24516c5a96
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Remove old featureGate flag in Readme **What this PR does / why we need it**: This PR corrects the Readme for ipvs mode: https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/README.md. `kubeadm init` doesn't support the `--feature-gates=SupportIPVSProxyMode=true` flag anymore since IPVS is in beta and not alpha anymore. ``` sudo kubeadm init --help Run this command in order to set up the Kubernetes master. Usage: kubeadm init [flags] Flags: --apiserver-advertise-address string The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface. --apiserver-bind-port int32 Port for the API Server to bind to. (default 6443) --apiserver-cert-extra-sans stringSlice Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names. --cert-dir string The path where to save and store the certificates. (default "/etc/kubernetes/pki") --config string Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. --cri-socket string Specify the CRI socket to connect to. (default "/var/run/dockershim.sock") --dry-run Don't apply any changes; just output what would be done. --feature-gates string A set of key=value pairs that describe feature gates for various features. Options are: CoreDNS=true|false (ALPHA - default=false) DynamicKubeletConfig=true|false (ALPHA - default=false) SelfHosting=true|false (ALPHA - default=false) StoreCertsInSecrets=true|false (ALPHA - default=false) --ignore-preflight-errors stringSlice A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks. --kubernetes-version string Choose a specific Kubernetes version for the control plane. (default "stable-1.9") --node-name string Specify the node name. --pod-network-cidr string Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node. --service-cidr string Use alternative range of IP address for service VIPs. (default "10.96.0.0/12") --service-dns-domain string Use alternative domain for services, e.g. "myorg.internal". (default "cluster.local") --skip-token-print Skip printing of the default bootstrap token generated by 'kubeadm init'. --token string The token to use for establishing bidirectional trust between nodes and masters. --token-ttl duration The duration before the bootstrap token is automatically deleted. If set to '0', the token will never expire. (default 24h0m0s) ``` **Special notes for your reviewer**: Used kubeadm version: ```bash sudo kubeadm version kubeadm version: &version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.3", GitCommit:"d2835416544f298c919e2ead3be3d0864b52323b", GitTreeState:"clean", BuildDate:"2018-02-07T11:55:20Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"} ``` **Release note**: ```release-note NONE ```
How to use IPVS
This document shows how to use kube-proxy ipvs mode.
What is IPVS
IPVS (IP Virtual Server) implements transport-layer load balancing, usually called Layer 4 LAN switching, as part of Linux kernel.
IPVS runs on a host and acts as a load balancer in front of a cluster of real servers. IPVS can direct requests for TCP and UDP-based services to the real servers, and make services of real servers appear as virtual services on a single IP address.
Run kube-proxy in ipvs mode
Currently, local-up scripts and kubeadm support switching IPVS proxy mode via exporting environment variables or specifying flags.
Local UP Cluster
Kube-proxy will run in iptables mode by default in a local-up cluster.
Users should export the env KUBE_PROXY_MODE=ipvs to specify the ipvs mode before deploying the cluster if want to run kube-proxy in ipvs mode.
Cluster Created by Kubeadm
Kube-proxy will run in iptables mode by default in a cluster deployed by kubeadm.
If you are using kubeadm with a configuration file, you can specify the ipvs mode adding SupportIPVSProxyMode: true below the kubeProxy field.
Then the configuration file is similar to:
kind: MasterConfiguration
apiVersion: kubeadm.k8s.io/v1alpha1
...
kubeProxy:
config:
featureGates: SupportIPVSProxyMode=true
mode: ipvs
...
Debug
Check IPVS proxy rules
People can use ipvsadm tool to check whether kube-proxy are maintaining IPVS rules correctly. For example, we may get IPVS proxy rules like:
# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.1:443 rr persistent 10800
-> 10.229.43.2:6443 Masq 1 0 0
TCP 10.0.0.10:53 rr
UDP 10.0.0.10:53 rr
Why kube-proxy can't start IPVS mode
People can do the following check list step by step:
1. Enable IPVS feature gateway
Currently IPVS-based kube-proxy is still in alpha phase, people need to enable --feature-gates=SupportIPVSProxyMode=true explicitly.
2. Specify proxy-mode=ipvs
Tell kube-proxy that proxy-mode=ipvs, please.
3. Load ipvs required kernel modules
The following kernel modules are required by IPVS-based kube-proxy:
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack_ipv4
IPVS-based kube-proxy will load them automatically. If it fails to load them, please check whether they are compiled into your kernel.