哪个服务在kubernetes节点之间进行负载平衡? [英] Which service is doing load balancing between kubernetes nodes?

问题描述

k8s集群的入口点是什么?请求如何从入口点路由到特定容器?

What is the entry point in k8s cluster? How is request routed from entry point to certain container?

推荐答案

这个问题很笼统，您有多种类型的负载均衡器(内部，第三方，入口...)

This question is very general, you have many types of load balancers (internal, 3rd party, Ingresses ...)

但是最好的答案是Kubernetes 服务，因为上述所有方法接力他们.

But the best answer is Kubernetes services since all of the above relays on them.

kubernetes中的一项服务是一组Linux iptables(或IPVS)规则，这些规则将在去往特定IP地址的数据包上执行目标网络地址转换(DNAT).简而言之:

A service in kubernetes is a set of Linux iptables (or IPVS) rules that will execute a Destination Network Address Translation (DNAT) on the packets going to specific Ip addresses. In short:

1-服务将具有一个称为ServiceIP或ClusterIP的虚拟IP地址.

1- A service will have a virtual IP address called ServiceIP or ClusterIP.

2-用户与kubernetes通信 pods (单个容器或使用clusterIP的一组相关容器).

2- The user communicates with kubernetes pods (single container or set of related containers) using the clusterIP.

3-节点中的Iptables将使用

3- The Iptables in the node will forward the packets with the destination ClusteIP to the IP address of the associated Pod using a CNI.

负载均衡是通过iptables完成的，其中每个服务都有一个iptables规则:

The load balancing is done through the iptables, where each service will have an Iptables rule:

 # iptables -t nat -L KUBE-SERVICES 
Chain KUBE-SERVICES (2 references)
target     prot opt source               destination  
KUBE-MARK-MASQ  tcp  -- !10.244.0.0/16        10.104.192.249       /* default/hypriot: cluster IP */ tcp dpt:http
KUBE-SVC-IKNY2FZN6EXMQQCV  tcp  --  anywhere             10.104.192.249       /* default/hypriot: cluster IP */ tcp dpt:http

# kubectl get svc hypriot
NAME      TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
hypriot   ClusterIP   10.104.192.249   <none>        80/TCP    11d

在此示例中，部署虚拟设备具有ClusterIP 10.104.192.249，第二条iptables规则会将具有此目标IP的所有数据包转发给CHAIN KUBE-SVC-IKNY2FZN6EXMQQCV.

For this example, the deployment hypriot have a ClusterIP 10.104.192.249, the second iptables rule will forward all the packets with this destination Ip toward the CHAIN KUBE-SVC-IKNY2FZN6EXMQQCV.

要查看此链将做什么:

# iptables -t nat -L KUBE-SVC-IKNY2FZN6EXMQQCV
Chain KUBE-SVC-IKNY2FZN6EXMQQCV (1 references)
target     prot opt source               destination         
KUBE-SEP-JEK5XLX6ULDDGJAZ  all  --  anywhere             anywhere             /* default/hypriot: */ statistic mode random probability 0.33332999982
KUBE-SEP-WTXTLPWDUQWUHKOF  all  --  anywhere             anywhere             /* default/hypriot: */ statistic mode random probability 0.50000000000
KUBE-SEP-OQ7KPRR3BI2AFITK  all  --  anywhere             anywhere             /* default/hypriot: */

每个KUBE-SEP都是一个Service EndPoint，代表一个Pod的地址，在此部署中，hypriot具有3个副本.

Each of the KUBE-SEP is a Service EndPoint which represents the address of a pod, where for this deployment hypriot has 3 replicas.

# kubectl get endpoints hypriot
NAME      ENDPOINTS                                       AGE
hypriot   10.244.1.14:80,10.244.2.21:80,10.244.3.153:80   11d
# kubectl get po -o wide 
NAME                       READY     STATUS    RESTARTS   AGE       IP             NODE
hypriot-587768b4f5-9dq2k   1/1       Running   0          11d       10.244.2.21    node03
hypriot-587768b4f5-czd86   1/1       Running   0          11d       10.244.3.153   node04
hypriot-587768b4f5-j22sh   1/1       Running   0          11d       10.244.1.14    node02

将选择以下端点之一，并将数据包转发到关联的KUBE-SEP CHAIN:

One of these Endpoints will be chosen and the packet will be forwarded to the associated KUBE-SEP CHAIN:

# iptables -t nat -L KUBE-SEP-JEK5XLX6ULDDGJAZ
Chain KUBE-SEP-JEK5XLX6ULDDGJAZ (1 references)
target     prot opt source               destination         
KUBE-MARK-MASQ  all  --  10.244.1.14          anywhere             /* default/hypriot: */
DNAT       tcp  --  anywhere             anywhere             /* default/hypriot: */ tcp to:10.244.1.14:80

这是最后一块拼图其中DNAT将发生和新的目的地将是选定的荚IP(吊舱在该示例中)，当选择另一个服务端点，分组将被DNATed到另一个吊舱.

This is the last piece of the puzzle where the DNAT will occur and the new destination will be the selected pod IP (10.244.1.14 for the pod hypriot-587768b4f5-j22sh in this example), when another service Endpoint is selected, the packet will be DNATed to another pod.

您可以使用Iptables -v标志来检查所使用的规则，这将有助于您理解过程.

you can use Iptables -v flag to check the rules that are used which will help you in the understanding process.

一些不错的读物: https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/ https://kubernetes.io/docs/concepts/cluster-administration/networking/ https://kubernetes.io/docs/concepts/services -networking/service/#proxy-mode-iptables

Some good reads: https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/ https://kubernetes.io/docs/concepts/cluster-administration/networking/ https://kubernetes.io/docs/concepts/services-networking/service/#proxy-mode-iptables

这篇关于哪个服务在kubernetes节点之间进行负载平衡?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！