본문 바로가기
INFRA/DevOps

[k8s] kube-proxy

by BTC_비웃는사나이 2023. 4. 10.

kube-proxy

  • default mode는 iptables
  • API로 service를 생성하면 그 service의 목적지에 따른 endpoint(진입점)을 iptables rule로 만들어 달라고 kernel에게 요청함
  • worker node마다 1개씩 존재
  • nodeport를 생성하면 iptables의 rule를 통해서 외부로 서비스 될 수 있게 port listen
  • 3가지 mode :
    • user space mode
    • iptables mode
    • IPVS mode

<이미지 출처 : https://www.youtube.com/watch?v=EKTq5QaV-w8&list=PLApuRlvrZKohLYdvfX-UEFYTE7kfnnY36&index=7>

 

[hands - on]

  • K8s service 동작
vi deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: web
spec:
  replicas: 3
  selector:
    matchLabels:
      app: webui
  template:
    metadata:
      name: nginx-pod
      labels:
        app: webui
    spec:
      containers:
      - name: nginx-container
        image: nginx:1.14

vi svc.yaml

apiVersion: v1
kind: Service
metadata:
  name: webui-svc
spec:
  clusterIP: 10.96.100.100
  selector:
    app: webui
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80

kubectl apply -f svc.yaml

kubectl get all

NAME                       READY   STATUS    RESTARTS   AGE
pod/web-6d75c5dd9b-6m5d4   1/1     Running   0          84s
pod/web-6d75c5dd9b-mljxm   1/1     Running   0          84s
pod/web-6d75c5dd9b-vfgqj   1/1     Running   0          84s

NAME                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP   4d18h
service/webui-svc    ClusterIP   10.96.100.100   <none>        80/TCP    9s

NAME                  READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/web   3/3     3            3           84s

NAME                             DESIRED   CURRENT   READY   AGE
replicaset.apps/web-6d75c5dd9b   3         3         3       84s

 

  • kube-proxy 동작 확인
kubectl get pod --namespace kube-system -o wide

NAME                                         READY   STATUS    RESTARTS       AGE     IP             NODE                 NOMINATED NODE   READINESS GATES
...
kube-proxy-2j6k5                             1/1     Running   2 (154m ago)   3d18h   10.100.0.103   node3.example.com    <none>           <none>
kube-proxy-4pqvq                             1/1     Running   3 (155m ago)   4d18h   10.100.0.102   node2.example.com    <none>           <none>
kube-proxy-s52r7                             1/1     Running   4 (91m ago)    4d18h   10.100.0.104   master.example.com   <none>           <none>
kube-proxy-vss8c                             1/1     Running   3 (155m ago)   4d18h   10.100.0.101   node1.example.com    <none>           <none>
...

 

  • kube-proxy가 하는 역할 확인
    • worker node에서 진행
iptables -t nat -S | grep 80

-A KUBE-MARK-DROP -j MARK --set-xmark 0x8000/0x8000
-A KUBE-SEP-23FNSP6CY5JWOLJA -p tcp -m comment --comment "default/webui-svc" -m tcp -j DNAT --to-destination 10.47.0.1:80
-A KUBE-SEP-KYIH52JRZZ5DRNIF -p tcp -m comment --comment "default/webui-svc" -m tcp -j DNAT --to-destination 10.36.0.1:80
-A KUBE-SEP-OAFQNMWZO3C7UKPA -p tcp -m comment --comment "default/webui-svc" -m tcp -j DNAT --to-destination 10.44.0.1:80
-A KUBE-SERVICES -d 10.96.100.100/32 -p tcp -m comment --comment "default/webui-svc cluster IP" -m tcp --dport 80 -j KUBE-SVC-7SIYQBMMK7OI4QAT
-A KUBE-SVC-7SIYQBMMK7OI4QAT -m comment --comment "default/webui-svc -> 10.36.0.1:80" -m statistic --mode random --probability 0.33333333349 -j KUBE-SEP-KYIH52JRZZ5DRNIF
-A KUBE-SVC-7SIYQBMMK7OI4QAT -m comment --comment "default/webui-svc -> 10.44.0.1:80" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-OAFQNMWZO3C7UKPA
-A KUBE-SVC-7SIYQBMMK7OI4QAT -m comment --comment "default/webui-svc -> 10.47.0.1:80" -j KUBE-SEP-23FNSP6CY5JWOLJA

 

참고 : https://www.youtube.com/watch?v=EKTq5QaV-w8&list=PLApuRlvrZKohLYdvfX-UEFYTE7kfnnY36&index=7

저작자표시 비영리

'INFRA > DevOps' 카테고리의 다른 글

[k8s] Kubernetes AutoScaling  (0) 2023.05.02
[K8s]DNS  (0) 2023.04.17
[K8s] Network  (0) 2023.04.10
[k8s] Persistent Volume & Persistent Volume Claim  (0) 2023.04.03
[K8s] Storage NFS  (0) 2023.03.27

관련글

댓글

티스토리툴바