overlay与underlay通信总结
一、overlay简介
1、VxLAN: VxLAN全称是Virtual eXtensible Local Area Network(虚拟扩展本地局域网) ,主要有Cisco推出, vxlan是一个 VLAN 的扩展协议, 是由IETF定义的NVO3(Network Virtualization over Layer 3) 标准技术之一,VXLAN的特点是将L2的以太帧封装到UDP报文(即L2 over L4) 中, 并在L3网络中传输, 即使用MAC in UDP的方法对报文进行重新封装, VxLAN 本质上是一种overlay的隧道封装技术, 它将L2的以太网帧封装成L4的UDP数据报,然后在L3的网络中传输, 效果就像L2的以太网帧在一个广播域中传输一样, 实际上L2的以太网帧跨越了L3网络传输, 但是缺不受L3网络的限制, vxlan采用24位标识vlan ID号, 因此可以支持2^24=16777216个vlan, 其可扩展性比vlan强大的多, 可以支持大规模数据中心的网络需求。
2、VTEP(VXLAN Tunnel Endpoint vxlan隧道端点),VTEP是VXLAN网络的边缘设备, 是VXLAN隧道的起点和终点, VXLAN对用户原始数据帧的封装和解封装均在VTEP上进行,用于VXLAN报文的封装和解封装,VTEP与物理网络相连,分配的地址为物理网IP地址,VXLAN报文中源IP地址为本节点的VTEP地址,VXLAN报文中目的IP地址为对端节点的VTEP地址, 一对VTEP地址就对应着一个VXLAN隧道, 服务器上的虚拟交换机(隧道flannel.1就是VTEP), 比如一个虚拟机网络中的多个vxlan就需要多个VTEP对不同网络的报文进行封装与解封装。
3、VNI(VXLAN Network Identifier) : VXLAN网络标识VNI类似VLAN ID,用于区分VXLAN段,不同VXLAN段的虚拟机不能直接二层相互通信,一个VNI表示一个租户,即使多个终端用户属于同一个VNI,也表示一个租户。
4、NVGRE: Network Virtualization using Generic Routing Encapsulation, 主要支持者是Microsoft, 与VXLAN不同的是, NVGRE没有采用标准传输协议(TCP/UDP) , 而是借助通用路由封装协议(GRE) , NVGRE使用GRE头部的低24位作为租户网络标识符(TNI) , 与VXLAN一样可以支持1777216个vlan。
二、overlay通信过程
1.VM A发送L2 帧与VM请求与VM B通信。
2.源宿主机VTEP添加或者封装VXLAN、 UDP及IP头部报文。
3.网络层设备将封装后的报文通过标准的报文在三层网络进行转发到目标主机。
4.目标宿主机VTEP删除或者解封装VXLAN、 UDP及IP头部。
5.将原始L2帧发送给目标VM。
三、overlay应用场景
1、叠加网络/覆盖网络, 在物理网络的基础之上叠加实现新的虚拟网络, 即可使网络的中的容器可以相互通信。
2、优点是对物理网络的兼容性比较好, 可以实现pod的夸宿主机子网通信。
3、calico与flannel等网络插件都支持overlay网络。
4、缺点是有额外的封装与解封性能开销。
5、目前私有云使用比较多。
四、underlay简介
1、Underlay网络就是传统IT基础设施网络, 由交换机和路由器等设备组成, 借助以太网协议、 路由协议和VLAN协议等驱动, 它还是Overlay网络的底层网络, 为Overlay网络提供数据通信服务。 容器网络中的Underlay网络是指借助驱动程序将宿主机的底层网络接口直接暴露给容器使用的一种网络构建技术,较为常见的解决方案有MAC VLAN、 IP VLAN和直接路由等。
2、Underlay依赖于网络网络进行跨主机通信。
五、underlay实现模式简介
1、Mac Vlan模式:
- MAC VLAN: 支持在同一个以太网接口上虚拟出多个网络接口(子接口), 每个虚拟接口都拥有唯一的MAC地址并可配置网卡子接口IP。
2、IP VLAN模式:
- IP VLAN类似于MAC VLAN, 它同样创建新的虚拟网络接口并为每个接口分配唯一的IP地址, 不同之处在于, 每个虚拟接口将共享使用物理接口的MAC地址。
六、MAC Vlan工作模式
Private(私有)模式:
- 在Private模式下, 同一个宿主机下的容器不能通信, 即使通过交换机再把数据报文转发回来也不行。
VEPA模式:
- 虚拟以太端口汇聚器(Virtual Ethernet Port Aggregator, 简称VEPA) , 在这种模式下, macvlan内的容器不能直接接收在同一个物理网卡的容器的请求数据包,
- 但是可以经过交换机的(端口回流)再转发回来可以实现通信。
passthru(直通)模式:
- Passthru模式下该macvlan只能创建一个容器, 当运行一个容器后再创建其他容器则会报错。
bridge模式:
- 在bridge这种模式下, 使用同一个宿主机网络的macvlan容器可以直接实现通信, 推荐使用此模式。
Overlay: 基于VXLAN、 NVGRE等封装技术实现overlay叠加网络。
Macvlan: 基于Docker宿主机物理网卡的不同子接口实现多个虚拟vlan, 一个子接口就是一个虚拟vlan, 容器通过宿主机的路由功能和外网保持通信。
Underlay架构图
网络通信总结:
Overlay:基于VXLAN、 NVGRE等封装技术实现overlay叠加网络。
Macvlan:基于Docker宿主机物理网卡的不同子接口实现多个虚拟vlan,一个子接口就是一个虚拟vlan,容器通过宿主机的路由功能和外网保持通信。
七、kubernetes pod通信总结
7.1、CNI插件三种模式
7.2、k8s 网络通信模式
Overlay网络:
- Flannel Vxlan、 Calico BGP、 Calico Vxlan
- 将pod 地址信息封装在宿主机地址信息以内, 实现跨主机且可跨node子网的通信报文。
直接路由:
- Flannel Host-gw、 Flannel VXLAN Directrouting、 Calico Directrouting
- 基于主机路由, 实现报文从源主机到目的主机的直接转发, 不需要进行报文的叠加封装, 性能比overlay更好。
Underlay:
- 需要为pod启用单独的虚拟机网络, 而是直接使用宿主机物理网络, pod甚至可以在k8s环境之外的节点直接访问(与node节点的网络被打通), 相当于把pod当桥接模式的虚拟机使用, 比较方便k8s环境以外的访问访问k8s环境中的pod中的服务, 而且由于主机使用的宿主机网络, 其性能最好。
八、underlay实验案例
8.1、环境准备
192.168.247.71 k8s-master-underlay-01 2vcpu 4G 50G 192.168.247.72 k8s-master-underlay-02 2vcpu 4G 50G 192.168.247.73 k8s-master-underlay-03 2vcpu 4G 50G 192.168.247.74 k8s-node-underlay-01 2vcpu 4G 50G
#修改主机名 hostnamectl set-hostname k8s-master-underlay-01 hostnamectl set-hostname k8s-master-underlay-02 hostnamectl set-hostname k8s-master-underlay-03 hostnamectl set-hostname k8s-node-underlay-01 #配置hosts cat > /etc/hosts << EOF 127.0.0.1 localhost 127.0.1.1 cyh # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 192.168.247.71 k8s-master-underlay-01 192.168.247.72 k8s-master-underlay-02 192.168.247.73 k8s-master-underlay-03 192.168.247.74 k8s-node-underlay-01 EOF swapoff -a #关闭swap交换分区 sed -i 's@/swap.img@#swap.img@g' /etc/fstab #禁止开机前启动交换分区 apt-get update #更新本地仓库源
8.2、安装docker环境
#安装必要的一些系统工具 apt -y install apt-transport-https ca-certificates curl software-properties-common #安装GPG证书 curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - #写入软件源信息 add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" #更新软件源 apt-get -y update #查看可安装的Docker版本 apt-cache madison docker-ce docker-ce-cli apt install -y docker-ce docker-ce-cli systemctl start docker && systemctl enable docker 参数优化, 配置镜像加速并使用systemd: mkdir -p /etc/docker cat > /etc/docker/daemon.json <<EOF { "exec-opts": ["native.cgroupdriver=systemd"], "registry-mirrors": ["https://9916w1ow.mirror.aliyuncs.com"] } EOF #重启docker systemctl daemon-reload && systemctl restart docker [root@k8s-master-underlay-01 ~]# docker info Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Docker Buildx (Docker Inc., v0.9.1-docker) scan: Docker Scan (Docker Inc., v0.21.0) Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 20.10.21 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: 1c90a442489720eec95342e1789ee8a5e1b9536f runc version: v1.1.4-0-g5fd4c4d init version: de40ad0 Security Options: apparmor seccomp Profile: default Kernel Version: 5.4.0-122-generic Operating System: Ubuntu 20.04.3 LTS OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 3.81GiB Name: k8s-master-underlay-01 ID: ISPH:MD5W:P7ML:X36J:LLOH:O7BG:IWYL:AAU5:PBFI:YAIC:LT42:ZV32 Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://9916w1ow.mirror.aliyuncs.com/ Live Restore Enabled: false WARNING: No swap limit support [root@k8s-master-underlay-01 ~]#
8.3、安装cri-docker
[root@k8s-master-underlay-01 ~]# wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.2.6/cri-dockerd-0.2.6.amd64.tgz [root@k8s-master-underlay-01 ~]# tar xvf cri-dockerd-0.2.6.amd64.tgz [root@k8s-master-underlay-01 ~]# cp cri-dockerd/cri-dockerd /usr/local/bin/ [root@k8s-master-underlay-01 ~]# scp cri-dockerd/cri-dockerd root@192.168.247.72:/usr/local/bin/ [root@k8s-master-underlay-01 ~]# scp cri-dockerd/cri-dockerd root@192.168.247.73:/usr/local/bin/ [root@k8s-master-underlay-01 ~]# scp cri-dockerd/cri-dockerd root@192.168.247.74:/usr/local/bin/ #所有节点配置cri-dockerd.service文件 cat > /lib/systemd/system/cri-docker.service <<EOF [Unit] Description=CRI Interface for Docker Application Container Engine Documentation=https://docs.mirantis.com After=network-online.target firewalld.service docker.service Wants=network-online.target Requires=cri-docker.socket [Service] Type=notify ExecStart=/usr/local/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7 ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always StartLimitBurst=3 StartLimitInterval=60s LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity Delegate=yes KillMode=process [Install] WantedBy=multi-user.target EOF #所有节点配置cri-docker.socket文件 cat > /etc/systemd/system/cri-docker.socket <<EOF [Unit] Description=CRI Docker Socket for the API PartOf=cri-docker.service [Socket] ListenStream=%t/cri-dockerd.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target EOF #启动服务: systemctl enable --now cri-docker cri-docker.socket
8.4、集群初始化准备
安装kubeadm、kubelet、kubectl组件,版本 ≥ 1.24.0
