Make calico iptables lock timeout configurable (#5658)
Adds `calico_iptables_lock_timeout_secs` variable to calico DS yaml.pull/5661/head
parent
646fd5f47b
commit
a15a0b5eb9
|
@ -51,6 +51,9 @@ calico_node_ignorelooserpf: false
|
||||||
# Define address on which Felix will respond to health requests
|
# Define address on which Felix will respond to health requests
|
||||||
calico_healthhost: "localhost"
|
calico_healthhost: "localhost"
|
||||||
|
|
||||||
|
# Configure time in seconds that calico will wait for the iptables lock
|
||||||
|
calico_iptables_lock_timeout_secs: 10
|
||||||
|
|
||||||
# Choose Calico iptables backend: "Iptables" or "NFT" (FELIX_IPTABLESBACKEND)
|
# Choose Calico iptables backend: "Iptables" or "NFT" (FELIX_IPTABLESBACKEND)
|
||||||
calico_iptables_backend: "Iptables"
|
calico_iptables_backend: "Iptables"
|
||||||
|
|
||||||
|
|
|
@ -209,12 +209,8 @@ spec:
|
||||||
- name: FELIX_IPTABLESBACKEND
|
- name: FELIX_IPTABLESBACKEND
|
||||||
value: "{{ calico_iptables_backend }}"
|
value: "{{ calico_iptables_backend }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
# Prior to v3.2.1 iptables didn't acquire the lock, so Calico's own implementation of the lock should be used,
|
|
||||||
# this is not required in later versions https://github.com/projectcalico/calico/issues/2179
|
|
||||||
{% if calico_version is version('v3.2.1', '<') %}
|
|
||||||
- name: FELIX_IPTABLESLOCKTIMEOUTSECS
|
- name: FELIX_IPTABLESLOCKTIMEOUTSECS
|
||||||
value: "10"
|
value: "{{ calico_iptables_lock_timeout_secs }}"
|
||||||
{% endif %}
|
|
||||||
# should be set in etcd before deployment
|
# should be set in etcd before deployment
|
||||||
# # Configure the IP Pool from which Pod IPs will be chosen.
|
# # Configure the IP Pool from which Pod IPs will be chosen.
|
||||||
# - name: CALICO_IPV4POOL_CIDR
|
# - name: CALICO_IPV4POOL_CIDR
|
||||||
|
|
Loading…
Reference in New Issue