Make calico iptables lock timeout configurable (kubernetes-sigs#5658)

Adds `calico_iptables_lock_timeout_secs` variable to calico DS yaml.
champtar · Feb 19, 2020 · a15a0b5 · a15a0b5
1 parent 646fd5f
commit a15a0b5
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 5 deletions.
diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
@@ -51,6 +51,9 @@ calico_node_ignorelooserpf: false
 # Define address on which Felix will respond to health requests
 calico_healthhost: "localhost"
 
+# Configure time in seconds that calico will wait for the iptables lock
+calico_iptables_lock_timeout_secs: 10
+
 # Choose Calico iptables backend: "Iptables" or "NFT" (FELIX_IPTABLESBACKEND)
 calico_iptables_backend: "Iptables"
 

diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -209,12 +209,8 @@ spec:
             - name: FELIX_IPTABLESBACKEND
               value: "{{ calico_iptables_backend }}"
 {% endif %}
-            # Prior to v3.2.1 iptables didn't acquire the lock, so Calico's own implementation of the lock should be used,
-            # this is not required in later versions https://github.com/projectcalico/calico/issues/2179
-{% if calico_version is version('v3.2.1', '<') %}
             - name: FELIX_IPTABLESLOCKTIMEOUTSECS
-              value: "10"
-{% endif %}
+              value: "{{ calico_iptables_lock_timeout_secs }}"
 # should be set in etcd before deployment
 #            # Configure the IP Pool from which Pod IPs will be chosen.
 #            - name: CALICO_IPV4POOL_CIDR