51工具盒子

依楼听风雨
笑看云卷云舒,淡观潮起潮落

切换kube-proxy的工作模式为ipvs

工作中把kube-proxy 的工作模式 更换为 ips

svc底层是由kube-proxy实现路由规则编写的,默认基于iptables实现,生产环境中建议使用ipvs。

1.查看kube-proxy默认的工作模式

kubectl  get all -A

![](http://static.51tbox.com/static/2024-08-29/col/53e9d090813db85965ba79b49bb83ac9/abc9eedbd6de48c1acdccda3bbc934d8.png.jpg)

kubectl -n kube-system logs -f kube-proxy-4kp2v

2.修改默认的工作模式

 kubectl -n kube-system edit  cm kube-proxy

kubectl -n kube-system get cm kube-proxy -o yaml | grep mode

查看是否生效

需要安装一个工具:

3.所有节点安装ipvs相关模块管理工具

3.1 所有worker节点安装ipvs相关组件

yum -y install conntrack-tools ipvsadm.x86_64 

3.2 编写加载ipvs的配置文件

cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash

modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF

3.3 加载ipvs相关模块并查看

chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

4.重启Pod让其cm的配置生效

 kubectl -n kube-system get pods| grep kube-proxy

 kubectl -n kube-system delete pods  `kubectl -n kube-system get pods| grep kube-proxy| awk '{print $1}'`

kubectl -n kube-system get pods| grep kube-proxy

5.验证是否生效

kubectl -n kube-system logs -f kube-proxy-4l6zv

6.查看svc的映射基于ipvs

kubectl get svc

ipvsadm -ln | grep 10.200.100.100 -A 

kubectl describe svc myweb


svc底层是由kube-proxy实现路由规则编写的,默认基于iptables实现,生产环境中建议使用ipvs。

[root@master231 services]# kubectl describe svc myweb-nodeport 
Name:                     myweb-nodeport
Namespace:                default
Labels:                   <none>
Annotations:              <none>
Selector:                 apps=web
Type:                     NodePort
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.200.63.220
IPs:                      10.200.63.220
Port:                     <unset>  8888/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  31251/TCP
Endpoints:                10.100.1.78:80,10.100.1.79:80,10.100.2.97:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>
[root@master231 services]# 
[root@master231 services]# 
[root@master231 services]# iptables-save | grep 10.200.63.220
-A KUBE-SERVICES -d 10.200.63.220/32 -p tcp -m comment --comment "default/myweb-nodeport cluster IP" -m tcp --dport 8888 -j KUBE-SVC-LX25QHSHDI4TEKI3
-A KUBE-SVC-LX25QHSHDI4TEKI3 ! -s 10.100.0.0/16 -d 10.200.63.220/32 -p tcp -m comment --comment "default/myweb-nodeport cluster IP" -m tcp --dport 8888 -j KUBE-MARK-MASQ
[root@master231 services]# 
[root@master231 services]# 
[root@master231 services]# iptables-save | grep KUBE-SVC-LX25QHSHDI4TEKI3
:KUBE-SVC-LX25QHSHDI4TEKI3 - [0:0]
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/myweb-nodeport" -m tcp --dport 31251 -j KUBE-SVC-LX25QHSHDI4TEKI3
-A KUBE-SERVICES -d 10.200.63.220/32 -p tcp -m comment --comment "default/myweb-nodeport cluster IP" -m tcp --dport 8888 -j KUBE-SVC-LX25QHSHDI4TEKI3
-A KUBE-SVC-LX25QHSHDI4TEKI3 ! -s 10.100.0.0/16 -d 10.200.63.220/32 -p tcp -m comment --comment "default/myweb-nodeport cluster IP" -m tcp --dport 8888 -j KUBE-MARK-MASQ
-A KUBE-SVC-LX25QHSHDI4TEKI3 -p tcp -m comment --comment "default/myweb-nodeport" -m tcp --dport 31251 -j KUBE-MARK-MASQ
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -m statistic --mode random --probability 0.33333333349 -j KUBE-SEP-FIKLFIYEFMG2BSS7
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-TVJF4Y3SYPB22W4V
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -j KUBE-SEP-7AODK3HGVAHTE2EV
[root@master231 services]# 
[root@master231 services]# 
[root@master231 services]# 
[root@master231 services]# iptables-save | grep KUBE-SEP-FIKLFIYEFMG2BSS7
:KUBE-SEP-FIKLFIYEFMG2BSS7 - [0:0]
-A KUBE-SEP-FIKLFIYEFMG2BSS7 -s 10.100.1.78/32 -m comment --comment "default/myweb-nodeport" -j KUBE-MARK-MASQ
-A KUBE-SEP-FIKLFIYEFMG2BSS7 -p tcp -m comment --comment "default/myweb-nodeport" -m tcp -j DNAT --to-destination 10.100.1.78:80
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -m statistic --mode random --probability 0.33333333349 -j KUBE-SEP-FIKLFIYEFMG2BSS7
[root@master231 services]# 
[root@master231 services]# iptables-save | grep KUBE-SEP-TVJF4Y3SYPB22W4V
:KUBE-SEP-TVJF4Y3SYPB22W4V - [0:0]
-A KUBE-SEP-TVJF4Y3SYPB22W4V -s 10.100.1.79/32 -m comment --comment "default/myweb-nodeport" -j KUBE-MARK-MASQ
-A KUBE-SEP-TVJF4Y3SYPB22W4V -p tcp -m comment --comment "default/myweb-nodeport" -m tcp -j DNAT --to-destination 10.100.1.79:80
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-TVJF4Y3SYPB22W4V
[root@master231 services]# 
[root@master231 services]# iptables-save | grep KUBE-SEP-7AODK3HGVAHTE2EV
:KUBE-SEP-7AODK3HGVAHTE2EV - [0:0]
-A KUBE-SEP-7AODK3HGVAHTE2EV -s 10.100.2.97/32 -m comment --comment "default/myweb-nodeport" -j KUBE-MARK-MASQ
-A KUBE-SEP-7AODK3HGVAHTE2EV -p tcp -m comment --comment "default/myweb-nodeport" -m tcp -j DNAT --to-destination 10.100.2.97:80
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -j KUBE-SEP-7AODK3HGVAHTE2EV
[root@master231 services]# 
赞(0)
未经允许不得转载:工具盒子 » 切换kube-proxy的工作模式为ipvs