Browse Source
Merge pull request #2201 from riverzhang/ipvs
Support ipvs mode for kube-proxy
pull/2235/merge
Chad Swenson
6 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with
32 additions and
0 deletions
-
inventory/group_vars/k8s-cluster.yml
-
roles/kubernetes/master/templates/kubeadm-config.yaml.j2
-
roles/kubernetes/node/defaults/main.yml
-
roles/kubernetes/node/tasks/main.yml
-
roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
|
@ -106,6 +106,10 @@ kube_apiserver_insecure_port: 8080 # (http) |
|
|
# Set to 0 to disable insecure port - Requires RBAC in authorization_modes and kube_api_anonymous_auth: true |
|
|
# Set to 0 to disable insecure port - Requires RBAC in authorization_modes and kube_api_anonymous_auth: true |
|
|
#kube_apiserver_insecure_port: 0 # (disabled) |
|
|
#kube_apiserver_insecure_port: 0 # (disabled) |
|
|
|
|
|
|
|
|
|
|
|
# Kube-proxy proxyMode configuration. |
|
|
|
|
|
# Can be ipvs, iptables |
|
|
|
|
|
kube_proxy_mode: iptables |
|
|
|
|
|
|
|
|
# DNS configuration. |
|
|
# DNS configuration. |
|
|
# Kubernetes cluster name, also will be used as DNS domain |
|
|
# Kubernetes cluster name, also will be used as DNS domain |
|
|
cluster_name: cluster.local |
|
|
cluster_name: cluster.local |
|
|
|
@ -19,6 +19,12 @@ kubernetesVersion: {{ kube_version }} |
|
|
{% if cloud_provider is defined and cloud_provider != "gce" %} |
|
|
{% if cloud_provider is defined and cloud_provider != "gce" %} |
|
|
cloudProvider: {{ cloud_provider }} |
|
|
cloudProvider: {{ cloud_provider }} |
|
|
{% endif %} |
|
|
{% endif %} |
|
|
|
|
|
{% if kube_proxy_mode == 'ipvs' %} |
|
|
|
|
|
kubeProxy: |
|
|
|
|
|
config: |
|
|
|
|
|
featureGates: SupportIPVSProxyMode=true |
|
|
|
|
|
mode: ipvs |
|
|
|
|
|
{% endif %} |
|
|
authorizationModes: |
|
|
authorizationModes: |
|
|
{% for mode in authorization_modes %} |
|
|
{% for mode in authorization_modes %} |
|
|
- {{ mode }} |
|
|
- {{ mode }} |
|
|
|
@ -14,6 +14,7 @@ kubelet_bind_address: "{{ ip | default('0.0.0.0') }}" |
|
|
# resolv.conf to base dns config |
|
|
# resolv.conf to base dns config |
|
|
kube_resolv_conf: "/etc/resolv.conf" |
|
|
kube_resolv_conf: "/etc/resolv.conf" |
|
|
|
|
|
|
|
|
|
|
|
# Can be ipvs, iptables |
|
|
kube_proxy_mode: iptables |
|
|
kube_proxy_mode: iptables |
|
|
|
|
|
|
|
|
# If using the pure iptables proxy, SNAT everything. Note that it breaks any |
|
|
# If using the pure iptables proxy, SNAT everything. Note that it breaks any |
|
|
|
@ -104,6 +104,20 @@ |
|
|
- net.bridge.bridge-nf-call-arptables |
|
|
- net.bridge.bridge-nf-call-arptables |
|
|
- net.bridge.bridge-nf-call-ip6tables |
|
|
- net.bridge.bridge-nf-call-ip6tables |
|
|
|
|
|
|
|
|
|
|
|
- name: Modprode Kernel Module for IPVS |
|
|
|
|
|
modprobe: |
|
|
|
|
|
name: "{{ item }}" |
|
|
|
|
|
state: present |
|
|
|
|
|
when: kube_proxy_mode == 'ipvs' |
|
|
|
|
|
with_items: |
|
|
|
|
|
- ip_vs |
|
|
|
|
|
- ip_vs_rr |
|
|
|
|
|
- ip_vs_wrr |
|
|
|
|
|
- ip_vs_sh |
|
|
|
|
|
- nf_conntrack_ipv4 |
|
|
|
|
|
tags: |
|
|
|
|
|
- kube-proxy |
|
|
|
|
|
|
|
|
- name: Write proxy manifest |
|
|
- name: Write proxy manifest |
|
|
template: |
|
|
template: |
|
|
src: manifests/kube-proxy.manifest.j2 |
|
|
src: manifests/kube-proxy.manifest.j2 |
|
|
|
@ -33,6 +33,13 @@ spec: |
|
|
- --proxy-mode={{ kube_proxy_mode }} |
|
|
- --proxy-mode={{ kube_proxy_mode }} |
|
|
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %} |
|
|
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %} |
|
|
- --masquerade-all |
|
|
- --masquerade-all |
|
|
|
|
|
{% elif kube_proxy_mode == 'ipvs' %} |
|
|
|
|
|
- --masquerade-all |
|
|
|
|
|
- --feature-gates=SupportIPVSProxyMode=true |
|
|
|
|
|
- --proxy-mode=ipvs |
|
|
|
|
|
- --ipvs-min-sync-period=5s |
|
|
|
|
|
- --ipvs-sync-period=5s |
|
|
|
|
|
- --ipvs-scheduler=rr |
|
|
{% endif %} |
|
|
{% endif %} |
|
|
securityContext: |
|
|
securityContext: |
|
|
privileged: true |
|
|
privileged: true |
|
|