docker run --name=ovn-ic-db -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh
+ OpenStack 集成¶
在一些情况下,用户需要使用 OpenStack 运行虚拟机,使用 Kubernetes 运行容器,并需要容器和虚机之间网络互通并处于统一控制平面下。如果 OpenStack Neutron 侧同样使用 OVN 作为底层网络控制,那么 Kube-OVN 可以使用集群互联和共享底层 OVN 两种方式打通 OpenStack 和 Kubernetes 的网络。
集群互联¶
该模式和使用 OVN-IC 进行多集群互联打通两个 Kubernetes 集群网络方式类似,只不过将集群两端换成 OpenStack 和 Kubernetes。
前提条件¶
- 自动互联模式下 OpenStack 和 Kubernetes 内的子网 CIDR 不能相互重叠。
- 需要存在一组机器可以被每个集群通过网络访问,用来部署跨集群互联的控制器。
- 每个集群需要有一组可以通过 IP 进行跨集群互访的机器作为之后的网关节点。
- 该方案只打通 Kubernetes 默认子网和 OpenStack 的选定 VPC。
部署 OVN-IC 数据库¶
使用下面的命令启动 OVN-IC 数据库:
docker run --name=ovn-ic-db -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh
Kubernetes 侧操作¶
在 kube-system Namespace 下创建 ovn-ic-config ConfigMap:
apiVersion: v1
kind: ConfigMap
metadata:
diff --git a/v1.12.x/advance/with-ovn-ic/index.html b/v1.12.x/advance/with-ovn-ic/index.html
index f45ee814d..b05e0dc61 100644
--- a/v1.12.x/advance/with-ovn-ic/index.html
+++ b/v1.12.x/advance/with-ovn-ic/index.html
@@ -7,8 +7,8 @@
s.parentNode.insertBefore(hm, s);
})();
使用 OVN-IC 进行多集群互联¶
Kube-OVN 支持通过 OVN-IC 将两个 Kubernetes 集群 Pod 网络打通,打通后的两个集群内的 Pod 可以通过 Pod IP 进行直接通信。 Kube-OVN 使用隧道对跨集群流量进行封装,两个集群之间只要存在一组 IP 可达的机器即可完成容器网络的互通。
该模式的多集群互联为 Overlay 网络功能,Underlay 网络如果想要实现集群互联需要底层基础设施做网络打通。
前提条件¶
-
1.11.16 之后版本部署的集群默认关闭了集群互联的开关,需要在部署脚本 install.sh 里修改下列变量:
ENABLE_IC=true
-
打开开关后部署集群,会出现组件 deployment ovn-ic-controller。 2. 自动互联模式下不同集群的子网 CIDR 不能相互重叠,默认子网需在安装时配置为不重叠的网段。若存在重叠需参考后续手动互联过程,只能将不重叠网段打通。 3. 需要存在一组机器可以被每个集群的 kube-ovn-controller 通过 IP 访问,用来部署跨集群互联的控制器。 4. 每个集群需要有一组可以通过 IP 进行跨集群互访的机器作为之后的网关节点。 5. 该功能只对默认 VPC 生效,用户自定义 VPC 无法使用互联功能。
部署单节点 OVN-IC 数据库¶
在每个集群 kube-ovn-controller 可通过 IP 访问的机器上部署 OVN-IC 数据库,该节点将保存各个集群同步上来的网络配置信息。
部署 docker 的环境可以使用下面的命令启动 OVN-IC 数据库:
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh
-
对于部署 containerd 取代 docker 的环境可以使用下面的命令:
ctr -n k8s.io run -d --net-host --privileged --mount="type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw" --mount="type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw" --mount="type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh
+
打开开关后部署集群,会出现组件 deployment ovn-ic-controller。 2. 自动互联模式下不同集群的子网 CIDR 不能相互重叠,默认子网需在安装时配置为不重叠的网段。若存在重叠需参考后续手动互联过程,只能将不重叠网段打通。 3. 需要存在一组机器可以被每个集群的 kube-ovn-controller 通过 IP 访问,用来部署跨集群互联的控制器。 4. 每个集群需要有一组可以通过 IP 进行跨集群互访的机器作为之后的网关节点。 5. 该功能只对默认 VPC 生效,用户自定义 VPC 无法使用互联功能。
部署单节点 OVN-IC 数据库¶
在每个集群 kube-ovn-controller 可通过 IP 访问的机器上部署 OVN-IC 数据库,该节点将保存各个集群同步上来的网络配置信息。
部署 docker 的环境可以使用下面的命令启动 OVN-IC 数据库:
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh
+
对于部署 containerd 取代 docker 的环境可以使用下面的命令:
ctr -n k8s.io run -d --net-host --privileged --mount="type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw" --mount="type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw" --mount="type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh
自动路由设置¶
在自动路由设置下,每个集群会将自己默认 VPC 下 Subnet 的 CIDR 信息同步给 OVN-IC,因此要确保两个集群的 Subnet CIDR 不存在重叠。
在 kube-system Namespace 下创建 ovn-ic-config ConfigMap:
apiVersion: v1
kind: ConfigMap
metadata:
@@ -88,10 +88,10 @@
addresses: ["00:00:00:FB:2A:F7 169.254.100.79/24"]
由上输出可知,集群 az1 到 集群 az2 的远端地址为 169.254.100.31,az2 到 az1 的远端地址为 169.254.100.79。
下面手动设置路由,在该例子中,集群 az1 内的子网 CIDR 为 10.16.0.0/24,集群 az2 内的子网 CIDR 为 10.17.0.0/24。
在集群 az1 设置到集群 az2 的路由:
kubectl ko nbctl lr-route-add ovn-cluster 10.17.0.0/24 169.254.100.31
在集群 az2 设置到集群 az1 的路由:
kubectl ko nbctl lr-route-add ovn-cluster 10.16.0.0/24 169.254.100.79
-
高可用 OVN-IC 数据库部署¶
OVN-IC 数据库之间可以通过 Raft 协议组成一个高可用集群,该部署模式需要至少 3 个节点。
首先在第一个节点上启动 OVN-IC 数据库的 leader。
部署 docker 环境的用户可以使用下面的命令:
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP="192.168.65.3" -e NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1" kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh
-
如果是部署 containerd 的用户可以使用下面的命令:
ctr -n k8s.io run -d --net-host --privileged --mount="type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw" --mount="type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw" --mount="type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw" --env="NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1"" --env="LOCAL_IP="192.168.65.3"" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh
-
LOCAL_IP: 当前容器所在节点 IP 地址。NODE_IPS: 运行 OVN-IC 数据库的三个节点 IP 地址,使用逗号进行分隔。
接下来,在另外两个节点部署 OVN-IC 数据库的 follower。
部署 docker 环境的用户可以使用下面的命令:
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP="192.168.65.2" -e NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1" -e LEADER_IP="192.168.65.3" kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh
-
如果是部署 containerd 的用户可以使用下面的命令:
ctr -n k8s.io run -d --net-host --privileged --mount="type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw" --mount="type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw" --mount="type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw" --env="NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1"" --env="LOCAL_IP="192.168.65.2"" --env="LEADER_IP="192.168.65.3"" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh
+
高可用 OVN-IC 数据库部署¶
OVN-IC 数据库之间可以通过 Raft 协议组成一个高可用集群,该部署模式需要至少 3 个节点。
首先在第一个节点上启动 OVN-IC 数据库的 leader。
部署 docker 环境的用户可以使用下面的命令:
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP="192.168.65.3" -e NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1" kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh
+
如果是部署 containerd 的用户可以使用下面的命令:
ctr -n k8s.io run -d --net-host --privileged --mount="type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw" --mount="type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw" --mount="type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw" --env="NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1"" --env="LOCAL_IP="192.168.65.3"" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh
+
LOCAL_IP: 当前容器所在节点 IP 地址。NODE_IPS: 运行 OVN-IC 数据库的三个节点 IP 地址,使用逗号进行分隔。
接下来,在另外两个节点部署 OVN-IC 数据库的 follower。
部署 docker 环境的用户可以使用下面的命令:
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP="192.168.65.2" -e NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1" -e LEADER_IP="192.168.65.3" kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh
+
如果是部署 containerd 的用户可以使用下面的命令:
ctr -n k8s.io run -d --net-host --privileged --mount="type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw" --mount="type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw" --mount="type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw" --env="NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1"" --env="LOCAL_IP="192.168.65.2"" --env="LEADER_IP="192.168.65.3"" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh
LOCAL_IP: 当前容器所在节点 IP 地址。NODE_IPS: 运行 OVN-IC 数据库的三个节点 IP 地址,使用逗号进行分隔。LEADER_IP: 运行 OVN-IC 数据库 leader 节点的 IP 地址。
在每个集群创建 ovn-ic-config 时指定多个 OVN-IC 数据库节点地址:
apiVersion: v1
kind: ConfigMap
metadata:
diff --git a/v1.12.x/en/advance/ovn-remote-port-mirroring/index.html b/v1.12.x/en/advance/ovn-remote-port-mirroring/index.html
index 368c5a299..0577ecfe0 100644
--- a/v1.12.x/en/advance/ovn-remote-port-mirroring/index.html
+++ b/v1.12.x/en/advance/ovn-remote-port-mirroring/index.html
@@ -55,7 +55,7 @@
spec:
containers:
- name: bash
- image: docker.io/kubeovn/kube-ovn:v1.12.12
+ image: docker.io/kubeovn/kube-ovn:v1.12.13
args:
- bash
- -c
diff --git a/v1.12.x/en/advance/with-openstack/index.html b/v1.12.x/en/advance/with-openstack/index.html
index e7c469a3d..64b3e30f3 100644
--- a/v1.12.x/en/advance/with-openstack/index.html
+++ b/v1.12.x/en/advance/with-openstack/index.html
@@ -6,7 +6,7 @@
var s = document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(hm, s);
})();
- Integration with OpenStack¶
In some cases, users need to run virtual machines with OpenStack and containers with Kubernetes, and need the network to interoperate between containers and virtual machines and be under a unified control plane. If the OpenStack Neutron side also uses OVN as the underlying network, then Kube-OVN can use either cluster interconnection or shared underlying OVN to connect the OpenStack and Kubernetes networks.
Cluster Interconnection¶
This pattern is similar to Cluster Inter-Connection with OVN-IC to connect two Kubernetes cluster networks, except that the two ends of the cluster are replaced with OpenStack and Kubernetes。
Prerequisites¶
- The subnet CIDRs within OpenStack and Kubernetes cannot overlap with each other in auto-route mode.
- A set of machines needs to exist that can be accessed by each cluster over the network and used to deploy controllers that interconnect across clusters.
- Each cluster needs to have a set of machines that can access each other across clusters via IP as the gateway nodes.
- This solution only connects to the Kubernetes default subnet with selected VPC in OpenStack.
Deploy OVN-IC DB¶
Start the OVN-IC DB with the following command:
docker run --name=ovn-ic-db -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh
+ Integration with OpenStack¶
In some cases, users need to run virtual machines with OpenStack and containers with Kubernetes, and need the network to interoperate between containers and virtual machines and be under a unified control plane. If the OpenStack Neutron side also uses OVN as the underlying network, then Kube-OVN can use either cluster interconnection or shared underlying OVN to connect the OpenStack and Kubernetes networks.
Cluster Interconnection¶
This pattern is similar to Cluster Inter-Connection with OVN-IC to connect two Kubernetes cluster networks, except that the two ends of the cluster are replaced with OpenStack and Kubernetes。
Prerequisites¶
- The subnet CIDRs within OpenStack and Kubernetes cannot overlap with each other in auto-route mode.
- A set of machines needs to exist that can be accessed by each cluster over the network and used to deploy controllers that interconnect across clusters.
- Each cluster needs to have a set of machines that can access each other across clusters via IP as the gateway nodes.
- This solution only connects to the Kubernetes default subnet with selected VPC in OpenStack.
Deploy OVN-IC DB¶
Start the OVN-IC DB with the following command:
docker run --name=ovn-ic-db -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh
Kubernetes Side Operations¶
Create ovn-ic-config ConfigMap in kube-system Namespace :
apiVersion: v1
kind: ConfigMap
metadata:
diff --git a/v1.12.x/en/advance/with-ovn-ic/index.html b/v1.12.x/en/advance/with-ovn-ic/index.html
index df7623741..2d63ff32a 100644
--- a/v1.12.x/en/advance/with-ovn-ic/index.html
+++ b/v1.12.x/en/advance/with-ovn-ic/index.html
@@ -7,8 +7,8 @@
s.parentNode.insertBefore(hm, s);
})();
Cluster Inter-Connection with OVN-IC¶
Kube-OVN supports interconnecting two Kubernetes cluster Pod networks via OVN-IC, and the Pods in the two clusters can communicate directly via Pod IPs . Kube-OVN uses tunnels to encapsulate cross-cluster traffic, allowing container networks to interconnect between two clusters as long as there is a set of IP reachable machines.
This mode of multi-cluster interconnection is for Overlay network. For Underlay network, it needs the underlying infrastructure to do the inter-connection work.
Prerequisites¶
-
Clusters configured in versions after 1.11.16 have the cluster interconnection switch turned off by default. You need to mark the following in the configuration script install.sh:
ENABLE_IC=true
-
After opening the switch and deploying the cluster, the component deployment ovn-ic-controller will appear. 2. The subnet CIDRs within OpenStack and Kubernetes cannot overlap with each other in auto-interconnect mode. If there is overlap, you need to refer to the subsequent manual interconnection process, which can only connect non-overlapping Subnets. 3. A set of machines needs to exist that can be accessed by each cluster over the network and used to deploy controllers that interconnect across clusters. 4. Each cluster needs to have a set of machines that can access each other across clusters via IP as the gateway nodes. 5. This solution only connects to the Kubernetes default VPCs.
Deploy a single-node OVN-IC DB¶
Deploy the OVN-IC DB on a machine accessible by kube-ovn-controller, This DB will hold the network configuration information synchronized up from each cluster.
An environment deploying docker can start the OVN-IC DB with the following command.
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh
-
For deploying a containerd environment instead of docker you can use the following command:
ctr -n k8s.io run -d --net-host --privileged --mount="type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw" --mount="type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw" --mount="type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh
+
After opening the switch and deploying the cluster, the component deployment ovn-ic-controller will appear. 2. The subnet CIDRs within OpenStack and Kubernetes cannot overlap with each other in auto-interconnect mode. If there is overlap, you need to refer to the subsequent manual interconnection process, which can only connect non-overlapping Subnets. 3. A set of machines needs to exist that can be accessed by each cluster over the network and used to deploy controllers that interconnect across clusters. 4. Each cluster needs to have a set of machines that can access each other across clusters via IP as the gateway nodes. 5. This solution only connects to the Kubernetes default VPCs.
Deploy a single-node OVN-IC DB¶
Deploy the OVN-IC DB on a machine accessible by kube-ovn-controller, This DB will hold the network configuration information synchronized up from each cluster.
An environment deploying docker can start the OVN-IC DB with the following command.
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh
+
For deploying a containerd environment instead of docker you can use the following command:
ctr -n k8s.io run -d --net-host --privileged --mount="type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw" --mount="type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw" --mount="type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh
Automatic Routing Mode¶
In auto-routing mode, each cluster synchronizes the CIDR information of the Subnet under its own default VPC to OVN-IC, so make sure there is no overlap between the Subnet CIDRs of the two clusters.
Create ovn-ic-config ConfigMap in kube-system Namespace:
apiVersion: v1
kind: ConfigMap
metadata:
@@ -88,10 +88,10 @@
addresses: ["00:00:00:FB:2A:F7 169.254.100.79/24"]
The output above shows that the remote address from cluster az1 to cluster az2 is 169.254.100.31 and the remote address from az2 to az1 is 169.254.100.79.
In this example, the subnet CIDR within cluster az1 is 10.16.0.0/24 and the subnet CIDR within cluster az2 is 10.17.0.0/24.
Set up a route from cluster az1 to cluster az2 in cluster az1:
kubectl ko nbctl lr-route-add ovn-cluster 10.17.0.0/24 169.254.100.31
Set up a route to cluster az1 in cluster az2:
kubectl ko nbctl lr-route-add ovn-cluster 10.16.0.0/24 169.254.100.79
-
Highly Available OVN-IC DB Installation¶
A highly available cluster can be formed between OVN-IC DB via the Raft protocol, which requires a minimum of 3 nodes for this deployment model.
First start the leader of the OVN-IC DB on the first node.
Users deploying a docker environment can use the following command:
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP="192.168.65.3" -e NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1" kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh
-
If you are using containerd you can use the following command:
ctr -n k8s.io run -d --net-host --privileged --mount="type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw" --mount="type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw" --mount="type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw" --env="NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1"" --env="LOCAL_IP="192.168.65.3"" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh
-
LOCAL_IP: The IP address of the node where the current container is located.NODE_IPS: The IP addresses of the three nodes running the OVN-IC database, separated by commas.
Next, deploy the follower of the OVN-IC DB on the other two nodes.
docker environment can use the following command.
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP="192.168.65.2" -e NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1" -e LEADER_IP="192.168.65.3" kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh
-
If using containerd you can use the following command:
ctr -n k8s.io run -d --net-host --privileged --mount="type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw" --mount="type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw" --mount="type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw" --env="NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1"" --env="LOCAL_IP="192.168.65.2"" --env="LEADER_IP="192.168.65.3"" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh
+
Highly Available OVN-IC DB Installation¶
A highly available cluster can be formed between OVN-IC DB via the Raft protocol, which requires a minimum of 3 nodes for this deployment model.
First start the leader of the OVN-IC DB on the first node.
Users deploying a docker environment can use the following command:
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP="192.168.65.3" -e NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1" kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh
+
If you are using containerd you can use the following command:
ctr -n k8s.io run -d --net-host --privileged --mount="type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw" --mount="type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw" --mount="type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw" --env="NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1"" --env="LOCAL_IP="192.168.65.3"" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh
+
LOCAL_IP: The IP address of the node where the current container is located.NODE_IPS: The IP addresses of the three nodes running the OVN-IC database, separated by commas.
Next, deploy the follower of the OVN-IC DB on the other two nodes.
docker environment can use the following command.
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP="192.168.65.2" -e NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1" -e LEADER_IP="192.168.65.3" kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh
+
If using containerd you can use the following command:
ctr -n k8s.io run -d --net-host --privileged --mount="type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw" --mount="type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw" --mount="type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw" --env="NODE_IPS="192.168.65.3,192.168.65.2,192.168.65.1"" --env="LOCAL_IP="192.168.65.2"" --env="LEADER_IP="192.168.65.3"" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh
LOCAL_IP: The IP address of the node where the current container is located.NODE_IPS: The IP addresses of the three nodes running the OVN-IC database, separated by commas.LEADER_IP: The IP address of the OVN-IC DB leader node.
Specify multiple OVN-IC database node addresses when creating ovn-ic-config for each cluster:
apiVersion: v1
kind: ConfigMap
metadata:
diff --git a/v1.12.x/en/guide/vpc/index.html b/v1.12.x/en/guide/vpc/index.html
index 0e1da0dad..01504bebb 100644
--- a/v1.12.x/en/guide/vpc/index.html
+++ b/v1.12.x/en/guide/vpc/index.html
@@ -107,7 +107,7 @@
name: ovn-vpc-nat-config
namespace: kube-system
data:
- image: docker.io/kubeovn/vpc-nat-gateway:v1.12.12
+ image: docker.io/kubeovn/vpc-nat-gateway:v1.12.13
---
kind: ConfigMap
apiVersion: v1
diff --git a/v1.12.x/en/ops/change-log-level/index.html b/v1.12.x/en/ops/change-log-level/index.html
index 062f71c7f..24fa42bd3 100644
--- a/v1.12.x/en/ops/change-log-level/index.html
+++ b/v1.12.x/en/ops/change-log-level/index.html
@@ -9,7 +9,7 @@
Change Log Level¶
Open kube-ovn.yaml and set the log level in the parameter list of the service startup script, such as:
vi kube-ovn.yaml
# ...
- name: kube-ovn-controller
- image: "docker.io/kubeovn/kube-ovn:v1.12.12"
+ image: "docker.io/kubeovn/kube-ovn:v1.12.13"
imagePullPolicy: IfNotPresent
args:
- /kube-ovn/start-controller.sh
diff --git a/v1.12.x/en/ops/kubectl-ko/index.html b/v1.12.x/en/ops/kubectl-ko/index.html
index b813be2c0..86ba05831 100644
--- a/v1.12.x/en/ops/kubectl-ko/index.html
+++ b/v1.12.x/en/ops/kubectl-ko/index.html
@@ -474,7 +474,7 @@
I0603 10:35:04.349404 17619 pinger.go:19]
-------------------------------------------------------------------------------
Kube-OVN:
- Version: v1.12.12
+ Version: v1.12.13
Build: 2022-04-24_08:02:50
Commit: git-73f9d15
Go Version: go1.17.8
diff --git a/v1.12.x/en/ops/recover-db/index.html b/v1.12.x/en/ops/recover-db/index.html
index 349011bd6..94866a7a3 100644
--- a/v1.12.x/en/ops/recover-db/index.html
+++ b/v1.12.x/en/ops/recover-db/index.html
@@ -44,7 +44,7 @@
Log in to the abnormal node and delete the database file:
mv /etc/origin/ovn/ovnnb_db.db /tmp
Delete the ovn-central pod of the corresponding node and wait for the cluster to recover:
kubectl delete pod -n kube-system ovn-central-xxxx
Recover when Total Cluster Failed¶
If the majority of the cluster nodes are broken and the leader cannot be elected, please refer to the following steps to recover.
Stop ovn-central¶
Record the current replicas of ovn-central and stop ovn-central to avoid new database changes that affect recovery:
kubectl scale deployment -n kube-system ovn-central --replicas=0
-
Select a Backup¶
As most of the nodes are damaged, the cluster needs to be rebuilt by recovering from one of the database files. If you have previously backed up the database you can use the previous backup file to restore it. If not you can use the following steps to generate a backup from an existing file.
Since the database file in the default folder is a cluster format database file containing information about the current cluster, you can't rebuild the database directly with this file, you need to use ovsdb-tool cluster-to-standalone to convert the format.
Select the first node in the ovn-central environment variable NODE_IPS to restore the database files. If the database file of the first node is corrupted, copy the file from the other machine /etc/origin/ovn to the first machine. Run the following command to generate a database file backup.
docker run -it -v /etc/origin/ovn:/etc/ovn kubeovn/kube-ovn:v1.12.12 bash
+
Select a Backup¶
As most of the nodes are damaged, the cluster needs to be rebuilt by recovering from one of the database files. If you have previously backed up the database you can use the previous backup file to restore it. If not you can use the following steps to generate a backup from an existing file.
Since the database file in the default folder is a cluster format database file containing information about the current cluster, you can't rebuild the database directly with this file, you need to use ovsdb-tool cluster-to-standalone to convert the format.
Select the first node in the ovn-central environment variable NODE_IPS to restore the database files. If the database file of the first node is corrupted, copy the file from the other machine /etc/origin/ovn to the first machine. Run the following command to generate a database file backup.
docker run -it -v /etc/origin/ovn:/etc/ovn kubeovn/kube-ovn:v1.12.13 bash
cd /etc/ovn/
ovsdb-tool cluster-to-standalone ovnnb_db_standalone.db ovnnb_db.db
ovsdb-tool cluster-to-standalone ovnsb_db_standalone.db ovnsb_db.db
diff --git a/v1.12.x/en/start/one-step-install/index.html b/v1.12.x/en/start/one-step-install/index.html
index bc7bf2507..8ce66a80e 100644
--- a/v1.12.x/en/start/one-step-install/index.html
+++ b/v1.12.x/en/start/one-step-install/index.html
@@ -9,7 +9,7 @@
One-Click Installation¶
Kube-OVN provides a one-click installation script to help you quickly install a highly available, production-ready Kube-OVN container network with Overlay networking by default.
Helm Chart installation is supported since Kube-OVN v1.12.0, and the default deployment is Overlay networking.
If you need Underlay/Vlan networking as the default container network,please read Underlay Installation
Before installation please read Prerequisites first to make sure the environment is ready.
Script Installation¶
Download the installation script¶
We recommend using the stable release version for production environments, please use the following command to download:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh
If you are interested in the latest features of the master branch, please use the following command to download:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/images/install.sh
Modify Configuration Options¶
Open the script using the editor and change the following variables to the expected:
REGISTRY="kubeovn" # Image Repo
-VERSION="v1.12.12" # Image Tag
+VERSION="v1.12.13" # Image Tag
POD_CIDR="10.16.0.0/16" # Default subnet CIDR don't overlay with SVC/NODE/JOIN CIDR
SVC_CIDR="10.96.0.0/12" # Be consistent with apiserver's service-cluster-ip-range
JOIN_CIDR="100.64.0.0/16" # Pod/Host communication Subnet CIDR, don't overlay with SVC/NODE/POD CIDR
diff --git a/v1.12.x/guide/vpc/index.html b/v1.12.x/guide/vpc/index.html
index 0e8ec89a5..256e3c4ae 100644
--- a/v1.12.x/guide/vpc/index.html
+++ b/v1.12.x/guide/vpc/index.html
@@ -107,7 +107,7 @@
name: ovn-vpc-nat-config
namespace: kube-system
data:
- image: 'docker.io/kubeovn/vpc-nat-gateway:v1.12.12'
+ image: 'docker.io/kubeovn/vpc-nat-gateway:v1.12.13'
---
kind: ConfigMap
apiVersion: v1
diff --git a/v1.12.x/ops/change-log-level/index.html b/v1.12.x/ops/change-log-level/index.html
index a6e2afa92..8588b5990 100644
--- a/v1.12.x/ops/change-log-level/index.html
+++ b/v1.12.x/ops/change-log-level/index.html
@@ -9,7 +9,7 @@
调整日志等级¶
打开 kube-ovn.yaml,在服务启动脚本的参数列表中设置 log 等级,比如:
vi kube-ovn.yaml
# ...
- name: kube-ovn-controller
- image: "docker.io/kubeovn/kube-ovn:v1.12.12"
+ image: "docker.io/kubeovn/kube-ovn:v1.12.13"
imagePullPolicy: IfNotPresent
args:
- /kube-ovn/start-controller.sh
diff --git a/v1.12.x/ops/from-calico/index.html b/v1.12.x/ops/from-calico/index.html
index aac6b9627..55623724b 100644
--- a/v1.12.x/ops/from-calico/index.html
+++ b/v1.12.x/ops/from-calico/index.html
@@ -22,7 +22,7 @@
done
done
按需修改以下配置:
REGISTRY="kubeovn" # 镜像仓库地址
-VERSION="v1.12.12" # 镜像版本/Tag
+VERSION="v1.12.13" # 镜像版本/Tag
POD_CIDR="10.16.0.0/16" # 默认子网 CIDR 不要和 SVC/NODE/JOIN CIDR 重叠
SVC_CIDR="10.96.0.0/12" # 需要和 apiserver 的 service-cluster-ip-range 保持一致
JOIN_CIDR="100.64.0.0/16" # Pod 和主机通信网络 CIDR,不要和 SVC/NODE/POD CIDR 重叠
diff --git a/v1.12.x/ops/kubectl-ko/index.html b/v1.12.x/ops/kubectl-ko/index.html
index e80192dd4..258cc69bd 100644
--- a/v1.12.x/ops/kubectl-ko/index.html
+++ b/v1.12.x/ops/kubectl-ko/index.html
@@ -474,7 +474,7 @@
I0603 10:35:04.349404 17619 pinger.go:19]
-------------------------------------------------------------------------------
Kube-OVN:
- Version: v1.12.12
+ Version: v1.12.13
Build: 2022-04-24_08:02:50
Commit: git-73f9d15
Go Version: go1.17.8
diff --git a/v1.12.x/ops/recover-db/index.html b/v1.12.x/ops/recover-db/index.html
index c09342ba7..7ec03e9cc 100644
--- a/v1.12.x/ops/recover-db/index.html
+++ b/v1.12.x/ops/recover-db/index.html
@@ -44,7 +44,7 @@
登录异常节点,删除对应的数据库文件:
mv /etc/origin/ovn/ovnnb_db.db /tmp
删除对应节点的 ovn-central Pod,等待集群自动恢复:
kubectl delete pod -n kube-system ovn-central-xxxx
集群不能正常工作下的恢复¶
若集群多数节点受损无法选举出 leader,请参照下面的步骤进行恢复。
停止 ovn-central¶
记录当前 ovn-central 副本数量,并停止 ovn-central 避免新的数据库变更影响恢复:
kubectl scale deployment -n kube-system ovn-central --replicas=0
-
选择备份¶
由于多数节点受损,需要从某个数据库文件进行恢复重建集群。如果之前备份过数据库 可使用之前的备份文件进行恢复。如果没有进行过备份可以使用下面的步骤从已有的数据库文件 中生成一个备份。
由于默认文件夹下的数据库文件为集群格式数据库文件,包含当前集群的信息,无法直接 用该文件重建数据库,需要使用 ovsdb-tool cluster-to-standalone 进行格式转换。
选择 ovn-central 环境变量 NODE_IPS 中排第一的节点恢复数据库文件, 如果第一个节点数据库文件已损坏,从其他机器 /etc/origin/ovn 下复制文件到第一台机器 , 执行下列命令生成数据库文件备份。
docker run -it -v /etc/origin/ovn:/etc/ovn kubeovn/kube-ovn:v1.12.12 bash
+
选择备份¶
由于多数节点受损,需要从某个数据库文件进行恢复重建集群。如果之前备份过数据库 可使用之前的备份文件进行恢复。如果没有进行过备份可以使用下面的步骤从已有的数据库文件 中生成一个备份。
由于默认文件夹下的数据库文件为集群格式数据库文件,包含当前集群的信息,无法直接 用该文件重建数据库,需要使用 ovsdb-tool cluster-to-standalone 进行格式转换。
选择 ovn-central 环境变量 NODE_IPS 中排第一的节点恢复数据库文件, 如果第一个节点数据库文件已损坏,从其他机器 /etc/origin/ovn 下复制文件到第一台机器 , 执行下列命令生成数据库文件备份。
docker run -it -v /etc/origin/ovn:/etc/ovn kubeovn/kube-ovn:v1.12.13 bash
cd /etc/ovn/
ovsdb-tool cluster-to-standalone ovnnb_db_standalone.db ovnnb_db.db
ovsdb-tool cluster-to-standalone ovnsb_db_standalone.db ovnsb_db.db
diff --git a/v1.12.x/search/search_index.json b/v1.12.x/search/search_index.json
index c9d7ef0a2..69fa6149a 100644
--- a/v1.12.x/search/search_index.json
+++ b/v1.12.x/search/search_index.json
@@ -1 +1 @@
-{"config":{"lang":["en","zh"],"separator":"[\\s\\u200b\\-]","pipeline":["stemmer"]},"docs":[{"location":"","title":"Kube-OVN","text":"Kube-OVN \u200b\u662f\u200b\u4e00\u6b3e\u200b CNCF \u200b\u65d7\u4e0b\u200b\u7684\u200b\u4f01\u4e1a\u7ea7\u200b\u4e91\u200b\u539f\u751f\u200b\u7f51\u7edc\u200b\u7f16\u6392\u200b\u7cfb\u7edf\u200b\uff0c\u200b\u5c06\u200b SDN \u200b\u7684\u200b\u80fd\u529b\u200b\u548c\u200b\u4e91\u200b\u539f\u751f\u200b\u7ed3\u5408\u200b\uff0c \u200b\u63d0\u4f9b\u200b\u4e30\u5bcc\u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u6781\u81f4\u200b\u7684\u200b\u6027\u80fd\u200b\u4ee5\u53ca\u200b\u826f\u597d\u200b\u7684\u200b\u53ef\u200b\u8fd0\u7ef4\u6027\u200b\u3002
\u200b\u4e30\u5bcc\u200b\u7684\u200b\u529f\u80fd\u200b\uff1a
\u200b\u5982\u679c\u200b\u4f60\u200b\u6000\u5ff5\u200b SDN \u200b\u9886\u57df\u200b\u4e30\u5bcc\u200b\u7684\u200b\u7f51\u7edc\u200b\u80fd\u529b\u200b\u5374\u200b\u5728\u200b\u4e91\u200b\u539f\u751f\u200b\u9886\u57df\u200b\u82e6\u82e6\u200b\u8ffd\u5bfb\u200b\u800c\u200b\u4e0d\u5f97\u200b\uff0c\u200b\u90a3\u4e48\u200b Kube-OVN \u200b\u5c06\u200b\u662f\u200b\u4f60\u200b\u7684\u200b\u6700\u4f73\u200b\u9009\u62e9\u200b\u3002
\u200b\u501f\u52a9\u200b OVS/OVN \u200b\u5728\u200b SDN \u200b\u9886\u57df\u200b\u6210\u719f\u200b\u7684\u200b\u80fd\u529b\u200b\uff0cKube-OVN \u200b\u5c06\u200b\u7f51\u7edc\u200b\u865a\u62df\u5316\u200b\u7684\u200b\u4e30\u5bcc\u200b\u529f\u80fd\u200b\u5e26\u5165\u200b\u4e91\u200b\u539f\u751f\u200b\u9886\u57df\u200b\u3002\u200b\u76ee\u524d\u200b\u5df2\u200b\u652f\u6301\u200b\u5b50\u7f51\u200b\u7ba1\u7406\u200b\uff0c \u200b\u9759\u6001\u200b IP \u200b\u5206\u914d\u200b\uff0c\u200b\u5206\u5e03\u5f0f\u200b/\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0cUnderlay/Overlay \u200b\u6df7\u5408\u200b\u7f51\u7edc\u200b\uff0c VPC \u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\uff0c\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u7f51\u7edc\u200b\uff0cQoS \u200b\u7ba1\u7406\u200b\uff0c \u200b\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406\u200b\uff0cACL \u200b\u7f51\u7edc\u200b\u63a7\u5236\u200b\uff0c\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\uff0cARM \u200b\u652f\u6301\u200b\uff0c Windows \u200b\u652f\u6301\u200b\u7b49\u200b\u8bf8\u591a\u200b\u529f\u80fd\u200b\u3002
\u200b\u6781\u81f4\u200b\u7684\u200b\u6027\u80fd\u200b\uff1a
\u200b\u5982\u679c\u200b\u4f60\u200b\u62c5\u5fc3\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u4f1a\u200b\u5e26\u6765\u200b\u989d\u5916\u200b\u7684\u200b\u6027\u80fd\u200b\u635f\u8017\u200b\uff0c\u200b\u90a3\u4e48\u200b\u6765\u770b\u200b\u4e00\u4e0b\u200b Kube-OVN \u200b\u662f\u200b\u5982\u4f55\u200b\u6781\u81f4\u200b\u7684\u200b\u4f18\u5316\u200b\u6027\u80fd\u200b\u3002
\u200b\u5728\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\uff0c\u200b\u901a\u8fc7\u200b\u4e00\u7cfb\u5217\u200b\u5bf9\u6d41\u200b\u8868\u200b\u548c\u200b\u5185\u6838\u200b\u7684\u200b\u7cbe\u5fc3\u200b\u4f18\u5316\u200b\uff0c\u200b\u5e76\u200b\u501f\u52a9\u200b eBPF\u3001DPDK\u3001\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b\u5378\u8f7d\u200b\u7b49\u200b\u65b0\u5174\u200b\u6280\u672f\u200b\uff0c Kube-OVN \u200b\u53ef\u4ee5\u200b\u5728\u200b\u5ef6\u8fdf\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u7b49\u200b\u65b9\u9762\u200b\u7684\u200b\u6307\u6807\u200b\u8fbe\u5230\u200b\u8fd1\u4f3c\u200b\u6216\u200b\u8d85\u51fa\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u6027\u80fd\u200b\u7684\u200b\u6c34\u5e73\u200b\u3002\u200b\u5728\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\uff0c\u200b\u901a\u8fc7\u200b\u5bf9\u200b OVN \u200b\u4e0a\u6e38\u200b\u6d41\u8868\u200b\u7684\u200b\u88c1\u526a\u200b\uff0c \u200b\u5404\u79cd\u200b\u7f13\u5b58\u200b\u6280\u672f\u200b\u7684\u200b\u4f7f\u7528\u200b\u548c\u200b\u8c03\u4f18\u200b\uff0cKube-OVN \u200b\u53ef\u4ee5\u200b\u652f\u6301\u200b\u5927\u89c4\u6a21\u200b\u4e0a\u5343\u200b\u8282\u70b9\u200b\u548c\u200b\u4e0a\u4e07\u200b Pod \u200b\u7684\u200b\u96c6\u7fa4\u200b\u3002
\u200b\u6b64\u5916\u200b Kube-OVN \u200b\u8fd8\u200b\u5728\u200b\u4e0d\u65ad\u200b\u4f18\u5316\u200b CPU \u200b\u548c\u200b\u5185\u5b58\u200b\u7b49\u200b\u8d44\u6e90\u200b\u7684\u200b\u4f7f\u7528\u91cf\u200b\uff0c\u200b\u4ee5\u200b\u9002\u5e94\u200b\u8fb9\u7f18\u200b\u7b49\u200b\u8d44\u6e90\u200b\u6709\u9650\u200b\u573a\u666f\u200b\u3002
\u200b\u826f\u597d\u200b\u7684\u200b\u53ef\u200b\u8fd0\u7ef4\u6027\u200b\uff1a
\u200b\u5982\u679c\u200b\u4f60\u200b\u5bf9\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u8fd0\u7ef4\u200b\u5fc3\u5b58\u200b\u5fe7\u8651\u200b\uff0cKube-OVN \u200b\u5185\u7f6e\u200b\u4e86\u200b\u5927\u91cf\u200b\u7684\u200b\u5de5\u5177\u200b\u6765\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u7b80\u5316\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u3002
Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff0c\u200b\u5e2e\u52a9\u200b\u7528\u6237\u200b\u8fc5\u901f\u200b\u642d\u5efa\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u3002\u200b\u540c\u65f6\u200b\u5185\u7f6e\u200b\u7684\u200b\u4e30\u5bcc\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u548c\u200b Grafana \u200b\u9762\u677f\u200b\uff0c \u200b\u53ef\u200b\u5e2e\u52a9\u200b\u7528\u6237\u200b\u5efa\u7acb\u200b\u5b8c\u5584\u200b\u7684\u200b\u76d1\u63a7\u200b\u4f53\u7cfb\u200b\u3002\u200b\u5f3a\u5927\u200b\u7684\u200b\u547d\u4ee4\u884c\u200b\u5de5\u5177\u200b\u53ef\u4ee5\u200b\u7b80\u5316\u200b\u7528\u6237\u200b\u7684\u200b\u65e5\u5e38\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u3002\u200b\u901a\u8fc7\u200b\u548c\u200b Cilium \u200b\u7ed3\u5408\u200b\uff0c\u200b\u5229\u7528\u200b eBPF \u200b\u80fd\u529b\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b \u200b\u589e\u5f3a\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u7684\u200b\u53ef\u200b\u89c2\u6d4b\u200b\u6027\u200b\u3002 \u200b\u6b64\u5916\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u7684\u200b\u80fd\u529b\u200b\u53ef\u4ee5\u200b\u65b9\u4fbf\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b\u6d41\u91cf\u200b\u76d1\u63a7\u200b\uff0c\u200b\u5e76\u200b\u548c\u200b\u4f20\u7edf\u200b\u7684\u200b NPM \u200b\u7cfb\u7edf\u200b\u5bf9\u63a5\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"contact/","title":"\u8054\u7cfb\u65b9\u5f0f","text":"\u200b\u5173\u6ce8\u200b\u516c\u4f17\u200b\u53f7\u200b\u83b7\u5f97\u200b\u66f4\u200b\u591a\u200b\u6700\u65b0\u200b\u4fe1\u606f\u200b\uff0c\u200b\u8bf7\u200b\u626b\u63cf\u200b\u4e0b\u65b9\u200b\u4e8c\u7ef4\u7801\u200b:
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/","title":"\u4f7f\u7528\u200b eBPF \u200b\u52a0\u901f\u200b\u8282\u70b9\u200b\u5185\u200b TCP \u200b\u901a\u4fe1","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u8fb9\u7f18\u200b\u548c\u200b 5G \u200b\u7684\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u540c\u200b\u8282\u70b9\u200b\u5185\u200b\u7684\u200b Pod \u200b\u4e4b\u95f4\u200b\u4f1a\u200b\u8fdb\u884c\u200b\u5927\u91cf\u200b\u7684\u200b TCP \u200b\u901a\u4fe1\u200b\uff0c\u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b Intel \u200b\u5f00\u6e90\u200b\u7684\u200b istio-tcpip-bypass \u200b\u9879\u76ee\u200b\uff0cPod \u200b\u53ef\u4ee5\u200b\u501f\u52a9\u200b eBPF \u200b\u7684\u200b\u80fd\u529b\u200b\u7ed5\u8fc7\u200b\u4e3b\u673a\u200b\u7684\u200b TCP/IP \u200b\u534f\u8bae\u200b\u6808\u200b\uff0c\u200b\u76f4\u63a5\u200b\u8fdb\u884c\u200b socket \u200b\u901a\u4fe1\u200b\uff0c\u200b\u4ece\u800c\u200b\u5927\u5e45\u200b\u964d\u4f4e\u200b\u5ef6\u8fdf\u200b\u5e76\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_1","title":"\u57fa\u672c\u539f\u7406","text":"\u200b\u5728\u200b\u5f53\u524d\u200b\u7684\u200b\u5b9e\u73b0\u200b\u4e0b\u200b\uff0c\u200b\u540c\u200b\u4e3b\u673a\u200b\u7684\u200b\u4e24\u4e2a\u200b Pod \u200b\u8fdb\u884c\u200b TCP \u200b\u8fdb\u884c\u200b\u901a\u4fe1\u200b\u9700\u8981\u200b\u7ecf\u8fc7\u200b\u5927\u91cf\u200b\u7684\u200b\u7f51\u7edc\u200b\u6808\u200b\uff0c\u200b\u5305\u62ec\u200b TCP/IP, netfilter\uff0cOVS \u200b\u7b49\u200b\u5982\u4e0b\u200b\u56fe\u200b\u6240\u793a\u200b\uff1a
istio-tcpip-bypass \u200b\u63d2\u4ef6\u200b\u53ef\u4ee5\u200b\u81ea\u52a8\u200b\u5206\u6790\u200b\u5e76\u200b\u8bc6\u522b\u200b\u51fa\u540c\u200b\u4e3b\u673a\u200b\u5185\u200b\u7684\u200b TCP \u200b\u901a\u4fe1\u200b\uff0c\u200b\u5e76\u200b\u7ed5\u8fc7\u200b\u590d\u6742\u200b\u7684\u200b\u5185\u6838\u200b\u6808\u200b\u4ece\u800c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u8fdb\u884c\u200b socket \u200b\u95f4\u200b\u7684\u200b\u6570\u636e\u4f20\u8f93\u200b\uff0c \u200b\u6765\u200b\u964d\u4f4e\u200b\u7f51\u7edc\u200b\u6808\u200b\u5904\u7406\u200b\u5f00\u9500\u200b\uff0c\u200b\u5982\u4e0b\u200b\u56fe\u200b\u6240\u793a\u200b\uff1a
\u200b\u7531\u4e8e\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u53ef\u4ee5\u200b\u81ea\u52a8\u8bc6\u522b\u200b\u540c\u200b\u4e3b\u673a\u200b\u5185\u200b\u7684\u200b TCP \u200b\u901a\u4fe1\u200b\uff0c\u200b\u5e76\u200b\u8fdb\u884c\u200b\u4f18\u5316\u200b\u3002\u200b\u5728\u200b\u57fa\u4e8e\u200b\u4ee3\u7406\u200b\u6a21\u5f0f\u200b\u7684\u200b Service Mesh \u200b\u73af\u5883\u200b\u4e0b\u200b\uff0c\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u589e\u5f3a\u200b Service Mesh \u200b\u7684\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\u3002
\u200b\u66f4\u200b\u591a\u200b\u6280\u672f\u200b\u5b9e\u73b0\u200b\u7ec6\u8282\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Tanzu Service Mesh Acceleration using eBPF\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_2","title":"\u73af\u5883\u200b\u51c6\u5907","text":"eBPF \u200b\u5bf9\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u6709\u200b\u4e00\u5b9a\u200b\u8981\u6c42\u200b\uff0c\u200b\u63a8\u8350\u200b\u4f7f\u7528\u200b Ubuntu 20.04 \u200b\u548c\u200b Linux 5.4.0-74-generic \u200b\u7248\u672c\u200b\u5185\u6838\u200b\u8fdb\u884c\u200b\u5b9e\u9a8c\u200b\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_3","title":"\u5b9e\u9a8c\u200b\u6b65\u9aa4","text":"\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u90e8\u7f72\u200b\u4e24\u4e2a\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b Pod\uff0c\u200b\u82e5\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5b58\u5728\u200b\u591a\u53f0\u200b\u673a\u5668\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b nodeSelector\uff1a
# kubectl create deployment perf --image=kubeovn/perf:dev --replicas=2\ndeployment.apps/perf created\n# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nperf-7697bc6ddf-b2cpv 1/1 Running 0 28s 100.64.0.3 sealos <none> <none>\nperf-7697bc6ddf-p2xpt 1/1 Running 0 28s 100.64.0.2 sealos <none> <none>\n
\u200b\u8fdb\u5165\u200b\u5176\u4e2d\u200b\u4e00\u4e2a\u200b Pod \u200b\u5f00\u542f\u200b qperf server\uff0c\u200b\u5728\u200b\u53e6\u200b\u4e00\u4e2a\u200b Pod \u200b\u4e2d\u200b\u542f\u52a8\u200b qperf client \u200b\u8fdb\u884c\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\uff1a
# kubectl exec -it perf-7697bc6ddf-b2cpv sh\n/ # qperf\n\n# kubectl exec -it perf-7697bc6ddf-p2xpt sh\n/ # qperf -t 60 100.64.0.3 -ub -oo msg_size:1:16K:*4 -vu tcp_lat tcp_bw\n
\u200b\u90e8\u7f72\u200b istio-tcpip-bypass \u200b\u63d2\u4ef6\u200b\uff1a
kubectl apply -f https://raw.githubusercontent.com/intel/istio-tcpip-bypass/main/bypass-tcpip-daemonset.yaml\n
\u200b\u518d\u6b21\u200b\u8fdb\u5165\u200b perf client \u200b\u5bb9\u5668\u200b\u8fdb\u884c\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\uff1a
# kubectl exec -it perf-7697bc6ddf-p2xpt sh\n/ # qperf -t 60 100.64.0.3 -ub -oo msg_size:1:16K:*4 -vu tcp_lat tcp_bw\n
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_4","title":"\u6d4b\u8bd5\u200b\u7ed3\u679c","text":"\u200b\u6839\u636e\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b TCP \u200b\u5ef6\u8fdf\u200b\u5728\u200b\u4e0d\u540c\u200b\u6570\u636e\u5305\u200b\u5927\u5c0f\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u4f1a\u200b\u6709\u200b 40% ~ 60% \u200b\u7684\u200b\u5ef6\u8fdf\u200b\u4e0b\u964d\u200b\uff0c\u200b\u5728\u200b\u6570\u636e\u5305\u200b\u5927\u4e8e\u200b 1024 \u200b\u5b57\u8282\u200b\u65f6\u200b\u541e\u5410\u91cf\u200b\u4f1a\u200b\u6709\u200b 40% ~ 80% \u200b\u63d0\u5347\u200b\u3002
Packet Size (byte) eBPF tcp_lat (us) Default tcp_lat (us) eBPF tcp_bw (Mb/s) Default tcp_bw(Mb/s) 1 20.2 44.5 1.36 4.27 4 20.2 48.7 5.48 16.7 16 19.6 41.6 21.7 63.5 64 18.8 41.3 96.8 201 256 19.2 36 395 539 1024 18.3 42.4 1360 846 4096 16.5 62.6 4460 2430 16384 20.2 58.8 9600 6900 \u200b\u5728\u200b\u6d4b\u8bd5\u200b\u7684\u200b\u786c\u4ef6\u200b\u73af\u5883\u200b\u4e0b\u200b\uff0c\u200b\u6570\u636e\u5305\u200b\u5c0f\u4e8e\u200b 512 \u200b\u5b57\u8282\u200b\u65f6\u200b\uff0c\u200b\u4f7f\u7528\u200b eBPF \u200b\u4f18\u5316\u200b\u541e\u5410\u91cf\u200b\u6307\u6807\u200b\u4f1a\u200b\u4f4e\u4e8e\u200b\u9ed8\u8ba4\u200b\u914d\u7f6e\u200b\u4e0b\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u3002 \u200b\u8be5\u200b\u60c5\u51b5\u200b\u53ef\u80fd\u200b\u548c\u200b\u9ed8\u8ba4\u200b\u914d\u7f6e\u200b\u4e0b\u200b\u7f51\u5361\u200b\u5f00\u542f\u200b TCP \u200b\u805a\u5408\u200b\u4f18\u5316\u200b\u76f8\u5173\u200b\u3002\u200b\u5982\u679c\u200b\u5e94\u7528\u200b\u573a\u666f\u200b\u5bf9\u200b\u5c0f\u5305\u200b\u541e\u5410\u91cf\u200b\u654f\u611f\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u76f8\u5e94\u200b\u73af\u5883\u200b\u4e0b\u200b \u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b\u5224\u65ad\u200b\u662f\u5426\u200b\u5f00\u542f\u200b eBPF \u200b\u4f18\u5316\u200b\u3002\u200b\u6211\u4eec\u200b\u4e5f\u200b\u4f1a\u200b\u540e\u7eed\u200b\u5bf9\u200b eBPF TCP \u200b\u5c0f\u5305\u200b\u573a\u666f\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u8fdb\u884c\u200b\u4f18\u5316\u200b\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_5","title":"\u53c2\u8003\u8d44\u6599","text":" - istio-tcpip-bypass
- Deep Dive TCP/IP Bypass with eBPF in Service Mesh
- Tanzu Service Mesh Acceleration using eBPF
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/cilium-hubble-observe/","title":"Cilium \u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b","text":"Kube-OVN \u200b\u5f53\u524d\u200b\u5df2\u7ecf\u200b\u652f\u6301\u200b\u4e0e\u200b Cilium \u200b\u96c6\u6210\u200b\uff0c\u200b\u5177\u4f53\u64cd\u4f5c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Cilium \u200b\u96c6\u6210\u200b\u3002
Cilium \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e30\u5bcc\u200b\u7684\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u80fd\u529b\u200b\uff0c\u200b\u6d41\u91cf\u200b\u53ef\u200b\u89c2\u6d4b\u200b\u6027\u662f\u200b\u7531\u200b Hubble \u200b\u63d0\u4f9b\u200b\u7684\u200b\u3002Hubble \u200b\u53ef\u4ee5\u200b\u89c2\u5bdf\u200b\u8282\u70b9\u200b\u3001\u200b\u96c6\u7fa4\u200b\u751a\u81f3\u200b\u591a\u200b\u96c6\u7fa4\u200b\u573a\u666f\u200b\u4e0b\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u7684\u200b\u6d41\u91cf\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#hubble","title":"\u5b89\u88c5\u200b Hubble","text":"\u200b\u9ed8\u8ba4\u200b\u7684\u200b Cilium \u200b\u96c6\u6210\u200b\u5b89\u88c5\u200b\u4e2d\u200b\uff0c\u200b\u5e76\u200b\u6ca1\u6709\u200b\u5b89\u88c5\u200b Hubble \u200b\u76f8\u5173\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u56e0\u6b64\u200b\u8981\u200b\u652f\u6301\u200b\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\uff0c\u200b\u9700\u8981\u200b\u5148\u200b\u5728\u200b\u73af\u5883\u200b\u4e0a\u200b\u8865\u5145\u200b\u5b89\u88c5\u200b Hubble\u3002
\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u4f7f\u7528\u200b helm \u200b\u5b89\u88c5\u200b Hubble\uff1a
helm upgrade cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --reuse-values \\\n --set hubble.relay.enabled=true \\\n --set hubble.ui.enabled=true\n
\u200b\u8865\u5145\u200b\u5b89\u88c5\u200b Hubble \u200b\u4e4b\u540e\u200b\uff0c\u200b\u6267\u884c\u200b cilium status \u200b\u67e5\u770b\u200b\u7ec4\u4ef6\u200b\u72b6\u6001\u200b\uff0c\u200b\u786e\u8ba4\u200b Hubble \u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\u3002
# cilium status\n /\u00af\u00af\\\n /\u00af\u00af\\__/\u00af\u00af\\ Cilium: OK\n \\__/\u00af\u00af\\__/ Operator: OK\n /\u00af\u00af\\__/\u00af\u00af\\ Hubble: OK\n \\__/\u00af\u00af\\__/ ClusterMesh: disabled\n \\__/\n\nDeployment hubble-relay Desired: 1, Ready: 1/1, Available: 1/1\nDeployment cilium-operator Desired: 2, Ready: 2/2, Available: 2/2\nDaemonSet cilium Desired: 2, Ready: 2/2, Available: 2/2\nDeployment hubble-ui Desired: 1, Ready: 1/1, Available: 1/1\nContainers: cilium Running: 2\n hubble-ui Running: 1\n hubble-relay Running: 1\n cilium-operator Running: 2\nCluster Pods: 16/17 managed by Cilium\nImage versions hubble-relay quay.io/cilium/hubble-relay:v1.11.6@sha256:fd9034a2d04d5b973f1e8ed44f230ea195b89c37955ff32e34e5aa68f3ed675a: 1\n cilium-operator quay.io/cilium/operator-generic:v1.11.6@sha256:9f6063c7bcaede801a39315ec7c166309f6a6783e98665f6693939cf1701bc17: 2\n cilium quay.io/cilium/cilium:v1.11.6@sha256:f7f93c26739b6641a3fa3d76b1e1605b15989f25d06625260099e01c8243f54c: 2\n hubble-ui quay.io/cilium/hubble-ui:v0.9.0@sha256:0ef04e9a29212925da6bdfd0ba5b581765e41a01f1cc30563cef9b30b457fea0: 1\n hubble-ui quay.io/cilium/hubble-ui-backend:v0.9.0@sha256:000df6b76719f607a9edefb9af94dfd1811a6f1b6a8a9c537cba90bf12df474b: 1\napple@bogon cilium %\n
\u200b\u5b89\u88c5\u200b Hubble \u200b\u7ec4\u4ef6\u200b\u4e4b\u540e\u200b\uff0c\u200b\u9700\u8981\u200b\u5b89\u88c5\u200b\u547d\u4ee4\u884c\u200b\uff0c\u200b\u7528\u4e8e\u200b\u5728\u200b\u73af\u5883\u200b\u4e0a\u200b\u67e5\u770b\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002 \u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u5b89\u88c5\u200b Hubble CLI :
curl -L --fail --remote-name-all https://github.com/cilium/hubble/releases/download/v0.10.0/hubble-linux-amd64.tar.gz\nsudo tar xzvfC hubble-linux-amd64.tar.gz /usr/local/bin\n
"},{"location":"advance/cilium-hubble-observe/#_1","title":"\u90e8\u7f72\u200b\u6d4b\u8bd5\u200b\u4e1a\u52a1","text":"Cilium \u200b\u5b98\u65b9\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u4e2a\u200b\u6d41\u91cf\u200b\u6d4b\u8bd5\u200b\u7684\u200b\u90e8\u7f72\u200b\u65b9\u6848\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u5b98\u65b9\u200b\u90e8\u7f72\u200b\u7684\u200b\u4e1a\u52a1\u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b\u3002
\u200b\u6267\u884c\u547d\u4ee4\u200b cilium connectivity test\uff0cCilium \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u521b\u5efa\u200b cilium-test \u200b\u7684\u200b Namespace\uff0c\u200b\u540c\u65f6\u200b\u5728\u200b cilium-test \u200b\u4e0b\u200b\u90e8\u7f72\u200b\u6d4b\u8bd5\u200b\u4e1a\u52a1\u200b\u3002
\u200b\u6b63\u5e38\u200b\u90e8\u7f72\u200b\u5b8c\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b cilium-test namespace \u200b\u4e0b\u200b\u7684\u200b\u8d44\u6e90\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b\uff1a
# kubectl get all -n cilium-test\nNAME READY STATUS RESTARTS AGE\npod/client-7df6cfbf7b-z5t2j 1/1 Running 0 21s\npod/client2-547996d7d8-nvgxg 1/1 Running 0 21s\npod/echo-other-node-d79544ccf-hl4gg 2/2 Running 0 21s\npod/echo-same-node-5d466d5444-ml7tc 2/2 Running 0 21s\n\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nservice/echo-other-node NodePort 10.109.58.126 <none> 8080:32269/TCP 21s\nservice/echo-same-node NodePort 10.108.70.32 <none> 8080:32490/TCP 21s\n\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps/client 1/1 1 1 21s\ndeployment.apps/client2 1/1 1 1 21s\ndeployment.apps/echo-other-node 1/1 1 1 21s\ndeployment.apps/echo-same-node 1/1 1 1 21s\n\nNAME DESIRED CURRENT READY AGE\nreplicaset.apps/client-7df6cfbf7b 1 1 1 21s\nreplicaset.apps/client2-547996d7d8 1 1 1 21s\nreplicaset.apps/echo-other-node-d79544ccf 1 1 1 21s\nreplicaset.apps/echo-same-node-5d466d5444 1 1 1 21s\n
"},{"location":"advance/cilium-hubble-observe/#_2","title":"\u4f7f\u7528\u200b\u547d\u4ee4\u884c\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u89c2\u6d4b","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u4ec5\u200b\u63d0\u4f9b\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b Cilium \u200b\u4ee3\u7406\u200b\u89c2\u5bdf\u200b\u5230\u200b\u7684\u200b\u6d41\u91cf\u200b\u3002 \u200b\u53ef\u4ee5\u200b\u5728\u200b kube-system namespace \u200b\u4e0b\u200b\u7684\u200b Cilium \u200b\u4ee3\u7406\u200b pod \u200b\u4e2d\u200b\u6267\u884c\u200b hubble observe \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u770b\u200b\u8be5\u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002
# kubectl get pod -n kube-system -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\ncilium-d6h56 1/1 Running 0 2d20h 172.18.0.2 kube-ovn-worker <none> <none>\ncilium-operator-5887f78bbb-c7sb2 1/1 Running 0 2d20h 172.18.0.2 kube-ovn-worker <none> <none>\ncilium-operator-5887f78bbb-wj8gt 1/1 Running 0 2d20h 172.18.0.3 kube-ovn-control-plane <none> <none>\ncilium-tq5xb 1/1 Running 0 2d20h 172.18.0.3 kube-ovn-control-plane <none> <none>\nkube-ovn-pinger-7lgk8 1/1 Running 0 21h 10.16.0.19 kube-ovn-control-plane <none> <none>\nkube-ovn-pinger-msvcn 1/1 Running 0 21h 10.16.0.18 kube-ovn-worker <none> <none>\n\n# kubectl exec -it -n kube-system cilium-d6h56 -- bash\nroot@kube-ovn-worker:/home/cilium# hubble observe --from-namespace kube-system\nJul 29 03:24:25.551: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.561: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: RST)\nJul 29 03:24:25.561: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, RST)\nJul 29 03:24:25.572: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: SYN)\nJul 29 03:24:25.572: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.651: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.661: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: RST)\nJul 29 03:24:25.661: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, RST)\nJul 29 03:24:25.761: kube-system/kube-ovn-pinger-msvcn:52004 -> 172.18.0.3:6443 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.779: kube-system/kube-ovn-pinger-msvcn -> kube-system/kube-ovn-pinger-7lgk8 to-stack FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:25.779: kube-system/kube-ovn-pinger-msvcn <- kube-system/kube-ovn-pinger-7lgk8 to-endpoint FORWARDED (ICMPv4 EchoReply)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 <- kube-system/hubble-relay-959988db5-zc5vv:4245 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 <- kube-system/hubble-relay-959988db5-zc5vv:80 to-endpoint FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 -> kube-system/hubble-relay-959988db5-zc5vv:4245 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 -> kube-system/hubble-relay-959988db5-zc5vv:4245 to-endpoint FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.975: kube-system/kube-ovn-pinger-7lgk8 -> kube-system/kube-ovn-pinger-msvcn to-endpoint FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:25.975: kube-system/kube-ovn-pinger-7lgk8 <- kube-system/kube-ovn-pinger-msvcn to-stack FORWARDED (ICMPv4 EchoReply)\nJul 29 03:24:25.979: kube-system/kube-ovn-pinger-msvcn -> 172.18.0.3 to-stack FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:26.037: kube-system/coredns-6d4b75cb6d-lbgjg:36430 -> 172.18.0.3:6443 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:26.282: kube-system/kube-ovn-pinger-msvcn -> 172.18.0.2 to-stack FORWARDED (ICMPv4 EchoRequest)\n
\u200b\u90e8\u7f72\u200b Hubble Relay \u200b\u540e\u200b\uff0cHubble \u200b\u53ef\u4ee5\u200b\u63d0\u4f9b\u200b\u5b8c\u6574\u200b\u7684\u200b\u96c6\u7fa4\u200b\u8303\u56f4\u200b\u7684\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#_3","title":"\u914d\u7f6e\u200b\u7aef\u53e3\u200b\u8f6c\u53d1","text":"\u200b\u4e3a\u4e86\u200b\u80fd\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b Hubble API\uff0c\u200b\u9700\u8981\u200b\u521b\u5efa\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u5c06\u200b\u672c\u5730\u200b\u8bf7\u6c42\u200b\u8f6c\u53d1\u200b\u5230\u200b Hubble Service\u3002\u200b\u53ef\u4ee5\u200b\u6267\u884c\u200b kubectl port-forward deployment/hubble-relay -n kube-system 4245:4245 \u200b\u547d\u4ee4\u200b\uff0c\u200b\u5728\u200b\u5f53\u524d\u200b\u7ec8\u7aef\u200b\u5f00\u542f\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u3002
\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b \u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u3002
kubectl port-forward \u200b\u547d\u4ee4\u200b\u4e0d\u4f1a\u200b\u8fd4\u56de\u200b\uff0c\u200b\u9700\u8981\u200b\u6253\u5f00\u200b\u53e6\u200b\u4e00\u4e2a\u200b\u7ec8\u7aef\u200b\u6765\u200b\u7ee7\u7eed\u200b\u6d4b\u8bd5\u200b\u3002
\u200b\u914d\u7f6e\u200b\u5b8c\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u4e4b\u540e\u200b\uff0c\u200b\u5728\u200b\u7ec8\u7aef\u200b\u6267\u884c\u200b hubble status \u200b\u547d\u4ee4\u200b\uff0c\u200b\u5982\u679c\u200b\u6709\u200b\u7c7b\u4f3c\u200b\u5982\u4e0b\u200b\u8f93\u51fa\u200b\uff0c\u200b\u5219\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u547d\u4ee4\u884c\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u3002
# hubble status\nHealthcheck (via localhost:4245): Ok\nCurrent/Max Flows: 8,190/8,190 (100.00%)\nFlows/s: 22.86\nConnected Nodes: 2/2\n
"},{"location":"advance/cilium-hubble-observe/#_4","title":"\u547d\u4ee4\u884c\u200b\u89c2\u6d4b","text":"\u200b\u5728\u200b\u7ec8\u7aef\u200b\u4e0a\u200b\u6267\u884c\u200b hubble observe \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u770b\u200b\u96c6\u7fa4\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002 \u200b\u89c2\u6d4b\u200b\u5230\u200b\u7684\u200b cilium-test \u200b\u76f8\u5173\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u6d41\u91cf\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b\uff1a
\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u7684\u200b\u662f\u200b\uff0c hubble observe \u200b\u547d\u4ee4\u200b\u7684\u200b\u663e\u793a\u200b\u7ed3\u679c\u200b\uff0c\u200b\u662f\u200b\u5f53\u524d\u200b\u547d\u4ee4\u884c\u200b\u6267\u884c\u200b\u65f6\u200b\u67e5\u8be2\u200b\u5230\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002\u200b\u591a\u6b21\u200b\u6267\u884c\u547d\u4ee4\u200b\u884c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b\u5230\u200b\u4e0d\u540c\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002 \u200b\u66f4\u200b\u591a\u200b\u8be6\u7ec6\u200b\u7684\u200b\u89c2\u6d4b\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u6267\u884c\u200b hubble help observe \u200b\u547d\u4ee4\u200b\u67e5\u770b\u200b Hubble CLI \u200b\u7684\u200b\u8be6\u7ec6\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#ui","title":"\u4f7f\u7528\u200b UI \u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u89c2\u6d4b","text":"\u200b\u6267\u884c\u200b cilium status \u200b\u547d\u4ee4\u200b\uff0c\u200b\u786e\u8ba4\u200b Hubble UI \u200b\u5df2\u7ecf\u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\u3002\u200b\u5728\u200b\u7b2c\u4e8c\u6b65\u200b\u7684\u200b Hubble \u200b\u5b89\u88c5\u200b\u4e2d\u200b\uff0c\u200b\u5df2\u7ecf\u200b\u8865\u5145\u200b\u4e86\u200b UI \u200b\u7684\u200b\u5b89\u88c5\u200b\u3002
\u200b\u6267\u884c\u547d\u4ee4\u200b cilium hubble ui \u200b\u53ef\u4ee5\u200b\u81ea\u52a8\u200b\u521b\u5efa\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u5c06\u200b hubble-ui service \u200b\u6620\u5c04\u200b\u5230\u200b\u672c\u5730\u200b\u7aef\u53e3\u200b\u3002 \u200b\u6b63\u5e38\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u6267\u884c\u200b\u5b8c\u200b\u547d\u4ee4\u200b\u540e\u200b\uff0c\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u6253\u5f00\u200b\u672c\u5730\u200b\u7684\u200b\u6d4f\u89c8\u5668\u200b\uff0c\u200b\u8df3\u8f6c\u200b\u5230\u200b Hubble UI \u200b\u754c\u9762\u200b\u3002\u200b\u5982\u679c\u200b\u6ca1\u6709\u200b\u81ea\u52a8\u200b\u8df3\u8f6c\u200b\uff0c\u200b\u5728\u200b\u6d4f\u89c8\u5668\u200b\u4e2d\u200b\u8f93\u5165\u200b http://localhost:12000 \u200b\u6253\u5f00\u200b UI \u200b\u89c2\u5bdf\u200b\u754c\u9762\u200b\u3002
\u200b\u5728\u200b\u754c\u9762\u200b\u5de6\u4e0a\u89d2\u200b\uff0c\u200b\u9009\u62e9\u200b cilium-test namespace\uff0c\u200b\u67e5\u770b\u200b Cilium \u200b\u63d0\u4f9b\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#hubble_1","title":"Hubble \u200b\u6d41\u91cf\u200b\u76d1\u63a7","text":"Hubble \u200b\u7ec4\u4ef6\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u96c6\u7fa4\u200b\u4e2d\u200b Pod \u200b\u7f51\u7edc\u200b\u884c\u4e3a\u200b\u7684\u200b\u76d1\u63a7\u200b\uff0c\u200b\u4e3a\u4e86\u200b\u652f\u6301\u200b\u67e5\u770b\u200b Hubble \u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\uff0c\u200b\u9700\u8981\u200b\u4f7f\u80fd\u200b\u76d1\u63a7\u200b\u7edf\u8ba1\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u8865\u5145\u200b hubble.metrics.enabled \u200b\u914d\u7f6e\u200b\u9879\u200b:
helm upgrade cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --reuse-values \\\n --set hubble.relay.enabled=true \\\n --set hubble.ui.enabled=true \\\n --set hubble.metrics.enabled=\"{dns,drop,tcp,flow,icmp,http}\"\n
\u200b\u90e8\u7f72\u200b\u4e4b\u540e\u200b\uff0c\u200b\u4f1a\u200b\u5728\u200b kube-system namespace \u200b\u751f\u6210\u200b\u540d\u79f0\u200b\u4e3a\u200b hubble-metrics \u200b\u7684\u200b\u670d\u52a1\u200b\u3002\u200b\u901a\u8fc7\u200b\u8bbf\u95ee\u200b Endpoints \u200b\u67e5\u8be2\u200b Hubble \u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff0c\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b:
# curl 172.18.0.2:9091/metrics\n# HELP hubble_drop_total Number of drops\n# TYPE hubble_drop_total counter\nhubble_drop_total{protocol=\"ICMPv6\",reason=\"Unsupported L3 protocol\"} 2\n# HELP hubble_flows_processed_total Total number of flows processed\n# TYPE hubble_flows_processed_total counter\nhubble_flows_processed_total{protocol=\"ICMPv4\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 335\nhubble_flows_processed_total{protocol=\"ICMPv4\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 335\nhubble_flows_processed_total{protocol=\"ICMPv6\",subtype=\"\",type=\"Drop\",verdict=\"DROPPED\"} 2\nhubble_flows_processed_total{protocol=\"TCP\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 8282\nhubble_flows_processed_total{protocol=\"TCP\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 6767\nhubble_flows_processed_total{protocol=\"UDP\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 1642\nhubble_flows_processed_total{protocol=\"UDP\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 1642\n# HELP hubble_icmp_total Number of ICMP messages\n# TYPE hubble_icmp_total counter\nhubble_icmp_total{family=\"IPv4\",type=\"EchoReply\"} 335\nhubble_icmp_total{family=\"IPv4\",type=\"EchoRequest\"} 335\nhubble_icmp_total{family=\"IPv4\",type=\"RouterSolicitation\"} 2\n# HELP hubble_tcp_flags_total TCP flag occurrences\n# TYPE hubble_tcp_flags_total counter\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"FIN\"} 2043\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"RST\"} 301\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"SYN\"} 1169\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"SYN-ACK\"} 1169\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/cilium-networkpolicy/","title":"Cilium NetworkPolicy \u200b\u652f\u6301","text":"Kube-OVN \u200b\u5f53\u524d\u200b\u5df2\u7ecf\u200b\u652f\u6301\u200b\u4e0e\u200b Cilium \u200b\u96c6\u6210\u200b\uff0c\u200b\u5177\u4f53\u64cd\u4f5c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Cilium \u200b\u96c6\u6210\u200b\u3002
\u200b\u5728\u200b\u96c6\u6210\u200b Cilium \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5c31\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b Cilium \u200b\u4f18\u79c0\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u80fd\u529b\u200b\uff0c\u200b\u5b9e\u73b0\u200b\u5bf9\u200b\u6d41\u91cf\u200b\u8bbf\u95ee\u200b\u7684\u200b\u63a7\u5236\u200b\u3002\u200b\u4ee5\u4e0b\u200b\u6587\u6863\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u5bf9\u200b Cilium L3 \u200b\u548c\u200b L4 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u80fd\u529b\u200b\u7684\u200b\u96c6\u6210\u200b\u9a8c\u8bc1\u200b\u3002
"},{"location":"advance/cilium-networkpolicy/#_1","title":"\u9a8c\u8bc1\u200b\u6b65\u9aa4","text":""},{"location":"advance/cilium-networkpolicy/#pod","title":"\u521b\u5efa\u200b\u6d4b\u8bd5\u200b Pod","text":"\u200b\u521b\u5efa\u200b namespace test\u3002\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u5728\u200b test namespace \u200b\u4e2d\u200b\u521b\u5efa\u200b\u6307\u5b9a\u200b label app=test \u200b\u7684\u200b Pod\uff0c\u200b\u4f5c\u4e3a\u200b\u6d4b\u8bd5\u200b\u8bbf\u95ee\u200b\u7684\u200b\u76ee\u7684\u200b Pod\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: test\n name: test\n namespace: test\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: test\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n labels:\n app: test\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n
\u200b\u540c\u6837\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u5728\u200b default namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b\u6307\u5b9a\u200b label app=dynamic \u200b\u7684\u200b Pod \u200b\u4e3a\u200b\u53d1\u8d77\u200b\u8bbf\u95ee\u200b\u6d4b\u8bd5\u200b\u7684\u200b Pod\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: dynamic\n name: dynamic\n namespace: default\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: dynamic\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: dynamic\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n
\u200b\u67e5\u770b\u200b\u6d4b\u8bd5\u200b Pod \u200b\u4ee5\u53ca\u200b Label \u200b\u4fe1\u606f\u200b:
# kubectl get pod -o wide --show-labels\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS\ndynamic-7d8d7874f5-9v5c4 1/1 Running 0 28h 10.16.0.35 kube-ovn-worker <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\ndynamic-7d8d7874f5-s8z2n 1/1 Running 0 28h 10.16.0.36 kube-ovn-control-plane <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\n# kubectl get pod -o wide -n test --show-labels\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS\ndynamic-7d8d7874f5-6dsg6 1/1 Running 0 7h20m 10.16.0.2 kube-ovn-control-plane <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\ndynamic-7d8d7874f5-tjgtp 1/1 Running 0 7h46m 10.16.0.42 kube-ovn-worker <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\nlabel-test1-77b6764857-swq4k 1/1 Running 0 3h43m 10.16.0.12 kube-ovn-worker <none> <none> app=test1,pod-template-hash=77b6764857\n\n// \u200b\u4ee5\u4e0b\u200b\u4e3a\u200b\u6d4b\u8bd5\u200b\u8bbf\u95ee\u200b\u76ee\u7684\u200b Pod\ntest-54c98bc466-mft5s 1/1 Running 0 8h 10.16.0.41 kube-ovn-worker <none> <none> app=test,pod-template-hash=54c98bc466\n
"},{"location":"advance/cilium-networkpolicy/#l3","title":"L3 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b CiliumNetworkPolicy \u200b\u8d44\u6e90\u200b:
apiVersion: \"cilium.io/v2\"\nkind: CiliumNetworkPolicy\nmetadata:\n name: \"l3-rule\"\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n
\u200b\u5728\u200b default namespace \u200b\u4e0b\u200b\u7684\u200b\u6d4b\u8bd5\u200b Pod \u200b\u4e2d\u200b\uff0c\u200b\u53d1\u8d77\u200b\u5bf9\u200b\u76ee\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u7ed3\u679c\u200b\u8bbf\u95ee\u200b\u4e0d\u901a\u200b\u3002 \u200b\u4f46\u662f\u200b\u5728\u200b test namespace \u200b\u4e0b\u200b\uff0c\u200b\u6d4b\u8bd5\u200b\u5230\u200b\u76ee\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u6d4b\u8bd5\u200b\u6b63\u5e38\u200b\u3002
default namespace \u200b\u4e0b\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b:
# kubectl exec -it dynamic-7d8d7874f5-9v5c4 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\n
test namepsace \u200b\u4e0b\u200b Pod \u200b\u7684\u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u8bbf\u95ee\u200b\u6b63\u5e38\u200b:
# kubectl exec -it -n test dynamic-7d8d7874f5-6dsg6 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n64 bytes from 10.16.0.41: seq=0 ttl=64 time=2.558 ms\n64 bytes from 10.16.0.41: seq=1 ttl=64 time=0.223 ms\n64 bytes from 10.16.0.41: seq=2 ttl=64 time=0.304 ms\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.223/1.028/2.558 ms\n
\u200b\u67e5\u770b\u200b Cilium \u200b\u5b98\u65b9\u200b\u6587\u6863\u200b\u89e3\u91ca\u200b\uff0cCiliumNetworkPolicy \u200b\u8d44\u6e90\u200b\u5c06\u200b\u9650\u5236\u200b\u63a7\u5236\u200b\u5728\u200b\u4e86\u200b Namespace \u200b\u7ea7\u522b\u200b\u3002\u200b\u8be6\u7ec6\u4fe1\u606f\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b Cilium \u200b\u9650\u5236\u200b\u3002
\u200b\u5728\u200b\u6709\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u5339\u914d\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u53ea\u6709\u200b\u540c\u4e00\u4e2a\u200b Namespace \u200b\u7684\u200b Pod \uff0c\u200b\u624d\u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b\u89c4\u5219\u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u62d2\u7edd\u200b\u5176\u4ed6\u200b Namespace \u200b\u7684\u200b Pod \u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\u3002
\u200b\u5982\u679c\u200b\u60f3\u200b\u5b9e\u73b0\u200b\u8de8\u200b Namespace \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u89c4\u5219\u200b\u4e2d\u200b\u660e\u786e\u200b\u6307\u5b9a\u200b Namespace \u200b\u4fe1\u606f\u200b\u3002
\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\uff0c\u200b\u4fee\u6539\u200b CiliumNetworkPolicy \u200b\u8d44\u6e90\u200b\uff0c\u200b\u589e\u52a0\u200b namespace \u200b\u4fe1\u606f\u200b:
ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n k8s:io.kubernetes.pod.namespace: default // \u200b\u63a7\u5236\u200b\u5176\u4ed6\u200b Namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\n
\u200b\u67e5\u770b\u200b\u4fee\u6539\u200b\u540e\u200b\u7684\u200b CiliumNetworkPolicy \u200b\u8d44\u6e90\u200b\u4fe1\u606f\u200b:
# kubectl get cnp -n test -o yaml l3-rule\napiVersion: cilium.io/v2\nkind: CiliumNetworkPolicy\nmetadata:\n name: l3-rule\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n - matchLabels:\n app: dynamic\n k8s:io.kubernetes.pod.namespace: default\n
\u200b\u518d\u6b21\u200b\u6d4b\u8bd5\u200b default namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\uff0c\u200b\u76ee\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u6b63\u5e38\u200b:
# kubectl exec -it dynamic-7d8d7874f5-9v5c4 -n test -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n64 bytes from 10.16.0.41: seq=0 ttl=64 time=2.383 ms\n64 bytes from 10.16.0.41: seq=1 ttl=64 time=0.115 ms\n64 bytes from 10.16.0.41: seq=2 ttl=64 time=0.142 ms\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.115/0.880/2.383 ms\n
\u200b\u4f7f\u7528\u200b\u6807\u51c6\u200b\u7684\u200b Kubernetes \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b networkpolicy\uff0c\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u663e\u793a\u200b Cilium \u200b\u540c\u6837\u200b\u5c06\u200b\u8bbf\u95ee\u200b\u9650\u5236\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b Namespace \u200b\u5185\u200b\uff0c\u200b\u8de8\u200b Namespace \u200b\u7684\u200b\u8bbf\u95ee\u200b\u662f\u200b\u7981\u6b62\u200b\u7684\u200b\u3002
\u200b\u8fd9\u70b9\u200b\u4e0e\u200b Kube-OVN \u200b\u5b9e\u73b0\u200b\u662f\u200b\u4e0d\u540c\u200b\u7684\u200b\u3002Kube-OVN \u200b\u652f\u6301\u200b\u6807\u51c6\u200b\u7684\u200b k8s \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\uff0c\u200b\u9650\u5236\u200b\u4e86\u200b\u5177\u4f53\u200b Namespace \u200b\u4e0b\u200b\u7684\u200b\u76ee\u7684\u200b Pod\uff0c\u200b\u4f46\u662f\u200b\u5bf9\u200b\u6e90\u5730\u5740\u200b Pod\uff0c\u200b\u662f\u200b\u6ca1\u6709\u200b Namespace \u200b\u9650\u5236\u200b\u7684\u200b\uff0c\u200b\u4efb\u4f55\u200b Namespace \u200b\u4e0b\u200b\u7b26\u5408\u200b\u9650\u5236\u200b\u89c4\u5219\u200b\u7684\u200b Pod\uff0c\u200b\u90fd\u200b\u53ef\u4ee5\u200b\u5b9e\u73b0\u200b\u5bf9\u200b\u76ee\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b\u3002
"},{"location":"advance/cilium-networkpolicy/#l4","title":"L4 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b L4 \u200b\u5c42\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u8d44\u6e90\u200b:
apiVersion: \"cilium.io/v2\"\nkind: CiliumNetworkPolicy\nmetadata:\n name: \"l4-rule\"\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n toPorts:\n - ports:\n - port: \"80\"\n protocol: TCP\n
\u200b\u6d4b\u8bd5\u200b\u76f8\u540c\u200b Namespace \u200b\u4e0b\u200b\uff0c\u200b\u7b26\u5408\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b
# kubectl exec -it -n test dynamic-7d8d7874f5-6dsg6 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\nbash-5.0#\nbash-5.0# curl 10.16.0.41:80\n<html>\n<head>\n <title>Hello World!</title>\n <link href='//fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>\n <style>\n body {\n background-color: white;\n text-align: center;\n padding: 50px;\n font-family: \"Open Sans\",\"Helvetica Neue\",Helvetica,Arial,sans-serif;\n }\n #logo {\n margin-bottom: 40px;\n }\n </style>\n</head>\n<body>\n <h1>Hello World!</h1>\n <h3>Links found</h3>\n <h3>I am on test-54c98bc466-mft5s</h3>\n <h3>Cookie =</h3>\n <b>KUBERNETES</b> listening in 443 available at tcp://10.96.0.1:443<br />\n <h3>my name is hanhouchao!</h3>\n <h3> RequestURI='/'</h3>\n</body>\n</html>\n
\u200b\u76f8\u540c\u200b Namespace \u200b\u4e0b\u200b\uff0c\u200b\u4e0d\u200b\u7b26\u5408\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u6d4b\u8bd5\u200b
# kubectl exec -it -n test label-test1-77b6764857-swq4k -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\nbash-5.0#\nbash-5.0# curl -v 10.16.0.41:80 --connect-timeout 10\n* Trying 10.16.0.41:80...\n* After 10000ms connect time, move on!\n* connect to 10.16.0.41 port 80 failed: Operation timed out\n* Connection timeout after 10001 ms\n* Closing connection 0\ncurl: (28) Connection timeout after 10001 ms\n
\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u751f\u6548\u200b\u540e\u200b\uff0c\u200b\u8de8\u200b Namespace \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u4f9d\u7136\u200b\u662f\u200b\u88ab\u200b\u7981\u6b62\u200b\u7684\u200b\uff0c\u200b\u8ddf\u200b L3 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b\u4e00\u81f4\u200b\u3002
\u200b\u5728\u200b L4 \u200b\u7f51\u7edc\u200b\u89c4\u5219\u200b\u751f\u6548\u200b\u540e\u200b\uff0cping \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\uff0c\u200b\u4f46\u662f\u200b\u7b26\u5408\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u7684\u200b TCP \u200b\u8bbf\u95ee\u200b\uff0c\u200b\u662f\u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u6267\u884c\u200b\u7684\u200b\u3002
\u200b\u5173\u4e8e\u200b ICMP \u200b\u7684\u200b\u9650\u5236\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u5b98\u65b9\u200b\u8bf4\u660e\u200b L4 \u200b\u9650\u5236\u200b\u8bf4\u660e\u200b\u3002
"},{"location":"advance/cilium-networkpolicy/#l7","title":"L7 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5","text":"chaining \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0cL7 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u76ee\u524d\u200b\u662f\u200b\u5b58\u5728\u200b\u95ee\u9898\u200b\u7684\u200b\u3002\u200b\u5728\u200b Cilium \u200b\u5b98\u65b9\u200b\u6587\u6863\u200b\u4e2d\u200b\uff0c\u200b\u5bf9\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u7ed9\u51fa\u200b\u4e86\u200b\u8bf4\u660e\u200b\uff0c\u200b\u53c2\u8003\u200b Generic Veth Chaining\u3002
\u200b\u8fd9\u4e2a\u200b\u95ee\u9898\u200b\u4f7f\u7528\u200b issue 12454 \u200b\u8ddf\u8e2a\u200b\uff0c\u200b\u76ee\u524d\u200b\u8fd8\u200b\u6ca1\u6709\u200b\u89e3\u51b3\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/dhcp/","title":"DHCP \u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u4f7f\u7528\u200b SR-IOV \u200b\u6216\u200b DPDK \u200b\u7c7b\u578b\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0cKubeVirt \u200b\u5185\u7f6e\u200b\u7684\u200b DHCP \u200b\u65e0\u6cd5\u200b\u5728\u200b\u8be5\u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u5de5\u4f5c\u200b\u3002Kube-OVN \u200b\u53ef\u4ee5\u200b\u5229\u7528\u200b OVN \u200b\u7684\u200b DHCP \u200b\u80fd\u529b\u200b\u5728\u200b\u5b50\u7f51\u200b\u7ea7\u522b\u200b\u8bbe\u7f6e\u200b DHCP \u200b\u9009\u9879\u200b\uff0c\u200b\u4ece\u800c\u200b\u5e2e\u52a9\u200b\u8be5\u200b\u7f51\u7edc\u200b\u7c7b\u578b\u200b\u7684\u200b KubeVirt \u200b\u865a\u673a\u200b\u6b63\u5e38\u200b\u4f7f\u7528\u200b DHCP \u200b\u83b7\u5f97\u200b\u5206\u914d\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002Kube-OVN \u200b\u540c\u65f6\u200b\u652f\u6301\u200b DHCPv4 \u200b\u548c\u200b DHCPv6\u3002
\u200b\u5b50\u7f51\u200b DHCP \u200b\u7684\u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sn-dual\nspec:\n cidrBlock: \"10.0.0.0/24,240e::a00/120\"\n default: false\n disableGatewayCheck: true\n disableInterConnection: false\n excludeIps:\n - 10.0.0.1\n - 240e::a01\n gateway: 10.0.0.1,240e::a01\n gatewayNode: ''\n gatewayType: distributed\n natOutgoing: false\n private: false\n protocol: Dual\n provider: ovn\n vpc: vpc-test\n enableDHCP: true\n dhcpV4Options: \"lease_time=3600,router=10.0.0.1,server_id=169.254.0.254,server_mac=00:00:00:2E:2F:B8\"\n dhcpV6Options: \"server_id=00:00:00:2E:2F:C5\"\n enableIPv6RA: true\n ipv6RAConfigs: \"address_mode=dhcpv6_stateful,max_interval=30,min_interval=5,send_periodic=true\"\n
enableDHCP: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u5b50\u7f51\u200b\u7684\u200b DHCP \u200b\u529f\u80fd\u200b\u3002dhcpV4Options,dhcpV6Options: \u200b\u8be5\u5b57\u6bb5\u200b\u76f4\u63a5\u200b\u66b4\u9732\u200b ovn-nb \u200b\u5185\u200b DHCP \u200b\u76f8\u5173\u200b\u9009\u9879\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b DHCP Options\u3002 \u200b\u9ed8\u8ba4\u503c\u200b\u5206\u522b\u200b\u4e3a\u200b \"lease_time=3600, router=$ipv4_gateway, server_id=169.254.0.254, server_mac=$random_mac\" \u200b\u548c\u200b server_id=$random_mac\u3002enableIPv6RA: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b DHCPv6 \u200b\u7684\u200b\u8def\u7531\u200b\u5e7f\u64ad\u200b\u529f\u80fd\u200b\u3002ipv6RAConfigs\uff1a\u200b\u8be5\u5b57\u6bb5\u200b\u76f4\u63a5\u200b\u66b4\u9732\u200b ovn-nb \u200b\u5185\u200b Logical_Router_Port \u200b\u76f8\u5173\u200b\u9009\u9879\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b Logical Router Port \u200b\u9ed8\u8ba4\u503c\u200b\u4e3a\u200b address_mode=dhcpv6_stateful, max_interval=30, min_interval=5, send_periodic=true\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/dpdk/","title":"DPDK \u200b\u652f\u6301","text":"\u200b\u8be5\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b Kube-OVN \u200b\u5982\u4f55\u200b\u548c\u200b OVS-DPDK \u200b\u7ed3\u5408\u200b\uff0c\u200b\u7ed9\u200b KubeVirt \u200b\u7684\u200b\u865a\u673a\u200b\u63d0\u4f9b\u200b DPDK \u200b\u7c7b\u578b\u200b\u7684\u200b\u7f51\u7edc\u63a5\u53e3\u200b\u3002
\u200b\u4e0a\u6e38\u200b\u7684\u200b KubeVirt \u200b\u76ee\u524d\u200b\u8fd8\u200b\u672a\u200b\u652f\u6301\u200b OVS-DPDK\uff0c\u200b\u7528\u6237\u200b\u9700\u8981\u200b\u81ea\u5df1\u200b\u901a\u8fc7\u200b\u76f8\u5173\u200b patch Vhostuser implementation \u200b\u6784\u5efa\u200b KubeVirt \u200b\u6216\u200b KVM Device Plugin \u200b\u6765\u200b\u4f7f\u7528\u200b OVS-DPDK\u3002
"},{"location":"advance/dpdk/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u8282\u70b9\u200b\u9700\u200b\u63d0\u4f9b\u200b\u4e13\u95e8\u200b\u7ed9\u200b DPDK \u200b\u9a71\u52a8\u200b\u8fd0\u884c\u200b\u7684\u200b\u7f51\u5361\u200b\u3002
- \u200b\u8282\u70b9\u200b\u9700\u200b\u5f00\u542f\u200b Hugepages\u3002
"},{"location":"advance/dpdk/#dpdk_1","title":"\u7f51\u5361\u200b\u8bbe\u7f6e\u200b DPDK \u200b\u9a71\u52a8","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b driverctl \u200b\u4e3a\u4f8b\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5177\u4f53\u200b\u53c2\u6570\u200b\u548c\u200b\u5176\u4ed6\u200b\u9a71\u52a8\u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b DPDK \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u3002
driverctl set-override 0000:00:0b.0 uio_pci_generic\n
"},{"location":"advance/dpdk/#_2","title":"\u8282\u70b9\u200b\u914d\u7f6e","text":"\u200b\u5bf9\u200b\u652f\u6301\u200b OVS-DPDK \u200b\u7684\u200b\u8282\u70b9\u200b\u6253\u200b\u6807\u7b7e\u200b\uff0c\u200b\u4ee5\u4fbf\u200b Kube-OVN \u200b\u8fdb\u884c\u200b\u8bc6\u522b\u200b\u5904\u7406\u200b\uff1a
kubectl label nodes <node> ovn.kubernetes.io/ovs_dp_type=\"userspace\"\n
\u200b\u5728\u200b\u652f\u6301\u200b OVS-DPDK \u200b\u8282\u70b9\u200b\u7684\u200b /opt/ovs-config \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u521b\u5efa\u200b\u914d\u7f6e\u6587\u4ef6\u200b ovs-dpdk-config\uff1a
ENCAP_IP=192.168.122.193/24\nDPDK_DEV=0000:00:0b.0\n
ENCAP_IP: \u200b\u96a7\u9053\u200b\u7aef\u70b9\u200b\u5730\u5740\u200b\u3002DPDK_DEV: \u200b\u8bbe\u5907\u200b\u7684\u200b PCI ID\u3002
"},{"location":"advance/dpdk/#kube-ovn","title":"\u5b89\u88c5\u200b Kube-OVN","text":"\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u542f\u7528\u200b DPDK \u200b\u5b89\u88c5\u200b\u9009\u9879\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a
bash install.sh --with-hybrid-dpdk\n
"},{"location":"advance/dpdk/#_3","title":"\u4f7f\u7528\u200b\u65b9\u5f0f","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u901a\u8fc7\u200b\u521b\u5efa\u200b\u4e00\u4e2a\u200b\u4f7f\u7528\u200b vhostuser \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\u7684\u200b\u865a\u200b\u673a\u6765\u200b\u9a8c\u8bc1\u200b OVS-DPDK \u200b\u529f\u80fd\u200b\u3002
\u200b\u5b89\u88c5\u200b KVM Device Plugin \u200b\u6765\u200b\u521b\u5efa\u200b\u865a\u673a\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u8bf7\u200b\u53c2\u8003\u200b KVM Device Plugin\u3002
kubectl apply -f https://raw.githubusercontent.com/kubevirt/kubernetes-device-plugins/master/manifests/kvm-ds.yml\n
\u200b\u521b\u5efa\u200b NetworkAttachmentDefinition\uff1a
apiVersion: k8s.cni.cncf.io/v1\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-dpdk\n namespace: default\nspec:\n config: >-\n {\n \"cniVersion\": \"0.3.0\", \n \"type\": \"kube-ovn\", \n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\", \n \"provider\": \"ovn-dpdk.default.ovn\",\n \"vhost_user_socket_volume_name\": \"vhostuser-sockets\",\n \"vhost_user_socket_name\": \"sock\"\n }\n
\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b Dockerfile \u200b\u521b\u5efa\u200b VM \u200b\u955c\u50cf\u200b\uff1a
FROM quay.io/kubevirt/virt-launcher:v0.46.1\n\n# wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2\nCOPY CentOS-7-x86_64-GenericCloud.qcow2 /var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2\n
\u200b\u521b\u5efa\u200b\u865a\u62df\u673a\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vm-config\ndata:\n start.sh: |\n chmod u+w /etc/libvirt/qemu.conf\n echo \"hugetlbfs_mount = \\\"/dev/hugepages\\\"\" >> /etc/libvirt/qemu.conf\n virtlogd &\n libvirtd &\n\n mkdir /var/lock\n\n sleep 5\n\n virsh define /root/vm/vm.xml\n virsh start vm\n\n tail -f /dev/null\n vm.xml: |\n <domain type='kvm'>\n <name>vm</name>\n <uuid>4a9b3f53-fa2a-47f3-a757-dd87720d9d1d</uuid>\n <memory unit='KiB'>2097152</memory>\n <currentMemory unit='KiB'>2097152</currentMemory>\n <memoryBacking>\n <hugepages>\n <page size='2' unit='M' nodeset='0'/>\n </hugepages>\n </memoryBacking>\n <vcpu placement='static'>2</vcpu>\n <cputune>\n <shares>4096</shares>\n <vcpupin vcpu='0' cpuset='4'/>\n <vcpupin vcpu='1' cpuset='5'/>\n <emulatorpin cpuset='1,3'/>\n </cputune>\n <os>\n <type arch='x86_64' machine='pc'>hvm</type>\n <boot dev='hd'/>\n </os>\n <features>\n <acpi/>\n <apic/>\n </features>\n <cpu mode='host-model'>\n <model fallback='allow'/>\n <topology sockets='1' cores='2' threads='1'/>\n <numa>\n <cell id='0' cpus='0-1' memory='2097152' unit='KiB' memAccess='shared'/>\n </numa>\n </cpu>\n <on_reboot>restart</on_reboot>\n <devices>\n <emulator>/usr/libexec/qemu-kvm</emulator>\n <disk type='file' device='disk'>\n <driver name='qemu' type='qcow2' cache='none'/>\n <source file='/var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2'/>\n <target dev='vda' bus='virtio'/>\n </disk>\n\n <interface type='vhostuser'>\n <mac address='00:00:00:0A:30:89'/>\n <source type='unix' path='/var/run/vm/sock' mode='server'/>\n <model type='virtio'/>\n <driver queues='2'>\n <host mrg_rxbuf='off'/>\n </driver>\n </interface>\n <serial type='pty'>\n <target type='isa-serial' port='0'>\n <model name='isa-serial'/>\n </target>\n </serial>\n <console type='pty'>\n <target type='serial' port='0'/>\n </console>\n <channel type='unix'>\n <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-1-vm/org.qemu.guest_agent.0'/>\n <target type='virtio' name='org.qemu.guest_agent.0' state='connected'/>\n <alias name='channel0'/>\n <address type='virtio-serial' controller='0' bus='0' port='1'/>\n </channel>\n\n </devices>\n </domain>\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: vm-deployment\n labels:\n app: vm\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: vm\n template:\n metadata:\n labels:\n app: vm\n annotations:\n k8s.v1.cni.cncf.io/networks: default/ovn-dpdk\n ovn-dpdk.default.ovn.kubernetes.io/ip_address: 10.16.0.96\n ovn-dpdk.default.ovn.kubernetes.io/mac_address: 00:00:00:0A:30:89\n spec:\n nodeSelector:\n ovn.kubernetes.io/ovs_dp_type: userspace\n securityContext:\n runAsUser: 0\n volumes:\n - name: vhostuser-sockets\n emptyDir: {}\n - name: xml\n configMap:\n name: vm-config\n - name: hugepage\n emptyDir:\n medium: HugePages-2Mi\n - name: libvirt-runtime\n emptyDir: {}\n containers:\n - name: vm\n image: vm-vhostuser:latest\n command: [\"bash\", \"/root/vm/start.sh\"]\n securityContext:\n capabilities:\n add:\n - NET_BIND_SERVICE\n - SYS_NICE\n - NET_RAW\n - NET_ADMIN\n privileged: false\n runAsUser: 0\n resources:\n limits:\n cpu: '2'\n devices.kubevirt.io/kvm: '1'\n memory: '8784969729'\n hugepages-2Mi: 2Gi\n requests:\n cpu: 666m\n devices.kubevirt.io/kvm: '1'\n ephemeral-storage: 50M\n memory: '4490002433'\n volumeMounts:\n - name: vhostuser-sockets\n mountPath: /var/run/vm\n - name: xml\n mountPath: /root/vm/\n - mountPath: /dev/hugepages\n name: hugepage\n - name: libvirt-runtime\n mountPath: /var/run/libvirt\n
\u200b\u7b49\u5f85\u200b\u865a\u62df\u673a\u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\u8fdb\u5165\u200b Pod \u200b\u8fdb\u884c\u200b\u865a\u673a\u200b\u914d\u7f6e\u200b\uff1a
# virsh set-user-password vm root 12345\nPassword set successfully for root in vm\n\n# virsh console vm\nConnected to domain 'vm'\nEscape character is ^] (Ctrl + ])\n\nCentOS Linux 7 (Core)\nKernel 3.10.0-1127.el7.x86_64 on an x86_64\n\nlocalhost login: root\nPassword:\nLast login: Fri Feb 25 09:52:54 on ttyS0\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u767b\u5f55\u200b\u865a\u673a\u200b\u8fdb\u884c\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u5e76\u200b\u6d4b\u8bd5\u200b\uff1a
ip link set eth0 mtu 1400\nip addr add 10.16.0.96/16 dev eth0\nip ro add default via 10.16.0.1\nping 114.114.114.114\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/external-gateway/","title":"\u5916\u90e8\u200b\u7f51\u5173\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u5bf9\u200b\u6240\u6709\u200b\u5bb9\u5668\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7684\u200b\u6d41\u91cf\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b\u7684\u200b\u7f51\u5173\u200b\u8fdb\u884c\u200b\u7edf\u4e00\u200b\u7684\u200b\u7ba1\u7406\u200b\u548c\u200b\u5ba1\u8ba1\u200b\u3002 Kube-OVN \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5728\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b\u8def\u7531\u200b\u914d\u7f6e\u200b\uff0c\u200b\u5c06\u200b\u51fa\u7f51\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\u81f3\u200b\u5bf9\u5e94\u200b\u7684\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u3002
"},{"location":"advance/external-gateway/#_2","title":"\u4f7f\u7528\u200b\u65b9\u5f0f","text":"kind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: external\nspec:\n cidrBlock: 172.31.0.0/16\n gatewayType: centralized\n natOutgoing: false\n externalEgressGateway: 192.168.0.1\n policyRoutingTableID: 1000\n policyRoutingPriority: 1500\n
natOutgoing: \u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\u3002externalEgressGateway\uff1a\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u9700\u8981\u200b\u548c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u53ef\u8fbe\u57df\u200b\u3002policyRoutingTableID\uff1a\u200b\u4f7f\u7528\u200b\u7684\u200b\u672c\u5730\u200b\u7b56\u7565\u200b\u8def\u7531\u8868\u200b\u7684\u200b TableID \u200b\u6bcf\u4e2a\u200b\u5b50\u7f51\u200b\u5747\u200b\u9700\u200b\u4e0d\u540c\u200b\u4ee5\u200b\u907f\u514d\u200b\u51b2\u7a81\u200b\u3002policyRoutingPriority\uff1a\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u4e3a\u200b\u907f\u514d\u200b\u540e\u7eed\u200b\u7528\u6237\u200b\u5b9a\u5236\u200b\u5316\u200b\u7684\u200b\u5176\u4ed6\u200b\u8def\u7531\u200b\u64cd\u4f5c\u200b\u51b2\u7a81\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u53ef\u4ee5\u200b\u6307\u5b9a\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u82e5\u200b\u65e0\u200b\u7279\u6b8a\u200b\u9700\u6c42\u200b\u586b\u5165\u200b\u4efb\u610f\u200b\u503c\u200b\u5373\u53ef\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/fastpath/","title":"\u624b\u52a8\u200b\u7f16\u8bd1\u200b FastPath \u200b\u6a21\u5757","text":"\u200b\u7ecf\u8fc7\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u7684\u200b\u6027\u80fd\u200b Profile\uff0cNetfilter \u200b\u5728\u200b\u5bb9\u5668\u200b\u5185\u200b\u548c\u200b\u5bbf\u4e3b\u673a\u200b\u4e0a\u200b\u7684\u200b\u76f8\u5173\u200b\u5904\u7406\u200b\u6d88\u8017\u200b\u4e86\u200b 20% \u200b\u5de6\u53f3\u200b\u7684\u200b CPU \u200b\u8d44\u6e90\u200b\uff0cFastPath \u200b\u6a21\u5757\u200b\u53ef\u4ee5\u200b\u7ed5\u8fc7\u200b Netfilter \u200b\u4ece\u800c\u200b \u200b\u964d\u4f4e\u200b CPU \u200b\u7684\u200b\u6d88\u8017\u200b\u548c\u200b\u5ef6\u8fdf\u200b\uff0c\u200b\u5e76\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b FastPath \u200b\u6a21\u5757\u200b\u3002
"},{"location":"advance/fastpath/#_1","title":"\u4e0b\u8f7d\u200b\u76f8\u5173\u200b\u5185\u6838\u6a21\u5757\u200b\u4ee3\u7801","text":"git clone --depth=1 https://github.com/kubeovn/kube-ovn.git\n
"},{"location":"advance/fastpath/#_2","title":"\u5b89\u88c5\u200b\u4f9d\u8d56","text":"\u200b\u8fd9\u91cc\u200b\u4ee5\u200b CentOS \u200b\u4e3a\u4f8b\u200b\u4e0b\u8f7d\u200b\u76f8\u5173\u200b\u4f9d\u8d56\u200b\uff1a
yum install -y kernel-devel-$(uname -r) gcc elfutils-libelf-devel\n
"},{"location":"advance/fastpath/#_3","title":"\u7f16\u8bd1\u200b\u76f8\u5173\u200b\u6a21\u5757","text":"\u200b\u9488\u5bf9\u200b 3.x \u200b\u7684\u200b\u5185\u6838\u200b\uff1a
cd kube-ovn/fastpath\nmake all\n
\u200b\u9488\u5bf9\u200b 4.x \u200b\u7684\u200b\u5185\u6838\u200b\uff1a
cd kube-ovn/fastpath/4.18\ncp ../Makefile .\nmake all\n
"},{"location":"advance/fastpath/#_4","title":"\u5b89\u88c5\u200b\u5185\u6838\u6a21\u5757","text":"\u200b\u5c06\u200b kube_ovn_fastpath.ko \u200b\u590d\u5236\u5230\u200b\u6bcf\u4e2a\u200b\u9700\u8981\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u7684\u200b\u8282\u70b9\u200b /tmp \u200b\u76ee\u5f55\u200b\u4e0b\u200b\uff0ckube-ovn-cni \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u52a0\u8f7d\u200b\u8be5\u200b\u6a21\u5757\u200b\u3002
\u200b\u4f7f\u7528\u200b dmesg \u200b\u786e\u8ba4\u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\uff1a
# dmesg\n[619631.323788] init_module,kube_ovn_fastpath_local_out\n[619631.323798] init_module,kube_ovn_fastpath_post_routing\n[619631.323800] init_module,kube_ovn_fastpath_pre_routing\n[619631.323801] init_module,kube_ovn_fastpath_local_in\n
\u200b\u5982\u9700\u200b\u5378\u8f7d\u200b\u6a21\u5757\u200b\uff0c\u200b\u53ef\u200b\u5c06\u200b\u8be5\u200b\u6a21\u5757\u200b\u4ece\u200b /tmp \u200b\u76ee\u5f55\u200b\u4e0b\u79fb\u200b\u9664\u200b\uff0ckube-ovn-cni \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5378\u8f7d\u200b\u8be5\u200b\u6a21\u5757\u200b\u3002
\u200b\u8be5\u200b\u6a21\u5757\u200b\u5728\u200b\u673a\u5668\u200b\u91cd\u542f\u200b\u540e\u200b\u4e0d\u4f1a\u200b\u81ea\u52a8\u200b\u52a0\u8f7d\u200b\uff0c\u200b\u5982\u9700\u200b\u81ea\u52a8\u200b\u52a0\u8f7d\u200b\u8bf7\u200b\u6839\u636e\u200b\u7cfb\u7edf\u200b\u5f04\u200b\u914d\u7f6e\u200b\u7f16\u5199\u200b\u76f8\u5e94\u200b\u81ea\u542f\u52a8\u200b\u811a\u672c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/multi-nic/","title":"\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406","text":"Kube-OVN \u200b\u53ef\u4ee5\u200b\u4e3a\u200b\u5176\u4ed6\u200b CNI \u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u4f8b\u5982\u200b macvlan\u3001vlan\u3001host-device \u200b\u7b49\u200b\u63d2\u4ef6\u200b\u63d0\u4f9b\u200b\u96c6\u7fa4\u200b\u7ea7\u522b\u200b\u7684\u200b IPAM \u200b\u80fd\u529b\u200b\uff0c \u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5230\u200b Kube-OVN \u200b\u4e2d\u5b50\u200b\u7f51\u200b\u4ee5\u53ca\u200b\u56fa\u5b9a\u200b IP \u200b\u529f\u80fd\u200b\u3002
\u200b\u540c\u65f6\u200b Kube-OVN \u200b\u4e5f\u200b\u652f\u6301\u200b\u591a\u5757\u200b\u7f51\u5361\u200b\u5747\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u7684\u200b\u5730\u5740\u200b\u7ba1\u7406\u200b\u3002
"},{"location":"advance/multi-nic/#_2","title":"\u5de5\u4f5c\u200b\u539f\u7406","text":"\u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b Multus CNI, \u200b\u6211\u4eec\u200b\u53ef\u4ee5\u200b\u7ed9\u200b\u4e00\u4e2a\u200b Pod \u200b\u6dfb\u52a0\u200b\u591a\u5757\u200b\u4e0d\u540c\u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u5361\u200b\u3002 \u200b\u7136\u800c\u200b\u6211\u4eec\u200b\u4ecd\u7136\u200b\u7f3a\u4e4f\u200b\u5bf9\u200b\u96c6\u7fa4\u200b\u8303\u56f4\u200b\u5185\u200b\u4e0d\u540c\u200b\u7f51\u7edc\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u8fdb\u884c\u200b\u7ba1\u7406\u200b\u7684\u200b\u80fd\u529b\u200b\u3002\u200b\u5728\u200b Kube-OVN \u200b\u4e2d\u200b\uff0c\u200b\u6211\u4eec\u200b\u5df2\u7ecf\u200b\u80fd\u591f\u200b\u901a\u8fc7\u200b Subnet \u200b\u548c\u200b IP \u200b\u7684\u200b CRD \u200b\u6765\u200b\u8fdb\u884c\u200b IP \u200b\u7684\u200b\u9ad8\u7ea7\u200b\u7ba1\u7406\u200b\uff0c \u200b\u4f8b\u5982\u200b\u5b50\u7f51\u200b\u7ba1\u7406\u200b\uff0cIP \u200b\u9884\u7559\u200b\uff0c\u200b\u968f\u673a\u200b\u5206\u914d\u200b\uff0c\u200b\u56fa\u5b9a\u200b\u5206\u914d\u200b\u7b49\u200b\u3002\u200b\u73b0\u5728\u200b\u6211\u4eec\u200b\u5bf9\u200b\u5b50\u7f51\u200b\u8fdb\u884c\u200b\u6269\u5c55\u200b\uff0c\u200b\u6765\u200b\u63a5\u5165\u200b\u5176\u4ed6\u200b\u4e0d\u540c\u200b\u7684\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u7684\u200b IPAM \u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/multi-nic/#_3","title":"\u5de5\u4f5c\u200b\u6d41\u7a0b","text":"\u200b\u4e0a\u200b\u56fe\u200b\u5c55\u793a\u200b\u4e86\u200b\u5982\u4f55\u200b\u901a\u8fc7\u200b Kube-OVN \u200b\u6765\u200b\u7ba1\u7406\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002\u200b\u5176\u4e2d\u200b\u5bb9\u5668\u200b\u7684\u200b eth0 \u200b\u7f51\u5361\u200b\u63a5\u5165\u200b OVN \u200b\u7f51\u7edc\u200b\uff0cnet1 \u200b\u7f51\u5361\u200b\u63a5\u5165\u200b\u5176\u4ed6\u200b CNI \u200b\u7f51\u7edc\u200b\u3002 net1 \u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u7edc\u200b\u5b9a\u4e49\u200b\u6765\u81ea\u200b\u4e8e\u200b multus-cni \u200b\u4e2d\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u8d44\u6e90\u200b\u5b9a\u4e49\u200b\u3002
\u200b\u5f53\u200b Pod \u200b\u521b\u5efa\u200b\u65f6\u200b\uff0ckube-ovn-controller \u200b\u4f1a\u200b\u76d1\u542c\u200b\u5230\u200b Pod \u200b\u6dfb\u52a0\u200b\u4e8b\u4ef6\u200b\uff0c\u200b\u5e76\u200b\u6839\u636e\u200b Pod \u200b\u4e2d\u200b\u7684\u200b annotation \u200b\u53bb\u200b\u5bfb\u627e\u200b\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u5e76\u200b\u4ece\u4e2d\u200b\u8fdb\u884c\u200b IP \u200b\u7684\u200b\u5206\u914d\u200b\u548c\u200b\u7ba1\u7406\u200b\uff0c \u200b\u5e76\u200b\u5c06\u200b Pod \u200b\u6240\u200b\u5206\u914d\u200b\u5230\u200b\u7684\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\u5199\u200b\u56de\u5230\u200b Pod annotation \u200b\u4e2d\u200b\u3002
\u200b\u5728\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u673a\u5668\u200b\u7684\u200b CNI \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5728\u200b\u914d\u7f6e\u200b\u4e2d\u200b\u914d\u7f6e\u200b kube-ovn-cni \u200b\u4f5c\u4e3a\u200b ipam \u200b\u63d2\u4ef6\u200b, kube-ovn-cni \u200b\u5c06\u4f1a\u200b\u8bfb\u53d6\u200b Pod annotation \u200b\u5e76\u200b\u5c06\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\u901a\u8fc7\u200b CNI \u200b\u534f\u8bae\u200b\u7684\u200b\u6807\u51c6\u200b\u683c\u5f0f\u200b\u8fd4\u56de\u200b\u7ed9\u200b\u76f8\u5e94\u200b\u7684\u200b CNI \u200b\u63d2\u4ef6\u200b\u3002
"},{"location":"advance/multi-nic/#_4","title":"\u4f7f\u7528\u200b\u65b9\u6cd5","text":""},{"location":"advance/multi-nic/#kube-ovn-multus","title":"\u5b89\u88c5\u200b Kube-OVN \u200b\u548c\u200b Multus","text":"\u200b\u8bf7\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b \u200b\u548c\u200b Multus how to use \u200b\u6765\u200b\u5b89\u88c5\u200b Kube-OVN \u200b\u548c\u200b Multus-CNI\u3002
"},{"location":"advance/multi-nic/#cni-ipam","title":"\u4e3a\u200b\u5176\u4ed6\u200b CNI \u200b\u63d0\u4f9b\u200b IPAM","text":"\u200b\u6b64\u65f6\u200b\u4e3b\u200b\u7f51\u5361\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\uff0c\u200b\u9644\u5c5e\u200b\u7f51\u5361\u200b\u4e3a\u200b\u5176\u4ed6\u200b\u7c7b\u578b\u200b CNI\u3002
"},{"location":"advance/multi-nic/#networkattachmentdefinition","title":"\u521b\u5efa\u200b NetworkAttachmentDefinition","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b macvlan \u200b\u4f5c\u4e3a\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u7b2c\u4e8c\u4e2a\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u5176\u200b ipam \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b kube-ovn\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: macvlan\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth0\",\n \"mode\": \"bridge\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"macvlan.default\"\n }\n }'\n
spec.config.ipam.type: \u200b\u9700\u8981\u200b\u4e3a\u200b kube-ovn \u200b\u6765\u200b\u8c03\u7528\u200b kube-ovn \u200b\u7684\u200b\u63d2\u4ef6\u200b\u6765\u200b\u83b7\u53d6\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\u3002server_socket: Kube-OVN \u200b\u901a\u4fe1\u200b\u4f7f\u7528\u200b\u7684\u200b socket \u200b\u6587\u4ef6\u200b\u3002 \u200b\u9ed8\u8ba4\u200b\u4f4d\u7f6e\u200b\u4e3a\u200b /run/openvswitch/kube-ovn-daemon.sock\u3002provider: \u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace> , Kube-OVN \u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u8fd9\u4e9b\u200b\u4fe1\u606f\u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u8d44\u6e90\u200b\u3002
"},{"location":"advance/multi-nic/#kube-ovn","title":"\u9644\u5c5e\u200b\u7f51\u5361\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361","text":"\u200b\u6b64\u65f6\u200b\u591a\u5757\u200b\u7f51\u5361\u200b\u5747\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\u3002
"},{"location":"advance/multi-nic/#networkattachmentdefinition_1","title":"\u521b\u5efa\u200b NetworkAttachmentDefinition","text":"\u200b\u5c06\u200b provider \u200b\u7684\u200b\u540e\u7f00\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b ovn\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: attachnet\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"attachnet.default.ovn\"\n }'\n
spec.config.type: \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b kube-ovn \u200b\u6765\u200b\u89e6\u53d1\u200b CNI \u200b\u63d2\u4ef6\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u5b50\u7f51\u200b\u3002server_socket: Kube-OVN \u200b\u901a\u4fe1\u200b\u4f7f\u7528\u200b\u7684\u200b socket \u200b\u6587\u4ef6\u200b\u3002 \u200b\u9ed8\u8ba4\u200b\u4f4d\u7f6e\u200b\u4e3a\u200b /run/openvswitch/kube-ovn-daemon.sock\u3002provider: \u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace>.ovn , Kube-OVN \u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u8fd9\u4e9b\u200b\u4fe1\u606f\u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u8d44\u6e90\u200b\uff0c\u200b\u6ce8\u610f\u200b\u540e\u7f00\u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b ovn\u3002
"},{"location":"advance/multi-nic/#kube-ovn-subnet","title":"\u521b\u5efa\u200b\u4e00\u4e2a\u200b Kube-OVN Subnet","text":"\u200b\u521b\u5efa\u200b\u4e00\u4e2a\u200b Kube-OVN Subnet,\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b cidrBlock \u200b\u548c\u200b exclude_ips, provider \u200b\u5e94\u8be5\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace>, \u200b\u4f8b\u5982\u200b\u7528\u200b macvlan \u200b\u63d0\u4f9b\u200b\u9644\u52a0\u200b\u7f51\u5361\u200b\uff0c\u200b\u521b\u5efa\u200b Subnet \u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: macvlan\nspec:\n protocol: IPv4\n provider: macvlan.default\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n excludeIps:\n - 172.17.0.0..172.17.0.10\n
gateway, private, nat \u200b\u53ea\u200b\u5bf9\u200b provider \u200b\u7c7b\u578b\u200b\u4e3a\u200b ovn \u200b\u7684\u200b\u7f51\u7edc\u200b\u751f\u6548\u200b\uff0c\u200b\u4e0d\u9002\u200b\u7528\u4e8e\u200b attachment network\u3002
\u200b\u5982\u679c\u200b\u4ee5\u200b Kube-OVN \u200b\u4f5c\u4e3a\u200b\u9644\u52a0\u200b\u7f51\u5361\u200b\uff0c\u200b\u5219\u200b provider \u200b\u5e94\u8be5\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace>.ovn\uff0c\u200b\u5e76\u200b\u8981\u200b\u4ee5\u200b ovn \u200b\u4f5c\u4e3a\u200b\u540e\u7f00\u200b\u7ed3\u675f\u200b\u3002 \u200b\u7528\u200b Kube-OVN \u200b\u63d0\u4f9b\u200b\u9644\u52a0\u200b\u7f51\u5361\u200b\uff0c\u200b\u521b\u5efa\u200b Subnet \u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attachnet\nspec:\n protocol: IPv4\n provider: attachnet.default.ovn\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n excludeIps:\n - 172.17.0.0..172.17.0.10\n
"},{"location":"advance/multi-nic/#pod","title":"\u521b\u5efa\u200b\u4e00\u4e2a\u591a\u200b\u7f51\u7edc\u200b\u7684\u200b Pod","text":"\u200b\u5bf9\u4e8e\u200b\u5730\u5740\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u7684\u200b Pod\uff0c\u200b\u53ea\u200b\u9700\u8981\u200b\u6dfb\u52a0\u200b\u5982\u4e0b\u200b annotation k8s.v1.cni.cncf.io/networks,\u200b\u53d6\u503c\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <namespace>/<name>\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: samplepod\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\nspec:\n containers:\n - name: samplepod\n command: [\"/bin/ash\", \"-c\", \"trap : TERM INT; sleep infinity & wait\"]\n image: docker.io/library/alpine:edge\n
"},{"location":"advance/multi-nic/#ip-pod","title":"\u521b\u5efa\u200b\u56fa\u5b9a\u200b IP \u200b\u7684\u200b Pod","text":"\u200b\u5bf9\u4e8e\u200b\u56fa\u5b9a\u200b IP \u200b\u7684\u200b Pod\uff0c\u200b\u6dfb\u52a0\u200b <networkAttachmentName>.<networkAttachmentNamespace>.kubernetes.io/ip_address annotation\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: static-ip\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\n macvlan.default.kubernetes.io/ip_address: 172.17.0.100\n macvlan.default.kubernetes.io/mac_address: 00:00:00:53:6B:BB\nspec:\n containers:\n - name: static-ip\n image: docker.io/library/nginx:alpine\n
"},{"location":"advance/multi-nic/#ip","title":"\u521b\u5efa\u200b\u4f7f\u7528\u200b\u56fa\u5b9a\u200b IP \u200b\u7684\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d","text":"\u200b\u5bf9\u4e8e\u200b\u4f7f\u7528\u200b ippool \u200b\u7684\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b, \u200b\u6dfb\u52a0\u200b <networkAttachmentName>.<networkAttachmentNamespace>.kubernetes.io/ip_pool annotations:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n namespace: default\n name: static-workload\n labels:\n app: static-workload\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: static-workload\n template:\n metadata:\n labels:\n app: static-workload\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\n ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17\n macvlan.default.kubernetes.io/ip_pool: 172.17.0.200,172.17.0.201,172.17.0.202\n spec:\n containers:\n - name: static-workload\n image: docker.io/library/nginx:alpine\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/nat-policy-rule/","title":"\u9ed8\u8ba4\u200b VPC NAT \u200b\u7b56\u7565\u200b\u89c4\u5219","text":""},{"location":"advance/nat-policy-rule/#_1","title":"\u7528\u9014","text":"\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Overlay \u200b\u5b50\u7f51\u200b\uff0c\u200b\u6253\u5f00\u200b natOutgoing \u200b\u5f00\u5173\u200b\u65f6\u200b\uff0cSubnet \u200b\u4e0b\u200b\u7684\u200b\u6240\u6709\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u90fd\u200b\u9700\u8981\u200b\u505a\u200b SNAT \u200b\u6210\u200b\u8282\u70b9\u200b\u7684\u200b IP\uff0c\u200b\u4f46\u662f\u200b\u6709\u4e9b\u200b\u573a\u666f\u200b\u6211\u4eec\u200b\u5e76\u200b\u4e0d\u200b\u5e0c\u671b\u200b\u5b50\u7f51\u200b\u5185\u200b\u6240\u6709\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u90fd\u200b\u505a\u200b SNAT\u3002
\u200b\u56e0\u6b64\u200b NAT \u200b\u7b56\u7565\u200b\u5c31\u662f\u200b\u4e3a\u4e86\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b\u63a5\u53e3\u200b\u8ba9\u200b\u7528\u6237\u200b\u51b3\u5b9a\u200b\u5b50\u7f51\u200b\u5185\u200b\u7684\u200b\u54ea\u4e9b\u200b CIDR \u200b\u6216\u8005\u200b IP \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u505a\u200b SNAT\u3002
"},{"location":"advance/nat-policy-rule/#_2","title":"\u4f7f\u7528\u200b\u65b9\u6cd5","text":"\u200b\u5728\u200b subnet.Spec \u200b\u4e2d\u200b\u5f00\u542f\u200b natOutgoing \u200b\u5f00\u5173\u200b\uff0c \u200b\u5e76\u4e14\u200b\u6dfb\u52a0\u200b\u5b57\u200b\u6bb5\u200b natOutgoingPolicyRules \u200b\u5982\u4e0b\u200b\uff1a
spec:\n natOutgoing: true\n natOutgoingPolicyRules:\n - action: forward\n match:\n srcIPs: 10.0.11.0/30,10.0.11.254\n - action: nat\n match:\n srcIPs: 10.0.11.128/26\n dstIPs: 114.114.114.114,8.8.8.8\n
\u200b\u4ee5\u4e0a\u200b\u6848\u4f8b\u200b\u8868\u793a\u200b\u6709\u200b\u4e24\u6761\u200b NAT \u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\uff1a
- \u200b\u6e90\u200b IP \u200b\u662f\u200b 10.0.11.0/30 \u200b\u6216\u8005\u200b 10.0.11.254 \u200b\u7684\u200b\u62a5\u6587\u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u65f6\u200b\u4e0d\u4f1a\u200b\u505a\u200b SNAT\u3002
- \u200b\u6e90\u200b IP \u200b\u662f\u200b 10.0.11.128/26 \u200b\u5e76\u4e14\u200b\u76ee\u7684\u200b IP \u200b\u662f\u200b 114.114.114.114 \u200b\u6216\u8005\u200b 8.8.8.8 \u200b\u7684\u200b\u62a5\u6587\u200b\u8bbf\u95ee\u200b\u5916\u200b\u7f51\u200b\u65f6\u4f1a\u200b\u505a\u200b SNAT\u3002
\u200b\u5b57\u200b\u6bb5\u200b\u63cf\u8ff0\u200b\uff1a
action\uff1a\u200b\u6ee1\u8db3\u200b match \u200b\u5bf9\u5e94\u200b\u6761\u4ef6\u200b\u7684\u200b\u62a5\u6587\u200b\uff0c\u200b\u4f1a\u200b\u6267\u884c\u200b\u7684\u200b action, action \u200b\u5206\u4e3a\u200b\u4e24\u79cd\u200b forward \u200b\u548c\u200b nat \uff0cforward \u200b\u8868\u793a\u200b\u62a5\u6587\u200b\u51fa\u5916\u200b\u7f51\u4e0d\u505a\u200b SNAT, nat \u200b\u8868\u793a\u200b\u62a5\u6587\u200b\u51fa\u5916\u200b\u7f51\u505a\u200b SNAT\u3002 \u200b\u6ca1\u6709\u200b\u914d\u7f6e\u200b natOutgoingPolicyRules \u200b\u65f6\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u62a5\u6587\u200b\u4ecd\u7136\u200b\u662f\u200b\u505a\u200b SNAT\u3002
match\uff1a\u200b\u8868\u793a\u200b\u62a5\u6587\u200b\u7684\u200b\u5339\u914d\u6bb5\u200b\uff0c\u200b\u5339\u914d\u6bb5\u200b\u6709\u200b srcIPs \u200b\u548c\u200b dstIPs\uff0c \u200b\u8fd9\u91cc\u200b\u8868\u793a\u200b\u4ece\u200b\u5b50\u7f51\u200b\u5185\u5230\u200b\u5916\u7f51\u200b\u65b9\u5411\u200b\u4e0a\u200b\u7684\u200b\u62a5\u6587\u200b\u7684\u200b\u6e90\u200b IP \u200b\u548c\u200b \u200b\u76ee\u7684\u200b IP\u3002match.srcIPs \u200b\u548c\u200b match.dstIPs \u200b\u652f\u6301\u200b\u591a\u4e2a\u200b CIDR \u200b\u548c\u200b IP\uff0c\u200b\u4e4b\u95f4\u200b\u7528\u200b\u9017\u53f7\u200b\u95f4\u9694\u200b\u3002
\u200b\u5982\u679c\u200b\u51fa\u73b0\u200b\u591a\u4e2a\u200b match \u200b\u89c4\u5219\u200b\u91cd\u53e0\u200b\uff0c\u200b\u5219\u200b\u6309\u7167\u200b natOutgoingPolicyRules \u200b\u6570\u7ec4\u200b\u987a\u5e8f\u200b\u8fdb\u884c\u200b\u5339\u914d\u200b\uff0c\u200b\u6700\u5148\u200b\u88ab\u200b\u5339\u914d\u200b\u7684\u200b action \u200b\u4f1a\u200b\u88ab\u200b\u6267\u884c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/node-local-dns/","title":"\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58\u200b\u548c\u200b Kube-OVN \u200b\u9002\u914d","text":"NodeLocal DNSCache \u200b\u662f\u200b\u901a\u8fc7\u200b\u96c6\u7fa4\u200b\u8282\u70b9\u200b\u4e0a\u200b\u4f5c\u4e3a\u200b DaemonSet \u200b\u8fd0\u884c\u200b DNS \u200b\u7f13\u5b58\u200b\u6765\u200b\u63d0\u9ad8\u200b\u96c6\u7fa4\u200b DNS \u200b\u6027\u80fd\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u548c\u200b Kube-OVN \u200b\u9002\u914d\u200b\u3002
"},{"location":"advance/node-local-dns/#dns","title":"\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58\u200b\u90e8\u7f72","text":""},{"location":"advance/node-local-dns/#kubernetes-dns","title":"\u90e8\u7f72\u200b Kubernetes \u200b\u7684\u200b\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58","text":"\u200b\u8be5\u200b\u6b65\u9aa4\u200b\u53c2\u8003\u200b Kubernetes \u200b\u5b98\u7f51\u200b\u914d\u7f6e\u200b Nodelocaldnscache\u3002
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u200b\u811a\u672c\u200b\u90e8\u7f72\u200b\uff1a
#!bin/bash\n\nlocaldns=169.254.20.10\ndomain=cluster.local\nkubedns=10.96.0.10\n\nwget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml\nsed -i \"s/__PILLAR__LOCAL__DNS__/$localdns/g; s/__PILLAR__DNS__DOMAIN__/$domain/g; s/,__PILLAR__DNS__SERVER__//g; s/__PILLAR__CLUSTER__DNS__/$kubedns/g\" nodelocaldns.yaml\n\nkubectl apply -f nodelocaldns.yaml\n
\u200b\u4fee\u6539\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b kubelet \u200b\u914d\u7f6e\u6587\u4ef6\u200b\uff0c\u200b\u5c06\u200b /var/lib/kubelet/config.yaml \u200b\u4e2d\u200b\u7684\u200b clusterDNS \u200b\u5b57\u200b\u6bb5\u200b\u4fee\u6539\u200b\u4e3a\u200b\u672c\u5730\u200b DNS IP 169.254.20.10\uff0c\u200b\u7136\u540e\u200b\u91cd\u542f\u200b kubelet \u200b\u670d\u52a1\u200b\u3002
"},{"location":"advance/node-local-dns/#kube-ovn-dns","title":"Kube-OVN \u200b\u76f8\u5e94\u200b DNS \u200b\u914d\u7f6e","text":"\u200b\u90e8\u7f72\u200b\u597d\u200b Kubernetes \u200b\u7684\u200b Nodelocal DNScache \u200b\u7ec4\u4ef6\u200b\u540e\u200b\uff0c Kube-OVN \u200b\u9700\u8981\u200b\u505a\u51fa\u200b\u4e0b\u9762\u200b\u4fee\u6539\u200b\uff1a
"},{"location":"advance/node-local-dns/#underlay-subnet-u2o","title":"Underlay Subnet \u200b\u5f00\u542f\u200b U2O \u200b\u5f00\u5173","text":"\u200b\u5982\u679c\u200b\u662f\u200b Underlay Subnet \u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u672c\u5730\u200b DNS \u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b U2O \u200b\u529f\u80fd\u200b\uff0c\u200b\u5373\u200b\u5728\u200b kubectl edit subnet {your subnet} \u200b\u4e2d\u200b\u914d\u7f6e\u200b spec.u2oInterconnection = true , \u200b\u5982\u679c\u200b\u662f\u200b Overlay Subnet \u200b\u5219\u200b\u4e0d\u200b\u9700\u8981\u200b\u8fd9\u6b65\u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"advance/node-local-dns/#kube-ovn-controller-dns-ip","title":"\u7ed9\u200b Kube-ovn-controller \u200b\u6307\u5b9a\u200b\u5bf9\u5e94\u200b\u7684\u200b\u672c\u5730\u200b DNS IP","text":"kubectl edit deployment kube-ovn-controller -n kube-system\n
\u200b\u7ed9\u200b spec.template.spec.containers.args \u200b\u589e\u52a0\u200b\u5b57\u200b\u6bb5\u200b --node-local-dns-ip=169.254.20.10
"},{"location":"advance/node-local-dns/#pod","title":"\u91cd\u5efa\u200b\u5df2\u7ecf\u200b\u521b\u5efa\u200b\u7684\u200b Pod","text":"\u200b\u8fd9\u6b65\u200b\u539f\u56e0\u200b\u662f\u200b\u8ba9\u200b Pod \u200b\u91cd\u65b0\u200b\u751f\u6210\u200b /etc/resolv.conf \u200b\u8ba9\u200b nameserver \u200b\u6307\u5411\u200b\u672c\u5730\u200b DNS IP\uff0c\u200b\u5982\u679c\u200b\u6ca1\u6709\u200b\u91cd\u5efa\u200b Pod \u200b\u7684\u200b nameserver \u200b\u5c06\u200b\u4ecd\u7136\u200b\u4f7f\u7528\u200b\u96c6\u7fa4\u200b\u7684\u200b DNS ClusterIP\u3002\u200b\u540c\u65f6\u200b u2o \u200b\u5f00\u5173\u200b\u5982\u679c\u200b\u5f00\u542f\u200b\u4e5f\u200b\u9700\u8981\u200b\u91cd\u5efa\u200b Pod \u200b\u6765\u200b\u91cd\u65b0\u200b\u751f\u6210\u200b Pod \u200b\u7f51\u5173\u200b\u3002
"},{"location":"advance/node-local-dns/#dns_1","title":"\u9a8c\u8bc1\u200b\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58\u200b\u529f\u80fd","text":"\u200b\u4ee5\u4e0a\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b\u540e\u200b\u53ef\u4ee5\u200b\u627e\u5230\u200b Pod \u200b\u9a8c\u8bc1\u200b\u5982\u4e0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b Pod \u200b\u7684\u200b DNS \u200b\u670d\u52a1\u5668\u200b\u662f\u200b\u6307\u5411\u200b\u672c\u5730\u200b 169.254.20.10 \uff0c\u200b\u5e76\u200b\u6210\u529f\u200b\u89e3\u6790\u200b\u57df\u540d\u200b\uff1a
# kubectl exec -it pod1 -- nslookup github.com\nServer: 169.254.20.10\nAddress: 169.254.20.10:53\n\n\nName: github.com\nAddress: 20.205.243.166\n
\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u8282\u70b9\u200b\u6293\u5305\u200b\u9a8c\u8bc1\u200b\u5982\u4e0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b DNS \u200b\u67e5\u8be2\u200b\u62a5\u6587\u200b\u901a\u8fc7\u200b ovn0 \u200b\u7f51\u5361\u200b\u5230\u8fbe\u200b\u672c\u5730\u200b\u7684\u200b DNS \u200b\u670d\u52a1\u200b\uff0cDNS \u200b\u54cd\u5e94\u200b\u62a5\u6587\u200b\u539f\u200b\u8def\u200b\u8fd4\u56de\u200b:
# tcpdump -i any port 53\n\n06:20:00.441889 659246098c56_h P ifindex 17 00:00:00:73:f1:06 ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1291+ A? baidu.com. (27)\n06:20:00.441889 ovn0 In ifindex 7 00:00:00:50:32:cd ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1291+ A? baidu.com. (27)\n06:20:00.441950 659246098c56_h P ifindex 17 00:00:00:73:f1:06 ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1611+ AAAA? baidu.com. (27)\n06:20:00.441950 ovn0 In ifindex 7 00:00:00:50:32:cd ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1611+ AAAA? baidu.com. (27)\n06:20:00.442203 ovn0 Out ifindex 7 00:00:00:52:99:d8 ethertype IPv4 (0x0800), length 145: 169.254.20.10.53 > 10.16.0.2.40230: 1611* 0/1/0 (97)\n06:20:00.442219 659246098c56_h Out ifindex 17 00:00:00:ea:b3:5e ethertype IPv4 (0x0800), length 145: 169.254.20.10.53 > 10.16.0.2.40230: 1611* 0/1/0 (97)\n06:20:00.442273 ovn0 Out ifindex 7 00:00:00:52:99:d8 ethertype IPv4 (0x0800), length 125: 169.254.20.10.53 > 10.16.0.2.40230: 1291* 2/0/0 A 39.156.66.10, A 110.242.68.66 (77)\n06:20:00.442278 659246098c56_h Out ifindex 17 00:00:00:ea:b3:5e ethertype IPv4 (0x0800), length 125: 169.254.20.10.53 > 10.16.0.2.40230: 1291* 2/0/0 A 39.156.66.10, A 110.242.68.66 (77)\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/offload-corigine/","title":"\u82af\u542f\u6e90\u200b\u7f51\u5361\u200b Offload \u200b\u652f\u6301","text":"Kube-OVN \u200b\u5728\u200b\u6700\u7ec8\u200b\u7684\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u4f7f\u7528\u200b OVS \u200b\u6765\u200b\u5b8c\u6210\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u76f8\u5173\u200b\u7684\u200b\u6d41\u8868\u200b\u5339\u914d\u200b\uff0c\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u7b49\u200b\u529f\u80fd\u200b\u4e3a\u200b CPU \u200b\u5bc6\u96c6\u578b\u200b\uff0c\u200b\u5728\u200b\u5927\u200b\u6d41\u91cf\u200b\u4e0b\u4f1a\u200b\u6d88\u8017\u200b\u5927\u91cf\u200b CPU \u200b\u8d44\u6e90\u200b\u5e76\u200b\u5bfc\u81f4\u200b \u200b\u5ef6\u8fdf\u200b\u4e0a\u5347\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u4e0b\u964d\u200b\u3002\u200b\u82af\u542f\u6e90\u200b\u7684\u200b Agilio CX \u200b\u7cfb\u5217\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b\u53ef\u4ee5\u200b\u5c06\u200b OVS \u200b\u76f8\u5173\u200b\u7684\u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\u5230\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u4e2d\u200b\u6267\u884c\u200b\u3002 \u200b\u8be5\u200b\u6280\u672f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u65e0\u9700\u200b\u5bf9\u200b OVS \u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f29\u77ed\u200b\u6570\u636e\u200b\u8def\u5f84\u200b\uff0c\u200b\u907f\u514d\u200b\u5bf9\u200b\u4e3b\u673a\u200b CPU \u200b\u8d44\u6e90\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u5927\u5e45\u200b\u964d\u4f4e\u200b\u5ef6\u8fdf\u200b\u5e76\u200b\u663e\u8457\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002
"},{"location":"advance/offload-corigine/#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":" - \u200b\u82af\u542f\u6e90\u200b Agilio CX \u200b\u7cfb\u5217\u200b\u7684\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u3002
- CentOS 8 Stream \u200b\u6216\u200b\u4e0a\u6e38\u200b Linux 5.7 \u200b\u4ee5\u4e0a\u200b\u5185\u6838\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u5f53\u524d\u200b\u7f51\u5361\u200b\u4e0d\u200b\u652f\u6301\u200b
dp_hash \u200b\u548c\u200b hash \u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\uff0c\u200b\u9700\u200b\u5173\u95ed\u200b OVN LB \u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/offload-corigine/#sr-iov","title":"\u8bbe\u7f6e\u200b\u7f51\u5361\u200b SR-IOV \u200b\u6a21\u5f0f","text":"\u200b\u7528\u6237\u200b\u53ef\u200b\u53c2\u8003\u200b Agilio Open vSwitch TC User Guide \u200b\u83b7\u5f97\u200b\u8be5\u200b\u7f51\u5361\u200b\u4f7f\u7528\u200b\u7684\u200b\u66f4\u200b\u591a\u200b\u8be6\u7ec6\u4fe1\u606f\u200b\u3002
\u200b\u4fdd\u5b58\u200b\u4e0b\u5217\u200b\u811a\u672c\u200b\u7528\u4e8e\u200b\u540e\u7eed\u200b\u6267\u884c\u200b\u56fa\u4ef6\u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b\uff1a
#!/bin/bash\nDEVICE=${1}\nDEFAULT_ASSY=scan\nASSY=${2:-${DEFAULT_ASSY}}\nAPP=${3:-flower}\n\nif [ \"x${DEVICE}\" = \"x\" -o ! -e /sys/class/net/${DEVICE} ]; then\n echo Syntax: ${0} device [ASSY] [APP]\n echo\n echo This script associates the TC Offload firmware\n echo with a Netronome SmartNIC.\n echo\n echo device: is the network device associated with the SmartNIC\n echo ASSY: defaults to ${DEFAULT_ASSY}\n echo APP: defaults to flower. flower-next is supported if updated\n echo firmware has been installed.\n exit 1\nfi\n\n# It is recommended that the assembly be determined by inspection\n# The following code determines the value via the debug interface\nif [ \"${ASSY}x\" = \"scanx\" ]; then\n ethtool -W ${DEVICE} 0\n DEBUG=$(ethtool -w ${DEVICE} data /dev/stdout | strings)\n SERIAL=$(echo \"${DEBUG}\" | grep \"^SN:\")\n ASSY=$(echo ${SERIAL} | grep -oE AMDA[0-9]{4})\nfi\n\nPCIADDR=$(basename $(readlink -e /sys/class/net/${DEVICE}/device))\nFWDIR=\"/lib/firmware/netronome\"\n\n# AMDA0081 and AMDA0097 uses the same firmware\nif [ \"${ASSY}\" = \"AMDA0081\" ]; then\n if [ ! -e ${FWDIR}/${APP}/nic_AMDA0081.nffw ]; then\n ln -sf nic_AMDA0097.nffw ${FWDIR}/${APP}/nic_AMDA0081.nffw\n fi\nfi\n\nFW=\"${FWDIR}/pci-${PCIADDR}.nffw\"\nln -sf \"${APP}/nic_${ASSY}.nffw\" \"${FW}\"\n\n# insert distro-specific initramfs section here...\n
\u200b\u5207\u6362\u200b\u56fa\u4ef6\u200b\u9009\u9879\u200b\u5e76\u200b\u91cd\u8f7d\u200b\u9a71\u52a8\u200b\uff1a
./agilio-tc-fw-select.sh ens47np0 scan\nrmmod nfp\nmodprobe nfp\n
\u200b\u68c0\u67e5\u200b\u53ef\u7528\u200b VF \u200b\u6570\u91cf\u200b\uff0c\u200b\u5e76\u200b\u521b\u5efa\u200b VF\uff1a
# cat /sys/class/net/ens3/device/sriov_totalvfs\n65\n\n# echo 4 > /sys/class/net/ens47/device/sriov_numvfs\n
"},{"location":"advance/offload-corigine/#sr-iov-device-plugin","title":"\u5b89\u88c5\u200b SR-IOV Device Plugin","text":"\u200b\u7531\u4e8e\u200b\u6bcf\u4e2a\u200b\u673a\u5668\u200b\u7684\u200b VF \u200b\u6570\u91cf\u200b\u6709\u9650\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4f7f\u7528\u200b\u52a0\u901f\u200b\u7684\u200b Pod \u200b\u4f1a\u200b\u5360\u7528\u200b VF \u200b\u8d44\u6e90\u200b\uff0c\u200b\u6211\u4eec\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b SR-IOV Device Plugin \u200b\u7ba1\u7406\u200b\u76f8\u5e94\u200b\u8d44\u6e90\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u8c03\u5ea6\u200b\u5668\u200b\u77e5\u9053\u200b\u5982\u4f55\u200b\u6839\u636e\u200b \u200b\u8d44\u6e90\u200b\u8fdb\u884c\u200b\u8c03\u5ea6\u200b\u3002
\u200b\u521b\u5efa\u200b SR-IOV \u200b\u76f8\u5173\u200b Configmap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sriovdp-config\n namespace: kube-system\ndata:\n config.json: |\n {\n \"resourceList\": [{\n \"resourcePrefix\": \"corigine.com\",\n \"resourceName\": \"agilio_sriov\",\n \"selectors\": {\n \"vendors\": [\"19ee\"],\n \"devices\": [\"6003\"],\n \"drivers\": [\"nfp_netvf\"]\n }\n }\n ]\n }\n
\u200b\u53c2\u8003\u200b SR-IOV \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b:
kubectl apply -f https://raw.githubusercontent.com/intel/sriov-network-device-plugin/master/deployments/k8s-v1.16/sriovdp-daemonset.yaml\n
\u200b\u68c0\u67e5\u200b SR-IOV \u200b\u8d44\u6e90\u200b\u662f\u5426\u200b\u5df2\u7ecf\u200b\u6ce8\u518c\u200b\u5230\u200b Kubernetes Node \u200b\u4e2d\u200b\uff1a
kubectl describe no containerserver | grep corigine\n\ncorigine.com/agilio_sriov: 4\ncorigine.com/agilio_sriov: 4\ncorigine.com/agilio_sriov 0 0\n
"},{"location":"advance/offload-corigine/#multus-cni","title":"\u5b89\u88c5\u200b Multus-CNI","text":"SR-IOV Device Plugin \u200b\u8c03\u5ea6\u200b\u65f6\u200b\u83b7\u5f97\u200b\u7684\u200b\u8bbe\u5907\u200b ID \u200b\u9700\u8981\u200b\u901a\u8fc7\u200b Multus-CNI \u200b\u4f20\u9012\u200b\u7ed9\u200b Kube-OVN\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b Multus-CNI \u200b\u914d\u5408\u200b\u5b8c\u6210\u200b\u76f8\u5173\u200b\u4efb\u52a1\u200b\u3002
\u200b\u53c2\u8003\u200b Multus-CNI \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset.yml\n
\u200b\u521b\u5efa\u200b NetworkAttachmentDefinition\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: default\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/resourceName: corigine.com/agilio_sriov\nspec:\n config: '{\n \"cniVersion\": \"0.3.1\",\n \"name\": \"kube-ovn\",\n \"plugins\":[\n {\n \"type\":\"kube-ovn\",\n \"server_socket\":\"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"default.default.ovn\"\n },\n {\n \"type\":\"portmap\",\n \"capabilities\":{\n \"portMappings\":true\n }\n }\n ]\n}'\n
provider: \u200b\u683c\u5f0f\u200b\u4e3a\u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {name}.{namespace}.ovn\u3002
"},{"location":"advance/offload-corigine/#kube-ovn","title":"Kube-OVN \u200b\u4e2d\u200b\u5f00\u542f\u200b\u5378\u8f7d\u200b\u6a21\u5f0f","text":"\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u4fee\u6539\u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\uff0cIFACE \u200b\u9700\u8981\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u8be5\u200b\u7f51\u5361\u200b\u9700\u8981\u200b\u6709\u200b\u53ef\u200b\u8def\u7531\u200b IP\uff1a
ENABLE_MIRROR=${ENABLE_MIRROR:-false}\nHW_OFFLOAD=${HW_OFFLOAD:-true}\nENABLE_LB=${ENABLE_LB:-false}\nIFACE=\"ensp01\"\n
\u200b\u5b89\u88c5\u200b Kube-OVN\uff1a
bash install.sh\n
"},{"location":"advance/offload-corigine/#vf-pod","title":"\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u7f51\u5361\u200b\u7684\u200b Pod","text":"\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5982\u4e0b\u200b yaml \u200b\u683c\u5f0f\u200b\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u8fdb\u884c\u200b\u7f51\u7edc\u200b\u5378\u8f7d\u200b\u52a0\u901f\u200b\u7684\u200b Pod:
apiVersion: v1\nkind: Pod\nmetadata:\n name: nginx\n namespace: default\n annotations:\n v1.multus-cni.io/default-network: default/default\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n resources:\n requests:\n corigine.com/agilio_sriov: '1'\n limits:\n corigine.com/agilio_sriov: '1'\n
v1.multus-cni.io/default-network: \u200b\u4e3a\u200b\u4e0a\u200b\u4e00\u200b\u6b65\u9aa4\u200b\u4e2d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {namespace}/{name}\u3002
\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5728\u200b Pod \u200b\u8fd0\u884c\u200b\u8282\u70b9\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\u4e2d\u200b\u8fd0\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u89c2\u5bdf\u200b\u5378\u8f7d\u200b\u662f\u5426\u200b\u6210\u529f\u200b\uff1a
# ovs-appctl dpctl/dump-flows -m type=offloaded\nufid:91cc45de-e7e9-4935-8f82-1890430b0f66, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(5b45c61b307e_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:c5:6d:4e,dst=00:00:00:e7:16:ce),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:941539, bytes:62142230, used:0.260s, offloaded:yes, dp:tc, actions:54235e5753b8_h\nufid:e00768d7-e652-4d79-8182-3291d852b791, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(54235e5753b8_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:e7:16:ce,dst=00:00:00:c5:6d:4e),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:82386659, bytes:115944854173, used:0.260s, offloaded:yes, dp:tc, actions:5b45c61b307e_h\n
\u200b\u5982\u679c\u200b\u6709\u200b offloaded:yes, dp:tc \u200b\u5185\u5bb9\u200b\u8bc1\u660e\u200b\u5378\u8f7d\u200b\u6210\u529f\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/offload-mellanox/","title":"Mellanox \u200b\u7f51\u5361\u200b Offload \u200b\u652f\u6301","text":"Kube-OVN \u200b\u5728\u200b\u6700\u7ec8\u200b\u7684\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u4f7f\u7528\u200b OVS \u200b\u6765\u200b\u5b8c\u6210\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u76f8\u5173\u200b\u7684\u200b\u6d41\u8868\u200b\u5339\u914d\u200b\uff0c\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u7b49\u200b\u529f\u80fd\u200b\u4e3a\u200b CPU \u200b\u5bc6\u96c6\u578b\u200b\uff0c\u200b\u5728\u200b\u5927\u200b\u6d41\u91cf\u200b\u4e0b\u4f1a\u200b\u6d88\u8017\u200b\u5927\u91cf\u200b CPU \u200b\u8d44\u6e90\u200b\u5e76\u200b\u5bfc\u81f4\u200b \u200b\u5ef6\u8fdf\u200b\u4e0a\u5347\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u4e0b\u964d\u200b\u3002Mellanox \u200b\u7684\u200b Accelerated Switching And Packet Processing (ASAP\u00b2) \u200b\u6280\u672f\u200b\u53ef\u4ee5\u200b\u5c06\u200b OVS \u200b\u76f8\u5173\u200b\u7684\u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\u5230\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u5185\u200b\u7684\u200b eSwitch \u200b\u4e0a\u200b\u6267\u884c\u200b\u3002\u200b\u8be5\u200b\u6280\u672f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u65e0\u9700\u200b\u5bf9\u200b OVS \u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f29\u77ed\u200b\u6570\u636e\u200b\u8def\u5f84\u200b\uff0c\u200b\u907f\u514d\u200b\u5bf9\u200b\u4e3b\u673a\u200b CPU \u200b\u8d44\u6e90\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u5927\u5e45\u200b\u964d\u4f4e\u200b\u5ef6\u8fdf\u200b\u5e76\u200b\u663e\u8457\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002
"},{"location":"advance/offload-mellanox/#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":" - Mellanox CX5/CX6/CX7/BlueField \u200b\u7b49\u200b\u652f\u6301\u200b ASAP\u00b2 \u200b\u7684\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u3002
- CentOS 8 Stream \u200b\u6216\u200b\u4e0a\u6e38\u200b Linux 5.7 \u200b\u4ee5\u4e0a\u200b\u5185\u6838\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u5f53\u524d\u200b\u7f51\u5361\u200b\u4e0d\u200b\u652f\u6301\u200b
dp_hash \u200b\u548c\u200b hash \u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\uff0c\u200b\u9700\u200b\u5173\u95ed\u200b OVN LB \u200b\u529f\u80fd\u200b\u3002 - \u200b\u4e3a\u4e86\u200b\u652f\u6301\u200b\u5378\u8f7d\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u7f51\u5361\u200b\u4e0d\u80fd\u200b\u505a\u200b bond\u3002
"},{"location":"advance/offload-mellanox/#sr-iov-device-plugin","title":"\u914d\u7f6e\u200b SR-IOV \u200b\u548c\u200b Device Plugin","text":"Mellanox \u200b\u7f51\u5361\u200b\u652f\u6301\u200b\u4e24\u79cd\u200b\u914d\u7f6e\u200b offload \u200b\u7684\u200b\u65b9\u5f0f\u200b\uff0c\u200b\u4e00\u79cd\u200b\u624b\u52a8\u200b\u914d\u7f6e\u200b\u7f51\u5361\u200b SR-IOV \u200b\u548c\u200b Device Plugin\uff0c\u200b\u53e6\u200b\u4e00\u79cd\u200b\u901a\u8fc7\u200b sriov-network-operator \u200b\u8fdb\u884c\u200b\u81ea\u52a8\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"advance/offload-mellanox/#sr-iov-device-plugin_1","title":"\u624b\u52a8\u200b\u914d\u7f6e\u200b SR-IOV \u200b\u548c\u200b Device Plugin","text":"\u200b\u67e5\u8be2\u200b\u7f51\u5361\u200b\u7684\u200b\u8bbe\u5907\u200b ID\uff0c\u200b\u4e0b\u9762\u200b\u7684\u200b\u4f8b\u5b50\u200b\u4e2d\u4e3a\u200b 42:00.0\uff1a
# lspci -nn | grep ConnectX-5\n42:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n
\u200b\u6839\u636e\u200b\u8bbe\u5907\u200b ID \u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7f51\u5361\u200b\uff1a
