K8S---service---metalLB

K8S---service---metalLB

loadbalancer类型用户访问k8s集群方式：

集群外访问：用户--> 域名--> 云服务提供端提供LB--> NodeIP:Port(service IP) --> Pod IP：端口

​

K8s没有为物理集群提供loadbalancer类型的servicek8s附带的loadbalancer的实现都是调用各种IaaS平台（GCP，AWS，Azure等）

参考: ​​ ​​首先要确定为ipvs调度模式，而不是iptables调度。(此条件已经满足)

2, 下载YAML文件

[root@master1 ~]# mkdir metallb [root@master1 ~]# cd metallb/ [root@master1 metallb]# wget [root@master1 metallb]# wget metallb]# kubectl apply -f namespace.yamlnamespace/metallb-system created[root@master1 metallb]# kubectl get ns |grep metallb-systemmetallb-system Active 16s

4, 创建secret

[root@master1 metalb]# kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"

说明:

secret是一种存放密文的存储方式这里要先创建，再做下面一步，否则pod启动不了，会Error: secret "memberlist" not found错误

4，创建相关pod等资源

[root@master1 metallb]# kubectl apply -f metallb.yamlpodsecuritypolicy.policy/controller createdpodsecuritypolicy.policy/speaker createdserviceaccount/controller createdserviceaccount/speaker createdclusterrole.rbac.authorization.k8s.io/metallb-system:controller createdclusterrole.rbac.authorization.k8s.io/metallb-system:speaker createdrole.rbac.authorization.k8s.io/config-watcher createdrole.rbac.authorization.k8s.io/pod-lister createdclusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller createdclusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker createdrolebinding.rbac.authorization.k8s.io/config-watcher createdrolebinding.rbac.authorization.k8s.io/pod-lister createddaemonset.apps/speaker createddeployment.apps/controller created

[root@master1 metallb]# kubectl get pods -n metallb-system NAME READY STATUS RESTARTS AGEcontroller-5854d49f77-kjzgv 1/1 Running 0 49sspeaker-fhdg9 1/1 Running 0 49sspeaker-jxx9n 1/1 Running 0 50sspeaker-pttlq 1/1 Running 0 49sspeaker-wh4sh 1/1 Running 0 48s

5, 编写YAML并创建configMap(一种存放明文文件的存储方式)

[root@master1 metallb]# vim metallb-configmap.ymlapiVersion: v1kind: ConfigMapmetadata: namespace: metallb-system name: configdata: config: | address-pools: - name: my-ip-space protocol: layer2 addresses: - 192.168.122.100-192.168.122.200

[root@master1 metallb]# kubectl apply -f metallb-configmap.ymlconfigmap/config created

6, 编写一个应用YAML使用LoadBanlancer类型service,并创建

[root@master1 metalb]# vim deploy-metallb.ymlapiVersion: apps/v1kind: Deploymentmetadata: name: deploy-nginx namespace: metallb-systemspec: replicas: 2 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.15-alpine imagePullPolicy: IfNotPresent ports: - containerPort: 80---apiVersion: v1kind: Servicemetadata: name: svc1 namespace: metallb-systemspec: type: LoadBalancer # 类型为LoadBalancer ports: - port: 80 targetPort: 80 selector: app: nginx

[root@master1 metallb]# kubectl apply -f deploy-metallb.ymldeployment.apps/deploy-nginx createdservice/svc1 created

7, 验证创建好的service,pod与IP

[root@master1 metallb]# kubectl get svc -n metallb-systemNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEsvc1 LoadBalancer 10.2.57.24 192.168.122.100 80:26649/TCP 77s 注意192.168.122.100就是分配的IP[root@master1 metalb]# kubectl get pods -o wide -n metallb-system |grep deploy-nginxdeploy-nginx-6c9764bb69-6gt95 1/1 Running 0 1m 10.3.104.20 192.168.122.14 deploy-nginx-6c9764bb69-cd92w 1/1 Running 0 1m 10.3.104.21 192.168.122.14

[root@master1 ~]# ip a |grep 192.168.122.100 inet 192.168.122.100/32 brd 192.168.122.100 scope global kube-ipvs0[root@master2 ~]# ip a |grep 192.168.122.100 inet 192.168.122.100/32 brd 192.168.122.100 scope global kube-ipvs0[root@node1 ~]# ip a |grep 192.168.122.100 inet 192.168.122.100/32 brd 192.168.122.100 scope global kube-ipvs0[root@node1 ~]# ip a |grep 192.168.122.100 inet 192.168.122.100/32 brd 192.168.122.100 scope global kube-ipvs0 k8s集群节点上都有分配此IP

8， 验证负载均衡

[root@master1 ~]# kubectl exec -it deploy-nginx-6c9764bb69-6gt95 -n metallb-system -- /bin/sh/ # echo web1 > /usr/share/nginx/html/index.html/ # exit[root@master1 ~]# kubectl exec -it deploy-nginx-6c9764bb69-cd92w -n metallb-system -- /bin/sh/ # echo web2 > /usr/share/nginx/html/index.html/ # exit

集群外的客户端访问验证

[root@hostos ~]# curl 192.168.122.100web2[root@hostos ~]# curl 192.168.122.100web1[root@hostos ~]# curl 192.168.122.100web2[root@hostos ~]# curl 192.168.122.100web1结果有负载均衡

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。