kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod (#9223)

* fix-kube-vip-strict-arp

* fix-kube-vip-strict-arp
This commit is contained in:
Kay Yan 2022-08-30 15:21:02 +08:00 committed by GitHub
parent de762400ad
commit b46ddf35fc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 17 additions and 2 deletions

View file

@ -2,6 +2,14 @@
kube-vip provides Kubernetes clusters with a virtual IP and load balancer for both the control plane (for building a highly-available cluster) and Kubernetes Services of type LoadBalancer without relying on any external hardware or software. kube-vip provides Kubernetes clusters with a virtual IP and load balancer for both the control plane (for building a highly-available cluster) and Kubernetes Services of type LoadBalancer without relying on any external hardware or software.
## Prerequisites
You have to configure `kube_proxy_strict_arp` when the kube_proxy_mode is `ipvs` and kube-vip ARP is enabled.
```yaml
kube_proxy_strict_arp: true
```
## Install ## Install
You have to explicitly enable the kube-vip extension: You have to explicitly enable the kube-vip extension:

View file

@ -125,7 +125,7 @@ kube_apiserver_port: 6443 # (https)
kube_proxy_mode: ipvs kube_proxy_mode: ipvs
# configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface # configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface
# must be set to true for MetalLB to work # must be set to true for MetalLB, kube-vip(ARP enabled) to work
kube_proxy_strict_arp: false kube_proxy_strict_arp: false
# A string slice of values which specify the addresses to use for NodePorts. # A string slice of values which specify the addresses to use for NodePorts.

View file

@ -77,7 +77,7 @@ kube_proxy_exclude_cidrs: []
kube_proxy_scheduler: rr kube_proxy_scheduler: rr
# configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface # configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface
# must be set to true for MetalLB to work # must be set to true for MetalLB, kube-vip(ARP enabled) to work
kube_proxy_strict_arp: false kube_proxy_strict_arp: false
# kube_proxy_tcp_timeout is the timeout value used for idle IPVS TCP sessions. # kube_proxy_tcp_timeout is the timeout value used for idle IPVS TCP sessions.

View file

@ -1,4 +1,11 @@
--- ---
- name: kube-vip | Check cluster settings for kube-vip
fail:
msg: "kube-vip require kube_proxy_strict_arp = true, see https://github.com/kube-vip/kube-vip/blob/main/docs/kubernetes/arp/index.md"
when:
- kube_proxy_mode == 'ipvs' and not kube_proxy_strict_arp
- kube_vip_arp_enabled
- name: kube-vip | Write static pod - name: kube-vip | Write static pod
template: template:
src: manifests/kube-vip.manifest.j2 src: manifests/kube-vip.manifest.j2