前文我們了解了k8s上的DemonSet、Job和CronJob控制器的相關話題,回顧請參考:https://www.cnblogs.com/qiuhom-1874/p/14157306.html;今天我們來了解下k8s上的service資源的相關話題;
Service資源在k8s上主要用來解決pod訪問問題;我們知道在k8s上pod由于各種原因重建,對于重建后的podip地址和名稱都是變化的,這樣一來使得我們訪問pod就變得有些不便;為了解決pod訪問能有一個固定的端點,在k8s上就是用service來解決的;簡單來講,service物件就是作業在節點上的一組iptables或ipvs規則,用于將到達service物件ip地址的流量調度轉發至相應endpoint物件指向的ip地址和埠之上;作業于每個節點的kube-proxy組件通過apiserver持續監控著各service及其關聯的pod物件,并將其創建或變動實時反映至當前作業節點上相應的iptables或ipvs規則;其實service和pod或其他資源的關聯,本質上不是直接關聯,它依靠一個中間組件endpoint;endpoint主要作用就是參考后端pod或其他資源(比如k8s外部的服務也可以被endpoint參考);所謂endpoint就是ip地址+埠;
提示:在k8s上kube-proxy它會監視著apiserver上的service資源變動,及時將變動轉化為本機的iptables或ipvs規則;對應客戶端pod訪問對應serverpod,報文首先會從本機的iptables或ipvs規則所匹配,然后再由對應規則邏輯把請求調度到對應的pod上;
service代理模式模式
在k8s上service代理模式有三種,早期的k8s版本(1.1之前包含1.1的版本)默認的代理模式為userspace,后面的版本(1.11起)默認代理模式為ipvs,如果對應ipvs的模塊沒有加載,它會自動降級為iptables;
userspace代理模式
提示:userspace是指Linux作業系統上的用戶空間;在這種代理模型下iptables只是做轉發并不調度,對應調度由kube-proxy完成;userspace這種調度模型用戶請求從內核空間到用戶空間再到內核空間,性能效率比較低下;
iptables代理模式
提示:iptables這種代理模式,對于每個service物件,kube-proxy會創建iptables規則直接捕獲到達Clusterip和port的流量,并將其重定向至當前service物件的后端pod資源;對于每個endpoint物件,service資源會為其創建iptables規則并關聯至挑選的后端pod資源物件;相對于userspace代理模式來說,該模式用戶請求無須在用戶空間和內核空間來回切換,因此效率高效;此種模式下kube-proxy就只負責生成iptalbes規則,調度有iptables規則完成;
ipvs代理模式
提示:ipvs代理模式,kube-proxy會跟蹤apiserver上service和endpoint物件的變動,據此來呼叫netlink介面創建ipvs規則,并確保與apiserver中的變動保持同步;這種模式與iptables的模式不同之處僅在于其請求調度由ipvs完成,余下其他功能仍由iptables完成;比如流量捕獲,nat等等功能都會由iptables完成;ipvs代理模型類似iptables模型,ipvs構建于netfilter的鉤子函式之上,但它使用hash表作為底層資料結構并作業于內核空間,因此具有流量轉發速度快,規則同步性能好的特點,除此之外,ipvs還支持眾多調度演算法,比如rr,lc,sh,dh等等;
service型別
在k8s上service的型別有4種,第一種是clusterIP,我們在創建service資源時,如果不指定其type型別,默認就是clusterip;第二種是NodePort型別,第三種是LoadBalancer,第四種是ExternalName;不同型別的service,其功能和作用也有所不同;
ClusterIP
提示:如上所示,ClusterIP型別的service就是在k8s節點上創建一個滿足serviceip地址的iptables或ipvs規則;這種型別的service的ip地址一定是我們在初始化集群時,指定的service網路(10.96.0.0/12)中的地址;這也意味著這種型別service不能被集群外部客戶端所訪問,僅能在集群節點上訪問;
NodePort
提示:NodePort型別的service,是建構在ClusterIP的基礎上做的擴展,主要解決了集群外部客戶端訪問問題;如上圖所示,NodePort型別service在創建時,它會每個節點上創建一條DNAT規則,外部客戶端訪問集群任意節點的指定埠,都會被DNAT到對應的service上,從而實作訪問集群內部Pod;對于集群內部客戶端的訪問它還是通過ClusterIP進行的;NodePort型別service與ClusterIP型別service唯一不同的是,NodePort型別service能夠被外部客戶端所訪問,在集群每個節點上都有對應的DNAT規則;
LoadBalancer
提示:LoadBalancer這種型別的service是在NodePort的基礎上做的擴展,這種型別service只能在底層是云環境的K8s上創建,如果底層是非云環境,這種型別無法實作,只能手動搭建反向代理進行對NodePort型別的service進行反代;它主要解決NodePort型別service被集群外部訪問時的埠映射以及負載;
ExternalName
提示:ExternalName這種型別service主要用來解決對應service參考集群外部的服務;我們知道對于service來說,它就是一條iptables或ipvs規則,對于后端參考的資源是什么,取決于對應endpoint關聯的是什么資源的ip地址和埠;如果我們需要在集群中使用集群外部的服務,我們就可以創建ExternalName型別的service,指定后端關聯外部某個服務端ip地址或域名即可;它的作業流程如上圖所示,在集群內部客戶端訪問對應service時,首先要去core-DNS上查詢對應域名的ip地址,然后再根據dns回傳的ip地址去連接對應的服務;使用這種型別service的前提是對應的coredns能夠連接到外部網路決議對應的域名;
service資源的創建
示例:創建ClusterIP型別的service
[root@master01 ~]# cat ngx-dep-svc-demo.yaml
apiVersion: v1
kind: Service
metadata:
name: ngx-dep-svc
namespace: default
spec:
ports:
- name: http
port: 80
targetPort: 80
selector:
app: ngx-dep-pod
[root@master01 ~]#
提示:在創建service資源時,主要要需要在spec欄位中指定port和targetPort,port是service的埠,targetPort是后端資源的埠;其次就是需要定義標簽選擇器,這里的標簽選擇器用selector欄位指定,它的值是一個字典,即kv鍵值對;默認不指定type型別就是使用的ClusterIP型別,默認不指定ClusterIP就表示自動生成對應的ClusterIP;
應用資源清單
[root@master01 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 40h [root@master01 ~]# kubectl apply -f ngx-dep-svc-demo.yaml service/ngx-dep-svc created [root@master01 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 40h ngx-dep-svc ClusterIP 10.107.159.92 <none> 80/TCP 5s [root@master01 ~]#
驗證:訪問對應的ClusterIP看看是否能夠訪問到對應的資源?
[root@master01 ~]# curl 10.107.159.92
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master01 ~]#
提示:可以看到訪問對應serviceip地址能夠訪問到對應的pod;
查看service詳細資訊
[root@master01 ~]# kubectl describe svc ngx-dep-svc Name: ngx-dep-svc Namespace: default Labels: <none> Annotations: <none> Selector: app=ngx-dep-pod Type: ClusterIP IP Families: <none> IP: 10.107.159.92 IPs: 10.107.159.92 Port: http 80/TCP TargetPort: 80/TCP Endpoints: 10.244.2.93:80,10.244.3.86:80,10.244.4.14:80 Session Affinity: None Events: <none> [root@master01 ~]#
提示:可以看到對應service的type型別為ClusterIP,port為80,targetPort為80,endpoins對應了3個podip地址+targetPort;其實在創建service時,系統默認會創建一個同service相同名稱的endpoints;
查看endpoints
[root@master01 ~]# kubectl get endpoints
NAME ENDPOINTS AGE
kubernetes 192.168.0.41:6443 40h
ngx-dep-svc 10.244.2.93:80,10.244.3.86:80,10.244.4.14:80 4m53s
[root@master01 ~]# kubectl describe endpoints/ngx-dep-svc
Name: ngx-dep-svc
Namespace: default
Labels: <none>
Annotations: endpoints.kubernetes.io/last-change-trigger-time: 2020-12-20T08:50:52Z
Subsets:
Addresses: 10.244.2.93,10.244.3.86,10.244.4.14
NotReadyAddresses: <none>
Ports:
Name Port Protocol
---- ---- --------
http 80 TCP
Events: <none>
[root@master01 ~]#
提示:可以看到ngx-dep-svc這個endpoint關聯了3個podip地址;
示例:創建NodePort型別service
[root@master01 ~]# cat ngx-dep-svc-demo.yaml
apiVersion: v1
kind: Service
metadata:
name: ngx-dep-svc-nodeport
namespace: default
spec:
ports:
- name: http
port: 80
nodePort: 30080
targetPort: 80
selector:
app: ngx-dep-pod
type: NodePort
[root@master01 ~]#
提示:創建nodeport型別service需要在spec欄位中使用type欄位來指定其型別為NodePort;只有type的值為NodePort,對應ports欄位中指定的nodePort 才有意義,默認不指定它會隨機生成一個埠,指定nodePort就相當于固定了埠;通常不建議指定nodePort;
應用資源配置清單
[root@master01 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 40h ngx-dep-svc ClusterIP 10.107.159.92 <none> 80/TCP 21m [root@master01 ~]# kubectl apply -f ngx-dep-svc-demo.yaml service/ngx-dep-svc-nodeport created [root@master01 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 40h ngx-dep-svc ClusterIP 10.107.159.92 <none> 80/TCP 21m ngx-dep-svc-nodeport NodePort 10.97.166.233 <none> 80:30080/TCP 4s [root@master01 ~]#
提示:可以看到nodeport型別的service,對應port就有兩個值,后面的30080就是外部客戶端訪問集群內部資源的埠;
驗證:使用瀏覽器訪問k8s任意節點的30080埠,看看是否能夠訪問到對應的pod?
提示:可以看到集群外部客戶端可以通過訪問集群節點上的一個埠實作訪問對應集群內部資源;
示例:創建ExternalName型別service
[root@master01 ~]# cat externalname-svc.yaml
kind: Service
apiVersion: v1
metadata:
name: external-www-svc
spec:
type: ExternalName
externalName: www.qiuhom.com
ports:
- protocol: TCP
port: 80
targetPort: 80
nodePort: 0
selector: {}
[root@master01 ~]#
提示:以上配置清單表示創建一個名為external-www-svc的Service,對應Service的型別為ExternalName;參考外部服務為www.qiuhom.com;
應用資源配置清單
[root@master01 ~]# kubectl apply -f externalname-svc.yaml service/external-www-svc created [root@master01 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE external-www-svc ExternalName <none> www.qiuhom.com 80/TCP 6s kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 43h ngx-dep-svc ClusterIP 10.107.159.92 <none> 80/TCP 3h27m ngx-dep-svc-nodeport NodePort 10.97.166.233 <none> 80:30080/TCP 3h2m [root@master01 ~]# kubectl describe svc/external-www-svc Name: external-www-svc Namespace: default Labels: <none> Annotations: <none> Selector: <none> Type: ExternalName IP Families: <none> IP: IPs: <none> External Name: www.qiuhom.com Port: <unset> 80/TCP TargetPort: 80/TCP Endpoints: <none> Session Affinity: None Events: <none> [root@master01 ~]#
提示:可以看到應用配置清單以后,service詳細資訊中,沒有標簽,沒有選擇器,沒有ip地址;只有externalName和對應targetPort;
測驗:把dns服務器地址指向coredns,然后訪問對應服務名稱,看看對應服務是否會有回應?
