IPVS vs. IPTABLES

IPVS模式在Kubernetes 1.8中被引入,在1.9中进入beta测试。 IPTABLES模式在1.1版本中被添加进来,在1.2开始就变成了默认的操作模式。IPVS 和 IPTABLES都是基于netfilter实现的。

IPVS与IPTABLES有以下几点不同的地方:

  1. IPVS为大规模集群提供更好的可扩展性和性能。

  2. IPVS比IPTABLES支持更复杂的负载均衡算法 (least load, least connections, locality, weighted, etc.)。

  3. IPVS支持服务器健康检查和重连等等。

配置kube-proxy ipvs模式

k8s版本:1.10

默认情况下,Kube-proxy依然使用iptables来实现Service到POD之间的负载均衡。

[root@node01 ~]# kubectl get svc -o wide

NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE       SELECTOR

httpd-svc    ClusterIP   10.110.73.171   <none>        /TCP   1d        run=httpd

kubernetes   ClusterIP   10.96.0.1       <none>        /TCP    1d        <none>

[root@node01 ~]# iptables-save
.
.
.

-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x4000/0x4000 -j MASQUERADE

-A KUBE-SEP-6E7XQMQ4RAYOWTTM -s 10.244.0.3/ -m comment --comment "kube-system/kube-dns:dns" -j KUBE-MARK-MASQ

-A KUBE-SEP-6E7XQMQ4RAYOWTTM -p udp -m comment --comment "kube-system/kube-dns:dns" -m udp -j DNAT --to-destination 10.244.0.3:

-A KUBE-SEP-7SDFQQ3CPAUK3SXM -s 10.244.1.2/32 -m comment --comment "default/httpd-svc:" -j KUBE-MARK-MASQ

-A KUBE-SEP-7SDFQQ3CPAUK3SXM -p tcp -m comment --comment "default/httpd-svc:" -m tcp -j DNAT --to-destination 10.244.1.2:80

-A KUBE-SEP-FXPWU3QR6KR3AMXC -s 172.16.65.180/ -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ

-A KUBE-SEP-FXPWU3QR6KR3AMXC -p tcp -m comment --comment "default/kubernetes:https" -m recent --set --name KUBE-SEP-FXPWU3QR6KR3AMXC --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 172.16.65.180:

-A KUBE-SEP-IT2ZTR26TO4XFPTO -s 10.244.0.2/ -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-MARK-MASQ

-A KUBE-SEP-IT2ZTR26TO4XFPTO -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp" -m tcp -j DNAT --to-destination 10.244.0.2:

-A KUBE-SEP-TOSIKZVXYIAJSFHP -s 10.244.2.2/32 -m comment --comment "default/httpd-svc:" -j KUBE-MARK-MASQ

-A KUBE-SEP-TOSIKZVXYIAJSFHP -p tcp -m comment --comment "default/httpd-svc:" -m tcp -j DNAT --to-destination 10.244.2.2:80

-A KUBE-SEP-UO4LFRT7VSL3X4EB -s 10.244.0.4/32 -m comment --comment "default/httpd-svc:" -j KUBE-MARK-MASQ

-A KUBE-SEP-UO4LFRT7VSL3X4EB -p tcp -m comment --comment "default/httpd-svc:" -m tcp -j DNAT --to-destination 10.244.0.4:80

-A KUBE-SEP-YIL6JZP7A3QYXJU2 -s 10.244.0.2/ -m comment --comment "kube-system/kube-dns:dns" -j KUBE-MARK-MASQ

-A KUBE-SEP-YIL6JZP7A3QYXJU2 -p udp -m comment --comment "kube-system/kube-dns:dns" -m udp -j DNAT --to-destination 10.244.0.2:

-A KUBE-SEP-ZXMNUKOKXUTL2MK2 -s 10.244.0.3/ -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-MARK-MASQ

-A KUBE-SEP-ZXMNUKOKXUTL2MK2 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp" -m tcp -j DNAT --to-destination 10.244.0.3:

-A KUBE-SERVICES ! -s 10.244.0.0/ -d 10.96.0.1/ -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport  -j KUBE-MARK-MASQ

-A KUBE-SERVICES -d 10.96.0.1/ -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport  -j KUBE-SVC-NPX46M4PTMTKRN6Y