# ls -l /sys/class/net/ | grep 42:00.0\nlrwxrwxrwx. 1 root root 0 Jul 22 23:16 p4p1 -> ../../devices/pci0000:40/0000:40:02.0/0000:42:00.0/net/p4p1\n
\u200b\u68c0\u67e5\u200b\u53ef\u7528\u200b VF \u200b\u6570\u91cf\u200b\uff1a
# cat /sys/class/net/p4p1/device/sriov_totalvfs\n8\n
\u200b\u521b\u5efa\u200b VF\uff0c\u200b\u603b\u6570\u200b\u4e0d\u8981\u200b\u8d85\u8fc7\u200b\u4e0a\u9762\u200b\u67e5\u8be2\u200b\u51fa\u200b\u7684\u200b\u6570\u91cf\u200b\uff1a
# echo '4' > /sys/class/net/p4p1/device/sriov_numvfs\n# ip link show p4p1\n10: p4p1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000\n link/ether b8:59:9f:c1:ec:12 brd ff:ff:ff:ff:ff:ff\n vf 0 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 1 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 2 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 3 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n# ip link set p4p1 up\n
\u200b\u627e\u5230\u200b\u4e0a\u8ff0\u200b VF \u200b\u5bf9\u5e94\u200b\u7684\u200b\u8bbe\u5907\u200b ID\uff1a
# lspci -nn | grep ConnectX-5\n42:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n42:00.1 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n42:00.2 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.3 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.4 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.5 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n
\u200b\u5c06\u200b VF \u200b\u4ece\u200b\u9a71\u52a8\u200b\u4e2d\u89e3\u200b\u7ed1\u200b\uff1a
echo 0000:42:00.2 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.3 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.4 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.5 > /sys/bus/pci/drivers/mlx5_core/unbind\n
\u200b\u5f00\u542f\u200b eSwitch \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u786c\u4ef6\u200b\u5378\u8f7d\u200b\uff1a
devlink dev eswitch set pci/0000:42:00.0 mode switchdev\nethtool -K enp66s0f0 hw-tc-offload on\n
\u200b\u91cd\u65b0\u200b\u7ed1\u5b9a\u200b\u9a71\u52a8\u200b\uff0c\u200b\u5b8c\u6210\u200b VF \u200b\u8bbe\u7f6e\u200b\uff1a
echo 0000:42:00.2 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.3 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.4 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.5 > /sys/bus/pci/drivers/mlx5_core/bind\n
NetworkManager \u200b\u7684\u200b\u4e00\u4e9b\u200b\u884c\u4e3a\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u9a71\u52a8\u200b\u5f02\u5e38\u200b\uff0c\u200b\u5982\u679c\u200b\u5378\u8f7d\u200b\u51fa\u73b0\u200b\u95ee\u9898\u200b\u5efa\u8bae\u200b\u5173\u95ed\u200b NetworkManager \u200b\u518d\u200b\u8fdb\u884c\u200b\u5c1d\u8bd5\u200b\uff1a
systemctl stop NetworkManager\nsystemctl disable NetworkManager\n
\u200b\u7531\u4e8e\u200b\u6bcf\u4e2a\u200b\u673a\u5668\u200b\u7684\u200b VF \u200b\u6570\u91cf\u200b\u4f18\u5148\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4f7f\u7528\u200b\u52a0\u901f\u200b\u7684\u200b Pod \u200b\u4f1a\u200b\u5360\u7528\u200b VF \u200b\u8d44\u6e90\u200b\uff0c\u200b\u6211\u4eec\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b SR-IOV Device Plugin \u200b\u7ba1\u7406\u200b\u76f8\u5e94\u200b\u8d44\u6e90\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u8c03\u5ea6\u200b\u5668\u200b\u77e5\u9053\u200b\u5982\u4f55\u200b\u6839\u636e\u200b \u200b\u8d44\u6e90\u200b\u8fdb\u884c\u200b\u8c03\u5ea6\u200b\u3002
\u200b\u521b\u5efa\u200b SR-IOV \u200b\u76f8\u5173\u200b Configmap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sriovdp-config\n namespace: kube-system\ndata:\n config.json: |\n {\n \"resourceList\": [{\n \"resourcePrefix\": \"mellanox.com\",\n \"resourceName\": \"cx5_sriov_switchdev\",\n \"selectors\": {\n \"vendors\": [\"15b3\"],\n \"devices\": [\"1018\"],\n \"drivers\": [\"mlx5_core\"]\n }\n }\n ]\n }\n
\u200b\u53c2\u8003\u200b SR-IOV \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b:
kubectl apply -f https://raw.githubusercontent.com/intel/sriov-network-device-plugin/master/deployments/k8s-v1.16/sriovdp-daemonset.yaml\n
\u200b\u68c0\u67e5\u200b SR-IOV \u200b\u8d44\u6e90\u200b\u662f\u5426\u200b\u5df2\u7ecf\u200b\u6ce8\u518c\u200b\u5230\u200b Kubernetes Node \u200b\u4e2d\u200b\uff1a
kubectl describe node kube-ovn-01 | grep mellanox\n\nmellanox.com/cx5_sriov_switchdev: 4\nmellanox.com/cx5_sriov_switchdev: 4\nmellanox.com/cx5_sriov_switchdev 0 0\n
"},{"location":"advance/offload-mellanox/#sriov-network-operator-sr-iov-device-plugin","title":"\u4f7f\u7528\u200b sriov-network-operator \u200b\u914d\u7f6e\u200b SR-IOV \u200b\u548c\u200b Device Plugin","text":"\u200b\u5b89\u88c5\u200b node-feature-discovery \u200b\u81ea\u52a8\u68c0\u6d4b\u200b\u786c\u4ef6\u200b\u7684\u200b\u529f\u80fd\u200b\u548c\u200b\u7cfb\u7edf\u914d\u7f6e\u200b:
kubectl apply -k https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.11.3\n
\u200b\u6216\u8005\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff0c\u200b\u624b\u52a8\u200b\u7ed9\u200b\u6709\u200b offload \u200b\u80fd\u529b\u200b\u7684\u200b\u7f51\u5361\u200b\u589e\u52a0\u200b annotation:
kubectl label nodes [offloadNicNode] feature.node.kubernetes.io/network-sriov.capable=true\n
\u200b\u514b\u9686\u200b\u4ee3\u7801\u200b\u4ed3\u5e93\u200b\u5e76\u200b\u5b89\u88c5\u200b Operator\uff1a
git clone --depth=1 https://github.com/kubeovn/sriov-network-operator.git\nkubectl apply -k sriov-network-operator/deploy\n
\u200b\u68c0\u67e5\u200b Operator \u200b\u7ec4\u4ef6\u200b\u662f\u5426\u200b\u5de5\u4f5c\u200b\u6b63\u5e38\u200b\uff1a
# kubectl get -n kube-system all | grep sriov\nNAME READY STATUS RESTARTS AGE\npod/sriov-network-config-daemon-bf9nt 1/1 Running 0 8s\npod/sriov-network-operator-54d7545f65-296gb 1/1 Running 0 10s\n\nNAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE\ndaemonset.apps/sriov-network-config-daemon 1 1 1 1 1 beta.kubernetes.io/os=linux,feature.node.kubernetes.io/network-sriov.capable=true 8s\n\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps/sriov-network-operator 1/1 1 1 10s\n\nNAME DESIRED CURRENT READY AGE\nreplicaset.apps/sriov-network-operator-54d7545f65 1 1 1 10s\n
\u200b\u68c0\u67e5\u200b SriovNetworkNodeState\uff0c\u200b\u4e0b\u9762\u200b\u4ee5\u200b node1 \u200b\u8282\u70b9\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u8be5\u200b\u8282\u70b9\u200b\u4e0a\u200b\u6709\u200b\u4e24\u4e2a\u200b Mellanox \u200b\u7f51\u5361\u200b\uff1a
# kubectl get sriovnetworknodestates.sriovnetwork.openshift.io -n kube-system node1 -o yaml\napiVersion: sriovnetwork.openshift.io/v1\nkind: SriovNetworkNodeState\nspec: ...\nstatus:\n interfaces:\n - deviceID: \"1017\"\n driver: mlx5_core\n mtu: 1500\n pciAddress: \"0000:5f:00.0\"\n totalvfs: 8\n vendor: \"15b3\"\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:bb\n name: ens41f0np0\n - deviceID: \"1017\"\n driver: mlx5_core\n mtu: 1500\n pciAddress: \"0000:5f:00.1\"\n totalvfs: 8\n vendor: \"15b3\"\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:bb\n name: ens41f1np1\n
\u200b\u521b\u5efa\u200b SriovNetworkNodePolicy \u200b\u8d44\u6e90\u200b\uff0c\u200b\u5e76\u200b\u901a\u8fc7\u200b nicSelector \u200b\u9009\u62e9\u200b\u8981\u200b\u7ba1\u7406\u200b\u7684\u200b\u7f51\u5361\u200b\uff1a
apiVersion: sriovnetwork.openshift.io/v1\nkind: SriovNetworkNodePolicy\nmetadata:\n name: policy\n namespace: kube-system\nspec:\n nodeSelector:\n feature.node.kubernetes.io/network-sriov.capable: \"true\"\n eSwitchMode: switchdev\n numVfs: 3\n nicSelector:\n pfNames:\n - ens41f0np0\n - ens41f1np1\n resourceName: cx_sriov_switchdev\n
\u200b\u518d\u6b21\u200b\u68c0\u67e5\u200b SriovNetworkNodeState \u200b\u7684\u200b status \u200b\u5b57\u200b\u6bb5\u200b\uff1a
# kubectl get sriovnetworknodestates.sriovnetwork.openshift.io -n kube-system node1 -o yaml\n\n...\nspec:\n interfaces:\n - eSwitchMode: switchdev\n name: ens41f0np0\n numVfs: 3\n pciAddress: 0000:5f:00.0\n vfGroups:\n - policyName: policy\n vfRange: 0-2\n resourceName: cx_sriov_switchdev\n - eSwitchMode: switchdev\n name: ens41f1np1\n numVfs: 3\n pciAddress: 0000:5f:00.1\n vfGroups:\n - policyName: policy\n vfRange: 0-2\n resourceName: cx_sriov_switchdev\nstatus:\n interfaces\n - Vfs:\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.2\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.3\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.4\n vendor: \"15b3\"\n deviceID: \"1017\"\n driver: mlx5_core\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:ab\n mtu: 1500\n name: ens41f0np0\n numVfs: 3\n pciAddress: 0000:5f:00.0\n totalvfs: 3\n vendor: \"15b3\"\n - Vfs:\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.5\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.6\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.7\n vendor: \"15b3\"\n deviceID: \"1017\"\n driver: mlx5_core\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:bb\n mtu: 1500\n name: ens41f1np1\n numVfs: 3\n pciAddress: 0000:5f:00.1\n totalvfs: 3\n vendor: \"15b3\"\n
\u200b\u68c0\u67e5\u200b VF \u200b\u7684\u200b\u72b6\u6001\u200b\uff1a
# lspci -nn | grep ConnectX\n5f:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n5f:00.1 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n5f:00.2 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.3 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.4 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.5 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.6 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.7 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n
\u200b\u68c0\u67e5\u200b PF \u200b\u5de5\u4f5c\u200b\u6a21\u5f0f\u200b\uff1a
# cat /sys/class/net/ens41f0np0/compat/devlink/mode\nswitchdev\n
"},{"location":"advance/offload-mellanox/#multus-cni","title":"\u5b89\u88c5\u200b Multus-CNI","text":"SR-IOV Device Plugin \u200b\u8c03\u5ea6\u200b\u65f6\u200b\u83b7\u5f97\u200b\u7684\u200b\u8bbe\u5907\u200b ID \u200b\u9700\u8981\u200b\u901a\u8fc7\u200b Multus-CNI \u200b\u4f20\u9012\u200b\u7ed9\u200b Kube-OVN\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b Multus-CNI \u200b\u914d\u5408\u200b\u5b8c\u6210\u200b\u76f8\u5173\u200b\u4efb\u52a1\u200b\u3002
\u200b\u53c2\u8003\u200b Multus-CNI \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset.yml\n
\u200b\u521b\u5efa\u200b NetworkAttachmentDefinition\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: default\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/resourceName: mellanox.com/cx5_sriov_switchdev\nspec:\n config: '{\n \"cniVersion\": \"0.3.1\",\n \"name\": \"kube-ovn\",\n \"plugins\":[\n {\n \"type\":\"kube-ovn\",\n \"server_socket\":\"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"default.default.ovn\"\n },\n {\n \"type\":\"portmap\",\n \"capabilities\":{\n \"portMappings\":true\n }\n }\n ]\n}'\n
provider: \u200b\u683c\u5f0f\u200b\u4e3a\u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {name}.{namespace}.ovn\u3002
"},{"location":"advance/offload-mellanox/#kube-ovn","title":"Kube-OVN \u200b\u4e2d\u200b\u5f00\u542f\u200b\u5378\u8f7d\u200b\u6a21\u5f0f","text":"\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u4fee\u6539\u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\uff0cIFACE \u200b\u9700\u8981\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u8be5\u200b\u7f51\u5361\u200b\u9700\u8981\u200b\u6709\u200b\u53ef\u200b\u8def\u7531\u200b IP\uff1a
ENABLE_MIRROR=${ENABLE_MIRROR:-false}\nHW_OFFLOAD=${HW_OFFLOAD:-true}\nENABLE_LB=${ENABLE_LB:-false}\nIFACE=\"ensp01\"\n
\u200b\u5b89\u88c5\u200b Kube-OVN\uff1a
bash install.sh\n
"},{"location":"advance/offload-mellanox/#vf-pod","title":"\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u7f51\u5361\u200b\u7684\u200b Pod","text":"\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5982\u4e0b\u200b yaml \u200b\u683c\u5f0f\u200b\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u8fdb\u884c\u200b\u7f51\u7edc\u200b\u5378\u8f7d\u200b\u52a0\u901f\u200b\u7684\u200b Pod:
apiVersion: v1\nkind: Pod\nmetadata:\n name: nginx\n annotations:\n v1.multus-cni.io/default-network: default/default\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n resources:\n requests:\n mellanox.com/cx5_sriov_switchdev: '1'\n limits:\n mellanox.com/cx5_sriov_switchdev: '1'\n
v1.multus-cni.io/default-network: \u200b\u4e3a\u200b\u4e0a\u200b\u4e00\u200b\u6b65\u9aa4\u200b\u4e2d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {namespace}/{name}\u3002
\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5728\u200b Pod \u200b\u8fd0\u884c\u200b\u8282\u70b9\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\u4e2d\u200b\u8fd0\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u89c2\u5bdf\u200b\u5378\u8f7d\u200b\u662f\u5426\u200b\u6210\u529f\u200b\uff1a
# ovs-appctl dpctl/dump-flows -m type=offloaded\nufid:91cc45de-e7e9-4935-8f82-1890430b0f66, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(5b45c61b307e_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:c5:6d:4e,dst=00:00:00:e7:16:ce),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:941539, bytes:62142230, used:0.260s, offloaded:yes, dp:tc, actions:54235e5753b8_h\nufid:e00768d7-e652-4d79-8182-3291d852b791, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(54235e5753b8_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:e7:16:ce,dst=00:00:00:c5:6d:4e),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:82386659, bytes:115944854173, used:0.260s, offloaded:yes, dp:tc, actions:5b45c61b307e_h\n
\u200b\u5982\u679c\u200b\u6709\u200b offloaded:yes, dp:tc \u200b\u5185\u5bb9\u200b\u8bc1\u660e\u200b\u5378\u8f7d\u200b\u6210\u529f\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/overlay-with-route/","title":"Overlay \u200b\u4e0b\u200b\u8def\u7531\u200b\u65b9\u5f0f\u200b\u7f51\u7edc\u200b\u6253\u901a","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u7f51\u7edc\u200b\u73af\u5883\u200b\u4e0d\u200b\u652f\u6301\u200b Underlay \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u4f46\u662f\u200b\u4f9d\u7136\u200b\u9700\u8981\u200b Pod \u200b\u80fd\u200b\u548c\u200b\u5916\u90e8\u200b\u8bbe\u65bd\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b IP \u200b\u8fdb\u884c\u200b\u4e92\u8bbf\u200b\uff0c \u200b\u8fd9\u65f6\u5019\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u8def\u7531\u200b\u65b9\u5f0f\u200b\u5c06\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u5916\u90e8\u200b\u8054\u901a\u200b\u3002
\u200b\u8def\u7531\u200b\u6a21\u5f0f\u200b\u53ea\u200b\u652f\u6301\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Overlay \u200b\u7f51\u7edc\u200b\u548c\u200b\u5916\u90e8\u200b\u6253\u901a\u200b\uff0c\u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cPod IP \u200b\u4f1a\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u653e\u5f00\u200b\u5173\u4e8e\u200b\u6e90\u5730\u5740\u200b\u548c\u200b\u76ee\u200b\u5730\u5740\u200b\u7684\u200b IP \u200b\u68c0\u67e5\u200b\u3002
"},{"location":"advance/overlay-with-route/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u6b64\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u4e3b\u673a\u200b\u9700\u8981\u200b\u5f00\u653e\u200b
ip_forward\u3002 - \u200b\u68c0\u67e5\u200b\u4e3b\u673a\u200b iptables \u200b\u89c4\u5219\u200b\u4e2d\u200b\u662f\u5426\u200b\u5728\u200b forward \u200b\u94fe\u4e2d\u200b\u662f\u5426\u200b\u6709\u200b Drop \u200b\u89c4\u5219\u200b\uff0c\u200b\u9700\u8981\u200b\u653e\u884c\u200b\u5bb9\u5668\u200b\u76f8\u5173\u200b\u6d41\u91cf\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u53ef\u80fd\u200b\u5b58\u5728\u200b\u975e\u5bf9\u79f0\u200b\u8def\u7531\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0c\u200b\u4e3b\u673a\u200b\u9700\u200b\u653e\u884c\u200b ct \u200b\u72b6\u6001\u200b\u4e3a\u200b
INVALID \u200b\u7684\u200b\u6570\u636e\u5305\u200b\u3002
"},{"location":"advance/overlay-with-route/#_2","title":"\u8bbe\u7f6e\u200b\u6b65\u9aa4","text":"\u200b\u5bf9\u4e8e\u200b\u9700\u8981\u200b\u5bf9\u5916\u200b\u76f4\u63a5\u200b\u8def\u7531\u200b\u7684\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u5b50\u7f51\u200b\u7684\u200b natOutgoing \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\uff0c\u200b\u5173\u95ed\u200b nat \u200b\u6620\u5c04\u200b\uff0c\u200b\u4f7f\u5f97\u200b Pod IP \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: routed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: distributed\n natOutgoing: false\n
\u200b\u6b64\u65f6\u200b\uff0cPod \u200b\u7684\u200b\u6570\u636e\u5305\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e3b\u673a\u200b\u8def\u7531\u200b\u5230\u8fbe\u200b\u5bf9\u7aef\u200b\u8282\u70b9\u200b\uff0c\u200b\u4f46\u662f\u200b\u5bf9\u7aef\u200b\u8282\u70b9\u200b\u8fd8\u200b\u4e0d\u200b\u77e5\u9053\u200b\u56de\u7a0b\u200b\u6570\u636e\u5305\u200b\u5e94\u8be5\u200b\u53d1\u9001\u5230\u200b\u54ea\u91cc\u200b\uff0c\u200b\u9700\u8981\u200b\u6dfb\u52a0\u200b\u56de\u7a0b\u200b\u8def\u7531\u200b\u3002
\u200b\u5982\u679c\u200b\u5bf9\u7aef\u200b\u4e3b\u673a\u200b\u548c\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u6211\u4eec\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u5728\u200b\u5bf9\u200b\u7aef\u200b\u4e3b\u673a\u200b\u6dfb\u52a0\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u5c06\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u6307\u5411\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b\u4efb\u610f\u200b\u4e00\u53f0\u200b\u673a\u5668\u200b\u3002
ip route add 10.166.0.0/16 via 192.168.2.10 dev eth0\n
10.166.0.0/16 \u200b\u4e3a\u200b\u5bb9\u5668\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\uff0c192.168.2.10 \u200b\u4e3a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u5185\u200b\u4efb\u610f\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u3002
\u200b\u82e5\u200b\u5bf9\u200b\u7aef\u200b\u4e3b\u673a\u200b\u548c\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u4e0d\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5219\u200b\u9700\u8981\u200b\u5728\u200b\u8def\u7531\u5668\u200b\u4e0a\u200b\u914d\u7f6e\u200b\u76f8\u5e94\u200b\u7684\u200b\u89c4\u5219\u200b\uff0c\u200b\u901a\u8fc7\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u6253\u901a\u200b\u3002
\u200b\u6ce8\u610f\u200b\uff1a \u200b\u6307\u5b9a\u200b\u67d0\u4e2a\u200b\u8282\u70b9\u200b IP \u200b\u5b58\u5728\u200b\u5355\u70b9\u6545\u969c\u200b\u7684\u200b\u53ef\u80fd\u200b\uff0c\u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u505a\u5230\u200b\u5feb\u901f\u200b\u7684\u200b\u6545\u969c\u200b\u5207\u6362\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Keepalived \u200b\u7ed9\u200b\u591a\u4e2a\u200b\u8282\u70b9\u200b\u8bbe\u7f6e\u200b VIP\uff0c\u200b\u540c\u65f6\u200b\u5c06\u200b\u8def\u7531\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u6307\u5411\u200b VIP\u3002
\u200b\u5728\u200b\u4e00\u4e9b\u200b\u865a\u62df\u5316\u200b\u73af\u5883\u200b\u4e2d\u200b\uff0c\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u4f1a\u200b\u5c06\u200b\u975e\u5bf9\u79f0\u200b\u6d41\u91cf\u200b\u8bc6\u522b\u200b\u4e3a\u200b\u975e\u6cd5\u200b\u6d41\u91cf\u200b\u5e76\u200b\u4e22\u5f03\u200b\u3002 \u200b\u6b64\u65f6\u200b\u9700\u8981\u200b\u5c06\u200b Subnet \u200b\u7684\u200b gatewayType \u200b\u8c03\u6574\u200b\u4e3a\u200b centralized\uff0c\u200b\u5e76\u200b\u5728\u200b\u8def\u7531\u200b\u8bbe\u7f6e\u200b\u65f6\u200b\u5c06\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b gatewayNode \u200b\u8282\u70b9\u200b\u7684\u200b IP\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: routed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: centralized\n gatewayNode: \"node1\"\n natOutgoing: false\n
\u200b\u5982\u679c\u200b\u5bf9\u4e8e\u200b\u90e8\u5206\u200b\u6d41\u91cf\u200b\uff08\u200b\u5982\u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u7684\u200b\u6d41\u91cf\u200b\uff09\u200b\u4ecd\u7136\u200b\u5e0c\u671b\u200b\u8fdb\u884c\u200b nat \u200b\u5904\u7406\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u9ed8\u8ba4\u200b VPC NAT \u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-eip-fip-snat/","title":"OVN EIP FIP SNAT DNAT \u200b\u652f\u6301","text":"\u200b\u6ce8\u610f\u200b\uff1a\u200b\u7531\u4e8e\u200b\u5b58\u5728\u200b api \u200b\u53d8\u52a8\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u5728\u200b 1.12 \u200b\u5206\u652f\u200b\u7ee7\u7eed\u200b\u6f14\u8fdb\u200b\u8be5\u200b OVN EIP FIP DNAT \u200b\u529f\u80fd\u200b\uff0c\u200b\u5982\u200b\u6709\u200b\u9700\u8981\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b 1.12 \u200b\u4e4b\u540e\u200b\u7684\u200b\u5206\u652f\u200b \u200b\u6216\u8005\u200b master \u200b\u5206\u652f\u200b\u3002 \u200b\u7531\u4e8e\u200b master \u200b\u5206\u652f\u200b\u6f14\u8fdb\u200b\u8f83\u200b\u5feb\u200b\uff0c\u200b\u76ee\u524d\u200b\u4e13\u95e8\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u4e2a\u200b 1.12-mc \u200b\u5206\u652f\u200b\uff0c\u200b\u7528\u4e8e\u200b\u4fdd\u8bc1\u200b\u7a33\u5b9a\u6027\u200b\u3002
graph LR\n\n\npod-->vpc1-subnet-->vpc1-->snat-->lrp-->external-subnet-->gw-node-external-nic
Pod \u200b\u57fa\u4e8e\u200b SNAT \u200b\u51fa\u200b\u516c\u7f51\u200b\u7684\u200b\u5927\u81f4\u200b\u6d41\u7a0b\u200b\uff0c\u200b\u6700\u540e\u200b\u662f\u200b\u7ecf\u8fc7\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u7684\u200b\u516c\u7f51\u200b\u7f51\u5361\u200b\u3002
graph LR\n\n\npod-->vpc1-subnet-->vpc1-->fip-->lrp-->external-subnet-->local-node-external-nic
Pod \u200b\u57fa\u4e8e\u200b FIP \u200b\u51fa\u200b\u516c\u7f51\u200b\u7684\u200b\u5927\u81f4\u200b\u6d41\u7a0b\u200b\uff0c\u200b\u6700\u540e\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u672c\u5730\u200b\u8282\u70b9\u200b\u7684\u200b\u516c\u7f51\u200b\u7f51\u5361\u200b\u51fa\u200b\u516c\u7f51\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u6240\u200b\u652f\u6301\u200b\u7684\u200b CRD \u200b\u5728\u200b\u4f7f\u7528\u200b\u4e0a\u5c06\u200b\u548c\u200b iptable nat gw \u200b\u516c\u7f51\u200b\u65b9\u6848\u200b\u4fdd\u6301\u200b\u57fa\u672c\u4e00\u81f4\u200b\u3002
- ovn eip: \u200b\u7528\u4e8e\u200b\u516c\u7f51\u200b ip \u200b\u5360\u4f4d\u200b\uff0c\u200b\u4ece\u200b underlay provider network vlan subnet \u200b\u4e2d\u200b\u5206\u914d\u200b
- ovn fip\uff1a \u200b\u4e00\u5bf9\u4e00\u200b dnat snat\uff0c\u200b\u4e3a\u200b vpc \u200b\u5185\u200b\u7684\u200b ip \u200b\u6216\u8005\u200b vip \u200b\u63d0\u4f9b\u200b\u516c\u7f51\u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b\u80fd\u529b\u200b
- ovn snat\uff1a\u200b\u6574\u4e2a\u200b\u5b50\u7f51\u200b\u6216\u8005\u200b\u5355\u4e2a\u200b vpc \u200b\u5185\u200b ip \u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b snat \u200b\u8bbf\u95ee\u200b\u516c\u7f51\u200b
- ovn dnat\uff1a\u200b\u57fa\u4e8e\u200b router lb \u200b\u5b9e\u73b0\u200b, \u200b\u57fa\u4e8e\u200b\u516c\u7f51\u200b ip + \u200b\u7aef\u53e3\u200b \u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b vpc \u200b\u5185\u200b\u7684\u200b \u200b\u4e00\u7ec4\u200b endpoints
"},{"location":"advance/ovn-eip-fip-snat/#1","title":"1. \u200b\u90e8\u7f72","text":"\u200b\u76ee\u524d\u200b\u5141\u8bb8\u200b\u6240\u6709\u200b\uff08\u200b\u9ed8\u8ba4\u200b\u4ee5\u53ca\u200b\u81ea\u5b9a\u4e49\u200b\uff09vpc \u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b provider vlan subnet \u200b\u8d44\u6e90\u200b\uff0c\u200b\u540c\u65f6\u200b\u517c\u5bb9\u200b\u9ed8\u8ba4\u200b VPC EIP/SNAT\u200b\u7684\u200b\u573a\u666f\u200b\u3002
\u200b\u7c7b\u4f3c\u200b neutron ovn\uff0c\u200b\u670d\u52a1\u200b\u542f\u52a8\u200b\u914d\u7f6e\u200b\u4e2d\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b provider network \u200b\u76f8\u5173\u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u4e0b\u8ff0\u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u4e5f\u200b\u662f\u200b\u4e3a\u4e86\u200b\u517c\u5bb9\u200b VPC EIP/SNAT \u200b\u7684\u200b\u5b9e\u73b0\u200b\u3002
\u200b\u90e8\u7f72\u200b\u9636\u6bb5\u200b\uff0c\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u80fd\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b\u9ed8\u8ba4\u200b\u516c\u7f51\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u3002 \u200b\u5982\u679c\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4e2d\u200b\u6ca1\u6709\u200b vlan\uff08\u200b\u4f7f\u7528\u200b vlan 0\uff09\uff0c\u200b\u90a3\u4e48\u200b\u4e0b\u8ff0\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u65e0\u9700\u200b\u914d\u7f6e\u200b\u3002
# \u200b\u90e8\u7f72\u200b\u7684\u200b\u65f6\u5019\u200b\u4f60\u200b\u9700\u8981\u200b\u53c2\u8003\u200b\u4ee5\u4e0a\u200b\u573a\u666f\u200b\uff0c\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\uff0c\u200b\u6309\u200b\u9700\u200b\u6307\u5b9a\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\n# 1. kube-ovn-controller \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b\uff1a\n - --external-gateway-vlanid=204\n - --external-gateway-switch=external204\n\n# 2. kube-ovn-cni \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b:\n - --external-gateway-switch=external204 \n\n### \u200b\u4ee5\u4e0a\u200b\u914d\u7f6e\u200b\u90fd\u200b\u548c\u200b\u4e0b\u9762\u200b\u7684\u200b\u516c\u7f51\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b vlan id \u200b\u548c\u200b\u8d44\u6e90\u200b\u540d\u200b\u4fdd\u6301\u4e00\u81f4\u200b\uff0c\u200b\u76ee\u524d\u200b\u4ec5\u200b\u652f\u6301\u200b\u6307\u5b9a\u200b\u4e00\u4e2a\u200b underlay \u200b\u516c\u7f51\u200b\u4f5c\u4e3a\u200b\u9ed8\u8ba4\u200b\u5916\u90e8\u200b\u516c\u7f51\u200b\u3002\n
\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9879\u200b\u7684\u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u4e3b\u8981\u200b\u8003\u8651\u200b\u4e86\u200b\u5982\u4e0b\u200b\u56e0\u7d20\u200b\uff1a
- \u200b\u57fa\u4e8e\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9879\u200b\u53ef\u4ee5\u200b\u5bf9\u200b\u63a5\u5230\u200b provider network\uff0cvlan\uff0csubnet \u200b\u7684\u200b\u8d44\u6e90\u200b\u3002
- \u200b\u57fa\u4e8e\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9879\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u9ed8\u8ba4\u200b vpc enable_eip_snat \u200b\u529f\u80fd\u200b\u5bf9\u200b\u63a5\u5230\u200b\u5df2\u6709\u200b\u7684\u200b vlan\uff0csubnet \u200b\u8d44\u6e90\u200b\uff0c\u200b\u540c\u65f6\u200b\u652f\u6301\u200b\u516c\u7f51\u200b ip \u200b\u7684\u200b ipam\u3002
- \u200b\u5982\u679c\u200b\u4ec5\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b vpc \u200b\u7684\u200b enable_eip_snat \u200b\u6a21\u5f0f\u200b, \u200b\u4e14\u200b\u4ec5\u200b\u4f7f\u7528\u200b\u65e7\u200b\u7684\u200b\u57fa\u4e8e\u200b pod annotaion \u200b\u7684\u200b fip snat\uff0c\u200b\u90a3\u4e48\u200b\u8fd9\u4e2a\u200b\u914d\u7f6e\u200b\u65e0\u9700\u200b\u914d\u7f6e\u200b\u3002
- \u200b\u57fa\u4e8e\u200b\u8be5\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u4e0d\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b vpc enable_eip_snat \u200b\u6d41\u7a0b\u200b\uff0c\u200b\u4ec5\u200b\u901a\u8fc7\u200b\u5bf9\u5e94\u200b\u5230\u200b vlan\uff0csubnet \u200b\u6d41\u7a0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u517c\u5bb9\u200b\u4ec5\u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u4f7f\u7528\u200b eip snat \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\u3002
"},{"location":"advance/ovn-eip-fip-snat/#11-underlay","title":"1.1 \u200b\u51c6\u5907\u200b underlay \u200b\u516c\u7f51\u200b\u7f51\u7edc","text":"# \u200b\u51c6\u5907\u200b provider-network\uff0c vlan\uff0c subnet\n# cat 01-provider-network.yaml\napiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: external204\nspec:\n defaultInterface: vlan\n# cat 02-vlan.yaml\napiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan204\nspec:\n id: 204\n provider: external204\n# cat 03-vlan-subnet.yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: external204\nspec:\n protocol: IPv4\n cidrBlock: 10.5.204.0/24\n gateway: 10.5.204.254\n vlan: vlan204\n excludeIps:\n - 10.5.204.1..10.5.204.100\n
"},{"location":"advance/ovn-eip-fip-snat/#12-vpc-eip_snat","title":"1.2 \u200b\u9ed8\u8ba4\u200b vpc \u200b\u542f\u7528\u200b eip_snat","text":"# \u200b\u542f\u7528\u200b\u9ed8\u8ba4\u200b vpc \u200b\u548c\u200b\u4e0a\u8ff0\u200b underlay \u200b\u516c\u7f51\u200b provider subnet \u200b\u4e92\u8054\u200b\ncat 00-centralized-external-gw-no-ip.yaml\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-external-gw-config\n namespace: kube-system\ndata:\n enable-external-gw: \"true\"\n external-gw-nodes: \"pc-node-1,pc-node-2,pc-node-3\"\n type: \"centralized\" \n external-gw-nic: \"vlan\" # \u200b\u7528\u4e8e\u200b\u63a5\u5165\u200b ovs \u200b\u516c\u7f51\u200b\u7f51\u6865\u200b\u7684\u200b\u7f51\u5361\u200b\n external-gw-addr: \"10.5.204.254/24\" # underlay \u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u7684\u200b ip\n
\u200b\u76ee\u524d\u200b\u8be5\u200b\u529f\u80fd\u200b\u5df2\u200b\u652f\u6301\u200b\u53ef\u4ee5\u200b\u4e0d\u200b\u6307\u5b9a\u200b lrp ip \u200b\u548c\u200b mac\uff0c\u200b\u5df2\u200b\u652f\u6301\u200b\u81ea\u52a8\u200b\u83b7\u53d6\u200b\uff0c\u200b\u521b\u5efa\u200b lrp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn eip \u200b\u8d44\u6e90\u200b\u3002
\u200b\u5982\u679c\u200b\u6307\u5b9a\u200b\u4e86\u200b\uff0c\u200b\u5219\u200b\u76f8\u5f53\u4e8e\u200b\u6307\u5b9a\u200b ip \u200b\u521b\u5efa\u200b lrp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn-eip\u3002 \u200b\u5f53\u7136\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u63d0\u524d\u200b\u624b\u52a8\u200b\u521b\u5efa\u200b lrp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn eip\u3002
"},{"location":"advance/ovn-eip-fip-snat/#13-vpc-eip-snat-fip","title":"1.3 \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u542f\u7528\u200b eip snat fip \u200b\u529f\u80fd","text":"# cat 00-ns.yml\napiVersion: v1\nkind: Namespace\nmetadata:\n name: vpc1\n\n# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc1\nspec:\n namespaces:\n - vpc1\n enableExternal: true\n# vpc \u200b\u542f\u7528\u200b enableExternal \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u521b\u5efa\u200b lrp \u200b\u5173\u8054\u200b\u5230\u200b\u4e0a\u8ff0\u200b\u6307\u5b9a\u200b\u7684\u200b\u516c\u7f51\u200b\n\n# cat 02-subnet.yml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: vpc1-subnet1\nspec:\n cidrBlock: 192.168.0.0/24\n default: false\n disableGatewayCheck: false\n disableInterConnection: true\n enableEcmp: true\n gatewayNode: \"\"\n gatewayType: distributed\n #gatewayType: centralized\n natOutgoing: false\n private: false\n protocol: IPv4\n provider: ovn\n vpc: vpc1\n namespaces:\n - vpc1\n\n# \u200b\u8fd9\u91cc\u200b\u5b50\u7f51\u200b\u548c\u200b\u4e4b\u524d\u200b\u4f7f\u7528\u200b\u5b50\u7f51\u200b\u4e00\u6837\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u5728\u200b subnet \u200b\u4e0a\u200b\u6ca1\u6709\u200b\u65b0\u589e\u200b\u5c5e\u6027\u200b\uff0c\u200b\u6ca1\u6709\u200b\u4efb\u4f55\u200b\u53d8\u66f4\u200b\n
\u200b\u4ee5\u4e0a\u200b\u6a21\u677f\u200b\u5e94\u7528\u200b\u540e\u200b\uff0c\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\u5b58\u5728\u200b
# k ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 21d853b0-f7b4-40bd-9a53-31d2e2745739\n external ip: \"10.5.204.115\"\n logical ip: \"192.168.0.0/24\"\n type: \"snat\"\n
# k ko nbctl lr-route-list vpc1\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 10.5.204.254 dst-ip\n# \u200b\u76ee\u524d\u200b\u8be5\u200b\u8def\u7531\u200b\u5df2\u200b\u81ea\u52a8\u200b\u7ef4\u62a4\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#2-ovn-eip","title":"2. ovn-eip","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u548c\u200b iptables-eip \u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u57fa\u672c\u4e00\u81f4\u200b\uff0covn-eip \u200b\u76ee\u524d\u200b\u6709\u200b\u4e09\u79cd\u200b type
- nat: \u200b\u7528\u4e8e\u200b ovn dnat\uff0cfip, snat, \u200b\u8fd9\u4e9b\u200b nat \u200b\u7c7b\u578b\u200b\u4f1a\u200b\u8bb0\u5f55\u200b\u5728\u200b status \u200b\u4e2d\u200b
- lrp: Resources connected to the public network from a vpc can be used by nat
- lsp: \u200b\u7528\u4e8e\u200b ovn \u200b\u57fa\u4e8e\u200b bfd \u200b\u7684\u200b ecmp \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u573a\u666f\u200b\uff0c\u200b\u5728\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u4e0a\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b ovs internal port \u200b\u4f5c\u4e3a\u200b ecmp \u200b\u8def\u7531\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b
---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: external204\n type: nat\n\n# \u200b\u52a8\u6001\u5206\u914d\u200b\u4e00\u4e2a\u200b eip \u200b\u8d44\u6e90\u200b\uff0c\u200b\u8be5\u200b\u8d44\u6e90\u200b\u9884\u7559\u200b\u7528\u4e8e\u200b fip \u200b\u573a\u666f\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#21-ovn-fip-pod-fip","title":"2.1 ovn-fip \u200b\u4e3a\u200b pod \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b fip","text":"# k get po -o wide -n vpc1 vpc-1-busybox01\nNAME READY STATUS RESTARTS AGE IP NODE\nvpc-1-busybox01 1/1 Running 0 3d15h 192.168.0.2 pc-node-2\n\n# k get ip vpc-1-busybox01.vpc1\nNAME V4IP V6IP MAC NODE SUBNET\nvpc-1-busybox01.vpc1 192.168.0.2 00:00:00:0A:DD:27 pc-node-2 vpc1-subnet1\n\n---\n\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnFip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n ovnEip: eip-static\n ipName: vpc-1-busybox01.vpc1 # \u200b\u6ce8\u610f\u200b\u8fd9\u91cc\u200b\u662f\u200b ip crd \u200b\u7684\u200b\u540d\u5b57\u200b\uff0c\u200b\u5177\u6709\u200b\u552f\u4e00\u6027\u200b\n
# k get ofip\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-for-vip vpc1 10.5.204.106 192.168.0.3 true vip test-fip-vip\neip-static vpc1 10.5.204.101 192.168.0.2 true vpc-1-busybox01.vpc1\n# k get ofip eip-static\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-static vpc1 10.5.204.101 192.168.0.2 true vpc-1-busybox01.vpc1\n\n[root@pc-node-1 03-cust-vpc]# ping 10.5.204.101\nPING 10.5.204.101 (10.5.204.101) 56(84) bytes of data.\n64 bytes from 10.5.204.101: icmp_seq=2 ttl=62 time=1.21 ms\n64 bytes from 10.5.204.101: icmp_seq=3 ttl=62 time=0.624 ms\n64 bytes from 10.5.204.101: icmp_seq=4 ttl=62 time=0.368 ms\n^C\n--- 10.5.204.101 ping statistics ---\n4 packets transmitted, 3 received, 25% packet loss, time 3049ms\nrtt min/avg/max/mdev = 0.368/0.734/1.210/0.352 ms\n[root@pc-node-1 03-cust-vpc]#\n\n# \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5728\u200b node ping \u200b\u9ed8\u8ba4\u200b vpc \u200b\u4e0b\u200b\u7684\u200b pod \u200b\u7684\u200b\u516c\u7f51\u200b ip \u200b\u662f\u200b\u80fd\u901a\u200b\u7684\u200b\n
# \u200b\u8be5\u200b\u516c\u7f51\u200b ip \u200b\u80fd\u901a\u200b\u7684\u200b\u5173\u952e\u200b\u8d44\u6e90\u200b\u4e3b\u8981\u200b\u5305\u62ec\u200b\u4ee5\u4e0b\u200b\u90e8\u5206\u200b\n# k ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 813523e7-c68c-408f-bd8c-cba30cb2e4f4\n external ip: \"10.5.204.101\"\n logical ip: \"192.168.0.2\"\n type: \"dnat_and_snat\"\n
"},{"location":"advance/ovn-eip-fip-snat/#22-ovn-fip-vip-fip","title":"2.2 ovn-fip \u200b\u4e3a\u200b vip \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b fip","text":"\u200b\u4e3a\u4e86\u200b\u4fbf\u4e8e\u200b\u4e00\u4e9b\u200b vip \u200b\u573a\u666f\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u6bd4\u5982\u200b kubevirt \u200b\u865a\u62df\u673a\u200b\u5185\u90e8\u200b\u6211\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u4f7f\u7528\u200b\u4e00\u4e9b\u200b vip \u200b\u63d0\u4f9b\u200b\u7ed9\u200b keepalived\uff0ckube-vip \u200b\u7b49\u200b\u573a\u666f\u200b\u6765\u200b\u4f7f\u7528\u200b\uff0c\u200b\u540c\u65f6\u200b\u652f\u6301\u200b\u516c\u7f51\u200b\u8bbf\u95ee\u200b\u3002
\u200b\u90a3\u4e48\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b fip \u200b\u7ed1\u5b9a\u200b vpc \u200b\u5185\u90e8\u200b\u7684\u200b vip \u200b\u7684\u200b\u65b9\u5f0f\u200b\u6765\u200b\u63d0\u4f9b\u200b vip \u200b\u7684\u200b\u516c\u7f51\u200b\u80fd\u529b\u200b\u3002
# \u200b\u5148\u200b\u521b\u5efa\u200b vip\uff0ceip\uff0c\u200b\u518d\u200b\u5c06\u200b eip \u200b\u7ed1\u5b9a\u200b\u5230\u200b vip\n# cat vip.yaml\napiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: test-fip-vip\nspec:\n subnet: vpc1-subnet1\n\n# cat 04-fip.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-for-vip\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnFip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-for-vip\nspec:\n ovnEip: eip-for-vip\n ipType: vip # \u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b fip \u200b\u662f\u200b\u9762\u5411\u200b pod ip \u200b\u7684\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u9700\u8981\u200b\u6807\u6ce8\u200b\u6307\u5b9a\u200b\u5bf9\u200b\u63a5\u5230\u200b vip \u200b\u8d44\u6e90\u200b\n ipName: test-fip-vip\n
# k get ofip\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-for-vip vpc1 10.5.204.106 192.168.0.3 true vip test-fip-vip\n\n\n[root@pc-node-1 fip-vip]# ping 10.5.204.106\nPING 10.5.204.106 (10.5.204.106) 56(84) bytes of data.\n64 bytes from 10.5.204.106: icmp_seq=1 ttl=62 time=0.694 ms\n64 bytes from 10.5.204.106: icmp_seq=2 ttl=62 time=0.436 ms\n\n# \u200b\u5728\u200b node \u200b\u4e0a\u200b\u662f\u200b ping \u200b\u5f97\u901a\u200b\u7684\u200b\n\n\n# pod \u200b\u5185\u90e8\u200b\u7684\u200b ip \u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u5927\u81f4\u200b\u5c31\u662f\u200b\u5982\u4e0b\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\n\n[root@pc-node-1 fip-vip]# k -n vpc1 exec -it vpc-1-busybox03 -- bash\n[root@vpc-1-busybox03 /]#\n[root@vpc-1-busybox03 /]#\n[root@vpc-1-busybox03 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1568: eth0@if1569: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:56:40:e5 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.5/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet 192.168.0.3/24 scope global secondary eth0 # \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b vip \u200b\u7684\u200b\u914d\u7f6e\u200b\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe56:40e5/64 scope link\n valid_lft forever preferred_lft forever\n\n[root@vpc-1-busybox03 /]# tcpdump -i eth0 host 192.168.0.3 -netvv\ntcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes\n00:00:00:ed:8e:c7 > 00:00:00:56:40:e5, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 44830, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.32.51 > 192.168.0.3: ICMP echo request, id 177, seq 1, length 64\n00:00:00:56:40:e5 > 00:00:00:ed:8e:c7, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 43962, offset 0, flags [none], proto ICMP (1), length 84)\n 192.168.0.3 > 10.5.32.51: ICMP echo reply, id 177, seq 1, length 64\n\n# pod \u200b\u5185\u90e8\u200b\u53ef\u4ee5\u200b\u6293\u200b\u5230\u200b fip \u200b\u76f8\u5173\u200b\u7684\u200b icmp \u200b\u5305\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#3-ovn-snat","title":"3. ovn-snat","text":""},{"location":"advance/ovn-eip-fip-snat/#31-ovn-snat-subnet-cidr","title":"3.1 ovn-snat \u200b\u5bf9\u5e94\u200b\u4e00\u4e2a\u200b subnet \u200b\u7684\u200b cidr","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u548c\u200b iptables-snat \u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u57fa\u672c\u4e00\u81f4\u200b
# cat 03-subnet-snat.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-subnet-in-vpc\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-subnet-in-vpc\nspec:\n ovnEip: snat-for-subnet-in-vpc\n vpcSubnet: vpc1-subnet1 # eip \u200b\u5bf9\u5e94\u200b\u6574\u4e2a\u200b\u7f51\u6bb5\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#32-ovn-snat-pod-ip","title":"3.2 ovn-snat \u200b\u5bf9\u5e94\u200b\u5230\u200b\u4e00\u4e2a\u200b pod ip","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u548c\u200b iptables-snat \u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u57fa\u672c\u4e00\u81f4\u200b
# cat 03-pod-snat.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-pod-vpc-ip\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat01\nspec:\n ovnEip: snat-for-pod-vpc-ip\n ipName: vpc-1-busybox02.vpc1 # eip \u200b\u5bf9\u5e94\u200b\u5355\u4e2a\u200b pod ip\n
\u200b\u4ee5\u4e0a\u200b\u8d44\u6e90\u200b\u521b\u5efa\u200b\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b snat \u200b\u516c\u7f51\u200b\u529f\u80fd\u200b\u4f9d\u8d56\u200b\u7684\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\u3002
# kubectl ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 21d853b0-f7b4-40bd-9a53-31d2e2745739\n external ip: \"10.5.204.115\"\n logical ip: \"192.168.0.0/24\"\n type: \"snat\"\n nat da77a11f-c523-439c-b1d1-72c664196a0f\n external ip: \"10.5.204.116\"\n logical ip: \"192.168.0.4\"\n type: \"snat\"\n
[root@pc-node-1 03-cust-vpc]# k get po -A -o wide | grep busy\nvpc1 vpc-1-busybox01 1/1 Running 0 3d15h 192.168.0.2 pc-node-2 <none> <none>\nvpc1 vpc-1-busybox02 1/1 Running 0 17h 192.168.0.4 pc-node-1 <none> <none>\nvpc1 vpc-1-busybox03 1/1 Running 0 17h 192.168.0.5 pc-node-1 <none> <none>\nvpc1 vpc-1-busybox04 1/1 Running 0 17h 192.168.0.6 pc-node-3 <none> <none>\nvpc1 vpc-1-busybox05 1/1 Running 0 17h 192.168.0.7 pc-node-1 <none> <none>\n\n# k exec -it -n vpc1 vpc-1-busybox04 bash\nkubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.\n[root@vpc-1-busybox04 /]#\n[root@vpc-1-busybox04 /]#\n[root@vpc-1-busybox04 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n17095: eth0@if17096: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:76:94:55 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.6/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe76:9455/64 scope link\n valid_lft forever preferred_lft forever\n[root@vpc-1-busybox04 /]# ping 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=1 ttl=114 time=22.2 ms\n64 bytes from 223.5.5.5: icmp_seq=2 ttl=114 time=21.8 ms\n\n[root@pc-node-1 03-cust-vpc]# k exec -it -n vpc1 vpc-1-busybox02 bash\nkubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1566: eth0@if1567: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:0b:e9:d0 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.4/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe0b:e9d0/64 scope link\n valid_lft forever preferred_lft forever\n[root@vpc-1-busybox02 /]# ping 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=2 ttl=114 time=22.7 ms\n64 bytes from 223.5.5.5: icmp_seq=3 ttl=114 time=22.6 ms\n64 bytes from 223.5.5.5: icmp_seq=4 ttl=114 time=22.1 ms\n^C\n--- 223.5.5.5 ping statistics ---\n4 packets transmitted, 3 received, 25% packet loss, time 3064ms\nrtt min/avg/max/mdev = 22.126/22.518/22.741/0.278 ms\n\n# \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u4e24\u4e2a\u200b pod \u200b\u53ef\u4ee5\u200b\u5206\u522b\u200b\u57fa\u4e8e\u200b\u8fd9\u200b\u4e24\u79cd\u200b snat \u200b\u8d44\u6e90\u200b\u4e0a\u200b\u5916\u7f51\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#4-ovn-dnat","title":"4. ovn-dnat","text":""},{"location":"advance/ovn-eip-fip-snat/#41-ovn-dnat-pod-dnat","title":"4.1 ovn-dnat \u200b\u4e3a\u200b pod \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b dnat","text":"kind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: underlay\n---\nkind: OvnDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-dnat\nspec:\n ovnEip: eip-dnat\n ipName: vpc-1-busybox01.vpc1 # \u200b\u6ce8\u610f\u200b\u8fd9\u91cc\u200b\u662f\u200b pod ip crd \u200b\u7684\u200b\u540d\u5b57\u200b\uff0c\u200b\u5177\u6709\u200b\u552f\u4e00\u6027\u200b\n protocol: tcp\n internalPort: \"22\"\n externalPort: \"22\"\n
OvnDnatRule \u200b\u7684\u200b\u914d\u7f6e\u200b\u4e0e\u200b IptablesDnatRule \u200b\u7c7b\u4f3c\u200b
# kubectl get oeip eip-dnat\nNAME V4IP V6IP MAC TYPE READY\neip-dnat 10.5.49.4 00:00:00:4D:CE:49 dnat true\n\n# kubectl get odnat\nNAME EIP PROTOCOL V4EIP V4IP INTERNALPORT EXTERNALPORT IPNAME READY\neip-dnat eip-dnat tcp 10.5.49.4 192.168.0.3 22 22 vpc-1-busybox01.vpc1 true\n
"},{"location":"advance/ovn-eip-fip-snat/#42-ovn-dnat-vip-dnat","title":"4.2 ovn-dnat \u200b\u4e3a\u200b vip \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b dnat","text":"kind: OvnDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-dnat\nspec:\n ipType: vip # \u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b dnat \u200b\u662f\u200b\u9762\u5411\u200b pod ip \u200b\u7684\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u9700\u8981\u200b\u6807\u6ce8\u200b\u6307\u5b9a\u200b\u5bf9\u200b\u63a5\u5230\u200b vip \u200b\u8d44\u6e90\u200b\n ovnEip: eip-dnat\n ipName: test-dnat-vip\n protocol: tcp\n internalPort: \"22\"\n externalPort: \"22\"\n
OvnDnatRule \u200b\u7684\u200b\u914d\u7f6e\u200b\u4e0e\u200b IptablesDnatRule \u200b\u7c7b\u4f3c\u200b
# kubectl get vip test-dnat-vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\ntest-dnat-vip 192.168.0.4 00:00:00:D0:C0:B5 vpc1-subnet1 true\n\n# kubectl get oeip eip-dnat\nNAME V4IP V6IP MAC TYPE READY\neip-dnat 10.5.49.4 00:00:00:4D:CE:49 dnat true\n\n# kubectl get odnat eip-dnat \nNAME EIP PROTOCOL V4EIP V4IP INTERNALPORT EXTERNALPORT IPNAME READY\neip-dnat eip-dnat tcp 10.5.49.4 192.168.0.4 22 22 test-dnat-vip true\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-ipsec/","title":"\u4f7f\u7528\u200b IPsec \u200b\u52a0\u5bc6\u200b\u8282\u70b9\u200b\u95f4\u901a\u4fe1","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u4ece\u200b v1.10.11 \u200b\u548c\u200b v1.11.4 \u200b\u540e\u200b\u5f00\u59cb\u200b\u652f\u6301\u200b\uff0ckernel \u200b\u7248\u672c\u200b\u81f3\u5c11\u200b\u662f\u200b 3.10.0 \u200b\u4ee5\u4e0a\u200b\uff0c\u200b\u540c\u65f6\u200b\u9700\u8981\u200b\u4fdd\u8bc1\u200b\u4e3b\u673a\u200b UDP 500 \u200b\u548c\u200b 4500 \u200b\u7aef\u53e3\u200b\u53ef\u7528\u200b\u3002
"},{"location":"advance/ovn-ipsec/#ipsec_1","title":"\u542f\u52a8\u200b IPsec","text":"\u200b\u4ece\u200b Kube-OVN \u200b\u6e90\u7801\u200b\u62f7\u8d1d\u200b\u811a\u672c\u200b ipsec.sh\uff0c\u200b\u6267\u884c\u547d\u4ee4\u200b\u5982\u4e0b\u200b\uff0c\u200b\u8be5\u200b\u811a\u672c\u200b\u4f1a\u200b\u8c03\u7528\u200b ovs-pki \u200b\u751f\u6210\u200b\u548c\u200b\u5206\u914d\u200b\u52a0\u5bc6\u200b\u9700\u8981\u200b\u7684\u200b\u8bc1\u4e66\u200b\uff1a
bash ipsec.sh init\n
\u200b\u6267\u884c\u200b\u5b8c\u6bd5\u200b\u540e\u200b\uff0c\u200b\u8282\u70b9\u200b\u4e4b\u95f4\u200b\u4f1a\u200b\u534f\u5546\u200b\u4e00\u6bb5\u65f6\u95f4\u200b\u5efa\u7acb\u200b IPsec \u200b\u96a7\u9053\u200b\uff0c\u200b\u7ecf\u9a8c\u503c\u200b\u662f\u200b\u5341\u51e0\u79d2\u200b\u5230\u200b\u4e00\u5206\u949f\u200b\u4e4b\u95f4\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5982\u4e0b\u200b\u547d\u4ee4\u200b\u6765\u200b\u67e5\u770b\u200b IPsec \u200b\u72b6\u6001\u200b\uff1a
# bash ipsec.sh status\n Pod {ovs-ovn-d7hdt} ipsec status...\nInterface name: ovn-a4718e-0 v1 (CONFIGURED)\n Tunnel Type: geneve\n Local IP: 172.18.0.2\n Remote IP: 172.18.0.4\n Address Family: IPv4\n SKB mark: None\n Local cert: /etc/ipsec.d/certs/8aebd9df-46ef-47b9-85e3-73e9a765296d-cert.pem\n Local name: 8aebd9df-46ef-47b9-85e3-73e9a765296d\n Local key: /etc/ipsec.d/private/8aebd9df-46ef-47b9-85e3-73e9a765296d-privkey.pem\n Remote cert: None\n Remote name: a4718e55-5b85-4f46-90e6-63527d080590\n CA cert: /etc/ipsec.d/cacerts/cacert.pem\n PSK: None\n Custom Options: {}\n Ofport: 2\n CFM state: Disabled\nKernel policies installed:\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\nKernel security associations installed:\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\nIPsec connections that are active:\n\n Pod {ovs-ovn-fvbbj} ipsec status...\nInterface name: ovn-8aebd9-0 v1 (CONFIGURED)\n Tunnel Type: geneve\n Local IP: 172.18.0.4\n Remote IP: 172.18.0.2\n Address Family: IPv4\n SKB mark: None\n Local cert: /etc/ipsec.d/certs/a4718e55-5b85-4f46-90e6-63527d080590-cert.pem\n Local name: a4718e55-5b85-4f46-90e6-63527d080590\n Local key: /etc/ipsec.d/private/a4718e55-5b85-4f46-90e6-63527d080590-privkey.pem\n Remote cert: None\n Remote name: 8aebd9df-46ef-47b9-85e3-73e9a765296d\n CA cert: /etc/ipsec.d/cacerts/cacert.pem\n PSK: None\n Custom Options: {}\n Ofport: 1\n CFM state: Disabled\nKernel policies installed:\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\nKernel security associations installed:\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\nIPsec connections that are active:\n
\u200b\u5efa\u7acb\u200b\u5b8c\u6210\u200b\u540e\u200b\u53ef\u4ee5\u200b\u6293\u5305\u200b\u89c2\u5bdf\u200b\u62a5\u6587\u200b\u5df2\u7ecf\u200b\u88ab\u200b\u52a0\u5bc6\u200b\uff1a
# tcpdump -i eth0 -nel esp\n10:01:40.349896 IP kube-ovn-worker > kube-ovn-control-plane.kind: ESP(spi=0xcc91322a,seq=0x13d0), length 156\n10:01:40.350015 IP kube-ovn-control-plane.kind > kube-ovn-worker: ESP(spi=0xc8df4221,seq=0x1d37), length 156\n
\u200b\u5f53\u200b\u6267\u884c\u200b\u5b8c\u200b\u811a\u672c\u200b\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u6267\u884c\u547d\u4ee4\u200b\u5173\u95ed\u200b IPsec\uff1a
# bash ipsec.sh stop\n
\u200b\u6216\u8005\u200b\u6267\u884c\u547d\u4ee4\u200b\u518d\u6b21\u200b\u6253\u5f00\u200b\uff1a
# bash ipsec.sh start\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/","title":"OVN SNAT \u200b\u57fa\u4e8e\u200b ECMP BFD \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u7684\u200b L3 HA \u200b\u652f\u6301","text":"\u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u57fa\u4e8e\u200b ovn snat \u200b\u540e\u200b\u57fa\u4e8e\u200b ecmp \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u54c8\u5e0c\u200b\u5230\u200b\u591a\u4e2a\u200b gw node ovnext0 \u200b\u7f51\u5361\u200b\u51fa\u200b\u516c\u7f51\u200b
- \u200b\u652f\u6301\u200b\u57fa\u4e8e\u200b bfd \u200b\u7684\u200b\u9ad8\u200b\u53ef\u7528\u200b
- \u200b\u4ec5\u200b\u652f\u6301\u200b hash \u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b
graph LR\n\npod-->vpc-subnet-->vpc-->snat-->ecmp-->external-subnet-->gw-node1-ovnext0--> node1-external-switch\nexternal-subnet-->gw-node2-ovnext0--> node2-external-switch\nexternal-subnet-->gw-node3-ovnext0--> node3-external-switch
\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u548c\u200bovn-eip-fip-snat.md \u200b\u57fa\u672c\u4e00\u81f4\u200b\uff0c\u200b\u4e00\u81f4\u200b\u7684\u200b\u90e8\u5206\u200b\u5305\u62ec\u200b install.sh \u200b\u7684\u200b\u90e8\u7f72\u200b\u90e8\u5206\u200b\uff0cprovider-network\uff0cvlan\uff0csubnet \u200b\u7684\u200b\u51c6\u5907\u200b\u90e8\u5206\u200b\u3002
\u200b\u81f3\u4e8e\u200b\u4e0d\u200b\u76f8\u540c\u200b\u7684\u200b\u90e8\u5206\u200b\uff0c\u200b\u4f1a\u200b\u5728\u200b\u4ee5\u4e0b\u200b\u90e8\u5206\u200b\u5177\u4f53\u200b\u9610\u8ff0\u200b\uff0c\u200b\u4e3b\u8981\u200b\u5305\u62ec\u200b lsp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn-eip \u200b\u7684\u200b\u521b\u5efa\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u57fa\u4e8e\u200b vpc enable_bfd \u200b\u81ea\u52a8\u200b\u7ef4\u62a4\u200b bfd \u200b\u4ee5\u53ca\u200b ecmp \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u3002
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#1","title":"1. \u200b\u90e8\u7f72","text":""},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#11-underlay","title":"1.1 \u200b\u51c6\u5907\u200b underlay \u200b\u516c\u7f51\u200b\u7f51\u7edc","text":""},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#12-vpc-eip_snat","title":"1.2 \u200b\u9ed8\u8ba4\u200b vpc \u200b\u542f\u7528\u200b eip_snat","text":""},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#13-vpc-eip-snat-fip","title":"1.3 \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u542f\u7528\u200b eip snat fip \u200b\u529f\u80fd","text":"\u200b\u4ee5\u4e0a\u200b\u90e8\u5206\u200b\u548c\u200b ovn-eip-fip-snat.md \u200b\u5b8c\u5168\u4e00\u81f4\u200b\uff0c\u200b\u8fd9\u4e9b\u200b\u529f\u80fd\u200b\u9a8c\u8bc1\u200b\u901a\u8fc7\u200b\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u57fa\u4e8e\u200b\u5982\u4e0b\u200b\u65b9\u5f0f\u200b\uff0c\u200b\u5c06\u200b vpc \u200b\u5207\u6362\u200b\u5230\u200b\u57fa\u4e8e\u200b ecmp \u200b\u7684\u200b bfd \u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff0c\u200b\u5f53\u7136\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u5207\u56de\u200b\u3002
\u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u4f7f\u7528\u200b\u8be5\u200b\u529f\u80fd\u200b\u4e4b\u524d\u200b\uff0c\u200b\u9700\u8981\u200b\u5148\u200b\u63d0\u4f9b\u200b\u597d\u7f51\u200b\u5173\u8282\u70b9\u200b\uff0c\u200b\u81f3\u5c11\u200b\u9700\u8981\u200b\u63d0\u4f9b\u200b 2 \u200b\u4e2a\u200b\u4ee5\u4e0a\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\uff0c\u200b\u6ce8\u610f\u200b\u5f53\u524d\u200b\u5b9e\u73b0\u200b ovn-eip \u200b\u7684\u200b\u540d\u5b57\u200b\u5fc5\u987b\u200b\u548c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u540d\u200b\u4fdd\u6301\u4e00\u81f4\u200b\uff0c\u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u505a\u200b\u8be5\u200b\u8d44\u6e90\u200b\u7684\u200b\u81ea\u52a8\u5316\u200b\u7ef4\u62a4\u200b\u3002
# cat gw-node-eip.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-1\nspec:\n externalSubnet: external204\n type: lsp\n\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-2\nspec:\n externalSubnet: external204\n type: lsp\n\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-3\nspec:\n externalSubnet: external204\n type: lsp\n
\u200b\u7531\u4e8e\u200b\u8fd9\u4e2a\u200b\u573a\u666f\u200b\u76ee\u524d\u200b\u8bbe\u8ba1\u200b\u4e0a\u200b\u662f\u200b\u4f9b\u200b vpc ecmp \u200b\u51fa\u200b\u516c\u7f51\u200b\u4f7f\u7528\u200b\uff0c\u200b\u6240\u4ee5\u200b\u4ee5\u4e0a\u200b\u5728\u200b\u6ca1\u6709\u200b vpc \u200b\u542f\u7528\u200b bfd \u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u5373\u200b\u4e0d\u200b\u5b58\u5728\u200b\u5e26\u6709\u200b enable bfd \u200b\u6807\u7b7e\u200b\u7684\u200b lrp \u200b\u7684\u200b ovn eip \u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u4e0d\u4f1a\u200b\u89e6\u53d1\u200b\u521b\u5efa\u200b\u7f51\u5173\u200b\u7f51\u5361\u200b\uff0c\u200b\u4e5f\u200b\u65e0\u6cd5\u200b\u6210\u529f\u200b\u542f\u52a8\u200b\u5bf9\u7aef\u200b bfd \u200b\u4f1a\u8bdd\u200b\u7684\u200b\u76d1\u542c\u200b\u3002
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#2-vpc-ecmp-bfd-l3-ha","title":"2. \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u542f\u7528\u200b ecmp bfd L3 HA \u200b\u516c\u7f51\u200b\u529f\u80fd","text":"# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc1\nspec:\n namespaces:\n - vpc1\n enableExternal: true\n enableBfd: true # bfd \u200b\u5f00\u5173\u200b\u53ef\u4ee5\u200b\u968f\u610f\u200b\u5207\u6362\u200b\uff0c\u200b\u5f00\u200b\u8868\u793a\u200b\u542f\u7528\u200b bfd ecmp \u200b\u8def\u7531\u200b\n #enableBfd: false \n\n\n# cat 02-subnet.yml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: vpc1-subnet1\nspec:\n cidrBlock: 192.168.0.0/24\n default: false\n disableGatewayCheck: false\n disableInterConnection: true\n enableEcmp: true # \u200b\u53ea\u200b\u9700\u200b\u5f00\u542f\u200b ecmp\n gatewayNode: \"\"\n gatewayType: distributed\n #gatewayType: centralized\n natOutgoing: false\n private: false\n protocol: IPv4\n provider: ovn\n vpc: vpc1\n namespaces:\n - vpc1\n
\u200b\u4f7f\u7528\u200b\u4e0a\u200b\u7684\u200b\u6ce8\u610f\u200b\u70b9\u200b:
- \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u4e0b\u200b\u7684\u200b ecmp \u200b\u53ea\u7528\u200b\u9759\u6001\u200b ecmp bfd \u200b\u8def\u7531\u200b\uff0cvpc enableBfd \u200b\u548c\u200b subnet enableEcmp \u200b\u540c\u65f6\u200b\u5f00\u542f\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u624d\u200b\u4f1a\u200b\u751f\u6548\u200b\uff0c\u200b\u624d\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ba1\u7406\u200b\u9759\u6001\u200b ecmp bfd \u200b\u8def\u7531\u200b\u3002
- \u200b\u4e0a\u8ff0\u200b\u914d\u7f6e\u200b\u5173\u95ed\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5207\u56de\u200b\u5e38\u89c4\u200b\u9ed8\u8ba4\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u3002
- \u200b\u9ed8\u8ba4\u200b vpc \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\u8be5\u200b\u529f\u80fd\u200b\uff0c\u200b\u4ec5\u200b\u652f\u6301\u200b\u81ea\u5b9a\u4e49\u200b vpc\uff0c\u200b\u9ed8\u8ba4\u200b vpc \u200b\u6709\u200b\u66f4\u200b\u590d\u6742\u200b\u7684\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4ee5\u53ca\u200b snat \u200b\u8bbe\u8ba1\u200b\u3002
- \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u7684\u200b subnet \u200b\u7684\u200b enableEcmp \u200b\u4ec5\u200b\u4f7f\u7528\u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff0c\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b gatewayType \u200b\u6ca1\u6709\u200b\u4f5c\u7528\u200b\u3002
- \u200b\u5f53\u200b\u5173\u95ed\u200b EnableExternal \u200b\u65f6\u200b\uff0cvpc \u200b\u5185\u200b\u65e0\u6cd5\u200b\u901a\u5916\u200b\u7f51\u200b\u3002
- \u200b\u5f53\u200b\u5f00\u542f\u200b EnableExternal \u200b\u65f6\u200b\uff0c\u200b\u5173\u95ed\u200b EnableBfd \u200b\u65f6\u200b\uff0c\u200b\u4f1a\u200b\u57fa\u4e8e\u200b\u666e\u901a\u200b\u9ed8\u8ba4\u200b\u8def\u7531\u200b\u4e0a\u200b\u5916\u7f51\u200b\uff0c\u200b\u4e0d\u200b\u5177\u5907\u200b\u9ad8\u200b\u53ef\u7528\u200b\u3002
# \u200b\u4e0a\u8ff0\u200b\u6a21\u677f\u200b\u5e94\u7528\u200b\u540e\u200b ovn \u200b\u903b\u8f91\u200b\u5c42\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\n# \u200b\u67e5\u770b\u200b vpc\n# k get vpc\nNAME ENABLEEXTERNAL ENABLEBFD STANDBY SUBNETS NAMESPACES\novn-cluster true true [\"external204\",\"join\",\"ovn-default\"]\nvpc1 true true true [\"vpc1-subnet1\"] [\"vpc1\"]\n\n# \u200b\u9ed8\u8ba4\u200b vpc \u200b\u672a\u200b\u652f\u6301\u200b ENABLEBFD\n# \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u5df2\u200b\u652f\u6301\u200b\u4e14\u200b\u5df2\u200b\u542f\u7528\u200b\n\n\n# 1. \u200b\u521b\u5efa\u200b\u4e86\u200b bfd \u200b\u4f1a\u8bdd\u200b\n# k ko nbctl list bfd\n_uuid : be7df545-2c4c-4751-878f-b3507987f050\ndetect_mult : 3\ndst_ip : \"10.5.204.121\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n_uuid : 684c4489-5b59-4693-8d8c-3beab93f8093\ndetect_mult : 3\ndst_ip : \"10.5.204.109\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n_uuid : f0f62077-2ae9-4e79-b4f8-a446ec6e784c\ndetect_mult : 3\ndst_ip : \"10.5.204.108\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n### \u200b\u6ce8\u610f\u200b\u6240\u6709\u200b status \u200b\u6b63\u5e38\u200b\u90fd\u200b\u5e94\u8be5\u200b\u662f\u200b up \u200b\u7684\u200b\n\n# 2. \u200b\u521b\u5efa\u200b\u4e86\u200b\u57fa\u4e8e\u200b bfd \u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\n# k ko nbctl lr-route-list vpc1\nIPv4 Routes\nRoute Table <main>:\n 192.168.0.0/24 10.5.204.108 src-ip ecmp ecmp-symmetric-reply bfd\n 192.168.0.0/24 10.5.204.109 src-ip ecmp ecmp-symmetric-reply bfd\n 192.168.0.0/24 10.5.204.121 src-ip ecmp ecmp-symmetric-reply bfd\n\n# 3. \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u8be6\u60c5\u200b\n# k ko nbctl find Logical_Router_Static_Route policy=src-ip options=ecmp_symmetric_reply=\"true\"\n_uuid : 3aacb384-d5ee-4b14-aebf-59e8c11717ba\nbfd : 684c4489-5b59-4693-8d8c-3beab93f8093\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.109\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n\n_uuid : 18bcc585-bc05-430b-925b-ef673c8e1aef\nbfd : f0f62077-2ae9-4e79-b4f8-a446ec6e784c\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.108\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n\n_uuid : 7d0a4e6b-cde0-4110-8176-fbaf19738498\nbfd : be7df545-2c4c-4751-878f-b3507987f050\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.121\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n
# \u200b\u540c\u65f6\u200b\u5728\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u90fd\u200b\u5e94\u8be5\u200b\u5177\u5907\u200b\u4ee5\u4e0b\u200b\u8d44\u6e90\u200b\n\n[root@pc-node-1 ~]# ip netns exec ovnext bash ip a\n/usr/sbin/ip: /usr/sbin/ip: cannot execute binary file\n[root@pc-node-1 ~]#\n[root@pc-node-1 ~]# ip netns exec ovnext ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1541: ovnext0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UNKNOWN group default qlen 1000\n link/ether 00:00:00:ab:bd:87 brd ff:ff:ff:ff:ff:ff\n inet 10.5.204.108/24 brd 10.5.204.255 scope global ovnext0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:feab:bd87/64 scope link\n valid_lft forever preferred_lft forever\n[root@pc-node-1 ~]#\n[root@pc-node-1 ~]# ip netns exec ovnext route -n\nKernel IP routing table\nDestination Gateway Genmask Flags Metric Ref Use Iface\n0.0.0.0 10.5.204.254 0.0.0.0 UG 0 0 0 ovnext0\n10.5.204.0 0.0.0.0 255.255.255.0 U 0 0 0 ovnext0\n\n## \u200b\u6ce8\u610f\u200b\u4ee5\u4e0a\u200b\u5185\u5bb9\u200b\u548c\u200b\u4e00\u4e2a\u200b internal port unerlay \u200b\u516c\u7f51\u200b pod \u200b\u5185\u90e8\u200b\u7684\u200b ns \u200b\u5927\u81f4\u200b\u662f\u200b\u4e00\u81f4\u200b\u7684\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u53ea\u662f\u200b\u5728\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u4e0a\u200b\u5355\u72ec\u200b\u7ef4\u62a4\u200b\u4e86\u200b\u4e00\u4e2a\u200b ns\n\n[root@pc-node-1 ~]# ip netns exec ovnext bfdd-control status\nThere are 1 sessions:\nSession 1\n id=1 local=10.5.204.108 (p) remote=10.5.204.122 state=Up\n\n## \u200b\u8fd9\u91cc\u200b\u5373\u200b\u662f\u200b lrp bfd \u200b\u4f1a\u8bdd\u200b\u7684\u200b\u53e6\u4e00\u7aef\u200b\uff0c\u200b\u4e5f\u200b\u662f\u200b lrp ecmp \u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u7684\u200b\u5176\u4e2d\u200b\u4e00\u4e2a\u200b\n\n\n[root@pc-node-1 ~]# ip netns exec ovnext ping -c1 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=1 ttl=115 time=21.6 ms\n\n# \u200b\u5230\u200b\u516c\u7f51\u200b\u6ca1\u200b\u95ee\u9898\u200b\n
\u200b\u53ef\u4ee5\u200b\u5728\u200b\u67d0\u200b\u4e00\u4e2a\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u7684\u200b ovnext ns \u200b\u5185\u200b\u6293\u200b\u5230\u200b\u51fa\u53bb\u200b\u7684\u200b\u5305\u200b
# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n^C\n0 packets captured\n0 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-1 ~]# exit\n[root@pc-node-1 ~]# ssh pc-node-2\nLast login: Thu Feb 23 09:21:08 2023 from 10.5.32.51\n[root@pc-node-2 ~]# ip netns exec ovnext bash\n[root@pc-node-2 ~]# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n^C\n0 packets captured\n0 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-2 ~]# exit\n[root@pc-node-2 ~]# logout\nConnection to pc-node-2 closed.\n[root@pc-node-1 ~]# ssh pc-node-3\nLast login: Thu Feb 23 08:32:41 2023 from 10.5.32.51\n[root@pc-node-3 ~]# ip netns exec ovnext bash\n[root@pc-node-3 ~]# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n00:00:00:2d:f8:ce > 00:00:00:fd:b2:a4, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 57978, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.204.102 > 223.5.5.5: ICMP echo request, id 22, seq 71, length 64\n00:00:00:fd:b2:a4 > dc:ef:80:5a:44:1a, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 57978, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.204.102 > 223.5.5.5: ICMP echo request, id 22, seq 71, length 64\n^C\n2 packets captured\n2 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-3 ~]#\n\n# \u200b\u53ef\u4ee5\u200b\u5728\u200b\u8be5\u200b\u8282\u70b9\u200b down \u200b\u6389\u200b\u51fa\u53bb\u200b\u7684\u200b\u7f51\u5361\u200b\uff0c\u200b\u7136\u540e\u200b\u770b\u200b pod \u200b\u51fa\u53bb\u200b\u7684\u200b\u5305\u200b\u5728\u200b\u7f51\u7edc\u200b\u4e2d\u65ad\u200b\u4e2d\u200b\u4f1a\u200b\u51fa\u73b0\u200b\u51e0\u4e2a\u200b\u5305\u200b\n# \u200b\u4e00\u822c\u200b\u90fd\u200b\u4f1a\u200b\u770b\u5230\u200b\u4e22\u200b 3 \u200b\u4e2a\u200b\u5305\u200b\n
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#3-bfd","title":"3. \u200b\u5173\u95ed\u200b bfd \u200b\u6a21\u5f0f","text":"\u200b\u5728\u200b\u67d0\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u53ef\u80fd\u200b\u60f3\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\uff08\u200b\u96c6\u4e2d\u5f0f\u200b\uff09\u200b\u5355\u4e2a\u200b\u7f51\u5173\u200b\u76f4\u63a5\u200b\u51fa\u200b\u516c\u7f51\u200b\uff0c\u200b\u8fd9\u4e2a\u200b\u65f6\u5019\u200b\u548c\u200b\u9ed8\u8ba4\u200b vpc enable_eip_snat \u200b\u7684\u200b\u4f7f\u7528\u200b\u6a21\u5f0f\u200b\u662f\u200b\u4e00\u81f4\u200b\u7684\u200b
# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc2\nspec:\n namespaces:\n - vpc2\n enableExternal: true\n #enableBfd: true\n enableBfd: false\n\n## \u200b\u5c06\u200b bfd \u200b\u529f\u80fd\u200b\u76f4\u63a5\u200b\u7981\u7528\u200b\u5373\u53ef\u200b\n\n# k ko nbctl lr-route-list vpc2\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 10.5.204.254 dst-ip\n\n# \u200b\u5e94\u7528\u200b\u540e\u200b\u8def\u7531\u200b\u4f1a\u200b\u5207\u6362\u200b\u56de\u200b\u6b63\u5e38\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u9759\u6001\u200b\u8def\u7531\u200b\n# \u200b\u540c\u65f6\u200b nbctl list bfd \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b lrp \u200b\u5173\u8054\u200b\u7684\u200b bfd \u200b\u4f1a\u8bdd\u200b\u5df2\u7ecf\u200b\u79fb\u9664\u200b\n# \u200b\u800c\u4e14\u200b ovnext ns \u200b\u4e2d\u200b\u7684\u200b\u5bf9\u200b\u7aef\u200b bfd \u200b\u4f1a\u8bdd\u200b\u4e5f\u200b\u81ea\u52a8\u200b\u79fb\u9664\u200b\n# \u200b\u8be5\u200b\u5207\u6362\u200b\u8fc7\u7a0b\u200b\u4fdd\u6301\u200b vpc subnet \u200b\u5185\u200b\u4fdd\u6301\u200b ping \u200b\u672a\u200b\u770b\u5230\u200b(\u200b\u79d2\u7ea7\u200b)\u200b\u4e22\u5305\u200b\n# \u200b\u518d\u200b\u5207\u6362\u200b\u56de\u53bb\u200b \u200b\u4e5f\u200b\u672a\u200b\u770b\u5230\u200b(\u200b\u79d2\u7ea7\u200b)\u200b\u4e22\u5305\u200b\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-remote-port-mirroring/","title":"OVN \u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"\u200b\u6b64\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u6307\u5b9a\u200b Pod\u3001\u200b\u6307\u5b9a\u200b\u65b9\u5411\u200b\u7684\u200b\u6d41\u91cf\u200b\uff0c\u200b\u901a\u8fc7\u200b GRE/ERSPAN \u200b\u5c01\u88c5\u200b\u540e\u200b\uff0c\u200b\u4f20\u8f93\u200b\u5230\u200b\u8fdc\u7aef\u200b\u3002
\u200b\u6b64\u200b\u529f\u80fd\u200b\u8981\u6c42\u200b Kube-OVN \u200b\u7248\u672c\u200b\u4e0d\u200b\u4f4e\u4e8e\u200b v1.12\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#multus-cni","title":"\u90e8\u7f72\u200b Multus-CNI","text":"\u200b\u53c2\u8003\u200b Multus-CNI \u200b\u6587\u6863\u200b \u200b\u90e8\u7f72\u200b Multus\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#_1","title":"\u521b\u5efa\u200b\u9644\u5c5e\u200b\u7f51\u7edc","text":"\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u5185\u5bb9\u200b\u521b\u5efa\u200b\u9644\u5c5e\u200b\u7f51\u7edc\u200b\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: attachnet\n namespace: default\nspec:\n config: |\n {\n \"cniVersion\": \"0.3.1\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"attachnet.default.ovn\"\n }\n
\u200b\u5176\u4e2d\u200b provider \u200b\u5b57\u200b\u6bb5\u200b\u683c\u5f0f\u200b\u4e3a\u200b <NAME>.<NAMESPACE>.ovn\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#underlay","title":"\u521b\u5efa\u200b Underlay \u200b\u7f51\u7edc","text":"\u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u662f\u200b\u5c01\u88c5\u200b\u540e\u200b\u8fdb\u884c\u200b\u4f20\u8f93\u200b\u7684\u200b\uff0c\u200b\u56e0\u6b64\u200b\u7528\u4e8e\u200b\u4f20\u8f93\u200b\u7684\u200b\u7f51\u7edc\u200b\uff0cMTU \u200b\u9700\u8981\u200b\u5927\u4e8e\u200b\u88ab\u200b\u955c\u50cf\u200b\u7684\u200b LSP/Pod\u3002\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b Underlay \u200b\u4f5c\u4e3a\u200b\u4f20\u8f93\u200b\u7f51\u7edc\u200b\u3002
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u5185\u5bb9\u200b\u521b\u5efa\u200b Underlay \u200b\u7f51\u7edc\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: net1\nspec:\n defaultInterface: eth1\n---\napiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan1\nspec:\n id: 0\n provider: net1\n---\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.19.0.0/16\n excludeIps:\n - 172.19.0.2..172.19.0.20\n gateway: 172.19.0.1\n vlan: vlan1\n provider: attachnet.default.ovn\n
\u200b\u5176\u4e2d\u200b\uff0c\u200b\u5b50\u7f51\u200b\u7684\u200b provider \u200b\u5fc5\u987b\u200b\u4e0e\u200b\u9644\u5c5e\u200b\u7f51\u7edc\u200b\u7684\u200b provider \u200b\u76f8\u540c\u200b\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#pod","title":"\u521b\u5efa\u200b\u6d41\u91cf\u200b\u63a5\u6536\u200b Pod","text":"\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u5185\u5bb9\u200b\u521b\u5efa\u200b\u7528\u4e8e\u200b\u63a5\u6536\u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u7684\u200b Pod\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: pod1\n annotations:\n k8s.v1.cni.cncf.io/networks: default/attachnet\nspec:\n containers:\n - name: bash\n image: docker.io/kubeovn/kube-ovn:v1.12.12\n args:\n - bash\n - -c\n - sleep infinity\n securityContext:\n privileged: true\n
\u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\u540e\u200b\uff0c\u200b\u67e5\u770b\u200b Pod \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff1a
$ kubectl get ips | grep pod1\npod1.default 10.16.0.12 00:00:00:FF:34:24 kube-ovn-worker ovn-default\npod1.default.attachnet.default.ovn 172.19.0.21 00:00:00:A0:30:68 kube-ovn-worker subnet1\n
\u200b\u8bb0\u4f4f\u200b\u7b2c\u4e8c\u200b\u7f51\u5361\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b 172.19.0.21\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#ovn_1","title":"\u521b\u5efa\u200b OVN \u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\u521b\u5efa\u200b OVN \u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\uff1a
kubectl ko nbctl mirror-add mirror1 gre 99 from-lport 172.19.0.21\nkubectl ko nbctl lsp-attach-mirror coredns-787d4945fb-gpnkb.kube-system mirror1\n
\u200b\u5176\u4e2d\u200b coredns-787d4945fb-gpnkb.kube-system \u200b\u662f\u200b OVN LSP \u200b\u7684\u200b\u540d\u79f0\u200b\uff0c\u200b\u683c\u5f0f\u200b\u901a\u5e38\u200b\u4e3a\u200b <POD_NAME>.<POD_NAMESPACE>\u3002
\u200b\u76f8\u5173\u200b\u7684\u200b OVN \u200b\u547d\u4ee4\u200b\u4f7f\u7528\u200b\u65b9\u6cd5\u200b\u5982\u4e0b\u200b\uff1a
ovn-nbctl mirror-add <NAME> <TYPE> <INDEX> <FILTER> <IP>\n\nNAME - add a mirror with given name\nTYPE - specify TYPE 'gre' or 'erspan'\nINDEX - specify the tunnel INDEX value\n (indicates key if GRE, erpsan_idx if ERSPAN)\nFILTER - specify FILTER for mirroring selection\n ('to-lport' / 'from-lport')\nIP - specify Sink / Destination i.e. Remote IP\n\novn-nbctl mirror-del [NAME] remove mirrors\novn-nbctl mirror-list print mirrors\n\novn-nbctl lsp-attach-mirror PORT MIRROR attach source PORT to MIRROR\novn-nbctl lsp-detach-mirror PORT MIRROR detach source PORT from MIRROR\n
"},{"location":"advance/ovn-remote-port-mirroring/#pod_1","title":"\u914d\u7f6e\u200b\u6d41\u91cf\u200b\u63a5\u6536\u200b Pod","text":"\u200b\u5728\u200b\u524d\u9762\u200b\u521b\u5efa\u200b\u7684\u200b Pod \u200b\u4e2d\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff1a
root@pod1:/kube-ovn# ip link add mirror1 type gretap local 172.19.0.21 key 99 dev net1\nroot@pod1:/kube-ovn# ip link set mirror1 up\n
\u200b\u63a5\u4e0b\u6765\u200b\u5c31\u200b\u53ef\u4ee5\u200b\u5728\u200b\u63a5\u6536\u200b\u6d41\u91cf\u200b\u7684\u200b Pod \u200b\u4e2d\u200b\u8fdb\u884c\u200b\u6293\u5305\u200b\u9a8c\u8bc1\u200b\uff1a
root@pod1:/kube-ovn# tcpdump -i mirror1 -nnve\ntcpdump: listening on mirror1, link-type EN10MB (Ethernet), snapshot length 262144 bytes\n05:13:30.328808 00:00:00:a3:f5:e2 > 00:00:00:97:0f:6e, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.16.0.7 tell 10.16.0.4, length 28\n05:13:30.559167 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 212: (tos 0x0, ttl 64, id 57364, offset 0, flags [DF], proto UDP (17), length 198)\n 10.16.0.4.53 > 10.16.0.6.50472: 34511 NXDomain*- 0/1/1 (170)\n05:13:30.559343 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 212: (tos 0x0, ttl 64, id 57365, offset 0, flags [DF], proto UDP (17), length 198)\n 10.16.0.4.53 > 10.16.0.6.45177: 1659 NXDomain*- 0/1/1 (170)\n05:13:30.560625 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 200: (tos 0x0, ttl 64, id 57367, offset 0, flags [DF], proto UDP (17), length 186)\n 10.16.0.4.53 > 10.16.0.6.43848: 2636*- 0/1/1 (158)\n05:13:30.562774 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 191: (tos 0x0, ttl 64, id 57368, offset 0, flags [DF], proto UDP (17), length 177)\n 10.16.0.4.53 > 10.16.0.6.37755: 48737 NXDomain*- 0/1/1 (149)\n05:13:30.563523 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 187: (tos 0x0, ttl 64, id 57369, offset 0, flags [DF], proto UDP (17), length 173)\n 10.16.0.4.53 > 10.16.0.6.53887: 45519 NXDomain*- 0/1/1 (145)\n05:13:30.564940 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 201: (tos 0x0, ttl 64, id 57370, offset 0, flags [DF], proto UDP (17), length 187)\n 10.16.0.4.53 > 10.16.0.6.40846: 25745 NXDomain*- 0/1/1 (159)\n05:13:30.565140 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 201: (tos 0x0, ttl 64, id 57371, offset 0, flags [DF], proto UDP (17), length 187)\n 10.16.0.4.53 > 10.16.0.6.45214: 61875 NXDomain*- 0/1/1 (159)\n05:13:30.566023 00:00:00:a3:f5:e2 > 00:00:00:55:e4:4e, ethertype IPv4 (0x0800), length 80: (tos 0x0, ttl 64, id 45937, offset 0, flags [DF], proto UDP (17), length 66)\n 10.16.0.4.44116 > 172.18.0.1.53: 16025+ [1au] AAAA? alauda.cn. (38)\n
"},{"location":"advance/ovn-remote-port-mirroring/#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":" - \u200b\u5982\u679c\u200b\u4f7f\u7528\u200b ERSPAN \u200b\u4f5c\u4e3a\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\uff0cOVN \u200b\u8282\u70b9\u200b\u53ca\u200b\u8fdc\u7aef\u200b\u8bbe\u5907\u200b\u7684\u200b Linux \u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e0d\u5f97\u200b\u4f4e\u4e8e\u200b 4.14\u3002\u200b\u82e5\u200b\u4f7f\u7528\u200b ERSPAN \u200b\u4f5c\u4e3a\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\u4e14\u200b\u4f7f\u7528\u200b IPv6 \u200b\u4f5c\u4e3a\u200b\u4f20\u8f93\u200b\u7f51\u7edc\u200b\uff0cLinux \u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e0d\u5f97\u200b\u4f4e\u4e8e\u200b 4.16\u3002
- \u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u7684\u200b\u4f20\u8f93\u200b\u662f\u200b\u5355\u5411\u200b\u7684\u200b\uff0c\u200b\u53ea\u200b\u9700\u200b\u4fdd\u8bc1\u200b OVN \u200b\u8282\u70b9\u200b\u80fd\u591f\u200b\u8bbf\u95ee\u200b\u8fdc\u7aef\u200b\u8bbe\u5907\u200b\u5373\u53ef\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/performance-tuning/","title":"\u6027\u80fd\u200b\u8c03\u4f18","text":"\u200b\u4e3a\u4e86\u200b\u4fdd\u6301\u200b\u5b89\u88c5\u200b\u7684\u200b\u7b80\u5355\u200b\u548c\u200b\u529f\u80fd\u200b\u7684\u200b\u5b8c\u5907\u200b\uff0cKube-OVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u5e76\u200b\u6ca1\u6709\u200b\u5bf9\u200b\u6027\u80fd\u200b\u9488\u5bf9\u6027\u200b\u7684\u200b\u4f18\u5316\u200b\u3002\u200b\u5982\u679c\u200b\u5e94\u7528\u200b\u5bf9\u200b\u5ef6\u8fdf\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u654f\u611f\u200b\uff0c \u200b\u7ba1\u7406\u5458\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u672c\u200b\u6587\u6863\u200b\u5bf9\u200b\u6027\u80fd\u200b\u8fdb\u884c\u200b\u9488\u5bf9\u6027\u200b\u4f18\u5316\u200b\u3002
\u200b\u793e\u533a\u200b\u4f1a\u200b\u4e0d\u65ad\u200b\u8fed\u4ee3\u200b\u63a7\u5236\u9762\u677f\u200b\u548c\u200b\u4f18\u5316\u200b\u9762\u200b\u7684\u200b\u6027\u80fd\u200b\uff0c\u200b\u90e8\u5206\u200b\u901a\u7528\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u5df2\u7ecf\u200b\u96c6\u6210\u200b\u5230\u200b\u6700\u65b0\u200b\u7248\u672c\u200b\uff0c\u200b\u5efa\u8bae\u200b\u4f7f\u7528\u200b\u6700\u65b0\u200b\u7248\u672c\u200b\u83b7\u5f97\u200b\u66f4\u597d\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u6027\u80fd\u200b\u3002
\u200b\u66f4\u200b\u591a\u200b\u5173\u4e8e\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u7684\u200b\u8fc7\u7a0b\u200b\u548c\u200b\u65b9\u6cd5\u8bba\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u89c2\u770b\u200b\u89c6\u9891\u200b\u5206\u4eab\u200b\uff1aKube-OVN \u200b\u5bb9\u5668\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u4e4b\u65c5\u200b\u3002
"},{"location":"advance/performance-tuning/#_2","title":"\u57fa\u51c6\u200b\u6d4b\u8bd5","text":"\u200b\u7531\u4e8e\u200b\u8f6f\u786c\u4ef6\u200b\u73af\u5883\u200b\u7684\u200b\u5dee\u5f02\u200b\u6781\u5927\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u63d0\u4f9b\u200b\u7684\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u6570\u636e\u200b\u53ea\u80fd\u200b\u4f5c\u4e3a\u200b\u53c2\u8003\u200b\uff0c\u200b\u5b9e\u9645\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b\u4f1a\u200b\u548c\u200b\u672c\u200b\u6587\u6863\u200b\u4e2d\u200b\u7684\u200b\u7ed3\u679c\u200b\u5b58\u5728\u200b\u8f83\u5927\u200b\u5dee\u5f02\u200b\u3002 \u200b\u5efa\u8bae\u200b\u6bd4\u8f83\u200b\u4f18\u5316\u200b\u524d\u540e\u200b\u7684\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b\uff0c\u200b\u548c\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u548c\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\u6bd4\u8f83\u200b\u3002
"},{"location":"advance/performance-tuning/#overlay","title":"Overlay \u200b\u4f18\u5316\u200b\u524d\u540e\u200b\u6027\u80fd\u200b\u5bf9\u6bd4","text":"\u200b\u73af\u5883\u200b\u4fe1\u606f\u200b\uff1a
- Kubernetes: 1.22.0
- OS: CentOS 7
- Kube-OVN: 1.8.0 Overlay \u200b\u6a21\u5f0f\u200b
- CPU: Intel(R) Xeon(R) E-2278G
- Network: 2*10Gbps, xmit_hash_policy=layer3+4
\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b qperf -t 60 <server ip> -ub -oo msg_size:1 -vu tcp_lat tcp_bw udp_lat udp_bw \u200b\u6d4b\u8bd5\u200b 1 \u200b\u5b57\u8282\u200b\u5c0f\u5305\u200b\u4e0b\u200b tcp/udp \u200b\u7684\u200b\u5e26\u5bbd\u200b\u548c\u200b\u5ef6\u8fdf\u200b\uff0c\u200b\u5206\u522b\u200b\u6d4b\u8bd5\u200b\u4f18\u5316\u200b\u524d\u200b\uff0c\u200b\u4f18\u5316\u200b\u540e\u200b\u4ee5\u53ca\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\uff1a
Type tcp_lat (us) udp_lat (us) tcp_bw (Mb/s) udp_bw(Mb/s) Kube-OVN Default 25.7 22.9 27.1 1.59 Kube-OVN Optimized 13.9 12.9 27.6 5.57 HOST Network 13.1 12.4 28.2 6.02"},{"location":"advance/performance-tuning/#overlay-underlay-calico","title":"Overlay\uff0c Underlay \u200b\u4ee5\u53ca\u200b Calico \u200b\u4e0d\u540c\u200b\u6a21\u5f0f\u200b\u6027\u80fd\u200b\u5bf9\u6bd4","text":"\u200b\u4e0b\u9762\u200b\u6211\u4eec\u200b\u4f1a\u200b\u6bd4\u8f83\u200b\u4f18\u5316\u200b\u540e\u200b Kube-OVN \u200b\u5728\u200b\u4e0d\u540c\u200b\u5305\u200b\u5927\u5c0f\u200b\u4e0b\u200b\u7684\u200b Overlay \u200b\u548c\u200b Underlay \u200b\u6027\u80fd\u200b\uff0c\u200b\u5e76\u200b\u548c\u200b Calico \u200b\u7684\u200b IPIP Always, IPIP never \u200b\u4ee5\u53ca\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u505a\u200b\u6bd4\u8f83\u200b\u3002
Environment:
- Kubernetes: 1.22.0
- OS: CentOS 7
- Kube-OVN: 1.8.0
- CPU: AMD EPYC 7402P 24-Core Processor
- Network: Intel Corporation Ethernet Controller XXV710 for 25GbE SFP28
qperf -t 60 <server ip> -ub -oo msg_size:1 -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Mb/s) udp_bw(Mb/s) Kube-OVN Overlay 15.2 14.6 23.6 2.65 Kube-OVN Underlay 14.3 13.8 24.2 3.46 Calico IPIP 21.4 20.2 23.6 1.18 Calico NoEncap 19.3 16.9 23.6 1.76 HOST Network 16.6 15.4 24.8 2.64 qperf -t 60 <server ip> -ub -oo msg_size:1K -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Gb/s) udp_bw(Gb/s) Kube-OVN Overlay 16.5 15.8 10.2 2.77 Kube-OVN Underlay 15.9 14.5 9.6 3.22 Calico IPIP 22.5 21.5 1.45 1.14 Calico NoEncap 19.4 18.3 3.76 1.63 HOST Network 18.1 16.6 9.32 2.66 qperf -t 60 <server ip> -ub -oo msg_size:4K -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Gb/s) udp_bw(Gb/s) Kube-OVN Overlay 34.7 41.6 16.0 9.23 Kube-OVN Underlay 32.6 44 15.1 6.71 Calico IPIP 44.8 52.9 2.94 3.26 Calico NoEncap 40 49.6 6.56 4.19 HOST Network 35.9 45.9 14.6 5.59 \u200b\u5728\u200b\u90e8\u5206\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\u4f1a\u200b\u4f18\u4e8e\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\uff0c\u200b\u8fd9\u662f\u200b\u4f18\u4e8e\u200b\u7ecf\u8fc7\u200b\u4f18\u5316\u200b\u540e\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u8def\u5f84\u200b\u5b8c\u5168\u200b\u7ed5\u8fc7\u200b\u4e86\u200b netfilter\uff0c \u200b\u800c\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7531\u4e8e\u200b kube-proxy \u200b\u7684\u200b\u5b58\u5728\u200b\u6240\u6709\u200b\u6570\u636e\u5305\u200b\u5747\u200b\u9700\u200b\u7ecf\u8fc7\u200b netfilter\uff0c\u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u5728\u200b\u4e00\u4e9b\u200b\u73af\u5883\u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b \u200b\u7684\u200b\u6d88\u8017\u200b\u76f8\u5bf9\u200b\u66f4\u200b\u5c0f\u200b\uff0c\u200b\u56e0\u6b64\u200b\u4f1a\u200b\u6709\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\u3002
"},{"location":"advance/performance-tuning/#_3","title":"\u6570\u636e\u200b\u5e73\u9762\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u65b9\u6cd5","text":"\u200b\u8fd9\u91cc\u200b\u4ecb\u7ecd\u200b\u7684\u200b\u4f18\u5316\u200b\u65b9\u6cd5\u200b\u548c\u200b\u8f6f\u786c\u4ef6\u200b\u73af\u5883\u200b\u4ee5\u53ca\u200b\u6240\u200b\u9700\u8981\u200b\u7684\u200b\u529f\u80fd\u200b\u76f8\u5173\u200b\uff0c\u200b\u8bf7\u200b\u4ed4\u7ec6\u200b\u4e86\u89e3\u200b\u4f18\u5316\u200b\u7684\u200b\u524d\u63d0\u6761\u4ef6\u200b\u518d\u200b\u8fdb\u884c\u200b\u5c1d\u8bd5\u200b\u3002
"},{"location":"advance/performance-tuning/#cpu","title":"CPU \u200b\u6027\u80fd\u200b\u6a21\u5f0f\u200b\u8c03\u6574","text":"\u200b\u90e8\u5206\u200b\u73af\u5883\u200b\u4e0b\u200b CPU \u200b\u8fd0\u884c\u200b\u5728\u200b\u8282\u80fd\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\u5c06\u4f1a\u200b\u4e0d\u200b\u7a33\u5b9a\u200b\uff0c\u200b\u5ef6\u8fdf\u200b\u4f1a\u200b\u51fa\u73b0\u200b\u660e\u663e\u589e\u52a0\u200b\uff0c\u200b\u5efa\u8bae\u200b\u4f7f\u7528\u200b CPU \u200b\u7684\u200b\u6027\u80fd\u200b\u6a21\u5f0f\u200b\u83b7\u5f97\u200b\u66f4\u200b\u7a33\u5b9a\u200b\u7684\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\uff1a
cpupower frequency-set -g performance\n
"},{"location":"advance/performance-tuning/#_4","title":"\u7f51\u5361\u200b\u786c\u4ef6\u200b\u961f\u5217\u200b\u8c03\u6574","text":"\u200b\u5728\u200b\u6d41\u91cf\u200b\u589e\u5927\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f13\u51b2\u200b\u961f\u5217\u200b\u8fc7\u200b\u77ed\u200b\u53ef\u80fd\u200b\u5bfc\u81f4\u200b\u8f83\u200b\u9ad8\u200b\u7684\u200b\u4e22\u200b\u5305\u7387\u200b\u5bfc\u81f4\u200b\u6027\u80fd\u200b\u663e\u8457\u200b\u4e0b\u964d\u200b\uff0c\u200b\u9700\u8981\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b
\u200b\u68c0\u67e5\u200b\u5f53\u524d\u200b\u7f51\u5361\u200b\u961f\u5217\u200b\u957f\u5ea6\u200b\uff1a
# ethtool -g eno1\n Ring parameters for eno1:\n Pre-set maximums:\n RX: 4096\n RX Mini: 0\n RX Jumbo: 0\n TX: 4096\n Current hardware settings:\n RX: 255\n RX Mini: 0\n RX Jumbo: 0\n TX: 255\n
\u200b\u589e\u52a0\u200b\u961f\u5217\u200b\u957f\u5ea6\u200b\u81f3\u200b\u6700\u5927\u503c\u200b\uff1a
ethtool -G eno1 rx 4096\nethtool -G eno1 tx 4096\n
"},{"location":"advance/performance-tuning/#tuned","title":"\u4f7f\u7528\u200b tuned \u200b\u4f18\u5316\u200b\u7cfb\u7edf\u200b\u53c2\u6570","text":"tuned \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e00\u7cfb\u5217\u200b\u9884\u7f6e\u200b\u7684\u200b profile \u200b\u6587\u4ef6\u200b\u4fdd\u5b58\u200b\u4e86\u200b\u9488\u5bf9\u200b\u7279\u5b9a\u200b\u573a\u666f\u200b\u7684\u200b\u4e00\u7cfb\u5217\u200b\u7cfb\u7edf\u4f18\u5316\u200b\u914d\u7f6e\u200b\u3002
\u200b\u9488\u5bf9\u200b\u5ef6\u8fdf\u200b\u4f18\u5148\u200b\u573a\u666f\u200b\uff1a
tuned-adm profile network-latency\n
\u200b\u9488\u5bf9\u200b\u541e\u5410\u91cf\u200b\u4f18\u5148\u200b\u573a\u666f\u200b\uff1a
tuned-adm profile network-throughput\n
"},{"location":"advance/performance-tuning/#_5","title":"\u4e2d\u65ad\u200b\u7ed1\u5b9a","text":"\u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u7981\u7528\u200b irqbalance \u200b\u5e76\u200b\u5c06\u200b\u7f51\u5361\u200b\u4e2d\u65ad\u200b\u548c\u200b\u7279\u5b9a\u200b CPU \u200b\u8fdb\u884c\u200b\u7ed1\u5b9a\u200b\uff0c\u200b\u6765\u200b\u907f\u514d\u200b\u5728\u200b\u591a\u4e2a\u200b CPU \u200b\u4e4b\u95f4\u200b\u5207\u6362\u200b\u5bfc\u81f4\u200b\u7684\u200b\u6027\u80fd\u200b\u6ce2\u52a8\u200b\u3002
"},{"location":"advance/performance-tuning/#ovn-lb","title":"\u5173\u95ed\u200b OVN LB","text":"OVN \u200b\u7684\u200b L2 LB \u200b\u5b9e\u73b0\u200b\u8fc7\u7a0b\u200b\u4e2d\u200b\u9700\u8981\u200b\u8c03\u7528\u200b\u5185\u6838\u200b\u7684\u200b conntrack \u200b\u6a21\u5757\u200b\u5e76\u200b\u8fdb\u884c\u200b recirculate \u200b\u5bfc\u81f4\u200b\u5927\u91cf\u200b\u7684\u200b CPU \u200b\u5f00\u9500\u200b\uff0c\u200b\u7ecf\u200b\u6d4b\u8bd5\u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5e26\u6765\u200b 20% \u200b\u5de6\u53f3\u200b\u7684\u200b CPU \u200b\u5f00\u9500\u200b\uff0c \u200b\u5728\u200b Overlay \u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b kube-proxy \u200b\u5b8c\u6210\u200b Service \u200b\u8f6c\u53d1\u200b\u529f\u80fd\u200b\uff0c\u200b\u83b7\u5f97\u200b\u66f4\u597d\u200b\u7684\u200b Pod-to-Pod \u200b\u6027\u80fd\u200b\u3002\u200b\u53ef\u4ee5\u200b\u5728\u200b kube-ovn-controller \u200b\u4e2d\u200b\u5173\u95ed\u200b\u8be5\u200b\u529f\u80fd\u200b\uff1a
command:\n- /kube-ovn/start-controller.sh\nargs:\n...\n- --enable-lb=false\n...\n
Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b kube-proxy \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b iptables \u200b\u6216\u200b ipvs \u200b\u63a7\u5236\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\uff0c\u200b\u5982\u9700\u200b\u5173\u95ed\u200b LB \u200b\u529f\u80fd\u200b\u9700\u8981\u200b\u786e\u8ba4\u200b\u662f\u5426\u200b\u4e0d\u200b\u9700\u8981\u200b Service \u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/performance-tuning/#fastpath","title":"\u5185\u6838\u200b FastPath \u200b\u6a21\u5757","text":"\u200b\u7531\u4e8e\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u5728\u200b\u4e0d\u540c\u200b\u7684\u200b network ns\uff0c\u200b\u6570\u636e\u5305\u200b\u5728\u200b\u8de8\u200b\u5bbf\u4e3b\u673a\u200b\u4f20\u8f93\u200b\u65f6\u4f1a\u200b\u591a\u6b21\u200b\u7ecf\u8fc7\u200b netfilter \u200b\u6a21\u5757\u200b\uff0c\u200b\u4f1a\u200b\u5e26\u6765\u200b\u8fd1\u200b 20% \u200b\u7684\u200b CPU \u200b\u5f00\u9500\u200b\u3002\u200b\u7531\u4e8e\u200b\u5927\u90e8\u5206\u200b\u60c5\u51b5\u200b\u4e0b\u200b \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u5185\u200b\u5e94\u7528\u200b\u65e0\u987b\u200b\u4f7f\u7528\u200b netfilter \u200b\u6a21\u5757\u200b\u7684\u200b\u529f\u80fd\u200b\uff0cFastPath \u200b\u6a21\u5757\u200b\u53ef\u4ee5\u200b\u7ed5\u8fc7\u200b netfilter \u200b\u964d\u4f4e\u200b CPU \u200b\u5f00\u9500\u200b\u3002
\u200b\u5982\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u5185\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b netfilter \u200b\u63d0\u4f9b\u200b\u7684\u200b\u529f\u80fd\u200b\u5982\u200b iptables\uff0cipvs\uff0cnftables \u200b\u7b49\u200b\uff0c\u200b\u8be5\u200b\u6a21\u5757\u200b\u4f1a\u200b\u4f7f\u200b\u76f8\u5173\u200b\u529f\u80fd\u200b\u5931\u6548\u200b\u3002
\u200b\u7531\u4e8e\u200b\u5185\u6838\u6a21\u5757\u200b\u548c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u76f8\u5173\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b\u5355\u4e00\u200b\u9002\u5e94\u200b\u6240\u6709\u200b\u5185\u6838\u200b\u7684\u200b\u5185\u6838\u6a21\u5757\u200b\u5236\u54c1\u200b\u3002\u200b\u6211\u4eec\u200b\u9884\u5148\u200b\u7f16\u8bd1\u200b\u4e86\u200b\u90e8\u5206\u200b\u5185\u6838\u200b\u7684\u200b FastPath \u200b\u6a21\u5757\u200b\uff0c \u200b\u53ef\u4ee5\u200b\u524d\u5f80\u200b tunning-package \u200b\u8fdb\u884c\u200b\u4e0b\u8f7d\u200b\u3002
\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u624b\u52a8\u200b\u8fdb\u884c\u200b\u7f16\u8bd1\u200b\uff0c\u200b\u65b9\u6cd5\u200b\u53c2\u8003\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b FastPath \u200b\u6a21\u5757\u200b
\u200b\u83b7\u5f97\u200b\u5185\u6838\u6a21\u5757\u200b\u540e\u200b\u53ef\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4f7f\u7528\u200b insmod kube_ovn_fastpath.ko \u200b\u52a0\u8f7d\u200b FastPath \u200b\u6a21\u5757\u200b\uff0c\u200b\u5e76\u200b\u4f7f\u7528\u200b dmesg \u200b\u9a8c\u8bc1\u200b\u6a21\u5757\u200b\u52a0\u8f7d\u200b\u6210\u529f\u200b\uff1a
# dmesg\n...\n[619631.323788] init_module,kube_ovn_fastpath_local_out\n[619631.323798] init_module,kube_ovn_fastpath_post_routing\n[619631.323800] init_module,kube_ovn_fastpath_pre_routing\n[619631.323801] init_module,kube_ovn_fastpath_local_in\n...\n
"},{"location":"advance/performance-tuning/#ovs","title":"OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u4f18\u5316","text":"OVS \u200b\u7684\u200b flow \u200b\u5904\u7406\u200b\u5305\u62ec\u200b\u54c8\u5e0c\u200b\u8ba1\u7b97\u200b\uff0c\u200b\u5339\u914d\u200b\u7b49\u200b\u64cd\u4f5c\u200b\u4f1a\u200b\u6d88\u8017\u200b\u5927\u7ea6\u200b 10% \u200b\u5de6\u53f3\u200b\u7684\u200b CPU \u200b\u8d44\u6e90\u200b\u3002\u200b\u73b0\u4ee3\u200b x86 CPU \u200b\u4e0a\u200b\u7684\u200b\u4e00\u4e9b\u200b\u6307\u4ee4\u96c6\u200b\u4f8b\u5982\u200b popcnt \u200b\u548c\u200b sse4.2 \u200b\u53ef\u4ee5\u200b \u200b\u52a0\u901f\u200b\u76f8\u5173\u200b\u8ba1\u7b97\u200b\u8fc7\u7a0b\u200b\uff0c\u200b\u4f46\u200b\u5185\u6838\u200b\u9ed8\u8ba4\u200b\u7f16\u8bd1\u200b\u672a\u200b\u5f00\u542f\u200b\u76f8\u5173\u200b\u9009\u9879\u200b\u3002\u200b\u7ecf\u200b\u6d4b\u8bd5\u200b\u5728\u200b\u5f00\u542f\u200b\u76f8\u5e94\u200b\u6307\u4ee4\u96c6\u200b\u4f18\u5316\u200b\u540e\u200b\uff0cflow \u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b CPU \u200b\u6d88\u8017\u200b\u5c06\u4f1a\u200b\u964d\u81f3\u200b 5% \u200b\u5de6\u53f3\u200b\u3002
\u200b\u548c\u200b FastPath \u200b\u6a21\u5757\u200b\u7684\u200b\u7f16\u8bd1\u200b\u7c7b\u4f3c\u200b\uff0c\u200b\u7531\u4e8e\u200b\u5185\u6838\u6a21\u5757\u200b\u548c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u76f8\u5173\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b\u5355\u4e00\u200b\u9002\u5e94\u200b\u6240\u6709\u200b\u5185\u6838\u200b\u7684\u200b\u5185\u6838\u6a21\u5757\u200b\u5236\u54c1\u200b\u3002\u200b\u7528\u6237\u200b\u9700\u8981\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b\u6216\u8005\u200b \u200b\u524d\u5f80\u200b tunning-package \u200b\u67e5\u770b\u200b\u662f\u5426\u200b\u6709\u200b\u5df2\u200b\u7f16\u8bd1\u200b\u597d\u200b\u7684\u200b\u5236\u54c1\u200b\u8fdb\u884c\u200b\u4e0b\u8f7d\u200b\u3002
\u200b\u4f7f\u7528\u200b\u8be5\u200b\u5185\u6838\u6a21\u5757\u200b\u524d\u200b\u8bf7\u200b\u5148\u200b\u786e\u8ba4\u200b CPU \u200b\u662f\u5426\u200b\u652f\u6301\u200b\u76f8\u5173\u200b\u6307\u4ee4\u96c6\u200b\uff1a
cat /proc/cpuinfo | grep popcnt\ncat /proc/cpuinfo | grep sse4_2\n
"},{"location":"advance/performance-tuning/#centos","title":"CentOS \u200b\u4e0b\u200b\u7f16\u8bd1\u200b\u5b89\u88c5","text":"\u200b\u5b89\u88c5\u200b\u76f8\u5173\u200b\u7f16\u8bd1\u200b\u4f9d\u8d56\u200b\u548c\u200b\u5185\u6838\u200b\u5934\u6587\u4ef6\u200b\uff1a
yum install -y gcc kernel-devel-$(uname -r) python3 autoconf automake libtool rpm-build openssl-devel\n
\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u5e76\u200b\u751f\u6210\u200b\u5bf9\u5e94\u200b RPM \u200b\u6587\u4ef6\u200b:
git clone -b branch-2.17 --depth=1 https://github.com/openvswitch/ovs.git\ncd ovs\ncurl -s https://github.com/kubeovn/ovs/commit/2d2c83c26d4217446918f39d5cd5838e9ac27b32.patch | git apply\n./boot.sh\n./configure --with-linux=/lib/modules/$(uname -r)/build CFLAGS=\"-g -O2 -mpopcnt -msse4.2\"\nmake rpm-fedora-kmod\ncd rpm/rpmbuild/RPMS/x86_64/\n
\u200b\u590d\u5236\u200b RPM \u200b\u5230\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u5e76\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a
rpm -i openvswitch-kmod-2.15.2-1.el7.x86_64.rpm\n
\u200b\u82e5\u200b\u4e4b\u524d\u200b\u5df2\u7ecf\u200b\u542f\u52a8\u200b\u8fc7\u200b Kube-OVN\uff0c\u200b\u65e7\u7248\u672c\u200b OVS \u200b\u6a21\u5757\u200b\u5df2\u200b\u52a0\u8f7d\u200b\u81f3\u200b\u5185\u6838\u200b\uff0c\u200b\u5efa\u8bae\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u91cd\u65b0\u200b\u52a0\u8f7d\u200b\u65b0\u7248\u200b\u5185\u6838\u6a21\u5757\u200b\u3002
"},{"location":"advance/performance-tuning/#ubuntu","title":"Ubuntu \u200b\u4e0b\u200b\u7f16\u8bd1\u200b\u5b89\u88c5","text":"\u200b\u5b89\u88c5\u200b\u76f8\u5173\u200b\u7f16\u8bd1\u200b\u4f9d\u8d56\u200b\u548c\u200b\u5185\u6838\u200b\u5934\u6587\u4ef6\u200b\uff1a
apt install -y autoconf automake libtool gcc build-essential libssl-dev\n
\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u5e76\u200b\u5b89\u88c5\u200b\uff1a
apt install -y autoconf automake libtool gcc build-essential libssl-dev\n\ngit clone -b branch-2.17 --depth=1 https://github.com/openvswitch/ovs.git\ncd ovs\ncurl -s https://github.com/kubeovn/ovs/commit/2d2c83c26d4217446918f39d5cd5838e9ac27b32.patch | git apply\n./boot.sh\n./configure --prefix=/usr/ --localstatedir=/var --enable-ssl --with-linux=/lib/modules/$(uname -r)/build\nmake -j `nproc`\nmake install\nmake modules_install\n\ncat > /etc/depmod.d/openvswitch.conf << EOF\noverride openvswitch * extra\noverride vport-* * extra\nEOF\n\ndepmod -a\ncp debian/openvswitch-switch.init /etc/init.d/openvswitch-switch\n/etc/init.d/openvswitch-switch force-reload-kmod\n
\u200b\u82e5\u200b\u4e4b\u524d\u200b\u5df2\u7ecf\u200b\u542f\u52a8\u200b\u8fc7\u200b Kube-OVN\uff0c\u200b\u65e7\u7248\u672c\u200b OVS \u200b\u6a21\u5757\u200b\u5df2\u200b\u52a0\u8f7d\u200b\u81f3\u200b\u5185\u6838\u200b\uff0c\u200b\u5efa\u8bae\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u91cd\u65b0\u200b\u52a0\u8f7d\u200b\u65b0\u7248\u200b\u5185\u6838\u6a21\u5757\u200b\u3002
"},{"location":"advance/performance-tuning/#stt","title":"\u4f7f\u7528\u200b STT \u200b\u7c7b\u578b\u200b\u96a7\u9053","text":"\u200b\u5e38\u89c1\u200b\u7684\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\u4f8b\u5982\u200b Geneve \u200b\u548c\u200b Vxlan \u200b\u4f7f\u7528\u200b UDP \u200b\u534f\u8bae\u200b\u5bf9\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u6709\u200b\u826f\u597d\u200b\u7684\u200b\u652f\u6301\u200b\u3002\u200b\u4f46\u662f\u200b\u5f53\u200b\u4f7f\u7528\u200b UDP \u200b\u5c01\u88c5\u200b TCP \u200b\u6570\u636e\u5305\u200b\u65f6\u200b\uff0c \u200b\u73b0\u4ee3\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u548c\u200b\u7f51\u5361\u200b\u9488\u5bf9\u200b TCP \u200b\u534f\u8bae\u200b\u7684\u200b\u4f18\u5316\u200b\u548c\u200b offload \u200b\u529f\u80fd\u200b\u5c06\u200b\u65e0\u6cd5\u200b\u987a\u5229\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u5bfc\u81f4\u200b TCP \u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u51fa\u73b0\u200b\u663e\u8457\u200b\u4e0b\u964d\u200b\u3002\u200b\u5728\u200b\u865a\u62df\u5316\u200b\u573a\u666f\u200b\u4e0b\u200b\u7531\u4e8e\u200b CPU \u200b\u7684\u200b\u9650\u5236\u200b\uff0c TCP \u200b\u5927\u5305\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u751a\u81f3\u200b\u53ef\u80fd\u200b\u53ea\u6709\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u5341\u5206\u4e4b\u4e00\u200b\u3002
STT \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u79cd\u200b\u521b\u65b0\u200b\u5f0f\u200b\u7684\u200b\u4f7f\u7528\u200b TCP \u200b\u683c\u5f0f\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\u7684\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\uff0c\u200b\u8be5\u200b\u5c01\u88c5\u200b\u53ea\u662f\u200b\u6a21\u62df\u200b\u4e86\u200b TCP \u200b\u534f\u8bae\u200b\u7684\u200b\u5934\u90e8\u200b\u683c\u5f0f\u200b\uff0c\u200b\u5e76\u200b\u6ca1\u6709\u200b\u771f\u6b63\u200b\u5efa\u7acb\u200b TCP \u200b\u8fde\u63a5\u200b\uff0c\u200b\u4f46\u662f\u200b\u53ef\u4ee5\u200b \u200b\u5145\u5206\u5229\u7528\u200b\u73b0\u4ee3\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u548c\u200b\u7f51\u5361\u200b\u7684\u200b TCP \u200b\u4f18\u5316\u200b\u80fd\u529b\u200b\u3002\u200b\u5728\u200b\u6211\u4eec\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u4e2d\u200b TCP \u200b\u5927\u5305\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u80fd\u200b\u6709\u200b\u6570\u500d\u200b\u7684\u200b\u63d0\u5347\u200b\uff0c\u200b\u8fbe\u5230\u200b\u63a5\u8fd1\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\u6c34\u5e73\u200b\u3002
STT \u200b\u96a7\u9053\u200b\u5e76\u200b\u6ca1\u6709\u200b\u9884\u200b\u5b89\u88c5\u200b\u5728\u200b\u5185\u6838\u200b\u5185\u200b\uff0c\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u6765\u200b\u5b89\u88c5\u200b\uff0cOVS \u200b\u5185\u6838\u6a21\u5757\u200b\u7684\u200b\u7f16\u8bd1\u200b\u65b9\u6cd5\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u4e0a\u200b\u4e00\u8282\u200b\u3002
STT \u200b\u96a7\u9053\u200b\u5f00\u542f\u200b\uff1a
kubectl set env daemonset/ovs-ovn -n kube-system TUNNEL_TYPE=stt\n\nkubectl delete pod -n kube-system -lapp=ovs\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/security-group/","title":"SecurityGroup \u200b\u4f7f\u7528","text":"Kube-OVN \u200b\u652f\u6301\u200b\u4e86\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u914d\u7f6e\u200b\u5b89\u5168\u200b\u7ec4\u200b\u4f7f\u7528\u200b\u7684\u200b CRD \u200b\u4e3a\u200b SecurityGroup\u3002
"},{"location":"advance/security-group/#_1","title":"\u5b89\u5168\u200b\u7ec4\u200b\u793a\u4f8b","text":"apiVersion: kubeovn.io/v1\nkind: SecurityGroup\nmetadata:\n name: sg-example\nspec:\n allowSameGroupTraffic: true\n egressRules:\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: all\n remoteAddress: 10.16.0.13 # 10.16.0.0/16 \u200b\u914d\u7f6e\u200b\u7f51\u6bb5\u200b\n remoteType: address\n ingressRules:\n - ipVersion: ipv4\n policy: deny\n priority: 1\n protocol: icmp\n remoteAddress: 10.16.0.14\n remoteType: address\n
\u200b\u5b89\u5168\u200b\u7ec4\u5404\u5b57\u200b\u6bb5\u200b\u7684\u200b\u5177\u4f53\u200b\u542b\u4e49\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u63a5\u53e3\u200b\u89c4\u8303\u200b\u3002
Pod \u200b\u901a\u8fc7\u200b\u6dfb\u52a0\u200b annotation \u200b\u6765\u200b\u7ed1\u5b9a\u200b\u5b89\u5168\u200b\u7ec4\u200b\uff0c\u200b\u4f7f\u7528\u200b\u7684\u200b annotation \u200b\u6709\u200b\u4e24\u4e2a\u200b\uff1a
- port_security: \u200b\u6e90\u5730\u5740\u200b\u6821\u9a8c\u200b\uff0c\u200b\u5982\u679c\u200b\u5f00\u542f\u200b\uff0c\u200b\u53ea\u6709\u200b kube-ovn ipam \u200b\u5206\u914d\u200b\u5230\u200b\u7684\u200b ip \u200b\u6e90\u5730\u5740\u200b\u7684\u200b\u5305\u200b\u53ef\u4ee5\u200b\u4ece\u200b pod \u200b\u7f51\u5361\u200b\u51fa\u53bb\u200b\uff0c\u200b\u5173\u95ed\u200b\u540e\u200b, \u200b\u4efb\u610f\u200b ip \u200b\u90fd\u200b\u53ef\u4ee5\u200b\u3002
- security_groups\uff1a \u200b\u5b89\u5168\u200b\u7ec4\u200b\u5217\u8868\u200b\uff0c\u200b\u5305\u542b\u200b\u4e00\u7cfb\u5217\u200b ACL \u200b\u89c4\u5219\u200b\u3002
\u200b\u8fd9\u200b\u4e24\u4e2a\u200b annotation \u200b\u8d1f\u8d23\u200b\u7684\u200b\u529f\u80fd\u200b\u662f\u200b\u4e92\u76f8\u200b\u72ec\u7acb\u200b\u7684\u200b\u3002
ovn.kubernetes.io/port_security: \"true\"\n ovn.kubernetes.io/security_groups: sg-example\n
"},{"location":"advance/security-group/#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":" -
\u200b\u5b89\u5168\u200b\u7ec4\u200b\u6700\u540e\u200b\u662f\u200b\u901a\u8fc7\u200b\u8bbe\u7f6e\u200b ACL \u200b\u89c4\u5219\u200b\u6765\u200b\u9650\u5236\u200b\u8bbf\u95ee\u200b\u7684\u200b\uff0cOVN \u200b\u6587\u6863\u200b\u4e2d\u200b\u63d0\u5230\u200b\uff0c\u200b\u5982\u679c\u200b\u5339\u914d\u200b\u5230\u200b\u7684\u200b\u4e24\u4e2a\u200b ACL \u200b\u89c4\u5219\u200b\u62e5\u6709\u200b\u76f8\u540c\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u5b9e\u9645\u200b\u8d77\u200b\u4f5c\u7528\u200b\u7684\u200b\u662f\u200b\u54ea\u4e2a\u200b ACL \u200b\u662f\u200b\u4e0d\u200b\u786e\u5b9a\u200b\u7684\u200b\u3002\u200b\u56e0\u6b64\u200b\u8bbe\u7f6e\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u533a\u5206\u200b\u4f18\u5148\u7ea7\u200b\u3002
-
\u200b\u5f53\u200b\u6dfb\u52a0\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u8981\u200b\u6e05\u695a\u200b\u7684\u200b\u77e5\u9053\u200b\u662f\u200b\u5728\u200b\u6dfb\u52a0\u200b\u4ec0\u4e48\u200b\u9650\u5236\u200b\u3002Kube-OVN \u200b\u4f5c\u4e3a\u200b CNI\uff0c\u200b\u521b\u5efa\u200b Pod \u200b\u540e\u200b\u4f1a\u200b\u8fdb\u884c\u200b Pod \u200b\u5230\u200b\u7f51\u5173\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u5982\u679c\u200b\u8bbf\u95ee\u200b\u4e0d\u901a\u200b\u7f51\u5173\u200b\uff0c\u200b\u5c31\u200b\u4f1a\u200b\u5bfc\u81f4\u200b Pod \u200b\u4e00\u76f4\u200b\u5904\u4e8e\u200b ContainerCreating \u200b\u72b6\u6001\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u987a\u5229\u200b\u5207\u6362\u200b\u5230\u200b Running \u200b\u72b6\u6001\u200b\u3002
"},{"location":"advance/security-group/#_3","title":"\u5b9e\u9645\u200b\u6d4b\u8bd5","text":"\u200b\u5229\u7528\u200b\u4ee5\u4e0b\u200b yaml \u200b\u521b\u5efa\u200b Pod\uff0c\u200b\u5728\u200b annotation \u200b\u4e2d\u200b\u6307\u5b9a\u200b\u7ed1\u5b9a\u200b\u793a\u4f8b\u200b\u4e2d\u200b\u7684\u200b\u5b89\u5168\u200b\u7ec4\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n app: static\n annotations:\n ovn.kubernetes.io/port_security: 'true'\n ovn.kubernetes.io/security_groups: 'sg-example'\n name: sg-test-pod\n namespace: default\nspec:\n nodeName: kube-ovn-worker\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
\u200b\u5b9e\u9645\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u663e\u793a\u200b\u5982\u4e0b\u200b\uff1a
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nsg-test-pod 0/1 ContainerCreating 0 5h32m <none> kube-ovn-worker <none> <none>\ntest-99fff7f86-52h9r 1/1 Running 0 5h41m 10.16.0.14 kube-ovn-control-plane <none> <none>\ntest-99fff7f86-qcgjw 1/1 Running 0 5h43m 10.16.0.13 kube-ovn-worker <none> <none>\n
\u200b\u6267\u884c\u200b kubectl describe pod \u200b\u67e5\u770b\u200b Pod \u200b\u7684\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u62a5\u9519\u200b\u63d0\u793a\u200b\uff1a
# kubectl describe pod sg-test-pod\nName: sg-test-pod\nNamespace: default\nPriority: 0\nNode: kube-ovn-worker/172.18.0.2\nStart Time: Tue, 28 Feb 2023 10:29:36 +0800\nLabels: app=static\nAnnotations: ovn.kubernetes.io/allocated: true\n ovn.kubernetes.io/cidr: 10.16.0.0/16\n ovn.kubernetes.io/gateway: 10.16.0.1\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/logical_router: ovn-cluster\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:FA:17:97\n ovn.kubernetes.io/pod_nic_type: veth-pair\n ovn.kubernetes.io/port_security: true\n ovn.kubernetes.io/routed: true\n ovn.kubernetes.io/security_groups: sg-allow-reject\nStatus: Pending\nIP:\nIPs: <none>\n\u00b7\n\u00b7\n\u00b7\nEvents:\n Type Reason Age From Message\n ---- ------ ---- ---- -------\n Warning FailedCreatePodSandBox 5m3s (x70 over 4h59m) kubelet (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox \"40636e0c7f1ade5500fa958486163d74f2e2300051a71522a9afd7ba0538afb6\": plugin type=\"kube-ovn\" failed (add): RPC failed; request ip return 500 configure nic failed 10.16.0.15 network not ready after 200 ping 10.16.0.1\n
\u200b\u4fee\u6539\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u89c4\u5219\u200b\uff0c\u200b\u6dfb\u52a0\u200b\u5230\u200b\u7f51\u5173\u200b\u7684\u200b\u8bbf\u95ee\u200b\u89c4\u5219\u200b\uff0c\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SecurityGroup\nmetadata:\n name: sg-gw-both\nspec:\n allowSameGroupTraffic: true\n egressRules:\n - ipVersion: ipv4\n policy: allow\n priority: 2\n protocol: all\n remoteAddress: 10.16.0.13\n remoteType: address\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: all\n remoteAddress: 10.16.0.1\n remoteType: address\n ingressRules:\n - ipVersion: ipv4\n policy: deny\n priority: 2\n protocol: icmp\n remoteAddress: 10.16.0.14\n remoteType: address\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: icmp\n remoteAddress: 10.16.0.1\n remoteType: address\n
\u200b\u5206\u522b\u200b\u5728\u200b\u5165\u200b\u65b9\u5411\u200b\u548c\u200b\u51fa\u200b\u65b9\u5411\u200b\u89c4\u5219\u200b\u4e2d\u200b\uff0c\u200b\u6dfb\u52a0\u200b\u5141\u8bb8\u200b\u5230\u200b\u7f51\u5173\u200b\u7684\u200b\u8bbf\u95ee\u200b\u89c4\u5219\u200b\uff0c\u200b\u5e76\u4e14\u200b\u8bbe\u7f6e\u200b\u8be5\u200b\u89c4\u5219\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\u6700\u9ad8\u200b\u3002
\u200b\u5229\u7528\u200b\u4ee5\u4e0b\u200b yaml \u200b\u7ed1\u5b9a\u200b\u5b89\u5168\u200b\u7ec4\u200b\uff0c\u200b\u90e8\u7f72\u200b Pod \u200b\u540e\u200b\uff0c\u200b\u786e\u8ba4\u200b Pod \u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u8fd0\u884c\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n app: static\n annotations:\n ovn.kubernetes.io/port_security: 'true'\n ovn.kubernetes.io/security_groups: 'sg-gw-both'\n name: sg-gw-both\n namespace: default\nspec:\n nodeName: kube-ovn-worker\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
\u200b\u90e8\u7f72\u200b\u540e\u200b\u67e5\u770b\u200b Pod \u200b\u4fe1\u606f\u200b\uff1a
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nsg-test-pod 0/1 ContainerCreating 0 5h41m <none> kube-ovn-worker <none> <none>\nsg-gw-both 1/1 Running 0 5h37m 10.16.0.19 kube-ovn-worker <none> <none>\n
\u200b\u56e0\u6b64\u200b\u5bf9\u4e8e\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u8981\u200b\u7279\u522b\u200b\u660e\u786e\u200b\u6dfb\u52a0\u200b\u7684\u200b\u9650\u5236\u200b\u89c4\u5219\u200b\u7684\u200b\u4f5c\u7528\u200b\u3002\u200b\u5982\u679c\u200b\u5355\u7eaf\u200b\u662f\u200b\u9650\u5236\u200b\u6d41\u91cf\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u8003\u8651\u200b\u4f7f\u7528\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u5b9e\u73b0\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vip/","title":"VIP \u200b\u9884\u7559\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\u6211\u4eec\u200b\u5e0c\u671b\u200b\u52a8\u6001\u200b\u7684\u200b\u9884\u7559\u200b\u4e00\u90e8\u5206\u200b IP \u200b\u4f46\u662f\u200b\u5e76\u200b\u4e0d\u200b\u5206\u914d\u200b\u7ed9\u200b Pod \u200b\u800c\u662f\u200b\u5206\u914d\u200b\u7ed9\u200b\u5176\u4ed6\u200b\u7684\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u542f\u7528\u200b\uff0c\u200b\u4f8b\u5982\u200b\uff1a
- Kubernetes \u200b\u5d4c\u5957\u200b Kubernetes \u200b\u7684\u200b\u573a\u666f\u200b\u4e2d\u4e0a\u5c42\u200b Kubernetes \u200b\u4f7f\u7528\u200b Underlay \u200b\u7f51\u7edc\u200b\u4f1a\u200b\u5360\u7528\u200b\u5e95\u5c42\u200b Subnet \u200b\u53ef\u7528\u200b\u5730\u5740\u200b\u3002
- LB \u200b\u6216\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u4e00\u4e2a\u200b Subnet \u200b\u5185\u200b\u7684\u200b IP\uff0c\u200b\u4f46\u200b\u4e0d\u4f1a\u200b\u5355\u72ec\u200b\u8d77\u200b Pod\u3002
"},{"location":"advance/vip/#vip_1","title":"\u521b\u5efa\u200b\u968f\u673a\u200b\u5730\u5740\u200b VIP","text":"\u200b\u5982\u679c\u200b\u53ea\u662f\u200b\u4e3a\u4e86\u200b\u9884\u7559\u200b\u82e5\u5e72\u200b IP \u200b\u800c\u200b\u5bf9\u200b IP \u200b\u5730\u5740\u200b\u672c\u8eab\u200b\u6ca1\u6709\u200b\u8981\u6c42\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b yaml \u200b\u8fdb\u884c\u200b\u521b\u5efa\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: vip-dynamic-01\nspec:\n subnet: ovn-default\n type: \"\"\n
subnet: \u200b\u5c06\u200b\u4ece\u200b\u8be5\u200b Subnet \u200b\u4e2d\u200b\u9884\u7559\u200b IP\u3002type: \u200b\u76ee\u524d\u200b\u652f\u6301\u200b\u4e24\u79cd\u200b\u7c7b\u578b\u200b\uff0c\u200b\u4e3a\u7a7a\u200b\u8868\u793a\u200b\u4ec5\u200b\u7528\u4e8e\u200b ipam ip \u200b\u5360\u4f4d\u200b\uff0cswitch_lb_vip \u200b\u8868\u793a\u200b\u8be5\u200b vip \u200b\u4ec5\u200b\u7528\u4e8e\u200b switch lb \u200b\u524d\u7aef\u200b vip \u200b\u548c\u200b\u540e\u200b\u7aef\u200b ip \u200b\u9700\u200b\u5904\u4e8e\u200b\u540c\u4e00\u200b\u5b50\u7f51\u200b\u3002
\u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\u67e5\u8be2\u200b\u8be5\u200b VIP\uff1a
# kubectl get vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\nvip-dynamic-01 10.16.0.12 00:00:00:F0:DB:25 ovn-default true\n
\u200b\u53ef\u89c1\u200b\u8be5\u200b VIP \u200b\u88ab\u200b\u5206\u914d\u200b\u4e86\u200b 10.16.0.12 \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u53ef\u4ee5\u200b\u4e4b\u540e\u200b\u4f9b\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u4f7f\u7528\u200b\u3002
"},{"location":"advance/vip/#vip_2","title":"\u521b\u5efa\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b VIP","text":"\u200b\u5982\u5bf9\u200b\u9884\u7559\u200b\u7684\u200b VIP \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u6709\u200b\u9700\u6c42\u200b\u53ef\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b yaml \u200b\u8fdb\u884c\u200b\u56fa\u5b9a\u200b\u5206\u914d\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: static-vip01\nspec:\n subnet: ovn-default \n v4ip: \"10.16.0.121\"\n
subnet: \u200b\u5c06\u200b\u4ece\u200b\u8be5\u200b Subnet \u200b\u4e2d\u200b\u9884\u7559\u200b IP\u3002v4ip: \u200b\u56fa\u5b9a\u200b\u5206\u914d\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u9700\u5728\u200b subnet \u200b\u7684\u200b CIDR \u200b\u8303\u56f4\u200b\u5185\u200b\u3002
\u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\u67e5\u8be2\u200b\u8be5\u200b VIP\uff1a
# kubectl get vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\nstatic-vip01 10.16.0.121 00:00:00:F0:DB:26 ovn-default true\n
\u200b\u53ef\u89c1\u200b\u8be5\u200b VIP \u200b\u88ab\u200b\u5206\u914d\u200b\u4e86\u200b\u6240\u200b\u9884\u671f\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
"},{"location":"advance/vip/#pod-vip-ip","title":"Pod \u200b\u4f7f\u7528\u200b VIP \u200b\u6765\u200b\u56fa\u5b9a\u200b IP","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u4ece\u200b v1.12 \u200b\u5f00\u59cb\u200b\u652f\u6301\u200b\u3002
\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b annotation \u200b\u5c06\u200b\u67d0\u4e2a\u200b VIP \u200b\u5206\u914d\u200b\u7ed9\u200b\u4e00\u4e2a\u200b Pod\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: static-ip\n annotations:\n ovn.kubernetes.io/vip: vip-dynamic-01 # \u200b\u6307\u5b9a\u200b vip\n namespace: default\nspec:\n containers:\n - name: static-ip\n image: docker.io/library/nginx:alpine\n
"},{"location":"advance/vip/#statefulset-kubevirt-vm-vip","title":"StatefulSet \u200b\u548c\u200b Kubevirt VM \u200b\u4fdd\u7559\u200b VIP","text":"\u200b\u9488\u5bf9\u200b StatefulSet \u200b\u548c\u200b VM \u200b\u7684\u200b\u7279\u6b8a\u6027\u200b\uff0c\u200b\u5728\u200b\u4ed6\u4eec\u200b\u7684\u200b Pod \u200b\u9500\u6bc1\u200b\u518d\u62c9\u8d77\u200b\u8d77\u540e\u200b\u4f1a\u200b\u91cd\u65b0\u200b\u4f7f\u7528\u200b\u4e4b\u524d\u200b\u8bbe\u7f6e\u200b\u7684\u200b VIP\u3002
VM \u200b\u4fdd\u7559\u200b VIP \u200b\u9700\u8981\u200b\u786e\u4fdd\u200b kube-ovn-controller \u200b\u7684\u200b keep-vm-ip \u200b\u53c2\u6570\u200b\u4e3a\u200b true\u3002\u200b\u8bf7\u200b\u53c2\u8003\u200b Kubevirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u5f00\u542f\u200b\u8bbe\u7f6e\u200b
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vpc-dns/","title":"\u81ea\u5b9a\u4e49\u200b VPC DNS","text":"\u200b\u7531\u4e8e\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u548c\u200b \u200b\u9ed8\u8ba4\u200b VPC \u200b\u7f51\u7edc\u200b\u76f8\u4e92\u200b\u9694\u79bb\u200b\uff0c\u200b\u81ea\u200b\u5b9a\u200b VPC \u200b\u5185\u200b\u65e0\u6cd5\u8bbf\u95ee\u200b\u5230\u200b\u90e8\u7f72\u200b\u5728\u200b\u9ed8\u8ba4\u200b VPC \u200b\u5185\u200b\u7684\u200b coredns\u3002 \u200b\u5982\u679c\u200b\u7528\u6237\u200b\u5e0c\u671b\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u63d0\u4f9b\u200b\u7684\u200b\u96c6\u7fa4\u200b\u5185\u200b\u57df\u540d\u89e3\u6790\u200b\u80fd\u529b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u672c\u200b\u6587\u6863\u200b\uff0c\u200b\u5229\u7528\u200b vpc-dns CRD \u200b\u6765\u200b\u5b9e\u73b0\u200b\u3002
\u200b\u8be5\u200b CRD \u200b\u6700\u7ec8\u200b\u4f1a\u200b\u90e8\u7f72\u200b\u4e00\u4e2a\u200b coredns\uff0c\u200b\u8be5\u200b Pod \u200b\u6709\u200b\u4e24\u4e2a\u200b\u7f51\u5361\u200b\uff0c\u200b\u4e00\u4e2a\u200b\u7f51\u5361\u200b\u5728\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC\uff0c\u200b\u53e6\u200b\u4e00\u4e2a\u200b\u7f51\u5361\u200b\u5728\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4ece\u800c\u200b\u5b9e\u73b0\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\uff0c\u200b\u540c\u65f6\u200b\u901a\u8fc7\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u63d0\u4f9b\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u3002
"},{"location":"advance/vpc-dns/#vpc-dns_1","title":"\u90e8\u7f72\u200b vpc-dns \u200b\u6240\u200b\u4f9d\u8d56\u200b\u7684\u200b\u8d44\u6e90","text":"apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:vpc-dns\nrules:\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - namespaces\n verbs:\n - list\n - watch\n - apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n annotations:\n rbac.authorization.kubernetes.io/autoupdate: \"true\"\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: vpc-dns\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:vpc-dns\nsubjects:\n- kind: ServiceAccount\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-corefile\n namespace: kube-system\ndata:\n Corefile: |\n .:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n forward . /etc/resolv.conf {\n prefer_udp\n }\n cache 30\n loop\n reload\n loadbalance\n }\n
\u200b\u9664\u4e86\u200b\u4ee5\u4e0a\u200b\u8d44\u6e90\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u8fd8\u200b\u4f9d\u8d56\u200b nat-gw-pod \u200b\u955c\u50cf\u200b\u8fdb\u884c\u200b\u8def\u7531\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"advance/vpc-dns/#_1","title":"\u914d\u7f6e\u200b\u9644\u52a0\u200b\u7f51\u5361","text":"apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-nad\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-nad.default.ovn\"\n }'\n
"},{"location":"advance/vpc-dns/#vpc-dns-configmap","title":"\u914d\u7f6e\u200b vpc-dns \u200b\u7684\u200b Configmap","text":"\u200b\u5728\u200b kube-system \u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u4e0b\u200b\u521b\u5efa\u200b configmap\uff0c\u200b\u914d\u7f6e\u200b vpc-dns \u200b\u4f7f\u7528\u200b\u53c2\u6570\u200b\uff0c\u200b\u7528\u4e8e\u200b\u540e\u9762\u200b\u542f\u52a8\u200b vpc-dns \u200b\u529f\u80fd\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-config\n namespace: kube-system\ndata:\n coredns-vip: 10.96.0.3\n enable-vpc-dns: \"true\"\n nad-name: ovn-nad\n nad-provider: ovn-nad.default.ovn\n
enable-vpc-dns\uff1a\u200b\u662f\u5426\u200b\u542f\u7528\u200b\u529f\u80fd\u200b\uff0c\u200b\u9ed8\u8ba4\u200b true\u3002coredns-image\uff1adns \u200b\u90e8\u7f72\u200b\u955c\u50cf\u200b\u3002\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b coredns \u200b\u90e8\u7f72\u200b\u7248\u672c\u200b\u3002coredns-vip\uff1a\u200b\u4e3a\u200b coredns \u200b\u63d0\u4f9b\u200b lb \u200b\u670d\u52a1\u200b\u7684\u200b vip\u3002coredns-template\uff1acoredns \u200b\u90e8\u7f72\u200b\u6a21\u677f\u200b\u6240\u5728\u200b\u7684\u200b URL\u3002\u200b\u9ed8\u8ba4\u200b\u83b7\u53d6\u200b\u5f53\u524d\u200b\u7248\u672c\u200b ovn \u200b\u76ee\u5f55\u200b\u4e0b\u200b coredns-template.yaml \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b https://raw.githubusercontent.com/kubeovn/kube-ovn/\u200b\u5f53\u524d\u200b\u7248\u672c\u200b/yamls/coredns-template.yaml \u3002nad-name\uff1a\u200b\u914d\u7f6e\u200b\u7684\u200b network-attachment-definitions \u200b\u8d44\u6e90\u200b\u540d\u79f0\u200b\u3002nad-provider\uff1a\u200b\u4f7f\u7528\u200b\u7684\u200b provider \u200b\u540d\u79f0\u200b\u3002k8s-service-host\uff1a\u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b ip\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u5185\u200b apiserver \u200b\u5730\u5740\u200b\u3002k8s-service-port\uff1a\u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b port\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u5185\u200b apiserver \u200b\u7aef\u53e3\u200b\u3002
"},{"location":"advance/vpc-dns/#vpc-dns_2","title":"\u90e8\u7f72\u200b vpc-dns","text":"\u200b\u914d\u7f6e\u200b vpc-dns yaml\uff1a
kind: VpcDns\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-cjh1\nspec:\n vpc: cjh-vpc-1\n subnet: cjh-subnet-1\n replicas: 2\n
vpc \uff1a \u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b vpc \u200b\u540d\u79f0\u200b\u3002subnet\uff1a\u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b\u5b50\u200b\u540d\u79f0\u200b\u3002replicas: vpc dns deployment replicas
\u200b\u67e5\u770b\u200b\u90e8\u7f72\u200b\u8d44\u6e90\u200b\u7684\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get vpc-dns\nNAME ACTIVE VPC SUBNET \ntest-cjh1 false cjh-vpc-1 cjh-subnet-1 \ntest-cjh2 true cjh-vpc-1 cjh-subnet-2 \n
ACTIVE : true \u200b\u90e8\u7f72\u200b\u4e86\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b\uff0cfalse \u200b\u65e0\u200b\u90e8\u7f72\u200b\u3002
\u200b\u9650\u5236\u200b\uff1a\u200b\u4e00\u4e2a\u200b VPC \u200b\u4e0b\u200b\u53ea\u4f1a\u200b\u90e8\u7f72\u200b\u4e00\u4e2a\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b;
- \u200b\u5f53\u200b\u4e00\u4e2a\u200b VPC \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u591a\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\uff08\u200b\u5373\u200b\u540c\u4e00\u4e2a\u200b VPC \u200b\u4e0d\u540c\u200b\u7684\u200b subnet\uff09\uff0c\u200b\u53ea\u6709\u200b\u4e00\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\u72b6\u6001\u200b
true\uff0c\u200b\u5176\u4ed6\u200b\u4e3a\u200b fasle; - \u200b\u5f53\u200b
true \u200b\u7684\u200b vpc-dns \u200b\u88ab\u200b\u5220\u9664\u200b\u6389\u200b\uff0c\u200b\u4f1a\u200b\u83b7\u53d6\u200b\u5176\u4ed6\u200b false \u200b\u7684\u200b vpc-dns \u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\u3002
"},{"location":"advance/vpc-dns/#_2","title":"\u9a8c\u8bc1\u200b\u90e8\u7f72\u200b\u7ed3\u679c","text":"\u200b\u67e5\u770b\u200b vpc-dns Pod \u200b\u72b6\u6001\u200b\uff0c\u200b\u4f7f\u7528\u200b label app=vpc-dns\uff0c\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b\u6240\u6709\u200b vpc-dns pod \u200b\u72b6\u6001\u200b\uff1a
# kubectl -n kube-system get pods -l app=vpc-dns\nNAME READY STATUS RESTARTS AGE\nvpc-dns-test-cjh1-7b878d96b4-g5979 1/1 Running 0 28s\nvpc-dns-test-cjh1-7b878d96b4-ltmf9 1/1 Running 0 28s\n
\u200b\u67e5\u770b\u200b slr \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\uff1a
# kubectl -n kube-system get slr\nNAME VIP PORT(S) SERVICE AGE\nvpc-dns-test-cjh1 10.96.0.3 53/UDP,53/TCP,9153/TCP kube-system/slr-vpc-dns-test-cjh1 113s\n
\u200b\u8fdb\u5165\u200b\u8be5\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Pod\uff0c\u200b\u6d4b\u8bd5\u200b dns \u200b\u89e3\u6790\u200b:
nslookup kubernetes.default.svc.cluster.local 10.96.0.3\n
\u200b\u8be5\u200b VPC \u200b\u4e0b\u200b\u7684\u200b switch lb rule \u200b\u6240\u5728\u200b\u7684\u200b\u5b50\u7f51\u200b\u4ee5\u53ca\u200b\u540c\u4e00\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u5176\u4ed6\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b pod \u200b\u90fd\u200b\u53ef\u4ee5\u200b\u89e3\u6790\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vpc-internal-lb/","title":"\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861","text":"Kubernetes \u200b\u63d0\u4f9b\u200b\u7684\u200b Service \u200b\u53ef\u4ee5\u200b\u7528\u4f5c\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\uff0c \u200b\u4f46\u662f\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c \u200b\u4f7f\u7528\u200b Service \u200b\u4f5c\u4e3a\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u5b58\u5728\u200b\u5982\u4e0b\u200b\u51e0\u4e2a\u200b\u95ee\u9898\u200b\uff1a
- Service IP \u200b\u8303\u56f4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u8d44\u6e90\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5171\u4eab\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u91cd\u53e0\u200b\u3002
- \u200b\u7528\u6237\u200b\u65e0\u6cd5\u200b\u6309\u7167\u200b\u81ea\u5df1\u200b\u610f\u613f\u200b\u8bbe\u7f6e\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
\u200b\u4e3a\u4e86\u200b\u89e3\u51b3\u200b\u4e0a\u8ff0\u200b\u95ee\u9898\u200b\uff0cKube-OVN \u200b\u5728\u200b 1.11 \u200b\u5f15\u5165\u200b SwitchLBRule CRD\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u8bbe\u7f6e\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u3002
SwitchLBRule \u200b\u652f\u6301\u200b\u4ee5\u4e0b\u200b\u4e24\u79cd\u200b\u65b9\u5f0f\u200b\u8bbe\u7f6e\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u3002
"},{"location":"advance/vpc-internal-lb/#selector","title":"Selector \u200b\u81ea\u52a8\u200b\u751f\u6210\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b selector \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b label \u200b\u81ea\u52a8\u200b\u5173\u8054\u200b pod \u200b\u914d\u7f6e\u200b\u751f\u6210\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u3002
SwitchLBRule \u200b\u6837\u200b\u4f8b\u5982\u200b\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n selector:\n - app:nginx\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
-
selector, sessionAffinity \u200b\u548c\u200b port \u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u540c\u200b Kubernetes Service\u3002
-
vip\uff1a\u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
-
namespace\uff1aselector \u200b\u6240\u200b\u9009\u62e9\u200b Pod \u200b\u6240\u5728\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u3002
Kube-OVN \u200b\u4f1a\u200b\u6839\u636e\u200b SwitchLBRule \u200b\u5b9a\u4e49\u200b\u9009\u62e9\u200b\u7684\u200b Pod \u200b\u5f97\u51fa\u200b Pod \u200b\u6240\u5728\u200b VPC \u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b L2 LB\u3002
"},{"location":"advance/vpc-internal-lb/#endpoints","title":"Endpoints \u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b endpoints \u200b\u53ef\u4ee5\u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\uff0c\u200b\u7528\u4ee5\u200b\u652f\u6301\u200b\u65e0\u6cd5\u200b\u901a\u8fc7\u200b selector \u200b\u81ea\u52a8\u200b\u751f\u6210\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u7684\u200b\u573a\u666f\u200b\uff0c\u200b\u6bd4\u5982\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u540e\u7aef\u200b\u662f\u200b kubevirt \u200b\u521b\u5efa\u200b\u7684\u200b vm \u3002
SwitchLBRule \u200b\u6837\u200b\u4f8b\u5982\u200b\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n endpoints:\n - 192.168.0.101\n - 192.168.0.102\n - 192.168.0.103\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
-
sessionAffinity \u200b\u548c\u200b port \u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u540c\u200b Kubernetes Service\u3002
-
vip\uff1a\u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
-
namespace\uff1aselector \u200b\u6240\u200b\u9009\u62e9\u200b Pod \u200b\u6240\u5728\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u3002
-
endpoints\uff1a\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u540e\u200b\u7aef\u200b IP \u200b\u5217\u8868\u200b\u3002
\u200b\u6ce8\u200b\uff1a\u200b\u5982\u679c\u200b\u540c\u65f6\u200b\u914d\u7f6e\u200b\u4e86\u200b selector \u200b\u548c\u200b endpoints,\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5ffd\u7565\u200b selector \u200b\u914d\u7f6e\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vpc-peering/","title":"VPC \u200b\u4e92\u8054","text":"VPC \u200b\u4e92\u8054\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u79cd\u200b\u5c06\u200b\u4e24\u4e2a\u200b VPC \u200b\u7f51\u7edc\u200b\u901a\u8fc7\u200b\u903b\u8f91\u200b\u8def\u7531\u200b\u6253\u901a\u200b\u7684\u200b\u673a\u5236\u200b\uff0c\u200b\u4ece\u800c\u200b\u4f7f\u200b\u4e24\u4e2a\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b\u53ef\u4ee5\u200b\u50cf\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u79c1\u6709\u200b\u7f51\u7edc\u200b\u4e00\u6837\u200b\uff0c \u200b\u901a\u8fc7\u200b\u79c1\u6709\u200b\u5730\u5740\u200b\u76f8\u4e92\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u65e0\u9700\u200b\u901a\u8fc7\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u8fdb\u884c\u200b NAT \u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"advance/vpc-peering/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u8be5\u200b\u529f\u80fd\u200b\u53ea\u200b\u9002\u7528\u200b\u4e8e\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC\u3002
- \u200b\u4e3a\u4e86\u200b\u907f\u514d\u200b\u8def\u7531\u200b\u91cd\u53e0\u200b\u4e24\u4e2a\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u80fd\u200b\u91cd\u53e0\u200b\u3002
- \u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b\u4e24\u4e2a\u200b VPC \u200b\u7684\u200b\u4e92\u8054\u200b\uff0c\u200b\u66f4\u200b\u591a\u7ec4\u200b VPC \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4e92\u8054\u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b\u3002
"},{"location":"advance/vpc-peering/#_2","title":"\u4f7f\u7528\u200b\u65b9\u5f0f","text":"\u200b\u9996\u5148\u200b\u521b\u5efa\u200b\u4e24\u4e2a\u200b\u4e0d\u200b\u4e92\u8054\u200b\u7684\u200b VPC\uff0c\u200b\u6bcf\u4e2a\u200b VPC \u200b\u4e0b\u200b\u5404\u6709\u200b\u4e00\u4e2a\u200b Subnet\uff0cSubnet \u200b\u7684\u200b CIDR \u200b\u4e92\u4e0d\u200b\u91cd\u53e0\u200b\u3002
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-1\nspec: {}\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net1\nspec:\n vpc: vpc-1\n cidrBlock: 10.0.0.0/16\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-2\nspec: {}\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: vpc-2\n cidrBlock: 172.31.0.0/16\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b VPC \u200b\u5185\u200b\u5206\u522b\u200b\u589e\u52a0\u200b vpcPeerings \u200b\u548c\u200b\u5bf9\u5e94\u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff1a
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-1\nspec: \n vpcPeerings:\n - remoteVpc: vpc-2\n localConnectIP: 169.254.0.1/30\n staticRoutes:\n - cidr: 172.31.0.0/16\n nextHopIP: 169.254.0.2\n policy: policyDst\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-2\nspec:\n vpcPeerings:\n - remoteVpc: vpc-1\n localConnectIP: 169.254.0.2/30\n staticRoutes:\n - cidr: 10.0.0.0/16\n nextHopIP: 169.254.0.1\n policy: policyDst\n