[root@master01 ~]# kubectl get svc -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 12d [root@master01 ~]# cat /etc/resolv.conf # Generated by NetworkManager search k8s.org nameserver 10.96.0.10 [root@master01 ~]# curl external-www-svc.default.svc.cluster.local -I HTTP/1.1 302 Found Server: nginx/1.14.0 (Ubuntu) Date: Sun, 20 Dec 2020 12:33:44 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: keep-alive Vary: Accept-Language, Cookie Location: /accounts/login/?next=/ Content-Language: en [root@master01 ~]#
提示:可以看到訪問對應服務名稱,回應碼是302,說明我們的請求被代理出去了;
進入任意pod內部,使用nslookup查詢coredns上對應服務名稱是否能夠決議?
[root@master01 ~]# kubectl get pods NAME READY STATUS RESTARTS AGE deploy-demo-6d795f958b-6pjgw 1/1 Running 0 3h30m deploy-demo-6d795f958b-m4vfb 1/1 Running 0 3h30m deploy-demo-6d795f958b-qcl6m 1/1 Running 0 3h30m [root@master01 ~]# kubectl exec -it deploy-demo-6d795f958b-6pjgw -- /bin/sh / # nslookup external-www-svc nslookup: can't resolve '(null)': Name does not resolve Name: external-www-svc Address 1: 47.99.205.203 / #
提示:可以看到對應服務名稱也能正常被決議;
示例:創建無頭service
[root@master01 ~]# cat handless-svc-demo.yaml
apiVersion: v1
kind: Service
metadata:
name: handless-svc-demo
namespace: default
spec:
clusterIP: None
ports:
- name: http
port: 80
targetPort: 80
selector:
app: ngx-dep-pod
[root@master01 ~]#
提示:所謂無頭service是指沒有clusterIP的service,我們知道clusterip是service作為訪問后端pod的入口,那么沒有clusterip,它怎么訪問后端pod呢?沒有ip地址我們只能使用名稱來訪問;在k8s上無頭service默認會被coredns把對應名稱的service決議為后端關聯的多個pod地址;
應用資源配置清單
[root@master01 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE external-www-svc ExternalName <none> www.baidu.com 80/TCP 10m kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 43h ngx-dep-svc ClusterIP 10.107.159.92 <none> 80/TCP 3h34m ngx-dep-svc-nodeport NodePort 10.97.166.233 <none> 80:30080/TCP 3h12m [root@master01 ~]# kubectl apply -f handless-svc-demo.yaml service/handless-svc-demo created [root@master01 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE external-www-svc ExternalName <none> www.baidu.com 80/TCP 10m handless-svc-demo ClusterIP None <none> 80/TCP 5s kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 43h ngx-dep-svc ClusterIP 10.107.159.92 <none> 80/TCP 3h34m ngx-dep-svc-nodeport NodePort 10.97.166.233 <none> 80:30080/TCP 3h12m [root@master01 ~]#
提示:可以看到對應service沒有clusterIP;
驗證:進入任意pod,使用名稱訪問service,看看對應名稱是否能夠訪問到pod?
[root@master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
deploy-demo-6d795f958b-6pjgw 1/1 Running 0 3h53m
deploy-demo-6d795f958b-m4vfb 1/1 Running 0 3h53m
deploy-demo-6d795f958b-qcl6m 1/1 Running 0 3h53m
[root@master01 ~]# kubectl exec -it pod/deploy-demo-6d795f958b-m4vfb -- /bin/sh
/ # wget -O - -q handless-svc-demo
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
/ #
提示:在pod內部使用名稱service名稱可以訪問到對應的pod;
驗證:查看coredns是否將對應service名稱決議為對應擁有service指定的標簽選擇器的podip呢?