-A KUBE-SERVICES ! -s 10.244.0.0/ -d 10.96.0.10/ -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport  -j KUBE-MARK-MASQ

-A KUBE-SERVICES -d 10.96.0.10/ -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport  -j KUBE-SVC-TCOU7JCQXEZGVUNU

-A KUBE-SERVICES ! -s 10.244.0.0/ -d 10.96.0.10/ -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport  -j KUBE-MARK-MASQ

-A KUBE-SERVICES -d 10.96.0.10/ -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport  -j KUBE-SVC-ERIFXISQEP7F7OF4

-A KUBE-SERVICES ! -s 10.244.0.0/ -d 10.110.73.171/ -p tcp -m comment --comment "default/httpd-svc: cluster IP" -m tcp --dport  -j KUBE-MARK-MASQ

-A KUBE-SERVICES -d 10.110.73.171/ -p tcp -m comment --comment "default/httpd-svc: cluster IP" -m tcp --dport  -j KUBE-SVC-RL3JAE4GN7VOGDGP

-A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS

-A KUBE-SVC-ERIFXISQEP7F7OF4 -m comment --comment "kube-system/kube-dns:dns-tcp" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-IT2ZTR26TO4XFPTO

-A KUBE-SVC-ERIFXISQEP7F7OF4 -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-SEP-ZXMNUKOKXUTL2MK2

-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m recent --rcheck --seconds  --reap --name KUBE-SEP-FXPWU3QR6KR3AMXC --mask 255.255.255.255 --rsource -j KUBE-SEP-FXPWU3QR6KR3AMXC

-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -j KUBE-SEP-FXPWU3QR6KR3AMXC

-A KUBE-SVC-RL3JAE4GN7VOGDGP -m comment --comment "default/httpd-svc:" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-UO4LFRT7VSL3X4EB

-A KUBE-SVC-RL3JAE4GN7VOGDGP -m comment --comment "default/httpd-svc:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-7SDFQQ3CPAUK3SXM

-A KUBE-SVC-RL3JAE4GN7VOGDGP -m comment --comment "default/httpd-svc:" -j KUBE-SEP-TOSIKZVXYIAJSFHP

-A KUBE-SVC-TCOU7JCQXEZGVUNU -m comment --comment "kube-system/kube-dns:dns" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-YIL6JZP7A3QYXJU2

-A KUBE-SVC-TCOU7JCQXEZGVUNU -m comment --comment "kube-system/kube-dns:dns" -j KUBE-SEP-6E7XQMQ4RAYOWTTM

.
.
.

第一步,在内核中加载ip_vs模块:

cat > /etc/sysconfig/modules/ipvs.modules <<EOF

#!/bin/bash

ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack_ipv4"

for kernel_module in \${ipvs_modules}; do

    /sbin/modinfo -F filename \${kernel_module} > /dev/null >&

    if [ $? -eq  ]; then

        /sbin/modprobe \${kernel_module}

    fi

done

EOF

chmod  /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs

输出结果应该为:

[root@node01 ~]# lsmod | grep ip_vs

ip_vs_ftp

ip_vs_sed

ip_vs_nq

ip_vs_sh

ip_vs_dh

ip_vs_lblcr

ip_vs_lblc

ip_vs_wrr

ip_vs_rr

ip_vs_wlc

ip_vs_lc

nf_nat                    ip_vs_ftp,nf_nat_ipv4,nf_nat_masquerade_ipv4

ip_vs                    ip_vs_dh,ip_vs_lc,ip_vs_nq,ip_vs_rr,ip_vs_sh,ip_vs_ftp,ip_vs_sed,ip_vs_wlc,ip_vs_wrr,ip_vs_lblcr,ip_vs_lblc

nf_conntrack             ip_vs,nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_ipv4

libcrc32c                 xfs,ip_vs,nf_nat,nf_conntrack

第二步,安装ipvs管理工具ipvsadm

yum install -y ipvsadm

第三步,修改集群配置文件

在使用kubeadm init --config config.yaml初始化集群前,修改集群配置文件

Kubernetes v1. v1.

kind: MasterConfiguration

apiVersion: kubeadm.k8s.io/v1alpha1

...

kubeProxy:

  config:

    featureGates: SupportIPVSProxyMode=true

    mode: ipvs

...

Kubernetes v1.

kind: MasterConfiguration

apiVersion: kubeadm.k8s.io/v1alpha1

...

kubeProxy:

  config:

    featureGates:

      SupportIPVSProxyMode: true

    mode: ipvs

...

第四步,结果验证

[root@node01 ~]# ipvsadm -L -n

IP Virtual Server version 1.2. (size=)

Prot LocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  10.96.0.1: rr persistent

  -> 172.16.65.180:           Masq

TCP  10.96.0.10: rr

  -> 10.244.0.2:                Masq

  -> 10.244.0.3:                Masq

UDP  10.96.0.10: rr

  -> 10.244.0.2:                Masq

  -> 10.244.0.3:                Masq

第五步,测试

创建http-svc service

apiVersion: apps/v1beta1

kind: Deployment

metadata:

  name: httpd

spec:

  replicas:

  template:

    metadata:

      labels:

        run: httpd

    spec:

      containers:

      - name: httpd

        image: httpd

        ports:

        - containerPort: 

---

apiVersion: v1

kind: Service

metadata:

  name: httpd-svc

spec:

  selector:

    run: httpd
  type: NodePort

  ports:

  - protocol: TCP

    port:

    targetPort: 80
    nodePort: 30001

查看效果

[root@node01 yaml-store]# kubectl get pod -o wide

NAME                     READY     STATUS    RESTARTS   AGE       IP           NODE

httpd-749bf8c6f4-htzgl   /       Running             11m       10.244.2.2   node03

httpd-749bf8c6f4-vqwff   /       Running             11m       10.244.1.2   node02

httpd-749bf8c6f4-wkv9w   /       Running             11m       10.244.0.4   node01

[root@node01 yaml-store]# kubectl get svc -o wide

NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE       SELECTOR

httpd-svc    ClusterIP   10.99.129.90   <none>        8080:30001/TCP   11m       run=httpd

kubernetes   ClusterIP   10.96.0.1      <none>        /TCP    58m       <none>
[root@node01 yaml-store]# ipvsadm -L -n

IP Virtual Server version 1.2. (size=)

Prot LocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  172.16.65.181: rr

  -> 10.244.0.4:                Masq

  -> 10.244.1.2:                Masq

  -> 10.244.2.2:                Masq

TCP  172.17.0.1: rr

  -> 10.244.0.4:                Masq

  -> 10.244.1.2:                Masq

  -> 10.244.2.2:                Masq

TCP  10.96.0.1: rr persistent

  -> 172.16.65.180:           Masq

TCP  10.96.0.10: rr

  -> 10.244.0.2:                Masq

  -> 10.244.0.3:                Masq

TCP  10.99.129.90: rr

  -> 10.244.0.4:                Masq

  -> 10.244.1.2:                Masq

  -> 10.244.2.2:                Masq

TCP  10.244.0.0: rr

  -> 10.244.0.4:                Masq

  -> 10.244.1.2:                Masq

  -> 10.244.2.2:                Masq

TCP  10.244.0.1: rr

  -> 10.244.0.4:                Masq

  -> 10.244.1.2:                Masq

  -> 10.244.2.2:                Masq

TCP  127.0.0.1: rr

  -> 10.244.0.4:                Masq

  -> 10.244.1.2:                Masq

  -> 10.244.2.2:                Masq

UDP  10.96.0.10: rr

  -> 10.244.0.2:                Masq

  -> 10.244.0.3:                Masq

参考文章:

https://github.com/kubernetes/kubernetes/tree/master/pkg/proxy/ipvs

https://www.kubernetes.org.cn/3025.html

K8s ipvs mode kube-proxy的更多相关文章

  1. k8s Ipvs 内部网络自动分配和内部网络一致ip地址,导致ip冲突

    [链接]Linux负载均衡--LVS(IPVS)https://www.jianshu.com/p/36880b085265 [链接]kube-proxyipvsmodecreateunnecessa ...

  2. kubernetes实战(十六):k8s高可用集群平滑升级 v1.11.x 到v1.12.x

    1.基本概念 升级之后所有的containers会重启,因为hash值会变. 不可跨版本升级. 2.升级Master节点 当前版本 [root@k8s-master01 ~]# kubeadm ver ...

  3. k8s集群升级

    集群升级 由于课程中的集群版本是 v1.10.0,这个版本相对有点旧了,最新版本都已经 v1.14.x 了,为了尽量保证课程内容的更新度,所以我们需要将集群版本更新.我们的集群是使用的 kubeadm ...

  4. k8s的kube-proxy

    kube-proxy 运行在每个节点上,监听 API Server 中服务对象的变化,再通过管理 IPtables 来实现网络的转发. Kube-Proxy 不同的版本可支持三种工作模式:   Use ...

  5. kubeadm部署k8s

      Kubernetes技术已经成为了原生云技术的事实标准,它是目前基础软件领域最为热门的分布式调度和管理平台.于是,Kubernetes也几乎成了时下开发工程师和运维工程师必备的技能之一. 官方文档 ...

  6. 1.k8s概述、安装、名词解释、资源清单

    一.k8s概述 1.简介 Kubernetes是一个开源的,用于管理云平台中多个主机上的容器化的应用,Kubernetes的目标是让部署容器化的应用简单并且高效(powerful),Kubernete ...

  7. k8s入坑之路(4)kubenetes安装

    三种安装方法: 1.kubeadm 2.kubespray 3.二进制安装 kubespray安装kubernetes集群 优点: 1.kuberspray对比kubeadm更加简洁内部集成了kube ...

  8. 2.k8s的架构

    之前了解了k8s到底是什么,接下来看看k8s的组成. 一.Kubernetes架构 学习k8s,最终目的是为了部署应用,部署一个完整的k8s, 就要知道k8s的组成.k8s主要包含两大部分: 中间包含 ...

  9. 基于Kubernetes/K8S构建Jenkins持续集成平台(上)-2

    基于Kubernetes/K8S构建Jenkins持续集成平台(上)-2 Kubernetes实现Master-Slave分布式构建方案 传统Jenkins的Master-Slave方案的缺陷 Mas ...

随机推荐

  1. java字符编码详解

    引用自:http://blog.csdn.net/jerry_bj/article/details/5714745 GBK.GB2312.iso-8859-1之间的区别 GB2312,由中华人民共和国 ...

  2. 从git上拉下来的严选weex项目demo

    项目地址 https://github.com/zwwill/yanxuan-weex-demo 在package.json里"author"之类后面加上 "privat ...

  3. js yield

    meikidd 发布在meikidd2015年5月6日view:3397 在文章任何区域双击击即可给文章添加[评注]!浮到评注点上可以查看详情. 隐藏标注 首先请原谅我的标题党(●—●),tj 大神的 ...

  4. python 中NumPy和Pandas工具包中的函数使用笔记(方便自己查找)

    二.常用库 1.NumPy NumPy是高性能科学计算和数据分析的基础包.部分功能如下: ndarray, 具有矢量算术运算和复杂广播能力的快速且节省空间的多维数组. 用于对整组数据进行快速运算的标准 ...

  5. 获取字符串已utf-8表示的字节数

    private static int utf8Length(String string) { /** Returns the number of bytes required to write thi ...

  6. Java工程师面试题整理[社招篇]

    http://blog.csdn.net/jackfrued/article/details/44921941 1.面向对象的特征有哪些方面?2.访问修饰符public,private,protect ...

  7. 项目中调用ExcelCom组件时的配置流程

    异常提示如下:         Microsoft Office Excel 不能访问文件“*.xls”. 可能的原因有:        1 文件名称或路径不存在.       2 文件正被其他程序使 ...

  8. JavaScript深入理解sort()方法

    一. 基本用法 let arr1 = [3, 5, 7, 1, 8, 7, 10, 20, 19] console.log(arr1.sort()) // [1, 10, 19, 20, 3, 5, ...

  9. 接口测试工具 — jmeter(基本使用)

    1.打开jemeter(bin目录下jemter.bat) 2.基本操作

  10. 启动hive --service metastore &出现Missing Hive Execution Jar: /opt/apache-hive-1.2.0-bin//lib/hive-exec-*.jar

    原因:出现上述问题通常是运行hive 在bin/目录下的脚本所致. 解决办法:就是让HIVE_HOME变量指向hive-trunk/build/dist目录,将$HIVE_HOME/bin添加到PAT ...