Closed fredgate closed 10 months ago
smira
commented
2 years ago Talos doesn't update the manifests automatically for safety reasons. You need to run talosctl upgrade-k8s -n <controlplanenodeIP> --to v1.23.5 to make it re-apply the manifests.
smira
commented
2 years ago 
fredgate
commented
2 years ago Yes but I don't want to upgrade kubernetes version. Just add a parameter to the kube-proxy command line.
Can I run the upgrade-k8s with the actual version ?
talosctl upgrade-k8s -n <controlplanenodeIP> --to v1.21.6
frezbo
commented
2 years ago | Can I run the upgrade-k8s with the actual version ?
yes, you can do talosctl upgrade-k8s --to=<existing version> This will pick up the k8s related changes in the manifest and apply them, other component versiosn will remain the same. You could see the diff with talosctl upgrade-k8s --to=<existing version> --dry-run
smira
commented
2 years ago I just noticed you're on 0.14, but it already supports this flow: https://www.talos.dev/v0.14/guides/upgrading-kubernetes/
mrwulf
commented
2 years ago I think this is an actual (and ongoing!) issue- I'm running v1.2.2 with kubernetes 1.23.4 and am seeing the same problem. I've just run through talos apply-config, talos upgrade, and talos upgrade-k8s again and the kube-proxy daemonset is still missing all of the extraArgs.
MachineConfig:
cluster:
proxy:
image: k8s.gcr.io/kube-proxy:v1.24.4
extraArgs:
feature-gates: MixedProtocolLBService=true,EphemeralContainers=True
metrics-bind-address: 0.0.0.0:10249Daemonset:
- command:
- /usr/local/bin/kube-proxy
- --cluster-cidr=10.244.0.0/16
- --conntrack-max-per-core=0
- --hostname-override=$(NODE_NAME)
- --kubeconfig=/etc/kubernetes/kubeconfig
- --proxy-mode=iptablesFirst of all, you can do kubectl edit ds -n kube-system kube-proxy and patch it yourself, you don't have to make Talos manage this for you if you don't want it.
Second, make sure you have update machine config on all control plane nodes for extraArgs, then talosctl upgrade-k8s should pick it up.
mrwulf
commented
2 years ago Ah! Thanks @smira - I see from a clarifying comment you made on #5959 that talos will never update the kube-proxy manifest! I haven't fully groked WHY kube-proxy isn't updated - especially since the manifests.kubernetes.talos.dev resource has the update, but I'll dig in more
chamburr
commented
2 years ago @smira It seems that running talosctl upgrade-k8s does not update extraArgs for me. Looking at the code, I suspect the command would only update the image. Could this be a bug?
smira
commented
2 years ago I'm sorry, why would extraArgs need to be updated?
chamburr
commented
2 years ago Same reason as in the description of this issue, to change the metrics bind address
smira
commented
2 years ago This might be confusing, we'll get a fix for it. You can always update daemonset directly with kubectl edit ds.
Bug Report
kube-proxy pod runs without args specified in the machine configuration file with key
cluster.proxy.extraArgsDescription
To change the bind address of kube-proxy for metrics, I edit the configuration file of each node as it :
and then apply it with
talosctl apply-config -n 10.80.1.1 -f controlplane1.yamlWhen I watch the pod, I see that the corresponding kube-proxy is restarted (but not recreated), and if I describe it, I see that its command line arguments did not change :I tried to delete the pod; it was recreated but still with the same command line.
In fact the daemonset
kube-proxyis not updated.When I changed the
cluster.scheduler.extraArgsandcluster.controllerManager.extraArgsthe corresponding pods were successfully recreated with the new command.Environment
0.14.11.21.6amd64