remoteVpc: \u200b\u4e92\u8054\u200b\u7684\u200b\u53e6\u200b\u4e00\u4e2a\u200b VPC \u200b\u7684\u200b\u540d\u5b57\u200b\u3002localConnectIP: \u200b\u4f5c\u4e3a\u200b\u4e92\u8054\u200b\u7aef\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u548c\u200b CIDR\uff0c\u200b\u6ce8\u610f\u200b\u4e24\u7aef\u200b IP \u200b\u5e94\u200b\u5c5e\u4e8e\u200b\u540c\u4e00\u200b CIDR\uff0c\u200b\u4e14\u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u6709\u200b\u5b50\u7f51\u200b\u51b2\u7a81\u200b\u3002cidr\uff1a\u200b\u53e6\u4e00\u7aef\u200b Subnet \u200b\u7684\u200b CIDR\u3002nextHopIP\uff1a\u200b\u4e92\u8054\u200b VPC \u200b\u53e6\u4e00\u7aef\u200b\u7684\u200b localConnectIP\u3002
\u200b\u5206\u522b\u200b\u5728\u200b\u4e24\u4e2a\u200b Subnet \u200b\u4e0b\u200b\u521b\u5efa\u200b Pod
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net1\n name: vpc-1-pod\nspec:\n containers:\n - name: vpc-1-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net2\n name: vpc-2-pod\nspec:\n containers:\n - name: vpc-2-pod\n image: docker.io/library/nginx:alpine\n
\u200b\u6d4b\u8bd5\u200b\u7f51\u7edc\u200b\u8fde\u901a\u6027\u200b
# kubectl exec -it vpc-1-pod -- ping $(kubectl get pod vpc-2-pod -o jsonpath='{.status.podIP}')\nPING 172.31.0.2 (172.31.0.2): 56 data bytes\n64 bytes from 172.31.0.2: seq=0 ttl=62 time=0.655 ms\n64 bytes from 172.31.0.2: seq=1 ttl=62 time=0.086 ms\n64 bytes from 172.31.0.2: seq=2 ttl=62 time=0.098 ms\n^C\n--- 172.31.0.2 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.086/0.279/0.655 ms\n# kubectl exec -it vpc-2-pod -- ping $(kubectl get pod vpc-1-pod -o jsonpath='{.status.podIP}')\nPING 10.0.0.2 (10.0.0.2): 56 data bytes\n64 bytes from 10.0.0.2: seq=0 ttl=62 time=0.594 ms\n64 bytes from 10.0.0.2: seq=1 ttl=62 time=0.093 ms\n64 bytes from 10.0.0.2: seq=2 ttl=62 time=0.088 ms\n^C\n--- 10.0.0.2 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.088/0.258/0.594 ms\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/windows/","title":"Windows \u200b\u652f\u6301","text":"Kube-OVN \u200b\u652f\u6301\u200b\u5305\u542b\u200b Windows \u200b\u7cfb\u7edf\u200b\u8282\u70b9\u200b\u7684\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5c06\u200b Windows \u200b\u5bb9\u5668\u200b\u7684\u200b\u7f51\u7edc\u200b\u7edf\u4e00\u200b\u63a5\u5165\u200b\u8fdb\u884c\u200b\u7ba1\u7406\u200b\u3002
"},{"location":"advance/windows/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u53c2\u8003\u200b Adding Windows nodes \u200b\u589e\u52a0\u200b Windows \u200b\u8282\u70b9\u200b\u3002
- Windows \u200b\u8282\u70b9\u200b\u5fc5\u987b\u200b\u5b89\u88c5\u200b KB4489899 \u200b\u8865\u4e01\u200b\u4ee5\u200b\u4f7f\u200b Overlay/VXLAN \u200b\u7f51\u7edc\u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u5efa\u8bae\u200b\u66f4\u65b0\u200b\u7cfb\u7edf\u200b\u81f3\u200b\u6700\u65b0\u200b\u7248\u672c\u200b\u3002
- Windows \u200b\u8282\u70b9\u200b\u5fc5\u987b\u200b\u5b89\u88c5\u200b Hyper-V \u200b\u53ca\u200b\u7ba1\u7406\u5de5\u5177\u200b\u3002
- \u200b\u7531\u4e8e\u200b Windows \u200b\u9650\u5236\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u53ea\u80fd\u200b\u4f7f\u7528\u200b Vxlan \u200b\u6a21\u5f0f\u200b\u3002
- \u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b SSL\uff0cIPv6\uff0c\u200b\u53cc\u6808\u200b\uff0cQoS \u200b\u529f\u80fd\u200b\u3002
- \u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b\u52a8\u6001\u200b\u5b50\u7f51\u200b\uff0c\u200b\u52a8\u6001\u200b\u96a7\u9053\u200b\u63a5\u53e3\u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u5728\u200b\u5b89\u88c5\u200b Windows \u200b\u8282\u70b9\u200b\u524d\u200b\u5b8c\u6210\u200b\u5b50\u7f51\u200b\u521b\u5efa\u200b\uff0c\u200b\u5e76\u200b\u56fa\u5b9a\u200b\u7f51\u7edc\u63a5\u53e3\u200b\u3002
- \u200b\u4e0d\u200b\u652f\u6301\u200b\u591a\u4e2a\u200b
ProviderNetwork\uff0c\u200b\u4e14\u200b\u65e0\u6cd5\u200b\u52a8\u6001\u200b\u8c03\u6574\u200b\u6865\u63a5\u200b\u63a5\u53e3\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"advance/windows/#ovs","title":"\u5b89\u88c5\u200b OVS","text":"\u200b\u7531\u4e8e\u200b\u4e0a\u6e38\u200b OVN \u200b\u548c\u200b OVS \u200b\u5bf9\u200b Windows \u200b\u5bb9\u5668\u200b\u652f\u6301\u200b\u5b58\u5728\u200b\u4e00\u4e9b\u200b\u95ee\u9898\u200b\uff0c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u63d0\u4f9b\u200b\u7684\u200b\u7ecf\u8fc7\u200b\u4fee\u6539\u200b\u7684\u200b\u5b89\u88c5\u5305\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\u3002
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\u6253\u5f00\u200b Windows \u200b\u8282\u70b9\u200b\u7684\u200b TESTSIGNING \u200b\u542f\u52a8\u9879\u200b\uff0c\u200b\u6267\u884c\u200b\u6210\u529f\u200b\u540e\u200b\u9700\u8981\u200b\u91cd\u542f\u200b\u7cfb\u7edf\u200b\u751f\u6548\u200b\uff1a
bcdedit /set LOADOPTIONS DISABLE_INTEGRITY_CHECKS\nbcdedit /set TESTSIGNING ON\nbcdedit /set nointegritychecks ON\n
\u200b\u5728\u200b Windows \u200b\u8282\u70b9\u200b\u4e0b\u8f7d\u200b Windows \u200b\u5b89\u88c5\u5305\u200b\u5e76\u200b\u89e3\u538b\u200b\u5b89\u88c5\u200b\u3002
\u200b\u5b89\u88c5\u200b\u5b8c\u6210\u200b\u540e\u200b\u786e\u8ba4\u200b\u670d\u52a1\u200b\u6b63\u5e38\u200b\u8fd0\u884c\u200b\uff1a
PS > Get-Service | findstr ovs\nRunning ovsdb-server Open vSwitch DB Service\nRunning ovs-vswitchd Open vSwitch Service\n
"},{"location":"advance/windows/#kube-ovn","title":"\u5b89\u88c5\u200b Kube-OVN","text":"\u200b\u5728\u200b Windows \u200b\u8282\u70b9\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b install.ps1\u3002
\u200b\u8865\u5145\u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\u5e76\u200b\u6267\u884c\u200b\uff1a
.\\install.ps1 -KubeConfig C:\\k\\admin.conf -ApiServer https://192.168.140.180:6443 -ServiceCIDR 10.96.0.0/12\n
\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b, Kube-OVN \u200b\u4f7f\u7528\u200b\u8282\u70b9\u200b IP \u200b\u6240\u5728\u200b\u7684\u200b\u7f51\u5361\u200b\u4f5c\u4e3a\u200b\u96a7\u9053\u200b\u63a5\u53e3\u200b\u3002 \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u5176\u5b83\u200b\u7f51\u5361\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u524d\u200b\u7ed9\u200b\u8282\u70b9\u200b\u6dfb\u52a0\u200b\u6307\u5b9a\u200b\u7684\u200b Annotation\uff0c\u200b\u5982\u200b ovn.kubernetes.io/tunnel_interface=Ethernet1\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-bgp/","title":"BGP \u200b\u652f\u6301","text":"Kube-OVN \u200b\u652f\u6301\u200b\u5c06\u200b Pod \u200b\u6216\u200b Subnet \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u901a\u8fc7\u200b BGP \u200b\u534f\u8bae\u200b\u5411\u200b\u5916\u90e8\u200b\u8fdb\u884c\u200b\u8def\u7531\u200b\u5e7f\u64ad\u200b\uff0c\u200b\u4ece\u800c\u200b\u4f7f\u5f97\u200b Pod IP \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\u3002 \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u8be5\u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u5b89\u88c5\u200b kube-ovn-speaker \u200b\u5e76\u200b\u5bf9\u200b\u9700\u8981\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\u7684\u200b Pod \u200b\u6216\u200b Subnet \u200b\u589e\u52a0\u200b\u5bf9\u5e94\u200b\u7684\u200b annotation\u3002
"},{"location":"advance/with-bgp/#kube-ovn-speaker","title":"\u5b89\u88c5\u200b kube-ovn-speaker","text":"kube-ovn-speaker \u200b\u5185\u200b\u4f7f\u7528\u200b GoBGP \u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u8bbf\u95ee\u200b\u66b4\u9732\u200b\u5730\u5740\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u8def\u7531\u200b\u6307\u5411\u200b\u81ea\u8eab\u200b\u3002
\u200b\u7531\u4e8e\u200b\u90e8\u7f72\u200b kube-ovn-speaker \u200b\u7684\u200b\u8282\u70b9\u200b\u9700\u8981\u200b\u627f\u62c5\u200b\u56de\u7a0b\u200b\u6d41\u91cf\u200b\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u9009\u62e9\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
kubectl label nodes speaker-node-1 ovn.kubernetes.io/bgp=true\nkubectl label nodes speaker-node-2 ovn.kubernetes.io/bgp=true\n
\u200b\u5f53\u200b\u5b58\u5728\u200b\u591a\u4e2a\u200b kube-ovn-speaker \u200b\u5b9e\u4f8b\u200b\u65f6\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u5b9e\u4f8b\u200b\u90fd\u200b\u4f1a\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\uff0c\u200b\u4e0a\u6e38\u200b\u8def\u7531\u5668\u200b\u9700\u8981\u200b\u652f\u6301\u200b\u591a\u8def\u5f84\u200b ECMP\u3002
\u200b\u4e0b\u8f7d\u200b\u5bf9\u5e94\u200b yaml:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/yamls/speaker.yaml\n
\u200b\u4fee\u6539\u200b yaml \u200b\u5185\u200b\u76f8\u5e94\u200b\u914d\u7f6e\u200b\uff1a
--neighbor-address=10.32.32.1\n--neighbor-as=65030\n--cluster-as=65000\n
neighbor-address: BGP Peer \u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u901a\u5e38\u200b\u4e3a\u200b\u8def\u7531\u5668\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\u3002neighbor-as: BGP Peer \u200b\u7684\u200b AS \u200b\u53f7\u200b\u3002cluster-as: \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b AS \u200b\u53f7\u200b\u3002
\u200b\u90e8\u7f72\u200b yaml:
kubectl apply -f speaker.yaml\n
"},{"location":"advance/with-bgp/#podsubnet","title":"\u53d1\u5e03\u200b Pod/Subnet \u200b\u8def\u7531","text":"\u200b\u5982\u9700\u200b\u4f7f\u7528\u200b BGP \u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\uff0c\u200b\u9996\u5148\u200b\u9700\u8981\u200b\u5c06\u200b\u5bf9\u5e94\u200b Subnet \u200b\u7684\u200b natOutgoing \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\uff0c\u200b\u4f7f\u5f97\u200b Pod IP \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\u3002
\u200b\u589e\u52a0\u200b annotation \u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\uff1a
kubectl annotate pod sample ovn.kubernetes.io/bgp=true\nkubectl annotate subnet ovn-default ovn.kubernetes.io/bgp=true\n
\u200b\u5220\u9664\u200b annotation \u200b\u53d6\u6d88\u200b\u53d1\u5e03\u200b\uff1a
kubectl annotate pod perf-ovn-xzvd4 ovn.kubernetes.io/bgp-\nkubectl annotate subnet ovn-default ovn.kubernetes.io/bgp-\n
"},{"location":"advance/with-bgp/#bgp_1","title":"BGP \u200b\u9ad8\u7ea7\u200b\u9009\u9879","text":"kube-ovn-speaker \u200b\u652f\u6301\u200b\u66f4\u200b\u591a\u200b BGP \u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u9ad8\u7ea7\u200b\u914d\u7f6e\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u200b\u6839\u636e\u200b\u81ea\u5df1\u200b\u7f51\u7edc\u200b\u73af\u5883\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
announce-cluster-ip: \u200b\u662f\u5426\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b Service \u200b\u8def\u7531\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b false\u3002auth-password: BGP peer \u200b\u7684\u200b\u8bbf\u95ee\u200b\u5bc6\u7801\u200b\u3002holdtime: BGP \u200b\u90bb\u5c45\u200b\u95f4\u200b\u7684\u200b\u5fc3\u8df3\u200b\u63a2\u6d4b\u200b\u65f6\u95f4\u200b\uff0c\u200b\u8d85\u8fc7\u200b\u6539\u200b\u65f6\u95f4\u200b\u6ca1\u6709\u200b\u6d88\u606f\u200b\u7684\u200b\u90bb\u5c45\u200b\u5c06\u4f1a\u200b\u88ab\u200b\u79fb\u9664\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 90 \u200b\u79d2\u200b\u3002graceful-restart: \u200b\u662f\u5426\u200b\u542f\u7528\u200b BGP Graceful Restart\u3002graceful-restart-time: BGP Graceful restart time \u200b\u53ef\u200b\u53c2\u8003\u200b RFC4724 3\u3002graceful-restart-deferral-time: BGP Graceful restart deferral time \u200b\u53ef\u200b\u53c2\u8003\u200b RFC4724 4.1\u3002passivemode: Speaker \u200b\u8fd0\u884c\u200b\u5728\u200b passive \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u4e0d\u200b\u4e3b\u52a8\u200b\u8fde\u63a5\u200b peer\u3002ebgp-multihop: ebgp ttl \u200b\u9ed8\u8ba4\u503c\u200b\u4e3a\u200b 1\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-cilium/","title":"Cilium \u200b\u96c6\u6210","text":"Cilium \u200b\u662f\u200b\u4e00\u6b3e\u200b\u57fa\u4e8e\u200b eBPF \u200b\u7684\u200b\u7f51\u7edc\u200b\u548c\u200b\u5b89\u5168\u200b\u7ec4\u4ef6\u200b\uff0cKube-OVN \u200b\u5229\u7528\u200b\u5176\u4e2d\u200b\u7684\u200b CNI Chaining \u200b\u6a21\u5f0f\u200b\u6765\u200b\u5bf9\u200b\u5df2\u6709\u200b\u529f\u80fd\u200b\u8fdb\u884c\u200b\u589e\u5f3a\u200b\u3002 \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u4e30\u5bcc\u200b\u7684\u200b\u7f51\u7edc\u200b\u62bd\u8c61\u200b\u80fd\u529b\u200b\u548c\u200b eBPF \u200b\u5e26\u6765\u200b\u7684\u200b\u76d1\u63a7\u200b\u548c\u200b\u5b89\u5168\u200b\u80fd\u529b\u200b\u3002
\u200b\u901a\u8fc7\u200b\u96c6\u6210\u200b Cilium\uff0cKube-OVN \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u83b7\u5f97\u200b\u5982\u4e0b\u200b\u589e\u76ca\u200b\uff1a
- \u200b\u66f4\u200b\u4e30\u5bcc\u200b\u9ad8\u6548\u200b\u7684\u200b\u5b89\u5168\u7b56\u7565\u200b\u3002
- \u200b\u57fa\u4e8e\u200b Hubble \u200b\u7684\u200b\u76d1\u63a7\u200b\u89c6\u56fe\u200b\u3002
"},{"location":"advance/with-cilium/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - Linux \u200b\u5185\u6838\u200b\u7248\u672c\u200b\u9ad8\u4e8e\u200b 4.19 \u200b\u6216\u200b\u5176\u4ed6\u200b\u517c\u5bb9\u200b\u5185\u6838\u200b\u4ee5\u200b\u83b7\u5f97\u200b\u5b8c\u6574\u200b eBPF \u200b\u80fd\u529b\u200b\u652f\u6301\u200b\u3002
- \u200b\u63d0\u524d\u200b\u90e8\u7f72\u200b Helm \u200b\u4e3a\u200b\u5b89\u88c5\u200b Cilium \u200b\u505a\u200b\u51c6\u5907\u200b\uff0c\u200b\u90e8\u7f72\u200b Helm \u200b\u8bf7\u200b\u53c2\u8003\u200b Installing Helm\u3002
"},{"location":"advance/with-cilium/#kube-ovn","title":"\u914d\u7f6e\u200b Kube-OVN","text":"\u200b\u4e3a\u4e86\u200b\u5145\u5206\u200b\u4f7f\u7528\u200b Cilium \u200b\u7684\u200b\u5b89\u5168\u200b\u80fd\u529b\u200b\uff0c\u200b\u9700\u8981\u200b\u5173\u95ed\u200b Kube-OVN \u200b\u5185\u200b\u7684\u200b networkpolicy \u200b\u529f\u80fd\u200b\uff0c\u200b\u5e76\u200b\u8c03\u6574\u200b CNI \u200b\u914d\u7f6e\u200b\u4f18\u5148\u7ea7\u200b\u3002
\u200b\u5728\u200b install.sh \u200b\u811a\u672c\u200b\u91cc\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53d8\u91cf\u200b\uff1a
ENABLE_NP=false\nCNI_CONFIG_PRIORITY=10\n
\u200b\u82e5\u200b\u5df2\u200b\u90e8\u7f72\u200b\u5b8c\u6210\u200b\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b networkpolicy\uff1a
args:\n- --enable-np=false\n
\u200b\u4fee\u6539\u200b kube-ovn-cni \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u8c03\u6574\u200b CNI \u200b\u914d\u7f6e\u200b\u4f18\u5148\u7ea7\u200b\uff1a
args:\n- --cni-conf-name=10-kube-ovn.conflist\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u8c03\u6574\u200b Kube-OVN \u200b\u914d\u7f6e\u6587\u4ef6\u200b\u540d\u79f0\u200b\uff0c\u200b\u4ee5\u4fbf\u200b\u4f18\u5148\u200b\u4f7f\u7528\u200b Cilium \u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff1a
mv /etc/cni/net.d/01-kube-ovn.conflist /etc/cni/net.d/10-kube-ovn.conflist\n
"},{"location":"advance/with-cilium/#cilium_1","title":"\u90e8\u7f72\u200b Cilium","text":"\u200b\u521b\u5efa\u200b chaining.yaml \u200b\u914d\u7f6e\u6587\u4ef6\u200b\uff0c\u200b\u4f7f\u7528\u200b Cilium \u200b\u7684\u200b generic-veth \u200b\u6a21\u5f0f\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: cni-configuration\n namespace: kube-system\ndata:\n cni-config: |-\n {\n \"name\": \"generic-veth\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n },\n {\n \"type\": \"cilium-cni\"\n }\n ]\n }\n
\u200b\u5b89\u88c5\u200b\u914d\u7f6e\u6587\u4ef6\u200b\uff1a
kubectl apply -f chaining.yaml\n
\u200b\u4f7f\u7528\u200b Helm \u200b\u90e8\u7f72\u200b Cilium\uff1a
helm repo add cilium https://helm.cilium.io/\nhelm install cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --set cni.chainingMode=generic-veth \\\n --set cni.customConf=true \\\n --set cni.configMap=cni-configuration \\\n --set tunnel=disabled \\\n --set enableIPv4Masquerade=false \\\n --set enableIdentityMark=false \n
\u200b\u786e\u8ba4\u200b Cilium \u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\uff1a
# cilium status\n /\u00af\u00af\\\n /\u00af\u00af\\__/\u00af\u00af\\ Cilium: OK\n \\__/\u00af\u00af\\__/ Operator: OK\n /\u00af\u00af\\__/\u00af\u00af\\ Hubble: disabled\n \\__/\u00af\u00af\\__/ ClusterMesh: disabled\n \\__/\n\nDaemonSet cilium Desired: 2, Ready: 2/2, Available: 2/2\nDeployment cilium-operator Desired: 2, Ready: 2/2, Available: 2/2\nContainers: cilium Running: 2\n cilium-operator Running: 2\nCluster Pods: 8/11 managed by Cilium\nImage versions cilium quay.io/cilium/cilium:v1.10.5@sha256:0612218e28288db360c63677c09fafa2d17edda4f13867bcabf87056046b33bb: 2\n cilium-operator quay.io/cilium/operator-generic:v1.10.5@sha256:2d2f730f219d489ff0702923bf24c0002cd93eb4b47ba344375566202f56d972: 2\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-openstack/","title":"OpenStack \u200b\u96c6\u6210","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7528\u6237\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b OpenStack \u200b\u8fd0\u884c\u200b\u865a\u62df\u673a\u200b\uff0c\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u8fd0\u884c\u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u9700\u8981\u200b\u5bb9\u5668\u200b\u548c\u200b\u865a\u673a\u200b\u4e4b\u95f4\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u5e76\u200b\u5904\u4e8e\u200b\u7edf\u4e00\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u4e0b\u200b\u3002\u200b\u5982\u679c\u200b OpenStack Neutron \u200b\u4fa7\u200b\u540c\u6837\u200b\u4f7f\u7528\u200b OVN \u200b\u4f5c\u4e3a\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\u63a7\u5236\u200b\uff0c\u200b\u90a3\u4e48\u200b Kube-OVN \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u548c\u200b\u5171\u4eab\u200b\u5e95\u5c42\u200b OVN \u200b\u4e24\u79cd\u200b\u65b9\u5f0f\u200b\u6253\u901a\u200b OpenStack \u200b\u548c\u200b Kubernetes \u200b\u7684\u200b\u7f51\u7edc\u200b\u3002
"},{"location":"advance/with-openstack/#_1","title":"\u96c6\u7fa4\u200b\u4e92\u8054","text":"\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u548c\u200b\u4f7f\u7528\u200b OVN-IC \u200b\u8fdb\u884c\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u6253\u901a\u200b\u4e24\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u65b9\u5f0f\u200b\u7c7b\u4f3c\u200b\uff0c\u200b\u53ea\u4e0d\u8fc7\u200b\u5c06\u200b\u96c6\u7fa4\u200b\u4e24\u7aef\u200b\u6362\u6210\u200b OpenStack \u200b\u548c\u200b Kubernetes\u3002
"},{"location":"advance/with-openstack/#_2","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u81ea\u52a8\u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b\u4e0b\u200b OpenStack \u200b\u548c\u200b Kubernetes \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u80fd\u200b\u76f8\u4e92\u200b\u91cd\u53e0\u200b\u3002
- \u200b\u9700\u8981\u200b\u5b58\u5728\u200b\u4e00\u7ec4\u200b\u673a\u5668\u200b\u53ef\u4ee5\u200b\u88ab\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u901a\u8fc7\u200b\u7f51\u7edc\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u7528\u6765\u200b\u90e8\u7f72\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u7684\u200b\u63a7\u5236\u5668\u200b\u3002
- \u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u9700\u8981\u200b\u6709\u200b\u4e00\u7ec4\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b IP \u200b\u8fdb\u884c\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8bbf\u200b\u7684\u200b\u673a\u5668\u200b\u4f5c\u4e3a\u200b\u4e4b\u540e\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u3002
- \u200b\u8be5\u200b\u65b9\u6848\u200b\u53ea\u200b\u6253\u901a\u200b Kubernetes \u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u548c\u200b OpenStack \u200b\u7684\u200b\u9009\u5b9a\u200b VPC\u3002
"},{"location":"advance/with-openstack/#ovn-ic","title":"\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93","text":"\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u542f\u52a8\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh\n
"},{"location":"advance/with-openstack/#kubernetes","title":"Kubernetes \u200b\u4fa7\u200b\u64cd\u4f5c","text":"\u200b\u5728\u200b kube-system Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b ovn-ic-config ConfigMap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
enable-ic: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u3002az-name: \u200b\u533a\u5206\u200b\u4e0d\u540c\u200b\u96c6\u7fa4\u200b\u7684\u200b\u96c6\u7fa4\u200b\u540d\u79f0\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4e92\u8054\u200b\u96c6\u7fa4\u200b\u9700\u200b\u4e0d\u540c\u200b\u3002ic-db-host: \u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002ic-nb-port: OVN-IC \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6645\u3002ic-sb-port: OVN-IC \u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6646\u3002gw-nodes: \u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u4e2d\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u5de5\u4f5c\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u200b\uff0c\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u3002auto-route: \u200b\u662f\u5426\u200b\u81ea\u52a8\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u548c\u200b\u5b66\u4e60\u200b\u8def\u7531\u200b\u3002
"},{"location":"advance/with-openstack/#openstack_1","title":"OpenStack \u200b\u4fa7\u200b\u64cd\u4f5c","text":"\u200b\u521b\u5efa\u200b\u548c\u200b Kubernetes \u200b\u4e92\u8054\u200b\u7684\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff1a
# openstack router create router0\n# openstack router list\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| ID | Name | Status | State | Project |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| d5b38655-249a-4192-8046-71aa4d2b4af1 | router0 | ACTIVE | UP | 98a29ab7388347e7b5ff8bdd181ba4f9 |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n
\u200b\u5728\u200b OpenStack \u200b\u5185\u200b\u7684\u200b OVN \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b\u53ef\u7528\u200b\u533a\u200b\u540d\u5b57\u200b\uff0c\u200b\u8be5\u200b\u540d\u79f0\u200b\u9700\u200b\u548c\u200b\u5176\u4ed6\u200b\u4e92\u8054\u200b\u96c6\u7fa4\u200b\u4e0d\u540c\u200b\uff1a
ovn-nbctl set NB_Global . name=op-az\n
\u200b\u5728\u200b\u53ef\u200b\u8bbf\u95ee\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u8282\u70b9\u200b\u542f\u52a8\u200b OVN-IC \u200b\u63a7\u5236\u5668\u200b\uff1a
/usr/share/ovn/scripts/ovn-ctl --ovn-ic-nb-db=tcp:192.168.65.3:6645 \\\n --ovn-ic-sb-db=tcp:192.168.65.3:6646 \\\n --ovn-northd-nb-db=unix:/run/ovn/ovnnb_db.sock \\\n --ovn-northd-sb-db=unix:/run/ovn/ovnsb_db.sock \\\n start_ic\n
ovn-ic-nb-db\uff0covn-ic-sb-db: OVN-IC \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u548c\u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u5730\u5740\u200b\u3002ovn-northd-nb-db\uff0c ovn-northd-sb-db: \u200b\u5f53\u524d\u200b\u96c6\u7fa4\u200b OVN \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u548c\u200b\u5357\u5411\u200b\u6570\u636e\u200b\u5730\u5740\u200b\u3002
\u200b\u914d\u7f6e\u200b\u4e92\u8054\u7f51\u200b\u5173\u8282\u70b9\u200b\uff1a
ovs-vsctl set open_vswitch . external_ids:ovn-is-interconn=true\n
\u200b\u63a5\u4e0b\u6765\u200b\u9700\u8981\u200b\u5728\u200b OpenStack \u200b\u7684\u200b OVN \u200b\u5185\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u521b\u5efa\u200b\u903b\u8f91\u200b\u62d3\u6251\u200b\u3002
\u200b\u8fde\u63a5\u200b ts \u200b\u4e92\u8054\u200b\u4ea4\u6362\u673a\u200b\u548c\u200b router0 \u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff0c\u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u76f8\u5173\u200b\u89c4\u5219\u200b\uff1a
ovn-nbctl lrp-add router0 lrp-router0-ts 00:02:ef:11:39:4f 169.254.100.73/24\novn-nbctl lsp-add ts lsp-ts-router0 -- lsp-set-addresses lsp-ts-router0 router \\\n -- lsp-set-type lsp-ts-router0 router \\\n -- lsp-set-options lsp-ts-router0 router-port=lrp-router0-ts\novn-nbctl lrp-set-gateway-chassis lrp-router0-ts {gateway chassis} 1000\novn-nbctl set NB_Global . options:ic-route-adv=true options:ic-route-learn=true\n
\u200b\u9a8c\u8bc1\u200b\u5df2\u200b\u5b66\u4e60\u200b\u5230\u200b Kubernetes \u200b\u8def\u7531\u200b\u89c4\u5219\u200b\uff1a
# ovn-nbctl lr-route-list router0\nIPv4 Routes\n 10.0.0.22 169.254.100.34 dst-ip (learned)\n 10.16.0.0/16 169.254.100.34 dst-ip (learned)\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5728\u200b router0 \u200b\u7f51\u7edc\u200b\u4e0b\u200b\u521b\u5efa\u200b\u865a\u673a\u200b\u9a8c\u8bc1\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u548c\u200b Kubernetes \u200b\u4e0b\u200b Pod \u200b\u4e92\u901a\u200b\u3002
"},{"location":"advance/with-openstack/#ovn","title":"\u5171\u4eab\u200b\u5e95\u5c42\u200b OVN","text":"\u200b\u5728\u200b\u8be5\u200b\u65b9\u6848\u200b\u4e0b\u200b\uff0cOpenStack \u200b\u548c\u200b Kubernetes \u200b\u5171\u4eab\u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b OVN\uff0c\u200b\u56e0\u6b64\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u4e24\u8005\u200b\u7684\u200b VPC \u200b\u548c\u200b Subnet \u200b\u7b49\u200b\u6982\u5ff5\u200b\u62c9\u9f50\u200b\uff0c\u200b\u5b9e\u73b0\u200b\u66f4\u597d\u200b\u7684\u200b\u63a7\u5236\u200b\u548c\u200b\u4e92\u8054\u200b\u3002
\u200b\u5728\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u6211\u4eec\u200b\u6b63\u5e38\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u90e8\u7f72\u200b OVN\uff0cOpenStack \u200b\u4fee\u6539\u200b Neutron \u200b\u914d\u7f6e\u200b\u5b9e\u73b0\u200b\u8fde\u63a5\u200b\u540c\u4e00\u4e2a\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u3002OpenStack \u200b\u9700\u200b\u4f7f\u7528\u200b networking-ovn \u200b\u4f5c\u4e3a\u200b Neutron \u200b\u540e\u200b\u7aef\u200b\u5b9e\u73b0\u200b\u3002
"},{"location":"advance/with-openstack/#neutron","title":"Neutron \u200b\u914d\u7f6e\u200b\u4fee\u6539","text":"\u200b\u4fee\u6539\u200b Neutron \u200b\u914d\u7f6e\u6587\u4ef6\u200b /etc/neutron/plugins/ml2/ml2_conf.ini\uff1a
[ovn]\n...\novn_nb_connection = tcp:[192.168.137.176]:6641,tcp:[192.168.137.177]:6641,tcp:[192.168.137.178]:6641\novn_sb_connection = tcp:[192.168.137.176]:6642,tcp:[192.168.137.177]:6642,tcp:[192.168.137.178]:6642\novn_l3_scheduler = OVN_L3_SCHEDULER\n
ovn_nb_connection\uff0c ovn_sb_connection: \u200b\u5730\u5740\u200b\u9700\u200b\u4fee\u6539\u200b\u4e3a\u200b Kube-OVN \u200b\u90e8\u7f72\u200b ovn-central \u200b\u8282\u70b9\u200b\u7684\u200b\u5730\u5740\u200b\u3002
\u200b\u4fee\u6539\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b OVS \u200b\u914d\u7f6e\u200b\uff1a
ovs-vsctl set open . external-ids:ovn-remote=tcp:[192.168.137.176]:6642,tcp:[192.168.137.177]:6642,tcp:[192.168.137.178]:6642\novs-vsctl set open . external-ids:ovn-encap-type=geneve\novs-vsctl set open . external-ids:ovn-encap-ip=192.168.137.200\n
external-ids:ovn-remote: \u200b\u5730\u5740\u200b\u9700\u200b\u4fee\u6539\u200b\u4e3a\u200b Kube-OVN \u200b\u90e8\u7f72\u200b ovn-central \u200b\u8282\u70b9\u200b\u7684\u200b\u5730\u5740\u200b\u3002ovn-encap-ip: \u200b\u4fee\u6539\u200b\u4e3a\u200b\u5f53\u524d\u200b\u8282\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
"},{"location":"advance/with-openstack/#kubernetes-openstack","title":"\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u4f7f\u7528\u200b OpenStack \u200b\u5185\u200b\u8d44\u6e90","text":"\u200b\u63a5\u4e0b\u6765\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u67e5\u8be2\u200b OpenStack \u200b\u7684\u200b\u7f51\u7edc\u8d44\u6e90\u200b\u5e76\u200b\u5728\u200b OpenStack \u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u521b\u5efa\u200b Pod\u3002
\u200b\u67e5\u8be2\u200b OpenStack \u200b\u4e2d\u200b\u5df2\u6709\u200b\u7684\u200b\u7f51\u7edc\u8d44\u6e90\u200b\uff0c\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\u5df2\u7ecf\u200b\u9884\u5148\u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\uff1a
# openstack router list\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| ID | Name | Status | State | Project |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| 22040ed5-0598-4f77-bffd-e7fd4db47e93 | router0 | ACTIVE | UP | 62381a21d569404aa236a5dd8712449c |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n# openstack network list\n+--------------------------------------+----------+--------------------------------------+\n| ID | Name | Subnets |\n+--------------------------------------+----------+--------------------------------------+\n| cd59e36a-37db-4c27-b709-d35379a7920f | provider | 01d73d9f-fdaa-426c-9b60-aa34abbfacae |\n+--------------------------------------+----------+--------------------------------------+\n# openstack subnet list\n+--------------------------------------+-------------+--------------------------------------+----------------+\n| ID | Name | Network | Subnet |\n+--------------------------------------+-------------+--------------------------------------+----------------+\n| 01d73d9f-fdaa-426c-9b60-aa34abbfacae | provider-v4 | cd59e36a-37db-4c27-b709-d35379a7920f | 192.168.1.0/24 |\n+--------------------------------------+-------------+--------------------------------------+----------------+\n# openstack server list\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n| ID | Name | Status | Networks | Image | Flavor |\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n| 8433d622-a8d6-41a7-8b31-49abfd64f639 | provider-instance | ACTIVE | provider=192.168.1.61 | ubuntu | m1 |\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n
\u200b\u5728\u200b Kubernetes \u200b\u4fa7\u200b\uff0c\u200b\u67e5\u8be2\u200b VPC \u200b\u8d44\u6e90\u200b\uff1a
# kubectl get vpc\nNAME STANDBY SUBNETS\nneutron-22040ed5-0598-4f77-bffd-e7fd4db47e93 true [\"neutron-cd59e36a-37db-4c27-b709-d35379a7920f\"]\novn-cluster true [\"join\",\"ovn-default\"]\n
neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93 \u200b\u4e3a\u200b\u4ece\u200b OpenStack \u200b\u540c\u6b65\u200b\u8fc7\u6765\u200b\u7684\u200b VPC \u200b\u8d44\u6e90\u200b\u3002
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b Kube-OVN \u200b\u539f\u751f\u200b\u7684\u200b VPC \u200b\u548c\u200b Subnet \u200b\u64cd\u4f5c\u200b\u521b\u5efa\u200b Pod \u200b\u5e76\u200b\u8fd0\u884c\u200b\u3002
VPC, Subnet \u200b\u7ed1\u5b9a\u200b Namespace net2\uff0c\u200b\u5e76\u200b\u521b\u5efa\u200b Pod:
apiVersion: v1\nkind: Namespace\nmetadata:\n name: net2\n---\napiVersion: kubeovn.io/v1\nkind: Vpc\nmetadata:\n creationTimestamp: \"2021-06-20T13:34:11Z\"\n generation: 2\n labels:\n ovn.kubernetes.io/vpc_external: \"true\"\n name: neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93\n resourceVersion: \"583728\"\n uid: 18d4c654-f511-4def-a3a0-a6434d237c1e\nspec:\n namespaces:\n - net2\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93\n namespaces:\n - net2\n cidrBlock: 12.0.1.0/24\n natOutgoing: false\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: ubuntu\n namespace: net2\nspec:\n containers:\n - image: docker.io/kubeovn/kube-ovn:v1.8.0\n command:\n - \"sleep\"\n - \"604800\"\n imagePullPolicy: IfNotPresent\n name: ubuntu\n restartPolicy: Always\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-ovn-ic/","title":"\u4f7f\u7528\u200b OVN-IC \u200b\u8fdb\u884c\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054","text":"Kube-OVN \u200b\u652f\u6301\u200b\u901a\u8fc7\u200b OVN-IC \u200b\u5c06\u200b\u4e24\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b Pod \u200b\u7f51\u7edc\u200b\u6253\u901a\u200b\uff0c\u200b\u6253\u901a\u200b\u540e\u200b\u7684\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b Pod \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Pod IP \u200b\u8fdb\u884c\u200b\u76f4\u63a5\u200b\u901a\u4fe1\u200b\u3002 Kube-OVN \u200b\u4f7f\u7528\u200b\u96a7\u9053\u200b\u5bf9\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u4e4b\u95f4\u200b\u53ea\u8981\u200b\u5b58\u5728\u200b\u4e00\u7ec4\u200b IP \u200b\u53ef\u8fbe\u200b\u7684\u200b\u673a\u5668\u200b\u5373\u53ef\u200b\u5b8c\u6210\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u4e92\u901a\u200b\u3002
\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u7684\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u4e3a\u200b Overlay \u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\uff0cUnderlay \u200b\u7f51\u7edc\u200b\u5982\u679c\u200b\u60f3\u8981\u200b\u5b9e\u73b0\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u9700\u8981\u200b\u5e95\u5c42\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u505a\u200b\u7f51\u7edc\u200b\u6253\u901a\u200b\u3002
"},{"location":"advance/with-ovn-ic/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" -
1.11.16 \u200b\u4e4b\u540e\u200b\u7248\u672c\u200b\u90e8\u7f72\u200b\u7684\u200b\u96c6\u7fa4\u200b\u9ed8\u8ba4\u200b\u5173\u95ed\u200b\u4e86\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u7684\u200b\u5f00\u5173\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u90e8\u7f72\u200b\u811a\u672c\u200b install.sh \u200b\u91cc\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53d8\u91cf\u200b\uff1a
ENABLE_IC=true\n
\u200b\u6253\u5f00\u200b\u5f00\u5173\u200b\u540e\u200b\u90e8\u7f72\u200b\u96c6\u7fa4\u200b\uff0c\u200b\u4f1a\u200b\u51fa\u73b0\u200b\u7ec4\u4ef6\u200b deployment ovn-ic-controller\u3002 2. \u200b\u81ea\u52a8\u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u4e0d\u540c\u200b\u96c6\u7fa4\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u80fd\u200b\u76f8\u4e92\u200b\u91cd\u53e0\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u9700\u5728\u200b\u5b89\u88c5\u200b\u65f6\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u4e0d\u200b\u91cd\u53e0\u200b\u7684\u200b\u7f51\u6bb5\u200b\u3002\u200b\u82e5\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b\u9700\u200b\u53c2\u8003\u200b\u540e\u7eed\u200b\u624b\u52a8\u200b\u4e92\u8054\u200b\u8fc7\u7a0b\u200b\uff0c\u200b\u53ea\u80fd\u200b\u5c06\u200b\u4e0d\u200b\u91cd\u53e0\u200b\u7f51\u6bb5\u200b\u6253\u901a\u200b\u3002 3. \u200b\u9700\u8981\u200b\u5b58\u5728\u200b\u4e00\u7ec4\u200b\u673a\u5668\u200b\u53ef\u4ee5\u200b\u88ab\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u7684\u200b kube-ovn-controller \u200b\u901a\u8fc7\u200b IP \u200b\u8bbf\u95ee\u200b\uff0c\u200b\u7528\u6765\u200b\u90e8\u7f72\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u7684\u200b\u63a7\u5236\u5668\u200b\u3002 4. \u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u9700\u8981\u200b\u6709\u200b\u4e00\u7ec4\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b IP \u200b\u8fdb\u884c\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8bbf\u200b\u7684\u200b\u673a\u5668\u200b\u4f5c\u4e3a\u200b\u4e4b\u540e\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u3002 5. \u200b\u8be5\u200b\u529f\u80fd\u200b\u53ea\u200b\u5bf9\u200b\u9ed8\u8ba4\u200b VPC \u200b\u751f\u6548\u200b\uff0c\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\u4e92\u8054\u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/with-ovn-ic/#ovn-ic_1","title":"\u90e8\u7f72\u200b\u5355\u200b\u8282\u70b9\u200b OVN-IC \u200b\u6570\u636e\u5e93","text":"\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b kube-ovn-controller \u200b\u53ef\u200b\u901a\u8fc7\u200b IP \u200b\u8bbf\u95ee\u200b\u7684\u200b\u673a\u5668\u200b\u4e0a\u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\uff0c\u200b\u8be5\u200b\u8282\u70b9\u200b\u5c06\u200b\u4fdd\u5b58\u200b\u5404\u4e2a\u200b\u96c6\u7fa4\u200b\u540c\u6b65\u200b\u4e0a\u6765\u200b\u7684\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u3002
\u200b\u90e8\u7f72\u200b docker \u200b\u7684\u200b\u73af\u5883\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u542f\u52a8\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh\n
\u200b\u5bf9\u4e8e\u200b\u90e8\u7f72\u200b containerd \u200b\u53d6\u4ee3\u200b docker \u200b\u7684\u200b\u73af\u5883\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh\n
"},{"location":"advance/with-ovn-ic/#_2","title":"\u81ea\u52a8\u200b\u8def\u7531\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u81ea\u52a8\u200b\u8def\u7531\u200b\u8bbe\u7f6e\u200b\u4e0b\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u4f1a\u200b\u5c06\u200b\u81ea\u5df1\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b Subnet \u200b\u7684\u200b CIDR \u200b\u4fe1\u606f\u200b\u540c\u6b65\u200b\u7ed9\u200b OVN-IC\uff0c\u200b\u56e0\u6b64\u200b\u8981\u200b\u786e\u4fdd\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u7684\u200b Subnet CIDR \u200b\u4e0d\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b\u3002
\u200b\u5728\u200b kube-system Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b ovn-ic-config ConfigMap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
enable-ic: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u3002az-name: \u200b\u533a\u5206\u200b\u4e0d\u540c\u200b\u96c6\u7fa4\u200b\u7684\u200b\u96c6\u7fa4\u200b\u540d\u79f0\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4e92\u8054\u200b\u96c6\u7fa4\u200b\u9700\u200b\u4e0d\u540c\u200b\u3002ic-db-host: \u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002ic-nb-port: OVN-IC \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6645\u3002ic-sb-port: OVN-IC \u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6646\u3002gw-nodes: \u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u4e2d\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u5de5\u4f5c\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u200b\uff0c\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u3002auto-route: \u200b\u662f\u5426\u200b\u81ea\u52a8\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u548c\u200b\u5b66\u4e60\u200b\u8def\u7531\u200b\u3002
\u200b\u6ce8\u610f\u200b\uff1a \u200b\u4e3a\u4e86\u200b\u4fdd\u8bc1\u200b\u64cd\u4f5c\u200b\u7684\u200b\u6b63\u786e\u6027\u200b\uff0covn-ic-config \u200b\u8fd9\u4e2a\u200b ConfigMap \u200b\u4e0d\u200b\u5141\u8bb8\u200b\u4fee\u6539\u200b\u3002\u200b\u5982\u200b\u6709\u200b\u53c2\u6570\u200b\u9700\u8981\u200b\u53d8\u66f4\u200b\uff0c\u200b\u8bf7\u200b\u5220\u9664\u200b\u8be5\u200b ConfigMap\uff0c\u200b\u4fee\u6539\u200b\u540e\u200b\u518d\u200b\u5e94\u7528\u200b\u6b64\u200b ConfigMap\u3002
\u200b\u5728\u200b ovn-ic \u200b\u5bb9\u5668\u200b\u5185\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u67e5\u770b\u200b\u662f\u5426\u200b\u5df2\u200b\u5efa\u7acb\u200b\u4e92\u8054\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b ts\uff1a
# ovn-ic-sbctl show\navailability-zone az1\n gateway deee03e0-af16-4f45-91e9-b50c3960f809\n hostname: az1-gw\n type: geneve\n ip: 192.168.42.145\n port ts-az1\n transit switch: ts\n address: [\"00:00:00:50:AC:8C 169.254.100.45/24\"]\navailability-zone az2\n gateway e94cc831-8143-40e3-a478-90352773327b\n hostname: az2-gw\n type: geneve\n ip: 192.168.42.149\n port ts-az2\n transit switch: ts\n address: [\"00:00:00:07:4A:59 169.254.100.63/24\"]\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u89c2\u5bdf\u200b\u903b\u8f91\u200b\u8def\u7531\u200b\u662f\u5426\u200b\u6709\u200b\u5b66\u4e60\u200b\u5230\u200b\u7684\u200b\u5bf9\u200b\u7aef\u200b\u8def\u7531\u200b\uff1a
# kubectl ko nbctl lr-route-list ovn-cluster\nIPv4 Routes\n 10.42.1.1 169.254.100.45 dst-ip (learned)\n 10.42.1.3 100.64.0.2 dst-ip\n 10.16.0.2 100.64.0.2 src-ip\n 10.16.0.3 100.64.0.2 src-ip\n 10.16.0.4 100.64.0.2 src-ip\n 10.16.0.6 100.64.0.2 src-ip\n 10.17.0.0/16 169.254.100.45 dst-ip (learned)\n 100.65.0.0/16 169.254.100.45 dst-ip (learned)\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5c1d\u8bd5\u200b\u5728\u200b\u96c6\u7fa4\u200b 1 \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b Pod \u200b\u5185\u200b\u76f4\u63a5\u200b ping \u200b\u96c6\u7fa4\u200b 2 \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b Pod IP \u200b\u89c2\u5bdf\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u8054\u901a\u200b\u3002
\u200b\u5bf9\u4e8e\u200b\u67d0\u4e2a\u200b\u4e0d\u60f3\u200b\u5bf9\u5916\u200b\u81ea\u52a8\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\u7684\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b Subnet \u200b\u91cc\u200b\u7684\u200b disableInterConnection \u200b\u6765\u200b\u7981\u6b62\u200b\u8def\u7531\u200b\u5e7f\u64ad\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: no-advertise\nspec:\n cidrBlock: 10.199.0.0/16\n disableInterConnection: true\n
"},{"location":"advance/with-ovn-ic/#_3","title":"\u624b\u52a8\u200b\u8def\u7531\u200b\u8bbe\u7f6e","text":"\u200b\u5bf9\u4e8e\u200b\u96c6\u7fa4\u200b\u95f4\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b CIDR \u200b\u53ea\u200b\u5e0c\u671b\u200b\u505a\u200b\u90e8\u5206\u200b\u5b50\u7f51\u200b\u6253\u901a\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u624b\u52a8\u200b\u53d1\u5e03\u200b\u5b50\u200b\u7f51\u8def\u200b\u7531\u200b\u3002
\u200b\u5728\u200b kube-system Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b ovn-ic-config ConfigMap\uff0c\u200b\u5e76\u200b\u5c06\u200b auto-route \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"false\"\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u5206\u522b\u200b\u67e5\u770b\u200b\u8fdc\u7aef\u200b\u903b\u8f91\u200b\u7aef\u53e3\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u7528\u4e8e\u200b\u4e4b\u540e\u200b\u624b\u52a8\u200b\u914d\u7f6e\u200b\u8def\u7531\u200b\uff1a
[root@az1 ~]# kubectl ko nbctl show\nswitch a391d3a1-14a0-4841-9836-4bd930c447fb (ts)\n port ts-az1\n type: router\n router-port: az1-ts\n port ts-az2\n type: remote\n addresses: [\"00:00:00:4B:E2:9F 169.254.100.31/24\"]\n\n[root@az2 ~]# kubectl ko nbctl show\nswitch da6138b8-de81-4908-abf9-b2224ec4edf3 (ts)\n port ts-az2\n type: router\n router-port: az2-ts\n port ts-az1\n type: remote\n addresses: [\"00:00:00:FB:2A:F7 169.254.100.79/24\"] \n
\u200b\u7531\u200b\u4e0a\u200b\u8f93\u51fa\u200b\u53ef\u77e5\u200b\uff0c\u200b\u96c6\u7fa4\u200b az1 \u200b\u5230\u200b \u200b\u96c6\u7fa4\u200b az2 \u200b\u7684\u200b\u8fdc\u7aef\u200b\u5730\u5740\u200b\u4e3a\u200b 169.254.100.31\uff0caz2 \u200b\u5230\u200b az1 \u200b\u7684\u200b\u8fdc\u7aef\u200b\u5730\u5740\u200b\u4e3a\u200b 169.254.100.79\u3002
\u200b\u4e0b\u9762\u200b\u624b\u52a8\u200b\u8bbe\u7f6e\u200b\u8def\u7531\u200b\uff0c\u200b\u5728\u200b\u8be5\u200b\u4f8b\u5b50\u200b\u4e2d\u200b\uff0c\u200b\u96c6\u7fa4\u200b az1 \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 10.16.0.0/24\uff0c\u200b\u96c6\u7fa4\u200b az2 \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 10.17.0.0/24\u3002
\u200b\u5728\u200b\u96c6\u7fa4\u200b az1 \u200b\u8bbe\u7f6e\u200b\u5230\u200b\u96c6\u7fa4\u200b az2 \u200b\u7684\u200b\u8def\u7531\u200b:
kubectl ko nbctl lr-route-add ovn-cluster 10.17.0.0/24 169.254.100.31\n
\u200b\u5728\u200b\u96c6\u7fa4\u200b az2 \u200b\u8bbe\u7f6e\u200b\u5230\u200b\u96c6\u7fa4\u200b az1 \u200b\u7684\u200b\u8def\u7531\u200b:
kubectl ko nbctl lr-route-add ovn-cluster 10.16.0.0/24 169.254.100.79\n
"},{"location":"advance/with-ovn-ic/#ovn-ic_2","title":"\u9ad8\u200b\u53ef\u7528\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u90e8\u7f72","text":"OVN-IC \u200b\u6570\u636e\u5e93\u200b\u4e4b\u95f4\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Raft \u200b\u534f\u8bae\u200b\u7ec4\u6210\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b\u96c6\u7fa4\u200b\uff0c\u200b\u8be5\u200b\u90e8\u7f72\u200b\u6a21\u5f0f\u200b\u9700\u8981\u200b\u81f3\u5c11\u200b 3 \u200b\u4e2a\u200b\u8282\u70b9\u200b\u3002
\u200b\u9996\u5148\u200b\u5728\u200b\u7b2c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u542f\u52a8\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b leader\u3002
\u200b\u90e8\u7f72\u200b docker \u200b\u73af\u5883\u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP=\"192.168.65.3\" -e NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\" kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh\n
\u200b\u5982\u679c\u200b\u662f\u200b\u90e8\u7f72\u200b containerd \u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" --env=\"NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\"\" --env=\"LOCAL_IP=\"192.168.65.3\"\" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh\n
LOCAL_IP\uff1a \u200b\u5f53\u524d\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\u3002NODE_IPS\uff1a \u200b\u8fd0\u884c\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u4e09\u4e2a\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002
\u200b\u63a5\u4e0b\u6765\u200b\uff0c\u200b\u5728\u200b\u53e6\u5916\u200b\u4e24\u4e2a\u200b\u8282\u70b9\u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b follower\u3002
\u200b\u90e8\u7f72\u200b docker \u200b\u73af\u5883\u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP=\"192.168.65.2\" -e NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\" -e LEADER_IP=\"192.168.65.3\" kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh\n
\u200b\u5982\u679c\u200b\u662f\u200b\u90e8\u7f72\u200b containerd \u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" --env=\"NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\"\" --env=\"LOCAL_IP=\"192.168.65.2\"\" --env=\"LEADER_IP=\"192.168.65.3\"\" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh\n
LOCAL_IP\uff1a \u200b\u5f53\u524d\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\u3002NODE_IPS\uff1a \u200b\u8fd0\u884c\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u4e09\u4e2a\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002LEADER_IP: \u200b\u8fd0\u884c\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b leader \u200b\u8282\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u521b\u5efa\u200b ovn-ic-config \u200b\u65f6\u200b\u6307\u5b9a\u200b\u591a\u4e2a\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3,192.168.65.2,192.168.65.1\"\n ic-nb-port: \"6645\"\n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
"},{"location":"advance/with-ovn-ic/#_4","title":"\u624b\u52a8\u200b\u91cd\u7f6e","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7531\u4e8e\u200b\u914d\u7f6e\u200b\u9519\u8bef\u200b\u9700\u8981\u200b\u5bf9\u200b\u6574\u4e2a\u200b\u4e92\u8054\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u6e05\u7406\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u6e05\u7406\u200b\u73af\u5883\u200b\u3002
\u200b\u5220\u9664\u200b\u5f53\u524d\u200b\u7684\u200b ovn-ic-config Configmap\uff1a
kubectl -n kube-system delete cm ovn-ic-config\n
\u200b\u5220\u9664\u200b ts \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\uff1a
kubectl ko nbctl ls-del ts\n
\u200b\u5728\u200b\u5bf9\u200b\u7aef\u200b\u96c6\u7fa4\u200b\u91cd\u590d\u200b\u540c\u6837\u200b\u7684\u200b\u6b65\u9aa4\u200b\u3002
"},{"location":"advance/with-ovn-ic/#az-name","title":"\u4fee\u6539\u200b az-name","text":"\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b kubectl edit \u200b\u7684\u200b\u65b9\u5f0f\u200b\u5bf9\u200b ovn-ic-config \u200b\u8fd9\u4e2a\u200b configmap \u200b\u4e2d\u200b\u7684\u200b az-name \u200b\u5b57\u200b\u6bb5\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002 \u200b\u4f46\u662f\u200b\u9700\u8981\u200b\u5728\u200b\u6bcf\u4e2a\u200b ovn-cni pod \u200b\u4e0a\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u5426\u5219\u200b\u53ef\u80fd\u200b\u51fa\u73b0\u200b\u6700\u957f\u200b 10 \u200b\u5206\u949f\u200b\u7684\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u4e2d\u65ad\u200b\u3002
ovn-appctl -t ovn-controller inc-engine/recompute\n
"},{"location":"advance/with-ovn-ic/#_5","title":"\u6e05\u7406\u200b\u96c6\u7fa4\u200b\u4e92\u8054","text":"\u200b\u5220\u9664\u200b\u6240\u6709\u200b\u96c6\u7fa4\u200b\u7684\u200b ovn-ic-config Configmap\uff1a
kubectl -n kube-system delete cm ovn-ic-config\n
\u200b\u5220\u9664\u200b\u6240\u6709\u200b\u96c6\u7fa4\u200b\u7684\u200b ts \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\uff1a
kubectl ko nbctl ls-del ts\n
\u200b\u5220\u9664\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u63a7\u5236\u5668\u200b\uff0c\u200b\u5982\u679c\u200b\u662f\u200b\u9ad8\u200b\u53ef\u7528\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u90e8\u7f72\u200b\uff0c\u200b\u9700\u8981\u200b\u90fd\u200b\u6e05\u7406\u200b\u6389\u200b\u3002
\u200b\u5982\u679c\u200b\u63a7\u5236\u5668\u200b\u662f\u200b docker \u200b\u90e8\u7f72\u200b\u6267\u884c\u547d\u4ee4\u200b\uff1a
docker stop ovn-ic-db \ndocker rm ovn-ic-db\n
\u200b\u5982\u679c\u200b\u63a7\u5236\u5668\u200b\u662f\u200b containerd \u200b\u90e8\u7f72\u200b\u6267\u884c\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io task kill ovn-ic-db\nctr -n k8s.io containers rm ovn-ic-db\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-submariner/","title":"\u4f7f\u7528\u200b Submariner \u200b\u8fdb\u884c\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054","text":"Submariner \u200b\u4f5c\u4e3a\u200b\u53ef\u4ee5\u200b\u6253\u901a\u200b\u591a\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b Pod \u200b\u548c\u200b Service \u200b\u7f51\u7edc\u200b\u7684\u200b\u5f00\u6e90\u200b\u7f51\u7edc\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u80fd\u591f\u200b\u5e2e\u52a9\u200b Kube-OVN \u200b\u5b9e\u73b0\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u3002
\u200b\u76f8\u6bd4\u200b\u901a\u8fc7\u200b OVN-IC \u200b\u6253\u901a\u200b\u591a\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u7684\u200b\u65b9\u5f0f\u200b\uff0cSubmariner \u200b\u53ef\u4ee5\u200b\u6253\u901a\u200b Kube-OVN \u200b\u548c\u200b\u975e\u200b Kube-OVN \u200b\u7684\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b \u200b\u80fd\u200b\u63d0\u4f9b\u200b Service \u200b\u7684\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u80fd\u529b\u200b\u3002\u200b\u4f46\u662f\u200b Submariner \u200b\u76ee\u524d\u200b\u53ea\u80fd\u200b\u5b9e\u73b0\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b\u6253\u901a\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u5b9e\u73b0\u200b\u591a\u5b50\u200b\u7f51\u200b\u9009\u62e9\u6027\u200b\u6253\u901a\u200b\u3002
"},{"location":"advance/with-submariner/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u7684\u200b Service CIDR \u200b\u548c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u4e0d\u80fd\u200b\u91cd\u53e0\u200b\u3002
"},{"location":"advance/with-submariner/#submariner_1","title":"\u90e8\u7f72\u200b Submariner","text":"\u200b\u4e0b\u8f7d\u200b subctl \u200b\u4e8c\u8fdb\u5236\u200b\u6587\u4ef6\u200b\uff0c\u200b\u5e76\u200b\u90e8\u7f72\u200b\u5230\u200b\u76f8\u5e94\u200b\u8def\u5f84\u200b\uff1a
curl -Ls https://get.submariner.io | bash\nexport PATH=$PATH:~/.local/bin\necho export PATH=\\$PATH:~/.local/bin >> ~/.profile\n
\u200b\u5207\u6362\u200b kubeconfig \u200b\u81f3\u200b\u5e0c\u671b\u200b\u90e8\u7f72\u200b submariner-broker \u200b\u7684\u200b\u96c6\u7fa4\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
subctl deploy-broker\n
\u200b\u5728\u200b\u672c\u200b\u6587\u6863\u200b\u4e2d\u200b cluster0 \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 10.16.0.0/16\uff0cjoin \u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 100.64.0.0/16\uff0ccluster1 \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 11.16.0.0/16\uff0cjoin \u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b '100.68.0.0/16'\u3002
\u200b\u5207\u6362\u200b kubeconfig \u200b\u81f3\u200b cluster0 \u200b\u6ce8\u518c\u200b\u96c6\u7fa4\u200b\u81f3\u200b broker\uff0c\u200b\u5e76\u200b\u6ce8\u518c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b:
subctl join broker-info.subm --clusterid cluster0 --clustercidr 100.64.0.0/16,10.16.0.0/16 --natt=false --cable-driver vxlan --health-check=false\nkubectl label nodes cluster0 submariner.io/gateway=true\n
\u200b\u5207\u6362\u200b kubeconfig \u200b\u81f3\u200b cluster1 \u200b\u6ce8\u518c\u200b\u96c6\u7fa4\u200b\u81f3\u200b broker\uff0c\u200b\u5e76\u200b\u6ce8\u518c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b:
subctl join broker-info.subm --clusterid cluster1 --clustercidr 100.68.0.0/16,11.16.0.0/16 --natt=false --cable-driver vxlan --health-check=false\nkubectl label nodes cluster1 submariner.io/gateway=true\n
\u200b\u5982\u679c\u200b\u6267\u884c\u200b join \u200b\u547d\u4ee4\u200b\u4e4b\u540e\u200b\u6ca1\u6709\u200b\u65b0\u200b\u7684\u200b gateway, routeagentpod \u200b\u51fa\u73b0\u200b\u7684\u8bdd\u200b, \u200b\u8bf7\u200b\u4e3a\u200b submariner-operator \u200b\u8fd9\u4e2a\u200b clusterrole \u200b\u589e\u52a0\u200b\u4ee5\u4e0b\u200b\u6743\u9650\u200b:
- apiGroups:\n - \"apps\"\n resources:\n - daemonsets\n verbs:\n - create\n - get\n - list\n - watch\n - update\n
\u200b\u5bf9\u4e8e\u200b\u591a\u200b\u8282\u70b9\u200b\u7684\u200b\u96c6\u7fa4\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u9ed8\u8ba4\u200b\u7684\u200b subnet ovn-default \u200b\u7684\u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b\u6539\u4e3a\u200b centralized\u3002\u200b\u4e3a\u200b submariner \u200b\u914d\u7f6e\u200b\u7684\u200b gateway \u200b\u8282\u70b9\u200b\u9700\u8981\u200b\u548c\u200b subnet \u200b\u8282\u70b9\u200b\u5b8c\u5168\u76f8\u540c\u200b\u3002
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5728\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5206\u522b\u200b\u542f\u52a8\u200b Pod \u200b\u5e76\u200b\u5c1d\u8bd5\u200b\u4f7f\u7528\u200b IP \u200b\u8fdb\u884c\u200b\u76f8\u4e92\u200b\u8bbf\u95ee\u200b\u3002
\u200b\u5982\u679c\u200b\u51fa\u73b0\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u95ee\u9898\u200b\u53ef\u200b\u901a\u8fc7\u200b subctl \u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u8bca\u65ad\u200b\uff1a
subctl show all\nsubctl diagnose all\n
\u200b\u66f4\u200b\u591a\u200b Submariner \u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b\u8bf7\u200b\u67e5\u770b\u200b Submariner \u200b\u7528\u6237\u624b\u518c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/custom-routes/","title":"\u81ea\u5b9a\u4e49\u200b\u8def\u7531","text":"\u200b\u53ef\u4ee5\u200b\u5728\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u901a\u8fc7\u200b Annotations \u200b\u6765\u200b\u6307\u5b9a\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b\u7684\u200b\u8def\u7531\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: custom-routes\n annotations:\n ovn.kubernetes.io/routes: |\n [{\n \"dst\": \"192.168.0.101/24\",\n \"gw\": \"10.16.0.254\"\n }, {\n \"gw\": \"10.16.0.254\"\n }]\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n
dst \u200b\u5b57\u6bb5\u200b\u4e3a\u200b\u7a7a\u200b\u8868\u793a\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u8def\u7531\u200b\u3002
\u200b\u5982\u679c\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b\u4e3a\u200b Deployment\u3001DaemonSet \u200b\u6216\u200b StatefulSet\uff0c\u200b\u5bf9\u5e94\u200b\u7684\u200b Annotation \u200b\u9700\u8981\u200b\u914d\u7f6e\u200b\u5728\u200b\u8d44\u6e90\u200b\u7684\u200b .spec.template.metadata.annotations \u200b\u4e2d\u200b\uff0c\u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: custom-routes\n labels:\n app: nginx\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n annotations:\n ovn.kubernetes.io/routes: |\n [{\n \"dst\": \"192.168.0.101/24\",\n \"gw\": \"10.16.0.254\"\n }, {\n \"gw\": \"10.16.0.254\"\n }]\n spec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/dual-stack/","title":"\u53cc\u6808\u200b\u4f7f\u7528","text":"Kube-OVN \u200b\u4e2d\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u652f\u6301\u200b\u4e0d\u540c\u200b\u7684\u200b\u534f\u8bae\u200b\uff0c\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u5b58\u5728\u200b IPv4\uff0cIPv6 \u200b\u548c\u200b\u53cc\u6808\u200b\u7c7b\u578b\u200b\u7684\u200b\u5b50\u7f51\u200b\u3002 \u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u4f7f\u7528\u200b\u7edf\u4e00\u200b\u7684\u200b\u534f\u8bae\u200b\u7c7b\u578b\u200b\u4ee5\u200b\u7b80\u5316\u200b\u4f7f\u7528\u200b\u548c\u200b\u7ef4\u62a4\u200b\u3002
\u200b\u4e3a\u4e86\u200b\u652f\u6301\u200b\u53cc\u6808\u200b\uff0c\u200b\u9700\u8981\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u6ee1\u8db3\u200b\u53cc\u6808\u200b\u8981\u6c42\u200b\uff0c\u200b\u540c\u65f6\u200b\u9700\u8981\u200b\u5bf9\u200b Kubernetes \u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\u505a\u200b\u8c03\u6574\u200b\uff0c \u200b\u8bf7\u200b\u53c2\u8003\u200b Kubernetes \u200b\u7684\u200b\u53cc\u6808\u200b\u5b98\u65b9\u200b\u6307\u5bfc\u200b\u3002
"},{"location":"guide/dual-stack/#_2","title":"\u521b\u5efa\u200b\u53cc\u6808\u200b\u5b50\u7f51","text":"\u200b\u5728\u200b\u914d\u7f6e\u200b\u53cc\u6808\u200b\u65f6\u200b\uff0c\u200b\u53ea\u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u5b50\u7f51\u200b CIDR \u200b\u683c\u5f0f\u200b\u4e3a\u200b cidr=<IPv4 CIDR>,<IPv6 CIDR> \u200b\u5373\u53ef\u200b\u3002 CIDR \u200b\u987a\u5e8f\u200b\u8981\u6c42\u200b IPv4 \u200b\u5728\u200b\u524d\u200b\uff0cIPv6 \u200b\u5728\u200b\u540e\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata: \n name: ovn-test\nspec:\n cidrBlock: 10.16.0.0/16,fd00:10:16::/64\n excludeIps:\n - 10.16.0.1\n - fd00:10:16::1\n gateway: 10.16.0.1,fd00:10:16::1\n
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u65f6\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u53cc\u6808\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u4fee\u6539\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\uff1a
POD_CIDR=\"10.16.0.0/16,fd00:10:16::/64\"\nJOIN_CIDR=\"100.64.0.0/16,fd00:100:64::/64\"\n
"},{"location":"guide/dual-stack/#pod","title":"\u67e5\u770b\u200b Pod \u200b\u5730\u5740","text":"\u200b\u914d\u7f6e\u200b\u53cc\u6808\u200b\u7f51\u7edc\u200b\u7684\u200b Pod \u200b\u5c06\u4f1a\u200b\u4ece\u200b\u8be5\u200b\u5b50\u7f51\u200b\u540c\u65f6\u200b\u5206\u914d\u200b IPv4 \u200b\u548c\u200b IPv6 \u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u5206\u914d\u200b\u7ed3\u679c\u200b\u4f1a\u200b\u663e\u793a\u200b\u5728\u200b Pod \u200b\u7684\u200b annotation \u200b\u4e2d\u200b:
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/allocated: \"true\"\n ovn.kubernetes.io/cidr: 10.16.0.0/16,fd00:10:16::/64\n ovn.kubernetes.io/gateway: 10.16.0.1,fd00:10:16::1\n ovn.kubernetes.io/ip_address: 10.16.0.9,fd00:10:16::9\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:14:88:09\n ovn.kubernetes.io/network_types: geneve\n ovn.kubernetes.io/routed: \"true\"\n...\npodIP: 10.16.0.9\n podIPs:\n - ip: 10.16.0.9\n - ip: fd00:10:16::9\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/eip-snat/","title":"EIP \u200b\u548c\u200b SNAT \u200b\u914d\u7f6e","text":"\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9488\u5bf9\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u8bf7\u200b\u53c2\u8003\u200b VPC \u200b\u7f51\u5173\u200b
Kube-OVN \u200b\u652f\u6301\u200b\u5229\u7528\u200b OVN \u200b\u4e2d\u200b\u7684\u200b L3 Gateway \u200b\u529f\u80fd\u200b\u6765\u200b\u5b9e\u73b0\u200b Pod \u200b\u7ea7\u522b\u200b\u7684\u200b SNAT \u200b\u548c\u200b EIP \u200b\u529f\u80fd\u200b\u3002 \u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b SNAT\uff0c\u200b\u4e00\u7ec4\u200b Pod \u200b\u53ef\u4ee5\u200b\u5171\u4eab\u200b\u4e00\u4e2a\u200b IP \u200b\u5730\u5740\u200b\u5bf9\u5916\u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\u3002 \u200b\u901a\u8fc7\u200b EIP \u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u4e00\u4e2a\u200b Pod \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u548c\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b IP \u200b\u5173\u8054\u200b\uff0c \u200b\u5916\u90e8\u200b\u670d\u52a1\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b EIP \u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b Pod\uff0cPod \u200b\u4e5f\u200b\u5c06\u200b\u901a\u8fc7\u200b\u8fd9\u4e2a\u200b EIP \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u670d\u52a1\u200b\u3002
"},{"location":"guide/eip-snat/#_1","title":"\u51c6\u5907\u200b\u5de5\u4f5c","text":" - \u200b\u4e3a\u4e86\u200b\u4f7f\u7528\u200b OVN \u200b\u7684\u200b L3 Gateway \u200b\u80fd\u529b\u200b\uff0c\u200b\u5fc5\u987b\u200b\u5c06\u200b\u4e00\u4e2a\u200b\u5355\u72ec\u200b\u7684\u200b\u7f51\u5361\u200b\u63a5\u5165\u200b OVS \u200b\u7f51\u6865\u200b\u4e2d\u200b\u8fdb\u884c\u200b Overlay \u200b\u548c\u200b Underlay \u200b\u7f51\u7edc\u200b\u7684\u200b\u6253\u901a\u200b\uff0c \u200b\u4e3b\u673a\u200b\u5fc5\u987b\u200b\u6709\u200b\u5176\u4ed6\u200b\u7684\u200b\u7f51\u5361\u200b\u7528\u4e8e\u200b\u8fd0\u7ef4\u200b\u7ba1\u7406\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u7ecf\u8fc7\u200b NAT \u200b\u540e\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u4f1a\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b Underlay \u200b\u7f51\u7edc\u200b\uff0c\u200b\u5fc5\u987b\u200b\u786e\u8ba4\u200b\u5f53\u524d\u200b\u7684\u200b\u7f51\u7edc\u200b\u67b6\u6784\u200b\u4e0b\u200b\u6b64\u7c7b\u200b\u6570\u636e\u5305\u200b\u53ef\u4ee5\u200b\u5b89\u5168\u200b\u901a\u8fc7\u200b\u3002
- \u200b\u76ee\u524d\u200b EIP \u200b\u548c\u200b SNAT \u200b\u5730\u5740\u200b\u6ca1\u6709\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\uff0c\u200b\u9700\u8981\u200b\u7ba1\u7406\u5458\u200b\u624b\u52a8\u200b\u5206\u914d\u200b\u907f\u514d\u200b\u5730\u5740\u200b\u51b2\u7a81\u200b\u3002
"},{"location":"guide/eip-snat/#_2","title":"\u521b\u5efa\u200b\u914d\u7f6e\u6587\u4ef6","text":"\u200b\u5728\u200b kube-system \u200b\u4e0b\u200b\u521b\u5efa\u200b ConfigMap ovn-external-gw-config\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-external-gw-config\n namespace: kube-system\ndata:\n enable-external-gw: \"true\"\n external-gw-nodes: \"kube-ovn-worker\"\n external-gw-nic: \"eth1\"\n external-gw-addr: \"172.56.0.1/16\"\n nic-ip: \"172.56.0.254/16\"\n nic-mac: \"16:52:f3:13:6a:25\"\n
enable-external-gw: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b SNAT \u200b\u548c\u200b EIP \u200b\u529f\u80fd\u200b\u3002type: centrailized \u200b\u6216\u200b distributed\uff0c \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b centralized \u200b\u5982\u679c\u200b\u4f7f\u7528\u200b distributed\uff0c\u200b\u5219\u200b\u96c6\u7fa4\u200b\u6240\u6709\u200b\u8282\u70b9\u200b\u90fd\u200b\u9700\u8981\u200b\u6709\u200b\u540c\u540d\u200b\u7f51\u5361\u200b\u6765\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u3002external-gw-nodes: centralized \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u4f5c\u7528\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u200b\uff0c\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u3002external-gw-nic: \u200b\u8282\u70b9\u200b\u4e0a\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u4f5c\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u200b\u3002external-gw-addr: \u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7f51\u5173\u200b\u7684\u200b IP \u200b\u548c\u200b\u63a9\u7801\u200b\u3002nic-ip,nic-mac: \u200b\u5206\u914d\u200b\u7ed9\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u7aef\u53e3\u200b\u7684\u200b IP \u200b\u548c\u200b Mac\uff0c\u200b\u9700\u4e3a\u200b\u7269\u7406\u200b\u6bb5\u200b\u672a\u200b\u88ab\u200b\u5360\u7528\u200b\u7684\u200b IP \u200b\u548c\u200b Mac\u3002
"},{"location":"guide/eip-snat/#ovn-ovs","title":"\u89c2\u5bdf\u200b OVN \u200b\u548c\u200b OVS \u200b\u72b6\u6001\u200b\u786e\u8ba4\u200b\u914d\u7f6e\u200b\u751f\u6548","text":"\u200b\u68c0\u67e5\u200b OVN-NB \u200b\u72b6\u6001\u200b, \u200b\u786e\u8ba4\u200b ovn-external \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u5b58\u5728\u200b\uff0c\u200b\u5e76\u4e14\u200b ovn-cluster-ovn-external \u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\u7aef\u53e3\u200b\u4e0a\u200b \u200b\u7ed1\u5b9a\u200b\u4e86\u200b\u6b63\u786e\u200b\u7684\u200b\u5730\u5740\u200b\u548c\u200b chassis\u3002
# kubectl ko nbctl show\nswitch 3de4cea7-1a71-43f3-8b62-435a57ef16a6 (ovn-external)\n port ln-ovn-external\n type: localnet\n addresses: [\"unknown\"]\n port ovn-external-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-external\nrouter e1eb83ad-34be-4ed5-9a02-fcc8b1d357c4 (ovn-cluster)\n port ovn-cluster-ovn-external\n mac: \"ac:1f:6b:2d:33:f1\"\n networks: [\"172.56.0.100/16\"]\n gateway chassis: [a5682814-2e2c-46dd-9c1c-6803ef0dab66]\n
\u200b\u68c0\u67e5\u200b OVS \u200b\u72b6\u6001\u200b\uff0c\u200b\u786e\u8ba4\u200b\u76f8\u5e94\u200b\u7684\u200b\u7f51\u5361\u200b\u5df2\u7ecf\u200b\u6865\u63a5\u200b\u8fdb\u200b br-external \u200b\u7f51\u6865\u200b\uff1a
# kubectl ko vsctl ${gateway node name} show\ne7d81150-7743-4d6e-9e6f-5c688232e130\n Bridge br-external\n Port br-external\n Interface br-external\n type: internal\n Port eno2\n Interface eno2\n Port patch-ln-ovn-external-to-br-int\n Interface patch-ln-ovn-external-to-br-int\n type: patch\n options: {peer=patch-br-int-to-ln-ovn-external}\n
"},{"location":"guide/eip-snat/#pod-eip-snat","title":"Pod \u200b\u914d\u7f6e\u200b EIP \u200b\u548c\u200b SNAT","text":"\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5728\u200b Pod \u200b\u4e0a\u200b\u589e\u52a0\u200b ovn.kubernetes.io/snat \u200b\u6216\u200b ovn.kubernetes.io/eip annotation \u200b\u6765\u200b\u5206\u522b\u200b\u914d\u7f6e\u200b SNAT \u200b\u548c\u200b EIP\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: pod-gw\n annotations:\n ovn.kubernetes.io/snat: 172.56.0.200\nspec:\n containers:\n - name: snat-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: pod-gw\n annotations:\n ovn.kubernetes.io/eip: 172.56.0.233\nspec:\n containers:\n - name: eip-pod\n image: docker.io/library/nginx:alpine\n
\u200b\u53ef\u200b\u901a\u8fc7\u200b kubectl \u200b\u6216\u200b\u5176\u4ed6\u200b\u5de5\u5177\u200b\u52a8\u6001\u200b\u8c03\u6574\u200b Pod \u200b\u6240\u200b\u914d\u7f6e\u200b\u7684\u200b EIP \u200b\u6216\u200b SNAT \u200b\u89c4\u5219\u200b\uff0c\u200b\u66f4\u6539\u200b\u65f6\u8bf7\u200b\u6ce8\u610f\u200b\u8981\u200b\u540c\u65f6\u200b\u5220\u9664\u200b ovn.kubernetes.io/routed annotation \u200b\u89e6\u53d1\u200b\u8def\u7531\u200b\u7684\u200b\u53d8\u66f4\u200b\uff1a
kubectl annotate pod pod-gw ovn.kubernetes.io/eip=172.56.0.221 --overwrite\nkubectl annotate pod pod-gw ovn.kubernetes.io/routed-\n
\u200b\u5f53\u200b EIP \u200b\u6216\u200b SNAT \u200b\u89c4\u5219\u200b\u751f\u6548\u200b\u540e\u200b\uff0covn.kubernetes.io/routed annotation \u200b\u4f1a\u200b\u88ab\u200b\u91cd\u65b0\u200b\u6dfb\u52a0\u200b\u3002
"},{"location":"guide/eip-snat/#_3","title":"\u9ad8\u7ea7\u200b\u914d\u7f6e","text":"kube-ovn-controller \u200b\u7684\u200b\u90e8\u5206\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u53ef\u200b\u5bf9\u200b SNAT \u200b\u548c\u200b EIP \u200b\u529f\u80fd\u200b\u8fdb\u884c\u200b\u9ad8\u9636\u200b\u914d\u7f6e\u200b\uff1a
--external-gateway-config-ns: Configmap ovn-external-gw-config \u200b\u6240\u5c5e\u200b Namespace\uff0c \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b kube-system\u3002--external-gateway-net: \u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u6240\u200b\u6865\u63a5\u200b\u7684\u200b\u7f51\u6865\u200b\u540d\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b external\u3002--external-gateway-vlanid: \u200b\u7269\u7406\u200b\u7f51\u7edc\u200b Vlan Tag \u200b\u53f7\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 0\uff0c \u200b\u5373\u200b\u4e0d\u200b\u4f7f\u7528\u200b Vlan\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/ippool/","title":"IP \u200b\u6c60\u200b\u4f7f\u7528","text":"IP \u200b\u6c60\u200b\uff08IPPool\uff09\u200b\u662f\u200b\u6bd4\u200b\u5b50\u7f51\u200b\uff08Subnet\uff09\u200b\u66f4\u7ec6\u200b\u529b\u5ea6\u200b\u7684\u200b IPAM \u200b\u7ba1\u7406\u200b\u5355\u5143\u200b\u3002\u200b\u4f60\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b IP \u200b\u6c60\u5c06\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\u7ec6\u5206\u200b\u4e3a\u200b\u591a\u4e2a\u200b\u5355\u5143\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u5355\u5143\u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b\u6216\u200b\u591a\u4e2a\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\uff08Namespace\uff09\u3002
"},{"location":"guide/ippool/#_1","title":"\u4f7f\u7528\u200b\u65b9\u6cd5","text":"\u200b\u4f7f\u7528\u200b\u793a\u4f8b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: IPPool\nmetadata:\n name: pool-1\nspec:\n subnet: ovn-default\n ips:\n - \"10.16.0.201\"\n - \"10.16.0.210/30\"\n - \"10.16.0.220..10.16.0.230\"\n namespaces:\n - ns-1\n
\u200b\u5b57\u200b\u6bb5\u200b\u8bf4\u660e\u200b\uff1a
\u200b\u540d\u79f0\u200b \u200b\u7528\u9014\u200b \u200b\u5907\u6ce8\u200b subnet \u200b\u6307\u5b9a\u200b\u6240\u5c5e\u200b\u5b50\u7f51\u200b \u200b\u5fc5\u586b\u200b ips \u200b\u6307\u5b9a\u200b\u5305\u542b\u200b\u7684\u200b IP \u200b\u8303\u56f4\u200b \u200b\u652f\u6301\u200b \u3001 \u200b\u4ee5\u53ca\u200b .. \u200b\u4e09\u79cd\u200b\u683c\u5f0f\u200b\uff0c\u200b\u652f\u6301\u200b IPv6\u3002 namespaces \u200b\u7ed1\u5b9a\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b \u200b\u53ef\u200b\u9009"},{"location":"guide/ippool/#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":" - \u200b\u4e3a\u200b\u4fdd\u8bc1\u200b\u4e0e\u200b Workload \u200b\u901a\u7528\u200b IP Pool \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b \u200b\u7684\u200b\u517c\u5bb9\u6027\u200b\uff0cIP \u200b\u6c60\u200b\u7684\u200b\u540d\u79f0\u200b\u4e0d\u80fd\u200b\u662f\u200b\u4e00\u4e2a\u200b IP \u200b\u5730\u5740\u200b\uff1b
- IP \u200b\u6c60\u200b\u7684\u200b
.spec.ips \u200b\u53ef\u200b\u6307\u5b9a\u200b\u8d85\u51fa\u200b\u5b50\u7f51\u200b\u8303\u56f4\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4f46\u200b\u5b9e\u9645\u200b\u6709\u6548\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u662f\u200b .spec.ips \u200b\u4e0e\u200b\u5b50\u7f51\u200b CIDR \u200b\u7684\u200b\u4ea4\u96c6\u200b\uff1b - \u200b\u540c\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u4e0d\u540c\u200b IP \u200b\u6c60\u200b\uff0c\u200b\u4e0d\u80fd\u200b\u5305\u542b\u200b\u76f8\u540c\u200b\u7684\u200b\uff08\u200b\u6709\u6548\u200b\uff09IP \u200b\u5730\u5740\u200b\uff1b
- IP \u200b\u6c60\u200b\u7684\u200b
.spec.ips \u200b\u53ef\u200b\u52a8\u6001\u200b\u4fee\u6539\u200b\uff1b - IP \u200b\u6c60\u4f1a\u200b\u7ee7\u627f\u200b\u5b50\u7f51\u200b\u7684\u200b\u4fdd\u7559\u200b IP\uff0c\u200b\u4ece\u200b IP \u200b\u6c60\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP \u200b\u5730\u5740\u200b\u65f6\u200b\uff0c\u200b\u4f1a\u200b\u8df3\u200b\u8fc7\u200b\u5305\u542b\u200b\u5728\u200b IP \u200b\u6c60\u4e2d\u200b\u7684\u200b\u4fdd\u7559\u200b IP\uff1b
- \u200b\u4ece\u200b\u5b50\u7f51\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP \u200b\u5730\u5740\u200b\u65f6\u200b\uff0c\u200b\u53ea\u4f1a\u200b\u4ece\u200b\u5b50\u7f51\u200b\u6240\u6709\u200b IP \u200b\u6c60\u200b\u4ee5\u5916\u200b\u7684\u200b\u8303\u56f4\u200b\u5206\u914d\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/loadbalancer-service/","title":"LoadBalancer \u200b\u7c7b\u578b\u200b Service","text":"Kube-OVN \u200b\u5df2\u7ecf\u200b\u652f\u6301\u200b\u4e86\u200b VPC \u200b\u548c\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b\u5b9e\u73b0\u200b\uff0c\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b VPC \u200b\u914d\u7f6e\u200b\u3002
\u200b\u7531\u4e8e\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b\u4f7f\u7528\u200b\u6bd4\u8f83\u590d\u6742\u200b\uff0c\u200b\u57fa\u4e8e\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b\u5b9e\u73b0\u200b\u505a\u200b\u4e86\u200b\u7b80\u5316\u200b\uff0c\u200b\u652f\u6301\u200b\u5728\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u521b\u5efa\u200b LoadBalancer \u200b\u7c7b\u578b\u200b\u7684\u200b Service\uff0c\u200b\u5b9e\u73b0\u200b\u901a\u8fc7\u200b LoadBalancerIP \u200b\u6765\u200b\u8bbf\u95ee\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Service\u3002
\u200b\u9996\u5148\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u4e0a\u200b\u6ee1\u8db3\u200b\u4ee5\u4e0b\u200b\u6761\u4ef6\u200b\uff1a
- \u200b\u5b89\u88c5\u200b\u4e86\u200b
multus-cni \u200b\u548c\u200b macvlan cni\u3002 - LoadBalancer Service \u200b\u7684\u200b\u652f\u6301\u200b\uff0c\u200b\u662f\u200b\u5bf9\u200b VPC \u200b\u7f51\u5173\u200b\u4ee3\u7801\u200b\u8fdb\u884c\u200b\u7b80\u5316\u200b\u5b9e\u73b0\u200b\u7684\u200b\uff0c\u200b\u4ecd\u7136\u200b\u4f7f\u7528\u200b
vpc-nat-gw \u200b\u7684\u200b\u955c\u50cf\u200b\uff0c\u200b\u4f9d\u8d56\u200b macvlan \u200b\u63d0\u4f9b\u200b\u591a\u200b\u7f51\u5361\u200b\u529f\u80fd\u200b\u652f\u6301\u200b\u3002 - \u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b\u5728\u200b
\u200b\u9ed8\u8ba4\u200b VPC \u200b\u914d\u7f6e\u200b\uff0c\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b LoadBalancer \u200b\u652f\u6301\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b VPC \u200b\u7684\u200b\u6587\u6863\u200b VPC \u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/loadbalancer-service/#vpc-loadbalancer-service","title":"\u9ed8\u8ba4\u200b VPC LoadBalancer Service \u200b\u914d\u7f6e\u200b\u6b65\u9aa4","text":""},{"location":"guide/loadbalancer-service/#_1","title":"\u5f00\u542f\u200b\u7279\u6027\u200b\u5f00\u5173","text":"\u200b\u4fee\u6539\u200b kube-system namespace \u200b\u4e0b\u200b\u7684\u200b deployment kube-ovn-controller\uff0c\u200b\u5728\u200b args \u200b\u4e2d\u200b\u589e\u52a0\u200b\u53c2\u6570\u200b --enable-lb-svc=true\uff0c\u200b\u5f00\u542f\u200b\u529f\u80fd\u200b\u5f00\u5173\u200b\uff0c\u200b\u8be5\u200b\u53c2\u6570\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b false\u3002
containers:\n- args:\n - /kube-ovn/start-controller.sh\n - --default-cidr=10.16.0.0/16\n - --default-gateway=10.16.0.1\n - --default-gateway-check=true\n - --enable-lb-svc=true // \u200b\u53c2\u6570\u8bbe\u7f6e\u200b\u4e3a\u200b true\n
"},{"location":"guide/loadbalancer-service/#networkattachmentdefinition-crd","title":"\u521b\u5efa\u200b NetworkAttachmentDefinition CRD \u200b\u8d44\u6e90","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b net-attach-def \u200b\u8d44\u6e90\u200b:
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: lb-svc-attachment\n namespace: kube-system\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth0\", //\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\uff0c\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\u914d\u7f6e\u200b\n \"mode\": \"bridge\"\n }'\n
\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u901a\u8fc7\u200b\u7269\u7406\u200b\u7f51\u5361\u200b eth0 \u200b\u6765\u200b\u5b9e\u73b0\u200b\u591a\u200b\u7f51\u5361\u200b\u529f\u80fd\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u5176\u4ed6\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b master \u200b\u53d6\u503c\u200b\uff0c\u200b\u6307\u5b9a\u200b\u4f7f\u7528\u200b\u7684\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u540d\u79f0\u200b\u3002
"},{"location":"guide/loadbalancer-service/#subnet","title":"\u521b\u5efa\u200b Subnet","text":"\u200b\u521b\u5efa\u200b\u7684\u200b Subnet\uff0c\u200b\u7528\u4e8e\u200b\u7ed9\u200b LoadBalancer Service \u200b\u5206\u914d\u200b LoadBalancerIP\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u6b63\u5e38\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5916\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u8bbf\u95ee\u200b\u5230\u200b\u3002\u200b\u53ef\u4ee5\u200b\u914d\u7f6e\u200b Underlay Subnet \u200b\u7528\u4e8e\u200b\u5730\u5740\u200b\u5206\u914d\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b\u65b0\u200b\u5b50\u7f51\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\nspec:\n protocol: IPv4\n provider: lb-svc-attachment.kube-system # provider \u200b\u683c\u5f0f\u200b\u56fa\u5b9a\u200b\uff0c\u200b\u7531\u200b\u4e0a\u200b\u4e00\u6b65\u200b\u521b\u5efa\u200b\u7684\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u7684\u200b Name.Namespace \u200b\u7ec4\u6210\u200b\n cidrBlock: 172.18.0.0/16\n gateway: 172.18.0.1\n excludeIps:\n - 172.18.0.0..172.18.0.10\n
Subnet \u200b\u4e2d\u200b provider \u200b\u53c2\u6570\u200b\u4ee5\u200b ovn \u200b\u6216\u8005\u200b\u4ee5\u200b .ovn \u200b\u4e3a\u200b\u540e\u7f00\u200b\u7ed3\u675f\u200b\uff0c\u200b\u8868\u793a\u200b\u8be5\u200b\u5b50\u7f51\u200b\u662f\u200b\u7531\u200b Kube-OVN \u200b\u7ba1\u7406\u200b\u4f7f\u7528\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u5e94\u200b\u521b\u5efa\u200b logical switch \u200b\u8bb0\u5f55\u200b\u3002
provider \u200b\u975e\u200b ovn \u200b\u6216\u8005\u200b\u975e\u200b .ovn \u200b\u4e3a\u200b\u540e\u7f00\u200b\u7ed3\u675f\u200b\uff0c\u200b\u5219\u200b Kube-OVN \u200b\u53ea\u200b\u63d0\u4f9b\u200b IPAM \u200b\u529f\u80fd\u200b\uff0c\u200b\u8bb0\u5f55\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u60c5\u51b5\u200b\uff0c\u200b\u4e0d\u200b\u5bf9\u200b\u5b50\u7f51\u200b\u505a\u200b\u4e1a\u52a1\u200b\u903b\u8f91\u200b\u5904\u7406\u200b\u3002
"},{"location":"guide/loadbalancer-service/#loadbalancer-service_1","title":"\u521b\u5efa\u200b LoadBalancer Service","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b LoadBalancer Service\uff1a
apiVersion: v1\nkind: Service\nmetadata:\n annotations:\n lb-svc-attachment.kube-system.kubernetes.io/logical_switch: attach-subnet #\u200b\u53ef\u200b\u9009\u200b\n ovn.kubernetes.io/attachmentprovider: lb-svc-attachment.kube-system #\u200b\u5fc5\u987b\u200b\n labels:\n app: dynamic\n name: test-service\n namespace: default\nspec:\n loadBalancerIP: 172.18.0.18 #\u200b\u53ef\u200b\u9009\u200b\n ports:\n - name: test\n protocol: TCP\n port: 80\n targetPort: 80\n selector:\n app: dynamic\n sessionAffinity: None\n type: LoadBalancer\n
\u200b\u5728\u200b yaml \u200b\u4e2d\u200b\uff0cannotation ovn.kubernetes.io/attachmentprovider \u200b\u4e3a\u200b\u5fc5\u586b\u200b\u9879\u200b\uff0c\u200b\u53d6\u503c\u200b\u7531\u200b\u7b2c\u4e00\u6b65\u200b\u521b\u5efa\u200b\u7684\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u7684\u200b Name.Namespace \u200b\u7ec4\u6210\u200b\u3002\u200b\u8be5\u200b annotation \u200b\u7528\u4e8e\u200b\u5728\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\uff0c\u200b\u67e5\u627e\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u3002
\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b annotation \u200b\u6307\u5b9a\u200b\u591a\u200b\u7f51\u5361\u200b\u5730\u5740\u200b\u5206\u914d\u200b\u4f7f\u7528\u200b\u7684\u200b\u5b50\u7f51\u200b\u3002annotation key \u200b\u683c\u5f0f\u200b\u4e3a\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u7684\u200b Name.Namespace.kubernetes.io/logical_switch\u3002\u200b\u8be5\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u200b\u53ef\u200b\u9009\u200b\u200b\u9009\u9879\u200b\uff0c\u200b\u5728\u200b\u6ca1\u6709\u200b\u6307\u5b9a\u200b LoadBalancerIP \u200b\u5730\u5740\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u5c06\u200b\u4ece\u200b\u8be5\u200b\u5b50\u7f51\u200b\u52a8\u6001\u5206\u914d\u200b\u5730\u5740\u200b\uff0c\u200b\u586b\u5145\u200b\u5230\u200b LoadBalancerIP \u200b\u5b57\u200b\u6bb5\u200b\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u9759\u6001\u200b\u914d\u7f6e\u200b LoadBalancerIP \u200b\u5730\u5740\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u914d\u7f6e\u200b spec.loadBalancerIP \u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u9700\u8981\u200b\u5728\u200b\u6307\u5b9a\u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u5185\u200b\u3002
\u200b\u5728\u200b\u6267\u884c\u200b yaml \u200b\u521b\u5efa\u200b Service \u200b\u540e\u200b\uff0c\u200b\u5728\u200b Service \u200b\u540c\u200b Namespace \u200b\u4e0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b Pod \u200b\u542f\u52a8\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get pod\nNAME READY STATUS RESTARTS AGE\nlb-svc-test-service-6869d98dd8-cjvll 1/1 Running 0 107m\n# kubectl get svc\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\ntest-service LoadBalancer 10.109.201.193 172.18.0.18 80:30056/TCP 107m\n
\u200b\u6307\u5b9a\u200b service.spec.loadBalancerIP \u200b\u53c2\u6570\u200b\u65f6\u200b\uff0c\u200b\u6700\u7ec8\u200b\u5c06\u200b\u8be5\u200b\u53c2\u6570\u200b\u8d4b\u503c\u200b\u7ed9\u200b service external-ip \u200b\u5b57\u200b\u6bb5\u200b\u3002\u200b\u4e0d\u200b\u6307\u5b9a\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u8be5\u200b\u53c2\u6570\u200b\u4e3a\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u503c\u200b\u3002
\u200b\u67e5\u770b\u200b\u6d4b\u8bd5\u200b Pod \u200b\u7684\u200b yaml \u200b\u8f93\u51fa\u200b\uff0c\u200b\u5b58\u5728\u200b\u591a\u200b\u7f51\u5361\u200b\u5206\u914d\u200b\u7684\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get pod -o yaml lb-svc-test-service-6869d98dd8-cjvll\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n k8s.v1.cni.cncf.io/network-status: |-\n [{\n \"name\": \"kube-ovn\",\n \"ips\": [\n \"10.16.0.2\"\n ],\n \"default\": true,\n \"dns\": {}\n },{\n \"name\": \"default/test-service\",\n \"interface\": \"net1\",\n \"mac\": \"ba:85:f7:02:9f:42\",\n \"dns\": {}\n }]\n k8s.v1.cni.cncf.io/networks: default/test-service\n k8s.v1.cni.cncf.io/networks-status: |-\n [{\n \"name\": \"kube-ovn\",\n \"ips\": [\n \"10.16.0.2\"\n ],\n \"default\": true,\n \"dns\": {}\n },{\n \"name\": \"default/test-service\",\n \"interface\": \"net1\",\n \"mac\": \"ba:85:f7:02:9f:42\",\n \"dns\": {}\n }]\n ovn.kubernetes.io/allocated: \"true\"\n ovn.kubernetes.io/cidr: 10.16.0.0/16\n ovn.kubernetes.io/gateway: 10.16.0.1\n ovn.kubernetes.io/ip_address: 10.16.0.2\n ovn.kubernetes.io/logical_router: ovn-cluster\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:45:F4:29\n ovn.kubernetes.io/pod_nic_type: veth-pair\n ovn.kubernetes.io/routed: \"true\"\n test-service.default.kubernetes.io/allocated: \"true\"\n test-service.default.kubernetes.io/cidr: 172.18.0.0/16\n test-service.default.kubernetes.io/gateway: 172.18.0.1\n test-service.default.kubernetes.io/ip_address: 172.18.0.18\n test-service.default.kubernetes.io/logical_switch: attach-subnet\n test-service.default.kubernetes.io/mac_address: 00:00:00:AF:AA:BF\n test-service.default.kubernetes.io/pod_nic_type: veth-pair\n
\u200b\u67e5\u770b\u200b Service \u200b\u7684\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc -o yaml test-service\napiVersion: v1\nkind: Service\nmetadata:\n annotations:\n kubectl.kubernetes.io/last-applied-configuration: |\n {\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"annotations\":{\"test-service.default.kubernetes.io/logical_switch\":\"attach-subnet\"},\"labels\":{\"app\":\"dynamic\"},\"name\":\"test-service\",\"namespace\":\"default\"},\"spec\":{\"ports\":[{\"name\":\"test\",\"port\":80,\"protocol\":\"TCP\",\"targetPort\":80}],\"selector\":{\"app\":\"dynamic\"},\"sessionAffinity\":\"None\",\"type\":\"LoadBalancer\"}}\n ovn.kubernetes.io/vpc: ovn-cluster\n test-service.default.kubernetes.io/logical_switch: attach-subnet\n creationTimestamp: \"2022-06-15T09:01:58Z\"\n labels:\n app: dynamic\n name: test-service\n namespace: default\n resourceVersion: \"38485\"\n uid: 161edee1-7f6e-40f5-9e09-5a52c44267d0\nspec:\n allocateLoadBalancerNodePorts: true\n clusterIP: 10.109.201.193\n clusterIPs:\n - 10.109.201.193\n externalTrafficPolicy: Cluster\n internalTrafficPolicy: Cluster\n ipFamilies:\n - IPv4\n ipFamilyPolicy: SingleStack\n ports:\n - name: test\n nodePort: 30056\n port: 80\n protocol: TCP\n targetPort: 80\n selector:\n app: dynamic\n sessionAffinity: None\n type: LoadBalancer\nstatus:\n loadBalancer:\n ingress:\n - ip: 172.18.0.18\n
"},{"location":"guide/loadbalancer-service/#loadbalancerip","title":"\u6d4b\u8bd5\u200b LoadBalancerIP \u200b\u8bbf\u95ee","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml, \u200b\u521b\u5efa\u200b\u6d4b\u8bd5\u200b Pod\uff0c\u200b\u4f5c\u4e3a\u200b Service \u200b\u7684\u200b Endpoints \u200b\u63d0\u4f9b\u200b\u670d\u52a1\u200b:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: dynamic\n name: dynamic\n namespace: default\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: dynamic\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: dynamic\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n dnsPolicy: ClusterFirst\n restartPolicy: Always\n
\u200b\u6b63\u5e38\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u63d0\u4f9b\u200b\u7684\u200b\u5b50\u7f51\u200b\u5730\u5740\u200b\uff0c\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5916\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u8bbf\u95ee\u200b\u5230\u200b\u3002\u200b\u4e3a\u4e86\u200b\u7b80\u5355\u200b\u9a8c\u8bc1\u200b\uff0c\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\u8bbf\u95ee\u200b Service \u200b\u7684\u200b LoadBalancerIP:Port\uff0c\u200b\u67e5\u770b\u200b\u662f\u5426\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b\u6210\u529f\u200b\u3002
# curl 172.18.0.11:80\n<html>\n<head>\n <title>Hello World!</title>\n <link href='//fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>\n <style>\n body {\n background-color: white;\n text-align: center;\n padding: 50px;\n font-family: \"Open Sans\",\"Helvetica Neue\",Helvetica,Arial,sans-serif;\n }\n #logo {\n margin-bottom: 40px;\n }\n </style>\n</head>\n<body>\n <h1>Hello World!</h1>\n <h3>Links found</h3>\n <h3>I am on dynamic-7d8d7874f5-hsgc4</h3>\n <h3>Cookie =</h3>\n <b>KUBERNETES</b> listening in 443 available at tcp://10.96.0.1:443<br />\n <h3>my name is hanhouchao!</h3>\n <h3> RequestURI='/'</h3>\n</body>\n</html>\n
\u200b\u8fdb\u5165\u200b Service \u200b\u521b\u5efa\u200b\u7684\u200b Pod\uff0c\u200b\u67e5\u770b\u200b\u7f51\u7edc\u200b\u7684\u200b\u4fe1\u606f\u200b
# ip a\n4: net1@if62: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether ba:85:f7:02:9f:42 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 172.18.0.18/16 scope global net1\n valid_lft forever preferred_lft forever\n inet6 fe80::b885:f7ff:fe02:9f42/64 scope link\n valid_lft forever preferred_lft forever\n36: eth0@if37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default\n link/ether 00:00:00:45:f4:29 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 10.16.0.2/16 brd 10.16.255.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe45:f429/64 scope link\n valid_lft forever preferred_lft forever\n\n# ip rule\n0: from all lookup local\n32764: from all iif eth0 lookup 100\n32765: from all iif net1 lookup 100\n32766: from all lookup main\n32767: from all lookup default\n\n# ip route show table 100\ndefault via 172.18.0.1 dev net1\n10.109.201.193 via 10.16.0.1 dev eth0\n172.18.0.0/16 dev net1 scope link\n\n# iptables -t nat -L -n -v\nChain PREROUTING (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n 0 0 DNAT tcp -- * * 0.0.0.0/0 172.18.0.18 tcp dpt:80 to:10.109.201.193:80\n\nChain INPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n\nChain OUTPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n\nChain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n 0 0 MASQUERADE all -- * * 0.0.0.0/0 10.109.201.193\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/mirror/","title":"\u6d41\u91cf\u200b\u955c\u50cf","text":"\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u8fdb\u51fa\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u590d\u5236\u5230\u200b\u4e3b\u673a\u200b\u7684\u200b\u7279\u5b9a\u200b\u7f51\u5361\u200b\u3002\u200b\u7ba1\u7406\u5458\u200b\u6216\u200b\u5f00\u53d1\u8005\u200b \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u76d1\u542c\u200b\u8fd9\u5757\u200b\u7f51\u5361\u200b\u83b7\u5f97\u200b\u5b8c\u6574\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u6765\u200b\u8fdb\u4e00\u6b65\u200b\u8fdb\u884c\u200b\u5206\u6790\u200b\uff0c\u200b\u76d1\u63a7\u200b\uff0c\u200b\u5b89\u5168\u200b\u5ba1\u8ba1\u200b\u7b49\u200b\u64cd\u4f5c\u200b\u3002 \u200b\u4e5f\u200b\u53ef\u200b\u548c\u200b\u4f20\u7edf\u200b\u7684\u200b NPM \u200b\u5bf9\u63a5\u200b\u83b7\u53d6\u200b\u66f4\u200b\u7ec6\u7c92\u5ea6\u200b\u7684\u200b\u6d41\u91cf\u200b\u76d1\u63a7\u200b\u3002
\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5e26\u6765\u200b\u4e00\u5b9a\u200b\u7684\u200b\u6027\u80fd\u200b\u635f\u5931\u200b\uff0c\u200b\u6839\u636e\u200b CPU \u200b\u6027\u80fd\u200b\u4ee5\u53ca\u200b\u6d41\u91cf\u200b\u7684\u200b\u7279\u5f81\u200b\uff0c\u200b\u4f1a\u200b\u6709\u200b 5%~10% \u200b\u7684\u200b \u200b\u989d\u5916\u200b CPU \u200b\u6d88\u8017\u200b\u3002
"},{"location":"guide/mirror/#_2","title":"\u5168\u5c40\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u914d\u7f6e","text":"\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u5173\u95ed\u200b\u72b6\u6001\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u8bf7\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff1a
--enable-mirror=true\uff1a \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002--mirror-iface=mirror0: \u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u6240\u200b\u590d\u5236\u5230\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u200b\u3002\u200b\u8be5\u200b\u7f51\u5361\u200b\u53ef\u200b\u4e3a\u4e3b\u200b\u673a\u4e0a\u200b\u5df2\u200b\u5b58\u5728\u200b\u7684\u200b\u4e00\u5757\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\uff0c \u200b\u6b64\u65f6\u200b\u8be5\u200b\u7f51\u5361\u200b\u4f1a\u200b\u88ab\u200b\u6865\u63a5\u200b\u8fdb\u200b br-int \u200b\u7f51\u6865\u200b\uff0c\u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u4f1a\u200b\u76f4\u63a5\u200b\u63a5\u5165\u200b\u5e95\u5c42\u200b\u4ea4\u6362\u673a\u200b\u3002\u200b\u82e5\u200b\u7f51\u5361\u200b\u540d\u200b\u4e0d\u200b\u5b58\u5728\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u81ea\u52a8\u200b \u200b\u521b\u5efa\u200b\u4e00\u5757\u200b\u540c\u540d\u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u5361\u200b\uff0c\u200b\u7ba1\u7406\u5458\u200b\u6216\u200b\u5f00\u53d1\u8005\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u4e0a\u200b\u901a\u8fc7\u200b\u8be5\u200b\u7f51\u5361\u200b\u83b7\u53d6\u200b\u5f53\u524d\u200b\u8282\u70b9\u200b\u6240\u6709\u200b\u6d41\u91cf\u200b\u3002\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b mirror0\u3002
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u7528\u200b tcpdump \u200b\u6216\u200b\u5176\u4ed6\u200b\u6d41\u91cf\u200b\u5206\u6790\u200b\u5de5\u5177\u200b\u76d1\u542c\u200b mirror0 \u200b\u4e0a\u200b\u7684\u200b\u6d41\u91cf\u200b\uff1a
tcpdump -ni mirror0\n
"},{"location":"guide/mirror/#pod","title":"Pod \u200b\u7ea7\u522b\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u914d\u7f6e","text":"\u200b\u5982\u679c\u200b\u53ea\u200b\u9700\u200b\u5bf9\u200b\u90e8\u5206\u200b Pod \u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u955c\u50cf\u200b\uff0c\u200b\u5219\u200b\u9700\u8981\u200b\u5173\u95ed\u200b\u5168\u5c40\u200b\u7684\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\uff0c\u200b\u7136\u540e\u200b\u5728\u200b\u7279\u5b9a\u200b Pod \u200b\u4e0a\u200b\u589e\u52a0\u200b ovn.kubernetes.io/mirror annotation \u200b\u6765\u200b\u5f00\u542f\u200b Pod \u200b\u7ea7\u522b\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: mirror-pod\n namespace: ls1\n annotations:\n ovn.kubernetes.io/mirror: \"true\"\nspec:\n containers:\n - name: mirror-pod\n image: docker.io/library/nginx:alpine\n
"},{"location":"guide/mirror/#_3","title":"\u6027\u80fd\u200b\u6d4b\u8bd5","text":"\u200b\u5728\u200b\u76f8\u540c\u200b\u73af\u5883\u200b\u4e0a\u200b\uff0c\u200b\u5206\u522b\u200b\u5f00\u542f\u200b\u548c\u200b\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u5f00\u5173\u200b\uff0c\u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b
"},{"location":"guide/mirror/#1-pod-to-pod-in-the-same-nodes","title":"1. Pod to Pod in the same Nodes","text":""},{"location":"guide/mirror/#_4","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 12.7 us 289 Mbits/sec 12.6 us (1.8%) 77.9 Mbits/sec 128 15.5 us 517 Mbits/sec 12.7 us (0%) 155 Mbits/sec 512 12.2 us 1.64 Gbits/sec 12.4 us (0%) 624 Mbits/sec 1k 13 us 2.96 Gbits/sec 11.4 us (0.53%) 1.22 Gbits/sec 4k 18 us 7.67 Gbits/sec 25.7 us (0.41%) 1.50 Gbits/sec"},{"location":"guide/mirror/#_5","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 11.9 us 324 Mbits/sec 12.2 us (0.22%) 102 Mbits/sec 128 10.5 us 582 Mbits/sec 9.5 us (0.21%) 198 Mbits/sec 512 11.6 us 1.84 Gbits/sec 9.32 us (0.091%) 827 Mbits/sec 1k 10.5 us 3.44 Gbits/sec 10 us (1.2%) 1.52 Gbits/sec 4k 16.7 us 8.52 Gbits/sec 18.2 us (1.3%) 2.42 Gbits/sec"},{"location":"guide/mirror/#2-pod-to-pod-in-the-different-nodes","title":"2. Pod to Pod in the different Nodes","text":""},{"location":"guide/mirror/#_6","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 258 us 143 Mbits/sec 237 us (61%) 28.5 Mbits/sec 128 240 us 252 Mbits/sec 231 us (64%) 54.9 Mbits/sec 512 236 us 763 Mbits/sec 256 us (68%) 194 Mbits/sec 1k 242 us 969 Mbits/sec 225 us (62%) 449 Mbits/sec 4k 352 us 1.12 Gbits/sec 382 us (0.71%) 21.4 Mbits/sec"},{"location":"guide/mirror/#_7","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 278 us 140 Mbits/sec 227 us (24%) 59.6 Mbits/sec 128 249 us 265 Mbits/sec 265 us (23%) 114 Mbits/sec 512 233 us 914 Mbits/sec 235 us (21%) 468 Mbits/sec 1k 238 us 1.14 Gbits/sec 240 us (15%) 891 Mbits/sec 4k 370 us 1.25 Gbits/sec 361 us (0.43%) 7.54 Mbits/sec"},{"location":"guide/mirror/#3-node-to-node","title":"3. Node to Node","text":""},{"location":"guide/mirror/#_8","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 205 us 162 Mbits/sec 183 us (11%) 74.2 Mbits/sec 128 222 us 280 Mbits/sec 206 us (6.3%) 155 Mbits/sec 512 220 us 1.04 Gbits/sec 177 us (20%) 503 Mbits/sec 1k 213 us 2.06 Gbits/sec 201 us (8.6%) 1.14 Gbits/sec 4k 280 us 5.01 Gbits/sec 315 us (37%) 1.20 Gbits/sec"},{"location":"guide/mirror/#_9","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 204 us 157 Mbits/sec 204 us (8.8%) 81.9 Mbits/sec 128 213 us 262 Mbits/sec 225 us (19%) 136 Mbits/sec 512 220 us 1.02 Gbits/sec 227 us (21%) 486 Mbits/sec 1k 217 us 1.79 Gbits/sec 218 us (29%) 845 Mbits/sec 4k 275 us 5.27 Gbits/sec 336 us (34%) 1.21 Gbits/sec"},{"location":"guide/mirror/#4-pod-to-the-node-where-the-pod-is-located","title":"4. Pod to the Node where the Pod is located","text":""},{"location":"guide/mirror/#_10","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 12.2 us 295 Mbits/sec 12.7 us (0.27%) 74.1 Mbits/sec 128 14.1 us 549 Mbits/sec 10.6 us (0.41%) 153 Mbits/sec 512 13.5 us 1.83 Gbits/sec 12.7 us (0.23%) 586 Mbits/sec 1k 12 us 2.69 Gbits/sec 13 us (1%) 1.16 Gbits/sec 4k 18.9 us 4.51 Gbits/sec 21.8 us (0.42%) 1.81 Gbits/sec"},{"location":"guide/mirror/#_11","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 10.4 us 335 Mbits/sec 12.2 us (0.75%) 95.4 Mbits/sec 128 12.1 us 561 Mbits/sec 11.3 us (0.25%) 194 Mbits/sec 512 11.6 us 1.87 Gbits/sec 10.7 us (0.66%) 745 Mbits/sec 1k 12.7 us 3.12 Gbits/sec 10.9 us (1.2%) 1.46 Gbits/sec 4k 16.5 us 8.23 Gbits/sec 17.9 us (1.5%) 2.51 Gbits/sec"},{"location":"guide/mirror/#5-pod-to-the-node-where-the-pod-is-not-located","title":"5. Pod to the Node where the Pod is not located","text":""},{"location":"guide/mirror/#_12","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 234 us 153 Mbits/sec 232 us (63%) 29.4 Mbits/sec 128 237 us 261 Mbits/sec 238 us (49%) 76.1 Mbits/sec 512 231 us 701 Mbits/sec 238 us (57%) 279 Mbits/sec 1k 256 us 1.05 Gbits/sec 228 us (56%) 524 Mbits/sec 4k 330 us 1.08 Gbits/sec 359 us (1.5%) 35.7 Mbits/sec"},{"location":"guide/mirror/#_13","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 283 us 141 Mbits/sec 230 us (26%) 55.8 Mbits/sec 128 234 us 255 Mbits/sec 234 us (25%) 113 Mbits/sec 512 246 us 760 Mbits/sec 234 us (22%) 458 Mbits/sec 1k 268 us 1.23 Gbits/sec 242 us (20%) 879 Mbits/sec 4k 326 us 1.20 Gbits/sec 369 us (0.5%) 7.87 Mbits/sec"},{"location":"guide/mirror/#6-pod-to-the-cluster-ip-service","title":"6. Pod to the cluster ip service","text":""},{"location":"guide/mirror/#_14","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 237 us 133 Mbits/sec 213 us (65%) 25.5 Mbits/sec 128 232 us 271 Mbits/sec 222 us (62%) 54.8 Mbits/sec 512 266 us 800 Mbits/sec 234 us (60%) 232 Mbits/sec 1k 248 us 986 Mbits/sec 239 us (50%) 511 Mbits/sec 4k 314 us 1.03 Gbits/sec 367 us (0.6%) 13.2 Mbits/sec TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14305.17 0.87ms 1.48ms 24.46ms 100 29082.07 3.87ms 4.35ms 102.85ms"},{"location":"guide/mirror/#_15","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 241 us 145 Mbits/sec 225 us (19%) 60.2 Mbits/sec 128 245 us 261 Mbits/sec 212 us (15%) 123 Mbits/sec 512 252 us 821 Mbits/sec 219 us (14%) 499 Mbits/sec 1k 253 us 1.08 Gbits/sec 242 us (16%) 852 Mbits/sec 4k 320 us 1.32 Gbits/sec 360 us (0.47%) 6.70 Mbits/sec TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 13634.07 0.96ms 1.72ms 30.07ms 100 30215.23 3.59ms 3.20ms 77.56ms"},{"location":"guide/mirror/#7-host-to-the-node-port-service-where-the-pod-is-not-located-on-the-target-node","title":"7. Host to the Node port service where the Pod is not located on the target Node","text":""},{"location":"guide/mirror/#_16","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14802.73 0.88ms 1.66ms 31.49ms 100 29809.58 3.78ms 4.12ms 105.34ms"},{"location":"guide/mirror/#_17","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14273.33 0.90ms 1.60ms 37.16ms 100 30757.81 3.62ms 3.41ms 59.78ms"},{"location":"guide/mirror/#8-host-to-the-node-port-service-where-the-pod-is-located-on-the-target-node","title":"8. Host to the Node port service where the Pod is located on the target Node","text":""},{"location":"guide/mirror/#_18","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 15402.39 802.50us 1.42ms 30.91ms 100 29424.66 4.05ms 4.31ms 90.60ms"},{"location":"guide/mirror/#_19","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14649.21 0.91ms 1.72ms 43.92ms 100 32143.61 3.66ms 3.76ms 67.02ms \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/networkpolicy-log/","title":"NetworkPolicy \u200b\u65e5\u5fd7","text":"NetworkPolicy \u200b\u4e3a\u200b Kubernetes \u200b\u63d0\u4f9b\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u63a5\u53e3\u200b\uff0cKube-OVN \u200b\u901a\u8fc7\u200b OVN \u200b\u7684\u200b ACL \u200b\u8fdb\u884c\u200b\u4e86\u200b\u5b9e\u73b0\u200b\u3002 \u200b\u4f7f\u7528\u200b\u4e86\u200b NetworkPolicy \u200b\u540e\u200b\u5982\u679c\u200b\u51fa\u73b0\u200b\u7f51\u7edc\u200b\u4e0d\u901a\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0c\u200b\u96be\u4ee5\u200b\u5224\u65ad\u200b\u662f\u200b\u7f51\u7edc\u6545\u969c\u200b\u95ee\u9898\u200b\u8fd8\u662f\u200b NetworkPolicy \u200b\u89c4\u5219\u200b\u8bbe\u7f6e\u200b\u95ee\u9898\u200b\u5bfc\u81f4\u200b\u7684\u200b\u7f51\u7edc\u200b\u4e2d\u65ad\u200b\u3002 Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b NetworkPolicy \u200b\u65e5\u5fd7\u200b\u529f\u80fd\u200b\uff0c\u200b\u5e2e\u52a9\u200b\u7ba1\u7406\u5458\u200b\u5feb\u901f\u200b\u5b9a\u4f4d\u200b NetworkPolicy Drop \u200b\u89c4\u5219\u200b\u662f\u5426\u200b\u547d\u4e2d\u200b\uff0c\u200b\u5e76\u200b\u8bb0\u5f55\u200b\u6709\u200b\u54ea\u4e9b\u200b\u975e\u6cd5\u200b\u8bbf\u95ee\u200b\u3002
NetworkPolicy \u200b\u65e5\u5fd7\u200b\u529f\u80fd\u200b\u4e00\u65e6\u200b\u5f00\u542f\u200b\uff0c\u200b\u5bf9\u200b\u6bcf\u4e2a\u200b\u547d\u4e2d\u200b Drop \u200b\u89c4\u5219\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u90fd\u200b\u9700\u8981\u200b\u6253\u5370\u200b\u65e5\u5fd7\u200b\uff0c\u200b\u4f1a\u200b\u5e26\u6765\u200b\u989d\u5916\u200b\u6027\u80fd\u200b\u5f00\u9500\u200b\u3002 \u200b\u5728\u200b\u6076\u610f\u200b\u653b\u51fb\u200b\u4e0b\u200b\uff0c\u200b\u77ed\u65f6\u95f4\u200b\u5927\u91cf\u200b\u65e5\u5fd7\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u8017\u5c3d\u200b CPU\u3002\u200b\u6211\u4eec\u200b\u5efa\u8bae\u200b\u5728\u200b\u751f\u4ea7\u200b\u73af\u5883\u200b\u9ed8\u8ba4\u200b\u5173\u95ed\u200b\u65e5\u5fd7\u200b\u529f\u80fd\u200b\uff0c\u200b\u5728\u200b\u9700\u8981\u200b\u6392\u67e5\u200b\u95ee\u9898\u200b\u65f6\u200b\uff0c\u200b\u52a8\u6001\u200b\u5f00\u542f\u200b\u65e5\u5fd7\u200b\u3002
"},{"location":"guide/networkpolicy-log/#networkpolicy_1","title":"\u5f00\u542f\u200b NetworkPolicy \u200b\u65e5\u5fd7","text":"\u200b\u5728\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u65e5\u5fd7\u200b\u8bb0\u5f55\u200b\u7684\u200b NetworkPolicy \u200b\u4e2d\u200b\u589e\u52a0\u200b annotation ovn.kubernetes.io/enable_log\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: default-deny-ingress\n namespace: kube-system\n annotations:\n ovn.kubernetes.io/enable_log: \"true\"\nspec:\n podSelector: {}\n policyTypes:\n - Ingress\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5bf9\u5e94\u200b Pod \u200b\u6240\u5728\u200b\u4e3b\u673a\u200b\u7684\u200b /var/log/ovn/ovn-controller.log \u200b\u4e2d\u200b\u89c2\u5bdf\u200b\u5230\u200b\u88ab\u200b\u4e22\u5f03\u200b\u6570\u636e\u5305\u200b\u7684\u200b\u65e5\u5fd7\u200b\uff1a
# tail -f /var/log/ovn/ovn-controller.log\n2022-07-20T05:55:03.229Z|00394|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=54343,tp_dst=53\n2022-07-20T05:55:06.229Z|00395|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=44187,tp_dst=53\n2022-07-20T05:55:08.230Z|00396|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=54274,tp_dst=53\n2022-07-20T05:55:11.231Z|00397|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=32778,tp_dst=53\n2022-07-20T05:55:11.231Z|00398|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=34188,tp_dst=53\n2022-07-20T05:55:13.231Z|00399|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=43290,tp_dst=53\n2022-07-20T05:55:22.096Z|00400|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n2022-07-20T05:55:22.097Z|00401|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n2022-07-20T05:55:22.098Z|00402|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n
"},{"location":"guide/networkpolicy-log/#networkpolicy_2","title":"\u5173\u95ed\u200b NetworkPolicy \u200b\u65e5\u5fd7","text":"\u200b\u5c06\u200b\u5bf9\u5e94\u200b NetworkPolicy \u200b\u4e2d\u200b\u7684\u200b annotation ovn.kubernetes.io/enable_log \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false \u200b\u5373\u53ef\u200b\u5173\u95ed\u200b NetworkPolicy \u200b\u65e5\u5fd7\u200b\uff1a
kubectl annotate networkpolicy -n kube-system default-deny-ingress ovn.kubernetes.io/enable_log=false --overwrite\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/prometheus-grafana/","title":"\u914d\u7f6e\u200b\u76d1\u63a7\u200b\u548c\u200b\u9762\u677f","text":"Kube-OVN \u200b\u53ef\u4ee5\u200b\u5c06\u200b\u7f51\u7edc\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u4fe1\u606f\u200b\u4ee5\u53ca\u200b\u7f51\u7edc\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u8d28\u91cf\u200b\u4fe1\u606f\u200b\u6307\u6807\u200b\u4ee5\u200b Prometheus \u200b\u6240\u200b\u652f\u6301\u200b\u7684\u200b\u683c\u5f0f\u200b\u5bf9\u5916\u200b\u8f93\u51fa\u200b\u3002
\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b kube-prometheus \u200b\u6240\u200b\u63d0\u4f9b\u200b\u7684\u200b CRD \u200b\u6765\u200b\u5b9a\u4e49\u200b\u76f8\u5e94\u200b\u7684\u200b Prometheus \u200b\u76d1\u63a7\u200b\u89c4\u5219\u200b\u3002 \u200b\u7528\u6237\u200b\u9700\u8981\u200b\u9884\u5148\u200b\u5b89\u88c5\u200b kube-prometheus \u200b\u6765\u200b\u542f\u7528\u200b\u76f8\u5173\u200b\u7684\u200b CRD\u3002Kube-OVN \u200b\u6240\u200b\u652f\u6301\u200b\u7684\u200b\u5168\u90e8\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u8bf7\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b\u539f\u751f\u200b Prometheus \u200b\u8bf7\u200b\u53c2\u8003\u200b\u914d\u7f6e\u200b\u539f\u751f\u200b Prometheus \u200b\u83b7\u53d6\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b \u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/prometheus-grafana/#prometheus-monitor","title":"\u5b89\u88c5\u200b Prometheus Monitor","text":"Kube-OVN \u200b\u4f7f\u7528\u200b Prometheus Monitor CRD \u200b\u6765\u200b\u7ba1\u7406\u200b\u76d1\u63a7\u200b\u8f93\u51fa\u200b\uff1a
# \u200b\u7f51\u54af\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/pinger-monitor.yaml\n# kube-ovn-controller \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/controller-monitor.yaml\n# kube-ovn-cni \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/cni-monitor.yaml\n# ovn \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovn-monitor.yaml\n
Prometheus \u200b\u62c9\u53d6\u200b\u76d1\u63a7\u200b\u65f6\u95f4\u200b\u95f4\u9694\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 15s\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u8c03\u6574\u200b\u9700\u8981\u200b\u4fee\u6539\u200b yaml \u200b\u4e2d\u200b\u7684\u200b interval \u200b\u5b57\u200b\u6bb5\u200b\u3002
"},{"location":"guide/prometheus-grafana/#grafana","title":"\u52a0\u8f7d\u200b Grafana \u200b\u9762\u677f","text":"Kube-OVN \u200b\u8fd8\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u9884\u5148\u200b\u5b9a\u4e49\u200b\u597d\u200b\u7684\u200b Grafana Dashboard \u200b\u5c55\u793a\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u548c\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u76f8\u5173\u200b\u4fe1\u606f\u200b\u3002
\u200b\u4e0b\u8f7d\u200b\u5bf9\u5e94\u200b Dashboard \u200b\u6a21\u677f\u200b\uff1a
# \u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/pinger-grafana.json\n# kube-ovn-controller \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/controller-grafana.json\n# kube-ovn-cni \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/cni-grafana.json\n# ovn \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovn-grafana.json\n# ovs \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovs-grafana.json\n
\u200b\u5728\u200b Grafana \u200b\u4e2d\u200b\u5bfc\u5165\u200b\u6a21\u677f\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u6570\u636e\u6e90\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b Prometheus \u200b\u5373\u53ef\u200b\u770b\u5230\u200b\u5982\u4e0b\u200b Dashboard\uff1a
kube-ovn-controller \u200b\u8fd0\u884c\u72b6\u51b5\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\uff1a
kube-ovn-pinger \u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\uff1a
kube-ovn-cni \u200b\u8fd0\u884c\u72b6\u51b5\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\uff1a
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/prometheus/","title":"\u914d\u7f6e\u200b\u539f\u751f\u200b Prometheus \u200b\u83b7\u53d6\u200b\u76d1\u63a7\u200b\u6570\u636e","text":"Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e30\u5bcc\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\uff0c\u200b\u7528\u4e8e\u200b OVN/OVS \u200b\u5065\u5eb7\u200b\u72b6\u6001\u200b\u68c0\u67e5\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u68c0\u67e5\u200b\u3002Kube-OVN \u200b\u914d\u7f6e\u200b\u4e86\u200b ServiceMonitor\uff0c\u200b\u53ef\u4ee5\u200b\u7528\u4e8e\u200b Prometheus \u200b\u52a8\u6001\u200b\u83b7\u53d6\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
\u200b\u5728\u200b\u67d0\u4e9b\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u53ea\u200b\u5b89\u88c5\u200b\u4e86\u200b Prometheus Server\uff0c\u200b\u6ca1\u6709\u200b\u5b89\u88c5\u200b\u5176\u4ed6\u200b\u7684\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b Prometheus \u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u52a8\u6001\u200b\u83b7\u53d6\u200b\u96c6\u7fa4\u200b\u73af\u5883\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u3002
"},{"location":"guide/prometheus/#prometheus_1","title":"Prometheus \u200b\u914d\u7f6e","text":"\u200b\u4ee5\u4e0b\u200b\u7684\u200b\u914d\u7f6e\u200b\u6587\u6863\u200b\uff0c\u200b\u53c2\u8003\u200b\u81ea\u200b Prometheus \u200b\u670d\u52a1\u200b\u53d1\u73b0\u200b\u3002
"},{"location":"guide/prometheus/#_1","title":"\u6743\u9650\u200b\u914d\u7f6e","text":"Prometheus \u200b\u90e8\u7f72\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\uff0c\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b k8s apiserver \u200b\u6765\u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b\u8d44\u6e90\u200b\uff0c\u200b\u4ece\u800c\u200b\u5b9e\u73b0\u200b\u67e5\u8be2\u200b\u4e1a\u52a1\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u914d\u7f6e\u200b Prometheus \u200b\u9700\u8981\u200b\u7684\u200b\u6743\u9650\u200b\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: prometheus\nrules:\n- apiGroups: [\"\"]\n resources:\n - nodes\n - nodes/proxy\n - services\n - endpoints\n - pods\n verbs: [\"get\", \"list\", \"watch\"]\n- apiGroups:\n - extensions\n resources:\n - ingresses\n verbs: [\"get\", \"list\", \"watch\"]\n- nonResourceURLs: [\"/metrics\"]\n verbs: [\"get\"]\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: prometheus\n namespace: default\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: prometheus\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: prometheus\nsubjects:\n- kind: ServiceAccount\n name: prometheus\n namespace: default\n
"},{"location":"guide/prometheus/#prometheus_2","title":"Prometheus \u200b\u914d\u7f6e\u6587\u4ef6","text":"Prometheus \u200b\u7684\u200b\u542f\u52a8\u200b\uff0c\u200b\u4f9d\u8d56\u4e8e\u200b\u914d\u7f6e\u6587\u4ef6\u200b prometheus.yml\uff0c\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u8be5\u200b\u6587\u4ef6\u200b\u5185\u5bb9\u200b\u914d\u7f6e\u200b\u5728\u200b ConfigMap \u200b\u5185\u200b\uff0c\u200b\u52a8\u6001\u200b\u6302\u8f7d\u200b\u5230\u200b Pod \u200b\u4e2d\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b Prometheus \u200b\u4f7f\u7528\u200b\u7684\u200b ConfigMap \u200b\u6587\u4ef6\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: prometheus-config\ndata:\n prometheus.yml: |-\n global:\n scrape_interval: 15s \n evaluation_interval: 15s\n scrape_configs:\n - job_name: 'prometheus'\n static_configs:\n - targets: ['localhost:9090']\n\n - job_name: 'kubernetes-nodes'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: node\n\n - job_name: 'kubernetes-service'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: service\n\n - job_name: 'kubernetes-endpoints'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: endpoints\n\n - job_name: 'kubernetes-ingress'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: ingress\n\n - job_name: 'kubernetes-pods'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: pod\n
Prometheus \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u57fa\u4e8e\u200b\u89d2\u8272\u200b\u67e5\u8be2\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u76d1\u63a7\u200b\u7684\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b kubernetes_sd_config\u3002
\u200b\u5728\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\uff0cPrometheus \u200b\u652f\u6301\u200b\u67e5\u8be2\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u7684\u200b\u89d2\u8272\u200b\u5305\u542b\u200b node\u3001service\u3001pod\u3001endpoints \u200b\u548c\u200b ingress\u3002\u200b\u5728\u200b ConfigMap \u200b\u914d\u7f6e\u6587\u4ef6\u200b\u4e2d\u200b\u7ed9\u51fa\u200b\u4e86\u200b\u4ee5\u4e0a\u200b\u5168\u90e8\u200b\u8d44\u6e90\u200b\u7684\u200b\u76d1\u63a7\u200b\u67e5\u8be2\u200b\u914d\u7f6e\u200b\u793a\u4f8b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u6839\u636e\u200b\u9700\u8981\u200b\u9009\u62e9\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/prometheus/#prometheus_3","title":"Prometheus \u200b\u90e8\u7f72","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml \u200b\u6587\u4ef6\u200b\uff0c\u200b\u90e8\u7f72\u200b Prometheus Server\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: prometheus\n name: prometheus\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: prometheus\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n labels:\n app: prometheus\n spec:\n serviceAccountName: prometheus\n serviceAccount: prometheus\n containers:\n - image: docker.io/prom/prometheus:latest\n imagePullPolicy: IfNotPresent\n name: prometheus\n command:\n - \"/bin/prometheus\"\n args:\n - \"--config.file=/etc/prometheus/prometheus.yml\"\n ports:\n - containerPort: 9090\n protocol: TCP\n volumeMounts:\n - mountPath: \"/etc/prometheus\"\n name: prometheus-config\n volumes:\n - name: prometheus-config\n configMap:\n name: prometheus-config\n
\u200b\u5728\u200b\u90e8\u7f72\u200b\u5b8c\u200b Prometheus \u200b\u4e4b\u540e\u200b\uff0c\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml \u200b\u6587\u4ef6\u200b\uff0c\u200b\u90e8\u7f72\u200b Prometheus Service\uff1a
kind: Service\napiVersion: v1\nmetadata:\n name: prometheus\n namespace: default\n labels:\n name: prometheus\nspec:\n ports:\n - name: test\n protocol: TCP\n port: 9090\n targetPort: 9090\n type: NodePort\n selector:\n app: prometheus\n sessionAffinity: None\n
\u200b\u5c06\u200b Prometheus \u200b\u901a\u8fc7\u200b NodePort \u200b\u66b4\u9732\u200b\u540e\u200b\uff0c\u200b\u5373\u53ef\u200b\u901a\u8fc7\u200b\u8282\u70b9\u200b\u6765\u200b\u8bbf\u95ee\u200b Prometheus\u3002
"},{"location":"guide/prometheus/#prometheus_4","title":"Prometheus \u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u9a8c\u8bc1","text":"\u200b\u67e5\u770b\u200b\u73af\u5883\u200b\u4e0a\u200b Prometheus \u200b\u76f8\u5173\u200b\u7684\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc \nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkubernetes ClusterIP 10.4.0.1 <none> 443/TCP 8d\nprometheus NodePort 10.4.102.222 <none> 9090:32611/TCP 8d\n# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nprometheus-7544b6b84d-v9m8s 1/1 Running 0 3d5h 10.3.0.7 192.168.137.219 <none> <none>\n# kubectl get endpoints -o wide\nNAME ENDPOINTS AGE\nkubernetes 192.168.136.228:6443,192.168.136.232:6443,192.168.137.219:6443 8d\nprometheus 10.3.0.7:9090 8d\n
\u200b\u901a\u8fc7\u200b NodePort \u200b\u8bbf\u95ee\u200b Prometheus\uff0c\u200b\u67e5\u770b\u200b Status/Service Discovery \u200b\u52a8\u6001\u200b\u67e5\u8be2\u200b\u5230\u200b\u7684\u200b\u6570\u636e\u200b\uff1a
\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5f53\u524d\u200b\u53ef\u4ee5\u200b\u67e5\u8be2\u200b\u5230\u200b\u96c6\u7fa4\u200b\u4e0a\u200b\u5168\u90e8\u200b\u7684\u200b Service \u200b\u6570\u636e\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"guide/prometheus/#_2","title":"\u914d\u7f6e\u200b\u67e5\u8be2\u200b\u6307\u5b9a\u200b\u7684\u200b\u8d44\u6e90","text":"\u200b\u4ee5\u4e0a\u200b\u7684\u200b ConfigMap \u200b\u914d\u7f6e\u200b\u4e2d\u200b\uff0c\u200b\u6ca1\u6709\u200b\u6dfb\u52a0\u200b\u8fc7\u6ee4\u200b\u6761\u4ef6\u200b\uff0c\u200b\u67e5\u8be2\u200b\u4e86\u200b\u6240\u6709\u200b\u7684\u200b\u8d44\u6e90\u200b\u6570\u636e\u200b\u3002\u200b\u5982\u679c\u200b\u53ea\u200b\u9700\u8981\u200b\u67d0\u4e2a\u200b\u89d2\u8272\u200b\u7684\u200b\u8d44\u6e90\u200b\u6570\u636e\u200b\uff0c\u200b\u5219\u200b\u53ef\u4ee5\u200b\u6dfb\u52a0\u200b\u8fc7\u6ee4\u200b\u6761\u4ef6\u200b\u3002
\u200b\u4ee5\u200b Service \u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u4fee\u6539\u200b ConfigMap \u200b\u5185\u5bb9\u200b\uff0c\u200b\u53ea\u200b\u67e5\u8be2\u200b\u5173\u5fc3\u200b\u7684\u200b Service \u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u3002
- job_name: 'kubernetes-service'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: service\n relabel_configs:\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]\n action: \"keep\"\n regex: \"true\"\n - action: labelmap\n regex: __meta_kubernetes_service_label_(.+)\n - source_labels: [__meta_kubernetes_namespace]\n target_label: kubernetes_namespace\n - source_labels: [__meta_kubernetes_service_name]\n target_label: kubernetes_service_name\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]\n action: replace\n target_label: __metrics_path__\n regex: \"(.+)\"\n
Service \u200b\u9ed8\u8ba4\u200b\u76d1\u63a7\u200b\u8def\u5f84\u200b\u4e3a\u200b /metrics\u3002\u200b\u5982\u679c\u200b Service \u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u662f\u200b\u5176\u4ed6\u200b\u7684\u200b\u8def\u5f84\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u7ed9\u200b Service \u200b\u6dfb\u52a0\u200b annotation prometheus.io/path \u200b\u6765\u200b\u6307\u5b9a\u200b\u91c7\u96c6\u200b\u8def\u5f84\u200b\u3002
\u200b\u5e94\u7528\u200b\u4ee5\u4e0a\u200b yaml\uff0c\u200b\u66f4\u65b0\u200b ConfigMap \u200b\u4fe1\u606f\u200b\uff0c\u200b\u91cd\u5efa\u200b Prometheus Pod\uff0c\u200b\u4f7f\u200b\u914d\u7f6e\u200b\u751f\u6548\u200b\u3002
\u200b\u67e5\u770b\u200b kube-system Namespace \u200b\u4e0b\u200b\u7684\u200b Service \u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc -n kube-system\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkube-dns ClusterIP 10.4.0.10 <none> 53/UDP,53/TCP,9153/TCP 13d\nkube-ovn-cni ClusterIP 10.4.228.60 <none> 10665/TCP 13d\nkube-ovn-controller ClusterIP 10.4.172.213 <none> 10660/TCP 13d\nkube-ovn-monitor ClusterIP 10.4.242.9 <none> 10661/TCP 13d\nkube-ovn-pinger ClusterIP 10.4.122.52 <none> 8080/TCP 13d\novn-nb ClusterIP 10.4.80.213 <none> 6641/TCP 13d\novn-northd ClusterIP 10.4.126.234 <none> 6643/TCP 13d\novn-sb ClusterIP 10.4.216.249 <none> 6642/TCP 13d\n
\u200b\u7ed9\u200b Service \u200b\u6dfb\u52a0\u200b annotation prometheus.io/scrape=\"true\"\uff1a
# kubectl annotate svc -n kube-system kube-ovn-cni prometheus.io/scrape=true\nservice/kube-ovn-cni annotated\n# kubectl annotate svc -n kube-system kube-ovn-controller prometheus.io/scrape=true\nservice/kube-ovn-controller annotated\n# kubectl annotate svc -n kube-system kube-ovn-monitor prometheus.io/scrape=true\nservice/kube-ovn-monitor annotated\n# kubectl annotate svc -n kube-system kube-ovn-pinger prometheus.io/scrape=true\nservice/kube-ovn-pinger annotated\n
\u200b\u67e5\u770b\u200b\u914d\u7f6e\u200b\u540e\u200b\u7684\u200b Service \u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc -o yaml -n kube-system kube-ovn-controller\napiVersion: v1\nkind: Service\nmetadata:\n annotations:\n helm.sh/chart-version: v3.10.0-alpha.55\n helm.sh/original-name: kube-ovn-controller\n ovn.kubernetes.io/vpc: ovn-cluster\n prometheus.io/scrape: \"true\" // \u200b\u6dfb\u52a0\u200b\u7684\u200b annotation\n labels:\n app: kube-ovn-controller\n name: kube-ovn-controller\n namespace: kube-system\nspec:\n clusterIP: 10.4.172.213\n clusterIPs:\n - 10.4.172.213\n internalTrafficPolicy: Cluster\n ipFamilies:\n - IPv4\n ipFamilyPolicy: SingleStack\n ports:\n - name: metrics\n port: 10660\n protocol: TCP\n targetPort: 10660\n selector:\n app: kube-ovn-controller\n sessionAffinity: None\n type: ClusterIP\nstatus:\n loadBalancer: {}\n
\u200b\u67e5\u770b\u200b Prometheus Status Targets \u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u53ea\u6709\u200b\u6dfb\u52a0\u200b\u4e86\u200b annotation \u200b\u7684\u200b Service \u200b\u88ab\u200b\u8fc7\u6ee4\u51fa\u6765\u200b\uff1a
\u200b\u66f4\u200b\u591a\u200b\u5173\u4e8e\u200b relabel \u200b\u6dfb\u52a0\u200b\u8fc7\u6ee4\u200b\u53c2\u6570\u200b\u7684\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Prometheus-Relabel\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/qos/","title":"\u5bb9\u5668\u200b\u7f51\u7edc\u200b QoS \u200b\u914d\u7f6e","text":"Kube-OVN \u200b\u652f\u6301\u200b\u57fa\u4e8e\u200b\u5355\u4e2a\u200b Pod \u200b\u7684\u200b\u4e24\u79cd\u200b\u4e0d\u540c\u200b\u7c7b\u578b\u200b\u7684\u200b QoS\uff1a
- \u200b\u6700\u5927\u200b\u5e26\u5bbd\u200b\u9650\u5236\u200b QoS\u3002
linux-netem\uff0c\u200b\u6a21\u62df\u200b\u8bbe\u5907\u200b\u5e72\u6270\u200b\u4e22\u5305\u200b\u7b49\u200b\u7684\u200b QoS\uff0c\u200b\u53ef\u200b\u7528\u4e8e\u200b\u6a21\u62df\u200b\u6d4b\u8bd5\u200b\u3002
\u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b Pod \u200b\u7ea7\u522b\u200b QoS \u200b\u4e0d\u200b\u652f\u6301\u200b Namespace \u200b\u6216\u200b Subnet \u200b\u7ea7\u522b\u200b\u7684\u200b QoS \u200b\u9650\u5236\u200b\u3002
"},{"location":"guide/qos/#qos_1","title":"\u57fa\u4e8e\u200b\u6700\u5927\u200b\u5e26\u5bbd\u200b\u9650\u5236\u200b\u7684\u200b QoS","text":"\u200b\u8be5\u200b\u7c7b\u578b\u200b\u7684\u200b QoS \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Pod annotation \u200b\u52a8\u6001\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u4e0d\u200b\u4e2d\u65ad\u200b Pod \u200b\u8fd0\u884c\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\u3002 \u200b\u5e26\u5bbd\u200b\u9650\u901f\u200b\u7684\u200b\u5355\u4f4d\u200b\u4e3a\u200b Mbit/s\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: qos\n namespace: ls1\n annotations:\n ovn.kubernetes.io/ingress_rate: \"3\"\n ovn.kubernetes.io/egress_rate: \"1\"\nspec:\n containers:\n - name: qos\n image: docker.io/library/nginx:alpine\n
\u200b\u4f7f\u7528\u200b annotation \u200b\u52a8\u6001\u200b\u8c03\u6574\u200b QoS\uff1a
kubectl annotate --overwrite pod nginx-74d5899f46-d7qkn ovn.kubernetes.io/ingress_rate=3\n
"},{"location":"guide/qos/#qos_2","title":"\u6d4b\u8bd5\u200b QoS \u200b\u8c03\u6574","text":"\u200b\u90e8\u7f72\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\u9700\u8981\u200b\u7684\u200b\u5bb9\u5668\u200b\uff1a
kind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: perf\n namespace: ls1\n labels:\n app: perf\nspec:\n selector:\n matchLabels:\n app: perf\n template:\n metadata:\n labels:\n app: perf\n spec:\n containers:\n - name: nginx\n image: docker.io/kubeovn/perf\n
\u200b\u8fdb\u5165\u200b\u5176\u4e2d\u200b\u4e00\u4e2a\u200b Pod \u200b\u5e76\u200b\u5f00\u542f\u200b iperf3 server\uff1a
# kubectl exec -it perf-4n4gt -n ls1 sh\n# iperf3 -s\n-----------------------------------------------------------\nServer listening on 5201\n-----------------------------------------------------------\n
\u200b\u8fdb\u5165\u200b\u53e6\u200b\u4e00\u4e2a\u200b Pod \u200b\u8bf7\u6c42\u200b\u4e4b\u524d\u200b\u7684\u200b Pod\uff1a
# kubectl exec -it perf-d4mqc -n ls1 sh\n# iperf3 -c 10.66.0.12\nConnecting to host 10.66.0.12, port 5201\n[ 4] local 10.66.0.14 port 51544 connected to 10.66.0.12 port 5201\n[ ID] Interval Transfer Bandwidth Retr Cwnd\n[ 4] 0.00-1.00 sec 86.4 MBytes 725 Mbits/sec 3 350 KBytes\n[ 4] 1.00-2.00 sec 89.9 MBytes 754 Mbits/sec 118 473 KBytes\n[ 4] 2.00-3.00 sec 101 MBytes 848 Mbits/sec 184 586 KBytes\n[ 4] 3.00-4.00 sec 104 MBytes 875 Mbits/sec 217 671 KBytes\n[ 4] 4.00-5.00 sec 111 MBytes 935 Mbits/sec 175 772 KBytes\n[ 4] 5.00-6.00 sec 100 MBytes 840 Mbits/sec 658 598 KBytes\n[ 4] 6.00-7.00 sec 106 MBytes 890 Mbits/sec 742 668 KBytes\n[ 4] 7.00-8.00 sec 102 MBytes 857 Mbits/sec 764 724 KBytes\n[ 4] 8.00-9.00 sec 97.4 MBytes 817 Mbits/sec 1175 764 KBytes\n[ 4] 9.00-10.00 sec 111 MBytes 934 Mbits/sec 1083 838 KBytes\n- - - - - - - - - - - - - - - - - - - - - - - - -\n[ ID] Interval Transfer Bandwidth Retr\n[ 4] 0.00-10.00 sec 1010 MBytes 848 Mbits/sec 5119 sender\n[ 4] 0.00-10.00 sec 1008 MBytes 846 Mbits/sec receiver\n\niperf Done.\n
\u200b\u4fee\u6539\u200b\u7b2c\u4e00\u4e2a\u200b Pod \u200b\u7684\u200b\u5165\u53e3\u200b\u5e26\u5bbd\u200b QoS\uff1a
kubectl annotate --overwrite pod perf-4n4gt -n ls1 ovn.kubernetes.io/ingress_rate=30\n
\u200b\u518d\u6b21\u200b\u4ece\u200b\u7b2c\u4e8c\u4e2a\u200b Pod \u200b\u6d4b\u8bd5\u200b\u7b2c\u4e00\u4e2a\u200b Pod \u200b\u5e26\u5bbd\u200b\uff1a
# iperf3 -c 10.66.0.12\nConnecting to host 10.66.0.12, port 5201\n[ 4] local 10.66.0.14 port 52372 connected to 10.66.0.12 port 5201\n[ ID] Interval Transfer Bandwidth Retr Cwnd\n[ 4] 0.00-1.00 sec 3.66 MBytes 30.7 Mbits/sec 2 76.1 KBytes\n[ 4] 1.00-2.00 sec 3.43 MBytes 28.8 Mbits/sec 0 104 KBytes\n[ 4] 2.00-3.00 sec 3.50 MBytes 29.4 Mbits/sec 0 126 KBytes\n[ 4] 3.00-4.00 sec 3.50 MBytes 29.3 Mbits/sec 0 144 KBytes\n[ 4] 4.00-5.00 sec 3.43 MBytes 28.8 Mbits/sec 0 160 KBytes\n[ 4] 5.00-6.00 sec 3.43 MBytes 28.8 Mbits/sec 0 175 KBytes\n[ 4] 6.00-7.00 sec 3.50 MBytes 29.3 Mbits/sec 0 212 KBytes\n[ 4] 7.00-8.00 sec 3.68 MBytes 30.9 Mbits/sec 0 294 KBytes\n[ 4] 8.00-9.00 sec 3.74 MBytes 31.4 Mbits/sec 0 398 KBytes\n[ 4] 9.00-10.00 sec 3.80 MBytes 31.9 Mbits/sec 0 526 KBytes\n- - - - - - - - - - - - - - - - - - - - - - - - -\n[ ID] Interval Transfer Bandwidth Retr\n[ 4] 0.00-10.00 sec 35.7 MBytes 29.9 Mbits/sec 2 sender\n[ 4] 0.00-10.00 sec 34.5 MBytes 29.0 Mbits/sec receiver\n\niperf Done.\n
"},{"location":"guide/qos/#linux-netem-qos","title":"linux-netem QoS","text":"RHEL \u200b\u7cfb\u5217\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u9700\u8981\u200b\u5b89\u88c5\u200b netem \u200b\u76f8\u5173\u200b\u6a21\u5757\u200b\uff1a yum install -y kernel-modules-extra && modprobe sch_netem
Pod \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5982\u4e0b\u200b annotation \u200b\u914d\u7f6e\u200b linux-netem \u200b\u7c7b\u578b\u200b QoS\uff1a ovn.kubernetes.io/latency\u3001ovn.kubernetes.io/limit \u200b\u548c\u200b ovn.kubernetes.io/loss\u3002
ovn.kubernetes.io/latency\uff1a\u200b\u8bbe\u7f6e\u200b Pod \u200b\u6d41\u91cf\u200b\u5ef6\u8fdf\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b\u6574\u6570\u200b\uff0c\u200b\u5355\u4f4d\u200b\u4e3a\u200b ms\u3002ovn.kubernetes.io/limit\uff1a \u200b\u4e3a\u200b qdisc \u200b\u961f\u5217\u200b\u53ef\u200b\u5bb9\u7eb3\u200b\u7684\u200b\u6700\u5927\u200b\u6570\u636e\u5305\u200b\u6570\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b\u6574\u5f62\u200b\u6570\u503c\u200b\uff0c\u200b\u4f8b\u5982\u200b 1000\u3002ovn.kubernetes.io/loss\uff1a \u200b\u4e3a\u200b\u8bbe\u7f6e\u200b\u7684\u200b\u62a5\u6587\u200b\u4e22\u5305\u200b\u6982\u7387\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b float \u200b\u7c7b\u578b\u200b\uff0c\u200b\u4f8b\u5982\u200b\u53d6\u503c\u200b\u4e3a\u200b 20\uff0c\u200b\u5219\u200b\u4e3a\u200b\u8bbe\u7f6e\u200b 20% \u200b\u7684\u200b\u4e22\u200b\u5305\u200b\u6982\u7387\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/setup-options/","title":"\u5b89\u88c5\u200b\u548c\u200b\u914d\u7f6e\u200b\u9009\u9879","text":"\u200b\u5728\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u4e2d\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff0cKube-OVN \u200b\u8fd8\u200b\u652f\u6301\u200b\u66f4\u200b\u591a\u200b \u200b\u81ea\u5b9a\u4e49\u200b\u914d\u7f6e\u200b\uff0c\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff0c\u200b\u6216\u8005\u200b\u4e4b\u540e\u200b\u66f4\u6539\u200b\u5404\u4e2a\u200b\u7ec4\u4ef6\u200b\u7684\u200b\u53c2\u6570\u200b\u6765\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u4f1a\u200b\u4ecb\u7ecd\u200b\u8fd9\u4e9b\u200b\u81ea\u5b9a\u4e49\u200b\u9009\u9879\u200b \u200b\u7684\u200b\u4f5c\u7528\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5982\u4f55\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/setup-options/#_2","title":"\u5185\u7f6e\u200b\u7f51\u7edc\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u5728\u200b\u5b89\u88c5\u200b\u65f6\u4f1a\u200b\u914d\u7f6e\u200b\u4e24\u4e2a\u200b\u5185\u7f6e\u200b\u5b50\u7f51\u200b\uff1a
default \u200b\u5b50\u7f51\u200b\uff0c\u200b\u4f5c\u4e3a\u200b Pod \u200b\u5206\u914d\u200b IP \u200b\u4f7f\u7528\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9ed8\u8ba4\u200b CIDR \u200b\u4e3a\u200b 10.16.0.0/16\uff0c\u200b\u7f51\u5173\u200b\u4e3a\u200b 10.16.0.1\u3002join \u200b\u5b50\u7f51\u200b\uff0c\u200b\u4f5c\u4e3a\u200b Node \u200b\u548c\u200b Pod \u200b\u4e4b\u95f4\u200b\u8fdb\u884c\u200b\u7f51\u7edc\u901a\u4fe1\u200b\u7684\u200b\u7279\u6b8a\u200b\u5b50\u7f51\u200b, \u200b\u9ed8\u8ba4\u200b CIDR \u200b\u4e3a\u200b 100.64.0.0/16\uff0c\u200b\u7f51\u5173\u200b\u4e3a\u200b 100.64.0.1\u3002
\u200b\u5728\u200b\u5b89\u88c5\u200b\u65f6\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u5185\u200b\u7684\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u66f4\u6539\u200b\uff1a
POD_CIDR=\"10.16.0.0/16\"\nPOD_GATEWAY=\"10.16.0.1\"\nJOIN_CIDR=\"100.64.0.0/16\"\nEXCLUDE_IPS=\"\"\n
EXCLUDE_IP \u200b\u53ef\u200b\u8bbe\u7f6e\u200b POD_CIDR \u200b\u4e0d\u200b\u8fdb\u884c\u200b\u5206\u914d\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\uff0c\u200b\u683c\u5f0f\u200b\u4e3a\u200b\uff1a192.168.10.20..192.168.10.30\u3002
\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b Overlay \u200b\u60c5\u51b5\u200b\u4e0b\u200b\u8fd9\u200b\u4e24\u4e2a\u200b\u7f51\u7edc\u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u6709\u200b\u7684\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u548c\u200b Service CIDR \u200b\u51b2\u7a81\u200b\u3002
\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u53ef\u4ee5\u200b\u5bf9\u200b\u8fd9\u200b\u4e24\u4e2a\u200b\u7f51\u7edc\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u8bf7\u200b\u53c2\u8003\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u548c\u200b\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b\u3002
"},{"location":"guide/setup-options/#service","title":"Service \u200b\u7f51\u6bb5\u200b\u914d\u7f6e","text":"\u200b\u7531\u4e8e\u200b\u90e8\u5206\u200b kube-proxy \u200b\u8bbe\u7f6e\u200b\u7684\u200b iptables \u200b\u548c\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u4f1a\u200b\u548c\u200b Kube-OVN \u200b\u8bbe\u7f6e\u200b\u7684\u200b\u89c4\u5219\u200b\u4ea7\u751f\u200b\u4ea4\u96c6\u200b\uff0c\u200b\u56e0\u6b64\u200b Kube-OVN \u200b\u9700\u8981\u200b\u77e5\u9053\u200b Service \u200b\u7684\u200b CIDR \u200b\u6765\u200b\u6b63\u786e\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u89c4\u5219\u200b\u3002
\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b\uff1a
SVC_CIDR=\"10.96.0.0/12\" \n
\u200b\u6765\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002
\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\uff1a
args:\n- --service-cluster-ip-range=10.96.0.0/12\n
\u200b\u6765\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
"},{"location":"guide/setup-options/#overlay","title":"Overlay \u200b\u7f51\u5361\u200b\u9009\u62e9","text":"\u200b\u5728\u200b\u8282\u70b9\u200b\u5b58\u5728\u200b\u591a\u5757\u200b\u7f51\u5361\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cKube-OVN \u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u9009\u62e9\u200b Kubernetes Node IP \u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5361\u200b\u4f5c\u4e3a\u200b\u5bb9\u5668\u200b\u95f4\u200b\u8de8\u200b\u8282\u70b9\u200b\u901a\u4fe1\u200b\u7684\u200b\u7f51\u5361\u200b\u5e76\u200b\u5efa\u7acb\u200b\u5bf9\u5e94\u200b\u7684\u200b\u96a7\u9053\u200b\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u9009\u62e9\u200b\u5176\u4ed6\u200b\u7684\u200b\u7f51\u5361\u200b\u5efa\u7acb\u200b\u5bb9\u5668\u200b\u96a7\u9053\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u4fee\u6539\u200b\uff1a
IFACE=eth1\n
\u200b\u8be5\u200b\u9009\u9879\u200b\u652f\u6301\u200b\u4ee5\u200b\u9017\u53f7\u200b\u6240\u200b\u5206\u9694\u200b\u6b63\u5219\u8868\u8fbe\u5f0f\u200b,\u200b\u4f8b\u5982\u200b ens[a-z0-9]*,eth[a-z0-9]*\u3002
\u200b\u5b89\u88c5\u200b\u540e\u200b\u4e5f\u200b\u53ef\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
args:\n- --iface=eth1\n
\u200b\u5982\u679c\u200b\u6bcf\u53f0\u200b\u673a\u5668\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u5747\u200b\u4e0d\u540c\u200b\uff0c\u200b\u4e14\u200b\u6ca1\u6709\u200b\u56fa\u5b9a\u200b\u89c4\u5f8b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u8282\u70b9\u200b annotation ovn.kubernetes.io/tunnel_interface \u200b\u8fdb\u884c\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b\u9010\u4e00\u200b\u914d\u7f6e\u200b\uff0c\u200b\u62e5\u6709\u200b\u8be5\u200b annotation \u200b\u8282\u70b9\u200b\u4f1a\u200b\u8986\u76d6\u200b iface \u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u4f18\u5148\u200b\u4f7f\u7528\u200b annotation\u3002
kubectl annotate node no1 ovn.kubernetes.io/tunnel_interface=ethx\n
"},{"location":"guide/setup-options/#mtu","title":"MTU \u200b\u8bbe\u7f6e","text":"\u200b\u7531\u4e8e\u200b Overlay \u200b\u5c01\u88c5\u200b\u9700\u8981\u200b\u5360\u636e\u200b\u989d\u5916\u200b\u7684\u200b\u7a7a\u95f4\u200b\uff0cKube-OVN \u200b\u5728\u200b\u521b\u5efa\u200b\u5bb9\u5668\u200b\u7f51\u5361\u200b\u65f6\u4f1a\u200b\u6839\u636e\u200b\u9009\u62e9\u200b\u7f51\u5361\u200b\u7684\u200b MTU \u200b\u8fdb\u884c\u200b\u5bb9\u5668\u200b\u7f51\u5361\u200b\u7684\u200b MTU \u200b\u8c03\u6574\u200b\uff0c \u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b Pod \u200b\u7f51\u5361\u200b MTU \u200b\u4e3a\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b MTU - 100\uff0cUnderlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\uff0cPod \u200b\u7f51\u5361\u200b\u548c\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b\u6709\u200b\u76f8\u540c\u200b MTU\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u8c03\u6574\u200b Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b MTU \u200b\u7684\u200b\u5927\u5c0f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u53c2\u6570\u200b\uff1a
args:\n- --mtu=1333\n
"},{"location":"guide/setup-options/#_3","title":"\u5168\u5c40\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u5f00\u542f\u200b\u5168\u5c40\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u521b\u5efa\u200b\u4e00\u5757\u200b mirror0 \u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u5361\u200b\uff0c\u200b\u590d\u5236\u200b\u5f53\u524d\u200b\u673a\u5668\u200b\u6240\u6709\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u5230\u200b\u8be5\u200b\u7f51\u5361\u200b\u4e0a\u200b\uff0c \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b tcpdump \u200b\u53ca\u5176\u200b\u4ed6\u200b\u5de5\u5177\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u5206\u6790\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u914d\u7f6e\u200b\u5f00\u542f\u200b\uff1a
ENABLE_MIRROR=true\n
\u200b\u4e5f\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u53c2\u6570\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b:
args:\n- --enable-mirror=true\n
\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u7684\u200b\u80fd\u529b\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5173\u95ed\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u7ec6\u7c92\u5ea6\u200b\u7684\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u6216\u200b\u9700\u8981\u200b\u5c06\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u5230\u200b\u989d\u5916\u200b\u7684\u200b\u7f51\u5361\u200b\u8bf7\u200b\u53c2\u8003\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002
"},{"location":"guide/setup-options/#lb","title":"LB \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u4f7f\u7528\u200b OVN \u200b\u4e2d\u200b\u7684\u200b L2 LB \u200b\u6765\u200b\u5b9e\u73b0\u200b Service \u200b\u8f6c\u53d1\u200b\uff0c\u200b\u5728\u200b Overlay \u200b\u573a\u666f\u200b\u4e2d\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u4f7f\u7528\u200b kube-proxy \u200b\u6765\u200b\u5b8c\u6210\u200b Service \u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b, \u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u5173\u95ed\u200b Kube-OVN \u200b\u7684\u200b LB \u200b\u529f\u80fd\u200b\u4ee5\u200b\u8fbe\u5230\u200b\u63a7\u5236\u200b\u9762\u200b\u548c\u200b\u6570\u636e\u200b\u9762\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_LB=false\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-lb=false\n
LB \u200b\u7684\u200b\u529f\u80fd\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5f00\u542f\u200b\u3002
\u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u5728\u200b subnet crd \u200b\u5b9a\u4e49\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e86\u200b spec \u200b\u5b57\u200b\u6bb5\u200b enableLb\uff0c\u200b\u5c06\u200b Kube-OVN \u200b\u7684\u200b LB \u200b\u529f\u80fd\u200b\u8fc1\u79fb\u200b\u5230\u200b\u5b50\u7f51\u200b\u5c42\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u5206\u522b\u200b\u8bbe\u7f6e\u200b\u662f\u5426\u200b\u5f00\u542f\u200b LB \u200b\u529f\u80fd\u200b\u3002kube-ovn-controller Deployment \u200b\u4e2d\u200b\u7684\u200b enable-lb \u200b\u53c2\u6570\u200b\u4f5c\u4e3a\u200b\u5168\u5c40\u200b\u53c2\u6570\u200b\uff0c\u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u521b\u5efa\u200b load-balancer \u200b\u8bb0\u5f55\u200b\uff0c\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u65b0\u589e\u200b\u7684\u200b enableLb \u200b\u53c2\u6570\u200b\u7528\u4e8e\u200b\u63a7\u5236\u200b\u5b50\u7f51\u200b\u662f\u5426\u200b\u5173\u8054\u200b load-balancer \u200b\u8bb0\u5f55\u200b\u3002\u200b\u4e4b\u524d\u200b\u7248\u672c\u5347\u7ea7\u200b\u5230\u200b v1.12.0 \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5b50\u7f51\u200b enableLb \u200b\u53c2\u6570\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ee7\u627f\u200b\u539f\u6709\u200b\u7684\u200b\u5168\u5c40\u200b\u5f00\u5173\u200b\u53c2\u6570\u200b\u53d6\u503c\u200b\u3002
"},{"location":"guide/setup-options/#networkpolicy","title":"NetworkPolicy \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u4f7f\u7528\u200b OVN \u200b\u4e2d\u200b\u7684\u200b ACL \u200b\u6765\u200b\u5b9e\u73b0\u200b NetworkPolicy\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u5173\u95ed\u200b NetworkPolicy \u200b\u529f\u80fd\u200b \u200b\u6216\u8005\u200b\u4f7f\u7528\u200b Cilium Chain \u200b\u7684\u200b\u65b9\u5f0f\u200b\u5229\u7528\u200b eBPF \u200b\u5b9e\u73b0\u200b NetworkPolicy\uff0c \u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u5173\u95ed\u200b Kube-OVN \u200b\u7684\u200b NetworkPolicy \u200b\u529f\u80fd\u200b\u4ee5\u200b\u8fbe\u5230\u200b\u63a7\u5236\u200b\u9762\u200b\u548c\u200b\u6570\u636e\u200b\u9762\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_NP=false\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-np=false\n
NetworkPolicy \u200b\u7684\u200b\u80fd\u529b\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5f00\u542f\u200b\u3002
"},{"location":"guide/setup-options/#eip-snat","title":"EIP \u200b\u548c\u200b SNAT \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u4e0b\u200b\u5982\u679c\u200b\u65e0\u9700\u200b\u4f7f\u7528\u200b EIP \u200b\u548c\u200b SNAT \u200b\u7684\u200b\u80fd\u529b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u5173\u95ed\u200b\u76f8\u5173\u200b\u529f\u80fd\u200b\uff0c\u200b\u4ee5\u200b\u51cf\u5c11\u200b kube-ovn-controller \u200b\u5728\u200b\u521b\u5efa\u200b\u548c\u200b\u66f4\u65b0\u200b \u200b\u7f51\u7edc\u200b\u65f6\u200b\u7684\u200b\u68c0\u67e5\u200b\u6d88\u8017\u200b\uff0c\u200b\u5728\u200b\u5927\u89c4\u6a21\u200b\u96c6\u7fa4\u200b\u73af\u5883\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u63d0\u5347\u200b\u5904\u7406\u901f\u5ea6\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_EIP_SNAT=false\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-eip-snat=false\n
EIP \u200b\u548c\u200b SNAT \u200b\u7684\u200b\u80fd\u529b\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5f00\u542f\u200b\u3002\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u76f8\u5173\u200b\u4f7f\u7528\u200b\u548c\u200b\u5176\u4ed6\u200b\u53ef\u200b\u914d\u200b\u53c2\u6570\u200b\u8bf7\u200b\u53c2\u8003\u200b EIP \u200b\u548c\u200b SNAT \u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/setup-options/#load-balancer-service","title":"Load Balancer \u200b\u7c7b\u578b\u200b Service \u200b\u652f\u6301\u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5f00\u542f\u200b\u8be5\u200b\u9009\u9879\u200b\u6765\u200b\u652f\u6301\u200b Load Balancer \u200b\u7c7b\u578b\u200b Service\u3002\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u76f8\u5173\u200b\u4f7f\u7528\u200b\u548c\u200b\u5176\u4ed6\u200b\u53ef\u200b\u914d\u200b\u53c2\u6570\u200b\u8bf7\u200b\u53c2\u8003\u200b LoadBalancer \u200b\u7c7b\u578b\u200b Service\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u5173\u95ed\u200b\uff0c\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_LB_SVC=true\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-lb-svc=true\n
"},{"location":"guide/setup-options/#ecmp","title":"\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b ECMP \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u652f\u6301\u200b\u4e3b\u5907\u200b\u548c\u200b ECMP \u200b\u4e24\u79cd\u200b\u9ad8\u200b\u53ef\u7528\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u542f\u7528\u200b ECMP \u200b\u6a21\u5f0f\u200b\uff0c \u200b\u9700\u8981\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b:
args:\n- --enable-ecmp=true \n
\u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u5728\u200b subnet crd \u200b\u5b9a\u4e49\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e86\u200b spec \u200b\u5b57\u200b\u6bb5\u200b enableEcmp\uff0c\u200b\u5c06\u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b ECMP \u200b\u5f00\u5173\u200b\u63a7\u5236\u200b\u8fc1\u79fb\u200b\u5230\u200b\u5b50\u7f51\u200b\u5c42\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u5206\u522b\u200b\u8bbe\u7f6e\u200b\u662f\u5426\u200b\u5f00\u542f\u200b ECMP \u200b\u6a21\u5f0f\u200b\u3002\u200b\u539f\u6709\u200b\u7684\u200b kube-ovn-controller Deployment \u200b\u4e2d\u200b\u7684\u200b enable-ecmp \u200b\u53c2\u6570\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\u3002\u200b\u4e4b\u524d\u200b\u7248\u672c\u5347\u7ea7\u200b\u5230\u200b v1.12.0 \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5b50\u7f51\u200b\u5f00\u5173\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ee7\u627f\u200b\u539f\u6709\u200b\u7684\u200b\u5168\u5c40\u200b\u5f00\u5173\u200b\u53c2\u6570\u200b\u53d6\u503c\u200b\u3002
\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e0b\u200b\u4e3a\u4e3b\u200b\u5907\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u7f51\u5173\u200b\u76f8\u5173\u200b\u5185\u5bb9\u200b\u8bf7\u200b\u53c2\u8003\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u3002
"},{"location":"guide/setup-options/#kubevirt-vm","title":"Kubevirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u9488\u5bf9\u200b Kubevirt \u200b\u521b\u5efa\u200b\u7684\u200b VM \u200b\u5b9e\u4f8b\u200b\uff0ckube-ovn-controller \u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b\u7c7b\u4f3c\u200b StatefulSet Pod \u200b\u7684\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\u548c\u200b\u7ba1\u7406\u200b\u3002 \u200b\u4ee5\u200b\u8fbe\u5230\u200b VM \u200b\u5b9e\u4f8b\u200b\u5728\u200b\u751f\u547d\u5468\u671f\u200b\u5185\u542f\u505c\u200b\uff0c\u200b\u5347\u7ea7\u200b\uff0c\u200b\u8fc1\u79fb\u200b\u7b49\u200b\u64cd\u4f5c\u8fc7\u7a0b\u200b\u4e2d\u200b\u5730\u5740\u200b\u56fa\u5b9a\u200b\u4e0d\u53d8\u200b\uff0c\u200b\u66f4\u7b26\u200b\u865a\u62df\u5316\u200b\u5408\u200b\u7528\u6237\u200b\u7684\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4f53\u9a8c\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u5728\u200b 1.10.6 \u200b\u540e\u200b\u9ed8\u8ba4\u200b\u5f00\u542f\u200b\uff0c\u200b\u82e5\u200b\u8981\u200b\u5173\u95ed\u200b\u6b64\u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u542f\u52a8\u200b\u547d\u4ee4\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\uff1a
args:\n- --keep-vm-ip=false\n
"},{"location":"guide/setup-options/#cni","title":"CNI \u200b\u914d\u7f6e\u200b\u76f8\u5173\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u5728\u200b /opt/cni/bin \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u5b89\u88c5\u200b CNI \u200b\u6267\u884c\u200b\u6587\u4ef6\u200b\uff0c\u200b\u5728\u200b /etc/cni/net.d \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u5b89\u88c5\u200b CNI \u200b\u914d\u7f6e\u6587\u4ef6\u200b 01-kube-ovn.conflist\u3002 \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u66f4\u6539\u200b\u5b89\u88c5\u200b\u4f4d\u7f6e\u200b\u548c\u200b CNI \u200b\u914d\u7f6e\u6587\u4ef6\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u7684\u200b\u4e0b\u5217\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
CNI_CONF_DIR=\"/etc/cni/net.d\"\nCNI_BIN_DIR=\"/opt/cni/bin\"\nCNI_CONFIG_PRIORITY=\"01\"\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u66f4\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b Volume \u200b\u6302\u8f7d\u200b\u548c\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff1a
volumes:\n- name: cni-conf\n hostPath:\n path: \"/etc/cni/net.d\"\n- name: cni-bin\n hostPath:\n path:\"/opt/cni/bin\"\n...\nargs:\n- --cni-conf-name=01-kube-ovn.conflist\n
"},{"location":"guide/setup-options/#_4","title":"\u96a7\u9053\u200b\u7c7b\u578b\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u9ed8\u8ba4\u200b Overlay \u200b\u7684\u200b\u5c01\u88c5\u200b\u6a21\u5f0f\u200b\u4e3a\u200b Geneve\uff0c\u200b\u5982\u679c\u200b\u60f3\u200b\u66f4\u6362\u200b\u4e3a\u200b Vxlan \u200b\u6216\u200b STT\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u7684\u200b\u4e0b\u5217\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
TUNNEL_TYPE=\"vxlan\"\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u66f4\u6539\u200b ovs-ovn DaemonSet \u200b\u7684\u200b\u73af\u5883\u53d8\u91cf\u200b\uff1a
env:\n- name: TUNNEL_TYPE\n value: \"vxlan\"\n
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b STT \u200b\u96a7\u9053\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u7f16\u8bd1\u200b ovs \u200b\u7684\u200b\u5185\u6838\u6a21\u5757\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b\u3002
\u200b\u4e0d\u540c\u200b\u534f\u8bae\u200b\u5728\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4e2d\u200b\u7684\u200b\u533a\u522b\u200b\u8bf7\u200b\u53c2\u8003\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\u8bf4\u660e\u200b\u3002
"},{"location":"guide/setup-options/#ssl","title":"SSL \u200b\u8bbe\u7f6e","text":"OVN DB \u200b\u7684\u200b API \u200b\u63a5\u53e3\u200b\u652f\u6301\u200b SSL \u200b\u52a0\u5bc6\u200b\u6765\u200b\u4fdd\u8bc1\u200b\u8fde\u63a5\u200b\u5b89\u5168\u200b\uff0c\u200b\u5982\u200b\u8981\u200b\u5f00\u542f\u200b\u53ef\u200b\u8c03\u6574\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u7684\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b:
ENABLE_SSL=true\n
SSL \u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e0b\u200b\u4e3a\u200b\u5173\u95ed\u200b\u6a21\u5f0f\u200b\u3002
"},{"location":"guide/setup-options/#ip","title":"\u7ed1\u5b9a\u200b\u672c\u5730\u200b ip","text":"kube-ovn-controller/kube-ovn-cni/kube-ovn-monitor \u200b\u8fd9\u4e9b\u200b\u670d\u52a1\u200b\u652f\u6301\u200b\u7ed1\u5b9a\u200b\u672c\u5730\u200b ip\uff0c\u200b\u8be5\u200b\u529f\u80fd\u8bbe\u8ba1\u200b\u539f\u56e0\u200b\u4e3b\u8981\u200b\u662f\u56e0\u4e3a\u200b\u67d0\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\u51fa\u4e8e\u200b\u5b89\u5168\u200b\u8003\u8651\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u670d\u52a1\u200b\u7ed1\u5b9a\u200b 0.0.0.0 \uff08\u200b\u6bd4\u5982\u200b\u8be5\u200b\u670d\u52a1\u200b\u90e8\u7f72\u200b\u5728\u200b\u67d0\u4e2a\u200b\u5bf9\u5916\u200b\u7f51\u5173\u200b\u4e0a\u200b\uff0c\u200b\u5916\u90e8\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b\u516c\u7f51\u200b ip \u200b\u5e76\u200b\u6307\u5b9a\u200b\u7aef\u53e3\u200b\u53bb\u200b\u8bbf\u95ee\u200b\u5230\u200b\u8be5\u200b\u670d\u52a1\u200b\uff09\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u662f\u200b\u6253\u5f00\u200b\u7684\u200b\uff0c\u200b\u7531\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\u63a7\u5236\u200b\uff1a
ENABLE_BIND_LOCAL_IP=true\n
\u200b\u4ee5\u200b kube-ovn-monitor \u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u5f00\u542f\u200b\u529f\u80fd\u200b\u540e\u4f1a\u200b\u628a\u200b\u670d\u52a1\u200b\u7ed1\u5b9a\u200b\u672c\u5730\u200b\u7684\u200b pod ip \u200b\u5982\u4e0b\u200b\uff1a
# netstat -tunlp |grep kube-ovn\ntcp 0 0 172.18.0.5:10661 0.0.0.0:* LISTEN 2612/./kube-ovn-mon\n
\u200b\u5b89\u88c5\u200b\u540e\u200b\u4e5f\u200b\u53ef\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b\u670d\u52a1\u200b\u7684\u200b deployment \u200b\u6216\u8005\u200b daemonSet \u200b\u7684\u200b\u73af\u5883\u53d8\u91cf\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
env:\n- name: ENABLE_BIND_LOCAL_IP\n value: \"false\"\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/static-ip-mac/","title":"\u56fa\u5b9a\u200b\u5730\u5740","text":"Kube-OVN \u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u6839\u636e\u200b Pod \u200b\u6240\u5728\u200b Namespace \u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP \u200b\u548c\u200b Mac\u3002 \u200b\u9488\u5bf9\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b\u9700\u8981\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0cKube-OVN \u200b\u6839\u636e\u200b\u4e0d\u540c\u200b\u7684\u200b\u573a\u666f\u200b\uff0c\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u591a\u79cd\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u7684\u200b\u65b9\u6cd5\u200b\uff1a
- \u200b\u5355\u4e2a\u200b Pod \u200b\u56fa\u5b9a\u200b IP/Mac\u3002
- Workload \u200b\u901a\u7528\u200b IP Pool \u200b\u65b9\u5f0f\u200b\u6307\u5b9a\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u3002
- StatefulSet \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u3002
- KubeVirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u3002
"},{"location":"guide/static-ip-mac/#pod-ip-mac","title":"\u5355\u4e2a\u200b Pod \u200b\u56fa\u5b9a\u200b IP \u200b\u548c\u200b Mac","text":"\u200b\u53ef\u4ee5\u200b\u5728\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u901a\u8fc7\u200b annotation \u200b\u6765\u200b\u6307\u5b9a\u200b Pod \u200b\u8fd0\u884c\u200b\u65f6\u200b\u6240\u200b\u9700\u200b\u7684\u200b IP/Mac, kube-ovn-controller \u200b\u8fd0\u884c\u200b\u65f6\u200b\u5c06\u200b\u4f1a\u200b\u8df3\u200b\u8fc7\u200b\u5730\u5740\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u9636\u6bb5\u200b\uff0c\u200b\u7ecf\u8fc7\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\u540e\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u6307\u5b9a\u200b\u5730\u5740\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: static-ip\n annotations:\n ovn.kubernetes.io/ip_address: 10.16.0.15 // \u200b\u53cc\u6808\u200b\u5730\u5740\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u5206\u9694\u200b 10.16.0.15,fd00:10:16::15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\nspec:\n containers:\n - name: static-ip\n image: docker.io/library/nginx:alpine\n
\u200b\u5728\u200b\u4f7f\u7528\u200b annotation \u200b\u5b9a\u4e49\u200b\u5355\u4e2a\u200b Pod IP/Mac \u200b\u65f6\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u4ee5\u4e0b\u51e0\u70b9\u200b\uff1a
- \u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b IP/Mac \u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u6709\u200b\u7684\u200b IP/Mac \u200b\u51b2\u7a81\u200b\u3002
- IP \u200b\u5fc5\u987b\u200b\u5728\u200b\u6240\u5c5e\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u5185\u200b\u3002
- \u200b\u53ef\u4ee5\u200b\u53ea\u200b\u6307\u5b9a\u200b IP \u200b\u6216\u200b Mac\uff0c\u200b\u53ea\u200b\u6307\u5b9a\u200b\u4e00\u4e2a\u200b\u65f6\u200b\uff0c\u200b\u53e6\u200b\u4e00\u4e2a\u200b\u4f1a\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u3002
"},{"location":"guide/static-ip-mac/#workload-ip-pool","title":"Workload \u200b\u901a\u7528\u200b IP Pool \u200b\u56fa\u5b9a\u200b\u5730\u5740","text":"Kube-OVN \u200b\u652f\u6301\u200b\u901a\u8fc7\u200b annotation ovn.kubernetes.io/ip_pool \u200b\u7ed9\u200b Workload\uff08Deployment/StatefulSet/DaemonSet/Job/CronJob\uff09\u200b\u8bbe\u7f6e\u200b\u56fa\u5b9a\u200b IP\u3002 kube-ovn-controller \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u9009\u62e9\u200b ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u6307\u5b9a\u200b\u7684\u200b IP \u200b\u5e76\u200b\u8fdb\u884c\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\u3002
IP Pool \u200b\u7684\u200b Annotation \u200b\u9700\u8981\u200b\u52a0\u200b\u5728\u200b template \u200b\u5185\u200b\u7684\u200b annotation \u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u9664\u4e86\u200b Kubernetes \u200b\u5185\u7f6e\u200b\u7684\u200b Workload \u200b\u7c7b\u578b\u200b\uff0c \u200b\u5176\u4ed6\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b\u7684\u200b Workload \u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u540c\u6837\u200b\u7684\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u5206\u914d\u200b\u3002
"},{"location":"guide/static-ip-mac/#deployment-ip","title":"Deployment \u200b\u56fa\u5b9a\u200b IP \u200b\u793a\u4f8b","text":"apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: ippool\n labels:\n app: ippool\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: ippool\n template:\n metadata:\n labels:\n app: ippool\n annotations:\n ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17 // \u200b\u53cc\u6808\u200b\u5730\u5740\u200b\u4f7f\u7528\u200b\u5206\u200b\u53f7\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b 10.16.0.15,fd00:10:16::000E;10.16.0.16,fd00:10:16::000F;10.16.0.17,fd00:10:16::0010\n spec:\n containers:\n - name: ippool\n image: docker.io/library/nginx:alpine\n
\u200b\u5bf9\u200b Workload \u200b\u4f7f\u7528\u200b\u56fa\u5b9a\u200b IP \u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u4ee5\u4e0b\u51e0\u70b9\u200b\uff1a
ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP \u200b\u5e94\u8be5\u200b\u5c5e\u4e8e\u200b\u6240\u5728\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u5185\u200b\u3002ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP \u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u200b\u4f7f\u7528\u200b\u7684\u200b IP \u200b\u51b2\u7a81\u200b\u3002- \u200b\u5f53\u200b
ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP \u200b\u6570\u91cf\u200b\u5c0f\u4e8e\u200b replicas \u200b\u6570\u91cf\u200b\u65f6\u200b\uff0c\u200b\u591a\u51fa\u200b\u7684\u200b Pod \u200b\u5c06\u200b\u65e0\u6cd5\u200b\u521b\u5efa\u200b\u3002\u200b\u4f60\u200b\u9700\u8981\u200b\u6839\u636e\u200b Workload \u200b\u7684\u200b\u66f4\u65b0\u200b\u7b56\u7565\u200b\u4ee5\u53ca\u200b\u6269\u5bb9\u200b\u89c4\u5212\u200b\u8c03\u6574\u200b ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b IP \u200b\u7684\u200b\u6570\u91cf\u200b\u3002
"},{"location":"guide/static-ip-mac/#statefulset","title":"StatefulSet \u200b\u56fa\u5b9a\u200b\u5730\u5740","text":"StatefulSet \u200b\u9ed8\u8ba4\u200b\u652f\u6301\u200b\u56fa\u5b9a\u200b IP\uff0c\u200b\u800c\u4e14\u200b\u548c\u200b\u5176\u4ed6\u200b Workload \u200b\u76f8\u540c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b ovn.kubernetes.io/ip_pool \u200b\u6765\u200b\u6307\u5b9a\u200b Pod \u200b\u4f7f\u7528\u200b\u7684\u200b IP \u200b\u8303\u56f4\u200b\u3002
\u200b\u7531\u4e8e\u200b StatefulSet \u200b\u591a\u200b\u7528\u4e8e\u200b\u6709\u200b\u72b6\u6001\u200b\u670d\u52a1\u200b\uff0c\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u6807\u793a\u200b\u7684\u200b\u56fa\u5b9a\u200b\u6709\u200b\u66f4\u200b\u9ad8\u200b\u7684\u200b\u8981\u6c42\u200b\uff0cKube-OVN \u200b\u505a\u200b\u4e86\u200b\u7279\u6b8a\u200b\u7684\u200b\u5f3a\u5316\u200b\uff1a
- Pod \u200b\u4f1a\u200b\u6309\u200b\u987a\u5e8f\u200b\u5206\u914d\u200b
ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP\u3002\u200b\u4f8b\u5982\u200b StatefulSet \u200b\u7684\u200b\u540d\u5b57\u200b\u4e3a\u200b web\uff0c\u200b\u5219\u200b web-0 \u200b\u4f1a\u200b\u4f7f\u7528\u200b ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b\u7b2c\u4e00\u4e2a\u200b IP\uff0c web-1 \u200b\u4f1a\u200b\u4f7f\u7528\u200b\u7b2c\u4e8c\u4e2a\u200b IP\uff0c\u200b\u4ee5\u6b64\u7c7b\u63a8\u200b\u3002 - StatefulSet Pod \u200b\u5728\u200b\u66f4\u65b0\u200b\u6216\u200b\u5220\u9664\u200b\u7684\u200b\u8fc7\u7a0b\u200b\u4e2d\u200b OVN \u200b\u4e2d\u200b\u7684\u200b logical_switch_port \u200b\u4e0d\u4f1a\u200b\u5220\u9664\u200b\uff0c\u200b\u65b0\u200b\u751f\u6210\u200b\u7684\u200b Pod \u200b\u76f4\u63a5\u200b\u590d\u7528\u200b\u65e7\u200b\u7684\u200b interface \u200b\u4fe1\u606f\u200b\u3002\u200b\u56e0\u6b64\u200b Pod \u200b\u53ef\u4ee5\u200b\u590d\u7528\u200b IP/Mac \u200b\u53ca\u5176\u200b\u4ed6\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\uff0c\u200b\u8fbe\u5230\u200b\u548c\u200b StatefulSet Volume \u200b\u7c7b\u4f3c\u200b\u7684\u200b\u72b6\u6001\u200b\u4fdd\u7559\u200b\u529f\u80fd\u200b\u3002
- \u200b\u57fa\u4e8e\u200b 2 \u200b\u7684\u200b\u80fd\u529b\u200b\uff0c\u200b\u5bf9\u4e8e\u200b\u6ca1\u6709\u200b
ovn.kubernetes.io/ip_pool \u200b\u6ce8\u89e3\u200b\u7684\u200b StatefulSet\uff0cPod \u200b\u7b2c\u4e00\u6b21\u200b\u751f\u6210\u200b\u65f6\u4f1a\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP/Mac\uff0c\u200b\u4e4b\u540e\u200b\u5728\u200b\u6574\u4e2a\u200b StatefulSet \u200b\u7684\u200b\u751f\u547d\u5468\u671f\u200b\u5185\u200b\uff0c\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\u90fd\u200b\u4f1a\u200b\u4fdd\u6301\u200b\u56fa\u5b9a\u200b\u3002
"},{"location":"guide/static-ip-mac/#statefulset_1","title":"StatefulSet \u200b\u793a\u4f8b","text":"apiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n name: web\nspec:\n serviceName: \"nginx\"\n replicas: 2\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n ports:\n - containerPort: 80\n name: web\n
\u200b\u53ef\u4ee5\u200b\u5c1d\u8bd5\u200b\u5220\u9664\u200b StatefulSet \u200b\u4e0b\u200b Pod \u200b\u89c2\u5bdf\u200b Pod IP \u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"guide/static-ip-mac/#kubevirt-vm","title":"KubeVirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740","text":"\u200b\u9488\u5bf9\u200b KubeVirt \u200b\u521b\u5efa\u200b\u7684\u200b VM \u200b\u5b9e\u4f8b\u200b\uff0ckube-ovn-controller \u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b\u7c7b\u4f3c\u200b StatefulSet Pod \u200b\u7684\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\u548c\u200b\u7ba1\u7406\u200b\u3002 \u200b\u4ee5\u200b\u8fbe\u5230\u200b VM \u200b\u5b9e\u4f8b\u200b\u5728\u200b\u751f\u547d\u5468\u671f\u200b\u5185\u542f\u505c\u200b\uff0c\u200b\u5347\u7ea7\u200b\uff0c\u200b\u8fc1\u79fb\u200b\u7b49\u200b\u64cd\u4f5c\u8fc7\u7a0b\u200b\u4e2d\u200b\u5730\u5740\u200b\u56fa\u5b9a\u200b\u4e0d\u53d8\u200b\uff0c\u200b\u66f4\u7b26\u200b\u865a\u62df\u5316\u200b\u5408\u200b\u7528\u6237\u200b\u7684\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4f53\u9a8c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/subnet/","title":"\u5b50\u7f51\u200b\u4f7f\u7528","text":"\u200b\u5b50\u7f51\u200b\u662f\u200b Kube-OVN \u200b\u4e2d\u200b\u7684\u200b\u4e00\u4e2a\u200b\u6838\u5fc3\u200b\u6982\u5ff5\u200b\u548c\u200b\u57fa\u672c\u200b\u4f7f\u7528\u200b\u5355\u5143\u200b\uff0cKube-OVN \u200b\u4f1a\u4ee5\u200b\u5b50\u7f51\u200b\u6765\u200b\u7ec4\u7ec7\u200b IP \u200b\u548c\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c\u200b\u6bcf\u4e2a\u200b Namespace \u200b\u53ef\u4ee5\u200b\u5f52\u5c5e\u4e8e\u200b\u7279\u5b9a\u200b\u7684\u200b\u5b50\u7f51\u200b\uff0c Namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u4ece\u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u83b7\u53d6\u200b IP \u200b\u5e76\u200b\u5171\u4eab\u200b\u5b50\u7f51\u200b\u7684\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff08CIDR\uff0c\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b\uff0c\u200b\u8bbf\u95ee\u63a7\u5236\u200b\uff0cNAT \u200b\u63a7\u5236\u200b\u7b49\u200b\uff09\u3002
\u200b\u548c\u200b\u5176\u4ed6\u200b CNI \u200b\u7684\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u5b9e\u73b0\u200b\u4e0d\u540c\u200b\uff0c\u200b\u5728\u200b Kube-OVN \u200b\u4e2d\u5b50\u200b\u7f51\u4e3a\u200b\u4e00\u4e2a\u200b\u5168\u5c40\u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c\u200b\u540c\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u53ef\u4ee5\u200b\u5206\u5e03\u200b\u5728\u200b\u4efb\u610f\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u3002
Overlay \u200b\u548c\u200b Underlay \u200b\u7684\u200b\u5b50\u7f51\u200b\u5728\u200b\u4f7f\u7528\u200b\u548c\u200b\u914d\u7f6e\u200b\u4e0a\u200b\u5b58\u5728\u200b\u4e00\u4e9b\u200b\u5dee\u5f02\u200b\uff0c\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u4f1a\u200b\u4ecb\u7ecd\u200b\u4e0d\u540c\u200b\u7c7b\u578b\u200b\u5b50\u7f51\u200b\u7684\u200b\u4e00\u4e9b\u200b\u5171\u540c\u200b\u914d\u7f6e\u200b\u548c\u200b\u5dee\u5f02\u5316\u200b\u529f\u80fd\u200b\u3002
"},{"location":"guide/subnet/#_2","title":"\u9ed8\u8ba4\u200b\u5b50\u7f51","text":"\u200b\u4e3a\u4e86\u200b\u65b9\u4fbf\u200b\u7528\u6237\u200b\u7684\u200b\u5feb\u901f\u200b\u4e0a\u200b\u624b\u200b\u4f7f\u7528\u200b\uff0cKube-OVN \u200b\u5185\u7f6e\u200b\u4e86\u200b\u4e00\u4e2a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u6240\u6709\u200b\u672a\u200b\u663e\u5f0f\u200b\u58f0\u660e\u200b\u5b50\u7f51\u200b\u5f52\u5c5e\u200b\u7684\u200b Namespace \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u4ece\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u5206\u914d\u200b IP\uff0c \u200b\u5e76\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\u3002\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7684\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u5b89\u88c5\u200b\u65f6\u200b\u6307\u5b9a\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u5185\u7f6e\u200b\u7f51\u7edc\u200b\u8bbe\u7f6e\u200b\uff0c \u200b\u5982\u679c\u200b\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u7684\u200b CIDR \u200b\u8bf7\u200b\u53c2\u8003\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5728\u200b Overlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u4e86\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u5e76\u200b\u5bf9\u200b\u51fa\u7f51\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b NAT \u200b\u8f6c\u6362\u200b\uff0c\u200b\u5176\u200b\u884c\u4e3a\u200b\u548c\u200b Flannel \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u884c\u4e3a\u200b\u57fa\u672c\u4e00\u81f4\u200b\uff0c \u200b\u7528\u6237\u200b\u65e0\u9700\u200b\u989d\u5916\u200b\u7684\u200b\u914d\u7f6e\u200b\u5373\u53ef\u200b\u4f7f\u7528\u200b\u5230\u200b\u5927\u90e8\u5206\u200b\u7684\u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\u3002
\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u4f5c\u4e3a\u200b\u51fa\u7f51\u200b\u7f51\u5173\u200b\uff0c\u200b\u5e76\u200b\u5f00\u542f\u200b arping \u200b\u68c0\u67e5\u200b\u7f51\u7edc\u200b\u8fde\u901a\u6027\u200b\u3002
"},{"location":"guide/subnet/#_3","title":"\u67e5\u770b\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51","text":"\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b spec \u200b\u4e2d\u200b\u7684\u200b default \u200b\u5b57\u6bb5\u200b\u4e3a\u200b true\uff0c\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u4e0b\u200b\u53ea\u6709\u200b\u4e00\u4e2a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u540d\u4e3a\u200b ovn-default\u3002
\u200b\u67e5\u770b\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff1a
# kubectl get subnet ovn-default -o yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n creationTimestamp: \"2019-08-06T09:33:43Z\"\n generation: 1\n name: ovn-default\n resourceVersion: \"1571334\"\n selfLink: /apis/kubeovn.io/v1/subnets/ovn-default\n uid: 7e2451f8-fb44-4f7f-b3e0-cfd27f6fd5d6\nspec:\n cidrBlock: 10.16.0.0/16\n default: true\n excludeIps:\n - 10.16.0.1\n gateway: 10.16.0.1\n gatewayType: distributed\n natOutgoing: true\n private: false\n protocol: IPv4\n
"},{"location":"guide/subnet/#join","title":"Join \u200b\u5b50\u7f51","text":"\u200b\u5728\u200b Kubernetes \u200b\u7684\u200b\u7f51\u7edc\u200b\u89c4\u8303\u200b\u4e2d\u200b\uff0c\u200b\u8981\u6c42\u200b Node \u200b\u53ef\u4ee5\u200b\u548c\u200b\u6240\u6709\u200b\u7684\u200b Pod \u200b\u76f4\u63a5\u200b\u901a\u4fe1\u200b\u3002 \u200b\u4e3a\u4e86\u200b\u5728\u200b Overlay \u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u8fbe\u5230\u200b\u8fd9\u4e2a\u200b\u76ee\u7684\u200b\uff0c Kube-OVN \u200b\u521b\u5efa\u200b\u4e86\u200b\u4e00\u4e2a\u200b join \u200b\u5b50\u7f51\u200b\uff0c \u200b\u5e76\u200b\u5728\u200b\u6bcf\u4e2a\u200b Node \u200b\u8282\u70b9\u200b\u521b\u5efa\u200b\u4e86\u200b\u4e00\u5757\u200b\u865a\u62df\u200b\u7f51\u5361\u200b ovn0 \u200b\u63a5\u5165\u200b join \u200b\u5b50\u7f51\u200b\uff0c\u200b\u901a\u8fc7\u200b\u8be5\u200b\u7f51\u7edc\u200b\u5b8c\u6210\u200b\u8282\u70b9\u200b\u548c\u200b Pod \u200b\u4e4b\u95f4\u200b\u7684\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u3002
\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7684\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u5b89\u88c5\u200b\u65f6\u200b\u6307\u5b9a\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u5185\u7f6e\u200b\u7f51\u7edc\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u5982\u679c\u200b\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u4fee\u6539\u200b\u3002 join \u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u8bf7\u200b\u53c2\u8003\u200b\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b
"},{"location":"guide/subnet/#join_1","title":"\u67e5\u770b\u200b Join \u200b\u5b50\u7f51","text":"\u200b\u6ce8\u610f\u200b\uff1a\u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u65e0\u6cd5\u200b\u901a\u8fc7\u200b hostport, \u200b\u4ee5\u53ca\u200b\u8bbe\u7f6e\u200b\u4e86\u200b externalTrafficPolicy: Local \u200b\u7684\u200b NodePort \u200b\u7c7b\u578b\u200b Service \u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\uff0c
\u200b\u8be5\u200b\u5b50\u7f51\u200b\u9ed8\u8ba4\u200b\u540d\u4e3a\u200b join \u200b\u4e00\u822c\u200b\u65e0\u9700\u200b\u5bf9\u200b\u8be5\u200b\u5b50\u7f51\u200b CIDR \u200b\u5916\u200b\u7684\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
# kubectl get subnet join -o yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n creationTimestamp: \"2019-08-06T09:33:43Z\"\n generation: 1\n name: join\n resourceVersion: \"1571333\"\n selfLink: /apis/kubeovn.io/v1/subnets/join\n uid: 9c744810-c678-4d50-8a7d-b8ec12ef91b8\nspec:\n cidrBlock: 100.64.0.0/16\n default: false\n excludeIps:\n - 100.64.0.1\n gateway: 100.64.0.1\n gatewayNode: \"\"\n gatewayType: \"\"\n natOutgoing: false\n private: false\n protocol: IPv4\n
\u200b\u5728\u200b node \u200b\u8282\u70b9\u200b\u67e5\u770b\u200b ovn0 \u200b\u7f51\u5361\u200b\uff1a
# ifconfig ovn0\novn0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1420\n inet 100.64.0.4 netmask 255.255.0.0 broadcast 100.64.255.255\n inet6 fe80::800:ff:fe40:5 prefixlen 64 scopeid 0x20<link>\n ether 0a:00:00:40:00:05 txqueuelen 1000 (Ethernet)\n RX packets 18 bytes 1428 (1.3 KiB)\n RX errors 0 dropped 0 overruns 0 frame 0\n TX packets 19 bytes 1810 (1.7 KiB)\n TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0\n
"},{"location":"guide/subnet/#_4","title":"\u521b\u5efa\u200b\u81ea\u5b9a\u4e49\u200b\u5b50\u7f51","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4ecb\u7ecd\u200b\u521b\u5efa\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u5176\u200b\u548c\u200b\u67d0\u4e2a\u200b Namespace \u200b\u505a\u200b\u5173\u8054\u200b\u7684\u200b\u57fa\u672c\u64cd\u4f5c\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u9ad8\u7ea7\u200b\u914d\u7f6e\u200b\u8bf7\u200b\u53c2\u8003\u200b\u540e\u7eed\u200b\u5185\u5bb9\u200b\u3002
"},{"location":"guide/subnet/#_5","title":"\u521b\u5efa\u200b\u5b50\u7f51","text":"cat <<EOF | kubectl create -f -\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 10.66.0.0/16\n excludeIps:\n - 10.66.0.1..10.66.0.10\n - 10.66.0.101..10.66.0.151\n gateway: 10.66.0.1\n gatewayType: distributed\n natOutgoing: true\n routeTable: \"\"\n namespaces:\n - ns1\n - ns2\nEOF\n
cidrBlock: \u200b\u5b50\u7f51\u200b CIDR \u200b\u8303\u56f4\u200b\uff0c\u200b\u540c\u4e00\u4e2a\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u4e0d\u540c\u200b Subnet CIDR \u200b\u4e0d\u80fd\u200b\u91cd\u53e0\u200b\u3002excludeIps: \u200b\u4fdd\u7559\u200b\u5730\u5740\u200b\u5217\u8868\u200b\uff0c\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u5c06\u200b\u4e0d\u4f1a\u200b\u81ea\u52a8\u200b\u5206\u914d\u200b\u5217\u8868\u200b\u5185\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u53ef\u7528\u200b\u505a\u200b\u56fa\u5b9a\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\u6bb5\u200b\uff0c\u200b\u4e5f\u200b\u53ef\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u907f\u514d\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e2d\u200b\u5df2\u6709\u200b\u8bbe\u5907\u200b\u51b2\u7a81\u200b\u3002gateway\uff1a\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\uff0cOverlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b Kube-OVN \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5206\u914d\u200b\u5bf9\u5e94\u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\uff0cUnderlay \u200b\u6a21\u5f0f\u200b\u4e0b\u8be5\u200b\u5730\u5740\u200b\u9700\u4e3a\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\u3002namespaces: \u200b\u7ed1\u5b9a\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7684\u200b Namespace \u200b\u5217\u8868\u200b\uff0c\u200b\u7ed1\u5b9a\u200b\u540e\u200b Namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u5c06\u4f1a\u200b\u4ece\u200b\u5f53\u524d\u200b\u5b50\u7f51\u200b\u5206\u914d\u200b\u5730\u5740\u200b\u3002routeTable: \u200b\u5173\u8054\u200b\u7684\u200b\u8def\u7531\u8868\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5173\u8054\u200b\u4e3b\u200b\u8def\u7531\u8868\u200b\uff0c\u200b\u8def\u7531\u8868\u200b\u5b9a\u4e49\u200b\u8bf7\u200b\u53c2\u8003\u200b\u9759\u6001\u200b\u8def\u7531\u200b
"},{"location":"guide/subnet/#_6","title":"\u9a8c\u8bc1\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\u751f\u6548","text":"# kubectl create ns ns1\nnamespace/ns1 created\n\n# kubectl run nginx --image=docker.io/library/nginx:alpine -n ns1\ndeployment.apps/nginx created\n\n# kubectl get pod -n ns1 -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nnginx-74d5899f46-n8wtg 1/1 Running 0 10s 10.66.0.11 node1 <none> <none>\n
"},{"location":"guide/subnet/#workload","title":"Workload \u200b\u7ed1\u5b9a\u200b\u5b50\u7f51","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Pod \u200b\u4f1a\u200b\u4ece\u200b Namespace \u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u5185\u200b\u5206\u914d\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u5982\u679c\u200b Namespace \u200b\u4e0b\u200b\u67d0\u4e2a\u200b Workload \u200b\u9700\u8981\u200b\u7279\u6b8a\u200b\u6307\u5b9a\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u8bbe\u7f6e\u200b Pod \u200b\u7684\u200b Annotation ovn.kubernetes.io/logical_switch \u200b\u6765\u200b\u5b9e\u73b0\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: another-subnet\n annotations:\n ovn.kubernetes.io/logical_switch: subnet1\nspec:\n containers:\n - name: another-subnet\n image: docker.io/library/nginx:alpine\n
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u7ed9\u200b Workload \u200b\u7c7b\u578b\u200b\u8d44\u6e90\u200b\u5982\u200b Deployment\uff0cStatefulSet \u200b\u7ed1\u5b9a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b ovn.kubernetes.io/logical_switch Annotation \u200b\u8bbe\u7f6e\u200b\u5728\u200b spec.template.metadata.annotations\u3002
"},{"location":"guide/subnet/#overlay","title":"Overlay \u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u914d\u7f6e","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ea\u200b\u5bf9\u200b Overlay \u200b\u6a21\u5f0f\u200b\u5b50\u7f51\u200b\u751f\u6548\u200b\uff0cUnderlay \u200b\u7c7b\u578b\u200b\u5b50\u7f51\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u501f\u52a9\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u3002
Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u7f51\u5173\u200b\u6765\u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0cKube-OVN \u200b\u76ee\u524d\u200b\u652f\u6301\u200b\u4e24\u79cd\u200b\u7c7b\u578b\u200b\u7684\u200b\u7f51\u5173\u200b\uff1a \u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u548c\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u5bf9\u200b\u7f51\u5173\u200b\u7684\u200b\u7c7b\u578b\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\u3002
\u200b\u4e24\u79cd\u200b\u7c7b\u578b\u200b\u7f51\u5173\u200b\u5747\u200b\u652f\u6301\u200b natOutgoing \u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u65f6\u200b\u662f\u5426\u200b\u9700\u8981\u200b\u8fdb\u884c\u200b snat\u3002
"},{"location":"guide/subnet/#_7","title":"\u5206\u5e03\u5f0f\u200b\u7f51\u5173","text":"\u200b\u5b50\u7f51\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u7c7b\u578b\u200b\u7f51\u5173\u200b\uff0c\u200b\u6bcf\u4e2a\u200b node \u200b\u4f1a\u200b\u4f5c\u4e3a\u200b\u5f53\u524d\u200b node \u200b\u4e0a\u200b pod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u5173\u200b\u3002 \u200b\u6570\u636e\u5305\u200b\u4f1a\u200b\u901a\u8fc7\u200b\u672c\u673a\u200b\u7684\u200b ovn0 \u200b\u7f51\u5361\u200b\u6d41\u5165\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u6808\u200b\uff0c\u200b\u518d\u200b\u6839\u636e\u200b\u4e3b\u673a\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u8fdb\u884c\u200b\u51fa\u7f51\u200b\u3002 \u200b\u5f53\u200b natOutgoing \u200b\u4e3a\u200b true \u200b\u65f6\u200b\uff0cPod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u5f53\u524d\u200b\u6240\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b IP\u3002
\u200b\u5b50\u7f51\u200b\u793a\u4f8b\u200b\uff0c\u200b\u5176\u4e2d\u200b gatewayType \u200b\u5b57\u6bb5\u200b\u4e3a\u200b distributed\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: distributed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: distributed\n natOutgoing: true\n
"},{"location":"guide/subnet/#_8","title":"\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173","text":"\u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u5b50\u7f51\u200b\u5185\u200b\u6d41\u91cf\u200b\u8bbf\u95ee\u200b\u5916\u200b\u7f51\u200b\u4f7f\u7528\u200b\u56fa\u5b9a\u200b\u7684\u200b IP\uff0c\u200b\u4ee5\u4fbf\u200b\u5ba1\u8ba1\u200b\u548c\u200b\u767d\u540d\u5355\u200b\u7b49\u200b\u5b89\u5168\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b\u4e3a\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u3002 \u200b\u5728\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0cPod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u4f1a\u200b\u9996\u5148\u200b\u88ab\u200b\u8def\u7531\u200b\u5230\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u7684\u200b ovn0 \u200b\u7f51\u5361\u200b\uff0c\u200b\u518d\u200b\u901a\u8fc7\u200b\u4e3b\u673a\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u8fdb\u884c\u200b\u51fa\u7f51\u200b\u3002 \u200b\u5f53\u200b natOutgoing \u200b\u4e3a\u200b true \u200b\u65f6\u200b\uff0cPod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u7279\u5b9a\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b IP\u3002
\u200b\u5b50\u7f51\u200b\u793a\u4f8b\u200b\uff0c\u200b\u5176\u4e2d\u200b gatewayType \u200b\u5b57\u6bb5\u200b\u4e3a\u200b centralized\uff0cgatewayNode \u200b\u4e3a\u200b\u7279\u5b9a\u200b\u673a\u5668\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b NodeName\u3002 \u200b\u5176\u4e2d\u200b gatewayNode \u200b\u5b57\u200b\u6bb5\u200b\u53ef\u4ee5\u200b\u4e3a\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u7684\u200b\u591a\u53f0\u200b\u4e3b\u673a\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: centralized\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: centralized\n gatewayNode: \"node1,node2\"\n natOutgoing: true\n
- \u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u6307\u5b9a\u200b\u673a\u5668\u200b\u7684\u200b\u7279\u5b9a\u200b\u7f51\u5361\u200b\u8fdb\u884c\u200b\u51fa\u7f51\u200b\uff0c
gatewayNode \u200b\u53ef\u66f4\u6539\u200b\u4e3a\u200b kube-ovn-worker:172.18.0.2, kube-ovn-control-plane:172.18.0.3 \u200b\u683c\u5f0f\u200b\u3002 - \u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u9ed8\u8ba4\u200b\u4e3a\u4e3b\u200b\u5907\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u53ea\u6709\u200b\u4e3b\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\uff0c \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5207\u6362\u200b\u4e3a\u200b ECMP \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b ECMP \u200b\u5f00\u542f\u200b\u8bbe\u7f6e\u200b\u3002
- \u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u5728\u200b subnet crd \u200b\u5b9a\u4e49\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e86\u200b spec \u200b\u5b57\u200b\u6bb5\u200b
enableEcmp\uff0c\u200b\u5c06\u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b ECMP \u200b\u5f00\u5173\u200b\u63a7\u5236\u200b\u8fc1\u79fb\u200b\u5230\u200b\u5b50\u7f51\u200b\u5c42\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u5206\u522b\u200b\u8bbe\u7f6e\u200b\u662f\u5426\u200b\u5f00\u542f\u200b ECMP \u200b\u6a21\u5f0f\u200b\u3002\u200b\u539f\u6709\u200b\u7684\u200b kube-ovn-controller Deployment \u200b\u4e2d\u200b\u7684\u200b enable-ecmp \u200b\u53c2\u6570\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\u3002\u200b\u4e4b\u524d\u200b\u7248\u672c\u5347\u7ea7\u200b\u5230\u200b v1.12.0 \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5b50\u7f51\u200b\u5f00\u5173\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ee7\u627f\u200b\u539f\u6709\u200b\u7684\u200b\u5168\u5c40\u200b\u5f00\u5173\u200b\u53c2\u6570\u200b\u53d6\u503c\u200b\u3002
"},{"location":"guide/subnet/#acl","title":"\u5b50\u7f51\u200b ACL \u200b\u8bbe\u7f6e","text":"\u200b\u5bf9\u4e8e\u200b\u6709\u200b\u7ec6\u7c92\u5ea6\u200b ACL \u200b\u63a7\u5236\u200b\u7684\u200b\u573a\u666f\u200b\uff0cKube-OVN \u200b\u7684\u200b Subnet \u200b\u63d0\u4f9b\u200b\u4e86\u200b ACL \u200b\u89c4\u5219\u200b\u7684\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5b9e\u73b0\u200b\u7f51\u7edc\u200b\u89c4\u5219\u200b\u7684\u200b\u7cbe\u7ec6\u200b\u63a7\u5236\u200b\u3002
Subnet \u200b\u4e2d\u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u548c\u200b OVN \u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u4e00\u81f4\u200b\uff0c\u200b\u76f8\u5173\u200b\u5b57\u200b\u6bb5\u200b\u5185\u5bb9\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b ovn-nb ACL Table\uff0c match \u200b\u5b57\u200b\u6bb5\u200b\u652f\u6301\u200b\u7684\u200b\u5b57\u200b\u6bb5\u200b\u53ef\u200b\u53c2\u8003\u200b ovn-sb Logical Flow Table\u3002
\u200b\u5141\u8bb8\u200b IP \u200b\u5730\u5740\u200b\u4e3a\u200b 10.10.0.2 \u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u6240\u6709\u200b\u5730\u5740\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u5176\u4ed6\u200b\u5730\u5740\u200b\u4e3b\u52a8\u200b\u8bbf\u95ee\u200b\u81ea\u5df1\u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: acl\nspec:\n acls:\n - action: drop\n direction: to-lport\n match: ip4.dst == 10.10.0.2 && ip\n priority: 1002\n - action: allow-related\n direction: from-lport\n match: ip4.src == 10.10.0.2 && ip\n priority: 1002\n cidrBlock: 10.10.0.0/24\n
"},{"location":"guide/subnet/#_9","title":"\u5b50\u7f51\u200b\u9694\u79bb\u200b\u8bbe\u7f6e","text":"\u200b\u5b50\u7f51\u200b ACL \u200b\u7684\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u8986\u76d6\u200b\u5b50\u7f51\u200b\u9694\u79bb\u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u5e76\u200b\u6709\u200b\u66f4\u597d\u200b\u7684\u200b\u7075\u6d3b\u6027\u200b\uff0c\u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u4f7f\u7528\u200b\u5b50\u7f51\u200b ACL \u200b\u6765\u200b\u505a\u200b\u76f8\u5e94\u200b\u7684\u200b\u914d\u7f6e\u200b\u3002
\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Kube-OVN \u200b\u521b\u5efa\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e4b\u95f4\u200b\u53ef\u4ee5\u200b\u76f8\u4e92\u200b\u901a\u4fe1\u200b\uff0cPod \u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u7f51\u5173\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5982\u9700\u200b\u5bf9\u200b\u5b50\u7f51\u200b\u95f4\u200b\u7684\u200b\u8bbf\u95ee\u200b\u8fdb\u884c\u200b\u63a7\u5236\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b50\u7f51\u200b CRD \u200b\u4e2d\u5c06\u200b private \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true\uff0c\u200b\u5219\u200b\u8be5\u200b\u5b50\u7f51\u200b\u5c06\u200b\u548c\u200b\u5176\u4ed6\u200b\u5b50\u7f51\u200b\u4ee5\u53ca\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u9694\u79bb\u200b\uff0c \u200b\u53ea\u80fd\u200b\u8fdb\u884c\u200b\u5b50\u7f51\u200b\u5185\u90e8\u200b\u7684\u200b\u901a\u4fe1\u200b\u3002\u200b\u5982\u200b\u9700\u5f00\u200b\u767d\u540d\u5355\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b allowSubnets \u200b\u8fdb\u884c\u200b\u8bbe\u7f6e\u200b\u3002allowSubnets \u200b\u5185\u200b\u7684\u200b\u7f51\u6bb5\u200b\u548c\u200b\u8be5\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u53cc\u5411\u200b\u4e92\u8bbf\u200b\u3002
"},{"location":"guide/subnet/#_10","title":"\u5f00\u542f\u200b\u8bbf\u95ee\u63a7\u5236\u200b\u7684\u200b\u5b50\u7f51\u200b\u793a\u4f8b","text":"apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: private\nspec:\n protocol: IPv4\n default: false\n namespaces:\n - ns1\n - ns2\n cidrBlock: 10.69.0.0/16\n private: true\n allowSubnets:\n - 10.16.0.0/16\n - 10.18.0.0/16\n
"},{"location":"guide/subnet/#underlay","title":"Underlay \u200b\u76f8\u5173\u200b\u9009\u9879","text":"\u200b\u8be5\u200b\u90e8\u5206\u200b\u529f\u80fd\u200b\u53ea\u200b\u5bf9\u200b Underlay \u200b\u7c7b\u578b\u200b\u5b50\u7f51\u200b\u751f\u6548\u200b\u3002
vlan: \u200b\u5982\u679c\u200b\u4f7f\u7528\u200b Underlay \u200b\u7f51\u7edc\u200b\uff0c\u200b\u8be5\u5b57\u6bb5\u200b\u7528\u6765\u200b\u63a7\u5236\u200b\u8be5\u200b Subnet \u200b\u548c\u200b\u54ea\u4e2a\u200b Vlan CR \u200b\u8fdb\u884c\u200b\u7ed1\u5b9a\u200b\u3002\u200b\u8be5\u200b\u9009\u9879\u200b\u9ed8\u8ba4\u200b\u4e3a\u7a7a\u200b\u5b57\u7b26\u4e32\u200b\uff0c\u200b\u5373\u200b\u4e0d\u200b\u4f7f\u7528\u200b Underlay \u200b\u7f51\u7edc\u200b\u3002logicalGateway: \u200b\u4e00\u4e9b\u200b Underlay \u200b\u73af\u5883\u200b\u4e3a\u200b\u7eaf\u200b\u4e8c\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u4e0d\u200b\u5b58\u5728\u200b\u7269\u7406\u200b\u7684\u200b\u4e09\u5c42\u200b\u7f51\u5173\u200b\u3002\u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u501f\u52a9\u200b OVN \u200b\u672c\u8eab\u200b\u7684\u200b\u80fd\u529b\u200b\u8bbe\u7f6e\u200b\u4e00\u4e2a\u200b\u865a\u62df\u200b\u7f51\u5173\u200b\uff0c\u200b\u5c06\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u7f51\u7edc\u200b\u6253\u901a\u200b\u3002\u200b\u9ed8\u8ba4\u503c\u200b\u4e3a\u200b\uff1afalse\u3002
"},{"location":"guide/subnet/#_11","title":"\u7f51\u5173\u200b\u68c0\u67e5\u200b\u8bbe\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b kube-ovn-cni \u200b\u5728\u200b\u542f\u52a8\u200b Pod \u200b\u540e\u200b\u4f1a\u200b\u4f7f\u7528\u200b ICMP \u200b\u6216\u200b ARP \u200b\u534f\u8bae\u200b\u8bf7\u6c42\u200b\u7f51\u5173\u200b\u5e76\u200b\u7b49\u5f85\u200b\u8fd4\u56de\u200b\uff0c \u200b\u4ee5\u200b\u9a8c\u8bc1\u200b\u7f51\u7edc\u200b\u5de5\u4f5c\u200b\u6b63\u5e38\u200b\uff0c\u200b\u5728\u200b\u90e8\u5206\u200b Underlay \u200b\u73af\u5883\u200b\u7f51\u5173\u200b\u65e0\u6cd5\u200b\u54cd\u5e94\u200b ICMP \u200b\u8bf7\u6c42\u200b\uff0c\u200b\u6216\u200b\u65e0\u9700\u200b\u7f51\u7edc\u200b\u5916\u90e8\u200b\u8054\u901a\u200b\u7684\u200b\u573a\u666f\u200b \u200b\u53ef\u4ee5\u200b\u5173\u95ed\u200b\u7f51\u5173\u200b\u68c0\u67e5\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: disable-gw-check\nspec:\n disableGatewayCheck: true\n
"},{"location":"guide/subnet/#multicast-snoop","title":"Multicast-Snoop \u200b\u914d\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b subnet \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u5982\u679c\u200b\u53d1\u9001\u200b\u7ec4\u200b\u64ad\u62a5\u200b\u6587\u200b\uff0cOVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u884c\u4e3a\u200b\u662f\u200b\u4f1a\u200b\u5e7f\u64ad\u200b\u7ec4\u200b\u64ad\u62a5\u200b\u6587\u5230\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u6240\u6709\u200b\u7684\u200b Pod\u3002\u200b\u5982\u679c\u200b\u5f00\u542f\u200b subnet \u200b\u7684\u200b multicast snoop \u200b\u5f00\u5173\u200b\uff0cOVN \u200b\u4f1a\u200b\u6839\u636e\u200b South Database \u200b\u4e2d\u200b\u7684\u200b\u7ec4\u64ad\u8868\u200b Multicast_Group \u200b\u6765\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u800c\u200b\u4e0d\u200b\u5728\u200b\u8fdb\u884c\u200b\u5e7f\u64ad\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sample1\nspec:\n enableMulticastSnoop: true\n
"},{"location":"guide/subnet/#subnet-mtu","title":"Subnet MTU \u200b\u914d\u7f6e","text":"\u200b\u914d\u7f6e\u200b Subnet \u200b\u4e0b\u200b Pod \u200b\u7684\u200b MTU\uff0c\u200b\u914d\u7f6e\u200b\u540e\u200b\u9700\u8981\u200b\u91cd\u542f\u200b Subnet \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u624d\u200b\u751f\u6548\u200b
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sample1\nspec:\n mtu: 1300\n
"},{"location":"guide/subnet/#_12","title":"\u5176\u4ed6\u200b\u9ad8\u7ea7\u200b\u8bbe\u7f6e","text":" - IP \u200b\u6c60\u200b\u4f7f\u7528\u200b
- \u200b\u9ed8\u8ba4\u200b VPC NAT \u200b\u7b56\u7565\u200b\u89c4\u5219\u200b
- QoS \u200b\u8bbe\u7f6e\u200b
- \u200b\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406\u200b
- DHCP \u200b\u9009\u9879\u200b
- \u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u8bbe\u7f6e\u200b
- \u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u8bbe\u7f6e\u200b
- \u200b\u865a\u62df\u200b IP \u200b\u8bbe\u7f6e\u200b
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/vpc-qos/","title":"VPC QoS","text":"Kube-OVN \u200b\u652f\u6301\u200b\u4f7f\u7528\u200b QoSPolicy CRD \u200b\u5bf9\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u7684\u200b\u6d41\u91cf\u200b\u901f\u7387\u200b\u8fdb\u884c\u200b\u9650\u5236\u200b\u3002
"},{"location":"guide/vpc-qos/#eip-qos","title":"EIP QoS","text":"\u200b\u5bf9\u200b EIP \u200b\u8fdb\u884c\u200b\u9650\u901f\u200b\uff0c\u200b\u9650\u901f\u200b\u503c\u4e3a\u200b 1Mbps\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u4e3a\u200b 1\uff0c\u200b\u8fd9\u91cc\u200b shared=false\uff0c\u200b\u8868\u793a\u200b\u8fd9\u4e2a\u200b QoSPolicy \u200b\u53ea\u80fd\u200b\u7ed9\u200b\u8fd9\u4e2a\u200b EIP \u200b\u4f7f\u7528\u200b\u4e14\u200b\u652f\u6301\u200b\u52a8\u6001\u200b\u4fee\u6539\u200b QoSPolicy \u200b\u53bb\u200b\u53d8\u66f4\u200b QoS \u200b\u89c4\u5219\u200b\u3002
QoSPolicy \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-eip-example\nspec:\n shared: false\n bindingType: EIP\n bandwidthLimitRules:\n - name: eip-ingress\n rateMax: \"1\" # Mbps\n burstMax: \"1\" # Mbps\n priority: 1\n direction: ingress\n - name: eip-egress\n rateMax: \"1\" # Mbps\n burstMax: \"1\" # Mbps\n priority: 1\n direction: egress\n
IptablesEIP \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-1\nspec:\n natGwDp: gw1\n qosPolicy: qos-eip-example\n
.spec.qosPolicy \u200b\u7684\u200b\u503c\u200b\u652f\u6301\u200b\u521b\u5efa\u200b\u65f6\u200b\u4f20\u5165\u200b\uff0c\u200b\u4e5f\u200b\u652f\u6301\u200b\u521b\u5efa\u200b\u540e\u200b\u4fee\u6539\u200b\u3002
"},{"location":"guide/vpc-qos/#qos-eip","title":"\u67e5\u770b\u200b\u5df2\u200b\u542f\u7528\u200b QoS \u200b\u7684\u200b EIP","text":"\u200b\u901a\u8fc7\u200b label \u200b\u67e5\u770b\u200b\u5df2\u7ecf\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b qos \u200b\u7684\u200b eip\uff1a
# kubectl get eip -l ovn.kubernetes.io/qos=qos-eip-example\nNAME IP MAC NAT NATGWDP READY\neip-1 172.18.11.24 00:00:00:34:41:0B fip gw1 true\n
"},{"location":"guide/vpc-qos/#vpc-natgw-net1-qos","title":"VPC NATGW net1 \u200b\u7f51\u5361\u200b QoS","text":"\u200b\u5bf9\u200b VPC NATGW \u200b\u7684\u200b net1 \u200b\u7f51\u5361\u200b\u901f\u7387\u200b\u8fdb\u884c\u200b\u9650\u5236\u200b\uff0c\u200b\u9650\u901f\u200b\u503c\u4e3a\u200b 10Mbps\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u4e3a\u200b 3\uff0c\u200b\u8fd9\u91cc\u200b shared=true\uff0c\u200b\u8868\u793a\u200b\u8fd9\u4e2a\u200b QoSPolicy \u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u7ed9\u200b\u591a\u4e2a\u200b\u8d44\u6e90\u200b\u4f7f\u7528\u200b\uff0c\u200b\u8fd9\u79cd\u200b\u573a\u666f\u200b\u4e0b\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u4fee\u6539\u200b QoSPolicy \u200b\u7684\u200b\u5185\u5bb9\u200b\u3002
QoSPolicy \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-natgw-example\nspec:\n shared: true\n bindingType: NATGW\n bandwidthLimitRules:\n - name: net1-ingress\n interface: net1\n rateMax: \"10\" # Mbps\n burstMax: \"10\" # Mbps\n priority: 3\n direction: ingress\n - name: net1-egress\n interface: net1\n rateMax: \"10\" # Mbps\n burstMax: \"10\" # Mbps\n priority: 3\n direction: egress\n
VpcNatGateway \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n qosPolicy: qos-natgw-example\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n
.spec.qosPolicy \u200b\u7684\u200b\u503c\u200b\u652f\u6301\u200b\u521b\u5efa\u200b\u4f20\u5165\u200b\uff0c\u200b\u4e5f\u200b\u652f\u6301\u200b\u540e\u7eed\u200b\u4fee\u6539\u200b\u3002
"},{"location":"guide/vpc-qos/#net1-qos","title":"net1 \u200b\u7f51\u5361\u200b\u7279\u5b9a\u200b\u6d41\u91cf\u200b QoS","text":"\u200b\u5bf9\u200b net1 \u200b\u7f51\u5361\u200b\u4e0a\u200b\u7279\u5b9a\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u9650\u901f\u200b\uff0c\u200b\u9650\u901f\u200b\u503c\u4e3a\u200b 5Mbps\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u4e3a\u200b 2\uff0c\u200b\u8fd9\u91cc\u200b shared=true\uff0c\u200b\u8868\u793a\u200b\u8fd9\u4e2a\u200b QoSPolicy \u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u7ed9\u200b\u591a\u4e2a\u200b\u8d44\u6e90\u200b\u4f7f\u7528\u200b\uff0c\u200b\u6b64\u65f6\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u4fee\u6539\u200b QoSPolicy \u200b\u7684\u200b\u5185\u5bb9\u200b\u3002
QoSPolicy \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-natgw-example\nspec:\n shared: true\n bindingType: NATGW\n bandwidthLimitRules:\n - name: net1-extip-ingress\n interface: net1\n rateMax: \"5\" # Mbps\n burstMax: \"5\" # Mbps\n priority: 2\n direction: ingress\n matchType: ip\n matchValue: src 172.18.11.22/32\n - name: net1-extip-egress\n interface: net1\n rateMax: \"5\" # Mbps\n burstMax: \"5\" # Mbps\n priority: 2\n direction: egress\n matchType: ip\n matchValue: dst 172.18.11.23/32\n
VpcNatGateway \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n qosPolicy: qos-natgw-example\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n
"},{"location":"guide/vpc-qos/#qos-natgw","title":"\u67e5\u770b\u200b\u5df2\u200b\u542f\u7528\u200b QoS \u200b\u7684\u200b NATGW","text":"\u200b\u901a\u8fc7\u200b label \u200b\u67e5\u770b\u200b\u5df2\u7ecf\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b qos \u200b\u7684\u200b eip\uff1a
# kubectl get vpc-nat-gw -l ovn.kubernetes.io/qos=qos-natgw-example\nNAME VPC SUBNET LANIP\ngw1 test-vpc-1 net1 10.0.1.254\n
"},{"location":"guide/vpc-qos/#qos","title":"\u67e5\u770b\u200b qos \u200b\u89c4\u5219","text":"# kubectl get qos -A\nNAME SHARED BINDINGTYPE\nqos-eip-example false EIP\nqos-natgw-example true NATGW\n
"},{"location":"guide/vpc-qos/#_1","title":"\u9650\u5236","text":" - \u200b\u53ea\u6709\u200b\u5728\u200b\u672a\u200b\u4f7f\u7528\u200b\u65f6\u200b\u624d\u80fd\u200b\u5220\u9664\u200b QoS \u200b\u7b56\u7565\u200b\u3002\u200b\u56e0\u6b64\u200b\uff0c\u200b\u5728\u200b\u5220\u9664\u200b QoS \u200b\u7b56\u7565\u200b\u4e4b\u524d\u200b\uff0c\u200b\u8bf7\u200b\u5148\u200b\u67e5\u770b\u200b\u5df2\u200b\u542f\u7528\u200b QoS \u200b\u7684\u200b EIP \u200b\u548c\u200b NATGW\uff0c\u200b\u53bb\u6389\u200b\u5b83\u4eec\u200b\u7684\u200b
spec.qosPolicy \u200b\u914d\u7f6e\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/vpc/","title":"VPC \u200b\u4f7f\u7528","text":"Kube-OVN \u200b\u652f\u6301\u200b\u591a\u200b\u79df\u6237\u200b\u9694\u79bb\u200b\u7ea7\u522b\u200b\u7684\u200b VPC \u200b\u7f51\u7edc\u200b\u3002\u200b\u4e0d\u540c\u200b VPC \u200b\u7f51\u7edc\u200b\u76f8\u4e92\u200b\u72ec\u7acb\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5206\u522b\u200b\u914d\u7f6e\u200b Subnet \u200b\u7f51\u6bb5\u200b\uff0c \u200b\u8def\u7531\u200b\u7b56\u7565\u200b\uff0c\u200b\u5b89\u5168\u7b56\u7565\u200b\uff0c\u200b\u51fa\u7f51\u200b\u7f51\u5173\u200b\uff0cEIP \u200b\u7b49\u200b\u914d\u7f6e\u200b\u3002
VPC \u200b\u4e3b\u8981\u200b\u7528\u4e8e\u200b\u6709\u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u5f3a\u200b\u9694\u79bb\u200b\u7684\u200b\u573a\u666f\u200b\uff0c\u200b\u90e8\u5206\u200b Kubernetes \u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\u5728\u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u4e0b\u200b\u5b58\u5728\u200b\u51b2\u7a81\u200b\u3002 \u200b\u4f8b\u5982\u200b\u8282\u70b9\u200b\u548c\u200b Pod \u200b\u4e92\u8bbf\u200b\uff0cNodePort \u200b\u529f\u80fd\u200b\uff0c\u200b\u57fa\u4e8e\u200b\u7f51\u7edc\u200b\u8bbf\u95ee\u200b\u7684\u200b\u5065\u5eb7\u68c0\u67e5\u200b\u548c\u200b DNS \u200b\u80fd\u529b\u200b\u5728\u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u573a\u666f\u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b\u3002 \u200b\u4e3a\u4e86\u200b\u65b9\u4fbf\u200b\u5e38\u89c1\u200b Kubernetes \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\uff0cKube-OVN \u200b\u9ed8\u8ba4\u200b VPC \u200b\u505a\u200b\u4e86\u200b\u7279\u6b8a\u200b\u8bbe\u8ba1\u200b\uff0c\u200b\u8be5\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Subnet \u200b\u53ef\u4ee5\u200b\u6ee1\u8db3\u200b Kubernetes \u200b\u89c4\u8303\u200b\u3002\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u652f\u6301\u200b\u672c\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff0cEIP \u200b\u548c\u200b NAT \u200b\u7f51\u5173\u200b\u7b49\u200b\u529f\u80fd\u200b\u3002 \u200b\u5e38\u89c1\u200b\u9694\u79bb\u200b\u9700\u6c42\u200b\u53ef\u200b\u901a\u8fc7\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u548c\u200b\u5b50\u7f51\u200b ACL \u200b\u5b9e\u73b0\u200b\uff0c\u200b\u5728\u200b\u4f7f\u7528\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u524d\u200b\u8bf7\u200b\u660e\u786e\u200b\u662f\u5426\u200b\u9700\u8981\u200b VPC \u200b\u7ea7\u522b\u200b\u7684\u200b\u9694\u79bb\u200b\uff0c\u200b\u5e76\u200b\u4e86\u89e3\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u9650\u5236\u200b\u3002 \u200b\u5728\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e0b\u200b\uff0c\u200b\u7269\u7406\u200b\u4ea4\u6362\u673a\u200b\u8d1f\u8d23\u200b\u6570\u636e\u200b\u9762\u200b\u8f6c\u53d1\u200b\uff0cVPC \u200b\u65e0\u6cd5\u200b\u5bf9\u200b Underlay \u200b\u5b50\u7f51\u200b\u8fdb\u884c\u200b\u9694\u79bb\u200b\u3002
"},{"location":"guide/vpc/#vpc_1","title":"\u521b\u5efa\u200b\u81ea\u5b9a\u4e49\u200b VPC","text":"\u200b\u521b\u5efa\u200b\u4e24\u4e2a\u200b VPC\uff1a
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n namespaces:\n - ns1\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-2\nspec:\n namespaces:\n - ns2\n
namespaces \u200b\u53ef\u4ee5\u200b\u9650\u5b9a\u200b\u53ea\u6709\u200b\u54ea\u4e9b\u200b Namespace \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5f53\u524d\u200b VPC\uff0c\u200b\u82e5\u4e3a\u200b\u7a7a\u5219\u200b\u4e0d\u200b\u9650\u5b9a\u200b\u3002
\u200b\u521b\u5efa\u200b\u4e24\u4e2a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u5206\u5c5e\u200b\u4e24\u4e2a\u200b\u4e0d\u540c\u200b\u7684\u200b VPC \u200b\u5e76\u200b\u6709\u200b\u76f8\u540c\u200b\u7684\u200b CIDR:
kind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net1\nspec:\n vpc: test-vpc-1\n cidrBlock: 10.0.1.0/24\n protocol: IPv4\n namespaces:\n - ns1\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: test-vpc-2\n cidrBlock: 10.0.1.0/24\n protocol: IPv4\n namespaces:\n - ns2\n
\u200b\u5206\u522b\u200b\u5728\u200b\u4e24\u4e2a\u200b Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b Pod:
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net1\n namespace: ns1\n name: vpc1-pod\nspec:\n containers:\n - name: vpc1-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net2\n namespace: ns2\n name: vpc2-pod\nspec:\n containers:\n - name: vpc2-pod\n image: docker.io/library/nginx:alpine\n
\u200b\u8fd0\u884c\u200b\u6210\u529f\u200b\u540e\u200b\u53ef\u200b\u89c2\u5bdf\u200b\u4e24\u4e2a\u200b Pod \u200b\u5730\u5740\u200b\u5c5e\u4e8e\u200b\u540c\u4e00\u4e2a\u200b CIDR\uff0c\u200b\u4f46\u200b\u7531\u4e8e\u200b\u8fd0\u884c\u200b\u5728\u200b\u4e0d\u540c\u200b\u7684\u200b\u79df\u6237\u200b VPC\uff0c\u200b\u4e24\u4e2a\u200b Pod \u200b\u65e0\u6cd5\u200b\u76f8\u4e92\u200b\u8bbf\u95ee\u200b\u3002
"},{"location":"guide/vpc/#vpc-pod-livenessprobe-readinessprobe","title":"\u81ea\u5b9a\u4e49\u200b VPC Pod \u200b\u652f\u6301\u200b livenessProbe \u200b\u548c\u200b readinessProbe","text":"\u200b\u7531\u4e8e\u200b\u5e38\u89c4\u200b\u914d\u7f6e\u200b\u4e0b\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u548c\u200b\u8282\u70b9\u200b\u7684\u200b\u7f51\u7edc\u200b\u4e4b\u95f4\u200b\u5e76\u200b\u4e0d\u200b\u4e92\u901a\u200b\uff0c\u200b\u6240\u4ee5\u200b kubelet \u200b\u53d1\u9001\u200b\u7684\u200b\u63a2\u6d4b\u200b\u62a5\u6587\u200b\u65e0\u6cd5\u200b\u5230\u8fbe\u200b\u81ea\u200b\u5b9a\u200b VPC \u200b\u5185\u200b\u7684\u200b Pod\u3002Kube-OVN \u200b\u901a\u8fc7\u200b TProxy \u200b\u5c06\u200b kubelet \u200b\u53d1\u9001\u200b\u7684\u200b\u63a2\u6d4b\u200b\u62a5\u6587\u200b\u91cd\u5b9a\u5411\u200b\u5230\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b Pod\uff0c\u200b\u4ece\u800c\u200b\u5b9e\u73b0\u200b\u8fd9\u4e00\u200b\u529f\u80fd\u200b\u3002
\u200b\u914d\u7f6e\u200b\u65b9\u6cd5\u200b\u5982\u4e0b\u200b\uff0c\u200b\u5728\u200b Daemonset kube-ovn-cni \u200b\u4e2d\u200b\u589e\u52a0\u200b\u53c2\u6570\u200b --enable-tproxy=true\uff1a
spec:\n template:\n spec:\n containers:\n - args:\n - --enable-tproxy=true\n
\u200b\u8be5\u200b\u529f\u80fd\u200b\u9650\u5236\u200b\u6761\u4ef6\u200b\uff1a
- \u200b\u5f53\u200b\u540c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0b\u200b\u51fa\u73b0\u200b\u4e0d\u540c\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u5177\u6709\u200b\u76f8\u540c\u200b\u7684\u200b IP\uff0c\u200b\u63a2\u6d4b\u200b\u529f\u80fd\u200b\u5931\u6548\u200b\u3002
- \u200b\u76ee\u524d\u200b\u6682\u65f6\u200b\u53ea\u200b\u652f\u6301\u200b
tcpSocket \u200b\u548c\u200b httpGet \u200b\u4e24\u79cd\u200b\u63a2\u6d4b\u200b\u65b9\u5f0f\u200b\u3002
"},{"location":"guide/vpc/#vpc_2","title":"\u521b\u5efa\u200b VPC \u200b\u7f51\u5173","text":"\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e0d\u200b\u652f\u6301\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u548c\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u3002
VPC \u200b\u5185\u5bb9\u200b\u5668\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b VPC \u200b\u7f51\u5173\u200b\uff0cVPC \u200b\u7f51\u5173\u200b\u53ef\u4ee5\u200b\u6253\u901a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u548c\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b\u63d0\u4f9b\u200b \u200b\u6d6e\u52a8\u200b IP\uff0cSNAT \u200b\u548c\u200b DNAT \u200b\u529f\u80fd\u200b\u3002
VPC \u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u4f9d\u8d56\u200b Multus-CNI \u200b\u7684\u200b\u591a\u200b\u7f51\u5361\u200b\u529f\u80fd\u200b\uff0c\u200b\u5b89\u88c5\u200b\u8bf7\u200b\u53c2\u8003\u200b multus-cni\u3002
"},{"location":"guide/vpc/#_1","title":"\u914d\u7f6e\u200b\u5916\u90e8\u200b\u7f51\u7edc","text":"apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: ovn-vpc-external-network\nspec:\n protocol: IPv4\n provider: ovn-vpc-external-network.kube-system\n cidrBlock: 192.168.0.0/24\n gateway: 192.168.0.1 # IP address of the physical gateway\n excludeIps:\n - 192.168.0.1..192.168.0.10\n---\napiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-vpc-external-network\n namespace: kube-system\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth1\",\n \"mode\": \"bridge\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-vpc-external-network.kube-system\"\n }\n }'\n
- \u200b\u8be5\u200b Subnet \u200b\u7528\u6765\u200b\u7ba1\u7406\u200b\u53ef\u7528\u200b\u7684\u200b\u5916\u90e8\u200b\u5730\u5740\u200b\uff0c\u200b\u7f51\u6bb5\u200b\u5185\u200b\u7684\u200b\u5730\u5740\u200b\u5c06\u4f1a\u200b\u901a\u8fc7\u200b Macvlan \u200b\u5206\u914d\u200b\u7ed9\u200b VPC \u200b\u7f51\u5173\u200b\uff0c\u200b\u8bf7\u200b\u548c\u200b\u7f51\u7edc\u7ba1\u7406\u200b\u6c9f\u901a\u200b\u7ed9\u51fa\u200b\u53ef\u7528\u200b\u7684\u200b\u7269\u7406\u200b\u6bb5\u200b IP\u3002
- VPC \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b Macvlan \u200b\u505a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c
NetworkAttachmentDefinition \u200b\u7684\u200b master \u200b\u9700\u4e3a\u200b\u5bf9\u5e94\u200b\u7269\u7406\u200b\u7f51\u8def\u200b\u7f51\u5361\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u200b\u3002 name \u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u540d\u79f0\u200b\u3002
\u200b\u5728\u200b Macvlan \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u9644\u5c5e\u200b\u7f51\u5361\u200b\u4f1a\u200b\u5c06\u200b\u6570\u636e\u5305\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b\u8be5\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u5bf9\u5916\u200b\u53d1\u9001\u200b\uff0cL2/L3 \u200b\u5c42\u9762\u200b\u7684\u200b\u8f6c\u53d1\u200b\u80fd\u529b\u200b\u9700\u8981\u200b\u4f9d\u8d56\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u3002 \u200b\u9700\u8981\u200b\u9884\u5148\u200b\u5728\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u914d\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5173\u200b\u3001Vlan \u200b\u548c\u200b\u5b89\u5168\u7b56\u7565\u200b\u7b49\u200b\u914d\u7f6e\u200b\u3002
- \u200b\u5bf9\u4e8e\u200b OpenStack \u200b\u7684\u200b VM \u200b\u73af\u5883\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u5bf9\u5e94\u200b\u7f51\u7edc\u200b\u7aef\u53e3\u200b\u7684\u200b
PortSecurity \u200b\u5173\u95ed\u200b\u3002 - \u200b\u5bf9\u4e8e\u200b VMware \u200b\u7684\u200b vSwitch \u200b\u7f51\u7edc\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b
MAC Address Changes, Forged Transmits \u200b\u548c\u200b Promiscuous Mode Operation \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b allow\u3002 - \u200b\u5bf9\u4e8e\u200b Hyper-V \u200b\u865a\u62df\u5316\u200b\uff0c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u865a\u62df\u673a\u200b\u7f51\u5361\u200b\u9ad8\u7ea7\u200b\u529f\u80fd\u200b\u4e2d\u200b\u7684\u200b
MAC Address Spoofing\u3002 - \u200b\u516c\u6709\u200b\u4e91\u200b\uff0c\u200b\u4f8b\u5982\u200b AWS\u3001GCE\u3001\u200b\u963f\u91cc\u200b\u4e91\u200b\u7b49\u200b\u7531\u4e8e\u200b\u4e0d\u200b\u652f\u6301\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b Mac \u200b\u65e0\u6cd5\u200b\u652f\u6301\u200b Macvlan \u200b\u6a21\u5f0f\u200b\u7f51\u7edc\u200b\u3002
- \u200b\u7531\u4e8e\u200b Macvlan \u200b\u672c\u8eab\u200b\u7684\u200b\u9650\u5236\u200b\uff0cMacvlan \u200b\u5b50\u200b\u63a5\u53e3\u200b\u65e0\u6cd5\u8bbf\u95ee\u200b\u7236\u200b\u63a5\u53e3\u200b\u5730\u5740\u200b\u3002
- \u200b\u5982\u679c\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u5bf9\u5e94\u200b\u4ea4\u6362\u673a\u200b\u63a5\u53e3\u200b\u4e3a\u200b Trunk \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u8be5\u200b\u7f51\u5361\u200b\u4e0a\u200b\u521b\u5efa\u200b\u5b50\u200b\u63a5\u53e3\u200b\u518d\u200b\u63d0\u4f9b\u200b\u7ed9\u200b Macvlan \u200b\u4f7f\u7528\u200b\u3002
"},{"location":"guide/vpc/#vpc_3","title":"\u5f00\u542f\u200b VPC \u200b\u7f51\u5173\u200b\u529f\u80fd","text":"VPC \u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b kube-system \u200b\u4e0b\u200b\u7684\u200b ovn-vpc-nat-gw-config \u200b\u5f00\u542f\u200b\uff1a
---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: ovn-vpc-nat-config\n namespace: kube-system\ndata:\n image: 'docker.io/kubeovn/vpc-nat-gateway:v1.12.12' \n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: ovn-vpc-nat-gw-config\n namespace: kube-system\ndata:\n enable-vpc-nat-gw: 'true'\n
image: \u200b\u7f51\u5173\u200b Pod \u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b\u955c\u50cf\u200b\u3002enable-vpc-nat-gw\uff1a \u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u542f\u7528\u200b VPC \u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u3002
"},{"location":"guide/vpc/#vpc_4","title":"\u521b\u5efa\u200b VPC \u200b\u7f51\u5173\u200b\u5e76\u200b\u914d\u7f6e\u200b\u9ed8\u8ba4\u200b\u8def\u7531","text":"kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n externalSubnets:\n - ovn-vpc-external-network\n
vpc\uff1a\u200b\u8be5\u200b VpcNatGateway \u200b\u6240\u5c5e\u200b\u7684\u200b VPC\u3002subnet\uff1a\u200b\u4e3a\u200b VPC \u200b\u5185\u200b\u67d0\u4e2a\u200b Subnet \u200b\u540d\u200b\uff0cVPC \u200b\u7f51\u5173\u200b Pod \u200b\u4f1a\u200b\u5728\u200b\u8be5\u200b\u5b50\u7f51\u200b\u4e0b\u7528\u200b lanIp \u200b\u6765\u200b\u8fde\u63a5\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u3002lanIp\uff1asubnet \u200b\u5185\u200b\u67d0\u4e2a\u200b\u672a\u200b\u88ab\u200b\u4f7f\u7528\u200b\u7684\u200b IP\uff0cVPC \u200b\u7f51\u5173\u200b Pod \u200b\u6700\u7ec8\u200b\u4f1a\u200b\u4f7f\u7528\u200b\u8be5\u200b Pod\u3002\u200b\u5f53\u200b VPC \u200b\u914d\u7f6e\u200b\u8def\u7531\u200b\u9700\u8981\u200b\u6307\u5411\u200b\u5f53\u524d\u200b VpcNatGateway \u200b\u65f6\u200b nextHopIP \u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u8fd9\u4e2a\u200b lanIp\u3002selector\uff1aVpcNatGateway Pod \u200b\u7684\u200b\u8282\u70b9\u200b\u9009\u62e9\u5668\u200b\uff0c\u200b\u683c\u5f0f\u200b\u548c\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b NodeSelector \u200b\u683c\u5f0f\u200b\u76f8\u540c\u200b\u3002externalSubnets\uff1a VPC \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5982\u679c\u200b\u4e0d\u200b\u914d\u7f6e\u200b\u5219\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b ovn-vpc-external-network\uff0c\u200b\u5f53\u524d\u200b\u7248\u672c\u200b\u53ea\u200b\u652f\u6301\u200b\u914d\u7f6e\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5176\u4ed6\u200b\u53ef\u200b\u914d\u200b\u53c2\u6570\u200b\uff1a
tolerations : \u200b\u4e3a\u200b VPC \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b\u5bb9\u5fcd\u5ea6\u200b\uff0c\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u53c2\u8003\u200b \u200b\u6c61\u70b9\u200b\u548c\u200b\u5bb9\u5fcd\u5ea6\u200b\u3002affinity : \u200b\u4e3a\u200b VPC \u200b\u7f51\u5173\u200b Pod \u200b\u6216\u200b\u8282\u70b9\u200b\u914d\u7f6e\u200b\u4eb2\u548c\u6027\u200b\uff0c\u200b\u5177\u4f53\u200b\u8bbe\u7f6e\u200b\u53c2\u8003\u200b \u200b\u4eb2\u548c\u6027\u200b\u4e0e\u200b\u53cd\u200b\u4eb2\u548c\u6027\u200b\u3002
"},{"location":"guide/vpc/#eip","title":"\u521b\u5efa\u200b EIP","text":"EIP \u200b\u4e3a\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u6bb5\u200b\u7684\u200b\u67d0\u4e2a\u200b IP \u200b\u5206\u914d\u200b\u7ed9\u200b VPC \u200b\u7f51\u5173\u200b\u540e\u200b\u53ef\u200b\u8fdb\u884c\u200b DNAT\uff0cSNAT \u200b\u548c\u200b\u6d6e\u52a8\u200b IP \u200b\u64cd\u4f5c\u200b\u3002
\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u4e00\u4e2a\u200b\u5730\u5740\u200b\u7ed9\u200b EIP\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-random\nspec:\n natGwDp: gw1\n
\u200b\u56fa\u5b9a\u200b EIP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n natGwDp: gw1\n v4ip: 10.0.1.111\n
\u200b\u6307\u5b9a\u200b EIP \u200b\u6240\u5728\u200b\u7684\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-random\nspec:\n natGwDp: gw1\n externalSubnet: ovn-vpc-external-network\n
externalSubnet\uff1a EIP \u200b\u6240\u5728\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u540d\u79f0\u200b\uff0c\u200b\u5982\u679c\u200b\u4e0d\u200b\u6307\u5b9a\u200b\u5219\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b ovn-vpc-external-network\uff0c\u200b\u5982\u679c\u200b\u6307\u5b9a\u200b\u5219\u200b\u5fc5\u987b\u200b\u4e3a\u200b\u6240\u5728\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b externalSubnets \u200b\u4e2d\u200b\u7684\u200b\u4e00\u4e2a\u200b\u3002
"},{"location":"guide/vpc/#dnat","title":"\u521b\u5efa\u200b DNAT \u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b DNAT \u200b\u89c4\u5219\u200b\uff0c\u200b\u5916\u90e8\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e00\u4e2a\u200b EIP \u200b\u52a0\u200b\u7aef\u53e3\u200b\u7684\u200b\u65b9\u5f0f\u200b\u6765\u200b\u8bbf\u95ee\u200b VPC \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b IP \u200b\u548c\u200b\u7aef\u53e3\u200b\u3002
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eipd01\nspec:\n natGwDp: gw1\n\n---\nkind: IptablesDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: dnat01\nspec:\n eip: eipd01 \n externalPort: '8888'\n internalIp: 10.0.1.10\n internalPort: '80'\n protocol: tcp\n
"},{"location":"guide/vpc/#snat","title":"\u521b\u5efa\u200b SNAT \u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b SNAT \u200b\u89c4\u5219\u200b\uff0cVPC \u200b\u5185\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7684\u200b\u5730\u5740\u200b\u65f6\u200b\u5c06\u200b\u4f1a\u200b\u901a\u8fc7\u200b\u5bf9\u5e94\u200b EIP \u200b\u8fdb\u884c\u200b SNAT\u3002
---\nkind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eips01\nspec:\n natGwDp: gw1\n---\nkind: IptablesSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat01\nspec:\n eip: eips01\n internalCIDR: 10.0.1.0/24\n
"},{"location":"guide/vpc/#ip","title":"\u521b\u5efa\u200b\u6d6e\u52a8\u200b IP","text":"\u200b\u901a\u8fc7\u200b\u6d6e\u52a8\u200b IP \u200b\u89c4\u5219\u200b\uff0cVPC \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b IP \u200b\u4f1a\u200b\u548c\u200b EIP \u200b\u8fdb\u884c\u200b\u5b8c\u5168\u200b\u6620\u5c04\u200b\uff0c\u200b\u5916\u90e8\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u8fd9\u4e2a\u200b EIP \u200b\u8bbf\u95ee\u200b VPC \u200b\u5185\u200b\u7684\u200b IP\uff0cVPC \u200b\u5185\u200b\u7684\u200b\u8fd9\u4e2a\u200b IP \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u5730\u5740\u200b\u65f6\u200b\u4e5f\u200b\u4f1a\u200b SNAT \u200b\u6210\u200b\u8fd9\u4e2a\u200b EIP\u3002
---\nkind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eipf01\nspec:\n natGwDp: gw1\n\n---\nkind: IptablesFIPRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: fip01\nspec:\n eip: eipf01\n internalIp: 10.0.1.5\n
"},{"location":"guide/vpc/#_2","title":"\u81ea\u5b9a\u4e49\u200b\u8def\u7531","text":"\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u81ea\u5b9a\u4e49\u200b\u7f51\u7edc\u200b\u5185\u90e8\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\uff0c\u200b\u7ed3\u5408\u200b\u7f51\u5173\u200b\u5b9e\u73b0\u200b\u66f4\u200b\u7075\u6d3b\u200b\u7684\u200b\u8f6c\u53d1\u200b\u3002 Kube-OVN \u200b\u652f\u6301\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u548c\u200b\u66f4\u4e3a\u200b\u7075\u6d3b\u200b\u7684\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u3002
"},{"location":"guide/vpc/#_3","title":"\u9759\u6001\u200b\u8def\u7531","text":"kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n staticRoutes:\n - cidr: 0.0.0.0/0\n nextHopIP: 10.0.1.254\n policy: policyDst\n - cidr: 172.31.0.0/24\n nextHopIP: 10.0.1.253\n policy: policySrc\n routeTable: \"rtb1\"\n
policy: \u200b\u652f\u6301\u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u8def\u7531\u200b policyDst \u200b\u548c\u200b\u6e90\u5730\u5740\u200b\u8def\u7531\u200b policySrc\u3002- \u200b\u5f53\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b\u65f6\u200b\uff0cCIDR \u200b\u63a9\u7801\u200b\u8f83\u957f\u200b\u7684\u200b\u89c4\u5219\u200b\u4f18\u5148\u7ea7\u200b\u66f4\u9ad8\u200b\uff0c\u200b\u82e5\u200b\u63a9\u7801\u200b\u957f\u5ea6\u200b\u76f8\u540c\u200b\u5219\u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u8def\u7531\u200b\u4f18\u5148\u200b\u4e8e\u200b\u6e90\u5730\u5740\u200b\u8def\u7531\u200b\u3002
routeTable: \u200b\u53ef\u200b\u6307\u5b9a\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u6240\u5728\u200b\u7684\u200b\u8def\u7531\u8868\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5728\u200b\u4e3b\u200b\u8def\u7531\u8868\u200b\u3002\u200b\u5b50\u7f51\u200b\u5173\u8054\u200b\u8def\u7531\u8868\u200b\u8bf7\u200b\u53c2\u8003\u200b\u521b\u5efa\u200b\u5b50\u7f51\u200b
"},{"location":"guide/vpc/#_4","title":"\u7b56\u7565\u200b\u8def\u7531","text":"\u200b\u9488\u5bf9\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u5339\u914d\u200b\u7684\u200b\u6d41\u91cf\u200b\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u8fdb\u884c\u200b\u66f4\u200b\u7ec6\u7c92\u5ea6\u200b\u7684\u200b\u63a7\u5236\u200b\u3002\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u66f4\u200b\u7cbe\u786e\u200b\u7684\u200b\u5339\u914d\u200b\u89c4\u5219\u200b\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u63a7\u5236\u200b \u200b\u548c\u200b\u66f4\u200b\u591a\u200b\u7684\u200b\u8f6c\u53d1\u200b\u52a8\u4f5c\u200b\u3002\u200b\u8be5\u200b\u529f\u80fd\u200b\u4e3a\u200b OVN \u200b\u5185\u90e8\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\u7b56\u7565\u200b\u529f\u80fd\u200b\u7684\u200b\u4e00\u4e2a\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u4f7f\u7528\u200b\u4fe1\u606f\u200b\u8bf7\u200b\u53c2\u8003\u200b Logical Router Policy\u3002
\u200b\u7b80\u5355\u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n policyRoutes:\n - action: drop\n match: ip4.src==10.0.1.0/24 && ip4.dst==10.0.1.250\n priority: 11\n - action: reroute\n match: ip4.src==10.0.1.0/24\n nextHopIP: 10.0.1.252\n priority: 10\n
"},{"location":"guide/vpc/#_5","title":"\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219","text":"Kubernetes \u200b\u672c\u8eab\u200b\u63d0\u4f9b\u200b\u7684\u200b Service \u200b\u80fd\u529b\u200b\u53ef\u4ee5\u200b\u5b8c\u6210\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u4f46\u662f\u200b\u53d7\u9650\u4e8e\u200b Kubernetes \u200b\u5b9e\u73b0\u200b\uff0c Service \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u662f\u200b\u5168\u5c40\u200b\u5206\u914d\u200b\u4e14\u200b\u4e0d\u80fd\u200b\u91cd\u590d\u200b\u3002\u200b\u5bf9\u4e8e\u200b VPC \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\uff0c\u200b\u7528\u6237\u200b\u5e0c\u671b\u200b\u80fd\u200b\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u5730\u5740\u200b \u200b\u8303\u56f4\u200b\uff0c\u200b\u4e0d\u540c\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u5730\u5740\u200b\u53ef\u80fd\u200b\u91cd\u53e0\u200b\uff0cKubernetes \u200b\u5185\u7f6e\u200b\u7684\u200b Service \u200b\u529f\u80fd\u200b\u65e0\u6cd5\u200b\u5b8c\u5168\u200b\u6ee1\u8db3\u200b\u3002
\u200b\u9488\u5bf9\u200b\u8fd9\u200b\u7c7b\u200b\u573a\u666f\u200b\uff0cKube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b SwitchLBRule \u200b\u8d44\u6e90\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u3002
\u200b\u4e00\u4e2a\u200b `SwitchLBRule`` \u200b\u4f8b\u5b50\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n selector:\n - app:nginx\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
vip\uff1a\u200b\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u5730\u5740\u200b\u3002namespace\uff1a\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u5668\u200b\u540e\u200b\u7aef\u200b Pod \u200b\u6240\u5728\u200b\u7684\u200b Namespace\u3002sessionAffinity\uff1a\u200b\u548c\u200b Service \u200b\u7684\u200b sessionAffinity \u200b\u529f\u80fd\u200b\u76f8\u540c\u200b\u3002selector\uff1a\u200b\u548c\u200b Service \u200b\u7684\u200b selector \u200b\u529f\u80fd\u200b\u76f8\u540c\u200b\u3002ports\uff1a\u200b\u548c\u200b Service \u200b\u7684\u200b port \u200b\u529f\u80fd\u200b\u76f8\u540c\u200b\u3002
\u200b\u67e5\u770b\u200b\u90e8\u7f72\u200b\u7684\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u5668\u200b\u89c4\u5219\u200b\uff1a
# kubectl get slr\nNAME VIP PORT(S) SERVICE AGE\nvpc-dns-test-cjh2 10.96.0.3 53/UDP,53/TCP,9153/TCP kube-system/slr-vpc-dns-test-cjh2 88m\n
"},{"location":"guide/vpc/#vpc-dns","title":"\u81ea\u5b9a\u4e49\u200b vpc-dns","text":"\u200b\u7531\u4e8e\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u548c\u200b\u9ed8\u8ba4\u200b VPC \u200b\u7f51\u7edc\u200b\u76f8\u4e92\u200b\u9694\u79bb\u200b\uff0cVPC \u200b\u5185\u200b Pod \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b\u7684\u200b coredns \u200b\u670d\u52a1\u200b\u8fdb\u884c\u200b\u57df\u540d\u89e3\u6790\u200b\u3002 \u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u4f7f\u7528\u200b coredns \u200b\u89e3\u6790\u200b\u96c6\u7fa4\u200b\u5185\u200b Service \u200b\u57df\u540d\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Kube-OVN \u200b\u63d0\u4f9b\u200b\u7684\u200b vpc-dns \u200b\u8d44\u6e90\u200b\u6765\u200b\u5b9e\u73b0\u200b\u3002
"},{"location":"guide/vpc/#_6","title":"\u521b\u5efa\u200b\u9644\u52a0\u200b\u7f51\u5361","text":"apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-nad\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-nad.default.ovn\"\n }'\n
"},{"location":"guide/vpc/#ovn-default-provider","title":"\u4fee\u6539\u200b ovn-default \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u7684\u200b provider","text":"\u200b\u4fee\u6539\u200b ovn-default \u200b\u7684\u200b provider\uff0c\u200b\u4e3a\u200b\u4e0a\u9762\u200b nad \u200b\u914d\u7f6e\u200b\u7684\u200b provider ovn-nad.default.ovn\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: ovn-default\nspec:\n cidrBlock: 10.16.0.0/16\n default: true\n disableGatewayCheck: false\n disableInterConnection: false\n enableDHCP: false\n enableIPv6RA: false\n excludeIps:\n - 10.16.0.1\n gateway: 10.16.0.1\n gatewayType: distributed\n logicalGateway: false\n natOutgoing: true\n private: false\n protocol: IPv4\n provider: ovn-nad.default.ovn\n vpc: ovn-cluster\n
"},{"location":"guide/vpc/#vpc-dns-configmap","title":"\u914d\u7f6e\u200b vpc-dns \u200b\u7684\u200b ConfigMap","text":"\u200b\u5728\u200b kube-system \u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u4e0b\u200b\u521b\u5efa\u200b configmap\uff0c\u200b\u914d\u7f6e\u200b vpc-dns \u200b\u4f7f\u7528\u200b\u53c2\u6570\u200b\uff0c\u200b\u7528\u4e8e\u200b\u540e\u9762\u200b\u542f\u52a8\u200b vpc-dns \u200b\u529f\u80fd\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-config\n namespace: kube-system\ndata:\n coredns-vip: 10.96.0.3\n enable-vpc-dns: \"true\"\n nad-name: ovn-nad\n nad-provider: ovn-nad.default.ovn\n
enable-vpc-dns\uff1a\uff08\u200b\u53ef\u200b\u7f3a\u7701\u200b\uff09true \u200b\u542f\u7528\u200b\u529f\u80fd\u200b\uff0cfalse \u200b\u5173\u95ed\u200b\u529f\u80fd\u200b\u3002\u200b\u9ed8\u8ba4\u200b true\u3002coredns-image\uff1a\uff08\u200b\u53ef\u200b\u7701\u7565\u200b\uff09\uff1adns \u200b\u90e8\u7f72\u200b\u955c\u50cf\u200b\u3002\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b coredns \u200b\u90e8\u7f72\u200b\u7248\u672c\u200b\u3002coredns-template\uff1a\uff08\u200b\u53ef\u200b\u7701\u7565\u200b\uff09\uff1adns \u200b\u90e8\u7f72\u200b\u6a21\u677f\u200b\u6240\u5728\u200b\u7684\u200b URL\u3002\u200b\u9ed8\u8ba4\u200b\uff1a\u200b\u5f53\u524d\u200b\u7248\u672c\u200b\u4ed3\u5e93\u200b\u91cc\u200b\u7684\u200b yamls/coredns-template.yaml\u3002coredns-vip\uff1a\u200b\u4e3a\u200b coredns \u200b\u63d0\u4f9b\u200b lb \u200b\u670d\u52a1\u200b\u7684\u200b vip\u3002nad-name\uff1a\u200b\u914d\u7f6e\u200b\u7684\u200b network-attachment-definitions \u200b\u8d44\u6e90\u200b\u540d\u79f0\u200b\u3002nad-provider\uff1a\u200b\u4f7f\u7528\u200b\u7684\u200b provider \u200b\u540d\u79f0\u200b\u3002k8s-service-host\uff1a\uff08\u200b\u53ef\u200b\u7f3a\u7701\u200b\uff09 \u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b ip\u3002k8s-service-port\uff1a\uff08\u200b\u53ef\u200b\u7f3a\u7701\u200b\uff09\u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b port\u3002
"},{"location":"guide/vpc/#vpc-dns_1","title":"\u90e8\u7f72\u200b vpc-dns \u200b\u4f9d\u8d56\u200b\u8d44\u6e90","text":"apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:vpc-dns\nrules:\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - namespaces\n verbs:\n - list\n - watch\n - apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n annotations:\n rbac.authorization.kubernetes.io/autoupdate: \"true\"\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: vpc-dns\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:vpc-dns\nsubjects:\n- kind: ServiceAccount\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-corefile\n namespace: kube-system\ndata:\n Corefile: |\n .:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n forward . /etc/resolv.conf {\n prefer_udp\n }\n cache 30\n loop\n reload\n loadbalance\n }\n
"},{"location":"guide/vpc/#vpc-dns_2","title":"\u90e8\u7f72\u200b vpc-dns","text":"kind: VpcDns\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-cjh1\nspec:\n vpc: cjh-vpc-1\n subnet: cjh-subnet-1\n
vpc\uff1a \u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b vpc \u200b\u540d\u79f0\u200b\u3002subnet\uff1a\u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b\u5b50\u200b\u540d\u79f0\u200b\u3002
\u200b\u67e5\u770b\u200b\u8d44\u6e90\u200b\u4fe1\u606f\u200b\uff1a
[root@hci-dev-mst-1 kubeovn]# kubectl get vpc-dns\nNAME ACTIVE VPC SUBNET \ntest-cjh1 false cjh-vpc-1 cjh-subnet-1 \ntest-cjh2 true cjh-vpc-1 cjh-subnet-2 \n
ACTIVE: true \u200b\u6210\u529f\u200b\u90e8\u7f72\u200b\u4e86\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b\uff0cfalse \u200b\u65e0\u200b\u90e8\u7f72\u200b
"},{"location":"guide/vpc/#_7","title":"\u9650\u5236","text":" - \u200b\u4e00\u4e2a\u200b vpc \u200b\u4e0b\u200b\u53ea\u4f1a\u200b\u90e8\u7f72\u200b\u4e00\u4e2a\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b;
- \u200b\u5f53\u200b\u4e00\u4e2a\u200b vpc \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u591a\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\uff08\u200b\u5373\u200b\u540c\u4e00\u4e2a\u200b vpc \u200b\u4e0d\u540c\u200b\u7684\u200b subnet\uff09\uff0c\u200b\u53ea\u6709\u200b\u4e00\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\u72b6\u6001\u200b
true\uff0c\u200b\u5176\u4ed6\u200b\u4e3a\u200b fasle; - \u200b\u5f53\u200b
true \u200b\u7684\u200b vpc-dns \u200b\u88ab\u200b\u5220\u9664\u200b\u6389\u200b\uff0c\u200b\u4f1a\u200b\u83b7\u53d6\u200b\u5176\u4ed6\u200b false \u200b\u7684\u200b vpc-dns \u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/webhook/","title":"Webhook \u200b\u4f7f\u7528","text":"\u200b\u4f7f\u7528\u200b Webhook \u200b\u53ef\u4ee5\u200b\u5bf9\u200b Kube-OVN \u200b\u5185\u200b\u7684\u200b CRD \u200b\u8d44\u6e90\u200b\u8fdb\u884c\u200b\u6821\u9a8c\u200b\uff0c\u200b\u76ee\u524d\u200b Webhook \u200b\u4e3b\u8981\u200b\u5b8c\u6210\u200b \u200b\u56fa\u5b9a\u200b IP \u200b\u5730\u5740\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\u548c\u200b Subnet CIDR \u200b\u7684\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\uff0c\u200b\u5e76\u200b\u5728\u200b\u8fd9\u7c7b\u200b\u8d44\u6e90\u200b\u521b\u5efa\u200b\u51b2\u7a81\u200b\u65f6\u200b\u63d0\u793a\u200b\u9519\u8bef\u200b\u3002
\u200b\u7531\u4e8e\u200b Webhook \u200b\u4f1a\u200b\u62e6\u622a\u200b\u6240\u6709\u200b\u7684\u200b Subnet \u200b\u548c\u200b Pod \u200b\u521b\u5efa\u200b\u7684\u200b\u8bf7\u6c42\u200b\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u5148\u200b\u90e8\u7f72\u200b Kube-OVN \u200b\u540e\u200b\u90e8\u7f72\u200b Webhook \u200b\u907f\u514d\u200b\u65e0\u6cd5\u200b\u521b\u5efa\u200b Pod\u3002
"},{"location":"guide/webhook/#cert-manager","title":"Cert-Manager \u200b\u5b89\u88c5","text":"Webhook \u200b\u90e8\u7f72\u200b\u9700\u8981\u200b\u76f8\u5173\u200b\u8bc1\u4e66\u200b\u52a0\u5bc6\u200b\uff0c\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b cert-manager \u200b\u751f\u6210\u200b\u76f8\u5173\u200b\u8bc1\u4e66\u200b\uff0c\u200b\u6211\u4eec\u200b\u9700\u8981\u200b\u5728\u200b\u90e8\u7f72\u200b Webhook \u200b\u524d\u5148\u200b\u90e8\u7f72\u200b cert-manager\u3002
\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u6765\u200b\u90e8\u7f72\u200b cert-manager:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml\n
\u200b\u66f4\u200b\u591a\u200b cert-manager \u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b cert-manager \u200b\u6587\u6863\u200b\u3002
"},{"location":"guide/webhook/#webhook_1","title":"\u5b89\u88c5\u200b Webhook","text":"\u200b\u4e0b\u8f7d\u200b Webhook \u200b\u5bf9\u5e94\u200b\u7684\u200b yaml \u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b:
# kubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/yamls/webhook.yaml\ndeployment.apps/kube-ovn-webhook created\nservice/kube-ovn-webhook created\nvalidatingwebhookconfiguration.admissionregistration.k8s.io/kube-ovn-webhook created\ncertificate.cert-manager.io/kube-ovn-webhook-serving-cert created\nissuer.cert-manager.io/kube-ovn-webhook-selfsigned-issuer created\n
"},{"location":"guide/webhook/#webhook_2","title":"\u9a8c\u8bc1\u200b Webhook \u200b\u751f\u6548","text":"\u200b\u67e5\u770b\u200b\u5df2\u200b\u8fd0\u884c\u200b Pod\uff0c\u200b\u5f97\u5230\u200b Pod IP 10.16.0.15\uff1a
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nstatic-7584848b74-fw9dm 1/1 Running 0 2d13h 10.16.0.15 kube-ovn-worker <none> \n
\u200b\u7f16\u5199\u200b yaml \u200b\u521b\u5efa\u200b\u76f8\u540c\u200b IP \u200b\u7684\u200b Pod\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\n labels:\n app: static\n managedFields:\n name: staticip-pod\n namespace: default\nspec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0a\u200b yaml \u200b\u521b\u5efa\u200b\u9759\u6001\u200b\u5730\u5740\u200b Pod \u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u63d0\u793a\u200b IP \u200b\u5730\u5740\u200b\u51b2\u7a81\u200b\uff1a
# kubectl apply -f pod-static.yaml\nError from server (annotation ip address 10.16.0.15 is conflict with ip crd static-7584848b74-fw9dm.default 10.16.0.15): error when creating \"pod-static.yaml\": admission webhook \"pod-ip-validaing.kube-ovn.io\" denied the request: annotation ip address 10.16.0.15 is conflict with ip crd static-7584848b74-fw9dm.default 10.16.0.15\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-default-subnet/","title":"\u4fee\u6539\u200b\u5b50\u7f51\u200b CIDR","text":"\u200b\u5982\u679c\u200b\u521b\u5efa\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u51b2\u7a81\u200b\u6216\u200b\u4e0d\u200b\u7b26\u5408\u200b\u9884\u671f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u672c\u200b\u6587\u6863\u200b\u7684\u200b\u6b65\u9aa4\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
\u200b\u4fee\u6539\u200b\u5b50\u7f51\u200b CIDR \u200b\u540e\u200b\u4e4b\u524d\u200b\u521b\u5efa\u200b\u7684\u200b Pod \u200b\u5c06\u200b\u65e0\u6cd5\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u8fdb\u884c\u200b\u91cd\u5efa\u200b\u3002 \u200b\u5efa\u8bae\u200b\u64cd\u4f5c\u524d\u200b\u614e\u91cd\u8003\u8651\u200b\u3002\u200b\u672c\u6587\u200b\u53ea\u200b\u9488\u5bf9\u200b\u4e1a\u52a1\u200b\u5b50\u7f51\u200b CIDR \u200b\u66f4\u6539\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5982\u9700\u200b \u200b\u66f4\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR \u200b\u8bf7\u200b\u53c2\u8003\u200b\u66f4\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR\u3002
"},{"location":"ops/change-default-subnet/#_1","title":"\u7f16\u8f91\u200b\u5b50\u7f51","text":"\u200b\u4f7f\u7528\u200b kubectl edit \u200b\u4fee\u6539\u200b\u5b50\u7f51\u200b cidrBlock\uff0cgateway \u200b\u548c\u200b excludeIps\u3002
kubectl edit subnet test-subnet\n
"},{"location":"ops/change-default-subnet/#namespace-pod","title":"\u91cd\u5efa\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\u7684\u200b Namespace \u200b\u4e0b\u200b\u6240\u6709\u200b Pod","text":"\u200b\u4ee5\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b test Namespace \u200b\u4e3a\u4f8b\u200b\uff1a
for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n test --ignore-not-found\ndone\n
\u200b\u82e5\u200b\u53ea\u200b\u4f7f\u7528\u200b\u4e86\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\u5220\u9664\u200b\u6240\u6709\u200b\u975e\u200b host \u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u7684\u200b Pod\uff1a
for ns in $(kubectl get ns --no-headers -o custom-columns=NAME:.metadata.name); do\n for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n \"$ns\" --ignore-not-found\n done\ndone\n
"},{"location":"ops/change-default-subnet/#_2","title":"\u66f4\u6539\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u914d\u7f6e","text":"\u200b\u82e5\u200b\u4fee\u6539\u200b\u7684\u200b\u4e3a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u8fd8\u200b\u9700\u8981\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff1a
args:\n- --default-cidr=10.17.0.0/16\n- --default-gateway=10.17.0.1\n- --default-exclude-ips=10.17.0.1\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-join-subnet/","title":"\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR","text":"\u200b\u82e5\u200b\u53d1\u73b0\u200b\u521b\u5efa\u200b\u7684\u200b Join \u200b\u5b50\u7f51\u200b CIDR \u200b\u51b2\u7a81\u200b\u6216\u200b\u4e0d\u200b\u7b26\u5408\u200b\u9884\u671f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u672c\u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
\u200b\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR \u200b\u540e\u200b\u4e4b\u524d\u200b\u521b\u5efa\u200b\u7684\u200b Pod \u200b\u5c06\u200b\u65e0\u6cd5\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u9700\u8981\u200b\u7b49\u200b\u91cd\u5efa\u200b\u5b8c\u6210\u200b, \u200b\u5efa\u8bae\u200b\u524d\u200b\u64cd\u4f5c\u200b\u65f6\u200b\u614e\u91cd\u8003\u8651\u200b\u3002
"},{"location":"ops/change-join-subnet/#join","title":"\u5220\u9664\u200b Join \u200b\u5b50\u7f51","text":"kubectl patch subnet join --type='json' -p '[{\"op\": \"replace\", \"path\": \"/metadata/finalizers\", \"value\": []}]'\nkubectl delete subnet join\n
"},{"location":"ops/change-join-subnet/#_1","title":"\u6e05\u7406\u200b\u76f8\u5173\u200b\u5206\u914d\u200b\u4fe1\u606f","text":"kubectl annotate node ovn.kubernetes.io/allocated=false --all --overwrite\n
"},{"location":"ops/change-join-subnet/#join_1","title":"\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b\u76f8\u5173\u200b\u4fe1\u606f","text":"\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u5185\u200b Join \u200b\u5b50\u7f51\u200b\u76f8\u5173\u200b\u4fe1\u606f\u200b\uff1a
kubectl edit deployment -n kube-system kube-ovn-controller\n
\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53c2\u6570\u200b\uff1a
args:\n- --node-switch-cidr=100.51.0.0/16\n
\u200b\u91cd\u542f\u200b kube-ovn-controller \u200b\u91cd\u5efa\u200b join \u200b\u5b50\u7f51\u200b\uff1a
kubectl delete pod -n kube-system -lapp=kube-ovn-controller\n
\u200b\u67e5\u770b\u200b\u65b0\u200b\u7684\u200b Join \u200b\u5b50\u7f51\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get subnet\nNAME PROVIDER VPC PROTOCOL CIDR PRIVATE NAT DEFAULT GATEWAYTYPE V4USED V4AVAILABLE V6USED V6AVAILABLE EXCLUDEIPS\njoin ovn ovn-cluster IPv4 100.51.0.0/16 false false false distributed 2 65531 0 0 [\"100.51.0.1\"]\novn-default ovn ovn-cluster IPv4 10.17.0.0/16 false true true distributed 5 65528 0 0 [\"10.17.0.1\"]\n
"},{"location":"ops/change-join-subnet/#ovn0","title":"\u91cd\u65b0\u914d\u7f6e\u200b ovn0 \u200b\u7f51\u5361\u200b\u5730\u5740","text":"\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b ovn0 \u200b\u7f51\u5361\u200b\u4fe1\u606f\u200b\u9700\u8981\u200b\u91cd\u65b0\u200b\u66f4\u65b0\u200b\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b\u91cd\u542f\u200b kube-ovn-cni \u200b\u6765\u200b\u5b8c\u6210\u200b\uff1a
kubectl delete pod -n kube-system -l app=kube-ovn-cni\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-log-level/","title":"\u8c03\u6574\u200b\u65e5\u5fd7\u200b\u7b49\u7ea7","text":"\u200b\u6253\u5f00\u200b kube-ovn.yaml\uff0c\u200b\u5728\u200b\u670d\u52a1\u200b\u542f\u52a8\u200b\u811a\u672c\u200b\u7684\u200b\u53c2\u6570\u200b\u5217\u8868\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b log \u200b\u7b49\u7ea7\u200b\uff0c\u200b\u6bd4\u5982\u200b\uff1a
vi kube-ovn.yaml\n# ...\n - name: kube-ovn-controller\n image: \"docker.io/kubeovn/kube-ovn:v1.12.12\"\n imagePullPolicy: IfNotPresent\n args:\n - /kube-ovn/start-controller.sh\n - --v=3\n# ...\n# log \u200b\u7b49\u7ea7\u200b\u8d8a\u9ad8\u200b\uff0clog \u200b\u5c31\u200b\u8d8a\u200b\u8be6\u7ec6\u200b\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-ovn-central-node/","title":"\u66f4\u6362\u200b ovn-central \u200b\u8282\u70b9","text":"\u200b\u7531\u4e8e\u200b ovn-central \u200b\u5185\u200b\u7684\u200b ovn-nb \u200b\u548c\u200b ovn-sb \u200b\u5206\u522b\u200b\u5efa\u7acb\u200b\u4e86\u200b\u7c7b\u4f3c\u200b etcd \u200b\u7684\u200b raft \u200b\u96c6\u7fa4\u200b\uff0c\u200b\u56e0\u6b64\u200b\u66f4\u6362\u200b ovn-central \u200b\u8282\u70b9\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u7684\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u4fdd\u8bc1\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u7684\u200b\u6b63\u786e\u200b\u548c\u200b\u6570\u636e\u200b\u7684\u200b\u4e00\u81f4\u200b\u3002\u200b\u5efa\u8bae\u200b\u6bcf\u6b21\u200b\u53ea\u200b\u5bf9\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u4e0a\u4e0b\u200b\u7ebf\u200b\u5904\u7406\u200b\uff0c\u200b\u4ee5\u200b\u907f\u514d\u200b\u96c6\u7fa4\u200b\u8fdb\u5165\u200b\u4e0d\u53ef\u200b\u7528\u200b \u200b\u72b6\u6001\u200b\uff0c\u200b\u5f71\u54cd\u200b\u96c6\u7fa4\u200b\u6574\u4f53\u200b\u7f51\u7edc\u200b\u3002
"},{"location":"ops/change-ovn-central-node/#ovn-central_1","title":"ovn-central \u200b\u8282\u70b9\u200b\u4e0b\u7ebf","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u9488\u5bf9\u200b\u5982\u4e0b\u200b\u7684\u200b\u96c6\u7fa4\u200b\u60c5\u51b5\u200b\uff0c\u200b\u4ee5\u4e0b\u200b\u7ebf\u200b kube-ovn-control-plane2 \u200b\u8282\u70b9\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u5c06\u200b\u5176\u200b\u4ece\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u79fb\u9664\u200b\u3002
# kubectl -n kube-system get pod -o wide | grep central\novn-central-6bf58cbc97-2cdhg 1/1 Running 0 21m 172.18.0.3 kube-ovn-control-plane <none> <none>\novn-central-6bf58cbc97-crmfp 1/1 Running 0 21m 172.18.0.5 kube-ovn-control-plane2 <none> <none>\novn-central-6bf58cbc97-lxmpl 1/1 Running 0 21m 172.18.0.4 kube-ovn-control-plane3 <none> <none>\n
"},{"location":"ops/change-ovn-central-node/#ovn-nb","title":"\u4e0b\u7ebf\u200b ovn-nb \u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u8282\u70b9","text":"\u200b\u9996\u5148\u200b\u67e5\u770b\u200b\u8282\u70b9\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b ID\uff0c\u200b\u4ee5\u4fbf\u200b\u540e\u7eed\u200b\u64cd\u4f5c\u200b\u3002
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2135194 ms ago, reason: timeout\nLast Election won: 2135188 ms ago\nElection timer: 5000\nLog: [135, 135]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-d64b ->d64b <-4984 ->4984\nDisconnections: 0\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=135 match_index=134 last msg 1084 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=2 match_index=134\n d64b (d64b at tcp:[172.18.0.5]:6643) next_index=135 match_index=134 last msg 1084 ms ago\nstatus: ok\n
kube-ovn-control-plane2 \u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b IP \u200b\u4e3a\u200b 172.18.0.5\uff0c\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u7684\u200b ID \u200b\u4e3a\u200b d64b\u3002\u200b\u63a5\u4e0b\u6765\u200b\u4ece\u200b ovn-nb \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u8be5\u200b\u8282\u70b9\u200b\uff1a
# kubectl ko nb kick d64b\nstarted removal\n
\u200b\u786e\u8ba4\u200b\u8282\u70b9\u200b\u8e22\u200b\u51fa\u200b\u6210\u529f\u200b\uff1a
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2297649 ms ago, reason: timeout\nLast Election won: 2297643 ms ago\nElection timer: 5000\nLog: [136, 136]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-4984 ->4984\nDisconnections: 2\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=136 match_index=135 last msg 1270 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=2 match_index=135\nstatus: ok\n
"},{"location":"ops/change-ovn-central-node/#ovn-sb","title":"\u4e0b\u7ebf\u200b ovn-sb \u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u8282\u70b9","text":"\u200b\u63a5\u4e0b\u6765\u200b\u9700\u8981\u200b\u64cd\u4f5c\u200b ovn-sb \u200b\u96c6\u7fa4\u200b\uff0c\u200b\u9996\u5148\u200b\u67e5\u770b\u200b\u8282\u70b9\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b ID\uff0c\u200b\u4ee5\u4fbf\u200b\u540e\u7eed\u200b\u64cd\u4f5c\u200b\uff1a
kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2395317 ms ago, reason: timeout\nLast Election won: 2395316 ms ago\nElection timer: 5000\nLog: [130, 130]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-e9f7 ->e9f7 <-6e84 ->6e84\nDisconnections: 0\nServers:\n e9f7 (e9f7 at tcp:[172.18.0.5]:6644) next_index=130 match_index=129 last msg 1006 ms ago\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=130 match_index=129 last msg 1004 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=2 match_index=129\nstatus: ok\n
kube-ovn-control-plane2 \u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b IP \u200b\u4e3a\u200b 172.18.0.5\uff0c\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u7684\u200b ID \u200b\u4e3a\u200b e9f7\u3002\u200b\u63a5\u4e0b\u6765\u200b\u4ece\u200b ovn-sb \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u8be5\u200b\u8282\u70b9\u200b\uff1a
# kubectl ko sb kick e9f7\nstarted removal\n
\u200b\u786e\u8ba4\u200b\u8282\u70b9\u200b\u8e22\u200b\u51fa\u200b\u6210\u529f\u200b\uff1a
# kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2481636 ms ago, reason: timeout\nLast Election won: 2481635 ms ago\nElection timer: 5000\nLog: [131, 131]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-6e84 ->6e84\nDisconnections: 2\nServers:\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=131 match_index=130 last msg 642 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=2 match_index=130\nstatus: ok\n
"},{"location":"ops/change-ovn-central-node/#ovn-central_2","title":"\u5220\u9664\u200b\u8282\u70b9\u200b\u6807\u7b7e\u200b\uff0c\u200b\u5e76\u200b\u7f29\u5bb9\u200b ovn-central","text":"\u200b\u6ce8\u610f\u200b\u9700\u5728\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u4e2d\u200b\u5220\u9664\u200b\u4e0b\u7ebf\u200b\u8282\u70b9\u200b\u3002
kubectl label node kube-ovn-control-plane2 kube-ovn/role-\nkubectl scale deployment -n kube-system ovn-central --replicas=2\nkubectl set env deployment/ovn-central -n kube-system NODE_IPS=\"172.18.0.3,172.18.0.4\"\nkubectl rollout status deployment/ovn-central -n kube-system \n
"},{"location":"ops/change-ovn-central-node/#ovn-central_3","title":"\u4fee\u6539\u200b\u5176\u4ed6\u200b\u7ec4\u4ef6\u200b\u8fde\u63a5\u200b ovn-central \u200b\u5730\u5740","text":"\u200b\u4fee\u6539\u200b ovs-ovn \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5220\u9664\u200b\u4e0b\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002
# kubectl set env daemonset/ovs-ovn -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4\"\ndaemonset.apps/ovs-ovn env updated\n# kubectl delete pod -n kube-system -lapp=ovs\npod \"ovs-ovn-4f6jc\" deleted\npod \"ovs-ovn-csn2w\" deleted\npod \"ovs-ovn-mpbmb\" deleted\n
\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5220\u9664\u200b\u4e0b\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002
# kubectl set env deployment/kube-ovn-controller -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4\"\ndeployment.apps/kube-ovn-controller env updated\n\n# kubectl rollout status deployment/kube-ovn-controller -n kube-system\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 1 of 3 updated replicas are available...\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 2 of 3 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\n
"},{"location":"ops/change-ovn-central-node/#_1","title":"\u6e05\u7406\u200b\u8282\u70b9","text":"\u200b\u5220\u9664\u200b kube-ovn-control-plane2 \u200b\u8282\u70b9\u200b\u5185\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff0c\u200b\u907f\u514d\u200b\u91cd\u590d\u200b\u6dfb\u52a0\u200b\u8282\u70b9\u200b\u65f6\u200b\u53d1\u751f\u200b\u5f02\u5e38\u200b\uff1a
rm -rf /etc/origin/ovn\n
\u200b\u5982\u9700\u200b\u5c06\u200b\u8282\u70b9\u200b\u4ece\u200b\u6574\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u4e0b\u7ebf\u200b\uff0c\u200b\u8fd8\u200b\u9700\u200b\u7ee7\u7eed\u200b\u53c2\u8003\u200b\u5220\u9664\u200b\u5de5\u4f5c\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"ops/change-ovn-central-node/#ovn-central_4","title":"ovn-central \u200b\u8282\u70b9\u200b\u4e0a\u7ebf","text":"\u200b\u4e0b\u5217\u200b\u6b65\u9aa4\u200b\u4f1a\u200b\u5c06\u200b\u4e00\u4e2a\u200b\u65b0\u200b\u7684\u200b Kubernetes \u200b\u8282\u70b9\u200b\u52a0\u5165\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u3002
"},{"location":"ops/change-ovn-central-node/#_2","title":"\u76ee\u5f55\u200b\u68c0\u67e5","text":"\u200b\u68c0\u67e5\u200b\u65b0\u589e\u200b\u8282\u70b9\u200b\u7684\u200b /etc/origin/ovn \u200b\u76ee\u5f55\u200b\u4e2d\u200b\u662f\u5426\u200b\u5b58\u5728\u200b ovnnb_db.db \u200b\u6216\u200b ovnsb_db.db \u200b\u6587\u4ef6\u200b\uff0c\u200b\u82e5\u200b\u5b58\u5728\u200b\u9700\u200b\u63d0\u524d\u200b\u5220\u9664\u200b\uff1a
rm -rf /etc/origin/ovn\n
"},{"location":"ops/change-ovn-central-node/#ovn-central_5","title":"\u786e\u8ba4\u200b\u5f53\u524d\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u6b63\u5e38","text":"\u200b\u82e5\u200b\u5f53\u524d\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u5df2\u7ecf\u200b\u5f02\u5e38\u200b\uff0c\u200b\u65b0\u589e\u200b\u8282\u70b9\u200b\u53ef\u80fd\u200b\u5bfc\u81f4\u200b\u6295\u7968\u9009\u4e3e\u200b\u65e0\u6cd5\u200b\u8fc7\u534a\u6570\u200b\uff0c\u200b\u5f71\u54cd\u200b\u540e\u7eed\u200b\u64cd\u4f5c\u200b\u3002
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 44\nLeader: self\nVote: self\n\nLast Election started 1855739 ms ago, reason: timeout\nLast Election won: 1855729 ms ago\nElection timer: 5000\nLog: [147, 147]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: ->4984 <-4984\nDisconnections: 0\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=147 match_index=146 last msg 367 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=140 match_index=146\nstatus: ok\n\n# kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 33\nLeader: self\nVote: self\n\nLast Election started 1868589 ms ago, reason: timeout\nLast Election won: 1868579 ms ago\nElection timer: 5000\nLog: [142, 142]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: ->6e84 <-6e84\nDisconnections: 0\nServers:\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=142 match_index=141 last msg 728 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=134 match_index=141\nstatus: ok\n
"},{"location":"ops/change-ovn-central-node/#_3","title":"\u7ed9\u200b\u8282\u70b9\u200b\u589e\u52a0\u200b\u6807\u7b7e\u200b\u5e76\u200b\u6269\u5bb9","text":"\u200b\u6ce8\u610f\u200b\u9700\u5728\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e0a\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002
kubectl label node kube-ovn-control-plane2 kube-ovn/role=master\nkubectl scale deployment -n kube-system ovn-central --replicas=3\nkubectl set env deployment/ovn-central -n kube-system NODE_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\nkubectl rollout status deployment/ovn-central -n kube-system\n
"},{"location":"ops/change-ovn-central-node/#ovn-central_6","title":"\u4fee\u6539\u200b\u5176\u4ed6\u200b\u7ec4\u4ef6\u200b\u8fde\u63a5\u200b ovn-central \u200b\u5730\u5740","text":"\u200b\u4fee\u6539\u200b ovs-ovn \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u589e\u52a0\u200b\u4e0a\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\uff1a
# kubectl set env daemonset/ovs-ovn -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\ndaemonset.apps/ovs-ovn env updated\n# kubectl delete pod -n kube-system -lapp=ovs\npod \"ovs-ovn-4f6jc\" deleted\npod \"ovs-ovn-csn2w\" deleted\npod \"ovs-ovn-mpbmb\" deleted\n
\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u589e\u52a0\u200b\u4e0a\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\uff1a
# kubectl set env deployment/kube-ovn-controller -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\ndeployment.apps/kube-ovn-controller env updated\n\n# kubectl rollout status deployment/kube-ovn-controller -n kube-system\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 1 of 3 updated replicas are available...\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 2 of 3 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/delete-worker-node/","title":"\u5220\u9664\u200b\u5de5\u4f5c\u200b\u8282\u70b9","text":"\u200b\u5982\u679c\u200b\u53ea\u662f\u200b\u7b80\u5355\u200b\u4ece\u200b Kubernetes \u200b\u4e2d\u200b\u5220\u9664\u200b\u8282\u70b9\u200b\uff0c\u200b\u7531\u4e8e\u200b\u8282\u70b9\u200b\u4e0a\u200b ovs-ovn \u200b\u4e2d\u200b\u8fd0\u884c\u200b\u7684\u200b ovn-controller \u200b\u8fdb\u7a0b\u200b\u4ecd\u200b\u5728\u200b\u8fd0\u884c\u200b\u4f1a\u200b\u5b9a\u671f\u200b\u8fde\u63a5\u200b ovn-central \u200b\u6ce8\u518c\u200b\u76f8\u5173\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\uff0c \u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u989d\u5916\u200b\u8d44\u6e90\u200b\u6d6a\u8d39\u200b\u5e76\u200b\u6709\u200b\u6f5c\u5728\u200b\u7684\u200b\u89c4\u5219\u200b\u51b2\u7a81\u200b\u98ce\u9669\u200b\u3002 \u200b\u56e0\u6b64\u200b\u5728\u200b\u4ece\u200b Kubernetes \u200b\u5185\u200b\u5220\u9664\u200b\u8282\u70b9\u200b\u65f6\u200b\uff0c\u200b\u8bf7\u200b\u6309\u7167\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u6765\u200b\u4fdd\u8bc1\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u88ab\u200b\u6e05\u7406\u200b\u3002
\u200b\u8be5\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b\u5220\u9664\u200b\u5de5\u4f5c\u200b\u8282\u70b9\u200b\u7684\u200b\u6b65\u9aa4\u200b\uff0c\u200b\u5982\u9700\u200b\u66f4\u6362\u200b ovn-central \u200b\u6240\u5728\u200b\u8282\u70b9\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u66f4\u6362\u200b ovn-central \u200b\u8282\u70b9\u200b\u3002
"},{"location":"ops/delete-worker-node/#_2","title":"\u9a71\u9010\u200b\u8282\u70b9\u200b\u4e0a\u200b\u6240\u6709\u200b\u5bb9\u5668","text":" # kubectl drain kube-ovn-worker --ignore-daemonsets --force\n node/kube-ovn-worker cordoned\n WARNING: ignoring DaemonSet-managed Pods: kube-system/kube-ovn-cni-zt74b, kube-system/kube-ovn-pinger-5rxfs, kube-system/kube-proxy-jpmnm, kube-system/ovs-ovn-v2kll\n evicting pod kube-system/coredns-64897985d-qsgpt\n evicting pod local-path-storage/local-path-provisioner-5ddd94ff66-llss6\n evicting pod kube-system/kube-ovn-controller-8459db5ff4-94lxb\n pod/kube-ovn-controller-8459db5ff4-94lxb evicted\n pod/coredns-64897985d-qsgpt evicted\n pod/local-path-provisioner-5ddd94ff66-llss6 evicted\n node/kube-ovn-worker drained\n
"},{"location":"ops/delete-worker-node/#kubelet-docker","title":"\u505c\u6b62\u200b kubelet \u200b\u548c\u200b docker","text":"\u200b\u8be5\u200b\u6b65\u9aa4\u200b\u4f1a\u200b\u505c\u6b62\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u4ee5\u200b\u907f\u514d\u200b\u5411\u200b ovn-central \u200b\u8fdb\u884c\u200b\u4fe1\u606f\u200b\u6ce8\u518c\u200b\uff0c\u200b\u767b\u5f55\u200b\u5230\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
systemctl stop kubelet\nsystemctl stop docker\n
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b\u7684\u200b CRI \u200b\u4e3a\u200b containerd\uff0c\u200b\u9700\u8981\u200b\u6267\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u6765\u200b\u505c\u6b62\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff1a
crictl rm -f $(crictl ps | grep openvswitch | awk '{print $1}')\n
"},{"location":"ops/delete-worker-node/#node","title":"\u6e05\u7406\u200b Node \u200b\u4e0a\u200b\u7684\u200b\u6b8b\u7559\u200b\u6570\u636e","text":"rm -rf /var/run/openvswitch\nrm -rf /var/run/ovn\nrm -rf /etc/origin/openvswitch/\nrm -rf /etc/origin/ovn/\nrm -rf /etc/cni/net.d/00-kube-ovn.conflist\nrm -rf /etc/cni/net.d/01-kube-ovn.conflist\nrm -rf /var/log/openvswitch\nrm -rf /var/log/ovn\n
"},{"location":"ops/delete-worker-node/#kubectl","title":"\u4f7f\u7528\u200b kubectl \u200b\u5220\u9664\u200b\u8282\u70b9","text":"kubectl delete no kube-ovn-01\n
"},{"location":"ops/delete-worker-node/#ovn-sb","title":"\u68c0\u67e5\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u662f\u5426\u200b\u4ece\u200b ovn-sb \u200b\u4e2d\u200b\u5220\u9664","text":"\u200b\u4e0b\u9762\u200b\u7684\u200b\u793a\u4f8b\u200b\u4e3a\u200b kube-ovn-worker \u200b\u4f9d\u7136\u200b\u672a\u200b\u88ab\u200b\u5220\u9664\u200b\uff1a
# kubectl ko sbctl show\nChassis \"b0564934-5a0d-4804-a4c0-476c93596a17\"\n hostname: kube-ovn-worker\n Encap geneve\n ip: \"172.18.0.2\"\n options: {csum=\"true\"}\n Port_Binding kube-ovn-pinger-5rxfs.kube-system\nChassis \"6a29de7e-d731-4eaf-bacd-2f239ee52b28\"\n hostname: kube-ovn-control-plane\n Encap geneve\n ip: \"172.18.0.3\"\n options: {csum=\"true\"}\n Port_Binding coredns-64897985d-nbfln.kube-system\n Port_Binding node-kube-ovn-control-plane\n Port_Binding local-path-provisioner-5ddd94ff66-h4tn9.local-path-storage\n Port_Binding kube-ovn-pinger-hf2p6.kube-system\n Port_Binding coredns-64897985d-fhwlw.kube-system\n
"},{"location":"ops/delete-worker-node/#chassis","title":"\u82e5\u200b\u8282\u70b9\u200b\u5bf9\u5e94\u200b\u7684\u200b chassis \u200b\u4f9d\u7136\u200b\u5b58\u5728\u200b\uff0c\u200b\u624b\u52a8\u200b\u8fdb\u884c\u200b\u5220\u9664","text":"uuid \u200b\u4e3a\u200b\u4e4b\u524d\u200b\u547d\u4ee4\u200b\u6240\u200b\u67e5\u51fa\u200b\u7684\u200b Chassis \u200b\u5bf9\u5e94\u200b id\uff1a
# kubectl ko sbctl chassis-del b0564934-5a0d-4804-a4c0-476c93596a17\n# kubectl ko sbctl show\nChassis \"6a29de7e-d731-4eaf-bacd-2f239ee52b28\"\n hostname: kube-ovn-control-plane\n Encap geneve\n ip: \"172.18.0.3\"\n options: {csum=\"true\"}\n Port_Binding coredns-64897985d-nbfln.kube-system\n Port_Binding node-kube-ovn-control-plane\n Port_Binding local-path-provisioner-5ddd94ff66-h4tn9.local-path-storage\n Port_Binding kube-ovn-pinger-hf2p6.kube-system\n Port_Binding coredns-64897985d-fhwlw.kube-system\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/faq/","title":"\u5176\u4ed6\u200b\u5e38\u89c1\u95ee\u9898","text":""},{"location":"ops/faq/#arm","title":"\u9e92\u9e9f\u200b ARM \u200b\u7cfb\u7edf\u200b\u8de8\u200b\u4e3b\u673a\u200b\u5bb9\u5668\u200b\u8bbf\u95ee\u200b\u95f4\u6b47\u200b\u5931\u8d25","text":""},{"location":"ops/faq/#_2","title":"\u73b0\u8c61","text":"\u200b\u9e92\u9e9f\u200b ARM \u200b\u7cfb\u7edf\u200b\u548c\u200b\u90e8\u5206\u200b\u56fd\u4ea7\u5316\u200b\u7f51\u5361\u200b offload \u200b\u914d\u5408\u200b\u5b58\u5728\u200b\u95ee\u9898\u200b\uff0c\u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u95f4\u6b47\u200b\u6545\u969c\u200b\u3002
\u200b\u4f7f\u7528\u200b netstat \u200b\u786e\u8ba4\u200b\u95ee\u9898\u200b\uff1a
# netstat -us\nIcmpMsg:\n InType0: 22\n InType3: 24\n InType8: 117852\n OutType0: 117852\n OutType3: 29\n OutType8: 22\nUdp:\n 3040636 packets received\n 0 packets to unknown port received.\n 4 packet receive errors\n 602 packets sent\n 0 receive buffer errors\n 0 send buffer errors\n InCsumErrors: 4\nUdpLite:\nIpExt:\n InBcastPkts: 10244\n InOctets: 4446320361\n OutOctets: 1496815600\n InBcastOctets: 3095950\n InNoECTPkts: 7683903\n
\u200b\u82e5\u200b\u5b58\u5728\u200b InCsumErrors\uff0c\u200b\u4e14\u200b\u968f\u7740\u200b\u8bbf\u95ee\u200b\u5931\u8d25\u200b\u589e\u52a0\u200b\uff0c\u200b\u53ef\u200b\u786e\u8ba4\u200b\u662f\u200b\u8be5\u200b\u95ee\u9898\u200b\u3002
"},{"location":"ops/faq/#_3","title":"\u89e3\u51b3\u200b\u65b9\u6cd5","text":"\u200b\u6839\u672c\u200b\u89e3\u51b3\u200b\u9700\u8981\u200b\u548c\u200b\u9e92\u9e9f\u200b\u4ee5\u53ca\u200b\u5bf9\u5e94\u200b\u7f51\u5361\u200b\u5382\u5546\u200b\u6c9f\u901a\u200b\uff0c\u200b\u66f4\u65b0\u200b\u7cfb\u7edf\u200b\u548c\u200b\u9a71\u52a8\u200b\u3002\u200b\u4e34\u65f6\u200b\u89e3\u51b3\u200b\u53ef\u200b\u5148\u200b\u5173\u95ed\u200b\u7269\u7406\u200b \u200b\u7f51\u5361\u200b\u7684\u200b tx offload \u200b\u4f46\u662f\u200b\u4f1a\u200b\u5bfc\u81f4\u200b tcp \u200b\u6027\u80fd\u200b\u6709\u200b\u8f83\u200b\u660e\u663e\u200b\u4e0b\u964d\u200b\u3002
ethtool -K eth0 tx off\n
\u200b\u7ecf\u200b\u793e\u533a\u200b\u53cd\u9988\u200b\u4f7f\u7528\u200b 4.19.90-25.16.v2101 \u200b\u5185\u6838\u200b\u540e\u200b\u53ef\u4ee5\u200b\u89e3\u51b3\u200b\u8be5\u200b\u95ee\u9898\u200b\u3002
"},{"location":"ops/faq/#pod-service","title":"Pod \u200b\u8bbf\u95ee\u200b Service \u200b\u4e0d\u901a","text":""},{"location":"ops/faq/#_4","title":"\u73b0\u8c61","text":"Pod \u200b\u5185\u200b\u65e0\u6cd5\u8bbf\u95ee\u200b Service \u200b\u5bf9\u5e94\u200b\u7684\u200b\u670d\u52a1\u200b\uff0cdmesg \u200b\u663e\u793a\u200b\u5f02\u5e38\u200b\uff1a
netlink: Unknown conntrack attr (type=6, max=5)\nopenvswitch: netlink: Flow actions may not be safe on all matching packets.\n
\u200b\u8be5\u200b\u65e5\u5fd7\u200b\u8bf4\u660e\u200b\u5185\u6838\u200b\u5185\u200b OVS \u200b\u7248\u672c\u200b\u8fc7\u4f4e\u200b\u4e0d\u200b\u652f\u6301\u200b\u5bf9\u5e94\u200b NAT \u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"ops/faq/#_5","title":"\u89e3\u51b3\u200b\u65b9\u6cd5","text":" - \u200b\u5347\u7ea7\u200b\u5185\u6838\u6a21\u5757\u200b\u6216\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u3002
- \u200b\u82e5\u200b\u53ea\u200b\u4f7f\u7528\u200b Overlay \u200b\u7f51\u7edc\u200b\u53ef\u4ee5\u200b\u66f4\u6539\u200b
kube-ovn-controller \u200b\u542f\u52a8\u200b\u53c2\u6570\u8bbe\u7f6e\u200b --enable-lb=false \u200b\u5173\u95ed\u200b OVN LB \u200b\u4f7f\u7528\u200b kube-proxy \u200b\u8fdb\u884c\u200b Service \u200b\u8f6c\u53d1\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/from-calico/","title":"\u5378\u8f7d\u200b Calico \u200b\u5b89\u88c5\u200b Kube-OVN","text":"\u200b\u82e5\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u5df2\u200b\u5b89\u88c5\u200b Calico \u200b\u9700\u8981\u200b\u53d8\u66f4\u200b\u4e3a\u200b Kube-OVN \u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u672c\u200b\u6587\u6863\u200b\u3002
