Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RKE2 kube-proxy --proxy-mode=ipvs --ipvs-strict-arp #3710

Closed
tylerhowd opened this issue Dec 13, 2022 · 7 comments
Closed

RKE2 kube-proxy --proxy-mode=ipvs --ipvs-strict-arp #3710

tylerhowd opened this issue Dec 13, 2022 · 7 comments

Comments

@tylerhowd
Copy link

Environmental Info:
RKE2 Version: v1.24.8+rke2r1

Node(s) CPU architecture, OS, and Version:

On ESXi/intel Centos 7.9
Cluster Configuration:

3 servers and 3 agents
Describe the bug:

Im trying to install and configure metallb in layer 2mode. Which requires proxy mode ipvs and strict arp. When I try to apply these configuration changes to /var/lib/rancher/rke2/agent/pod-manifests/kube-proxy.yaml I get the following error in the kube-proxy pod.

"Can't use the IPVS proxier" err="IPVS proxier will not be used because the following required kernel modules are not loaded: [ip_vs_wrr ip_vs_sh ip_vs ip_vs_rr]"

Steps To Reproduce:

  • Installed RKE2: I used the documentation with the only override being selinux: true. Edit /var/lib/rancher/rke2/agent/pod-manifests/kube-proxy.yaml to include --proxy-mode=ipvs --ipvs-strict-arp flags.

Expected behavior:

I expect to use proxy mode ipvs with strict arp
Actual behavior:

Looks like hardened-kubernetes:v1.24.8-rke2r1-build20221110 does not have the correct kernel modules included

Additional context / logs:

I think I provided all thats needed. Let me know if more logs are needed.
@brandond
Copy link
Contributor

brandond commented Dec 13, 2022
edited

Looks like hardened-kubernetes:v1.24.8-rke2r1-build20221110 does not have the correct kernel modules included

Kubernetes packages do not include kernel modules. Shipping modules for any possible kernel version that a user might be running is impractical for a number of reasons. If you're enabling nonstandard functionality, you need to ensure that the correct kernel modules for those features are available and loaded on the node beforehand.

@brandond
Copy link
Contributor

brandond commented Dec 13, 2022
edited

Also, you should NOT edit the kube-proxy static pod manifest; any changes you make will be reverted when RKE2 is restarted. You should use the following in your config.yaml instead:

kube-proxy-arg:
  - proxy-mode=ipvs
  - ipvs-strict-arp=true

@tylerhowd
Copy link
Author

Thank you for clearing that up for me. Do you know which kernel module needs to be installed on the hosts to enable ipvs?

@brandond
Copy link
Contributor

brandond commented Dec 13, 2022
edited

kube-proxy told you which modules you need, and you included it in your issue report up above:

"Can't use the IPVS proxier" err="IPVS proxier will not be used because the following required kernel modules are not loaded: [ip_vs_wrr ip_vs_sh ip_vs ip_vs_rr]"

@tylerhowd
Copy link
Author

Im a derp. Thanks again.

@bgogri

This comment was marked as off-topic.

Sign in to view
@brandond
Copy link
Contributor

@bgogri please don't ask a new question on a resolved issue. Open a new issue or discussion.

@rancher rancher locked as resolved and limited conversation to collaborators Dec 15, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brandond @bgogri @tylerhowd