简体繁体 English

当 kube 代理在 ipvs 模式下运行时，calico 是否也以 ipvs 模式运行

[英]does calico also run in ipvs mode when kube proxy is runing in ipvs mode

原文 2021-06-22 04:30:45 8 2 kubernetes/ iptables/ calico

I understood kube-proxy can run in iptables or ipvs mode.我知道 kube-proxy 可以在 iptables 或 ipvs 模式下运行。 Also, calico sets up iptables rules.此外，calico 设置了 iptables 规则。

But does calico iptables rules are only installed when kube proxy is running in iptables mode OR these iptables rules are installed irrespective to kube-proxy mode?但是，是否仅在 kube 代理以 iptables 模式运行时才安装 calico iptables 规则，或者无论 kube-proxy 模式如何安装这些 iptables 规则？

2 个解决方案

According to the documentation :根据文档：

Calico ipvs support is activated automatically if Calico detects that kube-proxy is running in that mode.如果 Calico 检测到 kube-proxy 在该模式下运行，则会自动激活 Calico ipvs 支持。

The short answer is yes - Calico supports IPVS kube-proxy mode:简短的回答是肯定的- Calico 支持 IPVS kube-proxy 模式：

Calico ipvs support is activated automatically if Calico detects that kube-proxy is running in that mode.如果 Calico 检测到 kube-proxy 在该模式下运行，则会自动激活 Calico ipvs 支持。

Additionally:此外：

Calico will detect if you change kube-proxy 's proxy mode after Calico has been deployed. Calico 将检测您是否在部署 Calico 后更改了kube-proxy的代理模式。 Any Kubernetes ipvs -specific configuration needs to be configured before changing the kube-proxy proxy mode to ipvs任何Kubernetes ipvs特异性配置需要被构造成改变所述前kube-proxy代理模式ipvs

However, as you have noticed yourself kube-proxy can run in iptables or ipvs mode.但是，正如您所注意到的，kube-proxy 可以在iptables或ipvs模式下运行。 See the comparison between iptables and ipvs mode :看iptables和ipvs mode 对比：

IPVS is a Linux kernel feature that is specifically designed for load balancing. IPVS 是一个 Linux 内核功能，专为负载平衡而设计。 In IPVS mode, kube-proxy programs the IPVS load balancer instead of using iptables.在 IPVS 模式下，kube-proxy 对 IPVS 负载均衡器进行编程，而不是使用 iptables。 In addition, as a dedicated load balancer, IPVS boasts multiple different scheduling algorithms such as round-robin, shortest-expected-delay, least connections, and various hashing approaches.此外，作为专用的负载均衡器，IPVS 拥有多种不同的调度算法，例如轮询、最短预期延迟、最少连接和各种散列方法。 In contrast, kube-proxy in iptables uses a randomized equal cost selection algorithm.相比之下，iptables 中的 kube-proxy 使用随机等成本选择算法。

The ipvs mode will provide performance compared to the iptables mode.与 iptables 模式相比，ipvs 模式将提供性能。 However, there are some limitations:但是，有一些限制：

Calico requires extra iptables packet marker bits to track packets as they pass through IPVS. Calico 需要额外的 iptables 数据包标记位来跟踪通过 IPVS 的数据包。

Calico must be configured with a port range assigned to Kubernetes NodePorts. Calico 必须配置有分配给 Kubernetes NodePorts 的端口范围。 If services are using NodePorts outside of the expected Calico range, Calico will treat traffic to those ports as host traffic, not traffic to them.如果服务使用超出预期 Calico 范围的 NodePort，Calico 会将流向这些端口的流量视为主机流量，而不是它们的流量。

Here you can find a guide, how to use IPVS kube-proxy.在这里您可以找到如何使用 IPVS kube-proxy 的指南。 If you choose to use this mode, Calico will automatically switch to this mode.如果选择使用这种模式，Calico 会自动切换到这种模式。