{"id":1127,"date":"2022-02-14T17:24:21","date_gmt":"2022-02-14T09:24:21","guid":{"rendered":"https:\/\/www.linuxdevops.cn\/?p=1127"},"modified":"2023-04-07T09:56:00","modified_gmt":"2023-04-07T01:56:00","slug":"kube-proxy-the-core-component-of-kubernetes","status":"publish","type":"post","link":"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/","title":{"rendered":"kubernetes\u6838\u5fc3\u7ec4\u4ef6kube-proxy"},"content":{"rendered":"<p><strong>\u4e00. kube-proxy \u548c service<\/strong> <\/p>\n<p>kube-proxy\u662fKubernetes\u7684\u6838\u5fc3\u7ec4\u4ef6\uff0c\u90e8\u7f72\u5728\u6bcf\u4e2aNode\u8282\u70b9\u4e0a\uff0c\u5b83\u662f\u5b9e\u73b0Kubernetes Service\u7684\u901a\u4fe1\u4e0e\u8d1f\u8f7d\u5747\u8861\u673a\u5236\u7684\u91cd\u8981\u7ec4\u4ef6; kube-proxy\u8d1f\u8d23\u4e3aPod\u521b\u5efa\u4ee3\u7406\u670d\u52a1\uff0c\u4eceapiserver\u83b7\u53d6\u6240\u6709server\u4fe1\u606f\uff0c\u5e76\u6839\u636eserver\u4fe1\u606f\u521b\u5efa\u4ee3\u7406\u670d\u52a1\uff0c\u5b9e\u73b0server\u5230Pod\u7684\u8bf7\u6c42\u8def\u7531\u548c\u8f6c\u53d1\uff0c\u4ece\u800c\u5b9e\u73b0K8s\u5c42\u7ea7\u7684\u865a\u62df\u8f6c\u53d1\u7f51\u7edc\u3002<\/p>\n<p>\u5728k8s\u4e2d\uff0c\u63d0\u4f9b\u76f8\u540c\u670d\u52a1\u7684\u4e00\u7ec4pod\u53ef\u4ee5\u62bd\u8c61\u6210\u4e00\u4e2aservice\uff0c\u901a\u8fc7service\u63d0\u4f9b\u7684\u7edf\u4e00\u5165\u53e3\u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\uff0c\u6bcf\u4e2aservice\u90fd\u6709\u4e00\u4e2a\u865a\u62dfIP\u5730\u5740\uff08VIP\uff09\u548c\u7aef\u53e3\u53f7\u4f9b\u5ba2\u6237\u7aef\u8bbf\u95ee\u3002kube-proxy\u5b58\u5728\u4e8e\u5404\u4e2anode\u8282\u70b9\u4e0a\uff0c\u4e3b\u8981\u7528\u4e8eService\u529f\u80fd\u7684\u5b9e\u73b0\uff0c\u5177\u4f53\u6765\u8bf4\uff0c\u5c31\u662f\u5b9e\u73b0\u96c6\u7fa4\u5185\u7684\u5ba2\u6237\u7aefpod\u8bbf\u95eeservice\uff0c\u6216\u8005\u662f\u96c6\u7fa4\u5916\u7684\u4e3b\u673a\u901a\u8fc7NodePort\u7b49\u65b9\u5f0f\u8bbf\u95eeservice\u3002\u5728\u5f53\u524d\u7248\u672c\u7684k8s\u4e2d\uff0ckube-proxy\u9ed8\u8ba4\u4f7f\u7528\u7684\u662fiptables\u6a21\u5f0f\uff0c\u901a\u8fc7\u5404\u4e2anode\u8282\u70b9\u4e0a\u7684iptables\u89c4\u5219\u6765\u5b9e\u73b0service\u7684\u8d1f\u8f7d\u5747\u8861\uff0c\u4f46\u662f\u968f\u7740service\u6570\u91cf\u7684\u589e\u5927\uff0ciptables\u6a21\u5f0f\u7531\u4e8e\u7ebf\u6027\u67e5\u627e\u5339\u914d\u3001\u5168\u91cf\u66f4\u65b0\u7b49\u7279\u70b9\uff0c\u5176\u6027\u80fd\u4f1a\u663e\u8457\u4e0b\u964d\u3002\u4ecek8s\u76841.8\u7248\u672c\u5f00\u59cb\uff0ckube-proxy\u5f15\u5165\u4e86IPVS\u6a21\u5f0f\uff0cIPVS\u6a21\u5f0f\u4e0eiptables\u540c\u6837\u57fa\u4e8eNetfilter\uff0c\u4f46\u662f\u91c7\u7528\u7684hash\u8868\uff0c\u56e0\u6b64\u5f53service\u6570\u91cf\u8fbe\u5230\u4e00\u5b9a\u89c4\u6a21\u65f6\uff0chash\u67e5\u8868\u7684\u901f\u5ea6\u4f18\u52bf\u5c31\u4f1a\u663e\u73b0\u51fa\u6765\uff0c\u4ece\u800c\u63d0\u9ad8service\u7684\u670d\u52a1\u6027\u80fd\u3002<\/p>\n<p>kube-proxy\u8d1f\u8d23\u4e3aService\u63d0\u4f9bcluster\u5185\u90e8\u7684\u670d\u52a1\u53d1\u73b0\u548c\u8d1f\u8f7d\u5747\u8861\uff0c\u5b83\u8fd0\u884c\u5728\u6bcf\u4e2aNode\u8ba1\u7b97\u8282\u70b9\u4e0a\uff0c\u8d1f\u8d23Pod\u7f51\u7edc\u4ee3\u7406, \u5b83\u4f1a\u5b9a\u65f6\u4eceetcd\u670d\u52a1\u83b7\u53d6\u5230service\u4fe1\u606f\u6765\u505a\u76f8\u5e94\u7684\u7b56\u7565\uff0c\u7ef4\u62a4\u7f51\u7edc\u89c4\u5219\u548c\u56db\u5c42\u8d1f\u8f7d\u5747\u8861\u5de5\u4f5c\u3002\u5728K8s\u96c6\u7fa4\u4e2d\u5fae\u670d\u52a1\u7684\u8d1f\u8f7d\u5747\u8861\u662f\u7531Kube-proxy\u5b9e\u73b0\u7684\uff0c\u5b83\u662fK8s\u96c6\u7fa4\u5185\u90e8\u7684\u8d1f\u8f7d\u5747\u8861\u5668\uff0c\u4e5f\u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u4ee3\u7406\u670d\u52a1\u5668\uff0c\u5728K8s\u7684\u6bcf\u4e2a\u8282\u70b9\u4e0a\u90fd\u6709\u4e00\u4e2a\uff0c\u8fd9\u4e00\u8bbe\u8ba1\u4f53\u73b0\u4e86\u5b83\u7684\u4f38\u7f29\u6027\u4f18\u52bf\uff0c\u9700\u8981\u8bbf\u95ee\u670d\u52a1\u7684\u8282\u70b9\u8d8a\u591a\uff0c\u63d0\u4f9b\u8d1f\u8f7d\u5747\u8861\u80fd\u529b\u7684Kube-proxy\u5c31\u8d8a\u591a\uff0c\u9ad8\u53ef\u7528\u8282\u70b9\u4e5f\u968f\u4e4b\u589e\u591a\u3002<\/p>\n<p>service\u662f\u4e00\u7ec4pod\u7684\u670d\u52a1\u62bd\u8c61\uff0c\u76f8\u5f53\u4e8e\u4e00\u7ec4pod\u7684LB\uff0c\u8d1f\u8d23\u5c06\u8bf7\u6c42\u5206\u53d1\u7ed9\u5bf9\u5e94\u7684pod\u3002service\u4f1a\u4e3a\u8fd9\u4e2aLB\u63d0\u4f9b\u4e00\u4e2aIP\uff0c\u4e00\u822c\u79f0\u4e3acluster IP\u3002kube-proxy\u7684\u4f5c\u7528\u4e3b\u8981\u662f\u8d1f\u8d23service\u7684\u5b9e\u73b0\uff0c\u5177\u4f53\u6765\u8bf4\uff0c\u5c31\u662f\u5b9e\u73b0\u4e86\u5185\u90e8\u4ecepod\u5230service\u548c\u5916\u90e8\u7684\u4ecenode port\u5411service\u7684\u8bbf\u95ee\u3002<\/p>\n<p>\u7b80\u5355\u6765\u8bf4: <\/p>\n<ul>\n<li>kube-proxy\u5176\u5b9e\u5c31\u662f\u7ba1\u7406service\u7684\u8bbf\u95ee\u5165\u53e3\uff0c\u5305\u62ec\u96c6\u7fa4\u5185Pod\u5230Service\u7684\u8bbf\u95ee\u548c\u96c6\u7fa4\u5916\u8bbf\u95eeservice\u3002<\/li>\n<li>kube-proxy\u7ba1\u7406sevice\u7684Endpoints\uff0c\u8be5service\u5bf9\u5916\u66b4\u9732\u4e00\u4e2aVirtual IP\uff0c\u4e5f\u6210\u4e3aCluster IP, \u96c6\u7fa4\u5185\u901a\u8fc7\u8bbf\u95ee\u8fd9\u4e2aCluster IP:Port\u5c31\u80fd\u8bbf\u95ee\u5230\u96c6\u7fa4\u5185\u5bf9\u5e94\u7684serivce\u4e0b\u7684Pod\u3002<\/li>\n<li>service\u662f\u901a\u8fc7Selector\u9009\u62e9\u7684\u4e00\u7ec4Pods\u7684\u670d\u52a1\u62bd\u8c61\uff0c\u5176\u5b9e\u5c31\u662f\u4e00\u4e2a\u5fae\u670d\u52a1\uff0c\u63d0\u4f9b\u4e86\u670d\u52a1\u7684LB\u548c\u53cd\u5411\u4ee3\u7406\u7684\u80fd\u529b\uff0c\u800ckube-proxy\u7684\u4e3b\u8981\u4f5c\u7528\u5c31\u662f\u8d1f\u8d23service\u7684\u5b9e\u73b0\u3002<\/li>\n<li>service\u53e6\u5916\u4e00\u4e2a\u91cd\u8981\u4f5c\u7528\u662f\uff0c\u4e00\u4e2a\u670d\u52a1\u540e\u7aef\u7684Pods\u53ef\u80fd\u4f1a\u968f\u7740\u751f\u5b58\u706d\u4ea1\u800c\u53d1\u751fIP\u7684\u6539\u53d8\uff0cservice\u7684\u51fa\u73b0\uff0c\u7ed9\u670d\u52a1\u63d0\u4f9b\u4e86\u4e00\u4e2a\u56fa\u5b9a\u7684IP\uff0c\u800c\u65e0\u89c6\u540e\u7aefEndpoint\u7684\u53d8\u5316\u3002<\/li>\n<\/ul>\n<p>\u4e3e\u4e2a\u4f8b\u5b50\uff0c\u6bd4\u5982\u73b0\u5728\u6709podA\uff0cpodB\uff0cpodC\u548cserviceAB\u3002serviceAB\u662fpodA\uff0cpodB\u7684\u670d\u52a1\u62bd\u8c61(service)\u3002\u90a3\u4e48kube-proxy\u7684\u4f5c\u7528\u5c31\u662f\u53ef\u4ee5\u5c06pod(\u4e0d\u7ba1\u662fpodA\uff0cpodB\u6216\u8005podC)\u5411serviceAB\u7684\u8bf7\u6c42\uff0c\u8fdb\u884c\u8f6c\u53d1\u5230service\u6240\u4ee3\u8868\u7684\u4e00\u4e2a\u5177\u4f53pod(podA\u6216\u8005podB)\u4e0a\u3002\u8bf7\u6c42\u7684\u5206\u914d\u65b9\u6cd5\u4e00\u822c\u5206\u914d\u662f\u91c7\u7528\u8f6e\u8be2\u65b9\u6cd5\u8fdb\u884c\u5206\u914d\u3002\u53e6\u5916\uff0ckubernetes\u8fd8\u63d0\u4f9b\u4e86\u4e00\u79cd\u5728node\u8282\u70b9\u4e0a\u66b4\u9732\u4e00\u4e2a\u7aef\u53e3\uff0c\u4ece\u800c\u63d0\u4f9b\u4ece\u5916\u90e8\u8bbf\u95eeservice\u7684\u65b9\u5f0f\u3002\u6bd4\u5982\u8fd9\u91cc\u4f7f\u7528\u8fd9\u6837\u7684\u4e00\u4e2amanifest\u6765\u521b\u5efaservice<\/p>\n<pre><code class=\"language-yaml\">apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    name: mysql\n    role: service\n  name: mysql-service\nspec:\n  ports:\n    - port: 3306\n      targetPort: 3306\n      nodePort: 30964\n  type: NodePort\n  selector:\n    mysql-service: &quot;true&quot;<\/code><\/pre>\n<p>\u4e0a\u9762\u914d\u7f6e\u7684\u542b\u4e49\u662f\u5728node\u4e0a\u66b4\u9732\u51fa30964\u7aef\u53e3\u3002\u5f53\u8bbf\u95eenode\u4e0a\u768430964\u7aef\u53e3\u65f6\uff0c\u5176\u8bf7\u6c42\u4f1a\u8f6c\u53d1\u5230service\u5bf9\u5e94\u7684cluster IP\u76843306\u7aef\u53e3\uff0c\u5e76\u8fdb\u4e00\u6b65\u8f6c\u53d1\u5230pod\u76843306\u7aef\u53e3\u3002<\/p>\n<p><strong>Service, Endpoints\u4e0ePod\u7684\u5173\u7cfb<\/strong><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/uPic\/20220214907596-20190628121852780-440182082.png\" alt=\"img\" \/><\/p>\n<p><strong>Kube-proxy\u8fdb\u7a0b\u83b7\u53d6\u6bcf\u4e2aService\u7684Endpoints,\u5b9e\u73b0Service\u7684\u8d1f\u8f7d\u5747\u8861\u529f\u80fd<\/strong><\/p>\n<p><strong>Service\u7684\u8d1f\u8f7d\u5747\u8861\u8f6c\u53d1\u89c4\u5219<\/strong><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/uPic\/20220214907596-20190628135357260-2132881445.png\" alt=\"img\" \/><\/p>\n<p><strong>\u8bbf\u95eeService\u7684\u8bf7\u6c42\uff0c\u4e0d\u8bba\u662fCluster IP+TargetPort\u7684\u65b9\u5f0f\uff1b\u8fd8\u662f\u7528Node\u8282\u70b9IP+NodePort\u7684\u65b9\u5f0f\uff0c\u90fd\u88abNode\u8282\u70b9\u7684Iptables\u89c4\u5219\u91cd\u5b9a\u5411\u5230Kube-proxy\u76d1\u542cService\u670d\u52a1\u4ee3\u7406\u7aef\u53e3\u3002kube-proxy\u63a5\u6536\u5230Service\u7684\u8bbf\u95ee\u8bf7\u6c42\u540e\uff0c\u6839\u636e\u8d1f\u8f7d\u7b56\u7565\uff0c\u8f6c\u53d1\u5230\u540e\u7aef\u7684Pod\u3002<\/strong><\/p>\n<p><strong>\u4e8c. kubernetes\u670d\u52a1\u53d1\u73b0<\/strong><br \/>\nKubernetes\u63d0\u4f9b\u4e86\u4e24\u79cd\u65b9\u5f0f\u8fdb\u884c\u670d\u52a1\u53d1\u73b0, \u5373<strong>\u73af\u5883\u53d8\u91cf<\/strong>\u548c<strong>DNS<\/strong>, \u7b80\u5355\u8bf4\u660e\u5982\u4e0b:<\/p>\n<p>1.