From b35b8162879fb05c63c4d8374cc2eff77c5c3a73 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <matthew.mosesohn@gmail.com>
Date: Fri, 10 Jan 2020 11:24:33 +0300
Subject: [PATCH] Raise typha max connections to 300 (#5527)

Raises limit from 100 to 300 because the default is far too low
and the pod can handle 300 with the given resources.

Change-Id: Ib1eec10da3d09d198933fcfe87291587e58d7cdb
---
 inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml | 4 ++++
 roles/network_plugin/calico/defaults/main.yml              | 6 ++++++
 roles/network_plugin/calico/templates/calico-typha.yml.j2  | 2 ++
 3 files changed, 12 insertions(+)

diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml b/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml
index 6d5987dc0..6eedfc3f3 100644
--- a/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml
@@ -40,5 +40,9 @@
 # Generate TLS certs for secure typha<->calico-node communication
 # typha_secure: false
 
+# Scaling typha: 1 replica per 100 nodes is adequate
 # Number of typha replicas
 # typha_replicas: 1
+
+# Set max typha connections
+# typha_max_connections_lower_limit: 300
diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index 277fa36b8..dc9000f03 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -74,9 +74,15 @@ kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem
 
 # Use typha (only with kdd)
 typha_enabled: false
+
+# Scaling typha: 1 replica per 100 nodes is adequate
 # Number of typha replicas
 typha_replicas: 1
 
+# Set max typha connections
+typha_max_connections_lower_limit: 300
+
+
 # Generate certifcates for typha<->calico-node communication
 typha_secure: false
 
diff --git a/roles/network_plugin/calico/templates/calico-typha.yml.j2 b/roles/network_plugin/calico/templates/calico-typha.yml.j2
index 227b07bcb..dbff96514 100644
--- a/roles/network_plugin/calico/templates/calico-typha.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-typha.yml.j2
@@ -82,6 +82,8 @@ spec:
             value: "kubernetes"
           - name: TYPHA_HEALTHENABLED
             value: "true"
+          - name: TYPHA_MAXCONNECTIONSLOWERLIMIT
+            value: "{{ typha_max_connections_lower_limit }}"
 {% if typha_secure %}
           - name: TYPHA_CAFILE
             value: /etc/ca/ca.crt