alihan/fn-serverless
1
0
Fork 0
mirror of https://github.com/fnproject/fn.git synced 2022-10-28 21:29:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix for MTU problems in some k8s environments (#685)

Browse Source 
* NOTE: the fnproject/dind release will need recutting and the
  top-level Dockerfile updated to refer to it for this to be
  complete.

In many k8s environments the host docker uses an overlay network
which'll take bytes away from the effective MTU of outer
containers; eg, vxlan needs 50 bytes, often leaving a 1450 MTU
on the container running dind and fn-api.

In such an arrangement, packets exceeding the smaller MTU may be
invisibly dropped as they travel across the dind's docker0
bridge. This mostly surfaces as a failure of functions to be able
to reliably talk to external services. (Note, the failure may be
intermittent depending on the profile of the resulting TCP
communication.)

A robust fix for this is to intercept the startup of the dind
dockerd and ensure that /etc/docker/daemon.json (currently
absent) contains the following setting:

{
  "mtu": 1450
}

(or whatever the MTU on the external interface may be). This
should be autosized so the container works in a variety of
deployments.

The problem does not arise when using an embedded
/var/run/docker.sock - or when running with dind on a host that
can supply 1500-byte MTUs to containers on the 'host' docker.
This commit is contained in:
jan grant
2018-01-15 16:35:32 +00:00
committed by Travis Reeder
parent 7626725d0e
commit 1eb35abc63
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
images/dind/README.md
View File

@@ -5,6 +5,10 @@ This is the base image for all docker-in-docker images.
The difference between this and the official `docker` images are that this will choose the best The difference between this and the official `docker` images are that this will choose the best
filesystem automatically. The official ones use `vfs` (bad) by default unless you pass in a flag. filesystem automatically. The official ones use `vfs` (bad) by default unless you pass in a flag.
It will also attempt to mirror the default external interface's MTU to the dind network; this
addresses a problem with running dind-based images on a kubernetes cluster with an overlay
network that takes a chunk out of pods' MTUs.
## Usage ## Usage
Just use this as your base image and use CMD for your program, **NOT ENTRYPOINT**. This will handle the rest. Just use this as your base image and use CMD for your program, **NOT ENTRYPOINT**. This will handle the rest.

9
images/dind/preentry.sh
View File

@@ -6,6 +6,15 @@ if [ $fsdriver == "overlay" ]; then
fsdriver="overlay2" fsdriver="overlay2"
fi fi
mkdir -p /etc/docker
/bin/cat > /etc/docker/daemon.json <<EOF
{
"mtu": $(ip link show dev $(ip route |
awk '$1 == "default" { print $NF }') |
awk '{for (i = 1; i <= NF; i++) if ($i == "mtu") print $(i+1)}')
}
EOF
dockerd-entrypoint.sh --storage-driver=$fsdriver & dockerd-entrypoint.sh --storage-driver=$fsdriver &
# give docker a few seconds # give docker a few seconds