码上快乐

相关内容   简体   繁体

k8s pod的4种网络模式最佳实战(externalIPs )

本文转载自  查看原文  2018-03-12 22:32  3182    kubernetes
 

[k8s]k8s pod的4种网络模式最佳实战(externalIPs )

 
 

 

 

hostPort相当于docker run -p 8081:8080,不用创建svc,因此端口只在容器运行的vm上监听

缺点: 没法多pod负载

$ cat pod-hostport.yaml 
apiVersion: v1 kind: Pod metadata:  name: webapp  labels:  app: webapp spec:  containers:  - name: webapp  image: tomcat  ports:  - containerPort: 8080  hostPort: 8081 $ kubectl get po --all-namespaces -o wide --show-labels NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE LABELS default webapp 1/1 Running 0 5s 10.2.100.3 n2.ma.com app=webapp [root@n2 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 59e72c92ba55 tomcat "catalina.sh run" 2 minutes ago Up 2 minutes k8s_webapp_webapp_default_932c613e-e2dc-11e7-8313-00505636c956_0 0fe8c2f08e03 gcr.io/google_containers/pause-amd64:3.0 "/pause" 2 minutes ago Up 2 minutes 0.0.0.0:8081->8080/tcp k8s_POD_webapp_default_932c613e-e2dc-11e7-8313-00505636c956_0

hostNetwork相当于 docker run --net=host ,不用创建svc,因此端口只在容器运行的vm上监听

缺点: 没法多pod负载

apiVersion: v1 kind: Pod metadata:  name: webapp  labels:  app: webapp spec:  hostNetwork: true  containers: - name: webapp  image: tomcat  ports: - containerPort: 8080 $ kubectl get po --all-namespaces -o wide --show-labels NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE LABELS default webapp 1/1 Running 0 36s 192.168.x.x n2.ma.com app=webapp 查看该pod的网卡, 发现和宿主机一致 $ docker exec -it b8a1e1e35c3e ip ad 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:50:56:33:13:b6 brd ff:ff:ff:ff:ff:ff inet 192.168.14.133/24 brd 192.168.14.255 scope global dynamic eth0 valid_lft 5356021sec preferred_lft 5356021sec inet6 fe80::250:56ff:fe33:13b6/64 scope link valid_lft forever preferred_lft forever 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default link/ether 02:42:41:e8:f5:22 brd ff:ff:ff:ff:ff:ff inet 10.2.100.1/24 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:41ff:fee8:f522/64 scope link valid_lft forever preferred_lft forever 4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether ae:4a:e1:f9:52:ea brd ff:ff:ff:ff:ff:ff inet 10.2.100.0/32 scope global flannel.1 valid_lft forever preferred_lft forever inet6 fe80::ac4a:e1ff:fef9:52ea/64 scope link valid_lft forever preferred_lft forever 244: veth007dbe6@if243: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master docker0 state UP group default link/ether f2:02:e1:a2:9f:8a brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::f002:e1ff:fea2:9f8a/64 scope link valid_lft forever preferred_lft forever

NodePort-svc级别,由kube-proxy操控,所有节点规则统一,逻辑上市全局的

因此,svc上的nodeport会监听在所有的节点上(如果不指定,即是随机端口,由apiserver指定--service-node-port-range '30000-32767'),即使有1个pod,任意访问某台的nodeport都可以访问到这个服务

$ cat nginx-deployment.yaml 
apiVersion: apps/v1beta1 # for versions before 1.8.0 use apps/v1beta1 kind: Deployment metadata:  name: mynginx  labels:  app: nginx spec:  replicas: 1  selector:  matchLabels:  app: nginx  template:  metadata:  labels:  app: nginx  spec:  containers:  - name: nginx  image: nginx  ports:  - containerPort: 80 $ cat nginx-svc.yaml kind: Service apiVersion: v1 metadata:  name: mynginx spec:  type: NodePort  selector:  app: nginx  ports:  - protocol: TCP  port: 8080  targetPort: 80 $ kubect get pod --show-lables -o wide NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE LABELS default mynginx-31893996-f8bn7 1/1 Running 0 12m 10.2.100.2 n2.ma.com app=nginx,pod-template-hash=31893996 $ kubectl get svc --show-lables -o wide NAMESPACE NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR default mynginx 10.254.173.173 <nodes> 8080:31277/TCP 9m app=nginx

externalIPs 通过svc创建,在指定的node上监听端口

适用场景: 想通过svc来负载,但要求某台指定的node上监听,而非像nodeport所有节点监听.

[root@n1 external-ip]# cat nginx-deployment.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata:  name: nginx-deployment  labels:  app: nginx spec:  replicas: 1  selector:  matchLabels:  app: nginx  template:  metadata:  labels:  app: nginx  spec:  containers:  - name: nginx  image: nginx  ports:  - containerPort: 80 [root@n1 external-ip]# cat nginx-svc.yaml apiVersion: v1 kind: Service metadata:  name: svc-nginx spec:  selector:  app: nginx  ports:  - protocol: TCP  port: 80  externalIPs:  - 192.168.2.12 #这是我的一台node的ip - 这个端口是kube-proxy来启动的,所以只有运行kube-proxy的 [root@n2 ~]# netstat -ntulp tcp 0 0 192.168.2.12:80 0.0.0.0:* LISTEN 11465/kube-proxy
 
 
 
 


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



猜您在找 [k8s]k8s pod的4种网络模式最佳实战(externalIPs ) [k8s]kubelet最佳实战 k8s网络calico——BGP模式 访问k8s内部pod service网络 浅谈k8s网络模型及不同node上Pod如何互访 [k8s]zookeeper集群在k8s的搭建(statefulset模式)-pod的调度 k8s之pod调度 k8s pod 详述 k8s pod 详述 K8S之Pod详解
 
粤ICP备18138465号  © 2018-2025 CODEPRJ.COM