How can I configure Consul for k8S in IPVS mode

GuanghuaHuang · June 15, 2022, 2:46pm

I’m use helm installed consul to k8s , but my server is having problems using it
So .Please tell me how to solve it

[root@master ~]# kubectl logs -n wrs pod/config-server-7b64695cc8-b8c4j -c consul-connect-inject-init
2022-06-15T14:12:18.679Z [INFO]  Registered service has been detected: service=config-server-service
2022-06-15T14:12:18.680Z [INFO]  Registered service has been detected: service=config-server-service-sidecar-proxy
2022-06-15T14:12:18.680Z [INFO]  Connect initialization completed
==> Error setting up traffic redirection rules: failed to run command: /sbin/iptables -t nat -N CONSUL_PROXY_INBOUND, err: exit status 3, output: modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.7 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

environment:

kubernetes v1.23.6 
proxy mode ipvs(not ip_tables)
helm 3.9.0
hashicorp/consul:1.12.0
hashicorp/consul-k8s-control-plane:0.44.0
CentOS Linux release 8.5.2111
Linux master 5.4.198-1.el8.elrepo.x86_64 #1 SMP Tue Jun 14 07:38:21 EDT 2022 x86_64 x86_64 x86_64 GNU/Linux

I was able to get my service running but not working by executing the following command

sudo modprobe ip_tables

kschoche · June 15, 2022, 3:16pm

Hi @GuanghuaHuang !
It looks like your base environment does not have iptables support since you’re running kube-proxy in ipvs mode. This is used to enable the transparent proxy support.
You can probably work around this by globally disabling transparent proxy via connectInject.transparentProxy.defaultEnabled: false.

If you’d like to file a feature request for consul-k8s to support ipvs mode at hashicorp/consul-k8s it might help us to prioritize supporting it.

david-yu · June 15, 2022, 9:54pm

Hi @GuanghuaHuang thanks for posting. If you could file a feature request that would be helpful. Could you also provide what K8s distro you are using as your distro? It sounds like you are looking to use ipvs instead?

GuanghuaHuang · June 16, 2022, 2:15am

Thanks a lot, this works.
I’m a newbie. Would my feature request be unreasonable?
But kube-proxy ipvs does perform better than ip tables

GuanghuaHuang · June 16, 2022, 2:16am

I’m sorry I didn’t get your point.
" It sounds like you are looking to use ipvs instead?" no . I am use kubernetes of ipvs mode.that is to use consul on kubernetes without using iptables