切换kube-proxy的工作模式为ipvs-白眉大叔

工作中把kube-proxy 的工作模式更换为 ips

svc底层是由kube-proxy实现路由规则编写的，默认基于iptables实现，生产环境中建议使用ipvs。

1.查看kube-proxy默认的工作模式

kubectl  get all -A

kubectl -n kube-system logs -f kube-proxy-4kp2v

2.修改默认的工作模式

 kubectl -n kube-system edit  cm kube-proxy

kubectl -n kube-system get cm kube-proxy -o yaml | grep mode

查看是否生效

需要安装一个工具：

3.所有节点安装ipvs相关模块管理工具

3.1 所有worker节点安装ipvs相关组件

yum -y install conntrack-tools ipvsadm.x86_64

3.2 编写加载ipvs的配置文件

cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash

modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF

3.3 加载ipvs相关模块并查看

chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

4.重启Pod让其cm的配置生效

 kubectl -n kube-system get pods| grep kube-proxy

 kubectl -n kube-system delete pods  `kubectl -n kube-system get pods| grep kube-proxy| awk '{print $1}'`

kubectl -n kube-system get pods| grep kube-proxy

5.验证是否生效

kubectl -n kube-system logs -f kube-proxy-4l6zv

6.查看svc的映射基于ipvs

kubectl get svc

ipvsadm -ln | grep 10.200.100.100 -A

kubectl describe svc myweb

svc底层是由kube-proxy实现路由规则编写的，默认基于iptables实现，生产环境中建议使用ipvs。

[root@master231 services]# kubectl describe svc myweb-nodeport 
Name:                     myweb-nodeport
Namespace:                default
Labels:                   <none>
Annotations:              <none>
Selector:                 apps=web
Type:                     NodePort
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.200.63.220
IPs:                      10.200.63.220
Port:                     <unset>  8888/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  31251/TCP
Endpoints:                10.100.1.78:80,10.100.1.79:80,10.100.2.97:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>
[root@master231 services]# 
[root@master231 services]# 
[root@master231 services]# iptables-save | grep 10.200.63.220
-A KUBE-SERVICES -d 10.200.63.220/32 -p tcp -m comment --comment "default/myweb-nodeport cluster IP" -m tcp --dport 8888 -j KUBE-SVC-LX25QHSHDI4TEKI3
-A KUBE-SVC-LX25QHSHDI4TEKI3 ! -s 10.100.0.0/16 -d 10.200.63.220/32 -p tcp -m comment --comment "default/myweb-nodeport cluster IP" -m tcp --dport 8888 -j KUBE-MARK-MASQ
[root@master231 services]# 
[root@master231 services]# 
[root@master231 services]# iptables-save | grep KUBE-SVC-LX25QHSHDI4TEKI3
:KUBE-SVC-LX25QHSHDI4TEKI3 - [0:0]
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/myweb-nodeport" -m tcp --dport 31251 -j KUBE-SVC-LX25QHSHDI4TEKI3
-A KUBE-SERVICES -d 10.200.63.220/32 -p tcp -m comment --comment "default/myweb-nodeport cluster IP" -m tcp --dport 8888 -j KUBE-SVC-LX25QHSHDI4TEKI3
-A KUBE-SVC-LX25QHSHDI4TEKI3 ! -s 10.100.0.0/16 -d 10.200.63.220/32 -p tcp -m comment --comment "default/myweb-nodeport cluster IP" -m tcp --dport 8888 -j KUBE-MARK-MASQ
-A KUBE-SVC-LX25QHSHDI4TEKI3 -p tcp -m comment --comment "default/myweb-nodeport" -m tcp --dport 31251 -j KUBE-MARK-MASQ
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -m statistic --mode random --probability 0.33333333349 -j KUBE-SEP-FIKLFIYEFMG2BSS7
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-TVJF4Y3SYPB22W4V
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -j KUBE-SEP-7AODK3HGVAHTE2EV
[root@master231 services]# 
[root@master231 services]# 
[root@master231 services]# 
[root@master231 services]# iptables-save | grep KUBE-SEP-FIKLFIYEFMG2BSS7
:KUBE-SEP-FIKLFIYEFMG2BSS7 - [0:0]
-A KUBE-SEP-FIKLFIYEFMG2BSS7 -s 10.100.1.78/32 -m comment --comment "default/myweb-nodeport" -j KUBE-MARK-MASQ
-A KUBE-SEP-FIKLFIYEFMG2BSS7 -p tcp -m comment --comment "default/myweb-nodeport" -m tcp -j DNAT --to-destination 10.100.1.78:80
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -m statistic --mode random --probability 0.33333333349 -j KUBE-SEP-FIKLFIYEFMG2BSS7
[root@master231 services]# 
[root@master231 services]# iptables-save | grep KUBE-SEP-TVJF4Y3SYPB22W4V
:KUBE-SEP-TVJF4Y3SYPB22W4V - [0:0]
-A KUBE-SEP-TVJF4Y3SYPB22W4V -s 10.100.1.79/32 -m comment --comment "default/myweb-nodeport" -j KUBE-MARK-MASQ
-A KUBE-SEP-TVJF4Y3SYPB22W4V -p tcp -m comment --comment "default/myweb-nodeport" -m tcp -j DNAT --to-destination 10.100.1.79:80
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-TVJF4Y3SYPB22W4V
[root@master231 services]# 
[root@master231 services]# iptables-save | grep KUBE-SEP-7AODK3HGVAHTE2EV
:KUBE-SEP-7AODK3HGVAHTE2EV - [0:0]
-A KUBE-SEP-7AODK3HGVAHTE2EV -s 10.100.2.97/32 -m comment --comment "default/myweb-nodeport" -j KUBE-MARK-MASQ
-A KUBE-SEP-7AODK3HGVAHTE2EV -p tcp -m comment --comment "default/myweb-nodeport" -m tcp -j DNAT --to-destination 10.100.2.97:80
-A KUBE-SVC-LX25QHSHDI4TEKI3 -m comment --comment "default/myweb-nodeport" -j KUBE-SEP-7AODK3HGVAHTE2EV
[root@master231 services]#

欢迎来撩：汇总all

1.查看kube-proxy默认的工作模式

2.修改默认的工作模式

查看是否生效

3.所有节点安装ipvs相关模块管理工具

关于白眉大叔linux云计算: 白眉大叔

相关文章

kubernetes 最新版本 -2024年

k8s管理面板：kubepi

使用TenSunS管理Blackbox站点监控

热门文章

1m2是x86还是arm

2docker修改数据存储目录（docker数据目录更改）

3vmware虚拟机安装centos7.9(企业级安装步骤-个人也可以）centos安装

4linux开机自动挂载硬盘

5test