Replace kube-proxy in OpenShift Environment With Avi Vantage

In an OpenShift environment, a user may opt to use Avi Vantage alongside kube-proxy or instead disable kube-proxy and use Avi Vantage as the only application proxy.

If kube-proxy is enabled, it uses the service subnet (default is to allocate east-west VIPs to services. In this case, east-west VIPs handled by Vantage have to be configured to use other subnets. Kube-proxy will be running, but unused, since services use Avi-allocated VIPs for east-west traffic, instead of OpenShift-allocated VIPs from the service network.

If a user wishes to use the service subnet to load balance traffic using Avi, kube-proxy must be disabled. This mode offers operational advantages, since OpenShift’s API and CLI are in sync with the VIP used for the service. That is to say, if someone does a “oc get service,” the VIPs shown in the output are the same VIPs on which Avi provides the service.

Disable kube-proxy

Delete all user-created services.

  • Login to the OpenShift Master node.

    ssh username@os_master_ip
  • Delete all user-created services and deployments that may be running.

    oc delete all --all

To disable kube-proxy, perform the below steps on all nodes (Masters and Slaves):

  • Login to the node.

    ssh username@os_node_ip
  • Edit /etc/sysconfig/origin-node and change the OPTIONS variable to read as below:

    OPTIONS="--loglevel=2 --disable proxy"
  • Save and exit the editor.
  • Restart the origin-node service.

    systemctl restart origin-node.service

Repeat the above steps for all other nodes in the OpenShift cluster.

Configuration changes on Avi

Make below changes while following the OpenShift installation guide.

  • Configure the east-west VIP network to use the service network (default
  •  In the cloud configuration, select the Use Cluster IP of service as VIP for East-West checkbox.

Note: Kube-proxy can be replaced only when SEs are deployed using the SSH method.