Created
May 27, 2020 06:19
-
-
Save dijeesh/3f927e6e8473550e858064071388c329 to your computer and use it in GitHub Desktop.
EKS 1.16.8 Upgrade, kube-proxy:v1.16.8 errors
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
annotations: | |
labels: | |
eks.amazonaws.com/component: kube-proxy | |
k8s-app: kube-proxy | |
name: kube-proxy-config | |
data: | |
config: |- | |
apiVersion: kubeproxy.config.k8s.io/v1alpha1 | |
bindAddress: 0.0.0.0 | |
clientConnection: | |
acceptContentTypes: "" | |
burst: 10 | |
contentType: application/vnd.kubernetes.protobuf | |
kubeconfig: /var/lib/kube-proxy/kubeconfig | |
qps: 5 | |
clusterCIDR: "" | |
configSyncPeriod: 15m0s | |
conntrack: | |
max: 0 | |
maxPerCore: 32768 | |
min: 131072 | |
tcpCloseWaitTimeout: 1h0m0s | |
tcpEstablishedTimeout: 24h0m0s | |
enableProfiling: false | |
healthzBindAddress: 0.0.0.0:10256 | |
hostnameOverride: "" | |
iptables: | |
masqueradeAll: false | |
masqueradeBit: 14 | |
minSyncPeriod: 0s | |
syncPeriod: 30s | |
ipvs: | |
excludeCIDRs: null | |
minSyncPeriod: 0s | |
scheduler: "" | |
syncPeriod: 30s | |
kind: KubeProxyConfiguration | |
metricsBindAddress: 127.0.0.1:10249 | |
mode: "iptables" | |
nodePortAddresses: null | |
oomScoreAdj: -998 | |
portRange: "" | |
resourceContainer: "" | |
udpIdleTimeout: 250ms |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: apps/v1 | |
kind: DaemonSet | |
metadata: | |
annotations: | |
labels: | |
eks.amazonaws.com/component: kube-proxy | |
k8s-app: kube-proxy | |
name: kube-proxy | |
namespace: kube-system | |
spec: | |
revisionHistoryLimit: 10 | |
selector: | |
matchLabels: | |
k8s-app: kube-proxy | |
template: | |
metadata: | |
labels: | |
k8s-app: kube-proxy | |
spec: | |
affinity: | |
nodeAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/os | |
operator: In | |
values: | |
- linux | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
- key: eks.amazonaws.com/compute-type | |
operator: NotIn | |
values: | |
- fargate | |
containers: | |
- command: | |
- kube-proxy | |
- --v=2 | |
- --config=/var/lib/kube-proxy-config/config | |
image: 602401143452.dkr.ecr.us-east-1.amazonaws.com/eks/kube-proxy:v1.16.8 | |
imagePullPolicy: IfNotPresent | |
name: kube-proxy | |
resources: | |
requests: | |
cpu: 100m | |
securityContext: | |
privileged: true | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /var/log | |
name: varlog | |
- mountPath: /run/xtables.lock | |
name: xtables-lock | |
- mountPath: /lib/modules | |
name: lib-modules | |
readOnly: true | |
- mountPath: /var/lib/kube-proxy/ | |
name: kubeconfig | |
- mountPath: /var/lib/kube-proxy-config/ | |
name: config | |
dnsPolicy: ClusterFirst | |
hostNetwork: true | |
priorityClassName: system-node-critical | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: {} | |
serviceAccount: kube-proxy | |
serviceAccountName: kube-proxy | |
terminationGracePeriodSeconds: 30 | |
tolerations: | |
- operator: Exists | |
volumes: | |
- hostPath: | |
path: /var/log | |
type: "" | |
name: varlog | |
- hostPath: | |
path: /run/xtables.lock | |
type: FileOrCreate | |
name: xtables-lock | |
- hostPath: | |
path: /lib/modules | |
type: "" | |
name: lib-modules | |
- configMap: | |
defaultMode: 420 | |
name: kube-proxy | |
name: kubeconfig | |
- configMap: | |
defaultMode: 420 | |
name: kube-proxy-config | |
name: config | |
updateStrategy: | |
rollingUpdate: | |
maxUnavailable: 10% | |
type: RollingUpdate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
annotations: | |
labels: | |
eks.amazonaws.com/component: kube-proxy | |
k8s-app: kube-proxy | |
name: kube-proxy | |
data: | |
kubeconfig: |- | |
kind: Config | |
apiVersion: v1 | |
clusters: | |
- cluster: | |
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
server: https://xxxxxxxxxxxxxxxxxxxxx.sk1.us-east-1.eks.amazonaws.com | |
name: default | |
contexts: | |
- context: | |
cluster: default | |
namespace: default | |
user: default | |
name: default | |
current-context: default | |
users: | |
- name: default | |
user: | |
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
EKS clusters created from 1.12 onwards use a config file (by mounting a configmap called kube-proxy-config | |
If you are updating a cluster that was originally created on < 1.12, you will need to updated the kube-proxy configmaps and daemonsets. | |
1. Create kube-proxy-config configmap | |
kubectl -n kube-system apply -f kube-proxy-config.yaml | |
2. Update kube-proxy configmap, replace the server: with your API Server endpoint details and apply. | |
kubectl -n kube-system apply -f kube-proxy.yaml | |
3. Apply latest daemonset | |
kubectl -n kube-system apply -f kube-proxy-daemonset.yaml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment