add proxy-mode:ipvs in service.md #5571
Conversation
k8s-ci-robot
added
size/S
|
Deploy preview ready! Built with commit 8ce0c77 https://deploy-preview-5571--kubernetes-io-master-staging.netlify.com |
|
cc @m1093782566 , I added some description about ipvs mode, maybe you can help me review this, thanks |
|
|
||
| In this mode, kube-proxy watches the Kubernetes master for the addition and | ||
| removal of `Service` and `Endpoints` objects. For each `Service` it installs | ||
| iptables rules which direct requests for TCP/UDP based services to one of the |
|
Please ref: kubernetes/community#692, you can do better. |
k8s-ci-robot
added
size/L
|
@m1093782566 Thanks, I thought now it's better. |
| ### Proxy-mode: ipvs | ||
|
|
||
| In this mode, kube-proxy watches Kubernetes `services` and `endpoints`, | ||
| call `netlink` interface create ipvs `virtual server` and `real server` accordingly. |
There was a problem hiding this comment.
and it creates IPVS "virtual server" and "real server" accordingly.
- a reader doesn't care the fact that
netlinkinterface exists and gets called; virtual serverandreal serverare not supposed to be verbatim.
| table as the underlying data structure and work in the kernal state. | ||
| That means ipvs redirects traffic can be much faster, and have much | ||
| better performance when sync proxy rules. Furthermore, ipvs provides more | ||
| options for load balancing algorithm, such as: |
There was a problem hiding this comment.
Please fix the grammar errors.
|
Self /assign @m1093782566 for technical review. |
| consistent with the expectation. When access the `service`, traffic will | ||
| be redirect to one of the backend `pod`. | ||
|
|
||
| Ipvs based on netfilter hook function, like iptables proxy, but use hash |
There was a problem hiding this comment.
Similar to iptables, IPVS is based on netfilter...
| **Note:** ipvs mode assumed IPVS kernel modules are installed on the node | ||
| before running kube-proxy. When kube-proxy starts, if proxy mode is ipvs, | ||
| kube-proxy would validate if IPVS modules are installed on the node, if | ||
| it's not installed kube-proxy will fall back to userspace proxy mode. |
There was a problem hiding this comment.
ipvs.CanUseIPVSProxier will return (false, error) if ipvs modules are not installed. so kube-proxy will fall back to userspace proxy mode.
I am not sure if I am missing something. @m1093782566 @dujun1990
func tryIPVSProxy(iptver iptables.IPTablesVersioner, kcompat iptables.KernelCompatTester) string {
// guaranteed false on error, error only necessary for debugging
// IPVS Proxier relies on iptables
useIPVSProxy, err := ipvs.CanUseIPVSProxier()
if err != nil {
utilruntime.HandleError(fmt.Errorf("can't determine whether to use ipvs proxy, using userspace proxier: %v", err))
return proxyModeUserspace
}
if useIPVSProxy {
return proxyModeIPVS
}
// TODO: Check ipvs version
// Try to fallback to iptables before falling back to userspace
glog.V(1).Infof("Can't use ipvs proxier, trying iptables proxier")
return tryIPTablesProxy(iptver, kcompat)
}
There was a problem hiding this comment.
Sorry, that's not intended - I assume it's a bug. See bug fix in kubernetes/kubernetes#54120. FYI
| @@ -203,6 +203,35 @@ having working [readiness probes](/docs/tasks/configure-pod-container/configure- | |||
|
|
|||
|  | |||
|
|
|||
| ### Proxy-mode: ipvs | |||
There was a problem hiding this comment.
This should say [alpha] and/or have some sort of note in bold letters at the top that this is an alpha feature and not recommended for production clusters yet.
|
FYI, you can use the call out formatting for the note: https://kubernetes.io/docs/home/contribute/style-guide/#callout-formatting |
+1 |
|
Ping @Lion-Wei. It looks like this is very close to being ready. |
|
ping @Lion-Wei |
|
@m1093782566 @chenopis @caseydavenport , thank you all, sorry did't fix this in time. |
|
@Lion-Wei @m1093782566 @tengqm @carlory @caseydavenport Is this ready to merge? If so, can one of you give tech approval? Thanks. |
steveperry-53
added
Tech Review: Open Issues
and removed
Docs Review: Open Issues
labels
|
/cc @m1093782566 @carlory @caseydavenport @steveperry-53 , slightly cc. : ) |
This change is