Shulou(Shulou.com)06/01 Report--

Has never written, through some of their own learning feelings, recorded, looking forward to learning together with the children to maintain and grow up

Directly stamp the topic.

Kubernetes puts forward the concept of service in the network, and the implementation principle is to balance the network by calling iptables through the proxy process on the node node. To put it simply, there are the same iptables rules on each node to help you rotate to the back-end pod, which is a bit like lvs's nat mode.

In addition, kubernetes accesses service from pod, using iptables to do the same rule, and so does node access.

Focus on the official access from the outside to provide 2 ways

A, using the nodeport method of mapping a port to service (each machine is mapped) to the local machine via iptalbes

B, lb is officially provided, but currently this lb only supports google and aws (ordinary users cannot access it)

That's the problem.

How do we access service or pod from the outside?

Method 1, call the backend pod address directly from etcd to implement it. At present, most students use this method.

Method 2, access the service directly from the outside (what I'm doing here is a directly connected route pattern)

5 machines

Master 10.1.11.250 Gateway 10.1.11.254

Add 2 routes 10.1.51.0 gw 24 quagga 10.1.11.1 (learn quagga directly through the quagga software)

10.1.52.0/24 gw 10.1.11.2

Node1 10.1.11.1 Gateway 10.1.11.254 docker network 10.1.51.1 an extra piece of virtual network card 10.1.200.253

10.1.52.0Universe 24 10.1.11.2 (quagga)

Node2 10.1.11.2 Gateway 10.1.11.254 docker network 10.1.52.1 an extra piece of virtual network card 10.1.200.253

10.1.51.0 take 24 10.1.11.1 (quagga)

Gateway router 10.1.11.254 public network 10.1.10.1 (quagga)

10.1.51.0/24 gw 10.1.11.1

10.1.52.0/24 gw 10.1.11.2

Client address 10.1.10.200

Add static route 10.1.200.0 gw 10.1.10.1

Route 10.1.11.0 gw 10.1.10.1

Kubernetes Virtual Network 10.1.200.0Compact 24

Through the settings above, the router reaches 10.1.200.0Universe 24 nexttop 10.1.11.1.

Nexttop 10.1.12.1

Through session cache, simple rotation training distribution can be completed and session consistency can be ensured.

In this way, when I use port 10.1.200.200 5000 of the service released by session, when the route goes to 10.1.11.1 or 11.2, since the proxy has a dnat with port 5000 in advance, then the access is dispatched directly to the backend pod (service Google itself does load balancing)

Equal cost routing is implemented by placing routers above to access different node1 implementation loads.

Text skills are not good, and to put it simply, Google service feels that its implementation uses almost the same directly connected routing scheme as lvs fullnat.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.