K8s ipvs mode kube-proxy
IPVS vs. IPTABLES
IPVS模式在Kubernetes 1.8中被引入,在1.9中进入beta测试。 IPTABLES模式在1.1版本中被添加进来,在1.2开始就变成了默认的操作模式。IPVS 和 IPTABLES都是基于netfilter实现的。
IPVS与IPTABLES有以下几点不同的地方:
IPVS为大规模集群提供更好的可扩展性和性能。
IPVS比IPTABLES支持更复杂的负载均衡算法 (least load, least connections, locality, weighted, etc.)。
IPVS支持服务器健康检查和重连等等。
配置kube-proxy ipvs模式
k8s版本:1.10
默认情况下,Kube-proxy依然使用iptables来实现Service到POD之间的负载均衡。
[root@node01 ~]# kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
httpd-svc ClusterIP 10.110.73.171 <none> /TCP 1d run=httpd
kubernetes ClusterIP 10.96.0.1 <none> /TCP 1d <none>
[root@node01 ~]# iptables-save
.
.
.
-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x4000/0x4000 -j MASQUERADE
-A KUBE-SEP-6E7XQMQ4RAYOWTTM -s 10.244.0.3/ -m comment --comment "kube-system/kube-dns:dns" -j KUBE-MARK-MASQ
-A KUBE-SEP-6E7XQMQ4RAYOWTTM -p udp -m comment --comment "kube-system/kube-dns:dns" -m udp -j DNAT --to-destination 10.244.0.3:
-A KUBE-SEP-7SDFQQ3CPAUK3SXM -s 10.244.1.2/32 -m comment --comment "default/httpd-svc:" -j KUBE-MARK-MASQ
-A KUBE-SEP-7SDFQQ3CPAUK3SXM -p tcp -m comment --comment "default/httpd-svc:" -m tcp -j DNAT --to-destination 10.244.1.2:80
-A KUBE-SEP-FXPWU3QR6KR3AMXC -s 172.16.65.180/ -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ
-A KUBE-SEP-FXPWU3QR6KR3AMXC -p tcp -m comment --comment "default/kubernetes:https" -m recent --set --name KUBE-SEP-FXPWU3QR6KR3AMXC --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 172.16.65.180:
-A KUBE-SEP-IT2ZTR26TO4XFPTO -s 10.244.0.2/ -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-MARK-MASQ
-A KUBE-SEP-IT2ZTR26TO4XFPTO -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp" -m tcp -j DNAT --to-destination 10.244.0.2:
-A KUBE-SEP-TOSIKZVXYIAJSFHP -s 10.244.2.2/32 -m comment --comment "default/httpd-svc:" -j KUBE-MARK-MASQ
-A KUBE-SEP-TOSIKZVXYIAJSFHP -p tcp -m comment --comment "default/httpd-svc:" -m tcp -j DNAT --to-destination 10.244.2.2:80
-A KUBE-SEP-UO4LFRT7VSL3X4EB -s 10.244.0.4/32 -m comment --comment "default/httpd-svc:" -j KUBE-MARK-MASQ
-A KUBE-SEP-UO4LFRT7VSL3X4EB -p tcp -m comment --comment "default/httpd-svc:" -m tcp -j DNAT --to-destination 10.244.0.4:80
-A KUBE-SEP-YIL6JZP7A3QYXJU2 -s 10.244.0.2/ -m comment --comment "kube-system/kube-dns:dns" -j KUBE-MARK-MASQ
-A KUBE-SEP-YIL6JZP7A3QYXJU2 -p udp -m comment --comment "kube-system/kube-dns:dns" -m udp -j DNAT --to-destination 10.244.0.2:
-A KUBE-SEP-ZXMNUKOKXUTL2MK2 -s 10.244.0.3/ -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-MARK-MASQ
-A KUBE-SEP-ZXMNUKOKXUTL2MK2 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp" -m tcp -j DNAT --to-destination 10.244.0.3:
-A KUBE-SERVICES ! -s 10.244.0.0/ -d 10.96.0.1/ -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.96.0.1/ -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport -j KUBE-SVC-NPX46M4PTMTKRN6Y
-A KUBE-SERVICES ! -s 10.244.0.0/ -d 10.96.0.10/ -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.96.0.10/ -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport -j KUBE-SVC-TCOU7JCQXEZGVUNU