\u200b\u672c\u6587\u200b\u4ee5\u200b Calico v3.24.1 \u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u5176\u5b83\u200b Calico \u200b\u7248\u672c\u200b\u9700\u8981\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\u3002
"},{"location":"ops/from-calico/#_1","title":"\u51c6\u5907\u200b\u5de5\u4f5c","text":"\u200b\u4e3a\u4e86\u200b\u4fdd\u8bc1\u200b\u5207\u6362\u200b CNI \u200b\u8fc7\u7a0b\u200b\u4e2d\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u4fdd\u6301\u200b\u7545\u901a\u200b\uff0cCalico ippool \u200b\u9700\u8981\u200b\u5f00\u542f\u200b nat outgoing\uff0c\u200b\u6216\u200b\u5728\u200b\u6240\u6709\u200b\u8282\u70b9\u200b\u4e0a\u200b\u5173\u95ed\u200b rp_filter\uff1a
sysctl net.ipv4.conf.all.rp_filter=0\nsysctl net.ipv4.conf.default.rp_filter=0\n# IPIP \u200b\u6a21\u5f0f\u200b\nsysctl net.ipv4.conf.tunl0.rp_filter=0\n# VXLAN \u200b\u6a21\u5f0f\u200b\nsysctl net.ipv4.conf.vxlan/calico.rp_filter=0\n# \u200b\u8def\u7531\u200b\u6a21\u5f0f\u200b\uff0ceth0 \u200b\u9700\u8981\u200b\u4fee\u6539\u200b\u4e3a\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\nsysctl net.ipv4.conf.eth0.rp_filter=0\n
"},{"location":"ops/from-calico/#kube-ovn","title":"\u90e8\u7f72\u200b Kube-OVN","text":""},{"location":"ops/from-calico/#_2","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c","text":"wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
"},{"location":"ops/from-calico/#_3","title":"\u4fee\u6539\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"\u200b\u5c06\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u91cd\u5efa\u200b Pod \u200b\u7684\u200b\u90e8\u5206\u200b\u5220\u9664\u200b\uff1a
echo \"[Step 4/6] Delete pod that not in host network mode\"\nfor ns in $(kubectl get ns --no-headers -o custom-columns=NAME:.metadata.name); do\n for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n \"$ns\" --ignore-not-found\n done\ndone\n
\u200b\u6309\u200b\u9700\u200b\u4fee\u6539\u200b\u4ee5\u4e0b\u200b\u914d\u7f6e\u200b\uff1a
REGISTRY=\"kubeovn\" # \u200b\u955c\u50cf\u200b\u4ed3\u5e93\u200b\u5730\u5740\u200b\nVERSION=\"v1.12.12\" # \u200b\u955c\u50cf\u200b\u7248\u672c\u200b/Tag\nPOD_CIDR=\"10.16.0.0/16\" # \u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/JOIN CIDR \u200b\u91cd\u53e0\u200b\nSVC_CIDR=\"10.96.0.0/12\" # \u200b\u9700\u8981\u200b\u548c\u200b apiserver \u200b\u7684\u200b service-cluster-ip-range \u200b\u4fdd\u6301\u4e00\u81f4\u200b\nJOIN_CIDR=\"100.64.0.0/16\" # Pod \u200b\u548c\u200b\u4e3b\u673a\u200b\u901a\u4fe1\u200b\u7f51\u7edc\u200b CIDR\uff0c\u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/POD CIDR \u200b\u91cd\u53e0\u200b \nLABEL=\"node-role.kubernetes.io/master\" # \u200b\u90e8\u7f72\u200b OVN DB \u200b\u8282\u70b9\u200b\u7684\u200b\u6807\u7b7e\u200b\nIFACE=\"\" # \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b\u7684\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u5982\u679c\u200b\u4e3a\u200b\u7a7a\u5219\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b Node IP \u200b\u6240\u5728\u200b\u7f51\u5361\u200b\nTUNNEL_TYPE=\"geneve\" # \u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\uff0c\u200b\u53ef\u200b\u9009\u200b geneve, vxlan \u200b\u6216\u200b stt\uff0cstt \u200b\u9700\u8981\u200b\u5355\u72ec\u200b\u7f16\u8bd1\u200b ovs \u200b\u5185\u6838\u6a21\u5757\u200b\n
\u200b\u6ce8\u610f\u200b\uff1aPOD_CIDR \u200b\u53ca\u200b JOIN_CIDR \u200b\u4e0d\u53ef\u200b\u4e0e\u200b Calico ippool \u200b\u7684\u200b CIDR \u200b\u51b2\u7a81\u200b\uff0c\u200b\u4e14\u200b POD_CIDR \u200b\u9700\u8981\u200b\u5305\u542b\u200b\u8db3\u591f\u200b\u591a\u200b\u7684\u200b IP \u200b\u6765\u200b\u5bb9\u7eb3\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u5df2\u6709\u200b\u7684\u200b Pod\u3002
"},{"location":"ops/from-calico/#_4","title":"\u6267\u884c\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"bash install.sh\n
"},{"location":"ops/from-calico/#_5","title":"\u9010\u4e2a\u200b\u8282\u70b9\u200b\u8fc1\u79fb","text":"\u200b\u6309\u7167\u200b\u4ee5\u4e0b\u200b\u65b9\u6cd5\u200b\u4e3a\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u9010\u4e2a\u200b\u8fdb\u884c\u200b\u8fc1\u79fb\u200b\u3002 \u200b\u6ce8\u610f\u200b\uff1a\u200b\u547d\u4ee4\u200b\u4e2d\u200b\u7684\u200b \\<NODE> \u200b\u9700\u8981\u200b\u66ff\u6362\u200b\u4e3a\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b\u3002
"},{"location":"ops/from-calico/#_6","title":"\u9a71\u9010\u200b\u8282\u70b9","text":"kubectl drain --ignore-daemonsets <NODE>\n
\u200b\u82e5\u6b64\u200b\u547d\u4ee4\u200b\u4e00\u76f4\u200b\u7b49\u5f85\u200b Pod \u200b\u88ab\u200b\u9a71\u9010\u200b\uff0c\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\u5f3a\u5236\u200b\u5220\u9664\u200b\u88ab\u200b\u9a71\u9010\u200b\u7684\u200b Pod\uff1a
kubectl get pod -A --field-selector=spec.nodeName=<NODE> --no-headers | \\\n awk '$4==\"Terminating\" {print $1\" \"$2}' | \\\n while read s; do kubectl delete pod --force -n $s; done\n
"},{"location":"ops/from-calico/#_7","title":"\u91cd\u542f\u200b\u8282\u70b9","text":"\u200b\u5728\u200b\u8282\u70b9\u200b\u4e2d\u200b\u6267\u884c\u200b\uff1a
shutdown -r 0\n
"},{"location":"ops/from-calico/#_8","title":"\u6062\u590d\u200b\u8282\u70b9","text":"kubectl uncordon <NODE>\n
"},{"location":"ops/from-calico/#calico","title":"\u5378\u8f7d\u200b Calico","text":""},{"location":"ops/from-calico/#k8s","title":"\u5220\u9664\u200b k8s \u200b\u8d44\u6e90","text":"kubectl -n kube-system delete deploy calico-kube-controllers\nkubectl -n kube-system delete ds calico-node\nkubectl -n kube-system delete cm calico-config\n# \u200b\u5220\u9664\u200b CRD \u200b\u53ca\u200b\u76f8\u5173\u200b\u8d44\u6e90\u200b\nkubectl get crd -o jsonpath='{range .items[*]}{.metadata.name}{\"\\n\"}{end}' | while read crd; do\n if ! echo $crd | grep '.crd.projectcalico.org$' >/dev/null; then\n continue\n fi\n\n for name in $(kubectl get $crd -o jsonpath='{.items[*].metadata.name}'); do\n kubectl delete $crd $name\n done\n kubectl delete crd $crd\ndone\n# \u200b\u5176\u5b83\u200b\u8d44\u6e90\u200b\nkubectl delete --ignore-not-found clusterrolebinding calico-node calico-kube-controllers\nkubectl delete --ignore-not-found clusterrole calico-node calico-kube-controllers\nkubectl delete --ignore-not-found sa -n kube-system calico-kube-controllers calico-node\nkubectl delete --ignore-not-found pdb -n kube-system calico-kube-controllers\n
"},{"location":"ops/from-calico/#_9","title":"\u6e05\u7406\u200b\u8282\u70b9\u200b\u6587\u4ef6","text":"\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e2d\u200b\u6267\u884c\u200b\uff1a
rm -f /etc/cni/net.d/10-calico.conflist /etc/cni/net.d/calico-kubeconfig\nrm -f /opt/cni/bin/calico /opt/cni/bin/calico-ipam\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/kubectl-ko/","title":"kubectl \u200b\u63d2\u4ef6\u200b\u4f7f\u7528","text":"\u200b\u4e3a\u4e86\u200b\u65b9\u4fbf\u200b\u65e5\u5e38\u200b\u7684\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\uff0cKube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b kubectl \u200b\u63d2\u4ef6\u200b\u5de5\u5177\u200b\uff0c\u200b\u7f51\u7edc\u7ba1\u7406\u5458\u200b \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u8be5\u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u65e5\u5e38\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u4f8b\u5982\u200b\uff1a\u200b\u67e5\u770b\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u4fe1\u606f\u200b\u548c\u200b\u72b6\u6001\u200b\uff0cOVN \u200b\u6570\u636e\u5e93\u200b \u200b\u5907\u4efd\u200b\u548c\u200b\u6062\u590d\u200b\uff0cOVS \u200b\u76f8\u5173\u200b\u4fe1\u606f\u200b\u67e5\u770b\u200b\uff0ctcpdump \u200b\u7279\u5b9a\u200b\u5bb9\u5668\u200b\uff0c\u200b\u7279\u5b9a\u200b\u94fe\u8def\u200b\u903b\u8f91\u200b\u62d3\u6251\u200b\u5c55\u793a\u200b\uff0c \u200b\u7f51\u7edc\u200b\u95ee\u9898\u200b\u8bca\u65ad\u200b\u548c\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u3002
"},{"location":"ops/kubectl-ko/#_1","title":"\u63d2\u4ef6\u200b\u5b89\u88c5","text":"Kube-OVN \u200b\u5b89\u88c5\u200b\u65f6\u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u90e8\u7f72\u200b\u63d2\u4ef6\u200b\u5230\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\uff0c\u200b\u82e5\u200b\u6267\u884c\u200b kubectl \u200b\u7684\u200b\u673a\u5668\u200b\u4e0d\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\uff0c \u200b\u6216\u200b\u9700\u8981\u200b\u91cd\u88c5\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u53ef\u200b\u53c2\u8003\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\uff1a
\u200b\u4e0b\u8f7d\u200b kubectl-ko \u200b\u6587\u4ef6\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/kubectl-ko\n
\u200b\u5c06\u200b\u8be5\u200b\u6587\u4ef6\u200b\u79fb\u52a8\u200b\u81f3\u200b $PATH \u200b\u76ee\u5f55\u200b\u4e0b\u200b\uff1a
mv kubectl-ko /usr/local/bin/kubectl-ko\n
\u200b\u589e\u52a0\u200b\u53ef\u200b\u6267\u884c\u200b\u6743\u9650\u200b\uff1a
chmod +x /usr/local/bin/kubectl-ko\n
\u200b\u68c0\u67e5\u200b\u63d2\u4ef6\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u4f7f\u7528\u200b\uff1a
# kubectl plugin list\nThe following compatible plugins are available:\n\n/usr/local/bin/kubectl-ko\n
"},{"location":"ops/kubectl-ko/#_2","title":"\u63d2\u4ef6\u200b\u4f7f\u7528","text":"\u200b\u8fd0\u884c\u200b kubectl ko \u200b\u4f1a\u200b\u5c55\u793a\u200b\u8be5\u200b\u63d2\u4ef6\u200b\u6240\u6709\u200b\u53ef\u7528\u200b\u7684\u200b\u547d\u4ee4\u200b\u548c\u200b\u7528\u6cd5\u200b\u63cf\u8ff0\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
# kubectl ko\nkubectl ko {subcommand} [option...]\nAvailable Subcommands:\n [nb|sb] [status|kick|backup|dbstatus|restore] ovn-db operations show cluster status, kick stale server, backup database, get db consistency status or restore ovn nb db when met 'inconsistent data' error\n nbctl [ovn-nbctl options ...] invoke ovn-nbctl\n sbctl [ovn-sbctl options ...] invoke ovn-sbctl\n vsctl {nodeName} [ovs-vsctl options ...] invoke ovs-vsctl on the specified node\n ofctl {nodeName} [ovs-ofctl options ...] invoke ovs-ofctl on the specified node\n dpctl {nodeName} [ovs-dpctl options ...] invoke ovs-dpctl on the specified node\n appctl {nodeName} [ovs-appctl options ...] invoke ovs-appctl on the specified node\n tcpdump {namespace/podname} [tcpdump options ...] capture pod traffic\n {trace|ovn-trace} ... trace ovn microflow of specific packet\"\n {trace|ovn-trace} {namespace/podname} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port] trace ICMP/TCP/UDP\n {trace|ovn-trace} {namespace/podname} {target ip address} [target mac address] arp {request|reply} trace ARP request/reply\n {trace|ovn-trace} {node//nodename} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port] trace ICMP/TCP/UDP\n {trace|ovn-trace} {node//nodename} {target ip address} [target mac address] arp {request|reply} trace ARP request/reply\n echo \" diagnose {all|node|subnet|IPPorts} [nodename|subnetName|{proto1}-{IP1}-{Port1},{proto2}-{IP2}-{Port2}] diagnose connectivity of all nodes or a specific node or specify subnet's ds pod or IPPorts like 'tcp-172.18.0.2-53,udp-172.18.0.3-53'\"\n tuning {install-fastpath|local-install-fastpath|remove-fastpath|install-stt|local-install-stt|remove-stt} {centos7|centos8}} [kernel-devel-version] deploy kernel optimisation components to the system\n reload restart all kube-ovn components\n log {kube-ovn|ovn|ovs|linux|all} save log to ./kubectl-ko-log/\n perf [image] performance test default image is kubeovn/test:v1.12.0 \n
\u200b\u4e0b\u9762\u200b\u5c06\u200b\u4ecb\u7ecd\u200b\u6bcf\u4e2a\u200b\u547d\u4ee4\u200b\u7684\u200b\u5177\u4f53\u200b\u529f\u80fd\u200b\u548c\u200b\u4f7f\u7528\u200b\u3002
"},{"location":"ops/kubectl-ko/#nb-sb-status-kick-backup-dbstatus-restore","title":"[nb | sb] [status | kick | backup | dbstatus | restore]","text":"\u200b\u8be5\u5b50\u200b\u547d\u4ee4\u200b\u4e3b\u8981\u200b\u5bf9\u200b OVN \u200b\u5317\u5411\u200b\u6216\u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5305\u62ec\u200b\u6570\u636e\u5e93\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u67e5\u770b\u200b\uff0c\u200b\u6570\u636e\u5e93\u200b\u8282\u70b9\u200b\u4e0b\u7ebf\u200b\uff0c \u200b\u6570\u636e\u5e93\u200b\u5907\u4efd\u200b\uff0c\u200b\u6570\u636e\u5e93\u200b\u5b58\u50a8\u72b6\u6001\u200b\u67e5\u770b\u200b\u548c\u200b\u6570\u636e\u5e93\u200b\u4fee\u590d\u200b\u3002
"},{"location":"ops/kubectl-ko/#_3","title":"\u6570\u636e\u5e93\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u67e5\u770b","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u5728\u200b\u5bf9\u5e94\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u7684\u200b leader \u200b\u8282\u70b9\u200b\u6267\u884c\u200b ovs-appctl cluster/status \u200b\u5c55\u793a\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b:
# kubectl ko nb status\n306b\nName: OVN_Northbound\nCluster ID: 9a87 (9a872522-3e7d-47ca-83a3-d74333e1a7ca)\nServer ID: 306b (306b256b-b5e1-4eb0-be91-4ca96adf6bad)\nAddress: tcp:[172.18.0.2]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 280309 ms ago, reason: timeout\nLast Election won: 280309 ms ago\nElection timer: 5000\nLog: [139, 139]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-8723 ->8723 <-85d6 ->85d6\nDisconnections: 0\nServers:\n 85d6 (85d6 at tcp:[172.18.0.4]:6643) next_index=139 match_index=138 last msg 763 ms ago\n 8723 (8723 at tcp:[172.18.0.3]:6643) next_index=139 match_index=138 last msg 763 ms ago\n 306b (306b at tcp:[172.18.0.2]:6643) (self) next_index=2 match_index=138\nstatus: ok\n
\u200b\u82e5\u200b Server \u200b\u4e0b\u200b\u7684\u200b match_index \u200b\u51fa\u73b0\u200b\u8f83\u5927\u200b\u5dee\u522b\u200b\uff0c\u200b\u4e14\u200b last msg \u200b\u65f6\u95f4\u200b\u8f83\u957f\u200b\u5219\u200b\u5bf9\u5e94\u200b Server \u200b\u53ef\u80fd\u200b\u957f\u65f6\u95f4\u200b\u6ca1\u6709\u54cd\u5e94\u200b\uff0c \u200b\u9700\u8981\u200b\u8fdb\u4e00\u6b65\u200b\u67e5\u770b\u200b\u3002
"},{"location":"ops/kubectl-ko/#_4","title":"\u6570\u636e\u5e93\u200b\u8282\u70b9\u200b\u4e0b\u7ebf","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u5c06\u200b\u67d0\u4e2a\u200b\u8282\u70b9\u200b\u4ece\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u4e2d\u200b\u79fb\u9664\u200b\uff0c\u200b\u5728\u200b\u8282\u70b9\u200b\u4e0b\u7ebf\u200b\u6216\u200b\u66f4\u6362\u200b\u8282\u70b9\u200b\u65f6\u200b\u9700\u8981\u200b\u7528\u5230\u200b\u3002 \u200b\u4e0b\u9762\u200b\u5c06\u200b\u4ee5\u4e0a\u200b\u4e00\u6761\u200b\u547d\u4ee4\u200b\u6240\u200b\u67e5\u770b\u200b\u5230\u200b\u7684\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u4e0b\u7ebf\u200b 172.18.0.3 \u200b\u8282\u70b9\u200b:
# kubectl ko nb kick 8723\nstarted removal\n
\u200b\u518d\u6b21\u200b\u67e5\u770b\u200b\u6570\u636e\u5e93\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u786e\u8ba4\u200b\u8282\u70b9\u200b\u5df2\u200b\u79fb\u9664\u200b\uff1a
# kubectl ko nb status\n306b\nName: OVN_Northbound\nCluster ID: 9a87 (9a872522-3e7d-47ca-83a3-d74333e1a7ca)\nServer ID: 306b (306b256b-b5e1-4eb0-be91-4ca96adf6bad)\nAddress: tcp:[172.18.0.2]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 324356 ms ago, reason: timeout\nLast Election won: 324356 ms ago\nElection timer: 5000\nLog: [140, 140]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-85d6 ->85d6\nDisconnections: 2\nServers:\n 85d6 (85d6 at tcp:[172.18.0.4]:6643) next_index=140 match_index=139 last msg 848 ms ago\n 306b (306b at tcp:[172.18.0.2]:6643) (self) next_index=2 match_index=139\nstatus: ok\n
"},{"location":"ops/kubectl-ko/#_5","title":"\u6570\u636e\u5e93\u200b\u5907\u4efd","text":"\u200b\u8be5\u5b50\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u5907\u4efd\u200b\u5f53\u524d\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u81f3\u200b\u672c\u5730\u200b\uff0c\u200b\u53ef\u200b\u7528\u4e8e\u200b\u707e\u5907\u200b\u548c\u200b\u6062\u590d\u200b\uff1a
# kubectl ko nb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnnb_db.060223191654183154.backup\n
"},{"location":"ops/kubectl-ko/#_6","title":"\u6570\u636e\u5e93\u200b\u5b58\u50a8\u72b6\u6001\u200b\u67e5\u770b","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u7528\u6765\u200b\u67e5\u770b\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u662f\u5426\u200b\u5b58\u5728\u200b\u635f\u574f\u200b\uff1a
# kubectl ko nb dbstatus\nstatus: ok\n
\u200b\u82e5\u200b\u5f02\u5e38\u200b\u5219\u200b\u663e\u793a\u200b inconsistent data \u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u4fee\u590d\u200b\u3002
"},{"location":"ops/kubectl-ko/#_7","title":"\u6570\u636e\u5e93\u200b\u4fee\u590d","text":"\u200b\u82e5\u200b\u6570\u636e\u5e93\u200b\u72b6\u6001\u200b\u8fdb\u5165\u200b inconsistent data \u200b\u53ef\u200b\u4f7f\u7528\u200b\u8be5\u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u4fee\u590d\u200b\uff1a
# kubectl ko nb restore\ndeployment.apps/ovn-central scaled\novn-central original replicas is 3\nfirst nodeIP is 172.18.0.5\novs-ovn pod on node 172.18.0.5 is ovs-ovn-8jxv9\novs-ovn pod on node 172.18.0.3 is ovs-ovn-sjzb6\novs-ovn pod on node 172.18.0.4 is ovs-ovn-t87zk\nbackup nb db file\nrestore nb db file, operate in pod ovs-ovn-8jxv9\ndeployment.apps/ovn-central scaled\nfinish restore nb db file and ovn-central replicas\nrecreate ovs-ovn pods\npod \"ovs-ovn-8jxv9\" deleted\npod \"ovs-ovn-sjzb6\" deleted\npod \"ovs-ovn-t87zk\" deleted\n
"},{"location":"ops/kubectl-ko/#nbctl-sbctl-options","title":"[nbctl | sbctl] [options ...]","text":"\u200b\u8be5\u5b50\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b OVN \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u6216\u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b \u200b\u7684\u200b leader \u200b\u8282\u70b9\u200b\u5206\u522b\u200b\u6267\u884c\u200b ovn-nbctl \u200b\u548c\u200b ovn-sbctl \u200b\u547d\u4ee4\u200b\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVN \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovn-nbctl(8) \u200b\u548c\u200b ovn-sbctl(8)\u3002
# kubectl ko nbctl show\nswitch c7cd17e8-ceee-4a91-9bb3-e5a313fe1ece (snat)\n port snat-ovn-cluster\n type: router\n router-port: ovn-cluster-snat\nswitch 20e0c6d0-023a-4756-aec5-200e0c60f95d (join)\n port node-liumengxin-ovn3-192.168.137.178\n addresses: [\"00:00:00:64:FF:A8 100.64.0.4\"]\n port node-liumengxin-ovn1-192.168.137.176\n addresses: [\"00:00:00:AF:98:62 100.64.0.2\"]\n port node-liumengxin-ovn2-192.168.137.177\n addresses: [\"00:00:00:D9:58:B8 100.64.0.3\"]\n port join-ovn-cluster\n type: router\n router-port: ovn-cluster-join\nswitch 0191705c-f827-427b-9de3-3c3b7d971ba5 (central)\n port central-ovn-cluster\n type: router\n router-port: ovn-cluster-central\nswitch 2a45ff05-388d-4f85-9daf-e6fccd5833dc (ovn-default)\n port alertmanager-main-0.monitoring\n addresses: [\"00:00:00:6C:DF:A3 10.16.0.19\"]\n port kube-state-metrics-5d6885d89-4nf8h.monitoring\n addresses: [\"00:00:00:6F:02:1C 10.16.0.15\"]\n port fake-kubelet-67c55dfd89-pv86k.kube-system\n addresses: [\"00:00:00:5C:12:E8 10.16.19.177\"]\n port ovn-default-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-default\nrouter 212f73dd-d63d-4d72-864b-a537e9afbee1 (ovn-cluster)\n port ovn-cluster-snat\n mac: \"00:00:00:7A:82:8F\"\n networks: [\"172.22.0.1/16\"]\n port ovn-cluster-join\n mac: \"00:00:00:F8:18:5A\"\n networks: [\"100.64.0.1/16\"]\n port ovn-cluster-central\n mac: \"00:00:00:4D:8C:F5\"\n networks: [\"192.101.0.1/16\"]\n port ovn-cluster-ovn-default\n mac: \"00:00:00:A3:F8:18\"\n networks: [\"10.16.0.1/16\"]\n
"},{"location":"ops/kubectl-ko/#vsctl-nodename-options","title":"vsctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-vsctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u8be2\u200b\u5e76\u200b\u914d\u7f6e\u200b vswitchd\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-vsctl(8)\u3002
# kubectl ko vsctl kube-ovn-01 show\n0d4c4675-c9cc-440a-8c1a-878e17f81b88\n Bridge br-int\n fail_mode: secure\n datapath_type: system\n Port a2c1a8a8b83a_h\n Interface a2c1a8a8b83a_h\n Port \"4fa5c4cbb1a5_h\"\n Interface \"4fa5c4cbb1a5_h\"\n Port ovn-eef07d-0\n Interface ovn-eef07d-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.178\"}\n Port ovn0\n Interface ovn0\n type: internal\n Port mirror0\n Interface mirror0\n type: internal\n Port ovn-efa253-0\n Interface ovn-efa253-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.177\"}\n Port br-int\n Interface br-int\n type: internal\n ovs_version: \"2.17.2\"\n
"},{"location":"ops/kubectl-ko/#ofctl-nodename-options","title":"ofctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-ofctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u8be2\u200b\u6216\u200b\u7ba1\u7406\u200b OpenFlow\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-ofctl(8)\u3002
# kubectl ko ofctl kube-ovn-01 dump-flows br-int\nNXST_FLOW reply (xid=0x4): flags=[more]\n cookie=0xcf3429e6, duration=671791.432s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=100,in_port=2 actions=load:0x4->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x1->NXM_NX_REG14[],resubmit(,8)\n cookie=0xc91413c6, duration=671791.431s, table=0, n_packets=907489, n_bytes=99978275, idle_age=0, hard_age=65534, priority=100,in_port=7 actions=load:0x1->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x4->NXM_NX_REG14[],resubmit(,8)\n cookie=0xf180459, duration=671791.431s, table=0, n_packets=17348582, n_bytes=2667811214, idle_age=0, hard_age=65534, priority=100,in_port=6317 actions=load:0xa->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x9->NXM_NX_REG14[],resubmit(,8)\n cookie=0x7806dd90, duration=671791.431s, table=0, n_packets=3235428, n_bytes=833821312, idle_age=0, hard_age=65534, priority=100,in_port=1 actions=load:0xd->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x3->NXM_NX_REG14[],resubmit(,8)\n...\n
"},{"location":"ops/kubectl-ko/#dpctl-nodename-options","title":"dpctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-dpctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u8be2\u200b\u6216\u200b\u7ba1\u7406\u200b OVS datapath\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-dpctl(8)\u3002
# kubectl ko dpctl kube-ovn-01 show\nsystem@ovs-system:\n lookups: hit:350805055 missed:21983648 lost:73\n flows: 105\n masks: hit:1970748791 total:22 hit/pkt:5.29\n port 0: ovs-system (internal)\n port 1: ovn0 (internal)\n port 2: mirror0 (internal)\n port 3: br-int (internal)\n port 4: stt_sys_7471 (stt: packet_type=ptap)\n port 5: eeb4d9e51b5d_h\n port 6: a2c1a8a8b83a_h\n port 7: 4fa5c4cbb1a5_h\n
"},{"location":"ops/kubectl-ko/#appctl-nodename-options","title":"appctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-appctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u6765\u200b\u64cd\u4f5c\u200b\u76f8\u5173\u200b daemon \u200b\u8fdb\u7a0b\u200b\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-appctl(8)\u3002
# kubectl ko appctl kube-ovn-01 vlog/list\n console syslog file\n ------- ------ ------\nbacktrace OFF ERR INFO\nbfd OFF ERR INFO\nbond OFF ERR INFO\nbridge OFF ERR INFO\nbundle OFF ERR INFO\nbundles OFF ERR INFO\n...\n
"},{"location":"ops/kubectl-ko/#tcpdump-namespacepodname-tcpdump-options","title":"tcpdump {namespace/podname} [tcpdump options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b namespace/podname \u200b\u6240\u5728\u200b\u673a\u5668\u200b\u7684\u200b kube-ovn-cni \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b tcpdump \u200b\u6293\u53d6\u200b\u5bf9\u5e94\u200b\u5bb9\u5668\u200b veth \u200b\u7f51\u5361\u200b \u200b\u7aef\u7684\u200b\u6d41\u91cf\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u65b9\u4fbf\u200b\u6392\u67e5\u200b\u7f51\u7edc\u200b\u76f8\u5173\u200b\u95ee\u9898\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
# kubectl ko tcpdump default/ds1-l6n7p icmp\n+ kubectl exec -it kube-ovn-cni-wlg4s -n kube-ovn -- tcpdump -nn -i d7176fe7b4e0_h icmp\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\nlistening on d7176fe7b4e0_h, link-type EN10MB (Ethernet), capture size 262144 bytes\n06:52:36.619688 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 1, length 64\n06:52:36.619746 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 1, length 64\n06:52:37.619588 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 2, length 64\n06:52:37.619630 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 2, length 64\n06:52:38.619933 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 3, length 64\n06:52:38.619973 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 3, length 64\n
"},{"location":"ops/kubectl-ko/#trace-arguments","title":"trace [arguments ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u5c06\u4f1a\u200b\u6253\u5370\u200b Pod \u200b\u6216\u200b\u8282\u70b9\u200b\u901a\u8fc7\u200b\u7279\u5b9a\u200b\u534f\u8bae\u200b\u8bbf\u95ee\u200b\u67d0\u200b\u5730\u5740\u200b\u65f6\u200b\u5bf9\u5e94\u200b\u7684\u200b OVN \u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\u548c\u200b\u6700\u7ec8\u200b\u7684\u200b Openflow \u200b\u6d41\u8868\u200b\uff0c \u200b\u65b9\u4fbf\u200b\u5f00\u53d1\u200b\u6216\u200b\u8fd0\u7ef4\u65f6\u200b\u5b9a\u4f4d\u200b\u6d41\u8868\u200b\u76f8\u5173\u200b\u95ee\u9898\u200b\u3002
\u200b\u652f\u6301\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
kubectl ko trace {namespace/podname} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]\nkubectl ko trace {namespace/podname} {target ip address} [target mac address] arp {request|reply}\nkubectl ko trace {node//nodename} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]\nkubectl ko trace {node//nodename} {target ip address} [target mac address] arp {request|reply}\n
\u200b\u793a\u4f8b\u200b\uff1a
# kubectl ko trace default/ds1-l6n7p 8.8.8.8 icmp\n+ kubectl exec ovn-central-5bc494cb5-np9hm -n kube-ovn -- ovn-trace --ct=new ovn-default 'inport == \"ds1-l6n7p.default\" && ip.ttl == 64 && icmp && eth.src == 0a:00:00:10:00:05 && ip4.src == 10.16.0.4 && eth.dst == 00:00:00:B8:CA:43 && ip4.dst == 8.8.8.8'\n# icmp,reg14=0xf,vlan_tci=0x0000,dl_src=0a:00:00:10:00:05,dl_dst=00:00:00:b8:ca:43,nw_src=10.16.0.4,nw_dst=8.8.8.8,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=0,icmp_code=0\n\ningress(dp=\"ovn-default\", inport=\"ds1-l6n7p.default\")\n-----------------------------------------------------\n 0. ls_in_port_sec_l2 (ovn-northd.c:4143): inport == \"ds1-l6n7p.default\" && eth.src == {0a:00:00:10:00:05}, priority 50, uuid 39453393\n next;\n 1. ls_in_port_sec_ip (ovn-northd.c:2898): inport == \"ds1-l6n7p.default\" && eth.src == 0a:00:00:10:00:05 && ip4.src == {10.16.0.4}, priority 90, uuid 81bcd485\n next;\n 3. ls_in_pre_acl (ovn-northd.c:3269): ip, priority 100, uuid 7b4f4971\n reg0[0] = 1;\n next;\n 5. ls_in_pre_stateful (ovn-northd.c:3396): reg0[0] == 1, priority 100, uuid 36cdd577\n ct_next;\n\nct_next(ct_state=new|trk)\n-------------------------\n 6. ls_in_acl (ovn-northd.c:3759): ip && (!ct.est || (ct.est && ct_label.blocked == 1)), priority 1, uuid 7608af5b\n reg0[1] = 1;\n next;\n10. ls_in_stateful (ovn-northd.c:3995): reg0[1] == 1, priority 100, uuid 2aba1b90\n ct_commit(ct_label=0/0x1);\n next;\n16. ls_in_l2_lkup (ovn-northd.c:4470): eth.dst == 00:00:00:b8:ca:43, priority 50, uuid 5c9c3c9f\n outport = \"ovn-default-ovn-cluster\";\n output;\n\n...\n
\u200b\u82e5\u200b trace \u200b\u5bf9\u8c61\u200b\u4e3a\u200b\u8fd0\u884c\u200b\u4e8e\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e0b\u200b\u7684\u200b\u865a\u62df\u673a\u200b\uff0c\u200b\u9700\u8981\u200b\u6dfb\u52a0\u200b\u989d\u5916\u200b\u53c2\u6570\u200b\u6765\u200b\u6307\u5b9a\u200b\u76ee\u7684\u200b Mac \u200b\u5730\u5740\u200b\uff1a
kubectl ko trace default/virt-handler-7lvml 8.8.8.8 82:7c:9f:83:8c:01 icmp\n
"},{"location":"ops/kubectl-ko/#diagnose-allnodesubnetipports-nodenamesubnetnameproto1-ip1-port1proto2-ip2-port2","title":"diagnose {all|node|subnet|IPPorts} [nodename|subnetName|{proto1}-{IP1}-{Port1},{proto2}-{IP2}-{Port2}]","text":"\u200b\u8bca\u65ad\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u7ec4\u4ef6\u200b\u72b6\u6001\u200b\uff0c\u200b\u5e76\u200b\u53bb\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u7684\u200b kube-ovn-pinger \u200b\u68c0\u6d4b\u200b\u5f53\u524d\u200b\u8282\u70b9\u200b\u5230\u200b\u5176\u4ed6\u200b\u8282\u70b9\u200b\u548c\u200b\u5173\u952e\u200b\u670d\u52a1\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u548c\u200b\u7f51\u7edc\u200b\u5ef6\u8fdf\u200b\uff1a
# kubectl ko diagnose all\nswitch c7cd17e8-ceee-4a91-9bb3-e5a313fe1ece (snat)\n port snat-ovn-cluster\n type: router\n router-port: ovn-cluster-snat\nswitch 20e0c6d0-023a-4756-aec5-200e0c60f95d (join)\n port node-liumengxin-ovn3-192.168.137.178\n addresses: [\"00:00:00:64:FF:A8 100.64.0.4\"]\n port node-liumengxin-ovn1-192.168.137.176\n addresses: [\"00:00:00:AF:98:62 100.64.0.2\"]\n port join-ovn-cluster\n type: router\n router-port: ovn-cluster-join\nswitch 0191705c-f827-427b-9de3-3c3b7d971ba5 (central)\n port central-ovn-cluster\n type: router\n router-port: ovn-cluster-central\nswitch 2a45ff05-388d-4f85-9daf-e6fccd5833dc (ovn-default)\n port ovn-default-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-default\n port prometheus-k8s-1.monitoring\n addresses: [\"00:00:00:AA:37:DF 10.16.0.23\"]\nrouter 212f73dd-d63d-4d72-864b-a537e9afbee1 (ovn-cluster)\n port ovn-cluster-snat\n mac: \"00:00:00:7A:82:8F\"\n networks: [\"172.22.0.1/16\"]\n port ovn-cluster-join\n mac: \"00:00:00:F8:18:5A\"\n networks: [\"100.64.0.1/16\"]\n port ovn-cluster-central\n mac: \"00:00:00:4D:8C:F5\"\n networks: [\"192.101.0.1/16\"]\n port ovn-cluster-ovn-default\n mac: \"00:00:00:A3:F8:18\"\n networks: [\"10.16.0.1/16\"]\nRouting Policies\n 31000 ip4.dst == 10.16.0.0/16 allow\n 31000 ip4.dst == 100.64.0.0/16 allow\n 30000 ip4.dst == 192.168.137.177 reroute 100.64.0.3\n 30000 ip4.dst == 192.168.137.178 reroute 100.64.0.4\n 29000 ip4.src == $ovn.default.fake.6_ip4 reroute 100.64.0.22\n 29000 ip4.src == $ovn.default.fake.7_ip4 reroute 100.64.0.21\n 29000 ip4.src == $ovn.default.fake.8_ip4 reroute 100.64.0.23\n 29000 ip4.src == $ovn.default.liumengxin.ovn3.192.168.137.178_ip4 reroute 100.64.0.4\n 20000 ip4.src == $ovn.default.liumengxin.ovn1.192.168.137.176_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.2\n 20000 ip4.src == $ovn.default.liumengxin.ovn2.192.168.137.177_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.3\n 20000 ip4.src == $ovn.default.liumengxin.ovn3.192.168.137.178_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.4\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 100.64.0.1 dst-ip\nUUID LB PROTO VIP IPs\ne9bcfd9d-793e-4431-9073-6dec96b75d71 cluster-tcp-load tcp 10.100.209.132:10660 192.168.137.176:10660\n tcp 10.101.239.192:6641 192.168.137.177:6641\n tcp 10.101.240.101:3000 10.16.0.7:3000\n tcp 10.103.184.186:6642 192.168.137.177:6642\n35d2b7a5-e3a7-485a-a4b7-b4970eb0e63b cluster-tcp-sess tcp 10.100.158.128:8080 10.16.0.10:8080,10.16.0.5:8080,10.16.63.30:8080\n tcp 10.107.26.215:8080 10.16.0.19:8080,10.16.0.20:8080,10.16.0.21:8080\n tcp 10.107.26.215:9093 10.16.0.19:9093,10.16.0.20:9093,10.16.0.21:9093\n tcp 10.98.187.99:8080 10.16.0.22:8080,10.16.0.23:8080\n tcp 10.98.187.99:9090 10.16.0.22:9090,10.16.0.23:9090\nf43303e4-89aa-4d3e-a3dc-278a552fe27b cluster-udp-load udp 10.96.0.10:53 10.16.0.4:53,10.16.0.9:53\n_uuid : 06776304-5a96-43ed-90c4-c4854c251699\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn2_192.168.137.177_underlay_v6\n\n_uuid : 62690625-87d5-491c-8675-9fd83b1f433c\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn1_192.168.137.176_underlay_v6\n\n_uuid : b03a9bae-94d5-4562-b34c-b5f6198e180b\naddresses : [\"10.16.0.0/16\", \"100.64.0.0/16\", \"172.22.0.0/16\", \"192.101.0.0/16\"]\nexternal_ids : {vendor=kube-ovn}\nname : ovn.cluster.overlay.subnets.IPv4\n\n_uuid : e1056f3a-24cc-4666-8a91-75ee6c3c2426\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : ovn.cluster.overlay.subnets.IPv6\n\n_uuid : 3e5d5fff-e670-47b2-a2f5-a39f4698a8c5\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn3_192.168.137.178_underlay_v6\n_uuid : 2d85dbdc-d0db-4abe-b19e-cc806d32b492\naction : drop\ndirection : from-lport\nexternal_ids : {}\nlabel : 0\nlog : false\nmatch : \"inport==@ovn.sg.kubeovn_deny_all && ip\"\nmeter : []\nname : []\noptions : {}\npriority : 2003\nseverity : []\n\n_uuid : de790cc8-f155-405f-bb32-5a51f30c545f\naction : drop\ndirection : to-lport\nexternal_ids : {}\nlabel : 0\nlog : false\nmatch : \"outport==@ovn.sg.kubeovn_deny_all && ip\"\nmeter : []\nname : []\noptions : {}\npriority : 2003\nseverity : []\nChassis \"e15ed4d4-1780-4d50-b09e-ea8372ed48b8\"\n hostname: liumengxin-ovn1-192.168.137.176\n Encap stt\n ip: \"192.168.137.176\"\n options: {csum=\"true\"}\n Port_Binding node-liumengxin-ovn1-192.168.137.176\n Port_Binding perf-6vxkn.default\n Port_Binding kube-state-metrics-5d6885d89-4nf8h.monitoring\n Port_Binding alertmanager-main-0.monitoring\n Port_Binding kube-ovn-pinger-6ftdf.kube-system\n Port_Binding fake-kubelet-67c55dfd89-pv86k.kube-system\n Port_Binding prometheus-k8s-0.monitoring\nChassis \"eef07da1-f8ad-4775-b14d-bd6a3b4eb0d5\"\n hostname: liumengxin-ovn3-192.168.137.178\n Encap stt\n ip: \"192.168.137.178\"\n options: {csum=\"true\"}\n Port_Binding kube-ovn-pinger-7twb4.kube-system\n Port_Binding prometheus-adapter-86df476d87-rl88g.monitoring\n Port_Binding prometheus-k8s-1.monitoring\n Port_Binding node-liumengxin-ovn3-192.168.137.178\n Port_Binding perf-ff475.default\n Port_Binding alertmanager-main-1.monitoring\n Port_Binding blackbox-exporter-676d976865-tvsjd.monitoring\nChassis \"efa253c9-494d-4719-83ae-b48ab0f11c03\"\n hostname: liumengxin-ovn2-192.168.137.177\n Encap stt\n ip: \"192.168.137.177\"\n options: {csum=\"true\"}\n Port_Binding grafana-6c4c6b8fb7-pzd2c.monitoring\n Port_Binding node-liumengxin-ovn2-192.168.137.177\n Port_Binding alertmanager-main-2.monitoring\n Port_Binding coredns-6789c94dd8-9jqsz.kube-system\n Port_Binding coredns-6789c94dd8-25d4r.kube-system\n Port_Binding prometheus-operator-7bbc99fc8b-wgjm4.monitoring\n Port_Binding prometheus-adapter-86df476d87-gdxmc.monitoring\n Port_Binding perf-fjnws.default\n Port_Binding kube-ovn-pinger-vh2xg.kube-system\nds kube-proxy ready\nkube-proxy ready\ndeployment ovn-central ready\ndeployment kube-ovn-controller ready\nds kube-ovn-cni ready\nds ovs-ovn ready\ndeployment coredns ready\novn-nb leader check ok\novn-sb leader check ok\novn-northd leader check ok\n### kube-ovn-controller recent log\n\n### start to diagnose node liumengxin-ovn1-192.168.137.176\n#### ovn-controller log:\n2022-06-03T00:56:44.897Z|16722|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:06:44.912Z|16723|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:16:44.925Z|16724|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:26:44.936Z|16725|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:36:44.959Z|16726|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:46:44.974Z|16727|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:56:44.988Z|16728|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:06:45.001Z|16729|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:16:45.025Z|16730|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:26:45.040Z|16731|inc_proc_eng|INFO|User triggered force recompute.\n\n#### ovs-vswitchd log:\n2022-06-02T23:03:00.137Z|00079|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:f9d1\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-02T23:23:31.840Z|00080|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:15b2\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T00:09:15.659Z|00081|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:dc:e3:63,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.63.30,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:e5a5\n with metadata skb_priority(0),tunnel(tun_id=0x150017000004,src=192.168.137.178,dst=192.168.137.176,ttl=64,tp_src=9239,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.63.30,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T00:30:13.409Z|00064|dpif(handler2)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:6b4a\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T02:02:33.832Z|00082|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:a819\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n\n#### ovs-vsctl show results:\n0d4c4675-c9cc-440a-8c1a-878e17f81b88\n Bridge br-int\n fail_mode: secure\n datapath_type: system\n Port a2c1a8a8b83a_h\n Interface a2c1a8a8b83a_h\n Port \"4fa5c4cbb1a5_h\"\n Interface \"4fa5c4cbb1a5_h\"\n Port ovn-eef07d-0\n Interface ovn-eef07d-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.178\"}\n Port ovn0\n Interface ovn0\n type: internal\n Port \"04d03360e9a0_h\"\n Interface \"04d03360e9a0_h\"\n Port eeb4d9e51b5d_h\n Interface eeb4d9e51b5d_h\n Port mirror0\n Interface mirror0\n type: internal\n Port \"8e5d887ccd80_h\"\n Interface \"8e5d887ccd80_h\"\n Port ovn-efa253-0\n Interface ovn-efa253-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.177\"}\n Port \"17512d5be1f1_h\"\n Interface \"17512d5be1f1_h\"\n Port br-int\n Interface br-int\n type: internal\n ovs_version: \"2.17.2\"\n\n#### pinger diagnose results:\nI0603 10:35:04.349404 17619 pinger.go:19]\n-------------------------------------------------------------------------------\nKube-OVN:\n Version: v1.12.12\n Build: 2022-04-24_08:02:50\n Commit: git-73f9d15\n Go Version: go1.17.8\n Arch: amd64\n-------------------------------------------------------------------------------\nI0603 10:35:04.376797 17619 config.go:166] pinger config is &{KubeConfigFile: KubeClient:0xc000493380 Port:8080 DaemonSetNamespace:kube-system DaemonSetName:kube-ovn-pinger Interval:5 Mode:job ExitCode:0 InternalDNS:kubernetes.default ExternalDNS: NodeName:liumengxin-ovn1-192.168.137.176 HostIP:192.168.137.176 PodName:kube-ovn-pinger-6ftdf PodIP:10.16.0.10 PodProtocols:[IPv4] ExternalAddress: NetworkMode:kube-ovn PollTimeout:2 PollInterval:15 SystemRunDir:/var/run/openvswitch DatabaseVswitchName:Open_vSwitch DatabaseVswitchSocketRemote:unix:/var/run/openvswitch/db.sock DatabaseVswitchFileDataPath:/etc/openvswitch/conf.db DatabaseVswitchFileLogPath:/var/log/openvswitch/ovsdb-server.log DatabaseVswitchFilePidPath:/var/run/openvswitch/ovsdb-server.pid DatabaseVswitchFileSystemIDPath:/etc/openvswitch/system-id.conf ServiceVswitchdFileLogPath:/var/log/openvswitch/ovs-vswitchd.log ServiceVswitchdFilePidPath:/var/run/openvswitch/ovs-vswitchd.pid ServiceOvnControllerFileLogPath:/var/log/ovn/ovn-controller.log ServiceOvnControllerFilePidPath:/var/run/ovn/ovn-controller.pid}\nI0603 10:35:04.449166 17619 exporter.go:75] liumengxin-ovn1-192.168.137.176: exporter connect successfully\nI0603 10:35:04.554011 17619 ovn.go:21] ovs-vswitchd and ovsdb are up\nI0603 10:35:04.651293 17619 ovn.go:33] ovn_controller is up\nI0603 10:35:04.651342 17619 ovn.go:39] start to check port binding\nI0603 10:35:04.749613 17619 ovn.go:135] chassis id is 1d7f3d6c-eec5-4b3c-adca-2969d9cdfd80\nI0603 10:35:04.763487 17619 ovn.go:49] port in sb is [node-liumengxin-ovn1-192.168.137.176 perf-6vxkn.default kube-state-metrics-5d6885d89-4nf8h.monitoring alertmanager-main-0.monitoring kube-ovn-pinger-6ftdf.kube-system fake-kubelet-67c55dfd89-pv86k.kube-system prometheus-k8s-0.monitoring]\nI0603 10:35:04.763583 17619 ovn.go:61] ovs and ovn-sb binding check passed\nI0603 10:35:05.049309 17619 ping.go:259] start to check apiserver connectivity\nI0603 10:35:05.053666 17619 ping.go:268] connect to apiserver success in 4.27ms\nI0603 10:35:05.053786 17619 ping.go:129] start to check pod connectivity\nI0603 10:35:05.249590 17619 ping.go:159] ping pod: kube-ovn-pinger-6ftdf 10.16.0.10, count: 3, loss count 0, average rtt 16.30ms\nI0603 10:35:05.354135 17619 ping.go:159] ping pod: kube-ovn-pinger-7twb4 10.16.63.30, count: 3, loss count 0, average rtt 1.81ms\nI0603 10:35:05.458460 17619 ping.go:159] ping pod: kube-ovn-pinger-vh2xg 10.16.0.5, count: 3, loss count 0, average rtt 1.92ms\nI0603 10:35:05.458523 17619 ping.go:83] start to check node connectivity\n
\u200b\u5982\u679c\u200b diagnose \u200b\u7684\u200b\u76ee\u6807\u200b\u6307\u5b9a\u200b\u4e3a\u200b subnet \u200b\u8be5\u200b\u811a\u672c\u200b\u4f1a\u200b\u5728\u200b subnet \u200b\u4e0a\u200b\u5efa\u7acb\u200b daemonset\uff0c\u200b\u7531\u200b kube-ovn-pinger \u200b\u53bb\u200b\u63a2\u6d4b\u200b\u8fd9\u4e2a\u200b daemonset \u200b\u7684\u200b\u6240\u6709\u200b pod \u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u548c\u200b\u7f51\u7edc\u5ef6\u65f6\u200b\uff0c\u200b\u6d4b\u8bd5\u200b\u5b8c\u540e\u200b\u81ea\u52a8\u200b\u9500\u6bc1\u200b\u8be5\u200b daemonset\u3002
\u200b\u5982\u679c\u200b diagnose \u200b\u7684\u200b\u76ee\u6807\u200b\u6307\u5b9a\u200b\u4e3a\u200b IPPorts \u200b\u8be5\u200b\u811a\u672c\u200b\u4f1a\u200b\u8ba9\u200b\u6bcf\u4e2a\u200b kube-ovn-pinger pod \u200b\u53bb\u200b\u63a2\u6d4b\u200b\u76ee\u6807\u200b\u534f\u8bae\u200b\uff0cIP\uff0cPort \u200b\u662f\u5426\u200b\u53ef\u200b\u8fbe\u200b\u3002
"},{"location":"ops/kubectl-ko/#tuning-install-fastpathlocal-install-fastpathremove-fastpathinstall-sttlocal-install-sttremove-stt-centos7centos8-kernel-devel-version","title":"tuning {install-fastpath|local-install-fastpath|remove-fastpath|install-stt|local-install-stt|remove-stt} {centos7|centos8}} [kernel-devel-version]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u6267\u884c\u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5177\u4f53\u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b\u3002
"},{"location":"ops/kubectl-ko/#reload","title":"reload","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u91cd\u542f\u200b\u6240\u6709\u200b Kube-OVN \u200b\u76f8\u5173\u200b\u7ec4\u4ef6\u200b\uff1a
# kubectl ko reload\npod \"ovn-central-8684dd94bd-vzgcr\" deleted\nWaiting for deployment \"ovn-central\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"ovn-central\" successfully rolled out\npod \"ovs-ovn-bsnvz\" deleted\npod \"ovs-ovn-m9b98\" deleted\npod \"kube-ovn-controller-8459db5ff4-64c62\" deleted\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\npod \"kube-ovn-cni-2klnh\" deleted\npod \"kube-ovn-cni-t2jz4\" deleted\nWaiting for daemon set \"kube-ovn-cni\" rollout to finish: 0 of 2 updated pods are available...\nWaiting for daemon set \"kube-ovn-cni\" rollout to finish: 1 of 2 updated pods are available...\ndaemon set \"kube-ovn-cni\" successfully rolled out\npod \"kube-ovn-pinger-ln72z\" deleted\npod \"kube-ovn-pinger-w8lrk\" deleted\nWaiting for daemon set \"kube-ovn-pinger\" rollout to finish: 0 of 2 updated pods are available...\nWaiting for daemon set \"kube-ovn-pinger\" rollout to finish: 1 of 2 updated pods are available...\ndaemon set \"kube-ovn-pinger\" successfully rolled out\npod \"kube-ovn-monitor-7fb67d5488-7q6zb\" deleted\nWaiting for deployment \"kube-ovn-monitor\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"kube-ovn-monitor\" successfully rolled out\n
"},{"location":"ops/kubectl-ko/#log","title":"log","text":"\u200b\u4f7f\u7528\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u6293\u53d6\u200b kube-ovn \u200b\u6240\u6709\u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b Kube-OVN\uff0cOVN\uff0cOpenvswitch \u200b\u7684\u200b log \u200b\u4ee5\u53ca\u200b linux \u200b\u5e38\u7528\u200b\u7684\u200b\u4e00\u4e9b\u200b debug \u200b\u4fe1\u606f\u200b\u3002
# kubectl ko log all\nCollecting kube-ovn logging files\nCollecting ovn logging files\nCollecting openvswitch logging files\nCollecting linux dmesg files\nCollecting linux iptables-legacy files\nCollecting linux iptables-nft files\nCollecting linux route files\nCollecting linux link files\nCollecting linux neigh files\nCollecting linux memory files\nCollecting linux top files\nCollecting linux sysctl files\nCollecting linux netstat files\nCollecting linux addr files\nCollecting linux ipset files\nCollecting linux tcp files\nCollected files have been saved in the directory /root/kubectl-ko-log\n
\u200b\u76ee\u5f55\u200b\u5982\u4e0b\u200b\uff1a
# tree kubectl-ko-log/\nkubectl-ko-log/\n|-- kube-ovn-control-plane\n| |-- kube-ovn\n| | |-- kube-ovn-cni.log\n| | |-- kube-ovn-monitor.log\n| | `-- kube-ovn-pinger.log\n| |-- linux\n| | |-- addr.log\n| | |-- dmesg.log\n| | |-- ipset.log\n| | |-- iptables-legacy.log\n| | |-- iptables-nft.log\n| | |-- link.log\n| | |-- memory.log\n| | |-- neigh.log\n| | |-- netstat.log\n| | |-- route.log\n| | |-- sysctl.log\n| | |-- tcp.log\n| | `-- top.log\n| |-- openvswitch\n| | |-- ovs-vswitchd.log\n| | `-- ovsdb-server.log\n| `-- ovn\n| |-- ovn-controller.log\n| |-- ovn-northd.log\n| |-- ovsdb-server-nb.log\n| `-- ovsdb-server-sb.log\n
"},{"location":"ops/kubectl-ko/#perf-image","title":"perf [image]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u53bb\u200b\u6d4b\u8bd5\u200b Kube-OVN \u200b\u7684\u200b\u4e00\u4e9b\u200b\u6027\u80fd\u6307\u6807\u200b\u5982\u4e0b\u200b\uff1a
- \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u6307\u6807\u200b\uff1b
- Hostnetwork \u200b\u7f51\u7edc\u200b\u6027\u80fd\u6307\u6807\u200b\uff1b
- \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7ec4\u200b\u64ad\u62a5\u200b\u6587\u200b\u6027\u80fd\u6307\u6807\u200b\uff1b
- OVN-NB, OVN-SB, OVN-Northd leader \u200b\u5220\u9664\u200b\u6062\u590d\u200b\u6240\u200b\u9700\u200b\u65f6\u95f4\u200b\u3002
\u200b\u53c2\u6570\u200b image \u200b\u7528\u4e8e\u200b\u6307\u5b9a\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b pod \u200b\u6240\u7528\u200b\u7684\u200b\u955c\u50cf\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u662f\u200b kubeovn/test:v1.12.0, \u200b\u8bbe\u7f6e\u200b\u8be5\u200b\u53c2\u6570\u200b\u4e3b\u8981\u200b\u662f\u200b\u4e3a\u4e86\u200b\u79bb\u7ebf\u200b\u573a\u666f\u200b\uff0c\u200b\u5c06\u200b\u955c\u50cf\u200b\u62c9\u5230\u200b\u5185\u7f51\u200b\u73af\u5883\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u6709\u200b\u955c\u50cf\u200b\u540d\u200b\u53d8\u5316\u200b\u3002
# kubectl ko perf\n============================== Prepareing Performance Test Resources ===============================\npod/test-client created\npod/test-host-client created\npod/test-server created\npod/test-host-server created\nservice/test-server created\npod/test-client condition met\npod/test-host-client condition met\npod/test-host-server condition met\npod/test-server condition met\n====================================================================================================\n============================ Start Pod Network Unicast Performance Test ============================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 82.8 us 97.7 Mbits/sec 67.6 us (0%) 8.42 Mbits/sec\n128 85.4 us 167 Mbits/sec 67.2 us (0%) 17.2 Mbits/sec\n512 85.8 us 440 Mbits/sec 68.7 us (0%) 68.4 Mbits/sec\n1k 85.1 us 567 Mbits/sec 68.7 us (0%) 134 Mbits/sec\n4k 138 us 826 Mbits/sec 78.1 us (1.4%) 503 Mbits/sec\n====================================================================================================\n=============================== Start Host Network Performance Test ================================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 49.7 us 120 Mbits/sec 37.9 us (0%) 18.6 Mbits/sec\n128 49.7 us 200 Mbits/sec 38.1 us (0%) 35.5 Mbits/sec\n512 51.9 us 588 Mbits/sec 38.9 us (0%) 142 Mbits/sec\n1k 51.7 us 944 Mbits/sec 37.2 us (0%) 279 Mbits/sec\n4k 74.9 us 1.66 Gbits/sec 39.9 us (0%) 1.20 Gbits/sec\n====================================================================================================\n============================== Start Service Network Performance Test ==============================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 111 us 96.3 Mbits/sec 88.4 us (0%) 7.59 Mbits/sec\n128 83.7 us 150 Mbits/sec 69.2 us (0%) 16.9 Mbits/sec\n512 87.4 us 374 Mbits/sec 75.8 us (0%) 60.9 Mbits/sec\n1k 88.2 us 521 Mbits/sec 73.1 us (0%) 123 Mbits/sec\n4k 148 us 813 Mbits/sec 77.6 us (0.0044%) 451 Mbits/sec\n====================================================================================================\n=========================== Start Pod Multicast Network Performance Test ===========================\nSize UDP Latency UDP Lost Rate UDP Bandwidth\n64 0.014 ms (0.17%) 5.80 Mbits/sec\n128 0.012 ms (0%) 11.4 Mbits/sec\n512 0.016 ms (0%) 46.1 Mbits/sec\n1k 0.023 ms (0.073%) 89.8 Mbits/sec\n4k 0.035 ms (1.3%) 126 Mbits/sec\n====================================================================================================\n============================= Start Host Multicast Network Performance =============================\nSize UDP Latency UDP Lost Rate UDP Bandwidth\n64 0.007 ms (0%) 9.95 Mbits/sec\n128 0.005 ms (0%) 21.8 Mbits/sec\n512 0.008 ms (0%) 86.8 Mbits/sec\n1k 0.013 ms (0.045%) 168 Mbits/sec\n4k 0.010 ms (0.31%) 242 Mbits/sec\n====================================================================================================\n================================== Start Leader Recover Time Test ==================================\nDelete ovn central nb pod\npod \"ovn-central-5cb9c67d75-tlz9w\" deleted\nWaiting for ovn central nb pod running\n=============================== OVN nb Recovery takes 3.305236803 s ================================\nDelete ovn central sb pod\npod \"ovn-central-5cb9c67d75-szx4c\" deleted\nWaiting for ovn central sb pod running\n=============================== OVN sb Recovery takes 3.462698535 s ================================\nDelete ovn central northd pod\npod \"ovn-central-5cb9c67d75-zqmqv\" deleted\nWaiting for ovn central northd pod running\n============================= OVN northd Recovery takes 2.691291403 s ==============================\n====================================================================================================\n================================= Remove Performance Test Resource =================================\nrm -f unicast-test-client.log\nrm -f unicast-test-host-client.log\nrm -f unicast-test-client.log\nkubectl ko nbctl lb-del test-server\nrm -f multicast-test-server.log\nkubectl exec ovs-ovn-gxdrf -n kube-system -- ip maddr del 01:00:5e:00:00:64 dev eth0\nkubectl exec ovs-ovn-h57bf -n kube-system -- ip maddr del 01:00:5e:00:00:64 dev eth0\nrm -f multicast-test-host-server.log\npod \"test-client\" deleted\npod \"test-host-client\" deleted\npod \"test-host-server\" deleted\npod \"test-server\" deleted\nservice \"test-server\" deleted\n====================================================================================================\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/recover-db/","title":"OVN \u200b\u6570\u636e\u5e93\u200b\u5907\u4efd\u200b\u548c\u200b\u6062\u590d","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u8fdb\u884c\u200b\u6570\u636e\u5e93\u200b\u5907\u4efd\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5728\u200b\u4e0d\u540c\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u5982\u4f55\u200b\u901a\u8fc7\u200b\u5df2\u6709\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u96c6\u7fa4\u200b\u6062\u590d\u200b\u3002
"},{"location":"ops/recover-db/#_1","title":"\u6570\u636e\u5e93\u200b\u5907\u4efd","text":"\u200b\u5229\u7528\u200b kubectl \u200b\u63d2\u4ef6\u200b\u7684\u200b backup \u200b\u547d\u4ee4\u200b\u53ef\u4ee5\u200b\u5bf9\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u5907\u4efd\u200b\uff0c\u200b\u4ee5\u200b\u7528\u4e8e\u200b\u6545\u969c\u200b\u65f6\u200b\u6062\u590d\u200b\uff1a
# kubectl ko nb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnnb_db.060223191654183154.backup\n\n# kubectl ko sb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnsb_db.060223191654183154.backup\n
"},{"location":"ops/recover-db/#_2","title":"\u96c6\u7fa4\u200b\u90e8\u5206\u200b\u6545\u969c\u200b\u6062\u590d","text":"\u200b\u82e5\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u5b58\u5728\u200b\u90e8\u5206\u200b\u8282\u70b9\u200b\u56e0\u4e3a\u200b\u65ad\u7535\u200b\uff0c\u200b\u6587\u4ef6\u7cfb\u7edf\u200b\u6545\u969c\u200b\u6216\u200b\u78c1\u76d8\u7a7a\u95f4\u200b\u4e0d\u8db3\u200b\u5bfc\u81f4\u200b\u5de5\u4f5c\u200b\u5f02\u5e38\u200b\uff0c \u200b\u4f46\u662f\u200b\u96c6\u7fa4\u200b\u4ecd\u200b\u53ef\u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5982\u4e0b\u200b\u6b65\u9aa4\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u3002
"},{"location":"ops/recover-db/#_3","title":"\u67e5\u770b\u200b\u65e5\u5fd7\u200b\u786e\u8ba4\u200b\u72b6\u6001\u200b\u5f02\u5e38","text":"\u200b\u67e5\u770b\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b /var/log/ovn/ovn-northd.log\uff0c\u200b\u82e5\u200b\u63d0\u793a\u200b\u7c7b\u4f3c\u200b\u9519\u8bef\u200b\u5219\u200b\u53ef\u200b\u5224\u65ad\u200b\u6570\u636e\u5e93\u200b\u5b58\u5728\u200b\u5f02\u5e38\u200b
* ovn-northd is not running\novsdb-server: ovsdb error: error reading record 2739 from OVN_Northbound log: record 2739 advances commit index to 6308 but last log index is 6307\n * Starting ovsdb-nb\n
"},{"location":"ops/recover-db/#_4","title":"\u4ece\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u200b\u5bf9\u5e94\u200b\u8282\u70b9","text":"\u200b\u6839\u636e\u200b\u65e5\u5fd7\u200b\u63d0\u793a\u200b\u662f\u200b OVN_Northbound \u200b\u8fd8\u662f\u200b OVN_Southbound \u200b\u9009\u62e9\u200b\u5bf9\u5e94\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u3002 \u200b\u4e0a\u8ff0\u200b\u65e5\u5fd7\u200b\u63d0\u793a\u200b\u4e3a\u200b OVN_Northbound \u200b\u5219\u200b\u5bf9\u200b ovn-nb \u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff1a
# kubectl ko nb status\n9182\nName: OVN_Northbound\nCluster ID: e75f (e75fa340-49ed-45ab-990e-26cb865ebc85)\nServer ID: 9182 (9182e8dd-b5b0-4dd8-8518-598cc1e374f3)\nAddress: tcp:[10.0.128.61]:6643\nStatus: cluster member\nRole: leader\nTerm: 1454\nLeader: self\nVote: self\n\nLast Election started 1732603 ms ago, reason: timeout\nLast Election won: 1732587 ms ago\nElection timer: 1000\nLog: [7332, 12512]\nEntries not yet committed: 1\nEntries not yet applied: 1\nConnections: ->f080 <-f080 <-e631 ->e631\nDisconnections: 1\nServers:\n f080 (f080 at tcp:[10.0.129.139]:6643) next_index=12512 match_index=12510 last msg 63 ms ago\n 9182 (9182 at tcp:[10.0.128.61]:6643) (self) next_index=10394 match_index=12510\n e631 (e631 at tcp:[10.0.131.173]:6643) next_index=12512 match_index=0\n
\u200b\u4ece\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u200b\u72b6\u6001\u200b\u5f02\u5e38\u200b\u8282\u70b9\u200b\uff1a
kubectl ko nb kick e631\n
\u200b\u767b\u5f55\u200b\u5f02\u5e38\u200b\u8282\u70b9\u200b\uff0c\u200b\u5220\u9664\u200b\u5bf9\u5e94\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff1a
mv /etc/origin/ovn/ovnnb_db.db /tmp\n
\u200b\u5220\u9664\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u7684\u200b ovn-central Pod\uff0c\u200b\u7b49\u5f85\u200b\u96c6\u7fa4\u200b\u81ea\u52a8\u200b\u6062\u590d\u200b\uff1a
kubectl delete pod -n kube-system ovn-central-xxxx\n
"},{"location":"ops/recover-db/#_5","title":"\u96c6\u7fa4\u200b\u4e0d\u80fd\u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\u4e0b\u200b\u7684\u200b\u6062\u590d","text":"\u200b\u82e5\u200b\u96c6\u7fa4\u200b\u591a\u6570\u200b\u8282\u70b9\u200b\u53d7\u635f\u200b\u65e0\u6cd5\u200b\u9009\u4e3e\u200b\u51fa\u200b leader\uff0c\u200b\u8bf7\u200b\u53c2\u7167\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u3002
"},{"location":"ops/recover-db/#ovn-central","title":"\u505c\u6b62\u200b ovn-central","text":"\u200b\u8bb0\u5f55\u200b\u5f53\u524d\u200b ovn-central \u200b\u526f\u672c\u200b\u6570\u91cf\u200b\uff0c\u200b\u5e76\u200b\u505c\u6b62\u200b ovn-central \u200b\u907f\u514d\u200b\u65b0\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u53d8\u66f4\u200b\u5f71\u54cd\u200b\u6062\u590d\u200b\uff1a
kubectl scale deployment -n kube-system ovn-central --replicas=0\n
"},{"location":"ops/recover-db/#_6","title":"\u9009\u62e9\u200b\u5907\u4efd","text":"\u200b\u7531\u4e8e\u200b\u591a\u6570\u200b\u8282\u70b9\u200b\u53d7\u635f\u200b\uff0c\u200b\u9700\u8981\u200b\u4ece\u200b\u67d0\u4e2a\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u91cd\u5efa\u200b\u96c6\u7fa4\u200b\u3002\u200b\u5982\u679c\u200b\u4e4b\u524d\u200b\u5907\u4efd\u200b\u8fc7\u200b\u6570\u636e\u5e93\u200b \u200b\u53ef\u200b\u4f7f\u7528\u200b\u4e4b\u524d\u200b\u7684\u200b\u5907\u4efd\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u3002\u200b\u5982\u679c\u200b\u6ca1\u6709\u200b\u8fdb\u884c\u200b\u8fc7\u200b\u5907\u4efd\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u4ece\u200b\u5df2\u6709\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b \u200b\u4e2d\u200b\u751f\u6210\u200b\u4e00\u4e2a\u200b\u5907\u4efd\u200b\u3002
\u200b\u7531\u4e8e\u200b\u9ed8\u8ba4\u200b\u6587\u4ef6\u5939\u200b\u4e0b\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u683c\u5f0f\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff0c\u200b\u5305\u542b\u200b\u5f53\u524d\u200b\u96c6\u7fa4\u200b\u7684\u200b\u4fe1\u606f\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u76f4\u63a5\u200b \u200b\u7528\u8be5\u200b\u6587\u4ef6\u200b\u91cd\u5efa\u200b\u6570\u636e\u5e93\u200b\uff0c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b ovsdb-tool cluster-to-standalone \u200b\u8fdb\u884c\u200b\u683c\u5f0f\u200b\u8f6c\u6362\u200b\u3002
\u200b\u9009\u62e9\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u4e2d\u6392\u200b\u7b2c\u4e00\u200b\u7684\u200b\u8282\u70b9\u200b\u6062\u590d\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff0c \u200b\u5982\u679c\u200b\u7b2c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u5df2\u635f\u574f\u200b\uff0c\u200b\u4ece\u200b\u5176\u4ed6\u200b\u673a\u5668\u200b /etc/origin/ovn \u200b\u4e0b\u200b\u590d\u5236\u200b\u6587\u4ef6\u200b\u5230\u200b\u7b2c\u4e00\u53f0\u200b\u673a\u5668\u200b \uff0c \u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\u751f\u6210\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u5907\u4efd\u200b\u3002
docker run -it -v /etc/origin/ovn:/etc/ovn kubeovn/kube-ovn:v1.12.12 bash\ncd /etc/ovn/\novsdb-tool cluster-to-standalone ovnnb_db_standalone.db ovnnb_db.db\novsdb-tool cluster-to-standalone ovnsb_db_standalone.db ovnsb_db.db\n
"},{"location":"ops/recover-db/#ovn-central_1","title":"\u5220\u9664\u200b\u6bcf\u4e2a\u200b ovn-central \u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6","text":"\u200b\u4e3a\u4e86\u200b\u907f\u514d\u200b\u91cd\u5efa\u200b\u96c6\u7fa4\u200b\u65f6\u200b\u4f7f\u7528\u200b\u5230\u200b\u9519\u8bef\u200b\u7684\u200b\u6570\u636e\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u200b\u5df2\u6709\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u6e05\u7406\u200b\uff1a
mv /etc/origin/ovn/ovnnb_db.db /tmp\nmv /etc/origin/ovn/ovnsb_db.db /tmp\n
"},{"location":"ops/recover-db/#_7","title":"\u6062\u590d\u200b\u6570\u636e\u5e93\u200b\u96c6\u7fa4","text":"\u200b\u5c06\u200b\u5907\u4efd\u200b\u6570\u636e\u5e93\u200b\u5206\u522b\u200b\u91cd\u547d\u540d\u200b\u4e3a\u200b ovnnb_db.db \u200b\u548c\u200b ovnsb_db.db\uff0c\u200b\u5e76\u200b\u590d\u5236\u5230\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u4e2d\u6392\u200b\u7b2c\u4e00\u200b\u673a\u5668\u200b\u7684\u200b /etc/origin/ovn/ \u200b\u76ee\u5f55\u200b\u4e0b\u200b\uff1a
mv /etc/origin/ovn/ovnnb_db_standalone.db /etc/origin/ovn/ovnnb_db.db\nmv /etc/origin/ovn/ovnsb_db_standalone.db /etc/origin/ovn/ovnsb_db.db\n
\u200b\u6062\u590d\u200b ovn-central \u200b\u7684\u200b\u526f\u672c\u200b\u6570\u200b\uff1a
kubectl scale deployment -n kube-system ovn-central --replicas=3\nkubectl rollout status deployment/ovn-central -n kube-system\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/architecture/","title":"\u603b\u4f53\u200b\u67b6\u6784","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u200b\u4ecb\u7ecd\u200b Kube-OVN \u200b\u7684\u200b\u603b\u4f53\u200b\u67b6\u6784\u200b\uff0c\u200b\u548c\u200b\u5404\u4e2a\u200b\u7ec4\u4ef6\u200b\u7684\u200b\u529f\u80fd\u200b\u4ee5\u53ca\u200b\u5176\u200b\u4e4b\u95f4\u200b\u7684\u200b\u4ea4\u4e92\u200b\u3002
\u200b\u603b\u4f53\u200b\u6765\u770b\u200b\uff0cKube-OVN \u200b\u4f5c\u4e3a\u200b Kubernetes \u200b\u548c\u200b OVN \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4e00\u4e2a\u200b\u6865\u6881\u200b\uff0c\u200b\u5c06\u200b\u6210\u719f\u200b\u7684\u200b SDN \u200b\u548c\u200b\u4e91\u200b\u539f\u751f\u200b\u76f8\u7ed3\u5408\u200b\u3002 \u200b\u8fd9\u200b\u610f\u5473\u7740\u200b Kube-OVN \u200b\u4e0d\u4ec5\u200b\u901a\u8fc7\u200b OVN \u200b\u5b9e\u73b0\u200b\u4e86\u200b Kubernetes \u200b\u4e0b\u200b\u7684\u200b\u7f51\u7edc\u200b\u89c4\u8303\u200b\uff0c\u200b\u4f8b\u5982\u200b CNI\uff0cService \u200b\u548c\u200b Networkpolicy\uff0c\u200b\u8fd8\u200b\u5c06\u200b\u5927\u91cf\u200b\u7684\u200b SDN \u200b\u9886\u57df\u200b\u80fd\u529b\u200b\u5e26\u5165\u200b\u4e91\u200b\u539f\u751f\u200b\uff0c\u200b\u4f8b\u5982\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\uff0c\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff0cVPC\uff0c\u200b\u7f51\u5173\u200b\uff0cQoS\uff0cACL \u200b\u548c\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002
\u200b\u540c\u65f6\u200b Kube-OVN \u200b\u8fd8\u200b\u4fdd\u6301\u200b\u4e86\u200b\u826f\u597d\u200b\u7684\u200b\u5f00\u653e\u6027\u200b\u53ef\u4ee5\u200b\u548c\u200b\u8bf8\u591a\u200b\u6280\u672f\u200b\u65b9\u6848\u200b\u96c6\u6210\u200b\uff0c\u200b\u4f8b\u5982\u200b Cilium\uff0cSubmariner\uff0cPrometheus\uff0cKubeVirt \u200b\u7b49\u7b49\u200b\u3002
"},{"location":"reference/architecture/#_2","title":"\u7ec4\u4ef6\u200b\u4ecb\u7ecd","text":"Kube-OVN \u200b\u7684\u200b\u7ec4\u4ef6\u200b\u53ef\u4ee5\u200b\u5927\u81f4\u200b\u5206\u4e3a\u200b\u4e09\u7c7b\u200b\uff1a
- \u200b\u4e0a\u6e38\u200b OVN/OVS \u200b\u7ec4\u4ef6\u200b\u3002
- \u200b\u6838\u5fc3\u200b\u63a7\u5236\u5668\u200b\u548c\u200b Agent\u3002
- \u200b\u76d1\u63a7\u200b\uff0c\u200b\u8fd0\u7ef4\u200b\u5de5\u5177\u200b\u548c\u200b\u6269\u5c55\u200b\u7ec4\u4ef6\u200b\u3002
"},{"location":"reference/architecture/#ovnovs","title":"\u4e0a\u6e38\u200b OVN/OVS \u200b\u7ec4\u4ef6","text":"\u200b\u8be5\u200b\u7c7b\u578b\u200b\u7ec4\u4ef6\u200b\u6765\u81ea\u200b OVN/OVS \u200b\u793e\u533a\u200b\uff0c\u200b\u5e76\u200b\u9488\u5bf9\u200b Kube-OVN \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\u505a\u200b\u4e86\u200b\u7279\u5b9a\u200b\u4fee\u6539\u200b\u3002 OVN/OVS \u200b\u672c\u8eab\u200b\u662f\u200b\u4e00\u5957\u200b\u6210\u719f\u200b\u7684\u200b\u7ba1\u7406\u200b\u865a\u673a\u200b\u548c\u200b\u5bb9\u5668\u200b\u7684\u200b SDN \u200b\u7cfb\u7edf\u200b\uff0c\u200b\u6211\u4eec\u200b\u5f3a\u70c8\u5efa\u8bae\u200b \u200b\u5bf9\u200b Kube-OVN \u200b\u5b9e\u73b0\u200b\u611f\u5174\u8da3\u200b\u7684\u200b\u7528\u6237\u200b\u5148\u53bb\u200b\u8bfb\u200b\u4e00\u4e0b\u200b ovn-architecture(7) \u200b\u6765\u200b\u4e86\u89e3\u200b\u4ec0\u4e48\u200b\u662f\u200b OVN \u200b\u4ee5\u53ca\u200b \u200b\u5982\u4f55\u200b\u548c\u200b\u5b83\u200b\u8fdb\u884c\u200b\u96c6\u6210\u200b\u3002Kube-OVN \u200b\u4f7f\u7528\u200b OVN \u200b\u7684\u200b\u5317\u5411\u200b\u63a5\u53e3\u200b\u521b\u5efa\u200b\u548c\u200b\u8c03\u6574\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u5176\u4e2d\u200b\u7684\u200b\u7f51\u7edc\u200b\u6982\u5ff5\u200b\u6620\u5c04\u200b\u5230\u200b Kubernetes \u200b\u4e4b\u5185\u200b\u3002
\u200b\u6240\u6709\u200b OVN/OVS \u200b\u76f8\u5173\u200b\u7ec4\u4ef6\u200b\u90fd\u200b\u5df2\u200b\u6253\u5305\u200b\u6210\u200b\u5bf9\u5e94\u200b\u955c\u50cf\u200b\uff0c\u200b\u5e76\u200b\u53ef\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u8fd0\u884c\u200b\u3002
"},{"location":"reference/architecture/#ovn-central","title":"ovn-central","text":"ovn-central Deployment \u200b\u8fd0\u884c\u200b OVN \u200b\u7684\u200b\u7ba1\u7406\u200b\u5e73\u9762\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u5305\u62ec\u200b ovn-nb, ovn-sb, \u200b\u548c\u200b ovn-northd\u3002
ovn-nb\uff1a \u200b\u4fdd\u5b58\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c\u200b\u5e76\u200b\u63d0\u4f9b\u200b API \u200b\u8fdb\u884c\u200b\u865a\u62df\u200b\u7f51\u7edc\u7ba1\u7406\u200b\u3002kube-ovn-controller \u200b\u5c06\u4f1a\u200b\u4e3b\u8981\u200b\u548c\u200b ovn-nb \u200b\u8fdb\u884c\u200b\u4ea4\u4e92\u200b\u914d\u7f6e\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u3002ovn-sb\uff1a \u200b\u4fdd\u5b58\u200b\u4ece\u200b ovn-nb \u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u7edc\u200b\u751f\u6210\u200b\u7684\u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5404\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b\u5b9e\u9645\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u72b6\u6001\u200b\u3002ovn-northd\uff1a\u200b\u5c06\u200b ovn-nb \u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u7ffb\u8bd1\u6210\u200b ovn-sb \u200b\u4e2d\u200b\u7684\u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\u3002
\u200b\u591a\u4e2a\u200b ovn-central \u200b\u5b9e\u4f8b\u200b\u4f1a\u200b\u901a\u8fc7\u200b Raft \u200b\u534f\u8bae\u200b\u540c\u6b65\u200b\u6570\u636e\u200b\u4fdd\u8bc1\u200b\u9ad8\u200b\u53ef\u7528\u200b\u3002
"},{"location":"reference/architecture/#ovs-ovn","title":"ovs-ovn","text":"ovs-ovn \u200b\u4ee5\u200b DaemonSet \u200b\u5f62\u5f0f\u200b\u8fd0\u884c\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\uff0c\u200b\u5728\u200b Pod \u200b\u5185\u200b\u8fd0\u884c\u200b\u4e86\u200b openvswitch, ovsdb, \u200b\u548c\u200b ovn-controller\u3002\u200b\u8fd9\u4e9b\u200b\u7ec4\u4ef6\u200b\u4f5c\u4e3a\u200b ovn-central \u200b\u7684\u200b Agent \u200b\u5c06\u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\u7ffb\u8bd1\u6210\u200b\u771f\u5b9e\u200b\u7684\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"reference/architecture/#agent","title":"\u6838\u5fc3\u200b\u63a7\u5236\u5668\u200b\u548c\u200b Agent","text":"\u200b\u8be5\u200b\u90e8\u5206\u200b\u4e3a\u200b Kube-OVN \u200b\u7684\u200b\u6838\u5fc3\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u4f5c\u4e3a\u200b OVN \u200b\u548c\u200b Kubernetes \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4e00\u4e2a\u200b\u6865\u6881\u200b\uff0c\u200b\u5c06\u200b\u4e24\u4e2a\u200b\u7cfb\u7edf\u200b\u6253\u901a\u200b\u5e76\u200b\u5c06\u200b\u7f51\u7edc\u200b\u6982\u5ff5\u200b\u8fdb\u884c\u200b\u76f8\u4e92\u200b\u8f6c\u6362\u200b\u3002 \u200b\u5927\u90e8\u5206\u200b\u7684\u200b\u6838\u5fc3\u200b\u529f\u80fd\u200b\u90fd\u200b\u5728\u200b\u8be5\u200b\u90e8\u5206\u200b\u7ec4\u4ef6\u200b\u4e2d\u200b\u5b9e\u73b0\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-controller","title":"kube-ovn-controller","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b Deployment \u200b\u6267\u884c\u200b\u6240\u6709\u200b Kubernetes \u200b\u5185\u200b\u8d44\u6e90\u200b\u5230\u200b OVN \u200b\u8d44\u6e90\u200b\u7684\u200b\u7ffb\u8bd1\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u5176\u200b\u4f5c\u7528\u200b\u76f8\u5f53\u4e8e\u200b\u6574\u4e2a\u200b Kube-OVN \u200b\u7cfb\u7edf\u200b\u7684\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u3002 kube-ovn-controller \u200b\u76d1\u542c\u200b\u4e86\u200b\u6240\u6709\u200b\u548c\u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\u76f8\u5173\u200b\u8d44\u6e90\u200b\u7684\u200b\u4e8b\u4ef6\u200b\uff0c\u200b\u5e76\u200b\u6839\u636e\u200b\u8d44\u6e90\u200b\u53d8\u5316\u200b\u60c5\u51b5\u200b\u66f4\u65b0\u200b OVN \u200b\u5185\u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u7edc\u200b\u3002\u200b\u4e3b\u8981\u200b\u76d1\u542c\u200b\u7684\u200b\u8d44\u6e90\u200b\u5305\u62ec\u200b\uff1a Pod\uff0cService\uff0cEndpoint\uff0cNode\uff0cNetworkPolicy\uff0cVPC\uff0cSubnet\uff0cVlan\uff0cProviderNetwork\u3002
\u200b\u4ee5\u200b Pod \u200b\u4e8b\u4ef6\u200b\u4e3a\u4f8b\u200b\uff0c kube-ovn-controller \u200b\u76d1\u542c\u200b\u5230\u200b Pod \u200b\u521b\u5efa\u200b\u4e8b\u4ef6\u200b\u540e\u200b\uff0c\u200b\u901a\u8fc7\u200b\u5185\u7f6e\u200b\u7684\u200b\u5185\u5b58\u200b IPAM \u200b\u529f\u80fd\u200b\u5206\u914d\u200b\u5730\u5740\u200b\uff0c\u200b\u5e76\u200b\u8c03\u7528\u200b ovn-central \u200b\u521b\u5efa\u200b \u200b\u903b\u8f91\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u548c\u200b\u53ef\u80fd\u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u3002\u200b\u63a5\u4e0b\u6765\u200b kube-ovn-controller \u200b\u5c06\u200b\u5206\u914d\u200b\u5230\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u548c\u200b\u5b50\u7f51\u200b\u4fe1\u606f\u200b\u4f8b\u5982\u200b CIDR\uff0c\u200b\u7f51\u5173\u200b\uff0c\u200b\u8def\u7531\u200b\u7b49\u200b\u4fe1\u606f\u200b\u5199\u4f1a\u200b\u5230\u200b Pod \u200b\u7684\u200b annotation \u200b\u4e2d\u200b\u3002\u200b\u8be5\u200b annotation \u200b\u540e\u7eed\u200b\u4f1a\u200b\u88ab\u200b kube-ovn-cni \u200b\u8bfb\u53d6\u200b\u7528\u6765\u200b\u914d\u7f6e\u200b\u672c\u5730\u7f51\u7edc\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-cni","title":"kube-ovn-cni","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b DaemonSet \u200b\u8fd0\u884c\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\uff0c\u200b\u5b9e\u73b0\u200b CNI \u200b\u63a5\u53e3\u200b\uff0c\u200b\u5e76\u200b\u64cd\u4f5c\u200b\u672c\u5730\u200b\u7684\u200b OVS \u200b\u914d\u7f6e\u200b\u5355\u673a\u200b\u7f51\u7edc\u200b\u3002
\u200b\u8be5\u200b DaemonSet \u200b\u4f1a\u200b\u590d\u5236\u200b kube-ovn \u200b\u4e8c\u8fdb\u5236\u200b\u6587\u4ef6\u200b\u5230\u200b\u6bcf\u53f0\u200b\u673a\u5668\u200b\uff0c\u200b\u4f5c\u4e3a\u200b kubelet \u200b\u548c\u200b kube-ovn-cni \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4ea4\u4e92\u200b\u5de5\u5177\u200b\uff0c\u200b\u5c06\u200b\u76f8\u5e94\u200b CNI \u200b\u8bf7\u6c42\u200b \u200b\u53d1\u9001\u7ed9\u200b kube-ovn-cni \u200b\u6267\u884c\u200b\u3002\u200b\u8be5\u200b\u4e8c\u8fdb\u5236\u200b\u6587\u4ef6\u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u88ab\u200b\u590d\u5236\u5230\u200b /opt/cni/bin \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u3002
kube-ovn-cni \u200b\u4f1a\u200b\u914d\u7f6e\u200b\u5177\u4f53\u200b\u7684\u200b\u7f51\u7edc\u200b\u6765\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u6d41\u91cf\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u4e3b\u8981\u200b\u5de5\u4f5c\u200b\u5305\u62ec\u200b\uff1a
- \u200b\u914d\u7f6e\u200b
ovn-controller \u200b\u548c\u200b vswitchd\u3002 - \u200b\u5904\u7406\u200b CNI add/del \u200b\u8bf7\u6c42\u200b\uff1a
- \u200b\u521b\u5efa\u200b\u5220\u9664\u200b veth \u200b\u5e76\u200b\u548c\u200b OVS \u200b\u7aef\u53e3\u200b\u7ed1\u5b9a\u200b\u3002
- \u200b\u914d\u7f6e\u200b OVS \u200b\u7aef\u53e3\u200b\u4fe1\u606f\u200b\u3002
- \u200b\u66f4\u65b0\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b iptables/ipset/route \u200b\u7b49\u200b\u89c4\u5219\u200b\u3002
- \u200b\u52a8\u6001\u200b\u66f4\u65b0\u200b\u5bb9\u5668\u200b QoS.
- \u200b\u521b\u5efa\u200b\u5e76\u200b\u914d\u7f6e\u200b
ovn0 \u200b\u7f51\u5361\u200b\u8054\u901a\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u3002 - \u200b\u914d\u7f6e\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b\u6765\u200b\u5b9e\u73b0\u200b Vlan/Underlay/EIP \u200b\u7b49\u200b\u529f\u80fd\u200b\u3002
- \u200b\u52a8\u6001\u200b\u914d\u7f6e\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u7f51\u200b\u5173\u200b\u3002
"},{"location":"reference/architecture/#_3","title":"\u76d1\u63a7\u200b\uff0c\u200b\u8fd0\u7ef4\u200b\u5de5\u5177\u200b\u548c\u200b\u6269\u5c55\u200b\u7ec4\u4ef6","text":"\u200b\u8be5\u200b\u90e8\u5206\u200b\u7ec4\u4ef6\u200b\u4e3b\u8981\u200b\u63d0\u4f9b\u200b\u76d1\u63a7\u200b\uff0c\u200b\u8bca\u65ad\u200b\uff0c\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u4ee5\u53ca\u200b\u548c\u200b\u5916\u90e8\u200b\u8fdb\u884c\u200b\u5bf9\u63a5\u200b\uff0c\u200b\u5bf9\u200b Kube-OVN \u200b\u7684\u200b\u6838\u5fc3\u200b\u7f51\u7edc\u200b\u80fd\u529b\u200b\u8fdb\u884c\u200b\u6269\u5c55\u200b\uff0c\u200b\u5e76\u200b\u7b80\u5316\u200b\u65e5\u5e38\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-speaker","title":"kube-ovn-speaker","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b DaemonSet \u200b\u8fd0\u884c\u200b\u5728\u200b\u7279\u5b9a\u200b\u6807\u7b7e\u200b\u7684\u200b\u8282\u70b9\u200b\u4e0a\u200b\uff0c\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u8def\u7531\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u5916\u90e8\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b Pod IP \u200b\u8bbf\u95ee\u200b\u5bb9\u5668\u200b\u3002
\u200b\u66f4\u200b\u591a\u200b\u76f8\u5173\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u8bf7\u200b\u53c2\u8003\u200b BGP \u200b\u652f\u6301\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-pinger","title":"kube-ovn-pinger","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b DaemonSet \u200b\u8fd0\u884c\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u6536\u96c6\u200b OVS \u200b\u8fd0\u884c\u200b\u4fe1\u606f\u200b\uff0c\u200b\u8282\u70b9\u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\uff0c\u200b\u7f51\u7edc\u200b\u5ef6\u8fdf\u200b\u7b49\u200b\u4fe1\u606f\u200b\uff0c\u200b\u6536\u96c6\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u53ef\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-monitor","title":"kube-ovn-monitor","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b Deployment \u200b\u6536\u96c6\u200b OVN \u200b\u7684\u200b\u8fd0\u884c\u200b\u4fe1\u606f\u200b\uff0c\u200b\u6536\u96c6\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u53ef\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
"},{"location":"reference/architecture/#kubectl-ko","title":"kubectl-ko","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b kubectl \u200b\u63d2\u4ef6\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5feb\u901f\u200b\u8fd0\u884c\u200b\u5e38\u89c1\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b kubectl \u200b\u63d2\u4ef6\u200b\u4f7f\u7528\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/dev-env/","title":"\u5f00\u53d1\u200b\u73af\u5883\u200b\u6784\u5efa","text":""},{"location":"reference/dev-env/#_2","title":"\u73af\u5883\u200b\u51c6\u5907","text":"Kube-OVN \u200b\u4f7f\u7528\u200b Go 1.20 \u200b\u5f00\u53d1\u200b\u5e76\u200b\u4f7f\u7528\u200b Go Modules \u200b\u7ba1\u7406\u200b\u4f9d\u8d56\u200b\uff0c \u200b\u8bf7\u200b\u786e\u8ba4\u200b\u73af\u5883\u53d8\u91cf\u200b GO111MODULE=\"on\"\u3002
gosec \u200b\u88ab\u200b\u7528\u6765\u200b\u626b\u63cf\u200b\u4ee3\u7801\u200b\u5b89\u5168\u200b\u76f8\u5173\u200b\u95ee\u9898\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u5f00\u53d1\u200b\u73af\u5883\u200b\u5b89\u88c5\u200b\uff1a
go install github.com/securego/gosec/v2/cmd/gosec@latest\n
\u200b\u4e3a\u4e86\u200b\u964d\u4f4e\u200b\u6700\u7ec8\u200b\u751f\u6210\u200b\u955c\u50cf\u200b\u5927\u5c0f\u200b\uff0cKube-OVN \u200b\u4f7f\u7528\u200b\u4e86\u200b\u90e8\u5206\u200b Docker buildx \u200b\u8bd5\u9a8c\u200b\u7279\u6027\u200b\uff0c\u200b\u8bf7\u200b\u66f4\u65b0\u200b Docker \u200b\u81f3\u200b\u6700\u65b0\u200b\u7248\u672c\u200b \u200b\u5e76\u200b\u5f00\u542f\u200b buildx:
docker buildx create --use\n
"},{"location":"reference/dev-env/#_3","title":"\u6784\u5efa\u200b\u955c\u50cf","text":"\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u200b\u4ee3\u7801\u200b\uff0c\u200b\u5e76\u200b\u751f\u6210\u200b\u8fd0\u884c\u200b Kube-OVN \u200b\u6240\u200b\u9700\u200b\u955c\u50cf\u200b\uff1a
git clone https://github.com/kubeovn/kube-ovn.git\ncd kube-ovn\nmake release\n
\u200b\u5982\u9700\u200b\u6784\u5efa\u200b\u5728\u200b ARM \u200b\u73af\u5883\u200b\u4e0b\u200b\u8fd0\u884c\u200b\u7684\u200b\u955c\u50cf\u200b\uff0c\u200b\u8bf7\u200b\u6267\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
make release-arm\n
"},{"location":"reference/dev-env/#base","title":"\u6784\u5efa\u200b base \u200b\u955c\u50cf","text":"\u200b\u5982\u200b\u9700\u8981\u200b\u66f4\u6539\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u7248\u672c\u200b\uff0c\u200b\u4f9d\u8d56\u200b\u5e93\u200b\uff0cOVS/OVN \u200b\u4ee3\u7801\u200b\u7b49\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u200b base \u200b\u955c\u50cf\u200b\u8fdb\u884c\u200b\u91cd\u65b0\u200b\u6784\u5efa\u200b\u3002
base \u200b\u955c\u50cf\u200b\u4f7f\u7528\u200b\u7684\u200b Dockerfile \u200b\u4e3a\u200b dist/images/Dockerfile.base\u3002
\u200b\u6784\u5efa\u200b\u65b9\u6cd5\u200b\uff1a
# build x86 base image\nmake base-amd64\n\n# build arm base image\nmake base-arm64\n
"},{"location":"reference/dev-env/#e2e","title":"\u8fd0\u884c\u200b E2E","text":"Kube-OVN \u200b\u4f7f\u7528\u200b KIND \u200b\u6784\u5efa\u200b\u672c\u5730\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\uff0cj2cli \u200b\u6e32\u67d3\u200b\u6a21\u677f\u200b\uff0c Ginkgo \u200b\u6765\u200b\u8fd0\u884c\u200b\u6d4b\u8bd5\u4ee3\u7801\u200b\u3002\u200b\u8bf7\u200b\u53c2\u8003\u200b\u76f8\u5173\u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u4f9d\u8d56\u200b\u5b89\u88c5\u200b\u3002
\u200b\u672c\u5730\u200b\u6267\u884c\u200b E2E \u200b\u6d4b\u8bd5\u200b\uff1a
make kind-init\nmake kind-install\nmake e2e\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b Underlay E2E \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install-underlay\nmake e2e-underlay-single-nic\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b ovn vpc nat gw eip, fip, snat, dnat \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install\nmake ovn-vpc-nat-gw-conformance-e2e\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b iptables vpc nat gw eip, fip, snat, dnat \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install\nmake kind-install-vpc-nat-gw\nmake iptables-vpc-nat-gw-conformance-e2e\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b loadbalancer service \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install\nmake kind-install-lb-svc\nmake kube-ovn-lb-svc-conformance-e2e\n
\u200b\u5982\u9700\u200b\u6e05\u7406\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-clean\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/document-convention/","title":"\u6587\u6863\u200b\u89c4\u8303","text":"\u200b\u4e3a\u4e86\u200b\u4fdd\u8bc1\u200b\u6587\u6863\u200b\u98ce\u683c\u200b\u4e00\u81f4\u200b\uff0c\u200b\u8bf7\u200b\u5728\u200b\u63d0\u4ea4\u200b\u6587\u6863\u200b\u65f6\u200b\u9075\u5faa\u200b\u4e0b\u5217\u200b\u7684\u200b\u98ce\u683c\u200b\u89c4\u8303\u200b\u3002
"},{"location":"reference/document-convention/#_2","title":"\u6807\u70b9","text":"\u200b\u4e2d\u6587\u200b\u6587\u6863\u200b\u4e2d\u200b\u6587\u672c\u200b\u5185\u5bb9\u200b\u6240\u6709\u200b\u6807\u70b9\u200b\u5e94\u200b\u4f7f\u7528\u200b\u4e2d\u6587\u200b\u683c\u5f0f\u200b\u6807\u70b9\u200b\uff0c\u200b\u82f1\u6587\u200b\u6587\u6863\u200b\u4e2d\u200b\u6240\u6709\u200b\u6587\u672c\u200b\u5185\u5bb9\u200b\u4e2d\u5e94\u200b\u4f7f\u7528\u200b\u82f1\u6587\u200b\u6807\u70b9\u200b\u3002
BadGood \u200b\u8fd9\u91cc\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b,\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u5feb\u901f\u200b\u5b89\u88c5\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b,\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b. \u200b\u8fd9\u91cc\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u5feb\u901f\u200b\u5b89\u88c5\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b\uff0c\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u3002 \u200b\u82f1\u6587\u200b\u6570\u5b57\u200b\u548c\u200b\u4e2d\u6587\u200b\u5e94\u8be5\u200b\u7528\u200b\u7a7a\u683c\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002
BadGood Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u6765\u200b\u5b89\u88c5\u200b 1.10 \u200b\u7248\u672c\u200b Kube-OVN\u3002 Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u6765\u200b\u5b89\u88c5\u200b 1.10 \u200b\u7248\u672c\u200b Kube-OVN\u3002 \u200b\u793a\u4f8b\u200b\u5185\u5bb9\u200b\u5e94\u8be5\u200b\u4ee5\u200b \uff1a \u200b\u5f00\u542f\u200b\uff0c\u200b\u5176\u4ed6\u200b\u53e5\u200b\u5c3e\u200b\u9700\u8981\u200b\u7528\u200b \u3002 \u200b\u7ed3\u675f\u200b\u3002
BadGood \u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b \u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\u3002 wget 127.0.0.1\n
\u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b\u3002 \u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a wget 127.0.0.1\n
"},{"location":"reference/document-convention/#_3","title":"\u4ee3\u7801\u200b\u5757","text":"yaml \u200b\u4ee3\u7801\u200b\u5757\u200b\u9700\u8981\u200b\u6807\u8bc6\u200b\u4e3a\u200b yaml\u3002
BadGood ````\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\n````\n
````yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\n````\n
\u200b\u547d\u4ee4\u884c\u200b\u64cd\u4f5c\u200b\u793a\u4f8b\u200b\u4ee3\u7801\u200b\u5757\u200b\u9700\u8981\u200b\u6807\u8bc6\u200b\u4e3a\u200b bash\u3002
BadGood ````\nwget 127.0.0.1\n````\n
````bash\nwget 127.0.0.1\n````\n
\u200b\u5982\u679c\u200b\u547d\u4ee4\u884c\u200b\u64cd\u4f5c\u200b\u793a\u4f8b\u200b\u4e2d\u200b\u5305\u542b\u200b\u8f93\u51fa\u200b\u5185\u5bb9\u200b\uff0c\u200b\u5219\u200b\u6240\u200b\u6267\u884c\u547d\u4ee4\u200b\u9700\u8981\u200b\u4ee5\u200b # \u200b\u5f00\u59cb\u200b\uff0c\u200b\u4ee5\u200b\u533a\u5206\u200b\u8f93\u5165\u200b\u4e0e\u200b\u8f93\u51fa\u200b\u3002
BadGood oilbeater@macdeMac-3 ~ ping 114.114.114.114 -c 3\nPING 114.114.114.114 (114.114.114.114): 56 data bytes\n64 bytes from 114.114.114.114: icmp_seq=0 ttl=83 time=10.429 ms\n64 bytes from 114.114.114.114: icmp_seq=1 ttl=79 time=11.360 ms\n64 bytes from 114.114.114.114: icmp_seq=2 ttl=76 time=10.794 ms\n\n--- 114.114.114.114 ping statistics ---\n3 packets transmitted, 3 packets received, 0.0% packet loss\nround-trip min/avg/max/stddev = 10.429/10.861/11.360/0.383 ms\n
# ping 114.114.114.114 -c 3\nPING 114.114.114.114 (114.114.114.114): 56 data bytes\n64 bytes from 114.114.114.114: icmp_seq=0 ttl=83 time=10.429 ms\n64 bytes from 114.114.114.114: icmp_seq=1 ttl=79 time=11.360 ms\n64 bytes from 114.114.114.114: icmp_seq=2 ttl=76 time=10.794 ms\n\n--- 114.114.114.114 ping statistics ---\n3 packets transmitted, 3 packets received, 0.0% packet loss\nround-trip min/avg/max/stddev = 10.429/10.861/11.360/0.383 ms\n
\u200b\u5982\u679c\u200b\u547d\u4ee4\u884c\u200b\u64cd\u4f5c\u200b\u793a\u4f8b\u200b\u4e2d\u200b\u53ea\u200b\u5305\u542b\u200b\u6267\u884c\u547d\u4ee4\u200b\uff0c\u200b\u6ca1\u6709\u200b\u8f93\u51fa\u200b\u7ed3\u679c\u200b\uff0c\u200b\u5219\u200b\u591a\u6761\u200b\u547d\u4ee4\u200b\u65e0\u9700\u200b # \u200b\u5f00\u59cb\u200b\u3002
BadGood # mv /etc/origin/ovn/ovnnb_db.db /tmp\n# mv /etc/origin/ovn/ovnsb_db.db /tmp\n
mv /etc/origin/ovn/ovnnb_db.db /tmp\nmv /etc/origin/ovn/ovnsb_db.db /tmp\n
"},{"location":"reference/document-convention/#_4","title":"\u94fe\u63a5","text":"\u200b\u7ad9\u200b\u5185\u200b\u94fe\u63a5\u200b\u4f7f\u7528\u200b\u5bf9\u5e94\u200b md \u200b\u6587\u4ef6\u200b\u8def\u5f84\u200b\u3002
BadGood \u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u53c2\u8003\u200b[\u200b\u51c6\u5907\u200b\u5de5\u4f5c\u200b](http://kubeovn.github.io/prepare)\u3002\n
\u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u53c2\u8003\u200b[\u200b\u51c6\u5907\u200b\u5de5\u4f5c\u200b](./prepare.md)\u3002\n
BadGood \u200b\u5982\u200b\u6709\u200b\u95ee\u9898\u200b\u8bf7\u200b\u53c2\u8003\u200b [Kubernetes \u200b\u6587\u6863\u200b](http://kubernetes.io)\u3002\n
\u200b\u5982\u200b\u6709\u200b\u95ee\u9898\u200b\u8bf7\u200b\u53c2\u8003\u200b [Kubernetes \u200b\u6587\u6863\u200b](http://kubernetes.io){: target=\"_blank\" }\u3002\n
"},{"location":"reference/document-convention/#_5","title":"\u7a7a\u884c","text":"\u200b\u4e0d\u540c\u200b\u903b\u8f91\u200b\u5757\u200b\uff0c\u200b\u4f8b\u5982\u200b\u6807\u9898\u200b\u548c\u200b\u6587\u672c\u200b\uff0c\u200b\u6587\u672c\u200b\u548c\u200b\u4ee3\u7801\u200b\uff0c\u200b\u6587\u672c\u200b\u548c\u200b\u7f16\u53f7\u200b\u4e4b\u95f4\u200b\u9700\u8981\u200b\u7528\u200b\u7a7a\u884c\u200b\u5206\u9694\u200b\u3002
BadGood \u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n```bash\nwget 127.0.0.1\n```\n
\u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n\n```bash\nwget 127.0.0.1\n```\n
\u200b\u4e0d\u540c\u200b\u903b\u8f91\u200b\u5757\u200b\u4e4b\u95f4\u200b\u53ea\u200b\u4f7f\u7528\u200b\u4e00\u4e2a\u200b\u7a7a\u884c\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002
BadGood \u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n\n\n\n```bash\nwget 127.0.0.1\n```\n
\u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n\n```bash\nwget 127.0.0.1\n```\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/feature-stage/","title":"\u529f\u80fd\u200b\u6210\u719f\u5ea6","text":"\u200b\u5728\u200b Kube-OVN \u200b\u4e2d\u200b\u6839\u636e\u200b\u529f\u80fd\u200b\u4f7f\u7528\u200b\u5ea6\u200b\uff0c\u200b\u6587\u6863\u200b\u5b8c\u5584\u200b\u7a0b\u5ea6\u200b\u548c\u200b\u6d4b\u8bd5\u200b\u8986\u76d6\u200b\u7a0b\u5ea6\u200b\u5c06\u200b\u529f\u80fd\u200b\u6210\u719f\u5ea6\u200b\u5206\u4e3a\u200b Alpha\uff0cBeta \u200b\u548c\u200b GA \u200b\u4e09\u4e2a\u200b\u9636\u6bb5\u200b\u3002
"},{"location":"reference/feature-stage/#_2","title":"\u6210\u719f\u5ea6\u200b\u5b9a\u4e49","text":"\u200b\u5bf9\u4e8e\u200b Alpha \u200b\u529f\u80fd\u200b\uff1a
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u6ca1\u6709\u200b\u5b8c\u6574\u200b\u7684\u200b\u6587\u6863\u200b\u548c\u200b\u5b8c\u5584\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u8986\u76d6\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u672a\u6765\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u53d1\u751f\u53d8\u5316\u200b\u751a\u81f3\u200b\u6574\u4f53\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b API \u200b\u4e0d\u200b\u4fdd\u8bc1\u200b\u7a33\u5b9a\u200b\uff0c\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u88ab\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u793e\u533a\u200b\u652f\u6301\u200b\u4f18\u5148\u7ea7\u200b\u8f83\u200b\u4f4e\u200b\uff0c\u200b\u4e14\u200b\u65e0\u6cd5\u200b\u4fdd\u8bc1\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u529f\u80fd\u200b\u7a33\u5b9a\u6027\u200b\u548c\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u65e0\u6cd5\u200b\u4fdd\u8bc1\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b\u9a8c\u8bc1\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u200b\u63a8\u8350\u200b\u751f\u4ea7\u200b\u4f7f\u7528\u200b\u3002
\u200b\u5bf9\u4e8e\u200b Beta \u200b\u529f\u80fd\u200b\uff1a
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u6709\u200b\u90e8\u5206\u200b\u6587\u6863\u200b\u548c\u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u4f46\u662f\u200b\u4e0d\u200b\u4fdd\u8bc1\u200b\u5b8c\u6574\u200b\u7684\u200b\u8986\u76d6\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u672a\u6765\u200b\u53ef\u80fd\u200b\u53d1\u751f\u53d8\u5316\u200b\uff0c\u200b\u5347\u7ea7\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u5f71\u54cd\u200b\u7f51\u7edc\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u4f1a\u200b\u88ab\u200b\u6574\u4f53\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b API \u200b\u672a\u6765\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u53d1\u751f\u53d8\u5316\u200b\uff0c\u200b\u5b57\u200b\u6bb5\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u4f1a\u200b\u6574\u4f53\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5f97\u5230\u200b\u793e\u533a\u200b\u7684\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5f97\u5230\u200b\u957f\u671f\u200b\u652f\u6301\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u975e\u5173\u952e\u200b\u4e1a\u52a1\u200b\u4e0a\u200b\u8fdb\u884c\u200b\u4f7f\u7528\u200b\uff0c\u200b\u4f46\u662f\u200b\u7531\u4e8e\u200b\u529f\u80fd\u200b\u548c\u200b API \u200b\u5b58\u5728\u200b\u53d8\u5316\u200b\u7684\u200b\u53ef\u80fd\u200b\uff0c\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u5728\u200b\u5347\u7ea7\u200b\u4e2d\u200b\u51fa\u73b0\u200b\u4e2d\u65ad\u200b\uff0c\u200b\u4e0d\u200b\u63a8\u8350\u200b\u5728\u200b\u5173\u952e\u200b\u751f\u4ea7\u200b\u4e1a\u52a1\u200b\u4e0a\u200b\u4f7f\u7528\u200b\u3002
\u200b\u5bf9\u4e8e\u200b GA \u200b\u529f\u80fd\u200b\uff1a
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u6709\u200b\u5b8c\u6574\u200b\u7684\u200b\u6587\u6863\u200b\u548c\u200b\u6d4b\u8bd5\u200b\u8986\u76d6\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u4fdd\u6301\u7a33\u5b9a\u200b\uff0c\u200b\u5347\u7ea7\u200b\u4f1a\u200b\u4fdd\u8bc1\u200b\u5e73\u6ed1\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b API \u200b\u4e0d\u4f1a\u200b\u53d1\u751f\u200b\u7834\u574f\u6027\u200b\u53d8\u5316\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5f97\u5230\u200b\u793e\u533a\u200b\u9ad8\u200b\u4f18\u5148\u7ea7\u200b\u652f\u6301\u200b\uff0c\u200b\u5e76\u4f1a\u200b\u4fdd\u8bc1\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u3002
"},{"location":"reference/feature-stage/#_3","title":"\u6210\u719f\u5ea6\u200b\u5217\u8868","text":"\u200b\u672c\u200b\u5217\u8868\u200b\u7edf\u8ba1\u200b\u4ece\u200b v1.8 \u200b\u7248\u672c\u200b\u4e2d\u200b\u5305\u542b\u200b\u7684\u200b\u529f\u80fd\u200b\u5bf9\u5e94\u200b\u6210\u719f\u5ea6\u200b\u3002
\u200b\u529f\u80fd\u200b \u200b\u9ed8\u8ba4\u200b\u5f00\u542f\u200b \u200b\u72b6\u6001\u200b \u200b\u5f00\u59cb\u200b\uff08Since\uff09 \u200b\u7ed3\u675f\u200b\uff08Until\uff09 Namespaced Subnet true GA 1.8 \u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b true GA 1.8 \u200b\u4e3b\u4ece\u200b\u6a21\u5f0f\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b true GA 1.8 ECMP \u200b\u6a21\u5f0f\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b false Beta 1.8 \u200b\u5b50\u7f51\u200b ACL true Alpha 1.9 \u200b\u5b50\u7f51\u200b\u9694\u79bb\u200b (\u200b\u672a\u6765\u200b\u4f1a\u200b\u548c\u200b\u5b50\u7f51\u200b ACL \u200b\u5408\u5e76\u200b) true Beta 1.8 Underlay \u200b\u5b50\u7f51\u200b true GA 1.8 \u200b\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406\u200b true Beta 1.8 \u200b\u5b50\u7f51\u200b DHCP false Alpha 1.10 \u200b\u5b50\u7f51\u200b\u8bbe\u7f6e\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b false Alpha 1.8 \u200b\u4f7f\u7528\u200b OVN-IC \u200b\u8fdb\u884c\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b false Beta 1.8 \u200b\u4f7f\u7528\u200b Submariner \u200b\u8fdb\u884c\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b false Alpha 1.9 \u200b\u5b50\u7f51\u200b VIP \u200b\u9884\u7559\u200b true Alpha 1.10 \u200b\u521b\u5efa\u200b\u81ea\u5b9a\u4e49\u200b VPC true Beta 1.8 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u6d6e\u52a8\u200b IP/SNAT/DNAT true Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u9759\u6001\u200b\u8def\u7531\u200b true Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u7b56\u7565\u200b\u8def\u7531\u200b true Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5b89\u5168\u200b\u7ec4\u200b true Alpha 1.10 \u200b\u5bb9\u5668\u200b\u6700\u5927\u200b\u5e26\u5bbd\u200b QoS true GA 1.8 linux-netem QoS true Alpha 1.9 Prometheus \u200b\u96c6\u6210\u200b false GA 1.8 Grafana \u200b\u96c6\u6210\u200b false GA 1.8 \u200b\u53cc\u6808\u200b\u7f51\u7edc\u200b false GA 1.8 \u200b\u9ed8\u8ba4\u200b VPC EIP/SNAT false Beta 1.8 \u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b false GA 1.8 NetworkPolicy true Beta 1.8 Webhook false Alpha 1.10 \u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b false Beta 1.8 Overlay \u200b\u5b50\u7f51\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b false Alpha 1.8 Overlay \u200b\u5b50\u7f51\u200b BGP \u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b false Alpha 1.9 Cilium \u200b\u96c6\u6210\u200b false Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e92\u8054\u200b false Alpha 1.10 Mellanox Offload false Alpha 1.8 \u200b\u82af\u542f\u6e90\u200b Offload false Alpha 1.10 Windows \u200b\u652f\u6301\u200b false Alpha 1.10 DPDK \u200b\u652f\u6301\u200b false Alpha 1.10 OpenStack \u200b\u96c6\u6210\u200b false Alpha 1.9 \u200b\u5355\u4e2a\u200b Pod \u200b\u56fa\u5b9a\u200b IP/Mac true GA 1.8 Workload \u200b\u56fa\u5b9a\u200b IP true GA 1.8 StatefulSet \u200b\u56fa\u5b9a\u200b IP true GA 1.8 VM \u200b\u56fa\u5b9a\u200b IP false Beta 1.9 \u200b\u9ed8\u8ba4\u200b VPC Load Balancer \u200b\u7c7b\u578b\u200b Service false Alpha 1.11 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b false Alpha 1.11 \u200b\u81ea\u5b9a\u4e49\u200b VPC DNS false Alpha 1.11 Underlay \u200b\u548c\u200b Overlay \u200b\u4e92\u901a\u200b false Alpha 1.11 \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/iptables-rules/","title":"Iptables \u200b\u89c4\u5219","text":"Kube-OVN \u200b\u4f7f\u7528\u200b ipset \u200b\u53ca\u200b iptables \u200b\u8f85\u52a9\u200b\u5b9e\u73b0\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\uff08Overlay\uff09\u200b\u7f51\u5173\u200b NAT \u200b\u7684\u200b\u529f\u80fd\u200b\u3002
\u200b\u4f7f\u7528\u200b\u7684\u200b ipset \u200b\u5982\u4e0b\u200b\u8868\u200b\u6240\u793a\u200b\uff1a
\u200b\u540d\u79f0\u200b\uff08IPv4/IPv6\uff09 \u200b\u7c7b\u578b\u200b \u200b\u5b58\u50a8\u200b\u5bf9\u8c61\u200b ovn40services/ovn60services hash:net Service \u200b\u7f51\u6bb5\u200b ovn40subnets/ovn60subnets hash:net Overlay \u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\u4ee5\u53ca\u200b NodeLocal DNS IP \u200b\u5730\u5740\u200b ovn40subnets-nat/ovn60subnets-nat hash:net \u200b\u5f00\u542f\u200b NatOutgoing \u200b\u7684\u200b Overlay \u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b ovn40subnets-distributed-gw/ovn60subnets-distributed-gw hash:net \u200b\u5f00\u542f\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u7684\u200b Overlay \u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b ovn40other-node/ovn60other-node hash:net \u200b\u5176\u5b83\u200b\u8282\u70b9\u200b\u7684\u200b\u5185\u90e8\u200b IP \u200b\u5730\u5740\u200b ovn40local-pod-ip-nat/ovn60local-pod-ip-nat hash:ip \u200b\u5df2\u5f03\u200b\u7528\u200b ovn40subnets-nat-policy hash:net \u200b\u914d\u7f6e\u200b\u4e86\u200b natOutgoingPolicyRules \u200b\u7684\u200b\u6240\u6709\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b ovn40natpr-418e79269dc5-dst hash:net natOutgoingPolicyRules \u200b\u4e2d\u200b rule \u200b\u5bf9\u5e94\u200b\u7684\u200b dstIPs ovn40natpr-418e79269dc5-src hash:net natOutgoingPolicyRules \u200b\u4e2d\u200b rule \u200b\u5bf9\u5e94\u200b\u7684\u200b srcIPs \u200b\u4f7f\u7528\u200b\u7684\u200b iptables \u200b\u89c4\u5219\u200b\uff08IPv4\uff09\u200b\u5982\u4e0b\u200b\u8868\u200b\u6240\u793a\u200b\uff1a
\u200b\u8868\u200b \u200b\u94fe\u200b \u200b\u89c4\u5219\u200b \u200b\u7528\u9014\u200b \u200b\u5907\u6ce8\u200b filter INPUT -m set --match-set ovn40services src -j ACCEPT \u200b\u5141\u8bb8\u200b k8s Service \u200b\u548c\u200b Pod \u200b\u76f8\u5173\u200b\u6d41\u91cf\u200b\u901a\u8fc7\u200b -- filter INPUT -m set --match-set ovn40services dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter INPUT -m set --match-set ovn40subnets src -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter INPUT -m set --match-set ovn40subnets dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40services src -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40services dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40subnets src -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40subnets dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -s 10.16.0.0/16 -m comment --comment \"ovn-subnet-gateway,ovn-default\" \u200b\u7528\u4e8e\u200b\u8ba1\u6570\u200b\u4ece\u200b subnet \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u7684\u200b\u62a5\u6587\u200b 10.16.0.0/16 \u200b\u4e3a\u200b subnet \u200b\u7684\u200b cidr \uff0ccomment \u200b\u4e2d\u200b\u9017\u53f7\u200b\u524d\u9762\u200b\u7684\u200b ovn-subnet-gateway \u200b\u7528\u4e8e\u200b\u6807\u8bc6\u200b\u8be5\u200b iptables \u200b\u89c4\u5219\u200b\u7528\u4e8e\u200b subnet \u200b\u51fa\u5165\u200b\u7f51\u5173\u200b\u62a5\u6587\u200b\u8ba1\u6570\u200b\uff0c\u200b\u9017\u53f7\u200b\u540e\u9762\u200b ovn-default \u200b\u662f\u200b\u8be5\u200b subnet \u200b\u7684\u200b\u540d\u5b57\u200b filter FORWARD -d 10.16.0.0/16 -m comment --comment \"ovn-subnet-gateway,ovn-default\" \u200b\u7528\u4e8e\u200b\u8ba1\u6570\u200b\u4ece\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u8bbf\u95ee\u200b subnet \u200b\u7684\u200b\u62a5\u6587\u200b \u200b\u540c\u200b\u4e0a\u200b filter OUTPUT -p udp -m udp --dport 6081 -j MARK --set-xmark 0x0 \u200b\u6e05\u9664\u200b\u6d41\u91cf\u200b\u6807\u8bb0\u200b\uff0c\u200b\u907f\u514d\u200b\u6267\u884c\u200b SNAT UDP: bad checksum on VXLAN interface nat PREROUTING -m comment --comment \"kube-ovn prerouting rules\" -j OVN-PREROUTING \u200b\u8fdb\u5165\u200b OVN-PREROUTING \u200b\u94fe\u200b\u5904\u7406\u200b -- nat POSTROUTING -m comment --comment \"kube-ovn postrouting rules\" -j OVN-POSTROUTING \u200b\u8fdb\u5165\u200b OVN-POSTROUTING \u200b\u94fe\u200b\u5904\u7406\u200b -- nat OVN-PREROUTING -i ovn0 -m set --match-set ovn40subnets src -m set --match-set ovn40services dst -j MARK --set-xmark 0x4000/0x4000 \u200b\u4e3a\u200b Pod \u200b\u8bbf\u95ee\u200b Service \u200b\u6d41\u91cf\u200b\u6dfb\u52a0\u200b masquerade \u200b\u6807\u8bb0\u200b \u200b\u4f5c\u7528\u200b\u4e8e\u200b\u5173\u95ed\u200b\u5185\u7f6e\u200b LB \u200b\u7684\u200b\u573a\u666f\u200b nat OVN-PREROUTING -p tcp -m addrtype --dst-type LOCAL -m set --match-set KUBE-NODE-PORT-LOCAL-TCP dst -j MARK --set-xmark 0x80000/0x80000 \u200b\u4e3a\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff08TCP\uff09\u200b\u6dfb\u52a0\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b \u200b\u4ec5\u200b kube-proxy \u200b\u4f7f\u7528\u200b ipvs \u200b\u6a21\u5f0f\u200b\u65f6\u200b\u5b58\u5728\u200b nat OVN-PREROUTING -p udp -m addrtype --dst-type LOCAL -m set --match-set KUBE-NODE-PORT-LOCAL-UDP dst -j MARK --set-xmark 0x80000/0x80000 \u200b\u4e3a\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff08UDP\uff09\u200b\u6dfb\u52a0\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b \u200b\u540c\u200b\u4e0a\u200b nat OVN-POSTROUTING -m set --match-set ovn40services src -m set --match-set ovn40subnets dst -m mark --mark 0x4000/0x4000 -j SNAT --to-source \u200b\u5f53\u200b\u8282\u70b9\u200b\u901a\u8fc7\u200b Service IP \u200b\u8bbf\u95ee\u200b Overlay Pod \u200b\u65f6\u200b\uff0c\u200b\u4fdd\u6301\u200b\u6e90\u200b IP \u200b\u4e3a\u200b\u8282\u70b9\u200b IP\u3002 \u200b\u4ec5\u200b kube-proxy \u200b\u4f7f\u7528\u200b ipvs \u200b\u6a21\u5f0f\u200b\u65f6\u200b\u751f\u6548\u200b nat OVN-POSTROUTING -m mark --mark 0x4000/0x4000 -j MASQUERADE \u200b\u4e3a\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b\u7684\u200b\u6d41\u91cf\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m set --match-set ovn40subnets src -m set --match-set ovn40subnets dst -j MASQUERADE \u200b\u4e3a\u200b\u901a\u8fc7\u200b\u8282\u70b9\u200b\u7684\u200b Pod \u200b\u4e4b\u95f4\u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m mark --mark 0x80000/0x80000 -m set --match-set ovn40subnets-distributed-gw dst -j RETURN \u200b\u5bf9\u4e8e\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff0c\u200b\u82e5\u200b Endpoint \u200b\u4f7f\u7528\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u65e0\u9700\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m mark --mark 0x80000/0x80000 -j MASQUERADE \u200b\u5bf9\u4e8e\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff0c\u200b\u82e5\u200b Endpoint \u200b\u4f7f\u7528\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -p tcp -m tcp --tcp-flags SYN NONE -m conntrack --ctstate NEW -j RETURN Pod IP \u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\u65f6\u200b\uff0c\u200b\u4e0d\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -s 10.16.0.0/16 -m set ! --match-set ovn40subnets dst -j SNAT --to-source 192.168.0.101 Pod \u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0c\u200b\u82e5\u200b\u5b50\u7f51\u200b\u5f00\u542f\u200b NatOutgoing \u200b\u4e14\u200b\u4f7f\u7528\u200b\u6307\u5b9a\u200b IP \u200b\u7684\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u6267\u884c\u200b SNAT 10.16.0.0/16 \u200b\u4e3a\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\uff0c192.168.0.101 \u200b\u4e3a\u200b\u6307\u5b9a\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b IP nat OVN-POSTROUTING -m set --match-set ovn40subnets-nat src -m set ! --match-set ovn40subnets dst -j MASQUERADE Pod \u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0c\u200b\u82e5\u200b\u5b50\u7f51\u200b\u5f00\u542f\u200b NatOutgoing\uff0c\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m set --match-set ovn40subnets-nat-policy src -m set ! --match-set ovn40subnets dst -j OVN-NAT-POLICY Pod \u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0c\u200b\u82e5\u200b\u5b50\u7f51\u200b\u5f00\u542f\u200b natOutgoingPolicyRules\uff0c\u200b\u6307\u5b9a\u200b\u7b56\u7565\u200b\u7684\u200b\u62a5\u6587\u200b\u6267\u884c\u200b SNAT \u200b\u914d\u7f6e\u200b\u4e86\u200b natOutgoingPolicyRules \u200b\u5b50\u7f51\u200b\u7684\u200b\u51fa\u5916\u200b\u7f51\u200b\u62a5\u6587\u200b\u7684\u200b\u8fdb\u5165\u200b\u94fe\u200b OVN-NAT-POLICY nat OVN-POSTROUTING -m mark --mark 0x90001/0x90001 -j MASQUERADE --random-fully \u200b\u540c\u200b\u4e0a\u200b \u200b\u4ece\u200b OVN-NAT-POLICY \u200b\u51fa\u6765\u200b\u540e\u200b\uff0c\u200b\u5982\u679c\u200b\u88ab\u200b\u6253\u200b\u4e0a\u200b tag 0x90001/0x90001 \u200b\u5c31\u200b\u4f1a\u200b\u505a\u200b SNAT nat OVN-POSTROUTING -m mark --mark 0x90002/0x90002 -j RETURN \u200b\u540c\u200b\u4e0a\u200b \u200b\u4ece\u200b OVN-NAT-POLICY \u200b\u51fa\u6765\u200b\u540e\u200b, \u200b\u5982\u679c\u200b\u88ab\u200b\u6253\u200b\u4e0a\u200b tag 0x90002/0x90002 \u200b\u4e0d\u4f1a\u200b\u505a\u200b SNAT nat OVN-NAT-POLICY -s 10.0.11.0/24 -m comment --comment natPolicySubnet-net1 -j OVN-NAT-PSUBNET-aa98851157c5 \u200b\u540c\u200b\u4e0a\u200b 10.0.11.0/24 \u200b\u8868\u793a\u200b\u5b50\u7f51\u200b net1 \u200b\u7684\u200b CIDR\uff0c OVN-NAT-PSUBNET-aa98851157c5 \u200b\u8fd9\u6761\u200b\u94fe\u4e0b\u200b\u7684\u200b\u89c4\u5219\u200b\u5c31\u200b\u5bf9\u5e94\u200b\u8fd9\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b natOutgoingPolicyRules \u200b\u914d\u7f6e\u200b nat OVN-NAT-PSUBNET-xxxxxxxxxxxx -m set --match-set ovn40natpr-418e79269dc5-src src -m set --match-set ovn40natpr-418e79269dc5-dst dst -j MARK --set-xmark 0x90002/0x90002 \u200b\u540c\u200b\u4e0a\u200b 418e79269dc5 \u200b\u8868\u793a\u200b natOutgoingPolicyRules \u200b\u4e2d\u200b\u7684\u200b\u4e00\u6761\u200b\u89c4\u5219\u200b\u7684\u200b ID\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b status.natOutgoingPolicyRules[index].RuleID \u200b\u67e5\u770b\u200b\u5230\u200b\uff0c \u200b\u8868\u793a\u200b srcIPs \u200b\u6ee1\u8db3\u200b ovn40natpr-418e79269dc5-src\uff0c dstIPS \u200b\u6ee1\u8db3\u200b ovn40natpr-418e79269dc5-dst \u200b\u4f1a\u200b\u6253\u200b\u4e0a\u200b tag 0x90002 mangle OVN-OUTPUT -d 10.241.39.2/32 -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x90003/0x90003 \u200b\u5c06\u200b kubelet \u200b\u7684\u200b\u63a2\u6d4b\u200b\u6d41\u91cf\u200b\u52a0\u4e0a\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b\u4ece\u800c\u200b\u5f15\u5165\u200b\u5230\u200b tproxy mangle OVN-PREROUTING -d 10.241.39.2/32 -p tcp -m tcp --dport 80 -j TPROXY --on-port 8102 --on-ip 172.18.0.3 --tproxy-mark 0x90004/0x90004 \u200b\u5c06\u200b kubelet \u200b\u7684\u200b\u63a2\u6d4b\u200b\u6d41\u91cf\u200b\u52a0\u4e0a\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b\u4ece\u800c\u200b\u5f15\u5165\u200b\u5230\u200b tproxy \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/kube-ovn-api/","title":"Kube-OVN \u200b\u63a5\u53e3\u200b\u89c4\u8303","text":"\u200b\u57fa\u4e8e\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\uff0c\u200b\u6574\u7406\u200b\u4e86\u200b Kube-OVN \u200b\u652f\u6301\u200b\u7684\u200b CRD \u200b\u8d44\u6e90\u200b\u5217\u8868\u200b\uff0c\u200b\u5217\u51fa\u200b CRD \u200b\u5b9a\u4e49\u200b\u5404\u5b57\u200b\u6bb5\u200b\u7684\u200b\u53d6\u503c\u200b\u7c7b\u578b\u200b\u548c\u200b\u542b\u4e49\u200b\uff0c\u200b\u4ee5\u200b\u4f9b\u53c2\u8003\u200b\u3002
"},{"location":"reference/kube-ovn-api/#condition","title":"\u901a\u7528\u200b\u7684\u200b Condition \u200b\u5b9a\u4e49","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b type String \u200b\u72b6\u6001\u200b\u7c7b\u578b\u200b status String \u200b\u72b6\u6001\u503c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b True\uff0cFalse \u200b\u6216\u200b Unknown reason String \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u7684\u200b\u539f\u56e0\u200b message String \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u7684\u200b\u5177\u4f53\u200b\u4fe1\u606f\u200b lastUpdateTime Time \u200b\u4e0a\u6b21\u200b\u72b6\u6001\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b lastTransitionTime Time \u200b\u4e0a\u6b21\u200b\u72b6\u6001\u200b\u7c7b\u578b\u200b\u53d1\u751f\u53d8\u5316\u200b\u7684\u200b\u65f6\u95f4\u200b \u200b\u5728\u200b\u5404\u200b CRD \u200b\u7684\u200b\u5b9a\u4e49\u200b\u4e2d\u200b\uff0cStatus \u200b\u4e2d\u200b\u7684\u200b Condition \u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u90fd\u200b\u9075\u5faa\u200b\u4e0a\u8ff0\u200b\u683c\u5f0f\u200b\uff0c\u200b\u56e0\u6b64\u200b\u63d0\u524d\u200b\u8fdb\u884c\u200b\u8bf4\u660e\u200b\u3002
"},{"location":"reference/kube-ovn-api/#subnet","title":"Subnet \u200b\u5b9a\u4e49","text":""},{"location":"reference/kube-ovn-api/#subnet_1","title":"Subnet","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Subnet metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec SubnetSpec Subnet \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status SubnetStatus Subnet \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#subnetspec","title":"SubnetSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b default Bool \u200b\u8be5\u200b\u5b50\u7f51\u200b\u662f\u5426\u200b\u4e3a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b vpc String \u200b\u5b50\u7f51\u200b\u6240\u5c5e\u200b Vpc\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b ovn-cluster protocol String IP \u200b\u534f\u8bae\u200b\uff0c\u200b\u53d6\u503c\u200b\u53ef\u4ee5\u200b\u4e3a\u200b IPv4\uff0cIPv6 \u200b\u6216\u200b Dual namespaces []String \u200b\u8be5\u200b\u5b50\u7f51\u200b\u6240\u200b\u7ed1\u5b9a\u200b\u7684\u200b namespace \u200b\u5217\u8868\u200b cidrBlock String \u200b\u5b50\u7f51\u200b\u7684\u200b\u7f51\u6bb5\u200b\u8303\u56f4\u200b\uff0c\u200b\u5982\u200b 10.16.0.0/16 gateway String \u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u8be5\u200b\u5b50\u7f51\u200b CIDRBlock \u200b\u4e0b\u200b\u7684\u200b\u7b2c\u4e00\u4e2a\u200b\u53ef\u7528\u200b\u5730\u5740\u200b excludeIps []String \u200b\u8be5\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u4e0d\u4f1a\u200b\u88ab\u200b\u81ea\u52a8\u200b\u5206\u914d\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b provider String \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b ovn\u3002\u200b\u591a\u200b\u7f51\u5361\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u914d\u7f6e\u200b\u53d6\u503c\u200b\u4e3a\u200b NetworkAttachmentDefinition \u200b\u7684\u200b .\uff0cKube-OVN \u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u8fd9\u4e9b\u200b\u4fe1\u606f\u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u8d44\u6e90\u200b gatewayType String Overlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u7684\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b\uff0c\u200b\u53d6\u503c\u200b\u53ef\u4ee5\u200b\u4e3a\u200b distributed \u200b\u6216\u200b centralized gatewayNode String \u200b\u5f53\u200b\u7f51\u5173\u200b\u6a21\u5f0f\u200b\u4e3a\u200b centralized \u200b\u65f6\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4e3a\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u7684\u200b\u591a\u4e2a\u200b\u8282\u70b9\u200b natOutgoing Bool \u200b\u51fa\u7f51\u200b\u6d41\u91cf\u200b\u662f\u5426\u200b\u8fdb\u884c\u200b NAT\u3002\u200b\u8be5\u200b\u53c2\u6570\u200b\u548c\u200b externalEgressGateway \u200b\u53c2\u6570\u200b\u4e0d\u80fd\u200b\u540c\u65f6\u200b\u8bbe\u7f6e\u200b\u3002 externalEgressGateway String \u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\u3002\u200b\u9700\u8981\u200b\u548c\u5b50\u200b\u7f51\u7f51\u200b\u5173\u8282\u70b9\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u53ef\u8fbe\u57df\u200b\uff0c\u200b\u8be5\u200b\u53c2\u6570\u200b\u548c\u200b natOutgoing \u200b\u53c2\u6570\u200b\u4e0d\u80fd\u200b\u540c\u65f6\u200b\u8bbe\u7f6e\u200b policyRoutingPriority Uint32 \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b\u3002\u200b\u6dfb\u52a0\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4f7f\u7528\u200b\u53c2\u6570\u200b\uff0c\u200b\u63a7\u5236\u200b\u6d41\u91cf\u200b\u7ecf\u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u4e4b\u540e\u200b\uff0c\u200b\u8f6c\u53d1\u200b\u5230\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u5730\u5740\u200b policyRoutingTableID Uint32 \u200b\u4f7f\u7528\u200b\u7684\u200b\u672c\u5730\u200b\u7b56\u7565\u200b\u8def\u7531\u8868\u200b\u7684\u200b TableID\uff0c\u200b\u6bcf\u4e2a\u200b\u5b50\u7f51\u200b\u5747\u200b\u9700\u200b\u4e0d\u540c\u200b\u4ee5\u200b\u907f\u514d\u200b\u51b2\u7a81\u200b private Bool \u200b\u6807\u8bc6\u200b\u8be5\u200b\u5b50\u7f51\u200b\u662f\u5426\u200b\u4e3a\u200b\u79c1\u6709\u200b\u5b50\u7f51\u200b\uff0c\u200b\u79c1\u6709\u200b\u5b50\u7f51\u200b\u9ed8\u8ba4\u200b\u62d2\u7edd\u200b\u5b50\u7f51\u200b\u5916\u200b\u7684\u200b\u5730\u5740\u200b\u8bbf\u95ee\u200b allowSubnets []String \u200b\u5b50\u7f51\u200b\u4e3a\u200b\u79c1\u6709\u200b\u5b50\u7f51\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u5141\u8bb8\u200b\u8bbf\u95ee\u200b\u8be5\u200b\u5b50\u7f51\u200b\u5730\u5740\u200b\u7684\u200b\u96c6\u5408\u200b vlan String \u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\u7684\u200b Vlan \u200b\u540d\u79f0\u200b vips []String \u200b\u5b50\u7f51\u200b\u4e0b\u200b virtual \u200b\u7c7b\u578b\u200b lsp \u200b\u7684\u200b virtual-ip \u200b\u53c2\u6570\u4fe1\u606f\u200b logicalGateway Bool \u200b\u662f\u5426\u200b\u542f\u7528\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b disableGatewayCheck Bool \u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u662f\u5426\u200b\u8df3\u8fc7\u200b\u7f51\u5173\u200b\u8054\u901a\u200b\u6027\u200b\u68c0\u67e5\u200b disableInterConnection Bool \u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u5b50\u7f51\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b enableDHCP Bool \u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp \u200b\u7684\u200b dhcp \u200b\u914d\u7f6e\u200b\u9009\u9879\u200b dhcpV4Options String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv4_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b dhcpV6Options String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv6_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b enableIPv6RA Bool \u200b\u63a7\u5236\u200b\u5b50\u7f51\u200b\u8fde\u63a5\u200b\u8def\u7531\u5668\u200b\u7684\u200b lrp \u200b\u7aef\u53e3\u200b\uff0c\u200b\u662f\u5426\u200b\u914d\u7f6e\u200b ipv6_ra_configs \u200b\u53c2\u6570\u200b ipv6RAConfigs String \u200b\u5b50\u7f51\u200b\u8fde\u63a5\u200b\u8def\u7531\u5668\u200b\u7684\u200b lrp \u200b\u7aef\u53e3\u200b\uff0cipv6_ra_configs \u200b\u53c2\u6570\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b acls []Acl \u200b\u5b50\u7f51\u200b\u5bf9\u5e94\u200b logical-switch \u200b\u5173\u8054\u200b\u7684\u200b acls \u200b\u8bb0\u5f55\u200b u2oInterconnection Bool \u200b\u662f\u5426\u200b\u5f00\u542f\u200b Overlay/Underlay \u200b\u7684\u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b enableLb *Bool \u200b\u63a7\u5236\u200b\u5b50\u7f51\u200b\u5bf9\u5e94\u200b\u7684\u200b logical-switch \u200b\u662f\u5426\u200b\u5173\u8054\u200b load-balancer \u200b\u8bb0\u5f55\u200b enableEcmp Bool \u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u662f\u5426\u200b\u5f00\u542f\u200b ECMP \u200b\u8def\u7531"},{"location":"reference/kube-ovn-api/#acl","title":"Acl","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b direction String Acl \u200b\u9650\u5236\u200b\u65b9\u5411\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b from-lport \u200b\u6216\u8005\u200b to-lport priority Int Acl \u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u53d6\u503c\u200b\u8303\u56f4\u200b 0 \u200b\u5230\u200b 32767 match String Acl \u200b\u89c4\u5219\u200b\u5339\u914d\u200b\u8868\u8fbe\u5f0f\u200b action String Acl \u200b\u89c4\u5219\u200b\u52a8\u4f5c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b allow-related, allow-stateless, allow, drop, reject \u200b\u5176\u4e2d\u200b\u4e00\u4e2a"},{"location":"reference/kube-ovn-api/#subnetstatus","title":"SubnetStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []SubnetCondition \u200b\u5b50\u7f51\u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b v4AvailableIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv4 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v4availableIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv4 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b v4UsingIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv4 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v4usingIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv4 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b v6AvailableIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv6 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v6availableIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv6 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b v6UsingIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv6 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v6usingIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv6 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b sctivateGateway String \u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b\uff0c\u200b\u4e3b\u5907\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u5f53\u524d\u200b\u6b63\u5728\u200b\u5de5\u4f5c\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b dhcpV4OptionsUUID String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv4_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b\u6807\u8bc6\u200b dhcpV6OptionsUUID String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv6_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b\u6807\u8bc6\u200b u2oInterconnectionIP String \u200b\u5f00\u542f\u200b Overlay/Underlay \u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b\u540e\u200b\uff0c\u200b\u6240\u200b\u5360\u7528\u200b\u7684\u200b\u7528\u4e8e\u200b\u4e92\u8054\u200b\u7684\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#ip","title":"IP \u200b\u5b9a\u4e49","text":""},{"location":"reference/kube-ovn-api/#ip_1","title":"IP","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IP metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IPSpec IP \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#ipsepc","title":"IPSepc","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b podName String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u540d\u79f0\u200b namespace String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u6240\u5728\u200b Namespace \u200b\u540d\u79f0\u200b subnet String IP \u200b\u6240\u5c5e\u200b Subnet attachSubnets []String \u200b\u8be5\u4e3b\u200b IP \u200b\u4e0b\u200b\u5176\u4ed6\u200b\u9644\u5c5e\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b\uff08\u200b\u5b57\u200b\u6bb5\u200b\u5e9f\u5f03\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\uff09 nodeName String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u6240\u5728\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b ipAddress String IP \u200b\u5730\u5740\u200b\uff0c\u200b\u53cc\u6808\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u4e3a\u200b v4IP,v6IP \u200b\u683c\u5f0f\u200b v4IPAddress String IPv4 IP \u200b\u5730\u5740\u200b v6IPAddress String IPv6 IP \u200b\u5730\u5740\u200b attachIPs []String \u200b\u8be5\u4e3b\u200b IP \u200b\u4e0b\u200b\u5176\u4ed6\u200b\u9644\u5c5e\u200b IP \u200b\u5730\u5740\u200b\uff08\u200b\u5b57\u200b\u6bb5\u200b\u5e9f\u5f03\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\uff09 macAddress String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u7684\u200b Mac \u200b\u5730\u5740\u200b attachMacs []String \u200b\u8be5\u4e3b\u200b IP \u200b\u4e0b\u200b\u5176\u4ed6\u200b\u9644\u5c5e\u200b Mac \u200b\u5730\u5740\u200b\uff08\u200b\u5b57\u200b\u6bb5\u200b\u5e9f\u5f03\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\uff09 containerID String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u5bf9\u5e94\u200b\u7684\u200b Container ID podType String \u200b\u7279\u6b8a\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b Pod\uff0c\u200b\u53ef\u200b\u4e3a\u200b StatefulSet\uff0cVirtualMachine \u200b\u6216\u7a7a"},{"location":"reference/kube-ovn-api/#underlay","title":"Underlay \u200b\u914d\u7f6e","text":""},{"location":"reference/kube-ovn-api/#vlan","title":"Vlan","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Vlan metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VlanSpec Vlan \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VlanStatus Vlan \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#vlanspec","title":"VlanSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b id Int Vlan tag \u200b\u53f7\u200b\uff0c\u200b\u53d6\u503c\u200b\u8303\u56f4\u200b\u4e3a\u200b 0~4096 provider String Vlan \u200b\u7ed1\u5b9a\u200b\u7684\u200b ProviderNetwork \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#vlanstatus","title":"VlanStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b subnets []String Vlan \u200b\u7ed1\u5b9a\u200b\u7684\u200b\u5b50\u7f51\u200b\u5217\u8868\u200b conditions []VlanCondition Vlan \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#providernetwork","title":"ProviderNetwork","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b ProviderNetwork metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec ProviderNetworkSpec ProviderNetwork \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status ProviderNetworkStatus ProviderNetwork \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#providernetworkspec","title":"ProviderNetworkSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b defaultInterface String \u200b\u8be5\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u63a5\u53e3\u200b\u540d\u79f0\u200b customInterfaces []CustomInterface \u200b\u8be5\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u7279\u6b8a\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b excludeNodes []String \u200b\u8be5\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u4e0d\u4f1a\u200b\u7ed1\u5b9a\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b exchangeLinkName Bool \u200b\u662f\u5426\u200b\u4ea4\u6362\u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u548c\u200b\u5bf9\u5e94\u200b OVS \u200b\u7f51\u6865\u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#custominterface","title":"CustomInterface","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b interface String Underlay \u200b\u4f7f\u7528\u200b\u7f51\u5361\u200b\u63a5\u53e3\u200b\u540d\u79f0\u200b nodes []String \u200b\u4f7f\u7528\u200b\u81ea\u5b9a\u4e49\u200b\u7f51\u5361\u200b\u63a5\u53e3\u200b\u7684\u200b\u8282\u70b9\u200b\u5217\u8868"},{"location":"reference/kube-ovn-api/#providernetworkstatus","title":"ProviderNetworkStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool \u200b\u5f53\u524d\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u662f\u5426\u200b\u8fdb\u5165\u200b\u5c31\u7eea\u200b\u72b6\u6001\u200b readyNodes []String \u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u8fdb\u5165\u200b\u5c31\u7eea\u200b\u72b6\u6001\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b notReadyNodes []String \u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u672a\u200b\u8fdb\u5165\u200b\u5c31\u7eea\u200b\u72b6\u6001\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b vlans []String \u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u7ed1\u5b9a\u200b\u7684\u200b Vlan \u200b\u540d\u79f0\u200b conditions []ProviderNetworkCondition ProviderNetwork \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#vpc","title":"Vpc \u200b\u5b9a\u4e49","text":""},{"location":"reference/kube-ovn-api/#vpc_1","title":"Vpc","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Vpc metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VpcSpec Vpc \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VpcStatus Vpc \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#vpcspec","title":"VpcSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b namespaces []String Vpc \u200b\u7ed1\u5b9a\u200b\u7684\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u5217\u8868\u200b staticRoutes []*StaticRoute Vpc \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u4fe1\u606f\u200b policyRoutes []*PolicyRoute Vpc \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u7684\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4fe1\u606f\u200b vpcPeerings []*VpcPeering Vpc \u200b\u4e92\u8054\u200b\u4fe1\u606f\u200b enableExternal Bool Vpc \u200b\u662f\u5426\u200b\u8fde\u63a5\u200b\u5230\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a"},{"location":"reference/kube-ovn-api/#staticroute","title":"StaticRoute","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b policy String \u200b\u8def\u7531\u200b\u7b56\u7565\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b policySrc \u200b\u6216\u8005\u200b policyDst cidr String \u200b\u8def\u7531\u200b Cidr \u200b\u7f51\u6bb5\u200b nextHopIP String \u200b\u8def\u7531\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#policyroute","title":"PolicyRoute","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b priority Int32 \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b match String \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u5339\u914d\u200b\u6761\u4ef6\u200b action String \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u52a8\u4f5c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b allow\u3001drop \u200b\u6216\u8005\u200b reroute nextHopIP String \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u4fe1\u606f\u200b\uff0cECMP \u200b\u8def\u7531\u200b\u60c5\u51b5\u200b\u4e0b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u5730\u5740\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u9694\u5f00"},{"location":"reference/kube-ovn-api/#vpcpeering","title":"VpcPeering","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b remoteVpc String Vpc \u200b\u4e92\u8054\u200b\u5bf9\u7aef\u200b Vpc \u200b\u540d\u79f0\u200b localConnectIP String Vpc \u200b\u4e92\u8054\u200b\u672c\u7aef\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#vpcstatus","title":"VpcStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []VpcCondition Vpc \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b standby Bool \u200b\u6807\u8bc6\u200b Vpc \u200b\u662f\u5426\u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\uff0cVpc \u200b\u4e0b\u200b\u7684\u200b Subnet \u200b\u9700\u8981\u200b\u7b49\u200b Vpc \u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\u8f6c\u6362\u200b\u518d\u200b\u7ee7\u7eed\u200b\u5904\u7406\u200b default Bool \u200b\u662f\u5426\u662f\u200b\u9ed8\u8ba4\u200b Vpc defaultLogicalSwitch String Vpc \u200b\u4e0b\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b router String Vpc \u200b\u5bf9\u5e94\u200b\u7684\u200b logical-router \u200b\u540d\u79f0\u200b tcpLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b TCP LB \u200b\u4fe1\u606f\u200b udpLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b UDP LB \u200b\u4fe1\u606f\u200b tcpSessionLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b TCP \u200b\u4f1a\u8bdd\u200b\u4fdd\u6301\u200b LB \u200b\u4fe1\u606f\u200b udpSessionLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b UDP \u200b\u4f1a\u8bdd\u200b\u4fdd\u6301\u200b LB \u200b\u4fe1\u606f\u200b subnets []String Vpc \u200b\u4e0b\u200b\u7684\u200b\u5b50\u7f51\u200b\u5217\u8868\u200b vpcPeerings []String Vpc \u200b\u4e92\u8054\u200b\u7684\u200b\u5bf9\u200b\u7aef\u200b Vpc \u200b\u5217\u8868\u200b enableExternal Bool Vpc \u200b\u662f\u5426\u200b\u8fde\u63a5\u200b\u5230\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a"},{"location":"reference/kube-ovn-api/#vpcnatgateway","title":"VpcNatGateway","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b VpcNatGateway metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VpcNatSpec Vpc \u200b\u7f51\u5173\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#vpcnatspec","title":"VpcNatSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b vpc String Vpc \u200b\u7f51\u5173\u200b Pod \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b subnet String Vpc \u200b\u7f51\u5173\u200b Pod \u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b lanIp String Vpc \u200b\u7f51\u5173\u200b Pod \u200b\u6307\u5b9a\u200b\u5206\u914d\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b selector []String \u200b\u6807\u51c6\u200b Kubernetes Selector \u200b\u5339\u914d\u200b\u4fe1\u606f\u200b tolerations []VpcNatToleration \u200b\u6807\u51c6\u200b Kubernetes \u200b\u5bb9\u5fcd\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#vpcnattoleration","title":"VpcNatToleration","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b key String \u200b\u5bb9\u5fcd\u200b\u6c61\u70b9\u200b\u7684\u200b key \u200b\u4fe1\u606f\u200b operator String \u200b\u53d6\u503c\u200b\u4e3a\u200b Exists \u200b\u6216\u8005\u200b Equal value String \u200b\u5bb9\u5fcd\u200b\u6c61\u70b9\u200b\u7684\u200b value \u200b\u4fe1\u606f\u200b effect String \u200b\u5bb9\u5fcd\u200b\u6c61\u70b9\u200b\u7684\u200b\u4f5c\u7528\u200b\u6548\u679c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b NoExecute \u3001NoSchedule \u200b\u6216\u8005\u200b PreferNoSchedule tolerationSeconds Int64 \u200b\u6dfb\u52a0\u200b\u6c61\u70b9\u200b\u540e\u200b\uff0cPod \u200b\u8fd8\u200b\u80fd\u200b\u7ee7\u7eed\u200b\u5728\u200b\u8282\u70b9\u200b\u4e0a\u200b\u8fd0\u884c\u200b\u7684\u200b\u65f6\u95f4\u200b \u200b\u4ee5\u4e0a\u200b\u5bb9\u5fcd\u200b\u5b57\u6bb5\u200b\u7684\u200b\u542b\u4e49\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Kubernetes \u200b\u5b98\u65b9\u200b\u6587\u6863\u200b \u200b\u6c61\u70b9\u200b\u548c\u200b\u5bb9\u5fcd\u5ea6\u200b\u3002
