Support ipvs mode for kube-proxy
Support ipvs mode for kube-proxy
This commit is contained in:
parent
f4180503c8
commit
b10c308a5a
5 changed files with 32 additions and 0 deletions
|
@ -109,6 +109,10 @@ kube_apiserver_insecure_port: 8080 # (http)
|
||||||
# Set to 0 to disable insecure port - Requires RBAC in authorization_modes and kube_api_anonymous_auth: true
|
# Set to 0 to disable insecure port - Requires RBAC in authorization_modes and kube_api_anonymous_auth: true
|
||||||
#kube_apiserver_insecure_port: 0 # (disabled)
|
#kube_apiserver_insecure_port: 0 # (disabled)
|
||||||
|
|
||||||
|
# Kube-proxy proxyMode configuration.
|
||||||
|
# Can be ipvs, iptables
|
||||||
|
kube_proxy_mode: iptables
|
||||||
|
|
||||||
# DNS configuration.
|
# DNS configuration.
|
||||||
# Kubernetes cluster name, also will be used as DNS domain
|
# Kubernetes cluster name, also will be used as DNS domain
|
||||||
cluster_name: cluster.local
|
cluster_name: cluster.local
|
||||||
|
|
|
@ -19,6 +19,12 @@ kubernetesVersion: {{ kube_version }}
|
||||||
{% if cloud_provider is defined and cloud_provider != "gce" %}
|
{% if cloud_provider is defined and cloud_provider != "gce" %}
|
||||||
cloudProvider: {{ cloud_provider }}
|
cloudProvider: {{ cloud_provider }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if kube_proxy_mode == 'ipvs' %}
|
||||||
|
kubeProxy:
|
||||||
|
config:
|
||||||
|
featureGates: SupportIPVSProxyMode=true
|
||||||
|
mode: ipvs
|
||||||
|
{% endif %}
|
||||||
authorizationModes:
|
authorizationModes:
|
||||||
{% for mode in authorization_modes %}
|
{% for mode in authorization_modes %}
|
||||||
- {{ mode }}
|
- {{ mode }}
|
||||||
|
|
|
@ -14,6 +14,7 @@ kubelet_bind_address: "{{ ip | default('0.0.0.0') }}"
|
||||||
# resolv.conf to base dns config
|
# resolv.conf to base dns config
|
||||||
kube_resolv_conf: "/etc/resolv.conf"
|
kube_resolv_conf: "/etc/resolv.conf"
|
||||||
|
|
||||||
|
# Can be ipvs, iptables
|
||||||
kube_proxy_mode: iptables
|
kube_proxy_mode: iptables
|
||||||
|
|
||||||
# If using the pure iptables proxy, SNAT everything. Note that it breaks any
|
# If using the pure iptables proxy, SNAT everything. Note that it breaks any
|
||||||
|
|
|
@ -104,6 +104,20 @@
|
||||||
- net.bridge.bridge-nf-call-arptables
|
- net.bridge.bridge-nf-call-arptables
|
||||||
- net.bridge.bridge-nf-call-ip6tables
|
- net.bridge.bridge-nf-call-ip6tables
|
||||||
|
|
||||||
|
- name: Modprode Kernel Module for IPVS
|
||||||
|
modprobe:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
when: kube_proxy_mode == 'ipvs'
|
||||||
|
with_items:
|
||||||
|
- ip_vs
|
||||||
|
- ip_vs_rr
|
||||||
|
- ip_vs_wrr
|
||||||
|
- ip_vs_sh
|
||||||
|
- nf_conntrack_ipv4
|
||||||
|
tags:
|
||||||
|
- kube-proxy
|
||||||
|
|
||||||
- name: Write proxy manifest
|
- name: Write proxy manifest
|
||||||
template:
|
template:
|
||||||
src: manifests/kube-proxy.manifest.j2
|
src: manifests/kube-proxy.manifest.j2
|
||||||
|
|
|
@ -33,6 +33,13 @@ spec:
|
||||||
- --proxy-mode={{ kube_proxy_mode }}
|
- --proxy-mode={{ kube_proxy_mode }}
|
||||||
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
|
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
|
||||||
- --masquerade-all
|
- --masquerade-all
|
||||||
|
{% elif kube_proxy_mode == 'ipvs' %}
|
||||||
|
- --masquerade-all
|
||||||
|
- --feature-gates=SupportIPVSProxyMode=true
|
||||||
|
- --proxy-mode=ipvs
|
||||||
|
- --ipvs-min-sync-period=5s
|
||||||
|
- --ipvs-sync-period=5s
|
||||||
|
- --ipvs-scheduler=rr
|
||||||
{% endif %}
|
{% endif %}
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
|
|
Loading…
Reference in a new issue