kube-proxy iptables min-sync-period default 1sec

Currently kube-proxy defaults the min-sync-period for iptables to 0. However, as explained by Dan Winship, "With minSyncPeriod: 0, you run iptables-restore 100 times. With minSyncPeriod: 1s , you run iptables-restore once. With minSyncPeriod: 10s , you also run iptables-restore once, but you might have to wait 10 seconds first"
2025-07-30 15:05:27 +00:00 · 2020-07-06 19:48:28 +02:00 · 2020-07-06 19:48:28 +02:00 · f8e64d31f9
commit f8e64d31f9
parent 9fb34edded
3 changed files with 5 additions and 2 deletions
--- a/pkg/proxy/apis/config/scheme/testdata/KubeProxyConfiguration/after/v1alpha1.yaml
+++ b/pkg/proxy/apis/config/scheme/testdata/KubeProxyConfiguration/after/v1alpha1.yaml
@ -21,7 +21,7 @@ hostnameOverride: ""
 iptables:
  masqueradeAll: false
  masqueradeBit: 14
-  minSyncPeriod: 0s
+  minSyncPeriod: 1s
  syncPeriod: 30s
 ipvs:
  excludeCIDRs: null
--- a/pkg/proxy/apis/config/scheme/testdata/KubeProxyConfiguration/roundtrip/default/v1alpha1.yaml
+++ b/pkg/proxy/apis/config/scheme/testdata/KubeProxyConfiguration/roundtrip/default/v1alpha1.yaml
@ -21,7 +21,7 @@ hostnameOverride: ""
 iptables:
  masqueradeAll: false
  masqueradeBit: 14
-  minSyncPeriod: 0s
+  minSyncPeriod: 1s
  syncPeriod: 30s
 ipvs:
  excludeCIDRs: null
--- a/pkg/proxy/apis/config/v1alpha1/defaults.go
+++ b/pkg/proxy/apis/config/v1alpha1/defaults.go
@ -61,6 +61,9 @@ func SetDefaults_KubeProxyConfiguration(obj *kubeproxyconfigv1alpha1.KubeProxyCo
 	if obj.IPTables.SyncPeriod.Duration == 0 {
 		obj.IPTables.SyncPeriod = metav1.Duration{Duration: 30 * time.Second}
 	}
+	if obj.IPTables.MinSyncPeriod.Duration == 0 {
+		obj.IPTables.MinSyncPeriod = metav1.Duration{Duration: 1 * time.Second}
+	}
 	if obj.IPVS.SyncPeriod.Duration == 0 {
 		obj.IPVS.SyncPeriod = metav1.Duration{Duration: 30 * time.Second}
 	}