What does it means "can't set sysctl net/ipv4/vs/conn_reuse_mode" when set ipvs mode whith k8s?

Question

When I modify kube-proxy mode from iptales to ipvs, after restart the kube-proxy, "kubectl logs kube-proxy" return the following error:

server.go:485] unable to create proxier: can't set sysctl net/ipv4/vs/conn_reuse_mode: open /proc/sys/net/ipv4/vs/conn_reuse_mode: no such file or directory

And I confirmcon that I have installed dependent kernel modules by following cmd:

lsmod | grep ip_vs lsmod | grep conntrack

All are ok,so what should I do with the above error?

Answer 1

What modifications are you exactly introducing to your kube-proxy and how ? If you are only setting ipvs mode you can do it in a way described here and there shouldn't be any problems.

If you're also configuring some additional sysctls in the securityContext of your kube-proxy Pods, you may need to consider the following.

Keep in mind that there are so called safe and unsafe sysctls. As you can read here:

All safe sysctls are enabled by default.

All unsafe sysctls are disabled by default and must be allowed manually by the cluster admin on a per-node basis. Pods with disabled unsafe sysctls will be scheduled, but will fail to launch.

With the warning above in mind, the cluster admin can allow certain unsafe sysctls for very special situations such as high-performance or real-time application tuning. Unsafe sysctls are enabled on a node-by-node basis with a flag of the kubelet; for example:

kubelet --allowed-unsafe-sysctls \   'kernel.msg*,net.core.somaxconn' ...