pharos-cluster icon indicating copy to clipboard operation
pharos-cluster copied to clipboard

Published 20 hours ago verified publisher icon kontena

Ingress-nginx could use k8s native sysctl

Open jakolehm opened this issue 7 years ago • 2 comments

https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#setting-sysctls-for-a-pod

jakolehm avatar Aug 10 '18 09:08 jakolehm

Seems like net.ipv4.ip_local_port_range is considered a safe sysctl and allowed by default, but tuning net.core.somaxconn would require kubelet --allowed-unsafe-sysctls net.core.somaxconn.

The default net.core.somaxconn = 128 could cause slowdowns with very high rates of new connections (faster than nginx is able to accept them), but TCP should handle retries in that case (assuming default net.ipv4.tcp_abort_on_overflow=0): https://serverfault.com/questions/518862/will-increasing-net-core-somaxconn-make-a-difference

SpComb avatar Aug 10 '18 09:08 SpComb

...except that the ingress-nginx pod runs with hostNetwork: true, so those sysctls affect the entire node.

SpComb avatar Aug 10 '18 12:08 SpComb