how openshift service loadbalance between pods?
Posting this community wiki answer to point on the official documentation of Openshift and Kubernetes (in additional resources) that should answer the question posted.
Feel free to edit and expand.
As per OpenShift documentation (v3.11
):
Services
A Kubernetes service serves as an internal load balancer. It identifies a set of replicated pods in order to proxy the connections it receives to them. Backing pods can be added to or removed from a service arbitrarily while the service remains consistently available, enabling anything that depends on the service to refer to it at a consistent address. The default service clusterIP addresses are from the OpenShift Container Platform internal network and they are used to permit pods to access each other.
- Docs.openshift.com: Container platform: 3.11: Architecture: Core concepts: Pods and Services
Service Proxy Mode
OpenShift Container Platform has two different implementations of the service-routing infrastructure. The default implementation is entirely iptables-based, and uses probabilistic iptables rewriting rules to distribute incoming service connections between the endpoint pods. The older implementation uses a user space process to accept incoming connections and then proxy traffic between the client and one of the endpoint pods.
The iptables-based implementation is much more efficient, but it requires that all endpoints are always able to accept connections; the user space implementation is slower, but can try multiple endpoints in turn until it finds one that works. If you have good readiness checks (or generally reliable nodes and pods), then the iptables-based service proxy is the best choice. Otherwise, you can enable the user space-based proxy when installing, or after deploying the cluster by editing the node configuration file.
Answering on the question how the traffic is load balanced when going to the Service
:
The default implementation is entirely iptables-based, and uses probabilistic iptables rewriting rules to distribute incoming service connections between the endpoint pods.
I'd reckon you can also take a look on additional resources:
- Scalingo.com: Blog: Iptables
- Kubernetes.io: Docs: Concepts: Services networking: Service: Proxy mode iptables
- Docs.openshift.com: Container platform: 4.7: Networking: Openshift SDN: Configuring kube-proxy