所有节点安装kubelet kubeadm kubectl, 配置阿里云镜像的kubernetes源(用于安装kubelet kubeadm kubectl命令) 使用阿里或者清华大学的kubernetes镜像源 apt-get update && apt-get install -y apt-transport-https curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - cat <<EOF >/etc/apt/sources.list.d/kubernetes.list deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main EOF #开始安装kubeadm: apt-get update apt-cache madison kubeadm apt-get install -y kubelet=1.25.3-00 kubeadm=1.25.3-00 kubectl=1.25.3-00 #验证版本 # kubeadm version kubeadm version: &version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.3", GitCommit:"434bfd82814af038ad94d62ebe59b133fcb50506", GitTreeState:"clean", BuildDate:"2022-10-12T10:55:36Z", GoVersion:"go1.19.2", Compiler:"gc", Platform:"linux/amd64"}
镜像准备
[root@k8s-master-underlay-01 ~]# kubeadm config images list --kubernetes-version v1.25.3 registry.k8s.io/kube-apiserver:v1.25.3 registry.k8s.io/kube-controller-manager:v1.25.3 registry.k8s.io/kube-scheduler:v1.25.3 registry.k8s.io/kube-proxy:v1.25.3 registry.k8s.io/pause:3.8 registry.k8s.io/etcd:3.5.4-0 registry.k8s.io/coredns/coredns:v1.9.3 [root@k8s-master-underlay-01 ~]# [root@k8s-master-underlay-01 ~]# vi images-download.sh [root@k8s-master-underlay-01 ~]# cat images-download.sh #!/bin/bash docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.25.3 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.25.3 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.25.3 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.25.3 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.8 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.4-0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns/coredns:v1.9.3 [root@k8s-master-underlay-01 ~]# bash images-download.sh
8.5、初始化集群
场景1: pod可以选择overlay或者underlay, SVC使用overlay, 如果是underlay需要配置SVC使用宿主机的子网
比如以下场景是overlay网络、 后期会用于overlay场景的pod, service会用于overlay的svc场景。 kubeadm init --apiserver-advertise-address=192.168.247.71 \ --apiserver-bind-port=6443 \ --kubernetes-version=v1.25.3 \ --pod-network-cidr=10.200.0.0/16 \ --service-cidr=10.100.0.0/16 \ --service-dns-domain=cluster.local \ --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers \ --cri-socket unix:///var/run/cri-dockerd.sock 场景2: pod可以选择overlay或者underlay, SVC使用underlay初始化, --pod-network-cidr=10.200.0.0/16会用于后期overlay的场景,
underlay的网络CIDR后期单独指定, overlay会与underlay并存, --servicecidr=192.168.200.0/24用于后期的underlay svc, 通过SVC可以直接访问pod。 kubeadm init --apiserver-advertise-address=192.168.247.71 \ --apiserver-bind-port=6443 \ --kubernetes-version=v1.25.3 \ --pod-network-cidr=10.200.0.0/16 \ --service-cidr=192.168.200.0/24 \ --service-dns-domain=cluster.local \ --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers \ --cri-socket unix:///var/run/cri-dockerd.sock 注意: 后期如果要访问SVC则需要在网络设备配置静态路由, 因为SVC是iptables或者IPVS规则, 不会进行arp报文广播: -A KUBE-SERVICES -d 172.31.5.148/32 -p tcp -m comment --comment "myserver/myserver-tomcat-app1-service-underlay:http cluster IP" -m tcp --dport 80 -j KUBE-SVC-DXPW2IL54XTPIKP5 -A KUBE-SVC-DXPW2IL54XTPIKP5 ! -s 10.200.0.0/16 -d 172.31.5.148/32 -p tcp -m comment --comment "myserver/myserver-tomcat-app1-serviceunderlay:http cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
场景1-初始化
[root@k8s-master-underlay-01 ~]# kubeadm init --control-plane-endpoint "192.168.247.71" \ > --upload-certs \ > --apiserver-advertise-address=192.168.247.71 \ > --apiserver-bind-port=6443 \ > --kubernetes-version=v1.25.3 \ > --pod-network-cidr=10.200.0.0/16 \ > --service-cidr=10.100.0.0/16 \ > --service-dns-domain=cluster.local \ > --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers \ > --cri-socket unix:///var/run/cri-dockerd.sock [init] Using Kubernetes version: v1.25.3 [preflight] Running pre-flight checks [preflight] Pulling images required for setting up a Kubernetes cluster [preflight] This might take a minute or two, depending on the speed of your internet connection [preflight] You can also perform this action in beforehand using 'kubeadm config images pull' [certs] Using certificateDir folder "/etc/kubernetes/pki" [certs] Generating "ca" certificate and key [certs] Generating "apiserver" certificate and key [certs] apiserver serving cert is signed for DNS names [k8s-master-underlay-01 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.100.0.1 192.168.247.71] [certs] Generating "apiserver-kubelet-client" certificate and key [certs] Generating "front-proxy-ca" certificate and key [certs] Generating "front-proxy-client" certificate and key [certs] Generating "etcd/ca" certificate and key [certs] Generating "etcd/server" certificate and key [certs] etcd/server serving cert is signed for DNS names [k8s-master-underlay-01 localhost] and IPs [192.168.247.71 127.0.0.1 ::1] [certs] Generating "etcd/peer" certificate and key [certs] etcd/peer serving cert is signed for DNS names [k8s-master-underlay-01 localhost] and IPs [192.168.247.71 127.0.0.1 ::1] [certs] Generating "etcd/healthcheck-client" certificate and key [certs] Generating "apiserver-etcd-client" certificate and key [certs] Generating "sa" key and public key [kubeconfig] Using kubeconfig folder "/etc/kubernetes" [kubeconfig] Writing "admin.conf" kubeconfig file [kubeconfig] Writing "kubelet.conf" kubeconfig file [kubeconfig] Writing "controller-manager.conf" kubeconfig file [kubeconfig] Writing "scheduler.conf" kubeconfig file [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Starting the kubelet [control-plane] Using manifest folder "/etc/kubernetes/manifests" [control-plane] Creating static Pod manifest for "kube-apiserver" [control-plane] Creating static Pod manifest for "kube-controller-manager" [control-plane] Creating static Pod manifest for "kube-scheduler" [etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests" [wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s [apiclient] All control plane components are healthy after 19.007146 seconds [upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace [kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster [upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace [upload-certs] Using certificate key: f8450272a7f24480172a246c55d0fa7f542e19f5769b6e91e2cd26421183896b [mark-control-plane] Marking the node k8s-master-underlay-01 as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers] [mark-control-plane] Marking the node k8s-master-underlay-01 as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule] [bootstrap-token] Using token: 7vag71.8v7mqsajsya5n00t [bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles [bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes [bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials [bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token [bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster [bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace [kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key [addons] Applied essential addon: CoreDNS [addons] Applied essential addon: kube-proxy Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of the control-plane node running the following command on each as root: kubeadm join 192.168.247.71:6443 --token 7vag71.8v7mqsajsya5n00t \ --discovery-token-ca-cert-hash sha256:471386ff8802bd6aff33e41518f1644153ea475ecfa4eb9f94bda8be66ebb388 \ --control-plane --certificate-key f8450272a7f24480172a246c55d0fa7f542e19f5769b6e91e2cd26421183896b Please note that the certificate-key gives access to cluster sensitive data, keep it secret! As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use "kubeadm init phase upload-certs --upload-certs" to reload certs afterward. Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.247.71:6443 --token 7vag71.8v7mqsajsya5n00t \ --discovery-token-ca-cert-hash sha256:471386ff8802bd6aff33e41518f1644153ea475ecfa4eb9f94bda8be66ebb388 [root@k8s-master-underlay-01 ~]#
