Manage kube-proxy by using IPVS

IPVS (IP Virtual Server) is a beta feature in Kubernetes 1.9.1. kube-proxy ipvs mode provides benefits such as performance enhancement to kube-proxy, when compared with traditional methods of using iptables and userspace mode.

IPVS running on a host acts as a load balancer at the front of a cluster of real servers. IPVS can direct requests for TCP/UDP based services to the real servers. IPVS can also make services that are running on the real servers appear as a virtual service on a single IP address.

To enable the kube-proxy ipvs mode, you must set the kube_proxy_extra_args parameter in the cluster configuration file.

The configuration file for a cluster with kube-proxy ipvs enabled, might resemble the following output:

## Kubernetes Settings
# kube_apiserver_extra_args: []
# kube_controller_manager_extra_args: []
kube_proxy_extra_args: ["--feature-gates=SupportIPVSProxyMode=true","--proxy-mode=ipvs"]

After installation completes, verify that the IPVS rules are created by completing the following steps:

1. Review the kube-proxy container log.

   [root@testnode ~]# docker ps |grep proxy
   
   6e8b9b058bfc ibmcom/kubernetes@sha256:0a186c019bd7d3a078799a387663da93c162b290b0665d16b229dba7d8f060b7  
   "/hyperkube proxy ..."   11 minutes ago      Up 11 minutes                                    k8s_proxy_k8s-proxy-9.21.53.16_kube-system_97991d33fbaf5606a3a6113337710e27_0
   
   docker logs 6e8b9b058bfc -f
   ...
   I0131 13:24:32.282248       1 feature_gate.go:184] feature gates: map[SupportIPVSProxyMode:true]
   I0131 13:24:32.283828       1 server_others.go:180] Using ipvs Proxier.
   I0131 13:24:32.284643       1 server_others.go:205] Tearing down inactive rules.
   I0201 05:31:25.008541       1 server.go:426] Version: v1.11.0+icp-ee
   ...
   

2. Verify that IPVS mode is detected on each cluster node.

   ipvsadm -Ln
   

The output resembles the following code:

  IP Virtual Server version 1.2.1 (size=4096)
  Prot LocalAddress:Port Scheduler Flags
    -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
  TCP  172.17.0.1:31443 rr
    -> 10.1.20.84:9443              Masq    1      0          0
  TCP  172.17.0.1:32292 rr
    -> 10.1.20.94:3000              Masq    1      0          0
  TCP  9.21.53.16:30090 rr
    -> 10.1.20.80:9090              Masq    1      0          0
  TCP  9.21.53.16:30296 rr
    -> 10.1.20.93:3001              Masq    1      0          0
  TCP  9.21.53.16:31443 rr
    -> 10.1.20.84:9443              Masq    1      0          0
  TCP  9.21.53.16:32292 rr
  ...