切换kube-proxy的工作模式为ipvs

艺帆风顺 发布于 2025-04-07 20 次阅读

1、查看当前kube-proxy的工作模式

kube-proxy默认的工作模式为iptables

[root@k8s-master ~]# kubectl get pod -A |grep proxykube-system kube-proxy-77vqw 1/1 Running 1 (3h59m ago) 24hkube-system kube-proxy-cmnxt 1/1 Running 1 (18m ago) 24hkube-system kube-proxy-ksrmj 1/1 Running 0 24h[root@k8s-master ~]# kubectl -n kube-system logs -f kube-proxy-77vqwI0102 05:18:58.112973 1 server_others.go:69] "Using iptables proxy"I0102 05:18:58.129597 1 node.go:141] Successfully retrieved node IP: 10.0.0.105I0102 05:18:58.131064 1 conntrack.go:52] "Setting nf_conntrack_max" nfConntrackMax=131072I0102 05:18:58.131134 1 conntrack.go:100] "Set sysctl" entry="net/netfilter/nf_conntrack_tcp_timeout_close_wait" value=3600I0102 05:19:01.002082 1 server.go:632] "kube-proxy running in dual-stack mode" primary ipFamily="IPv4"I0102 05:19:01.004304 1 server_others.go:152] "Using iptables Proxier"

2、修改默认的工作模式

[root@k8s-master ~]# kubectl -n kube-system edit cm kube-proxy

mode默认是"",填写为"ipvs"

3、安装ipvs相关模块

# 安装依赖包yum install -y conntrack ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git
cat > /etc/sysconfig/modules/ipvs.modules modprobe -- ip_vsmodprobe -- ip_vs_rrmodprobe -- ip_vs_wrrmodprobe -- ip_vs_shmodprobe -- nf_conntrack_ipv4 EOF
chmod +x /etc/sysconfig/modules/ipvs.modules # 执行脚本sh /etc/sysconfig/modules/ipvs.modules
# 验证ipvs模块lsmod | grep -e ip_vs -e nf_conntrack_ipv4

4、重启kube-proxy

使用delete重启,删除旧的pod会生成相同数量新的pod

[root@k8s-master ~]# kubectl -n kube-system delete pod kube-proxy-77vqw kube-proxy-cmnxt kube-proxy-ksrmjpod "kube-proxy-77vqw" deletedpod "kube-proxy-cmnxt" deletedpod "kube-proxy-ksrmj" deleted

5、验证测试

[root@k8s-master ~]# kubectl get pod -A |grep proxykube-system kube-proxy-gkmfs 1/1 Running 0 29skube-system kube-proxy-j5s2n 1/1 Running 0 44skube-system kube-proxy-n8lwq 1/1 Running 0 44s
kubectl logs -f kube-proxy-gkmfs -n kube-systemI0102 09:23:51.734659 1 node.go:141] Successfully retrieved node IP: 10.0.0.106I0102 09:23:51.736222 1 conntrack.go:52] "Setting nf_conntrack_max" nfConntrackMax=131072I0102 09:23:52.055035 1 server.go:632] "kube-proxy running in dual-stack mode" primary ipFamily="IPv4"I0102 09:23:52.233247 1 server_others.go:218] "Using ipvs Proxier"

查看kube-proxy的日志后可见,已经将kube-proxy的工作模式从iptables更换为ipvs。