8.6、添加集群节点
8.6.1、添加master
[root@k8s-master-underlay-02 ~]# kubeadm join 192.168.247.71:6443 --token 7vag71.8v7mqsajsya5n00t \ > --discovery-token-ca-cert-hash sha256:471386ff8802bd6aff33e41518f1644153ea475ecfa4eb9f94bda8be66ebb388 \ > --control-plane --certificate-key f8450272a7f24480172a246c55d0fa7f542e19f5769b6e91e2cd26421183896b \ > --cri-socket unix:///var/run/cri-dockerd.sock [preflight] Running pre-flight checks [preflight] Reading configuration from the cluster... [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' [preflight] Running pre-flight checks before initializing the new control plane instance [preflight] Pulling images required for setting up a Kubernetes cluster [preflight] This might take a minute or two, depending on the speed of your internet connection [preflight] You can also perform this action in beforehand using 'kubeadm config images pull' [download-certs] Downloading the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace [certs] Using certificateDir folder "/etc/kubernetes/pki" [certs] Generating "etcd/healthcheck-client" certificate and key [certs] Generating "apiserver-etcd-client" certificate and key [certs] Generating "etcd/server" certificate and key [certs] etcd/server serving cert is signed for DNS names [k8s-master-underlay-02 localhost] and IPs [192.168.247.72 127.0.0.1 ::1] [certs] Generating "etcd/peer" certificate and key [certs] etcd/peer serving cert is signed for DNS names [k8s-master-underlay-02 localhost] and IPs [192.168.247.72 127.0.0.1 ::1] [certs] Generating "apiserver" certificate and key [certs] apiserver serving cert is signed for DNS names [k8s-master-underlay-02 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.100.0.1 192.168.247.72 192.168.247.71] [certs] Generating "apiserver-kubelet-client" certificate and key [certs] Generating "front-proxy-client" certificate and key [certs] Valid certificates and keys now exist in "/etc/kubernetes/pki" [certs] Using the existing "sa" key [kubeconfig] Generating kubeconfig files [kubeconfig] Using kubeconfig folder "/etc/kubernetes" [kubeconfig] Writing "admin.conf" kubeconfig file [kubeconfig] Writing "controller-manager.conf" kubeconfig file [kubeconfig] Writing "scheduler.conf" kubeconfig file [control-plane] Using manifest folder "/etc/kubernetes/manifests" [control-plane] Creating static Pod manifest for "kube-apiserver" [control-plane] Creating static Pod manifest for "kube-controller-manager" [control-plane] Creating static Pod manifest for "kube-scheduler" [check-etcd] Checking that the etcd cluster is healthy [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Starting the kubelet [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap... [etcd] Announced new etcd member joining to the existing etcd cluster [etcd] Creating static Pod manifest for "etcd" [etcd] Waiting for the new etcd member to join the cluster. This can take up to 40s The 'update-status' phase is deprecated and will be removed in a future release. Currently it performs no operation [mark-control-plane] Marking the node k8s-master-underlay-02 as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers] [mark-control-plane] Marking the node k8s-master-underlay-02 as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule] This node has joined the cluster and a new control plane instance was created: * Certificate signing request was sent to apiserver and approval was received. * The Kubelet was informed of the new secure connection details. * Control plane label and taint were applied to the new node. * The Kubernetes control plane instances scaled up. * A new etcd member was added to the local/stacked etcd cluster. To start administering your cluster from this node, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Run 'kubectl get nodes' to see this node join the cluster. [root@k8s-master-underlay-02 ~]# mkdir -p $HOME/.kube [root@k8s-master-underlay-02 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@k8s-master-underlay-02 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config [root@k8s-master-underlay-02 ~]# [root@k8s-master-underlay-03 ~]# kubeadm join 192.168.247.71:6443 --token 7vag71.8v7mqsajsya5n00t \ > --discovery-token-ca-cert-hash sha256:471386ff8802bd6aff33e41518f1644153ea475ecfa4eb9f94bda8be66ebb388 \ > --control-plane --certificate-key f8450272a7f24480172a246c55d0fa7f542e19f5769b6e91e2cd26421183896b \ > --cri-socket unix:///var/run/cri-dockerd.sock [preflight] Running pre-flight checks [preflight] Reading configuration from the cluster... [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' [preflight] Running pre-flight checks before initializing the new control plane instance [preflight] Pulling images required for setting up a Kubernetes cluster [preflight] This might take a minute or two, depending on the speed of your internet connection [preflight] You can also perform this action in beforehand using 'kubeadm config images pull' [download-certs] Downloading the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace [certs] Using certificateDir folder "/etc/kubernetes/pki" [certs] Generating "apiserver-kubelet-client" certificate and key [certs] Generating "apiserver" certificate and key [certs] apiserver serving cert is signed for DNS names [k8s-master-underlay-03 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.100.0.1 192.168.247.73 192.168.247.71] [certs] Generating "front-proxy-client" certificate and key [certs] Generating "etcd/peer" certificate and key [certs] etcd/peer serving cert is signed for DNS names [k8s-master-underlay-03 localhost] and IPs [192.168.247.73 127.0.0.1 ::1] [certs] Generating "apiserver-etcd-client" certificate and key [certs] Generating "etcd/server" certificate and key [certs] etcd/server serving cert is signed for DNS names [k8s-master-underlay-03 localhost] and IPs [192.168.247.73 127.0.0.1 ::1] [certs] Generating "etcd/healthcheck-client" certificate and key [certs] Valid certificates and keys now exist in "/etc/kubernetes/pki" [certs] Using the existing "sa" key [kubeconfig] Generating kubeconfig files [kubeconfig] Using kubeconfig folder "/etc/kubernetes" [kubeconfig] Writing "admin.conf" kubeconfig file [kubeconfig] Writing "controller-manager.conf" kubeconfig file [kubeconfig] Writing "scheduler.conf" kubeconfig file [control-plane] Using manifest folder "/etc/kubernetes/manifests" [control-plane] Creating static Pod manifest for "kube-apiserver" [control-plane] Creating static Pod manifest for "kube-controller-manager" [control-plane] Creating static Pod manifest for "kube-scheduler" [check-etcd] Checking that the etcd cluster is healthy [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Starting the kubelet [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap... [etcd] Announced new etcd member joining to the existing etcd cluster [etcd] Creating static Pod manifest for "etcd" [etcd] Waiting for the new etcd member to join the cluster. This can take up to 40s The 'update-status' phase is deprecated and will be removed in a future release. Currently it performs no operation [mark-control-plane] Marking the node k8s-master-underlay-03 as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers] [mark-control-plane] Marking the node k8s-master-underlay-03 as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule] This node has joined the cluster and a new control plane instance was created: * Certificate signing request was sent to apiserver and approval was received. * The Kubelet was informed of the new secure connection details. * Control plane label and taint were applied to the new node. * The Kubernetes control plane instances scaled up. * A new etcd member was added to the local/stacked etcd cluster. To start administering your cluster from this node, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Run 'kubectl get nodes' to see this node join the cluster. [root@k8s-master-underlay-03 ~]# mkdir -p $HOME/.kube [root@k8s-master-underlay-03 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@k8s-master-underlay-03 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config [root@k8s-master-underlay-03 ~]#
8.6.2、添加node节点
[root@k8s-node-underlay-01 ~]# kubeadm join 192.168.247.71:6443 --token 7vag71.8v7mqsajsya5n00t \ > --discovery-token-ca-cert-hash sha256:471386ff8802bd6aff33e41518f1644153ea475ecfa4eb9f94bda8be66ebb388 \ > --cri-socket unix:///var/run/cri-dockerd.sock [preflight] Running pre-flight checks [preflight] Reading configuration from the cluster... [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Starting the kubelet [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap... This node has joined the cluster: * Certificate signing request was sent to apiserver and a response was received. * The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the control-plane to see this node join the cluster. [root@k8s-node-underlay-01 ~]#
九、安装underlay网络组件
9.1、helm环境准备
官网地址: https://helm.sh/docs/intro/install/ https://github.com/helm/helm/releases [root@k8s-master-underlay-01 ~]# wget https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz [root@k8s-master-underlay-01 ~]# tar xvf helm-v3.9.0-linux-amd64.tar.gz [root@k8s-master-underlay-01 ~]# mv linux-amd64/helm /usr/local/bin/ [root@k8s-master-underlay-01 ~]# helm version version.BuildInfo{Version:"v3.9.0", GitCommit:"7ceeda6c585217a19a1131663d8cd1f7d641b2a7", GitTreeState:"clean", GoVersion:"go1.17.5"} [root@k8s-master-underlay-01 ~]#
9.2、部署hybridnet
[root@k8s-master-underlay-01 ~]# helm repo add hybridnet https://alibaba.github.io/hybridnet/ "hybridnet" has been added to your repositories [root@k8s-master-underlay-01 ~]# helm repo update Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "hybridnet" chart repository Update Complete. ⎈Happy Helming!⎈ [root@k8s-master-underlay-01 ~]# helm install hybridnet hybridnet/hybridnet -n kube-system --set init.cidr=10.200.0.0/16 #配置overlay pod网络, 如果不指定--set init.cidr=10.200.0.0/16默认会使用100.64.0.0/16
NAME: hybridnet LAST DEPLOYED: Fri Oct 28 01:01:18 2022 NAMESPACE: kube-system STATUS: deployed REVISION: 1 TEST SUITE: None [root@k8s-master-underlay-01 ~]# [root@k8s-master-underlay-01 ~]# kubectl get node -owide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME k8s-master-underlay-01 Ready control-plane 46m v1.25.3 192.168.247.71 <none> Ubuntu 20.04.3 LTS 5.4.0-122-generic docker://20.10.21 k8s-master-underlay-02 Ready control-plane 44m v1.25.3 192.168.247.72 <none> Ubuntu 20.04.3 LTS 5.4.0-122-generic docker://20.10.21 k8s-master-underlay-03 Ready control-plane 43m v1.25.3 192.168.247.73 <none> Ubuntu 20.04.3 LTS 5.4.0-122-generic docker://20.10.21 k8s-node-underlay-01 Ready <none> 22m v1.25.3 192.168.247.74 <none> Ubuntu 20.04.3 LTS 5.4.0-131-generic docker://20.10.21 [root@k8s-master-underlay-01 ~]# kubectl get pod -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-7f8cbcb969-tllgr 0/1 ContainerCreating 0 46m kube-system coredns-7f8cbcb969-xs56z 0/1 ContainerCreating 0 46m kube-system etcd-k8s-master-underlay-01 1/1 Running 0 46m kube-system etcd-k8s-master-underlay-02 1/1 Running 0 44m kube-system etcd-k8s-master-underlay-03 1/1 Running 0 43m kube-system hybridnet-daemon-956nw 2/2 Running 0 3m41s kube-system hybridnet-daemon-f86fj 2/2 Running 0 3m43s kube-system hybridnet-daemon-mvfbf 2/2 Running 0 3m48s kube-system hybridnet-daemon-p9jnd 2/2 Running 0 3m43s kube-system hybridnet-manager-5fcd869c59-bwwdc 0/1 Pending 0 3m43s kube-system hybridnet-manager-5fcd869c59-crdf8 0/1 Pending 0 3m41s kube-system hybridnet-manager-5fcd869c59-vpj7s 0/1 Pending 0 3m41s kube-system hybridnet-webhook-5dc9fc7d9d-8r5zp 0/1 Pending 0 3m48s kube-system hybridnet-webhook-5dc9fc7d9d-kwxz4 0/1 Pending 0 3m48s kube-system hybridnet-webhook-5dc9fc7d9d-rkvz4 0/1 Pending 0 3m48s kube-system kube-apiserver-k8s-master-underlay-01 1/1 Running 0 46m kube-system kube-apiserver-k8s-master-underlay-02 1/1 Running 0 43m kube-system kube-apiserver-k8s-master-underlay-03 1/1 Running 0 43m kube-system kube-controller-manager-k8s-master-underlay-01 1/1 Running 0 46m kube-system kube-controller-manager-k8s-master-underlay-02 1/1 Running 0 44m kube-system kube-controller-manager-k8s-master-underlay-03 1/1 Running 0 43m kube-system kube-proxy-4xq49 1/1 Running 0 43m kube-system kube-proxy-7kkgd 1/1 Running 0 46m kube-system kube-proxy-pnwxt 1/1 Running 0 22m kube-system kube-proxy-wnxpz 1/1 Running 0 44m kube-system kube-scheduler-k8s-master-underlay-01 1/1 Running 1 (44m ago) 46m kube-system kube-scheduler-k8s-master-underlay-02 1/1 Running 0 43m kube-system kube-scheduler-k8s-master-underlay-03 1/1 Running 0 43m [root@k8s-master-underlay-01 ~]#
此时hybridnet-manager、hybridnet-webhook pod Pending,通过describe查看发现集群没有节点打上master标签
