kubespray/docs/kube-router.md

3.5 KiB

Kube-router

Kube-router is a L3 CNI provider, as such it will setup IPv4 routing between nodes to provide Pods' networks reachability.

See kube-router documentation.

Verifying kube-router install

Kube-router runs its pods as a DaemonSet in the kube-system namespace:

  • Check the status of kube-router pods
# From the CLI
kubectl get pod --namespace=kube-system -l k8s-app=kube-router -owide

# output
NAME                READY     STATUS    RESTARTS   AGE       IP               NODE                   NOMINATED NODE
kube-router-4f679   1/1       Running   0          2d        192.168.186.4    mykube-k8s-node-nf-2   <none>
kube-router-5slf8   1/1       Running   0          2d        192.168.186.11   mykube-k8s-node-nf-3   <none>
kube-router-lb6k2   1/1       Running   0          20h       192.168.186.14   mykube-k8s-node-nf-6   <none>
kube-router-rzvrb   1/1       Running   0          20h       192.168.186.17   mykube-k8s-node-nf-4   <none>
kube-router-v6n56   1/1       Running   0          2d        192.168.186.6    mykube-k8s-node-nf-1   <none>
kube-router-wwhg8   1/1       Running   0          20h       192.168.186.16   mykube-k8s-node-nf-5   <none>
kube-router-x2xs7   1/1       Running   0          2d        192.168.186.10   mykube-k8s-master-1    <none>
  • Peek at kube-router container logs:
# From the CLI
kubectl logs --namespace=kube-system -l k8s-app=kube-router | grep Peer.Up

# output
time="2018-09-17T16:47:14Z" level=info msg="Peer Up" Key=192.168.186.6 State=BGP_FSM_OPENCONFIRM Topic=Peer
time="2018-09-17T16:47:16Z" level=info msg="Peer Up" Key=192.168.186.11 State=BGP_FSM_OPENCONFIRM Topic=Peer
time="2018-09-17T16:47:46Z" level=info msg="Peer Up" Key=192.168.186.10 State=BGP_FSM_OPENCONFIRM Topic=Peer
time="2018-09-18T19:12:24Z" level=info msg="Peer Up" Key=192.168.186.14 State=BGP_FSM_OPENCONFIRM Topic=Peer
time="2018-09-18T19:12:28Z" level=info msg="Peer Up" Key=192.168.186.17 State=BGP_FSM_OPENCONFIRM Topic=Peer
time="2018-09-18T19:12:38Z" level=info msg="Peer Up" Key=192.168.186.16 State=BGP_FSM_OPENCONFIRM Topic=Peer
[...]

Gathering kube-router state

Kube-router Pods come bundled with a "Pod Toolbox" which provides very useful internal state views for:

  • IPVS: via ipvsadm
  • BGP peering and routing info: via gobgp

You need to kubectl exec -it ... into a kube-router container to use these, see https://www.kube-router.io/docs/pod-toolbox/ for details.

Kube-router configuration

You can change the default configuration by overriding kube_router_... variables (as found at roles/network_plugin/kube-router/defaults/main.yml), these are named to follow kube-router command-line options as per https://www.kube-router.io/docs/user-guide/#try-kube-router-with-cluster-installers.

Caveats

kubeadm_enabled: true

If you want to set kube-router to replace kube-proxy (--run-service-proxy=true) while using kubeadm_enabled, then 'kube-proxy` DaemonSet will be removed after kubeadm finishes running, as it's not possible to skip kube-proxy install in kubeadm flags and/or config, see https://github.com/kubernetes/kubeadm/issues/776.

Given above, if --run-service-proxy=true is needed it would be better to void kubeadm_enabled i.e. set:

kubeadm_enabled: false
kube_router_run_service_proxy: true

If for some reason you do want/need to set kubeadm_enabled, removing it afterwards behave better if kube-proxy is set to ipvs mode, i.e. set:

kubeadm_enabled: true
kube_router_run_service_proxy: true
kube_proxy_mode: ipvs