需要使用 ipvs 替换iptables,操作是在所有节点上
1:开启内核支持
| 1 2 3 4 5 6 7 | cat >> /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl -p
|
2:开启ipvs支持
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | yum -y install ipvsadm ipset
# 临时生效
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
# 永久生效
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
|
3:配置kube-proxy,在master上操作,因使用kubeadmin安装,所以操作方式如下
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | [root@master] # kubectl edit cm kube-proxy -n kube-system
configmap/kube-proxy edited
#修改如下
kind: MasterConfiguration
apiVersion: kubeadm.k8s.io/v1alpha1
...
ipvs:
excludeCIDRs: null
minSyncPeriod: 0s
scheduler: ""
syncPeriod: 30s
kind: KubeProxyConfiguration
metricsBindAddress: 127.0.0.1:10249
mode: "ipvs" #修改
|
4:在master重启kube-proxy
| 1 | kubectl get pod -n kube-system | grep kube-proxy | awk '{print $1}' | xargs kubectl delete pod -n kube-system
|
5:验证ipvs是否开启
| 1 2 3 4 5 6 7 8 9 10 11 | [root@k8s-m mytest]# kubectl logs kube-proxy-cvzb4 -n kube-system
I0409 03:37:29.194391 1 server_others.go:170] Using ipvs Proxier.
W0409 03:37:29.194779 1 proxier.go:401] IPVS scheduler not specified, use rr by default
I0409 03:37:29.194981 1 server.go:534] Version: v1.15.3
I0409 03:37:29.214255 1 conntrack.go:52] Setting nf_conntrack_max to 524288
I0409 03:37:29.216744 1 config.go:96] Starting endpoints config controller
I0409 03:37:29.216812 1 controller_utils.go:1029] Waiting for caches to sync for endpoints config controller
I0409 03:37:29.217445 1 config.go:187] Starting service config controller
I0409 03:37:29.218320 1 controller_utils.go:1029] Waiting for caches to sync for service config controller
I0409 03:37:29.318218 1 controller_utils.go:1036] Caches are synced for endpoints config controller
I0409 03:37:29.318564 1 controller_utils.go:1036] Caches are synced for service config controller
|
6:进入pod内,现在可以ping通servicename了,使用iptables时,发现ping的时候出现了如下错误,执行完上述操作,一切正常
| 1 2 3 4 | root@xxxxxx-cb4c9cb8c-hpzdl:/opt# ping xxxxxx
PING xxxxxx.xxxxx.svc.cluster.local (172.16.140.78) 56(84) bytes of data.
From 172.16.8.1 (172.16.8.1) icmp_seq=1 Time to live exceeded
From 172.16.8.1 (172.16.8.1) icmp_seq=2 Time to live exceeded
|
该博客详细介绍了如何在Kubernetes集群中将iptables替换为IPVS作为服务负载均衡器。首先,通过修改`/etc/sysctl.conf`并应用设置来开启内核支持。接着,安装并加载IPVS相关模块。然后,编辑kube-proxy的配置文件,将模式改为ipvs。完成配置后,重启kube-proxy服务,并通过查看kube-proxy日志确认已切换到IPVS模式。最后,验证服务间通信恢复正常,不再出现iptables时的错误。
扫一扫
1万+
到【灌水乐园】发言
