AWS re:Post Knowledge Center Feedback Survey

Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.

How do I increase the nf_conntrack_max quota on my Amazon EKS nodes?

2 minute read

I want to increase the nf_conntrack_max quota on my Amazon Elastic Kubernetes Service (Amazon EKS) nodes.

Resolution

Check the current nf_conntrack_max value

Complete the following steps:

Use SSH or Session Manager, a capability of AWS Systems Manager, to connect to your worker node.

Run the following command to get the current nf_conntrack_max value:

cat /proc/sys/net/netfilter/nf_conntrack_max

Modify the kube-proxy ConfigMap

Complete the following steps:

Run the following command to edit the kube-proxy-config ConfigMap:

kubectl edit configmap kube-proxy-config -n kube-system

Under conntrack, increase the min value:
```
conntrack:
  maxPerCore: 32768
  min: 131072
```
Note: Replace the example values with your values. Calculate the nf_conntrack_max value as max(min, maxPerCore * number_of_CPU_cores). For example, you set min to 131072 and maxPerCore to 32768 on a node with 2 CPU cores. The nf_conntrack_max value becomes 131072 because 131072 is greater than 32768 multiplied by 2.
Save your changes, and then close the editor.

Restart the kube-proxy DaemonSet

After you modify the ConfigMap, run the following command to restart the kube-proxy DaemonSet to apply the changes:

kubectl rollout restart daemonset kube-proxy -n kube-system

Verify that the nf_conntrack_max value updated

Important: When you increase nf_conntrack_max, node memory usage increases. Each connection tracking entry uses approximately 300 bytes of memory. Make sure that you allocate enough memory.

Complete the following steps:

Use SSH or Session Manager to connect to your worker node.

Run the following command to confirm that the nf_conntrack_max value updated:

cat /proc/sys/net/netfilter/nf_conntrack_max

Related information

Update the Kubernetes kube-proxy self-managed add-on

Manage networking add-ons for Amazon EKS clusters

kube-proxy on the Kubernetes website

AWS Systems Manager Session Manager

Topics: Containers
Tags: Amazon Elastic Kubernetes Service
Language: English

AWS OFFICIALUpdated 18 days ago

No comments

Relevant content

EKS cluster maximum node group limit
Ajay Rege
asked 3 years ago
How to massively increase EKS pod limit
AndreKR
asked 4 years ago
Using EKS on AWS Auto Mode - How Can I Monitor Pod and Node Memory Usage Like in CloudWatch?
Alon Shrestha
asked 7 months ago
Unable to increase the number of pods on eks fargate.
rePost-User-8188788
asked 2 years ago
Elastic Kubernetes Service: NodeCreationFailure "Unhealthy nodes in the kubernetes cluster" and warning "InvalidDiskCapacity 0 on image filesystem" when creating Node Group in EKS
Juan Pablo Moreno
asked 7 months ago
How can I resolve disk pressure on my Amazon EKS worker nodes?
AWS OFFICIALUpdated 6 months ago
How can I troubleshoot managed node group update issues for Amazon EKS?
AWS OFFICIALUpdated 3 years ago
How do I get my worker nodes to join my Amazon EKS cluster?
AWS OFFICIALUpdated 22 days ago
How do I troubleshoot eksctl issues with Amazon EKS clusters and node groups?
AWS OFFICIALUpdated 3 years ago
How to Resolve NVML Library Loading Errors When Installing NVIDIA Device Plugin on Amazon EKS
SUPPORT ENGINEER
Boyoung_K
published 2 months ago