LVS study notes 4-extended to kube-proxy

background

kubernetesThe servicebeginning is the use of iptablestechnology, but later kubernetesofficially abandoned iptablesin favor ipvsto achieve service.

Iptables problem

• The rules are complex and messy, and troubleshooting is difficult
• Based on the linked list implementation, the search complexity is O(n)that when the rules exceed the rules 2w, the kernel pressure is huge and it iptbaleswill become a bottleneck

IPVS features

• Focus on load balancing technology and support multiple scheduling algorithms
• Based on hash lookup, the complexity isO(1)

Personal thinking

Why should it be deprecated iptables?

1. IptablesFunctionally, it should be a partial firewall function
2. k8sThe load balancing of medium traffic is servicerealized by using, and the ipvsoriginal purpose is to solve the load problem and ipvsfocus more on load balancing technology. At this point, and servicethe demand is more suitable; and ipvsthe performance is still very good

Starting from the above two points, think about why kubenerteswe should abandon it iptables, it will be simpler and more direct!

Which mode of ipvs should be used?

1. serviceIt needs to support port mapping, so, so there is only one mode to choose from——VS/NAT模式