From c22da9e92dfec9d020853be00cba269319dd205b Mon Sep 17 00:00:00 2001
From: Kay Yan <kay.yan@daocloud.io>
Date: Fri, 26 Aug 2022 10:33:57 +0000
Subject: [PATCH 1/2] fix-kube-vip-strict-arp

---
 roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml b/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml
index 0f3f5117f38..e12bd9bfce7 100644
--- a/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml
+++ b/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml
@@ -1,4 +1,11 @@
 ---
+- name: kube-vip  | Check cluster settings for kube-vip
+  fail:
+    msg: "kube-vip require kube_proxy_strict_arp = true, see https://github.com/kube-vip/kube-vip/blob/main/docs/kubernetes/arp/index.md"
+  when:
+    - kube_proxy_mode == 'ipvs' and not kube_proxy_strict_arp
+    - kube_vip_arp_enabled
+
 - name: kube-vip | Write static pod
   template:
     src: manifests/kube-vip.manifest.j2

From 6d95837efbcdfe026cdeca88b6db202a5b11d54f Mon Sep 17 00:00:00 2001
From: Kay Yan <kay.yan@daocloud.io>
Date: Fri, 26 Aug 2022 10:48:04 +0000
Subject: [PATCH 2/2] fix-kube-vip-strict-arp

---
 docs/kube-vip.md                                          | 8 ++++++++
 inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml   | 2 +-
 .../kubernetes/control-plane/defaults/main/kube-proxy.yml | 2 +-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/docs/kube-vip.md b/docs/kube-vip.md
index 17e4fb12786..9ba402d1269 100644
--- a/docs/kube-vip.md
+++ b/docs/kube-vip.md
@@ -2,6 +2,14 @@
 
 kube-vip provides Kubernetes clusters with a virtual IP and load balancer for both the control plane (for building a highly-available cluster) and Kubernetes Services of type LoadBalancer without relying on any external hardware or software.
 
+## Prerequisites
+
+You have to configure `kube_proxy_strict_arp` when the kube_proxy_mode is `ipvs` and kube-vip ARP is enabled.
+
+```yaml
+kube_proxy_strict_arp: true
+```
+
 ## Install
 
 You have to explicitly enable the kube-vip extension:
diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
index 271466744d0..5215e1fd91c 100644
--- a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
@@ -125,7 +125,7 @@ kube_apiserver_port: 6443  # (https)
 kube_proxy_mode: ipvs
 
 # configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface
-# must be set to true for MetalLB to work
+# must be set to true for MetalLB, kube-vip(ARP enabled) to work
 kube_proxy_strict_arp: false
 
 # A string slice of values which specify the addresses to use for NodePorts.
diff --git a/roles/kubernetes/control-plane/defaults/main/kube-proxy.yml b/roles/kubernetes/control-plane/defaults/main/kube-proxy.yml
index 6c3b113a77a..52346fad103 100644
--- a/roles/kubernetes/control-plane/defaults/main/kube-proxy.yml
+++ b/roles/kubernetes/control-plane/defaults/main/kube-proxy.yml
@@ -77,7 +77,7 @@ kube_proxy_exclude_cidrs: []
 kube_proxy_scheduler: rr
 
 # configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface
-# must be set to true for MetalLB to work
+# must be set to true for MetalLB, kube-vip(ARP enabled) to work
 kube_proxy_strict_arp: false
 
 # kube_proxy_tcp_timeout is the timeout value used for idle IPVS TCP sessions.