Flags and Environment Variables

Flags

These flags are typically used in the kube-vip manifest generation process.

Category Flag
property
Usage Notes
Troubleshooting
--log default 4 Set to 5 for debugging logs
Mode
--arp Enables ARP broadcasts from Leader
--bgp Enables BGP peering from kube-vip
--table Enables routing entries to be created
--wireguard Enables services to be exposed over Wireguard
Features
--controlplane Enables kube-vip control plane functionality
--services Enables kube-vip to watch services of type LoadBalancer
--enableEndpointSlices Enables use of EndopintSlices instead of Endpoints
VIP Config
--vip <IP Address> (deprecated)
--address <IP Address> or <DNS name>
--ddns Enables DDNS support Requires --address is used and set to FQDN
--interface Linux interface on the node
--leaderElection Enables Kubernetes LeaderElection Used by ARP, as only the leader can broadcast
--enableLoadBalancer Enables IPVS load balancer kube-vip ≥ 0.4.0
--lbPort 6443 The port that the api server will load-balanced on
--lbForwardingMethod Select the forwarding method (default local) The IPVS forwarding method (local, masquerade, tunnel, directroute, bypass)
Services
--vipSubnet Defaults "" The Virtual IP address subnet e.g. /32 /24 /8 etc..
--cidr Defaults "Detected at runtime: /32 for IPv4 and /128 for IPv6" Used when advertising BGP addresses (typically as x.x.x.x/32)
--servicesInterface "" (Optional) different interface to bind services too
--servicesElection false Enables a leadership Election for each Service, allowing them to be distributed
--onlyAllowTrafficServicePorts false Only allow traffic to service ports, others will be dropped
Kubernetes
--inCluster Required for kube-vip as DaemonSet. Runs kube-vip with a ServiceAccount called kube-vip.
--taint Required for kube-vip as DaemonSet. Adds node affinity rules forcing kube-vip Pods to run on control plane.
LeaderElection
--leaseDuration default 15 Seconds a lease is held for
--leaseRenewDuration default 10 Seconds a leader can attempt to renew the lease
--leaseRetry default 2 Number of times the leader will hold the lease for
--namespace "kube-vip" The namespace where the lease will reside
ARP
--enableNodeLabeling false Enable leader node labeling with kube-vip.io/has-ip=<VIP address>
BGP
--bgpRouterID <IP Address> Typically the address of the local node
--localAS default 65000 The AS we peer from
--bgppeers <address:AS:password:multihop> Comma separated list of BGP peers
--peerAddress <IP Address> Address of a single BGP Peer
--peerAS default 65000 AS of a single BGP Peer
--peerPass "" Password to work with a single BGP Peer
--multiHop Enables eBGP MultiHop Enable multiHop with a single BGP Peer
--sourceif Source Interface Determines which interface BGP should peer from
--sourceip Source Address Determines which IP address BGP should peer from
--annotations <provider string> Startup will be paused until the node annotations contain the BGP configuration
Equinix Metal (May be deprecated)
--metal Enables Equinix Metal API calls
--metalKey Equinix Metal API token
--metalProject Equinix Metal Project (Name)
--metalProjectID Equinix Metal Project (UUID)
--provider-config Path to the Equinix Metal provider configuration Requires the Equinix Metal CCM

Environment Variables

These environment variables are usually part of a kube-vip manifest and used when running the kube-vip Pod.

More environment variables can be read through the pkg/kubevip/config_envvar.go file.

Category Environment Variable
property
Usage Notes
Troubleshooting
vip_loglevel default 4 Set to 5 for debugging logs
Mode
cp_enable Enables kube-vip control plane functionality
svc_enable Enables kube-vip to watch Services of type LoadBalancer
VIP Config
vip_arp Enables ARP broadcasts from Leader
bgp_enable Enables BGP peering from kube-vip
vip_address <IP Address> (deprecated)
address <IP Address> or <DNS name>
vip_ddns Boolean. Enables Dynamic DNS support. Requires vip_address is set to FQDN
vip_interface <linux interface>
vip_leaderelection Enables Kubernetes LeaderElection Used by ARP, as only the leader can broadcast
lb_enable Enables IPVS LoadBalancer kube-vip ≥ 0.4.0. Adds nodes to the IPVS load balancer
lb_port 6443 The IPVS port that will be used to load-balance control plane requests
lb_fwdmethod Select the forwarding method (default local) The IPVS forwarding method (local, masquerade, tunnel, directroute, bypass)
Services
vip_servicesinterface "" Defines an optional different interface to bind
svc_election Enables a leadership Election for each Service, allowing them to be distributed
vip_cidr Detected at runtime: /32 for IPv4 and /128 for IPv6 Used when advertising BGP addresses (typically as x.x.x.x/32)
enable_service_security Boolean. Enable service security feature, defaults false Restrict traffic to only service ports
LeaderElection
vip_leaseduration default 15 Seconds a lease is held for
vip_renewdeadline default 10 Seconds a leader can attempt to renew the lease
vip_retryperiod default 2 Number of times the leader will hold the lease for
cp_namespace "kube-vip" The namespace where the lease will reside
egress_podcidr "10.0.0.0/16" The CIDR range where pods will be allocated and IP address
egress_servicecidr "10.96.0.0/12" The CIDR range where services will be allocated and IP address
ARP
enable_node_labeling false Enable leader node labeling with kube-vip.io/has-ip=<VIP address>
BGP
bgp_routerid <IP Address> Typically the address of the local node
bgp_routerinterface Interface name Used to associate the routerID with the control plane's interface.
bgp_as default 65000 The AS we peer from
bgp_peers <address:AS:password:multihop> Comma separated list of BGP peers
bgp_peeraddress <IP Address> Address of a single BGP Peer
bgp_peeras default 65000 AS of a single BGP Peer
bgp_peerpass "" Password to work with a single BGP Peer
bgp_multihop Enables eBGP MultiHop Enable multiHop with a single BGP Peer
bgp_sourceif Source Interface Determines which interface BGP should peer from
bgp_sourceip Source Address Determines which IP address BGP should peer from
annotations <provider string> Startup will be paused until the node annotations contain the BGP configuration
Equinix Metal (May be deprecated)
vip_packet Enables Equinix Metal API calls
PACKET_AUTH_TOKEN Equinix Metal API token
vip_packetproject Equinix Metal Project (Name)
vip_packetprojectid Equinix Metal Project (UUID)
provider_config Path to the Equinix Metal provider configuration Requires the Equinix Metal CCM
Egress
EGRESS_CLEAN Enables kube-vip to clean left over iptables rules
egress_withnftables Uses nftables instead of iptables