kubernetes - 将静态 IP 配置到使用 MACVLAN 接口连接的 POD 时遇到问题
问题描述
这是场景。有一个部署集,通过该部署集创建了 2 个 POD。我将 MACVLAN 接口附加到这些 POD 以进行外部通信。
麦克兰定义
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: test-macvlandef01
spec:
config: '{
"cniVersion": "0.3.0",
"name": "test-macvlandef01",
"type": "macvlan",
"master": "eth0",
"mode": "bridge",
"ipam": {
"type": "whereabouts",
"datastore": "kubernetes",
"kubernetes": { "kubeconfig": "/etc/cni/net.d/whereabouts.d/whereabouts.kubeconfig" },
"range": "192.168.0.0/24",
"range_start": "192.168.0.44",
"range_end": "192.168.0.45"
}
}'
部署集
apiVersion: apps/v1
kind: Deployment
metadata:
name: centos-test
spec:
replicas: 2
selector:
matchLabels:
app: centos
template:
metadata:
labels:
app: centos
annotations:
k8s.v1.cni.cncf.io/networks: "test-macvlandef01"
spec:
nodeSelector:
test: "true"
containers:
- name: centos
image: centos
imagePullPolicy: IfNotPresent
command: ["bin/bash", "-c", "sleep 100000" ]
ports:
- containerPort: 80
结果。两个 POD 都有来自分配池的 IP。
[master1 ~]# kubectl exec -it centos-test-64f8fbf47f-wrjr7 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if61: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default
link/ether 72:ef:ca:2c:31:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.20.14.176/32 scope global eth0
valid_lft forever preferred_lft forever
5: net1@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default
link/ether 52:2f:bd:f9:03:09 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.0.44/24 brd 192.168.0.255 scope global net1
valid_lft forever preferred_lft forever
[master1 ~]# kubectl exec -it centos-test-64f8fbf47f-vtkst ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if60: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default
link/ether ae:e6:4e:95:2a:f2 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.20.14.175/32 scope global eth0
valid_lft forever preferred_lft forever
5: net1@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default
link/ether 72:fb:b5:90:d0:37 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.0.45/24 brd 192.168.0.255 scope global net1
valid_lft forever preferred_lft forever
现在我需要配置的是,macvlan 定义文件中有一个更大的分配池,但只有特定的 2 个 IP 分配给 POD。我尝试了以下配置。
麦克兰定义
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: test-macvlandef01
spec:
config: '{
"cniVersion": "0.3.0",
"name": "test-macvlandef01",
"type": "macvlan",
"master": "eth0",
"mode": "bridge",
"ipam": {
"type": "whereabouts",
"datastore": "kubernetes",
"kubernetes": { "kubeconfig": "/etc/cni/net.d/whereabouts.d/whereabouts.kubeconfig" },
"range": "192.168.0.0/24",
"range_start": "192.168.0.40",
"range_end": "192.168.0.50"
}
}'
部署集
apiVersion: apps/v1
kind: Deployment
metadata:
name: centos-test
spec:
replicas: 2
selector:
matchLabels:
app: centos
template:
metadata:
labels:
app: centos
annotations:
k8s.v1.cni.cncf.io/networks: '[{ "name": "test-macvlandef01","ips": "192.168.0.44"},{"name": "test-macvlandef01","ips": "192.168.0.45"}]'
spec:
nodeSelector:
test: "true"
containers:
- name: centos
image: centos
imagePullPolicy: IfNotPresent
command: ["bin/bash", "-c", "sleep 100000" ]
ports:
- containerPort: 80
POD 在没有 MACVLAN 接口的情况下出现,我也没有看到与 POD 相关的错误。
[master1 ~]# kubectl exec -it centos-test-b59db89f7-2vvqx ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if65: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default
link/ether 62:31:fc:64:8f:5b brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.20.14.180/32 scope global eth0
valid_lft forever preferred_lft forever
[master1 ~]# kubectl exec -it centos-test-b59db89f7-6c75h ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if64: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default
link/ether e6:23:30:ff:bf:c3 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.20.14.179/32 scope global eth0
valid_lft forever preferred_lft forever
请提出任何有助于满足要求的修改或添加。
提前致谢。
解决方案
我想请您注意以下两点。部分回答。
- 从您的帖子中,我看到您想使用特殊的 IP 地址。要使用此类功能,根据 CNI 的扩展约定,您可能需要
"capabilities": {"ips": true}
在 Macvlan 定义中使用功能。像这样的东西:
spec:
config: '{
"cniVersion": "0.3.0",
"name": "test-macvlandef01",
"type": "macvlan",
"capabilities": {"ips": true}
"master": "eth0",
"mode": "bridge",
您还可以在将 pod 附加到附加网络文档中找到很好的示例说明。
- 我想你使用了 whereabouts plugin,因为
"type": "whereabouts"
它出现在你的 Macvlan 定义中。它支持排除:
您还可以指定要从分配中排除的范围,例如,如果您想在范围内分配 IP 地址
192.168.2.0/24
,您可以通过将 IP 地址添加到排除列表来排除其中的 IP 地址。例如,如果您决定排除范围192.168.2.0/28
,则在范围中分配的第一个 IP 地址将是192.168.2.16
。
了解这一事实后,您可以根据Whereabouts IPAM Config 示例指定要从配置中排除的 IP 范围。尝试exclude
在 Macvlan 定义中添加具有必要 IP/子网的字段,应将其排除。针对您的特定情况的可能解决方案:
spec:
config: '{
"cniVersion": "0.3.0",
"name": "test-macvlandef01",
"type": "macvlan",
"capabilities": {"ips": true}
"master": "eth0",
"mode": "bridge",
"ipam": {
"type": "whereabouts",
"range": "192.168.0.0/24",
"range_start": "192.168.0.40",
"range_end": "192.168.0.50"
"exclude": [
"192.168.0.40/32",
"192.168.0.41/32",
...
]
}
}'
推荐阅读
- python - 使用 Python 将 BigTiff 转换为 JPEG 2000
- python - WSL2 jupyter notebook 无法在 conda 环境中使用内核安装
- android - TabLayout 在不应该有背景颜色时
- r - gls模型的`emmeans`不在`map`中运行
- python - 本地主机 Flask 应用程序在 413 错误后崩溃
- javascript - Async 函数不会在 useEffect 挂钩中等待 AsyncStorage。反应原生
- reactjs - 我可以在 React 的另一个组件中重用一个组件的片段吗?
- regex - 将“m”修饰符添加到作为参数传递的 qr 模式
- c++ - 将具有任意数量参数的任何函数传递给另一个函数
- javascript - Vue 转换模式中的 Dropzone 不起作用