K8S---service---metalLB

Posted 一名年轻的运维工程师

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了K8S---service---metalLB相关的知识,希望对你有一定的参考价值。

loadbalancer类型用户访问k8s集群方式:

集群外访问:用户--> 域名--> 云服务提供端提供LB--> NodeIP:Port(service IP) --> Pod IP:端口

  • K8s没有为物理集群提供loadbalancer类型的service
  • k8s附带的loadbalancer的实现都是调用各种IaaS平台(GCP,AWS,Azure等)

参考: ​​https://help.aliyun.com/document_detail/181517.html?spm=5176.13910061.sslink.36.4e9651a23FifhV​

  • metalLB方案解决了这种问题,使k8s物理集群也能使用loadbalancer类型的service

K8S---service---metalLB_service

metalLB解决方案

参考: ​​https://metallb.universe.tf/installation/​

1, 首先要确定为ipvs调度模式,而不是iptables调度。(此条件已经满足)

2, 下载YAML文件

[root@master1 ~]# mkdir metallb 
[root@master1 ~]# cd metallb/
[root@master1 metallb]# wget https://raw.githubusercontent.com/metallb/metallb/v0.9.4/manifests/namespace.yaml
[root@master1 metallb]# wget https://raw.githubusercontent.com/metallb/metallb/v0.9.4/manifests/metallb.yaml

3,应用YAML创建namespace

[root@master1 metallb]# kubectl apply -f namespace.yaml
namespace/metallb-system created

[root@master1 metallb]# kubectl get ns |grep metallb-system
metallb-system Active 16s

4, 创建secret

[root@master1 metalb]# kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"

说明:

  • secret是一种存放密文的存储方式
  • 这里要先创建,再做下面一步,否则pod启动不了,会Error: secret "memberlist" not found错误

4,创建相关pod等资源

[root@master1 metallb]# kubectl apply -f metallb.yaml
podsecuritypolicy.policy/controller created
podsecuritypolicy.policy/speaker created
serviceaccount/controller created
serviceaccount/speaker created
clusterrole.rbac.authorization.k8s.io/metallb-system:controller created
clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created
role.rbac.authorization.k8s.io/config-watcher created
role.rbac.authorization.k8s.io/pod-lister created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created
rolebinding.rbac.authorization.k8s.io/config-watcher created
rolebinding.rbac.authorization.k8s.io/pod-lister created
daemonset.apps/speaker created
deployment.apps/controller created
[root@master1 metallb]# kubectl get pods -n metallb-system                                                     NAME                          READY   STATUS    RESTARTS   AGE
controller-5854d49f77-kjzgv 1/1 Running 0 49s
speaker-fhdg9 1/1 Running 0 49s
speaker-jxx9n 1/1 Running 0 50s
speaker-pttlq 1/1 Running 0 49s
speaker-wh4sh 1/1 Running 0 48s

5, 编写YAML并创建configMap(一种存放明文文件的存储方式)

[root@master1 metallb]# vim metallb-configmap.yml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: my-ip-space
protocol: layer2
addresses:
- 192.168.122.100-192.168.122.200
[root@master1 metallb]# kubectl apply -f metallb-configmap.yml
configmap/config created

6, 编写一个应用YAML使用LoadBanlancer类型service,并创建

[root@master1 metalb]# vim deploy-metallb.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-nginx
namespace: metallb-system
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.15-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc1
namespace: metallb-system
spec:
type: LoadBalancer # 类型为LoadBalancer
ports:
- port: 80
targetPort: 80
selector:
app: nginx
[root@master1 metallb]# kubectl apply -f deploy-metallb.yml
deployment.apps/deploy-nginx created
service/svc1 created

7, 验证创建好的service,pod与IP

[root@master1 metallb]# kubectl get svc -n metallb-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc1 LoadBalancer 10.2.57.24 192.168.122.100 80:26649/TCP 77s 注意192.168.122.100就是分配的IP

[root@master1 metalb]# kubectl get pods -o wide -n metallb-system |grep deploy-nginx
deploy-nginx-6c9764bb69-6gt95 1/1 Running 0 1m 10.3.104.20 192.168.122.14 <none> <none>
deploy-nginx-6c9764bb69-cd92w 1/1 Running 0 1m 10.3.104.21 192.168.122.14 <none> <none>
[root@master1 ~]# ip a |grep 192.168.122.100
inet 192.168.122.100/32 brd 192.168.122.100 scope global kube-ipvs0
[root@master2 ~]# ip a |grep 192.168.122.100
inet 192.168.122.100/32 brd 192.168.122.100 scope global kube-ipvs0
[root@node1 ~]# ip a |grep 192.168.122.100
inet 192.168.122.100/32 brd 192.168.122.100 scope global kube-ipvs0
[root@node1 ~]# ip a |grep 192.168.122.100
inet 192.168.122.100/32 brd 192.168.122.100 scope global kube-ipvs0 k8s集群节点上都有分配此IP

8, 验证负载均衡

[root@master1 ~]# kubectl exec -it deploy-nginx-6c9764bb69-6gt95 -n metallb-system -- /bin/sh
/ # echo web1 > /usr/share/nginx/html/index.html
/ # exit

[root@master1 ~]# kubectl exec -it deploy-nginx-6c9764bb69-cd92w -n metallb-system -- /bin/sh
/ # echo web2 > /usr/share/nginx/html/index.html
/ # exit

集群外的客户端访问验证

[root@hostos ~]# curl 192.168.122.100
web2
[root@hostos ~]# curl 192.168.122.100
web1
[root@hostos ~]# curl 192.168.122.100
web2
[root@hostos ~]# curl 192.168.122.100
web1
结果有负载均衡

以上是关于K8S---service---metalLB的主要内容,如果未能解决你的问题,请参考以下文章

在区分源代码,对象代码,汇编代码和机器代码时,我有一个困惑

Java中普通代码块,构造代码块,静态代码块区别及代码示例

Java中普通代码块,构造代码块,静态代码块区别及代码示例2 构造代码块

Java中普通代码块,构造代码块,静态代码块区别及代码示例2 构造代码块

上古卷轴5代码

低代码究竟是啥?