Kube-proxy settings in custom RKE2 cluster

lolhax1337 · February 24, 2023, 9:35am

Hi!

I would like to set up this configuration for MetaLB:

apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"
ipvs:
  strictARP: true

https://metallb.universe.tf/installation/

I’ve found instruction for RKE1: How to enable IPVS proxy mode for kube-proxy | Support | SUSE.

For RKE2 I can’t find any instructions. I suspect it should be set in cluster.yaml, but no idea how.

Additional question: Is it possible to add two configs in " Additional Manifest" field? When I try to do it, I see error. I don’t believe I can’t add two CMs or resources, just one.
Cluster Configuration → AddOn config → Additional Manifest

When I try to add second cfg using apiversion: v1:

lolhax1337 · February 24, 2023, 10:03am

This is exactly my case:

github.com/rancher/rke2

RKE2 kube-proxy --proxy-mode=ipvs --ipvs-strict-arp

opened 08:10PM - 13 Dec 22 UTC

closed 08:26PM - 13 Dec 22 UTC

tylerhowd

**Environmental Info:** RKE2 Version: v1.24.8+rke2r1 Node(s) CPU architect…ure, OS, and Version: On ESXi/intel Centos 7.9 Cluster Configuration: 3 servers and 3 agents **Describe the bug:** Im trying to install and configure metallb in layer 2mode. Which requires proxy mode ipvs and strict arp. When I try to apply these configuration changes to /var/lib/rancher/rke2/agent/pod-manifests/kube-proxy.yaml I get the following error in the kube-proxy pod. "Can't use the IPVS proxier" err="IPVS proxier will not be used because the following required kernel modules are not loaded: [ip_vs_wrr ip_vs_sh ip_vs ip_vs_rr]" **Steps To Reproduce:** - Installed RKE2: I used the documentation with the only override being selinux: true. Edit /var/lib/rancher/rke2/agent/pod-manifests/kube-proxy.yaml to include --proxy-mode=ipvs --ipvs-strict-arp flags. **Expected behavior:** I expect to use proxy mode ipvs with strict arp **Actual behavior:** Looks like hardened-kubernetes:v1.24.8-rke2r1-build20221110 does not have the correct kernel modules included **Additional context / logs:** I think I provided all thats needed. Let me know if more logs are needed.

But I dont know in which section of cluster.yaml should I add:

kube-proxy-arg:
  - proxy-mode=ipvs
  - ipvs-strict-arp=true

lolhax1337 · February 25, 2023, 5:51am

Ok, so looks like it works:

You can add arguments from rke2:

under: machineGlobalConfig:, so for me in GUI in cluster.yaml:

machineGlobalConfig:
  kube-proxy-arg:
    - proxy-mode=ipvs
    - ipvs-strict-arp=true

And after this change, on my rancher-node:
root 3751955 3751907 0 05:42 ? 00:00:00 kube-proxy --cluster-cidr=10.42.0.0/16 --conntrack-max-per-core=0 --conntrack-tcp-timeout-close-wait=0s --conntrack-tcp-timeout-established=0s --healthz-bind-address=127.0.0.1 --hostname-override=worker-2 --ipvs-strict-arp=true --kubeconfig=/var/lib/rancher/rke2/agent/kubeproxy.kubeconfig --proxy-mode=ipvs

Unfortunately, the documentation is unclear and support couldn’t distinguish between a RKE2 cluster imported into rancher and a cluster created from GUI (custom RKE2). They proposed to manually create config.yaml on node, and in this case after RKE2 restart the configuration would be deleted (becouse in custom RKE2 clusters created from GUI, every change should be done in cluster.yaml file)

Topic		Replies	Views
How set additional flags to the kubernetes cluster? Rancher 2.x	6	7637	March 19, 2020
Updating proxy setting in rancher 2 HA on RKE/rancheros Rancher 2.x	1	512	December 10, 2018
Catalog availability with Rancher 2.0 HA behind HTTP proxy Rancher 2.x	2	2526	July 23, 2018
Unable to create rke2 cluster Rancher 2.x	2	3748	March 25, 2023
[solved] Rke2 network segmentation Rancher 2.x	1	79	March 15, 2024

Kube-proxy settings in custom RKE2 cluster

Related Topics