From 0acb0b8026a13d60fd061541d67ea1aaca17a00f Mon Sep 17 00:00:00 2001 From: younsl Date: Sat, 13 Jul 2024 19:36:12 +0900 Subject: [PATCH] docs: Fix typo for conntrack-cache-table-size args name --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bd56c2f..17a1de4 100644 --- a/README.md +++ b/README.md @@ -90,7 +90,7 @@ Default: 300 Network Policy agent maintains a local conntrack cache. This configuration (in seconds) will determine how fast the local conntrack cache should be cleaned up from stale/expired entries. Based on the time interval set, network policy agent checks every entry in the local conntrack cache with kernel conntrack table and determine if the entry has to be deleted. -#### `conntrack-table-cache-size` (from v1.1.3+) +#### `conntrack-cache-table-size` (from v1.1.3+) Type: Integer @@ -98,6 +98,12 @@ Default: 1024 * 256 Network Policy agent maintains a local conntrack cache. Ideally this should be of the same size as kernel conntrack table. Note, this should be configured on new nodes before enabling network policy or if network policy is already enabled the change in configuration would need a reload of the nodes. Dynamic update of conntrack map size would lead to traffic disruption and isn't supported. The value supported is between 32K and 1024K. +**Note**: To check the maximum conntrack table size in your linux worker node, use the following command: + +```console +$ cat /proc/sys/net/netfilter/nf_conntrack_max +262144 +``` ## Network Policy Agent CLI The Amazon VPC CNI plugin for Kubernetes installs eBPF SDK collection of tools on the nodes. You can use the eBPF SDK tools to identify issues with network policies. For example, the following command lists the programs that are running on the node.