[root@k8s-master-underlay-01 ~]# kubectl get pod -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-7f8cbcb969-tllgr 0/1 ContainerCreating 0 45m kube-system coredns-7f8cbcb969-xs56z 0/1 ContainerCreating 0 45m kube-system etcd-k8s-master-underlay-01 1/1 Running 0 45m kube-system etcd-k8s-master-underlay-02 1/1 Running 0 43m kube-system etcd-k8s-master-underlay-03 1/1 Running 0 42m kube-system hybridnet-daemon-956nw 2/2 Running 0 2m42s kube-system hybridnet-daemon-f86fj 2/2 Running 0 2m44s kube-system hybridnet-daemon-mvfbf 2/2 Running 0 2m49s kube-system hybridnet-daemon-p9jnd 2/2 Running 0 2m44s kube-system hybridnet-manager-5fcd869c59-bwwdc 0/1 Pending 0 2m44s kube-system hybridnet-manager-5fcd869c59-crdf8 0/1 Pending 0 2m42s kube-system hybridnet-manager-5fcd869c59-vpj7s 0/1 Pending 0 2m42s kube-system hybridnet-webhook-5dc9fc7d9d-8r5zp 0/1 Pending 0 2m49s kube-system hybridnet-webhook-5dc9fc7d9d-kwxz4 0/1 Pending 0 2m49s kube-system hybridnet-webhook-5dc9fc7d9d-rkvz4 0/1 Pending 0 2m49s kube-system kube-apiserver-k8s-master-underlay-01 1/1 Running 0 45m kube-system kube-apiserver-k8s-master-underlay-02 1/1 Running 0 42m kube-system kube-apiserver-k8s-master-underlay-03 1/1 Running 0 42m kube-system kube-controller-manager-k8s-master-underlay-01 1/1 Running 0 45m kube-system kube-controller-manager-k8s-master-underlay-02 1/1 Running 0 43m kube-system kube-controller-manager-k8s-master-underlay-03 1/1 Running 0 42m kube-system kube-proxy-4xq49 1/1 Running 0 42m kube-system kube-proxy-7kkgd 1/1 Running 0 45m kube-system kube-proxy-pnwxt 1/1 Running 0 21m kube-system kube-proxy-wnxpz 1/1 Running 0 43m kube-system kube-scheduler-k8s-master-underlay-01 1/1 Running 1 (43m ago) 45m kube-system kube-scheduler-k8s-master-underlay-02 1/1 Running 0 42m kube-system kube-scheduler-k8s-master-underlay-03 1/1 Running 0 42m [root@k8s-master-underlay-01 ~]# [root@k8s-master-underlay-01 ~]# kubectl describe pod -n kube-system hybridnet-manager-5fcd869c59-bwwdc Name: hybridnet-manager-5fcd869c59-bwwdc Namespace: kube-system Priority: 2000000000 Priority Class Name: system-cluster-critical Service Account: hybridnet Node: <none> Labels: app=hybridnet-manager pod-template-hash=5fcd869c59 Annotations: <none> Status: Pending IP: IPs: <none> Controlled By: ReplicaSet/hybridnet-manager-5fcd869c59 Containers: hybridnet-manager: Image: docker.io/hybridnetdev/hybridnet:v0.7.4 Port: 9899/TCP Host Port: 9899/TCP Command: /hybridnet/hybridnet-manager --default-ip-retain=true --feature-gates=MultiCluster=false,VMIPRetain=false --controller-concurrency=Pod=1,IPAM=1,IPInstance=1 --kube-client-qps=300 --kube-client-burst=600 --metrics-port=9899 Environment: DEFAULT_NETWORK_TYPE: Overlay DEFAULT_IP_FAMILY: IPv4 NAMESPACE: kube-system (v1:metadata.namespace) Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-nr5vh (ro) Conditions: Type Status PodScheduled False Volumes: kube-api-access-nr5vh: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: <nil> DownwardAPI: true QoS Class: BestEffort Node-Selectors: node-role.kubernetes.io/master= Tolerations: :NoSchedule op=Exists node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning FailedScheduling 6m3s default-scheduler 0/4 nodes are available: 4 node(s) didn't match Pod's node affinity/selector. preemption: 0/4 nodes are available: 4 Preemption is not helpful for scheduling. Warning FailedScheduling 56s default-scheduler 0/4 nodes are available: 4 node(s) didn't match Pod's node affinity/selector. preemption: 0/4 nodes are available: 4 Preemption is not helpful for scheduling. [root@k8s-master-underlay-01 ~]# 解决办法: [root@k8s-master-underlay-01 ~]# kubectl get node --show-labels NAME STATUS ROLES AGE VERSION LABELS k8s-master-underlay-01 Ready control-plane 50m v1.25.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master-underlay-01,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node.kubernetes.io/exclude-from-external-load-balancers= k8s-master-underlay-02 Ready control-plane 47m v1.25.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master-underlay-02,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node.kubernetes.io/exclude-from-external-load-balancers= k8s-master-underlay-03 Ready control-plane 47m v1.25.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master-underlay-03,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node.kubernetes.io/exclude-from-external-load-balancers= k8s-node-underlay-01 Ready <none> 25m v1.25.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node-underlay-01,kubernetes.io/os=linux [root@k8s-master-underlay-01 ~]# [root@k8s-master-underlay-01 ~]# kubectl label node k8s-master-underlay-01 node-role.kubernetes.io/master= node/k8s-master-underlay-01 labeled [root@k8s-master-underlay-01 ~]# kubectl label node k8s-master-underlay-02 node-role.kubernetes.io/master= node/k8s-master-underlay-02 labeled [root@k8s-master-underlay-01 ~]# kubectl label node k8s-master-underlay-03 node-role.kubernetes.io/master= node/k8s-master-underlay-03 labeled [root@k8s-master-underlay-01 ~]# [root@k8s-master-underlay-01 ~]# kubectl get node --show-labels NAME STATUS ROLES AGE VERSION LABELS k8s-master-underlay-01 Ready control-plane,master 52m v1.25.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master-underlay-01,kubernetes.io/os=linux,networking.alibaba.com/overlay-network-attachment=true,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master=,node.kubernetes.io/exclude-from-external-load-balancers= k8s-master-underlay-02 Ready control-plane,master 49m v1.25.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master-underlay-02,kubernetes.io/os=linux,networking.alibaba.com/overlay-network-attachment=true,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master=,node.kubernetes.io/exclude-from-external-load-balancers= k8s-master-underlay-03 Ready control-plane,master 49m v1.25.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master-underlay-03,kubernetes.io/os=linux,networking.alibaba.com/overlay-network-attachment=true,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master=,node.kubernetes.io/exclude-from-external-load-balancers= k8s-node-underlay-01 Ready <none> 27m v1.25.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node-underlay-01,kubernetes.io/os=linux,networking.alibaba.com/overlay-network-attachment=true [root@k8s-master-underlay-01 ~]# [root@k8s-master-underlay-01 ~]# kubectl get pod -A -owide NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES kube-system coredns-7f8cbcb969-tllgr 0/1 Running 0 51m 10.200.0.1 k8s-node-underlay-01 <none> <none> kube-system coredns-7f8cbcb969-xs56z 0/1 Running 0 51m 10.200.0.2 k8s-node-underlay-01 <none> <none> kube-system etcd-k8s-master-underlay-01 1/1 Running 0 51m 192.168.247.71 k8s-master-underlay-01 <none> <none> kube-system etcd-k8s-master-underlay-02 1/1 Running 0 49m 192.168.247.72 k8s-master-underlay-02 <none> <none> kube-system etcd-k8s-master-underlay-03 1/1 Running 0 48m 192.168.247.73 k8s-master-underlay-03 <none> <none> kube-system hybridnet-daemon-956nw 2/2 Running 0 8m57s 192.168.247.74 k8s-node-underlay-01 <none> <none> kube-system hybridnet-daemon-f86fj 2/2 Running 0 8m59s 192.168.247.72 k8s-master-underlay-02 <none> <none> kube-system hybridnet-daemon-mvfbf 2/2 Running 0 9m4s 192.168.247.71 k8s-master-underlay-01 <none> <none> kube-system hybridnet-daemon-p9jnd 2/2 Running 0 8m59s 192.168.247.73 k8s-master-underlay-03 <none> <none> kube-system hybridnet-manager-5fcd869c59-bwwdc 1/1 Running 0 8m59s 192.168.247.71 k8s-master-underlay-01 <none> <none> kube-system hybridnet-manager-5fcd869c59-crdf8 1/1 Running 0 8m57s 192.168.247.73 k8s-master-underlay-03 <none> <none> kube-system hybridnet-manager-5fcd869c59-vpj7s 1/1 Running 0 8m57s 192.168.247.72 k8s-master-underlay-02 <none> <none> kube-system hybridnet-webhook-5dc9fc7d9d-8r5zp 1/1 Running 0 9m4s 192.168.247.73 k8s-master-underlay-03 <none> <none> kube-system hybridnet-webhook-5dc9fc7d9d-kwxz4 1/1 Running 0 9m4s 192.168.247.72 k8s-master-underlay-02 <none> <none> kube-system hybridnet-webhook-5dc9fc7d9d-rkvz4 1/1 Running 0 9m4s 192.168.247.71 k8s-master-underlay-01 <none> <none> kube-system kube-apiserver-k8s-master-underlay-01 1/1 Running 0 51m 192.168.247.71 k8s-master-underlay-01 <none> <none> kube-system kube-apiserver-k8s-master-underlay-02 1/1 Running 0 48m 192.168.247.72 k8s-master-underlay-02 <none> <none> kube-system kube-apiserver-k8s-master-underlay-03 1/1 Running 0 48m 192.168.247.73 k8s-master-underlay-03 <none> <none> kube-system kube-controller-manager-k8s-master-underlay-01 1/1 Running 0 51m 192.168.247.71 k8s-master-underlay-01 <none> <none> kube-system kube-controller-manager-k8s-master-underlay-02 1/1 Running 0 49m 192.168.247.72 k8s-master-underlay-02 <none> <none> kube-system kube-controller-manager-k8s-master-underlay-03 1/1 Running 0 48m 192.168.247.73 k8s-master-underlay-03 <none> <none> kube-system kube-proxy-4xq49 1/1 Running 0 48m 192.168.247.73 k8s-master-underlay-03 <none> <none> kube-system kube-proxy-7kkgd 1/1 Running 0 51m 192.168.247.71 k8s-master-underlay-01 <none> <none> kube-system kube-proxy-pnwxt 1/1 Running 0 27m 192.168.247.74 k8s-node-underlay-01 <none> <none> kube-system kube-proxy-wnxpz 1/1 Running 0 49m 192.168.247.72 k8s-master-underlay-02 <none> <none> kube-system kube-scheduler-k8s-master-underlay-01 1/1 Running 1 (49m ago) 51m 192.168.247.71 k8s-master-underlay-01 <none> <none> kube-system kube-scheduler-k8s-master-underlay-02 1/1 Running 0 49m 192.168.247.72 k8s-master-underlay-02 <none> <none> kube-system kube-scheduler-k8s-master-underlay-03 1/1 Running 0 48m 192.168.247.73 k8s-master-underlay-03 <none> <none> [root@k8s-master-underlay-01 ~]#
9.3、验证underlay
9.3.1、创建underlay网络并与node节点关联
[root@k8s-master-underlay-01 ~]# mkdir /root/hybridnet [root@k8s-master-underlay-01 ~]# cd hybridnet/ [root@k8s-master-underlay-01 hybridnet]# pwd /root/hybridnet [root@k8s-master-underlay-01 hybridnet]# [root@k8s-master-underlay-01 hybridnet]# kubectl label node k8s-master-underlay-01 network=underlay-nethost node/k8s-master-underlay-01 labeled [root@k8s-master-underlay-01 hybridnet]# kubectl label node k8s-master-underlay-02 network=underlay-nethost node/k8s-master-underlay-02 labeled [root@k8s-master-underlay-01 hybridnet]# kubectl label node k8s-master-underlay-03 network=underlay-nethost node/k8s-master-underlay-03 labeled [root@k8s-master-underlay-01 hybridnet]# kubectl label node k8s-node-underlay-01 network=underlay-nethost node/k8s-node-underlay-01 labeled [root@k8s-master-underlay-01 hybridnet]# kubectl get node --show-labels NAME STATUS ROLES AGE VERSION LABELS k8s-master-underlay-01 Ready control-plane,master 2d22h v1.25.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master-underlay-01,kubernetes.io/os=linux,network=underlay-nethost,networking.alibaba.com/dualstack-address-quota=empty,networking.alibaba.com/ipv4-address-quota=nonempty,networking.alibaba.com/ipv6-address-quota=empty,networking.alibaba.com/overlay-network-attachment=true,networking.alibaba.com/underlay-network-attachment=true,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master=,node.kubernetes.io/exclude-from-external-load-balancers= k8s-master-underlay-02 Ready control-plane,master 2d22h v1.25.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master-underlay-02,kubernetes.io/os=linux,network=underlay-nethost,networking.alibaba.com/dualstack-address-quota=empty,networking.alibaba.com/ipv4-address-quota=nonempty,networking.alibaba.com/ipv6-address-quota=empty,networking.alibaba.com/overlay-network-attachment=true,networking.alibaba.com/underlay-network-attachment=true,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master=,node.kubernetes.io/exclude-from-external-load-balancers= k8s-master-underlay-03 Ready control-plane,master 2d22h v1.25.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master-underlay-03,kubernetes.io/os=linux,network=underlay-nethost,networking.alibaba.com/dualstack-address-quota=empty,networking.alibaba.com/ipv4-address-quota=nonempty,networking.alibaba.com/ipv6-address-quota=empty,networking.alibaba.com/overlay-network-attachment=true,networking.alibaba.com/underlay-network-attachment=true,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master=,node.kubernetes.io/exclude-from-external-load-balancers= k8s-node-underlay-01 Ready <none> 2d21h v1.25.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node-underlay-01,kubernetes.io/os=linux,network=underlay-nethost,networking.alibaba.com/dualstack-address-quota=empty,networking.alibaba.com/ipv4-address-quota=nonempty,networking.alibaba.com/ipv6-address-quota=empty,networking.alibaba.com/overlay-network-attachment=true,networking.alibaba.com/underlay-network-attachment=true [root@k8s-master-underlay-01 hybridnet]# [root@k8s-master-underlay-01 hybridnet]# vim 1.create-underlay-network.yaml [root@k8s-master-underlay-01 hybridnet]# cat 1.create-underlay-network.yaml --- apiVersion: networking.alibaba.com/v1 kind: Network metadata: name: underlay-network1 spec: netID: 0 type: Underlay nodeSelector: network: "underlay-nethost" --- apiVersion: networking.alibaba.com/v1 kind: Subnet metadata: name: underlay-network1 spec: network: underlay-network1 netID: 0 range: version: "4" cidr: "192.168.247.0/24" gateway: "192.168.247.2" # 外部网关地址 start: "192.168.247.10" end: "192.168.247.254" [root@k8s-master-underlay-01 hybridnet]# [root@k8s-master-underlay-01 hybridnet]# kubectl apply -f 1.create-underlay-network.yaml network.networking.alibaba.com/underlay-network1 unchanged subnet.networking.alibaba.com/underlay-network1 created [root@k8s-master-underlay-01 hybridnet]# [root@k8s-master-underlay-01 hybridnet]# kubectl get network NAME NETID TYPE MODE V4TOTAL V4USED V4AVAILABLE LASTALLOCATEDV4SUBNET V6TOTAL V6USED V6AVAILABLE LASTALLOCATEDV6SUBNET init 4 Overlay 65534 2 65532 init 0 0 0 underlay-network1 0 Underlay 245 0 244 underlay-network1 0 0 0 [root@k8s-master-underlay-01 hybridnet]# [root@k8s-master-underlay-01 hybridnet]# kubectl get subnet NAME VERSION CIDR START END GATEWAY TOTAL USED AVAILABLE NETID NETWORK init 4 10.200.0.0/16 65534 2 65532 init underlay-network1 4 192.168.247.0/24 192.168.247.10 192.168.247.254 192.168.247.2 246 0 244 0 underlay-network1 [root@k8s-master-underlay-01 hybridnet]#
