ACK 的 kube-proxy
默认转发模式
ACK 的 kube-proxy 默认使用 ipvs 转发模式:
组件部署 YAML
- ipvs 模式
- iptables 模式
- DaemonSet
- ConfigMap
apiVersion: apps/v1
kind: DaemonSet
metadata:
annotations:
deprecated.daemonset.template.generation: "1"
labels:
k8s-app: kube-proxy-worker
name: kube-proxy-worker
namespace: kube-system
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kube-proxy-worker
template:
metadata:
labels:
k8s-app: kube-proxy-worker
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: type
operator: NotIn
values:
- virtual-kubelet
- key: k8s.aliyun.com/no-kube-proxy
operator: NotIn
values:
- "true"
containers:
- command:
- /usr/local/bin/kube-proxy
- --config=/var/lib/kube-proxy/config.conf
- --hostname-override=$(NODE_NAME)
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: GODEBUG
value: disablethp=1
image: registry-cn-hangzhou-vpc.ack.aliyuncs.com/acs/kube-proxy:v1.34.1-aliyun.1
imagePullPolicy: IfNotPresent
name: kube-proxy-worker
resources:
requests:
cpu: 100m
memory: 100Mi
securityContext:
privileged: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/lib/kube-proxy
name: kube-proxy-worker
- mountPath: /run/xtables.lock
name: xtables-lock
- mountPath: /lib/modules
name: lib-modules
readOnly: true
- mountPath: /var/run/kube-proxy
name: run-kube-proxy
dnsPolicy: ClusterFirst
hostNetwork: true
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-node-critical
restartPolicy: Always
schedulerName: default-scheduler
serviceAccount: kube-proxy
serviceAccountName: kube-proxy
terminationGracePeriodSeconds: 30
tolerations:
- operator: Exists
volumes:
- configMap:
defaultMode: 420
name: kube-proxy-worker
name: kube-proxy-worker
- hostPath:
path: /run/xtables.lock
type: FileOrCreate
name: xtables-lock
- hostPath:
path: /lib/modules
type: ""
name: lib-modules
- hostPath:
path: /var/run/kube-proxy
type: ""
name: run-kube-proxy
updateStrategy:
type: OnDelete
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: kube-proxy-worker
name: kube-proxy-worker
namespace: kube-system
data:
config.conf: |
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
clusterCIDR: 10.0.0.0/8
clientConnection:
kubeconfig: /var/lib/kube-proxy/kubeconfig.conf
conntrack:
maxPerCore: 65536
mode: ipvs
kubeconfig.conf: |
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
server: https://apiserver.ca133aaf80fd542038acda778fbbf93a1.cn-hangzhou.cs.aliyuncs.com:6443
name: default
contexts:
- context:
cluster: default
namespace: default
user: default
name: default
current-context: default
users:
- name: default
user:
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
TODO
启动参数
- ipvs 模式
- iptables 模式
[root@iZbp16qq4fgg0o7ecm6hm1Z ~]# ps -ef | grep kube-proxy
root 2712 2345 0 10:11 ? 00:00:00 /usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/config.conf --hostname-override=cn-hangzhou.10.0.0.238
TODO