[nginx-ingress-controller] improve nginx performance

[aledbf]

Changing container /proc values with a privileged sidecar.
NGINX reads net.core.somaxconn to increase the size of backlog queue of pending connections

[aledbf]

@bprashanth ping

[bprashanth]

just make this a while true loop and you get free reconciliation?

[bprashanth]

eg:

command:
- /bin/sh
- -c
- |
  while true; do sysctl && sysctl; sleep 10; done

[aledbf]

done

[bprashanth]

you can actually split this into lines now that you have the "|", for readability.

while true; do 
  sysctl stuff
done

Also aren't there a couple of other nice tcp level tunables? maybe we should consider a custom entrypoint script that people can extend?

[bprashanth]

It would also be good to note down what are per ns sysctls vs shared between host and ns. I don't think any of the tcp tunables are per netns actually. I do think the ones in /sys/net/core are per net ns.

[aledbf]

done

[bprashanth]

what about backlog queue size? is that not per ns?

[aledbf]

what about backlog queue size? is that not per ns?

No

/ # sysctl -A | grep "net.core.netdev_max_backlog"
sysctl: error reading key 'net.ipv6.conf.all.stable_secret': I/O error
sysctl: error reading key 'net.ipv6.conf.default.stable_secret': I/O error
sysctl: error reading key 'net.ipv6.conf.eth0.stable_secret': I/O error
sysctl: error reading key 'net.ipv6.conf.lo.stable_secret': I/O error
/ #

[bprashanth]

LGTM

[bprashanth]

actually this is not true right? dont think fin timeout is per ns? or is it