搜索 收起

汇总all

编辑

临时总结

您的位置 首页 k8s

切换kube-proxy的工作模式为ipvs

白眉大叔 白眉大叔 发布于 2023年6月20日 评论关闭 阅读(331)

工作中把kube-proxy 的工作模式 更换为 ips

svc底层是由kube-proxy实现路由规则编写的,默认基于iptables实现,生产环境中建议使用ipvs。

1.查看kube-proxy默认的工作模式

kubectl  get all -A


kubectl -n kube-system logs -f kube-proxy-4kp2v

2.修改默认的工作模式

 kubectl -n kube-system edit  cm kube-proxy

 

kubectl -n kube-system get cm kube-proxy -o yaml | grep mode

 

查看是否生效

需要安装一个工具:

3.所有节点安装ipvs相关模块管理工具

3.1 所有worker节点安装ipvs相关组件

yum -y install conntrack-tools ipvsadm.x86_64

3.2 编写加载ipvs的配置文件

cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash

modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF

3.3 加载ipvs相关模块并查看

chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

4.重启Pod让其cm的配置生效

 kubectl -n kube-system get pods| grep kube-proxy

 

 kubectl -n kube-system delete pods  `kubectl -n kube-system get pods| grep kube-proxy| awk '{print $1}'`
kubectl -n kube-system get pods| grep kube-proxy

5.验证是否生效

kubectl -n kube-system logs -f kube-proxy-4l6zv

 

6.查看svc的映射基于ipvs

kubectl get svc
ipvsadm -ln | grep 10.200.100.100 -A 

kubectl describe svc myweb

 

svc底层是由kube-proxy实现路由规则编写的,默认基于iptables实现,生产环境中建议使用ipvs。

 

[root@master231 services]# kubectl describe svc myweb-nodeport 
Name:                     myweb-nodeport
Namespace:                default
Labels:                   <none>
Annotations:              <none>
Selector:                 apps=web
Type:                     NodePort
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.200.63.220
IPs:                      10.200.63.220
Port:                     <unset>  8888/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  31251/TCP
Endpoints:                10.100.1.78:80,10.100.1.79:80,10.100.2.97:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>
[root@master231 services]# 
[root@master231 services]# 
[root@master231 services]# iptables-save | grep 10.200.63.220
-A KUBE-SERVICES -d 10.200.63.220/32 -p tcp -m comment --comment "default/myweb-nodeport cluster IP" -m tcp --dport 8888 -j KUBE-SVC-LX25QHSHDI4TEKI3
-A KUBE-SVC-LX25QHSHDI4TEKI3 ! -s 10.100.0.0/16 -d 10.200.63.220/32 -p tcp -m comment --comment "default/myweb-nodeport cluster IP" -m tcp --dport 8888 -j KUBE-MARK-MASQ
[root@master231 services]# 
[root@master231 services]# 
[root@master231 services]# iptables-save | grep KUBE-SVC-LX25QHSHDI4TEKI3
:KUBE-SVC-LX25QHSHDI4TEKI3 - [0:0]
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/myweb-nodeport" -m tcp --dport 31251 -j KUBE-SVC-LX25QHSHDI4TEKI3
-A KUBE-SERVICES -d 10.200.63.220/32 -p tcp -m comment --comment "default/myweb-nodeport cluster IP" -m tcp --dport 8888 -j KUBE-SVC-LX25QHSHDI4TEKI3
-A KUBE-SVC-LX25QHSHDI4TEKI3 ! -s 10.100.0.0/16 -d 10.200.63.220/32 -p tcp -m comment --comment "default/myweb-nodeport cluster IP" -m tcp --dport 8888 -j KUBE-MARK-MASQ
-A KUBE-SVC-LX25QHSHDI4TEKI3 -p tcp -m comment --comment "default/myweb-nodeport" -m tcp --dport 31251 -j KUBE-MARK-MASQ
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -m statistic --mode random --probability 0.33333333349 -j KUBE-SEP-FIKLFIYEFMG2BSS7
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-TVJF4Y3SYPB22W4V
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -j KUBE-SEP-7AODK3HGVAHTE2EV
[root@master231 services]# 
[root@master231 services]# 
[root@master231 services]# 
[root@master231 services]# iptables-save | grep KUBE-SEP-FIKLFIYEFMG2BSS7
:KUBE-SEP-FIKLFIYEFMG2BSS7 - [0:0]
-A KUBE-SEP-FIKLFIYEFMG2BSS7 -s 10.100.1.78/32 -m comment --comment "default/myweb-nodeport" -j KUBE-MARK-MASQ
-A KUBE-SEP-FIKLFIYEFMG2BSS7 -p tcp -m comment --comment "default/myweb-nodeport" -m tcp -j DNAT --to-destination 10.100.1.78:80
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -m statistic --mode random --probability 0.33333333349 -j KUBE-SEP-FIKLFIYEFMG2BSS7
[root@master231 services]# 
[root@master231 services]# iptables-save | grep KUBE-SEP-TVJF4Y3SYPB22W4V
:KUBE-SEP-TVJF4Y3SYPB22W4V - [0:0]
-A KUBE-SEP-TVJF4Y3SYPB22W4V -s 10.100.1.79/32 -m comment --comment "default/myweb-nodeport" -j KUBE-MARK-MASQ
-A KUBE-SEP-TVJF4Y3SYPB22W4V -p tcp -m comment --comment "default/myweb-nodeport" -m tcp -j DNAT --to-destination 10.100.1.79:80
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-TVJF4Y3SYPB22W4V
[root@master231 services]# 
[root@master231 services]# iptables-save | grep KUBE-SEP-7AODK3HGVAHTE2EV
:KUBE-SEP-7AODK3HGVAHTE2EV - [0:0]
-A KUBE-SEP-7AODK3HGVAHTE2EV -s 10.100.2.97/32 -m comment --comment "default/myweb-nodeport" -j KUBE-MARK-MASQ
-A KUBE-SEP-7AODK3HGVAHTE2EV -p tcp -m comment --comment "default/myweb-nodeport" -m tcp -j DNAT --to-destination 10.100.2.97:80
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -j KUBE-SEP-7AODK3HGVAHTE2EV
[root@master231 services]#

 

欢迎来撩 : 汇总all

点赞(30)
白眉大叔

关于白眉大叔linux云计算: 白眉大叔

相关文章

热门文章

1解决node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.20′ not found (required by node)

点赞(84) 阅读(1,305)

2docker 使用gpu资源

点赞(214) 阅读(1,295)

3k8s 安装Milvus分布式2.0x

点赞(289) 阅读(1,286)

4pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available

点赞(364) 阅读(1,281)

5云原生基础-汇总

点赞(316) 阅读(1,278)