Skip to content

Commit e1c7112

Browse files
authored
Merge pull request kubernetes#85517 from andrewsykim/ipvs-timeout
support configuration of kube-proxy IPVS tcp,tcpfin,udp timeout
2 parents 7fdefe5 + db2c048 commit e1c7112

File tree

18 files changed

+134
-2
lines changed

18 files changed

+134
-2
lines changed

cmd/kube-proxy/app/server.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,9 @@ func (o *Options) AddFlags(fs *pflag.FlagSet) {
181181
fs.DurationVar(&o.config.IPTables.MinSyncPeriod.Duration, "iptables-min-sync-period", o.config.IPTables.MinSyncPeriod.Duration, "The minimum interval of how often the iptables rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m').")
182182
fs.DurationVar(&o.config.IPVS.SyncPeriod.Duration, "ipvs-sync-period", o.config.IPVS.SyncPeriod.Duration, "The maximum interval of how often ipvs rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater than 0.")
183183
fs.DurationVar(&o.config.IPVS.MinSyncPeriod.Duration, "ipvs-min-sync-period", o.config.IPVS.MinSyncPeriod.Duration, "The minimum interval of how often the ipvs rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m').")
184+
fs.DurationVar(&o.config.IPVS.TCPTimeout.Duration, "ipvs-tcp-timeout", o.config.IPVS.TCPTimeout.Duration, "The timeout for idle IPVS TCP connections, 0 to leave as-is. (e.g. '5s', '1m', '2h22m').")
185+
fs.DurationVar(&o.config.IPVS.TCPFinTimeout.Duration, "ipvs-tcpfin-timeout", o.config.IPVS.TCPFinTimeout.Duration, "The timeout for IPVS TCP connections after receiving a FIN packet, 0 to leave as-is. (e.g. '5s', '1m', '2h22m').")
186+
fs.DurationVar(&o.config.IPVS.UDPTimeout.Duration, "ipvs-udp-timeout", o.config.IPVS.UDPTimeout.Duration, "The timeout for IPVS UDP packets, 0 to leave as-is. (e.g. '5s', '1m', '2h22m').")
184187
fs.DurationVar(&o.config.Conntrack.TCPEstablishedTimeout.Duration, "conntrack-tcp-timeout-established", o.config.Conntrack.TCPEstablishedTimeout.Duration, "Idle timeout for established TCP connections (0 to leave as-is)")
185188
fs.DurationVar(
186189
&o.config.Conntrack.TCPCloseWaitTimeout.Duration, "conntrack-tcp-timeout-close-wait",

cmd/kube-proxy/app/server_others.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -193,6 +193,9 @@ func newProxyServer(
193193
config.IPVS.MinSyncPeriod.Duration,
194194
config.IPVS.ExcludeCIDRs,
195195
config.IPVS.StrictARP,
196+
config.IPVS.TCPTimeout.Duration,
197+
config.IPVS.TCPFinTimeout.Duration,
198+
config.IPVS.UDPTimeout.Duration,
196199
config.IPTables.MasqueradeAll,
197200
int(*config.IPTables.MasqueradeBit),
198201
cidrTuple(config.ClusterCIDR),
@@ -214,6 +217,9 @@ func newProxyServer(
214217
config.IPVS.MinSyncPeriod.Duration,
215218
config.IPVS.ExcludeCIDRs,
216219
config.IPVS.StrictARP,
220+
config.IPVS.TCPTimeout.Duration,
221+
config.IPVS.TCPFinTimeout.Duration,
222+
config.IPVS.UDPTimeout.Duration,
217223
config.IPTables.MasqueradeAll,
218224
int(*config.IPTables.MasqueradeBit),
219225
config.ClusterCIDR,

cmd/kubeadm/app/componentconfigs/kubeproxy_test.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,9 @@ var kubeProxyMarshalCases = []struct {
7777
scheduler: ""
7878
strictARP: false
7979
syncPeriod: 0s
80+
tcpFinTimeout: 0s
81+
tcpTimeout: 0s
82+
udpTimeout: 0s
8083
kind: KubeProxyConfiguration
8184
metricsBindAddress: ""
8285
mode: ""
@@ -128,6 +131,9 @@ var kubeProxyMarshalCases = []struct {
128131
scheduler: ""
129132
strictARP: false
130133
syncPeriod: 0s
134+
tcpFinTimeout: 0s
135+
tcpTimeout: 0s
136+
udpTimeout: 0s
131137
kind: KubeProxyConfiguration
132138
metricsBindAddress: ""
133139
mode: ""