[root@master01 ~]# kubectl get pod --show-labels -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS deploy-demo-6d795f958b-6pjgw 1/1 Running 0 3h54m 10.244.2.93 node02.k8s.org <none> <none> app=ngx-dep-pod,pod-template-hash=6d795f958b deploy-demo-6d795f958b-m4vfb 1/1 Running 0 3h54m 10.244.4.14 node04.k8s.org <none> <none> app=ngx-dep-pod,pod-template-hash=6d795f958b deploy-demo-6d795f958b-qcl6m 1/1 Running 0 3h54m 10.244.3.86 node03.k8s.org <none> <none> app=ngx-dep-pod,pod-template-hash=6d795f958b [root@master01 ~]# kubectl exec -it pod/deploy-demo-6d795f958b-m4vfb -- /bin/sh / # nslookup handless-svc-demo nslookup: can't resolve '(null)': Name does not resolve Name: handless-svc-demo Address 1: 10.244.4.14 deploy-demo-6d795f958b-m4vfb Address 2: 10.244.3.86 10-244-3-86.ngx-dep-svc-nodeport.default.svc.cluster.local Address 3: 10.244.2.93 10-244-2-93.ngx-dep-svc.default.svc.cluster.local / #
提示:可以看到coredns把對應名稱決議成了3個地址;這三個地址都是對應pod上擁有service指定的標簽選擇器上的標簽的podip地址;
配置k8s使用ipvs代理模式
撰寫加載ipvs相關模塊腳本
[root@master01 ~]# cat /etc/sysconfig/modules/ipvs.modules
#!/bin/bash
ipvs_mods_dir="/usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs"
for mod in $(ls $ipvs_mods_dir | grep -o "^[^.]*"); do
/sbin/modinfo -F filename $mod &> /dev/null
if [ $? -eq 0 ]; then
/sbin/modprobe $mod
fi
done
[root@master01 ~]#
提示:以上腳本主要做了一件事,就是把ipvs_mods_dir所指定的目錄下的所有模塊加載到內核;
給腳本添加執行權限
[root@master01 ~]# ll /etc/sysconfig/modules/ipvs.modules -rw-r--r-- 1 root root 253 Dec 20 18:50 /etc/sysconfig/modules/ipvs.modules [root@master01 ~]# chmod +x /etc/sysconfig/modules/ipvs.modules [root@master01 ~]# ll /etc/sysconfig/modules/ipvs.modules -rwxr-xr-x 1 root root 253 Dec 20 18:50 /etc/sysconfig/modules/ipvs.modules [root@master01 ~]#
復制該腳本到其他節點
[root@master01 ~]# scp -p /etc/sysconfig/modules/ipvs.modules node01:/etc/sysconfig/modules/ipvs.modules ipvs.modules 100% 253 132.8KB/s 00:00 [root@master01 ~]# scp -p /etc/sysconfig/modules/ipvs.modules node02:/etc/sysconfig/modules/ipvs.modules ipvs.modules 100% 253 102.5KB/s 00:00 [root@master01 ~]# scp -p /etc/sysconfig/modules/ipvs.modules node03:/etc/sysconfig/modules/ipvs.modules ipvs.modules 100% 253 80.8KB/s 00:00 [root@master01 ~]# scp -p /etc/sysconfig/modules/ipvs.modules node04:/etc/sysconfig/modules/ipvs.modules ipvs.modules 100% 253 121.0KB/s 00:00 [root@master01 ~]#
提示:把腳本放在/etc/sysconfig/modules目錄下以點modules結尾的腳本,在系統重啟以后,它會自動執行對應目錄下的腳本;
執行腳本,加載模塊
[root@master01 ~]# bash /etc/sysconfig/modules/ipvs.modules [root@master01 ~]# ssh node01 'bash /etc/sysconfig/modules/ipvs.modules' [root@master01 ~]# ssh node02 'bash /etc/sysconfig/modules/ipvs.modules' [root@master01 ~]# ssh node03 'bash /etc/sysconfig/modules/ipvs.modules' [root@master01 ~]# ssh node04 'bash /etc/sysconfig/modules/ipvs.modules' [root@master01 ~]#
驗證:查看對應模塊是否加載?