<strong>\u73af\u5883\u53d8\u91cf<\/strong>\uff1a \u5f53\u4f60\u521b\u5efa\u4e00\u4e2aPod\u7684\u65f6\u5019\uff0ckubelet\u4f1a\u5728\u8be5Pod\u4e2d\u6ce8\u5165\u96c6\u7fa4\u5185\u6240\u6709Service\u7684\u76f8\u5173\u73af\u5883\u53d8\u91cf\u3002<strong>\u9700\u8981\u6ce8\u610f:<\/strong> \u8981\u60f3\u4e00\u4e2aPod\u4e2d\u6ce8\u5165\u67d0\u4e2aService\u7684\u73af\u5883\u53d8\u91cf\uff0c\u5219\u5fc5\u987bService\u8981\u5148\u6bd4\u8be5Pod\u521b\u5efa\u3002\u8fd9\u4e00\u70b9\uff0c\u51e0\u4e4e\u4f7f\u5f97\u8fd9\u79cd\u65b9\u5f0f\u8fdb\u884c\u670d\u52a1\u53d1\u73b0\u4e0d\u53ef\u7528\u3002\u6bd4\u5982\uff0c\u4e00\u4e2aServiceName\u4e3aredis-master\u7684Service\uff0c\u5bf9\u5e94\u7684ClusterIP:Port\u4e3a172.16.50.11:6379\uff0c\u5219\u5176\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\u4e3a:<\/p>\n<pre><code class=\"language-shell\">REDIS_MASTER_SERVICE_HOST=172.16.50.11\nREDIS_MASTER_SERVICE_PORT=6379\nREDIS_MASTER_PORT=tcp:\/\/172.16.50.11:6379\nREDIS_MASTER_PORT_6379_TCP=tcp:\/\/172.16.50.11:6379\nREDIS_MASTER_PORT_6379_TCP_PROTO=tcp\nREDIS_MASTER_PORT_6379_TCP_PORT=6379\nREDIS_MASTER_PORT_6379_TCP_ADDR=172.16.50.11<\/code><\/pre>\n<p>2) <strong>DNS<\/strong>\uff1a\u8fd9\u662fk8s\u5b98\u65b9\u5f3a\u70c8\u63a8\u8350\u7684\u65b9\u5f0f!!! \u53ef\u4ee5\u901a\u8fc7cluster add-on\u65b9\u5f0f\u8f7b\u677e\u7684\u521b\u5efaKubeDNS\u6765\u5bf9\u96c6\u7fa4\u5185\u7684Service\u8fdb\u884c\u670d\u52a1\u53d1\u73b0\u3002<\/p>\n<p><strong>\u4e09. kubernetes\u53d1\u5e03(\u66b4\u9732)\u670d\u52a1<\/strong><br \/>\nkubernetes\u539f\u751f\u7684\uff0c\u4e00\u4e2aService\u7684ServiceType\u51b3\u5b9a\u4e86\u5176\u53d1\u5e03\u670d\u52a1\u7684\u65b9\u5f0f\u3002<\/p>\n<ul>\n<li>ClusterIP\uff1a\u8fd9\u662fk8s\u9ed8\u8ba4\u7684ServiceType\u3002\u901a\u8fc7\u96c6\u7fa4\u5185\u7684ClusterIP\u5728\u5185\u90e8\u53d1\u5e03\u670d\u52a1\u3002<\/li>\n<li>NodePort\uff1a\u8fd9\u79cd\u65b9\u5f0f\u662f\u5e38\u7528\u7684\uff0c\u7528\u6765\u5bf9\u96c6\u7fa4\u5916\u66b4\u9732Service\uff0c\u4f60\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee\u96c6\u7fa4\u5185\u7684\u6bcf\u4e2aNodeIP:NodePort\u7684\u65b9\u5f0f\uff0c\u8bbf\u95ee\u5230\u5bf9\u5e94Service\u540e\u7aef\u7684Endpoint\u3002<\/li>\n<li>LoadBalancer: \u8fd9\u4e5f\u662f\u7528\u6765\u5bf9\u96c6\u7fa4\u5916\u66b4\u9732\u670d\u52a1\u7684\uff0c\u4e0d\u540c\u7684\u662f\u8fd9\u9700\u8981Cloud Provider\u7684\u652f\u6301\uff0c\u6bd4\u5982AWS\u7b49\u3002<\/li>\n<li>ExternalName\uff1a\u8fd9\u4e2a\u4e5f\u662f\u5728\u96c6\u7fa4\u5185\u53d1\u5e03\u670d\u52a1\u7528\u7684\uff0c\u9700\u8981\u501f\u52a9KubeDNS(version &gt;= 1.7)\u7684\u652f\u6301\uff0c\u5c31\u662f\u7528KubeDNS\u5c06\u8be5service\u548cExternalName\u505a\u4e00\u4e2aMap\uff0cKubeDNS\u8fd4\u56de\u4e00\u4e2aCNAME\u8bb0\u5f55\u3002<\/li>\n<\/ul>\n<p><strong>\u56db. kube-proxy \u5de5\u4f5c\u539f\u7406<\/strong> (userspace, iptables, ipvs)<br \/>\nkube-proxy\u5f53\u524d\u5b9e\u73b0\u4e86\u4e09\u79cd\u4ee3\u7406\u6a21\u5f0f\uff1a<strong>userspace,<\/strong> <strong>iptables, ipvs<\/strong>\u3002\u5176\u4e2duserspace mode\u662fv1.0\u53ca\u4e4b\u524d\u7248\u672c\u7684\u9ed8\u8ba4\u6a21\u5f0f\uff0c\u4ecev1.1\u7248\u672c\u4e2d\u5f00\u59cb\u589e\u52a0\u4e86iptables mode\uff0c\u5728v1.2\u7248\u672c\u4e2d\u6b63\u5f0f\u66ff\u4ee3userspace\u6a21\u5f0f\u6210\u4e3a\u9ed8\u8ba4\u6a21\u5f0f\u3002\u4e5f\u5c31\u662f\u8bf4kubernetes\u5728v1.2\u7248\u672c\u4e4b\u524d\u662f\u9ed8\u8ba4\u6a21\u5f0f, v1.2\u7248\u672c\u4e4b\u540e\u9ed8\u8ba4\u6a21\u5f0f\u662fiptables\u3002<\/p>\n<p><strong>1) userspace mode<\/strong>: userspace\u662f\u5728\u7528\u6237\u7a7a\u95f4\uff0c\u901a\u8fc7kube-proxy\u6765\u5b9e\u73b0service\u7684\u4ee3\u7406\u670d\u52a1, \u5176\u539f\u7406\u5982\u4e0b:<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/uPic\/20220214907596-20190628144448994-121687144.png\" alt=\"img\" \/><\/p>\n<p>\u53ef\u89c1\uff0cuserspace\u8fd9\u79cdmode\u6700\u5927\u7684\u95ee\u9898\u662f\uff0cservice\u7684\u8bf7\u6c42\u4f1a\u5148\u4ece\u7528\u6237\u7a7a\u95f4\u8fdb\u5165\u5185\u6838iptables\uff0c\u7136\u540e\u518d\u56de\u5230\u7528\u6237\u7a7a\u95f4\uff0c\u7531kube-proxy\u5b8c\u6210\u540e\u7aefEndpoints\u7684\u9009\u62e9\u548c\u4ee3\u7406\u5de5\u4f5c\uff0c\u8fd9\u6837\u6d41\u91cf\u4ece\u7528\u6237\u7a7a\u95f4\u8fdb\u51fa\u5185\u6838\u5e26\u6765\u7684\u6027\u80fd\u635f\u8017\u662f\u4e0d\u53ef\u63a5\u53d7\u7684\u3002\u8fd9\u4e5f\u662fk8s v1.0\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5bf9kube-proxy\u8d28\u7591\u6700\u5927\u7684\u4e00\u70b9\uff0c\u56e0\u6b64\u793e\u533a\u5c31\u5f00\u59cb\u7814\u7a76iptables mode.