kubernetes简单介绍
http://dockone.io/article/932
虽然paas层用的openshift,实际上是封装kubernetes.
For some parts of your applications you may wantto expose a Service onto an external IP address. Kubernetes supports two waysof doing this: NodePorts and LoadBalancers..在我们的实现里面用的是node port这种方式。底层好像也是用iptables来实现的, 可以这样才看下
sudo iptables -L KUBE-NODEPORT-CONTAINER -t nat
target prot opt source destination
REDIRECT tcp -- anywhere anywhere /* default/test-server: */ tcpdpt:ndmps redir ports 35752
REDIRECT tcp -- anywhere anywhere /* default/consulhttp: */ tcpdpt:30850 redir ports 44005
REDIRECT tcp -- anywhere anywhere /* default/ test -http-http: */ tcpdpt:30004 redir ports 45898
REDIRECT tcp -- anywhere anywhere /* default/ test -http-1axmlv2: */tcp dpt:30003 redir ports 39764
REDIRECT tcp -- anywhere anywhere /* default/ test -tcil-iso9735: */tcp dpt:pago-services1 redir ports 34921
我们开的nodeport是30850,30004这些,然后后面有redirection。
https://github.com/kubernetes/kubernetes/wiki/Services-FAQ
openport的command
iptables-t nat -N KUBE-NODEPORT-CONTAINER-MARK(先定义一个新的chain KUBE-NODEPORT-CONTAINER-MARK)
iptables-t nat -I PREROUTING -m addrtype --dst-type LOCAL -jKUBE-NODEPORT-CONTAINER-MARK
iptables-A OS_FIREWALL_ALLOW -m state --state NEW -m mark --mark 0x42 -j ACCEPT
iptables-t nat -I KUBE-NODEPORT-CONTAINER-MARK 1 -p tcp --dport 30001 -j MARK--set-mark 0x42