Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kube-proxy extraArgs ignored #5505

Closed
fredgate opened this issue May 6, 2022 · 12 comments
Closed

kube-proxy extraArgs ignored #5505

fredgate opened this issue May 6, 2022 · 12 comments

Comments

@fredgate
Copy link

fredgate commented May 6, 2022

Bug Report

kube-proxy pod runs without args specified in the machine configuration file with key cluster.proxy.extraArgs

Description

To change the bind address of kube-proxy for metrics, I edit the configuration file of each node as it :

cluster:
  ....
  proxy:
    image: 'k8s.gcr.io/kube-proxy:v1.21.6'
    extraArgs:
      metrics-bind-address: '10.80.1.1:10249'

and then apply it with talosctl apply-config -n 10.80.1.1 -f controlplane1.yaml
When I watch the pod, I see that the corresponding kube-proxy is restarted (but not recreated), and if I describe it, I see that its command line arguments did not change :

  containers:
  - name: kube-proxy
    command:
    - /usr/local/bin/kube-proxy
    - --cluster-cidr=10.244.0.0/16
    - --conntrack-max-per-core=0
    - --hostname-override=$(NODE_NAME)
    - --kubeconfig=/etc/kubernetes/kubeconfig
    - --proxy-mode=iptables

I tried to delete the pod; it was recreated but still with the same command line.
In fact the daemonset kube-proxy is not updated.

When I changed the cluster.scheduler.extraArgs and cluster.controllerManager.extraArgs the corresponding pods were successfully recreated with the new command.

Environment

  • Talos version: 0.14.1
  • Kubernetes version: 1.21.6
  • Platform: amd64
@smira
Copy link
Member

smira commented May 6, 2022

Talos doesn't update the manifests automatically for safety reasons. You need to run talosctl upgrade-k8s -n <controlplanenodeIP> --to v1.23.5 to make it re-apply the manifests.

@smira
Copy link
Member

smira commented May 6, 2022

@fredgate
Copy link
Author

fredgate commented May 6, 2022

Yes but I don't want to upgrade kubernetes version. Just add a parameter to the kube-proxy command line.

Can I run the upgrade-k8s with the actual version ?
talosctl upgrade-k8s -n <controlplanenodeIP> --to v1.21.6

@frezbo
Copy link
Member

frezbo commented May 6, 2022

| Can I run the upgrade-k8s with the actual version ?

yes, you can do talosctl upgrade-k8s --to=<existing version> This will pick up the k8s related changes in the manifest and apply them, other component versiosn will remain the same. You could see the diff with talosctl upgrade-k8s --to=<existing version> --dry-run

@smira
Copy link
Member

smira commented May 6, 2022

I just noticed you're on 0.14, but it already supports this flow: https://www.talos.dev/v0.14/guides/upgrading-kubernetes/

@mrwulf
Copy link

mrwulf commented Sep 16, 2022

I think this is an actual (and ongoing!) issue- I'm running v1.2.2 with kubernetes 1.23.4 and am seeing the same problem. I've just run through talos apply-config, talos upgrade, and talos upgrade-k8s again and the kube-proxy daemonset is still missing all of the extraArgs.

MachineConfig:

cluster:
  proxy:
    image: k8s.gcr.io/kube-proxy:v1.24.4
    extraArgs:
      feature-gates: MixedProtocolLBService=true,EphemeralContainers=True
      metrics-bind-address: 0.0.0.0:10249

Daemonset:

      - command:
        - /usr/local/bin/kube-proxy
        - --cluster-cidr=10.244.0.0/16
        - --conntrack-max-per-core=0
        - --hostname-override=$(NODE_NAME)
        - --kubeconfig=/etc/kubernetes/kubeconfig
        - --proxy-mode=iptables

@smira
Copy link
Member

smira commented Sep 19, 2022

First of all, you can do kubectl edit ds -n kube-system kube-proxy and patch it yourself, you don't have to make Talos manage this for you if you don't want it.

Second, make sure you have update machine config on all control plane nodes for extraArgs, then talosctl upgrade-k8s should pick it up.

@mrwulf
Copy link

mrwulf commented Sep 19, 2022

Ah! Thanks @smira - I see from a clarifying comment you made on #5959 that talos will never update the kube-proxy manifest! I haven't fully groked WHY kube-proxy isn't updated - especially since the manifests.kubernetes.talos.dev resource has the update, but I'll dig in more

@chamburr
Copy link
Contributor

chamburr commented Oct 9, 2022

@smira It seems that running talosctl upgrade-k8s does not update extraArgs for me. Looking at the code, I suspect the command would only update the image. Could this be a bug?

switch ds {
case kubeProxy:
daemonset.Spec.Template.Spec.Containers[0].Image = fmt.Sprintf("%s:v%s", constants.KubernetesProxyImage, options.ToVersion)
default:
return fmt.Errorf("failed to build new image spec")
}

@smira
Copy link
Member

smira commented Oct 9, 2022

I'm sorry, why would extraArgs need to be updated?

@chamburr
Copy link
Contributor

Same reason as in the description of this issue, to change the metrics bind address

@smira
Copy link
Member

smira commented Oct 17, 2022

This might be confusing, we'll get a fix for it. You can always update daemonset directly with kubectl edit ds.

@smira smira closed this as completed Dec 1, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 8, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants