简体繁体 English

使用 kube-proxy 进行负载均衡

[英]using kube-proxy for load balancing

原文 2020-01-29 20:15:03 7 2 kubernetes/ google-kubernetes-engine/ kube-proxy

The official kubernetes docs clearly state that kube-proxy "will not scale to very large clusters with thousands of Services" , however when a LoadBalancer type Service is created on GKE the externalTrafficPolicy is set to Cluster by default (meaning that each request will be load-balanced by kube-proxy anyway in addition to external load balancing). kubernetes 官方文档明确指出kube-proxy “不会扩展到具有数千个服务的非常大的集群” ，但是当在 GKE 上创建LoadBalancer类型的服务时， externalTrafficPolicy默认设置为Cluster （意味着每个请求都将被加载-除了外部负载平衡之外，无论如何都由 kube-proxy 平衡）。 As it is explained for example in this video from Next '17 , this is to avoid traffic imbalance (as Google's external load balancers are not capable of asking a cluster how many pods of a given service are on each node).正如在Next '17 的这个视频中解释的那样，这是为了避免流量不平衡（因为 Google 的外部负载平衡器无法询问集群每个节点上给定服务的 Pod 数量）。

Hence the question: does it mean that:因此问题是：这是否意味着：

a) by default GKE cannot be used for for "very large clusters with thousands of Services" and to do so I need to risk traffic imbalances by setting externalTrafficPolicy to Local a) 默认情况下 GKE 不能用于“具有数千个服务的超大型集群”，为此我需要通过将externalTrafficPolicy设置为Local来冒流量不平衡的风险

b) ...or the information about poor scalability of kube-proxy is incorrect or outdated b) ...或者关于 kube-proxy 可扩展性差的信息不正确或过时

c) ...or something else that I couldn't come up with c) ...或其他我想不出的东西

Thanks!谢谢！

2 个解决方案

will not scale to very large clusters with thousands of services quote refers to userspace proxy, which was the default mode long time ago before full iptables based implementation happened. will not scale to very large clusters with thousands of services引用指的是用户空间代理，这是很久以前基于 iptables 的完整实现发生之前的默认模式。 So this statement is largely outdated, but...所以这个说法在很大程度上已经过时了，但是......

iptables mode has it's own issues that come with scale (extreamly large iptables rule chains take a lot of time to update) which is one of the reasons why IPVS work made it into kube-proxy. iptables 模式有其自身的规模问题（非常大的 iptables 规则链需要大量时间来更新），这是 IPVS 工作使其成为 kube-proxy 的原因之一。 You'd have to have a really hardcore scale to run into performance issues with kube-proxy.您必须拥有真正的核心规模才能遇到 kube-proxy 的性能问题。

According to the Kubernetes official documentation about externalTrafficPolicy the answer is a).根据关于 externalTrafficPolicy 的Kubernetes 官方文档，答案是 a)。

Since Cluster option obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading , and Local option preserves the client source IP and avoids a second hop for LoadBalancer and NodePort type services, but risks potentially imbalanced traffic spreading.由于 Cluster 选项掩盖了客户端源 IP 并可能导致到另一个节点的第二跳，但应该具有良好的整体负载分散性，而 Local 选项保留客户端源 IP 并避免 LoadBalancer 和 NodePort 类型服务的第二跳，但存在潜在风险流量分布不均衡。