-A KUBE-SERVICES ! -s 10.244.0.0/ -d 10.96.0.10/ -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.96.0.10/ -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport -j KUBE-SVC-ERIFXISQEP7F7OF4
-A KUBE-SERVICES ! -s 10.244.0.0/ -d 10.110.73.171/ -p tcp -m comment --comment "default/httpd-svc: cluster IP" -m tcp --dport -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.110.73.171/ -p tcp -m comment --comment "default/httpd-svc: cluster IP" -m tcp --dport -j KUBE-SVC-RL3JAE4GN7VOGDGP
-A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS
-A KUBE-SVC-ERIFXISQEP7F7OF4 -m comment --comment "kube-system/kube-dns:dns-tcp" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-IT2ZTR26TO4XFPTO
-A KUBE-SVC-ERIFXISQEP7F7OF4 -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-SEP-ZXMNUKOKXUTL2MK2
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m recent --rcheck --seconds --reap --name KUBE-SEP-FXPWU3QR6KR3AMXC --mask 255.255.255.255 --rsource -j KUBE-SEP-FXPWU3QR6KR3AMXC
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -j KUBE-SEP-FXPWU3QR6KR3AMXC
-A KUBE-SVC-RL3JAE4GN7VOGDGP -m comment --comment "default/httpd-svc:" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-UO4LFRT7VSL3X4EB
-A KUBE-SVC-RL3JAE4GN7VOGDGP -m comment --comment "default/httpd-svc:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-7SDFQQ3CPAUK3SXM
-A KUBE-SVC-RL3JAE4GN7VOGDGP -m comment --comment "default/httpd-svc:" -j KUBE-SEP-TOSIKZVXYIAJSFHP
-A KUBE-SVC-TCOU7JCQXEZGVUNU -m comment --comment "kube-system/kube-dns:dns" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-YIL6JZP7A3QYXJU2
-A KUBE-SVC-TCOU7JCQXEZGVUNU -m comment --comment "kube-system/kube-dns:dns" -j KUBE-SEP-6E7XQMQ4RAYOWTTM
.
.
.
第一步,在内核中加载ip_vs模块:
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack_ipv4"
for kernel_module in \${ipvs_modules}; do
/sbin/modinfo -F filename \${kernel_module} > /dev/null >&
if [ $? -eq ]; then
/sbin/modprobe \${kernel_module}
fi
done
EOF
chmod /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs
输出结果应该为:
[root@node01 ~]# lsmod | grep ip_vs
ip_vs_ftp
ip_vs_sed
ip_vs_nq
ip_vs_sh
ip_vs_dh
ip_vs_lblcr
ip_vs_lblc
ip_vs_wrr
ip_vs_rr
ip_vs_wlc
ip_vs_lc
nf_nat ip_vs_ftp,nf_nat_ipv4,nf_nat_masquerade_ipv4
ip_vs ip_vs_dh,ip_vs_lc,ip_vs_nq,ip_vs_rr,ip_vs_sh,ip_vs_ftp,ip_vs_sed,ip_vs_wlc,ip_vs_wrr,ip_vs_lblcr,ip_vs_lblc
nf_conntrack ip_vs,nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_ipv4
libcrc32c xfs,ip_vs,nf_nat,nf_conntrack
第二步,安装ipvs管理工具ipvsadm
yum install -y ipvsadm
第三步,修改集群配置文件
在使用kubeadm init --config config.yaml初始化集群前,修改集群配置文件
Kubernetes v1. v1.
kind: MasterConfiguration
apiVersion: kubeadm.k8s.io/v1alpha1
...
kubeProxy:
config:
featureGates: SupportIPVSProxyMode=true
mode: ipvs
... Kubernetes v1.
kind: MasterConfiguration
apiVersion: kubeadm.k8s.io/v1alpha1
...
kubeProxy:
config:
featureGates:
SupportIPVSProxyMode: true
mode: ipvs
...
