[CPDEV-98165] Fix check_paas services.system.sysctl.config task failu…

…re (#615) * Fix check_paas 234 task failure * optimize solution
Netcracker · Mar 5, 2024 · 2ac6f98 · 2ac6f98
1 parent 7b3c6b1
commit 2ac6f98
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 15 deletions.
diff --git a/documentation/Installation.md b/documentation/Installation.md
@@ -1537,13 +1537,8 @@ services:
 
 In the `services.kubeadm_kube-proxy` section, you can override the original settings for kube-proxy.
 For more information about these settings, refer to the official Kubernetes documentation at [https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration](https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration).
-By default, the installer uses the following parameters:
-
-|Parameter|Default Value|
-|---|---|
-|conntrack.min|1000000|
 
-`conntrack.min` inherits the `services.sysctl.net.netfilter.nf_conntrack_max` value from [sysctl](#sysctl).
+**Note**: `conntrack.min` inherits the `services.sysctl.net.netfilter.nf_conntrack_max` value from [sysctl](#sysctl), therefore if you would like to change this variable, set the desired value in `services.sysctl.net.netfilter.nf_conntrack_max`.
 
 **Note**: These parameters can be reconfigured after installation using [Reconfigure Procedure](Maintenance.md#reconfigure-procedure).
 
@@ -1604,9 +1599,7 @@ By default Kubemarine sets `bind-address` parameter of `kube-apiserver` to `node
 
 **Note**: These parameters can be reconfigured after installation using [Reconfigure Procedure](Maintenance.md#reconfigure-procedure).
 
-**Note**: If a parameter of control-plane pods is defined in `kubeadm.<service>.extraArgs` or is set by default by kubeadm and then redefined in `services.kubeadm_patches`,
-the pod manifest file will contain the same flag twice and the running pod will take into account the last mentioned value (taken from `services.kubeadm_patches`).
-This behaviour persists at the moment: https://github.com/kubernetes/kubeadm/issues/1601.
+**Note**: If a parameter of control-plane pods is defined in `kubeadm.<service>.extraArgs` or is set by default by kubeadm and then redefined in `services.kubeadm_patches`, the pod manifest file will contain the same flag twice, the value taken from services.kubeadm_patches will be in the end of the arguments list.
 
 #### kernel_security
 

diff --git a/kubemarine/core/defaults.py b/kubemarine/core/defaults.py
@@ -515,7 +515,6 @@ def manage_primitive_values(cluster: KubernetesCluster) -> None:
         (['services', 'cri', 'containerdConfig',
           'plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options',
           'SystemdCgroup'], utils.strtobool, False),
-        (['services', 'kubeadm_kube-proxy', 'conntrack', 'min'], utils.strtoint, True),
         (['services', 'modprobe', '*', '*'], str, True),
         # kernel parameters are actually not always represented as integers
         (['services', 'sysctl', '*'], utils.strtoint, True),

diff --git a/kubemarine/kubernetes/__init__.py b/kubemarine/kubernetes/__init__.py
@@ -184,6 +184,13 @@ def enrich_inventory(cluster: KubernetesCluster) -> None:
     preflight_errors.extend(default_preflight_errors)
     inventory["services"]["kubeadm_flags"]["ignorePreflightErrors"] = ",".join(set(preflight_errors))
 
+    # override kubeadm_kube-proxy.conntrack.min with sysctl.net.netfilter.nf_conntrack_max since they define the same kernel variable
+    version_key = utils.version_key(inventory["services"]["kubeadm"]["kubernetesVersion"])
+    if version_key >= (1, 29, 0):
+        inventory["services"]["kubeadm_kube-proxy"]["conntrack"]["min"] = inventory["services"]["sysctl"]["net.netfilter.nf_conntrack_max"]
+    else:
+        inventory["services"]["kubeadm_kube-proxy"]["conntrack"].pop("min",None)
+
 
 def reset_installation_env(group: NodeGroup) -> Optional[RunnersGroupResult]:
     log = group.cluster.log

diff --git a/kubemarine/resources/configurations/defaults.yaml b/kubemarine/resources/configurations/defaults.yaml
@@ -40,11 +40,7 @@ services:
   kubeadm_kube-proxy:
     apiVersion: kubeproxy.config.k8s.io/v1alpha1
     kind: KubeProxyConfiguration
-    conntrack:
-      min: |
-        {% if services.kubeadm.kubernetesVersion | versionkey >= (1, 29, 0) %}
-        {{ services.sysctl["net.netfilter.nf_conntrack_max"] }}
-        {% endif %}
+    conntrack: {}
   kubeadm_flags:
     ignorePreflightErrors: Port-6443,CoreDNSUnsupportedPlugins
   kubeadm: