Kubernetes Control Plane Charm

kubernetes charms don't set ipvs mode (code and docs bug)

Bug #2020059 reported by Patrizio Bassi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Kubernetes Control Plane Charm
Fix Released
High
Unassigned
Kubernetes Control Plane Charm 1.27+ck1
Kubernetes Worker Charm
Fix Released
High
Unassigned
Kubernetes Worker Charm 1.27+ck1

Bug Description

Hi,

from https://charmhub.io/kubernetes-control-plane IPVS can be enabled by

juju config kubernetes-control-plane proxy-extra-args="proxy-mode=ipvs"

unfortunately this is not working because if you have a look at the kube-proxy man page https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/

--proxy-mode ProxyMode
Which proxy mode to use: on Linux this can be 'iptables' (default) or 'ipvs'. On Windows the only supported
value is 'kernelspace'.This parameter is ignored if a config file is specified by --config.

the unit uses this command line:

/snap/kube-proxy/3038/kube-proxy --v=0 --master=https://10.0.0.143:6443 --config=/root/cdk/kubeproxy/config.yaml --proxy-mode=ipvs

so proxy-mode extra argument is ignored.

how to fix:
1) there are 2 missing packages: ipset e conntrack (the latter is a very old standing issue, for instance https://github.com/kubernetes/kubernetes/pull/26839/files)
2) the /root/cdk/kubeproxy/config.yaml should be completed with:
mode: "ipvs"
ipvs:
  strictARP: true

instead of dealing with extra args, as we need to install (and remove) packages, it may be good to have a dedicated flag such as "proxy-mode" with ["iptables","ipvs"] options.

when switching from iptables to ipvs you need to flush iptables/ipvs rules (while testing i fixed with a basic machine reboot).

the kubernetes-worker charm shares exactly the same issue.

See original description
Patrizio Bassi (patrizio-bassi)
description: updated
George Kraft (cynerva)
Changed in charm-kubernetes-master:
importance: Undecided → High
Changed in charm-kubernetes-worker:
importance: Undecided → High
summary: - kubernetes-control-plane charm doesn't set ipvs mode (code and docs bug)
+ kubernetes charms don't set ipvs mode (code and docs bug)
Changed in charm-kubernetes-master:
status: New → Confirmed
Changed in charm-kubernetes-worker:
status: New → Confirmed
George Kraft (cynerva)
Changed in charm-kubernetes-master:
milestone: none → 1.27+ck2
Changed in charm-kubernetes-worker:
milestone: none → 1.27+ck2
Revision history for this message
George Kraft (cynerva) wrote :

I'll be working on this soon. It's targeted for release with 1.27+ck2 which should be in early-to-mid June.

Changed in charm-kubernetes-master:
status: Confirmed → Triaged
Changed in charm-kubernetes-worker:
status: Confirmed → Triaged
George Kraft (cynerva)
Changed in charm-kubernetes-master:
status: Triaged → In Progress
Changed in charm-kubernetes-worker:
status: Triaged → In Progress
Revision history for this message
George Kraft (cynerva) wrote :

PRs:
https://github.com/charmed-kubernetes/layer-kubernetes-node-base/pull/7
https://github.com/charmed-kubernetes/layer-kubernetes-common/pull/46
https://github.com/charmed-kubernetes/charm-kubernetes-control-plane/pull/285
https://github.com/charmed-kubernetes/charm-kubernetes-worker/pull/143

Revision history for this message
George Kraft (cynerva) wrote (last edit ):

The above PRs introduce a new charm option, proxy-extra-config, which can be used to configure kube-proxy with IPVS mode and strict ARP. For example:

juju config kubernetes-control-plane proxy-extra-config='{mode: ipvs, ipvs: {strictARP: true}}'
juju config kubernetes-worker proxy-extra-config='{mode: ipvs, ipvs: {strictARP: true}}'

Additionally, the charms will install the ipset and conntrack apt packages by default.

George Kraft (cynerva)
Changed in charm-kubernetes-master:
status: In Progress → Fix Committed
Changed in charm-kubernetes-worker:
status: In Progress → Fix Committed
Revision history for this message
George Kraft (cynerva) wrote :

Looks like we got this in quick enough that it can go out with 1.27+ck1 instead, hopefully by the end of next week.

Changed in charm-kubernetes-master:
milestone: 1.27+ck2 → 1.27+ck1
Changed in charm-kubernetes-worker:
milestone: 1.27+ck2 → 1.27+ck1
Revision history for this message
George Kraft (cynerva) wrote :

Cherry-picked to release_1.27 branch:
https://github.com/charmed-kubernetes/layer-kubernetes-node-base/commit/bfaba2f1d19b42612a256cf6b86ee7e3f64e6ba9
https://github.com/charmed-kubernetes/layer-kubernetes-common/commit/982db815ad2e4720ec53d9e51f1139f0a8590a75
https://github.com/charmed-kubernetes/charm-kubernetes-control-plane/commit/7258630cf0a5560a665ed1e4770cc8f2f52013c4
https://github.com/charmed-kubernetes/charm-kubernetes-worker/commit/e7d13ccf8d5611f05bffe08efbac27d559b733aa

Kevin W Monroe (kwmonroe)
Changed in charm-kubernetes-master:
status: Fix Committed → Fix Released
Changed in charm-kubernetes-worker:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.