Question: what iptables-resync is used for?

flannel-io / flannel

flannel is a network fabric for containers, designed for Kubernetes

Apache License 2.0

8.61k stars 2.87k forks source link

Question: what iptables-resync is used for? #1897

Closed V0idk closed 3 months ago

V0idk commented 3 months ago

I see getRules() is alway not changed if HasNerwork() is false(not specfic option use-multi-cluster-cidr), so can we reduce resync period or not resync when we are not using use-multi-cluster-cidr?

Motivation: iptable query occupy iptable lock too long when has many pod and service.

thomasferrandiz commented 3 months ago

Hi @V0idk the periodic resync of the iptables rules is there to ensure that the rules created by flannel are not removed by another program. Normally, if the rules are not modified, iptables should not run again.

In any case, if the resync period is too short on your system, you can configure it through the --iptables-resync flag. See the doc here.