Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Changing Kubernetes' node-proxy tcp keepalive time

How do I properly change the TCP keepalive time for node-proxy?

I am running Kubernetes in Google Container Engine and have set up an ingress backed by HTTP(S) Google Load Balancer. When I continuously make POST requests to the ingress, I get a 502 error exactly once every 80 seconds or so. backend_connection_closed_before_data_sent_to_client error in Cloud Logging, which is because GLB's tcp keepalive (600 seconds) is larger than node-proxy's keepalive (no clue what it is).

The logged error is detailed in https://cloud.google.com/compute/docs/load-balancing/http/.

Thanks!

like image 719
Akash Krishnan Avatar asked Jun 24 '17 05:06

Akash Krishnan


People also ask

How do I change my kube proxy mode?

You need to modify the control plane itself. Since you created your cluster with kubeadm, you can use that to enable ipvs. You'd add this to your config file for kube init. Here's an article from github.com/kubernetes with more detailed instructions.

What happens if kube proxy is down?

kube-proxy runs on every node and is responsible for regulating network traffic between the node and other entities inside and outside the cluster. If kube-proxy stops running for any reason, the node goes into a not ready state. Run kubectl get pods -n kube-system to show pods belonging to the Kubernetes system.

What is Kubeproxy in Kubernetes?

kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept. kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster.


1 Answers

You can use the custom resource BackendConfig that exist on each GKE cluster to configure timeouts and other parameters like CDN here is the documentacion

An example from here shows how to configure on the ingress

That is the BackendConfig definition:

apiVersion: cloud.google.com/v1beta1
kind: BackendConfig
metadata:
  name: my-bsc-backendconfig
spec:
  timeoutSec: 40
  connectionDraining:
    drainingTimeoutSec: 60

And this is how to use on the ingress definition through annotations

apiVersion: v1
kind: Service
metadata:
  name: my-bsc-service
  labels:
    purpose: bsc-config-demo
  annotations:
    beta.cloud.google.com/backend-config: '{"ports": {"80":"my-bsc-backendconfig"}}'
spec:
  type: NodePort
  selector:
    purpose: bsc-config-demo
  ports:
  - port: 80
    protocol: TCP
    targetPort: 8080
like image 62
wolmi Avatar answered Oct 05 '22 04:10

wolmi