<\/p>\n<p>userspace\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0ckube-proxy \u6301\u7eed\u76d1\u542c Service \u4ee5\u53ca Endpoints \u5bf9\u8c61\u7684\u53d8\u5316\uff1b\u5bf9\u6bcf\u4e2a Service\uff0c\u5b83\u90fd\u4e3a\u5176\u5728\u672c\u5730\u8282\u70b9\u5f00\u653e\u4e00\u4e2a\u7aef\u53e3\uff0c\u4f5c\u4e3a\u5176\u670d\u52a1\u4ee3\u7406\u7aef\u53e3\uff1b\u53d1\u5f80\u8be5\u7aef\u53e3\u7684\u8bf7\u6c42\u4f1a\u91c7\u7528\u4e00\u5b9a\u7684\u7b56\u7565\u8f6c\u53d1\u7ed9\u4e0e\u8be5\u670d\u52a1\u5bf9\u5e94\u7684\u540e\u7aef Pod \u5b9e\u4f53\u3002kube-proxy \u540c\u65f6\u4f1a\u5728\u672c\u5730\u8282\u70b9\u8bbe\u7f6e iptables \u89c4\u5219\uff0c\u914d\u7f6e\u4e00\u4e2a Virtual IP\uff0c\u628a\u53d1\u5f80 Virtual IP \u7684\u8bf7\u6c42\u91cd\u5b9a\u5411\u5230\u4e0e\u8be5 Virtual IP \u5bf9\u5e94\u7684\u670d\u52a1\u4ee3\u7406\u7aef\u53e3\u4e0a\u3002\u5176\u5de5\u4f5c\u6d41\u7a0b\u5927\u4f53\u5982\u4e0b:<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/uPic\/20220214907596-20190325170529464-807275929.png\" alt=\"img\" \/><\/p>\n<p><strong>\u7531\u6b64\u5206\u6790:<\/strong> \u8be5\u6a21\u5f0f\u8bf7\u6c42\u5728\u5230\u8fbe iptables \u8fdb\u884c\u5904\u7406\u65f6\u5c31\u4f1a\u8fdb\u5165\u5185\u6838\uff0c\u800c kube-proxy \u76d1\u542c\u5219\u662f\u5728\u7528\u6237\u6001, \u8bf7\u6c42\u5c31\u5f62\u6210\u4e86\u4ece\u7528\u6237\u6001\u5230\u5185\u6838\u6001\u518d\u8fd4\u56de\u5230\u7528\u6237\u6001\u7684\u4f20\u9012\u8fc7\u7a0b, \u4e00\u5b9a\u7a0b\u5ea6\u964d\u4f4e\u4e86\u670d\u52a1\u6027\u80fd\u3002<\/p>\n<p><strong>2) iptables mode<\/strong>, \u8be5\u6a21\u5f0f\u5b8c\u5168\u5229\u7528\u5185\u6838iptables\u6765\u5b9e\u73b0service\u7684\u4ee3\u7406\u548cLB, \u8fd9\u662fK8s\u5728v1.2\u53ca\u4e4b\u540e\u7248\u672c\u9ed8\u8ba4\u6a21\u5f0f. \u5de5\u4f5c\u539f\u7406\u5982\u4e0b:<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/img2018.cnblogs.com\/blog\/907596\/201906\/907596-20190628150040159-782250464.png\" alt=\"img\" \/><\/p>\n<p>iptables mode\u56e0\u4e3a\u4f7f\u7528iptable NAT\u6765\u5b8c\u6210\u8f6c\u53d1\uff0c\u4e5f\u5b58\u5728\u4e0d\u53ef\u5ffd\u89c6\u7684\u6027\u80fd\u635f\u8017\u3002\u53e6\u5916\uff0c\u5982\u679c\u96c6\u7fa4\u4e2d\u5b58\u5728\u4e0a\u4e07\u7684Service\/Endpoint\uff0c\u90a3\u4e48Node\u4e0a\u7684iptables rules\u5c06\u4f1a\u975e\u5e38\u5e9e\u5927\uff0c\u6027\u80fd\u8fd8\u4f1a\u518d\u6253\u6298\u6263\u3002\u8fd9\u4e5f\u5bfc\u81f4\u76ee\u524d\u5927\u90e8\u5206\u4f01\u4e1a\u7528k8s\u4e0a\u751f\u4ea7\u65f6\uff0c\u90fd\u4e0d\u4f1a\u76f4\u63a5\u7528kube-proxy\u4f5c\u4e3a\u670d\u52a1\u4ee3\u7406\uff0c\u800c\u662f\u901a\u8fc7\u81ea\u5df1\u5f00\u53d1\u6216\u8005\u901a\u8fc7Ingress Controller\u6765\u96c6\u6210HAProxy, Nginx\u6765\u4ee3\u66ffkube-proxy\u3002<\/p>\n<p>iptables \u6a21\u5f0f\u4e0e userspace \u76f8\u540c\uff0ckube-proxy \u6301\u7eed\u76d1\u542c Service \u4ee5\u53ca Endpoints \u5bf9\u8c61\u7684\u53d8\u5316\uff1b\u4f46\u5b83\u5e76\u4e0d\u5728\u672c\u5730\u8282\u70b9\u5f00\u542f\u53cd\u5411\u4ee3\u7406\u670d\u52a1\uff0c\u800c\u662f\u628a\u53cd\u5411\u4ee3\u7406\u5168\u90e8\u4ea4\u7ed9 iptables \u6765\u5b9e\u73b0\uff1b\u5373 iptables \u76f4\u63a5\u5c06\u5bf9 VIP \u7684\u8bf7\u6c42\u8f6c\u53d1\u7ed9\u540e\u7aef Pod\uff0c\u901a\u8fc7 iptables \u8bbe\u7f6e\u8f6c\u53d1\u7b56\u7565\u3002\u5176\u5de5\u4f5c\u6d41\u7a0b\u5927\u4f53\u5982\u4e0b:<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/img2018.cnblogs.com\/blog\/907596\/201903\/907596-20190325170538450-107344229.png\" alt=\"img\" \/><\/p>\n<p><strong>\u7531\u6b64\u5206\u6790:<\/strong> \u8be5\u6a21\u5f0f\u76f8\u6bd4 userspace \u6a21\u5f0f\uff0c\u514b\u670d\u4e86\u8bf7\u6c42\u5728\u7528\u6237\u6001-\u5185\u6838\u6001\u53cd\u590d\u4f20\u9012\u7684\u95ee\u9898\uff0c\u6027\u80fd\u4e0a\u6709\u6240\u63d0\u5347\uff0c\u4f46\u4f7f\u7528 iptables NAT \u6765\u5b8c\u6210\u8f6c\u53d1\uff0c\u5b58\u5728\u4e0d\u53ef\u5ffd\u89c6\u7684\u6027\u80fd\u635f\u8017\uff0c\u800c\u4e14\u5728\u5927\u89c4\u6a21\u573a\u666f\u4e0b\uff0ciptables \u89c4\u5219\u7684\u6761\u76ee\u4f1a\u5341\u5206\u5de8\u5927\uff0c\u6027\u80fd\u4e0a\u8fd8\u8981\u518d\u6253\u6298\u6263\u3002<\/p>\n<p>iptables\u7684\u65b9\u5f0f\u5219\u662f\u5229\u7528\u4e86linux\u7684iptables\u7684nat\u8f6c\u53d1\u8fdb\u884c\u5b9e\u73b0:<\/p>\n<pre><code class=\"language-yaml\">apiVersion: v1\nkind: Service\nmetadata:\n  labels:\n    name: mysql\n    role: service\n  name: mysql-service\nspec:\n  ports:\n    - port: 3306\n      targetPort: 3306\n      nodePort: 30964\n  type: NodePort\n  selector:\n    mysql-service: &quot;true&quot;<\/code><\/pre>\n<p>mysql-service\u5bf9\u5e94\u7684nodePort\u66b4\u9732\u51fa\u6765\u7684\u7aef\u53e3\u4e3a30964\uff0c\u5bf9\u5e94\u7684cluster IP(10.254.162.44)\u7684\u7aef\u53e3\u4e3a3306\uff0c\u8fdb\u4e00\u6b65\u5bf9\u5e94\u4e8e\u540e\u7aef\u7684pod\u7684\u7aef\u53e3\u4e3a3306\u3002 mysql-service\u540e\u7aef\u4ee3\u7406\u4e86\u4e24\u4e2apod\uff0cip\u5206\u522b\u662f192.168.125.129\u548c192.168.125.131, \u8fd9\u91cc\u5148\u6765\u770b\u4e00\u4e0biptables:<\/p>\n<pre><code class=\"language-shell\">$iptables -S -t nat\n...