who limit node sysctl nf_conntrack_max?
kube-proxy
bash
# kubectl get po -A -o wide | grep proxy
cdi cdi-uploadproxy-54ddb5cdd6-kbm2m 1/1 Running 0 45h 10.222.3.227 csy-wx-pm-os01-eis-node03 <none> <none>
kube-system kube-proxy-fzzhf 1/1 Running 0 16h 10.251.137.33 csy-wx-pm-os01-eis-node04 <none> <none>
kube-system kube-proxy-ghkkd 1/1 Running 0 8d 10.251.137.30 csy-wx-pm-os01-eis-node01 <none> <none>
kube-system kube-proxy-kxlxc 1/1 Running 0 7d20h 10.251.137.31 csy-wx-pm-os01-eis-node02 <none> <none>
kube-system kube-proxy-nsj5v 1/1 Running 0 7d22h 10.251.137.32 csy-wx-pm-os01-eis-node03 <none> <none>
kube-system nginx-proxy-csy-wx-pm-os01-eis-node04 1/1 Running 9 101d 10.251.137.33 csy-wx-pm-os01-eis-node04 <none> <none>
# kubectl logs -f -n kube-system kube-proxy-fzzhf | grep connt
I0807 13:27:04.189806 1 conntrack.go:52] Setting nf_conntrack_max to 2621440
^C
# kubectl logs -f -n kube-system kube-proxy-ghkkd | grep connt
I0730 07:17:41.675168 1 conntrack.go:100] Set sysctl 'net/netfilter/nf_conntrack_max' to 2621440
I0730 07:17:41.675192 1 conntrack.go:52] Setting nf_conntrack_max to 2621440
^C
# kubectl logs -f -n kube-system kube-proxy-kxlxc | grep connt
I0731 08:51:02.708199 1 conntrack.go:52] Setting nf_conntrack_max to 2621440
^C
# kubectl logs -f -n kube-system kube-proxy-nsj5v | grep connt
I0731 06:58:03.350005 1 conntrack.go:52] Setting nf_conntrack_max to 2621440
^Cif you have nf_conntrack_max in sysctl.conf, please make sure it is bigger than kube-proxy calculated
nf_conntrack_max = cpu_num * 32768