Merge pull request #5055 from juanluisvaladas/kubeproxy-extraargs

juanluisvaladas · web-flow · commit 09eefc5e2286 · 2024-09-30T13:17:43.000+02:00
Add extraArgs to kube-proxy
diff --git a/docs/configuration.md b/docs/configuration.md
@@ -118,7 +118,7 @@ spec:
 | `onlyBindToAddress` | The API server binds too all interfaces by default. With this option set to `true`, the API server will only listen on the IP address configured by the `address` option (first non-local address by default). This can be necessary with multi-homed control plane nodes. |
 | `externalAddress`   | The loadbalancer address (for k0s controllers running behind a loadbalancer). Configures all cluster components to connect to this address and also configures this address for use when joining new nodes to the cluster.                                                 |
 | `sans`              | List of additional addresses to push to API servers serving the certificate.                                                                                                                                                                                               |
-| `extraArgs`         | Map of key-values (strings) for any extra arguments to pass down to Kubernetes api-server process.                                                                                                                                                                         |
+| `extraArgs`         | Map of key-values (strings) for any extra arguments to pass down to Kubernetes api-server process. Any behavior triggered by these parameters is outside k0s support.                                                                                                      |
 | `port`¹             | Custom port for kube-api server to listen on (default: 6443)                                                                                                                                                                                                               |
 | `k0sApiPort`¹       | Custom port for k0s-api server to listen on (default: 9443)                                                                                                                                                                                                                |
 
@@ -130,7 +130,7 @@ spec:
 |------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `type`                 | Type of the data store (valid values:`etcd` or `kine`). **Note**: Type `etcd` will cause k0s to create and manage an elastic etcd cluster within the controller nodes. |
 | `etcd.peerAddress`     | Node address used for etcd cluster peering.                                                                                                                            |
-| `etcd.extraArgs`       | Map of key-values (strings) for any extra arguments to pass down to etcd process.                                                                                      |
+| `etcd.extraArgs`       | Map of key-values (strings) for any extra arguments to pass down to etcd process. Any behavior triggered by these parameters is outside k0s support.                   |
 | `kine.dataSource`      | [kine](https://github.com/k3s-io/kine) datasource URL.                                                                                                                 |
 | `etcd.externalCluster` | Configuration when etcd is externally managed, i.e. running on dedicated nodes. See [`spec.storage.etcd.externalCluster`](#specstorageetcdexternalcluster)             |
 
@@ -231,14 +231,16 @@ CALICO_IPV6POOL_CIDR: "{{ spec.network.dualStack.IPv6podCIDR }}"
 
 #### `spec.network.kubeProxy`
 
-| Element             | Description                                                                                                   |
-|---------------------|---------------------------------------------------------------------------------------------------------------|
-| `disabled`          | Disable kube-proxy altogether (default: `false`).                                                             |
-| `mode`              | Kube proxy operating mode, supported modes `iptables`, `ipvs`, `nftables`, `userspace` (default: `iptables`)  |
-| `iptables`          | Kube proxy iptables settings                                                                                  |
-| `ipvs`              | Kube proxy ipvs settings                                                                                      |
-| `nftables`          | Kube proxy nftables settings                                                                                  |
-| `nodePortAddresses` | Kube proxy [nodePortAddresses](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/) |
+| Element             | Description                                                                                                                                                |
+|---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `disabled`          | Disable kube-proxy altogether (default: `false`).                                                                                                          |
+| `mode`              | Kube proxy operating mode, supported modes `iptables`, `ipvs`, `nftables`, `userspace` (default: `iptables`)                                               |
+| `iptables`          | Kube proxy iptables settings                                                                                                                               |
+| `ipvs`              | Kube proxy ipvs settings                                                                                                                                   |
+| `nftables`          | Kube proxy nftables settings                                                                                                                               |
+| `nodePortAddresses` | Kube proxy [nodePortAddresses](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/)                                              |
+| `nodePortAddresses` | Kube proxy [nodePortAddresses](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/)                                              |
+| `extraArgs` .       | Map of key-values (strings) for any extra arguments to pass down to kube-proxy process. Any behavior triggered by these parameters is outside k0s support. |
 
 Default kube-proxy iptables settings:
 
@@ -349,13 +351,13 @@ Configuration options required for using VRRP to configure VIPs in control plane
 
 | Element     | Description                                                                                                             |
 | ----------- | ----------------------------------------------------------------------------------------------------------------------- |
-| `extraArgs` | Map of key-values (strings) for any extra arguments you want to pass down to the Kubernetes controller manager process. |
+| `extraArgs` | Map of key-values (strings) for any extra arguments you want to pass down to the Kubernetes controller manager process. Any behavior triggered by these parameters is outside k0s support. |
 
 ### `spec.scheduler`
 
 | Element     | Description                                                                                                |
 | ----------- | ---------------------------------------------------------------------------------------------------------- |
-| `extraArgs` | Map of key-values (strings) for any extra arguments you want to pass down to Kubernetes scheduler process. |
+| `extraArgs` | Map of key-values (strings) for any extra arguments you want to pass down to Kubernetes scheduler process. Any behavior triggered by these parameters is outside k0s support. |
 
 ### `spec.workerProfiles`
 
diff --git a/inttest/extraargs/extraargs_test.go b/inttest/extraargs/extraargs_test.go
@@ -46,12 +46,18 @@ func (s *ExtraArgsSuite) TestK0sGetsUp() {
 	s.T().Log("waiting to see kube-router pods ready")
 	s.NoError(common.WaitForKubeRouterReady(s.Context(), kc), "kube-router did not start")
 