第四步,结果验证
[root@node01 ~]# ipvsadm -L -n
IP Virtual Server version 1.2. (size=)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.96.0.1: rr persistent
-> 172.16.65.180: Masq
TCP 10.96.0.10: rr
-> 10.244.0.2: Masq
-> 10.244.0.3: Masq
UDP 10.96.0.10: rr
-> 10.244.0.2: Masq
-> 10.244.0.3: Masq
第五步,测试
创建http-svc service
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: httpd
spec:
replicas:
template:
metadata:
labels:
run: httpd
spec:
containers:
- name: httpd
image: httpd
ports:
- containerPort: ---
apiVersion: v1
kind: Service
metadata:
name: httpd-svc
spec:
selector:
run: httpd
type: NodePort
ports:
- protocol: TCP
port:
targetPort: 80
nodePort: 30001
查看效果
[root@node01 yaml-store]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE
httpd-749bf8c6f4-htzgl / Running 11m 10.244.2.2 node03
httpd-749bf8c6f4-vqwff / Running 11m 10.244.1.2 node02
httpd-749bf8c6f4-wkv9w / Running 11m 10.244.0.4 node01
[root@node01 yaml-store]# kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
httpd-svc ClusterIP 10.99.129.90 <none> 8080:30001/TCP 11m run=httpd
kubernetes ClusterIP 10.96.0.1 <none> /TCP 58m <none>
[root@node01 yaml-store]# ipvsadm -L -n
IP Virtual Server version 1.2. (size=)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.65.181: rr
-> 10.244.0.4: Masq
-> 10.244.1.2: Masq
-> 10.244.2.2: Masq
TCP 172.17.0.1: rr
-> 10.244.0.4: Masq
-> 10.244.1.2: Masq
-> 10.244.2.2: Masq
TCP 10.96.0.1: rr persistent
-> 172.16.65.180: Masq
TCP 10.96.0.10: rr
-> 10.244.0.2: Masq
-> 10.244.0.3: Masq
TCP 10.99.129.90: rr
-> 10.244.0.4: Masq
-> 10.244.1.2: Masq
-> 10.244.2.2: Masq
TCP 10.244.0.0: rr
-> 10.244.0.4: Masq
-> 10.244.1.2: Masq
-> 10.244.2.2: Masq
TCP 10.244.0.1: rr
-> 10.244.0.4: Masq
-> 10.244.1.2: Masq
-> 10.244.2.2: Masq
TCP 127.0.0.1: rr
-> 10.244.0.4: Masq
-> 10.244.1.2: Masq
-> 10.244.2.2: Masq
UDP 10.96.0.10: rr
-> 10.244.0.2: Masq
-> 10.244.0.3: Masq
参考文章:
https://github.com/kubernetes/kubernetes/tree/master/pkg/proxy/ipvs
https://www.kubernetes.org.cn/3025.html
K8s ipvs mode kube-proxy的更多相关文章
- k8s Ipvs 内部网络自动分配和内部网络一致ip地址,导致ip冲突
[链接]Linux负载均衡--LVS(IPVS)https://www.jianshu.com/p/36880b085265 [链接]kube-proxyipvsmodecreateunnecessa ...
- kubernetes实战(十六):k8s高可用集群平滑升级 v1.11.x 到v1.12.x
1.基本概念 升级之后所有的containers会重启,因为hash值会变. 不可跨版本升级. 2.升级Master节点 当前版本 [root@k8s-master01 ~]# kubeadm ver ...
- k8s集群升级
集群升级 由于课程中的集群版本是 v1.10.0,这个版本相对有点旧了,最新版本都已经 v1.14.x 了,为了尽量保证课程内容的更新度,所以我们需要将集群版本更新.我们的集群是使用的 kubeadm ...
