Merge pull request #47922 from dnardo/ip-masq-agent

Automatic merge from submit-queue Remove limits from ip-masq-agent for now and disable ip-masq-agent in GCE ip-masq-agent when issuing an iptables-save will read any configured iptables on the node. This means that the ip-masq-agent's memory requirements would grow with the number of iptables (i.e. services) on the node. **What this PR does / why we need it**: **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # #47865 **Special notes for your reviewer**: **Release note**: ```release-note ```
2025-07-28 22:17:14 +00:00 · 2017-06-22 20:41:26 -07:00 · 2017-06-22 20:41:26 -07:00 · 9e71b122f5
commit 9e71b122f5
parent e4af9dccb0 630fb9657a
3 changed files with 0 additions and 17 deletions
--- a/cluster/addons/ip-masq-agent/ip-masq-agent.yaml
+++ b/cluster/addons/ip-masq-agent/ip-masq-agent.yaml
@ -19,9 +19,6 @@ spec:
      - name: ip-masq-agent
        image: gcr.io/google-containers/ip-masq-agent-amd64:v2.0.2
        resources:
          limits:
            cpu: 100m
            memory: 16Mi
          requests:
            cpu: 10m
            memory: 16Mi
--- a/cluster/gce/config-default.sh
+++ b/cluster/gce/config-default.sh
@ -125,10 +125,6 @@ ENABLE_CLUSTER_MONITORING="${KUBE_ENABLE_CLUSTER_MONITORING:-influxdb}"
 # TODO(piosz): remove this in 1.8
 NODE_LABELS="${KUBE_NODE_LABELS:-beta.kubernetes.io/fluentd-ds-ready=true}"
 # To avoid running the DaemonSet on older version make sure the ip-masq-agent
 # only runs when the readiness label is set.
 NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/masq-agent-ds-ready=true"
 # To avoid running Calico on a node that is not configured appropriately, 
 # label each Node so that the DaemonSet can run the Pods only on ready Nodes.
 if [[ ${NETWORK_POLICY_PROVIDER:-} == "calico" ]]; then
@ -246,9 +242,6 @@ OPENCONTRAIL_PUBLIC_SUBNET="${OPENCONTRAIL_PUBLIC_SUBNET:-10.1.0.0/16}"
 # Network Policy plugin specific settings.
 NETWORK_POLICY_PROVIDER="${NETWORK_POLICY_PROVIDER:-none}" # calico
 # Should the kubelet configure egress masquerade (old way) or let a daemonset do it?
 NON_MASQUERADE_CIDR="0.0.0.0/0"
 # How should the kubelet configure hairpin mode?
 HAIRPIN_MODE="${HAIRPIN_MODE:-promiscuous-bridge}" # promiscuous-bridge, hairpin-veth, none
 # Optional: if set to true, kube-up will configure the cluster to run e2e tests.
--- a/cluster/gce/config-test.sh
+++ b/cluster/gce/config-test.sh
@ -168,10 +168,6 @@ KUBEPROXY_TEST_ARGS="${KUBEPROXY_TEST_ARGS:-} ${TEST_CLUSTER_API_CONTENT_TYPE}"
 # TODO(piosz): remove this in 1.8
 NODE_LABELS="${KUBE_NODE_LABELS:-beta.kubernetes.io/fluentd-ds-ready=true}"
 # To avoid running the DaemonSet on older version make sure the ip-masq-agent
 # only runs when the readiness label is set.
 NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/masq-agent-ds-ready=true"
 # To avoid running Calico on a node that is not configured appropriately, 
 # label each Node so that the DaemonSet can run the Pods only on ready Nodes.
 if [[ ${NETWORK_POLICY_PROVIDER:-} == "calico" ]]; then
@ -286,9 +282,6 @@ OPENCONTRAIL_PUBLIC_SUBNET="${OPENCONTRAIL_PUBLIC_SUBNET:-10.1.0.0/16}"
 # Network Policy plugin specific settings.
 NETWORK_POLICY_PROVIDER="${NETWORK_POLICY_PROVIDER:-none}" # calico
 # Should the kubelet configure egress masquerade (old way) or let a daemonset do it?
 NON_MASQUERADE_CIDR="0.0.0.0/0"
 # How should the kubelet configure hairpin mode?
 HAIRPIN_MODE="${HAIRPIN_MODE:-promiscuous-bridge}" # promiscuous-bridge, hairpin-veth, none