3

I've tried to change kube-proxy configMap and kube-proxy command to set metricsBindAddress but kubernetes resets these changes(without any warnings) after couple seconds.

  1. kubectl edit cm kube-proxy-config -n kube-system => add metricsBindAddress => wait couple seconds and open the config - there is empty metricsBindAddress
  2. kubectl edit ds kube-proxy -n kube-system => add --metrics-bind-address to command => wait couple seconds => the command was reset to default

How to change kube-proxy config and keep these changes ?

Kubernetes version 1.17

UPDATE(as you can, after several seconds metricsBindAddress was changed to empty string): enter image description here

UPDATE 2(pay attention on metricsBinAddress, it's changed after ~40-50 seconds): enter image description here

FINAL UPDATE: Answer from cloud provider(Yandex) - kube-proxy pod it is on the host's network, so to prevent security problems, it listens exclusively on the loopback address and therefore the parameter will be reset

p.s. https://github.com/helm/charts/tree/master/stable/prometheus-operator#kubeproxy - I want to make kube-proxy accessible by prometheus

Suleiman
  • 913
  • 2
  • 13
  • 28
  • I am using version 1.18 and editing the metricsBindAddress is working fine. – Alif Biswas Jan 20 '21 at 09:55
  • @AlifBiswas my collegue also try and he has the same problem. can you change metricsBindAddress, wait couple seconds and try to change again? in my and collegue case it show `""` instead of the address I set – Suleiman Jan 20 '21 at 09:59
  • Still showing the same. By the way, The helm chart you mentioned in the post is deprecated. Are you sure this is not causing any problem? – Alif Biswas Jan 20 '21 at 10:02
  • @AlifBiswas no, I don't think the deprecated chart can reset kube-proxy config. Maybe it's my cloud provider.. Thank you – Suleiman Jan 20 '21 at 10:05
  • What exactly version are you using on your cluster? I tried on `v1.17.17` and have only `kube-proxy` configmap and you are editing configmap named `kube-proxy-config`. What environment you are using, its local or cloud env? Are you using some specific configuration or it's fresh cluster and you just wanted to edit `kube-proxy` configmap? – PjoterS Jan 20 '21 at 16:29
  • @PjoterS `Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.12", GitCommit:"5ec472285121eb6c451e515bc0a7201413872fa3", GitTreeState:"clean", BuildDate:"2020-09-16T13:32:12Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}` | `Depending on the cluster, the relevant part config.conf will be in ConfigMap kube-system/kube-proxy or kube-system/kube-proxy-config` (c) https://github.com/helm/charts/tree/master/stable/prometheus-operator#kubeproxy Cloud environment, it's fresh cluster – Suleiman Jan 20 '21 at 18:36

2 Answers2

2

First edit:

kubectl edit cm/kube-proxy -n kube-system

.....
metricsBindAddress: 0.0.0.0:10249
.....

Then,

kubectl rollout restart ds kube-proxy -n kube-system

You have to restart the pods otherwise they do not get the configuration. You can check the status by:

kubectl rollout status ds kube-proxy -n kube-system
Kaan
  • 180
  • 2
  • 7
  • I did it several times , but metricsBindAddress resets. I've updated first post, you can see what am I talking about – Suleiman Jan 20 '21 at 14:07
1

I am posting this Community Wiki because root cause of the issue has been determined.

Usually to change of metricsBindAddress: can be achieved by editing ConfigMap and delete kube-proxy pod or use rollout restart on DaemonSet.

Root cause of this issue was that this change was blocked by OP's environment - Yandex Cloud.

OP received feedback from Yandex Support

kube-proxy pod it is on the host's network, so to prevent security problems, it listens exclusively on the loopback address and therefore the parameter will be reset

PjoterS
  • 7,080
  • 1
  • 10
  • 24