Open in app

Sign in

Write

Sign in

How to enable IPVS mode on AWS EKS?

selfieblue
2 min readJul 15, 2020

--

First of all, this is workaround solution because AWS EKS did not allow us to enable IPVS mode by itself. So we will walkthrough our steps.

In my case, we are using Amazon Linux AMI which is provided by Amazon.

Step 1 : Install required packages

#!/bin/bashsudo yum install -y ipvsadm
sudo ipvsadm -lsudo modprobe ip_vs 
sudo modprobe ip_vs_rr
sudo modprobe ip_vs_wrr 
sudo modprobe ip_vs_sh
sudo modprobe nf_conntrack_ipv4

Step 2 : Prepare new kube-proxy parameters.
After cluster is up and running, we need to get the current kube-proxy configuration by getting configuration for default kube-proxy pod

kube_proxy_pod=$(kubectl -n kube-system get pod | grep kube-proxy | head -1 | awk {'print $1'})kubectl -n kube-system exec -ti ${kube_proxy_pod} cat /var/lib/kube-proxy-config/config > eks_kube_proxy_config.yaml

Change some parameters to enable IPVS on file : eks_kube_proxy_config.yaml

sed -i 's/scheduler: ""/scheduler: "rr"/g' eks_kube_proxy_config.yaml
sed -i 's/mode: "iptables"/mode: "ipvs"/g' eks_kube_proxy_config.yaml

Step 3 : Add new kube-proxy config to configmap

kubectl -n kube-system edit cm kube-proxy

Add or Replace (If Existed) by copy modified data in eks_kube_proxy_config.yaml

data:
  config: |-
    apiVersion: kubeproxy.config.k8s.io/v1alpha1
    bindAddress: 0.0.0.0
    clientConnection:
      acceptContentTypes: ""
      burst: 10
      contentType: application/vnd.kubernetes.protobuf
      kubeconfig: /var/lib/kube-proxy/kubeconfig
      qps: 5
    clusterCIDR: ""
    configSyncPeriod: 15m0s
    conntrack:
      max: 0
      maxPerCore: 32768
      min: 131072
      tcpCloseWaitTimeout: 1h0m0s
      tcpEstablishedTimeout: 24h0m0s
    enableProfiling: false
    healthzBindAddress: 0.0.0.0:10256
    hostnameOverride: ""
    iptables:
      masqueradeAll: false
      masqueradeBit: 14
      minSyncPeriod: 0s
      syncPeriod: 30s
    ipvs:
      excludeCIDRs: null
      minSyncPeriod: 0s
      scheduler: "rr"
      syncPeriod: 30s
    kind: KubeProxyConfiguration
    metricsBindAddress: 127.0.0.1:10249
    mode: "ipvs"
    nodePortAddresses: null
    oomScoreAdj: -998
    portRange: ""

The highlight lines are the modified data which is copied from eks_kube_proxy_config.yaml

Step 4 : Apply new kube-proxy parameters by edit daemonset for kube-proxy

kubectl -n kube-system edit ds kube-proxy==> Change from
      containers:
      - command:
        - kube-proxy
        - --v=2
        - --config=/var/lib/kube-proxy-config/config==> To
      containers:
      - command:
        - kube-proxy
        - --v=2
        - --proxy-mode=ipvs
        - --ipvs-scheduler=rr
        - --config=/var/lib/kube-proxy/config
        env:
        - name: KUBE_PROXY_MODE
          value: ipvs

Step 5 : Verification
=> kube proxy on pod level

kubectl -n kube-system get pod | grep kube-proxy
kubectl -n kube-system log <pod_name>

output must be look like

=> kube proxy on host level
Login to worker node and run command to check ipvsadm is working properly
The output must be look like

$ sudo ipvsadm -l

Good luck!

AWS
Aws Eks
K8s

--

--

selfieblue

Written by selfieblue

18 Followers

Platform Engineering @Life

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams