Support ipvs mode for kube-proxy

Support ipvs mode for kube-proxy
This commit is contained in:
rong.zhang 2018-01-29 13:15:32 +08:00
parent f4180503c8
commit b10c308a5a
5 changed files with 32 additions and 0 deletions

View file

@ -109,6 +109,10 @@ kube_apiserver_insecure_port: 8080 # (http)
# Set to 0 to disable insecure port - Requires RBAC in authorization_modes and kube_api_anonymous_auth: true # Set to 0 to disable insecure port - Requires RBAC in authorization_modes and kube_api_anonymous_auth: true
#kube_apiserver_insecure_port: 0 # (disabled) #kube_apiserver_insecure_port: 0 # (disabled)
# Kube-proxy proxyMode configuration.
# Can be ipvs, iptables
kube_proxy_mode: iptables
# DNS configuration. # DNS configuration.
# Kubernetes cluster name, also will be used as DNS domain # Kubernetes cluster name, also will be used as DNS domain
cluster_name: cluster.local cluster_name: cluster.local

View file

@ -19,6 +19,12 @@ kubernetesVersion: {{ kube_version }}
{% if cloud_provider is defined and cloud_provider != "gce" %} {% if cloud_provider is defined and cloud_provider != "gce" %}
cloudProvider: {{ cloud_provider }} cloudProvider: {{ cloud_provider }}
{% endif %} {% endif %}
{% if kube_proxy_mode == 'ipvs' %}
kubeProxy:
config:
featureGates: SupportIPVSProxyMode=true
mode: ipvs
{% endif %}
authorizationModes: authorizationModes:
{% for mode in authorization_modes %} {% for mode in authorization_modes %}
- {{ mode }} - {{ mode }}

View file

@ -14,6 +14,7 @@ kubelet_bind_address: "{{ ip | default('0.0.0.0') }}"
# resolv.conf to base dns config # resolv.conf to base dns config
kube_resolv_conf: "/etc/resolv.conf" kube_resolv_conf: "/etc/resolv.conf"
# Can be ipvs, iptables
kube_proxy_mode: iptables kube_proxy_mode: iptables
# If using the pure iptables proxy, SNAT everything. Note that it breaks any # If using the pure iptables proxy, SNAT everything. Note that it breaks any

View file

@ -104,6 +104,20 @@
- net.bridge.bridge-nf-call-arptables - net.bridge.bridge-nf-call-arptables
- net.bridge.bridge-nf-call-ip6tables - net.bridge.bridge-nf-call-ip6tables
- name: Modprode Kernel Module for IPVS
modprobe:
name: "{{ item }}"
state: present
when: kube_proxy_mode == 'ipvs'
with_items:
- ip_vs
- ip_vs_rr
- ip_vs_wrr
- ip_vs_sh
- nf_conntrack_ipv4
tags:
- kube-proxy
- name: Write proxy manifest - name: Write proxy manifest
template: template:
src: manifests/kube-proxy.manifest.j2 src: manifests/kube-proxy.manifest.j2

View file

@ -33,6 +33,13 @@ spec:
- --proxy-mode={{ kube_proxy_mode }} - --proxy-mode={{ kube_proxy_mode }}
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %} {% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
- --masquerade-all - --masquerade-all
{% elif kube_proxy_mode == 'ipvs' %}
- --masquerade-all
- --feature-gates=SupportIPVSProxyMode=true
- --proxy-mode=ipvs
- --ipvs-min-sync-period=5s
- --ipvs-sync-period=5s
- --ipvs-scheduler=rr
{% endif %} {% endif %}
securityContext: securityContext:
privileged: true privileged: true