eugenestarchenko/Notes.txt

## kube-proxy-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  annotations:
  labels:
    eks.amazonaws.com/component: kube-proxy
    k8s-app: kube-proxy
  name: kube-proxy-config
data:
  config: |-
    apiVersion: kubeproxy.config.k8s.io/v1alpha1
    bindAddress: 0.0.0.0
    clientConnection:
      acceptContentTypes: ""
      burst: 10
      contentType: application/vnd.kubernetes.protobuf
      kubeconfig: /var/lib/kube-proxy/kubeconfig
      qps: 5
    clusterCIDR: ""
    configSyncPeriod: 15m0s
    conntrack:
      max: 0
      maxPerCore: 32768
      min: 131072
      tcpCloseWaitTimeout: 1h0m0s
      tcpEstablishedTimeout: 24h0m0s
    enableProfiling: false
    healthzBindAddress: 0.0.0.0:10256
    hostnameOverride: ""
    iptables:
      masqueradeAll: false
      masqueradeBit: 14
      minSyncPeriod: 0s
      syncPeriod: 30s
    ipvs:
      excludeCIDRs: null
      minSyncPeriod: 0s
      scheduler: ""
      syncPeriod: 30s
    kind: KubeProxyConfiguration
    metricsBindAddress: 127.0.0.1:10249
    mode: "iptables"
    nodePortAddresses: null
    oomScoreAdj: -998
    portRange: ""
    resourceContainer: ""
    udpIdleTimeout: 250ms

## kube-proxy-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  annotations:
  labels:
    eks.amazonaws.com/component: kube-proxy
    k8s-app: kube-proxy
  name: kube-proxy
  namespace: kube-system
spec:
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kube-proxy
  template:
    metadata:
      labels:
        k8s-app: kube-proxy
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: beta.kubernetes.io/os
                operator: In
                values:
                - linux
              - key: beta.kubernetes.io/arch
                operator: In
                values:
                - amd64
              - key: eks.amazonaws.com/compute-type
                operator: NotIn
                values:
                - fargate
      containers:
      - command:
        - kube-proxy
        - --v=2
        - --config=/var/lib/kube-proxy-config/config
        image: 602401143452.dkr.ecr.us-east-1.amazonaws.com/eks/kube-proxy:v1.16.8
        imagePullPolicy: IfNotPresent
        name: kube-proxy
        resources:
          requests:
            cpu: 100m
        securityContext:
          privileged: true
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /var/log
          name: varlog
        - mountPath: /run/xtables.lock
          name: xtables-lock
        - mountPath: /lib/modules
          name: lib-modules
          readOnly: true
        - mountPath: /var/lib/kube-proxy/
          name: kubeconfig
        - mountPath: /var/lib/kube-proxy-config/
          name: config
      dnsPolicy: ClusterFirst
      hostNetwork: true
      priorityClassName: system-node-critical
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: kube-proxy
      serviceAccountName: kube-proxy
      terminationGracePeriodSeconds: 30
      tolerations:
      - operator: Exists
      volumes:
      - hostPath:
          path: /var/log
          type: ""
        name: varlog
      - hostPath:
          path: /run/xtables.lock
          type: FileOrCreate
        name: xtables-lock
      - hostPath:
          path: /lib/modules
          type: ""
        name: lib-modules
      - configMap:
          defaultMode: 420
          name: kube-proxy
        name: kubeconfig
      - configMap:
          defaultMode: 420
          name: kube-proxy-config
        name: config
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 10%
    type: RollingUpdate

## kube-proxy.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  annotations:
  labels:
    eks.amazonaws.com/component: kube-proxy
    k8s-app: kube-proxy
  name: kube-proxy
data:
  kubeconfig: |-
    kind: Config
    apiVersion: v1
    clusters:
    - cluster:
        certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        server: https://xxxxxxxxxxxxxxxxxxxxx.sk1.us-east-1.eks.amazonaws.com
      name: default
    contexts:
    - context:
        cluster: default
        namespace: default
        user: default
      name: default
    current-context: default
    users:
    - name: default
      user:
        tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token

## Notes.txt
EKS clusters created from 1.12 onwards use a config file (by mounting a configmap called kube-proxy-config
If you are updating a cluster that was originally created on < 1.12, you will need to updated the kube-proxy configmaps and daemonsets.