"},{"location":"reference/kube-ovn-api/#iptableseip","title":"IptablesEIP","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesEIP metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesEipSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesEipStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptableseipspec","title":"IptablesEipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b v4ip String IptablesEIP v4 \u200b\u5730\u5740\u200b v6ip String IptablesEIP v6 \u200b\u5730\u5740\u200b macAddress String IptablesEIP crd \u200b\u8bb0\u5f55\u200b\u5206\u914d\u200b\u7684\u200b mac \u200b\u5730\u5740\u200b\uff0c\u200b\u6ca1\u6709\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#iptableseipstatus","title":"IptablesEipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesEIP \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b ip String IptablesEIP \u200b\u4f7f\u7528\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b\u4e86\u200b IPv4 \u200b\u5730\u5740\u200b redo String IptablesEIP crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b nat String IptablesEIP \u200b\u7684\u200b\u4f7f\u7528\u200b\u7c7b\u578b\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b fip\u3001snat \u200b\u6216\u8005\u200b dnat conditions []IptablesEIPCondition IptablesEIP \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#iptablesfiprule","title":"IptablesFIPRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesFIPRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesFIPRuleSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesFIPRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesFIPRuleStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesFIPRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptablesfiprulespec","title":"IptablesFIPRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b eip String IptablesFIPRule \u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u540d\u79f0\u200b internalIp String IptablesFIPRule \u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u90e8\u200b\u7684\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#iptablesfiprulestatus","title":"IptablesFIPRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesFIPRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4ip String IptablesEIP \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b v6ip String IptablesEIP \u200b\u4f7f\u7528\u200b\u7684\u200b v6 IP \u200b\u5730\u5740\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0\u200b redo String IptablesFIPRule crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b conditions []IptablesFIPRuleCondition IptablesFIPRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#iptablessnatrule","title":"IptablesSnatRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesSnatRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesSnatRuleSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesSnatRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesSnatRuleStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesSnatRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptablessnatrulespec","title":"IptablesSnatRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b eip String IptablesSnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u540d\u79f0\u200b internalIp String IptablesSnatRule \u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u90e8\u200b\u7684\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#iptablessnatrulestatus","title":"IptablesSnatRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesSnatRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4ip String IptablesSnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b v6ip String IptablesSnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v6 IP \u200b\u5730\u5740\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0\u200b redo String IptablesSnatRule crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b conditions []IptablesSnatRuleCondition IptablesSnatRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#iptablesdnatrule","title":"IptablesDnatRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesDnatRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesDnatRuleSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesDnatRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesDnatRuleStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesDnatRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptablesdnatrulespec","title":"IptablesDnatRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b eip Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u540d\u79f0\u200b externalPort Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b\u5916\u90e8\u200b\u7aef\u53e3\u200b protocol Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u7684\u200b\u534f\u8bae\u200b\u7c7b\u578b\u200b internalIp Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b\u5185\u90e8\u200b IP \u200b\u5730\u5740\u200b internalPort Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b\u5185\u90e8\u200b\u7aef\u53e3"},{"location":"reference/kube-ovn-api/#iptablesdnatrulestatus","title":"IptablesDnatRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesDnatRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4ip String IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b v6ip String IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v6 IP \u200b\u5730\u5740\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0\u200b redo String IptablesDnatRule crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b conditions []IptablesDnatRuleCondition IptablesDnatRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#vpcdns","title":"VpcDns","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b VpcDns metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VpcDnsSpec VpcDns \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VpcDnsStatus VpcDns \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#vpcdnsspec","title":"VpcDnsSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b vpc String VpcDns \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b subnet String VpcDns Pod \u200b\u5206\u914d\u200b\u5730\u5740\u200b\u7684\u200b Subnet \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#vpcdnsstatus","title":"VpcDnsStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []VpcDnsCondition VpcDns \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b active Bool VpcDns \u200b\u662f\u5426\u200b\u6b63\u5728\u200b\u4f7f\u7528\u200b VpcDns \u200b\u7684\u200b\u8be6\u7ec6\u200b\u4f7f\u7528\u200b\u6587\u6863\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b \u200b\u81ea\u5b9a\u4e49\u200b VPC DNS\u3002
"},{"location":"reference/kube-ovn-api/#switchlbrule","title":"SwitchLBRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b SwitchLBRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec SwitchLBRuleSpec SwitchLBRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status SwitchLBRuleStatus SwitchLBRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#switchlbrulespec","title":"SwitchLBRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b vip String SwitchLBRule \u200b\u914d\u7f6e\u200b\u7684\u200b vip \u200b\u5730\u5740\u200b namespace String SwitchLBRule \u200b\u7684\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b selector []String \u200b\u6807\u51c6\u200b Kubernetes Selector \u200b\u5339\u914d\u200b\u4fe1\u606f\u200b sessionAffinity String \u200b\u6807\u51c6\u200b Kubernetes Service \u200b\u4e2d\u200b sessionAffinity \u200b\u53d6\u503c\u200b ports []SlrPort SwitchLBRule \u200b\u7aef\u53e3\u200b\u5217\u8868\u200b SwitchLBRule \u200b\u7684\u200b\u8be6\u7ec6\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u3002
"},{"location":"reference/kube-ovn-api/#slrport","title":"SlrPort","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b name String \u200b\u7aef\u53e3\u200b\u540d\u79f0\u200b port Int32 \u200b\u7aef\u53e3\u53f7\u200b targetPort Int32 \u200b\u76ee\u6807\u200b\u7aef\u53e3\u53f7\u200b protocol String \u200b\u534f\u8bae\u200b\u7c7b\u578b"},{"location":"reference/kube-ovn-api/#switchlbrulestatus","title":"SwitchLBRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []SwitchLBRuleCondition SwitchLBRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b ports String SwitchLBRule \u200b\u7aef\u53e3\u200b\u4fe1\u606f\u200b service String SwitchLBRule \u200b\u63d0\u4f9b\u200b\u670d\u52a1\u200b\u7684\u200b service \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#vip","title":"\u5b89\u5168\u200b\u7ec4\u4e0e\u200b Vip","text":""},{"location":"reference/kube-ovn-api/#securitygroup","title":"SecurityGroup","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b SecurityGroup metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec SecurityGroupSpec \u200b\u5b89\u5168\u200b\u7ec4\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status SecurityGroupStatus \u200b\u5b89\u5168\u200b\u7ec4\u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#securitygroupspec","title":"SecurityGroupSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ingressRules []*SgRule \u200b\u5165\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b egressRules []*SgRule \u200b\u51fa\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b allowSameGroupTraffic Bool \u200b\u540c\u4e00\u200b\u5b89\u5168\u200b\u7ec4\u5185\u200b\u7684\u200b lsp \u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u4e92\u901a\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u6d41\u91cf\u200b\u89c4\u5219\u200b\u662f\u5426\u200b\u9700\u8981\u200b\u66f4\u65b0"},{"location":"reference/kube-ovn-api/#sgrule","title":"SgRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ipVersion String IP \u200b\u7248\u672c\u53f7\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b ipv4 \u200b\u6216\u8005\u200b ipv6 protocol String \u200b\u53d6\u503c\u200b\u4e3a\u200b all\u3001icmp\u3001tcp \u200b\u6216\u8005\u200b udp priority Int Acl \u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u53d6\u503c\u200b\u8303\u56f4\u200b\u4e3a\u200b 1-200\uff0c\u200b\u6570\u503c\u200b\u8d8a\u5c0f\u200b\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u8d8a\u9ad8\u200b remoteType String \u200b\u53d6\u503c\u200b\u4e3a\u200b address \u200b\u6216\u8005\u200b securityGroup remoteAddress String \u200b\u5bf9\u7aef\u200b\u5730\u5740\u200b remoteSecurityGroup String \u200b\u5bf9\u7aef\u200b\u5b89\u5168\u200b\u7ec4\u200b portRangeMin Int \u200b\u7aef\u53e3\u200b\u8303\u56f4\u200b\u8d77\u59cb\u503c\u200b\uff0c\u200b\u6700\u5c0f\u200b\u53d6\u503c\u200b\u4e3a\u200b 1 portRangeMax Int \u200b\u7aef\u53e3\u200b\u8303\u56f4\u200b\u6700\u5927\u503c\u200b\uff0c\u200b\u6700\u5927\u200b\u53d6\u503c\u200b\u4e3a\u200b 65535 policy String \u200b\u53d6\u503c\u200b\u4e3a\u200b allow \u200b\u6216\u8005\u200b drop"},{"location":"reference/kube-ovn-api/#securitygroupstatus","title":"SecurityGroupStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b portGroup String \u200b\u5b89\u5168\u200b\u7ec4\u200b\u5bf9\u5e94\u200b\u7684\u200b port-group \u200b\u540d\u79f0\u200b allowSameGroupTraffic Bool \u200b\u540c\u4e00\u200b\u5b89\u5168\u200b\u7ec4\u5185\u200b\u7684\u200b lsp \u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u4e92\u901a\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u6d41\u91cf\u200b\u89c4\u5219\u200b\u662f\u5426\u200b\u9700\u8981\u200b\u66f4\u65b0\u200b ingressMd5 String \u200b\u5165\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b MD5 \u200b\u53d6\u503c\u200b egressMd5 String \u200b\u51fa\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b MD5 \u200b\u53d6\u503c\u200b ingressLastSyncSuccess Bool \u200b\u5165\u200b\u65b9\u5411\u200b\u89c4\u5219\u200b\u4e0a\u200b\u4e00\u6b21\u200b\u540c\u6b65\u200b\u662f\u5426\u200b\u6210\u529f\u200b egressLastSyncSuccess Bool \u200b\u51fa\u200b\u65b9\u5411\u200b\u89c4\u5219\u200b\u4e0a\u200b\u4e00\u6b21\u200b\u540c\u6b65\u200b\u662f\u5426\u200b\u6210\u529f"},{"location":"reference/kube-ovn-api/#vip_1","title":"Vip","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Vip metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VipSpec Vip \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VipStatus Vip \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#vipspec","title":"VipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b namespace String Vip \u200b\u6240\u5728\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b subnet String Vip \u200b\u6240\u5c5e\u200b\u5b50\u7f51\u200b v4ip String Vip v4 IP \u200b\u5730\u5740\u200b v6ip String Vip v6 IP \u200b\u5730\u5740\u200b macAddress String Vip mac \u200b\u5730\u5740\u200b parentV4ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b parentV6ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b parentMac String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b attachSubnets []String \u200b\u8be5\u5b57\u6bb5\u200b\u5e9f\u5f03\u200b\uff0c\u200b\u4e0d\u518d\u200b\u4f7f\u7528"},{"location":"reference/kube-ovn-api/#vipstatus","title":"VipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []VipCondition Vip \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b ready Bool Vip \u200b\u662f\u5426\u200b\u51c6\u5907\u200b\u597d\u200b v4ip String Vip v4 IP \u200b\u5730\u5740\u200b\uff0c\u200b\u5e94\u8be5\u200b\u548c\u200b spec \u200b\u5b57\u200b\u6bb5\u200b\u53d6\u503c\u200b\u4e00\u81f4\u200b v6ip String Vip v6 IP \u200b\u5730\u5740\u200b\uff0c\u200b\u5e94\u8be5\u200b\u548c\u200b spec \u200b\u5b57\u200b\u6bb5\u200b\u53d6\u503c\u200b\u4e00\u81f4\u200b mac String Vip mac \u200b\u5730\u5740\u200b\uff0c\u200b\u5e94\u8be5\u200b\u548c\u200b spec \u200b\u5b57\u200b\u6bb5\u200b\u53d6\u503c\u200b\u4e00\u81f4\u200b pv4ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b pv6ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b pmac String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528"},{"location":"reference/kube-ovn-api/#ovneip","title":"OvnEip","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b OvnEip metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec OvnEipSpec \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnEip \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status OvnEipStatus \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnEip \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#ovneipspec","title":"OvnEipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b externalSubnet String OvnEip \u200b\u6240\u5728\u200b\u7684\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b v4ip String OvnEip IP \u200b\u5730\u5740\u200b macAddress String OvnEip Mac \u200b\u5730\u5740\u200b type String OvnEip \u200b\u4f7f\u7528\u200b\u7c7b\u578b\u200b\uff0c\u200b\u53d6\u503c\u200b\u6709\u200b fip\u3001snat \u200b\u6216\u8005\u200b lrp"},{"location":"reference/kube-ovn-api/#ovneipstatus","title":"OvnEipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []OvnEipCondition \u200b\u9ed8\u8ba4\u200b Vpc OvnEip \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b v4ip String OvnEip \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b macAddress String OvnEip \u200b\u4f7f\u7528\u200b\u7684\u200b Mac \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#ovnfip","title":"OvnFip","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b OvnFip metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec OvnFipSpec \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnFip \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status OvnFipStatus \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnFip \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#ovnfipspec","title":"OvnFipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ovnEip String OvnFip \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u540d\u79f0\u200b ipName String OvnFip \u200b\u7ed1\u5b9a\u200b Pod \u200b\u5bf9\u5e94\u200b\u7684\u200b IP crd \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#ovnfipstatus","title":"OvnFipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool OvnFip \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4Eip String OvnFip \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u540d\u79f0\u200b v4Ip String OvnFip \u200b\u5f53\u524d\u200b\u4f7f\u7528\u200b\u7684\u200b OvnEip \u200b\u5730\u5740\u200b macAddress String OvnFip \u200b\u914d\u7f6e\u200b\u7684\u200b Mac \u200b\u5730\u5740\u200b vpc String OvnFip \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b conditions []OvnFipCondition OvnFip \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#ovnsnatrule","title":"OvnSnatRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b OvnSnatRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec OvnSnatRuleSpec \u200b\u9ed8\u8ba4\u200b Vpc OvnSnatRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status OvnSnatRuleStatus \u200b\u9ed8\u8ba4\u200b Vpc OvnSnatRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#ovnsnatrulespec","title":"OvnSnatRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ovnEip String OvnSnatRule \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u540d\u79f0\u200b vpcSubnet String OvnSnatRule \u200b\u914d\u7f6e\u200b\u7684\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b ipName String OvnSnatRule \u200b\u7ed1\u5b9a\u200b Pod \u200b\u5bf9\u5e94\u200b\u7684\u200b IP crd \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#ovnsnatrulestatus","title":"OvnSnatRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool OvnSnatRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4Eip String OvnSnatRule \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u5730\u5740\u200b v4IpCidr String \u200b\u5728\u200b logical-router \u200b\u4e2d\u200b\u914d\u7f6e\u200b snat \u200b\u8f6c\u6362\u200b\u4f7f\u7528\u200b\u7684\u200b cidr \u200b\u5730\u5740\u200b vpc String OvnSnatRule \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b conditions []OvnSnatRuleCondition OvnSnatRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/kube-ovn-pinger-args/","title":"Kube-OVN-Pinger \u200b\u53c2\u6570\u200b\u53c2\u8003","text":"\u200b\u57fa\u4e8e\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\uff0c\u200b\u6574\u7406\u200b\u4e86\u200b Kube-ovn-pinger \u200b\u652f\u6301\u200b\u7684\u200b\u53c2\u6570\u200b\uff0c\u200b\u5217\u51fa\u200b\u53c2\u6570\u200b\u5b9a\u4e49\u200b\u5404\u5b57\u200b\u6bb5\u200b\u7684\u200b\u53d6\u503c\u200b\u7c7b\u578b\u200b\uff0c\u200b\u542b\u4e49\u200b\u548c\u200b\u9ed8\u8ba4\u503c\u200b\uff0c\u200b\u4ee5\u200b\u4f9b\u53c2\u8003\u200b
"},{"location":"reference/kube-ovn-pinger-args/#_1","title":"\u53c2\u6570\u200b\u63cf\u8ff0","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b \u200b\u9ed8\u8ba4\u503c\u200b port Int metrics \u200b\u7aef\u53e3\u200b 8080 kubeconfig String \u200b\u5177\u6709\u200b\u8ba4\u8bc1\u200b\u4fe1\u606f\u200b\u7684\u200b kubeconfig \u200b\u6587\u4ef6\u200b\u8def\u5f84\u200b\uff0c \u200b\u5982\u679c\u200b\u672a\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u4f7f\u7528\u200b inCluster \u200b\u4ee4\u724c\u200b\u3002 \"\" ds-namespace String kube-ovn-pinger \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b \"kube-system\" ds-name String kube-ovn-pinger \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u540d\u5b57\u200b \"kube-ovn-pinger\" interval Int \u200b\u8fde\u7eed\u200b ping \u200b\u4e4b\u95f4\u200b\u7684\u200b\u95f4\u9694\u200b\u79d2\u6570\u200b 5 mode String \u200b\u670d\u52a1\u5668\u200b\u6216\u200b\u5de5\u4f5c\u200b\u6a21\u5f0f\u200b \"server\" exit-code Int \u200b\u5931\u8d25\u200b\u65f6\u200b\u9000\u51fa\u200b\u4ee3\u7801\u200b 0 internal-dns String \u200b\u4ece\u200b pod \u200b\u5185\u200b\u89e3\u6790\u200b\u5185\u90e8\u200b dns \"kubernetes.default\" external-dns String \u200b\u4ece\u200b pod \u200b\u5185\u200b\u89e3\u6790\u200b\u5916\u90e8\u200b dns \"\" external-address String \u200b\u68c0\u67e5\u200b\u4e0e\u200b\u5916\u90e8\u200b\u5730\u5740\u200b\u7684\u200b ping \u200b\u8fde\u901a\u200b \"114.114.114.114\" network-mode String \u200b\u5f53\u524d\u200b\u96c6\u7fa4\u200b\u4f7f\u7528\u200b\u7684\u200b cni \u200b\u63d2\u4ef6\u200b \"kube-ovn\" enable-metrics Bool \u200b\u662f\u5426\u200b\u652f\u6301\u200b metrics \u200b\u67e5\u8be2\u200b true ovs.timeout Int \u200b\u5bf9\u200b OVS \u200b\u7684\u200b JSON-RPC \u200b\u8bf7\u6c42\u200b\u8d85\u65f6\u200b\u3002 2 system.run.dir String OVS \u200b\u9ed8\u8ba4\u200b\u8fd0\u884c\u200b\u76ee\u5f55\u200b\u3002 \"/var/run/openvswitch\" database.vswitch.name String OVS \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u540d\u79f0\u200b\u3002 \"Open_vSwitch\" database.vswitch.socket.remote String JSON-RPC unix \u200b\u5957\u200b\u63a5\u5b57\u200b\u5230\u200b OVS \u200b\u6570\u636e\u5e93\u200b\u3002 \"unix:/var/run/openvswitch/db.sock\" database.vswitch.file.data.path String OVS \u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u3002 \"/etc/openvswitch/conf.db\" database.vswitch.file.log.path String OVS \u200b\u6570\u636e\u5e93\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u200b\u3002 \"/var/log/openvswitch/ovsdb-server.log\" database.vswitch.file.pid.path String OVS \u200b\u6570\u636e\u5e93\u200b\u8fdb\u7a0b\u200b ID \u200b\u6587\u4ef6\u200b\u3002 \"/var/run/openvswitch/ovsdb-server.pid\" database.vswitch.file.system.id.path String OVS \u200b\u7cfb\u7edf\u200b\u6807\u8bc6\u200b\u6587\u4ef6\u200b\u3002 \"/etc/openvswitch/system-id.conf\" service.vswitchd.file.log.path String OVS vswitchd \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u200b\u3002 \"/var/log/openvswitch/ovs-vswitchd.log\" service.vswitchd.file.pid.path String OVS vswitchd \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u8fdb\u7a0b\u200b ID \u200b\u6587\u4ef6\u200b\u3002 \"/var/run/openvswitch/ovs-vswitchd.pid\" service.ovncontroller.file.log.path String OVN \u200b\u63a7\u5236\u5668\u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u200b\u3002 \"/var/log/ovn/ovn-controller.log\" service.ovncontroller.file.pid.path String OVN \u200b\u63a7\u5236\u5668\u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u8fdb\u7a0b\u200b ID \u200b\u6587\u4ef6\u200b\u3002 \"/var/run/ovn/ovn-controller.pid\" \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/metrics/","title":"Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u5217\u4e3e\u200b Kube-OVN \u200b\u6240\u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
"},{"location":"reference/metrics/#ovn-monitor","title":"ovn-monitor","text":"OVN \u200b\u81ea\u8eab\u200b\u72b6\u6001\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Gauge kube_ovn_ovn_status OVN \u200b\u89d2\u8272\u200b\u72b6\u6001\u200b\uff0c (2) \u200b\u4e3a\u200b follower\uff1b (1) \u200b\u4e3a\u200b leader, (0) \u200b\u4e3a\u200b\u5f02\u5e38\u200b\u72b6\u6001\u200b\u3002 Gauge kube_ovn_failed_req_count OVN \u200b\u5931\u8d25\u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_log_file_size_bytes OVN \u200b\u7ec4\u4ef6\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge kube_ovn_db_file_size_bytes OVN \u200b\u7ec4\u4ef6\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge kube_ovn_chassis_info OVN chassis \u200b\u72b6\u6001\u200b (1) \u200b\u8fd0\u884c\u200b\u4e2d\u200b\uff0c(0) \u200b\u505c\u6b62\u200b\u3002 Gauge kube_ovn_db_status OVN \u200b\u6570\u636e\u5e93\u200b\u72b6\u6001\u200b, (1) \u200b\u4e3a\u200b\u6b63\u5e38\u200b\uff1b (0) \u200b\u4e3a\u200b\u5f02\u5e38\u200b\u3002 Gauge kube_ovn_logical_switch_info OVN logical switch \u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b logical switch \u200b\u540d\u5b57\u200b\u3002 Gauge kube_ovn_logical_switch_external_id OVN logical switch external_id \u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b external-id \u200b\u5185\u5bb9\u200b\u3002 Gauge kube_ovn_logical_switch_port_binding OVN logical switch \u200b\u548c\u200b logical switch port \u200b\u5173\u8054\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u901a\u8fc7\u200b\u6807\u7b7e\u200b\u8fdb\u884c\u200b\u5173\u8054\u200b\u3002 Gauge kube_ovn_logical_switch_tunnel_key \u200b\u548c\u200b OVN logical switch \u200b\u5173\u8054\u200b\u7684\u200b tunnel key \u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_logical_switch_ports_num OVN logical switch \u200b\u4e0a\u200b logical port \u200b\u7684\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_logical_switch_port_info OVN logical switch port \u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5177\u4f53\u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_logical_switch_port_tunnel_key \u200b\u548c\u200b OVN logical switch port \u200b\u5173\u8054\u200b\u7684\u200b tunnel key \u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_enabled (1) OVN \u200b\u6570\u636e\u5e93\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u6a21\u5f0f\u200b\uff1b (0) OVN \u200b\u6570\u636e\u5e93\u200b\u4e3a\u200b\u975e\u200b\u96c6\u7fa4\u200b\u6a21\u5f0f\u200b\u3002 Gauge kube_ovn_cluster_role \u200b\u6bcf\u4e2a\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u89d2\u8272\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u89d2\u8272\u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_status \u200b\u6bcf\u4e2a\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u72b6\u6001\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u72b6\u6001\u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_term RAFT term \u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_leader_self \u200b\u5f53\u524d\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u662f\u5426\u200b\u4e3a\u200b leader (1) \u200b\u662f\u200b\uff0c (0) \u200b\u4e0d\u662f\u200b\u3002 Gauge kube_ovn_cluster_vote_self \u200b\u5f53\u524d\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u662f\u5426\u200b\u9009\u4e3e\u200b\u81ea\u5df1\u200b\u4e3a\u200b leader (1) \u200b\u662f\u200b\uff0c (0) \u200b\u4e0d\u662f\u200b\u3002 Gauge kube_ovn_cluster_election_timer \u200b\u5f53\u524d\u200b election timer \u200b\u503c\u200b\u3002 Gauge kube_ovn_cluster_log_not_committed \u200b\u672a\u200b commit \u200b\u7684\u200b RAFT \u200b\u65e5\u5fd7\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_log_not_applied \u200b\u672a\u200b apply \u200b\u7684\u200b RAFT \u200b\u65e5\u5fd7\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_log_index_start \u200b\u5f53\u524d\u200b RAFT \u200b\u65e5\u5fd7\u200b\u6761\u200b\u76ee\u7684\u200b\u8d77\u59cb\u503c\u200b\u3002 Gauge kube_ovn_cluster_log_index_next RAFT \u200b\u65e5\u5fd7\u200b\u6761\u200b\u76ee\u7684\u200b\u4e0b\u200b\u4e00\u4e2a\u200b\u503c\u200b\u3002 Gauge kube_ovn_cluster_inbound_connections_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u5165\u200b\u5411\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_outbound_connections_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u51fa\u200b\u5411\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_inbound_connections_error_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u5165\u200b\u5411\u200b\u9519\u8bef\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_outbound_connections_error_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u51fa\u200b\u5411\u200b\u9519\u8bef\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#ovs-monitor","title":"ovs-monitor","text":"ovsdb \u200b\u548c\u200b vswitchd \u200b\u81ea\u8eab\u200b\u72b6\u6001\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Gauge ovs_status OVS \u200b\u5065\u5eb7\u200b\u72b6\u6001\u200b\uff0c (1) \u200b\u4e3a\u200b\u6b63\u5e38\u200b\uff0c(0) \u200b\u4e3a\u200b\u5f02\u5e38\u200b\u3002 Gauge ovs_info OVS \u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge failed_req_count OVS \u200b\u5931\u8d25\u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Gauge log_file_size OVS \u200b\u7ec4\u4ef6\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge db_file_size OVS \u200b\u7ec4\u4ef6\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge datapath Datapath \u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge dp_total \u200b\u5f53\u524d\u200b OVS \u200b\u4e2d\u200b datapath \u200b\u6570\u91cf\u200b\u3002 Gauge dp_if Datapath \u200b\u63a5\u53e3\u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge dp_if_total \u200b\u5f53\u524d\u200b datapath \u200b\u4e2d\u200b port \u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_total Datapath \u200b\u4e2d\u200b flow \u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_lookup_hit Datapath \u200b\u4e2d\u200b\u547d\u4e2d\u200b\u5f53\u524d\u200b flow \u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_lookup_missed Datapath \u200b\u4e2d\u672a\u200b\u547d\u4e2d\u200b\u5f53\u524d\u200b flow \u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_lookup_lost Datapath \u200b\u4e2d\u200b\u9700\u8981\u200b\u53d1\u9001\u7ed9\u200b userspace \u200b\u5904\u7406\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_masks_hit Datapath \u200b\u4e2d\u200b\u547d\u4e2d\u200b\u5f53\u524d\u200b mask \u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_masks_total Datapath \u200b\u4e2d\u200b mask \u200b\u7684\u200b\u6570\u91cf\u200b\u3002 Gauge dp_masks_hit_ratio Datapath \u200b\u4e2d\u200b \u200b\u6570\u636e\u5305\u200b\u547d\u4e2d\u200b mask \u200b\u7684\u200b\u6bd4\u7387\u200b\u3002 Gauge interface OVS \u200b\u63a5\u53e3\u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge interface_admin_state \u200b\u63a5\u53e3\u200b\u7ba1\u7406\u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b (0) \u200b\u4e3a\u200b down, (1) \u200b\u4e3a\u200b up, (2) \u200b\u4e3a\u200b\u5176\u4ed6\u200b\u72b6\u6001\u200b\u3002 Gauge interface_link_state \u200b\u63a5\u53e3\u200b\u94fe\u8def\u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b (0) \u200b\u4e3a\u200b down, (1) \u200b\u4e3a\u200b up, (2) \u200b\u4e3a\u200b\u5176\u4ed6\u200b\u72b6\u6001\u200b\u3002 Gauge interface_mac_in_use OVS Interface \u200b\u4f7f\u7528\u200b\u7684\u200b MAC \u200b\u5730\u5740\u200b Gauge interface_mtu OVS Interface \u200b\u4f7f\u7528\u200b\u7684\u200b MTU\u3002 Gauge interface_of_port OVS Interface \u200b\u5173\u8054\u200b\u7684\u200b OpenFlow Port ID\u3002 Gauge interface_if_index OVS Interface \u200b\u5173\u8054\u200b\u7684\u200b Index\u3002 Gauge interface_tx_packets OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge interface_tx_bytes OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u5927\u5c0f\u200b\u3002 Gauge interface_rx_packets OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_bytes OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u5927\u5c0f\u200b\u3002 Gauge interface_rx_crc_err OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u6821\u9a8c\u200b\u548c\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_dropped OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u4e22\u5f03\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_errors OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_frame_err OVS Interface \u200b\u63a5\u6536\u200b\u5e27\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_missed_err OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b miss \u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_over_err OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b overrun \u200b\u6570\u91cf\u200b\u3002 Gauge interface_tx_dropped OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u4e22\u5f03\u200b\u6570\u91cf\u200b\u3002 Gauge interface_tx_errors OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_collisions OVS interface \u200b\u51b2\u7a81\u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#kube-ovn-pinger","title":"kube-ovn-pinger","text":"\u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Gauge pinger_ovs_up \u200b\u8282\u70b9\u200b OVS \u200b\u8fd0\u884c\u200b\u3002 Gauge pinger_ovs_down \u200b\u8282\u70b9\u200b OVS \u200b\u505c\u6b62\u200b\u3002 Gauge pinger_ovn_controller_up \u200b\u8282\u70b9\u200b ovn-controller \u200b\u8fd0\u884c\u200b\u3002 Gauge pinger_ovn_controller_down \u200b\u8282\u70b9\u200b ovn-controller \u200b\u505c\u6b62\u200b\u3002 Gauge pinger_inconsistent_port_binding OVN-SB \u200b\u91cc\u200b portbinding \u200b\u6570\u91cf\u200b\u548c\u200b\u4e3b\u673a\u200b OVS interface \u200b\u4e0d\u200b\u4e00\u81f4\u200b\u7684\u200b\u6570\u91cf\u200b\u3002 Gauge pinger_apiserver_healthy kube-ovn-pinger \u200b\u53ef\u4ee5\u200b\u8054\u901a\u200b apiserver\u3002 Gauge pinger_apiserver_unhealthy kube-ovn-pinger \u200b\u65e0\u6cd5\u200b\u8054\u901a\u200b apiserver\u3002 Histogram pinger_apiserver_latency_ms kube-ovn-pinger \u200b\u8bbf\u95ee\u200b apiserver \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_internal_dns_healthy kube-ovn-pinger \u200b\u53ef\u4ee5\u200b\u89e3\u6790\u200b\u5185\u90e8\u200b\u57df\u540d\u200b\u3002 Gauge pinger_internal_dns_unhealthy kube-ovn-pinger \u200b\u65e0\u6cd5\u200b\u89e3\u6790\u200b\u5185\u90e8\u200b\u57df\u540d\u200b\u3002 Histogram pinger_internal_dns_latency_ms kube-ovn-pinger \u200b\u89e3\u6790\u200b\u5185\u90e8\u200b\u57df\u540d\u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_external_dns_health kube-ovn-pinger \u200b\u53ef\u4ee5\u200b\u89e3\u6790\u200b\u5916\u90e8\u200b\u57df\u540d\u200b\u3002 Gauge pinger_external_dns_unhealthy kube-ovn-pinger \u200b\u65e0\u6cd5\u200b\u89e3\u6790\u200b\u5916\u90e8\u200b\u57df\u540d\u200b\u3002 Histogram pinger_external_dns_latency_ms kube-ovn-pinger \u200b\u89e3\u6790\u200b\u5916\u90e8\u200b\u57df\u540d\u200b\u5ef6\u8fdf\u200b\u3002 Histogram pinger_pod_ping_latency_ms kube-ovn-pinger ping Pod \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_pod_ping_lost_total kube-ovn-pinger ping Pod \u200b\u4e22\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge pinger_pod_ping_count_total kube-ovn-pinger ping Pod \u200b\u6570\u91cf\u200b\u3002 Histogram pinger_node_ping_latency_ms kube-ovn-pinger ping Node \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_node_ping_lost_total kube-ovn-pinger ping Node \u200b\u4e22\u5305\u200b\u3002 Gauge pinger_node_ping_count_total kube-ovn-pinger ping Node \u200b\u6570\u91cf\u200b\u3002 Histogram pinger_external_ping_latency_ms kube-ovn-pinger ping \u200b\u5916\u90e8\u200b\u5730\u5740\u200b \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_external_lost_total kube-ovn-pinger ping \u200b\u5916\u90e8\u200b\u4e22\u5305\u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#kube-ovn-controller","title":"kube-ovn-controller","text":"kube-ovn-controller \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Histogram rest_client_request_latency_seconds \u200b\u8bf7\u6c42\u200b apiserver \u200b\u5ef6\u8fdf\u200b\u3002 Counter rest_client_requests_total \u200b\u8bf7\u6c42\u200b apiserver \u200b\u6570\u91cf\u200b\u3002 Counter lists_total API list \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary list_duration_seconds API list \u200b\u8bf7\u6c42\u200b\u5ef6\u8fdf\u200b\u3002 Summary items_per_list API list \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Counter watches_total API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Counter short_watches_total \u200b\u77ed\u65f6\u95f4\u200b API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary watch_duration_seconds API watch \u200b\u6301\u7eed\u65f6\u95f4\u200b\u3002 Summary items_per_watch API watch \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Gauge last_resource_version \u200b\u6700\u65b0\u200b\u7684\u200b resource version\u3002 Histogram ovs_client_request_latency_milliseconds \u200b\u8bf7\u6c42\u200b OVN \u200b\u7ec4\u4ef6\u200b\u5ef6\u8fdf\u200b\u3002 Gauge subnet_available_ip_count \u200b\u5b50\u7f51\u200b\u53ef\u7528\u200b IP \u200b\u6570\u91cf\u200b\u3002 Gauge subnet_used_ip_count \u200b\u5b50\u7f51\u200b\u5df2\u200b\u7528\u200b IP \u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#kube-ovn-cni","title":"kube-ovn-cni","text":"kube-ovn-cni \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Histogram cni_op_latency_seconds CNI \u200b\u64cd\u4f5c\u200b\u5ef6\u8fdf\u200b\u3002 Counter cni_wait_address_seconds_total CNI \u200b\u7b49\u5f85\u200b\u5730\u5740\u200b\u5c31\u7eea\u200b\u65f6\u95f4\u200b\u3002 Counter cni_wait_connectivity_seconds_total CNI \u200b\u7b49\u5f85\u200b\u8fde\u63a5\u200b\u5c31\u7eea\u200b\u65f6\u95f4\u200b\u3002 Counter cni_wait_route_seconds_total CNI \u200b\u7b49\u5f85\u200b\u8def\u7531\u200b\u5c31\u7eea\u200b\u65f6\u95f4\u200b\u3002 Histogram rest_client_request_latency_seconds \u200b\u8bf7\u6c42\u200b apiserver \u200b\u5ef6\u8fdf\u200b\u3002 Counter rest_client_requests_total \u200b\u8bf7\u6c42\u200b apiserver \u200b\u6570\u91cf\u200b\u3002 Counter lists_total API list \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary list_duration_seconds API list \u200b\u8bf7\u6c42\u200b\u5ef6\u8fdf\u200b\u3002 Summary items_per_list API list \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Counter watches_total API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Counter short_watches_total \u200b\u77ed\u65f6\u95f4\u200b API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary watch_duration_seconds API watch \u200b\u6301\u7eed\u65f6\u95f4\u200b\u3002 Summary items_per_watch API watch \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Gauge last_resource_version \u200b\u6700\u65b0\u200b\u7684\u200b resource version\u3002 Histogram ovs_client_request_latency_milliseconds \u200b\u8bf7\u6c42\u200b OVN \u200b\u7ec4\u4ef6\u200b\u5ef6\u8fdf\u200b\u3002 \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/ovs-ovn-customized/","title":"\u5bf9\u200b\u4e0a\u6e38\u200b OVS/OVN \u200b\u4fee\u6539","text":"\u200b\u4e0a\u6e38\u200b OVN/OVS \u200b\u6700\u521d\u200b\u8bbe\u8ba1\u200b\u76ee\u6807\u200b\u4e3a\u200b\u901a\u7528\u200b SDN \u200b\u63a7\u5236\u5668\u200b\u548c\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u3002\u200b\u7531\u4e8e\u200b Kubernetes \u200b\u7f51\u7edc\u200b\u5b58\u5728\u200b\u4e00\u4e9b\u200b\u7279\u6b8a\u200b\u7684\u200b\u7528\u6cd5\u200b\uff0c \u200b\u5e76\u4e14\u200b Kube-OVN \u200b\u53ea\u200b\u91cd\u70b9\u200b\u4f7f\u7528\u200b\u4e86\u200b\u90e8\u5206\u200b\u529f\u80fd\u200b\uff0c\u200b\u4e3a\u4e86\u200b \u200b\u8fbe\u5230\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u3001\u200b\u7a33\u5b9a\u6027\u200b\u548c\u200b\u7279\u5b9a\u200b\u7684\u200b\u529f\u80fd\u200b\uff0cKube-OVN \u200b\u5bf9\u200b\u4e0a\u6e38\u200b OVN/OVS \u200b\u505a\u200b\u4e86\u200b\u90e8\u5206\u200b\u4fee\u6539\u200b\u3002\u200b\u7528\u6237\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b\u81ea\u5df1\u200b\u7684\u200b OVN/OVS \u200b\u914d\u5408\u200b Kube-OVN \u200b\u7684\u200b\u63a7\u5236\u5668\u200b\u8fdb\u884c\u200b\u5de5\u4f5c\u200b\u65f6\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b \u200b\u4e0b\u8ff0\u200b\u7684\u200b\u6539\u52a8\u200b\u53ef\u80fd\u200b\u9020\u6210\u200b\u7684\u200b\u5f71\u54cd\u200b\u3002
\u200b\u672a\u5408\u5165\u200b\u4e0a\u6e38\u200b\u4fee\u6539\u200b\uff1a
- 38df6fa3f7 \u200b\u8c03\u6574\u200b\u9009\u4e3e\u200b timer\uff0c\u200b\u907f\u514d\u200b\u5927\u89c4\u6a21\u200b\u96c6\u7fa4\u200b\u9009\u4e3e\u200b\u6296\u52a8\u200b\u3002
- d4888c4e75 \u200b\u6dfb\u52a0\u200b fdb \u200b\u66f4\u65b0\u200b\u65e5\u5fd7\u200b\u3002
- d4888c4e75 \u200b\u4fee\u590d\u200b hairpin \u200b\u73af\u5883\u200b\u4e0b\u200b fdb \u200b\u5b66\u4e60\u200b\u9519\u8bef\u200b\u7684\u200b\u95ee\u9898\u200b\u3002
- 9a81b91368 \u200b\u4e3a\u200b ovsdb-tool \u200b\u7684\u200b join-cluster \u200b\u5b50\u200b\u547d\u4ee4\u200b\u6dfb\u52a0\u200b Server ID \u200b\u53c2\u6570\u200b\u3002
- 62d4969877 \u200b\u4fee\u590d\u200b\u5f00\u542f\u200b SSL \u200b\u540e\u200b OVSDB \u200b\u76d1\u542c\u200b\u5730\u5740\u200b\u9519\u8bef\u200b\u7684\u200b\u95ee\u9898\u200b\u3002
- 0700cb90f9 \u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u975e\u200b Service \u200b\u6d41\u91cf\u200b\u7ed5\u8fc7\u200b conntrack \u200b\u4ee5\u200b\u63d0\u9ad8\u200b\u7279\u5b9a\u200b\u6570\u636e\u94fe\u200b\u8def\u200b\u6027\u80fd\u200b\u3002
- c48049a64f ECMP \u200b\u7b97\u6cd5\u200b\u7531\u200b dp_hash \u200b\u8c03\u6574\u200b\u4e3a\u200b hash\uff0c\u200b\u907f\u514d\u200b\u90e8\u5206\u200b\u5185\u6838\u200b\u51fa\u73b0\u200b\u7684\u200b\u54c8\u5e0c\u200b\u9519\u8bef\u200b\u95ee\u9898\u200b\u3002
- 64383c14a9 \u200b\u4fee\u590d\u200b Windows \u200b\u4e0b\u200b\u5185\u6838\u200b Crash \u200b\u95ee\u9898\u200b\u3002
- 08a95db2ca \u200b\u652f\u6301\u200b Windows \u200b\u4e0b\u200b\u7684\u200b github action \u200b\u6784\u5efa\u200b\u3002
- 680e77a190 Windows \u200b\u4e0b\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b tcp \u200b\u76d1\u542c\u200b\u3002
- 05e57b3227 \u200b\u652f\u6301\u200b Windows \u200b\u7f16\u8bd1\u200b\u3002
- b3801ecb73 \u200b\u4fee\u6539\u200b\u6e90\u200b\u8def\u7531\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\u3002
- 977e569539 \u200b\u4fee\u590d\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b Pod \u200b\u6570\u91cf\u200b\u8fc7\u591a\u200b\u5bfc\u81f4\u200b OVS \u200b\u6d41\u8868\u200b resubmit \u200b\u6b21\u6570\u200b\u8d85\u8fc7\u200b\u4e0a\u9650\u200b\u7684\u200b\u95ee\u9898\u200b\u3002
- 45a4a22161 ovn-nbctl\uff1avips \u200b\u4e3a\u200b\u7a7a\u65f6\u200b\u4e0d\u200b\u5220\u9664\u200b Load Balancer\u3002
- 540592b9ff DNAT \u200b\u540e\u200b\u66ff\u6362\u200b Mac \u200b\u5730\u5740\u200b\u4e3a\u200b\u76ee\u6807\u200b\u5730\u5740\u200b\uff0c\u200b\u51cf\u5c11\u200b\u989d\u5916\u200b\u6027\u80fd\u200b\u5f00\u9500\u200b\u3002
- 10972d9632 \u200b\u4fee\u590d\u200b vswitchd ofport_usage \u200b\u5185\u5b58\u200b\u6cc4\u9732\u200b\u3002
\u200b\u5df2\u5408\u5165\u200b\u4e0a\u6e38\u200b\u4fee\u6539\u200b\uff1a
- 20626ea909 \u200b\u7ec4\u64ad\u200b\u6d41\u91cf\u200b\u7ed5\u8fc7\u200b LB \u200b\u548c\u200b ACL \u200b\u5904\u7406\u200b\u9636\u6bb5\u200b\uff0c\u200b\u4ee5\u200b\u63d0\u9ad8\u200b\u7279\u5b9a\u200b\u6570\u636e\u94fe\u200b\u8def\u200b\u6027\u80fd\u200b\u3002
- a2d9ff3ccd Deb \u200b\u6784\u5efa\u200b\u589e\u52a0\u200b\u7f16\u8bd1\u200b\u4f18\u5316\u200b\u9009\u9879\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/tunnel-protocol/","title":"\u96a7\u9053\u200b\u534f\u8bae\u200b\u8bf4\u660e","text":"Kube-OVN \u200b\u4f7f\u7528\u200b OVN/OVS \u200b\u4f5c\u4e3a\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u5b9e\u73b0\u200b\uff0c\u200b\u76ee\u524d\u200b\u652f\u6301\u200b Geneve\uff0cVxlan \u200b\u548c\u200b STT \u200b\u4e09\u79cd\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\u3002 \u200b\u8fd9\u200b\u4e09\u79cd\u200b\u534f\u8bae\u200b\u5728\u200b\u529f\u80fd\u200b\uff0c\u200b\u6027\u80fd\u200b\u548c\u200b\u6613\u7528\u6027\u200b\u4e0a\u200b\u5b58\u5728\u200b\u7740\u200b\u533a\u522b\u200b\uff0c\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u200b\u4ecb\u7ecd\u200b\u4e09\u79cd\u200b\u534f\u8bae\u200b\u5728\u200b\u4f7f\u7528\u200b\u4e2d\u200b\u7684\u200b\u5dee\u5f02\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u200b\u6839\u636e\u200b\u81ea\u5df1\u200b\u7684\u200b\u60c5\u51b5\u200b\u8fdb\u884c\u200b\u9009\u62e9\u200b\u3002
"},{"location":"reference/tunnel-protocol/#geneve","title":"Geneve","text":"Geneve \u200b\u534f\u8bae\u200b\u4e3a\u200b Kube-OVN \u200b\u90e8\u7f72\u200b\u65f6\u200b\u9009\u62e9\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\uff0c\u200b\u4e5f\u200b\u662f\u200b OVN \u200b\u9ed8\u8ba4\u200b\u63a8\u8350\u200b\u7684\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\u3002\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u200b\u5f97\u5230\u200b\u4e86\u200b\u5e7f\u6cdb\u200b\u7684\u200b\u652f\u6301\u200b\uff0c \u200b\u5e76\u200b\u53ef\u4ee5\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b\u901a\u7528\u200b Offload \u200b\u80fd\u529b\u200b\u8fdb\u884c\u200b\u52a0\u901f\u200b\u3002\u200b\u7531\u4e8e\u200b Geneve \u200b\u6709\u7740\u200b\u53ef\u53d8\u200b\u957f\u200b\u7684\u200b\u5934\u90e8\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b 24bit \u200b\u7a7a\u95f4\u200b\u6765\u200b\u6807\u5fd7\u200b\u4e0d\u540c\u200b\u7684\u200b datapath \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u521b\u5efa\u200b\u66f4\u200b\u591a\u200b\u6570\u91cf\u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b Mellanox \u200b\u6216\u200b\u82af\u542f\u6e90\u200b\u7684\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b OVS \u200b\u5378\u8f7d\u200b\uff0cGeneve \u200b\u9700\u8981\u200b\u8f83\u200b\u9ad8\u200b\u7248\u672c\u200b\u7684\u200b\u5185\u6838\u200b\u652f\u6301\u200b\uff0c\u200b\u9700\u8981\u200b\u9009\u62e9\u200b 5.4 \u200b\u4ee5\u4e0a\u200b\u7684\u200b\u4e0a\u6e38\u200b\u5185\u6838\u200b\uff0c \u200b\u6216\u200b backport \u200b\u4e86\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u5176\u4ed6\u200b\u517c\u5bb9\u200b\u5185\u6838\u200b\u3002
\u200b\u7531\u4e8e\u200b\u4f7f\u7528\u200b UDP \u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5904\u7406\u200b TCP over UDP \u200b\u65f6\u200b\u4e0d\u80fd\u200b\u5f88\u200b\u597d\u200b\u7684\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b TCP \u200b\u76f8\u5173\u200b\u5378\u8f7d\u200b\uff0c\u200b\u5728\u200b\u5904\u7406\u200b\u5927\u5305\u200b\u65f6\u4f1a\u200b\u6d88\u8017\u200b\u8f83\u200b\u591a\u200b CPU \u200b\u8d44\u6e90\u200b\u3002
"},{"location":"reference/tunnel-protocol/#vxlan","title":"Vxlan","text":"Vxlan \u200b\u4e3a\u200b\u4e0a\u6e38\u200b OVN \u200b\u8fd1\u671f\u200b\u652f\u6301\u200b\u7684\u200b\u534f\u8bae\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u200b\u5f97\u5230\u200b\u4e86\u200b\u5e7f\u6cdb\u200b\u7684\u200b\u652f\u6301\u200b\uff0c \u200b\u5e76\u200b\u53ef\u4ee5\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b\u901a\u7528\u200b Offload \u200b\u80fd\u529b\u200b\u8fdb\u884c\u200b\u52a0\u901f\u200b\u3002 \u200b\u7531\u4e8e\u200b\u8be5\u200b\u534f\u8bae\u200b\u5934\u90e8\u200b\u957f\u5ea6\u200b\u6709\u9650\u200b\uff0c\u200b\u5e76\u4e14\u200b OVN \u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u989d\u5916\u200b\u7684\u200b\u7a7a\u95f4\u200b\u8fdb\u884c\u200b\u7f16\u6392\u200b\uff0cdatapath \u200b\u7684\u200b\u6570\u91cf\u200b\u5b58\u5728\u200b\u9650\u5236\u200b\uff0c\u200b\u6700\u200b\u591a\u200b\u53ea\u80fd\u200b\u521b\u5efa\u200b 4096 \u200b\u4e2a\u200b datapath\uff0c \u200b\u6bcf\u4e2a\u200b datapath \u200b\u4e0b\u200b\u6700\u200b\u591a\u200b 4096 \u200b\u4e2a\u200b\u7aef\u53e3\u200b\u3002\u200b\u540c\u65f6\u200b\u7531\u4e8e\u200b\u7a7a\u95f4\u200b\u6709\u9650\u200b\uff0c\u200b\u57fa\u4e8e\u200b inport \u200b\u7684\u200b ACL \u200b\u6ca1\u6709\u200b\u8fdb\u884c\u200b\u652f\u6301\u200b\u3002
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b Mellanox \u200b\u6216\u200b\u82af\u542f\u6e90\u200b\u7684\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b OVS \u200b\u5378\u8f7d\u200b\uff0cVxlan \u200b\u7684\u200b\u5378\u8f7d\u200b\u5728\u200b\u5e38\u89c1\u200b\u5185\u6838\u200b\u4e2d\u200b\u5df2\u200b\u83b7\u5f97\u200b\u652f\u6301\u200b\u3002
\u200b\u7531\u4e8e\u200b\u4f7f\u7528\u200b UDP \u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5904\u7406\u200b TCP over UDP \u200b\u65f6\u200b\u4e0d\u80fd\u200b\u5f88\u200b\u597d\u200b\u7684\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b TCP \u200b\u76f8\u5173\u200b\u5378\u8f7d\u200b\uff0c\u200b\u5728\u200b\u5904\u7406\u200b\u5927\u5305\u200b\u65f6\u4f1a\u200b\u6d88\u8017\u200b\u8f83\u200b\u591a\u200b CPU \u200b\u8d44\u6e90\u200b\u3002
"},{"location":"reference/tunnel-protocol/#stt","title":"STT","text":"STT \u200b\u534f\u8bae\u200b\u4e3a\u200b OVN \u200b\u8f83\u200b\u65e9\u200b\u652f\u6301\u200b\u7684\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u4f7f\u7528\u200b\u7c7b\u200b TCP \u200b\u7684\u200b\u5934\u90e8\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5145\u5206\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u901a\u7528\u200b\u7684\u200b TCP \u200b\u5378\u8f7d\u200b\u80fd\u529b\u200b\uff0c\u200b\u5927\u5e45\u200b\u63d0\u5347\u200b TCP \u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u3002\u200b\u540c\u65f6\u200b\u8be5\u200b\u534f\u8bae\u200b\u5934\u90e8\u200b\u8f83\u957f\u200b\u53ef\u200b\u652f\u6301\u200b\u5b8c\u6574\u200b\u7684\u200b OVN \u200b\u80fd\u529b\u200b\u548c\u200b\u5927\u89c4\u6a21\u200b\u7684\u200b datapath\u3002
\u200b\u8be5\u200b\u534f\u8bae\u200b\u672a\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u200b\u652f\u6301\u200b\uff0c\u200b\u82e5\u200b\u8981\u200b\u4f7f\u7528\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\uff0c\u200b\u5e76\u200b\u5728\u200b\u5347\u7ea7\u200b\u5185\u6838\u200b\u65f6\u200b\u5bf9\u5e94\u200b\u518d\u6b21\u200b\u7f16\u8bd1\u200b\u65b0\u200b\u7248\u672c\u200b\u5185\u6838\u6a21\u5757\u200b\u3002
\u200b\u8be5\u200b\u534f\u8bae\u200b\u76ee\u524d\u200b\u672a\u200b\u88ab\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b\u652f\u6301\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b OVS \u200b\u7684\u200b\u5378\u8f7d\u200b\u80fd\u529b\u200b\u3002
"},{"location":"reference/tunnel-protocol/#_2","title":"\u53c2\u8003\u8d44\u6599","text":" - https://ipwithease.com/vxlan-vs-geneve-understand-the-difference/
- OVN FAQ
- What is Geneve
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/underlay-topology/","title":"Underlay \u200b\u6d41\u91cf\u200b\u62d3\u6251","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u6d41\u91cf\u200b\u5728\u200b\u4e0d\u540c\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u7684\u200b\u8f6c\u53d1\u200b\u8def\u5f84\u200b\u3002
"},{"location":"reference/underlay-topology/#_1","title":"\u540c\u200b\u8282\u70b9\u200b\u540c\u200b\u5b50\u7f51","text":"\u200b\u5185\u90e8\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u76f4\u63a5\u200b\u4ea4\u6362\u200b\u6570\u636e\u5305\u200b\uff0c\u200b\u4e0d\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
"},{"location":"reference/underlay-topology/#_2","title":"\u8de8\u200b\u8282\u70b9\u200b\u540c\u200b\u5b50\u7f51","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u3002
"},{"location":"reference/underlay-topology/#_3","title":"\u540c\u200b\u8282\u70b9\u200b\u4e0d\u540c\u200b\u5b50\u7f51","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u53ca\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u548c\u200b\u8def\u7531\u200b\u8f6c\u53d1\u200b\u3002
\u200b\u6b64\u5904\u200b br-provider-1 \u200b\u548c\u200b br-provider-2 \u200b\u53ef\u4ee5\u200b\u662f\u200b\u540c\u4e00\u4e2a\u200b OVS \u200b\u7f51\u6865\u200b\uff0c\u200b\u5373\u200b\u591a\u4e2a\u200b\u4e0d\u540c\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b Provider Network\u3002
"},{"location":"reference/underlay-topology/#_4","title":"\u8de8\u200b\u8282\u70b9\u200b\u4e0d\u540c\u200b\u5b50\u7f51","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u53ca\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u548c\u200b\u8def\u7531\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"reference/underlay-topology/#_5","title":"\u8bbf\u95ee\u200b\u5916\u90e8","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u53ca\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u548c\u200b\u8def\u7531\u200b\u8f6c\u53d1\u200b\u3002
\u200b\u8282\u70b9\u200b\u4e0e\u200b Pod \u200b\u4e4b\u95f4\u200b\u7684\u200b\u901a\u4fe1\u200b\u5927\u4f53\u4e0a\u200b\u4e5f\u200b\u9075\u5faa\u200b\u6b64\u200b\u903b\u8f91\u200b\u3002
"},{"location":"reference/underlay-topology/#vlan-tag","title":"\u65e0\u200b Vlan Tag \u200b\u4e0b\u200b\u603b\u89c8","text":""},{"location":"reference/underlay-topology/#vlan","title":"\u591a\u200b VLAN \u200b\u603b\u89c8","text":""},{"location":"reference/underlay-topology/#pod-service-ip","title":"Pod \u200b\u8bbf\u95ee\u200b Service IP","text":"Kube-OVN \u200b\u4e3a\u200b\u6bcf\u4e2a\u200b Kubernetes Service \u200b\u5728\u200b\u6bcf\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u4e0a\u200b\u914d\u7f6e\u200b\u4e86\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u3002 \u200b\u5f53\u200b Pod \u200b\u901a\u8fc7\u200b\u8bbf\u95ee\u200b Service IP \u200b\u8bbf\u95ee\u200b\u5176\u5b83\u200b Pod \u200b\u65f6\u200b\uff0c\u200b\u4f1a\u200b\u6784\u9020\u200b\u4e00\u4e2a\u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u4e3a\u200b Service IP\u3001\u200b\u76ee\u7684\u200b MAC \u200b\u5730\u5740\u200b\u4e3a\u200b\u7f51\u5173\u200b MAC \u200b\u5730\u5740\u200b\u7684\u200b\u7f51\u7edc\u200b\u5305\u200b\u3002 \u200b\u7f51\u7edc\u200b\u5305\u200b\u8fdb\u5165\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u540e\u200b\uff0c\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u4f1a\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u5305\u200b\u8fdb\u884c\u200b\u62e6\u622a\u200b\u548c\u200b DNAT \u200b\u5904\u7406\u200b\uff0c\u200b\u5c06\u200b\u76ee\u7684\u200b IP \u200b\u548c\u200b\u7aef\u53e3\u200b\u4fee\u6539\u200b\u4e3a\u200b Service \u200b\u5bf9\u5e94\u200b\u7684\u200b\u67d0\u4e2a\u200b Endpoint \u200b\u7684\u200b IP \u200b\u548c\u200b\u7aef\u53e3\u200b\u3002 \u200b\u7531\u4e8e\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u5e76\u672a\u200b\u4fee\u6539\u200b\u7f51\u7edc\u200b\u5305\u200b\u7684\u200b\u4e8c\u5c42\u200b\u76ee\u7684\u200b MAC \u200b\u5730\u5740\u200b\uff0c\u200b\u7f51\u7edc\u200b\u5305\u200b\u5728\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u540e\u200b\u4ecd\u7136\u200b\u4f1a\u200b\u9001\u5230\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\uff0c\u200b\u6b64\u65f6\u200b\u9700\u8981\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u5305\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"reference/underlay-topology/#service-pod","title":"Service \u200b\u540e\u7aef\u200b\u4e3a\u200b\u540c\u200b\u8282\u70b9\u200b\u540c\u200b\u5b50\u7f51\u200b Pod","text":""},{"location":"reference/underlay-topology/#service-pod_1","title":"Service \u200b\u540e\u7aef\u200b\u4e3a\u200b\u540c\u200b\u8282\u70b9\u200b\u4e0d\u540c\u200b\u5b50\u7f51\u200b Pod","text":" \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/one-step-install/","title":"\u4e00\u952e\u200b\u5b89\u88c5","text":"Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u5feb\u901f\u200b\u5b89\u88c5\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b\uff0c\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b Kube-OVN \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u90e8\u7f72\u200b\u4e3a\u200b Overlay \u200b\u7c7b\u578b\u200b\u7f51\u7edc\u200b\u3002
\u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u652f\u6301\u200b Helm Chart \u200b\u5b89\u88c5\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u90e8\u7f72\u200b\u4e3a\u200b Overlay \u200b\u7c7b\u578b\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5982\u679c\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u642d\u5efa\u200b Underlay/Vlan \u200b\u7f51\u7edc\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b Underlay \u200b\u7f51\u7edc\u200b\u652f\u6301\u200b\u3002
\u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u53c2\u8003\u200b\u51c6\u5907\u200b\u5de5\u4f5c\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b\u3002
"},{"location":"start/one-step-install/#_2","title":"\u811a\u672c\u200b\u5b89\u88c5","text":""},{"location":"start/one-step-install/#_3","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c","text":"\u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u5728\u200b\u751f\u4ea7\u200b\u73af\u5883\u200b\u4f7f\u7528\u200b\u7a33\u5b9a\u200b\u7684\u200b release \u200b\u7248\u672c\u200b\uff0c\u200b\u8bf7\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u200b\u7a33\u5b9a\u200b\u7248\u672c\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u5982\u679c\u200b\u5bf9\u200b master \u200b\u5206\u652f\u200b\u7684\u200b\u6700\u65b0\u200b\u529f\u80fd\u200b\u611f\u5174\u8da3\u200b\uff0c\u200b\u60f3\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u200b\u5f00\u53d1\u200b\u7248\u672c\u200b\u90e8\u7f72\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/images/install.sh\n
"},{"location":"start/one-step-install/#_4","title":"\u4fee\u6539\u200b\u914d\u7f6e\u200b\u53c2\u6570","text":"\u200b\u4f7f\u7528\u200b\u7f16\u8f91\u5668\u200b\u6253\u5f00\u200b\u811a\u672c\u200b\uff0c\u200b\u5e76\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53d8\u91cf\u200b\u4e3a\u200b\u9884\u671f\u200b\u503c\u200b\uff1a
REGISTRY=\"kubeovn\" # \u200b\u955c\u50cf\u200b\u4ed3\u5e93\u200b\u5730\u5740\u200b\nVERSION=\"v1.12.12\" # \u200b\u955c\u50cf\u200b\u7248\u672c\u200b/Tag\nPOD_CIDR=\"10.16.0.0/16\" # \u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/JOIN CIDR \u200b\u91cd\u53e0\u200b\nSVC_CIDR=\"10.96.0.0/12\" # \u200b\u9700\u8981\u200b\u548c\u200b apiserver \u200b\u7684\u200b service-cluster-ip-range \u200b\u4fdd\u6301\u4e00\u81f4\u200b\nJOIN_CIDR=\"100.64.0.0/16\" # Pod \u200b\u548c\u200b\u4e3b\u673a\u200b\u901a\u4fe1\u200b\u7f51\u7edc\u200b CIDR\uff0c\u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/POD CIDR \u200b\u91cd\u53e0\u200b \nLABEL=\"node-role.kubernetes.io/master\" # \u200b\u90e8\u7f72\u200b OVN DB \u200b\u8282\u70b9\u200b\u7684\u200b\u6807\u7b7e\u200b\nIFACE=\"\" # \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b\u7684\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u5982\u679c\u200b\u4e3a\u200b\u7a7a\u5219\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b Node IP \u200b\u6240\u5728\u200b\u7f51\u5361\u200b\nTUNNEL_TYPE=\"geneve\" # \u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\uff0c\u200b\u53ef\u200b\u9009\u200b geneve, vxlan \u200b\u6216\u200b stt\uff0cstt \u200b\u9700\u8981\u200b\u5355\u72ec\u200b\u7f16\u8bd1\u200b ovs \u200b\u5185\u6838\u6a21\u5757\u200b\n
\u200b\u53ef\u200b\u4f7f\u7528\u200b\u6b63\u5219\u8868\u8fbe\u5f0f\u200b\u6765\u200b\u5339\u914d\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u4f8b\u5982\u200b IFACE=enp6s0f0,eth.*\u3002
"},{"location":"start/one-step-install/#_5","title":"\u6267\u884c\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"bash install.sh
\u200b\u7b49\u5f85\u200b\u5b89\u88c5\u200b\u5b8c\u6210\u200b\u3002
"},{"location":"start/one-step-install/#helm-chart","title":"Helm Chart \u200b\u5b89\u88c5","text":"\u200b\u7531\u4e8e\u200b Kube-OVN \u200b\u7684\u200b\u5b89\u88c5\u200b\uff0c\u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e00\u4e9b\u200b\u53c2\u6570\u200b\uff0c\u200b\u56e0\u6b64\u200b\u4f7f\u7528\u200b Helm \u200b\u5b89\u88c5\u200b Kube-OVN\uff0c\u200b\u9700\u8981\u200b\u6309\u7167\u200b\u4ee5\u4e0b\u200b\u6b65\u9aa4\u200b\u6267\u884c\u200b\u3002
"},{"location":"start/one-step-install/#ip","title":"\u67e5\u770b\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740","text":"$ kubectl get node -o wide\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\nkube-ovn-control-plane NotReady control-plane 20h v1.26.0 172.18.0.3 <none> Ubuntu 22.04.1 LTS 5.10.104-linuxkit containerd://1.6.9\nkube-ovn-worker NotReady <none> 20h v1.26.0 172.18.0.2 <none> Ubuntu 22.04.1 LTS 5.10.104-linuxkit containerd://1.6.9\n
"},{"location":"start/one-step-install/#master","title":"\u53bb\u6389\u200b\u96c6\u7fa4\u200b master \u200b\u8282\u70b9\u200b\u6c61\u70b9","text":"$ kubectl taint node kube-ovn-control-plane node-role.kubernetes.io/control-plane:NoSchedule-\nnode/kube-ovn-control-plane untainted\n
\u200b\u5982\u679c\u200b\u786e\u5b9a\u200b\u4e0d\u200b\u9700\u8981\u200b\u5728\u200b master \u200b\u8282\u70b9\u200b\u8c03\u5ea6\u200b\u4e1a\u52a1\u200b Pod\uff0c\u200b\u8fd9\u200b\u4e00\u6b65\u200b\u53ef\u4ee5\u200b\u8df3\u8fc7\u200b\u3002
"},{"location":"start/one-step-install/#label","title":"\u7ed9\u200b\u8282\u70b9\u200b\u6dfb\u52a0\u200b label","text":"$ kubectl label node -lbeta.kubernetes.io/os=linux kubernetes.io/os=linux --overwrite\nnode/kube-ovn-control-plane not labeled\nnode/kube-ovn-worker not labeled\n\n$ kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=master --overwrite\nnode/kube-ovn-control-plane labeled\n\n# \u200b\u4ee5\u4e0b\u200b label \u200b\u7528\u4e8e\u200b dpdk \u200b\u955c\u50cf\u200b\u7684\u200b\u5b89\u88c5\u200b\uff0c\u200b\u975e\u200b dpdk \u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5ffd\u7565\u200b\n$ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel --overwrite\nnode/kube-ovn-control-plane labeled\nnode/kube-ovn-worker labeled\n
"},{"location":"start/one-step-install/#helm-repo","title":"\u6dfb\u52a0\u200b Helm Repo \u200b\u4fe1\u606f","text":"$ helm repo add kubeovn https://kubeovn.github.io/kube-ovn/\n\"kubeovn\" has been added to your repositories\n\n$ helm repo list\nNAME URL\nkubeovn https://kubeovn.github.io/kube-ovn/\n\n$ helm search repo kubeovn\nNAME CHART VERSION APP VERSION DESCRIPTION\nkubeovn/kube-ovn 0.1.0 1.12.0 Helm chart for Kube-OVN\n
"},{"location":"start/one-step-install/#helm-install-kube-ovn","title":"\u6267\u884c\u200b helm install \u200b\u5b89\u88c5\u200b Kube-OVN","text":"Node0IP\u3001Node1IP\u3001Node2IP \u200b\u53c2\u6570\u200b\u5206\u522b\u200b\u4e3a\u200b\u96c6\u7fa4\u200b master \u200b\u8282\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002\u200b\u5176\u4ed6\u200b\u53c2\u6570\u200b\u7684\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b values.yaml \u200b\u6587\u4ef6\u200b\u4e2d\u200b\u53d8\u91cf\u200b\u5b9a\u4e49\u200b\u3002
# \u200b\u5355\u200b master \u200b\u8282\u70b9\u200b\u73af\u5883\u200b\u5b89\u88c5\u200b\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=${Node0IP}\n\n# \u200b\u4ee5\u4e0a\u200b\u8fb9\u200b\u7684\u200b node \u200b\u4fe1\u606f\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u6267\u884c\u200b\u5b89\u88c5\u200b\u547d\u4ee4\u200b\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=172.18.0.3\nNAME: kube-ovn\nLAST DEPLOYED: Fri Mar 31 12:43:43 2023\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\n\n# \u200b\u9ad8\u200b\u53ef\u7528\u200b\u96c6\u7fa4\u200b\u5b89\u88c5\u200b\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=${Node0IP}\\,${Node1IP}\\,${Node2IP} --set replicaCount=3\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/prepare/","title":"\u51c6\u5907\u200b\u5de5\u4f5c","text":"Kube-OVN \u200b\u662f\u200b\u4e00\u4e2a\u200b\u7b26\u5408\u200b CNI \u200b\u89c4\u8303\u200b\u7684\u200b\u7f51\u7edc\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u5176\u200b\u8fd0\u884c\u200b\u9700\u8981\u200b\u4f9d\u8d56\u200b Kubernetes \u200b\u73af\u5883\u200b\u53ca\u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u6838\u200b\u7f51\u7edc\u200b\u6a21\u5757\u200b\u3002 \u200b\u4ee5\u4e0b\u200b\u662f\u200b\u901a\u8fc7\u200b\u6d4b\u8bd5\u200b\u7684\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u548c\u200b\u8f6f\u4ef6\u200b\u7248\u672c\u200b\uff0c\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u548c\u200b\u6240\u200b\u9700\u8981\u200b\u5f00\u653e\u200b\u7684\u200b\u7aef\u53e3\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"start/prepare/#_2","title":"\u8f6f\u4ef6\u200b\u7248\u672c","text":" - Kubernetes >= 1.23\u3002
- Docker >= 1.12.6, Containerd >= 1.3.4\u3002
- \u200b\u64cd\u4f5c\u7cfb\u7edf\u200b: CentOS 7/8, Ubuntu 16.04/18.04/20.04\u3002
- \u200b\u5176\u4ed6\u200b Linux \u200b\u53d1\u884c\u7248\u200b\uff0c\u200b\u9700\u8981\u200b\u68c0\u67e5\u4e00\u4e0b\u200b\u5185\u6838\u6a21\u5757\u200b\u662f\u5426\u200b\u5b58\u5728\u200b
geneve, openvswitch, ip_tables \u200b\u548c\u200b iptable_nat\uff0cKube-OVN \u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\u4f9d\u8d56\u200b\u4e0a\u8ff0\u200b\u6a21\u5757\u200b\u3002
\u200b\u6ce8\u610f\u4e8b\u9879\u200b\uff1a
- \u200b\u5982\u679c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e3a\u200b 3.10.0-862 \u200b\u5185\u6838\u200b
netfilter \u200b\u6a21\u5757\u200b\u5b58\u5728\u200b bug \u200b\u4f1a\u200b\u5bfc\u81f4\u200b Kube-OVN \u200b\u5185\u7f6e\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u5668\u200b\u65e0\u6cd5\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u200b\u5185\u6838\u200b\u5347\u7ea7\u200b\uff0c\u200b\u5efa\u8bae\u200b\u4f7f\u7528\u200b CentOS \u200b\u5b98\u65b9\u200b\u5bf9\u5e94\u200b\u7248\u672c\u200b\u6700\u65b0\u200b\u5185\u6838\u200b\u4fdd\u8bc1\u7cfb\u7edf\u200b\u7684\u200b\u5b89\u5168\u200b\u3002\u200b\u76f8\u5173\u200b\u5185\u6838\u200b bug \u200b\u53c2\u8003\u200b Floating IPs broken after kernel upgrade to Centos/RHEL 7.5 - DNAT not working\u3002 - Rocky Linux 8.6 \u200b\u7684\u200b\u5185\u6838\u200b 4.18.0-372.9.1.el8.x86_64 \u200b\u5b58\u5728\u200b TCP \u200b\u901a\u4fe1\u200b\u95ee\u9898\u200b TCP connection failed in Rocky Linux 8.6\uff0c\u200b\u8bf7\u200b\u5347\u7ea7\u200b\u5185\u6838\u200b\u81f3\u200b 4.18.0-372.13.1.el8_6.x86_64 \u200b\u6216\u200b\u66f4\u200b\u9ad8\u200b\u7248\u672c\u200b\u3002
- \u200b\u5982\u679c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e3a\u200b 4.4 \u200b\u5219\u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u6838\u200b
openvswitch \u200b\u6a21\u5757\u200b\u5b58\u5728\u200b\u95ee\u9898\u200b\uff0c\u200b\u5efa\u8bae\u200b\u5347\u7ea7\u200b\u6216\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b openvswitch \u200b\u65b0\u200b\u7248\u672c\u200b\u6a21\u5757\u200b\u8fdb\u884c\u200b\u66f4\u65b0\u200b - Geneve \u200b\u96a7\u9053\u200b\u5efa\u7acb\u200b\u9700\u8981\u200b\u68c0\u67e5\u200b IPv6\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b
cat /proc/cmdline \u200b\u68c0\u67e5\u200b\u5185\u6838\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff0c \u200b\u76f8\u5173\u200b\u5185\u6838\u200b bug \u200b\u8bf7\u200b\u53c2\u8003\u200b Geneve tunnels don't work when ipv6 is disabled\u3002
"},{"location":"start/prepare/#_3","title":"\u73af\u5883\u200b\u914d\u7f6e","text":" - Kernel \u200b\u542f\u52a8\u200b\u9700\u8981\u200b\u5f00\u542f\u200b IPv6, \u200b\u5982\u679c\u200b kernel \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u5305\u542b\u200b
ipv6.disable=1 \u200b\u9700\u8981\u200b\u5c06\u200b\u5176\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b 0\u3002 kube-proxy \u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\uff0cKube-OVN \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Service ClusterIP \u200b\u8bbf\u95ee\u200b\u5230\u200b kube-apiserver\u3002- \u200b\u786e\u8ba4\u200b kubelet \u200b\u914d\u7f6e\u200b\u53c2\u6570\u200b\u5f00\u542f\u200b\u4e86\u200b CNI\uff0c\u200b\u5e76\u4e14\u200b\u914d\u7f6e\u200b\u5728\u200b\u6807\u51c6\u200b\u8def\u5f84\u200b\u4e0b\u200b, kubelet \u200b\u542f\u52a8\u200b\u65f6\u5e94\u200b\u5305\u542b\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b
--network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-conf-dir=/etc/cni/net.d\u3002 - \u200b\u786e\u8ba4\u200b\u672a\u200b\u5b89\u88c5\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u6216\u8005\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u5df2\u7ecf\u200b\u88ab\u200b\u6e05\u9664\u200b\uff0c\u200b\u68c0\u67e5\u200b
/etc/cni/net.d/ \u200b\u8def\u5f84\u200b\u4e0b\u200b\u65e0\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u914d\u7f6e\u6587\u4ef6\u200b\u3002\u200b\u5982\u679c\u200b\u4e4b\u524d\u200b\u5b89\u88c5\u200b\u8fc7\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u5efa\u8bae\u200b\u5220\u9664\u200b\u540e\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u6e05\u7406\u200b\u6b8b\u7559\u200b\u7f51\u7edc\u8d44\u6e90\u200b\u3002
"},{"location":"start/prepare/#_4","title":"\u7aef\u53e3\u200b\u4fe1\u606f","text":"\u7ec4\u4ef6\u200b \u200b\u7aef\u53e3\u200b \u200b\u7528\u9014\u200b ovn-central 6641/tcp, 6642/tcp, 6643/tcp, 6644/tcp ovn-db \u200b\u548c\u200b raft server \u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b ovs-ovn Geneve 6081/udp, STT 7471/tcp, Vxlan 4789/udp \u200b\u96a7\u9053\u200b\u7aef\u53e3\u200b kube-ovn-controller 10660/tcp \u200b\u76d1\u63a7\u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b kube-ovn-daemon 10665/tcp \u200b\u76d1\u63a7\u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b kube-ovn-monitor 10661/tcp \u200b\u76d1\u63a7\u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/sealos-install/","title":"\u4f7f\u7528\u200b sealos \u200b\u4e00\u952e\u200b\u90e8\u7f72\u200b Kubernetes \u200b\u548c\u200b Kube-OVN","text":"sealos \u200b\u4f5c\u4e3a\u200b Kubernetes \u200b\u7684\u200b\u4e00\u4e2a\u200b\u53d1\u884c\u7248\u200b\uff0c\u200b\u901a\u8fc7\u200b\u6781\u7b80\u200b\u7684\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u548c\u200b\u56fd\u5185\u200b\u7684\u200b\u955c\u50cf\u200b\u4ed3\u5e93\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u7528\u6237\u200b\u5feb\u901f\u200b\u4ece\u200b\u96f6\u200b\u521d\u59cb\u5316\u200b\u4e00\u4e2a\u200b\u5bb9\u5668\u200b\u96c6\u7fa4\u200b\u3002 \u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b sealos \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e00\u6761\u200b\u547d\u4ee4\u200b\u5728\u200b\u51e0\u5206\u949f\u200b\u5185\u200b\u90e8\u7f72\u200b\u51fa\u200b\u4e00\u4e2a\u200b\u5b89\u88c5\u200b\u597d\u200b Kube-OVN \u200b\u7684\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u3002
"},{"location":"start/sealos-install/#sealos","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b sealos","text":"AMD64 ARM64 wget https://github.com/labring/sealos/releases/download/v4.1.4/sealos_4.1.4_linux_amd64.tar.gz && \\\ntar -zxvf sealos_4.1.4_linux_amd64.tar.gz sealos && chmod +x sealos && mv sealos /usr/bin\n
wget https://github.com/labring/sealos/releases/download/v4.1.4/sealos_4.1.4_linux_arm64.tar.gz && \\\ntar -zxvf sealos_4.1.4_linux_arm64.tar.gz sealos && chmod +x sealos && mv sealos /usr/bin\n
"},{"location":"start/sealos-install/#kubernetes-kube-ovn","title":"\u90e8\u7f72\u200b Kubernetes \u200b\u548c\u200b Kube-OVN","text":"```bash\nsealos run labring/kubernetes:v1.24.3 labring/kube-ovn:v1.10.5 \\\n --masters [masters ips seperated by comma] \\\n --nodes [nodes ips seperated by comma] -p [your-ssh-passwd]\n```\n
"},{"location":"start/sealos-install/#_1","title":"\u7b49\u5f85\u200b\u90e8\u7f72\u200b\u5b8c\u6210","text":"```bash\n[Step 6/6] Finish\n\n ,,,,\n ,::,\n ,,::,,,,\n ,,,,,::::::::::::,,,,,\n ,,,::::::::::::::::::::::,,,\n ,,::::::::::::::::::::::::::::,,\n ,,::::::::::::::::::::::::::::::::,,\n ,::::::::::::::::::::::::::::::::::::,\n ,:::::::::::::,, ,,:::::,,,::::::::::,\n ,,:::::::::::::, ,::, ,:::::::::,\n ,:::::::::::::, :x, ,:: :, ,:::::::::,\n,:::::::::::::::, ,,, ,::, ,, ,::::::::::,\n,:::::::::::::::::,,,,,,:::::,,,,::::::::::::, ,:, ,:, ,xx, ,:::::, ,:, ,:: :::, ,x\n,::::::::::::::::::::::::::::::::::::::::::::, :x: ,:xx: , :xx, :xxxxxxxxx, :xx, ,xx:,xxxx, :x\n,::::::::::::::::::::::::::::::::::::::::::::, :xxxxx:, ,xx, :x: :xxx:x::, ::xxxx: :xx:, ,:xxx :xx, ,xx: ,xxxxx:, :x\n,::::::::::::::::::::::::::::::::::::::::::::, :xxxxx, :xx, :x: :xxx,,:xx,:xx:,:xx, ,,,,,,,,,xxx, ,xx: :xx:xx: ,xxx,:xx::x\n,::::::,,::::::::,,::::::::,,:::::::,,,::::::, :x:,xxx: ,xx, :xx :xx: ,xx,xxxxxx:, ,xxxxxxx:,xxx:, ,xxx, :xxx: ,xxx, :xxxx\n,::::, ,::::, ,:::::, ,,::::, ,::::, :x: ,:xx,,:xx::xxxx,,xxx::xx: :xx::::x: ,,,,,, ,xxxxxxxxx, ,xx: ,xxx, :xxx\n,::::, ,::::, ,::::, ,::::, ,::::, ,:, ,:, ,,::,,:, ,::::,, ,:::::, ,,:::::, ,, :x: ,::\n,::::, ,::::, ,::::, ,::::, ,::::,\n ,,,,, ,::::, ,::::, ,::::, ,:::, ,,,,,,,,,,,,,\n ,::::, ,::::, ,::::, ,:::, ,,,:::::::::::::::,\n ,::::, ,::::, ,::::, ,::::, ,,,,:::::::::,,,,,,,:::,\n ,::::, ,::::, ,::::, ,::::::::::::,,,,,\n ,,,, ,::::, ,,,, ,,,::::,,,,\n ,::::,\n ,,::,\n\nThanks for choosing Kube-OVN!\nFor more advanced features, please read https://github.com/kubeovn/kube-ovn#documents\nIf you have any question, please file an issue https://github.com/kubeovn/kube-ovn/issues/new/choose\n2022-08-10T16:31:34 info succeeded in creating a new cluster, enjoy it!\n2022-08-10T16:31:34 info\n ___ ___ ___ ___ ___ ___\n /\\ \\ /\\ \\ /\\ \\ /\\__\\ /\\ \\ /\\ \\\n /::\\ \\ /::\\ \\ /::\\ \\ /:/ / /::\\ \\ /::\\ \\\n /:/\\ \\ \\ /:/\\:\\ \\ /:/\\:\\ \\ /:/ / /:/\\:\\ \\ /:/\\ \\ \\\n _\\:\\~\\ \\ \\ /::\\~\\:\\ \\ /::\\~\\:\\ \\ /:/ / /:/ \\:\\ \\ _\\:\\~\\ \\ \\\n /\\ \\:\\ \\ \\__\\ /:/\\:\\ \\:\\__\\ /:/\\:\\ \\:\\__\\ /:/__/ /:/__/ \\:\\__\\ /\\ \\:\\ \\ \\__\\\n \\:\\ \\:\\ \\/__/ \\:\\~\\:\\ \\/__/ \\/__\\:\\/:/ / \\:\\ \\ \\:\\ \\ /:/ / \\:\\ \\:\\ \\/__/\n \\:\\ \\:\\__\\ \\:\\ \\:\\__\\ \\::/ / \\:\\ \\ \\:\\ /:/ / \\:\\ \\:\\__\\\n \\:\\/:/ / \\:\\ \\/__/ /:/ / \\:\\ \\ \\:\\/:/ / \\:\\/:/ /\n \\::/ / \\:\\__\\ /:/ / \\:\\__\\ \\::/ / \\::/ /\n \\/__/ \\/__/ \\/__/ \\/__/ \\/__/ \\/__/\n\n Website :https://www.sealos.io/\n Address :github.com/labring/sealos\n```\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/underlay/","title":"Underlay \u200b\u7f51\u7edc\u200b\u5b89\u88c5","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Kube-OVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b Geneve \u200b\u5bf9\u200b\u8de8\u200b\u4e3b\u673a\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u5728\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u4e4b\u4e0a\u200b\u62bd\u8c61\u200b\u51fa\u200b\u4e00\u5c42\u200b\u865a\u62df\u200b\u7684\u200b Overlay \u200b\u7f51\u7edc\u200b\u3002
\u200b\u5bf9\u4e8e\u200b\u5e0c\u671b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u7269\u7406\u200b\u7f51\u7edc\u5730\u5740\u200b\u6bb5\u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5c06\u200b Kube-OVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u5de5\u4f5c\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u7ed9\u200b\u5bb9\u5668\u200b\u5206\u914d\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e2d\u200b\u7684\u200b\u5730\u5740\u200b\u8d44\u6e90\u200b\uff0c\u200b\u8fbe\u5230\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u4ee5\u53ca\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u3002
"},{"location":"start/underlay/#_1","title":"\u529f\u80fd\u200b\u9650\u5236","text":"\u200b\u7531\u4e8e\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u8fdb\u884c\u200b\u4e8c\u5c42\u200b\u5305\u8f6c\u53d1\u200b\uff0cOverlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u7684\u200b SNAT/EIP\uff0c \u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b/\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u7b49\u200b L3 \u200b\u529f\u80fd\u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\uff0cVPC \u200b\u7ea7\u522b\u200b\u7684\u200b\u9694\u79bb\u200b\u4e5f\u200b\u65e0\u6cd5\u200b\u5bf9\u200b Underlay \u200b\u5b50\u7f51\u200b\u751f\u6548\u200b\u3002
"},{"location":"start/underlay/#macvlan","title":"\u548c\u200b Macvlan \u200b\u6bd4\u8f83","text":"Kube-OVN \u200b\u7684\u200b Underlay \u200b\u6a21\u5f0f\u200b\u548c\u200b Macvlan \u200b\u5de5\u4f5c\u200b\u6a21\u5f0f\u200b\u5341\u5206\u200b\u7c7b\u4f3c\u200b\uff0c\u200b\u5728\u200b\u529f\u80fd\u200b\u548c\u200b\u6027\u80fd\u200b\u4e0a\u200b\u4e3b\u8981\u200b\u6709\u200b\u4ee5\u4e0b\u200b\u51e0\u4e2a\u200b\u533a\u522b\u200b\uff1a
- \u200b\u7531\u4e8e\u200b Macvlan \u200b\u7684\u200b\u5185\u6838\u200b\u8def\u5f84\u200b\u66f4\u200b\u77ed\u200b\uff0c\u200b\u5e76\u4e14\u200b\u4e0d\u200b\u9700\u8981\u200b OVS \u200b\u5bf9\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u5904\u7406\u200b\uff0cMacvlan \u200b\u5728\u200b\u541e\u5410\u91cf\u200b\u548c\u200b\u5ef6\u8fdf\u200b\u6027\u80fd\u6307\u6807\u200b\u4e0a\u200b\u8868\u73b0\u200b\u4f1a\u200b\u66f4\u597d\u200b\u3002
- Kube-OVN \u200b\u901a\u8fc7\u200b\u6d41\u8868\u200b\u63d0\u4f9b\u200b\u4e86\u200b arp-proxy \u200b\u529f\u80fd\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u7f13\u89e3\u200b\u5927\u89c4\u6a21\u200b\u7f51\u7edc\u200b\u4e0b\u200b\u7684\u200b arp \u200b\u5e7f\u64ad\u200b\u98ce\u66b4\u200b\u98ce\u9669\u200b\u3002
- \u200b\u7531\u4e8e\u200b Macvlan \u200b\u5de5\u4f5c\u200b\u5728\u200b\u5185\u6838\u200b\u5e95\u5c42\u200b\uff0c\u200b\u4f1a\u200b\u7ed5\u8fc7\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b netfilter\uff0cService \u200b\u548c\u200b NetworkPolicy \u200b\u529f\u80fd\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u5f00\u53d1\u200b\u3002Kube-OVN \u200b\u901a\u8fc7\u200b OVS \u200b\u6d41\u8868\u200b\u63d0\u4f9b\u200b\u4e86\u200b Service \u200b\u548c\u200b NetworkPolicy \u200b\u7684\u200b\u80fd\u529b\u200b\u3002
- Kube-OVN \u200b\u7684\u200b Underlay \u200b\u6a21\u5f0f\u200b\u76f8\u6bd4\u200b Macvlan \u200b\u989d\u5916\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u5730\u5740\u200b\u7ba1\u7406\u200b\uff0c\u200b\u56fa\u5b9a\u200b IP \u200b\u548c\u200b QoS \u200b\u7b49\u200b\u529f\u80fd\u200b\u3002
"},{"location":"start/underlay/#_2","title":"\u73af\u5883\u200b\u8981\u6c42","text":"\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0cOVS \u200b\u5c06\u4f1a\u200b\u6865\u63a5\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u5230\u200b OVS \u200b\u7f51\u6865\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u6570\u636e\u5305\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b\u8be5\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u5bf9\u5916\u200b\u53d1\u9001\u200b\uff0cL2/L3 \u200b\u5c42\u9762\u200b\u7684\u200b\u8f6c\u53d1\u200b\u80fd\u529b\u200b\u9700\u8981\u200b\u4f9d\u8d56\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u3002 \u200b\u9700\u8981\u200b\u9884\u5148\u200b\u5728\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u914d\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5173\u200b\u3001Vlan \u200b\u548c\u200b\u5b89\u5168\u7b56\u7565\u200b\u7b49\u200b\u914d\u7f6e\u200b\u3002
- \u200b\u5bf9\u4e8e\u200b OpenStack \u200b\u7684\u200b VM \u200b\u73af\u5883\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u5bf9\u5e94\u200b\u7f51\u7edc\u200b\u7aef\u53e3\u200b\u7684\u200b
PortSecurity \u200b\u5173\u95ed\u200b\u3002 - \u200b\u5bf9\u4e8e\u200b VMware \u200b\u7684\u200b vSwitch \u200b\u7f51\u7edc\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b
MAC Address Changes, Forged Transmits \u200b\u548c\u200b Promiscuous Mode Operation \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b allow\u3002 - \u200b\u5bf9\u4e8e\u200b Hyper-V \u200b\u865a\u62df\u5316\u200b\uff0c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u865a\u62df\u673a\u200b\u7f51\u5361\u200b\u9ad8\u7ea7\u200b\u529f\u80fd\u200b\u4e2d\u200b\u7684\u200b
MAC Address Spoofing\u3002 - \u200b\u516c\u6709\u200b\u4e91\u200b\uff0c\u200b\u4f8b\u5982\u200b AWS\u3001GCE\u3001\u200b\u963f\u91cc\u200b\u4e91\u200b\u7b49\u200b\u7531\u4e8e\u200b\u4e0d\u200b\u652f\u6301\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b Mac \u200b\u65e0\u6cd5\u200b\u652f\u6301\u200b Underlay \u200b\u6a21\u5f0f\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5728\u200b\u8fd9\u79cd\u200b\u573a\u666f\u200b\u4e0b\u200b\u5982\u679c\u200b\u60f3\u200b\u4f7f\u7528\u200b Underlay \u200b\u63a8\u8350\u200b\u4f7f\u7528\u200b\u5bf9\u5e94\u200b\u516c\u6709\u200b\u4e91\u200b\u5382\u5546\u200b\u63d0\u4f9b\u200b\u7684\u200b VPC-CNI\u3002
- \u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u4e0d\u80fd\u200b\u4e3a\u200b Linux Bridge\u3002
\u200b\u5bf9\u4e8e\u200b\u7ba1\u7406\u200b\u7f51\u200b\u548c\u200b\u5bb9\u5668\u200b\u7f51\u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b\u7f51\u5361\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u5c06\u200b\u7f51\u5361\u200b\u7684\u200b Mac \u200b\u5730\u5740\u200b\u3001IP \u200b\u5730\u5740\u200b\u3001\u200b\u8def\u7531\u200b\u4ee5\u53ca\u200b MTU \u200b\u5c06\u200b\u8f6c\u79fb\u200b\u6216\u200b\u590d\u5236\u200b\u81f3\u200b\u5bf9\u5e94\u200b\u7684\u200b OVS Bridge\uff0c \u200b\u4ee5\u200b\u652f\u6301\u200b\u5355\u200b\u7f51\u5361\u200b\u90e8\u7f72\u200b Underlay \u200b\u7f51\u7edc\u200b\u3002OVS Bridge \u200b\u540d\u79f0\u200b\u683c\u5f0f\u200b\u4e3a\u200b br-PROVIDER_NAME\uff0cPROVIDER_NAME \u200b\u4e3a\u200b Provider \u200b\u7f51\u7edc\u200b\u540d\u79f0\u200b\uff08\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b provider\uff09\u3002
"},{"location":"start/underlay/#_3","title":"\u90e8\u7f72\u200b\u65f6\u200b\u6307\u5b9a\u200b\u7f51\u7edc\u200b\u6a21\u5f0f","text":"\u200b\u8be5\u200b\u90e8\u7f72\u200b\u6a21\u5f0f\u200b\u5c06\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b Underlay \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u6240\u6709\u200b\u672a\u6307\u5b9a\u200b\u5b50\u7f51\u200b\u7684\u200b Pod \u200b\u5747\u4f1a\u200b\u9ed8\u8ba4\u200b\u8fd0\u884c\u200b\u5728\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e2d\u200b\u3002
"},{"location":"start/underlay/#_4","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c","text":"wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
"},{"location":"start/underlay/#_5","title":"\u4fee\u6539\u200b\u811a\u672c\u200b\u4e2d\u200b\u76f8\u5e94\u200b\u914d\u7f6e","text":"ENABLE_ARP_DETECT_IP_CONFLICT # \u200b\u5982\u200b\u6709\u200b\u9700\u8981\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u5173\u95ed\u200b vlan \u200b\u7f51\u7edc\u200b arp \u200b\u51b2\u7a81\u68c0\u6d4b\u200b\nNETWORK_TYPE # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b vlan\nVLAN_INTERFACE_NAME # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bbf\u4e3b\u673a\u200b\u4e0a\u200b\u627f\u62c5\u200b\u5bb9\u5668\u200b\u6d41\u91cf\u200b\u7684\u200b\u7f51\u5361\u200b\uff0c\u200b\u4f8b\u5982\u200b eth1\nVLAN_ID # \u200b\u4ea4\u6362\u673a\u200b\u6240\u200b\u63a5\u53d7\u200b\u7684\u200b VLAN Tag\uff0c\u200b\u82e5\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b 0 \u200b\u5219\u200b\u4e0d\u200b\u505a\u200b VLAN \u200b\u5c01\u88c5\u200b\nPOD_CIDR # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b CIDR\uff0c \u200b\u4f8b\u5982\u200b 192.168.1.0/24\nPOD_GATEWAY # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7f51\u5173\u200b\uff0c\u200b\u4f8b\u5982\u200b 192.168.1.1\nEXCLUDE_IPS # \u200b\u6392\u9664\u200b\u8303\u56f4\u200b\uff0c\u200b\u907f\u514d\u200b\u5bb9\u5668\u200b\u7f51\u6bb5\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u5df2\u200b\u7528\u200b IP \u200b\u51b2\u7a81\u200b\uff0c\u200b\u4f8b\u5982\u200b 192.168.1.1..192.168.1.100\nENABLE_LB # \u200b\u5982\u679c\u200b Underlay \u200b\u5b50\u7f51\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b Service \u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true \nEXCHANGE_LINK_NAME # \u200b\u662f\u5426\u200b\u4ea4\u6362\u200b\u9ed8\u8ba4\u200b provider-network \u200b\u4e0b\u200b OVS \u200b\u7f51\u6865\u200b\u548c\u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u7684\u200b\u540d\u5b57\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b false\nLS_DNAT_MOD_DL_DST # DNAT \u200b\u65f6\u200b\u662f\u5426\u200b\u5bf9\u200b MAC \u200b\u5730\u5740\u200b\u8fdb\u884c\u200b\u8f6c\u6362\u200b\uff0c\u200b\u53ef\u200b\u52a0\u901f\u200b Service \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b true\n
"},{"location":"start/underlay/#_6","title":"\u8fd0\u884c\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"bash install.sh\n
"},{"location":"start/underlay/#crd-underlay","title":"\u901a\u8fc7\u200b CRD \u200b\u52a8\u6001\u521b\u5efa\u200b Underlay \u200b\u7f51\u7edc","text":"\u200b\u8be5\u200b\u65b9\u5f0f\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u52a8\u6001\u200b\u7684\u200b\u521b\u5efa\u200b\u67d0\u4e2a\u200b Underlay \u200b\u5b50\u7f51\u200b\u4f9b\u200b Pod \u200b\u4f7f\u7528\u200b\u3002\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b ProviderNetwork\uff0cVlan \u200b\u548c\u200b Subnet \u200b\u4e09\u79cd\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u3002
"},{"location":"start/underlay/#providernetwork","title":"\u521b\u5efa\u200b ProviderNetwork","text":"ProviderNetwork \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b\u5230\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u6620\u5c04\u200b\u7684\u200b\u62bd\u8c61\u200b\uff0c\u200b\u5c06\u200b\u540c\u5c5e\u200b\u4e00\u4e2a\u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u5361\u200b\u8fdb\u884c\u200b\u7edf\u4e00\u200b\u7ba1\u7406\u200b\uff0c \u200b\u5e76\u200b\u89e3\u51b3\u200b\u5728\u200b\u590d\u6742\u200b\u73af\u5883\u200b\u4e0b\u540c\u200b\u673a\u5668\u200b\u591a\u200b\u7f51\u5361\u200b\u3001\u200b\u7f51\u5361\u200b\u540d\u200b\u4e0d\u200b\u4e00\u81f4\u200b\u3001\u200b\u5bf9\u5e94\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e0d\u200b\u4e00\u81f4\u200b\u7b49\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u7684\u200b\u914d\u7f6e\u200b\u95ee\u9898\u200b\u3002
\u200b\u521b\u5efa\u200b\u5982\u4e0b\u200b ProviderNetwork \u200b\u5e76\u200b\u5e94\u7528\u200b:
apiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: net1\nspec:\n defaultInterface: eth1\n customInterfaces:\n - interface: eth2\n nodes:\n - node1\n excludeNodes:\n - node2\n
\u200b\u6ce8\u610f\u200b\uff1aProviderNetwork \u200b\u8d44\u6e90\u200b\u540d\u79f0\u200b\u7684\u200b\u957f\u5ea6\u200b\u4e0d\u5f97\u200b\u8d85\u8fc7\u200b 12\u3002
defaultInterface: \u200b\u4e3a\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b\u7684\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u540d\u79f0\u200b\u3002 ProviderNetwork \u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\uff0c\u200b\u5404\u200b\u8282\u70b9\u200b\uff08\u200b\u9664\u200b excludeNodes \u200b\u5916\u200b\uff09\u200b\u4e2d\u200b\u4f1a\u200b\u521b\u5efa\u200b\u540d\u4e3a\u200b br-net1\uff08\u200b\u683c\u5f0f\u200b\u4e3a\u200b br-NAME\uff09\u200b\u7684\u200b OVS \u200b\u7f51\u6865\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u6307\u5b9a\u200b\u7684\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u6865\u63a5\u200b\u81f3\u6b64\u200b\u7f51\u6865\u200b\u3002customInterfaces: \u200b\u4e3a\u200b\u53ef\u9009\u9879\u200b\uff0c\u200b\u53ef\u200b\u9488\u5bf9\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u6307\u5b9a\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u3002excludeNodes: \u200b\u53ef\u9009\u9879\u200b\uff0c\u200b\u7528\u4e8e\u200b\u6307\u5b9a\u200b\u4e0d\u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u7684\u200b\u8282\u70b9\u200b\u3002\u200b\u8be5\u200b\u5217\u8868\u200b\u4e2d\u200b\u7684\u200b\u8282\u70b9\u200b\u4f1a\u200b\u88ab\u200b\u6dfb\u52a0\u200b net1.provider-network.ovn.kubernetes.io/exclude=true \u200b\u6807\u7b7e\u200b\u3002
\u200b\u5176\u5b83\u200b\u8282\u70b9\u200b\u4f1a\u200b\u88ab\u200b\u6dfb\u52a0\u200b\u5982\u4e0b\u200b\u6807\u7b7e\u200b\uff1a
Key Value \u200b\u63cf\u8ff0\u200b net1.provider-network.ovn.kubernetes.io/ready true \u200b\u8282\u70b9\u200b\u4e2d\u200b\u7684\u200b\u6865\u63a5\u200b\u5de5\u4f5c\u200b\u5df2\u200b\u5b8c\u6210\u200b\uff0cProviderNetwork \u200b\u5728\u200b\u8282\u70b9\u200b\u4e2d\u200b\u53ef\u7528\u200b net1.provider-network.ovn.kubernetes.io/interface eth1 \u200b\u8282\u70b9\u200b\u4e2d\u200b\u88ab\u200b\u6865\u63a5\u200b\u7684\u200b\u7f51\u5361\u200b\u7684\u200b\u540d\u79f0\u200b net1.provider-network.ovn.kubernetes.io/mtu 1500 \u200b\u8282\u70b9\u200b\u4e2d\u200b\u88ab\u200b\u6865\u63a5\u200b\u7684\u200b\u7f51\u5361\u200b\u7684\u200b MTU \u200b\u5982\u679c\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u4e0a\u200b\u5df2\u7ecf\u200b\u914d\u7f6e\u200b\u4e86\u200b IP\uff0c\u200b\u5219\u200b IP \u200b\u5730\u5740\u200b\u548c\u200b\u7f51\u5361\u200b\u4e0a\u200b\u7684\u200b\u8def\u7531\u200b\u4f1a\u200b\u88ab\u200b\u8f6c\u79fb\u200b\u81f3\u200b\u5bf9\u5e94\u200b\u7684\u200b OVS \u200b\u7f51\u6865\u200b\u3002
"},{"location":"start/underlay/#vlan","title":"\u521b\u5efa\u200b VLAN","text":"Vlan \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u5c06\u200b Vlan Tag \u200b\u548c\u200b ProviderNetwork \u200b\u8fdb\u884c\u200b\u7ed1\u5b9a\u200b\u7684\u200b\u80fd\u529b\u200b\u3002
\u200b\u521b\u5efa\u200b\u5982\u4e0b\u200b VLAN \u200b\u5e76\u200b\u5e94\u7528\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan1\nspec:\n id: 0\n provider: net1\n
id: \u200b\u4e3a\u200b VLAN ID/Tag\uff0cKube-OVN \u200b\u4f1a\u200b\u5bf9\u200b\u5bf9\u200b\u8be5\u200b Vlan \u200b\u4e0b\u200b\u7684\u200b\u6d41\u91cf\u200b\u589e\u52a0\u200b Vlan \u200b\u6807\u7b7e\u200b\uff0c\u200b\u4e3a\u200b 0 \u200b\u65f6\u200b\u4e0d\u200b\u589e\u52a0\u200b\u4efb\u4f55\u200b\u6807\u7b7e\u200b\u3002provider: \u200b\u4e3a\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u7684\u200b ProviderNetwork \u200b\u8d44\u6e90\u200b\u7684\u200b\u540d\u79f0\u200b\u3002\u200b\u591a\u4e2a\u200b VLAN \u200b\u53ef\u4ee5\u200b\u5f15\u7528\u200b\u540c\u4e00\u4e2a\u200b ProviderNetwork\u3002
"},{"location":"start/underlay/#subnet","title":"\u521b\u5efa\u200b Subnet","text":"\u200b\u5c06\u200b Vlan \u200b\u548c\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n vlan: vlan1\n
\u200b\u5c06\u200b vlan \u200b\u7684\u200b\u503c\u200b\u6307\u5b9a\u200b\u4e3a\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u7684\u200b VLAN \u200b\u540d\u79f0\u200b\u5373\u53ef\u200b\u3002\u200b\u591a\u4e2a\u200b Subnet \u200b\u53ef\u4ee5\u200b\u5f15\u7528\u200b\u540c\u4e00\u4e2a\u200b VLAN\u3002
"},{"location":"start/underlay/#_7","title":"\u5bb9\u5668\u200b\u521b\u5efa","text":"\u200b\u53ef\u200b\u6309\u200b\u6b63\u5e38\u200b\u5bb9\u5668\u200b\u521b\u5efa\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b\u521b\u5efa\u200b\uff0c\u200b\u67e5\u770b\u200b\u5bb9\u5668\u200b IP \u200b\u662f\u5426\u200b\u5728\u200b\u89c4\u5b9a\u200b\u8303\u56f4\u200b\u5185\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5bb9\u5668\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u3002
\u200b\u5982\u200b\u6709\u200b\u56fa\u5b9a\u200b IP \u200b\u9700\u6c42\u200b\uff0c\u200b\u53ef\u200b\u53c2\u8003\u200b Pod \u200b\u56fa\u5b9a\u200b IP \u200b\u548c\u200b Mac
"},{"location":"start/underlay/#_8","title":"\u4f7f\u7528\u200b\u903b\u8f91\u200b\u7f51\u5173","text":"\u200b\u5bf9\u4e8e\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e0d\u200b\u5b58\u5728\u200b\u7f51\u5173\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0cKube-OVN \u200b\u652f\u6301\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u914d\u7f6e\u200b\u4f7f\u7528\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u3002 \u200b\u82e5\u200b\u8981\u200b\u4f7f\u7528\u200b\u6b64\u200b\u529f\u80fd\u200b\uff0c\u200b\u8bbe\u7f6e\u200b\u5b50\u7f51\u200b\u7684\u200b spec.logicalGateway \u200b\u4e3a\u200b true \u200b\u5373\u53ef\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n vlan: vlan1\n logicalGateway: true\n
\u200b\u5f00\u542f\u200b\u6b64\u200b\u529f\u80fd\u200b\u540e\u200b\uff0cPod \u200b\u4e0d\u200b\u4f7f\u7528\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\uff0c\u200b\u800c\u662f\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u521b\u5efa\u200b\u7684\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff08Logical Router\uff09\u200b\u5bf9\u4e8e\u200b\u8de8\u200b\u7f51\u6bb5\u200b\u901a\u4fe1\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"start/underlay/#underlay-overlay","title":"Underlay \u200b\u548c\u200b Overlay \u200b\u7f51\u7edc\u200b\u4e92\u901a","text":"\u200b\u5982\u679c\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u540c\u65f6\u200b\u5b58\u5728\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u5b50\u7f51\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u7f51\u5173\u200b\u4ee5\u200b NAT \u200b\u7684\u200b\u65b9\u5f0f\u200b\u8bbf\u95ee\u200b Underlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod IP\u3002 \u200b\u5728\u200b Underlay \u200b\u5b50\u7f51\u200b\u7684\u200b Pod \u200b\u770b\u6765\u200b Overlay \u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u662f\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u8bbe\u5907\u200b\u53bb\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u4f46\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u8bbe\u5907\u200b\u5e76\u200b\u4e0d\u200b\u6e05\u695a\u200b Overlay \u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u65e0\u6cd5\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002 \u200b\u56e0\u6b64\u200b Underlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u65e0\u6cd5\u200b\u901a\u8fc7\u200b Pod IP \u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b Overlay \u200b\u5b50\u7f51\u200b\u7684\u200b Pod\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u4e92\u901a\u200b\u9700\u8981\u200b\u5c06\u200b\u5b50\u7f51\u200b\u7684\u200b u2oInterconnection \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true\uff0c\u200b\u5728\u200b\u8fd9\u4e2a\u200b\u60c5\u51b5\u200b\u4e0b\u200b Kube-OVN \u200b\u4f1a\u200b\u989d\u5916\u200b\u4f7f\u7528\u200b\u4e00\u4e2a\u200b Underlay IP \u200b\u5c06\u200b Underlay \u200b\u5b50\u7f51\u200b \u200b\u548c\u200b ovn-cluster \u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\u8fde\u63a5\u200b\uff0c\u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u5b9e\u73b0\u200b\u4e92\u901a\u200b\u3002 \u200b\u548c\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u4e0d\u540c\u200b\uff0c\u200b\u8be5\u200b\u65b9\u6848\u200b\u53ea\u4f1a\u200b\u8fde\u63a5\u200b Kube-OVN \u200b\u5185\u90e8\u200b\u7684\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u5b50\u7f51\u200b\uff0c\u200b\u5176\u4ed6\u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u7684\u200b\u6d41\u91cf\u200b\u8fd8\u662f\u200b\u4f1a\u200b\u901a\u8fc7\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"start/underlay/#ip","title":"\u6307\u5b9a\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b IP","text":"\u200b\u5f00\u542f\u200b\u4e92\u901a\u200b\u529f\u80fd\u200b\u540e\u200b\uff0c\u200b\u4f1a\u200b\u968f\u673a\u200b\u4ece\u200b subnet \u200b\u5185\u200b\u7684\u200b\u53d6\u200b\u4e00\u4e2a\u200b IP \u200b\u4f5c\u4e3a\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b Underlay Subnet \u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u53ef\u4ee5\u200b\u6307\u5b9a\u200b\u5b57\u200b\u6bb5\u200b u2oInterconnectionIP\u3002
"},{"location":"start/underlay/#underlay-subnet-vpc","title":"\u6307\u5b9a\u200b Underlay Subnet \u200b\u8fde\u63a5\u200b\u7684\u200b\u81ea\u5b9a\u4e49\u200b VPC","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Underlay Subnet \u200b\u4f1a\u200b\u548c\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0a\u200b\u7684\u200b Overlay Subnet \u200b\u4e92\u901a\u200b\uff0c\u200b\u5982\u679c\u200b\u8981\u200b\u6307\u5b9a\u200b\u548c\u200b\u67d0\u4e2a\u200b VPC \u200b\u4e92\u901a\u200b\uff0c\u200b\u5728\u200b u2oInterconnection \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true \u200b\u540e\u200b\uff0c\u200b\u6307\u5b9a\u200b subnet.spec.vpc \u200b\u5b57\u6bb5\u200b\u4e3a\u200b\u8be5\u200b VPC \u200b\u540d\u5b57\u200b\u5373\u53ef\u200b\u3002
"},{"location":"start/underlay/#_9","title":"\u6ce8\u610f\u4e8b\u9879","text":"\u200b\u5982\u679c\u200b\u60a8\u200b\u4f7f\u7528\u200b\u7684\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u4e0a\u200b\u914d\u7f6e\u200b\u6709\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4e14\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u901a\u8fc7\u200b Netplan \u200b\u914d\u7f6e\u200b\u7f51\u7edc\u200b\uff08\u200b\u5982\u200b Ubuntu\uff09\uff0c\u200b\u5efa\u8bae\u60a8\u200b\u5c06\u200b Netplan \u200b\u7684\u200b renderer \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b NetworkManager\uff0c\u200b\u5e76\u200b\u4e3a\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b\u9759\u6001\u200b IP \u200b\u5730\u5740\u200b\uff08\u200b\u5173\u95ed\u200b DHCP\uff09\uff1a
network:\n renderer: NetworkManager\n ethernets:\n eth0:\n dhcp4: no\n addresses:\n - 172.16.143.129/24\n version: 2\n
\u200b\u5982\u679c\u200b\u60a8\u200b\u8981\u200b\u4fee\u6539\u200b\u7f51\u5361\u200b\u7684\u200b IP \u200b\u6216\u200b\u8def\u7531\u200b\u914d\u7f6e\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u4fee\u6539\u200b netplan \u200b\u914d\u7f6e\u200b\u540e\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff1a
netplan generate\n\nnmcli connection reload netplan-eth0\nnmcli device set eth0 managed yes\n
\u200b\u6267\u884c\u200b\u4ee5\u4e0a\u200b\u547d\u4ee4\u200b\u540e\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u5c06\u200b\u7f51\u5361\u200b\u4e0a\u200b\u7684\u200b IP \u200b\u53ca\u200b\u8def\u7531\u200b\u91cd\u65b0\u200b\u8f6c\u79fb\u200b\u81f3\u200b OVS \u200b\u7f51\u6865\u200b\u3002
\u200b\u5982\u679c\u200b\u60a8\u200b\u4f7f\u7528\u200b\u7684\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u901a\u8fc7\u200b NetworkManager \u200b\u7ba1\u7406\u7f51\u7edc\u200b\uff08\u200b\u5982\u200b CentOS\uff09\uff0c\u200b\u5728\u200b\u4fee\u6539\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b\u540e\u200b\u9700\u8981\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff1a
nmcli connection reload eth0\nnmcli device set eth0 managed yes\nnmcli -t -f GENERAL.STATE device show eth0 | grep -qw unmanaged || nmcli device reapply eth0\n
\u200b\u6ce8\u610f\u200b\uff1a\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b\u7684\u200b\u52a8\u6001\u200b\u4fee\u6539\u200b\u4ec5\u200b\u652f\u6301\u200b IP \u200b\u548c\u200b\u8def\u7531\u200b\uff0c\u200b\u4e0d\u200b\u652f\u6301\u200b MAC \u200b\u5730\u5740\u200b\u7684\u200b\u4fee\u6539\u200b\u3002
"},{"location":"start/underlay/#_10","title":"\u5df2\u77e5\u200b\u95ee\u9898","text":""},{"location":"start/underlay/#hairpin-pod","title":"\u7269\u7406\u200b\u7f51\u7edc\u200b\u5f00\u542f\u200b hairpin \u200b\u65f6\u200b Pod \u200b\u7f51\u7edc\u200b\u5f02\u5e38","text":"\u200b\u5f53\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u5f00\u542f\u200b hairpin \u200b\u6216\u200b\u7c7b\u4f3c\u200b\u884c\u4e3a\u200b\u65f6\u200b\uff0c\u200b\u53ef\u80fd\u200b\u51fa\u73b0\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u7f51\u5173\u200b\u68c0\u67e5\u200b\u5931\u8d25\u200b\u3001Pod \u200b\u7f51\u7edc\u901a\u4fe1\u200b\u5f02\u5e38\u200b\u7b49\u200b\u95ee\u9898\u200b\u3002\u200b\u8fd9\u200b\u662f\u56e0\u4e3a\u200b OVS \u200b\u7f51\u6865\u200b\u9ed8\u8ba4\u200b\u7684\u200b MAC \u200b\u5b66\u4e60\u200b\u529f\u80fd\u200b\u4e0d\u200b\u652f\u6301\u200b\u8fd9\u79cd\u200b\u7f51\u7edc\u200b\u73af\u5883\u200b\u3002
\u200b\u8981\u200b\u89e3\u51b3\u200b\u6b64\u200b\u95ee\u9898\u200b\uff0c\u200b\u9700\u8981\u200b\u5173\u95ed\u200b hairpin\uff08\u200b\u6216\u200b\u4fee\u6539\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7684\u200b\u76f8\u5173\u200b\u914d\u7f6e\u200b\uff09\uff0c\u200b\u6216\u200b\u66f4\u65b0\u200b Kube-OVN \u200b\u7248\u672c\u200b\u3002
"},{"location":"start/underlay/#pod-pod","title":"Pod \u200b\u6570\u91cf\u200b\u8f83\u591a\u65f6\u200b\u65b0\u5efa\u200b Pod \u200b\u7f51\u5173\u200b\u68c0\u67e5\u200b\u5931\u8d25","text":"\u200b\u82e5\u200b\u540c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u8fd0\u884c\u200b\u7684\u200b Pod \u200b\u6570\u91cf\u200b\u8f83\u200b\u591a\u200b\uff08\u200b\u5927\u4e8e\u200b 300\uff09\uff0c\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u51fa\u73b0\u200b ARP \u200b\u5e7f\u64ad\u200b\u5305\u200b\u7684\u200b OVS \u200b\u6d41\u8868\u200b resubmit \u200b\u6b21\u6570\u200b\u8d85\u8fc7\u200b\u4e0a\u9650\u200b\u5bfc\u81f4\u200b\u4e22\u5305\u200b\u7684\u200b\u73b0\u8c61\u200b\uff1a
2022-11-13T08:43:46.782Z|00222|ofproto_dpif_upcall(handler5)|WARN|Flow: arp,in_port=331,vlan_tci=0x0000,dl_src=00:00:00:25:eb:39,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.213.131.240,arp_tpa=10.213.159.254,arp_op=1,arp_sha=00:00:00:25:eb:39,arp_tha=ff:ff:ff:ff:ff:ff\n\nbridge(\"br-int\")\n----------------\n 0. No match.\n >>>> received packet on unknown port 331 <<<<\n drop\n\nFinal flow: unchanged\nMegaflow: recirc_id=0,eth,arp,in_port=331,dl_src=00:00:00:25:eb:39\nDatapath actions: drop\n2022-11-13T08:44:34.077Z|00224|ofproto_dpif_xlate(handler5)|WARN|over 4096 resubmit actions on bridge br-int while processing arp,in_port=13483,vlan_tci=0x0000,dl_src=00:00:00:59:ef:13,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.213.152.3,arp_tpa=10.213.159.254,arp_op=1,arp_sha=00:00:00:59:ef:13,arp_tha=ff:ff:ff:ff:ff:ff\n
\u200b\u8981\u200b\u89e3\u51b3\u200b\u6b64\u200b\u95ee\u9898\u200b\uff0c\u200b\u53ef\u200b\u4fee\u6539\u200b OVN NB \u200b\u9009\u9879\u200b bcast_arp_req_flood \u200b\u4e3a\u200b false\uff1a
kubectl ko nbctl set NB_Global . options:bcast_arp_req_flood=false\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/uninstall/","title":"\u5378\u8f7d","text":"\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5220\u9664\u200b Kube-OVN \u200b\u5e76\u200b\u66f4\u6362\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u8bf7\u200b\u6309\u7167\u200b\u4e0b\u5217\u200b\u7684\u200b\u6b65\u9aa4\u200b\u5220\u9664\u200b\u5bf9\u5e94\u200b\u7684\u200b Kube-OVN \u200b\u7ec4\u4ef6\u200b\u4ee5\u53ca\u200b OVS \u200b\u914d\u7f6e\u200b\uff0c\u200b\u4ee5\u200b\u907f\u514d\u200b\u5bf9\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u4ea7\u751f\u200b\u5e72\u6270\u200b\u3002 \u200b\u4e5f\u200b\u6b22\u8fce\u200b\u63d0\u200b issue \u200b\u8054\u7cfb\u200b\u6211\u4eec\u200b\u53cd\u9988\u200b\u4e0d\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u7684\u200b\u539f\u56e0\u200b\u5e2e\u52a9\u200b\u6211\u4eec\u200b\u6539\u8fdb\u200b\u3002
"},{"location":"start/uninstall/#kubernetes","title":"\u5220\u9664\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u521b\u5efa\u200b\u7684\u200b\u8d44\u6e90","text":"\u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u6267\u884c\u200b\u811a\u672c\u200b\u5220\u9664\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u521b\u5efa\u200b\u7684\u200b\u8d44\u6e90\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/cleanup.sh\nbash cleanup.sh\n
"},{"location":"start/uninstall/#_2","title":"\u6e05\u7406\u200b\u4e3b\u673a\u200b\u4e0a\u200b\u7684\u200b\u65e5\u5fd7\u200b\u548c\u200b\u914d\u7f6e\u6587\u4ef6","text":"\u200b\u5728\u200b\u6bcf\u53f0\u200b\u673a\u5668\u200b\u4e0a\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u6e05\u7406\u200b ovsdb \u200b\u4ee5\u53ca\u200b openvswitch \u200b\u4fdd\u5b58\u200b\u7684\u200b\u914d\u7f6e\u200b\uff1a
rm -rf /var/run/openvswitch\nrm -rf /var/run/ovn\nrm -rf /etc/origin/openvswitch/\nrm -rf /etc/origin/ovn/\nrm -rf /etc/cni/net.d/00-kube-ovn.conflist\nrm -rf /etc/cni/net.d/01-kube-ovn.conflist\nrm -rf /var/log/openvswitch\nrm -rf /var/log/ovn\nrm -fr /var/log/kube-ovn\n
"},{"location":"start/uninstall/#_3","title":"\u91cd\u542f\u200b\u8282\u70b9","text":"\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u786e\u4fdd\u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5361\u200b\u4fe1\u606f\u200b\uff0ciptable/ipset \u200b\u89c4\u5219\u200b\u5f97\u4ee5\u200b\u6e05\u9664\u200b\uff0c\u200b\u907f\u514d\u200b\u5bf9\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u7684\u200b\u5f71\u54cd\u200b\uff1a
reboot\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/","title":"Kube-OVN","text":"Kube-OVN, a CNCF Sandbox Project, bridges the SDN into Cloud Native. It offers an advanced Container Network Fabric for Enterprises with the most functions, extreme performance and the easiest operation.
Most Functions:
If you miss the rich networking capabilities of the SDN age but are struggling to find them in the cloud-native age, Kube-OVN should be your best choice.
Leveraging the proven capabilities of OVS/OVN in the SDN, Kube-OVN brings the rich capabilities of network virtualization to the cloud-native space. It currently supports Subnet Management, Static IP Allocation, Distributed/Centralized Gateways, Underlay/Overlay Hybrid Networks, VPC Multi-Tenant Networks, Cross-Cluster Interconnect, QoS Management, Multi-NIC Management, ACL, Traffic Mirroring, ARM Support, Windows Support, and many more.
Extreme Performance:
If you're concerned about the additional performance loss associated with container networks, then take a look at How Kube-OVN is doing everything it can to optimize performance.
In the data plane, through a series of carefully optimized flow and kernel optimizations, and with emerging technologies such as eBPF, DPDK and SmartNIC Offload, Kube-OVN can approximate or exceed host network performance in terms of latency and throughput.
In the control plane, Kube-OVN can support large-scale clusters of thousands of nodes and tens of thousands of Pods through the tailoring of OVN upstream flow tables and the use and tuning of various caching techniques.
In addition, Kube-OVN is continuously optimizing the usage of resources such as CPU and memory to accommodate resource-limited scenarios such as the edge.
Easiest Operation:
If you're worried about container network operations, Kube-OVN has a number of built-in tools to help you simplify your operations.
Kube-OVN provides one-click installation scripts to help users quickly build production-ready container networks. Also built-in rich monitoring metrics and Grafana dashboard help users to quickly set up monitoring system.
Powerful command line tools simplify daily operations and maintenance for users. By combining with Cilium, users can enhance the observability of their networks with eBPF capabilities. In addition, the ability to mirror traffic makes it easy to customize traffic monitoring and interface with traditional NPM systems.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/contact/","title":"Contact US","text":" \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/accelerate-intra-node-tcp-with-ebpf/","title":"Accelerate TCP Communication in Node with eBPF","text":"At some edge and 5G scenarios, there will be a lot of TCP communication between Pods on the same node. By using the open source istio-tcpip-bypass project from Intel, Pods can use the ability of eBPF to bypass the host's TCP/IP protocol stack and communicate directly through sockets, thereby greatly reducing latency and improving throughput.
"},{"location":"en/advance/accelerate-intra-node-tcp-with-ebpf/#basic-principle","title":"Basic Principle","text":"At present, two Pods on the same host need to go through a lot of network stacks, including TCP/IP, netfilter, OVS, etc., as shown in the following figure:
istio-tcpip-bypass plugin can automatically analyze and identify TCP communication within the same host, and bypass the complex kernel stack so that socket data transmission can be performed directly to reduce network stack processing overhead, as shown in the following figure:
Due to the fact that this component can automatically identify TCP communication within the same host and optimize it. In the Service Mesh environment based on the proxy mode, this component can also enhance the performance of Service Mesh.
For more technical implementation details, please refer to Tanzu Service Mesh Acceleration using eBPF.
"},{"location":"en/advance/accelerate-intra-node-tcp-with-ebpf/#prerequisites","title":"Prerequisites","text":"eBPF requires a kernel version of at least 5.4.0-74-generic. It is recommended to use Ubuntu 20.04 and Linux 5.4.0-74-generic kernel version for testing.
"},{"location":"en/advance/accelerate-intra-node-tcp-with-ebpf/#experimental-steps","title":"Experimental Steps","text":"Deploy two performance test Pods on the same node. If there are multiple machines in the cluster, you need to specify nodeSelector:
# kubectl create deployment perf --image=kubeovn/perf:dev --replicas=2\ndeployment.apps/perf created\n# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nperf-7697bc6ddf-b2cpv 1/1 Running 0 28s 100.64.0.3 sealos <none> <none>\nperf-7697bc6ddf-p2xpt 1/1 Running 0 28s 100.64.0.2 sealos <none> <none>\n
Enter one of the Pods to start the qperf server, and start the qperf client in another Pod for performance testing:
# kubectl exec -it perf-7697bc6ddf-b2cpv sh\n/ # qperf\n\n# kubectl exec -it perf-7697bc6ddf-p2xpt sh\n/ # qperf -t 60 100.64.0.3 -ub -oo msg_size:1:16K:*4 -vu tcp_lat tcp_bw\n
Deploy the istio-tcpip-bypass plugin:
kubectl apply -f https://raw.githubusercontent.com/intel/istio-tcpip-bypass/main/bypass-tcpip-daemonset.yaml\n
Enter the perf client container again for performance testing:
# kubectl exec -it perf-7697bc6ddf-p2xpt sh\n/ # qperf -t 60 100.64.0.3 -ub -oo msg_size:1:16K:*4 -vu tcp_lat tcp_bw\n
"},{"location":"en/advance/accelerate-intra-node-tcp-with-ebpf/#test-results","title":"Test Results","text":"According to the test results, the TCP latency will decrease by 40% ~ 60% under different packet sizes, and the throughput will increase by 40% ~ 80% when the packet size is greater than 1024 bytes.
Packet Size (byte) eBPF tcp_lat (us) Default tcp_lat (us) eBPF tcp_bw (Mb/s) Default tcp_bw(Mb/s) 1 20.2 44.5 1.36 4.27 4 20.2 48.7 5.48 16.7 16 19.6 41.6 21.7 63.5 64 18.8 41.3 96.8 201 256 19.2 36 395 539 1024 18.3 42.4 1360 846 4096 16.5 62.6 4460 2430 16384 20.2 58.8 9600 6900 In the hardware environment under test, when the packet size is less than 512 bytes, the throughput indicator optimized by eBPF is lower than the throughput under the default configuration. This situation may be related to the TCP aggregation optimization of the network card under the default configuration. If the application scenario is sensitive to small packet throughput, you need to test in the corresponding environment Determine whether to enable eBPF optimization. We will also optimize the throughput of eBPF TCP small packet scenarios in the future.
"},{"location":"en/advance/accelerate-intra-node-tcp-with-ebpf/#references","title":"References","text":" - istio-tcpip-bypass
- Deep Dive TCP/IP Bypass with eBPF in Service Mesh
- Tanzu Service Mesh Acceleration using eBPF
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/cilium-hubble-observe/","title":"Cilium Network Traffic Observation","text":"Kube-OVN supports Cilium integration, please refer to Cilium integration for details.
Cilium provides rich network traffic observation capabilities, and the flow observability is provided by Hubble. Hubble can observe the traffic across nodes, clusters, and even multi-cluster scenarios.
"},{"location":"en/advance/cilium-hubble-observe/#install-hubble","title":"Install Hubble","text":"In the default Cilium integration installation, the Hubble related components are not installed, so to support traffic observation, you need to supplement the installation of Hubble on the environment.
Execute the following command to install Hubble using helm:
helm upgrade cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --reuse-values \\\n --set hubble.relay.enabled=true \\\n --set hubble.ui.enabled=true\n
After installing Hubble, execute cilium status to check the status of the component and confirm that the installation is successful.
# cilium status\n /\u00af\u00af\\\n /\u00af\u00af\\__/\u00af\u00af\\ Cilium: OK\n \\__/\u00af\u00af\\__/ Operator: OK\n /\u00af\u00af\\__/\u00af\u00af\\ Hubble: OK\n \\__/\u00af\u00af\\__/ ClusterMesh: disabled\n \\__/\n\nDeployment hubble-relay Desired: 1, Ready: 1/1, Available: 1/1\nDeployment cilium-operator Desired: 2, Ready: 2/2, Available: 2/2\nDaemonSet cilium Desired: 2, Ready: 2/2, Available: 2/2\nDeployment hubble-ui Desired: 1, Ready: 1/1, Available: 1/1\nContainers: cilium Running: 2\n hubble-ui Running: 1\n hubble-relay Running: 1\n cilium-operator Running: 2\nCluster Pods: 16/17 managed by Cilium\nImage versions hubble-relay quay.io/cilium/hubble-relay:v1.11.6@sha256:fd9034a2d04d5b973f1e8ed44f230ea195b89c37955ff32e34e5aa68f3ed675a: 1\n cilium-operator quay.io/cilium/operator-generic:v1.11.6@sha256:9f6063c7bcaede801a39315ec7c166309f6a6783e98665f6693939cf1701bc17: 2\n cilium quay.io/cilium/cilium:v1.11.6@sha256:f7f93c26739b6641a3fa3d76b1e1605b15989f25d06625260099e01c8243f54c: 2\n hubble-ui quay.io/cilium/hubble-ui:v0.9.0@sha256:0ef04e9a29212925da6bdfd0ba5b581765e41a01f1cc30563cef9b30b457fea0: 1\n hubble-ui quay.io/cilium/hubble-ui-backend:v0.9.0@sha256:000df6b76719f607a9edefb9af94dfd1811a6f1b6a8a9c537cba90bf12df474b: 1\napple@bogon cilium %\n
After installing the Hubble component, you need to install the command line to view the traffic information in the environment. Execute the following command to install Hubble CLI:
curl -L --fail --remote-name-all https://github.com/cilium/hubble/releases/download/v0.10.0/hubble-linux-amd64.tar.gz\nsudo tar xzvfC hubble-linux-amd64.tar.gz /usr/local/bin\n
"},{"location":"en/advance/cilium-hubble-observe/#deploy-and-test","title":"Deploy and test","text":"Cilium offers a traffic test deployment solution, you can directly use the official deployment solution to deploy the test.
Execute the command cilium connectivity test, Cilium will automatically create the cilium-test namespace, and deploy the test under cilium-test.
After the normal deployment, you can view the resource information under the cilium-test namespace, as follows:
# kubectl get all -n cilium-test\nNAME READY STATUS RESTARTS AGE\npod/client-7df6cfbf7b-z5t2j 1/1 Running 0 21s\npod/client2-547996d7d8-nvgxg 1/1 Running 0 21s\npod/echo-other-node-d79544ccf-hl4gg 2/2 Running 0 21s\npod/echo-same-node-5d466d5444-ml7tc 2/2 Running 0 21s\n\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nservice/echo-other-node NodePort 10.109.58.126 <none> 8080:32269/TCP 21s\nservice/echo-same-node NodePort 10.108.70.32 <none> 8080:32490/TCP 21s\n\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps/client 1/1 1 1 21s\ndeployment.apps/client2 1/1 1 1 21s\ndeployment.apps/echo-other-node 1/1 1 1 21s\ndeployment.apps/echo-same-node 1/1 1 1 21s\n\nNAME DESIRED CURRENT READY AGE\nreplicaset.apps/client-7df6cfbf7b 1 1 1 21s\nreplicaset.apps/client2-547996d7d8 1 1 1 21s\nreplicaset.apps/echo-other-node-d79544ccf 1 1 1 21s\nreplicaset.apps/echo-same-node-5d466d5444 1 1 1 21s\n
"},{"location":"en/advance/cilium-hubble-observe/#use-the-command-line-to-observe-traffic","title":"Use the command line to observe traffic","text":"By default, the network traffic observation only provides the traffic observed by the Cilium agent on each node.
Execute the hubble observe command in the Cilium agent pod under the kube-system namespace to view the traffic information on the node.
# kubectl get pod -n kube-system -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\ncilium-d6h56 1/1 Running 0 2d20h 172.18.0.2 kube-ovn-worker <none> <none>\ncilium-operator-5887f78bbb-c7sb2 1/1 Running 0 2d20h 172.18.0.2 kube-ovn-worker <none> <none>\ncilium-operator-5887f78bbb-wj8gt 1/1 Running 0 2d20h 172.18.0.3 kube-ovn-control-plane <none> <none>\ncilium-tq5xb 1/1 Running 0 2d20h 172.18.0.3 kube-ovn-control-plane <none> <none>\nkube-ovn-pinger-7lgk8 1/1 Running 0 21h 10.16.0.19 kube-ovn-control-plane <none> <none>\nkube-ovn-pinger-msvcn 1/1 Running 0 21h 10.16.0.18 kube-ovn-worker <none> <none>\n\n# kubectl exec -it -n kube-system cilium-d6h56 -- bash\nroot@kube-ovn-worker:/home/cilium# hubble observe --from-namespace kube-system\nJul 29 03:24:25.551: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.561: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: RST)\nJul 29 03:24:25.561: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, RST)\nJul 29 03:24:25.572: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: SYN)\nJul 29 03:24:25.572: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.651: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.661: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: RST)\nJul 29 03:24:25.661: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, RST)\nJul 29 03:24:25.761: kube-system/kube-ovn-pinger-msvcn:52004 -> 172.18.0.3:6443 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.779: kube-system/kube-ovn-pinger-msvcn -> kube-system/kube-ovn-pinger-7lgk8 to-stack FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:25.779: kube-system/kube-ovn-pinger-msvcn <- kube-system/kube-ovn-pinger-7lgk8 to-endpoint FORWARDED (ICMPv4 EchoReply)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 <- kube-system/hubble-relay-959988db5-zc5vv:4245 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 <- kube-system/hubble-relay-959988db5-zc5vv:80 to-endpoint FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 -> kube-system/hubble-relay-959988db5-zc5vv:4245 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 -> kube-system/hubble-relay-959988db5-zc5vv:4245 to-endpoint FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.975: kube-system/kube-ovn-pinger-7lgk8 -> kube-system/kube-ovn-pinger-msvcn to-endpoint FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:25.975: kube-system/kube-ovn-pinger-7lgk8 <- kube-system/kube-ovn-pinger-msvcn to-stack FORWARDED (ICMPv4 EchoReply)\nJul 29 03:24:25.979: kube-system/kube-ovn-pinger-msvcn -> 172.18.0.3 to-stack FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:26.037: kube-system/coredns-6d4b75cb6d-lbgjg:36430 -> 172.18.0.3:6443 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:26.282: kube-system/kube-ovn-pinger-msvcn -> 172.18.0.2 to-stack FORWARDED (ICMPv4 EchoRequest)\n
After deploying Hubble Relay, Hubble can provide complete cluster-wide network traffic observation.
"},{"location":"en/advance/cilium-hubble-observe/#configure-port-forwarding","title":"Configure port forwarding","text":"In order to access the Hubble API normally, you need to create a port forwarding to forward the local request to the Hubble Service. You can execute the kubectl port-forward deployment/hubble-relay -n kube-system 4245:4245 command to open the port forwarding in the current terminal.
The port forwarding configuration can refer to Port Forwarding.
kubectl port-forward is a blocking command, you can open a new terminal to execute the following command to observe the traffic information.
After configuring the port forwarding, execute the hubble status command in the terminal. If there is an output similar to the following, the port forwarding configuration is correct, and you can use the command line to observe the traffic.
# hubble status\nHealthcheck (via localhost:4245): Ok\nCurrent/Max Flows: 8,190/8,190 (100.00%)\nFlows/s: 22.86\nConnected Nodes: 2/2\n
"},{"location":"en/advance/cilium-hubble-observe/#use-the-command-line-to-observe-traffic_1","title":"Use the command line to observe traffic","text":"Execute the hubble observe command in the terminal to view the traffic information of the cluster.
The traffic observed by the cilium-test namespace is as follows:
Pay attention to the hubble observe command display result, which is the traffic information queried when the current command line is executed. Executing the command line multiple times can view different traffic information. For more detailed observation information, you can execute the hubble help observe command to view the detailed usage of Hubble CLI.
"},{"location":"en/advance/cilium-hubble-observe/#use-ui-to-observe-traffic","title":"Use UI to observe traffic","text":"Execute the cilium status command to confirm that the Hubble UI has been successfully installed. In the second step of the Hubble installation, the installation of the UI has been supplemented.
Execute the command cilium hubble ui to automatically create port forwarding and map the hubble-ui service to the local port.
When the command is executed normally, the local browser will be automatically opened and jump to the Hubble UI interface. If it does not jump automatically, enter http://localhost:12000 in the browser to open the UI observation interface.
On the top left of the UI, select the cilium-test namespace to view the test traffic information provided by Cilium.
"},{"location":"en/advance/cilium-hubble-observe/#hubble-traffic-monitoring","title":"Hubble Traffic Monitoring","text":"Hubble component provides monitoring of Pod network behavior in the cluster. In order to support viewing the monitoring data provided by Hubble, you need to enable monitoring statistics.
Refer to the following command to supplement the hubble.metrics.enabled configuration item:
helm upgrade cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --reuse-values \\\n --set hubble.relay.enabled=true \\\n --set hubble.ui.enabled=true \\\n --set hubble.metrics.enabled=\"{dns,drop,tcp,flow,icmp,http}\"\n
After the deployment is completed, you can view the monitoring data provided by Hubble through the hubble-metrics service. Execute the following command to view the monitoring data:
# curl 172.18.0.2:9091/metrics\n# HELP hubble_drop_total Number of drops\n# TYPE hubble_drop_total counter\nhubble_drop_total{protocol=\"ICMPv6\",reason=\"Unsupported L3 protocol\"} 2\n# HELP hubble_flows_processed_total Total number of flows processed\n# TYPE hubble_flows_processed_total counter\nhubble_flows_processed_total{protocol=\"ICMPv4\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 335\nhubble_flows_processed_total{protocol=\"ICMPv4\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 335\nhubble_flows_processed_total{protocol=\"ICMPv6\",subtype=\"\",type=\"Drop\",verdict=\"DROPPED\"} 2\nhubble_flows_processed_total{protocol=\"TCP\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 8282\nhubble_flows_processed_total{protocol=\"TCP\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 6767\nhubble_flows_processed_total{protocol=\"UDP\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 1642\nhubble_flows_processed_total{protocol=\"UDP\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 1642\n# HELP hubble_icmp_total Number of ICMP messages\n# TYPE hubble_icmp_total counter\nhubble_icmp_total{family=\"IPv4\",type=\"EchoReply\"} 335\nhubble_icmp_total{family=\"IPv4\",type=\"EchoRequest\"} 335\nhubble_icmp_total{family=\"IPv4\",type=\"RouterSolicitation\"} 2\n# HELP hubble_tcp_flags_total TCP flag occurrences\n# TYPE hubble_tcp_flags_total counter\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"FIN\"} 2043\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"RST\"} 301\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"SYN\"} 1169\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"SYN-ACK\"} 1169\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/cilium-networkpolicy/","title":"Cilium NetworkPolicy Support","text":"Kube-OVN currently supports integration with Cilium, and the specific operation can refer to Cilium integration.
After integrating Cilium, you can use Cilium's excellent network policy capabilities to control the access of Pods in the cluster.The following documents provide integration verification of Cilium L3 and L4 network policy capabilities.
"},{"location":"en/advance/cilium-networkpolicy/#verification-steps","title":"Verification Steps","text":""},{"location":"en/advance/cilium-networkpolicy/#create-test-pod","title":"Create test Pod","text":"Create namespace test. Refer to the following yaml, create Pod with label app=test in namespace test as the destination Pod for testing access.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: test\n name: test\n namespace: test\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: test\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n labels:\n app: test\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n
Similarly, refer to the following yaml, create Pod with label app=dynamic in namespace default as the Pod for testing access.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: dynamic\n name: dynamic\n namespace: default\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: dynamic\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: dynamic\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n
View the test Pod and Label information:
# kubectl get pod -o wide --show-labels\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS\ndynamic-7d8d7874f5-9v5c4 1/1 Running 0 28h 10.16.0.35 kube-ovn-worker <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\ndynamic-7d8d7874f5-s8z2n 1/1 Running 0 28h 10.16.0.36 kube-ovn-control-plane <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\n# kubectl get pod -o wide -n test --show-labels\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS\ndynamic-7d8d7874f5-6dsg6 1/1 Running 0 7h20m 10.16.0.2 kube-ovn-control-plane <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\ndynamic-7d8d7874f5-tjgtp 1/1 Running 0 7h46m 10.16.0.42 kube-ovn-worker <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\nlabel-test1-77b6764857-swq4k 1/1 Running 0 3h43m 10.16.0.12 kube-ovn-worker <none> <none> app=test1,pod-template-hash=77b6764857\n\n// As the destination Pod for testing access.\ntest-54c98bc466-mft5s 1/1 Running 0 8h 10.16.0.41 kube-ovn-worker <none> <none> app=test,pod-template-hash=54c98bc466\n
"},{"location":"en/advance/cilium-networkpolicy/#l3-network-policy-test","title":"L3 Network Policy Test","text":"Refer to the following yaml, create CiliumNetworkPolicy resource:
apiVersion: \"cilium.io/v2\"\nkind: CiliumNetworkPolicy\nmetadata:\n name: \"l3-rule\"\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n
At this point, the test Pod in the default namespace cannot access the destination Pod, but the test Pod to the destination Pod in the test namespace is accessible.
Test results in the default namespace:
# kubectl exec -it dynamic-7d8d7874f5-9v5c4 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\n
Test results in the test namespace:
# kubectl exec -it -n test dynamic-7d8d7874f5-6dsg6 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n64 bytes from 10.16.0.41: seq=0 ttl=64 time=2.558 ms\n64 bytes from 10.16.0.41: seq=1 ttl=64 time=0.223 ms\n64 bytes from 10.16.0.41: seq=2 ttl=64 time=0.304 ms\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.223/1.028/2.558 ms\n
Look at the Cilium official document explanation, the CiliumNetworkPolicy resource limits the control at the namespace level. For more information, please refer to Cilium Limitations.
If there is a network policy rule match, only the Pod in the same namespace can access according to the rule, and the Pod in the other namespace is denied access by default.
