5.使用Calico打通Pod網路

ArcherBrian發表於2024-08-01

5.使用Calico打通Pod網路

現狀

叢集內pod&node可以透過pod ip直接進行訪問,容器訪問虛擬機器沒有問題,但是虛擬機器不能訪問容器,尤其是像consul、nacos這種需要做服務發現的服務,打通網路後才互相呼叫會方便很多

目標

打通pod和虛擬機器的網路,使虛擬機器可以訪問pod ip
官方文件:https://docs.projectcalico.org/archive/v3.8/networking/bgp

前提

需要核心交換/路由器支援BGP動態路由

[M1]安裝calico控制命令calicoctl

curl -O -L  https://github.com/projectcalico/calicoctl/releases/download/v3.8.9/calicoctl
chmod +x calicoctl
mv calicoctl /usr/bin/calicoctl

[M1]新增calico配置

mkdir /etc/calico
cat > /etc/calico/calicoctl.cfg <<EOF
apiVersion: projectcalico.org/v3
kind: CalicoAPIConfig
metadata:
spec:
  datastoreType: "kubernetes"
  kubeconfig: "/root/.kube/config"
EOF

測試一下

calicoctl version
Client Version:    v3.8.9
Git commit:        0991d2fb
Cluster Version:   v3.8.9        # 出現此行代表配置正確
Cluster Type:      k8s,bgp,kdd   # 出現此行代表配置正確

[M1]配置叢集路由反射器,node節點與master節點對等、master節點彼此對等

在本環境下將kubernetes master節點作為反射器使用
檢視節點資訊

kubectl get node
NAME                STATUS   ROLES    AGE     VERSION
k8s-test-master-1   Ready    master   3d1h    v1.15.0
k8s-test-master-2   Ready    master   3d1h    v1.15.0
k8s-test-master-3   Ready    master   3d1h    v1.15.0
k8s-test-node-1     Ready    <none>   2d23h   v1.15.0
k8s-test-node-2     Ready    <none>   2d23h   v1.15.0
k8s-test-node-3     Ready    <none>   2d23h   v1.15.0

在3個Master節點配置中新增以下配置用於標識該節點為反射器

calicoctl patch node k8s-test-master-1 -p '{"spec": {"bgp": {"routeReflectorClusterID": "244.0.0.1"}}}'
calicoctl patch node k8s-test-master-2 -p '{"spec": {"bgp": {"routeReflectorClusterID": "244.0.0.1"}}}'
calicoctl patch node k8s-test-master-3 -p '{"spec": {"bgp": {"routeReflectorClusterID": "244.0.0.1"}}}'
kubectl   label node k8s-test-master-1 route-reflector=true
kubectl   label node k8s-test-master-2 route-reflector=true
kubectl   label node k8s-test-master-3 route-reflector=true

配置BGP AS Number

calicoctl apply -f - <<EOF
apiVersion: projectcalico.org/v3
kind: BGPConfiguration
metadata:
  name: default
spec:
  logSeverityScreen: Info
  nodeToNodeMeshEnabled: false
  asNumber: 64567
EOF

反射器(節點)彼此對等

calicoctl apply -f - <<EOF
kind: BGPPeer
apiVersion: projectcalico.org/v3
metadata:
  name: peer-with-route-reflectors
spec:
  nodeSelector: all()
  peerSelector: route-reflector == 'true'
EOF

與核心/路由器對等,閘道器IP:192.168.3.1

calicoctl apply -f - <<EOF
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
  name: rr-border
spec:
  peerIP: 192.168.3.1
  asNumber: 64567
  nodeSelector: route-reflector == 'true'
EOF

相關文章