kube-router之负载均衡器

Kube-router是基于Kubernetes网络设计的一个集负载均衡器、防火墙和容器网络的综合方案。

主要功能

1. 基于IPVS/LVS的负载均衡器 | --run-service-proxy

kube-router采用Linux内核的IPVS模块为K8s提供Service的代理。

更多的详情可以参考:

  • Kubernetes network services prox with IPVS/LVS

  • Kernel Load-Balancing for Docker Containers Using IPVS

2. 容器网络 | --run-router

kube-router利用BGP协议和Go的GoBGP库和为容器网络提供直连的方案。因为用了原生的Kubernetes API去构建容器网络,意味着在使用kube-router时,不需要在你的集群里面引入其他依赖。

同样的,kube-router在引入容器CNI时也没有其它的依赖,官方的“bridge”插件就能满足kube-rouetr的需求。

更多关于BGP协议在Kubernetes中的使用可以参考:

  • Kubernetes pod networking and beyond with BGP

3. 网络策略管理 | --run-firewall

采用了kube-router的Kubernetes很容易通过添加标签到kube-router的方式使用网路策略功能。kube-router使用了ipset操作iptables,以保证防火墙的规则对系统性能有较低的影响。

Kube-router支持networking.k8s.io/NetworkPolicy的API或者其他基于网络策略的V1/GA语义。

更多关于kube-router防火墙的功能可以参考:

  • Enforcing Kubernetes network policies with iptables

负载均衡器

kube-router的负载均衡器功能,会在物理机上创建一个虚拟的kube-dummy-if网卡,然后利用k8s的watch APi实时更新svc和ep的信息。svc的cluster_ip会绑定在kube-dummy-if网卡上,作为lvs的virtual server的地址。realserver的ip则通过ep获取到容器的IP地址。

一个单纯的负载均衡器部署如下:

kubw-router.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: kube-router-cfg
  namespace: kube-system
  labels:
    tier: node
    k8s-app: kube-router
data:
  cni-conf.json: |
    {
      "name":"kubernetes",
      "type":"bridge",
      "bridge":"kube-bridge",
      "isDefaultGateway":true,
      "ipam": {
        "type":"host-local"
      }
    }
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: kube-router
  namespace: kube-system
  labels:
    k8s-app: kube-router
spec:
  template:
    metadata:
      labels:
        k8s-app: kube-router
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      containers:
      - name: kube-router
        image: cloudnativelabs/kube-router
        args: ["--run-router=false", "--run-firewall=false", "--run-service-proxy=true", "--kubeconfig=/var/lib/kube-router/kubeconfig", "--masquerade-all", "--ipvs-sync-period=5s", "--iptables-sync-period=10s"]
        securityContext:
          privileged: true
        imagePullPolicy: Always
        env:
        - name: NODE_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        volumeMounts:
        - name: lib-modules
          mountPath: /lib/modules
          readOnly: true
        - name: cni-conf-dir
          mountPath: /etc/kubernetes/cni/net.d
        - name: kubeconfig
          mountPath: /var/lib/kube-router/kubeconfig
          readOnly: true
        - name: cert
          mountPath: /etc/kubernetes/ssl
      initContainers:
      - name: install-cni
        image: busybox
        imagePullPolicy: Always
        command:
        - /bin/sh
        - -c
        - set -e -x;
          if [ ! -f /etc/kubernetes/cni/net.d/10-kuberouter.conf ]; then
            TMP=/etc/kubernetes/cni/net.d/.tmp-kuberouter-cfg;
            cp /etc/kube-router/cni-conf.json ${TMP};
            mv ${TMP} /etc/kubernetes/cni/net.d/10-kuberouter.conf;
          fi
        volumeMounts:
        - name: cni-conf-dir
          mountPath: /etc/kubernetes/cni/net.d
        - name: kube-router-cfg
          mountPath: /etc/kube-router
      hostNetwork: true
      nodeSelector:
        kube: router
      volumes:
      - name: lib-modules
        hostPath:
          path: /lib/modules
      - name: cni-conf-dir
        hostPath:
          path: /etc/kubernetes/cni/net.d
      - name: kube-router-cfg
        configMap:
          name: kube-router-cfg
      - name: kubeconfig
        hostPath:
          path: /var/lib/kube-router/kubeconfig
      - name: cert
        hostPath:
          path: /etc/kubernetes/ssl

调整负载均衡的策略支持以下4种方式:

  • 最少连接数
kubectl annotate service my-service "kube-router.io/service.scheduler=lc"
  • 轮询
kubectl annotate service my-service "kube-router.io/service.scheduler=rr"
  • 源地址哈希
kubectl annotate service my-service "kube-router.io/service.scheduler=sh"
  • 目的地址哈希
kubectl annotate service my-service "kube-router.io/service.scheduler=dh"



作者:Magine1989
链接:https://www.jianshu.com/p/d69b40580c87
 

你可能感兴趣的:(kubernetes)