvs' %}
@ -59,6 +60,9 @@ spec:
- mountPath: /lib/modules - mountPath: /lib/modules
name: lib-modules name: lib-modules
readOnly: true readOnly: true
- mountPath: /run/xtables.lock
name: xtables-lock
readOnly: false
volumes: volumes:
- name: ssl-certs-host - name: ssl-certs-host
hostPath: hostPath:
@ -79,3 +83,7 @@ spec:
- hostPath: - hostPath:
path: /lib/modules path: /lib/modules
name: lib-modules name: lib-modules
- hostPath:
path: /run/xtables.lock
type: FileOrCreate
name: xtables-lock