K8S路由网关转发配置

本文参考:https://www.cnblogs.com/smallleiit/articles/11720939.html

先说下网络环境:

  server1,K8S搭建的网络,pod ip是10.244.1.92

  server2,K8S搭建的网络,flannel配置的网络是10.244.0.1/16,机器上分配的子网是10.244.1.1/24

  server3,一台mac,一个网卡,内网ip10.0.22.100,没有搭建K8S网络

  网络拓扑图:

  

Server2中的网卡情况如下:

  

qiteck@server:~$ ifconfig
cni0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 10.244.1.1  netmask 255.255.255.0  broadcast 10.244.1.255
        inet6 fe80::b821:f2ff:fe1d:809a  prefixlen 64  scopeid 0x20<link>
        ether ba:21:f2:1d:80:9a  txqueuelen 1000  (Ethernet)
        RX packets 27313334  bytes 3025058791 (3.0 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 23184833  bytes 3235542232 (3.2 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:faff:fe46:96d  prefixlen 64  scopeid 0x20<link>
        ether 02:42:fa:46:09:6d  txqueuelen 0  (Ethernet)
        RX packets 1656619  bytes 1045654883 (1.0 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1858769  bytes 1887481988 (1.8 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens18: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.22.120  netmask 255.255.255.0  broadcast 10.0.22.255
        inet6 fe80::acc7:2eff:fe9c:1183  prefixlen 64  scopeid 0x20<link>
        inet6 fd60:217c:9f1e:0:acc7:2eff:fe9c:1183  prefixlen 64  scopeid 0x0<global>
        inet6 fd60:217c:9f1e::800  prefixlen 128  scopeid 0x0<global>
        ether ae:c7:2e:9c:11:83  txqueuelen 1000  (Ethernet)
        RX packets 28308020  bytes 7431259113 (7.4 GB)
        RX errors 0  dropped 25  overruns 0  frame 0
        TX packets 31638440  bytes 7711264201 (7.7 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

现在我想实现server3能够访问server1

这三台服务器处在其他网络和K8S网络两个完全隔绝的环境,其他网络和K8S网络之间不能互通。其中,server1/server2在K8S网络中,Server3在其他网络中,而Server2有两块网卡,分别位于K8S网络网络和其他网络。Server3不能直接访问Server1,因为它们处于不同的网络。若要实现这两个服务器之间的互联,就必须要利用Server2这台服务器。将Server2视为网关,Server3如要访问Server1,将数据发送至Server2,再用Server2转发到Server1中。

 

 

具体配置:server3增加一条路由,访问10.244.1.1/24网段的请求,都发送至Server2中。但以为他们之间只能通过10.0.22.120网段,所以必须如下设置:

mac 路由配置:

  sudo route add -net 10.244.1.1/24 10.0.22.120

linux 路由配置:

  sudo route add -net 10.244.1.1/24 gw 10.0.22.120

注意,路由配置的前提是, server3访问10.0.22.120能直达,不需要再经历一次网关查询。否则就需要配置在网关上面

 

server3上查看路由配置

qicycledeMacBook-Pro-3:~ qicycle$ sudo netstat -r
Routing tables

Internet:
Destination        Gateway            Flags        Netif Expire
default            192.168.144.1      UGSc           en0
10.244.1/24        10.0.22.120        UGSc           en0
127                localhost          UCS            lo0
localhost          localhost          UH             lo0
169.254            link#5             UCS            en0      !
169.254            link#14            UCSI           en4      !

 

server2开启转发功能开启检查:

qiteck@server:~$ sudo sysctl -a|grep ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0

 

 

如果仅仅是想临时改变某个系统参数的值,可以用两种方法来实现,例如想启用IP路由转发功能:

    1) #echo 1 > /proc/sys/net/ipv4/ip_forward

    2) #sysctl -w net.ipv4.ip_forward=1

    以上两种方法都可能立即开启路由功能,但如果系统重启,或执行了

    # service network restart

 命令,所设置的值即会丢失,如果想永久保留配置,可以修改/etc/sysctl.conf文件

 将 net.ipv4.ip_forward=0改为net.ipv4.ip_forward=1

 

然后就可以在server3上面访问server1了。

posted @ 2022-07-19 14:38  若-飞  阅读(2238)  评论(0编辑  收藏  举报