Shulou(Shulou.com)06/03 Report--

Kubernetes V1.17 enables topology-aware service routing 1. Noun explanation: topology domain: indicates a node in the cluster, an operable area, that is, a topology domain name. Endpoint: IP-Port is generally the ip+port of pod in Node. Service: a group of pod relying on labelselector, which plays the role of balanced distribution management of traffic. 2. Open ServiceTopology and Endpointslice cluster versions for all components. Kube-proxy runs in iptables or IPVS mode above V1.17 (only these two modes are implemented in the alpha phase). The service resource of Service K8S, associated with a set of endpoint, must be sent to a certain endpoint. Enable Endpoint Slices to open the Feature gate:--feature-gates=ServiceTopology=true of ServiceTopology and Endpointslice for all components EndpointSlice=true 3, kube-apiserver components modify kube-apiserver pre-startup OwnerReferencesPermissionEnforcement plug-in please delete or always prompt Warning FailedToUpdateEndpointSlices 8m24s (x7 over 11m) endpoint-slice-controller (combined from similar events): Error updating EndpointSlices for Service kube-system/kube-dns: Error creating EndpointSlice for Service kube-system/kube-dns: endpointslices.discovery.k8s.io "kube-dns-x8qmh" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: 4. Update the configuration file and restart all components 5. Verify whether the endpointslices is normal root@Qist:/opt/kube14# kubectl get endpointslicesNAME ADDRESSTYPE PORTS ENDPOINTS AGEkube-dns-kh6ls IPv4 53Power9153 15mmetrics-server-gqgqm IPv4 53 10.83.98.136 15mmetrics-server-gqgqm IPv4 443 10.93.92.195 15m6, Verify that ServiceTopology adds the topologyKeys field to the Service spec Indicates the list of topology domains selected for the Service priority, and the key corresponding to the node label When you visit this Service, you will find whether the endpoint has the topology information of the corresponding topology key and the value is the same as the current node. If so, select this topology key as the current forwarding topology domain, and filter out all the remaining endpoint in this topology domain for forwarding; if no endpoint is found in the current topology key corresponding topology domain, a second topology key will be tried, and so on. If you traverse all the topology key and do not match the endpoint, you will refuse to forward it, just as the service does not have a backend endpoint. There is a special topology key "*" that matches all endpoint. If the topologyKeys contains *, it must be at the end of the list, usually when there is no match to the appropriate topology domain to achieve the nearest forwarding, and can be forwarded to any endpoint. The current topology key supports the following possible values (more will be added in the future): kubernetes.io/hostname: the hostname of the node, which is usually placed first in the list, indicating that if the native has an endpoint, it will be forwarded directly to the native endpoint. Topology.kubernetes.io/zone: the availability zone where the node is located, which is usually placed after the kubernetes.io/hostname, which means that if the local machine does not have a corresponding endpoint, it will be forwarded to the endpoint on other nodes in the current availability zone (some cloud vendors will charge additional traffic fees for communicating across the availability zone). Topology.kubernetes.io/region: indicates the region in which the node is located and the endpoint forwarded to the current region. This should be used less, because usually all nodes in the cluster will only be in the same region. If the nodes cross regions, the communication delay between nodes will be very high. *: ignore the topology domain and match all endpoint, which is equivalent to a guaranteed policy to avoid packet loss and can only be placed at the end of the list. TopologyKeys is incompatible with externalTrafficPolicy=Local and is mutually exclusive. If externalTrafficPolicy is Local, you cannot define topologyKeys, and vice versa. Topology key must be in legal label format and a maximum of 16 key must be defined. # take kube-dns as an example:-apiVersion: v1kind: Servicemetadata: name: kube-dns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "CoreDNS" spec: selector: k8s-app: kube-dns clusterIP: 192.66.0.2 topologyKeys: ["kubernetes.io/hostname", "topology.kubernetes.io/zone" "*"] # add parameter ports:-name: dns port: 53 protocol: UDP-name: dns-tcp port: 53 protocol: TCP-name: metrics port: 9153 protocol: TCP# verify whether ServiceTopology is valid or not. Node node root@k8s-master-01:~# ipvsadm-Ln without kube-dns container node | grep: 53TCP 10.66.0.2 protocol 53 rr-> 10.83.98.13653 Masq 100-> 10.90.153.135 0UDP 53 Masq 10 0UDP 10.66.0.2 0UDP 53 rr-> 10.83.98.136 0UDP 53 Masq 100-> 10.90.153.135 0UDP 53 Masq 10 has a kube-dns container section Click [root@k8s-node-09 ~] # ipvsadm-Ln | grep: 53TCP 10.66.0.253TCP 53 Masq-> 10.90.153.135 53TCP 53 rr-> 10.90.153.135 53TCP 53 Masq 10 is the current node node container IP directly

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.