If you want to implement cross-namespace access, you need to specify the namespace information in the rule.
Refer to the document, modify the CiliumNetworkPolicy resource, and add namespace information:
ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n k8s:io.kubernetes.pod.namespace: default // control the Pod access in other namespace\n
Look at the modified CiliumNetworkPolicy resource information:
# kubectl get cnp -n test -o yaml l3-rule\napiVersion: cilium.io/v2\nkind: CiliumNetworkPolicy\nmetadata:\n name: l3-rule\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n - matchLabels:\n app: dynamic\n k8s:io.kubernetes.pod.namespace: default\n
Test the Pod access in the default namespace again, and the destination Pod access is normal:
# kubectl exec -it dynamic-7d8d7874f5-9v5c4 -n test -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n64 bytes from 10.16.0.41: seq=0 ttl=64 time=2.383 ms\n64 bytes from 10.16.0.41: seq=1 ttl=64 time=0.115 ms\n64 bytes from 10.16.0.41: seq=2 ttl=64 time=0.142 ms\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.115/0.880/2.383 ms\n
Using the standard Kubernetes network policy networkpolicy, the test results show that Cilium also restricts access within the same namespace, and cross-namespace access is prohibited.
It is different from Kube-OVN implementation. Kube-OVN supports standard k8s network policy, which restricts the destination Pod in a specific namespace, but there is no namespace restriction on the source Pod. Any Pod that meets the restriction rules in any namespace can access the destination Pod.
"},{"location":"en/advance/cilium-networkpolicy/#l4-network-policy-test","title":"L4 Network Policy Test","text":"Refer to the following yaml, create CiliumNetworkPolicy resource:
apiVersion: \"cilium.io/v2\"\nkind: CiliumNetworkPolicy\nmetadata:\n name: \"l4-rule\"\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n toPorts:\n - ports:\n - port: \"80\"\n protocol: TCP\n
Test the access of the Pod that meets the network policy rules in the same namespace
# kubectl exec -it -n test dynamic-7d8d7874f5-6dsg6 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\nbash-5.0#\nbash-5.0# curl 10.16.0.41:80\n<html>\n<head>\n <title>Hello World!</title>\n <link href='//fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>\n <style>\n body {\n background-color: white;\n text-align: center;\n padding: 50px;\n font-family: \"Open Sans\",\"Helvetica Neue\",Helvetica,Arial,sans-serif;\n }\n #logo {\n margin-bottom: 40px;\n }\n </style>\n</head>\n<body>\n <h1>Hello World!</h1>\n <h3>Links found</h3>\n <h3>I am on test-54c98bc466-mft5s</h3>\n <h3>Cookie =</h3>\n <b>KUBERNETES</b> listening in 443 available at tcp://10.96.0.1:443<br />\n <h3>my name is hanhouchao!</h3>\n <h3> RequestURI='/'</h3>\n</body>\n</html>\n
The Pod that does not meet the network policy rules in the same namespace cannot access
# kubectl exec -it -n test label-test1-77b6764857-swq4k -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\nbash-5.0#\nbash-5.0# curl -v 10.16.0.41:80 --connect-timeout 10\n* Trying 10.16.0.41:80...\n* After 10000ms connect time, move on!\n* connect to 10.16.0.41 port 80 failed: Operation timed out\n* Connection timeout after 10001 ms\n* Closing connection 0\ncurl: (28) Connection timeout after 10001 ms\n
After the network policy takes effect, cross-namespace access is still prohibited, which is consistent with the L3 network policy test results.
After the L4 network policy takes effect, ping cannot be used, but TCP access that meets the policy rules can be executed normally.
About the restriction of ICMP, please refer to the official description L4 Limitation Description.
"},{"location":"en/advance/cilium-networkpolicy/#l7-network-policy-test","title":"L7 Network Policy Test","text":"chaining mode, L7 network policy currently has problems. In the Cilium official document, there is an explanation for this situation, please refer to Generic Veth Chaining.
This problem is tracked using issue 12454, and it has not been resolved yet.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/dhcp/","title":"DHCP","text":"When using SR-IOV or DPDK type networks, KubeVirt's built-in DHCP does not work in this network mode. Kube-OVN can use the DHCP capabilities of OVN to set DHCP options at the subnet level to help KubeVirt VMs of these network types to properly use DHCP to obtain assigned IP addresses. Kube-OVN supports both DHCPv4 and DHCPv6.
The subnet DHCP is configured as follows:
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sn-dual\nspec:\n cidrBlock: \"10.0.0.0/24,240e::a00/120\"\n default: false\n disableGatewayCheck: true\n disableInterConnection: false\n excludeIps:\n - 10.0.0.1\n - 240e::a01\n gateway: 10.0.0.1,240e::a01\n gatewayNode: ''\n gatewayType: distributed\n natOutgoing: false\n private: false\n protocol: Dual\n provider: ovn\n vpc: vpc-test\n enableDHCP: true\n dhcpV4Options: \"lease_time=3600,router=10.0.0.1,server_id=169.254.0.254,server_mac=00:00:00:2E:2F:B8\"\n dhcpV6Options: \"server_id=00:00:00:2E:2F:C5\"\n enableIPv6RA: true\n ipv6RAConfigs: \"address_mode=dhcpv6_stateful,max_interval=30,min_interval=5,send_periodic=true\"\n
enableDHCP: Whether to enable the DHCP function for the subnet.dhcpV4Options,dhcpV6Options: This field directly exposes DHCP-related options within ovn-nb, please reade DHCP Options for more detail. The default value is \"lease_time=3600, router=$ipv4_gateway, server_id=169.254.0.254, server_mac=$random_mac\" and server_id=$random_mac\u3002enableIPv6RA: Whether to enable the route broadcast function of DHCPv6.ipv6RAConfigs\uff1aThis field directly exposes DHCP-related options within ovn-nb Logical_Router_Port, please read Logical Router Port for more detail. The default value is address_mode=dhcpv6_stateful, max_interval=30, min_interval=5, send_periodic=true\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/dpdk/","title":"DPDK Support","text":"This document describes how Kube-OVN combines with OVS-DPDK to provide a DPDK-type network interface to KubeVirt's virtual machines.
Upstream KubeVirt does not currently support OVS-DPDK, users need to use the downstream patch Vhostuser implementation to build KubeVirt by themselves or KVM Device Plugin to use OVS-DPDK.
"},{"location":"en/advance/dpdk/#prerequisites","title":"Prerequisites","text":" - The node needs to provide a dedicated NIC for the DPDK driver to run.
- The node needs to have Hugepages enabled.
"},{"location":"en/advance/dpdk/#set-dpdk-driver","title":"Set DPDK driver","text":"Here we use driverctl for example, please refer to the DPDK documentation for specific parameters and other driver usage:
driverctl set-override 0000:00:0b.0 uio_pci_generic\n
"},{"location":"en/advance/dpdk/#configure-nodes","title":"Configure Nodes","text":"Labeling OVS-DPDK-enabled nodes for Kube-OVN to recognize:
kubectl label nodes <node> ovn.kubernetes.io/ovs_dp_type=\"userspace\"\n
Create the configuration file ovs-dpdk-config in the /opt/ovs-config directory on nodes that support DPDK.
ENCAP_IP=192.168.122.193/24\nDPDK_DEV=0000:00:0b.0\n
ENCAP_IP: The tunnel endpoint address.DPDK_DEV: The PCI ID of the device.
"},{"location":"en/advance/dpdk/#install-kube-ovn","title":"Install Kube-OVN","text":"Download scripts:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
Enable the DPDK installation option:
bash install.sh --with-hybrid-dpdk\n
"},{"location":"en/advance/dpdk/#usage","title":"Usage","text":"Here we verify the OVS-DPDK functionality by creating a virtual machine with a vhostuser type NIC.
Here we use the KVM Device Plugin to create virtual machines. For more information on how to use it, please refer to [KVM Device Plugin].(https://github.com/kubevirt/kubernetes-device-plugins/blob/master/docs/README.kvm.md).
kubectl apply -f https://raw.githubusercontent.com/kubevirt/kubernetes-device-plugins/master/manifests/kvm-ds.yml\n
Create NetworkAttachmentDefinition:
apiVersion: k8s.cni.cncf.io/v1\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-dpdk\n namespace: default\nspec:\n config: >-\n {\n \"cniVersion\": \"0.3.0\", \n \"type\": \"kube-ovn\", \n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\", \n \"provider\": \"ovn-dpdk.default.ovn\",\n \"vhost_user_socket_volume_name\": \"vhostuser-sockets\",\n \"vhost_user_socket_name\": \"sock\"\n }\n
Create a VM image using the following Dockerfile:
FROM quay.io/kubevirt/virt-launcher:v0.46.1\n\n# wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2\nCOPY CentOS-7-x86_64-GenericCloud.qcow2 /var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2\n
Create a virtual machine:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vm-config\ndata:\n start.sh: |\n chmod u+w /etc/libvirt/qemu.conf\n echo \"hugetlbfs_mount = \\\"/dev/hugepages\\\"\" >> /etc/libvirt/qemu.conf\n virtlogd &\n libvirtd &\n\n mkdir /var/lock\n\n sleep 5\n\n virsh define /root/vm/vm.xml\n virsh start vm\n\n tail -f /dev/null\n vm.xml: |\n <domain type='kvm'>\n <name>vm</name>\n <uuid>4a9b3f53-fa2a-47f3-a757-dd87720d9d1d</uuid>\n <memory unit='KiB'>2097152</memory>\n <currentMemory unit='KiB'>2097152</currentMemory>\n <memoryBacking>\n <hugepages>\n <page size='2' unit='M' nodeset='0'/>\n </hugepages>\n </memoryBacking>\n <vcpu placement='static'>2</vcpu>\n <cputune>\n <shares>4096</shares>\n <vcpupin vcpu='0' cpuset='4'/>\n <vcpupin vcpu='1' cpuset='5'/>\n <emulatorpin cpuset='1,3'/>\n </cputune>\n <os>\n <type arch='x86_64' machine='pc'>hvm</type>\n <boot dev='hd'/>\n </os>\n <features>\n <acpi/>\n <apic/>\n </features>\n <cpu mode='host-model'>\n <model fallback='allow'/>\n <topology sockets='1' cores='2' threads='1'/>\n <numa>\n <cell id='0' cpus='0-1' memory='2097152' unit='KiB' memAccess='shared'/>\n </numa>\n </cpu>\n <on_reboot>restart</on_reboot>\n <devices>\n <emulator>/usr/libexec/qemu-kvm</emulator>\n <disk type='file' device='disk'>\n <driver name='qemu' type='qcow2' cache='none'/>\n <source file='/var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2'/>\n <target dev='vda' bus='virtio'/>\n </disk>\n\n <interface type='vhostuser'>\n <mac address='00:00:00:0A:30:89'/>\n <source type='unix' path='/var/run/vm/sock' mode='server'/>\n <model type='virtio'/>\n <driver queues='2'>\n <host mrg_rxbuf='off'/>\n </driver>\n </interface>\n <serial type='pty'>\n <target type='isa-serial' port='0'>\n <model name='isa-serial'/>\n </target>\n </serial>\n <console type='pty'>\n <target type='serial' port='0'/>\n </console>\n <channel type='unix'>\n <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-1-vm/org.qemu.guest_agent.0'/>\n <target type='virtio' name='org.qemu.guest_agent.0' state='connected'/>\n <alias name='channel0'/>\n <address type='virtio-serial' controller='0' bus='0' port='1'/>\n </channel>\n\n </devices>\n </domain>\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: vm-deployment\n labels:\n app: vm\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: vm\n template:\n metadata:\n labels:\n app: vm\n annotations:\n k8s.v1.cni.cncf.io/networks: default/ovn-dpdk\n ovn-dpdk.default.ovn.kubernetes.io/ip_address: 10.16.0.96\n ovn-dpdk.default.ovn.kubernetes.io/mac_address: 00:00:00:0A:30:89\n spec:\n nodeSelector:\n ovn.kubernetes.io/ovs_dp_type: userspace\n securityContext:\n runAsUser: 0\n volumes:\n - name: vhostuser-sockets\n emptyDir: {}\n - name: xml\n configMap:\n name: vm-config\n - name: hugepage\n emptyDir:\n medium: HugePages-2Mi\n - name: libvirt-runtime\n emptyDir: {}\n containers:\n - name: vm\n image: vm-vhostuser:latest\n command: [\"bash\", \"/root/vm/start.sh\"]\n securityContext:\n capabilities:\n add:\n - NET_BIND_SERVICE\n - SYS_NICE\n - NET_RAW\n - NET_ADMIN\n privileged: false\n runAsUser: 0\n resources:\n limits:\n cpu: '2'\n devices.kubevirt.io/kvm: '1'\n memory: '8784969729'\n hugepages-2Mi: 2Gi\n requests:\n cpu: 666m\n devices.kubevirt.io/kvm: '1'\n ephemeral-storage: 50M\n memory: '4490002433'\n volumeMounts:\n - name: vhostuser-sockets\n mountPath: /var/run/vm\n - name: xml\n mountPath: /root/vm/\n - mountPath: /dev/hugepages\n name: hugepage\n - name: libvirt-runtime\n mountPath: /var/run/libvirt\n
Wait for the virtual machine to be created successfully and then go to the Pod to configure the virtual machine:
# virsh set-user-password vm root 12345\nPassword set successfully for root in vm\n\n# virsh console vm\nConnected to domain 'vm'\nEscape character is ^] (Ctrl + ])\n\nCentOS Linux 7 (Core)\nKernel 3.10.0-1127.el7.x86_64 on an x86_64\n\nlocalhost login: root\nPassword:\nLast login: Fri Feb 25 09:52:54 on ttyS0\n
Next, you can log into the virtual machine for network configuration and test:
ip link set eth0 mtu 1400\nip addr add 10.16.0.96/16 dev eth0\nip ro add default via 10.16.0.1\nping 114.114.114.114\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/external-gateway/","title":"External Gateway","text":"In some scenarios, all container traffic access to the outside needs to be managed and audited through an external gateway. Kube-OVN can forward outbound traffic to the corresponding external gateway by configuring the appropriate routes in the subnet.
"},{"location":"en/advance/external-gateway/#usage","title":"Usage","text":"kind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: external\nspec:\n cidrBlock: 172.31.0.0/16\n gatewayType: centralized\n natOutgoing: false\n externalEgressGateway: 192.168.0.1\n policyRoutingTableID: 1000\n policyRoutingPriority: 1500\n
natOutgoing: needs to be set to false.externalEgressGateway: Set to the address of the external gateway, which needs to be in the same Layer 2 reachable domain as the gateway node.policyRoutingTableID: The TableID of the local policy routing table used needs to be different for each subnet to avoid conflicts.policyRoutingPriority: Route priority, in order to avoid subsequent user customization of other routing operations conflict, here you can specify the route priority. If no special needs, you can fill in any value.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/fastpath/","title":"Compile FastPath Module","text":"After a data plane performance profile, netfilter consumes about 20% of CPU resources for related processing within the container and on the host. The FastPath module can bypass netfilter to reduce CPU consumption and latency, and increase throughput. This document will describe how to compile the FastPath module manually.
"},{"location":"en/advance/fastpath/#download-related-code","title":"Download Related Code","text":"git clone --depth=1 https://github.com/kubeovn/kube-ovn.git\n
"},{"location":"en/advance/fastpath/#install-dependencies","title":"Install Dependencies","text":"Here is an example of CentOS dependencies to download:
yum install -y kernel-devel-$(uname -r) gcc elfutils-libelf-devel\n
"},{"location":"en/advance/fastpath/#compile-the-module","title":"Compile the Module","text":"For the 3.x kernel:
cd kube-ovn/fastpath\nmake all\n
For the 4.x kernel:
cd kube-ovn/fastpath/4.18\ncp ../Makefile .\nmake all\n
"},{"location":"en/advance/fastpath/#instal-the-kernel-module","title":"Instal the Kernel Module","text":"Copy kube_ovn_fastpath.ko to each node that needs performance optimization, and run the following command:
insmod kube_ovn_fastpath.ko\n
Use dmesg to confirm successful installation:
# dmesg\n[619631.323788] init_module,kube_ovn_fastpath_local_out\n[619631.323798] init_module,kube_ovn_fastpath_post_routing\n[619631.323800] init_module,kube_ovn_fastpath_pre_routing\n[619631.323801] init_module,kube_ovn_fastpath_local_in\n
To uninstall a module, use the following command.
rmmod kube_ovn_fastpath.ko\n
This module will not be loaded automatically after machine reboot. If you want to load it automatically, please write the corresponding autostart script according to the system configuration.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/multi-nic/","title":"Manage Multiple Interface","text":"Kube-OVN can provide cluster-level IPAM capabilities for other CNI network plugins such as macvlan, vlan, host-device, etc. Other network plugins can then use the subnet and fixed IP capabilities in Kube-OVN.
Kube-OVN also supports address management when multiple NICs are all of Kube-OVN type.
"},{"location":"en/advance/multi-nic/#working-principle","title":"Working Principle","text":"By using Multus CNI, we can add multiple NICs of different networks to a Pod. However, we still lack the ability to manage the IP addresses of different networks within a cluster. In Kube-OVN, we have been able to perform advanced IP management such as subnet management, IP reservation, random assignment, fixed assignment, etc. through CRD of Subnet and IP. Now Kube-OVN extend the subnet to integrate with other different network plugins, so that other network plugins can also use the IPAM functionality of Kube-OVN.
"},{"location":"en/advance/multi-nic/#workflow","title":"Workflow","text":"The above diagram shows how to manage the IP addresses of other network plugins via Kube-OVN. The eth0 NIC of the container is connected to the OVN network and the net1 NIC is connected to other CNI networks. The network definition for the net1 network is taken from the NetworkAttachmentDefinition resource definition in multus-cni.
When a Pod is created, kube-ovn-controller will get the Pod add event, find the corresponding Subnet according to the annotation in the Pod, then manage the address from it, and write the address information assigned to the Pod back to the Pod annotation.
The CNI on the container machine can configure kube-ovn-cni as the ipam plugin. kube-ovn-cni will read the Pod annotation and return the address information to the corresponding CNI plugin using the standard format of the CNI protocol.
"},{"location":"en/advance/multi-nic/#usage","title":"Usage","text":""},{"location":"en/advance/multi-nic/#install-kube-ovn-and-multus","title":"Install Kube-OVN and Multus","text":"Please refer One-Click Installation and Multus how to use to install Kube-OVN and Multus-CNI.
"},{"location":"en/advance/multi-nic/#provide-ipam-for-other-types-of-cni","title":"Provide IPAM for other types of CNI","text":""},{"location":"en/advance/multi-nic/#create-networkattachmentdefinition","title":"Create NetworkAttachmentDefinition","text":"Here we use macvlan as the second network of the container network and set its ipam to kube-ovn:
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: macvlan\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth0\",\n \"mode\": \"bridge\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"macvlan.default\"\n }\n }'\n
spec.config.ipam.type: Need to be set to kube-ovn to call the kube-ovn plugin to get the address information.server_socket: The socket file used for communication to Kube-OVN. The default location is /run/openvswitch/kube-ovn-daemon.sock.provider: The current NetworkAttachmentDefinition's <name>. <namespace> , Kube-OVN will use this information to find the corresponding Subnet resource.
"},{"location":"en/advance/multi-nic/#the-attached-nic-is-a-kube-ovn-type-nic","title":"The attached NIC is a Kube-OVN type NIC","text":"At this point, the multiple NICs are all Kube-OVN type NICs.
"},{"location":"en/advance/multi-nic/#create-networkattachmentdefinition_1","title":"Create NetworkAttachmentDefinition","text":"Set the provider suffix to ovn:
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: attachnet\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"attachnet.default.ovn\"\n }'\n
spec.config.ipam.type: Need to be set to kube-ovn to call the kube-ovn plugin to get the address information.server_socket: The socket file used for communication to Kube-OVN. The default location is /run/openvswitch/kube-ovn-daemon.sock.provider: The current NetworkAttachmentDefinition's <name>. <namespace> , Kube-OVN will use this information to find the corresponding Subnet resource. It should have the suffix ovn here.
"},{"location":"en/advance/multi-nic/#create-a-kube-ovn-subnet","title":"Create a Kube-OVN Subnet","text":"Create a Kube-OVN Subnet, set the corresponding cidrBlock and exclude_ips, the provider should be set to the <name>. <namespace> of corresponding NetworkAttachmentDefinition. For example, to provide additional NICs with macvlan, create a Subnet as follows:
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: macvlan\nspec:\n protocol: IPv4\n provider: macvlan.default\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n excludeIps:\n - 172.17.0.0..172.17.0.10\n
gateway, private, nat are only valid for networks with provider type ovn, not for attachment networks.
If you are using Kube-OVN as an attached NIC, provider should be set to the <name>. <namespace>.ovn of the corresponding NetworkAttachmentDefinition, and should end with ovn as a suffix.
An example of creating a Subnet with an additional NIC provided by Kube-OVN is as follows:
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attachnet\nspec:\n protocol: IPv4\n provider: attachnet.default.ovn\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n excludeIps:\n - 172.17.0.0..172.17.0.10\n
"},{"location":"en/advance/multi-nic/#create-a-pod-with-multiple-nic","title":"Create a Pod with Multiple NIC","text":"For Pods with randomly assigned addresses, simply add the following annotation k8s.v1.cni.cncf.io/networks, taking the value <namespace>/<name> of the corresponding NetworkAttachmentDefinition.\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: samplepod\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\nspec:\n containers:\n - name: samplepod\n command: [\"/bin/ash\", \"-c\", \"trap : TERM INT; sleep infinity & wait\"]\n image: docker.io/library/alpine:edge\n
"},{"location":"en/advance/multi-nic/#create-pod-with-a-fixed-ip","title":"Create Pod with a Fixed IP","text":"For Pods with fixed IPs, add <networkAttachmentName>.<networkAttachmentNamespace>.kubernetes.io/ip_address annotation\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: static-ip\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\n macvlan.default.kubernetes.io/ip_address: 172.17.0.100\n macvlan.default.kubernetes.io/mac_address: 00:00:00:53:6B:BB\nspec:\n containers:\n - name: static-ip\n image: docker.io/library/nginx:alpine\n
"},{"location":"en/advance/multi-nic/#create-workloads-with-fixed-ips","title":"Create Workloads with Fixed IPs","text":"For workloads that use ippool, add <networkAttachmentName>.<networkAttachmentNamespace>.kubernetes.io/ip_pool annotations:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n namespace: default\n name: static-workload\n labels:\n app: static-workload\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: static-workload\n template:\n metadata:\n labels:\n app: static-workload\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\n ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17\n macvlan.default.kubernetes.io/ip_pool: 172.17.0.200,172.17.0.201,172.17.0.202\n spec:\n containers:\n - name: static-workload\n image: docker.io/library/nginx:alpine\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/nat-policy-rule/","title":"Default VPC NAT Policy Rule","text":""},{"location":"en/advance/nat-policy-rule/#purpose","title":"Purpose","text":"In the Overlay Subnet under the default VPC, when the natOutgoing switch is turned on, all Pods in the subnet need to do SNAT to access the external network, but in some scenarios we do not want all Pods in the subnet to access the external network by SNAT.
So the NAT Policy Rule is to provide a way for users to decide which CIDRs or IPs in the subnet to access the external network need SNAT.
"},{"location":"en/advance/nat-policy-rule/#how-to-use-nat-policy-rules","title":"How to use NAT Policy Rules","text":"Enable the natOutgoing switch in subnet.Spec, and add the field natOutgoingPolicyRules as follows:
spec:\n natOutgoing: true\n natOutgoingPolicyRules:\n - action: forward\n match:\n srcIPs: 10.0.11.0/30,10.0.11.254\n - action: nat\n match:\n srcIPs: 10.0.11.128/26\n dstIPs: 114.114.114.114,8.8.8.8\n
The above case shows that there are two NAT policy rules:
- Packets with source IP 10.0.11.0/30 or 10.0.11.254 will not perform SNAT when accessing the external network.
- When a packet with source IP 10.0.11.128/26 and destination IP 114.114.114.114 or 8.8.8.8 accesses the external network, SNAT will be performed.
Field description:
action: The action that will be executed for packets that meets the corresponding conditions of the match. The action is divided into two types: forward and nat. When natOutgoingPolicyRules is not configured, packets are still SNAT by default.
match: Indicates the matching segment of the message, the matching segment includes srcIPs and dstIPs, here indicates the source IP and destination IP of the message from the subnet to the external network. match.srcIPs and match.dstIPs support multiple cidr and ip, separated by commas. If multiple match rules overlap, the action that is matched first will be executed according to the order of the natOutgoingPolicyRules array.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/node-local-dns/","title":"NodeLocal DNSCache and Kube-OVN adaptation","text":"NodeLocal DNSCache improves cluster DNS performance by running DNS cache as a DaemonSet on cluster nodes. This function can also be adapted to Kube-OVN.
"},{"location":"en/advance/node-local-dns/#nodelocal-dnscache-deployment","title":"Nodelocal DNSCache deployment","text":""},{"location":"en/advance/node-local-dns/#deploy-kubernetes-nodelocal-dnscache","title":"Deploy Kubernetes NodeLocal DNScache","text":"This step refers to Kubernetes official website configuration nodelocaldnscache.
Deploy with the following script:
#!bin/bash\n\nlocaldns=169.254.20.10\ndomain=cluster.local\nkubedns=10.96.0.10\n\nwget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml\nsed -i \"s/__PILLAR__LOCAL__DNS__/$localdns/g; s/__PILLAR__DNS__DOMAIN__/$domain/g; s/,__PILLAR__DNS__SERVER__//g; s/__PILLAR__CLUSTER__DNS__/$kubedns/g\" nodelocaldns.yaml\n\nkubectl apply -f nodelocaldns.yaml\n
Modify the kubelet configuration file on each node, modify the clusterDNS field in /var/lib/kubelet/config.yaml to the local DNS IP 169.254.20.10, and then restart the kubelet service.
"},{"location":"en/advance/node-local-dns/#kube-ovn-corresponding-dns-configuration","title":"Kube-OVN corresponding DNS configuration","text":"After deploying the Nodelocal DNScache component of Kubernetes, Kube-OVN needs to make the following modifications:
"},{"location":"en/advance/node-local-dns/#underlay-subnet-enable-u2o-switch","title":"Underlay subnet enable U2O switch","text":"If the underlay subnet needs to use the local DNS function, you need to enable the U2O function, that is, configure spec.u2oInterconnection = true in kubectl edit subnet {your subnet}. If it is an overlay subnet, this step is not required.
"},{"location":"en/advance/node-local-dns/#specify-the-corresponding-local-dns-ip-for-kube-ovn-controller","title":"Specify the corresponding local DNS IP for kube-ovn-controller","text":"kubectl edit deployment kube-ovn-controller -n kube-system\n
Add field to spec.template.spec.containers.args --node-local-dns-ip=169.254.20.10
"},{"location":"en/advance/node-local-dns/#rebuild-the-created-pods","title":"Rebuild the created Pods","text":"The reason for this step is to let the Pod regenerate /etc/resolv.conf so that the nameserver points to the local DNS IP. If the nameserver of the Pod is not rebuilt, it will still use the DNS ClusterIP of the cluster. At the same time, if the u2o switch is turned on, the Pod needs to be rebuilt to regenerate the Pod gateway.
"},{"location":"en/advance/node-local-dns/#validator-local-dns-cache-function","title":"Validator local DNS cache function","text":"After the above configuration is completed, you can find the Pod verification as follows. You can see that the Pod's DNS server points to the local 169.254.20.10 and successfully resolves the domain name:
# kubectl exec -it pod1 -- nslookup github.com\nServer: 169.254.20.10\nAddress: 169.254.20.10:53\n\n\nName: github.com\nAddress: 20.205.243.166\n
You can also capture packets at the node and verify as follows. You can see that the DNS query message reaches the local DNS service through the ovn0 network card, and the DNS response message returns in the same way:
# tcpdump -i any port 53\n\n06:20:00.441889 659246098c56_h P ifindex 17 00:00:00:73:f1:06 ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1291+ A? baidu.com. (27)\n06:20:00.441889 ovn0 In ifindex 7 00:00:00:50:32:cd ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1291+ A? baidu.com. (27)\n06:20:00.441950 659246098c56_h P ifindex 17 00:00:00:73:f1:06 ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1611+ AAAA? baidu.com. (27)\n06:20:00.441950 ovn0 In ifindex 7 00:00:00:50:32:cd ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1611+ AAAA? baidu.com. (27)\n06:20:00.442203 ovn0 Out ifindex 7 00:00:00:52:99:d8 ethertype IPv4 (0x0800), length 145: 169.254.20.10.53 > 10.16.0.2.40230: 1611* 0/1/0 (97)\n06:20:00.442219 659246098c56_h Out ifindex 17 00:00:00:ea:b3:5e ethertype IPv4 (0x0800), length 145: 169.254.20.10.53 > 10.16.0.2.40230: 1611* 0/1/0 (97)\n06:20:00.442273 ovn0 Out ifindex 7 00:00:00:52:99:d8 ethertype IPv4 (0x0800), length 125: 169.254.20.10.53 > 10.16.0.2.40230: 1291* 2/0/0 A 39.156.66.10, A 110.242.68.66 (77)\n06:20:00.442278 659246098c56_h Out ifindex 17 00:00:00:ea:b3:5e ethertype IPv4 (0x0800), length 125: 169.254.20.10.53 > 10.16.0.2.40230: 1291* 2/0/0 A 39.156.66.10, A 110.242.68.66 (77)\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/offload-corigine/","title":"Offload with Corigine","text":"Kube-OVN uses OVS for traffic forwarding in the final data plane, and the associated flow table matching, tunnel encapsulation and other functions are CPU-intensive, which consumes a lot of CPU resources and leads to higher latency and lower throughput under heavy traffic. Corigine Agilio CX series SmartNIC can offload OVS-related operations to the hardware. This technology can shorten the data path without modifying the OVS control plane, avoiding the use of host CPU resources, which dramatically reduce latency and significantly increase the throughput.
"},{"location":"en/advance/offload-corigine/#prerequisites","title":"Prerequisites","text":" - Corigine Agilio CX series SmartNIC.
- CentOS 8 Stream or Linux 5.7 above.
- Since the current NIC does not support
dp_hash and hash operation offload, OVN LB function should be disabled.
"},{"location":"en/advance/offload-corigine/#setup-sr-iov","title":"Setup SR-IOV","text":"Please read Agilio Open vSwitch TC User Guide for the detail usage of this SmartNIC.
The following scripts are saved for subsequent execution of firmware-related operations:
#!/bin/bash\nDEVICE=${1}\nDEFAULT_ASSY=scan\nASSY=${2:-${DEFAULT_ASSY}}\nAPP=${3:-flower}\n\nif [ \"x${DEVICE}\" = \"x\" -o ! -e /sys/class/net/${DEVICE} ]; then\n echo Syntax: ${0} device [ASSY] [APP]\n echo\n echo This script associates the TC Offload firmware\n echo with a Netronome SmartNIC.\n echo\n echo device: is the network device associated with the SmartNIC\n echo ASSY: defaults to ${DEFAULT_ASSY}\n echo APP: defaults to flower. flower-next is supported if updated\n echo firmware has been installed.\n exit 1\nfi\n\n# It is recommended that the assembly be determined by inspection\n# The following code determines the value via the debug interface\nif [ \"${ASSY}x\" = \"scanx\" ]; then\n ethtool -W ${DEVICE} 0\n DEBUG=$(ethtool -w ${DEVICE} data /dev/stdout | strings)\n SERIAL=$(echo \"${DEBUG}\" | grep \"^SN:\")\n ASSY=$(echo ${SERIAL} | grep -oE AMDA[0-9]{4})\nfi\n\nPCIADDR=$(basename $(readlink -e /sys/class/net/${DEVICE}/device))\nFWDIR=\"/lib/firmware/netronome\"\n\n# AMDA0081 and AMDA0097 uses the same firmware\nif [ \"${ASSY}\" = \"AMDA0081\" ]; then\n if [ ! -e ${FWDIR}/${APP}/nic_AMDA0081.nffw ]; then\n ln -sf nic_AMDA0097.nffw ${FWDIR}/${APP}/nic_AMDA0081.nffw\n fi\nfi\n\nFW=\"${FWDIR}/pci-${PCIADDR}.nffw\"\nln -sf \"${APP}/nic_${ASSY}.nffw\" \"${FW}\"\n\n# insert distro-specific initramfs section here...\n
Switching firmware options and reloading the driver:
./agilio-tc-fw-select.sh ens47np0 scan\nrmmod nfp\nmodprobe nfp\n
Check the number of available VFs and create VFs.
# cat /sys/class/net/ens3/device/sriov_totalvfs\n65\n\n# echo 4 > /sys/class/net/ens47/device/sriov_numvfs\n
"},{"location":"en/advance/offload-corigine/#install-sr-iov-device-plugin","title":"Install SR-IOV Device Plugin","text":"Since each machine has a limited number of VFs and each Pod that uses acceleration will take up VF resources, we need to use the SR-IOV Device Plugin to manage the corresponding resources so that the scheduler knows how to schedule.
Create SR-IOV Configmap:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sriovdp-config\n namespace: kube-system\ndata:\n config.json: |\n {\n \"resourceList\": [{\n \"resourcePrefix\": \"corigine.com\",\n \"resourceName\": \"agilio_sriov\",\n \"selectors\": {\n \"vendors\": [\"19ee\"],\n \"devices\": [\"6003\"],\n \"drivers\": [\"nfp_netvf\"]\n }\n }\n ]\n }\n
Please read the SR-IOV device plugin to deploy:
kubectl apply -f https://raw.githubusercontent.com/intel/sriov-network-device-plugin/master/deployments/k8s-v1.16/sriovdp-daemonset.yaml\n
Check if SR-IOV resources have been registered to Kubernetes Node:
kubectl describe no containerserver | grep corigine\n\ncorigine.com/agilio_sriov: 4\ncorigine.com/agilio_sriov: 4\ncorigine.com/agilio_sriov 0 0\n
"},{"location":"en/advance/offload-corigine/#install-multus-cni","title":"Install Multus-CNI","text":"The device IDs obtained during SR-IOV Device Plugin scheduling need to be passed to Kube-OVN via Multus-CNI, so Multus-CNI needs to be configured to perform the related tasks.
Please read Multus-CNI Document to deploy\uff1a
kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset.yml\n
Create NetworkAttachmentDefinition\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: default\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/resourceName: corigine.com/agilio_sriov\nspec:\n config: '{\n \"cniVersion\": \"0.3.1\",\n \"name\": \"kube-ovn\",\n \"plugins\":[\n {\n \"type\":\"kube-ovn\",\n \"server_socket\":\"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"default.default.ovn\"\n },\n {\n \"type\":\"portmap\",\n \"capabilities\":{\n \"portMappings\":true\n }\n }\n ]\n}'\n
provider: the format should be {name}.{namespace}.ovn of related NetworkAttachmentDefinition.
"},{"location":"en/advance/offload-corigine/#enable-offload-in-kube-ovn","title":"Enable Offload in Kube-OVN","text":"Download the scripts:
wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.12/dist/images/install.sh\n
Change the related options\uff0cIFACE should be the physic NIC and has an IP:
ENABLE_MIRROR=${ENABLE_MIRROR:-false}\nHW_OFFLOAD=${HW_OFFLOAD:-true}\nENABLE_LB=${ENABLE_LB:-false}\nIFACE=\"ensp01\"\n
Install Kube-OVN\uff1a
bash install.sh\n
"},{"location":"en/advance/offload-corigine/#create-pods-with-vf-nics","title":"Create Pods with VF NICs","text":"Pods that use VF for network offload acceleration can be created using the following yaml:
apiVersion: v1\nkind: Pod\nmetadata:\n name: nginx\n namespace: default\n annotations:\n v1.multus-cni.io/default-network: default/default\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n resources:\n requests:\n corigine.com/agilio_sriov: '1'\n limits:\n corigine.com/agilio_sriov: '1'\n
v1.multus-cni.io/default-network: should be the {namespace}/{name} of related NetworkAttachmentDefinition.
Running the following command in the ovs-ovn container of the Pod run node to observe if offload success.
# ovs-appctl dpctl/dump-flows -m type=offloaded\nufid:91cc45de-e7e9-4935-8f82-1890430b0f66, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(5b45c61b307e_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:c5:6d:4e,dst=00:00:00:e7:16:ce),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:941539, bytes:62142230, used:0.260s, offloaded:yes, dp:tc, actions:54235e5753b8_h\nufid:e00768d7-e652-4d79-8182-3291d852b791, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(54235e5753b8_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:e7:16:ce,dst=00:00:00:c5:6d:4e),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:82386659, bytes:115944854173, used:0.260s, offloaded:yes, dp:tc, actions:5b45c61b307e_h\n
If there is offloaded:yes, dp:tc content, the offloading is successful.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/offload-mellanox/","title":"Offload with Mellanox","text":"Kube-OVN uses OVS for traffic forwarding in the final data plane, and the associated flow table matching, tunnel encapsulation and other functions are CPU-intensive, which consumes a lot of CPU resources and leads to higher latency and lower throughput under heavy traffic. Mellanox Accelerated Switching And Packet Processing (ASAP\u00b2) technology offloads OVS-related operations to an eSwitch within the eSwitch in the hardware. This technology can shorten the data path without modifying the OVS control plane, avoiding the use of host CPU resources, which dramatically reduce latency and significantly increase the throughput.
"},{"location":"en/advance/offload-mellanox/#prerequisites","title":"Prerequisites","text":" - Mellanox CX5/CX6/BlueField that support ASAP\u00b2.
- CentOS 8 Stream or Linux 5.7 above.
- Since the current NIC does not support
dp_hash and hash operation offload, OVN LB function should be disabled. - In order to support offload mode, the NIC cannot do bond.
"},{"location":"en/advance/offload-mellanox/#setup-sr-iov","title":"Setup SR-IOV","text":"Check the device ID of the NIC, in the following example it is 42:00.0:
# lspci -nn | grep ConnectX-5\n42:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n
Find the corresponding NIC by its device ID:
# ls -l /sys/class/net/ | grep 42:00.0\nlrwxrwxrwx. 1 root root 0 Jul 22 23:16 p4p1 -> ../../devices/pci0000:40/0000:40:02.0/0000:42:00.0/net/p4p1\n
Check the number of available VFs:
# cat /sys/class/net/p4p1/device/sriov_totalvfs\n8\n
Create VFs and do not exceeding the number found above:
# echo '4' > /sys/class/net/p4p1/device/sriov_numvfs\n# ip link show p4p1\n10: p4p1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000\n link/ether b8:59:9f:c1:ec:12 brd ff:ff:ff:ff:ff:ff\n vf 0 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 1 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 2 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 3 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n# ip link set p4p1 up\n
Find the device IDs corresponding to the above VFs:
# lspci -nn | grep ConnectX-5\n42:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n42:00.1 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n42:00.2 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.3 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.4 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.5 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n
Unbound the VFs from the driver:
echo 0000:42:00.2 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.3 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.4 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.5 > /sys/bus/pci/drivers/mlx5_core/unbind\n
Enable eSwitch mode and set up hardware offload:
devlink dev eswitch set pci/0000:42:00.0 mode switchdev\nethtool -K enp66s0f0 hw-tc-offload on\n
Rebind the driver and complete the VF setup:
echo 0000:42:00.2 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.3 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.4 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.5 > /sys/bus/pci/drivers/mlx5_core/bind\n
Some behaviors of NetworkManager may cause driver exceptions, if offloading problems occur we recommended to close NetworkManager and try again.
systemctl stop NetworkManager\nsystemctl disable NetworkManager\n
"},{"location":"en/advance/offload-mellanox/#install-sr-iov-device-plugin","title":"Install SR-IOV Device Plugin","text":"Since each machine has a limited number of VFs and each Pod that uses acceleration will take up VF resources, we need to use the SR-IOV Device Plugin to manage the corresponding resources so that the scheduler knows how to schedule.
Create SR-IOV Configmap:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sriovdp-config\n namespace: kube-system\ndata:\n config.json: |\n {\n \"resourceList\": [{\n \"resourcePrefix\": \"mellanox.com\",\n \"resourceName\": \"cx5_sriov_switchdev\",\n \"selectors\": {\n \"vendors\": [\"15b3\"],\n \"devices\": [\"1018\"],\n \"drivers\": [\"mlx5_core\"]\n }\n }\n ]\n }\n
Please read the SR-IOV device plugin to deploy:
kubectl apply -f https://raw.githubusercontent.com/intel/sriov-network-device-plugin/master/deployments/k8s-v1.16/sriovdp-daemonset.yaml\n
Check if SR-IOV resources have been registered to Kubernetes Node:
kubectl describe node kube-ovn-01 | grep mellanox\n\nmellanox.com/cx5_sriov_switchdev: 4\nmellanox.com/cx5_sriov_switchdev: 4\nmellanox.com/cx5_sriov_switchdev 0 0\n
"},{"location":"en/advance/offload-mellanox/#install-multus-cni","title":"Install Multus-CNI","text":"The device IDs obtained during SR-IOV Device Plugin scheduling need to be passed to Kube-OVN via Multus-CNI, so Multus-CNI needs to be configured to perform the related tasks.
Please read Multus-CNI Document to deploy\uff1a
kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset.yml\n
Create NetworkAttachmentDefinition\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: default\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/resourceName: mellanox.com/cx5_sriov_switchdev\nspec:\n config: '{\n \"cniVersion\": \"0.3.1\",\n \"name\": \"kube-ovn\",\n \"plugins\":[\n {\n \"type\":\"kube-ovn\",\n \"server_socket\":\"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"default.default.ovn\"\n },\n {\n \"type\":\"portmap\",\n \"capabilities\":{\n \"portMappings\":true\n }\n }\n ]\n}'\n
provider: the format should be {name}.{namespace}.ovn of related NetworkAttachmentDefinition.
"},{"location":"en/advance/offload-mellanox/#enable-offload-in-kube-ovn","title":"Enable Offload in Kube-OVN","text":"Download the scripts:
wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.12/dist/images/install.sh\n
Change the related options\uff0cIFACE should be the physic NIC and has an IP:
ENABLE_MIRROR=${ENABLE_MIRROR:-false}\nHW_OFFLOAD=${HW_OFFLOAD:-true}\nENABLE_LB=${ENABLE_LB:-false}\nIFACE=\"ensp01\"\n
Install Kube-OVN\uff1a
bash install.sh\n
"},{"location":"en/advance/offload-mellanox/#create-pods-with-vf-nics","title":"Create Pods with VF NICs","text":"Pods that use VF for network offload acceleration can be created using the following yaml:
apiVersion: v1\nkind: Pod\nmetadata:\n name: nginx\n annotations:\n v1.multus-cni.io/default-network: default/default\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n resources:\n requests:\n mellanox.com/cx5_sriov_switchdev: '1'\n limits:\n mellanox.com/cx5_sriov_switchdev: '1'\n
v1.multus-cni.io/default-network: should be the {namespace}/{name} of related NetworkAttachmentDefinition.
Running the following command in the ovs-ovn container of the Pod run node to observe if offload success.
# ovs-appctl dpctl/dump-flows -m type=offloaded\nufid:91cc45de-e7e9-4935-8f82-1890430b0f66, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(5b45c61b307e_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:c5:6d:4e,dst=00:00:00:e7:16:ce),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:941539, bytes:62142230, used:0.260s, offloaded:yes, dp:tc, actions:54235e5753b8_h\nufid:e00768d7-e652-4d79-8182-3291d852b791, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(54235e5753b8_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:e7:16:ce,dst=00:00:00:c5:6d:4e),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:82386659, bytes:115944854173, used:0.260s, offloaded:yes, dp:tc, actions:5b45c61b307e_h\n
If there is offloaded:yes, dp:tc content, the offloading is successful.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/overlay-with-route/","title":"Interconnection with Routes in Overlay Mode","text":"In some scenarios, the network environment does not support Underlay mode, but still need Pods and external devices directly access through IP, then you can use the routing method to connect the container network and the external.
Only Overlay Subnets in default VPC support this method. In this case, the Pod IP goes directly to the underlying network, which needs to disable IP checks for source and destination addresses.
"},{"location":"en/advance/overlay-with-route/#prerequisites","title":"Prerequisites","text":" - In this mode, the host needs to open the
ip_forward. - Check if there is a
Drop rule in the forward chain in the host iptables that should be modified for container-related traffic. - Due to the possibility of asymmetric routing, the host needs to allow packets with a ct status of
INVALID.
"},{"location":"en/advance/overlay-with-route/#steps","title":"Steps","text":"For subnets that require direct external routing, you need to set natOutgoing of the subnet to false to turn off nat mapping and make the Pod IP directly accessible to the external network.
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: routed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: distributed\n natOutgoing: false\n
At this point, the Pod's packets can reach the peer node via the host route, but the peer node does not yet know where the return packets should be sent to and needs to add a return route.
If the peer host and the container host are on the same Layer 2 network, we can add a static route directly to the peer host to point the next hop of the container network to any machine in the Kubernetes cluster.
ip route add 10.166.0.0/16 via 192.168.2.10 dev eth0\n
10.166.0.0/16 is the container subnet CIDR, and 192.168.2.10 is one node in the Kubernetes cluster.
If the peer host and the container host are not in the same layer 2 network, you need to configure the corresponding rules on the router.
Note: Specifying an IP for a single node may lead to single point of failure. To achieve fast failover, Keepalived can be used to set up a VIP for multiple nodes, and the next hop of the route can be directed to the VIP.
In some virtualized environments, the virtual network identifies asymmetric traffic as illegal traffic and drops it. In this case, you need to adjust the gatewayType of the Subnet to centralized and set the next hop to the IP of the gatewayNode node during route setup.
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: routed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: centralized\n gatewayNode: \"node1\"\n natOutgoing: false\n
If you still want to perform NAT processing for some traffic, such as traffic accessing the Internet, please refer to the Default VPC NAT Policy Rule.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/ovn-eip-fip-snat/","title":"Support OVN EIP,FIP and SNAT","text":"Note: Due to api changes, the OVN EIP FIP DNAT function cannot be continued in the '1.12' branch, if necessary, please refer to the branch after 1.12 or the master branch. Due to the evolution of the master branch quickly, now provides a special 1.12-mc branch, used to guarantee stability.
graph LR\n\n\npod-->vpc1-subnet-->vpc1-->snat-->lrp-->external-subnet-->gw-node-external-nic
The pod access the public network based on the snat
graph LR\n\n\npod-->vpc1-subnet-->vpc1-->fip-->lrp-->external-subnet-->local-node-external-nic
The pod access the public network based on the fip
The CRD supported by this function is basically the same as the iptable nat gw public network solution.
- ovn eip: occupies a public ip address and is allocated from the underlay provider network vlan subnet
- ovn fip: one-to-one dnat snat, which provides direct public network access for ip addresses and vip in a vpc
- ovn snat: a subnet cidr or a single vpc ip or vip can access public networks based on snat
- ovn dnat: based router lb, which enables direct access to a group of endpoints in a vpc based on a public endpoint
"},{"location":"en/advance/ovn-eip-fip-snat/#1-deployment","title":"1. Deployment","text":"Currently allows all vpcs to share the same provider vlan subnet resources, similar to neutron ovn mode. Compatible with previous scenarios default VPC EIP/SNAT.
During the deployment phase, you may need to specify a default public network logical switch based on actual conditions. If no vlan is in use (vlan 0 is used), the following startup parameters do not need to be configured.
# When deploying you need to refer to the above scenario and specify the following parameters as needed according to the actual situation\n# 1. kube-ovn-controller Startup parameters to be configured\uff1a\n - --external-gateway-vlanid=204\n - --external-gateway-switch=external204\n\n# 2. kube-ovn-cni Startup parameters to be configured:\n - --external-gateway-switch=external204 \n\n# The above configuration is consistent with the following public network configuration vlan id and resource name, \n# currently only support to specify one underlay public network as the default external public network.\n
The design and use of this configuration item takes into account the following factors\uff1a
- Based on this configuration item can be docked to the provider network, vlan, subnet resources.
- Based on this configuration item, the default vpc enable_eip_snat function can be docked to the existing vlan, subnet resources, while supporting the ipam
- If only the default vpc's enable_eip_snat mode is used with the old pod annotaion based eip fip snat, then the following configuration is not required.
- Based on this configuration you can not use the default vpc enable_eip_snat process, only by corresponding to vlan, subnet process, can be compatible with only custom vpc use eip snat usage scenarios.
The neutron ovn mode also has a certain static file configuration designation that is, for now, generally consistent.
"},{"location":"en/advance/ovn-eip-fip-snat/#11-create-the-underlay-public-network","title":"1.1 Create the underlay public network","text":"# provider-network\uff0c vlan\uff0c subnet\n# cat 01-provider-network.yaml\napiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: external204\nspec:\n defaultInterface: vlan\n\n# cat 02-vlan.yaml\napiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan204\nspec:\n id: 204\n provider: external204\n\n# cat 03-vlan-subnet.yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: external204\nspec:\n protocol: IPv4\n cidrBlock: 10.5.204.0/24\n gateway: 10.5.204.254\n vlan: vlan204\n excludeIps:\n - 10.5.204.1..10.5.204.100\n
"},{"location":"en/advance/ovn-eip-fip-snat/#12-default-vpc-enable-eip_snat","title":"1.2 Default vpc enable eip_snat","text":"# Enable the default vpc and the above underlay public provider subnet interconnection\ncat 00-centralized-external-gw-no-ip.yaml\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-external-gw-config\n namespace: kube-system\ndata:\n enable-external-gw: \"true\"\n external-gw-nodes: \"pc-node-1,pc-node-2,pc-node-3\" \n type: \"centralized\" \n external-gw-nic: \"vlan\"\n external-gw-addr: \"10.5.204.254/24\"\n
This feature currently supports the ability to create lrp type ovn eip resources without specifying the lrp ip and mac, which is already supported for automatic acquisition. If specified, it is equivalent to specifying the ip to create an ovn-eip of type lrp. Of course, you can also manually create the lrp type ovn eip in advance.
"},{"location":"en/advance/ovn-eip-fip-snat/#13-custom-vpc-enable-eip-snat-fip-function","title":"1.3 Custom vpc enable eip snat fip function","text":"# cat 00-ns.yml\napiVersion: v1\nkind: Namespace\nmetadata:\n name: vpc1\n\n# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc1\nspec:\n namespaces:\n - vpc1\n enableExternal: true\n# vpc enableExternal will automatically create an lrp association to the public network specified above\n\n# cat 02-subnet.yml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: vpc1-subnet1\nspec:\n cidrBlock: 192.168.0.0/24\n default: false\n disableGatewayCheck: false\n disableInterConnection: true\n enableEcmp: true\n gatewayNode: \"\"\n gatewayType: distributed\n #gatewayType: centralized\n natOutgoing: false\n private: false\n protocol: IPv4\n provider: ovn\n vpc: vpc1\n namespaces:\n - vpc1\n
After the above template is applied, you should see the following resources exist
# k ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 21d853b0-f7b4-40bd-9a53-31d2e2745739\n external ip: \"10.5.204.115\"\n logical ip: \"192.168.0.0/24\"\n type: \"snat\"\n
# k ko nbctl lr-route-list vpc1\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 10.5.204.254 dst-ip\n# The route currently supports automatic maintenance\n
"},{"location":"en/advance/ovn-eip-fip-snat/#2-ovn-eip","title":"2. ovn-eip","text":"This function is designed and used in the same way as iptables-eip, ovn-eip currently has three types
- nat: indicates ovn dnat, fip, and snat. These nat types are recorded in status
- lrp: indicates the resource used to connect a vpc to the public network
- lsp: In the ovn BFD-based ecmp static route scenario, an ovs internal port is provided on the gateway node as the next hop of the ecmp route
---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: external204\n type: nat\n\n# Dynamically allocate an eip resource that is reserved for fip dnat_and_snat scenarios\n
"},{"location":"en/advance/ovn-eip-fip-snat/#21-create-an-fip-for-pod","title":"2.1 Create an fip for pod","text":"# k get po -o wide -n vpc1 vpc-1-busybox01\nNAME READY STATUS RESTARTS AGE IP NODE\nvpc-1-busybox01 1/1 Running 0 3d15h 192.168.0.2 pc-node-2\n\n# k get ip vpc-1-busybox01.vpc1\nNAME V4IP V6IP MAC NODE SUBNET\nvpc-1-busybox01.vpc1 192.168.0.2 00:00:00:0A:DD:27 pc-node-2 vpc1-subnet1\n\n---\n\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnFip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n ovnEip: eip-static\n ipName: vpc-1-busybox01.vpc1 # the name of the ip crd, which is unique\n
# k get ofip\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-for-vip vpc1 10.5.204.106 192.168.0.3 true vip test-fip-vip\neip-static vpc1 10.5.204.101 192.168.0.2 true vpc-1-busybox01.vpc1\n# k get ofip eip-static\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-static vpc1 10.5.204.101 192.168.0.2 true vpc-1-busybox01.vpc1\n\n[root@pc-node-1 03-cust-vpc]# ping 10.5.204.101\nPING 10.5.204.101 (10.5.204.101) 56(84) bytes of data.\n64 bytes from 10.5.204.101: icmp_seq=2 ttl=62 time=1.21 ms\n64 bytes from 10.5.204.101: icmp_seq=3 ttl=62 time=0.624 ms\n64 bytes from 10.5.204.101: icmp_seq=4 ttl=62 time=0.368 ms\n^C\n--- 10.5.204.101 ping statistics ---\n4 packets transmitted, 3 received, 25% packet loss, time 3049ms\nrtt min/avg/max/mdev = 0.368/0.734/1.210/0.352 ms\n[root@pc-node-1 03-cust-vpc]#\n\n# pod <--> node ping is working\n
# The key resources that this public ip can pass include the following ovn nb resources\n\n# k ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 813523e7-c68c-408f-bd8c-cba30cb2e4f4\n external ip: \"10.5.204.101\"\n logical ip: \"192.168.0.2\"\n type: \"dnat_and_snat\"\n
"},{"location":"en/advance/ovn-eip-fip-snat/#22-create-an-fip-for-vip","title":"2.2 Create an fip for vip","text":"In order to facilitate the use of some vip scenarios, such as inside kubevirt VM, keepalived use vip, kube-vip use vip, etc. the vip need public network access.
# First create vip, eip, then bind eip to vip\n# cat vip.yaml\napiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: test-fip-vip\nspec:\n subnet: vpc1-subnet1\n\n# cat 04-fip.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-for-vip\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnFip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-for-vip\nspec:\n ovnEip: eip-for-vip\n ipType: vip # By default fip is for pod ip, here you need to specify the docking to vip resources\n ipName: test-fip-vip\n
# k get ofip\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-for-vip vpc1 10.5.204.106 192.168.0.3 true vip test-fip-vip\n\n\n[root@pc-node-1 fip-vip]# ping 10.5.204.106\nPING 10.5.204.106 (10.5.204.106) 56(84) bytes of data.\n64 bytes from 10.5.204.106: icmp_seq=1 ttl=62 time=0.694 ms\n64 bytes from 10.5.204.106: icmp_seq=2 ttl=62 time=0.436 ms\n\n# node <--> pod fip is working\n\n# The way ip is used inside the pod is roughly as follows\n\n[root@pc-node-1 fip-vip]# k -n vpc1 exec -it vpc-1-busybox03 -- bash\n[root@vpc-1-busybox03 /]#\n[root@vpc-1-busybox03 /]#\n[root@vpc-1-busybox03 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1568: eth0@if1569: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:56:40:e5 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.5/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet 192.168.0.3/24 scope global secondary eth0 # vip here\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe56:40e5/64 scope link\n valid_lft forever preferred_lft forever\n\n[root@vpc-1-busybox03 /]# tcpdump -i eth0 host 192.168.0.3 -netvv\ntcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes\n00:00:00:ed:8e:c7 > 00:00:00:56:40:e5, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 44830, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.32.51 > 192.168.0.3: ICMP echo request, id 177, seq 1, length 64\n00:00:00:56:40:e5 > 00:00:00:ed:8e:c7, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 43962, offset 0, flags [none], proto ICMP (1), length 84)\n 192.168.0.3 > 10.5.32.51: ICMP echo reply, id 177, seq 1, length 64\n\n# pod internal can catch fip related icmp packets\n
"},{"location":"en/advance/ovn-eip-fip-snat/#31-ovn-snat-corresponds-to-the-cidr-of-a-subnet","title":"3.1 ovn-snat corresponds to the CIDR of a subnet","text":"This feature is designed and used in much the same way as iptables-snat
# cat 03-subnet-snat.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-subnet-in-vpc\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-subnet-in-vpc\nspec:\n ovnEip: snat-for-subnet-in-vpc\n vpcSubnet: vpc1-subnet1 # eip corresponds to the entire network segment\n
"},{"location":"en/advance/ovn-eip-fip-snat/#32-ovn-snat-corresponds-to-a-pod-ip","title":"3.2 ovn-snat corresponds to a pod IP","text":"This feature is designed and used in much the same way as iptables-snat
# cat 03-pod-snat.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-pod-vpc-ip\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat01\nspec:\n ovnEip: snat-for-pod-vpc-ip\n ipName: vpc-1-busybox02.vpc1 # eip corresponds to a single pod ip\n
After the above resources are created, you can see the following resources that the snat public network feature depends on.
# kubectl ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 21d853b0-f7b4-40bd-9a53-31d2e2745739\n external ip: \"10.5.204.115\"\n logical ip: \"192.168.0.0/24\"\n type: \"snat\"\n nat da77a11f-c523-439c-b1d1-72c664196a0f\n external ip: \"10.5.204.116\"\n logical ip: \"192.168.0.4\"\n type: \"snat\"\n
[root@pc-node-1 03-cust-vpc]# k get po -A -o wide | grep busy\nvpc1 vpc-1-busybox01 1/1 Running 0 3d15h 192.168.0.2 pc-node-2 <none> <none>\nvpc1 vpc-1-busybox02 1/1 Running 0 17h 192.168.0.4 pc-node-1 <none> <none>\nvpc1 vpc-1-busybox03 1/1 Running 0 17h 192.168.0.5 pc-node-1 <none> <none>\nvpc1 vpc-1-busybox04 1/1 Running 0 17h 192.168.0.6 pc-node-3 <none> <none>\nvpc1 vpc-1-busybox05 1/1 Running 0 17h 192.168.0.7 pc-node-1 <none> <none>\n\n# k exec -it -n vpc1 vpc-1-busybox04 bash\nkubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.\n[root@vpc-1-busybox04 /]#\n[root@vpc-1-busybox04 /]#\n[root@vpc-1-busybox04 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n17095: eth0@if17096: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:76:94:55 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.6/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe76:9455/64 scope link\n valid_lft forever preferred_lft forever\n[root@vpc-1-busybox04 /]# ping 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=1 ttl=114 time=22.2 ms\n64 bytes from 223.5.5.5: icmp_seq=2 ttl=114 time=21.8 ms\n\n[root@pc-node-1 03-cust-vpc]# k exec -it -n vpc1 vpc-1-busybox02 bash\nkubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1566: eth0@if1567: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:0b:e9:d0 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.4/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe0b:e9d0/64 scope link\n valid_lft forever preferred_lft forever\n[root@vpc-1-busybox02 /]# ping 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=2 ttl=114 time=22.7 ms\n64 bytes from 223.5.5.5: icmp_seq=3 ttl=114 time=22.6 ms\n64 bytes from 223.5.5.5: icmp_seq=4 ttl=114 time=22.1 ms\n^C\n--- 223.5.5.5 ping statistics ---\n4 packets transmitted, 3 received, 25% packet loss, time 3064ms\nrtt min/avg/max/mdev = 22.126/22.518/22.741/0.278 ms\n\n# the two pods can access the external network based on these two type snat resources respectively\n
"},{"location":"en/advance/ovn-eip-fip-snat/#41-ovn-dnat-binds-a-dnat-to-a-pod","title":"4.1 ovn-dnat binds a DNAT to a pod","text":"kind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: underlay\n type: nat\n---\nkind: OvnDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-dnat\nspec:\n ovnEip: eip-dnat\n ipName: vpc-1-busybox01.vpc1 # Note that this is the name of the pod IP CRD and it is unique\n protocol: tcp\n internalPort: \"22\"\n externalPort: \"22\"\n
The configuration of OvnDnatRule is similar to that of IptablesDnatRule.
# kubectl get oeip eip-dnat\nNAME V4IP V6IP MAC TYPE READY\neip-dnat 10.5.49.4 00:00:00:4D:CE:49 dnat true\n\n# kubectl get odnat\nNAME EIP PROTOCOL V4EIP V4IP INTERNALPORT EXTERNALPORT IPNAME READY\neip-dnat eip-dnat tcp 10.5.49.4 192.168.0.3 22 22 vpc-1-busybox01.vpc1 true\n
"},{"location":"en/advance/ovn-eip-fip-snat/#42-ovn-dnat-binds-a-dnat-to-a-vip","title":"4.2 ovn-dnat binds a DNAT to a VIP","text":"kind: OvnDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-dnat\nspec:\n ipType: vip # By default, Dnat is oriented towards pod IPs. Here, it is necessary to specify that it is connected to VIP resources\n ovnEip: eip-dnat\n ipName: test-dnat-vip\n protocol: tcp\n internalPort: \"22\"\n externalPort: \"22\"\n
The configuration of OvnDnatRule is similar to that of IptablesDnatRule.
# kubectl get vip test-dnat-vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\ntest-dnat-vip 192.168.0.4 00:00:00:D0:C0:B5 vpc1-subnet1 true\n\n# kubectl get oeip eip-dnat\nNAME V4IP V6IP MAC TYPE READY\neip-dnat 10.5.49.4 00:00:00:4D:CE:49 dnat true\n\n# kubectl get odnat eip-dnat \nNAME EIP PROTOCOL V4EIP V4IP INTERNALPORT EXTERNALPORT IPNAME READY\neip-dnat eip-dnat tcp 10.5.49.4 192.168.0.4 22 22 test-dnat-vip true\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/ovn-ipsec/","title":"Encrypt inter-node communication using IPsec","text":"This function is supported after v1.10.11 and v1.11.4, the kernel version is at least 3.10.0 or above, and UDP ports 500 and 4500 are available.
"},{"location":"en/advance/ovn-ipsec/#start-ipsec","title":"Start IPsec","text":"Copy the script from the Kube-OVN source code ipsec.sh, execute the command as follows, the script will call ovs-pki to generate and distribute the certificate required for encryption:
bash ipsec.sh init\n
After the execution is completed, the nodes will negotiate for a period of time to establish an IPsec tunnel. The experience value is between ten seconds and one minute.You can check the IPsec status with the following command:
# bash ipsec.sh status\n Pod {ovs-ovn-d7hdt} ipsec status...\nInterface name: ovn-a4718e-0 v1 (CONFIGURED)\n Tunnel Type: geneve\n Local IP: 172.18.0.2\n Remote IP: 172.18.0.4\n Address Family: IPv4\n SKB mark: None\n Local cert: /etc/ipsec.d/certs/8aebd9df-46ef-47b9-85e3-73e9a765296d-cert.pem\n Local name: 8aebd9df-46ef-47b9-85e3-73e9a765296d\n Local key: /etc/ipsec.d/private/8aebd9df-46ef-47b9-85e3-73e9a765296d-privkey.pem\n Remote cert: None\n Remote name: a4718e55-5b85-4f46-90e6-63527d080590\n CA cert: /etc/ipsec.d/cacerts/cacert.pem\n PSK: None\n Custom Options: {}\n Ofport: 2\n CFM state: Disabled\nKernel policies installed:\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\nKernel security associations installed:\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\nIPsec connections that are active:\n\n Pod {ovs-ovn-fvbbj} ipsec status...\nInterface name: ovn-8aebd9-0 v1 (CONFIGURED)\n Tunnel Type: geneve\n Local IP: 172.18.0.4\n Remote IP: 172.18.0.2\n Address Family: IPv4\n SKB mark: None\n Local cert: /etc/ipsec.d/certs/a4718e55-5b85-4f46-90e6-63527d080590-cert.pem\n Local name: a4718e55-5b85-4f46-90e6-63527d080590\n Local key: /etc/ipsec.d/private/a4718e55-5b85-4f46-90e6-63527d080590-privkey.pem\n Remote cert: None\n Remote name: 8aebd9df-46ef-47b9-85e3-73e9a765296d\n CA cert: /etc/ipsec.d/cacerts/cacert.pem\n PSK: None\n Custom Options: {}\n Ofport: 1\n CFM state: Disabled\nKernel policies installed:\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\nKernel security associations installed:\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\nIPsec connections that are active:\n
After the establishment is complete, you can capture packets and observe that the packets have been encrypted:
# tcpdump -i eth0 -nel esp\n10:01:40.349896 IP kube-ovn-worker > kube-ovn-control-plane.kind: ESP(spi=0xcc91322a,seq=0x13d0), length 156\n10:01:40.350015 IP kube-ovn-control-plane.kind > kube-ovn-worker: ESP(spi=0xc8df4221,seq=0x1d37), length 156\n
After executing the script, you can turn off IPsec by executing the command:
# bash ipsec.sh stop\n
Or execute the command to open it again:
# bash ipsec.sh start\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/ovn-l3-ha-based-ecmp-with-bfd/","title":"Support OVN SNAT L3 HA Based ECMP and BFD Static Route","text":"Custom vpc based on ovn snat after ecmp based static route hash to multiple gw node ovnext0 NICs out of the public network
- Supports bfd-based high availability
- Only supports hash load balancing
graph LR\n\npod-->vpc-subnet-->vpc-->snat-->ecmp-->external-subnet-->gw-node1-ovnext0--> node1-external-switch\nexternal-subnet-->gw-node2-ovnext0--> node2-external-switch\nexternal-subnet-->gw-node3-ovnext0--> node3-external-switch
This functions basically the same as ovn-eip-fip-snat.md .
As for the different parts, which will be specified in the following sections, mainly including the creation of ovn-eip of lsp type and the automatic maintenance of bfd as well as ecmp static routes based on vpc enable_bfd.
"},{"location":"en/advance/ovn-l3-ha-based-ecmp-with-bfd/#1-deployment","title":"1. Deployment","text":""},{"location":"en/advance/ovn-l3-ha-based-ecmp-with-bfd/#11-create-the-underlay-public-network","title":"1.1 Create the underlay public network","text":""},{"location":"en/advance/ovn-l3-ha-based-ecmp-with-bfd/#12-default-vpc-enable-eip_snat","title":"1.2 Default vpc enable eip_snat","text":""},{"location":"en/advance/ovn-l3-ha-based-ecmp-with-bfd/#13-custom-vpc-enable-eip-snat-fip-function","title":"1.3 Custom vpc enable eip snat fip function","text":"The above section is exactly the same with ovn-eip-fip-snat.md.
After these functions are verified, the vpc can be switched directly to the ecmp-based bfd static route based on the following way, or of course, switched directly back.
Before customizing vpc to use this feature, you need to provide some gateway nodes, at least 2. Note that the name of the current implementation of ovn-eip must be consistent with the gateway node name, no automated maintenance is currently done for this resource.
# cat gw-node-eip.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-1\nspec:\n externalSubnet: external204\n type: lsp\n\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-2\nspec:\n externalSubnet: external204\n type: lsp\n\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-3\nspec:\n externalSubnet: external204\n type: lsp\n
Since this scenario is currently designed for vpc ecmp out of the public network, the gateway node above will not trigger the creation of a gateway NIC when there is no vpc enabled bfd, i.e. when there is no ovn eip (lrp) with enable bfd labeled, and will not be able to successfully start listening to the bfd session on the other side.
"},{"location":"en/advance/ovn-l3-ha-based-ecmp-with-bfd/#2-custom-vpc-enable-ecmp-bfd-l3-ha-public-network-function","title":"2. Custom vpc enable ecmp bfd L3 HA public network function","text":"# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc1\nspec:\n namespaces:\n - vpc1\n enableExternal: true\n enableBfd: true # bfd switch can be switched at will\n #enableBfd: false \n\n\n# cat 02-subnet.yml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: vpc1-subnet1\nspec:\n cidrBlock: 192.168.0.0/24\n default: false\n disableGatewayCheck: false\n disableInterConnection: true\n enableEcmp: true # enable ecmp\n gatewayNode: \"\"\n gatewayType: distributed\n #gatewayType: centralized\n natOutgoing: false\n private: false\n protocol: IPv4\n provider: ovn\n vpc: vpc1\n namespaces:\n - vpc1\n
note:
- Customize ecmp under vpc to use only static ecmp bfd routes. vpc enableBfd and subnet enableEcmp will only take effect if they are enabled at the same time, before static ecmp bfd routes are automatically managed.
- If the above configuration is turned off, it will automatically switch back to the regular default static route.
- This feature is not available for the default vpc, only custom vpc is supported, the default vpc has more complex policy routing.
- The enableEcmp of the subnet of the custom vpc uses only static routes, the gateway type gatewayType has no effect.
- When EnableExternal is turned off in vpc, the external network cannot be passed inside vpc.
- When EnableExternal is enabled on vpc, when EnableBfd is turned off, it will be based on the normal default route to the external network and will not have high availability.
# After the above template is applied the ovn logic layer should see the following resources\n# k get vpc\nNAME ENABLEEXTERNAL ENABLEBFD STANDBY SUBNETS NAMESPACES\novn-cluster true true [\"external204\",\"join\",\"ovn-default\"]\nvpc1 true true true [\"vpc1-subnet1\"] [\"vpc1\"]\n\n# Default vpc does not support ENABLEBFD\n# Custom vpc is supported and enabled\n\n# 1. bfd table created\n# k ko nbctl list bfd\n_uuid : be7df545-2c4c-4751-878f-b3507987f050\ndetect_mult : 3\ndst_ip : \"10.5.204.121\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n_uuid : 684c4489-5b59-4693-8d8c-3beab93f8093\ndetect_mult : 3\ndst_ip : \"10.5.204.109\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n_uuid : f0f62077-2ae9-4e79-b4f8-a446ec6e784c\ndetect_mult : 3\ndst_ip : \"10.5.204.108\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n### Note that all statuses should normally be up\n\n# 2. bfd ecmp static routes table created\n# k ko nbctl lr-route-list vpc1\nIPv4 Routes\nRoute Table <main>:\n 192.168.0.0/24 10.5.204.108 src-ip ecmp ecmp-symmetric-reply bfd\n 192.168.0.0/24 10.5.204.109 src-ip ecmp ecmp-symmetric-reply bfd\n 192.168.0.0/24 10.5.204.121 src-ip ecmp ecmp-symmetric-reply bfd\n\n# 3. Static Route Details\n# k ko nbctl find Logical_Router_Static_Route policy=src-ip options=ecmp_symmetric_reply=\"true\"\n_uuid : 3aacb384-d5ee-4b14-aebf-59e8c11717ba\nbfd : 684c4489-5b59-4693-8d8c-3beab93f8093\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.109\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n\n_uuid : 18bcc585-bc05-430b-925b-ef673c8e1aef\nbfd : f0f62077-2ae9-4e79-b4f8-a446ec6e784c\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.108\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n\n_uuid : 7d0a4e6b-cde0-4110-8176-fbaf19738498\nbfd : be7df545-2c4c-4751-878f-b3507987f050\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.121\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n
# Also, the following resources should be available at all gateway nodes\n\n[root@pc-node-1 ~]# ip netns exec ovnext bash ip a\n/usr/sbin/ip: /usr/sbin/ip: cannot execute binary file\n[root@pc-node-1 ~]#\n[root@pc-node-1 ~]# ip netns exec ovnext ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1541: ovnext0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UNKNOWN group default qlen 1000\n link/ether 00:00:00:ab:bd:87 brd ff:ff:ff:ff:ff:ff\n inet 10.5.204.108/24 brd 10.5.204.255 scope global ovnext0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:feab:bd87/64 scope link\n valid_lft forever preferred_lft forever\n[root@pc-node-1 ~]#\n[root@pc-node-1 ~]# ip netns exec ovnext route -n\nKernel IP routing table\nDestination Gateway Genmask Flags Metric Ref Use Iface\n0.0.0.0 10.5.204.254 0.0.0.0 UG 0 0 0 ovnext0\n10.5.204.0 0.0.0.0 255.255.255.0 U 0 0 0 ovnext0\n\n\n[root@pc-node-1 ~]# ip netns exec ovnext bfdd-control status\nThere are 1 sessions:\nSession 1\n id=1 local=10.5.204.108 (p) remote=10.5.204.122 state=Up\n\n## This is the other end of the lrp bfd session and one of the next hops of the lrp ecmp\n\n\n[root@pc-node-1 ~]# ip netns exec ovnext ping -c1 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=1 ttl=115 time=21.6 ms\n\n# No problem to the public network\n
catch outgoing packets within the ovnext ns of a gateway node
# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n^C\n0 packets captured\n0 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-1 ~]# exit\n[root@pc-node-1 ~]# ssh pc-node-2\nLast login: Thu Feb 23 09:21:08 2023 from 10.5.32.51\n[root@pc-node-2 ~]# ip netns exec ovnext bash\n[root@pc-node-2 ~]# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n^C\n0 packets captured\n0 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-2 ~]# exit\n[root@pc-node-2 ~]# logout\nConnection to pc-node-2 closed.\n[root@pc-node-1 ~]# ssh pc-node-3\nLast login: Thu Feb 23 08:32:41 2023 from 10.5.32.51\n[root@pc-node-3 ~]# ip netns exec ovnext bash\n[root@pc-node-3 ~]# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n00:00:00:2d:f8:ce > 00:00:00:fd:b2:a4, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 57978, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.204.102 > 223.5.5.5: ICMP echo request, id 22, seq 71, length 64\n00:00:00:fd:b2:a4 > dc:ef:80:5a:44:1a, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 57978, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.204.102 > 223.5.5.5: ICMP echo request, id 22, seq 71, length 64\n^C\n2 packets captured\n2 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-3 ~]#\n
"},{"location":"en/advance/ovn-l3-ha-based-ecmp-with-bfd/#3-turn-off-bfd-mode","title":"3. Turn off bfd mode","text":"In some scenarios, you may want to use a (centralized) single gateway directly out of the public network, which is the same as the default vpc enable_eip_snat usage pattern
# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc2\nspec:\n namespaces:\n - vpc2\n enableExternal: true\n #enableBfd: true\n enableBfd: false\n\n## set it false add apply\n\n# k ko nbctl lr-route-list vpc2\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 10.5.204.254 dst-ip\n\n# After application the route will switch back to the normal default static route\n# nbctl list bfd, the bfd session associated with lrp has been removed\n# And the opposite side of the bfd session in ovnext ns is automatically removed\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/ovn-remote-port-mirroring/","title":"OVN Remote Port Mirroring","text":"This feature provides ability to mirror the traffic of the specified Pod and direction, and to send the mirrored traffic to a remote destination.
This feature requires Kube-OVN version not lower than v1.12.
"},{"location":"en/advance/ovn-remote-port-mirroring/#install-multus-cni","title":"Install Multus-CNI","text":"Install Multus-CNI by referring the Multus-CNI Document.
"},{"location":"en/advance/ovn-remote-port-mirroring/#create-networkattachmentdefinition","title":"Create NetworkAttachmentDefinition","text":"Create the following NetworkAttachmentDefinition:
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: attachnet\n namespace: default\nspec:\n config: |\n {\n \"cniVersion\": \"0.3.1\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"attachnet.default.ovn\"\n }\n
Format of the provider field is <NAME>.<NAMESPACE>.ovn.
"},{"location":"en/advance/ovn-remote-port-mirroring/#create-underlay-network","title":"Create Underlay Network","text":"The mirrored traffic is encapsulated before transmition, so MTU of the network used to transmit the traffic should be greater than the mirrored LSP/Pod. Here we are using an underlay network.
Create the following underlay network:
apiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: net1\nspec:\n defaultInterface: eth1\n---\napiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan1\nspec:\n id: 0\n provider: net1\n---\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.19.0.0/16\n excludeIps:\n - 172.19.0.2..172.19.0.20\n gateway: 172.19.0.1\n vlan: vlan1\n provider: attachnet.default.ovn\n
The subnet's provider MUST be the same as the provider of the NetworkAttachmentDefinition created above.
"},{"location":"en/advance/ovn-remote-port-mirroring/#create-receiving-pod","title":"Create Receiving Pod","text":"Create the following Pod\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: pod1\n annotations:\n k8s.v1.cni.cncf.io/networks: default/attachnet\nspec:\n containers:\n - name: bash\n image: docker.io/kubeovn/kube-ovn:v1.12.12\n args:\n - bash\n - -c\n - sleep infinity\n securityContext:\n privileged: true\n
After the Pod has been created, checkout the IP addresses:
$ kubectl get ips | grep pod1\npod1.default 10.16.0.12 00:00:00:FF:34:24 kube-ovn-worker ovn-default\npod1.default.attachnet.default.ovn 172.19.0.21 00:00:00:A0:30:68 kube-ovn-worker subnet1\n
The IP address 172.19.0.21 will be used later.
"},{"location":"en/advance/ovn-remote-port-mirroring/#create-ovn-remote-port-mirroring","title":"Create OVN Remote Port Mirroring","text":"Create the following OVN remote port mirroring\uff1a
kubectl ko nbctl mirror-add mirror1 gre 99 from-lport 172.19.0.21\nkubectl ko nbctl lsp-attach-mirror coredns-787d4945fb-gpnkb.kube-system mirror1\n
coredns-787d4945fb-gpnkb.kube-system is the OVN LSP name with a format <POD_NAME>.<POD_NAMESPACE>.
Here is the OVN command usage:
ovn-nbctl mirror-add <NAME> <TYPE> <INDEX> <FILTER> <IP>\n\nNAME - add a mirror with given name\nTYPE - specify TYPE 'gre' or 'erspan'\nINDEX - specify the tunnel INDEX value\n (indicates key if GRE, erpsan_idx if ERSPAN)\nFILTER - specify FILTER for mirroring selection\n ('to-lport' / 'from-lport')\nIP - specify Sink / Destination i.e. Remote IP\n\novn-nbctl mirror-del [NAME] remove mirrors\novn-nbctl mirror-list print mirrors\n\novn-nbctl lsp-attach-mirror PORT MIRROR attach source PORT to MIRROR\novn-nbctl lsp-detach-mirror PORT MIRROR detach source PORT from MIRROR\n
"},{"location":"en/advance/ovn-remote-port-mirroring/#configure-receiving-pod","title":"Configure Receiving Pod","text":"Execute the following commands in the Pod:
root@pod1:/kube-ovn# ip link add mirror1 type gretap local 172.19.0.21 key 99 dev net1\nroot@pod1:/kube-ovn# ip link set mirror1 up\n
Now you can capture the mirrored packets:
root@pod1:/kube-ovn# tcpdump -i mirror1 -nnve\ntcpdump: listening on mirror1, link-type EN10MB (Ethernet), snapshot length 262144 bytes\n05:13:30.328808 00:00:00:a3:f5:e2 > 00:00:00:97:0f:6e, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.16.0.7 tell 10.16.0.4, length 28\n05:13:30.559167 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 212: (tos 0x0, ttl 64, id 57364, offset 0, flags [DF], proto UDP (17), length 198)\n 10.16.0.4.53 > 10.16.0.6.50472: 34511 NXDomain*- 0/1/1 (170)\n05:13:30.559343 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 212: (tos 0x0, ttl 64, id 57365, offset 0, flags [DF], proto UDP (17), length 198)\n 10.16.0.4.53 > 10.16.0.6.45177: 1659 NXDomain*- 0/1/1 (170)\n05:13:30.560625 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 200: (tos 0x0, ttl 64, id 57367, offset 0, flags [DF], proto UDP (17), length 186)\n 10.16.0.4.53 > 10.16.0.6.43848: 2636*- 0/1/1 (158)\n05:13:30.562774 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 191: (tos 0x0, ttl 64, id 57368, offset 0, flags [DF], proto UDP (17), length 177)\n 10.16.0.4.53 > 10.16.0.6.37755: 48737 NXDomain*- 0/1/1 (149)\n05:13:30.563523 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 187: (tos 0x0, ttl 64, id 57369, offset 0, flags [DF], proto UDP (17), length 173)\n 10.16.0.4.53 > 10.16.0.6.53887: 45519 NXDomain*- 0/1/1 (145)\n05:13:30.564940 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 201: (tos 0x0, ttl 64, id 57370, offset 0, flags [DF], proto UDP (17), length 187)\n 10.16.0.4.53 > 10.16.0.6.40846: 25745 NXDomain*- 0/1/1 (159)\n05:13:30.565140 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 201: (tos 0x0, ttl 64, id 57371, offset 0, flags [DF], proto UDP (17), length 187)\n 10.16.0.4.53 > 10.16.0.6.45214: 61875 NXDomain*- 0/1/1 (159)\n05:13:30.566023 00:00:00:a3:f5:e2 > 00:00:00:55:e4:4e, ethertype IPv4 (0x0800), length 80: (tos 0x0, ttl 64, id 45937, offset 0, flags [DF], proto UDP (17), length 66)\n 10.16.0.4.44116 > 172.18.0.1.53: 16025+ [1au] AAAA? alauda.cn. (38)\n
"},{"location":"en/advance/ovn-remote-port-mirroring/#notice","title":"Notice","text":" - If you are using ERSPAN as the encapsulation protocol, the Linux kernel version of the OVN nodes and remote devices must not be lower than 4.14. If you are using ERSPAN as the encapsulation protocol and using IPv6 as the transport network, the Linux kernel version must not be lower than 4.16.
- The transmission of mirrored traffic is unidirectional, so you only need to ensure that the OVN node can access the remote device.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/performance-tuning/","title":"Performance Tuning","text":"To keep the installation simple and feature-complete, the default installation script for Kube-OVN does not have performance-specific optimizations. If the applications are sensitive to latency and throughput, administrators can use this document to make specific performance optimizations.
The community will continue to iterate on the performance. Some general performance optimizations have been integrated into the latest version, so it is recommended to use the latest version to get better default performance.
For more on the process and methodology of performance optimization, please watch the video Kube-OVN \u200b\u5bb9\u5668\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u4e4b\u65c5\u200b\u3002
"},{"location":"en/advance/performance-tuning/#benchmarking","title":"Benchmarking","text":"Because the hardware and software environments vary greatly, the performance test data provided here can only be used as a reference, and the actual test results may differ significantly from the results in this document. It is recommended to compare the performance test results before and after optimization, and the performance comparison between the host network and the container network.
"},{"location":"en/advance/performance-tuning/#overlay-performance-comparison-before-and-after-optimization","title":"Overlay Performance Comparison before and after Optimization","text":"Environment:
- Kubernetes: 1.22.0
- OS: CentOS 7
- Kube-OVN: 1.8.0 Overlay Mode
- CPU: Intel(R) Xeon(R) E-2278G
- Network: 2*10Gbps, xmit_hash_policy=layer3+4
We use qperf -t 60 <server ip> -ub -oo msg_size:1 -vu tcp_lat tcp_bw udp_lat udp_bw to test bandwidth and latency of tcp/udp in 1-byte packets and the host network, respectively.
Type tcp_lat (us) udp_lat (us) tcp_bw (Mb/s) udp_bw(Mb/s) Kube-OVN Default 25.7 22.9 27.1 1.59 Kube-OVN Optimized 13.9 12.9 27.6 5.57 HOST Network 13.1 12.4 28.2 6.02"},{"location":"en/advance/performance-tuning/#overlay-underlay-and-calico-comparison","title":"Overlay\uff0c Underlay and Calico Comparison","text":"Next, we compare the overlay and underlay performance of the optimized Kube-OVN at different packet sizes with Calico's IPIP Always, IPIP never and the host network.
Environment:
- Kubernetes: 1.22.0
- OS: CentOS 7
- Kube-OVN: 1.8.0
- CPU: AMD EPYC 7402P 24-Core Processor
- Network: Intel Corporation Ethernet Controller XXV710 for 25GbE SFP28
qperf -t 60 <server ip> -ub -oo msg_size:1 -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Mb/s) udp_bw(Mb/s) Kube-OVN Overlay 15.2 14.6 23.6 2.65 Kube-OVN Underlay 14.3 13.8 24.2 3.46 Calico IPIP 21.4 20.2 23.6 1.18 Calico NoEncap 19.3 16.9 23.6 1.76 HOST Network 16.6 15.4 24.8 2.64 qperf -t 60 <server ip> -ub -oo msg_size:1K -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Gb/s) udp_bw(Gb/s) Kube-OVN Overlay 16.5 15.8 10.2 2.77 Kube-OVN Underlay 15.9 14.5 9.6 3.22 Calico IPIP 22.5 21.5 1.45 1.14 Calico NoEncap 19.4 18.3 3.76 1.63 HOST Network 18.1 16.6 9.32 2.66 qperf -t 60 <server ip> -ub -oo msg_size:4K -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Gb/s) udp_bw(Gb/s) Kube-OVN Overlay 34.7 41.6 16.0 9.23 Kube-OVN Underlay 32.6 44 15.1 6.71 Calico IPIP 44.8 52.9 2.94 3.26 Calico NoEncap 40 49.6 6.56 4.19 HOST Network 35.9 45.9 14.6 5.59 In some cases the container network outperforms the host network, this is because the container network path is optimized to completely bypass netfilter. Due to the existence of kube-proxy, all packets in host network have to go through netfilter, which will lead to more CPU consumption, so that container network in some environments has better performance.
"},{"location":"en/advance/performance-tuning/#dataplane-performance-optimization-methods","title":"Dataplane performance optimization methods","text":"The optimization methods described here are related to the hardware and software environment and the desired functionality, so please carefully understand the prerequisites for optimization before attempting it.
"},{"location":"en/advance/performance-tuning/#cpu-performance-mode-tuning","title":"CPU Performance Mode Tuning","text":"In some environments the CPU is running in power saving mode, performance in this mode will be unstable and latency will increase significantly, it is recommended to use the CPU's performance mode for more stable performance.
cpupower frequency-set -g performance\n
"},{"location":"en/advance/performance-tuning/#nic-hardware-queue-adjustment","title":"NIC Hardware Queue Adjustment","text":"In the case of increased traffic, a small buffer queue may lead to significant performance degradation due to a high packet loss rate and needs to be tuned.
Check the current NIC queue length:
# ethtool -g eno1\n Ring parameters for eno1:\n Pre-set maximums:\n RX: 4096\n RX Mini: 0\n RX Jumbo: 0\n TX: 4096\n Current hardware settings:\n RX: 255\n RX Mini: 0\n RX Jumbo: 0\n TX: 255\n
Increase the queue length to the maximum:
ethtool -G eno1 rx 4096\nethtool -G eno1 tx 4096\n
"},{"location":"en/advance/performance-tuning/#optimize-with-tuned","title":"Optimize with tuned","text":"tuned can use a series of preconfigured profile files to perform system optimizations for a specific scenario.
For latency-first scenarios:
tuned-adm profile network-latency\n
For throughput-first scenarios:
tuned-adm profile network-throughput\n
"},{"location":"en/advance/performance-tuning/#interrupt-binding","title":"Interrupt Binding","text":"We recommend disabling irqbalance and binding NIC interrupts to specific CPUs to avoid performance fluctuations caused by switching between multiple CPUs.
"},{"location":"en/advance/performance-tuning/#disable-ovn-lb","title":"Disable OVN LB","text":"The L2 LB implementation of OVN requires calling the kernel's conntrack module and recirculate, resulting in a significant CPU overhead, which is tested to be around 20%. For Overlay networks you can use kube-proxy to complete the service forwarding function for better Pod-to-Pod performance. This can be turned off in kube-ovn-controller args:
command:\n- /kube-ovn/start-controller.sh\nargs:\n...\n- --enable-lb=false\n...\n
In Underlay mode kube-proxy cannot use iptables or ipvs to control container network traffic, if you want to disable the LB function, you need to confirm whether you do not need the Service function.
"},{"location":"en/advance/performance-tuning/#fastpath-kernel-module","title":"FastPath Kernel Module","text":"Since the container network and the host network are on different network ns, the packets will pass through the netfilter module several times when they are transmitted across the host, which results in a CPU overhead of nearly 20%. The FastPath module can reduce CPU overhead by bypassing netfilter, since in most cases applications within a container network do not need to use the functionality of the netfilter module.
If you need to use the functions provided by netfilter such as iptables, ipvs, nftables, etc. in the container network, this module will disable the related functions.
Since kernel modules are kernel version dependent, it is not possible to provide a single kernel module artifact that adapts to all kernels. We pre-compiled the FastPath module for part of the kernels, which can be accessed by tunning-package.
You can also compile it manually, see Compiling FastPath Module
After obtaining the kernel module, you can load the FastPath module on each node using insmod kube_ovn_fastpath.ko and verify that the module was loaded successfully using dmesg:
# dmesg\n...\n[619631.323788] init_module,kube_ovn_fastpath_local_out\n[619631.323798] init_module,kube_ovn_fastpath_post_routing\n[619631.323800] init_module,kube_ovn_fastpath_pre_routing\n[619631.323801] init_module,kube_ovn_fastpath_local_in\n...\n
"},{"location":"en/advance/performance-tuning/#ovs-kernel-module-optimization","title":"OVS Kernel Module Optimization","text":"OVS flow processing including hashing, matching, etc. consumes about 10% of the CPU resources. Some instruction sets on modern x86 CPUs such as popcnt and sse4.2 can speed up the computation process, but the kernel is not compiled with these options enabled. It has been tested that the CPU consumption of flow-related operations is reduced to about 5% when the corresponding instruction set optimizations are enabled.
Similar to the compilation of the FastPath module, it is not possible to provide a single kernel module artifact for all kernels. Users need to compile manually or go to tunning-package to see if a compiled package is available for download.
Before using this kernel module, please check if the CPU supports the following instruction set:
cat /proc/cpuinfo | grep popcnt\ncat /proc/cpuinfo | grep sse4_2\n
"},{"location":"en/advance/performance-tuning/#compile-and-install-in-centos","title":"Compile and Install in CentOS","text":"Install the relevant compilation dependencies and kernel headers:
yum install -y gcc kernel-devel-$(uname -r) python3 autoconf automake libtool rpm-build openssl-devel\n
Compile the OVS kernel module and generate the corresponding RPM:
git clone -b branch-2.17 --depth=1 https://github.com/openvswitch/ovs.git\ncd ovs\ncurl -s https://github.com/kubeovn/ovs/commit/2d2c83c26d4217446918f39d5cd5838e9ac27b32.patch | git apply\n./boot.sh\n./configure --with-linux=/lib/modules/$(uname -r)/build CFLAGS=\"-g -O2 -mpopcnt -msse4.2\"\nmake rpm-fedora-kmod\ncd rpm/rpmbuild/RPMS/x86_64/\n
Copy the RPM to each node and install:
rpm -i openvswitch-kmod-2.15.2-1.el7.x86_64.rpm\n
If you have previously started Kube-OVN and the older version of the OVS module has been loaded into the kernel. It is recommended to reboot the machine to reload the new version of the kernel module.
"},{"location":"en/advance/performance-tuning/#compile-and-install-in-ubuntu","title":"Compile and Install in Ubuntu","text":"Install the relevant compilation dependencies and kernel headers:
apt install -y autoconf automake libtool gcc build-essential libssl-dev\n
Compile the OVS kernel module and install:
apt install -y autoconf automake libtool gcc build-essential libssl-dev\n\ngit clone -b branch-2.17 --depth=1 https://github.com/openvswitch/ovs.git\ncd ovs\ncurl -s https://github.com/kubeovn/ovs/commit/2d2c83c26d4217446918f39d5cd5838e9ac27b32.patch | git apply\n./boot.sh\n./configure --prefix=/usr/ --localstatedir=/var --enable-ssl --with-linux=/lib/modules/$(uname -r)/build\nmake -j `nproc`\nmake install\nmake modules_install\n\ncat > /etc/depmod.d/openvswitch.conf << EOF\noverride openvswitch * extra\noverride vport-* * extra\nEOF\n\ndepmod -a\ncp debian/openvswitch-switch.init /etc/init.d/openvswitch-switch\n/etc/init.d/openvswitch-switch force-reload-kmod\n
If you have previously started Kube-OVN and the older version of the OVS module has been loaded into the kernel. It is recommended to reboot the machine to reload the new version of the kernel module.
"},{"location":"en/advance/performance-tuning/#using-stt-type-tunnel","title":"Using STT Type Tunnel","text":"Common tunnel encapsulation protocols such as Geneve and Vxlan use the UDP protocol to encapsulate packets and are well supported in the kernel. However, when TCP packets are encapsulated using UDP, the optimization and offload features of modern operating systems and network cards for the TCP protocol do not work well, resulting in a significant drop in TCP throughput. In some virtualization scenarios, due to CPU limitations, TCP packet throughput may even be a tenth of that of the host network.
STT provides an innovative tunneling protocol that uses TCP formatted header for encapsulation. This encapsulation only emulates the TCP protocol header format without actually establishing a TCP connection, but can take full advantage of the TCP optimization capabilities of modern operating systems and network cards. In our tests TCP packet throughput can be improved several times, reaching performance levels close to those of the host network.
The STT tunnel is not pre-installed in the kernel and needs to be installed by compiling the OVS kernel module, which can be found in the previous section.
Enable STT tunnel:
kubectl set env daemonset/ovs-ovn -n kube-system TUNNEL_TYPE=stt\n\nkubectl delete pod -n kube-system -lapp=ovs\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/security-group/","title":"SecurityGroup Usage","text":"Kube-OVN has supported the configuration of security-groups, and the CRD used to configure security-groups is SecurityGroup.
"},{"location":"en/advance/security-group/#securitygroup-example","title":"SecurityGroup Example","text":"apiVersion: kubeovn.io/v1\nkind: SecurityGroup\nmetadata:\n name: sg-example\nspec:\n allowSameGroupTraffic: true\n egressRules:\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: all\n remoteAddress: 10.16.0.13 # 10.16.0.0/16 Configure network segment\n remoteType: address\n ingressRules:\n - ipVersion: ipv4\n policy: deny\n priority: 1\n protocol: icmp\n remoteAddress: 10.16.0.14\n remoteType: address\n
The specific meaning of each field of the SecurityGroup can be found in the Kube-OVN API Reference.
Pods bind security-groups by adding annotations, two annotations are used.
- port_security: source address verification. If this function is enabled, only packets with ip addresses assigned by kube-ovn ipam can be exported from the pod network adapter. After this function is disabled, any ip address can be exported
- security_groups: indicates a security group that contains a series of ACL rules
These two annotations are responsible for functions that are independent of each other.
ovn.kubernetes.io/port_security: \"true\"\n ovn.kubernetes.io/security_groups: sg-example\n
"},{"location":"en/advance/security-group/#caution","title":"Caution","text":" -
Security-groups are finally restricted by setting ACL rules, and as mentioned in the OVN documentation, if two ACL rules match with the same priority, it is uncertain which ACL will actually work. Therefore, when setting up security-group rules, you need to be careful to differentiate the priority.
-
When adding a security-group, it is important to know what restrictions are being added. As a CNI, Kube-OVN will perform a Pod-to-Gateway connectivity test after creating a Pod.
"},{"location":"en/advance/security-group/#actual-test","title":"Actual test","text":"Create a Pod using the following yaml, and specify the security-group in the annotation for the pod.
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n app: static\n annotations:\n ovn.kubernetes.io/port_security: 'true'\n ovn.kubernetes.io/security_groups: 'sg-example'\n name: sg-test-pod\n namespace: default\nspec:\n nodeName: kube-ovn-worker\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
The actual test results show as follows:
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nsg-test-pod 0/1 ContainerCreating 0 5h32m <none> kube-ovn-worker <none> <none>\ntest-99fff7f86-52h9r 1/1 Running 0 5h41m 10.16.0.14 kube-ovn-control-plane <none> <none>\ntest-99fff7f86-qcgjw 1/1 Running 0 5h43m 10.16.0.13 kube-ovn-worker <none> <none>\n
Execute kubectl describe pod to see information about the pod, and you can see the error message:
# kubectl describe pod sg-test-pod\nName: sg-test-pod\nNamespace: default\nPriority: 0\nNode: kube-ovn-worker/172.18.0.2\nStart Time: Tue, 28 Feb 2023 10:29:36 +0800\nLabels: app=static\nAnnotations: ovn.kubernetes.io/allocated: true\n ovn.kubernetes.io/cidr: 10.16.0.0/16\n ovn.kubernetes.io/gateway: 10.16.0.1\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/logical_router: ovn-cluster\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:FA:17:97\n ovn.kubernetes.io/pod_nic_type: veth-pair\n ovn.kubernetes.io/port_security: true\n ovn.kubernetes.io/routed: true\n ovn.kubernetes.io/security_groups: sg-allow-reject\nStatus: Pending\nIP:\nIPs: <none>\n-\n- -\n- -\nEvents:\n Type Reason Age From Message\n ---- ------ ---- ---- -------\n Warning FailedCreatePodSandBox 5m3s (x70 over 4h59m) kubelet (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox \"40636e0c7f1ade5500fa958486163d74f2e2300051a71522a9afd7ba0538afb6\": plugin type=\"kube-ovn\" failed ( add): RPC failed; request ip return 500 configure nic failed 10.16.0.15 network not ready after 200 ping 10.16.0.1\n
Modify the rules for the security group to add access rules to the gateway, refer to the following:
apiVersion: kubeovn.io/v1\nkind: SecurityGroup\nmetadata:\n name: sg-gw-both\nspec:\n allowSameGroupTraffic: true\n egressRules:\n - ipVersion: ipv4\n policy: allow\n priority: 2\n protocol: all\n remoteAddress: 10.16.0.13\n remoteType: address\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: all\n remoteAddress: 10.16.0.1\n remoteType: address\n ingressRules:\n - ipVersion: ipv4\n policy: deny\n priority: 2\n protocol: icmp\n remoteAddress: 10.16.0.14\n remoteType: address\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: icmp\n remoteAddress: 10.16.0.1\n remoteType: address\n
In the inbound and outbound rules respectively, add a rule to allow access to the gateway, and set the rule to have the highest priority.
Deploying with the following yaml to bind security group, confirm that the Pod is operational:
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n app: static\n annotations:\n ovn.kubernetes.io/port_security: 'true'\n ovn.kubernetes.io/security_groups: 'sg-gw-both'\n name: sg-gw-both\n namespace: default\nspec:\n nodeName: kube-ovn-worker\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
To view Pod information after deployment:
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nsg-test-pod 0/1 ContainerCreating 0 5h41m <none> kube-ovn-worker <none> <none>\nsg-gw-both 1/1 Running 0 5h37m 10.16.0.19 kube-ovn-worker <none> <none>\n
So for the use of security groups, be particularly clear about the effect of the added restriction rules. If it is simply to restrict traffic access, consider using a network policy instead.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/vip/","title":"VIP Reservation","text":"In some scenarios we want to dynamically reserve part of the IP but not assign it to Pods but to other infrastructure e.g:
- Kubernetes nested Kubernetes scenarios where the upper Kubernetes uses the Underlay network take up the available addresses of the underlying Subnet.
- LB or other network infrastructure requires the use of an IP within a Subnet.
"},{"location":"en/advance/vip/#create-random-address-vip","title":"Create Random Address VIP","text":"If you just want to set aside a number of IPs and have no requirement for the IP addresses themselves, you can use the following yaml to create them:
apiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: vip-dynamic-01\nspec:\n subnet: ovn-default\n type: \"\"\n
subnet: reserve the IP from this Subnet.type: Currently, two types are supported. If the value is empty, it indicates that it is only used for occupying ip addresses of ipam. switch_lb_vip The front-end vip address and back-end ip address of the switch lb must be on the same subnet.
Query the VIP after creation.
# kubectl get vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\nvip-dynamic-01 10.16.0.12 00:00:00:F0:DB:25 ovn-default true\n
It can be seen that the VIP is assigned the IP address 10.16.0.12, which can later be used by other network infrastructures.
"},{"location":"en/advance/vip/#create-a-fixed-address-vip","title":"Create a fixed address VIP","text":"The IP address of the reserved VIP can be fixed using the following yaml:
apiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: static-vip01\nspec:\n subnet: ovn-default \n V4ip: \"10.16.0.121\"\n
subnet: reserve the IP from this Subnet.V4ip: A fixed-assigned IP address that should within the CIDR range of subnet.
Query the VIP after creation:
# kubectl get vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\nstatic-vip01 10.16.0.121 00:00:00:F0:DB:26 ovn-default true\n
It can be seen that the VIP has been assigned the expected IP address.
"},{"location":"en/advance/vip/#statefulset-kubevirt-vm-keep-vip","title":"StatefulSet & Kubevirt VM keep VIP","text":"Specify for StatefulSet and VM resources, these Pods their owned will reuse the VIP when these Pods recreating.
VM keep VIP must be enable the keep-vm-ip param in kube-ovn-controller. Refer Kubevirt VM Fixed Address Settings
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/vpc-dns/","title":"Custom VPC DNS","text":"Due to the isolation of the user-defined VPC and the default VPC network, the coredns deployed in the default VPC cannot be accessed from within the custom VPC. If you wish to use the intra-cluster domain name resolution capability provided by Kubernetes within your custom VPC, you can refer to this document and utilize the vpc-dns CRD to do so.
This CRD eventually deploys a coredns that has two NICs, one in the user-defined VPC and the other in the default VPC to enable network interoperability and provide an internal load balancing within the custom VPC through the custom VPC internal load balancing.
"},{"location":"en/advance/vpc-dns/#deployment-of-vpc-dns-dependent-resources","title":"Deployment of vpc-dns dependent resources","text":"apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:vpc-dns\nrules:\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - namespaces\n verbs:\n - list\n - watch\n - apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n annotations:\n rbac.authorization.kubernetes.io/autoupdate: \"true\"\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: vpc-dns\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:vpc-dns\nsubjects:\n- kind: ServiceAccount\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-corefile\n namespace: kube-system\ndata:\n Corefile: |\n .:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n forward . /etc/resolv.conf {\n prefer_udp\n }\n cache 30\n loop\n reload\n loadbalance\n }\n
In addition to the above resources, the feature relies on the nat-gw-pod image for routing configuration.
"},{"location":"en/advance/vpc-dns/#configuring-additional-network","title":"Configuring Additional Network","text":"apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-nad\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-nad.default.ovn\"\n }'\n
"},{"location":"en/advance/vpc-dns/#configuring-configmap-for-vpc-dns","title":"Configuring Configmap for vpc-dns","text":"Create a configmap under the kube-system namespace to configure the vpc-dns usage parameters that will be used later to start the vpc-dns function:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-config\n namespace: kube-system\ndata:\n coredns-vip: 10.96.0.3\n enable-vpc-dns: \"true\"\n nad-name: ovn-nad\n nad-provider: ovn-nad.default.ovn\n
enable-vpc-dns\uff1aenable vpc dns feature, true as defaultcoredns-image\uff1adns deployment image. Defaults to the clustered coredns deployment versioncoredns-vip\uff1aThe vip that provides lb services for coredns.coredns-template\uff1aThe URL where the coredns deployment template is located. defaults to the current version of the ovn directory. coredns-template.yaml default is https://raw.githubusercontent.com/kubeovn/kube-ovn/<kube-ovn version>/yamls/coredns-template.yaml.nad-name\uff1aConfigured network-attachment-definitions Resource name.nad-provider\uff1aThe name of the provider to use.k8s-service-host\uff1aThe ip used for coredns to access the k8s apiserver service, defaults to the apiserver address within the cluster.k8s-service-port\uff1aThe port used for coredns to access the k8s apiserver service, defaults to the apiserver port within the cluster.
"},{"location":"en/advance/vpc-dns/#deploying-vpc-dns","title":"Deploying vpc-dns","text":"configure vpc-dns yaml\uff1a
kind: VpcDns\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-cjh1\nspec:\n vpc: cjh-vpc-1\n subnet: cjh-subnet-1\n replicas: 2\n
vpc \uff1a The name of the vpc used to deploy the dns component.subnet\uff1aSub-name for deploying dns components.replicas: vpc dns deployment replicas
View information about deployed resources:
# kubectl get vpc-dns\nNAME ACTIVE VPC SUBNET \ntest-cjh1 false cjh-vpc-1 cjh-subnet-1 \ntest-cjh2 true cjh-vpc-1 cjh-subnet-2 \n
ACTIVE : true Customized dns component deployed, false No deployment.
Restrictions: only one custom dns component will be deployed under a VPC
- When multiple vpc-dns resources are configured under a VPC (i.e., different subnets for the same VPC), only one vpc-dns resource is in the state
true``, and the others arefasle`. - When the
true vpc-dns is removed, the other false vpc-dns will be obtained for deployment.
"},{"location":"en/advance/vpc-dns/#validate-deployment-results","title":"Validate deployment results","text":"To view vpc-dns Pod status, use label app=vpc-dns to view all vpc-dns pod status:
# kubectl -n kube-system get pods -l app=vpc-dns\nNAME READY STATUS RESTARTS AGE\nvpc-dns-test-cjh1-7b878d96b4-g5979 1/1 Running 0 28s\nvpc-dns-test-cjh1-7b878d96b4-ltmf9 1/1 Running 0 28s\n
View switch lb rule status information:
# kubectl -n kube-system get slr\nNAME VIP PORT(S) SERVICE AGE\nvpc-dns-test-cjh1 10.96.0.3 53/UDP,53/TCP,9153/TCP kube-system/slr-vpc-dns-test-cjh1 113s\n
Go to the Pod under this VPC and test the dns resolution:
nslookup kubernetes.default.svc.cluster.local 10.96.0.3\n
The subnet where the switch lb rule under this VPC is located and the pods under other subnets under the same VPC can be resolved.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/vpc-internal-lb/","title":"Customize VPC Internal Load Balancing","text":"The Service provided by Kubernetes can be used for load balancing within the cluster. However, there are several issues with using Service as internal load balancing in customize VPC mode:
- The Service IP range is a cluster resource, shared by all customize VPCs, and cannot overlap.
- Users cannot set internal load balancing IP addresses according to their own preferences.
To address the above issues, Kube OVN introduced the SwitchLBRule CRD in 1.11, allowing users to set internal load balancing rules within customize VPCs.
SwitchLBRule support the following two ways to set internal load balancing rules within a customize VPC.
"},{"location":"en/advance/vpc-internal-lb/#automatically-generate-load-balancing-rules-by-selector","title":"Automatically Generate Load Balancing Rules by Selector","text":"Load balancing rules can be generated by selector automatic association with pod configuration through label.
example of SwitchLBRule is as follows:
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n selector:\n - app:nginx\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
-
usage of selector, sessionAffinity, and port is the same as Kubernetes Service.
-
vip\uff1acustomize load balancing IP address.
-
namespace\uff1anamespace of the pod selected by selector.
Kube OVN will determine the VPC of the selected pod based on the SwitchLBRule definition and set the corresponding L2 LB.
"},{"location":"en/advance/vpc-internal-lb/#manually-defined-load-balancing-rules-by-endpoints","title":"Manually Defined Load Balancing Rules by Endpoints","text":"Load balancing rules can be customized configured by endpoints, to support scenarios where load balancing rules cannot be automatically generated through selector. For example, the load balancing backend is vm created by kubevirt.
example of SwitchLBRule is as follows:
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n endpoints:\n - 192.168.0.101\n - 192.168.0.102\n - 192.168.0.103\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
-
usage of sessionAffinity, and port is the same as Kubernetes Service.
-
vip\uff1acustomize load balancing IP address.
-
namespace\uff1anamespace of the pod selected by selector.
-
endpoints\uff1aload balancing backend IP list.
attention\uff1aIf both selector and endpoints are configured, the selector configuration will be automatically ignored.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/vpc-peering/","title":"VPC Peering","text":"VPC peering provides a mechanism for bridging two VPC networks through logical routes so that workloads within two VPCs can access each other through private addresses as if they were on the same private network, without the need for NAT forwarding through a gateway.
"},{"location":"en/advance/vpc-peering/#prerequisites","title":"Prerequisites","text":" - This feature is only available for customized VPCs.
- To avoid route overlap the subnet CIDRs within the two VPCs cannot overlap.
- Currently, only interconnection of two VPCs is supported.
"},{"location":"en/advance/vpc-peering/#usage","title":"Usage","text":"First create two non-interconnected VPCs with one Subnet under each VPC, and the CIDRs of the Subnets do not overlap with each other.
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-1\nspec: {}\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net1\nspec:\n vpc: vpc-1\n cidrBlock: 10.0.0.0/16\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-2\nspec: {}\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: vpc-2\n cidrBlock: 172.31.0.0/16\n
Add vpcPeerings and the corresponding static routes within each VPC:
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-1\nspec: \n vpcPeerings:\n - remoteVpc: vpc-2\n localConnectIP: 169.254.0.1/30\n staticRoutes:\n - cidr: 172.31.0.0/16\n nextHopIP: 169.254.0.2\n policy: policyDst\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-2\nspec:\n vpcPeerings:\n - remoteVpc: vpc-1\n localConnectIP: 169.254.0.2/30\n staticRoutes:\n - cidr: 10.0.0.0/16\n nextHopIP: 169.254.0.1\n policy: policyDst\n
remoteVpc: The name of another peering VPC.localConnectIP: As the IP address and CIDR of the interconnection endpoint. Note that both IPs should belong to the same CIDR and should not conflict with existing subnets.cidr\uff1aCIDR of the peering Subnet.nextHopIP\uff1aThe localConnectIP on the other end of the peering VPC.
Create Pods under the two Subnets
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net1\n name: vpc-1-pod\nspec:\n containers:\n - name: vpc-1-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net2\n name: vpc-2-pod\nspec:\n containers:\n - name: vpc-2-pod\n image: docker.io/library/nginx:alpine\n
Test the network connectivity
# kubectl exec -it vpc-1-pod -- ping $(kubectl get pod vpc-2-pod -o jsonpath='{.status.podIP}')\nPING 172.31.0.2 (172.31.0.2): 56 data bytes\n64 bytes from 172.31.0.2: seq=0 ttl=62 time=0.655 ms\n64 bytes from 172.31.0.2: seq=1 ttl=62 time=0.086 ms\n64 bytes from 172.31.0.2: seq=2 ttl=62 time=0.098 ms\n^C\n--- 172.31.0.2 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.086/0.279/0.655 ms\n# kubectl exec -it vpc-2-pod -- ping $(kubectl get pod vpc-1-pod -o jsonpath='{.status.podIP}')\nPING 10.0.0.2 (10.0.0.2): 56 data bytes\n64 bytes from 10.0.0.2: seq=0 ttl=62 time=0.594 ms\n64 bytes from 10.0.0.2: seq=1 ttl=62 time=0.093 ms\n64 bytes from 10.0.0.2: seq=2 ttl=62 time=0.088 ms\n^C\n--- 10.0.0.2 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.088/0.258/0.594 ms\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/windows/","title":"Windows Support","text":"Kube-OVN supports Kubernetes cluster networks that include Windows system nodes, allowing unified containers network management.
"},{"location":"en/advance/windows/#prerequisites","title":"Prerequisites","text":" - Read Adding Windows nodes to add Windows nodes.
- Windows nodes must have the KB4489899 patch installed for Overlay/VXLAN networks to work properly, and it is recommended to update your system to the latest version.
- Hyper-V and management tools must be installed on the Windows node.
- Due to Windows restrictions tunnel encapsulation can only be used in Vxlan mode.
- SSL, IPv6, dual-stack, QoS features are not supported at this time.
- Dynamic subnet and dynamic tunnel interface are not supported at this time. You need to create the subnet and select the network interface before installing the Windows node.
- Multiple
ProviderNetworks are not supported, and the bridge interface configuration cannot be dynamically adjusted.
"},{"location":"en/advance/windows/#install-ovs-on-windows","title":"Install OVS on Windows","text":"Due to some issues with upstream OVN and OVS support for Windows containers, a modified installation package provided by Kube-OVN is required.
Use the following command to enable the TESTSIGNING startup item on the Windows node, which requires a system reboot to take effect.
bcdedit /set LOADOPTIONS DISABLE_INTEGRITY_CHECKS\nbcdedit /set TESTSIGNING ON\nbcdedit /set nointegritychecks ON\n
Download Windows package on Windows node and install.
Confirm that the service is running properly after installation:
PS > Get-Service | findstr ovs\nRunning ovsdb-server Open vSwitch DB Service\nRunning ovs-vswitchd Open vSwitch Service\n
"},{"location":"en/advance/windows/#install-kube-ovn","title":"Install Kube-OVN","text":"Download the installation script in the Windows node install.ps1.
Add relevant parameters and run:
.\\install.ps1 -KubeConfig C:\\k\\admin.conf -ApiServer https://192.168.140.180:6443 -ServiceCIDR 10.96.0.0/12\n
By default, Kube-OVN uses the NIC where the node IP is located as the tunnel interface. If you need to use another NIC, you need to add the specified annotation to the Node before installation, e.g. ovn.kubernetes.io/tunnel_interface=Ethernet1.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/with-bgp/","title":"BGP Support","text":"Kube-OVN supports broadcasting the IP address of the Pod or Subnet to the outside world via BGP protocol, so that the outside world can access the Pod directly through the Pod IP. To use this feature, you need to install kube-ovn-speaker on specific nodes and add the corresponding annotation to the Pod or Subnet that needs to be exposed to the outside world.
"},{"location":"en/advance/with-bgp/#install-kube-ovn-speaker","title":"Install kube-ovn-speaker","text":"kube-ovn-speaker use GoBGP to publish routing information to the outside world and set the next-hop route to itself.
Since the node where kube-ovn-speaker is deployed needs to carry return traffic, specific labeled nodes need to be selected for deployment:
kubectl label nodes speaker-node-1 ovn.kubernetes.io/bgp=true\nkubectl label nodes speaker-node-2 ovn.kubernetes.io/bgp=true\n
When there are multiple instances of kube-ovn-speaker, each of them will publish routes to the outside world, the upstream router needs to support multi-path ECMP.
Download the corresponding yaml:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/yamls/speaker.yaml\n
Modify the corresponding configuration in yaml:
--neighbor-address=10.32.32.1\n--neighbor-as=65030\n--cluster-as=65000\n
neighbor-address: The address of the BGP Peer, usually the router gateway address.neighbor-as: The AS number of the BGP Peer.cluster-as: The AS number of the container network.
Deploy yaml:
kubectl apply -f speaker.yaml\n
"},{"location":"en/advance/with-bgp/#publish-podsubnet-routes","title":"Publish Pod/Subnet Routes","text":"To use BGP for external routing, first set natOutgoing to false for the corresponding Subnet to allow the Pod IP to enter the underlying network directly.
Add annotation to publish routes:
kubectl annotate pod sample ovn.kubernetes.io/bgp=true\nkubectl annotate subnet ovn-default ovn.kubernetes.io/bgp=true\n
Delete annotation to disable the publishing:
kubectl annotate pod perf-ovn-xzvd4 ovn.kubernetes.io/bgp-\nkubectl annotate subnet ovn-default ovn.kubernetes.io/bgp-\n
"},{"location":"en/advance/with-bgp/#bgp-advance-options","title":"BGP Advance Options","text":"kube-ovn-speaker supports more BGP parameters for advanced configuration, which can be adjusted by users according to their network environment:
announce-cluster-ip: Whether to publish Service routes to the public, default is false.auth-password: The access password for the BGP peer.holdtime: The heartbeat detection time between BGP neighbors. Neighbors with no messages after the change time will be removed, the default is 90 seconds.graceful-restart: Whether to enable BGP Graceful Restart.graceful-restart-time: BGP Graceful restart time refer to RFC4724 3.graceful-restart-deferral-time: BGP Graceful restart deferral time refer to RFC4724 4.1.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/with-cilium/","title":"Integration with Cilium","text":"Cilium is an eBPF-based networking and security component. Kube-OVN uses the CNI Chaining mode to enhance existing features. Users can use both the rich network abstraction capabilities of Kube-OVN and the monitoring and security capabilities that come with eBPF.
By integrating Cilium, Kube-OVN users can have the following gains:
- Richer and more efficient security policies.
- Hubble-based monitoring and UI.
"},{"location":"en/advance/with-cilium/#prerequisites","title":"Prerequisites","text":" - Linux kernel version above 4.19 or other compatible kernel for full eBPF capability support.
- Install Helm in advance to prepare for the installation of Cilium, please refer to Installing Helm to deploy Helm.
"},{"location":"en/advance/with-cilium/#configure-kube-ovn","title":"Configure Kube-OVN","text":"In order to fully utilize the security capabilities of Cilium, you need to disable the networkpolicy feature within Kube-OVN and adjust the CNI configuration priority.
Change the following variables in the install.sh script:
ENABLE_NP=false\nCNI_CONFIG_PRIORITY=10\n
If the deployment is complete, you can adjust the args of kube-ovn-controller:
args:\n- --enable-np=false\n
Modify the kube-ovn-cni args to adjust the CNI configuration priority:
args:\n- --cni-conf-name=10-kube-ovn.conflist\n
Adjust the Kube-OVN cni configuration name on each node:
mv /etc/cni/net.d/01-kube-ovn.conflist /etc/cni/net.d/10-kube-ovn.conflist\n
"},{"location":"en/advance/with-cilium/#deploy-cilium","title":"Deploy Cilium","text":"Create the chaining.yaml configuration file to use Cilium's generic-veth mode:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: cni-configuration\n namespace: kube-system\ndata:\n cni-config: |-\n {\n \"name\": \"generic-veth\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n },\n {\n \"type\": \"cilium-cni\"\n }\n ]\n }\n
Installation the chaining config:
kubectl apply -f chaining.yaml\n
Deploying Cilium with Helm:
helm repo add cilium https://helm.cilium.io/\nhelm install cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --set cni.chainingMode=generic-veth \\\n --set cni.customConf=true \\\n --set cni.configMap=cni-configuration \\\n --set tunnel=disabled \\\n --set enableIPv4Masquerade=false \\\n --set enableIdentityMark=false \n
Confirm that the Cilium installation was successful:
# cilium status\n /\u00af\u00af\\\n /\u00af\u00af\\__/\u00af\u00af\\ Cilium: OK\n \\__/\u00af\u00af\\__/ Operator: OK\n /\u00af\u00af\\__/\u00af\u00af\\ Hubble: disabled\n \\__/\u00af\u00af\\__/ ClusterMesh: disabled\n \\__/\n\nDaemonSet cilium Desired: 2, Ready: 2/2, Available: 2/2\nDeployment cilium-operator Desired: 2, Ready: 2/2, Available: 2/2\nContainers: cilium Running: 2\n cilium-operator Running: 2\nCluster Pods: 8/11 managed by Cilium\nImage versions cilium quay.io/cilium/cilium:v1.10.5@sha256:0612218e28288db360c63677c09fafa2d17edda4f13867bcabf87056046b33bb: 2\n cilium-operator quay.io/cilium/operator-generic:v1.10.5@sha256:2d2f730f219d489ff0702923bf24c0002cd93eb4b47ba344375566202f56d972: 2\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/with-openstack/","title":"Integration with OpenStack","text":"In some cases, users need to run virtual machines with OpenStack and containers with Kubernetes, and need the network to interoperate between containers and virtual machines and be under a unified control plane. If the OpenStack Neutron side also uses OVN as the underlying network, then Kube-OVN can use either cluster interconnection or shared underlying OVN to connect the OpenStack and Kubernetes networks.
"},{"location":"en/advance/with-openstack/#cluster-interconnection","title":"Cluster Interconnection","text":"This pattern is similar to Cluster Inter-Connection with OVN-IC to connect two Kubernetes cluster networks, except that the two ends of the cluster are replaced with OpenStack and Kubernetes\u3002
"},{"location":"en/advance/with-openstack/#prerequisites","title":"Prerequisites","text":" - The subnet CIDRs within OpenStack and Kubernetes cannot overlap with each other in auto-route mode.
- A set of machines needs to exist that can be accessed by each cluster over the network and used to deploy controllers that interconnect across clusters.
- Each cluster needs to have a set of machines that can access each other across clusters via IP as the gateway nodes.
- This solution only connects to the Kubernetes default subnet with selected VPC in OpenStack.
"},{"location":"en/advance/with-openstack/#deploy-ovn-ic-db","title":"Deploy OVN-IC DB","text":"Start the OVN-IC DB with the following command:
docker run --name=ovn-ic-db -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh\n
"},{"location":"en/advance/with-openstack/#kubernetes-side-operations","title":"Kubernetes Side Operations","text":"Create ovn-ic-config ConfigMap in kube-system Namespace \uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
enable-ic: Whether to enable cluster interconnection.az-name: Distinguish the cluster names of different clusters, each interconnected cluster needs to be different.ic-db-host: Address of the node where the OVN-IC DB is deployed.ic-nb-port: OVN-IC Northbound Database port, default 6645.ic-sb-port: OVN-IC Southbound Database port, default 6645.gw-nodes: The name of the nodes in the cluster interconnection that takes on the work of the gateways, separated by commas.auto-route: Whether to automatically publish and learn routes.
"},{"location":"en/advance/with-openstack/#openstack-side-operations","title":"OpenStack Side Operations","text":"Create logical routers that interconnect with Kubernetes:
# openstack router create router0\n# openstack router list\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| ID | Name | Status | State | Project |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| d5b38655-249a-4192-8046-71aa4d2b4af1 | router0 | ACTIVE | UP | 98a29ab7388347e7b5ff8bdd181ba4f9 |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n
Set the availability zone name in the OVN northbound database within OpenStack, which needs to be different from the other interconnected clusters:
ovn-nbctl set NB_Global . name=op-az\n
Start the OVN-IC controller at a node that has access to the OVN-IC DB:
/usr/share/ovn/scripts/ovn-ctl --ovn-ic-nb-db=tcp:192.168.65.3:6645 \\\n --ovn-ic-sb-db=tcp:192.168.65.3:6646 \\\n --ovn-northd-nb-db=unix:/run/ovn/ovnnb_db.sock \\\n --ovn-northd-sb-db=unix:/run/ovn/ovnsb_db.sock \\\n start_ic\n
ovn-ic-nb-db\uff0covn-ic-sb-db: OVN-IC Northbound database and southbound database addresses.ovn-northd-nb-db\uff0c ovn-northd-sb-db: Current cluster OVN northbound database and southbound data address.
Configuration gateway nodes:
ovs-vsctl set open_vswitch . external_ids:ovn-is-interconn=true\n
The next step is to create a logical topology by operating the OVN in OpenStack.
Connect the ts interconnect switch and the router0 logical router, and set the relevant rules:
ovn-nbctl lrp-add router0 lrp-router0-ts 00:02:ef:11:39:4f 169.254.100.73/24\novn-nbctl lsp-add ts lsp-ts-router0 -- lsp-set-addresses lsp-ts-router0 router \\\n -- lsp-set-type lsp-ts-router0 router \\\n -- lsp-set-options lsp-ts-router0 router-port=lrp-router0-ts\novn-nbctl lrp-set-gateway-chassis lrp-router0-ts {gateway chassis} 1000\novn-nbctl set NB_Global . options:ic-route-adv=true options:ic-route-learn=true\n
Verify that OpenStack has learned the Kubernetes routing rules:
# ovn-nbctl lr-route-list router0\nIPv4 Routes\n 10.0.0.22 169.254.100.34 dst-ip (learned)\n 10.16.0.0/16 169.254.100.34 dst-ip (learned)\n
Next, you can create a virtual machine under the router0 network to verify that it can interconnect with Pods under Kubernetes.
"},{"location":"en/advance/with-openstack/#shared-underlay-ovn","title":"Shared Underlay OVN","text":"In this scenario, OpenStack and Kubernetes share the same OVN, so concepts such as VPC and Subnet can be pulled together for better control and interconnection.
In this mode we deploy the OVN normally using Kube-OVN, and OpenStack modifies the Neutron configuration to connect to the same OVN DB. OpenStack requires networking-ovn as a Neutron backend implementation.
"},{"location":"en/advance/with-openstack/#neutron-modification","title":"Neutron Modification","text":"Modify the Neutron configuration file /etc/neutron/plugins/ml2/ml2_conf.ini\uff1a
[ovn]\n...\novn_nb_connection = tcp:[192.168.137.176]:6641,tcp:[192.168.137.177]:6641,tcp:[192.168.137.178]:6641\novn_sb_connection = tcp:[192.168.137.176]:6642,tcp:[192.168.137.177]:6642,tcp:[192.168.137.178]:6642\novn_l3_scheduler = OVN_L3_SCHEDULER\n
ovn_nb_connection\uff0c ovn_sb_connection: The address needs to be changed to the address of the ovn-central nodes deployed by Kube-OVN.
Modify the OVS configuration for each node:
ovs-vsctl set open . external-ids:ovn-remote=tcp:[192.168.137.176]:6642,tcp:[192.168.137.177]:6642,tcp:[192.168.137.178]:6642\novs-vsctl set open . external-ids:ovn-encap-type=geneve\novs-vsctl set open . external-ids:ovn-encap-ip=192.168.137.200\n
external-ids:ovn-remote: The address needs to be changed to the address of the ovn-central nodes deployed by Kube-OVN.ovn-encap-ip: Change to the IP address of the current node.
"},{"location":"en/advance/with-openstack/#using-openstack-internal-resources-in-kubernetes","title":"Using OpenStack Internal Resources in Kubernetes","text":"The next section describes how to query OpenStack's network resources in Kubernetes and create Pods in the subnet from OpenStack.
Query the existing network resources in OpenStack for the following resources that have been pre-created.
# openstack router list\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| ID | Name | Status | State | Project |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| 22040ed5-0598-4f77-bffd-e7fd4db47e93 | router0 | ACTIVE | UP | 62381a21d569404aa236a5dd8712449c |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n# openstack network list\n+--------------------------------------+----------+--------------------------------------+\n| ID | Name | Subnets |\n+--------------------------------------+----------+--------------------------------------+\n| cd59e36a-37db-4c27-b709-d35379a7920f | provider | 01d73d9f-fdaa-426c-9b60-aa34abbfacae |\n+--------------------------------------+----------+--------------------------------------+\n# openstack subnet list\n+--------------------------------------+-------------+--------------------------------------+----------------+\n| ID | Name | Network | Subnet |\n+--------------------------------------+-------------+--------------------------------------+----------------+\n| 01d73d9f-fdaa-426c-9b60-aa34abbfacae | provider-v4 | cd59e36a-37db-4c27-b709-d35379a7920f | 192.168.1.0/24 |\n+--------------------------------------+-------------+--------------------------------------+----------------+\n# openstack server list\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n| ID | Name | Status | Networks | Image | Flavor |\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n| 8433d622-a8d6-41a7-8b31-49abfd64f639 | provider-instance | ACTIVE | provider=192.168.1.61 | ubuntu | m1 |\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n
On the Kubernetes side, query the VPC resources from OpenStack:
# kubectl get vpc\nNAME STANDBY SUBNETS\nneutron-22040ed5-0598-4f77-bffd-e7fd4db47e93 true [\"neutron-cd59e36a-37db-4c27-b709-d35379a7920f\"]\novn-cluster true [\"join\",\"ovn-default\"]\n
neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93 is the VPC resources synchronized from OpenStack.
Next, you can create Pods and run them according to Kube-OVN's native VPC and Subnet operations.
Bind VPC, Subnet to Namespace net2 and create Pod:
apiVersion: v1\nkind: Namespace\nmetadata:\n name: net2\n---\napiVersion: kubeovn.io/v1\nkind: Vpc\nmetadata:\n creationTimestamp: \"2021-06-20T13:34:11Z\"\n generation: 2\n labels:\n ovn.kubernetes.io/vpc_external: \"true\"\n name: neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93\n resourceVersion: \"583728\"\n uid: 18d4c654-f511-4def-a3a0-a6434d237c1e\nspec:\n namespaces:\n - net2\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93\n namespaces:\n - net2\n cidrBlock: 12.0.1.0/24\n natOutgoing: false\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: ubuntu\n namespace: net2\nspec:\n containers:\n - image: docker.io/kubeovn/kube-ovn:v1.8.0\n command:\n - \"sleep\"\n - \"604800\"\n imagePullPolicy: IfNotPresent\n name: ubuntu\n restartPolicy: Always\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/with-ovn-ic/","title":"Cluster Inter-Connection with OVN-IC","text":"Kube-OVN supports interconnecting two Kubernetes cluster Pod networks via OVN-IC, and the Pods in the two clusters can communicate directly via Pod IPs . Kube-OVN uses tunnels to encapsulate cross-cluster traffic, allowing container networks to interconnect between two clusters as long as there is a set of IP reachable machines.
This mode of multi-cluster interconnection is for Overlay network. For Underlay network, it needs the underlying infrastructure to do the inter-connection work.
"},{"location":"en/advance/with-ovn-ic/#prerequisites","title":"Prerequisites","text":" -
Clusters configured in versions after 1.11.16 have the cluster interconnection switch turned off by default. You need to mark the following in the configuration script install.sh:
ENABLE_IC=true\n
After opening the switch and deploying the cluster, the component deployment ovn-ic-controller will appear. 2. The subnet CIDRs within OpenStack and Kubernetes cannot overlap with each other in auto-interconnect mode. If there is overlap, you need to refer to the subsequent manual interconnection process, which can only connect non-overlapping Subnets. 3. A set of machines needs to exist that can be accessed by each cluster over the network and used to deploy controllers that interconnect across clusters. 4. Each cluster needs to have a set of machines that can access each other across clusters via IP as the gateway nodes. 5. This solution only connects to the Kubernetes default VPCs.
"},{"location":"en/advance/with-ovn-ic/#deploy-a-single-node-ovn-ic-db","title":"Deploy a single-node OVN-IC DB","text":"Deploy the OVN-IC DB on a machine accessible by kube-ovn-controller, This DB will hold the network configuration information synchronized up from each cluster.
An environment deploying docker can start the OVN-IC DB with the following command.
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh\n
For deploying a containerd environment instead of docker you can use the following command:
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh\n
"},{"location":"en/advance/with-ovn-ic/#automatic-routing-mode","title":"Automatic Routing Mode","text":"In auto-routing mode, each cluster synchronizes the CIDR information of the Subnet under its own default VPC to OVN-IC, so make sure there is no overlap between the Subnet CIDRs of the two clusters.
Create ovn-ic-config ConfigMap in kube-system Namespace:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
enable-ic: Whether to enable cluster interconnection.az-name: Distinguish the cluster names of different clusters, each interconnected cluster needs to be different.ic-db-host: Address of the node where the OVN-IC DB is deployed.ic-nb-port: OVN-IC Northbound Database port, default 6645.ic-sb-port: OVN-IC Southbound Database port, default 6645.gw-nodes: The name of the nodes in the cluster interconnection that takes on the work of the gateways, separated by commas.auto-route: Whether to automatically publish and learn routes.
Note: To ensure the correct operation, the ConfigMap ovn-ic-config is not allowed to be modified. If any parameter needs to be changed, please delete this ConfigMap, modify it and then apply it again.
Check if the interconnected logical switch ts has been established in the ovn-ic container with the following command\uff1a
# ovn-ic-sbctl show\navailability-zone az1\n gateway deee03e0-af16-4f45-91e9-b50c3960f809\n hostname: az1-gw\n type: geneve\n ip: 192.168.42.145\n port ts-az1\n transit switch: ts\n address: [\"00:00:00:50:AC:8C 169.254.100.45/24\"]\navailability-zone az2\n gateway e94cc831-8143-40e3-a478-90352773327b\n hostname: az2-gw\n type: geneve\n ip: 192.168.42.149\n port ts-az2\n transit switch: ts\n address: [\"00:00:00:07:4A:59 169.254.100.63/24\"]\n
At each cluster observe if logical routes have learned peer routes:
# kubectl ko nbctl lr-route-list ovn-cluster\nIPv4 Routes\n 10.42.1.1 169.254.100.45 dst-ip (learned)\n 10.42.1.3 100.64.0.2 dst-ip\n 10.16.0.2 100.64.0.2 src-ip\n 10.16.0.3 100.64.0.2 src-ip\n 10.16.0.4 100.64.0.2 src-ip\n 10.16.0.6 100.64.0.2 src-ip\n 10.17.0.0/16 169.254.100.45 dst-ip (learned)\n 100.65.0.0/16 169.254.100.45 dst-ip (learned)\n
Next, you can try ping a Pod IP in Cluster 1 directly from a Pod in Cluster 2 to see if you can work.
For a subnet that does not want to automatically publish routes to the other end, you can disable route broadcasting by modifying disableInterConnection in the Subnet spec.
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: no-advertise\nspec:\n cidrBlock: 10.199.0.0/16\n disableInterConnection: true\n
"},{"location":"en/advance/with-ovn-ic/#manual-routing-mode","title":"Manual Routing Mode","text":"For cases where there are overlapping CIDRs between clusters, and you only want to do partial subnet interconnection, you can manually publish subnet routing by following the steps below.
Create ovn-ic-config ConfigMap in kube-system Namespace, and set auto-route to false:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"false\"\n
Find the address of the remote logical ports in each cluster separately, for later manual configuration of the route:
[root@az1 ~]# kubectl ko nbctl show\nswitch a391d3a1-14a0-4841-9836-4bd930c447fb (ts)\n port ts-az1\n type: router\n router-port: az1-ts\n port ts-az2\n type: remote\n addresses: [\"00:00:00:4B:E2:9F 169.254.100.31/24\"]\n\n[root@az2 ~]# kubectl ko nbctl show\nswitch da6138b8-de81-4908-abf9-b2224ec4edf3 (ts)\n port ts-az2\n type: router\n router-port: az2-ts\n port ts-az1\n type: remote\n addresses: [\"00:00:00:FB:2A:F7 169.254.100.79/24\"] \n
The output above shows that the remote address from cluster az1 to cluster az2 is 169.254.100.31 and the remote address from az2 to az1 is 169.254.100.79.
In this example, the subnet CIDR within cluster az1 is 10.16.0.0/24 and the subnet CIDR within cluster az2 is 10.17.0.0/24.
Set up a route from cluster az1 to cluster az2 in cluster az1:
kubectl ko nbctl lr-route-add ovn-cluster 10.17.0.0/24 169.254.100.31\n
Set up a route to cluster az1 in cluster az2:
kubectl ko nbctl lr-route-add ovn-cluster 10.16.0.0/24 169.254.100.79\n
"},{"location":"en/advance/with-ovn-ic/#highly-available-ovn-ic-db-installation","title":"Highly Available OVN-IC DB Installation","text":"A highly available cluster can be formed between OVN-IC DB via the Raft protocol, which requires a minimum of 3 nodes for this deployment model.
First start the leader of the OVN-IC DB on the first node.
Users deploying a docker environment can use the following command:
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP=\"192.168.65.3\" -e NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\" kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh\n
If you are using containerd you can use the following command:
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" --env=\"NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\"\" --env=\"LOCAL_IP=\"192.168.65.3\"\" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh\n
LOCAL_IP\uff1a The IP address of the node where the current container is located.NODE_IPS\uff1a The IP addresses of the three nodes running the OVN-IC database, separated by commas.
Next, deploy the follower of the OVN-IC DB on the other two nodes.
docker environment can use the following command.
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP=\"192.168.65.2\" -e NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\" -e LEADER_IP=\"192.168.65.3\" kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh\n
If using containerd you can use the following command:
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" --env=\"NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\"\" --env=\"LOCAL_IP=\"192.168.65.2\"\" --env=\"LEADER_IP=\"192.168.65.3\"\" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh\n
LOCAL_IP\uff1a The IP address of the node where the current container is located.NODE_IPS\uff1a The IP addresses of the three nodes running the OVN-IC database, separated by commas.LEADER_IP: The IP address of the OVN-IC DB leader node.
Specify multiple OVN-IC database node addresses when creating ovn-ic-config for each cluster:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3,192.168.65.2,192.168.65.1\"\n ic-nb-port: \"6645\"\n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
"},{"location":"en/advance/with-ovn-ic/#manual-reset","title":"Manual Reset","text":"In some cases, the entire interconnection configuration needs to be cleaned up due to configuration errors, you can refer to the following steps to clean up your environment.
Delete the current ovn-ic-config Configmap:
kubectl -n kube-system delete cm ovn-ic-config\n
Delete ts logical switch:
kubectl ko nbctl ls-del ts\n
Repeat the same steps at the peer cluster.
"},{"location":"en/advance/with-ovn-ic/#clean-ovn-ic","title":"Clean OVN-IC","text":"Delete the ovn-ic-config Configmap for all clusters:
kubectl -n kube-system delete cm ovn-ic-config\n
Delete all clusters' ts logical switches:
kubectl ko nbctl ls-del ts\n
Delete the cluster interconnect controller. If it is a high-availability OVN-IC database deployment, all need to be cleaned up.
If the controller is docker deploy execute command:
docker stop ovn-ic-db \ndocker rm ovn-ic-db\n
If the controller is containerd deploy the command:
ctr -n k8s.io task kill ovn-ic-db\nctr -n k8s.io containers rm ovn-ic-db\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/with-submariner/","title":"Cluster Inter-Connection with Submariner","text":"Submariner is an open source networking component that connects multiple Kubernetes cluster Pod and Service networks which can help Kube-OVN interconnect multiple clusters.
Compared to OVN-IC, Submariner can connect Kube-OVN and non-Kube-OVN cluster networks, and Submariner can provide cross-cluster capability for services. However, Submariner currently only enables the default subnets to be connected, and cannot selectively connect multiple subnets.
"},{"location":"en/advance/with-submariner/#prerequisites","title":"Prerequisites","text":" - The Service CIDRs of the two clusters and the CIDR of the default Subnet cannot overlap.
"},{"location":"en/advance/with-submariner/#install-submariner","title":"Install Submariner","text":"Download the subctl binary and deploy it to the appropriate path:
curl -Ls https://get.submariner.io | bash\nexport PATH=$PATH:~/.local/bin\necho export PATH=\\$PATH:~/.local/bin >> ~/.profile\n
Change kubeconfig context to the cluster that need to deploy submariner-broker:
subctl deploy-broker\n
In this document the default subnet CIDR for cluster0 is 10.16.0.0/16 and the join subnet CIDR for cluster0 is 100.64.0.0/16, the default subnet CIDR for cluster1 is 11.16.0.0/16 and the join subnet CIDR for cluster1 is 100.68.0.0/16.
Switch kubeconfig to cluster0 to register the cluster to the broker, and register the gateway node:
subctl join broker-info.subm --clusterid cluster0 --clustercidr 100.64.0.0/16,10.16.0.0/16 --natt=false --cable-driver vxlan --health-check=false\nkubectl label nodes cluster0 submariner.io/gateway=true\n
Switch kubeconfig to cluster1 to register the cluster to the broker, and register the gateway node:
subctl join broker-info.subm --clusterid cluster1 --clustercidr 100.68.0.0/16,11.16.0.0/16 --natt=false --cable-driver vxlan --health-check=false\nkubectl label nodes cluster1 submariner.io/gateway=true\n
Next, you can start Pods in each of the two clusters and try to access each other using IPs.
Network communication problems can be diagnosed by using the subctl command:
subctl show all\nsubctl diagnose all\n
For more Submariner operations please read Submariner Usage.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/custom-routes/","title":"Custom Routes","text":"Custom routes can be configured via Pod's annotations. Here is an example:
apiVersion: v1\nkind: Pod\nmetadata:\n name: custom-routes\n annotations:\n ovn.kubernetes.io/routes: |\n [{\n \"dst\": \"192.168.0.101/24\",\n \"gw\": \"10.16.0.254\"\n }, {\n \"gw\": \"10.16.0.254\"\n }]\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n
Do not set the dst field if you want to configure the default route.
For workloads such as Deployment, DaemonSet and StatefulSet, custom routes must be configured via .spec.template.metadata.annotations:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: custom-routes\n labels:\n app: nginx\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n annotations:\n ovn.kubernetes.io/routes: |\n [{\n \"dst\": \"192.168.0.101/24\",\n \"gw\": \"10.16.0.254\"\n }, {\n \"gw\": \"10.16.0.254\"\n }]\n spec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/dual-stack/","title":"DualStack","text":"Different subnets in Kube-OVN can support different IP protocols. IPv4, IPv6 and dual-stack types of subnets can exist within one cluster. However, it is recommended to use a uniform protocol type within a cluster to simplify usage and maintenance.
In order to support dual-stack, the host network needs to meet the dual-stack requirements, and the Kubernetes-related parameters need to be adjusted, please refer to official guide to dual-stack.
"},{"location":"en/guide/dual-stack/#create-dual-stack-subnet","title":"Create dual-stack Subnet","text":"When configuring a dual stack Subnet, you only need to set the corresponding subnet CIDR format as cidr=<IPv4 CIDR>,<IPv6 CIDR>.
The CIDR order requires IPv4 to come first and IPv6 to come second, as follows.
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata: \n name: ovn-test\nspec:\n cidrBlock: 10.16.0.0/16,fd00:10:16::/64\n excludeIps:\n - 10.16.0.1\n - fd00:10:16::1\n gateway: 10.16.0.1,fd00:10:16::1\n
If you need to use a dual stack for the default subnet during installation, you need to change the following parameters in the installation script:
POD_CIDR=\"10.16.0.0/16,fd00:10:16::/64\"\nJOIN_CIDR=\"100.64.0.0/16,fd00:100:64::/64\"\n
"},{"location":"en/guide/dual-stack/#check-pod-address","title":"Check Pod Address","text":"Pods configured for dual-stack networks will be assigned both IPv4 and IPv6 addresses from that subnet, and the results will be displayed in the annotation of the Pod:
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/allocated: \"true\"\n ovn.kubernetes.io/cidr: 10.16.0.0/16,fd00:10:16::/64\n ovn.kubernetes.io/gateway: 10.16.0.1,fd00:10:16::1\n ovn.kubernetes.io/ip_address: 10.16.0.9,fd00:10:16::9\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:14:88:09\n ovn.kubernetes.io/network_types: geneve\n ovn.kubernetes.io/routed: \"true\"\n...\npodIP: 10.16.0.9\n podIPs:\n - ip: 10.16.0.9\n - ip: fd00:10:16::9\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/eip-snat/","title":"EIP and SNAT","text":"This configuration is for the network under default VPC, for custom VPC please refer to VPC Gateway
Kube-OVN supports SNAT and EIP functionality at the Pod level using the L3 Gateway feature in OVN. By using SNAT, a group of Pods can share an IP address for external access. With the EIP feature, a Pod can be directly associated with an external IP. External services can access the Pod directly through the EIP, and the Pod will also access external services through this EIP.
"},{"location":"en/guide/eip-snat/#preparation","title":"Preparation","text":" - In order to use the OVN's L3 Gateway capability, a separate NIC must be bridged into the OVS bridge for overlay and underlay network communication. The host must have other NICs for management.
- Since packets passing through NAT will go directly to the Underlay network, it is important to confirm that such packets can pass safely on the current network architecture.
- Currently, there is no conflict detection for EIP and SNAT addresses, and an administrator needs to manually assign them to avoid address conflicts.
"},{"location":"en/guide/eip-snat/#create-config","title":"Create Config","text":"Create ConfigMap ovn-external-gw-config in kube-system Namespace:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-external-gw-config\n namespace: kube-system\ndata:\n enable-external-gw: \"true\"\n external-gw-nodes: \"kube-ovn-worker\"\n external-gw-nic: \"eth1\"\n external-gw-addr: \"172.56.0.1/16\"\n nic-ip: \"172.56.0.254/16\"\n nic-mac: \"16:52:f3:13:6a:25\"\n
enable-external-gw: Whether to enable SNAT and EIP functions.type: centrailized or distributed\uff0c Default is centralized If distributed is used, all nodes of the cluster need to have the same name NIC to perform the gateway function.external-gw-nodes: In centralized mode\uff0cThe names of the node performing the gateway role, comma separated.external-gw-nic: The name of the NIC that performs the role of a gateway on the node.external-gw-addr: The IP and mask of the physical network gateway.nic-ip,nic-mac: The IP and Mac assigned to the logical gateway port needs to be an unoccupied IP and Mac for the physical subnet.
"},{"location":"en/guide/eip-snat/#confirm-the-configuration-take-effect","title":"Confirm the Configuration Take Effect","text":"Check the OVN-NB status to confirm that the ovn-external logical switch exists and that the correct address and chassis are bound to the ovn-cluster-ovn-external logical router port.
# kubectl ko nbctl show\nswitch 3de4cea7-1a71-43f3-8b62-435a57ef16a6 (ovn-external)\n port ln-ovn-external\n type: localnet\n addresses: [\"unknown\"]\n port ovn-external-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-external\nrouter e1eb83ad-34be-4ed5-9a02-fcc8b1d357c4 (ovn-cluster)\n port ovn-cluster-ovn-external\n mac: \"ac:1f:6b:2d:33:f1\"\n networks: [\"172.56.0.100/16\"]\n gateway chassis: [a5682814-2e2c-46dd-9c1c-6803ef0dab66]\n
Check the OVS status to confirm that the corresponding NIC is bridged into the br-external bridge:
# kubectl ko vsctl ${gateway node name} show\ne7d81150-7743-4d6e-9e6f-5c688232e130\n Bridge br-external\n Port br-external\n Interface br-external\n type: internal\n Port eno2\n Interface eno2\n Port patch-ln-ovn-external-to-br-int\n Interface patch-ln-ovn-external-to-br-int\n type: patch\n options: {peer=patch-br-int-to-ln-ovn-external}\n
"},{"location":"en/guide/eip-snat/#config-eip-amd-snat-on-pod","title":"Config EIP amd SNAT on Pod","text":"SNAT and EIP can be configured by adding the ovn.kubernetes.io/snat or ovn.kubernetes.io/eip annotation to the Pod, respectively:
apiVersion: v1\nkind: Pod\nmetadata:\n name: pod-gw\n annotations:\n ovn.kubernetes.io/snat: 172.56.0.200\nspec:\n containers:\n - name: snat-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: pod-gw\n annotations:\n ovn.kubernetes.io/eip: 172.56.0.233\nspec:\n containers:\n - name: eip-pod\n image: docker.io/library/nginx:alpine\n
The EIP or SNAT rules configured by the Pod can be dynamically adjusted via kubectl or other tools, remember to remove the ovn.kubernetes.io/routed annotation to trigger the routing change.
kubectl annotate pod pod-gw ovn.kubernetes.io/eip=172.56.0.221 --overwrite\nkubectl annotate pod pod-gw ovn.kubernetes.io/routed-\n
When the EIP or SNAT takes into effect, the ovn.kubernetes.io/routed annotation will be added back.
"},{"location":"en/guide/eip-snat/#advanced-configuration","title":"Advanced Configuration","text":"Some args of kube-ovn-controller allow for advanced configuration of SNAT and EIP:
--external-gateway-config-ns: The Namespace of Configmap ovn-external-gw-config, default is kube-system\u3002--external-gateway-net: The name of the bridge to which the physical NIC is bridged, default is external.--external-gateway-vlanid: Physical network Vlan Tag number, default is 0, i.e. no Vlan is used.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/ippool/","title":"Configure IPPool","text":"IPPool is a more granular IPAM management unit than Subnet. You can subdivide the subnet segment into multiple units through IPPool, and each unit is bound to one or more namespaces.
"},{"location":"en/guide/ippool/#instructions","title":"Instructions","text":"Below is an example\uff1a
apiVersion: kubeovn.io/v1\nkind: IPPool\nmetadata:\n name: pool-1\nspec:\n subnet: ovn-default\n ips:\n - \"10.16.0.201\"\n - \"10.16.0.210/30\"\n - \"10.16.0.220..10.16.0.230\"\n namespaces:\n - ns-1\n
Field description:
Field Usage Comment subnet Specify the subnet to which it belongs Required ips Specify IP ranges Support three formats: , and ... Support IPv6. namespaces Specifies the bound namespaces Optional"},{"location":"en/guide/ippool/#precautions","title":"Precautions","text":" - To ensure compatibility with Workload Universal IP Pool Fixed Address, the name of the IP pool cannot be an IP address;
- The
.spec.ips of the IP pool can specify an IP address beyond the scope of the subnet, but the actual effective IP address is the intersection of .spec.ips and the CIDR of the subnet; - Different IP pools of the same subnet cannot contain the same (effective) IP address;
- The
.spec.ips of the IP pool can be modified dynamically; - The IP pool will inherit the reserved IP of the subnet. When randomly assigning an IP address from the IP pool, the reserved IP included in the IP pool will be skipped;
- When randomly assigning an IP address from a subnet, it will only be assigned from a range other than all IP pools in the subnet.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/loadbalancer-service/","title":"LoadBalancer Type Service","text":"Kube-OVN supports the implementation of VPC and VPC gateway. For specific configurations, please refer to the VPC configuration.
