feat: switch kube-proxy to ipvs

This commit is contained in:
Stefan Reimer 2022-01-28 17:23:17 +01:00
parent 86c8170655
commit 4abbf3d55a
5 changed files with 15 additions and 42 deletions

View File

@ -2,4 +2,4 @@ apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
# kube-proxy doesnt really support setting dynamic bind-address via config, replaced by cilium long-term anyways
metricsBindAddress: "0.0.0.0:10249"
mode: ""
mode: "ipvs"

View File

@ -11,7 +11,7 @@ hairpinMode: hairpin-veth
resolvConf: /run/systemd/resolve/resolv.conf
{{- end }}
protectKernelDefaults: {{ .Values.protectKernelDefaults }}
eventRecordQPS: 0
#eventRecordQPS: 0
# Breaks kubelet at boot time
# tlsCertFile: /var/lib/kubelet/pki/kubelet.crt
# tlsPrivateKeyFile: /var/lib/kubelet/pki/kubelet.key

View File

@ -10,6 +10,8 @@ fi
export WORKDIR=/tmp/kubezero
export HOSTFS=/host
export VERSION=v1.21
export NETWORK_VERSION=0.1.7
export ADDONS_VERSION=0.4.1
export KUBECONFIG="${HOSTFS}/root/.kube/config"
@ -145,13 +147,13 @@ if [ "$1" == 'upgrade' ]; then
# network
yq eval '.network // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml
helm template kubezero/kubezero-network --version 0.1.3 --include-crds --namespace kube-system --name-template network \
-f _values.yaml --kube-version $KUBE_VERSION | kubectl apply -f - $LOG
helm template kubezero/kubezero-network --version $NETWORK_VERSION --namespace kube-system --include-crds --name-template network \
-f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG
# addons
yq eval '.addons // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml
helm template kubezero/kubezero-addons --version 0.2.4 --include-crds --namespace kube-system --name-template addons \
-f _values.yaml --kube-version $KUBE_VERSION | kubectl apply -f - $LOG
helm template kubezero/kubezero-addons --version $ADDONS_VERSION --namespace kube-system --include-crds --name-template addons \
-f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG
######################
@ -179,6 +181,9 @@ elif [[ "$1" == 'node-upgrade' ]]; then
echo "Migrating kubezero.yaml"
yq -i eval '.api.etcdServers = .api.allEtcdEndpoints | .network.multus.enabled = "true"' ${HOSTFS}/etc/kubernetes/kubezero.yaml
# remove old aws-node-termination-handler config, first new controller will do the right thing
yq -i eval 'del(.addons.aws-node-termination-handler)' ${HOSTFS}/etc/kubernetes/kubezero.yaml
# AWS
if [ -f ${HOSTFS}/etc/cloudbender/clusterBackup.passphrase ]; then
if [ -f ${HOSTFS}/usr/local/sbin/backup_control_plane.sh ]; then
@ -288,13 +293,13 @@ elif [[ "$1" =~ "^(bootstrap|recover|join)$" ]]; then
# network
yq eval '.network // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml
helm template kubezero/kubezero-network --version 0.1.3 --include-crds --namespace kube-system --name-template network \
-f _values.yaml --kube-version $KUBE_VERSION | kubectl apply -f - $LOG
helm template kubezero/kubezero-network --version $NETWORK_VERSION --namespace kube-system --include-crds --name-template network \
-f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG
# addons
yq eval '.addons // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml
helm template kubezero/kubezero-addons --version 0.2.4 --include-crds --namespace kube-system --name-template addons \
-f _values.yaml --kube-version $KUBE_VERSION | kubectl apply -f - $LOG
helm template kubezero/kubezero-addons --version $ADDONS_VERSION --namespace kube-system --include-crds --name-template addons \
-f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG
fi
post_kubeadm

View File

@ -1,9 +0,0 @@
ARG SHELL_OPERATOR_VERSION
FROM flant/shell-operator:v${SHELL_OPERATOR_VERSION}
RUN apk upgrade -U -a && \
apk --no-cache add \
aws-cli
ADD hooks /hooks

View File

@ -1,23 +0,0 @@
SHELL_OPERATOR_VERSION ?= 1.0.6
REGISTRY := public.ecr.aws/zero-downtime
REPOSITORY := kubezero-controller
TAG := $(REPOSITORY):v$(SHELL_OPERATOR_VERSION)-aws
.PHONY: build push clean scan
all: build push
build:
podman build --rm --squash-all --build-arg SHELL_OPERATOR_VERSION=$(SHELL_OPERATOR_VERSION) -t $(TAG) .
push:
aws ecr-public get-login-password --region us-east-1 | podman login --username AWS --password-stdin $(REGISTRY)
podman tag $(TAG) $(REGISTRY)/$(TAG)
podman push $(REGISTRY)/$(TAG)
clean:
podman image prune -f
scan:
podman system service&
sleep 5; trivy $(TAG)