1. Create kube-proxy-config configmap

   kubectl -n kube-system apply -f kube-proxy-config.yaml

2. Update kube-proxy configmap, replace the server: with your API Server endpoint details and apply.

   kubectl -n kube-system apply -f kube-proxy.yaml

3. Apply latest daemonset

   kubectl -n kube-system apply -f kube-proxy-daemonset.yaml
	apiVersion: v1
	kind: ConfigMap
	metadata:
	annotations:
	labels:
	eks.amazonaws.com/component: kube-proxy
	k8s-app: kube-proxy
	name: kube-proxy-config
	data:
	config: \|-
	apiVersion: kubeproxy.config.k8s.io/v1alpha1
	bindAddress: 0.0.0.0
	clientConnection:
	acceptContentTypes: ""
	burst: 10
	contentType: application/vnd.kubernetes.protobuf
	kubeconfig: /var/lib/kube-proxy/kubeconfig
	qps: 5
	clusterCIDR: ""
	configSyncPeriod: 15m0s
	conntrack:
	max: 0
	maxPerCore: 32768
	min: 131072
	tcpCloseWaitTimeout: 1h0m0s
	tcpEstablishedTimeout: 24h0m0s
	enableProfiling: false
	healthzBindAddress: 0.0.0.0:10256
	hostnameOverride: ""
	iptables:
	masqueradeAll: false
	masqueradeBit: 14
	minSyncPeriod: 0s
	syncPeriod: 30s
	ipvs:
	excludeCIDRs: null
	minSyncPeriod: 0s
	scheduler: ""
	syncPeriod: 30s
	kind: KubeProxyConfiguration
	metricsBindAddress: 127.0.0.1:10249
	mode: "iptables"
	nodePortAddresses: null
	oomScoreAdj: -998
	portRange: ""
	resourceContainer: ""
	udpIdleTimeout: 250ms
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	annotations:
	labels:
	eks.amazonaws.com/component: kube-proxy
	k8s-app: kube-proxy
	name: kube-proxy
	namespace: kube-system
	spec:
	revisionHistoryLimit: 10
	selector:
	matchLabels:
	k8s-app: kube-proxy
	template:
	metadata:
	labels:
	k8s-app: kube-proxy
	spec:
	affinity:
	nodeAffinity:
	requiredDuringSchedulingIgnoredDuringExecution:
	nodeSelectorTerms:
	- matchExpressions:
	- key: beta.kubernetes.io/os
	operator: In
	values:
	- linux
	- key: beta.kubernetes.io/arch
	operator: In
	values:
	- amd64
	- key: eks.amazonaws.com/compute-type
	operator: NotIn
	values:
	- fargate
	containers:
	- command:
	- kube-proxy
	- --v=2
	- --config=/var/lib/kube-proxy-config/config
	image: 602401143452.dkr.ecr.us-east-1.amazonaws.com/eks/kube-proxy:v1.16.8
	imagePullPolicy: IfNotPresent
	name: kube-proxy
	resources:
	requests:
	cpu: 100m
	securityContext:
	privileged: true
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /var/log
	name: varlog
	- mountPath: /run/xtables.lock
	name: xtables-lock
	- mountPath: /lib/modules
	name: lib-modules
	readOnly: true
	- mountPath: /var/lib/kube-proxy/
	name: kubeconfig
	- mountPath: /var/lib/kube-proxy-config/
	name: config
	dnsPolicy: ClusterFirst
	hostNetwork: true
	priorityClassName: system-node-critical
	restartPolicy: Always
	schedulerName: default-scheduler
	securityContext: {}
	serviceAccount: kube-proxy
	serviceAccountName: kube-proxy
	terminationGracePeriodSeconds: 30
	tolerations:
	- operator: Exists
	volumes:
	- hostPath:
	path: /var/log
	type: ""
	name: varlog
	- hostPath:
	path: /run/xtables.lock
	type: FileOrCreate
	name: xtables-lock
	- hostPath:
	path: /lib/modules
	type: ""
	name: lib-modules
	- configMap:
	defaultMode: 420
	name: kube-proxy
	name: kubeconfig
	- configMap:
	defaultMode: 420
	name: kube-proxy-config
	name: config
	updateStrategy:
	rollingUpdate:
	maxUnavailable: 10%
	type: RollingUpdate
	EKS clusters created from 1.12 onwards use a config file (by mounting a configmap called kube-proxy-config
	If you are updating a cluster that was originally created on < 1.12, you will need to updated the kube-proxy configmaps and daemonsets.



	1. Create kube-proxy-config configmap

	kubectl -n kube-system apply -f kube-proxy-config.yaml

	2. Update kube-proxy configmap, replace the server: with your API Server endpoint details and apply.

	kubectl -n kube-system apply -f kube-proxy.yaml

	3. Apply latest daemonset

	kubectl -n kube-system apply -f kube-proxy-daemonset.yaml