1. Kube-Proxy Worker Node Üzerindeki Çalışır
Açıklaması şöyle. Kube-Proxy worker nod üzerinde çalışır.
Kube proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.
2. Kube-Proxy Worker Node Üzerindeki Ağ Kurallarını Yönetir
Açıklaması şöyle. Kube-Proxy network kurallarını iptables ile yönetir.
Kube-Proxy listens for changes to Services and then updates the local IPTables or IPVS rules accordingly. This ensures that traffic is correctly routed to the appropriate pods in the cluster.For example, suppose a Service is created in Kubernetes that maps to a set of pods with the label “app=myapp”. Kube-Proxy will create IPTables or IPVS rules that direct traffic to the appropriate pod based on the Service’s selector.
Şeklen şöyle
Açıklaması şöyle
Who is configuring those iptables rules?It’s kube-proxy that collects endpoints from the control plane and maps service IP addresses to pod IPs (it also load balances the connections).Kube-proxy is a DaemonSet that listens to changes to the Kubernetes API.
2. Load Balancing Yapar
Açıklaması şöyle
One of the tasks for the Kubernetes service is to load balance across these pods. To enable this, every node in a Kubernetes cluster runs a kube-proxy. kube-proxy is responsible for implementing a form of virtual IP for Services .Kube-Proxy works in three modes — User Space, iptables, and IPVS. Kube-Proxy watches the Kubernetes control plane for the addition and removal of Service and Endpoint objects. It uses either of these modes to choose the backend pod. In userspace mode, it chooses a backend via a round-robin algorithm. In other modes, it's more of a random pick but they provide faster routing as they work in kernel space. You can read more on this here.
Why You Can't Ping a Kubernetes Service ?
Pod'a açılmış bir shell'den bir servisin IP adresini pinglersek cevap gelmediğini görürüz.
3. Kube-Proxy Kurulum
Açıklaması şöyle
Kube-Proxy usually runs in your cluster in the form of a DaemonSet. But it can also be installed directly as a Linux process on the node. This depends on your cluster installation type.If you use kubeadm, it will install Kube-Proxy as a DaemonSet. If you manually install the cluster components using official Linux tarball binaries, it will run directly as a process on the node.
4. Kube-Proxy Modları
Bunlar şöyle
1 IPtables mode
Açıklaması şöyle
This is the default and most widely used mode today. In this mode Kube-Proxy relies on a Linux feature called IPtables. IPtables works as an internal packet processing and filtering component. It inspects incoming and outgoing traffic to the Linux machine. Then it applies specific rules against packets that match specific criteria.
2. IPVS mode
Açıklaması şöyle
IPVS is a Linux feature designed specifically for load balancing. This makes it a perfect choice for Kube-Proxy to use. In this mode, Kube-Proxy inserts rules into IPVS instead of IPtables....Despite its advantages, IPVS might not be present in all Linux systems today. In contrast to IPtables which is a core feature of almost every Linux operating system.
3. KernelSpace mode
Açıklaması şöyle
This mode is specific to Windows nodes. In this mode Kube-proxy uses Windows Virtual Filtering Platform (VFP) to insert the packet filtering rules. The VFP on Windows works the same as IPtables on Linux, which means that these rules will also be responsible for rewriting the packet encapsulation and replacing the destination IP address with the IP of the backend Pod.
5. Kube-Proxy Modunu Görmek
Açıklaması şöyle
By default, Kube-proxy runs on port 10249 and exposes a set of endpoints that you can use to query Kube-proxy for information.You can use the /proxyMode endpoint to check the kube-proxy mode.
Şöyle yaparız
curl -v localhost:10249/proxyMode.
6. Envoy - Kube-Proxy Alternatifi
Açıklaması şöyle
In addition to Kube-Proxy, another popular proxy used in Kubernetes is Envoy. Envoy is a high-performance proxy that provides advanced traffic management and load-balancing capabilities. Envoy can be used as a replacement for Kube-Proxy to implement Kubernetes Services or can be used as an independent component to provide advanced traffic management features.Envoy is used in many production environments and can provide benefits such as advanced load-balancing algorithms, circuit breaking, and distributed tracing.However, Envoy requires additional setup and configuration compared to Kube-Proxy, and may not be compatible with all network environments. Additionally, Envoy is generally used in more complex scenarios, such as multi-cluster or multi-cloud environments, and may be overkill for simpler use cases.
Hiç yorum yok:
Yorum Gönder