Allow management of KubeProxy configuration in CAPI #4512
Comments
|
/kind feature |
|
@fabriziopandini Could we unify all of these issues into one? |
|
I prefer to keep them separated because implication of changing KubeletConfiguration and changing KubeProxy configuration are different and we need to nail down details and actionable items. |
|
/milestone Next |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
|
/remove-lifecycle stale |
|
/area control-plane |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
|
/lifecycle frozen |
|
Is there a reason why Patches don't supportkube-proxy?
|
|
Posting here to (in addition to Slack):
|
|
^ yeah pretty much that.
kube-proxy in kubeadm is deployed as a single configuration backed DaemonSet, so having patches does not make sense, because patches are per node. also kube-proxy doesn't really support instance specific config and who knows what happens if you configure each kube-proxy instance differently. in kubeadm, you could at least pass an entire KubeProxyConfiguration during also...the future of kube-proxy in kubeadm is unclear. the component as it stands today is full of technical dept and the kubeproxyconfig being stuck in v1alpha1 is only one of the problems. there have been discussions about kube-proxy2 of sorts. |
|
Thanks for the answers guys!
Yeah but not in CAPI and we this is what this issue is about :) |
|
Is there any available workaround? |
|
is there some progress? |
|
No - nobody is working on this issue |
|
/close Given that the future of component config is not clear I would avoid extending its usage in CAPI. Let's collect use cases where the current approach does not work before committing to a way forward |
|
@fabriziopandini: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
FWIW, we'd also like to disable / omit kube-proxy long-term as we plan to use Cilium's kube-proxy-free mode where all forwarding/routing is supposed to happen through eBPF. Not 100% sure if that's relevant here (or rather kubeadm), but I thought I'd share it since @fabriziopandini asked for collecting use cases. |
|
Thx for the info. We also have this issue: #3700 As far as I know kube-proxy deployment can be disabled via the |
|
@timoreimann thanks for sharing! |
|
Thanks to both of you. The info in #3700 is super useful to us. |
User Story
As a CAPI user I would like to manage the kubeproxy configuration in a declarative way
Detailed Description
This is a follow up of #1584
There are many reasons and use cases for changing kubeProxy settings. the main one i have encountered is using IPVS mode which is a requirement in certain envirnments due to performance gains it offers over iptables.
As of today when initializing a cluster with CABPK, there is no way to supply this information through the standard mechanism of the kubeadm config CRD.
we have a hacky workaround which adds a script in a file to the nodes in the KCP that adds a KubeProxy Configuration yaml to the kubeadm-init.yaml configuration file and a preKubeadmCommand to run the script. while this works it is not ideal.
another use case for kubeproxy settings is to enable ServiceTopology feature.
Related Issue
there is a similar issue for kubelet configuration #4464
The text was updated successfully, but these errors were encountered: