Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to disable kube-proxy with RKE2 #33785

Closed
rancher-max opened this issue Jul 27, 2021 · 7 comments
Closed

Unable to disable kube-proxy with RKE2 #33785

rancher-max opened this issue Jul 27, 2021 · 7 comments
Assignees
@vincent99 @davidnuzik @rancher-max
Labels
area/rke2 RKE2-related Issues kind/bug-qa Issues that have not yet hit a real release. Bugs introduced by a new feature or enhancement
Milestone
v2.6

Comments

@rancher-max
Copy link
Contributor

Need a way to disable the new kube-proxy static pod during rke2 provisioning. The current option presented in the UI calls: disable: rke2-kube-proxy, whereas the latest release of rke2 introduces kube-proxy as a static pod and has a new way to disable it. See rancher/rke2#1444 (comment) for details.

The UI doesn't need to change, but should instead call disable-kube-proxy: true in the config when deselecting the option (see UI screenshot below):

image
@rancher-max rancher-max added kind/bug-qa Issues that have not yet hit a real release. Bugs introduced by a new feature or enhancement area/rke2 RKE2-related Issues labels Jul 27, 2021
@rancher-max rancher-max added this to the v2.6 milestone Jul 27, 2021
This was referenced Jul 27, 2021
Closed
Closed
@deniseschannon deniseschannon added the dependency-rke2 Indicates that the rancher issue has a dependency to an RKE2 issue label Jul 29, 2021
@deniseschannon
Copy link

KDM has been updated to disable kube-proxy with this parameter.

      disable-kube-proxy:
        type: boolean

And the option to delete kube-proxy helm chart has been removed from this section:

      disable:
        type: array
        options:
        - rke2-coredns
        - rke2-ingress-nginx
        - rke2-metrics-server

UI needs to be reflected to use the new parameter of how to enable/disable kube-proxy.

The kube-proxy helm chart is being phased out and since it was never released yet, we should only enable/disable static pod of kube-proxy.

@deniseschannon deniseschannon added dependency-rke2 Indicates that the rancher issue has a dependency to an RKE2 issue and removed dependency-rke2 Indicates that the rancher issue has a dependency to an RKE2 issue labels Aug 1, 2021
@deniseschannon deniseschannon mentioned this issue Aug 2, 2021
Merged
@deniseschannon
Copy link

Available as part of RKE2 v1.21.3-rc1+rke2e2

@deniseschannon deniseschannon mentioned this issue Aug 2, 2021
Merged
@deniseschannon
Copy link

After discussion with @ibuildthecloud, we only want to allow disabling through the YAML, but we don't want to expose this to the end user through the UI as it will break clusters unless you know what you're doing.

@deniseschannon deniseschannon removed the dependency-rke2 Indicates that the rancher issue has a dependency to an RKE2 issue label Aug 4, 2021
@deniseschannon deniseschannon mentioned this issue Aug 4, 2021
Merged
@deniseschannon
Copy link

KDM/yaml supports being able to disable the kube-proxy node, but we no longer have UI support to disable it.

@deniseschannon
Copy link

@rancher-max we should validate that we can disable it through the yaml and that it gets set correctly in RKE2.

@rancher-max
Copy link
Contributor Author

The remaining testing on this is blocked by: #33961

@davidnuzik
Copy link
Contributor

Reproduction:
Not required.

Validation Passed:
Rancher version: v2.6-head 7b9a232ac 8/6/21 2:12pm Pacific
Rancher cluster type: single-node rancher in docker container
Docker version: 19.03

Downstream cluster type: rke2
Downstream K8s version: v1.21.3-rc4+rke2r2

Validation steps:

  1. Create a simple 1-node rke2 cluster, in my case with the digital ocean provider.
    Confirmed that the "Kube Proxy" system service is no longer visible in the UI, as expected:
    image

  2. Switch to the YAML view so we may disable the kube-proxy. Specify the relevant flag in the machineGlobalConfig of rkeConfig

    machineGlobalConfig:
      cni: calico
      disable-kube-proxy:
        - true
  1. Once the node/cluster are ready, ssh into the node and confirm the setting took:
    (It did)
root@dave-rke2-try-diff-disable-pool1-q26jh:/etc/rancher/rke2/config.yaml.d# cat 50-rancher.yaml 
{
  "agent-token": "REDACTED",
  "cni": "calico",
  "disable-kube-proxy": true,
  "etcd-snapshot-retention": 5,
  "etcd-snapshot-schedule-cron": "0 */5 * * *",
  "node-label": [
    "rke.cattle.io/machine=440821ac-fc5f-42e9-aeac-a4bc291eb7ee"
  ],
  "protect-kernel-defaults": false,
  "token": "REDACTED"

And checked unit file and yes, I do not see the kube-proxy process running nor with ps.

This was referenced Oct 26, 2021
Closed
Merged
@zube zube bot removed the [zube]: Done label Nov 5, 2021
brandond pushed a commit to rancher/rke2 that referenced this issue Jan 19, 2022
@PhilipSchmid @brandond
Removed rke2-kube-proxy disable list option
dcbf4a5 
Since it's not valid anymore. See rancher/rancher#33785.
Elsvent pushed a commit to Elsvent/ansible-role-rke2 that referenced this issue Jan 9, 2023
@elsvent-hong
add parameter to disable kubeproxy follow rancher/rancher#33785
5b0d3c1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vincent99 vincent99

@davidnuzik davidnuzik

@rancher-max rancher-max

Labels
area/rke2 RKE2-related Issues kind/bug-qa Issues that have not yet hit a real release. Bugs introduced by a new feature or enhancement
Projects
None yet
Milestone
v2.6
Development

No branches or pull requests
5 participants
@vincent99 @deniseschannon @sowmyav27 @davidnuzik @rancher-max