K
Q

How to configure kube-proxy master_url with multiple apiservers

12/11/2015

I'm using a cluster setup with multiple apiservers with a loadbalancer in front of them for external access, with an installation on bare metal.

Like mentioned in the High Availability Kubernetes Clusters docs, I would like to use internal loadbalancing utilizing the kubernetes service within my cluster. This works fine so far, but I'm not sure what is the best way to set up the kube-proxy. It obviously cannot use the service IP, since it does the proxying to this one based on the data from the apiserver (master). I could use the IP of any one of the apiservers, but this would cause losing the high availability. So, the only viable option I currently see is to utilize my external loadbalancer, but this seems somehow wrong.

Anybody any ideas or best practices?

-- Dirk Jablonski
high-availability
kubernetes
proxy

Similar Questions

How can I find matched http request through a response error while running k8s on Mesos?
Kubelet SyncLoop stops (v1.1.1)
How do you set-up Mongo replica set on Kubernetes?
Kubernetes state of the pod when running preStop command

2 Answers

1/4/2016

I think the way it is meant to be set up is that you have a kube-proxy on each master node, so each kube-proxy points to its master on 127.0.0.1 / localhost

The podmaster determines which api-server should run, which in turns makes use of the local proxy of that master

-- MrE
Source: StackOverflow
3/21/2017

This is quite old question, but as the problem persists... here it goes.

There is a bug in the Kubernetes restclient, which does not allow to use more than one IP/URL, as it will pick up always the first IP/URL in the list. This affects to kube-proxy and also to kubelet, leaving a single point of failure in those tools if you don't use a load balancer (as you did) in a multi-master setup. The solution probably is not the most elegant solution ever, but currently (I think) is the easier one.

Other solution (which I prefer, but may not work for everyone and it does not solve all the problems) is to create a DNS entry that will round robin your API servers, but as pointed out in one of the links below, that only solves the load balancing, and not the HA.

You can see the progress of this story in the following links:

The kube-proxy/kubelet issue: https://github.com/kubernetes/kubernetes/issues/18174
The restclient PR: https://github.com/kubernetes/kubernetes/pull/30588
The "official" solution: https://github.com/kubernetes/kubernetes/issues/18174#issuecomment-199381822

-- kanor1306
Source: StackOverflow