结论:
IPVS工作模式:dr,nat,ipip(ip tunnel),fullnat
k8s的代理模式如果使用ipvs的话,那么它模式是NAT网络,调度算法为rr轮询。
使用ipvsadm --help可以查看如何使用的工作模式
--real-server -r server-address server-address is host (and port)
--gatewaying -g gatewaying (direct routing) (default)
--ipip -i ipip encapsulation (tunneling)
--masquerading -m masquerading (NAT)
--weight -w weight capacity of real server
实验验证:
1.修改为kube-proxy为ipvs模式:
apiVersion: v1
data:
config.conf: |-
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
bindAddressHardFail: false
clientConnection:
acceptContentTypes: ""
burst: 0
contentType: ""
kubeconfig: /var/lib/kube-proxy/kubeconfig.conf
qps: 0
clusterCIDR: 10.100.0.1/16
configSyncPeriod: 0s
conntrack:
maxPerCore: null
min: null
tcpCloseWaitTimeout: null
tcpEstablishedTimeout: null
detectLocalMode: ""
enableProfiling: false
healthzBindAddress: ""
hostnameOverride: ""
iptables:
masqueradeAll: false
masqueradeBit: null
minSyncPeriod: 0s
syncPeriod: 0s
ipvs:
excludeCIDRs: null
minSyncPeriod: 0s
scheduler: ""
strictARP: false
syncPeriod: 0s
tcpFinTimeout: 0s
tcpTimeout: 0s
udpTimeout: 0s
kind: KubeProxyConfiguration
metricsBindAddress: ""
mode: "ipvs" # 修改为ipvs模式
nodePortAddresses: null
oomScoreAdj: null
portRange: ""
showHiddenMetricsForVersion: ""
udpIdleTimeout: 0s
winkernel:
enableDSR: false
networkName: ""
sourceVip: ""
kubeconfig.conf: |-
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
server: https://k8s-master1:6443
name: default
contexts:
- context:
cluster: default
namespace: default
user: default
name: default
current-context: default
users:
- name: default
user:
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
kind: ConfigMap
metadata:
annotations:
kubeadm.kubernetes.io/component-config.hash: sha256:f05831b04e753d2156bb03807c5010d525db30cce0001fe0b94f1bdaa386e01f
creationTimestamp: "2021-09-06T16:27:44Z"
labels:
app: kube-proxy
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:kubeconfig.conf: {}
f:metadata:
f:annotations:
.: {}
f:kubeadm.kubernetes.io/component-config.hash: {}
f:labels:
.: {}
f:app: {}
manager: kubeadm
operation: Update
time: "2021-09-06T16:27:44Z"
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
f:config.conf: {}
manager: kubectl-edit
operation: Update
time: "2022-02-24T08:36:17Z"
name: kube-proxy
namespace: kube-system
resourceVersion: "54983"
selfLink: /api/v1/namespaces/kube-system/configmaps/kube-proxy
uid: 77b596d7-d144-4c27-bac7-12b3a34ef23a
2.创建deployment和svc:
[root@k8s-master1 ~]# kubectl create deployment nginx-test --image=nginx
[root@k8s-master1 ~]# kubectl expose deployment nginx-test --port=8083 --target=80
3.查看生成的pods和svc
[root@k8s-master1 ~]# sz -be kube-proxy.yaml
OO[root@k8s-master1 ~]# kubectl get pods,deployment,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-test-795d659f45-9srrf 1/1 Running 0 73m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-test 1/1 1 1 81m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 170d
service/nginx-test ClusterIP 10.96.23.82 <none> 8083/TCP 78m
4.查看当前生成的规则:
[root@k8s-node1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.96.0.1:443 rr
-> 192.168.41.128:6443 Masq 1 0 0
TCP 10.96.0.10:53 rr
-> 10.100.169.129:53 Masq 1 0 0
-> 10.100.169.130:53 Masq 1 0 0
TCP 10.96.0.10:9153 rr
-> 10.100.169.129:9153 Masq 1 0 0
-> 10.100.169.130:9153 Masq 1 0 0
TCP 10.96.23.82:8083 rr
-> 10.100.36.67:80 Masq 1 0 0
UDP 10.96.0.10:53 rr
-> 10.100.169.129:53 Masq 1 0 0
-> 10.100.169.130:53 Masq 1 0 0
5.增加ipvs规则:
ipvsadm -a -t 10.96.23.82:8083 -r 10.100.36.68:80 -m
6.再次查看当前生成的规则:
[root@k8s-node1 ~]# ipvsadm -a -t 10.96.23.82:8083 -r 10.100.36.68:80 -m
[root@k8s-node1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.96.0.1:443 rr
-> 192.168.41.128:6443 Masq 1 0 0
TCP 10.96.0.10:53 rr
-> 10.100.169.129:53 Masq 1 0 0
-> 10.100.169.130:53 Masq 1 0 0
TCP 10.96.0.10:9153 rr
-> 10.100.169.129:9153 Masq 1 0 0
-> 10.100.169.130:9153 Masq 1 0 0
TCP 10.96.23.82:8083 rr
-> 10.100.36.67:80 Masq 1 0 0
-> 10.100.36.68:80 Masq 1 0 0
UDP 10.96.0.10:53 rr
-> 10.100.169.129:53 Masq 1 0 0
-> 10.100.169.130:53 Masq 1 0 0
结论:kube-proxy的ipvs工作模式,默认使用的是nat模式,调度算法为轮询rr