Switch Kubernetes kube-proxy to IPVS Mode for Faster Service Scaling

IPVS uses a hash table for service lookup, while iptables matches rules sequentially; as the number of services grows, IPVS provides a clear performance advantage.

Configure the master node

Install the required packages: yum install -y ipset ipvsadm Create the module loader script /etc/sysconfig/modules/ipvs.modules:

#!/bin/bash
ipvs_modules=(ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack_ipv4)
for kernel_module in ${ipvs_modules[*]}; do
  /sbin/modinfo -Ffilename ${kernel_module} >/dev/null 2>&1
  if [ $? -eq 0 ]; then
    /sbin/modprobe ${kernel_module}
  fi
done

Make the script executable and run it:

chmod +x /etc/sysconfig/modules/ipvs.modules
/etc/sysconfig/modules/ipvs.modules

Edit the kube-proxy ConfigMap to enable IPVS mode: kubectl -n kube-system edit cm kube-proxy Replace the line mode:"iptables" with mode:"ipvs".

Configure each worker node

Install the same packages: yum install -y ipset ipvsadm Create the same /etc/sysconfig/modules/ipvs.modules script (identical to the master node) and make it executable.

chmod +x /etc/sysconfig/modules/ipvs.modules
/etc/sysconfig/modules/ipvs.modules

Clear existing iptables rules

iptables -t filter -F
iptables -t filter -X
iptables -t nat -F
iptables -t nat -X

Verify the setup

Deploy a temporary BusyBox pod and test external connectivity:

kubectl run busybox --image=busybox:1.28 --restart=Never --rm -it -- sh
# inside the pod
ping www.baidu.com

The ping should succeed, confirming network access.

Next, check Kubernetes DNS resolution: nslookup kubernetes.default.svc.cluster.local The output should show the cluster DNS server (10.96.0.10) and the resolved IP addresses, indicating that DNS is functioning correctly.