Shulou(Shulou.com)06/02 Report--

One: the relationship between Service,Endpoints and Pod

The Kube-proxy process acquires the Endpoints of each Service to realize the load balancing function of Service

Second: load balancing forwarding rules of Service

Requests to access Service, either by Cluster IP+TargetPort or by Node node IP+NodePort, are redirected to the Kube-proxy listening Service service proxy port by the Iptables rule of the Node node. After receiving the access request from Service, kube-proxy forwards it to the backend Pod according to the load policy.

Third: how kube-proxy works

In many cases, 1.Service is just a concept, but it is the kube-proxy service process that really implements the role of Service.

two。 A kube-proxy service process runs on each Node node.

3. For each TCP type Kubernetes Service,kube-proxy, a SocketServer is established on the local Node node to receive the request, which is then uniformly sent to the port of a Pod at the back end. This process defaults to the Round Robin load balancing algorithm.

4.kube-proxy dynamically creates Service-related Iptables rules during operation, which realize the function of redirecting the request traffic of ClusterIp and NodePort to the proxy port of the corresponding service on the kube-proxy process.

By querying and listening for changes in Service and Endpoints in API Server, 5.kube-proxy establishes a "service proxy object" for each Service and automatically synchronizes it. A service proxy object is a data structure within a kube-proxy program that includes a SockerServer,SocketServer port that listens for this service request and randomly selects a local idle port. In addition, a load balancer, LoadBalancer. LoadBalancer.

6. For the list of Service that has changed, kube-proxy processes it one by one:

a. If the cluster IP is not set, no processing is done, otherwise, a list of all port definitions for that Service is taken.

b. Assign a service proxy object to the Service port and create the relevant Iptables rules for the Service.

c. Update the forwarding address list of the corresponding Service in the load balancer component

7.kube-proxy adds four rule chains to the NAT table of the native Iptables at startup and after listening for changes in Service or Endpoint.

A.KUBE-PORTALS-CONTAINER: access service. Exe from the container via Cluster IP and port number.

B.KUBE-PORTALS-HOST: access service from the host through Cluster IP and port number.

C.KUBE-NODEPORT-CONTAINER: access service. Exe from the container via NODE IP and port number.

D. KUBE-NODEPORT-HOST: access service from the host through Node IP and port number.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.