[root@master01 ~]# lsmod |grep ip_vs ip_vs_wlc 12519 0 ip_vs_sed 12519 0 ip_vs_pe_sip 12697 0 nf_conntrack_sip 33860 1 ip_vs_pe_sip ip_vs_nq 12516 0 ip_vs_lc 12516 0 ip_vs_lblcr 12922 0 ip_vs_lblc 12819 0 ip_vs_ftp 13079 0 ip_vs_dh 12688 0 ip_vs_sh 12688 0 ip_vs_wrr 12697 0 ip_vs_rr 12600 0 ip_vs 141092 26 ip_vs_dh,ip_vs_lc,ip_vs_nq,ip_vs_rr,ip_vs_sh,ip_vs_ftp,ip_vs_sed,ip_vs_wlc,ip_vs_wrr,ip_vs_pe_sip,ip_vs_lblcr,ip_vs_lblc nf_nat 26787 4 ip_vs_ftp,nf_nat_ipv4,xt_nat,nf_nat_masquerade_ipv4 nf_conntrack 133387 8 ip_vs,nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_sip,nf_conntrack_ipv4 libcrc32c 12644 4 xfs,ip_vs,nf_nat,nf_conntrack [root@master01 ~]#
提示:能夠看到以上資訊表示ipvs相關模塊已經加載;
編輯kube-proxy的配置
[root@master01 ~]# kubectl edit cm kube-proxy -n kube-system
修改mode欄位的值為“ipvs”,然后保存退出
洗掉現有k8s kube-proxy pod
[root@master01 ~]# kubectl get pod -n kube-system --show-labels NAME READY STATUS RESTARTS AGE LABELS coredns-7f89b7bc75-k9gdt 1/1 Running 10 12d k8s-app=kube-dns,pod-template-hash=7f89b7bc75 coredns-7f89b7bc75-kp855 1/1 Running 8 12d k8s-app=kube-dns,pod-template-hash=7f89b7bc75 etcd-master01.k8s.org 1/1 Running 11 12d component=etcd,tier=control-plane kube-apiserver-master01.k8s.org 1/1 Running 8 12d component=kube-apiserver,tier=control-plane kube-controller-manager-master01.k8s.org 1/1 Running 9 12d component=kube-controller-manager,tier=control-plane kube-flannel-ds-cx8d5 1/1 Running 12 12d app=flannel,controller-revision-hash=64465d999,pod-template-generation=1,tier=node kube-flannel-ds-jz6r4 1/1 Running 3 46h app=flannel,controller-revision-hash=64465d999,pod-template-generation=1,tier=node kube-flannel-ds-ndzl6 1/1 Running 13 12d app=flannel,controller-revision-hash=64465d999,pod-template-generation=1,tier=node kube-flannel-ds-rjtn9 1/1 Running 14 12d app=flannel,controller-revision-hash=64465d999,pod-template-generation=1,tier=node kube-flannel-ds-zgq92 1/1 Running 12 12d app=flannel,controller-revision-hash=64465d999,pod-template-generation=1,tier=node kube-proxy-8wfcx 1/1 Running 3 46h controller-revision-hash=c449f5b75,k8s-app=kube-proxy,pod-template-generation=1 kube-proxy-dl8jd 1/1 Running 8 12d controller-revision-hash=c449f5b75,k8s-app=kube-proxy,pod-template-generation=1 kube-proxy-lz4zc 1/1 Running 9 12d controller-revision-hash=c449f5b75,k8s-app=kube-proxy,pod-template-generation=1 kube-proxy-pjv9s 