Set conntrack system settings at startup

cmd/hepto/defaults.go

@@ -2,6 +2,7 @@ package hepto
 
 import (
 	"net/netip"
+	"runtime"
 
 	"k8s.io/component-helpers/node/util/sysctl"
 )
@@ -57,14 +58,17 @@ var requiredDevices = []string{
 }
 
 // General sysctl configs
-// Copied from https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/cm/container_manager_linux.go
 var systemSettings = map[string]int{
+	// Copied from https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/cm/container_manager_linux.go
 	sysctl.VMOvercommitMemory: sysctl.VMOvercommitMemoryAlways,
 	sysctl.VMPanicOnOOM:       sysctl.VMPanicOnOOMInvokeOOMKiller,
 	sysctl.KernelPanic:        sysctl.KernelPanicRebootTimeout,
 	sysctl.KernelPanicOnOops:  sysctl.KernelPanicOnOopsAlways,
 	sysctl.RootMaxKeys:        sysctl.RootMaxKeysSetting,
 	sysctl.RootMaxBytes:       sysctl.RootMaxBytesSetting,
+	// Useful for any CNI to handle connections (required by kube-proxy)
+	// See: https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-proxy/app/server_others.go#L426
+	"net/netfilter/nf_conntrack_max": 32 * 1024 * runtime.NumCPU(),
 }
 
 // Desired system modules