Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow replace kube-proxy by kube-router Service Proxy #3943

Open
leleobhz opened this issue Jan 18, 2024 · 14 comments
Open

Allow replace kube-proxy by kube-router Service Proxy #3943

leleobhz opened this issue Jan 18, 2024 · 14 comments
Labels
enhancement New feature or request

Comments

@leleobhz
Copy link

Is your feature request related to a problem? Please describe.

In Lightweight environments, kube-proxy may be replaced by kube-router service proxy (--run-service-proxy). This mode uses IPVS (And this way, it's directly compatible with MetalLB - even more if flag --advertise-loadbalancer-ip got added to ClusterConfig) and uses just one service to provide networking.

Describe the solution you would like

No response

Describe alternatives you've considered

No response

Additional context

No response

@leleobhz leleobhz added the enhancement New feature or request label Jan 18, 2024
@twz123
Copy link
Member

twz123 commented Jan 18, 2024

There's a related discussion on the forums. The gist of it: You can try to configure k0s in this way, by disabling kube-proxy (--disable-components=kube-proxy) and deploying kube-router as a custom CNI.

Note that in the upcoming k0s 1.29 release, there will be the ability to pass extra arguments to the k0s-managed kube-router deployment. You may be able to get by without deploying kube-router yourself by adding --run-service-proxy to the kube-router extraArgs section of the k0s config. See #3902 for details.

@leleobhz
Copy link
Author

There's a related discussion on the forums. The gist of it: You can try to configure k0s in this way, by disabling kube-proxy (--disable-components=kube-proxy) and deploying kube-router as a custom CNI.

Note that in the upcoming k0s 1.29 release, there will be the ability to pass extra arguments to the k0s-managed kube-router deployment. You may be able to get by without deploying kube-router yourself by adding --run-service-proxy to the kube-router extraArgs section of the k0s config. See #3902 for details.

Hello!

I tried a variant of this, editing daemonset to add --run-service-proxy by my own and disabling kubeproxy on spec.network. But for some reason, this did not worked as expected because kube-router did not configured ipvs as expected. Also, I see k0s uses 1.x kube-proxy version instead 2.x and I dont know if this changes something.

About #3902 - this commit is not expected to be released on 1.28 series?

@leleobhz
Copy link
Author

Also, there is any issue of using kube-router for service-proxy as default if user disables kube-proxy? There is some advantage to keep kube-proxy instead using by default kube-router service-proxy suppport?

@twz123
Copy link
Member

twz123 commented Jan 18, 2024

Also, I see k0s uses 1.x kube-proxy version instead 2.x and I dont know if this changes something.

I guess you mean kube-router, not kube-proxy? The update is being worked on (#3814).

About #3902 - this commit is not expected to be released on 1.28 series?

This is not planned. The 1.29 release will not take too long anymore.

Also, there is any issue of using kube-router for service-proxy as default if user disables kube-proxy? There is some advantage to keep kube-proxy instead using by default kube-router service-proxy suppport?

I'll refer to @juanluisvaladas's answer: http://forums.k8slens.dev/t/how-to-enable-kube-routers-load-balance-feature-under-k0s/800/4

@jnummelin
Copy link
Member

1.29 release will have new feature which allows you to configure any args for kube-router. With that you can the enable proxy in kube-router and disable k0s setting up kube-proxy.

@leleobhz
Copy link
Author

To keep the scope on track, I suggest we close this issue since everything is tracked here.

But a question that @juanluisvaladas awnser got me: If kube-proxy implements LoadBalancer, why this is not mentioned in https://docs.k0sproject.io/v1.28.5+k0s.0/examples/nginx-ingress/?h=loadbalance#install-nginx-using-loadbalancer as example?

In background (But will not ask this here now) i'm investigating a misbehave of any IPVS implementation with MetalLB (SYN goes, SYN+ACK not and I see returning packets does not have LB IP as source, but POD IP) and i'm thinking now if use kube-proxy as LB class may fix this. In this case, kube-proxy LB capability does not deserve any additional documentation?

@juanluisvaladas
Copy link
Contributor

Hi @leleobhz,

But a question that @juanluisvaladas awnser got me: If kube-proxy implements LoadBalancer, why this is not mentioned in https://docs.k0sproject.io/v1.28.5+k0s.0/examples/nginx-ingress/?h=loadbalance#install-nginx-using-loadbalancer as example?

Neither kube-proxy or kube-router implement LoadBalancer type, I did say that, but it must have been a lapse because LoadBalancer is intended for external load balancers and kube-proxy was never supposed to implement it. It was 6 months ago so I'm not sure what was the missing feature I was mentioning but I remember there were a couple...

Anyway, what I said is we're willing to study feature requests as long as they are justified, the previous request didn't say why we should implement but this but you are providing some reasons to do so. So it's definitely worth considering this again.

Do you think that, given that you can disable kube-proxy and starting 1.29 you'll be able to add the flag this is still needed? Or having that suffices?

