Enabling IPVS in Kubernetes
Calico has beta-level support for
ipvs proxy mode.
ipvs support is activated automatically if Calico
kube-proxy is running in that mode.
ipvs mode promises greater scale and performance vs
However, it comes with some limitations. In IPVS mode:
- Calico requires additional
iptablespacket mark bits in order to track packets as they pass through IPVS.
- Calico needs to be configured with the port range that is assigned to Kubernetes NodePorts. If services do use NodePorts outside Calico’s expected range, Calico will treat traffic to those ports as host traffic instead of pod traffic.
- Calico does not support Kubernetes services that make use of a
ExternalIPfor Kubernetes v1.10. This is due to a kube-proxy issue and has been fixed in Kubernetes v1.11.
- Calico has not yet been scale tested with
Calico will detect if you change
kube-proxy’s proxy mode after
Calico has been deployed. Any Kubernetes
needs to be configured
before changing the
kube-proxy proxy mode to