fix: Istio tcp keepalive tweaks to make AWS NLB happy again

pull/44/head
Stefan Reimer 1 year ago
parent 4dbdaf9225
commit 3c79cd3306
  1. 38
      charts/kubezero-istio-ingress/nlb_keepalive_trial.yaml
  2. 2
      charts/kubezero-istio-ingress/templates/envoyfilter-keepalive-nlb.yaml
  3. 17
      charts/kubezero-istio/README.md
  4. 3
      charts/kubezero-istio/values.yaml

@ -0,0 +1,38 @@
{{- if or (index .Values "istio-ingress" "enabled") (index .Values "istio-private-ingress" "enabled") }}
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: ingressgateway-listener-tcp-keepalive
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
configPatches:
- applyTo: LISTENER
patch:
operation: MERGE
value:
socket_options:
# SOL_SOCKET = 1
# SO_KEEPALIVE = 9
- int_value: 1
level: 1
name: 9
state: STATE_PREBIND
# TCP_KEEPPROBES
- int_value: 9
level: 6
name: 6
state: STATE_PREBIND
# IPPROTO_TCP = 6
# TCP_KEEPIDLE = 4
- int_value: 120
level: 6
name: 4
state: STATE_PREBIND
# TCP_KEEPINTVL = 5
- int_value: 30
level: 6
name: 5
state: STATE_PREBIND
{{- end }}

@ -23,7 +23,7 @@ spec:
# TCP_KEEPIDLE = 4
- level: 6
name: 4
int_value: 60
int_value: 120
state: STATE_LISTENING
# TCP_KEEPINTVL = 5
- level: 6

@ -1,6 +1,6 @@
# kubezero-istio
![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.1](https://img.shields.io/badge/AppVersion-1.9.1-informational?style=flat-square)
![Version: 0.5.6](https://img.shields.io/badge/Version-0.5.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.3](https://img.shields.io/badge/AppVersion-1.9.3-informational?style=flat-square)
KubeZero Umbrella Chart for Istio
@ -20,8 +20,8 @@ Kubernetes: `>= 1.18.0`
| Repository | Name | Version |
|------------|------|---------|
| | base | 1.9.1 |
| | istio-discovery | 1.9.1 |
| | base | 1.9.3 |
| | istio-discovery | 1.9.3 |
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## Values
@ -34,9 +34,8 @@ Kubernetes: `>= 1.18.0`
| global.priorityClassName | string | `"system-cluster-critical"` | |
| istio-discovery.meshConfig.accessLogEncoding | string | `"JSON"` | |
| istio-discovery.meshConfig.accessLogFile | string | `"/dev/stdout"` | |
| istio-discovery.meshConfig.h2UpgradePolicy | string | `"DO_NOT_UPGRADE"` | |
| istio-discovery.meshConfig.tcpKeepalive.interval | string | `"30s"` | |
| istio-discovery.meshConfig.tcpKeepalive.time | string | `"60s"` | |
| istio-discovery.meshConfig.tcpKeepalive.interval | string | `"60s"` | |
| istio-discovery.meshConfig.tcpKeepalive.time | string | `"120s"` | |
| istio-discovery.pilot.autoscaleEnabled | bool | `false` | |
| istio-discovery.pilot.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
| istio-discovery.pilot.replicaCount | int | `1` | |
@ -51,3 +50,9 @@ Kubernetes: `>= 1.18.0`
- https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec
- https://github.com/istio/istio/blob/master/manifests/profiles/default.yaml
- https://istio.io/latest/docs/setup/install/standalone-operator/
### Grafana
- https://grafana.com/grafana/dashboards/7645
- https://grafana.com/grafana/dashboards/7639
- https://grafana.com/grafana/dashboards/7636
- https://grafana.com/grafana/dashboards/7630

@ -37,3 +37,6 @@ istio-discovery:
meshConfig:
accessLogFile: /dev/stdout
accessLogEncoding: 'JSON'
tcpKeepalive:
interval: 60s
time: 120s

Loading…
Cancel
Save