Flags and Environment Variables
Flags
These flags are typically used in the kube-vip manifest generation process.
| Category | Flag property | Usage | Notes |
|---|---|---|---|
| Troubleshooting | |||
--log | default 4 | Set to -4 for debugging logs | |
| Mode | |||
--arp | Enables ARP broadcasts from Leader | ||
--bgp | Enables BGP peering from kube-vip | ||
--table | Enables routing entries to be created | ||
--wireguard | Enables services to be exposed over Wireguard | ||
| Features | |||
--controlplane | Enables kube-vip control plane functionality | ||
--services | Enables kube-vip to watch services of type LoadBalancer | ||
--enableEndpointSlices | Enables use of EndopintSlices instead of Endpoints | ||
| VIP Config | |||
--vip | <IP Address> | (deprecated) | |
--address | <IP Address> or <DNS name> | ||
--ddns | Enables DDNS support | Requires --address is used and set to FQDN | |
--interface | Linux interface on the node | ||
--leaderElection | Enables Kubernetes LeaderElection | Used by ARP, as only the leader can broadcast | |
--vipSubnet | 32,128 in ARP mode you could use (auto,auto) | Used when advertising in any mode | |
--enableLoadBalancer | Enables IPVS load balancer | kube-vip ≥ 0.4.0 | |
--lbPort | 6443 | The port that the api server will load-balanced on | |
--lbForwardingMethod | Select the forwarding method (default local) | The IPVS forwarding method (local, masquerade, tunnel, directroute, bypass) | |
| Services | |||
--servicesInterface | "" | (Optional) different interface to bind services too | |
--servicesElection | false | Enables a leadership Election for each Service, allowing them to be distributed | |
--onlyAllowTrafficServicePorts | false | Only allow traffic to service ports, others will be dropped | |
| Kubernetes | |||
--inCluster | Required for kube-vip as DaemonSet. | Runs kube-vip with a ServiceAccount called kube-vip. | |
--taint | Required for kube-vip as DaemonSet. | Adds node affinity rules forcing kube-vip Pods to run on control plane. | |
| LeaderElection | |||
--leaseDuration | default 15 | Seconds a lease is held for | |
--leaseRenewDuration | default 10 | Seconds a leader can attempt to renew the lease | |
--leaseRetry | default 2 | Number of times the leader will hold the lease for | |
--namespace | "kube-vip" | The namespace where the lease will reside | |
| ARP | |||
--enableNodeLabeling | false | Enable leader node labeling with kube-vip.io/has-ip=<VIP address> | |
| BGP | |||
--bgpRouterID | <IP Address> | Typically the address of the local node | |
--localAS | default 65000 | The AS we peer from | |
--bgppeers | <address:AS:password:multihop> | Comma separated list of BGP peers | |
--peerAddress | <IP Address> | Address of a single BGP Peer | |
--peerAS | default 65000 | AS of a single BGP Peer | |
--peerPass | "" | Password to work with a single BGP Peer | |
--multiHop | Enables eBGP MultiHop | Enable multiHop with a single BGP Peer | |
--sourceif | Source Interface | Determines which interface BGP should peer from | |
--sourceip | Source Address | Determines which IP address BGP should peer from | |
--annotations | <provider string> | Startup will be paused until the node annotations contain the BGP configuration | |
| Equinix Metal | (May be deprecated) | ||
--metal | Enables Equinix Metal API calls | ||
--metalKey | Equinix Metal API token | ||
--metalProject | Equinix Metal Project (Name) | ||
--metalProjectID | Equinix Metal Project (UUID) | ||
--provider-config | Path to the Equinix Metal provider configuration | Requires the Equinix Metal CCM |
Environment Variables
These environment variables are usually part of a kube-vip manifest and used when running the kube-vip Pod.
More environment variables can be read through the pkg/kubevip/config_envvar.go file.
Keep in mind Environment Variables always win against Flags.
| Category | Environment Variable property | Usage | Notes |
|---|---|---|---|
| Troubleshooting | |||
vip_loglevel | default 4 | Set to -4 for debugging logs | |
| Mode | |||
cp_enable | Enables kube-vip control plane functionality | ||
svc_enable | Enables kube-vip to watch Services of type LoadBalancer | ||
| VIP Config | |||
vip_arp | Enables ARP broadcasts from Leader | ||
bgp_enable | Enables BGP peering from kube-vip | ||
vip_address | <IP Address> | (deprecated) | |
address | <IP Address> or <DNS name> | ||
vip_ddns | Boolean. Enables Dynamic DNS support. | Requires vip_address is set to FQDN | |
vip_interface | <linux interface> | ||
vip_leaderelection | Enables Kubernetes LeaderElection | Used by ARP, as only the leader can broadcast | |
vip_subnet | Detected at runtime: Tuple for IPv4,IPv6 (e.g. 32,128 or auto,auto) | Used when advertising in any mode | |
lb_enable | Enables IPVS LoadBalancer | kube-vip ≥ 0.4.0. Adds nodes to the IPVS load balancer | |
lb_port | 6443 | The IPVS port that will be used to load-balance control plane requests | |
lb_fwdmethod | Select the forwarding method (default local) | The IPVS forwarding method (local, masquerade, tunnel, directroute, bypass) | |
| Services | |||
vip_servicesinterface | "" | Defines an optional different interface to bind | |
svc_election | Enables a leadership Election for each Service, allowing them to be distributed | ||
enable_service_security | Boolean. Enable service security feature, defaults false | Restrict traffic to only service ports | |
| LeaderElection | |||
vip_leaseduration | default 15 | Seconds a lease is held for | |
vip_renewdeadline | default 10 | Seconds a leader can attempt to renew the lease | |
vip_retryperiod | default 2 | Number of times the leader will hold the lease for | |
cp_namespace | "kube-vip" | The namespace where the lease will reside | |
egress_podcidr | "10.0.0.0/16" | The CIDR range where pods will be allocated and IP address | |
egress_servicecidr | "10.96.0.0/12" | The CIDR range where services will be allocated and IP address | |
| ARP | |||
enable_node_labeling | false | Enable leader node labeling with kube-vip.io/has-ip=<VIP address> | |
| BGP | |||
bgp_routerid | <IP Address> | Typically the address of the local node | |
bgp_routerinterface | Interface name | Used to associate the routerID with the control plane's interface. | |
bgp_as | default 65000 | The AS we peer from | |
bgp_peers | <address:AS:password:multihop> | Comma separated list of BGP peers | |
bgp_peeraddress | <IP Address> | Address of a single BGP Peer | |
bgp_peeras | default 65000 | AS of a single BGP Peer | |
bgp_peerpass | "" | Password to work with a single BGP Peer | |
bgp_multihop | Enables eBGP MultiHop | Enable multiHop with a single BGP Peer | |
bgp_sourceif | Source Interface | Determines which interface BGP should peer from | |
bgp_sourceip | Source Address | Determines which IP address BGP should peer from | |
annotations | <provider string> | Startup will be paused until the node annotations contain the BGP configuration | |
| Egress | |||
EGRESS_CLEAN | Enables kube-vip to clean left over iptables rules | ||
egress_withnftables | Uses nftables instead of iptables |