From ae44aff3306704010116333b2f91591c8e3e453e Mon Sep 17 00:00:00 2001 From: Cristian Calin <6627509+cristicalin@users.noreply.github.com> Date: Sat, 18 Sep 2021 02:08:07 +0300 Subject: [PATCH] Calico: increase calico node probe timeouts and allow tunning (#7981) --- docs/calico.md | 11 ++++++++++- .../sample/group_vars/k8s_cluster/k8s-net-calico.yml | 4 ++++ .../calico/templates/calico-node.yml.j2 | 2 ++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/calico.md b/docs/calico.md index 4edfd7590..4b747d765 100644 --- a/docs/calico.md +++ b/docs/calico.md @@ -189,7 +189,7 @@ To re-define default action please set the following variable in your inventory: calico_endpoint_to_host_action: "ACCEPT" ``` -## Optional : Define address on which Felix will respond to health requests +### Optional : Define address on which Felix will respond to health requests Since Calico 3.2.0, HealthCheck default behavior changed from listening on all interfaces to just listening on localhost. @@ -199,6 +199,15 @@ To re-define health host please set the following variable in your inventory: calico_healthhost: "0.0.0.0" ``` +### Optional : Configure Calico Node probe timeouts + +Under certain conditions a deployer may need to tune the Calico liveness and readiness probes timeout settings. These can be configured like this: + +```yml +calico_node_livenessprobe_timeout: 10 +calico_node_readinessprobe_timeout: 10 +``` + ## Config encapsulation for cross server traffic Calico supports two types of encapsulation: [VXLAN and IP in IP](https://docs.projectcalico.org/v3.11/networking/vxlan-ipip). VXLAN is supported in some environments where IP in IP is not (for example, Azure). diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml index a290d67c0..6483320eb 100644 --- a/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml +++ b/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml @@ -103,3 +103,7 @@ # Enable calico traffic encryption with wireguard # calico_wireguard_enabled: false + +# Under certain situations liveness and readiness probes may need tunning +# calico_node_livenessprobe_timeout: 10 +# calico_node_readinessprobe_timeout: 10 diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2 index 651711e78..21833e827 100644 --- a/roles/network_plugin/calico/templates/calico-node.yml.j2 +++ b/roles/network_plugin/calico/templates/calico-node.yml.j2 @@ -305,6 +305,7 @@ spec: {% endif %} periodSeconds: 10 initialDelaySeconds: 10 + timeoutSeconds: {{ calico_node_livenessprobe_timeout | default(10) }} failureThreshold: 6 readinessProbe: exec: @@ -315,6 +316,7 @@ spec: {% endif %} - -felix-ready periodSeconds: 10 + timeoutSeconds: {{ calico_node_readinessprobe_timeout | default(10) }} failureThreshold: 6 volumeMounts: - mountPath: /lib/modules