azure-container-networking icon indicating copy to clipboard operation
azure-container-networking copied to clipboard

Published 20 hours ago verified publisher icon Azure

Azure-NPM: Compatibility with kube-proxy in IPVS mode

Open mattstam opened this issue 3 years ago • 0 comments

What happened:

When NPM is enabled on a cluster with kube-proxy configured for IPVS instead of IPTABLES, e.g.:

Containers:
  kube-proxy:
    Command:
      --proxy-mode=ipvs
      --ipvs-scheduler=lc
      --ipvs-tcp-timeout=900s
      --ipvs-tcpfin-timeout=120s
      --ipvs-udp-timeout=30s

Traffic against a Service IP fails.

What you expected to happen:

Traffic to Services are successful, as would normally be the case with IPTables.

How to reproduce it:

Create a Kubernetes cluster with IPVS. Currently this is (or will shortly be) available on AKS via KubeProxyConfigurationPreview with an ARM call that has the contents:

{
   "apiVersion":"2022-08-02-preview",
   "type":"Microsoft.ContainerService/managedClusters",
   "properties":{
      "networkProfile":{
         "kubeProxyConfig":{
            "enabled":true,
            "mode":"IPVS",
            "ipvsConfig":{
               "scheduler":"LeastConnection",
               "TCPTimeoutSeconds":900,
               "TCPFINTimeoutSeconds":120,
               "UDPTimeoutSeconds":30
            }
         }
      }
   }
}

Otherwise, will need to configure a cluster with manually setting the kube-proxy arguments to the above.

Kubernetes Version:

v1.23.8

Kernel (e.g. uname -a):

5.4.0-1090-azure #95~18.04.1-Ubuntu SMP Sun Aug 14 20:09:27 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

mattstam avatar Sep 13 '22 22:09 mattstam