Based on your add-on, configure the kube-proxy add-on with ipvs mode and the round robin option to equally distribute traffic to the backing servers.
Managed Amazon EKS add-on
aws eks update-addon --cluster-name my-cluster --addon-name kube-proxy \
--addon-version v1.24.17-eksbuild.4 \
--configuration-values '{"ipvs": {"scheduler": "rr"}, "mode": "ipvs"}' \
--resolve-conflicts OVERWRITE
Self-managed add-on
Backup the kube-proxy config configmap:
kubectl get cm kube-proxy-config -n kube-system -o yaml > kube-proxy-config-old.yml
Edit the kube-proxy-config configmap:
kubectl edit cm kube-proxy-config -n kube-system
In the config, change the mode parameter from iptables to ipvs, and then change scheduler to rr for round robin.
...
ipvs:
excludeCIDRs: null
minSyncPeriod: 0s
scheduler: "rr" # add rr
syncPeriod: 30s
kind: KubeProxyConfiguration
metricsBindAddress: 0.0.0.0:10249
mode: "ipvs" # change from iptables
...
To apply the configuration changes, reload your cluster worker nodes. Use eksctl to scale in and scale out the worker nodes:
# get node group names
eksctl get nodegroup --cluster=my-cluster
# scale-in
eksctl scale nodegroup --cluster=my-cluster --nodes=0 --name=my-nodegroup-name --nodes-min=0 --nodes-max=3 --wait
# scale-out
eksctl scale nodegroup --cluster=my-cluster --nodes=2 --name=my-nodegroup-name --nodes-min=2 --nodes-max=3 --wait
Note: Replace my-cluster and my-nodegroup-name with your parameters. When you scale out, replace the node counts based on your cluster needs.
To verify that ipvs mode is configured, run the following command:
sudo ipvsadm -L
Example output:
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP ip-10-100-0-1.eu-west-1.comp rr
-> ip-192-168-118-22.eu-west-1. Masq 1 5 0
-> ip-192-168-187-76.eu-west-1. Masq 1 6 0
TCP ip-10-100-0-10.eu-west-1.com rr
-> ip-192-168-168-152.eu-west-1 Masq 1 0 0
-> ip-192-168-183-81.eu-west-1. Masq 1 0 0
UDP ip-10-100-0-10.eu-west-1.com rr
-> ip-192-168-168-152.eu-west-1 Masq 1 0 0
-> ip-192-168-183-81.eu-west-1. Masq 1 0 0
The TCP and UDP entries are for Kubernetes and CoreDNS services in the cluster.