What I expected to happen:
When attempted to increase the conntrack limit by specifying settings.kernel.sysctl in userdata, as described in the Bottlerocket documentation.
I also followed the instructions to disable kube-proxy for modifying conntrack per the Bottlerocket EKS Quickstart Guide. The expectation was that the conntrack limit would be set to the value specified in userdata.
This approach did not work as expected because, in EKS, a default kube-proxy-config is present, which takes precedence over command line parameters for kube-proxy.
Create a new node and log into the node use "cat /proc/sys/net/netfilter/nf_conntrack_max" to find the actual nf_conntrack_max value. In my case my node is c6g.xlarge and the value showed 131072
I suggest updating the documentation to instruct users to modify the kube-proxy-config ConfigMap rather than relying on command line parameters for kube-proxy.
Platform I'm building on: v1.23.0
What I expected to happen: When attempted to increase the conntrack limit by specifying settings.kernel.sysctl in userdata, as described in the Bottlerocket documentation.
I also followed the instructions to disable kube-proxy for modifying conntrack per the Bottlerocket EKS Quickstart Guide. The expectation was that the conntrack limit would be set to the value specified in userdata.
What actually happened:
This approach did not work as expected because, in EKS, a default kube-proxy-config is present, which takes precedence over command line parameters for kube-proxy.
How to reproduce the problem:
Solution:
Updating the kube-proxy-config ConfigMap resolves the issue. Here's an example of how to set the correct conntrack values:
I suggest updating the documentation to instruct users to modify the kube-proxy-config ConfigMap rather than relying on command line parameters for kube-proxy.