- k8s的kube-proxy
kube-proxy 运行在每个节点上,监听 API Server 中服务对象的变化,再通过管理 IPtables 来实现网络的转发. Kube-Proxy 不同的版本可支持三种工作模式: Use ...
- kubeadm部署k8s
Kubernetes技术已经成为了原生云技术的事实标准,它是目前基础软件领域最为热门的分布式调度和管理平台.于是,Kubernetes也几乎成了时下开发工程师和运维工程师必备的技能之一. 官方文档 ...
- 1.k8s概述、安装、名词解释、资源清单
一.k8s概述 1.简介 Kubernetes是一个开源的,用于管理云平台中多个主机上的容器化的应用,Kubernetes的目标是让部署容器化的应用简单并且高效(powerful),Kubernete ...
- k8s入坑之路(4)kubenetes安装
三种安装方法: 1.kubeadm 2.kubespray 3.二进制安装 kubespray安装kubernetes集群 优点: 1.kuberspray对比kubeadm更加简洁内部集成了kube ...
- 2.k8s的架构
之前了解了k8s到底是什么,接下来看看k8s的组成. 一.Kubernetes架构 学习k8s,最终目的是为了部署应用,部署一个完整的k8s, 就要知道k8s的组成.k8s主要包含两大部分: 中间包含 ...
- 基于Kubernetes/K8S构建Jenkins持续集成平台(上)-2
基于Kubernetes/K8S构建Jenkins持续集成平台(上)-2 Kubernetes实现Master-Slave分布式构建方案 传统Jenkins的Master-Slave方案的缺陷 Mas ...
随机推荐
- merge实现拉链表
建表如下( 历史拉链表): 新表(每日更新的): 实现语句: MERGE INTO test_target t1 USING ( SELECT nvl(c.id, b.id) AS id ,CASE ...
- src.rpm包安装方法
有些软件包是以.src.rpm结尾的,这类软件包是包含了源代码的rpm包,在安装时需要进行编译.这类软件包有多种安装方法,以redhat为例说明如下: 注意: 如果没有rpmbuild可以从系统安装光 ...
- 程序运行缺少MSVCR110.dll
Download Visual C++ Redistributable for Visual Studio 2012 Update 4 from Official Microsoft Download ...
- gtest入门简介
Gtest测试,入门简介: 资源:http://developer.51cto.com/art/201108/285290.htm http://www.cnblogs.com/bangerlee/a ...
- Golang中的正则表达式
声明:文章转自GoLove 用法: 单一: . 匹配任意一个字符,如果设置 s = true,则可以匹配换行符 [字符类] 匹配"字符类"中的一个字符,"字符类" ...
- haml入门
1.什么是Haml Haml是HTML abstraction markup language,遵循的原则是标记应该是美的.Haml能够加速和简化模版,长处是简洁.可读.高效. 2.erbm模板和ha ...
- 百度地图二次开发Demo
单点标注:电子显示对应位置的图片,信息框 多点标注(批量点标注): 多点连线(基于多个点形成路径): 若须要Demo源码:请给我发邮箱 1507026255@qq.com 转载请注明小刘
- jetty;linux 目录结构
[说明]今天看了看jetty这个web容器,上午看基础理论框架知识(后面半点没用到),下午下载了jetty,并且在上面部署了一个war应用,晚上在做eclipses整合jetty的时候出现了问题,下载 ...
- EasyNVR摄像机网页无插件直播使用过程中问题的自我排查-设备不在线问题的自我排查
系列背景 由于EasyNVR的受众越来越多,时长会遇到很对类似的问题咨询,之前虽然有写过很多的博文进行技术的或者使用问题的解答,随着客户询问的增多,我发现,要想然客户了解问题和解决问题,往往引导和给一 ...
- 整理前端css/js/jq常见问题及解决方法(2)
移动端 手机 1.点击图片或按钮,选中状态影响到其他范围解决:html{-webkit-user-select:none}<meta name="msapplication-tap-h ...