查看节点labels信息
[root@k8s-master-underlay-01 hybridnet]# kubectl describe node k8s-master-underlay-01 Name: k8s-master-underlay-01 Roles: control-plane,master Labels: beta.kubernetes.io/arch=amd64 beta.kubernetes.io/os=linux kubernetes.io/arch=amd64 kubernetes.io/hostname=k8s-master-underlay-01 kubernetes.io/os=linux network=underlay-nethost networking.alibaba.com/dualstack-address-quota=empty networking.alibaba.com/ipv4-address-quota=nonempty networking.alibaba.com/ipv6-address-quota=empty networking.alibaba.com/overlay-network-attachment=true networking.alibaba.com/underlay-network-attachment=true node-role.kubernetes.io/control-plane= node-role.kubernetes.io/master= node.kubernetes.io/exclude-from-external-load-balancers= Annotations: kubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/cri-dockerd.sock networking.alibaba.com/local-vxlan-ip-list: 192.168.247.71,192.168.247.71 networking.alibaba.com/vtep-ip: 192.168.247.71 networking.alibaba.com/vtep-mac: 00:0c:29:39:96:72 node.alpha.kubernetes.io/ttl: 0 volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Fri, 28 Oct 2022 00:18:31 +0800 Taints: node-role.kubernetes.io/control-plane:NoSchedule Unschedulable: false Lease: HolderIdentity: k8s-master-underlay-01 AcquireTime: <unset> RenewTime: Sun, 30 Oct 2022 22:15:24 +0800 Conditions: Type Status LastHeartbeatTime LastTransitionTime Reason Message ---- ------ ----------------- ------------------ ------ ------- MemoryPressure False Sun, 30 Oct 2022 22:15:20 +0800 Fri, 28 Oct 2022 00:18:23 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available DiskPressure False Sun, 30 Oct 2022 22:15:20 +0800 Fri, 28 Oct 2022 00:18:23 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure PIDPressure False Sun, 30 Oct 2022 22:15:20 +0800 Fri, 28 Oct 2022 00:18:23 +0800 KubeletHasSufficientPID kubelet has sufficient PID available Ready True Sun, 30 Oct 2022 22:15:20 +0800 Fri, 28 Oct 2022 01:03:57 +0800 KubeletReady kubelet is posting ready status. AppArmor enabled Addresses: InternalIP: 192.168.247.71 Hostname: k8s-master-underlay-01 Capacity: cpu: 2 ephemeral-storage: 25110788Ki hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 3994668Ki pods: 110 Allocatable: cpu: 2 ephemeral-storage: 23142102183 hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 3892268Ki pods: 110 System Info: Machine ID: 99f43e0eca6d412ea75c8b7359a3b3b0 System UUID: ee844d56-427e-a7fb-246f-7887bc399672 Boot ID: 4960018e-a366-4ded-ab93-85a2a811abd8 Kernel Version: 5.4.0-122-generic OS Image: Ubuntu 20.04.3 LTS Operating System: linux Architecture: amd64 Container Runtime Version: docker://20.10.21 Kubelet Version: v1.25.3 Kube-Proxy Version: v1.25.3 PodCIDR: 10.200.0.0/24 PodCIDRs: 10.200.0.0/24 Non-terminated Pods: (8 in total) Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits Age --------- ---- ------------ ---------- --------------- ------------- --- kube-system etcd-k8s-master-underlay-01 100m (5%) 0 (0%) 100Mi (2%) 0 (0%) 2d21h kube-system hybridnet-daemon-mvfbf 0 (0%) 0 (0%) 0 (0%) 0 (0%) 2d21h kube-system hybridnet-manager-5fcd869c59-bwwdc 0 (0%) 0 (0%) 0 (0%) 0 (0%) 2d21h kube-system hybridnet-webhook-5dc9fc7d9d-rkvz4 0 (0%) 0 (0%) 0 (0%) 0 (0%) 2d21h kube-system kube-apiserver-k8s-master-underlay-01 250m (12%) 0 (0%) 0 (0%) 0 (0%) 2d21h kube-system kube-controller-manager-k8s-master-underlay-01 200m (10%) 0 (0%) 0 (0%) 0 (0%) 2d21h kube-system kube-proxy-7kkgd 0 (0%) 0 (0%) 0 (0%) 0 (0%) 2d21h kube-system kube-scheduler-k8s-master-underlay-01 100m (5%) 0 (0%) 0 (0%) 0 (0%) 2d21h Allocated resources: (Total limits may be over 100 percent, i.e., overcommitted.) Resource Requests Limits -------- -------- ------ cpu 650m (32%) 0 (0%) memory 100Mi (2%) 0 (0%) ephemeral-storage 0 (0%) 0 (0%) hugepages-1Gi 0 (0%) 0 (0%) hugepages-2Mi 0 (0%) 0 (0%) Events: <none> [root@k8s-master-underlay-01 hybridnet]# [root@k8s-master-underlay-01 hybridnet]# kubectl describe node k8s-node-underlay-01 Name: k8s-node-underlay-01 Roles: <none> Labels: beta.kubernetes.io/arch=amd64 beta.kubernetes.io/os=linux kubernetes.io/arch=amd64 kubernetes.io/hostname=k8s-node-underlay-01 kubernetes.io/os=linux networking.alibaba.com/overlay-network-attachment=true Annotations: kubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/cri-dockerd.sock networking.alibaba.com/local-vxlan-ip-list: 192.168.247.74,192.168.247.74 networking.alibaba.com/vtep-ip: 192.168.247.74 networking.alibaba.com/vtep-mac: 00:0c:29:76:6c:cb node.alpha.kubernetes.io/ttl: 0 volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Fri, 28 Oct 2022 00:42:49 +0800 Taints: <none> Unschedulable: false Lease: HolderIdentity: k8s-node-underlay-01 AcquireTime: <unset> RenewTime: Sun, 30 Oct 2022 22:14:35 +0800 Conditions: Type Status LastHeartbeatTime LastTransitionTime Reason Message ---- ------ ----------------- ------------------ ------ ------- MemoryPressure False Sun, 30 Oct 2022 22:11:25 +0800 Fri, 28 Oct 2022 00:42:49 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available DiskPressure False Sun, 30 Oct 2022 22:11:25 +0800 Fri, 28 Oct 2022 00:42:49 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure PIDPressure False Sun, 30 Oct 2022 22:11:25 +0800 Fri, 28 Oct 2022 00:42:49 +0800 KubeletHasSufficientPID kubelet has sufficient PID available Ready True Sun, 30 Oct 2022 22:11:25 +0800 Fri, 28 Oct 2022 01:03:37 +0800 KubeletReady kubelet is posting ready status. AppArmor enabled Addresses: InternalIP: 192.168.247.74 Hostname: k8s-node-underlay-01 Capacity: cpu: 2 ephemeral-storage: 25110788Ki hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 3994704Ki pods: 110 Allocatable: cpu: 2 ephemeral-storage: 23142102183 hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 3892304Ki pods: 110 System Info: Machine ID: 99f43e0eca6d412ea75c8b7359a3b3b0 System UUID: 65b44d56-cfbc-c518-1895-b036f0766ccb Boot ID: ee96f020-29ec-4e37-a1b6-a361e498b1d5 Kernel Version: 5.4.0-131-generic OS Image: Ubuntu 20.04.3 LTS Operating System: linux Architecture: amd64 Container Runtime Version: docker://20.10.21 Kubelet Version: v1.25.3 Kube-Proxy Version: v1.25.3 PodCIDR: 10.200.3.0/24 PodCIDRs: 10.200.3.0/24 Non-terminated Pods: (5 in total) Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits Age --------- ---- ------------ ---------- --------------- ------------- --- kube-system coredns-7f8cbcb969-tllgr 100m (5%) 0 (0%) 70Mi (1%) 170Mi (4%) 2d21h kube-system coredns-7f8cbcb969-xs56z 100m (5%) 0 (0%) 70Mi (1%) 170Mi (4%) 2d21h kube-system hybridnet-daemon-956nw 0 (0%) 0 (0%) 0 (0%) 0 (0%) 2d21h kube-system kube-proxy-pnwxt 0 (0%) 0 (0%) 0 (0%) 0 (0%) 2d21h myserver myserver-tomcat-app1-deployment-overlay-57db444484-268mw 0 (0%) 0 (0%) 0 (0%) 0 (0%) 3m35s Allocated resources: (Total limits may be over 100 percent, i.e., overcommitted.) Resource Requests Limits -------- -------- ------ cpu 200m (10%) 0 (0%) memory 140Mi (3%) 340Mi (8%) ephemeral-storage 0 (0%) 0 (0%) hugepages-1Gi 0 (0%) 0 (0%) hugepages-2Mi 0 (0%) 0 (0%) Events: <none> [root@k8s-master-underlay-01 hybridnet]#
