background
kubernetes
The service
beginning is the use of iptables
technology, but later kubernetes
officially abandoned iptables
in favor ipvs
to achieve service
.
Iptables problem
- The rules are complex and messy, and troubleshooting is difficult
- Based on the linked list implementation, the search complexity is
O(n)
that when the rules exceed the rules2w
, the kernel pressure is huge and itiptbales
will become a bottleneck
IPVS features
- Focus on load balancing technology and support multiple scheduling algorithms
- Based on hash lookup, the complexity is
O(1)
Personal thinking
Why should it be deprecated iptables
?
Iptables
Functionally, it should be a partial firewall functionk8s
The load balancing of medium traffic isservice
realized by using, and theipvs
original purpose is to solve the load problem andipvs
focus more on load balancing technology. At this point, andservice
the demand is more suitable; andipvs
the performance is still very good
Starting from the above two points, think about why kubenertes
we should abandon it iptables
, it will be simpler and more direct!
Which mode of ipvs should be used?
service
It needs to support port mapping, so, so there is only one mode to choose from——VS/NAT模式