From 4e81cb12a91bc7fa807d36f5fbe05c6c7cd23434 Mon Sep 17 00:00:00 2001
From: jiang_gw <jiang_gw@126.com>
Date: Tue, 3 Sep 2019 12:39:07 +0800
Subject: [PATCH] fix: ipvs-connection-timeout-issue

---
 roles/prepare/defaults/main.yml               | 3 +++
 roles/prepare/tasks/common.yml                | 1 +
 roles/prepare/templates/95-k8s-sysctl.conf.j2 | 5 +++++
 3 files changed, 9 insertions(+)

diff --git a/roles/prepare/defaults/main.yml b/roles/prepare/defaults/main.yml
index 508839f..b181487 100644
--- a/roles/prepare/defaults/main.yml
+++ b/roles/prepare/defaults/main.yml
@@ -1,2 +1,5 @@
 # 离线安装系统软件包 (offline|online)
 INSTALL_SOURCE: "online"
+
+# 默认使用kube-proxy的 'iptables' 模式，可选 'ipvs' 模式(experimental)
+PROXY_MODE: "ipvs"
diff --git a/roles/prepare/tasks/common.yml b/roles/prepare/tasks/common.yml
index d6809aa..2c17474 100644
--- a/roles/prepare/tasks/common.yml
+++ b/roles/prepare/tasks/common.yml
@@ -42,6 +42,7 @@
 
 # 设置系统参数for k8s
 # 消除docker info 警告WARNING: bridge-nf-call-ip[6]tables is disabled
+# https://success.docker.com/article/ipvs-connection-timeout-issue 缩短keepalive_time超时时间为600s
 - name: 设置系统参数
   template: src=95-k8s-sysctl.conf.j2 dest=/etc/sysctl.d/95-k8s-sysctl.conf
 
diff --git a/roles/prepare/templates/95-k8s-sysctl.conf.j2 b/roles/prepare/templates/95-k8s-sysctl.conf.j2
index 040c68a..a3b33dc 100644
--- a/roles/prepare/templates/95-k8s-sysctl.conf.j2
+++ b/roles/prepare/templates/95-k8s-sysctl.conf.j2
@@ -10,3 +10,8 @@ net.netfilter.nf_conntrack_max=1000000
 vm.swappiness = 0
 vm.max_map_count=655360
 fs.file-max=6553600
+{% if PROXY_MODE == "ipvs" %}
+net.ipv4.tcp_keepalive_time = 600
+net.ipv4.tcp_keepalive_intvl = 30
+net.ipv4.tcp_keepalive_probes = 10
+{% endif %}