From 359ad38d11d6eee459a5cb578d41c269d3be480b Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Mon, 14 Feb 2022 17:32:24 +0100 Subject: [PATCH] kubelet apiserver: be gentle closing connections on heartbeat failures --- cmd/kubelet/app/server.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index 43dfd8d4f45..cd5ee46fbb6 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -914,6 +914,17 @@ func buildKubeletClientConfig(ctx context.Context, s *options.KubeletServer, nod if err != nil { return nil, nil, err } + // Kubelet needs to be able to recover from stale http connections. + // HTTP2 has a mechanism to detect broken connections by sending periodical pings. + // HTTP1 only can have one persistent connection, and it will close all Idle connections + // once the Kubelet heartbeat fails. However, since there are many edge cases that we can't + // control, users can still opt-in to the previous behavior for closing the connections by + // setting the environment variable DISABLE_HTTP2. + if s := os.Getenv("DISABLE_HTTP2"); len(s) > 0 { + klog.InfoS("HTTP2 has been explicitly disabled, Kubelet will forcefully close active connections on heartbeat failures") + } else { + closeAllConns = func() { utilnet.CloseIdleConnectionsFor(transportConfig.Transport) } + } klog.V(2).InfoS("Starting client certificate rotation") clientCertificateManager.Start()