-
-
Save eugenestarchenko/722414c2ed73ca184961089adac1bb4a to your computer and use it in GitHub Desktop.
EKS 1.16.8 Upgrade, kube-proxy:v1.16.8 errors
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
annotations: | |
labels: | |
eks.amazonaws.com/component: kube-proxy | |
k8s-app: kube-proxy | |
name: kube-proxy-config | |
data: | |
config: |- | |
apiVersion: kubeproxy.config.k8s.io/v1alpha1 | |
bindAddress: 0.0.0.0 | |
clientConnection: | |
acceptContentTypes: "" | |
burst: 10 | |
contentType: application/vnd.kubernetes.protobuf | |
kubeconfig: /var/lib/kube-proxy/kubeconfig | |
qps: 5 | |
clusterCIDR: "" | |
configSyncPeriod: 15m0s | |
conntrack: | |
max: 0 | |
maxPerCore: 32768 | |
min: 131072 | |
tcpCloseWaitTimeout: 1h0m0s | |
tcpEstablishedTimeout: 24h0m0s | |
enableProfiling: false | |
healthzBindAddress: 0.0.0.0:10256 | |
hostnameOverride: "" | |
iptables: | |
masqueradeAll: false | |
masqueradeBit: 14 | |
minSyncPeriod: 0s | |
syncPeriod: 30s | |
ipvs: | |
excludeCIDRs: null | |
minSyncPeriod: 0s | |
scheduler: "" | |
syncPeriod: 30s | |
kind: KubeProxyConfiguration | |
metricsBindAddress: 127.0.0.1:10249 | |
mode: "iptables" | |
nodePortAddresses: null | |
oomScoreAdj: -998 | |
portRange: "" | |
resourceContainer: "" | |
udpIdleTimeout: 250ms |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: apps/v1 | |
kind: DaemonSet | |
metadata: | |
annotations: | |
labels: | |
eks.amazonaws.com/component: kube-proxy | |
k8s-app: kube-proxy | |
name: kube-proxy | |
namespace: kube-system | |
spec: | |
revisionHistoryLimit: 10 | |
selector: | |
matchLabels: | |
k8s-app: kube-proxy | |
template: | |
metadata: | |
labels: | |
k8s-app: kube-proxy | |
spec: | |
affinity: | |
nodeAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/os | |
operator: In | |
values: | |
- linux | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
- key: eks.amazonaws.com/compute-type | |
operator: NotIn | |
values: | |
- fargate | |
containers: | |
- command: | |
- kube-proxy | |
- --v=2 | |
- --config=/var/lib/kube-proxy-config/config | |
image: 602401143452.dkr.ecr.us-east-1.amazonaws.com/eks/kube-proxy:v1.16.8 | |
imagePullPolicy: IfNotPresent | |
name: kube-proxy | |
resources: | |
requests: | |
cpu: 100m | |
securityContext: | |
privileged: true | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /var/log | |
name: varlog | |
- mountPath: /run/xtables.lock | |
name: xtables-lock | |
- mountPath: /lib/modules | |
name: lib-modules | |
readOnly: true | |
- mountPath: /var/lib/kube-proxy/ | |
name: kubeconfig | |
- mountPath: /var/lib/kube-proxy-config/ | |
name: config | |
dnsPolicy: ClusterFirst | |
hostNetwork: true | |
priorityClassName: system-node-critical | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: {} | |
serviceAccount: kube-proxy | |
serviceAccountName: kube-proxy | |
terminationGracePeriodSeconds: 30 | |
tolerations: | |
- operator: Exists | |
volumes: | |
- hostPath: | |
path: /var/log | |
type: "" | |
name: varlog | |
- hostPath: | |
path: /run/xtables.lock | |
type: FileOrCreate | |
name: xtables-lock | |
- hostPath: | |
path: /lib/modules | |
type: "" | |
name: lib-modules | |
- configMap: | |
defaultMode: 420 | |
name: kube-proxy | |
name: kubeconfig | |
- configMap: | |
defaultMode: 420 | |
name: kube-proxy-config | |
name: config | |
updateStrategy: | |
rollingUpdate: | |
maxUnavailable: 10% | |
type: RollingUpdate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
annotations: | |
labels: | |
eks.amazonaws.com/component: kube-proxy | |
k8s-app: kube-proxy | |
name: kube-proxy | |
data: | |
kubeconfig: |- | |
kind: Config | |
apiVersion: v1 | |
clusters: | |
- cluster: | |
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
server: https://xxxxxxxxxxxxxxxxxxxxx.sk1.us-east-1.eks.amazonaws.com | |
name: default | |
contexts: | |
- context: | |
cluster: default | |
namespace: default | |
user: default | |
name: default | |
current-context: default | |
users: | |
- name: default | |
user: | |
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
EKS clusters created from 1.12 onwards use a config file (by mounting a configmap called kube-proxy-config | |
If you are updating a cluster that was originally created on < 1.12, you will need to updated the kube-proxy configmaps and daemonsets. | |
1. Create kube-proxy-config configmap | |
kubectl -n kube-system apply -f kube-proxy-config.yaml | |
2. Update kube-proxy configmap, replace the server: with your API Server endpoint details and apply. | |
kubectl -n kube-system apply -f kube-proxy.yaml | |
3. Apply latest daemonset | |
kubectl -n kube-system apply -f kube-proxy-daemonset.yaml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment