Changing tiller pod networking settings to improve swact time

Based on investigation by Matt, the tiller-deploy pod was running in the cluster network namespace and therefore not inheriting host TCP keepalive parameters. During a swact, when the floating IP is taken down, tiller keepalive is so large its the kube-apiserver detects the timeout after 15 minutes (5 probes * 180 seconds) The cluster namespace values are 9 probes at 75 second intervals. The host TCP values are 5 consecutive probes at 1 second intervals. By changing the tiller pod to be deployed using the host network, it will inherit the host sysctl values and detect much more quickly. (10 seconds) Adding additional override settings during helm init for tiller helm init <params> --override spec.template.spec.hostNetwork=true These changes were added to the ansible playbook. Change-Id: I218e4ef37100950c8ac5a0cb9759d9df50d9e368 Closes-Bug: 1817941 Partial-Bug: 1818123 Co-Authored-By: Matt Peters <Matt.Peters@windriver.com> Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
2019-05-03 15:11:57 -05:00 · 2019-05-03 15:11:57 -05:00 · 4802f1d96a
commit 4802f1d96a
parent 911523bdf8
4 changed files with 5 additions and 3 deletions
--- a/playbookconfig/centos/build_srpm.data
+++ b/playbookconfig/centos/build_srpm.data
@ -1,2 +1,2 @@
 SRC_DIR="playbookconfig"
-TIS_PATCH_VER=1
+TIS_PATCH_VER=2
--- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/tasks/bringup_helm.yml
+++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/tasks/bringup_helm.yml
@ -132,6 +132,7 @@
  command: >-
    helm init --skip-refresh --service-account tiller --node-selectors
    "node-role.kubernetes.io/master"="" --tiller-image={{ tiller_img }}
+    --override spec.template.spec.hostNetwork=true
  become_user: wrsroot
  environment:
    KUBECONFIG: /etc/kubernetes/admin.conf
@ -145,6 +146,7 @@
    command: >-
      helm init --skip-refresh --service-account tiller --node-selectors
      "node-role.kubernetes.io/master"="" --tiller-image={{ tiller_img }}
+      --override spec.template.spec.hostNetwork=true
    environment:
      KUBECONFIG: /etc/kubernetes/admin.conf
      HOME: /home/wrsroot
--- a/puppet-manifests/centos/build_srpm.data
+++ b/puppet-manifests/centos/build_srpm.data
@ -1,2 +1,2 @@
 SRC_DIR="src"
-TIS_PATCH_VER=87
+TIS_PATCH_VER=88
--- a/puppet-manifests/src/modules/platform/manifests/helm.pp
+++ b/puppet-manifests/src/modules/platform/manifests/helm.pp
@ -63,7 +63,7 @@ class platform::helm

      -> exec { 'initialize helm':
        environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/wrsroot' ],
-        command     => "helm init --skip-refresh --service-account tiller --node-selectors \"node-role.kubernetes.io/master\"=\"\" --tiller-image=${gcr_registry}/kubernetes-helm/tiller:v2.13.1", # lint:ignore:140chars
+        command     => "helm init --skip-refresh --service-account tiller --node-selectors \"node-role.kubernetes.io/master\"=\"\" --tiller-image=${gcr_registry}/kubernetes-helm/tiller:v2.13.1  --override spec.template.spec.hostNetwork=true", # lint:ignore:140chars
        logoutput   => true,
        user        => 'wrsroot',
        group       => 'wrs',