search

kakao / network-node-manager

network-node-manager is a kubernetes controller that controls the network configuration of a node to resolve network issues of kubernetes.
Apache License 2.0
108 stars 20 forks source link

iptables: use the host's xtables lock, and wait for the lock #13

Closed bootc closed 3 years ago

bootc commented 3 years ago

I noticed some odd behaviour when a node is starting afresh and lots of containers are being scheduled: it will often error out and abort with odd iptables error messages. It turns out this is due to not sharing the node's global xtables lock.

Unfortunately it's not as simple as just passing through the lockfile: by default iptables doesn't wait for the lock and instead just returns an error when the lock is held. So this PR also updates iptables.go to correctly wait for the lock if it is held.

bootc commented 3 years ago

Thanks for the comments, I'll update the MR this evening I hope.

ssup2 commented 3 years ago

Thanks for nice commit :)