Enable Service Topology on k8s

Question

I\'m using k8s with kubeadm version 1.17. I\'m trying to enable Service Topology feature gates but I can\'t. Documentation say to use \"--feature-gates=\"ServiceTopology=tru

Answer 1

In my case (kubeadm version 1.18.2), it works with the following kubeadm configuration .yaml file (podSubnet is there because I am using Flannel CNI). The key of kube-proxy is "featureGates" as mentioned in https://godoc.org/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration

---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
apiServer:
  extraArgs:
    feature-gates: "ServiceTopology=true,EndpointSlice=true"
controllerManager:
  extraArgs:
    feature-gates: "ServiceTopology=true,EndpointSlice=true"
scheduler:
  extraArgs:
    feature-gates: "ServiceTopology=true,EndpointSlice=true"
networking:
   podSubnet: "10.244.0.0/16"

---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
  ServiceTopology: true
  EndpointSliceProxying: true

Answer 2

It's not a flag of kubeadm. You need to enable it for each kubernetes control plane component such as controller manager, API Server, Scheduler, Kube proxy. The yamls for each of these components located at /etc/kubernetes/manifests location on all the master nodes need to be modified to add the feature flag - --feature-gates=ServiceTopology=true

API Server yaml for example

root@kind-control-plane:/# cat /etc/kubernetes/manifests/kube-apiserver.yaml 
apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 172.18.0.2:6443
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-apiserver
    - --advertise-address=172.18.0.2
    - --allow-privileged=true
    - --authorization-mode=Node,RBAC
    - --client-ca-file=/etc/kubernetes/pki/ca.crt
    - --enable-admission-plugins=NodeRestriction
    - --enable-bootstrap-token-auth=true
    - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
    - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
    - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
    - --etcd-servers=https://127.0.0.1:2379
    - --insecure-port=0
    - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
    - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
    - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
    - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
    - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
    - --requestheader-allowed-names=front-proxy-client
    - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
    - --requestheader-extra-headers-prefix=X-Remote-Extra-
    - --requestheader-group-headers=X-Remote-Group
    - --requestheader-username-headers=X-Remote-User
    - --secure-port=6443
    - --service-account-key-file=/etc/kubernetes/pki/sa.pub
    - --service-cluster-ip-range=10.96.0.0/12
    - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
    - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
    - --feature-gates=ServiceTopology=true 

Edit:

For kube proxy a custom kubeadm config file need to be created to add the feature flag

apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
...
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
FeatureGates:
  ServiceTopology: true

Reference here