k8s service到pod映射在iptable中的规则细节
Posted qq59c521a6cf6be
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了k8s service到pod映射在iptable中的规则细节相关的知识,希望对你有一定的参考价值。
[root@master01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4d12h
service-http ClusterIP 10.107.131.226 <none> 8080/TCP 39m
[root@master01 ~]# iptables-save |grep 10.107.131.226
-A KUBE-SERVICES -d 10.107.131.226/32 -p tcp -m comment --comment "default/service-http cluster IP" -m tcp --dport 8080 -j KUBE-SVC-NYSWGRUDJC3U6S64
-A KUBE-SVC-NYSWGRUDJC3U6S64 ! -s 10.244.0.0/16 -d 10.107.131.226/32 -p tcp -m comment --comment "default/service-http cluster IP" -m tcp --dport 8080 -j KUBE-MARK-MASQ
[root@master01 ~]# iptables-save |grep KUBE-SVC-NYSWGRUDJC3U6S64
:KUBE-SVC-NYSWGRUDJC3U6S64 - [0:0]
-A KUBE-SERVICES -d 10.107.131.226/32 -p tcp -m comment --comment "default/service-http cluster IP" -m tcp --dport 8080 -j KUBE-SVC-NYSWGRUDJC3U6S64
-A KUBE-SVC-NYSWGRUDJC3U6S64 ! -s 10.244.0.0/16 -d 10.107.131.226/32 -p tcp -m comment --comment "default/service-http cluster IP" -m tcp --dport 8080 -j KUBE-MARK-MASQ
-A KUBE-SVC-NYSWGRUDJC3U6S64 -m comment --comment "default/service-http" -m statistic --mode random --probability 0.16666666651 -j KUBE-SEP-QDKGOYR6XANSZBCN
-A KUBE-SVC-NYSWGRUDJC3U6S64 -m comment --comment "default/service-http" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-U6HKXH3R2LRDR36W
-A KUBE-SVC-NYSWGRUDJC3U6S64 -m comment --comment "default/service-http" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-FVCBYTAFEFVVFLLN
-A KUBE-SVC-NYSWGRUDJC3U6S64 -m comment --comment "default/service-http" -m statistic --mode random --probability 0.33333333349 -j KUBE-SEP-7U4KYCANDQRXXIF2
-A KUBE-SVC-NYSWGRUDJC3U6S64 -m comment --comment "default/service-http" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-7ATG3CQGYD5W7AEY
-A KUBE-SVC-NYSWGRUDJC3U6S64 -m comment --comment "default/service-http" -j KUBE-SEP-HE6XDEDMHH5TXHUU
[root@master01 ~]# iptables-save |grep KUBE-SEP-QDKGOYR6XANSZBCN
:KUBE-SEP-QDKGOYR6XANSZBCN - [0:0]
-A KUBE-SEP-QDKGOYR6XANSZBCN -s 10.244.1.15/32 -m comment --comment "default/service-http" -j KUBE-MARK-MASQ
-A KUBE-SEP-QDKGOYR6XANSZBCN -p tcp -m comment --comment "default/service-http" -m tcp -j DNAT --to-destination 10.244.1.15:80
-A KUBE-SVC-NYSWGRUDJC3U6S64 -m comment --comment "default/service-http" -m statistic --mode random --probability 0.16666666651 -j KUBE-SEP-QDKGOYR6XANSZBCN
[root@master01 ~]# iptables-save |grep KUBE-SEP-U6HKXH3R2LRDR36W
:KUBE-SEP-U6HKXH3R2LRDR36W - [0:0]
-A KUBE-SEP-U6HKXH3R2LRDR36W -s 10.244.1.16/32 -m comment --comment "default/service-http" -j KUBE-MARK-MASQ
-A KUBE-SEP-U6HKXH3R2LRDR36W -p tcp -m comment --comment "default/service-http" -m tcp -j DNAT --to-destination 10.244.1.16:80
-A KUBE-SVC-NYSWGRUDJC3U6S64 -m comment --comment "default/service-http" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-U6HKXH3R2LRDR36W
[root@master01 ~]#
以上是关于k8s service到pod映射在iptable中的规则细节的主要内容,如果未能解决你的问题,请参考以下文章