\n-A PREROUTING -m comment --comment &quot;kubernetes service portals&quot; -j KUBE-SERVICES\n-A OUTPUT -m comment --comment &quot;kubernetes service portals&quot; -j KUBE-SERVICES\n-A POSTROUTING -m comment --comment &quot;kubernetes postrouting rules&quot; -j KUBE-POSTROUTING\n-A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000\/0x4000\n-A KUBE-NODEPORTS -p tcp -m comment --comment &quot;default\/mysql-service:&quot; -m tcp --dport 30964 -j KUBE-MARK-MASQ\n-A KUBE-NODEPORTS -p tcp -m comment --comment &quot;default\/mysql-service:&quot; -m tcp --dport 30964 -j KUBE-SVC-67RL4FN6JRUPOJYM\n-A KUBE-SEP-ID6YWIT3F6WNZ47P -s 192.168.125.129\/32 -m comment --comment &quot;default\/mysql-service:&quot; -j KUBE-MARK-MASQ\n-A KUBE-SEP-ID6YWIT3F6WNZ47P -p tcp -m comment --comment &quot;default\/mysql-service:&quot; -m tcp -j DNAT --to-destination 192.168.125.129:3306\n-A KUBE-SEP-IN2YML2VIFH5RO2T -s 192.168.125.131\/32 -m comment --comment &quot;default\/mysql-service:&quot; -j KUBE-MARK-MASQ\n-A KUBE-SEP-IN2YML2VIFH5RO2T -p tcp -m comment --comment &quot;default\/mysql-service:&quot; -m tcp -j DNAT --to-destination 192.168.125.131:3306\n-A KUBE-SERVICES -d 10.254.162.44\/32 -p tcp -m comment --comment &quot;default\/mysql-service: cluster IP&quot; -m tcp --dport 3306 -j KUBE-SVC-67RL4FN6JRUPOJYM\n-A KUBE-SERVICES -m comment --comment &quot;kubernetes service nodeports; NOTE: this must be the last rule in this chain&quot; -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS\n-A KUBE-SVC-67RL4FN6JRUPOJYM -m comment --comment &quot;default\/mysql-service:&quot; -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-ID6YWIT3F6WNZ47P\n-A KUBE-SVC-67RL4FN6JRUPOJYM -m comment --comment &quot;default\/mysql-service:&quot; -j KUBE-SEP-IN2YML2VIFH5RO2T<\/code><\/pre>\n<p>\u9996\u5148\u5982\u679c\u662f\u901a\u8fc7node\u768430964\u7aef\u53e3\u8bbf\u95ee\uff0c\u5219\u4f1a\u8fdb\u5165\u5230\u4ee5\u4e0b\u94fe:<\/p>\n<pre><code class=\"language-shell\">-A KUBE-NODEPORTS -p tcp -m comment --comment &quot;default\/mysql-service:&quot; -m tcp --dport 30964 -j KUBE-MARK-MASQ\n-A KUBE-NODEPORTS -p tcp -m comment --comment &quot;default\/mysql-service:&quot; -m tcp --dport 30964 -j KUBE-SVC-67RL4FN6JRUPOJYM<\/code><\/pre>\n<p>\u7136\u540e\u8fdb\u4e00\u6b65\u8df3\u8f6c\u5230KUBE-SVC-67RL4FN6JRUPOJYM\u7684\u94fe:<\/p>\n<pre><code class=\"language-shell\">-A KUBE-SVC-67RL4FN6JRUPOJYM -m comment --comment &quot;default\/mysql-service:&quot; -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-ID6YWIT3F6WNZ47P\n-A KUBE-SVC-67RL4FN6JRUPOJYM -m comment --comment &quot;default\/mysql-service:&quot; -j KUBE-SEP-IN2YML2VIFH5RO2T<\/code><\/pre>\n<p>\u8fd9\u91cc\u5229\u7528\u4e86iptables\u7684\u2013probability\u7684\u7279\u6027\uff0c\u4f7f\u8fde\u63a5\u670950%\u7684\u6982\u7387\u8fdb\u5165\u5230KUBE-SEP-ID6YWIT3F6WNZ47P\u94fe\uff0c50%\u7684\u6982\u7387\u8fdb\u5165\u5230KUBE-SEP-IN2YML2VIFH5RO2T\u94fe\u3002 KUBE-SEP-ID6YWIT3F6WNZ47P\u7684\u94fe\u7684\u5177\u4f53\u4f5c\u7528\u5c31\u662f\u5c06\u8bf7\u6c42\u901a\u8fc7DNAT\u53d1\u9001\u5230192.168.125.129\u76843306\u7aef\u53e3:<\/p>\n<pre><code class=\"language-shell\">-A KUBE-SEP-ID6YWIT3F6WNZ47P -s 192.168.125.129\/32 -m comment --comment &quot;default\/mysql-service:&quot; -j KUBE-MARK-MASQ\n-A KUBE-SEP-ID6YWIT3F6WNZ47P -p tcp -m comment --comment &quot;default\/mysql-service:&quot; -m tcp -j DNAT --to-destination 192.168.125.129:3306<\/code><\/pre>\n<p>\u540c\u7406KUBE-SEP-IN2YML2VIFH5RO2T\u7684\u4f5c\u7528\u662f\u901a\u8fc7DNAT\u53d1\u9001\u5230192.168.125.131\u76843306\u7aef\u53e3:<\/p>\n<pre><code class=\"language-shell\">-A KUBE-SEP-IN2YML2VIFH5RO2T -s 192.168.125.131\/32 -m comment --comment &quot;default\/mysql-service:&quot; -j KUBE-MARK-MASQ\n-A KUBE-SEP-IN2YML2VIFH5RO2T -p tcp -m comment --comment &quot;default\/mysql-service:&quot; -m tcp -j DNAT --to-destination 192.168.125.131:3306<\/code><\/pre>\n<p>\u5206\u6790\u5b8cnodePort\u7684\u5de5\u4f5c\u65b9\u5f0f\uff0c\u63a5\u4e0b\u91cc\u8bf4\u4e00\u4e0bclusterIP\u7684\u8bbf\u95ee\u65b9\u5f0f\u3002 \u5bf9\u4e8e\u76f4\u63a5\u8bbf\u95eecluster IP(10.254.162.44)\u76843306\u7aef\u53e3\u4f1a\u76f4\u63a5\u8df3\u8f6c\u5230KUBE-SVC-67RL4FN6JRUPOJYM<\/p>\n<pre><code class=\"language-shell\">-A KUBE-SERVICES -d 10.254.162.44\/32 -p tcp -m comment --comment &quot;default\/mysql-service: cluster IP&quot; -m tcp --dport 3306 -j KUBE-SVC-67RL4FN6JRUPOJYM\n<\/code><\/pre>\n<p>\u63a5\u4e0b\u6765\u7684\u8df3\u8f6c\u65b9\u5f0f\u540cNodePort\u65b9\u5f0f\u3002<\/p>\n<p><strong>3) ipvs mode<\/strong>. \u5728kubernetes 1.8\u4ee5\u4e0a\u7684\u7248\u672c\u4e2d\uff0c\u5bf9\u4e8ekube-proxy\u7ec4\u4ef6\u589e\u52a0\u4e86\u9664iptables\u6a21\u5f0f\u548c\u7528\u6237\u6a21\u5f0f\u4e4b\u5916\u8fd8\u652f\u6301ipvs\u6a21\u5f0f\u3002kube-proxy ipvs \u662f\u57fa\u4e8e NAT \u5b9e\u73b0\u7684\uff0c\u901a\u8fc7ipvs\u7684NAT\u6a21\u5f0f\uff0c\u5bf9\u8bbf\u95eek8s service\u7684\u8bf7\u6c42\u8fdb\u884c\u865aIP\u5230POD IP\u7684\u8f6c\u53d1\u3002\u5f53\u521b\u5efa\u4e00\u4e2a service \u540e\uff0ckubernetes \u4f1a\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u521b\u5efa\u4e00\u4e2a\u7f51\u5361\uff0c\u540c\u65f6\u5e2e\u4f60\u5c06 