How to enable IPVS mode on AWS EKS?
First of all, this is workaround solution because AWS EKS did not allow us to enable IPVS mode by itself. So we will walkthrough our steps.
In my case, we are using Amazon Linux AMI which is provided by Amazon.
Step 1 : Install required packages
#!/bin/bashsudo yum install -y ipvsadm
sudo ipvsadm -lsudo modprobe ip_vs
sudo modprobe ip_vs_rr
sudo modprobe ip_vs_wrr
sudo modprobe ip_vs_sh
sudo modprobe nf_conntrack_ipv4
Step 2 : Prepare new kube-proxy parameters.
After cluster is up and running, we need to get the current kube-proxy configuration by getting configuration for default kube-proxy pod
kube_proxy_pod=$(kubectl -n kube-system get pod | grep kube-proxy | head -1 | awk {'print $1'})kubectl -n kube-system exec -ti ${kube_proxy_pod} cat /var/lib/kube-proxy-config/config > eks_kube_proxy_config.yaml
Change some parameters to enable IPVS on file : eks_kube_proxy_config.yaml
sed -i 's/scheduler: ""/scheduler: "rr"/g' eks_kube_proxy_config.yaml
sed -i 's/mode: "iptables"/mode: "ipvs"/g' eks_kube_proxy_config.yaml
Step 3 : Add new kube-proxy config to configmap
kubectl -n kube-system edit cm kube-proxy
Add or Replace (If Existed) by copy modified data in eks_kube_proxy_config.yaml
data:
config: |-
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
clientConnection:
acceptContentTypes: ""
burst: 10
contentType: application/vnd.kubernetes.protobuf
kubeconfig: /var/lib/kube-proxy/kubeconfig
qps: 5
clusterCIDR: ""
configSyncPeriod: 15m0s
conntrack:
max: 0
maxPerCore: 32768
min: 131072
tcpCloseWaitTimeout: 1h0m0s
tcpEstablishedTimeout: 24h0m0s
enableProfiling: false
healthzBindAddress: 0.0.0.0:10256
hostnameOverride: ""
iptables:
masqueradeAll: false
masqueradeBit: 14
minSyncPeriod: 0s
syncPeriod: 30s
ipvs:
excludeCIDRs: null
minSyncPeriod: 0s
scheduler: "rr"
syncPeriod: 30s
kind: KubeProxyConfiguration
metricsBindAddress: 127.0.0.1:10249
mode: "ipvs"
nodePortAddresses: null
oomScoreAdj: -998
portRange: ""
The highlight lines are the modified data which is copied from eks_kube_proxy_config.yaml
Step 4 : Apply new kube-proxy parameters by edit daemonset for kube-proxy
kubectl -n kube-system edit ds kube-proxy==> Change from
containers:
- command:
- kube-proxy
- --v=2
- --config=/var/lib/kube-proxy-config/config==> To
containers:
- command:
- kube-proxy
- --v=2
- --proxy-mode=ipvs
- --ipvs-scheduler=rr
- --config=/var/lib/kube-proxy/config
env:
- name: KUBE_PROXY_MODE
value: ipvs
Step 5 : Verification
=> kube proxy on pod level
kubectl -n kube-system get pod | grep kube-proxy
kubectl -n kube-system log <pod_name>
output must be look like
=> kube proxy on host level
Login to worker node and run command to check ipvsadm is working properly
The output must be look like
$ sudo ipvsadm -l