$ oc edit network.operator.openshift.io cluster
The Kubernetes network proxy (kube-proxy) runs on each node and is managed by the Cluster Network Operator (CNO). kube-proxy maintains network rules for forwarding connections for endpoints associated with services.
The synchronization period determines how frequently the Kubernetes network proxy (kube-proxy) syncs the iptables rules on a node.
A sync begins when either of the following events occurs:
An event occurs, such as service or endpoint is added to or removed from the cluster.
The time since the last sync exceeds the sync period defined for kube-proxy.
You can modify the following kubeProxyConfig
parameters.
Because of performance improvements introduced in OpenShift Container Platform 4.3 and greater, adjusting the iptablesSyncPeriod parameter is no longer necessary.
|
Parameter | Description | Values | Default |
---|---|---|---|
|
The refresh period for |
A time interval, such as |
|
|
The minimum duration before refreshing |
A time interval, such as |
|
You can modify the Kubernetes network proxy configuration for your cluster.
Install the OpenShift CLI (oc
).
Log in to a running cluster with the cluster-admin
role.
Edit the Network.operator.openshift.io
Custom Resource (CR) by running the
following command:
$ oc edit network.operator.openshift.io cluster
Modify the kubeProxyConfig
parameter in the CR with your changes to the
kube-proxy configuration, such as in the following example CR:
apiVersion: operator.openshift.io/v1
kind: Network
metadata:
name: cluster
spec:
kubeProxyConfig:
iptablesSyncPeriod: 30s
proxyArguments:
iptables-min-sync-period: ["30s"]
Save the file and exit the text editor.
The syntax is validated by the oc
command when you save the file and exit the
editor. If your modifications contain a syntax error, the editor opens the file
and displays an error message.
Enter the following command to confirm the configuration update:
$ oc get networks.operator.openshift.io -o yaml
apiVersion: v1
items:
- apiVersion: operator.openshift.io/v1
kind: Network
metadata:
name: cluster
spec:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
defaultNetwork:
type: OpenShiftSDN
kubeProxyConfig:
iptablesSyncPeriod: 30s
proxyArguments:
iptables-min-sync-period:
- 30s
serviceNetwork:
- 172.30.0.0/16
status: {}
kind: List
Optional: Enter the following command to confirm that the Cluster Network Operator accepted the configuration change:
$ oc get clusteroperator network
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE
network 4.1.0-0.9 True False False 1m
The AVAILABLE
field is True
when the configuration update is applied
successfully.