calico 指定pod 网段

分配4个C的子网，比如 172.22.132.0/22

其中大数据应用连接 mq， iptable做了限制，只允许指定IP访问， 所以需要从 172.22.132.0/22 切出子网

规划如下：

大数据网络： 172.22.135.0/25     使用IP126个

其他pod网络： 172.22.132.0/23  使用pod 512个

calicoctl create -f -<<EOF
apiVersion: projectcalico.org/v3
kind: IPPool
metadata:
  name: bgdata-receiver-ipv4pool
spec:
  blockSize: 26
  cidr: 172.22.135.0/25
  ipipMode: Never
  nodeSelector: all()
  vxlanMode: Never
  natOutgoing: false
EOF



calicoctl create -f -<<EOF
apiVersion: projectcalico.org/v3
kind: IPPool
metadata:
  name: default-ipv4-ippool
spec:
  blockSize: 26
  cidr: 172.22.132.0/23
  ipipMode: Never
  nodeSelector: all()
  vxlanMode: Never
  natOutgoing: false
EOF

 

 

 

主要利用calico组件的两个kubernetes注解:

cni.projectcalico.org/ipAddrs

    metadata:
      labels:
        app: testnginx
      annotations:
        "cni.projectcalico.org/ipAddrs": "[\"172.22.135.1\"]"

 

cni.projectcalico.org/ipv4pools

对于deployment

[root@master1 ~]# cat nginx.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: testnginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: testnginx
  template:
    metadata:
      labels:
        app: testnginx
      annotations:
        "cni.projectcalico.org/ipv4pools": "[\"bgdata-receiver-ipv4pool\"]"
    spec:
      containers:
      - image: 172.22.1.1/source/nginx:latest
        imagePullPolicy: Always
        name: testnginx
        ports:
        - containerPort: 80
          name: testnginx
          protocol: TCP