Cloud Docs Home > F5 Application Services Proxy Index

Replace kube-proxy with the f5-kube-proxy

Summary

The f5-kube-proxy is a container-based application that runs in a Pod on each Node in a Kubernetes Cluster. It takes the place of the standard Kubernetes kube-proxy component.

The instructions differ depending on the version of Kubernetes that you use.

Patch the kube-proxy DaemonSet

Warning

Do not complete this section if you are running Kubernetes v1.4 or v1.5.

  1. Patch the kube-proxy DaemonSet with the JSON block provided below.

    // REMOVE ALL COMMENTS BEFORE USE
    {
     "spec": {
       "template": {
         "spec": {
           "containers": [
             {
               "name": "kube-proxy",
               "image": "f5networks/f5-kube-proxy:1.1.0",
               "volumeMounts": [
                 {
                   "mountPath": "/var/run/kubernetes/proxy-plugin",
                   "name": "plugin-config"
                 }
               ]
             }
           ],
           "volumes": [
             {
               "name": "plugin-config",
               "hostPath": {
                 "path": "/var/run/kubernetes/proxy-plugin",
                 "type": "DirectoryOrCreate"
              }
            }
           ]
         }
       },
        // Applies the f5-kube-proxy patch one time
       "updateStrategy": {
         "type": "RollingUpdate",
         "rollingUpdate": {
           // Set to a number higher than the possible number of nodes needed
           "maxUnavailable": 10
         }
       }
     }
    }
    

    Download the patch file

    • Kubernetes:

      kubectl patch daemonset kube-proxy -n kube-system -p kube-proxy-patch.json
      
    • OpenShift:

      oc patch daemonset kube-proxy -n kube-system -p kube-proxy-patch.json
      

Edit the kube-proxy Pod Manifests

Warning

Do not complete this section if you are running Kubernetes v1.6 or later.

Important

Kubernetes “master” and “worker” nodes have distinct Pod Manifests. You need to update both to use f5-kube-proxy.

See the CoreOS on Kubernetes Getting Started Guide for information about setting up kube-proxy on master and worker nodes.

Take the steps below to update the Pod Manifest on each Node in the Cluster.

  1. SSH to a node and edit the kube-proxy manifest.

    $ ssh core@172.16.1.21
    Last login: Fri Feb 17 18:33:35 UTC 2017 from 172.16.1.20 on pts/0
    CoreOS alpha (1185.3.0)
    Update Strategy: No Reboots
    core@k8s-worker-0 ~ $ sudo su
    k8s-worker-0 core \# vim /etc/kubernetes/manifests/kube-proxy.yaml
    
  2. Edit the kube-proxy manifest to match the manifest examples.

    • On the worker pod(s), change the command value to /proxy.

      spec:
        containers:
          command: /proxy
      
    • On the master and worker pods, replace the image with “f5networks/f5-kube-proxy”.

      Listing 3 Replace the standard kube-proxy image with the f5-kube-proxy image.
      spec:
        containers:
          image: f5networks/f5-kube-proxy:1.0.0
      
    • On the master and worker pods, add a new mountPath: “/var/run/kubernetes/proxy-plugin”.

      Listing 4 Add a new mountPath to the volumeMounts section in both master and worker manifests.
      spec:
        containers:
          volumeMounts:
            ...
            - mountPath: /var/run/kubernetes/proxy-plugin
              name: plugin-config
              readOnly: false
      
    • On the master and worker pods, add a new “plugin-config” volume.

      Listing 5 Add the plugin-config volume using the mountPath defined above.
      spec:
        volumes:
          ...
          - name: plugin-config
            hostPath:
              path: /var/run/kubernetes/proxy-plugin
      

Example Pod Manifests

Listing 6 kube-proxy manifest on MASTER node
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
apiVersion: v1
kind: Pod
metadata:
  name: kube-proxy
  namespace: kube-system
spec:
  hostNetwork: true
  containers:
  - name: kube-proxy
    image: f5networks/f5-kube-proxy:1.0.0
    # do not change the args below if your master kube-proxy settings differ
    # from those shown here
    command:
    - /proxy
    - --master=http://127.0.0.1:8080
    - --proxy-mode=iptables
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /etc/ssl/certs
      name: ssl-certs-host
      readOnly: true
    # add this volumeMount
    - mountPath: /var/run/kubernetes/proxy-plugin
      name: plugin-config
  volumes:
  - hostPath:
      path: /usr/share/ca-certificates
    name: ssl-certs-host
  # add this volume
  - name: plugin-config
    hostPath:
      path: /var/run/kubernetes/proxy-plugin

f5-kube-proxy-manifest-master.yaml

Listing 7 kube-proxy manifest on WORKER node
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
apiVersion: v1
kind: Pod
metadata:
  name: kube-proxy
  namespace: kube-system
spec:
  hostNetwork: true
  containers:
  - name: kube-proxy
    image: f5networks/f5-kube-proxy:1.0.0
    # replace the args from the original kube-proxy config with those below
    command:
    - /proxy
    # IP address of the master node
    - --master=https://172.16.1.19
    - --proxy-mode=iptables
    - --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /etc/ssl/certs
      name: ssl-certs-host
      readOnly: true
    - mountPath: /etc/kubernetes/worker-kubeconfig.yaml
      name: "kubeconfig"
      readOnly: true
    - mountPath: /etc/kubernetes/ssl
      name: "etc-kube-ssl"
      readOnly: true
    # add this volumeMount
    - mountPath: /var/run/kubernetes/proxy-plugin
      name: plugin-config
  volumes:
  - hostPath:
      path: /usr/share/ca-certificates
    name: ssl-certs-host
  - name: "kubeconfig"
    hostPath:
      path: "/etc/kubernetes/worker-kubeconfig.yaml"
  - name: "etc-kube-ssl"
    hostPath:
      path: "/etc/kubernetes/ssl"
  # add this volume
  - name: plugin-config
    hostPath:
      path: /var/run/kubernetes/proxy-plugin

f5-kube-proxy-manifest-worker.yaml