kind.yaml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
# three node (two workers) cluster config
2+
kind: Cluster
3+
apiVersion: kind.sigs.k8s.io/v1alpha3
4+
nodes:
5+
- role: control-plane
6+
- role: worker
7+
- role: worker
8+
kubeadmConfigPatches:
9+
- |
10+
apiVersion: kubeadm.k8s.io/v1beta2
11+
kind: ClusterConfiguration
12+
metadata:
13+
name: config
14+
apiServer:
15+
extraArgs:
16+
"feature-gates": "EndpointSlice=true,ServiceTopology=true"
17+
scheduler:
18+
extraArgs:
19+
"feature-gates": "EndpointSlice=true,ServiceTopology=true"
20+
controllerManager:
21+
extraArgs:
22+
"feature-gates": "EndpointSlice=true,ServiceTopology=true"
23+
- |
24+
apiVersion: kubeadm.k8s.io/v1beta2
25+
kind: InitConfiguration
26+
metadata:
27+
name: config
28+
nodeRegistration:
29+
kubeletExtraArgs:
30+
"feature-gates": "EndpointSlice=true,ServiceTopology=true"
31+
# 1 control plane node and 3 workers
32+

pkg/proxy/apis/config/scheme/testdata/KubeProxyConfiguration/after/__internal.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,9 @@ IPVS:
2727
Scheduler: ""
2828
StrictARP: false
2929
SyncPeriod: 0s
30+
TCPFinTimeout: 0s
31+
TCPTimeout: 0s
32+
UDPTimeout: 0s
3033
MetricsBindAddress: ""
3134
Mode: ""
3235
NodePortAddresses: null

pkg/proxy/apis/config/scheme/testdata/KubeProxyConfiguration/after/v1alpha1.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,9 @@ ipvs:
2727
scheduler: ""
2828
strictARP: false
2929
syncPeriod: 30s
30+
tcpFinTimeout: 0s
31+
tcpTimeout: 0s
32+
udpTimeout: 0s
3033
kind: KubeProxyConfiguration
3134
metricsBindAddress: 127.0.0.1:10249
3235
mode: ""

pkg/proxy/apis/config/scheme/testdata/KubeProxyConfiguration/v1alpha1To__internal/empty.yaml.after_roundtrip

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,9 @@ IPVS:
2727
Scheduler: ""
2828
StrictARP: false
2929
SyncPeriod: 30s
30+
TCPFinTimeout: 0s
31+
TCPTimeout: 0s
32+
UDPTimeout: 0s
3033
MetricsBindAddress: 127.0.0.1:10249
3134
Mode: ""
3235
NodePortAddresses: null

pkg/proxy/apis/config/scheme/testdata/KubeProxyConfiguration/v1alpha1Tov1alpha1/empty.yaml.after_roundtrip

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,9 @@ ipvs:
2727
scheduler: ""
2828
strictARP: false
2929
syncPeriod: 30s
30+
tcpFinTimeout: 0s
31+
tcpTimeout: 0s
32+
udpTimeout: 0s
3033
kind: KubeProxyConfiguration
3134
metricsBindAddress: 127.0.0.1:10249
3235
mode: ""

pkg/proxy/apis/config/types.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,15 @@ type KubeProxyIPVSConfiguration struct {
5858
// strict ARP configure arp_ignore and arp_announce to avoid answering ARP queries
5959
// from kube-ipvs0 interface
6060
StrictARP bool
61+
// tcpTimeout is the timeout value used for idle IPVS TCP sessions.
62+
// The default value is 0, which preserves the current timeout value on the system.
63+
TCPTimeout metav1.Duration
64+
// tcpFinTimeout is the timeout value used for IPVS TCP sessions after receiving a FIN.
65+
// The default value is 0, which preserves the current timeout value on the system.
66+
TCPFinTimeout metav1.Duration
67+
// udpTimeout is the timeout value used for IPVS UDP packets.
68+
// The default value is 0, which preserves the current timeout value on the system.
69+
UDPTimeout metav1.Duration
6170
}
6271

6372
// KubeProxyConntrackConfiguration contains conntrack settings for

pkg/proxy/apis/config/v1alpha1/zz_generated.conversion.go

Lines changed: 6 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)