As for the kube-proxy version, @twz123 mentioned you may mean kube-router, but if you are not please clarify exactly what are you referring to, I'm aware of kpng and KEP-2104 but I don't think you're referring to that...

@leleobhz
Copy link
Author

Hi @leleobhz,

Hi @juanluisvaladas

Anyway, what I said is we're willing to study feature requests as long as they are justified, the previous request didn't say why we should implement but this but you are providing some reasons to do so. So it's definitely worth considering this again.

I'm thankful by your consideration about this. I'm challenging myself run k0s on Rpi3 cluster because 1) k0s is the most upstream-compliant mini-distro of kubernetes I've found 2) I want to study how Kubernetes can be improved on low memory scenarios (And I got good result with NodeSwap + zram + more disk swap) 3) Learn more about Kubernetes internal. Also, Kubernetes on low requisite scenarios is a important study.

Do you think that, given that you can disable kube-proxy and starting 1.29 you'll be able to add the flag this is still needed? Or having that suffices?

I'll attempt this after 1.29 release. I'm stuck on tricky network issue here (No matter what, anything using LoadBalancer class starts 3 way handshake but after 3rd ack awnser, communication stops and I receive a tons of retransmissions until timeout) but if I can reach this point using only Kuberouter, I think it's possible consider it works. Also, I'll try change distro/kernel to check for some heavy restriction on environment (DietPI is a lot compact but may be missing something).

As for the kube-proxy version, @twz123 mentioned you may mean kube-router, but if you are not please clarify exactly what are you referring to, I'm aware of kpng and kubernetes/enhancements#2104 but I don't think you're referring to that...

Indeed I mean kube-router version:

KubeRouterCNIImageVersion = "v1.6.0-iptables1.8.9-1"

I think if Kube-router got updated to 2.x line, maybe possible to use only kube-router + metallb with kube-router provinding pod networking + IPVS proxy + BGP and metallb providing LB Class (kube-router manages BGP and with the bgp-announce-lb-ip as true it manages lb address announcement too). And on implementations that does not rely on external BGP, kuberouter can provide pod networking + IPVS proxy and metallb with LB Class plus ARP listener.

@pedro-n-rocha
Copy link

For runnning with only standalone kuberouter, kuberouter daemonset needs a proper configured kubeconfig Arg ,

this is not implemented in

const kubeRouterTemplate = `---

like it it is for kubeproxy ( cleaner > server: {{ .ControlPlaneEndpoint }} )

kubeconfig.conf: |-

so only got it working with custom network provider option,and with the hardcoded internal api server IP and port 6443 on the manifest kubeconfig, ( hacky at best )

still not convinced of the benefits of disabling kube-proxy.

@leleobhz
Copy link
Author

leleobhz commented Oct 8, 2024

still not convinced of the benefits of disabling kube-proxy.

Hello @pedro-n-rocha

Main reason is system resource waist. Calico replaces kube-proxy in eBPF mode and kube-router also does support replace kube-proxy. Not telling here kube-proxy is a bad implementation, but maybe redundant in some scenarios. It's at least a good look into flexibility since k0s can be customized/extended with helm and Calico - as example - can be deployed and configured entirelly from helm charts.

@jnummelin
Copy link
Member

@leleobhz Now that k0s supports adding the needed arg(s) to kube-router and kube-proxy can be disabled, I don't think there's anything more for k0s to do, right? If so, pls close the issue

@leleobhz
Copy link
Author

Hi @jnummelin

I've tried this in a older version of k0s. I'll try to replicate this on 1.31 and I'll feedback here.

@adlion
Copy link

adlion commented Jan 21, 2025

Can someone show how to pass arguments on kuberouter please

A simple case:

kuberouter
      extraArgs:
        - '--run-service-proxy=true'

but it complains because it expects it as map[string]string

+++++++++++++++++++++++++
I found it

      extraArgs:
        run-service-proxy: "true"

Sorry for the noise

@pedro-n-rocha
Copy link

It is not sufficient to pass the extraArgs for KubeRouter, as it also requires a kubeconfig.conf file to communicate with the API server.

Currently, this functionality is not implemented in the k0s kubeRouterTemplate variable in kuberouter.go, unlike the proxyTemplate variable in kubeproxy.go, which handles this appropriately.

As a temporary solution, I’ve disabled the default KubeRouter handling in k0s by setting:

k0s controller -c /etc/k0s/config.yaml --enable-worker --single --disable-components=autopilot,endpoint-reconciler,helm,konnectivity-server,metrics-server,windows-node,kube-proxy

And configured the network provider as custom in the k0s_config environment variable:

Then, I’ve placed a fully configured kube-router.yaml manifest under:
/var/lib/k0s/manifests/kuberouter/

This workaround ensures KubeRouter operates correctly, but it would be better to implement proper support for generating and managing the kubeconfig.conf file within the kubeRouterTemplate logic.

This is a straightforward fix that would bring parity between kubeproxy.go and kuberouter.go and improve the developer and user experience.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

6 participants