Service IP(VIP) \u7ed1\u5b9a\u4e0a\uff0c\u6b64\u65f6\u76f8\u5f53\u4e8e\u6bcf\u4e2a Node \u90fd\u662f\u4e00\u4e2a ds\uff0c\u800c\u5176\u4ed6\u4efb\u4f55 Node \u4e0a\u7684 Pod\uff0c\u751a\u81f3\u662f\u5bbf\u4e3b\u673a\u670d\u52a1(\u6bd4\u5982 kube-apiserver \u7684 6443)\u90fd\u53ef\u80fd\u6210\u4e3a rs\uff1b<\/p>\n<p>\u4e0eiptables\u3001userspace \u6a21\u5f0f\u4e00\u6837\uff0ckube-proxy \u4f9d\u7136\u76d1\u542cService\u4ee5\u53caEndpoints\u5bf9\u8c61\u7684\u53d8\u5316, \u4e0d\u8fc7\u5b83\u5e76\u4e0d\u521b\u5efa\u53cd\u5411\u4ee3\u7406, \u4e5f\u4e0d\u521b\u5efa\u5927\u91cf\u7684 iptables \u89c4\u5219, \u800c\u662f\u901a\u8fc7netlink \u521b\u5efaipvs\u89c4\u5219\uff0c\u5e76\u4f7f\u7528k8s Service\u4e0eEndpoints\u4fe1\u606f\uff0c\u5bf9\u6240\u5728\u8282\u70b9\u7684ipvs\u89c4\u5219\u8fdb\u884c\u5b9a\u671f\u540c\u6b65; netlink \u4e0e iptables \u5e95\u5c42\u90fd\u662f\u57fa\u4e8e netfilter \u94a9\u5b50\uff0c\u4f46\u662f netlink \u7531\u4e8e\u91c7\u7528\u4e86 hash table \u800c\u4e14\u76f4\u63a5\u5de5\u4f5c\u5728\u5185\u6838\u6001\uff0c\u5728\u6027\u80fd\u4e0a\u6bd4 iptables \u66f4\u4f18\u3002\u5176\u5de5\u4f5c\u6d41\u7a0b\u5927\u4f53\u5982\u4e0b:<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/img2018.cnblogs.com\/blog\/907596\/201903\/907596-20190325170554554-1168234966.png\" alt=\"img\" \/><\/p>\n<p><strong>\u7531\u6b64\u5206\u6790\uff1a<\/strong>ipvs \u662f\u76ee\u524d kube-proxy \u6240\u652f\u6301\u7684\u6700\u65b0\u4ee3\u7406\u6a21\u5f0f\uff0c\u76f8\u6bd4\u4f7f\u7528 iptables\uff0c\u4f7f\u7528 ipvs \u5177\u6709\u66f4\u9ad8\u7684\u6027\u80fd\u3002<\/p>\n<p>\u200b                                                                                             <\/p>\n<p><strong>Endpoint\u8bbf\u95ee\u5916\u90e8\u670d\u52a1<\/strong><br \/>\nk8s\u8bbf\u95ee\u96c6\u7fa4\u5916\u72ec\u7acb\u7684\u670d\u52a1\u6700\u597d\u7684\u65b9\u5f0f\u662f\u91c7\u7528Endpoint\u65b9\u5f0f\uff0c\u4ee5mysql\u670d\u52a1\u4e3a\u4f8b:<\/p>\n<pre><code class=\"language-shell\">1\uff09\u521b\u5efamysql-service.yaml\n[root@kevin~]# vim mysql-service.yaml\napiVersion: v1\nkind: Service\nmetadata:\n  name: mysql-kevin\nspec:\n  ports:\n    - port: 3306\n\n2) \u521b\u5efamysql-endpoints.yaml\n[root@kevin~]# vim mysql-endpoints.yaml\nkind: Endpoints\napiVersion: v1\nmetadata:\n  name: mysql-kevin\n  namespace: default\nsubsets:\n  - addresses:\n      - ip: 172.16.60.55\n    ports:\n      - port: 3306\n\n3) \u6d4b\u8bd5\u8fde\u63a5\u6570\u636e\u5e93\n[root@kevin~]# kubectl exec -it mysql-client-h7jk8 bash\nbash-4.1# mysql -hmysql-kevin -u user -p\nEnter password:\n.........\nmysql&gt;\n\n4) \u67e5\u770b\u8fd9\u4e2aservice\n[root@kevin~]# kubectl describe svc mysql-kevin\nName:           mysql-kevin\nNamespace:      default\nLabels:         &lt;none&gt;\nAnnotations:        &lt;none&gt;\nSelector:       &lt;none&gt;\nType:           ClusterIP\nIP:         10.254.125.157\nPort:           &lt;unset&gt; 3306\/TCP\nEndpoints:      172.16.60.55:3306\nSession Affinity:   None\nEvents:         &lt;none&gt;<\/code><\/pre>\n<p><strong>\u4e0b\u9762\u7b80\u5355\u8bf4kube-proxy\u662f\u5982\u4f55\u5b9e\u73b0\u4e00\u4e2a\u8bf7\u6c42\u7ecf\u8fc7\u5c42\u5c42\u8f6c\u53d1\u6700\u540e\u843d\u5230\u67d0\u4e2apod\u4e0a\u7684\u6574\u4e2a\u8fc7\u7a0b\uff0c\u8fd9\u4e2a\u8bf7\u6c42\u53ef\u80fd\u6765\u81eapod\u4e5f\u53ef\u80fd\u6765\u81ea\u5916\u90e8\u3002<\/strong><\/p>\n<ul>\n<li>kube-proxy\u4e3a\u96c6\u7fa4\u63d0\u4f9bservice\u529f\u80fd\uff0c\u76f8\u540c\u529f\u80fd\u7684pods\u5bf9\u5916\u62bd\u8c61\u4e3aservice\uff0cservice\u53ef\u4ee5\u5b9e\u73b0\u53cd\u5411\u4ee3\u7406\u548c\u670d\u52a1\u53d1\u73b0\u3002\u53ef\u4ee5\u5206\u4e3aiptables\u6a21\u5f0f\u548cuserspace\u6a21\u5f0f\u3002\u5177\u4f53\u6709iptables\u5b9e\u73b0<\/li>\n<li>\u5728\u53cd\u5411\u4ee3\u7406\u65b9\u9762\uff0ckube-proxy\u9ed8\u8ba4\u4f7f\u7528rr\u7b97\u6cd5\u5b9e\u73b0\u5ba2\u6237\u7aef\u6d41\u91cf\u5206\u53d1\u5230\u540e\u7aef\u7684pod<\/li>\n<\/ul>\n<p><strong>k8s\u7684service\u548cendpoine\u662f\u5982\u4f55\u5173\u8054\u548c\u76f8\u4e92\u5f71\u54cd\u7684\uff1f<\/strong><\/p>\n<ul>\n<li>api-server\u521b\u5efaservice\u5bf9\u8c61\uff0c\u4e0eservice\u7ed1\u5b9a\u7684pod\u5730\u5740\uff1a\u79f0\u4e4b\u4e3aendpoint<\/li>\n<li>\u670d\u52a1\u53d1\u73b0\u65b9\u9762\uff1akube-proxy\u76d1\u63a7 service\u540e\u7aefendpoint\u7684\u52a8\u6001\u53d8\u5316\uff0c\u5e76\u4e14\u7ef4\u62a4service\u548cendpoint\u7684\u6620\u5c04\u5173\u7cfb<\/li>\n<\/ul>\n<p><strong>\u4e00\u4e2a\u7ecf\u5178pod\u7684\u5b8c\u6574\u751f\u547d\u5468\u671f<\/strong><\/p>\n<ul>\n<li>Pending<\/li>\n<li>Running<\/li>\n<li>Succeeded<\/li>\n<li>Failed<\/li>\n<\/ul>\n<p><strong>\u5173\u7cfb\u6d41\u7a0b\u56fe\u5982\u4e0b:<\/strong><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/uPic\/20220214907596-20190628115235914-1787259683.png\" alt=\"img\" \/><\/p>\n<p>\u200b                                                                                           <\/p>\n<p><strong>K8S Endpoint\u4e00\u4f1a\u6d88\u5931\u4e00\u4f1a\u51fa\u73b0\u7684\u95ee\u9898<\/strong><br \/>\n\u5728\u4f7f\u7528K8s\u96c6\u7fa4\u65f6\u9047\u5230\u7684\u95ee\u9898\uff1a\u53d1\u73b0\u67d0\u4e2aservice\u7684\u540e\u7aefendpoint\u4e00\u4f1a\u663e\u793a\u6709\u540e\u7aef\uff0c\u4e00\u4f1a\u663e\u793a\u6ca1\u6709\u3002\u663e\u793a\u6ca1\u6709\u540e\u7aef\uff0c\u610f\u5473\u7740\u540e\u7aef\u7684address\u88ab\u5224\u5b9a\u4e3anotready\u3002<\/p>\n<p><strong>\u7ecf\u8fc7\u6392\u67e5\u786e\u5b9a\u539f\u56e0\uff1a<\/strong><br \/>\nkubelet\u5728\u51c6\u5907\u4e0a\u62a5\u4fe1\u606f\u65f6\uff0c\u9700\u8981\u6536\u96c6\u5bb9\u5668\u3001\u955c\u50cf\u7b49\u7684\u4fe1\u606f\u3002\u867d\u7136kubelet\u9ed8\u8ba4\u662f10\u79d2\u4e0a\u62a5\u4e00\u6b21\uff0c\u4f46\u662f\u5b9e\u9645\u7684\u4e0a\u62a5\u5468\u671f\u7ea6\u4e3a20~50\u79d2\u3002\u800ckube-controller-manager\u5224\u65adnode\u4e0a\u62a5\u5fc3\u8df3\u8d85\u65f6\u7684\u65f6\u95f4\u4e3a40\u79d2\u3002\u6240\u4ee5\u4f1a\u6709\u4e00\u5b9a\u6982\u7387\u8d85\u65f6\u3002\u4e00\u65e6\u8d85\u65f6\uff0ckube-controller\u4f1a\u5c06\u8be5node\u4e0a\u7684\u6240\u6709pod\u7684conditions\u4e2dtype\u662fReady\u7684\u5b57\u5178\u4e2d\u7684status\u7f6e\u4e3aFalse\u3002<\/p>\n<p><strong>\u89e3\u51b3\u529e\u6cd5\uff1a<\/strong><br \/>\n\u8f83\u4e3a\u7b80\u5355\u7684\u65b9\u6848\u662f\u5728kube-controller\u4e0a\u914d\u7f6e\u8fd9\u4e2a\u8d85\u65f6\u65f6\u95f4<strong>node-monitor-grace-period<\/strong>\u957f\u4e00\u4e9b\u3002\u5efa\u8bae\u914d\u7f6e\u4e3a<strong>60 ~ 120s<\/strong>\u3002<\/p>\n<p><strong>\u539f\u6587\u94fe\u63a5<\/strong>\uff1a<a href=\"https:\/\/www.cnblogs.com\/kevingrace\/p\/6655153.html\">\u6563\u5c3d\u6d6e\u534e<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4e00. kube-proxy \u548c service kube-proxy\u662fKubernetes\u7684\u6838\u5fc3\u7ec4\u4ef6\uff0c\u90e8\u7f72\u5728\u6bcf<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[109],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>kubernetes\u6838\u5fc3\u7ec4\u4ef6kube-proxy - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"kubernetes\u6838\u5fc3\u7ec4\u4ef6kube-proxy - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\" \/>\n<meta property=\"og:description\" content=\"\u4e00. kube-proxy \u548c service kube-proxy\u662fKubernetes\u7684\u6838\u5fc3\u7ec4\u4ef6\uff0c\u90e8\u7f72\u5728\u6bcf\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-14T09:24:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-07T01:56:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/uPic\/20220214907596-20190628121852780-440182082.png\" \/>\n<meta name=\"author\" content=\"\u7ba1\u7406\u5458\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/\"},\"author\":{\"name\":\"\u7ba1\u7406\u5458\",\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1\"},\"headline\":\"kubernetes\u6838\u5fc3\u7ec4\u4ef6kube-proxy\",\"datePublished\":\"2022-02-14T09:24:21+00:00\",\"dateModified\":\"2023-04-07T01:56:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/\"},\"wordCount\":476,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1\"},\"keywords\":[\"kube-proxy\"],\"articleSection\":[\"Kubernetes\"],\"inLanguage\":\"zh-CN\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/\",\"url\":\"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/\",\"name\":\"kubernetes\u6838\u5fc3\u7ec4\u4ef6kube-proxy - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\",\"isPartOf\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/#website\"},\"datePublished\":\"2022-02-14T09:24:21+00:00\",\"dateModified\":\"2023-04-07T01:56:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/#breadcrumb\"},\"inLanguage\":\"zh-CN\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.linuxdevops.cn\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"kubernetes\",\"item\":\"https:\/\/www.linuxdevops.cn\/kubernetes\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"kubernetes\u6838\u5fc3\u7ec4\u4ef6kube-proxy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.linuxdevops.cn\/#website\",\"url\":\"https:\/\/www.linuxdevops.cn\/\",\"name\":\"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\",\"description\":\"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\u7b14\u8bb0\",\"publisher\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1\"},\"alternateName\":\"linuxdevops\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.linuxdevops.cn\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-CN\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1\",\"name\":\"\u7ba1\u7406\u5458\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-CN\",\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.linuxdevops.cn\/wp-content\/uploads\/2019\/07\/cropped-index.jpg\",\"contentUrl\":\"https:\/\/www.linuxdevops.cn\/wp-content\/uploads\/2019\/07\/cropped-index.jpg\",\"width\":512,\"height\":512,\"caption\":\"\u7ba1\u7406\u5458\"},\"logo\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/image\/\"},\"description\":\"\u7ba1\u7406\u5458\",\"url\":\"https:\/\/www.linuxdevops.cn\/author\/root\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"kubernetes\u6838\u5fc3\u7ec4\u4ef6kube-proxy - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/","og_locale":"zh_CN","og_type":"article","og_title":"kubernetes\u6838\u5fc3\u7ec4\u4ef6kube-proxy - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","og_description":"\u4e00. kube-proxy \u548c service kube-proxy\u662fKubernetes\u7684\u6838\u5fc3\u7ec4\u4ef6\uff0c\u90e8\u7f72\u5728\u6bcf","og_url":"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/","og_site_name":"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","article_published_time":"2022-02-14T09:24:21+00:00","article_modified_time":"2023-04-07T01:56:00+00:00","og_image":[{"url":"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/uPic\/20220214907596-20190628121852780-440182082.png"}],"author":"\u7ba1\u7406\u5458","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/#article","isPartOf":{"@id":"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/"},"author":{"name":"\u7ba1\u7406\u5458","@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1"},"headline":"kubernetes\u6838\u5fc3\u7ec4\u4ef6kube-proxy","datePublished":"2022-02-14T09:24:21+00:00","dateModified":"2023-04-07T01:56:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/"},"wordCount":476,"commentCount":0,"publisher":{"@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1"},"keywords":["kube-proxy"],"articleSection":["Kubernetes"],"inLanguage":"zh-CN","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/","url":"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/","name":"kubernetes\u6838\u5fc3\u7ec4\u4ef6kube-proxy - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","isPartOf":{"@id":"https:\/\/www.linuxdevops.cn\/#website"},"datePublished":"2022-02-14T09:24:21+00:00","dateModified":"2023-04-07T01:56:00+00:00","breadcrumb":{"@id":"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/#breadcrumb"},"inLanguage":"zh-CN","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.linuxdevops.cn\/2022\/02\/kube-proxy-the-core-component-of-kubernetes\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.linuxdevops.cn\/"},{"@type":"ListItem","position":2,"name":"kubernetes","item":"https:\/\/www.linuxdevops.cn\/kubernetes\/"},{"@type":"ListItem","position":3,"name":"kubernetes\u6838\u5fc3\u7ec4\u4ef6kube-proxy"}]},{"@type":"WebSite","@id":"https:\/\/www.linuxdevops.cn\/#website","url":"https:\/\/www.linuxdevops.cn\/","name":"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","description":"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\u7b14\u8bb0","publisher":{"@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1"},"alternateName":"linuxdevops","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.linuxdevops.cn\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-CN"},{"@type":["Person","Organization"],"@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1","name":"\u7ba1\u7406\u5458","image":{"@type":"ImageObject","inLanguage":"zh-CN","@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/image\/","url":"https:\/\/www.linuxdevops.cn\/wp-content\/uploads\/2019\/07\/cropped-index.jpg","contentUrl":"https:\/\/www.linuxdevops.cn\/wp-content\/uploads\/2019\/07\/cropped-index.jpg","width":512,"height":512,"caption":"\u7ba1\u7406\u5458"},"logo":{"@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/image\/"},"description":"\u7ba1\u7406\u5458","url":"https:\/\/www.linuxdevops.cn\/author\/root\/"}]}},"_links":{"self":[{"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/posts\/1127"}],"collection":[{"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/comments?post=1127"}],"version-history":[{"count":2,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/posts\/1127\/revisions"}],"predecessor-version":[{"id":1130,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/posts\/1127\/revisions\/1130"}],"wp:attachment":[{"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/media?parent=1127"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/categories?post=1127"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/tags?post=1127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}