9.3.2、创建pod并使用overlay网络
[root@k8s-master-underlay-01 hybridnet]# vi 2.tomcat-app1-overlay.yaml [root@k8s-master-underlay-01 hybridnet]# cat 2.tomcat-app1-overlay.yaml kind: Deployment apiVersion: apps/v1 metadata: labels: app: myserver-tomcat-app1-deployment-overlay-label name: myserver-tomcat-app1-deployment-overlay namespace: myserver spec: replicas: 1 selector: matchLabels: app: myserver-tomcat-app1-overlay-selector template: metadata: labels: app: myserver-tomcat-app1-overlay-selector spec: nodeName: k8s-node-underlay-01 containers: - name: myserver-tomcat-app1-container #image: tomcat:7.0.93-alpine image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/tomcat-app1:v1 imagePullPolicy: IfNotPresent ##imagePullPolicy: Always ports: - containerPort: 8080 protocol: TCP name: http env: - name: "password" value: "123456" - name: "age" value: "18" # resources: # limits: # cpu: 0.5 # memory: "512Mi" # requests: # cpu: 0.5 # memory: "512Mi" --- kind: Service apiVersion: v1 metadata: labels: app: myserver-tomcat-app1-service-overlay-label name: myserver-tomcat-app1-service-overlay namespace: myserver spec: type: NodePort ports: - name: http port: 80 protocol: TCP targetPort: 8080 nodePort: 30003 selector: app: myserver-tomcat-app1-overlay-selector [root@k8s-master-underlay-01 hybridnet]# kubectl create ns myserver namespace/myserver created [root@k8s-master-underlay-01 hybridnet]# [root@k8s-master-underlay-01 hybridnet]# kubectl apply -f 2.tomcat-app1-overlay.yaml deployment.apps/myserver-tomcat-app1-deployment-overlay created service/myserver-tomcat-app1-service-overlay created [root@k8s-master-underlay-01 hybridnet]# kubectl get pod -n myserver -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES myserver-tomcat-app1-deployment-overlay-57db444484-424bl 1/1 Running 0 6m43s 10.200.0.3 k8s-node-underlay-01 <none> <none> [root@k8s-master-underlay-01 hybridnet]#
9.3.3、创建pod并使用underlay网络
[root@k8s-master-underlay-01 hybridnet]# vi 3.tomcat-app1-underlay.yaml [root@k8s-master-underlay-01 hybridnet]# cat 3.tomcat-app1-underlay.yaml kind: Deployment #apiVersion: extensions/v1beta1 apiVersion: apps/v1 metadata: labels: app: myserver-tomcat-app1-deployment-underlay-label name: myserver-tomcat-app1-deployment-underlay namespace: myserver spec: replicas: 1 selector: matchLabels: app: myserver-tomcat-app1-underlay-selector template: metadata: labels: app: myserver-tomcat-app1-underlay-selector annotations: #使用Underlay或者Overlay网络 networking.alibaba.com/network-type: Underlay spec: #nodeName: k8s-node2.example.com containers: - name: myserver-tomcat-app1-container #image: tomcat:7.0.93-alpine image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/tomcat-app1:v2 imagePullPolicy: IfNotPresent ##imagePullPolicy: Always ports: - containerPort: 8080 protocol: TCP name: http env: - name: "password" value: "123456" - name: "age" value: "18" # resources: # limits: # cpu: 0.5 # memory: "512Mi" # requests: # cpu: 0.5 # memory: "512Mi" --- kind: Service apiVersion: v1 metadata: labels: app: myserver-tomcat-app1-service-underlay-label name: myserver-tomcat-app1-service-underlay namespace: myserver spec: # type: NodePort ports: - name: http port: 80 protocol: TCP targetPort: 8080 #nodePort: 40003 selector: app: myserver-tomcat-app1-underlay-selector [root@k8s-master-underlay-01 hybridnet]# kubectl apply -f 3.tomcat-app1-underlay.yaml deployment.apps/myserver-tomcat-app1-deployment-underlay created service/myserver-tomcat-app1-service-underlay created [root@k8s-master-underlay-01 hybridnet]# [root@k8s-master-underlay-01 hybridnet]# kubectl get pod -n myserver -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES myserver-tomcat-app1-deployment-overlay-57db444484-424b1 1/1 Running 0 25m 10.200.0.3 k8s-node-underlay-01 <none> <none> myserver-tomcat-app1-deployment-underlay-9749fdf45-nvk28 1/1 Running 0 30s 192.168.247.10 k8s-node-underlay-01 <none> <none> [root@k8s-master-underlay-01 hybridnet]# [root@k8s-master-underlay-01 hybridnet]# vi 3.tomcat-app1-underlay.yaml [root@k8s-master-underlay-01 hybridnet]# grep replicas: 3.tomcat-app1-underlay.yaml replicas: 3 [root@k8s-master-underlay-01 hybridnet]# kubectl apply -f 3.tomcat-app1-underlay.yaml deployment.apps/myserver-tomcat-app1-deployment-underlay configured service/myserver-tomcat-app1-service-underlay unchanged [root@k8s-master-underlay-01 hybridnet]# kubectl get pod -n myserver -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES myserver-tomcat-app1-deployment-overlay-57db444484-268mw 1/1 Running 0 51m 10.200.0.3 k8s-node-underlay-01 <none> <none> myserver-tomcat-app1-deployment-underlay-9749fdf45-d2cgz 1/1 Running 0 3m37s 192.168.247.14 k8s-master-underlay-01 <none> <none> myserver-tomcat-app1-deployment-underlay-9749fdf45-gdrgz 1/1 Running 0 3m37s 192.168.247.13 k8s-node-underlay-01 <none> <none> myserver-tomcat-app1-deployment-underlay-9749fdf45-lms8f 1/1 Running 0 3m37s 192.168.247.15 k8s-master-underlay-02 <none> <none> [root@k8s-master-underlay-01 hybridnet]#
由于本环境是在windows VMware环境下部署,需要在windows添加路由,为了方便测试,直接使用集群环境测试
9.3.4、通过service IP访问Pod
[root@k8s-master-underlay-01 hybridnet]# vi 4.pod-underlay.yaml [root@k8s-master-underlay-01 hybridnet]# cat 4.pod-underlay.yaml apiVersion: v1 kind: Pod metadata: name: annotations-demo annotations: networking.alibaba.com/network-type: Underlay spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80 [root@k8s-master-underlay-01 hybridnet]# kubectl apply -f 4.pod-underlay.yaml pod/annotations-demo created [root@k8s-master-underlay-01 hybridnet]# [root@k8s-master-underlay-01 hybridnet]# kubectl get pod -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES annotations-demo 1/1 Running 0 2m2s 192.168.247.16 k8s-node-underlay-01 <none> <none> [root@k8s-master-underlay-01 hybridnet]# [root@k8s-node-underlay-01 ~]# kubectl get svc -A NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 2d23h kube-system hybridnet-webhook ClusterIP 10.100.36.247 <none> 443/TCP 2d22h kube-system kube-dns ClusterIP 10.100.0.10 <none> 53/UDP,53/TCP,9153/TCP 2d23h myserver myserver-tomcat-app1-service-overlay NodePort 10.100.248.109 <none> 80:30003/TCP 93m myserver myserver-tomcat-app1-service-underlay ClusterIP 10.100.105.171 <none> 80/TCP 45m [root@k8s-node-underlay-01 ~]# [root@k8s-node-underlay-01 ~]# route add -net 10.100.105.0 netmask 255.255.255.0 gateway 192.168.247.74 #在pod所在的宿主机添加service IP网段即可 [root@k8s-node-underlay-01 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.247.2 0.0.0.0 UG 100 0 0 eth0 10.100.105.0 192.168.247.74 255.255.255.0 UG 0 0 0 eth0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.247.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 [root@k8s-node-underlay-01 ~]# [root@k8s-node-underlay-01 ~]# curl http://10.100.105.171/myapp/index.html tomcat app1 v2 [root@k8s-node-underlay-01 ~]#
