Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to increase net.code.somaxconn ? #685

Open
yaroslav-nakonechnikov opened this issue Sep 10, 2024 · 3 comments
Open

How to increase net.code.somaxconn ? #685

yaroslav-nakonechnikov opened this issue Sep 10, 2024 · 3 comments
Assignees
Labels
enhancement New feature or request workaround

Comments

@yaroslav-nakonechnikov
Copy link

yaroslav-nakonechnikov commented Sep 10, 2024

hello,
we see this:
image

this looks a bit strange and we would like to understand how it would be possible to increase the limits?

this is splunk container on kubernetes engine.

@vivekr-splunk
Copy link

To increase the number of TCP connections within a container, you may need to adjust several kernel parameters and container resource limits. Here are steps to help you achieve this:

1. Increase somaxconn in the Host Cluster Node

The somaxconn parameter determines the maximum number of connections that can be queued for acceptance. You already have somaxconn set to 4096, but you may want to increase this further on the host:

sudo sysctl -w net.core.somaxconn=65535

You can make this change permanent by adding it to /etc/sysctl.conf:

echo "net.core.somaxconn=65535" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

2. Increase Container-Specific Limits

Depending on the container runtime, the container may inherit the host's somaxconn setting. However, it can also have its own limits:

For Splunk Pod You can set sysctl parameters at the Pod level using the securityContext in your Pod manifest:

apiVersion: v1
kind: Pod
metadata:
  name: splunk
spec:
  securityContext:
    sysctls:
      - name: net.core.somaxconn
        value: "65535"
  containers:
    - name: your-container-name
      image: your-image

Since you can't pass the securityContext directly to the Splunk pod through the Splunk Operator custom resource at the moment, you might consider these alternative approaches:

Alternative Approaches
Apply Settings on the Host: If feasible, you could set the necessary kernel parameters at the host level (if you control the host machines), which the containers inherit. This wouldn't provide per-container granularity but would solve the immediate need to increase connection limits.

we will work on enhancing Custom Resource to take secruitycontext , thank you

@vivekr-splunk vivekr-splunk added enhancement New feature or request workaround labels Sep 17, 2024
@yaroslav-nakonechnikov
Copy link
Author

yaroslav-nakonechnikov commented Sep 18, 2024

so, there is no setting for it, and need to create pre-task playbook to make it work, right?

ps. making setting on host is not applied to pods in kubernetes. it should be allowed explicitly:

@yaroslav-nakonechnikov
Copy link
Author

@akondur

[splunk@splunk-site1-prod-indexer-0 splunk]$ sysctl -a | grep wmem
sysctl: permission denied on key 'kernel.cad_pid'
sysctl: permission denied on key 'kernel.usermodehelper.bset'
sysctl: permission denied on key 'kernel.usermodehelper.inheritable'
sysctl: permission denied on key 'net.ipv4.tcp_fastopen_key'
sysctl: permission denied on key 'net.ipv6.conf.all.stable_secret'
net.ipv4.tcp_wmem = 4096        20480   4194304
net.ipv4.udp_wmem_min = 4096
sysctl: permission denied on key 'net.ipv6.conf.default.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.eth0.stable_secret'
sysctl: permission denied on key 'net.ipv6.conf.lo.stable_secret'
sysctl: permission denied on key 'vm.mmap_rnd_bits'
vm.lowmem_reserve_ratio = 256   256     32      0       0
sysctl: permission denied on key 'vm.mmap_rnd_compat_bits'
sysctl: permission denied on key 'vm.stat_refresh'
[splunk@splunk-site1-prod-indexer-0 splunk]$ sudo sysctl -a | grep wmem

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for splunk:



Sorry, try again.
[sudo] password for splunk:
^Csudo: 2 incorrect password attempts

which password should be used for splunk user?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request workaround
Projects
None yet
Development

No branches or pull requests

3 participants