1/1 Running 12 12d controller-revision-hash=c449f5b75,k8s-app=kube-proxy,pod-template-generation=1 kube-proxy-pwl5v 1/1 Running 8 12d controller-revision-hash=c449f5b75,k8s-app=kube-proxy,pod-template-generation=1 kube-scheduler-master01.k8s.org 1/1 Running 9 12d component=kube-scheduler,tier=control-plane [root@master01 ~]# kubectl get pod -n kube-system -l k8s-app=kube-proxy NAME READY STATUS RESTARTS AGE kube-proxy-8wfcx 1/1 Running 3 46h kube-proxy-dl8jd 1/1 Running 8 12d kube-proxy-lz4zc 1/1 Running 9 12d kube-proxy-pjv9s 1/1 Running 12 12d kube-proxy-pwl5v 1/1 Running 8 12d [root@master01 ~]# kubectl delete pod -n kube-system -l k8s-app=kube-proxy pod "kube-proxy-8wfcx" deleted pod "kube-proxy-dl8jd" deleted pod "kube-proxy-lz4zc" deleted pod "kube-proxy-pjv9s" deleted pod "kube-proxy-pwl5v" deleted [root@master01 ~]#
提示:kube-proxy是一個ds控制器所管理的pod,它能容忍主節點上的污點在集群每個節點上創建對應pod;我們手動洗掉它,對應控制器會重新新建對應數量的pod,從而實作應用新配置的目的;生產環境不提倡這樣修改,應該在集群初始化前就規劃好使用哪種代理模式;
驗證:在集群任意節點安裝ipvs客戶端工具,看看是否有對應的ipvs規則生成?
安裝ipvsadm
[root@master01 ~]# yum install -y ipvsadm
使用ipvsadm查看是否生成的有ipvs規則?
[root@master01 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.17.0.1:30080 rr -> 10.244.2.93:80 Masq 1 0 0 -> 10.244.3.86:80 Masq 1 0 0 -> 10.244.4.14:80 Masq 1 0 0 TCP 192.168.0.41:30080 rr -> 10.244.2.93:80 Masq 1 0 0 -> 10.244.3.86:80 Masq 1 0 0 -> 10.244.4.14:80 Masq 1 0 0 TCP 10.96.0.1:443 rr -> 192.168.0.41:6443 Masq 1 0 0 TCP 10.96.0.10:53 rr -> 10.244.0.20:53 Masq 1 0 0 -> 10.244.0.21:53 Masq 1 0 0 TCP 10.96.0.10:9153 rr -> 10.244.0.20:9153 Masq 1 0 0 -> 10.244.0.21:9153 Masq 1 0 0 TCP 10.97.166.233:80 rr -> 10.244.2.93:80 Masq 1 0 0 -> 10.244.3.86:80 Masq 1 0 0 -> 10.244.4.14:80 Masq 1 0 0 TCP 10.107.159.92:80 rr -> 10.244.2.93:80 Masq 1 0 0 -> 10.244.3.86:80 Masq 1 0 0 -> 10.244.4.14:80 Masq 1 0 0 TCP 10.244.0.0:30080 rr -> 10.244.2.93:80 Masq 1 0 0 -> 10.244.3.86:80 Masq 1 0 0 -> 10.244.4.14:80 Masq 1 0 0 TCP 10.244.0.1:30080 rr -> 10.244.2.93:80 Masq 1 0 0 -> 10.244.3.86:80 Masq 1 0 0 -> 10.244.4.14:80 Masq 1 0 0 TCP 127.0.0.1:30080 rr -> 10.244.2.93:80 Masq 1 0 0 -> 10.244.3.86:80 Masq 1 0 0 -> 10.244.4.14:80 Masq 1 0 0 UDP 10.96.0.10:53 rr -> 10.244.0.20:53 Masq 1 0 0 -> 10.244.0.21:53 Masq 1 0 0 [root@master01 ~]#
提示:能夠看到有ipvs規則生成,說明此時k8s就是使用的ipvs代理模式;
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/237856.html
標籤:其他