0
点赞
收藏
分享

微信扫一扫

ipvs工作模式


结论:

IPVS工作模式:dr,nat,ipip(ip tunnel),fullnat

k8s的代理模式如果使用ipvs的话,那么它模式是NAT网络,调度算法为rr轮询。


使用ipvsadm --help可以查看如何使用的工作模式
--real-server  -r server-address    server-address is host (and port)
  --gatewaying   -g                   gatewaying (direct routing) (default)
  --ipip         -i                   ipip encapsulation (tunneling)
  --masquerading -m                   masquerading (NAT)
  --weight       -w weight            capacity of real server


实验验证:

1.修改为kube-proxy为ipvs模式:

apiVersion: v1

data:

  config.conf: |-

    apiVersion: kubeproxy.config.k8s.io/v1alpha1

    bindAddress: 0.0.0.0

    bindAddressHardFail: false

    clientConnection:

      acceptContentTypes: ""

      burst: 0

      contentType: ""

      kubeconfig: /var/lib/kube-proxy/kubeconfig.conf

      qps: 0

    clusterCIDR: 10.100.0.1/16

    configSyncPeriod: 0s

    conntrack:

      maxPerCore: null

      min: null

      tcpCloseWaitTimeout: null

      tcpEstablishedTimeout: null

    detectLocalMode: ""

    enableProfiling: false

    healthzBindAddress: ""

    hostnameOverride: ""

    iptables:

      masqueradeAll: false

      masqueradeBit: null

      minSyncPeriod: 0s

      syncPeriod: 0s

    ipvs:

      excludeCIDRs: null

      minSyncPeriod: 0s

      scheduler: ""

      strictARP: false

      syncPeriod: 0s

      tcpFinTimeout: 0s

      tcpTimeout: 0s

      udpTimeout: 0s

    kind: KubeProxyConfiguration

    metricsBindAddress: ""

    mode: "ipvs"    # 修改为ipvs模式

    nodePortAddresses: null

    oomScoreAdj: null

    portRange: ""

    showHiddenMetricsForVersion: ""

    udpIdleTimeout: 0s

    winkernel:

      enableDSR: false

      networkName: ""

      sourceVip: ""

  kubeconfig.conf: |-

    apiVersion: v1

    kind: Config

    clusters:

    - cluster:

        certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

        server: https://k8s-master1:6443

      name: default

    contexts:

    - context:

        cluster: default

        namespace: default

        user: default

      name: default

    current-context: default

    users:

    - name: default

      user:

        tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token

kind: ConfigMap

metadata:

  annotations:

    kubeadm.kubernetes.io/component-config.hash: sha256:f05831b04e753d2156bb03807c5010d525db30cce0001fe0b94f1bdaa386e01f

  creationTimestamp: "2021-09-06T16:27:44Z"

  labels:

    app: kube-proxy

  managedFields:

  - apiVersion: v1

    fieldsType: FieldsV1

    fieldsV1:

      f:data:

        .: {}

        f:kubeconfig.conf: {}

      f:metadata:

        f:annotations:

          .: {}

          f:kubeadm.kubernetes.io/component-config.hash: {}

        f:labels:

          .: {}

          f:app: {}

    manager: kubeadm

    operation: Update

    time: "2021-09-06T16:27:44Z"

  - apiVersion: v1

    fieldsType: FieldsV1

    fieldsV1:

      f:data:

        f:config.conf: {}

    manager: kubectl-edit

    operation: Update

    time: "2022-02-24T08:36:17Z"

  name: kube-proxy

  namespace: kube-system

  resourceVersion: "54983"

  selfLink: /api/v1/namespaces/kube-system/configmaps/kube-proxy

  uid: 77b596d7-d144-4c27-bac7-12b3a34ef23a



2.创建deployment和svc:

[root@k8s-master1 ~]# kubectl create deployment nginx-test --image=nginx

[root@k8s-master1 ~]# kubectl expose deployment nginx-test --port=8083 --target=80




3.查看生成的pods和svc

[root@k8s-master1 ~]# sz -be kube-proxy.yaml

OO[root@k8s-master1 ~]# kubectl get pods,deployment,svc

NAME                              READY   STATUS    RESTARTS   AGE

pod/nginx-test-795d659f45-9srrf   1/1     Running   0          73m



NAME                         READY   UP-TO-DATE   AVAILABLE   AGE

deployment.apps/nginx-test   1/1     1            1           81m



NAME                 TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE

service/kubernetes   ClusterIP   10.96.0.1     <none>        443/TCP    170d

service/nginx-test   ClusterIP   10.96.23.82   <none>        8083/TCP   78m





4.查看当前生成的规则:

[root@k8s-node1 ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  10.96.0.1:443 rr

  -> 192.168.41.128:6443          Masq    1      0          0         

TCP  10.96.0.10:53 rr

  -> 10.100.169.129:53            Masq    1      0          0         

  -> 10.100.169.130:53            Masq    1      0          0         

TCP  10.96.0.10:9153 rr

  -> 10.100.169.129:9153          Masq    1      0          0         

  -> 10.100.169.130:9153          Masq    1      0          0         

TCP  10.96.23.82:8083 rr

  -> 10.100.36.67:80              Masq    1      0          0         

UDP  10.96.0.10:53 rr

  -> 10.100.169.129:53            Masq    1      0          0         

  -> 10.100.169.130:53            Masq    1      0          0



5.增加ipvs规则:

ipvsadm -a -t  10.96.23.82:8083 -r 10.100.36.68:80  -m



6.再次查看当前生成的规则:

[root@k8s-node1 ~]# ipvsadm -a -t  10.96.23.82:8083 -r 10.100.36.68:80  -m

[root@k8s-node1 ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  10.96.0.1:443 rr

  -> 192.168.41.128:6443          Masq    1      0          0         

TCP  10.96.0.10:53 rr

  -> 10.100.169.129:53            Masq    1      0          0         

  -> 10.100.169.130:53            Masq    1      0          0         

TCP  10.96.0.10:9153 rr

  -> 10.100.169.129:9153          Masq    1      0          0         

  -> 10.100.169.130:9153          Masq    1      0          0         

TCP  10.96.23.82:8083 rr

  -> 10.100.36.67:80              Masq    1      0          0         

  -> 10.100.36.68:80              Masq    1      0          0         

UDP  10.96.0.10:53 rr

  -> 10.100.169.129:53            Masq    1      0          0         

  -> 10.100.169.130:53            Masq    1      0          0

结论:kube-proxy的ipvs工作模式,默认使用的是nat模式,调度算法为轮询rr

举报

相关推荐

0 条评论