From 2ff46023b93b21acfa4badc8e6fd1680530b26fa Mon Sep 17 00:00:00 2001
From: gitlawr <lawrleegle@gmail.com>
Date: Fri, 7 Dec 2018 10:49:18 +0800
Subject: [PATCH] add configurable IPVS proxy mode

---
 infra-templates/k8s/55/README.md              | 1 +
 infra-templates/k8s/55/docker-compose.yml.tpl | 7 +++++++
 infra-templates/k8s/55/rancher-compose.yml    | 7 ++++++-
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/infra-templates/k8s/55/README.md b/infra-templates/k8s/55/README.md
index 1a0da4dc..bd81b15c 100644
--- a/infra-templates/k8s/55/README.md
+++ b/infra-templates/k8s/55/README.md
@@ -14,6 +14,7 @@ Warning: If you are using the `aws` cloud provider, tagging your cluster resourc
 ### Changelog for Kubernetes v1.11.5
 
 * Added v1.11.5 to address Kubernetes CVE-2018-1002105
+* Added ability to use ipvs mode for kube-proxy
 
 ### Required Open Ports on hosts
 
diff --git a/infra-templates/k8s/55/docker-compose.yml.tpl b/infra-templates/k8s/55/docker-compose.yml.tpl
index 0acdb591..58486616 100644
--- a/infra-templates/k8s/55/docker-compose.yml.tpl
+++ b/infra-templates/k8s/55/docker-compose.yml.tpl
@@ -155,6 +155,9 @@ proxy:
         - --kubeconfig=/etc/kubernetes/ssl/kubeconfig
         - --v=2
         - --healthz-bind-address=0.0.0.0
+        {{- if eq .Values.ENABLE_IPVS_PROXY_MODE "true" }}
+        - --proxy-mode=ipvs
+        {{- end }}
         {{- range $i, $elem := splitPreserveQuotes .Values.ADDITIONAL_KUBEPROXY_FLAGS }}
         - {{ $elem }}
         {{- end }}
@@ -168,6 +171,10 @@ proxy:
     net: host
     links:
         - kubernetes
+    {{- if eq .Values.ENABLE_IPVS_PROXY_MODE "true" }}
+    volumes:
+    - /lib/modules:/lib/modules:ro
+    {{- end }}
 
 etcd:
     image: {{$etcdImage}}
diff --git a/infra-templates/k8s/55/rancher-compose.yml b/infra-templates/k8s/55/rancher-compose.yml
index 7829abf8..a432dcf4 100644
--- a/infra-templates/k8s/55/rancher-compose.yml
+++ b/infra-templates/k8s/55/rancher-compose.yml
@@ -1,6 +1,6 @@
 .catalog:
   name: Kubernetes
-  version: v1.11.5-rancher1-1
+  version: v1.11.5-rancher1-2
   description: Rancher Kubernetes service
   minimum_rancher_version: v1.6.19
   questions:
@@ -117,6 +117,11 @@
     required: false
     default: 1
     type: int
+  - variable: ENABLE_IPVS_PROXY_MODE
+    label: Enable IPVS Proxy Mode for Kubernetes Proxy
+    required: false
+    default: false
+    type: boolean
   - variable: ADDITIONAL_KUBELET_FLAGS
     label: Additional Kubelet Flags
     required: false