ipvs工作模式-CFANZ编程社区

结论：

IPVS工作模式：dr，nat，ipip（ip tunnel），fullnat

k8s的代理模式如果使用ipvs的话，那么它模式是NAT网络，调度算法为rr轮询。

使用ipvsadm --help可以查看如何使用的工作模式
--real-server  -r server-address    server-address is host (and port)
  --gatewaying   -g                   gatewaying (direct routing) (default)
  --ipip         -i                   ipip encapsulation (tunneling)
  --masquerading -m                   masquerading (NAT)
  --weight       -w weight            capacity of real server

实验验证：

1.修改为kube-proxy为ipvs模式：

apiVersion: v1

data:

config.conf: |-

apiVersion: kubeproxy.config.k8s.io/v1alpha1

bindAddress: 0.0.0.0

bindAddressHardFail: false

clientConnection:

acceptContentTypes: ""

burst: 0

contentType: ""

kubeconfig: /var/lib/kube-proxy/kubeconfig.conf

qps: 0

clusterCIDR: 10.100.0.1/16

configSyncPeriod: 0s

conntrack:

maxPerCore: null

min: null

tcpCloseWaitTimeout: null

tcpEstablishedTimeout: null

detectLocalMode: ""

enableProfiling: false

healthzBindAddress: ""

hostnameOverride: ""

iptables:

masqueradeAll: false

masqueradeBit: null

minSyncPeriod: 0s

syncPeriod: 0s

ipvs:

excludeCIDRs: null

minSyncPeriod: 0s

scheduler: ""

strictARP: false

syncPeriod: 0s

tcpFinTimeout: 0s

tcpTimeout: 0s

udpTimeout: 0s

kind: KubeProxyConfiguration

metricsBindAddress: ""

mode: "ipvs" # 修改为ipvs模式

nodePortAddresses: null

oomScoreAdj: null

portRange: ""

showHiddenMetricsForVersion: ""

udpIdleTimeout: 0s

winkernel:

enableDSR: false

networkName: ""

sourceVip: ""

kubeconfig.conf: |-

apiVersion: v1

kind: Config

clusters:

- cluster:

certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

server: https://k8s-master1:6443

contexts:

- context:

cluster: default

namespace: default

user: default

current-context: default

users:

- name: default

user:

tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token

kind: ConfigMap

metadata:

annotations:

kubeadm.kubernetes.io/component-config.hash: sha256:f05831b04e753d2156bb03807c5010d525db30cce0001fe0b94f1bdaa386e01f

creationTimestamp: "2021-09-06T16:27:44Z"

labels:

app: kube-proxy

managedFields:

- apiVersion: v1

fieldsType: FieldsV1

fieldsV1:

f:data:

.: {}

f:kubeconfig.conf: {}

f:metadata:

f:annotations:

.: {}

f:kubeadm.kubernetes.io/component-config.hash: {}

f:labels:

.: {}

f:app: {}

manager: kubeadm

operation: Update

time: "2021-09-06T16:27:44Z"

- apiVersion: v1

fieldsType: FieldsV1

fieldsV1:

f:data:

f:config.conf: {}

manager: kubectl-edit

operation: Update

time: "2022-02-24T08:36:17Z"

namespace: kube-system

resourceVersion: "54983"

selfLink: /api/v1/namespaces/kube-system/configmaps/kube-proxy

uid: 77b596d7-d144-4c27-bac7-12b3a34ef23a

2.创建deployment和svc：

[root@k8s-master1 ~]# kubectl create deployment nginx-test --image=nginx

[root@k8s-master1 ~]# kubectl expose deployment nginx-test --port=8083 --target=80

3.查看生成的pods和svc

[root@k8s-master1 ~]# sz -be kube-proxy.yaml

OO[root@k8s-master1 ~]# kubectl get pods,deployment,svc

NAME READY STATUS RESTARTS AGE

pod/nginx-test-795d659f45-9srrf 1/1 Running 0 73m

NAME READY UP-TO-DATE AVAILABLE AGE

deployment.apps/nginx-test 1/1 1 1 81m

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 170d

service/nginx-test ClusterIP 10.96.23.82 <none> 8083/TCP 78m

4.查看当前生成的规则：

[root@k8s-node1 ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 10.96.0.1:443 rr

-> 192.168.41.128:6443 Masq 1 0 0

TCP 10.96.0.10:53 rr

-> 10.100.169.129:53 Masq 1 0 0

-> 10.100.169.130:53 Masq 1 0 0

TCP 10.96.0.10:9153 rr

-> 10.100.169.129:9153 Masq 1 0 0

-> 10.100.169.130:9153 Masq 1 0 0

TCP 10.96.23.82:8083 rr

-> 10.100.36.67:80 Masq 1 0 0

UDP 10.96.0.10:53 rr

-> 10.100.169.129:53 Masq 1 0 0

-> 10.100.169.130:53 Masq 1 0 0

5.增加ipvs规则：

ipvsadm -a -t 10.96.23.82:8083 -r 10.100.36.68:80 -m

6.再次查看当前生成的规则：

[root@k8s-node1 ~]# ipvsadm -a -t 10.96.23.82:8083 -r 10.100.36.68:80 -m

[root@k8s-node1 ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 10.96.0.1:443 rr

-> 192.168.41.128:6443 Masq 1 0 0

TCP 10.96.0.10:53 rr

-> 10.100.169.129:53 Masq 1 0 0

-> 10.100.169.130:53 Masq 1 0 0

TCP 10.96.0.10:9153 rr

-> 10.100.169.129:9153 Masq 1 0 0

-> 10.100.169.130:9153 Masq 1 0 0

TCP 10.96.23.82:8083 rr

-> 10.100.36.67:80 Masq 1 0 0

-> 10.100.36.68:80 Masq 1 0 0

UDP 10.96.0.10:53 rr

-> 10.100.169.129:53 Masq 1 0 0

-> 10.100.169.130:53 Masq 1 0 0

结论:kube-proxy的ipvs工作模式，默认使用的是nat模式，调度算法为轮询rr