k8s使用ipvs模式

k8s的kube-proxy支持iptables、ipvs 模式,默认是iptables 模式

1、加载内核模快,内核支持:

查看当前系统支持的ip_vs :

[root@node1 ~]# lsmod|grep ip_vs
ip_vs_sh               12688  0 
ip_vs_wrr              12697  0 
ip_vs_rr               12600  0 
ip_vs                 145497  6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack          133095  9 ip_vs,nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_ipv4,nf_conntrack_ipv6
libcrc32c              12644  4 xfs,ip_vs,nf_nat,nf_conntrack

如果没有ipvs的支持,则添加:
modprobe – ip_vs
modprobe – ip_vs_rr
modprobe – ip_vs_wrr
modprobe – ip_vs_sh
modprobe – nf_conntrack_ipv4

2、修改kube-proxy的默认配置:

kubectl edit configmap kube-proxy -n kube-system
ipvs:
excludeCIDRs: null
minSyncPeriod: 0s
scheduler: “”
strictARP: false
syncPeriod: 0s
tcpFinTimeout: 0s
tcpTimeout: 0s
udpTimeout: 0s
kind: KubeProxyConfiguration
metricsBindAddress: “127.0.0.1:10249”
mode: "ipvs"

3、删除原先的kube-proxy的pod,会重新生成新的pod

[root@node1 ~]# kubectl get pods -n kube-system 
NAME                            READY   STATUS    RESTARTS   AGE
etcd-node1                      1/1     Running   2          24h
kube-apiserver-node1            1/1     Running   3          24h
kube-controller-manager-node1   1/1     Running   3          24h
kube-proxy-qfmqg                1/1     Running   1          24h
kube-proxy-sdc9d                1/1     Running   2          24h
kube-scheduler-node1            1/1     Running   3          24h
[root@node1 ~]# kubectl -n kube-system delete pod kube-proxy-qfmqg
[root@node1 ~]# kubectl -n kube-system delete pod kube-proxy-sdc9d  

查看新的kube-proxy pod日志,显示“Using ipvs Proxier” 表示开启了ipvs模式:

[root@node1 ~]# kubectl -n kube-system logs kube-proxy-jw2ct 
I0512 20:46:39.128357       1 node.go:172] Successfully retrieved node IP: 192.168.10.136
I0512 20:46:39.128553       1 server_others.go:142] kube-proxy node IP is an IPv4 address (192.168.10.136), assume IPv4 operation
I0512 20:46:39.153956       1 server_others.go:258] Using ipvs Proxier.
I0512 20:46:39.166860       1 proxier.go:372] missing br-netfilter module or unset sysctl br-nf-call-iptables; proxy may not work as intended
E0512 20:46:39.167001       1 proxier.go:389] can't set sysctl net/ipv4/vs/conn_reuse_mode, kernel version must be at least 4.1
W0512 20:46:39.167105       1 proxier.go:445] IPVS scheduler not specified, use rr by default
I0512 20:46:39.167274       1 server.go:650] Version: v1.20.6

你可能感兴趣的:(k8s,linux)