diff --git a/hack/dockerfile/install/proxy.installer b/hack/dockerfile/install/proxy.installer index d710b9ca328db..76e1cb05da678 100755 --- a/hack/dockerfile/install/proxy.installer +++ b/hack/dockerfile/install/proxy.installer @@ -3,7 +3,7 @@ # LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When # updating the binary version, consider updating github.com/docker/libnetwork # in vendor.conf accordingly -: "${LIBNETWORK_COMMIT:=2dab5620d4462865c6151e573b3e7fa5d3b8458b}" +: "${LIBNETWORK_COMMIT:=f6ccccb1c082a432c2a5814aaedaca56af33d9ea}" install_proxy() { case "$1" in diff --git a/vendor.conf b/vendor.conf index d3416858519b1..54e97e4562d89 100644 --- a/vendor.conf +++ b/vendor.conf @@ -47,7 +47,7 @@ github.com/grpc-ecosystem/go-grpc-middleware 3c51f7f332123e8be5a157c0802a # libnetwork # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly -github.com/docker/libnetwork 2dab5620d4462865c6151e573b3e7fa5d3b8458b +github.com/docker/libnetwork f6ccccb1c082a432c2a5814aaedaca56af33d9ea github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec diff --git a/vendor/github.com/docker/libnetwork/controller.go b/vendor/github.com/docker/libnetwork/controller.go index 5e8594eecb48d..4dd7308ceebd1 100644 --- a/vendor/github.com/docker/libnetwork/controller.go +++ b/vendor/github.com/docker/libnetwork/controller.go @@ -1175,6 +1175,14 @@ func (c *controller) NewSandbox(containerID string, options ...SandboxOption) (S if sb.osSbox != nil { // Apply operating specific knobs on the load balancer sandbox + err := sb.osSbox.InvokeFunc(func() { + sb.osSbox.ApplyOSTweaks(sb.oslTypes) + }) + + if err != nil { + logrus.Errorf("Failed to apply performance tuning sysctls to the sandbox: %v", err) + } + // Keep this just so performance is not changed sb.osSbox.ApplyOSTweaks(sb.oslTypes) } diff --git a/vendor/github.com/docker/libnetwork/osl/namespace_linux.go b/vendor/github.com/docker/libnetwork/osl/namespace_linux.go index 89cf96454b258..2f926b065a019 100644 --- a/vendor/github.com/docker/libnetwork/osl/namespace_linux.go +++ b/vendor/github.com/docker/libnetwork/osl/namespace_linux.go @@ -30,24 +30,13 @@ func init() { } var ( - once sync.Once - garbagePathMap = make(map[string]bool) - gpmLock sync.Mutex - gpmWg sync.WaitGroup - gpmCleanupPeriod = 60 * time.Second - gpmChan = make(chan chan struct{}) - prefix = defaultPrefix - loadBalancerConfig = map[string]*kernel.OSValue{ - // disables any special handling on port reuse of existing IPVS connection table entries - // more info: https://github.com/torvalds/linux/blob/master/Documentation/networking/ipvs-sysctl.txt#L25:1 - "net.ipv4.vs.conn_reuse_mode": {Value: "0", CheckFn: nil}, - // expires connection from the IPVS connection table when the backend is not available - // more info: https://github.com/torvalds/linux/blob/master/Documentation/networking/ipvs-sysctl.txt#L126:1 - "net.ipv4.vs.expire_nodest_conn": {Value: "1", CheckFn: nil}, - // expires persistent connections to destination servers with weights set to 0 - // more info: https://github.com/torvalds/linux/blob/master/Documentation/networking/ipvs-sysctl.txt#L144:1 - "net.ipv4.vs.expire_quiescent_template": {Value: "1", CheckFn: nil}, - } + once sync.Once + garbagePathMap = make(map[string]bool) + gpmLock sync.Mutex + gpmWg sync.WaitGroup + gpmCleanupPeriod = 60 * time.Second + gpmChan = make(chan chan struct{}) + prefix = defaultPrefix ) // The networkNamespace type is the linux implementation of the Sandbox @@ -686,8 +675,18 @@ func setIPv6(path, iface string, enable bool) error { func (n *networkNamespace) ApplyOSTweaks(types []SandboxType) { for _, t := range types { switch t { - case SandboxTypeLoadBalancer: - kernel.ApplyOSTweaks(loadBalancerConfig) + case SandboxTypeLoadBalancer, SandboxTypeIngress: + kernel.ApplyOSTweaks(map[string]*kernel.OSValue{ + // disables any special handling on port reuse of existing IPVS connection table entries + // more info: https://github.com/torvalds/linux/blame/v5.15/Documentation/networking/ipvs-sysctl.rst#L32 + "net.ipv4.vs.conn_reuse_mode": {Value: "0", CheckFn: nil}, + // expires connection from the IPVS connection table when the backend is not available + // more info: https://github.com/torvalds/linux/blame/v5.15/Documentation/networking/ipvs-sysctl.rst#L133 + "net.ipv4.vs.expire_nodest_conn": {Value: "1", CheckFn: nil}, + // expires persistent connections to destination servers with weights set to 0 + // more info: https://github.com/torvalds/linux/blame/v5.15/Documentation/networking/ipvs-sysctl.rst#L151 + "net.ipv4.vs.expire_quiescent_template": {Value: "1", CheckFn: nil}, + }) } } } diff --git a/vendor/github.com/docker/libnetwork/service_linux.go b/vendor/github.com/docker/libnetwork/service_linux.go index 514c65a753324..e79e538f355d0 100644 --- a/vendor/github.com/docker/libnetwork/service_linux.go +++ b/vendor/github.com/docker/libnetwork/service_linux.go @@ -169,6 +169,10 @@ func (n *network) addLBBackend(ip net.IP, lb *loadBalancer) { if err := i.NewDestination(s, d); err != nil && err != syscall.EEXIST { logrus.Errorf("Failed to create real server %s for vip %s fwmark %d in sbox %.7s (%.7s): %v", ip, lb.vip, lb.fwMark, sb.ID(), sb.ContainerID(), err) } + + // Ensure that kernel tweaks are applied in case this is the first time + // we've initialized ip_vs + sb.osSbox.ApplyOSTweaks(sb.oslTypes) } // Remove loadbalancer backend the load balancing endpoint for this