Replace kube-proxy in OpenShift Environment With Avi Vantage
In an OpenShift environment, a user may opt to use Avi Vantage alongside kube-proxy or instead disable kube-proxy and use Avi Vantage as the only application proxy.
If kube-proxy is enabled, it uses the service subnet (default is 172.30.0.0/16) to allocate east-west VIPs to services. In this case, east-west VIPs handled by Vantage have to be configured to use other subnets. Kube-proxy will be running, but unused, since services use Avi-allocated VIPs for east-west traffic, instead of OpenShift-allocated VIPs from the service network.
If a user wishes to use the service subnet to load balance traffic using Avi, kube-proxy must be disabled. This mode offers operational advantages, since OpenShift’s API and CLI are in sync with the VIP used for the service. That is to say, if someone does a “oc get service,” the VIPs shown in the output are the same VIPs on which Avi provides the service.
Delete all user-created services.
Login to the OpenShift Master node.
Delete all user-created services and deployments that may be running.
oc delete all --all
To disable kube-proxy, perform the below steps on all nodes (Masters and Slaves):
Login to the node.
Edit /etc/sysconfig/origin-node and change the OPTIONS variable to read as below:
OPTIONS="--loglevel=2 --disable proxy"
- Save and exit the editor.
Restart the origin-node service.
systemctl restart origin-node.service
Repeat the above steps for all other nodes in the OpenShift cluster.
Configuration changes on Avi
Make below changes while following the OpenShift installation guide.
- Configure the east-west VIP network to use the service network (default 172.30.0.0/16).
- In the cloud configuration, select the Use Cluster IP of service as VIP for East-West checkbox.
Note: Kube-proxy can be replaced only when SEs are deployed using the SSH method.