-	ssh, err := s.SSH(s.Context(), s.ControllerNode(0))
-	defer ssh.Disconnect()
+	sshCtrl, err := s.SSH(s.Context(), s.ControllerNode(0))
+	defer sshCtrl.Disconnect()
 	s.NoError(err)
 
-	s.checkFlag(ssh, "/var/lib/k0s/bin/kube-apiserver", "--disable-admission-plugins=PodSecurity")
-	s.checkFlag(ssh, "/var/lib/k0s/bin/etcd", "--logger=zap")
+	s.checkFlag(sshCtrl, "/var/lib/k0s/bin/kube-apiserver", "--disable-admission-plugins=PodSecurity")
+	s.checkFlag(sshCtrl, "/var/lib/k0s/bin/etcd", "--logger=zap")
+
+	sshWorker, err := s.SSH(s.Context(), s.WorkerNode(0))
+	defer sshWorker.Disconnect()
+	s.NoError(err)
+
+	s.checkFlag(sshWorker, "/usr/local/bin/kube-proxy", "--config-sync-period=12m0s")
 
 }
 func (s *ExtraArgsSuite) checkFlag(ssh *common.SSHConnection, processName string, flag string) {
@@ -88,4 +94,8 @@ spec:
     etcd:
       extraArgs:
         logger: zap
+  network:
+    kubeProxy:
+      extraArgs:
+        config-sync-period: 12m0s
 `
diff --git a/pkg/apis/k0s/v1beta1/kubeproxy.go b/pkg/apis/k0s/v1beta1/kubeproxy.go
@@ -42,6 +42,10 @@ type KubeProxy struct {
 	IPVS               KubeProxyIPVSConfiguration     `json:"ipvs,omitempty"`
 	NFTables           KubeProxyNFTablesConfiguration `json:"nftables,omitempty"`
 	NodePortAddresses  []string                       `json:"nodePortAddresses,omitempty"`
+
+	// Map of key-values (strings) for any extra arguments to pass down to kube-proxy process
+	// Any behavior triggered by these parameters is outside k0s support.
+	ExtraArgs map[string]string `json:"extraArgs,omitempty"`
 }
 
 // KubeProxyIPTablesConfiguration contains iptables-related kube-proxy configuration
diff --git a/pkg/apis/k0s/v1beta1/zz_generated.deepcopy.go b/pkg/apis/k0s/v1beta1/zz_generated.deepcopy.go
diff --git a/pkg/component/controller/kubeproxy.go b/pkg/component/controller/kubeproxy.go
@@ -26,6 +26,7 @@ import (
 	"reflect"
 
 	"github.com/k0sproject/k0s/internal/pkg/dir"
+	"github.com/k0sproject/k0s/internal/pkg/stringmap"
 	"github.com/k0sproject/k0s/internal/pkg/templatewriter"
 	"github.com/k0sproject/k0s/pkg/apis/k0s/v1beta1"
 	"github.com/k0sproject/k0s/pkg/component/manager"
@@ -132,6 +133,17 @@ func (k *KubeProxy) getConfig(clusterConfig *v1beta1.ClusterConfig) (proxyConfig
 			k.log.Warnf("Unsupported node-local load balancer type (%q), using %q as control plane endpoint", controlPlaneEndpoint)
 		}
 	}
+	args := stringmap.StringMap{
+		"config":            "/var/lib/kube-proxy/config.conf",
+		"hostname-override": "$(NODE_NAME)",
+	}
+
+	for name, value := range clusterConfig.Spec.Network.KubeProxy.ExtraArgs {
+		if _, ok := args[name]; ok {
+			logrus.Warnf("overriding kube-proxy flag with user provided value: %s", name)
+		}
+		args[name] = value
+	}
 
 	cfg := proxyConfig{
 		ClusterCIDR:          clusterConfig.Spec.Network.BuildPodCIDR(),
@@ -142,6 +154,7 @@ func (k *KubeProxy) getConfig(clusterConfig *v1beta1.ClusterConfig) (proxyConfig
 		Mode:                 clusterConfig.Spec.Network.KubeProxy.Mode,
 		MetricsBindAddress:   clusterConfig.Spec.Network.KubeProxy.MetricsBindAddress,
 		FeatureGates:         clusterConfig.Spec.FeatureGates.AsMap("kube-proxy"),
+		Args:                 args.ToDashedArgs(),
 	}
 
 	nodePortAddresses, err := json.Marshal(clusterConfig.Spec.Network.KubeProxy.NodePortAddresses)
@@ -184,6 +197,7 @@ type proxyConfig struct {
 	NFTables             string
 	FeatureGates         map[string]bool
 	NodePortAddresses    string
+	Args                 []string
 }
 
 const proxyTemplate = `
@@ -335,8 +349,10 @@ spec:
         imagePullPolicy: {{ .PullPolicy }}
         command:
         - /usr/local/bin/kube-proxy
-        - --config=/var/lib/kube-proxy/config.conf
-        - --hostname-override=$(NODE_NAME)
+        args:
+        {{ range .Args}}
+        - {{ . }} 
+        {{ end }}
         securityContext:
           privileged: true
         volumeMounts:
diff --git a/static/_crds/k0s/k0s.k0sproject.io_clusterconfigs.yaml b/static/_crds/k0s/k0s.k0sproject.io_clusterconfigs.yaml
@@ -654,6 +654,13 @@ spec:
                     properties:
                       disabled:
                         type: boolean
+                      extraArgs:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Map of key-values (strings) for any extra arguments to pass down to kube-proxy process
+                          Any behavior triggered by these parameters is outside k0s support.
+                        type: object
                       iptables:
                         description: |-
                           KubeProxyIPTablesConfiguration contains iptables-related kube-proxy configuration