Due to the complexity of using VPC gateways, the implementation based on VPC gateways has been simplified. It supports creating LoadBalancer type Services in the default VPC, allowing access to Services in the default VPC through LoadBalancerIP.
First, make sure the following conditions are met in the environment:
- Install
multus-cni and macvlan cni\u3002 - LoadBalancer Service support relies on simplified implementation of VPC gateway code, still utilizing the vpc-nat-gw image and depending on macvlan for multi-interface functionality support.
- Currently, it only supports configuration in the default VPC. Support for LoadBalancers in custom VPCs can be referred to in the VPC configuration.
"},{"location":"en/guide/loadbalancer-service/#steps-to-configure-default-vpc-loadbalancer-service","title":"Steps to Configure Default VPC LoadBalancer Service","text":""},{"location":"en/guide/loadbalancer-service/#enable-feature-flag","title":"Enable Feature Flag","text":"Modify the deployment kube-ovn-controller under the kube-system namespace and add the parameter --enable-lb-svc=true to the args section to enable the feature (by default it's set to false).
containers:\n- args:\n - /kube-ovn/start-controller.sh\n - --default-cidr=10.16.0.0/16\n - --default-gateway=10.16.0.1\n - --default-gateway-check=true\n - --enable-lb-svc=true // parameter is set to true\n
"},{"location":"en/guide/loadbalancer-service/#create-networkattachmentdefinition-crd-resource","title":"Create NetworkAttachmentDefinition CRD Resource","text":"Refer to the following YAML and create the net-attach-def resource:
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: lb-svc-attachment\n namespace: kube-system\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth0\", //Physical network card, configure according to the actual situation\n \"mode\": \"bridge\"\n }'\n
By default, the physical NIC eth0 is used to implement the multi-interface functionality. If another physical NIC is needed, modify the master value to specify the name of the desired physical NIC.
"},{"location":"en/guide/loadbalancer-service/#create-subnet","title":"Create Subnet","text":"The created Subnet is used to allocate LoadBalancerIP for the LoadBalancer Service, which should normally be accessible from outside the cluster. An Underlay Subnet can be configured for address allocation.
Refer to the following YAML to create a new subnet:
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\nspec:\n protocol: IPv4\n provider: lb-svc-attachment.kube-system //The provider format is fixed and consists of the Name.Namespace of the net-attach-def resource created in the previous step\n cidrBlock: 172.18.0.0/16\n gateway: 172.18.0.1\n excludeIps:\n - 172.18.0.0..172.18.0.10\n
In the provider parameter of the Subnet, ovn or .ovn suffix is used to indicate that the subnet is managed by Kube-OVN and requires corresponding logical switch records to be created.
If provider is neither ovn nor ends with .ovn, Kube-OVN only provides the IPAM functionality to record IP address allocation without handling business logic for the subnet.
"},{"location":"en/guide/loadbalancer-service/#create-loadbalancer-service","title":"Create LoadBalancer Service","text":"Refer to the following YAML to create a LoadBalancer Service:
apiVersion: v1\nkind: Service\nmetadata:\n annotations:\n lb-svc-attachment.kube-system.kubernetes.io/logical_switch: attach-subnet #Optional\n ovn.kubernetes.io/attachmentprovider: lb-svc-attachment.kube-system #Required\n labels:\n app: dynamic\n name: test-service\n namespace: default\nspec:\n loadBalancerIP: 172.18.0.18 #Optional\n ports:\n - name: test\n protocol: TCP\n port: 80\n targetPort: 80\n selector:\n app: dynamic\n sessionAffinity: None\n type: LoadBalancer\n
In the yaml, the annotation ovn.kubernetes.io/attachmentprovider is required, and its value is composed of the Name.Namespace of the net-attach-def resource created in the first step. This annotation is used to find the net-attach-def resources when creating Pods.
The subnet used for multi-interface address allocation can be specified through an annotation. The annotation key format is net-attach-def resource's Name.Namespace.kubernetes.io/logical_switch. This configuration is optional and if LoadBalancerIP address is not specified, addresses will be dynamically allocated from this subnet and filled into the LoadBalancerIP field.
If a static LoadBalancerIP address is required, the spec.loadBalancerIP field can be configured. The address must be within the specified subnet's address range.
After creating the Service using the YAML, you can see the Pod startup information in the same namespace as the Service:
# kubectl get pod\nNAME READY STATUS RESTARTS AGE\nlb-svc-test-service-6869d98dd8-cjvll 1/1 Running 0 107m\n# kubectl get svc\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\ntest-service LoadBalancer 10.109.201.193 172.18.0.18 80:30056/TCP 107m\n
When specifying the service.spec.loadBalancerIP parameter, it will be assigned to the service's external IP field. If not specified, the parameter will be assigned a random value.
View the YAML output of the test Pod to see the assigned multi-interface addresses:
# kubectl get pod -o yaml lb-svc-test-service-6869d98dd8-cjvll\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n k8s.v1.cni.cncf.io/network-status: |-\n [{\n \"name\": \"kube-ovn\",\n \"ips\": [\n \"10.16.0.2\"\n ],\n \"default\": true,\n \"dns\": {}\n },{\n \"name\": \"default/test-service\",\n \"interface\": \"net1\",\n \"mac\": \"ba:85:f7:02:9f:42\",\n \"dns\": {}\n }]\n k8s.v1.cni.cncf.io/networks: default/test-service\n k8s.v1.cni.cncf.io/networks-status: |-\n [{\n \"name\": \"kube-ovn\",\n \"ips\": [\n \"10.16.0.2\"\n ],\n \"default\": true,\n \"dns\": {}\n },{\n \"name\": \"default/test-service\",\n \"interface\": \"net1\",\n \"mac\": \"ba:85:f7:02:9f:42\",\n \"dns\": {}\n }]\n ovn.kubernetes.io/allocated: \"true\"\n ovn.kubernetes.io/cidr: 10.16.0.0/16\n ovn.kubernetes.io/gateway: 10.16.0.1\n ovn.kubernetes.io/ip_address: 10.16.0.2\n ovn.kubernetes.io/logical_router: ovn-cluster\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:45:F4:29\n ovn.kubernetes.io/pod_nic_type: veth-pair\n ovn.kubernetes.io/routed: \"true\"\n test-service.default.kubernetes.io/allocated: \"true\"\n test-service.default.kubernetes.io/cidr: 172.18.0.0/16\n test-service.default.kubernetes.io/gateway: 172.18.0.1\n test-service.default.kubernetes.io/ip_address: 172.18.0.18\n test-service.default.kubernetes.io/logical_switch: attach-subnet\n test-service.default.kubernetes.io/mac_address: 00:00:00:AF:AA:BF\n test-service.default.kubernetes.io/pod_nic_type: veth-pair\n
Check the service information:
# kubectl get svc -o yaml test-service\napiVersion: v1\nkind: Service\nmetadata:\n annotations:\n kubectl.kubernetes.io/last-applied-configuration: |\n {\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"annotations\":{\"test-service.default.kubernetes.io/logical_switch\":\"attach-subnet\"},\"labels \":{\"app\":\"dynamic\"},\"name\":\"test-service\",\"namespace\":\"default\"},\"spec\":{\"ports\":[{\"name\":\"test\", \"port\":80,\"protocol\":\"TCP\",\"targetPort\":80}],\"selector\":{\"app\":\"dynamic\"},\"sessionAffinity\":\"None\",\"type\":\"LoadBalancer \"}}\n ovn.kubernetes.io/vpc:ovn-cluster\n test-service.default.kubernetes.io/logical_switch: attach-subnet\n creationTimestamp: \"2022-06-15T09:01:58Z\"\n labels:\n app: dynamic\n name: test-service\n namespace: default\n resourceVersion: \"38485\"\n uid: 161edee1-7f6e-40f5-9e09-5a52c44267d0\nspec:\n allocateLoadBalancerNodePorts: true\n clusterIP: 10.109.201.193\n clusterIPs:\n - 10.109.201.193\n externalTrafficPolicy: Cluster\n internalTrafficPolicy: Cluster\n ipFamilies:\n - IPv4\n ipFamilyPolicy: SingleStack\n ports:\n - name: test\n nodePort: 30056\n port: 80\n protocol: TCP\n targetPort: 80\n selector:\n app: dynamic\n sessionAffinity: None\n type: LoadBalancer\nstatus:\n loadBalancer:\n ingress:\n - ip: 172.18.0.18\n
"},{"location":"en/guide/loadbalancer-service/#testing-loadbalancerip-access","title":"Testing LoadBalancerIP access","text":"Refer to the following YAML to create a test Pod that serves as the Endpoints for the Service:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: dynamic\n name: dynamic\n namespace: default\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: dynamic\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: dynamic\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n dnsPolicy: ClusterFirst\n restartPolicy: Always\n
Under normal circumstances, the provided subnet addresses should be accessible from outside the cluster. To verify, access the Service's LoadBalancerIP:Port from within the cluster and check if the access is successful.
# curl 172.18.0.11:80\n<html>\n<head>\n <title>Hello World!</title>\n <link href='//fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>\n <style>\n body {\n background-color: white;\n text-align: center;\n padding: 50px;\n font-family: \"Open Sans\",\"Helvetica Neue\",Helvetica,Arial,sans-serif;\n }\n #logo {\n margin-bottom: 40px;\n }\n </style>\n</head>\n<body>\n <h1>Hello World!</h1>\n <h3>Links found</h3>\n <h3>I am on dynamic-7d8d7874f5-hsgc4</h3>\n <h3>Cookie =</h3>\n <b>KUBERNETES</b> listening in 443 available at tcp://10.96.0.1:443<br />\n <h3>my name is hanhouchao!</h3>\n <h3> RequestURI='/'</h3>\n</body>\n</html>\n
Enter the Pod created by the Service and check the network information:
# ip a\n4: net1@if62: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether ba:85:f7:02:9f:42 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 172.18.0.18/16 scope global net1\n valid_lft forever preferred_lft forever\n inet6 fe80::b885:f7ff:fe02:9f42/64 scope link\n valid_lft forever preferred_lft forever\n36: eth0@if37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default\n link/ether 00:00:00:45:f4:29 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 10.16.0.2/16 brd 10.16.255.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe45:f429/64 scope link\n valid_lft forever preferred_lft forever\n\n# ip rule\n0: from all lookup local\n32764: from all iif eth0 lookup 100\n32765: from all iif net1 lookup 100\n32766: from all lookup main\n32767: from all lookup default\n\n# ip route show table 100\ndefault via 172.18.0.1 dev net1\n10.109.201.193 via 10.16.0.1 dev eth0\n172.18.0.0/16 dev net1 scope link\n\n# iptables -t nat -L -n -v\nChain PREROUTING (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n 0 0 DNAT tcp -- * * 0.0.0.0/0 172.18.0.18 tcp dpt:80 to:10.109.201.193:80\n\nChain INPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n\nChain OUTPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n\nChain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n 0 0 MASQUERADE all -- * * 0.0.0.0/0 10.109.201.193\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/mirror/","title":"Traffic Mirror","text":"The traffic mirroring feature allows packets to and from the container network to be copied to a specific NIC of the host. Administrators or developers can listen to this NIC to get the complete container network traffic for further analysis, monitoring, security auditing and other operations. It can also be integrated with traditional NPM for more fine-grained traffic visibility.
The traffic mirroring feature introduces some performance loss, with an additional CPU consumption of 5% to 10% depending on CPU performance and traffic characteristics.
"},{"location":"en/guide/mirror/#global-traffic-mirroring-settings","title":"Global Traffic Mirroring Settings","text":"The traffic mirroring is disabled by default, please modify the args of kube-ovn-cni DaemonSet to enable it:
--enable-mirror=true: Whether to enable traffic mirroring.--mirror-iface=mirror0: The name of the NIC that the traffic mirror is copied to. This NIC can be a physical NIC that already exists on the host machine. At this point the NIC will be bridged into the br-int bridge and the mirrored traffic will go directly to the underlying switch. If the NIC name does not exist, Kube-OVN will automatically create a virtual NIC with the same name, through which the administrator or developer can access all traffic on the current node on the host. The default is mirror0.
Next, you can listen to the traffic on mirror0 with tcpdump or other traffic analysis tools.
tcpdump -ni mirror0\n
"},{"location":"en/guide/mirror/#pod-level-mirroring-settings","title":"Pod Level Mirroring Settings","text":"If you only need to mirror some Pod traffic, you need to disable the global traffic mirroring and then add the ovn.kubernetes.io/mirror annotation on a specific Pod to enable Pod-level traffic mirroring.
apiVersion: v1\nkind: Pod\nmetadata:\n name: mirror-pod\n namespace: ls1\n annotations:\n ovn.kubernetes.io/mirror: \"true\"\nspec:\n containers:\n - name: mirror-pod\n image: docker.io/library/nginx:alpine\n
"},{"location":"en/guide/mirror/#performance-test","title":"Performance Test","text":"Test on the same environment with the traffic mirroring switch on and off, respectively
"},{"location":"en/guide/mirror/#enable-traffic-mirroring","title":"Enable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 12.7 us 289 Mbits/sec 12.6 us (1.8%) 77.9 Mbits/sec 128 15.5 us 517 Mbits/sec 12.7 us (0%) 155 Mbits/sec 512 12.2 us 1.64 Gbits/sec 12.4 us (0%) 624 Mbits/sec 1k 13 us 2.96 Gbits/sec 11.4 us (0.53%) 1.22 Gbits/sec 4k 18 us 7.67 Gbits/sec 25.7 us (0.41%) 1.50 Gbits/sec"},{"location":"en/guide/mirror/#disable-traffic-mirroring","title":"Disable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 11.9 us 324 Mbits/sec 12.2 us (0.22%) 102 Mbits/sec 128 10.5 us 582 Mbits/sec 9.5 us (0.21%) 198 Mbits/sec 512 11.6 us 1.84 Gbits/sec 9.32 us (0.091%) 827 Mbits/sec 1k 10.5 us 3.44 Gbits/sec 10 us (1.2%) 1.52 Gbits/sec 4k 16.7 us 8.52 Gbits/sec 18.2 us (1.3%) 2.42 Gbits/sec"},{"location":"en/guide/mirror/#enable-traffic-mirroring_1","title":"Enable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 258 us 143 Mbits/sec 237 us (61%) 28.5 Mbits/sec 128 240 us 252 Mbits/sec 231 us (64%) 54.9 Mbits/sec 512 236 us 763 Mbits/sec 256 us (68%) 194 Mbits/sec 1k 242 us 969 Mbits/sec 225 us (62%) 449 Mbits/sec 4k 352 us 1.12 Gbits/sec 382 us (0.71%) 21.4 Mbits/sec"},{"location":"en/guide/mirror/#disable-traffic-mirroring_1","title":"Disable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 278 us 140 Mbits/sec 227 us (24%) 59.6 Mbits/sec 128 249 us 265 Mbits/sec 265 us (23%) 114 Mbits/sec 512 233 us 914 Mbits/sec 235 us (21%) 468 Mbits/sec 1k 238 us 1.14 Gbits/sec 240 us (15%) 891 Mbits/sec 4k 370 us 1.25 Gbits/sec 361 us (0.43%) 7.54 Mbits/sec"},{"location":"en/guide/mirror/#enable-traffic-mirroring_2","title":"Enable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 205 us 162 Mbits/sec 183 us (11%) 74.2 Mbits/sec 128 222 us 280 Mbits/sec 206 us (6.3%) 155 Mbits/sec 512 220 us 1.04 Gbits/sec 177 us (20%) 503 Mbits/sec 1k 213 us 2.06 Gbits/sec 201 us (8.6%) 1.14 Gbits/sec 4k 280 us 5.01 Gbits/sec 315 us (37%) 1.20 Gbits/sec"},{"location":"en/guide/mirror/#disable-traffic-mirroring_2","title":"Disable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 204 us 157 Mbits/sec 204 us (8.8%) 81.9 Mbits/sec 128 213 us 262 Mbits/sec 225 us (19%) 136 Mbits/sec 512 220 us 1.02 Gbits/sec 227 us (21%) 486 Mbits/sec 1k 217 us 1.79 Gbits/sec 218 us (29%) 845 Mbits/sec 4k 275 us 5.27 Gbits/sec 336 us (34%) 1.21 Gbits/sec"},{"location":"en/guide/mirror/#enable-traffic-mirroring_3","title":"Enable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 12.2 us 295 Mbits/sec 12.7 us (0.27%) 74.1 Mbits/sec 128 14.1 us 549 Mbits/sec 10.6 us (0.41%) 153 Mbits/sec 512 13.5 us 1.83 Gbits/sec 12.7 us (0.23%) 586 Mbits/sec 1k 12 us 2.69 Gbits/sec 13 us (1%) 1.16 Gbits/sec 4k 18.9 us 4.51 Gbits/sec 21.8 us (0.42%) 1.81 Gbits/sec"},{"location":"en/guide/mirror/#disable-traffic-mirroring_3","title":"Disable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 10.4 us 335 Mbits/sec 12.2 us (0.75%) 95.4 Mbits/sec 128 12.1 us 561 Mbits/sec 11.3 us (0.25%) 194 Mbits/sec 512 11.6 us 1.87 Gbits/sec 10.7 us (0.66%) 745 Mbits/sec 1k 12.7 us 3.12 Gbits/sec 10.9 us (1.2%) 1.46 Gbits/sec 4k 16.5 us 8.23 Gbits/sec 17.9 us (1.5%) 2.51 Gbits/sec"},{"location":"en/guide/mirror/#enable-traffic-mirroring_4","title":"Enable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 234 us 153 Mbits/sec 232 us (63%) 29.4 Mbits/sec 128 237 us 261 Mbits/sec 238 us (49%) 76.1 Mbits/sec 512 231 us 701 Mbits/sec 238 us (57%) 279 Mbits/sec 1k 256 us 1.05 Gbits/sec 228 us (56%) 524 Mbits/sec 4k 330 us 1.08 Gbits/sec 359 us (1.5%) 35.7 Mbits/sec"},{"location":"en/guide/mirror/#disable-traffic-mirroring_4","title":"Disable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 283 us 141 Mbits/sec 230 us (26%) 55.8 Mbits/sec 128 234 us 255 Mbits/sec 234 us (25%) 113 Mbits/sec 512 246 us 760 Mbits/sec 234 us (22%) 458 Mbits/sec 1k 268 us 1.23 Gbits/sec 242 us (20%) 879 Mbits/sec 4k 326 us 1.20 Gbits/sec 369 us (0.5%) 7.87 Mbits/sec"},{"location":"en/guide/mirror/#enable-traffic-mirroring_5","title":"Enable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 237 us 133 Mbits/sec 213 us (65%) 25.5 Mbits/sec 128 232 us 271 Mbits/sec 222 us (62%) 54.8 Mbits/sec 512 266 us 800 Mbits/sec 234 us (60%) 232 Mbits/sec 1k 248 us 986 Mbits/sec 239 us (50%) 511 Mbits/sec 4k 314 us 1.03 Gbits/sec 367 us (0.6%) 13.2 Mbits/sec TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14305.17 0.87ms 1.48ms 24.46ms 100 29082.07 3.87ms 4.35ms 102.85ms"},{"location":"en/guide/mirror/#disable-traffic-mirroring_5","title":"Disable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 241 us 145 Mbits/sec 225 us (19%) 60.2 Mbits/sec 128 245 us 261 Mbits/sec 212 us (15%) 123 Mbits/sec 512 252 us 821 Mbits/sec 219 us (14%) 499 Mbits/sec 1k 253 us 1.08 Gbits/sec 242 us (16%) 852 Mbits/sec 4k 320 us 1.32 Gbits/sec 360 us (0.47%) 6.70 Mbits/sec TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 13634.07 0.96ms 1.72ms 30.07ms 100 30215.23 3.59ms 3.20ms 77.56ms"},{"location":"en/guide/mirror/#enable-traffic-mirroring_6","title":"Enable traffic mirroring","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14802.73 0.88ms 1.66ms 31.49ms 100 29809.58 3.78ms 4.12ms 105.34ms"},{"location":"en/guide/mirror/#disable-traffic-mirroring_6","title":"Disable traffic mirroring","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14273.33 0.90ms 1.60ms 37.16ms 100 30757.81 3.62ms 3.41ms 59.78ms"},{"location":"en/guide/mirror/#enable-traffic-mirroring_7","title":"Enable traffic mirroring","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 15402.39 802.50us 1.42ms 30.91ms 100 29424.66 4.05ms 4.31ms 90.60ms"},{"location":"en/guide/mirror/#disable-traffic-mirroring_7","title":"Disable traffic mirroring","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14649.21 0.91ms 1.72ms 43.92ms 100 32143.61 3.66ms 3.76ms 67.02ms \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/networkpolicy-log/","title":"NetworkPolicy Logging","text":"NetworkPolicy is a interface provided by Kubernetes and implemented by Kube-OVN through OVN's ACLs. With NetworkPolicy, if the networks are down, it is difficult to determine whether it is caused by a network failure or a NetworkPolicy rule problem. Kube-OVN provides NetworkPolicy logging to help administrators quickly locate whether a NetworkPolicy drop rule has been hit, and to record the illegal accesses.
Once NetworkPolicy logging is turned on, logs need to be printed for every packet that hits a Drop rule, which introduces additional performance overhead. Under a malicious attack, a large number of logs in a short period of time may exhaust the CPU. We recommend turning off logging by default in production environments and dynamically turning it on when you need to troubleshoot problems.
"},{"location":"en/guide/networkpolicy-log/#enable-networkpolicy-logging","title":"Enable NetworkPolicy Logging","text":"Add the annotation ovn.kubernetes.io/enable_log to the NetworkPolicy where logging needs to be enabled, as follows:
apiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: default-deny-ingress\n namespace: kube-system\n annotations:\n ovn.kubernetes.io/enable_log: \"true\"\nspec:\n podSelector: {}\n policyTypes:\n - Ingress\n
Next, you can observe the log of dropped packets in /var/log/ovn/ovn-controller.log on the host of the corresponding Pod:
# tail -f /var/log/ovn/ovn-controller.log\n2022-07-20T05:55:03.229Z|00394|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=54343,tp_dst=53\n2022-07-20T05:55:06.229Z|00395|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=44187,tp_dst=53\n2022-07-20T05:55:08.230Z|00396|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=54274,tp_dst=53\n2022-07-20T05:55:11.231Z|00397|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=32778,tp_dst=53\n2022-07-20T05:55:11.231Z|00398|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=34188,tp_dst=53\n2022-07-20T05:55:13.231Z|00399|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=43290,tp_dst=53\n2022-07-20T05:55:22.096Z|00400|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n2022-07-20T05:55:22.097Z|00401|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n2022-07-20T05:55:22.098Z|00402|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n
"},{"location":"en/guide/networkpolicy-log/#disable-networkpolicy-logging","title":"Disable NetworkPolicy Logging","text":"Set annotation ovn.kubernetes.io/enable_log in the corresponding NetworkPolicy to false to disable NetworkPolicy logging:
kubectl annotate networkpolicy -n kube-system default-deny-ingress ovn.kubernetes.io/enable_log=false --overwrite\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/prometheus-grafana/","title":"Monitor and Dashboard","text":"Kube-OVN can export network control plane information and network data plane quality information metrics to the external in formats supported by Prometheus.
We use the CRD provided by kube-prometheus to define the corresponding Prometheus monitoring rules. For all monitoring metrics supported by Kube-OVN, please refer to Kube-OVN Monitoring Metrics.
If you are using native Prometheus, please refer to Configuring Native Prometheus for configuration.
"},{"location":"en/guide/prometheus-grafana/#install-prometheus-monitor","title":"Install Prometheus Monitor","text":"Kube-OVN uses Prometheus Monitor CRD to manage the monitoring output.
# network quality related monitoring metrics\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/pinger-monitor.yaml\n# kube-ovn-controller metrics\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/controller-monitor.yaml\n# kube-ovn-cni metrics\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/cni-monitor.yaml\n# ovn metrics\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovn-monitor.yaml\n
The default interval for Prometheus pull is 15s, if you need to adjust it, modify the interval value in yaml.
"},{"location":"en/guide/prometheus-grafana/#import-grafana-dashboard","title":"Import Grafana Dashboard","text":"Kube-OVN provides a predefined Grafana Dashboard to display control plane and data plane related metrics.
Download the corresponding Dashboard template:
# network quality related monitoring dashboard\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/pinger-grafana.json\n# kube-ovn-controller dashboard\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/controller-grafana.json\n# kube-ovn-cni dashboard\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/cni-grafana.json\n# ovn dashboard\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovn-grafana.json\n# ovs dashboard\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovs-grafana.json\n
Import these templates into Grafana and set the data source to the corresponding Prometheus to see the following Dashboards.
kube-ovn-controller dashboard:
kube-ovn-pinger dashboard:
kube-ovn-cni dashboard:
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/prometheus/","title":"Config Native Prometheus","text":"Kube-OVN provides rich monitoring data for OVN/OVS health status checks and connectivity checks of container and host networks, and Kube-OVN is configured with ServiceMonitor for Prometheus to dynamically obtain monitoring metrics.
In some cases, where only Prometheus Server is installed and no other components are installed, you can dynamically obtain monitoring data for the cluster environment by modifying the configuration of Prometheus.
"},{"location":"en/guide/prometheus/#config-prometheus","title":"Config Prometheus","text":"The following configuration documentation, referenced from Prometheus Service Discovery.
"},{"location":"en/guide/prometheus/#permission-configuration","title":"Permission Configuration","text":"Prometheus is deployed in the cluster and needs to access the k8s apiserver to query the monitoring data of the containers.
Refer to the following yaml to configure the permissions required by Prometheus:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: prometheus\nrules:\n- apiGroups: [\"\"]\n resources:\n - nodes\n - nodes/proxy\n - services\n - endpoints\n - pods\n verbs: [\"get\", \"list\", \"watch\"]\n- apiGroups:\n - extensions\n resources:\n - ingresses\n verbs: [\"get\", \"list\", \"watch\"]\n- nonResourceURLs: [\"/metrics\"]\n verbs: [\"get\"]\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: prometheus\n namespace: default\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: prometheus\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: prometheus\nsubjects:\n- kind: ServiceAccount\n name: prometheus\n namespace: default\n
"},{"location":"en/guide/prometheus/#prometheus-configmap","title":"Prometheus ConfigMap","text":"The startup of Prometheus relies on the configuration file prometheus.yml, the contents of which can be configured in ConfigMap and dynamically mounted to the Pod.
Create the ConfigMap file used by Prometheus by referring to the following yaml:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: prometheus-config\ndata:\n prometheus.yml: |-\n global:\n scrape_interval: 15s \n evaluation_interval: 15s\n scrape_configs:\n - job_name: 'prometheus'\n static_configs:\n - targets: ['localhost:9090']\n\n - job_name: 'kubernetes-nodes'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: node\n\n - job_name: 'kubernetes-service'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: service\n\n - job_name: 'kubernetes-endpoints'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: endpoints\n\n - job_name: 'kubernetes-ingress'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: ingress\n\n - job_name: 'kubernetes-pods'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: pod\n
Prometheus provides role-based querying of Kubernetes resource monitoring operations, which can be configured in the official documentation kubernetes_sd_config\u3002
"},{"location":"en/guide/prometheus/#deploy-prometheus","title":"Deploy Prometheus","text":"Deploy Prometheus Server by referring to the following yaml:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: prometheus\n name: prometheus\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: prometheus\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n labels:\n app: prometheus\n spec:\n serviceAccountName: prometheus\n serviceAccount: prometheus\n containers:\n - image: docker.io/prom/prometheus:latest\n imagePullPolicy: IfNotPresent\n name: prometheus\n command:\n - \"/bin/prometheus\"\n args:\n - \"--config.file=/etc/prometheus/prometheus.yml\"\n ports:\n - containerPort: 9090\n protocol: TCP\n volumeMounts:\n - mountPath: \"/etc/prometheus\"\n name: prometheus-config\n volumes:\n - name: prometheus-config\n configMap:\n name: prometheus-config\n
Deploy Prometheus Service by referring to the following yaml:
kind: Service\napiVersion: v1\nmetadata:\n name: prometheus\n namespace: default\n labels:\n name: prometheus\nspec:\n ports:\n - name: test\n protocol: TCP\n port: 9090\n targetPort: 9090\n type: NodePort\n selector:\n app: prometheus\n sessionAffinity: None\n
After exposing Prometheus through NodePort, Prometheus can be accessed through the node address.
"},{"location":"en/guide/prometheus/#prometheus-metrics-config","title":"Prometheus Metrics Config","text":"View information about Prometheus on the environment:
# kubectl get svc \nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkubernetes ClusterIP 10.4.0.1 <none> 443/TCP 8d\nprometheus NodePort 10.4.102.222 <none> 9090:32611/TCP 8d\n# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nprometheus-7544b6b84d-v9m8s 1/1 Running 0 3d5h 10.3.0.7 192.168.137.219 <none> <none>\n# kubectl get endpoints -o wide\nNAME ENDPOINTS AGE\nkubernetes 192.168.136.228:6443,192.168.136.232:6443,192.168.137.219:6443 8d\nprometheus 10.3.0.7:9090 8d\n
Access Prometheus via NodePort to see the data dynamically queried by Status/Service Discovery:
You can see that you can currently query all the service data information on the cluster.
"},{"location":"en/guide/prometheus/#configure-to-query-specified-resource","title":"Configure to Query Specified Resource","text":"The ConfigMap configuration above queries all resource data. If you only need resource data for a certain role, you can add filter conditions.
Take Service as an example, modify the ConfigMap content to query only the service monitoring data:
- job_name: 'kubernetes-service'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: service\n relabel_configs:\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]\n action: \"keep\"\n regex: \"true\"\n - action: labelmap\n regex: __meta_kubernetes_service_label_(.+)\n - source_labels: [__meta_kubernetes_namespace]\n target_label: kubernetes_namespace\n - source_labels: [__meta_kubernetes_service_name]\n target_label: kubernetes_service_name\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]\n action: replace\n target_label: __metrics_path__\n regex: \"(.+)\"\n
Check the Kube-OVN Service in kube-system Namespace:
# kubectl get svc -n kube-system\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkube-dns ClusterIP 10.4.0.10 <none> 53/UDP,53/TCP,9153/TCP 13d\nkube-ovn-cni ClusterIP 10.4.228.60 <none> 10665/TCP 13d\nkube-ovn-controller ClusterIP 10.4.172.213 <none> 10660/TCP 13d\nkube-ovn-monitor ClusterIP 10.4.242.9 <none> 10661/TCP 13d\nkube-ovn-pinger ClusterIP 10.4.122.52 <none> 8080/TCP 13d\novn-nb ClusterIP 10.4.80.213 <none> 6641/TCP 13d\novn-northd ClusterIP 10.4.126.234 <none> 6643/TCP 13d\novn-sb ClusterIP 10.4.216.249 <none> 6642/TCP 13d\n
Add annotation prometheus.io/scrape=\"true\" to Service\uff1a
# kubectl annotate svc -n kube-system kube-ovn-cni prometheus.io/scrape=true\nservice/kube-ovn-cni annotated\n# kubectl annotate svc -n kube-system kube-ovn-controller prometheus.io/scrape=true\nservice/kube-ovn-controller annotated\n# kubectl annotate svc -n kube-system kube-ovn-monitor prometheus.io/scrape=true\nservice/kube-ovn-monitor annotated\n# kubectl annotate svc -n kube-system kube-ovn-pinger prometheus.io/scrape=true\nservice/kube-ovn-pinger annotated\n
Check the configured Service information:
# kubectl get svc -o yaml -n kube-system kube-ovn-controller\napiVersion: v1\nkind: Service\nmetadata:\n annotations:\n helm.sh/chart-version: v3.10.0-alpha.55\n helm.sh/original-name: kube-ovn-controller\n ovn.kubernetes.io/vpc: ovn-cluster\n prometheus.io/scrape: \"true\" // added annotation\n labels:\n app: kube-ovn-controller\n name: kube-ovn-controller\n namespace: kube-system\nspec:\n clusterIP: 10.4.172.213\n clusterIPs:\n - 10.4.172.213\n internalTrafficPolicy: Cluster\n ipFamilies:\n - IPv4\n ipFamilyPolicy: SingleStack\n ports:\n - name: metrics\n port: 10660\n protocol: TCP\n targetPort: 10660\n selector:\n app: kube-ovn-controller\n sessionAffinity: None\n type: ClusterIP\nstatus:\n loadBalancer: {}\n
Looking at the Prometheus Status Targets information, you can only see the Services with annotation:
For more information about adding filter parameters to relabel, please check Prometheus-Relabel\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/qos/","title":"Manage QoS","text":"Kube-OVN supports two types of Pod level QoS:
- Maximum bandwidth limit QoS.
linux-netem, QoS for simulating latency and packet loss that can be used for simulation testing.
Currently, only Pod level QoS is supported, and QoS restrictions at the Namespace or Subnet level are not supported.
"},{"location":"en/guide/qos/#maximum-bandwidth-limit-qos","title":"Maximum Bandwidth Limit QoS","text":"This type of QoS can be dynamically configured via Pod annotation and can be adjusted without restarting running Pod. Bandwidth speed limit unit is Mbit/s.
apiVersion: v1\nkind: Pod\nmetadata:\n name: qos\n namespace: ls1\n annotations:\n ovn.kubernetes.io/ingress_rate: \"3\"\n ovn.kubernetes.io/egress_rate: \"1\"\nspec:\n containers:\n - name: qos\n image: docker.io/library/nginx:alpine\n
Use annotation to dynamically adjust QoS:
kubectl annotate --overwrite pod nginx-74d5899f46-d7qkn ovn.kubernetes.io/ingress_rate=3\n
"},{"location":"en/guide/qos/#test-qos","title":"Test QoS","text":"Deploy the containers needed for performance testing:
kind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: perf\n namespace: ls1\n labels:\n app: perf\nspec:\n selector:\n matchLabels:\n app: perf\n template:\n metadata:\n labels:\n app: perf\n spec:\n containers:\n - name: nginx\n image: docker.io/kubeovn/perf\n
Exec into one Pod and run iperf3 server:
# kubectl exec -it perf-4n4gt -n ls1 sh\n# iperf3 -s\n-----------------------------------------------------------\nServer listening on 5201\n-----------------------------------------------------------\n
Exec into the other Pod and run iperf3 client to connect above server address:
# kubectl exec -it perf-d4mqc -n ls1 sh\n# iperf3 -c 10.66.0.12\nConnecting to host 10.66.0.12, port 5201\n[ 4] local 10.66.0.14 port 51544 connected to 10.66.0.12 port 5201\n[ ID] Interval Transfer Bandwidth Retr Cwnd\n[ 4] 0.00-1.00 sec 86.4 MBytes 725 Mbits/sec 3 350 KBytes\n[ 4] 1.00-2.00 sec 89.9 MBytes 754 Mbits/sec 118 473 KBytes\n[ 4] 2.00-3.00 sec 101 MBytes 848 Mbits/sec 184 586 KBytes\n[ 4] 3.00-4.00 sec 104 MBytes 875 Mbits/sec 217 671 KBytes\n[ 4] 4.00-5.00 sec 111 MBytes 935 Mbits/sec 175 772 KBytes\n[ 4] 5.00-6.00 sec 100 MBytes 840 Mbits/sec 658 598 KBytes\n[ 4] 6.00-7.00 sec 106 MBytes 890 Mbits/sec 742 668 KBytes\n[ 4] 7.00-8.00 sec 102 MBytes 857 Mbits/sec 764 724 KBytes\n[ 4] 8.00-9.00 sec 97.4 MBytes 817 Mbits/sec 1175 764 KBytes\n[ 4] 9.00-10.00 sec 111 MBytes 934 Mbits/sec 1083 838 KBytes\n- - - - - - - - - - - - - - - - - - - - - - - - -\n[ ID] Interval Transfer Bandwidth Retr\n[ 4] 0.00-10.00 sec 1010 MBytes 848 Mbits/sec 5119 sender\n[ 4] 0.00-10.00 sec 1008 MBytes 846 Mbits/sec receiver\n\niperf Done.\n
Modify the ingress bandwidth QoS for the first Pod:
kubectl annotate --overwrite pod perf-4n4gt -n ls1 ovn.kubernetes.io/ingress_rate=30\n
Test the Pod bandwidth again from the second Pod:
# iperf3 -c 10.66.0.12\nConnecting to host 10.66.0.12, port 5201\n[ 4] local 10.66.0.14 port 52372 connected to 10.66.0.12 port 5201\n[ ID] Interval Transfer Bandwidth Retr Cwnd\n[ 4] 0.00-1.00 sec 3.66 MBytes 30.7 Mbits/sec 2 76.1 KBytes\n[ 4] 1.00-2.00 sec 3.43 MBytes 28.8 Mbits/sec 0 104 KBytes\n[ 4] 2.00-3.00 sec 3.50 MBytes 29.4 Mbits/sec 0 126 KBytes\n[ 4] 3.00-4.00 sec 3.50 MBytes 29.3 Mbits/sec 0 144 KBytes\n[ 4] 4.00-5.00 sec 3.43 MBytes 28.8 Mbits/sec 0 160 KBytes\n[ 4] 5.00-6.00 sec 3.43 MBytes 28.8 Mbits/sec 0 175 KBytes\n[ 4] 6.00-7.00 sec 3.50 MBytes 29.3 Mbits/sec 0 212 KBytes\n[ 4] 7.00-8.00 sec 3.68 MBytes 30.9 Mbits/sec 0 294 KBytes\n[ 4] 8.00-9.00 sec 3.74 MBytes 31.4 Mbits/sec 0 398 KBytes\n[ 4] 9.00-10.00 sec 3.80 MBytes 31.9 Mbits/sec 0 526 KBytes\n- - - - - - - - - - - - - - - - - - - - - - - - -\n[ ID] Interval Transfer Bandwidth Retr\n[ 4] 0.00-10.00 sec 35.7 MBytes 29.9 Mbits/sec 2 sender\n[ 4] 0.00-10.00 sec 34.5 MBytes 29.0 Mbits/sec receiver\n\niperf Done.\n
"},{"location":"en/guide/qos/#linux-netem-qos","title":"linux-netem QoS","text":"Pod can use annotation below to config linux-netem type QoS\uff1a ovn.kubernetes.io/latency\u3001ovn.kubernetes.io/limit and ovn.kubernetes.io/loss\u3002
To install netem related modules on RHEL series operating systems, follow these instructions: yum install -y kernel-modules-extra && modprobe sch_netem
ovn.kubernetes.io/latency: Set the Pod traffic delay to an integer value in ms.ovn.kubernetes.io/limit\uff1a Set the maximum number of packets that the qdisc queue can hold, and takes an integer value, such as 1000.ovn.kubernetes.io/loss\uff1a Set packet loss probability, the value is float type, for example, the value is 20, then it is set 20% packet loss probability.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/setup-options/","title":"Installation and Configuration Options","text":"In One-Click Installation we use the default configuration for installation. Kube-OVN also supports more custom configurations, which can be configured in the installation script, or later by changing the parameters of individual components. This document will describe what these customization options do, and how to configure them.
"},{"location":"en/guide/setup-options/#built-in-network-settings","title":"Built-in Network Settings","text":"Kube-OVN will configure two built-in Subnets during installation:
default Subnet, as the default subnet used by the Pod to assign IPs, with a default CIDR of 10.16.0.0/16 and a gateway of 10.16.0.1.- The
join subnet, as a special subnet for network communication between the Node and Pod, has a default CIDR of 100.64.0.0/16 and a gateway of 100.64.0.1.
The configuration of these two subnets can be changed during installation via the installation scripts variables:
POD_CIDR=\"10.16.0.0/16\"\nPOD_GATEWAY=\"10.16.0.1\"\nJOIN_CIDR=\"100.64.0.0/16\"\nEXCLUDE_IPS=\"\"\n
EXCLUDE_IP sets the address range for which kube-ovn-controller will not automatically assign from it, the format is: 192.168.10.20..192.168.10.30.
Note that in the Overlay case these two Subnets CIDRs cannot conflict with existing host networks and Service CIDRs.
You can change the address range of both Subnets after installation by referring to Change Subnet CIDR and Change Join Subnet CIDR.
"},{"location":"en/guide/setup-options/#config-service-cidr","title":"Config Service CIDR","text":"Since some of the iptables and routing rules set by kube-proxy will conflict with the rules set by Kube-OVN, Kube-OVN needs to know the CIDR of the service to set the corresponding rules correctly.
This can be done by modifying the installation script:
SVC_CIDR=\"10.96.0.0/12\" \n
You can also modify the args of the kube-ovn-controller Deployment after installation:
args:\n- --service-cluster-ip-range=10.96.0.0/12\n
"},{"location":"en/guide/setup-options/#overlay-nic-selection","title":"Overlay NIC Selection","text":"In the case of multiple NICs on a node, Kube-OVN will select the NIC corresponding to the Kubernetes Node IP as the NIC for cross-node communication between containers and establish the corresponding tunnel.
If you need to select another NIC to create a container tunnel, you can change it in the installation script:
IFACE=eth1\n
This option supports regular expressions separated by commas, e.g. 'ens[a-z0-9],eth[a-z0-9]'.
It can also be adjusted after installation by modifying the args of the kube-ovn-cni DaemonSet:
args:\n- --iface=eth1\n
If each machine has a different NIC name and there is no fixed pattern, you can use the node annotation ovn.kubernetes.io/tunnel_interface to configure each node one by one. This annotation will override the configuration of iface.
kubectl annotate node no1 ovn.kubernetes.io/tunnel_interface=ethx\n
"},{"location":"en/guide/setup-options/#config-mtu","title":"Config MTU","text":"Since Overlay encapsulation requires additional space, Kube-OVN will adjust the MTU of the container NIC based on the MTU of the selected NIC when creating the container NIC. By default, the Pod NIC MTU is the host NIC MTU - 100 on the Overlay Subnet, and the Pod NIC and host NIC have the same MTU on the Underlay Subnet.
If you need to adjust the size of the MTU under the Overlay subnet, you can modify the parameters of the kube-ovn-cni DaemonSet:
args:\n- --mtu=1333\n
"},{"location":"en/guide/setup-options/#global-traffic-mirroring-setting","title":"Global Traffic Mirroring Setting","text":"When global traffic mirroring is enabled, Kube-OVN will create a mirror0 virtual NIC on each node and copy all container network traffic from the current machine to that NIC\uff0c Users can perform traffic analysis with tcpdump and other tools. This function can be enabled in the installation script:
ENABLE_MIRROR=true\n
It can also be adjusted after installation by modifying the args of the kube-ovn-cni DaemonSet:
args:\n- --enable-mirror=true\n
The ability to mirror traffic is disabled in the default installation, if you need fine-grained traffic mirroring or need to mirror traffic to additional NICs please refer to Traffic Mirror.
"},{"location":"en/guide/setup-options/#lb-settings","title":"LB Settings","text":"Kube-OVN uses L2 LB in OVN to implement service forwarding. In Overlay scenarios, users can choose to use kube-proxy for service traffic forwarding, in which case the LB function of Kube-OVN can be disabled to achieve better performance on the control plane and data plane.
This feature can be configured in the installation script:
ENABLE_LB=false\n
It can also be configured after installation by changing the args of the kube-ovn-controller Deployment:
args:\n- --enable-lb=false\n
The LB feature is enabled in the default installation.
The spec field enableLb has been added to the subnet crd definition since Kube-OVN v1.12.0 to migrate the LB function of Kube-OVN to the subnet level. You can set whether to enable the LB function based on different subnets. The enable-lb parameter in the kube-ovn-controller deployment is used as a global switch to control whether to create a load-balancer record. The enableLb parameter added in the subnet is used to control whether the subnet is associated with a load-balancer record. After the previous version is upgraded to v1.12.0, the enableLb parameter of the subnet will automatically inherit the value of the original global switch parameter.
"},{"location":"en/guide/setup-options/#networkpolicy-settings","title":"NetworkPolicy Settings","text":"Kube-OVN uses ACLs in OVN to implement NetworkPolicy. Users can choose to disable the NetworkPolicy feature or use the Cilium Chain approach to implement NetworkPolicy using eBPF. In this case, the NetworkPolicy feature of Kube-OVN can be disabled to achieve better performance on the control plane and data plane.
This feature can be configured in the installation script:
ENABLE_NP=false\n
It can also be configured after installation by changing the args of the kube-ovn-controller Deployment:
args:\n- --enable-np=false\n
NetworkPolicy is enabled by default.
"},{"location":"en/guide/setup-options/#eip-and-snat-settings","title":"EIP and SNAT Settings","text":"If the EIP and SNAT capabilities are not required on the default VPC, users can choose to disable them to reduce the performance overhead of kube-ovn-controller in large scale cluster environments and improve processing speed.
This feature can be configured in the installation script:
ENABLE_EIP_SNAT=false\n
It can also be configured after installation by changing the args of the kube-ovn-controller Deployment:
args:\n- --enable-eip-snat=false\n
EIP and SNAT is enabled by default. More information can refer to EIP and SNAT\u3002
"},{"location":"en/guide/setup-options/#centralized-gateway-ecmp-settings","title":"Centralized Gateway ECMP Settings","text":"The centralized gateway supports two mode of high availability, primary-backup and ECMP. If you want to enable ECMP mode, you need to change the args of kube-ovn-controller Deployment:
args:\n- --enable-ecmp=true \n
Centralized gateway default installation under the primary-backup mode, more gateway-related content please refer to Config Subnet.
The spec field enableEcmp has been added to the subnet crd definition since Kube-OVN v1.12.0 to migrate the ECMP switch to the subnet level. You can set whether to enable ECMP mode based on different subnets. The enable-ecmp parameter in the kube-ovn-controller deployment is no longer used. After the previous version is upgraded to v1.12.0, the subnet switch will automatically inherit the value of the original global switch parameter.
"},{"location":"en/guide/setup-options/#kubevirt-vm-fixed-address-settings","title":"Kubevirt VM Fixed Address Settings","text":"For VM instances created by Kubevirt, kube-ovn-controller can assign and manage IP addresses in a similar way to the StatefulSet Pod. This allows VM instances address fixed during start-up, shutdown, upgrade, migration, and other operations throughout their lifecycle, making them more compatible with the actual virtualization user experience.
This feature is enabled by default after v1.10.6. To disable this feature, you need to change the following args in the kube-ovn-controller Deployment:
args:\n- --keep-vm-ip=false\n
"},{"location":"en/guide/setup-options/#cni-settings","title":"CNI Settings","text":"By default, Kube-OVN installs the CNI binary in the /opt/cni/bin directory and the CNI configuration file 01-kube-ovn.conflist in the /etc/cni/net.d directory. If you need to change the installation location and the priority of the CNI configuration file, you can modify the following parameters of the installation script.
CNI_CONF_DIR=\"/etc/cni/net.d\"\nCNI_BIN_DIR=\"/opt/cni/bin\"\nCNI_CONFIG_PRIORITY=\"01\"\n
Or change the Volume mount and args of the kube-ovn-cni DaemonSet after installation:
volumes:\n- name: cni-conf\n hostPath:\n path: \"/etc/cni/net.d\"\n- name: cni-bin\n hostPath:\n path:\"/opt/cni/bin\"\n...\nargs:\n- --cni-conf-name=01-kube-ovn.conflist\n
"},{"location":"en/guide/setup-options/#tunnel-type-settings","title":"Tunnel Type Settings","text":"The default encapsulation mode of Kube-OVN Overlay is Geneve, if you want to change it to Vxlan or STT, please adjust the following parameters in the installation script:
TUNNEL_TYPE=\"vxlan\"\n
Or change the environment variables of ovs-ovn DaemonSet after installation:
env:\n- name: TUNNEL_TYPE\n value: \"vxlan\"\n
If you need to use the STT tunnel and need to compile additional kernel modules for ovs, please refer to Performance Tunning\u3002
Please refer to Tunneling Protocol Selection for the differences between the different protocols in practice.
"},{"location":"en/guide/setup-options/#ssl-settings","title":"SSL Settings","text":"The OVN DB API interface supports SSL encryption to secure the connection. To enable it, adjust the following parameters in the installation script:
ENABLE_SSL=true\n
The SSL is disabled by default.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/static-ip-mac/","title":"Fixed Addresses","text":"By default, Kube-OVN randomly assigns IPs and Macs based on the Subnet to which the Pod's Namespace belongs. For workloads that require fixed addresses, Kube-OVN provides multiple methods of fixing addresses depending on the scenario.
- Single Pod fixed IP/Mac.
- Workload IP Pool to specify fixed addresses.
- StatefulSet fixed address.
- KubeVirt VM fixed address.
"},{"location":"en/guide/static-ip-mac/#single-pod-fixed-ipmac","title":"Single Pod Fixed IP/Mac","text":"You can specify the IP/Mac required for the Pod by annotation when creating the Pod. The kube-ovn-controller will skip the address random assignment phase and use the specified address directly after conflict detection, as follows:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: ippool\n labels:\n app: ippool\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: ippool\n template:\n metadata:\n labels:\n app: ippool\n annotations:\n ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17 // for dualstack ippool use semicolon to separate addresses 10.16.0.15,fd00:10:16::000E;10.16.0.16,fd00:10:16::0\n spec:\n containers:\n - name: ippool\n image: docker.io/library/nginx:alpine\n
The following points need to be noted when using annotation.
- The IP/Mac used cannot conflict with an existing IP/Mac.
- The IP must be in the CIDR range of the Subnet it belongs to.
- You can specify only IP or Mac. When you specify only one, the other one will be assigned randomly.
"},{"location":"en/guide/static-ip-mac/#workload-ip-pool","title":"Workload IP Pool","text":"Kube-OVN supports setting fixed IPs for Workloads (Deployment/StatefulSet/DaemonSet/Job/CronJob) via annotation ovn.kubernetes.io/ip_pool. kube-ovn-controller will automatically select the IP specified in ovn.kubernetes.io/ip_pool and perform conflict detection.
The Annotation of the IP Pool needs to be added to the annotation field in the template. In addition to Kubernetes built-in workload types, other user-defined workloads can also be assigned fixed addresses using the same approach.
"},{"location":"en/guide/static-ip-mac/#deployment-with-fixed-ips","title":"Deployment With Fixed IPs","text":"apiVersion: apps/v1\nkind: Deployment\nmetadata:\n namespace: ls1\n name: starter-backend\n labels:\n app: starter-backend\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: starter-backend\n template:\n metadata:\n labels:\n app: starter-backend\n annotations:\n ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17 // for dualstack ippool use semicolon to separate addresses 10.16.0.15,fd00:10:16::000E;10.16.0.16,fd00:10:16::000F;10.16.0.17,fd00:10:16::0010\n spec:\n containers:\n - name: backend\n image: docker.io/library/nginx:alpine\n
Using a fixed IP for Workload requires the following:
- The IP in
ovn.kubernetes.io/ip_pool should belong to the CIDR of the Subnet. - The IP in
ovn.kubernetes.io/ip_pool cannot conflict with an IP already in use. - When the number of IPs in
ovn.kubernetes.io/ip_pool is less than the number of replicas, the extra Pods will not be created. You need to adjust the number of IPs in ovn.kubernetes.io/ip_pool according to the update policy of the workload and the scaling plan.
"},{"location":"en/guide/static-ip-mac/#statefulset-fixed-address","title":"StatefulSet Fixed Address","text":"StatefulSet supports fixed IP by default, and like other Workload, you can use ovn.kubernetes.io/ip_pool to specify the range of IP used by a Pod.
Since StatefulSet is mostly used for stateful services, which have higher requirements for fixed addresses, Kube-OVN has made special enhancements:
- Pods are assigned IPs in
ovn.kubernetes.io/ip_pool in order. For example, if the name of the StatefulSet is web, web-0 will use the first IP in ovn.kubernetes.io/ip_pool, web-1 will use the second IP, and so on. - The logical_switch_port in the OVN is not deleted during update or deletion of the StatefulSet Pod, and the newly generated Pod directly reuses the old logical port information. Pods can therefore reuse IP/Mac and other network information to achieve similar state retention as StatefulSet Volumes.
- Based on the capabilities of 2, for StatefulSet without the
ovn.kubernetes.io/ip_pool annotation, a Pod is randomly assigned an IP/Mac when it is first generated, and then the network information remains fixed for the lifetime of the StatefulSet.
"},{"location":"en/guide/static-ip-mac/#statefulset-example","title":"StatefulSet Example","text":"apiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n name: web\nspec:\n serviceName: \"nginx\"\n replicas: 2\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n ports:\n - containerPort: 80\n name: web\n
You can try to delete the Pod under StatefulSet to observe if the Pod IP changes.
"},{"location":"en/guide/static-ip-mac/#kubevirt-vm-fixed-address","title":"KubeVirt VM Fixed Address","text":"For VM instances created by KubeVirt, kube-ovn-controller can assign and manage IP addresses in a similar way to the StatefulSet Pod. This allows VM instances address fixed during start-up, shutdown, upgrade, migration, and other operations throughout their lifecycle, making them more compatible with the actual virtualization user experience.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/subnet/","title":"Config Subnet","text":"Subnet is a core concept and basic unit of use in Kube-OVN, and Kube-OVN organizes IP and network configuration in terms of Subnet. Each Namespace can belong to a specific Subnet, and Pods under the Namespace automatically obtain IPs from the Subnet they belong to and share the network configuration (CIDR, gateway type, access control, NAT control, etc.).
Unlike other CNI implementations where each node is bound to a subnet, in Kube-OVN the Subnet is a global level virtual network configuration, and the addresses of one Subnet can be distributed on any node.
There are some differences in the usage and configuration of Overlay and Underlay Subnets, and this document will describe the common configurations and differentiated features of the different types of Subnets.
"},{"location":"en/guide/subnet/#default-subnet","title":"Default Subnet","text":"To make it easier for users to get started quickly, Kube-OVN has a built-in default Subnet, all Namespaces that do not explicitly declare subnet affiliation are automatically assigned IPs from the default subnet and the network information. The configuration of this Subnet is specified at installation time, you can refer to Built-in Network Settings for more details. To change the CIDR of the default Subnet after installation please refer to Change Subnet CIDR.
In Overlay mode, the default Subnet uses a distributed gateway and NAT translation for outbound traffic, which behaves much the same as the Flannel's default behavior, allowing users to use most of the network features without additional configuration.
In Underlay mode, the default Subnet uses the physical gateway as the outgoing gateway and enables arping to check network connectivity.
"},{"location":"en/guide/subnet/#check-the-default-subnet","title":"Check the Default Subnet","text":"The default field in the default Subnet spec is set to true, and there is only one default Subnet in a cluster, named ovn-default.
# kubectl get subnet ovn-default -o yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n creationTimestamp: \"2019-08-06T09:33:43Z\"\n generation: 1\n name: ovn-default\n resourceVersion: \"1571334\"\n selfLink: /apis/kubeovn.io/v1/subnets/ovn-default\n uid: 7e2451f8-fb44-4f7f-b3e0-cfd27f6fd5d6\nspec:\n cidrBlock: 10.16.0.0/16\n default: true\n excludeIps:\n - 10.16.0.1\n gateway: 10.16.0.1\n gatewayType: distributed\n natOutgoing: true\n private: false\n protocol: IPv4\n
"},{"location":"en/guide/subnet/#join-subnet","title":"Join Subnet","text":"In the Kubernetes network specification, it is required that Nodes can communicate directly with all Pods. To achieve this in Overlay network mode, Kube-OVN creates a join Subnet and creates a virtual NIC ovn0 at each node that connect to the join subnet, through which the nodes and Pods can communicate with each other.
The configuration of this Subnet is specified at installation time, you can refer to Built-in Network Settings for more details. To change the CIDR of the Join Subnet after installation please refer to Change Join CIDR.
"},{"location":"en/guide/subnet/#check-the-join-subnet","title":"Check the Join Subnet","text":"The default name of this subnet is join. There is generally no need to make changes to the network configuration except the CIDR.
# kubectl get subnet join -o yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n creationTimestamp: \"2019-08-06T09:33:43Z\"\n generation: 1\n name: join\n resourceVersion: \"1571333\"\n selfLink: /apis/kubeovn.io/v1/subnets/join\n uid: 9c744810-c678-4d50-8a7d-b8ec12ef91b8\nspec:\n cidrBlock: 100.64.0.0/16\n default: false\n excludeIps:\n - 100.64.0.1\n gateway: 100.64.0.1\n gatewayNode: \"\"\n gatewayType: \"\"\n natOutgoing: false\n private: false\n protocol: IPv4\n
Check the ovn0 NIC at the node:
# ifconfig ovn0\novn0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1420\n inet 100.64.0.4 netmask 255.255.0.0 broadcast 100.64.255.255\n inet6 fe80::800:ff:fe40:5 prefixlen 64 scopeid 0x20<link>\n ether 0a:00:00:40:00:05 txqueuelen 1000 (Ethernet)\n RX packets 18 bytes 1428 (1.3 KiB)\n RX errors 0 dropped 0 overruns 0 frame 0\n TX packets 19 bytes 1810 (1.7 KiB)\n TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0\n
"},{"location":"en/guide/subnet/#create-custom-subnets","title":"Create Custom Subnets","text":"Here we describe the basic operation of how to create a Subnet and associate it with a Namespace, for more advanced configuration, please refer to the subsequent content.
"},{"location":"en/guide/subnet/#create-subnet","title":"Create Subnet","text":"cat <<EOF | kubectl create -f -\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 10.66.0.0/16\n excludeIps:\n - 10.66.0.1..10.66.0.10\n - 10.66.0.101..10.66.0.151\n gateway: 10.66.0.1\n gatewayType: distributed\n natOutgoing: true\n routeTable: \"\"\n namespaces:\n - ns1\n - ns2\nEOF\n
cidrBlock: Subnet CIDR range, different Subnet CIDRs under the same VPC cannot overlap.excludeIps: The address list is reserved so that the container network will not automatically assign addresses in the list, which can be used as a fixed IP address assignment segment or to avoid conflicts with existing devices in the physical network in Underlay mode.gateway\uff1aFor this subnet gateway address, Kube-OVN will automatically assign the corresponding logical gateway in Overlay mode, and the address should be the underlying physical gateway address in Underlay mode.namespaces: Bind the list of Namespace for this Subnet. Pods under the Namespace will be assigned addresses from the current Subnet after binding.routeTable: Associate the route table, default is main table, route table definition please defer to Static Routes
"},{"location":"en/guide/subnet/#create-pod-in-the-subnet","title":"Create Pod in the Subnet","text":"# kubectl create ns ns1\nnamespace/ns1 created\n\n# kubectl run nginx --image=docker.io/library/nginx:alpine -n ns1\ndeployment.apps/nginx created\n\n# kubectl get pod -n ns1 -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nnginx-74d5899f46-n8wtg 1/1 Running 0 10s 10.66.0.11 node1 <none> <none>\n
"},{"location":"en/guide/subnet/#workload-subnet-binding","title":"Workload Subnet Binding","text":"By default, Pods will be assigned IP addresses from the subnet belonging to the Namespace. If a specific subnet needs to be specified for a Workload, it can be achieved by setting the Pod's annotation ovn.kubernetes.io/logical_switch:
apiVersion: v1\nkind: Pod\nmetadata:\n name: another-subnet\n annotations:\n ovn.kubernetes.io/logical_switch: subnet1\nspec:\n containers:\n - name: another-subnet\n image: docker.io/library/nginx:alpine\n
If you need to bind a subnet to a Workload type resource such as Deployment or StatefulSet, you need to set the ovn.kubernetes.io/logical_switch Annotation in spec.template.metadata.annotations.
"},{"location":"en/guide/subnet/#overlay-subnet-gateway-settings","title":"Overlay Subnet Gateway Settings","text":"This feature only works for Overlay mode Subnets, Underlay type Subnets need to use the underlying physical gateway to access the external network.
Pods under the Overlay Subnet need to access the external network through a gateway, and Kube-OVN currently supports two types of gateways: distributed gateway and centralized gateway which can be changed in the Subnet spec.
Both types of gateways support the natOutgoing setting, which allows the user to choose whether snat is required when the Pod accesses the external network.
"},{"location":"en/guide/subnet/#distributed-gateway","title":"Distributed Gateway","text":"The default type of gateway for the Subnet, each node will act as a gateway for the pod on the current node to access the external network. The packets from container will flow into the host network stack from the local ovn0 NIC, and then forwarding the network according to the host's routing rules. When natOutgoing is true, the Pod will use the IP of the current host when accessing the external network.
Example of a Subnet, where the gatewayType field is distributed:
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: distributed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: distributed\n natOutgoing: true\n
"},{"location":"en/guide/subnet/#centralized-gateway","title":"Centralized Gateway","text":"Note: Pods under a centralized subnet cannot be accessed through hostport or a NodePort type Service with externalTrafficPolicy: Local.
If you want traffic within the Subnet to access the external network using a fixed IP for security operations such as auditing and whitelisting, you can set the gateway type in the Subnet to centralized. In centralized gateway mode, packets from Pods accessing the external network are first routed to the ovn0 NIC of a specific nodes, and then outbound through the host's routing rules. When natOutgoing is true, the Pod will use the IP of a specific nodes when accessing the external network.
The centralized gateway example is as follows, where the gatewayType field is centralized and gatewayNode is the NodeName of the particular machine in Kubernetes.
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: centralized\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: centralized\n gatewayNode: \"node1,node2\"\n natOutgoing: true\n
- If a centralized gateway wants to specify a specific NIC of a machine for outbound networking,
gatewayNode format can be changed to kube-ovn-worker:172.18.0.2, kube-ovn-control-plane:172.18.0.3. - The centralized gateway defaults to primary-backup mode, with only the primary node performing traffic forwarding. If you need to switch to ECMP mode, please refer to ECMP Settings.
- The spec field
enableEcmp has been added to the subnet crd definition since Kube-OVN v1.12.0 to migrate the ECMP switch to the subnet level. You can set whether to enable ECMP mode based on different subnets. The enable-ecmp parameter in the kube-ovn-controller deployment is no longer used. After the previous version is upgraded to v1.12.0, the subnet switch will automatically inherit the value of the original global switch parameter.
"},{"location":"en/guide/subnet/#subnet-acl","title":"Subnet ACL","text":"For scenarios with fine-grained ACL control, Subnet of Kube-OVN provides ACL to enable fine-grained rules.
The ACL rules in Subnet are the same as the ACL rules in OVN, and you can refer to ovn-nb ACL Table for more details. The supported filed in match can refer to ovn-sb Logical Flow Table.
Example of an ACL rule that allows Pods with IP address 10.10.0.2 to access all addresses, but does not allow other addresses to access itself, is as follows:
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: acl\nspec:\n acls:\n - action: drop\n direction: to-lport\n match: ip4.dst == 10.10.0.2 && ip\n priority: 1002\n - action: allow-related\n direction: from-lport\n match: ip4.src == 10.10.0.2 && ip\n priority: 1002\n cidrBlock: 10.10.0.0/24\n
"},{"location":"en/guide/subnet/#subnet-isolation","title":"Subnet Isolation","text":"The function of Subnet ACL can cover the function of Subnet isolation with better flexibility, we recommend using Subnet ACL to do the corresponding configuration.
By default the Subnets created by Kube-OVN can communicate with each other, and Pods can also access external networks through the gateway.
To control access between Subnets, set private to true in the subnet spec, and the Subnet will be isolated from other Subnets and external networks and can only communicate within the Subnet. If you want to open a whitelist, you can set it by allowSubnets. The CIDRs in allowSubnets can access the Subnet bidirectionally.
"},{"location":"en/guide/subnet/#enable-subnet-isolation-examples","title":"Enable Subnet Isolation Examples","text":"apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: private\nspec:\n protocol: IPv4\n default: false\n namespaces:\n - ns1\n - ns2\n cidrBlock: 10.69.0.0/16\n private: true\n allowSubnets:\n - 10.16.0.0/16\n - 10.18.0.0/16\n
"},{"location":"en/guide/subnet/#underlay-settings","title":"Underlay Settings","text":"This part of the feature is only available for Underlay type Subnets.
vlan: If an Underlay network is used, this field is used to control which Vlan CR the Subnet is bound to. This option defaults to the empty string, meaning that the Underlay network is not used.logicalGateway: Some Underlay environments are pure Layer 2 networks, with no physical Layer 3 gateway. In this case a virtual gateway can be set up with the OVN to connect the Underlay and Overlay networks. The default value is: false.
"},{"location":"en/guide/subnet/#gateway-check-settings","title":"Gateway Check Settings","text":"By default kube-ovn-cni will request the gateway using ICMP or ARP protocol after starting the Pod and wait for the return to verify that the network is working properly. Some Underlay environment gateways cannot respond to ICMP requests, or scenarios that do not require external connectivity, the checking can be disabled .
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: disable-gw-check\nspec:\n disableGatewayCheck: true\n
"},{"location":"en/guide/subnet/#multicast-snoop-setting","title":"Multicast-Snoop Setting","text":"By default, if a Pod in a subnet sends a multicast packet, OVN's default behavior is to broadcast the multicast packet to all Pods in the subnet. If turned on the subnet's multicast snoop switch, OVN will forward based on the multicast table Multicast_Group in the South Database instead of broadcasting.
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sample1\nspec:\n enableMulticastSnoop: true\n
"},{"location":"en/guide/subnet/#subnet-mtu-setting","title":"Subnet MTU Setting","text":"Configure the MTU of the Pod under Subnet. After configuration, you need to restart the Pod under Subnet to take effect.
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sample1\nspec:\n mtu: 1300\n
"},{"location":"en/guide/subnet/#other-advanced-settings","title":"Other Advanced Settings","text":" - Configure IPPool
- Default VPC NAT Policy Rule
- Manage QoS
- Manage Multiple Interface
- DHCP
- External Gateway
- Cluster Inter-Connection with OVN-IC
- VIP Reservation
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/vpc-qos/","title":"VPC QoS","text":"Kube-OVN supports using QoSPolicy CRD to limit the traffic rate of custom VPC.
"},{"location":"en/guide/vpc-qos/#eip-qos","title":"EIP QoS","text":"Limit the speed of EIP to 1Mbps and the priority to 1, and shared=false here means that this QoSPolicy can only be used for this EIP and support dynamically modifying QoSPolicy to change QoS rules.
The QoSPolicy configuration is as follows:
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-eip-example\nspec:\n shared: false\n bindingType: EIP\n bandwidthLimitRules:\n - name: eip-ingress\n rateMax: \"1\" # Mbps\n burstMax: \"1\" # Mbps\n priority: 1\n direction: ingress\n - name: eip-egress\n rateMax: \"1\" # Mbps\n burstMax: \"1\" # Mbps\n priority: 1\n direction: egress\n
The IptablesEIP configuration is as follows:
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-1\nspec:\n natGwDp: gw1\n qosPolicy: qos-eip-example\n
The value of .spec.qosPolicy supports being specified during creation and also supports modification after creation.
"},{"location":"en/guide/vpc-qos/#view-eips-with-qos-enabled","title":"View EIPs with QoS enabled","text":"View the corresponding EIPs that have been set up using label:
# kubectl get eip -l ovn.kubernetes.io/qos=qos-eip-example\nNAME IP MAC NAT NATGWDP READY\neip-1 172.18.11.24 00:00:00:34:41:0B fip gw1 true\n
"},{"location":"en/guide/vpc-qos/#qos-for-vpc-natgw-net1-nic","title":"QoS for VPC NATGW net1 NIC","text":"Limit the speed of the net1 NIC on VPC NATGW to 10Mbps and set the priority to 3. Here shared=true, which means that this QoSPolicy can be used by multiple resources at the same time, and does not allow the modification of the contents of the QoSPolicy in this scenario.
The QoSPolicy configuration is as follows:
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-natgw-example\nspec:\n shared: true\n bindingType: NATGW\n bandwidthLimitRules:\n - name: net1-ingress\n interface: net1\n rateMax: \"10\" # Mbps\n burstMax: \"10\" # Mbps\n priority: 3\n direction: ingress\n - name: net1-egress\n interface: net1\n rateMax: \"10\" # Mbps\n burstMax: \"10\" # Mbps\n priority: 3\n direction: egress\n
The VpcNatGateway configuration is as follows:
kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n qosPolicy: qos-natgw-example\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n
The value of .spec.qosPolicy supports both creation and subsequent modification.
"},{"location":"en/guide/vpc-qos/#qos-for-specific-traffic-on-net1-nic","title":"QoS for specific traffic on net1 NIC","text":"Limit the specific traffic on net1 NIC to 5Mbps and set the priority to 2. Here shared=true, which means that this QoSPolicy can be used by multiple resources at the same time, and does not allow the modification of the contents of the QoSPolicy in this scenario.
The QoSPolicy configuration is as follows:
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-natgw-example\nspec:\n shared: true\n bindingType: NATGW\n bandwidthLimitRules:\n - name: net1-extip-ingress\n interface: net1\n rateMax: \"5\" # Mbps\n burstMax: \"5\" # Mbps\n priority: 2\n direction: ingress\n matchType: ip\n matchValue: src 172.18.11.22/32\n - name: net1-extip-egress\n interface: net1\n rateMax: \"5\" # Mbps\n burstMax: \"5\" # Mbps\n priority: 2\n direction: egress\n matchType: ip\n matchValue: dst 172.18.11.23/32\n
The VpcNatGateway configuration is as follows:
kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n qosPolicy: qos-natgw-example\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n
"},{"location":"en/guide/vpc-qos/#view-natgws-with-qos-enabled","title":"View NATGWs with QoS enabled","text":"View the corresponding NATGWs that have been set up using label:
# kubectl get vpc-nat-gw -l ovn.kubernetes.io/qos=qos-natgw-example\nNAME VPC SUBNET LANIP\ngw1 test-vpc-1 net1 10.0.1.254\n
"},{"location":"en/guide/vpc-qos/#view-qos-rules","title":"View QoS rules","text":"# kubectl get qos -A\nNAME SHARED BINDINGTYPE\nqos-eip-example false EIP\nqos-natgw-example true NATGW\n
"},{"location":"en/guide/vpc-qos/#limitations","title":"Limitations","text":" - QoSPolicy can only be deleted when it is not in use. Therefore, before deleting the QoSPolicy, please check the EIP and NATGW that have enabled QoS, and remove their
spec.qosPolicy configuration.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/vpc/","title":"Config VPC","text":"Kube-OVN supports multi-tenant isolation level VPC networks. Different VPC networks are independent of each other and can be configured separately with Subnet CIDRs, routing policies, security policies, outbound gateways, EIP, etc.
VPC is mainly used in scenarios where there requires strong isolation of multi-tenant networks and some Kubernetes networking features conflict under multi-tenant networks. For example, node and pod access, NodePort functionality, network access-based health checks, and DNS capabilities are not supported in multi-tenant network scenarios at this time. In order to facilitate common Kubernetes usage scenarios, Kube-OVN has a special design for the default VPC where the Subnet under the VPC can meet the Kubernetes specification. The custom VPC supports static routing, EIP and NAT gateways as described in this document. Common isolation requirements can be achieved through network policies and Subnet ACLs under the default VPC, so before using a custom VPC, please make sure whether you need VPC-level isolation and understand the limitations under the custom VPC. For Underlay subnets, physical switches are responsible for data-plane forwarding, so VPCs cannot isolate Underlay subnets.
"},{"location":"en/guide/vpc/#creating-custom-vpcs","title":"Creating Custom VPCs","text":"Create two VPCs:
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n namespaces:\n - ns1\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-2\nspec:\n namespaces:\n - ns2\n
namespaces: Limit which namespaces can use this VPC. If empty, all namespaces can use this VPC.
Create two Subnets, belonging to two different VPCs and having the same CIDR:
kind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net1\nspec:\n vpc: test-vpc-1\n cidrBlock: 10.0.1.0/24\n protocol: IPv4\n namespaces:\n - ns1\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: test-vpc-2\n cidrBlock: 10.0.1.0/24\n protocol: IPv4\n namespaces:\n - ns2\n
Create Pods under two separate Namespaces:
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net1\n namespace: ns1\n name: vpc1-pod\nspec:\n containers:\n - name: vpc1-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net2\n namespace: ns2\n name: vpc2-pod\nspec:\n containers:\n - name: vpc2-pod\n image: docker.io/library/nginx:alpine\n
After running successfully, you can observe that the two Pod addresses belong to the same CIDR, but the two Pods cannot access each other because they are running on different tenant VPCs.
"},{"location":"en/guide/vpc/#custom-vpc-pod-supports-livenessprobe-and-readinessprobe","title":"Custom VPC Pod supports livenessProbe and readinessProbe","text":"Since the Pods under the custom VPC do not communicate with the network of the node, the probe packets sent by the kubelet cannot reach the Pods in the custom VPC. Kube-OVN uses TProxy to redirect the detection packets sent by kubelet to Pods in the custom VPC to achieve this function.
The configuration method is as follows, add the parameter --enable-tproxy=true in Daemonset kube-ovn-cni:
spec:\n template:\n spec:\n containers:\n - args:\n - --enable-tproxy=true\n
Restrictions for this feature:
- When Pods under different VPCs have the same IP under the same node, the detection function fails.
- Currently, only
tcpSocket and httpGet are supported.
"},{"location":"en/guide/vpc/#create-vpc-nat-gateway","title":"Create VPC NAT Gateway","text":"Subnets under custom VPCs do not support distributed gateways and centralized gateways under default VPCs.
Pod access to the external network within the VPC requires a VPC gateway, which bridges the physical and tenant networks and provides floating IP, SNAT and DNAT capabilities.
The VPC gateway function relies on Multus-CNI function, please refer to multus-cni.
"},{"location":"en/guide/vpc/#configuring-the-external-network","title":"Configuring the External Network","text":"apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: ovn-vpc-external-network\nspec:\n protocol: IPv4\n provider: ovn-vpc-external-network.kube-system\n cidrBlock: 192.168.0.0/24\n gateway: 192.168.0.1 # IP address of the physical gateway\n excludeIps:\n - 192.168.0.1..192.168.0.10\n---\napiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-vpc-external-network\n namespace: kube-system\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth1\",\n \"mode\": \"bridge\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-vpc-external-network.kube-system\"\n }\n }'\n
- This Subnet is used to manage the available external addresses and the address will be allocated to VPC NAT Gateway through Macvlan, so please communicate with your network management to give you the available physical segment IPs.
- The VPC gateway uses Macvlan for physical network configuration, and
master of NetworkAttachmentDefinition should be the NIC name of the corresponding physical network NIC. name: External network name.
For macvlan mode, the nic will send packets directly through that node NIC, relying on the underlying network devices for L2/L3 level forwarding capabilities. You need to configure the corresponding gateway, Vlan and security policy in the underlying network device in advance.
- For OpenStack VM environments, you need to turn off
PortSecurity on the corresponding network port. - For VMware vSwitch networks,
MAC Address Changes, Forged Transmits and Promiscuous Mode Operation should be set to allow. - For Hyper-V virtualization,
MAC Address Spoofing should be enabled in VM nic advanced features. - Public clouds, such as AWS, GCE, AliCloud, etc., do not support user-defined Mac, so they cannot support Macvlan mode network.
- Due to the limitations of Macvlan, the Macvlan sub-interface cannot access the parent interface address.
- If the physical network card corresponds to a switch interface in Trunk mode, a sub-interface needs to be created on the network card and provided to Macvlan for use.
"},{"location":"en/guide/vpc/#enabling-the-vpc-gateway","title":"Enabling the VPC Gateway","text":"VPC gateway functionality needs to be enabled via ovn-vpc-nat-gw-config under kube-system:
---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: ovn-vpc-nat-config\n namespace: kube-system\ndata:\n image: docker.io/kubeovn/vpc-nat-gateway:v1.12.12\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: ovn-vpc-nat-gw-config\n namespace: kube-system\ndata:\n enable-vpc-nat-gw: 'true'\n
image: The image used by the Gateway Pod.enable-vpc-nat-gw: Controls whether the VPC Gateway feature is enabled.
"},{"location":"en/guide/vpc/#create-vpc-gateway-and-set-the-default-route","title":"Create VPC Gateway and Set the Default Route","text":"kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n externalSubnets:\n - ovn-vpc-external-network\n
vpc: The VPC to which this VpcNatGateway belongs.subnet: A Subnet within the VPC, the VPC Gateway Pod will use lanIp to connect to the tenant network under that subnet.lanIp: An unused IP within the subnet that the VPC Gateway Pod will eventually use for the Pod. When configuring routing for a VPC, the nextHopIP needs to be set to the lanIp of the current VpcNatGateway.selector: The node selector for VpcNatGateway Pod has the same format as NodeSelector in Kubernetes.externalSubnets: External network used by the VPC gateway, if not configured, ovn-vpc-external-network is used by default, and only one external network is supported in the current version.
Other configurable parameters:
tolerations: Configure tolerance for the VPC gateway. For details, see Taints and Tolerationsaffinity: Configure affinity for the Pod or node of the VPC gateway. For details, see Assigning Pods to Nodes
"},{"location":"en/guide/vpc/#create-eip","title":"Create EIP","text":"EIP allows for floating IP, SNAT, and DNAT operations after assigning an IP from an external network segment to a VPC gateway.
Randomly assign an address to the EIP:
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-random\nspec:\n natGwDp: gw1\n
Fixed EIP address assignment:
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n natGwDp: gw1\n v4ip: 10.0.1.111\n
Specify the external network on which the EIP is located:
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-random\nspec:\n natGwDp: gw1\n externalSubnet: ovn-vpc-external-network\n
externalSubnet: The name of the external network on which the EIP is located. If not specified, it defaults to ovn-vpc-external-network. If specified, it must be one of the externalSubnets of the VPC gateway.
"},{"location":"en/guide/vpc/#create-dnat-rules","title":"Create DNAT Rules","text":"Through the DNAT rules, external can access to an IP and port within a VPC through an EIP and port.
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eipd01\nspec:\n natGwDp: gw1\n\n---\nkind: IptablesDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: dnat01\nspec:\n eip: eipd01 \n externalPort: '8888'\n internalIp: 10.0.1.10\n internalPort: '80'\n protocol: tcp\n
"},{"location":"en/guide/vpc/#create-snat-rules","title":"Create SNAT Rules","text":"Through SNAT rules, when a Pod in the VPC accesses an external address, it will go through the corresponding EIP for SNAT.
---\nkind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eips01\nspec:\n natGwDp: gw1\n---\nkind: IptablesSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat01\nspec:\n eip: eips01\n internalCIDR: 10.0.1.0/24\n
"},{"location":"en/guide/vpc/#create-floating-ip","title":"Create Floating IP","text":"Through floating IP rules, one IP in the VPC will be completely mapped to the EIP, and the external can access the IP in the VPC through this EIP. When the IP in the VPC accesses the external address, it will be SNAT to this EIP
---\nkind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eipf01\nspec:\n natGwDp: gw1\n\n---\nkind: IptablesFIPRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: fip01\nspec:\n eip: eipf01\n internalIp: 10.0.1.5\n
"},{"location":"en/guide/vpc/#custom-routing","title":"Custom Routing","text":"Within the custom VPC, users can customize the routing rules within the VPC and combine it with the gateway for more flexible forwarding. Kube-OVN supports static routes and more flexible policy routes.
"},{"location":"en/guide/vpc/#static-routes","title":"Static Routes","text":"kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n staticRoutes:\n - cidr: 0.0.0.0/0\n nextHopIP: 10.0.1.254\n policy: policyDst\n - cidr: 172.31.0.0/24\n nextHopIP: 10.0.1.253\n policy: policySrc\n routeTable: \"rtb1\"\n
policy: Supports destination routing policyDst and source routing policySrc.- When there are overlapping routing rules, the rule with the longer CIDR mask has higher priority, and if the mask length is the same, the destination route has a higher priority over the source route.
routeTable: You can store the route in specific table, default is main table. Associate with subnet please defer to Create Custom Subnets
"},{"location":"en/guide/vpc/#policy-routes","title":"Policy Routes","text":"Traffic matched by static routes can be controlled at a finer granularity by policy routing. Policy routing provides more precise matching rules, priority control and more forwarding actions. This feature brings the OVN internal logical router policy function directly to the outside world, for more information on its use, please refer to Logical Router Policy.
An example of policy routes:
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n policyRoutes:\n - action: drop\n match: ip4.src==10.0.1.0/24 && ip4.dst==10.0.1.250\n priority: 11\n - action: reroute\n match: ip4.src==10.0.1.0/24\n nextHopIP: 10.0.1.252\n priority: 10\n
"},{"location":"en/guide/vpc/#custom-vpc-dns","title":"Custom vpc-dns","text":"Due to the isolation between custom VPCs and default VPC networks, Pods in VPCs cannot use the default coredns service for domain name resolution. If you want to use coredns to resolve Service domain names within the custom VPC, you can use the vpc-dns resource provided by Kube-OVN.
"},{"location":"en/guide/vpc/#create-an-additional-network","title":"Create an Additional Network","text":"apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-nad\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-nad.default.ovn\"\n }'\n
"},{"location":"en/guide/vpc/#modify-the-provider-of-the-ovn-default-logical-switch","title":"Modify the Provider of the ovn-default Logical Switch","text":"Modify the provider of ovn-default to the provider ovn-nad.default.ovn configured above in nad\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: ovn-default\nspec:\n cidrBlock: 10.16.0.0/16\n default: true\n disableGatewayCheck: false\n disableInterConnection: false\n enableDHCP: false\n enableIPv6RA: false\n excludeIps:\n - 10.16.0.1\n gateway: 10.16.0.1\n gatewayType: distributed\n logicalGateway: false\n natOutgoing: true\n private: false\n protocol: IPv4\n provider: ovn-nad.default.ovn\n vpc: ovn-cluster\n
"},{"location":"en/guide/vpc/#modify-the-vpc-dns-configmap","title":"Modify the vpc-dns ConfigMap","text":"Create a ConfigMap in the kube-system namespace, configure the vpc-dns parameters to be used for the subsequent vpc-dns feature activation:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-config\n namespace: kube-system\ndata:\n coredns-vip: 10.96.0.3\n enable-vpc-dns: \"true\"\n nad-name: ovn-nad\n nad-provider: ovn-nad.default.ovn\n
enable-vpc-dns: (optional) true to enable the feature, false to disable the feature. Default true.coredns-image: (optional): DNS deployment image. Default is the cluster coredns deployment version.coredns-template: (optional): URL of the DNS deployment template. Default: yamls/coredns-template.yaml in the current version repository.coredns-vip: VIP providing LB service for coredns.nad-name: Name of the configured network-attachment-definitions resource.nad-provider: Name of the used provider.k8s-service-host: (optional) IP used by coredns to access the k8s apiserver service.k8s-service-port: (optional) Port used by coredns to access the k8s apiserver service.
"},{"location":"en/guide/vpc/#deploying-vpc-dns-dependent-resources","title":"Deploying VPC-DNS Dependent Resources","text":"apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:vpc-dns\nrules:\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - namespaces\n verbs:\n - list\n - watch\n - apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n annotations:\n rbac.authorization.kubernetes.io/autoupdate: \"true\"\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: vpc-dns\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:vpc-dns\nsubjects:\n- kind: ServiceAccount\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-corefile\n namespace: kube-system\ndata:\n Corefile: |\n .:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n forward . /etc/resolv.conf {\n prefer_udp\n }\n cache 30\n loop\n reload\n loadbalance\n }\n
"},{"location":"en/guide/vpc/#deploy-vpc-dns","title":"Deploy vpc-dns","text":"kind: VpcDns\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-cjh1\nspec:\n vpc: cjh-vpc-1\n subnet: cjh-subnet-1\n
vpc: The VPC name used to deploy the DNS component.subnet: The subnet name used to deploy the DNS component.
View resource information:
[root@hci-dev-mst-1 kubeovn]# kubectl get vpc-dns\nNAME ACTIVE VPC SUBNET \ntest-cjh1 false cjh-vpc-1 cjh-subnet-1 \ntest-cjh2 true cjh-vpc-1 cjh-subnet-2 \n
ACTIVE: if the custom vpc-dns is ready.
"},{"location":"en/guide/vpc/#restrictions","title":"Restrictions","text":" - Only one custom DNS component will be deployed in one VPC;
- When multiple VPC-DNS resources (i.e. different subnets in the same VPC) are configured in one VPC, only one VPC-DNS resource with status
true will be active, while the others will be false; - When the
true VPC-DNS is deleted, another false VPC-DNS will be deployed.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/webhook/","title":"Webhook","text":"Using Webhook, you can verify CRD resources within Kube-OVN. Currently, Webhook mainly performs fixed IP address conflict detection and Subnet CIDR conflict detection, and prompts errors when such conflicts happen.
Since Webhook intercepts all Subnet and Pod creation requests, you need to deploy Kube-OVN first and Webhook later.
"},{"location":"en/guide/webhook/#install-cert-manager","title":"Install Cert-Manager","text":"Webhook deployment requires certificate, we use cert-manager to generate the associated certificate, we need to deploy cert-manager before deploying Webhook.
You can use the following command to deploy cert-manager:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml\n
More cert-manager usage please refer to cert-manager document\u3002
"},{"location":"en/guide/webhook/#install-webhook","title":"Install Webhook","text":"Download Webhook yaml and install:
# kubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/yamls/webhook.yaml\ndeployment.apps/kube-ovn-webhook created\nservice/kube-ovn-webhook created\nvalidatingwebhookconfiguration.admissionregistration.k8s.io/kube-ovn-webhook created\ncertificate.cert-manager.io/kube-ovn-webhook-serving-cert created\nissuer.cert-manager.io/kube-ovn-webhook-selfsigned-issuer created\n
"},{"location":"en/guide/webhook/#verify-webhook-take-effect","title":"Verify Webhook Take Effect","text":"Check the running Pod and get the Pod IP 10.16.0.15:
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nstatic-7584848b74-fw9dm 1/1 Running 0 2d13h 10.16.0.15 kube-ovn-worker <none> \n
Write yaml to create a Pod with the same IP:
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\n labels:\n app: static\n managedFields:\n name: staticip-pod\n namespace: default\nspec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
When using the above yaml to create a fixed address Pod, it prompts an IP address conflict:
# kubectl apply -f pod-static.yaml\nError from server (annotation ip address 10.16.0.15 is conflict with ip crd static-7584848b74-fw9dm.default 10.16.0.15): error when creating \"pod-static.yaml\": admission webhook \"pod-ip-validaing.kube-ovn.io\" denied the request: annotation ip address 10.16.0.15 is conflict with ip crd static-7584848b74-fw9dm.default 10.16.0.15\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/change-default-subnet/","title":"Change Subnet CIDR","text":"If a subnet CIDR is created that conflicts or does not meet expectations, it can be modified by following the steps in this document.
After modifying the subnet CIDR, the previously created Pods will not be able to access the network properly and need to be rebuilt. Careful consideration is recommended before operating\u3002This document is only for business subnet CIDR changes, if you need to Change the Join subnet CIDR, please refer to Change Join CIDR.
"},{"location":"en/ops/change-default-subnet/#edit-subnet","title":"Edit Subnet","text":"Use kubectl edit to modify cidrBlock\uff0cgateway and excludeIps.
kubectl edit subnet test-subnet\n
"},{"location":"en/ops/change-default-subnet/#rebuild-all-pods-under-this-subnet","title":"Rebuild all Pods under this Subnet","text":"Take the subnet binding test Namespace as example:
for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n test --ignore-not-found\ndone\n
If only the default subnet is used, you can delete all Pods that are not in host network mode using the following command:
for ns in $(kubectl get ns --no-headers -o custom-columns=NAME:.metadata.name); do\n for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n \"$ns\" --ignore-not-found\n done\ndone\n
"},{"location":"en/ops/change-default-subnet/#change-default-subnet-settings","title":"Change Default Subnet Settings","text":"If you are modifying the CIDR for the default Subnet, you also need to change the args of the kube-ovn-controller Deployment:
args:\n- --default-cidr=10.17.0.0/16\n- --default-gateway=10.17.0.1\n- --default-exclude-ips=10.17.0.1\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/change-join-subnet/","title":"Change Join Subnet CIDR","text":"If the Join subnet CIDR created conflicts or does not meet expectations, you can use this document to modify.
After modifying the Join Subnet CIDR, the previously created Pods will not be able to access the external network normally and need to wait for the rebuild completed.
"},{"location":"en/ops/change-join-subnet/#delete-join-subnet","title":"Delete Join Subnet","text":"kubectl patch subnet join --type='json' -p '[{\"op\": \"replace\", \"path\": \"/metadata/finalizers\", \"value\": []}]'\nkubectl delete subnet join\n
"},{"location":"en/ops/change-join-subnet/#cleanup-allocated-config","title":"Cleanup Allocated Config","text":"kubectl annotate node ovn.kubernetes.io/allocated=false --all --overwrite\n
"},{"location":"en/ops/change-join-subnet/#modify-join-subnet","title":"Modify Join Subnet","text":"Change Join Subnet args in kube-ovn-controller:
kubectl edit deployment -n kube-system kube-ovn-controller\n
Change the CIDR below:
args:\n- --node-switch-cidr=100.51.0.0/16\n
Reboot the kube-ovn-controller and rebuild join Subnet:
kubectl delete pod -n kube-system -lapp=kube-ovn-controller\n
Check the new Join Subnet information:
# kubectl get subnet\nNAME PROVIDER VPC PROTOCOL CIDR PRIVATE NAT DEFAULT GATEWAYTYPE V4USED V4AVAILABLE V6USED V6AVAILABLE EXCLUDEIPS\njoin ovn ovn-cluster IPv4 100.51.0.0/16 false false false distributed 2 65531 0 0 [\"100.51.0.1\"]\novn-default ovn ovn-cluster IPv4 10.17.0.0/16 false true true distributed 5 65528 0 0 [\"10.17.0.1\"]\n
"},{"location":"en/ops/change-join-subnet/#reconfigure-ovn0-nic-address","title":"Reconfigure ovn0 NIC Address","text":"The ovn0 NIC information for each node needs to be re-updated, which can be done by restarting kube-ovn-cni:
kubectl delete pod -n kube-system -l app=kube-ovn-cni\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/change-log-level/","title":"Change Log Level","text":"Open kube-ovn.yaml and set the log level in the parameter list of the service startup script, such as:
vi kube-ovn.yaml\n# ...\n - name: kube-ovn-controller\n image: \"docker.io/kubeovn/kube-ovn:v1.12.12\"\n imagePullPolicy: IfNotPresent\n args:\n - /kube-ovn/start-controller.sh\n - --v=3\n# ...\n# The higher the log level, the more detailed the log\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/change-ovn-central-node/","title":"Replace ovn-central Node","text":"Since ovn-nb and ovn-sb within ovn-central create separate etcd-like raft clusters, replacing the ovn-central node requires additional operations to ensure correct cluster state and consistent data. It is recommended that only one node be up and down at a time to avoid the cluster going into an unavailable state and affecting the overall cluster network.
"},{"location":"en/ops/change-ovn-central-node/#ovn-central-nodes-offline","title":"ovn-central Nodes Offline","text":"This document use the cluster below to describes how to remove the kube-ovn-control-plane2 node from the ovn-central as an example.
# kubectl -n kube-system get pod -o wide | grep central\novn-central-6bf58cbc97-2cdhg 1/1 Running 0 21m 172.18.0.3 kube-ovn-control-plane <none> <none>\novn-central-6bf58cbc97-crmfp 1/1 Running 0 21m 172.18.0.5 kube-ovn-control-plane2 <none> <none>\novn-central-6bf58cbc97-lxmpl 1/1 Running 0 21m 172.18.0.4 kube-ovn-control-plane3 <none> <none>\n
"},{"location":"en/ops/change-ovn-central-node/#kick-node-in-ovn-nb","title":"Kick Node in ovn-nb","text":"First check the ID of the node within the cluster for subsequent operations.
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2135194 ms ago, reason: timeout\nLast Election won: 2135188 ms ago\nElection timer: 5000\nLog: [135, 135]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-d64b ->d64b <-4984 ->4984\nDisconnections: 0\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=135 match_index=134 last msg 1084 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=2 match_index=134\n d64b (d64b at tcp:[172.18.0.5]:6643) next_index=135 match_index=134 last msg 1084 ms ago\nstatus: ok\n
kube-ovn-control-plane2 corresponds to a node IP of 172.18.0.5 and the corresponding ID within the cluster is d64b. Next, kick the node out of the ovn-nb cluster.
# kubectl ko nb kick d64b\nstarted removal\n
Check if the node has been kicked:
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2297649 ms ago, reason: timeout\nLast Election won: 2297643 ms ago\nElection timer: 5000\nLog: [136, 136]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-4984 ->4984\nDisconnections: 2\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=136 match_index=135 last msg 1270 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=2 match_index=135\nstatus: ok\n
"},{"location":"en/ops/change-ovn-central-node/#kick-node-in-ovn-sb","title":"Kick Node in ovn-sb","text":"Next, for the ovn-sb cluster, you need to first check the ID of the node within the cluster for subsequent operations.
kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2395317 ms ago, reason: timeout\nLast Election won: 2395316 ms ago\nElection timer: 5000\nLog: [130, 130]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-e9f7 ->e9f7 <-6e84 ->6e84\nDisconnections: 0\nServers:\n e9f7 (e9f7 at tcp:[172.18.0.5]:6644) next_index=130 match_index=129 last msg 1006 ms ago\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=130 match_index=129 last msg 1004 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=2 match_index=129\nstatus: ok\n
kube-ovn-control-plane2 corresponds to node IP 172.18.0.5 and the corresponding ID within the cluster is e9f7. Next, kick the node out of the ovn-sb cluster.
# kubectl ko sb kick e9f7\nstarted removal\n
Check if the node has been kicked:
# kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2481636 ms ago, reason: timeout\nLast Election won: 2481635 ms ago\nElection timer: 5000\nLog: [131, 131]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-6e84 ->6e84\nDisconnections: 2\nServers:\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=131 match_index=130 last msg 642 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=2 match_index=130\nstatus: ok\n
"},{"location":"en/ops/change-ovn-central-node/#delete-node-label-and-downscale-ovn-central","title":"Delete Node Label and Downscale ovn-central","text":"Note that you need to remove the offline node from the node address of the ovn-central environment variable NODE_IPS.
kubectl label node kube-ovn-control-plane2 kube-ovn/role-\nkubectl scale deployment -n kube-system ovn-central --replicas=2\nkubectl set env deployment/ovn-central -n kube-system NODE_IPS=\"172.18.0.3,172.18.0.4\"\nkubectl rollout status deployment/ovn-central -n kube-system \n
"},{"location":"en/ops/change-ovn-central-node/#modify-components-address-to-ovn-central","title":"Modify Components Address to ovn-central","text":"Modify ovs-ovn to remove the offline Node address:
# kubectl set env daemonset/ovs-ovn -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4\"\ndaemonset.apps/ovs-ovn env updated\n# kubectl delete pod -n kube-system -lapp=ovs\npod \"ovs-ovn-4f6jc\" deleted\npod \"ovs-ovn-csn2w\" deleted\npod \"ovs-ovn-mpbmb\" deleted\n
Modify kube-ovn-controller to remove the offline Node address:
# kubectl set env deployment/kube-ovn-controller -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4\"\ndeployment.apps/kube-ovn-controller env updated\n\n# kubectl rollout status deployment/kube-ovn-controller -n kube-system\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 1 of 3 updated replicas are available...\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 2 of 3 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\n
"},{"location":"en/ops/change-ovn-central-node/#clean-node","title":"Clean Node","text":"Delete the database files in the kube-ovn-control-plane2 node to avoid errors when adding the node again:
rm -rf /etc/origin/ovn\n
To take a node offline from a Kubernetes cluster entirely, please continue with Delete Work Node.
"},{"location":"en/ops/change-ovn-central-node/#ovn-central-online","title":"ovn-central Online","text":"The following steps will add a new Kubernetes node to the ovn-central cluster.
"},{"location":"en/ops/change-ovn-central-node/#directory-check","title":"Directory Check","text":"Check if the ovnnb_db.db or ovnsb_db.db file exists in the /etc/origin/ovn directory of the new node, and if so, delete it:
rm -rf /etc/origin/ovn\n
"},{"location":"en/ops/change-ovn-central-node/#check-current-ovn-central-status","title":"Check Current ovn-central Status","text":"If the current ovn-central cluster state is already abnormal, adding new nodes may cause the voting election to fail to pass the majority, affecting subsequent operations.
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 44\nLeader: self\nVote: self\n\nLast Election started 1855739 ms ago, reason: timeout\nLast Election won: 1855729 ms ago\nElection timer: 5000\nLog: [147, 147]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: ->4984 <-4984\nDisconnections: 0\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=147 match_index=146 last msg 367 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=140 match_index=146\nstatus: ok\n\n# kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 33\nLeader: self\nVote: self\n\nLast Election started 1868589 ms ago, reason: timeout\nLast Election won: 1868579 ms ago\nElection timer: 5000\nLog: [142, 142]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: ->6e84 <-6e84\nDisconnections: 0\nServers:\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=142 match_index=141 last msg 728 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=134 match_index=141\nstatus: ok\n
"},{"location":"en/ops/change-ovn-central-node/#label-node-and-scale-ovn-central","title":"Label Node and Scale ovn-central","text":"Note that you need to add the online node address to the node address of the ovn-central environment variable NODE_IPS.
kubectl label node kube-ovn-control-plane2 kube-ovn/role=master\nkubectl scale deployment -n kube-system ovn-central --replicas=3\nkubectl set env deployment/ovn-central -n kube-system NODE_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\nkubectl rollout status deployment/ovn-central -n kube-system\n
"},{"location":"en/ops/change-ovn-central-node/#modify-components-address-to-ovn-central_1","title":"Modify Components Address to ovn-central","text":"Modify ovs-ovn to add the online Node address:
# kubectl set env daemonset/ovs-ovn -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\ndaemonset.apps/ovs-ovn env updated\n# kubectl delete pod -n kube-system -lapp=ovs\npod \"ovs-ovn-4f6jc\" deleted\npod \"ovs-ovn-csn2w\" deleted\npod \"ovs-ovn-mpbmb\" deleted\n
Modify kube-ovn-controller to add the online Node address:
# kubectl set env deployment/kube-ovn-controller -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\ndeployment.apps/kube-ovn-controller env updated\n\n# kubectl rollout status deployment/kube-ovn-controller -n kube-system\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 1 of 3 updated replicas are available...\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 2 of 3 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/delete-worker-node/","title":"Delete Work Node","text":"If the node is simply removed from Kubernetes, the ovn-controller process running in ovs-ovn on the node will periodically connect to ovn-central to register relevant network information. This leads to additional resource waste and potential rule conflict risk\u3002 Therefore, when removing nodes from within Kubernetes, follow the steps below to ensure that related resources are cleaned up properly.
This document describes the steps to delete a worker node, if you want to change the node where ovn-central is located, please refer to Replace ovn-central Node.
"},{"location":"en/ops/delete-worker-node/#evict-pods-on-the-node","title":"Evict Pods on the Node","text":" # kubectl drain kube-ovn-worker --ignore-daemonsets --force\n node/kube-ovn-worker cordoned\n WARNING: ignoring DaemonSet-managed Pods: kube-system/kube-ovn-cni-zt74b, kube-system/kube-ovn-pinger-5rxfs, kube-system/kube-proxy-jpmnm, kube-system/ovs-ovn-v2kll\n evicting pod kube-system/coredns-64897985d-qsgpt\n evicting pod local-path-storage/local-path-provisioner-5ddd94ff66-llss6\n evicting pod kube-system/kube-ovn-controller-8459db5ff4-94lxb\n pod/kube-ovn-controller-8459db5ff4-94lxb evicted\n pod/coredns-64897985d-qsgpt evicted\n pod/local-path-provisioner-5ddd94ff66-llss6 evicted\n node/kube-ovn-worker drained\n
"},{"location":"en/ops/delete-worker-node/#stop-kubelet-and-docker","title":"Stop kubelet and docker","text":"This step stops the ovs-ovn container to avoid registering information to ovn-central. Log into to the corresponding node and ruu the following commands:
systemctl stop kubelet\nsystemctl stop docker\n
If using containerd as the CRI, the following command needs to be executed to stop the ovs-ovn container:
crictl rm -f $(crictl ps | grep openvswitch | awk '{print $1}')\n
"},{"location":"en/ops/delete-worker-node/#cleanup-files-on-node","title":"Cleanup Files on Node","text":"rm -rf /var/run/openvswitch\nrm -rf /var/run/ovn\nrm -rf /etc/origin/openvswitch/\nrm -rf /etc/origin/ovn/\nrm -rf /etc/cni/net.d/00-kube-ovn.conflist\nrm -rf /etc/cni/net.d/01-kube-ovn.conflist\nrm -rf /var/log/openvswitch\nrm -rf /var/log/ovn\n
"},{"location":"en/ops/delete-worker-node/#delete-the-node","title":"Delete the Node","text":"kubectl delete no kube-ovn-01\n
"},{"location":"en/ops/delete-worker-node/#check-if-node-removed-from-ovn-sb","title":"Check If Node Removed from OVN-SB","text":"In the example below, the node kube-ovn-worker is not removed:
# kubectl ko sbctl show\nChassis \"b0564934-5a0d-4804-a4c0-476c93596a17\"\n hostname: kube-ovn-worker\n Encap geneve\n ip: \"172.18.0.2\"\n options: {csum=\"true\"}\n Port_Binding kube-ovn-pinger-5rxfs.kube-system\nChassis \"6a29de7e-d731-4eaf-bacd-2f239ee52b28\"\n hostname: kube-ovn-control-plane\n Encap geneve\n ip: \"172.18.0.3\"\n options: {csum=\"true\"}\n Port_Binding coredns-64897985d-nbfln.kube-system\n Port_Binding node-kube-ovn-control-plane\n Port_Binding local-path-provisioner-5ddd94ff66-h4tn9.local-path-storage\n Port_Binding kube-ovn-pinger-hf2p6.kube-system\n Port_Binding coredns-64897985d-fhwlw.kube-system\n
"},{"location":"en/ops/delete-worker-node/#delete-the-chassis-manually","title":"Delete the Chassis Manually","text":"Use the uuid find above to delete the chassis:
# kubectl ko sbctl chassis-del b0564934-5a0d-4804-a4c0-476c93596a17\n# kubectl ko sbctl show\nChassis \"6a29de7e-d731-4eaf-bacd-2f239ee52b28\"\n hostname: kube-ovn-control-plane\n Encap geneve\n ip: \"172.18.0.3\"\n options: {csum=\"true\"}\n Port_Binding coredns-64897985d-nbfln.kube-system\n Port_Binding node-kube-ovn-control-plane\n Port_Binding local-path-provisioner-5ddd94ff66-h4tn9.local-path-storage\n Port_Binding kube-ovn-pinger-hf2p6.kube-system\n Port_Binding coredns-64897985d-fhwlw.kube-system\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/faq/","title":"FAQ","text":""},{"location":"en/ops/faq/#kylin-arm-system-cross-host-container-access-intermittently-fails","title":"Kylin ARM system cross-host container access intermittently fails","text":""},{"location":"en/ops/faq/#behavior","title":"Behavior","text":"There is a problem with Kylin ARM system and some NIC offload, which can cause intermittent container network failure.
Use netstat to identify the problem:
# netstat -us\nIcmpMsg:\n InType0: 22\n InType3: 24\n InType8: 117852\n OutType0: 117852\n OutType3: 29\n OutType8: 22\nUdp:\n 3040636 packets received\n 0 packets to unknown port received.\n 4 packet receive errors\n 602 packets sent\n 0 receive buffer errors\n 0 send buffer errors\n InCsumErrors: 4\nUdpLite:\nIpExt:\n InBcastPkts: 10244\n InOctets: 4446320361\n OutOctets: 1496815600\n InBcastOctets: 3095950\n InNoECTPkts: 7683903\n
If InCsumErrors is present and increases with netwoork failures, you can confirm that this is the problem.
"},{"location":"en/ops/faq/#solution","title":"Solution","text":"The fundamental solution requires communication with Kylin and the corresponding network card manufacturer to update the system and drivers. A temporary solution would be to turn off tx offload on the physical NIC, but this would cause a significant degradation in tcp performance.
ethtool -K eth0 tx off\n
From the community feedback, the problem can be solved by the 4.19.90-25.16.v2101 kernel.
"},{"location":"en/ops/faq/#pod-can-not-access-service","title":"Pod can not Access Service","text":""},{"location":"en/ops/faq/#behavior_1","title":"Behavior","text":"Pod can not access Service, and dmesg show errors:
netlink\uff1aUnknown conntrack attr (type=6, max=5)\nopenvswitch: netlink: Flow actions may not be safe on all matching packets.\n
This log indicates that the in-kernel OVS version is too low to support the corresponding NAT operation.
"},{"location":"en/ops/faq/#solution_1","title":"Solution","text":" - Upgrade the kernel module or compile the OVS kernel module manually.
- If you are using an Overlay network you can change the
kube-ovn-controller args, setting --enable-lb=false to disable the OVN LB to use kube-proxy for service forwarding.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/from-calico/","title":"Install Kube-OVN From Calico","text":"If a Kubernetes cluster already has Calico installed and needs to change to Kube-OVN you can refer to this document.
Since the installation of Calico may vary from version to version and the existing Pod network may be disrupted during the replacement process, it is recommended that you plan ahead and compare the differences in Calico installation from version to version.
"},{"location":"en/ops/from-calico/#uninstall-calico","title":"Uninstall Calico","text":"For Calico installed from an Operator:
kubectl delete -f https://projectcalico.docs.tigera.io/manifests/tigera-operator.yaml\nkubectl delete -f https://projectcalico.docs.tigera.io/manifests/custom-resources.yaml\n
For Calico installed from manifests:
kubectl delete -f https://projectcalico.docs.tigera.io/manifests/calico.yaml \n
"},{"location":"en/ops/from-calico/#cleanup-config-files","title":"Cleanup Config Files","text":"Delete the CNI-related configuration files on each machine, depending on the environment:
rm -f /etc/cni/net.d/10-calico.conflist\nrm -f /etc/cni/net.d/calico-kubeconfig\n
Calico still leaves routing rules, iptables rules, veth network interfaces and other configuration information on the node, so it is recommended to reboot the node to clean up the relevant configuration to avoid problems that are difficult to troubleshoot.
"},{"location":"en/ops/from-calico/#install-kube-ovn","title":"Install Kube-OVN","text":"You can refer to One Click Installation to install Kube-OVN as usual.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/kubectl-ko/","title":"Kubectl Plugin","text":"To facilitate daily operations and maintenance, Kube-OVN provides the kubectl plug-in tool, which allows administrators to perform daily operations through this command. For examples: Check OVN database information and status, OVN database backup and restore, OVS related information, tcpdump specific containers, specific link logical topology, network problem diagnosis and performance optimization.
"},{"location":"en/ops/kubectl-ko/#plugin-installation","title":"Plugin Installation","text":"Kube-OVN installation will deploy the plugin to each node by default. If the machine that runs kubectl is not in the cluster, or if you need to reinstall the plugin, please refer to the following steps:
Download kubectl-ko file:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/kubectl-ko\n
Move file to $PATH:
mv kubectl-ko /usr/local/bin/kubectl-ko\n
Add executable permissions:
chmod +x /usr/local/bin/kubectl-ko\n
Check if the plugin works properly:
# kubectl plugin list\nThe following compatible plugins are available:\n\n/usr/local/bin/kubectl-ko\n
"},{"location":"en/ops/kubectl-ko/#plugin-usage","title":"Plugin Usage","text":"Running kubectl ko will show all the available commands and usage descriptions, as follows:
# kubectl ko\nkubectl ko {subcommand} [option...]\nAvailable Subcommands:\n [nb|sb] [status|kick|backup|dbstatus|restore] ovn-db operations show cluster status, kick stale server, backup database, get db consistency status or restore ovn nb db when met 'inconsistent data' error\n nbctl [ovn-nbctl options ...] invoke ovn-nbctl\n sbctl [ovn-sbctl options ...] invoke ovn-sbctl\n vsctl {nodeName} [ovs-vsctl options ...] invoke ovs-vsctl on the specified node\n ofctl {nodeName} [ovs-ofctl options ...] invoke ovs-ofctl on the specified node\n dpctl {nodeName} [ovs-dpctl options ...] invoke ovs-dpctl on the specified node\n appctl {nodeName} [ovs-appctl options ...] invoke ovs-appctl on the specified node\n tcpdump {namespace/podname} [tcpdump options ...] capture pod traffic\n {trace|ovn-trace} ... trace ovn microflow of specific packet\"\n {trace|ovn-trace} {namespace/podname} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port] trace ICMP/TCP/UDP\n {trace|ovn-trace} {namespace/podname} {target ip address} [target mac address] arp {request|reply} trace ARP request/reply\n {trace|ovn-trace} {node//nodename} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port] trace ICMP/TCP/UDP\n {trace|ovn-trace} {node//nodename} {target ip address} [target mac address] arp {request|reply} trace ARP request/reply\n echo \" diagnose {all|node|subnet|IPPorts} [nodename|subnetName|{proto1}-{IP1}-{Port1},{proto2}-{IP2}-{Port2}] diagnose connectivity of all nodes or a specific node or specify subnet's ds pod or IPPorts like 'tcp-172.18.0.2-53,udp-172.18.0.3-53'\"\n tuning {install-fastpath|local-install-fastpath|remove-fastpath|install-stt|local-install-stt|remove-stt} {centos7|centos8}} [kernel-devel-version] deploy kernel optimisation components to the system\n reload restart all kube-ovn components\n log {kube-ovn|ovn|ovs|linux|all} save log to ./kubectl-ko-log/\n perf [image] performance test default image is kubeovn/test:v1.12.0 \n
The specific functions and usage of each command are described below.
"},{"location":"en/ops/kubectl-ko/#nb-sb-status-kick-backup-dbstatus-restore","title":"[nb | sb] [status | kick | backup | dbstatus | restore]","text":"This subcommand mainly operates on OVN northbound or southbound databases, including database cluster status check, database node offline, database backup, database storage status check and database repair.
"},{"location":"en/ops/kubectl-ko/#db-cluster-status-check","title":"DB Cluster Status Check","text":"This command executes ovs-appctl cluster/status on the leader node of the corresponding OVN database to show the cluster status:
# kubectl ko nb status\n306b\nName: OVN_Northbound\nCluster ID: 9a87 (9a872522-3e7d-47ca-83a3-d74333e1a7ca)\nServer ID: 306b (306b256b-b5e1-4eb0-be91-4ca96adf6bad)\nAddress: tcp:[172.18.0.2]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 280309 ms ago, reason: timeout\nLast Election won: 280309 ms ago\nElection timer: 5000\nLog: [139, 139]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-8723 ->8723 <-85d6 ->85d6\nDisconnections: 0\nServers:\n 85d6 (85d6 at tcp:[172.18.0.4]:6643) next_index=139 match_index=138 last msg 763 ms ago\n 8723 (8723 at tcp:[172.18.0.3]:6643) next_index=139 match_index=138 last msg 763 ms ago\n 306b (306b at tcp:[172.18.0.2]:6643) (self) next_index=2 match_index=138\nstatus: ok\n
If the match_index under Server has a large difference and the last msg time is long, the corresponding Server may not respond for a long time and needs to be checked further.
"},{"location":"en/ops/kubectl-ko/#db-nodes-offline","title":"DB Nodes Offline","text":"This command removes a node from the OVN database and is required when a node is taken offline or replaced. The following is an example of the cluster status from the previous command, to offline the 172.18.0.3 node:
# kubectl ko nb kick 8723\nstarted removal\n
Check the database cluster status again to confirm that the node has been removed:
# kubectl ko nb status\n306b\nName: OVN_Northbound\nCluster ID: 9a87 (9a872522-3e7d-47ca-83a3-d74333e1a7ca)\nServer ID: 306b (306b256b-b5e1-4eb0-be91-4ca96adf6bad)\nAddress: tcp:[172.18.0.2]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 324356 ms ago, reason: timeout\nLast Election won: 324356 ms ago\nElection timer: 5000\nLog: [140, 140]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-85d6 ->85d6\nDisconnections: 2\nServers:\n 85d6 (85d6 at tcp:[172.18.0.4]:6643) next_index=140 match_index=139 last msg 848 ms ago\n 306b (306b at tcp:[172.18.0.2]:6643) (self) next_index=2 match_index=139\nstatus: ok\n
"},{"location":"en/ops/kubectl-ko/#db-backup","title":"DB Backup","text":"This subcommand backs up the current OVN database locally and can be used for disaster recovery:
# kubectl ko nb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnnb_db.060223191654183154.backup\n
"},{"location":"en/ops/kubectl-ko/#database-storage-status-check","title":"Database Storage Status Check","text":"This command is used to check if the database file is corrupt:
# kubectl ko nb dbstatus\nstatus: ok\n
If error happens, inconsistent data is displayed and needs to be fixed with the following command.
"},{"location":"en/ops/kubectl-ko/#database-repair","title":"Database Repair","text":"If the database status goes to inconsistent data, this command can be used to repair:
# kubectl ko nb restore\ndeployment.apps/ovn-central scaled\novn-central original replicas is 3\nfirst nodeIP is 172.18.0.5\novs-ovn pod on node 172.18.0.5 is ovs-ovn-8jxv9\novs-ovn pod on node 172.18.0.3 is ovs-ovn-sjzb6\novs-ovn pod on node 172.18.0.4 is ovs-ovn-t87zk\nbackup nb db file\nrestore nb db file, operate in pod ovs-ovn-8jxv9\ndeployment.apps/ovn-central scaled\nfinish restore nb db file and ovn-central replicas\nrecreate ovs-ovn pods\npod \"ovs-ovn-8jxv9\" deleted\npod \"ovs-ovn-sjzb6\" deleted\npod \"ovs-ovn-t87zk\" deleted\n
"},{"location":"en/ops/kubectl-ko/#nbctl-sbctl-options","title":"[nbctl | sbctl] [options ...]","text":"This subcommand executes the ovn-nbctl and ovn-sbctl commands directly into the leader node of the OVN northbound or southbound database. For more detailed usage of this command, please refer to the official documentation of the upstream OVN ovn-nbctl(8) \u200b\u548c\u200b ovn-sbctl(8)\u3002
# kubectl ko nbctl show\nswitch c7cd17e8-ceee-4a91-9bb3-e5a313fe1ece (snat)\n port snat-ovn-cluster\n type: router\n router-port: ovn-cluster-snat\nswitch 20e0c6d0-023a-4756-aec5-200e0c60f95d (join)\n port node-liumengxin-ovn3-192.168.137.178\n addresses: [\"00:00:00:64:FF:A8 100.64.0.4\"]\n port node-liumengxin-ovn1-192.168.137.176\n addresses: [\"00:00:00:AF:98:62 100.64.0.2\"]\n port node-liumengxin-ovn2-192.168.137.177\n addresses: [\"00:00:00:D9:58:B8 100.64.0.3\"]\n port join-ovn-cluster\n type: router\n router-port: ovn-cluster-join\nswitch 0191705c-f827-427b-9de3-3c3b7d971ba5 (central)\n port central-ovn-cluster\n type: router\n router-port: ovn-cluster-central\nswitch 2a45ff05-388d-4f85-9daf-e6fccd5833dc (ovn-default)\n port alertmanager-main-0.monitoring\n addresses: [\"00:00:00:6C:DF:A3 10.16.0.19\"]\n port kube-state-metrics-5d6885d89-4nf8h.monitoring\n addresses: [\"00:00:00:6F:02:1C 10.16.0.15\"]\n port fake-kubelet-67c55dfd89-pv86k.kube-system\n addresses: [\"00:00:00:5C:12:E8 10.16.19.177\"]\n port ovn-default-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-default\nrouter 212f73dd-d63d-4d72-864b-a537e9afbee1 (ovn-cluster)\n port ovn-cluster-snat\n mac: \"00:00:00:7A:82:8F\"\n networks: [\"172.22.0.1/16\"]\n port ovn-cluster-join\n mac: \"00:00:00:F8:18:5A\"\n networks: [\"100.64.0.1/16\"]\n port ovn-cluster-central\n mac: \"00:00:00:4D:8C:F5\"\n networks: [\"192.101.0.1/16\"]\n port ovn-cluster-ovn-default\n mac: \"00:00:00:A3:F8:18\"\n networks: [\"10.16.0.1/16\"]\n
"},{"location":"en/ops/kubectl-ko/#vsctl-nodename-options","title":"vsctl {nodeName} [options ...]","text":"This command will go to the ovs-ovn container on the corresponding nodeName and execute the corresponding ovs-vsctl command to query and configure vswitchd. For more detailed usage of this command, please refer to the official documentation of the upstream OVS ovs-vsctl(8)\u3002
# kubectl ko vsctl kube-ovn-01 show\n0d4c4675-c9cc-440a-8c1a-878e17f81b88\n Bridge br-int\n fail_mode: secure\n datapath_type: system\n Port a2c1a8a8b83a_h\n Interface a2c1a8a8b83a_h\n Port \"4fa5c4cbb1a5_h\"\n Interface \"4fa5c4cbb1a5_h\"\n Port ovn-eef07d-0\n Interface ovn-eef07d-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.178\"}\n Port ovn0\n Interface ovn0\n type: internal\n Port mirror0\n Interface mirror0\n type: internal\n Port ovn-efa253-0\n Interface ovn-efa253-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.177\"}\n Port br-int\n Interface br-int\n type: internal\n ovs_version: \"2.17.2\"\n
"},{"location":"en/ops/kubectl-ko/#ofctl-nodename-options","title":"ofctl {nodeName} [options ...]","text":"This command will go to the ovs-ovn container on the corresponding nodeName and execute the corresponding ovs-ofctl command to query or manage OpenFlow. For more detailed usage of this command, please refer to the official documentation of the upstream OVS ovs-ofctl(8)\u3002
# kubectl ko ofctl kube-ovn-01 dump-flows br-int\nNXST_FLOW reply (xid=0x4): flags=[more]\n cookie=0xcf3429e6, duration=671791.432s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=100,in_port=2 actions=load:0x4->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x1->NXM_NX_REG14[],resubmit(,8)\n cookie=0xc91413c6, duration=671791.431s, table=0, n_packets=907489, n_bytes=99978275, idle_age=0, hard_age=65534, priority=100,in_port=7 actions=load:0x1->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x4->NXM_NX_REG14[],resubmit(,8)\n cookie=0xf180459, duration=671791.431s, table=0, n_packets=17348582, n_bytes=2667811214, idle_age=0, hard_age=65534, priority=100,in_port=6317 actions=load:0xa->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x9->NXM_NX_REG14[],resubmit(,8)\n cookie=0x7806dd90, duration=671791.431s, table=0, n_packets=3235428, n_bytes=833821312, idle_age=0, hard_age=65534, priority=100,in_port=1 actions=load:0xd->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x3->NXM_NX_REG14[],resubmit(,8)\n...\n
"},{"location":"en/ops/kubectl-ko/#dpctl-nodename-options","title":"dpctl {nodeName} [options ...]","text":"This command will go to the ovs-ovn container on the corresponding nodeName and execute the corresponding ovs-dpctl command to query or manage the OVS datapath. For more detailed usage of this command, please refer to the official documentation of the upstream OVS ovs-dpctl(8)\u3002
# kubectl ko dpctl kube-ovn-01 show\nsystem@ovs-system:\n lookups: hit:350805055 missed:21983648 lost:73\n flows: 105\n masks: hit:1970748791 total:22 hit/pkt:5.29\n port 0: ovs-system (internal)\n port 1: ovn0 (internal)\n port 2: mirror0 (internal)\n port 3: br-int (internal)\n port 4: stt_sys_7471 (stt: packet_type=ptap)\n port 5: eeb4d9e51b5d_h\n port 6: a2c1a8a8b83a_h\n port 7: 4fa5c4cbb1a5_h\n
"},{"location":"en/ops/kubectl-ko/#appctl-nodename-options","title":"appctl {nodeName} [options ...]","text":"This command will enter the ovs-ovn container on the corresponding nodeName and execute the corresponding ovs-appctl command to operate the associated daemon process. For more detailed usage of this command, please refer to the official documentation of the upstream OVS ovs-appctl(8)\u3002
# kubectl ko appctl kube-ovn-01 vlog/list\n console syslog file\n ------- ------ ------\nbacktrace OFF ERR INFO\nbfd OFF ERR INFO\nbond OFF ERR INFO\nbridge OFF ERR INFO\nbundle OFF ERR INFO\nbundles OFF ERR INFO\n...\n
"},{"location":"en/ops/kubectl-ko/#tcpdump-namespacepodname-tcpdump-options","title":"tcpdump {namespace/podname} [tcpdump options ...]","text":"This command will enter the kube-ovn-cni container on the machine where namespace/podname is located, and run tcpdump to capture the traffic on the veth NIC of the corresponding container, which can be used to troubleshoot network-related problems.
# kubectl ko tcpdump default/ds1-l6n7p icmp\n+ kubectl exec -it kube-ovn-cni-wlg4s -n kube-ovn -- tcpdump -nn -i d7176fe7b4e0_h icmp\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\nlistening on d7176fe7b4e0_h, link-type EN10MB (Ethernet), capture size 262144 bytes\n06:52:36.619688 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 1, length 64\n06:52:36.619746 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 1, length 64\n06:52:37.619588 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 2, length 64\n06:52:37.619630 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 2, length 64\n06:52:38.619933 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 3, length 64\n06:52:38.619973 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 3, length 64\n
"},{"location":"en/ops/kubectl-ko/#trace-arguments","title":"trace [arguments ...]","text":"This command will print the OVN logical flow table and the final Openflow flow table when the Pod/node accesses an address through a specific protocol, so that it make locate flow table related problems during development or troubleshooting much easy.
Supported commands:
kubectl ko trace {namespace/podname} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]\nkubectl ko trace {namespace/podname} {target ip address} [target mac address] arp {request|reply}\nkubectl ko trace {node//nodename} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]\nkubectl ko trace {node//nodename} {target ip address} [target mac address] arp {request|reply}\n
Example:
# kubectl ko trace default/ds1-l6n7p 8.8.8.8 icmp\n+ kubectl exec ovn-central-5bc494cb5-np9hm -n kube-ovn -- ovn-trace --ct=new ovn-default 'inport == \"ds1-l6n7p.default\" && ip.ttl == 64 && icmp && eth.src == 0a:00:00:10:00:05 && ip4.src == 10.16.0.4 && eth.dst == 00:00:00:B8:CA:43 && ip4.dst == 8.8.8.8'\n# icmp,reg14=0xf,vlan_tci=0x0000,dl_src=0a:00:00:10:00:05,dl_dst=00:00:00:b8:ca:43,nw_src=10.16.0.4,nw_dst=8.8.8.8,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=0,icmp_code=0\n\ningress(dp=\"ovn-default\", inport=\"ds1-l6n7p.default\")\n-----------------------------------------------------\n 0. ls_in_port_sec_l2 (ovn-northd.c:4143): inport == \"ds1-l6n7p.default\" && eth.src == {0a:00:00:10:00:05}, priority 50, uuid 39453393\n next;\n 1. ls_in_port_sec_ip (ovn-northd.c:2898): inport == \"ds1-l6n7p.default\" && eth.src == 0a:00:00:10:00:05 && ip4.src == {10.16.0.4}, priority 90, uuid 81bcd485\n next;\n 3. ls_in_pre_acl (ovn-northd.c:3269): ip, priority 100, uuid 7b4f4971\n reg0[0] = 1;\n next;\n 5. ls_in_pre_stateful (ovn-northd.c:3396): reg0[0] == 1, priority 100, uuid 36cdd577\n ct_next;\n\nct_next(ct_state=new|trk)\n-------------------------\n 6. ls_in_acl (ovn-northd.c:3759): ip && (!ct.est || (ct.est && ct_label.blocked == 1)), priority 1, uuid 7608af5b\n reg0[1] = 1;\n next;\n10. ls_in_stateful (ovn-northd.c:3995): reg0[1] == 1, priority 100, uuid 2aba1b90\n ct_commit(ct_label=0/0x1);\n next;\n16. ls_in_l2_lkup (ovn-northd.c:4470): eth.dst == 00:00:00:b8:ca:43, priority 50, uuid 5c9c3c9f\n outport = \"ovn-default-ovn-cluster\";\n output;\n\n...\n
If the trace object is a virtual machine running in Underlay network, additional parameters is needed to specify the destination Mac address.
kubectl ko trace default/virt-handler-7lvml 8.8.8.8 82:7c:9f:83:8c:01 icmp\n
"},{"location":"en/ops/kubectl-ko/#diagnose-allnodesubnetipports-nodenamesubnetnameproto1-ip1-port1proto2-ip2-port2","title":"diagnose {all|node|subnet|IPPorts} [nodename|subnetName|{proto1}-{IP1}-{Port1},{proto2}-{IP2}-{Port2}]","text":"Diagnose the status of cluster network components and go to the corresponding node's kube-ovn-pinger to detect connectivity and network latency from the current node to other nodes and critical services.
# kubectl ko diagnose all\nswitch c7cd17e8-ceee-4a91-9bb3-e5a313fe1ece (snat)\n port snat-ovn-cluster\n type: router\n router-port: ovn-cluster-snat\nswitch 20e0c6d0-023a-4756-aec5-200e0c60f95d (join)\n port node-liumengxin-ovn3-192.168.137.178\n addresses: [\"00:00:00:64:FF:A8 100.64.0.4\"]\n port node-liumengxin-ovn1-192.168.137.176\n addresses: [\"00:00:00:AF:98:62 100.64.0.2\"]\n port join-ovn-cluster\n type: router\n router-port: ovn-cluster-join\nswitch 0191705c-f827-427b-9de3-3c3b7d971ba5 (central)\n port central-ovn-cluster\n type: router\n router-port: ovn-cluster-central\nswitch 2a45ff05-388d-4f85-9daf-e6fccd5833dc (ovn-default)\n port ovn-default-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-default\n port prometheus-k8s-1.monitoring\n addresses: [\"00:00:00:AA:37:DF 10.16.0.23\"]\nrouter 212f73dd-d63d-4d72-864b-a537e9afbee1 (ovn-cluster)\n port ovn-cluster-snat\n mac: \"00:00:00:7A:82:8F\"\n networks: [\"172.22.0.1/16\"]\n port ovn-cluster-join\n mac: \"00:00:00:F8:18:5A\"\n networks: [\"100.64.0.1/16\"]\n port ovn-cluster-central\n mac: \"00:00:00:4D:8C:F5\"\n networks: [\"192.101.0.1/16\"]\n port ovn-cluster-ovn-default\n mac: \"00:00:00:A3:F8:18\"\n networks: [\"10.16.0.1/16\"]\nRouting Policies\n 31000 ip4.dst == 10.16.0.0/16 allow\n 31000 ip4.dst == 100.64.0.0/16 allow\n 30000 ip4.dst == 192.168.137.177 reroute 100.64.0.3\n 30000 ip4.dst == 192.168.137.178 reroute 100.64.0.4\n 29000 ip4.src == $ovn.default.fake.6_ip4 reroute 100.64.0.22\n 29000 ip4.src == $ovn.default.fake.7_ip4 reroute 100.64.0.21\n 29000 ip4.src == $ovn.default.fake.8_ip4 reroute 100.64.0.23\n 29000 ip4.src == $ovn.default.liumengxin.ovn3.192.168.137.178_ip4 reroute 100.64.0.4\n 20000 ip4.src == $ovn.default.liumengxin.ovn1.192.168.137.176_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.2\n 20000 ip4.src == $ovn.default.liumengxin.ovn2.192.168.137.177_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.3\n 20000 ip4.src == $ovn.default.liumengxin.ovn3.192.168.137.178_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.4\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 100.64.0.1 dst-ip\nUUID LB PROTO VIP IPs\ne9bcfd9d-793e-4431-9073-6dec96b75d71 cluster-tcp-load tcp 10.100.209.132:10660 192.168.137.176:10660\n tcp 10.101.239.192:6641 192.168.137.177:6641\n tcp 10.101.240.101:3000 10.16.0.7:3000\n tcp 10.103.184.186:6642 192.168.137.177:6642\n35d2b7a5-e3a7-485a-a4b7-b4970eb0e63b cluster-tcp-sess tcp 10.100.158.128:8080 10.16.0.10:8080,10.16.0.5:8080,10.16.63.30:8080\n tcp 10.107.26.215:8080 10.16.0.19:8080,10.16.0.20:8080,10.16.0.21:8080\n tcp 10.107.26.215:9093 10.16.0.19:9093,10.16.0.20:9093,10.16.0.21:9093\n tcp 10.98.187.99:8080 10.16.0.22:8080,10.16.0.23:8080\n tcp 10.98.187.99:9090 10.16.0.22:9090,10.16.0.23:9090\nf43303e4-89aa-4d3e-a3dc-278a552fe27b cluster-udp-load udp 10.96.0.10:53 10.16.0.4:53,10.16.0.9:53\n_uuid : 06776304-5a96-43ed-90c4-c4854c251699\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn2_192.168.137.177_underlay_v6\n\n_uuid : 62690625-87d5-491c-8675-9fd83b1f433c\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn1_192.168.137.176_underlay_v6\n\n_uuid : b03a9bae-94d5-4562-b34c-b5f6198e180b\naddresses : [\"10.16.0.0/16\", \"100.64.0.0/16\", \"172.22.0.0/16\", \"192.101.0.0/16\"]\nexternal_ids : {vendor=kube-ovn}\nname : ovn.cluster.overlay.subnets.IPv4\n\n_uuid : e1056f3a-24cc-4666-8a91-75ee6c3c2426\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : ovn.cluster.overlay.subnets.IPv6\n\n_uuid : 3e5d5fff-e670-47b2-a2f5-a39f4698a8c5\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn3_192.168.137.178_underlay_v6\n_uuid : 2d85dbdc-d0db-4abe-b19e-cc806d32b492\naction : drop\ndirection : from-lport\nexternal_ids : {}\nlabel : 0\nlog : false\nmatch : \"inport==@ovn.sg.kubeovn_deny_all && ip\"\nmeter : []\nname : []\noptions : {}\npriority : 2003\nseverity : []\n\n_uuid : de790cc8-f155-405f-bb32-5a51f30c545f\naction : drop\ndirection : to-lport\nexternal_ids : {}\nlabel : 0\nlog : false\nmatch : \"outport==@ovn.sg.kubeovn_deny_all && ip\"\nmeter : []\nname : []\noptions : {}\npriority : 2003\nseverity : []\nChassis \"e15ed4d4-1780-4d50-b09e-ea8372ed48b8\"\n hostname: liumengxin-ovn1-192.168.137.176\n Encap stt\n ip: \"192.168.137.176\"\n options: {csum=\"true\"}\n Port_Binding node-liumengxin-ovn1-192.168.137.176\n Port_Binding perf-6vxkn.default\n Port_Binding kube-state-metrics-5d6885d89-4nf8h.monitoring\n Port_Binding alertmanager-main-0.monitoring\n Port_Binding kube-ovn-pinger-6ftdf.kube-system\n Port_Binding fake-kubelet-67c55dfd89-pv86k.kube-system\n Port_Binding prometheus-k8s-0.monitoring\nChassis \"eef07da1-f8ad-4775-b14d-bd6a3b4eb0d5\"\n hostname: liumengxin-ovn3-192.168.137.178\n Encap stt\n ip: \"192.168.137.178\"\n options: {csum=\"true\"}\n Port_Binding kube-ovn-pinger-7twb4.kube-system\n Port_Binding prometheus-adapter-86df476d87-rl88g.monitoring\n Port_Binding prometheus-k8s-1.monitoring\n Port_Binding node-liumengxin-ovn3-192.168.137.178\n Port_Binding perf-ff475.default\n Port_Binding alertmanager-main-1.monitoring\n Port_Binding blackbox-exporter-676d976865-tvsjd.monitoring\nChassis \"efa253c9-494d-4719-83ae-b48ab0f11c03\"\n hostname: liumengxin-ovn2-192.168.137.177\n Encap stt\n ip: \"192.168.137.177\"\n options: {csum=\"true\"}\n Port_Binding grafana-6c4c6b8fb7-pzd2c.monitoring\n Port_Binding node-liumengxin-ovn2-192.168.137.177\n Port_Binding alertmanager-main-2.monitoring\n Port_Binding coredns-6789c94dd8-9jqsz.kube-system\n Port_Binding coredns-6789c94dd8-25d4r.kube-system\n Port_Binding prometheus-operator-7bbc99fc8b-wgjm4.monitoring\n Port_Binding prometheus-adapter-86df476d87-gdxmc.monitoring\n Port_Binding perf-fjnws.default\n Port_Binding kube-ovn-pinger-vh2xg.kube-system\nds kube-proxy ready\nkube-proxy ready\ndeployment ovn-central ready\ndeployment kube-ovn-controller ready\nds kube-ovn-cni ready\nds ovs-ovn ready\ndeployment coredns ready\novn-nb leader check ok\novn-sb leader check ok\novn-northd leader check ok\n### kube-ovn-controller recent log\n\n### start to diagnose node liumengxin-ovn1-192.168.137.176\n#### ovn-controller log:\n2022-06-03T00:56:44.897Z|16722|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:06:44.912Z|16723|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:16:44.925Z|16724|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:26:44.936Z|16725|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:36:44.959Z|16726|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:46:44.974Z|16727|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:56:44.988Z|16728|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:06:45.001Z|16729|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:16:45.025Z|16730|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:26:45.040Z|16731|inc_proc_eng|INFO|User triggered force recompute.\n\n#### ovs-vswitchd log:\n2022-06-02T23:03:00.137Z|00079|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:f9d1\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-02T23:23:31.840Z|00080|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:15b2\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T00:09:15.659Z|00081|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:dc:e3:63,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.63.30,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:e5a5\n with metadata skb_priority(0),tunnel(tun_id=0x150017000004,src=192.168.137.178,dst=192.168.137.176,ttl=64,tp_src=9239,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.63.30,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T00:30:13.409Z|00064|dpif(handler2)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:6b4a\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T02:02:33.832Z|00082|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:a819\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n\n#### ovs-vsctl show results:\n0d4c4675-c9cc-440a-8c1a-878e17f81b88\n Bridge br-int\n fail_mode: secure\n datapath_type: system\n Port a2c1a8a8b83a_h\n Interface a2c1a8a8b83a_h\n Port \"4fa5c4cbb1a5_h\"\n Interface \"4fa5c4cbb1a5_h\"\n Port ovn-eef07d-0\n Interface ovn-eef07d-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.178\"}\n Port ovn0\n Interface ovn0\n type: internal\n Port \"04d03360e9a0_h\"\n Interface \"04d03360e9a0_h\"\n Port eeb4d9e51b5d_h\n Interface eeb4d9e51b5d_h\n Port mirror0\n Interface mirror0\n type: internal\n Port \"8e5d887ccd80_h\"\n Interface \"8e5d887ccd80_h\"\n Port ovn-efa253-0\n Interface ovn-efa253-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.177\"}\n Port \"17512d5be1f1_h\"\n Interface \"17512d5be1f1_h\"\n Port br-int\n Interface br-int\n type: internal\n ovs_version: \"2.17.2\"\n\n#### pinger diagnose results:\nI0603 10:35:04.349404 17619 pinger.go:19]\n-------------------------------------------------------------------------------\nKube-OVN:\n Version: v1.12.12\n Build: 2022-04-24_08:02:50\n Commit: git-73f9d15\n Go Version: go1.17.8\n Arch: amd64\n-------------------------------------------------------------------------------\nI0603 10:35:04.376797 17619 config.go:166] pinger config is &{KubeConfigFile: KubeClient:0xc000493380 Port:8080 DaemonSetNamespace:kube-system DaemonSetName:kube-ovn-pinger Interval:5 Mode:job ExitCode:0 InternalDNS:kubernetes.default ExternalDNS: NodeName:liumengxin-ovn1-192.168.137.176 HostIP:192.168.137.176 PodName:kube-ovn-pinger-6ftdf PodIP:10.16.0.10 PodProtocols:[IPv4] ExternalAddress: NetworkMode:kube-ovn PollTimeout:2 PollInterval:15 SystemRunDir:/var/run/openvswitch DatabaseVswitchName:Open_vSwitch DatabaseVswitchSocketRemote:unix:/var/run/openvswitch/db.sock DatabaseVswitchFileDataPath:/etc/openvswitch/conf.db DatabaseVswitchFileLogPath:/var/log/openvswitch/ovsdb-server.log DatabaseVswitchFilePidPath:/var/run/openvswitch/ovsdb-server.pid DatabaseVswitchFileSystemIDPath:/etc/openvswitch/system-id.conf ServiceVswitchdFileLogPath:/var/log/openvswitch/ovs-vswitchd.log ServiceVswitchdFilePidPath:/var/run/openvswitch/ovs-vswitchd.pid ServiceOvnControllerFileLogPath:/var/log/ovn/ovn-controller.log ServiceOvnControllerFilePidPath:/var/run/ovn/ovn-controller.pid}\nI0603 10:35:04.449166 17619 exporter.go:75] liumengxin-ovn1-192.168.137.176: exporter connect successfully\nI0603 10:35:04.554011 17619 ovn.go:21] ovs-vswitchd and ovsdb are up\nI0603 10:35:04.651293 17619 ovn.go:33] ovn_controller is up\nI0603 10:35:04.651342 17619 ovn.go:39] start to check port binding\nI0603 10:35:04.749613 17619 ovn.go:135] chassis id is 1d7f3d6c-eec5-4b3c-adca-2969d9cdfd80\nI0603 10:35:04.763487 17619 ovn.go:49] port in sb is [node-liumengxin-ovn1-192.168.137.176 perf-6vxkn.default kube-state-metrics-5d6885d89-4nf8h.monitoring alertmanager-main-0.monitoring kube-ovn-pinger-6ftdf.kube-system fake-kubelet-67c55dfd89-pv86k.kube-system prometheus-k8s-0.monitoring]\nI0603 10:35:04.763583 17619 ovn.go:61] ovs and ovn-sb binding check passed\nI0603 10:35:05.049309 17619 ping.go:259] start to check apiserver connectivity\nI0603 10:35:05.053666 17619 ping.go:268] connect to apiserver success in 4.27ms\nI0603 10:35:05.053786 17619 ping.go:129] start to check pod connectivity\nI0603 10:35:05.249590 17619 ping.go:159] ping pod: kube-ovn-pinger-6ftdf 10.16.0.10, count: 3, loss count 0, average rtt 16.30ms\nI0603 10:35:05.354135 17619 ping.go:159] ping pod: kube-ovn-pinger-7twb4 10.16.63.30, count: 3, loss count 0, average rtt 1.81ms\nI0603 10:35:05.458460 17619 ping.go:159] ping pod: kube-ovn-pinger-vh2xg 10.16.0.5, count: 3, loss count 0, average rtt 1.92ms\nI0603 10:35:05.458523 17619 ping.go:83] start to check node connectivity\n
If the target of diagnose is specified as subnet, the script will create a daemonset on the subnet, and kube-ovn-pinger will detect the connectivity and network delay of all pods in this daemonset, and automatically destroy the daemonset after the test.
If the target of diagnose is specified as IPPorts, the script will let each kube-ovn-pinger pod detect whether the target protocol, IP, and Port are reachable.
"},{"location":"en/ops/kubectl-ko/#tuning-install-fastpathlocal-install-fastpathremove-fastpathinstall-sttlocal-install-sttremove-stt-centos7centos8-kernel-devel-version","title":"tuning {install-fastpath|local-install-fastpath|remove-fastpath|install-stt|local-install-stt|remove-stt} {centos7|centos8}} [kernel-devel-version]","text":"This command performs performance tuning related operations, please refer to Performance Tunning.
"},{"location":"en/ops/kubectl-ko/#reload","title":"reload","text":"This command restarts all Kube-OVN related components:
# kubectl ko reload\npod \"ovn-central-8684dd94bd-vzgcr\" deleted\nWaiting for deployment \"ovn-central\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"ovn-central\" successfully rolled out\npod \"ovs-ovn-bsnvz\" deleted\npod \"ovs-ovn-m9b98\" deleted\npod \"kube-ovn-controller-8459db5ff4-64c62\" deleted\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\npod \"kube-ovn-cni-2klnh\" deleted\npod \"kube-ovn-cni-t2jz4\" deleted\nWaiting for daemon set \"kube-ovn-cni\" rollout to finish: 0 of 2 updated pods are available...\nWaiting for daemon set \"kube-ovn-cni\" rollout to finish: 1 of 2 updated pods are available...\ndaemon set \"kube-ovn-cni\" successfully rolled out\npod \"kube-ovn-pinger-ln72z\" deleted\npod \"kube-ovn-pinger-w8lrk\" deleted\nWaiting for daemon set \"kube-ovn-pinger\" rollout to finish: 0 of 2 updated pods are available...\nWaiting for daemon set \"kube-ovn-pinger\" rollout to finish: 1 of 2 updated pods are available...\ndaemon set \"kube-ovn-pinger\" successfully rolled out\npod \"kube-ovn-monitor-7fb67d5488-7q6zb\" deleted\nWaiting for deployment \"kube-ovn-monitor\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"kube-ovn-monitor\" successfully rolled out\n
"},{"location":"en/ops/kubectl-ko/#log","title":"log","text":"Using this command will capture the logs of Kube-OVN, OVN, Openvswitch on all nodes of kube-ovn and some debug information commonly used in linux.
# kubectl ko log all\nCollecting kube-ovn logging files\nCollecting ovn logging files\nCollecting openvswitch logging files\nCollecting linux dmesg files\nCollecting linux iptables-legacy files\nCollecting linux iptables-nft files\nCollecting linux route files\nCollecting linux link files\nCollecting linux neigh files\nCollecting linux memory files\nCollecting linux top files\nCollecting linux sysctl files\nCollecting linux netstat files\nCollecting linux addr files\nCollecting linux ipset files\nCollecting linux tcp files\nCollected files have been saved in the directory /root/kubectl-ko-log\n
The directory is as follows:
# tree kubectl-ko-log/\nkubectl-ko-log/\n|-- kube-ovn-control-plane\n| |-- kube-ovn\n| | |-- kube-ovn-cni.log\n| | |-- kube-ovn-monitor.log\n| | `-- kube-ovn-pinger.log\n| |-- linux\n| | |-- addr.log\n| | |-- dmesg.log\n| | |-- ipset.log\n| | |-- iptables-legacy.log\n| | |-- iptables-nft.log\n| | |-- link.log\n| | |-- memory.log\n| | |-- neigh.log\n| | |-- netstat.log\n| | |-- route.log\n| | |-- sysctl.log\n| | |-- tcp.log\n| | `-- top.log\n| |-- openvswitch\n| | |-- ovs-vswitchd.log\n| | `-- ovsdb-server.log\n| `-- ovn\n| |-- ovn-controller.log\n| |-- ovn-northd.log\n| |-- ovsdb-server-nb.log\n| `-- ovsdb-server-sb.log\n
"},{"location":"en/ops/kubectl-ko/#perf-image","title":"perf [image]","text":"This command will test some performance indicators of Kube-OVN as follows:
- The performance indicators of the container network;
- Hostnetwork network performance indicators;
- Container network multicast packet performance indicators;
- Time required for OVN-NB, OVN-SB, and OVN-Northd leader deletion recovery. The parameter image is used to specify the image used by the performance test pod. By default, it is
kubeovn/test:v1.12.0. This parameter is mainly set for offline scenarios, and the image name may change when the image is pulled to the intranet environment.
# kubectl ko perf\n============================== Prepareing Performance Test Resources ===============================\npod/test-client created\npod/test-host-client created\npod/test-server created\npod/test-host-server created\nservice/test-server created\npod/test-client condition met\npod/test-host-client condition met\npod/test-host-server condition met\npod/test-server condition met\n====================================================================================================\n============================ Start Pod Network Unicast Performance Test ============================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 82.8 us 97.7 Mbits/sec 67.6 us (0%) 8.42 Mbits/sec\n128 85.4 us 167 Mbits/sec 67.2 us (0%) 17.2 Mbits/sec\n512 85.8 us 440 Mbits/sec 68.7 us (0%) 68.4 Mbits/sec\n1k 85.1 us 567 Mbits/sec 68.7 us (0%) 134 Mbits/sec\n4k 138 us 826 Mbits/sec 78.1 us (1.4%) 503 Mbits/sec\n====================================================================================================\n=============================== Start Host Network Performance Test ================================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 49.7 us 120 Mbits/sec 37.9 us (0%) 18.6 Mbits/sec\n128 49.7 us 200 Mbits/sec 38.1 us (0%) 35.5 Mbits/sec\n512 51.9 us 588 Mbits/sec 38.9 us (0%) 142 Mbits/sec\n1k 51.7 us 944 Mbits/sec 37.2 us (0%) 279 Mbits/sec\n4k 74.9 us 1.66 Gbits/sec 39.9 us (0%) 1.20 Gbits/sec\n====================================================================================================\n============================== Start Service Network Performance Test ==============================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 111 us 96.3 Mbits/sec 88.4 us (0%) 7.59 Mbits/sec\n128 83.7 us 150 Mbits/sec 69.2 us (0%) 16.9 Mbits/sec\n512 87.4 us 374 Mbits/sec 75.8 us (0%) 60.9 Mbits/sec\n1k 88.2 us 521 Mbits/sec 73.1 us (0%) 123 Mbits/sec\n4k 148 us 813 Mbits/sec 77.6 us (0.0044%) 451 Mbits/sec\n====================================================================================================\n=========================== Start Pod Multicast Network Performance Test ===========================\nSize UDP Latency UDP Lost Rate UDP Bandwidth\n64 0.014 ms (0.17%) 5.80 Mbits/sec\n128 0.012 ms (0%) 11.4 Mbits/sec\n512 0.016 ms (0%) 46.1 Mbits/sec\n1k 0.023 ms (0.073%) 89.8 Mbits/sec\n4k 0.035 ms (1.3%) 126 Mbits/sec\n====================================================================================================\n============================= Start Host Multicast Network Performance =============================\nSize UDP Latency UDP Lost Rate UDP Bandwidth\n64 0.007 ms (0%) 9.95 Mbits/sec\n128 0.005 ms (0%) 21.8 Mbits/sec\n512 0.008 ms (0%) 86.8 Mbits/sec\n1k 0.013 ms (0.045%) 168 Mbits/sec\n4k 0.010 ms (0.31%) 242 Mbits/sec\n====================================================================================================\n================================== Start Leader Recover Time Test ==================================\nDelete ovn central nb pod\npod \"ovn-central-5cb9c67d75-tlz9w\" deleted\nWaiting for ovn central nb pod running\n=============================== OVN nb Recovery takes 3.305236803 s ================================\nDelete ovn central sb pod\npod \"ovn-central-5cb9c67d75-szx4c\" deleted\nWaiting for ovn central sb pod running\n=============================== OVN sb Recovery takes 3.462698535 s ================================\nDelete ovn central northd pod\npod \"ovn-central-5cb9c67d75-zqmqv\" deleted\nWaiting for ovn central northd pod running\n============================= OVN northd Recovery takes 2.691291403 s ==============================\n====================================================================================================\n================================= Remove Performance Test Resource =================================\nrm -f unicast-test-client.log\nrm -f unicast-test-host-client.log\nrm -f unicast-test-client.log\nkubectl ko nbctl lb-del test-server\nrm -f multicast-test-server.log\nkubectl exec ovs-ovn-gxdrf -n kube-system -- ip maddr del 01:00:5e:00:00:64 dev eth0\nkubectl exec ovs-ovn-h57bf -n kube-system -- ip maddr del 01:00:5e:00:00:64 dev eth0\nrm -f multicast-test-host-server.log\npod \"test-client\" deleted\npod \"test-host-client\" deleted\npod \"test-host-server\" deleted\npod \"test-server\" deleted\nservice \"test-server\" deleted\n====================================================================================================\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/recover-db/","title":"OVN DB Backup and Recovery","text":"This document describes how to perform database backups and how to perform cluster recovery from existing database files in different situations.
"},{"location":"en/ops/recover-db/#database-backup","title":"Database Backup","text":"The database files can be backed up for recovery in case of failure. Use the backup command of the kubectl plugin:
# kubectl ko nb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnnb_db.060223191654183154.backup\n\n# kubectl ko sb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnsb_db.060223191654183154.backup\n
"},{"location":"en/ops/recover-db/#cluster-partial-nodes-failure-recovery","title":"Cluster Partial Nodes Failure Recovery","text":"If some nodes in the cluster are working abnormally due to power failure, file system failure or lack of disk space, but the cluster is still working normally, you can recover it by following the steps below.
"},{"location":"en/ops/recover-db/#check-the-logs-to-confirm-status","title":"Check the Logs to Confirm Status","text":"Check the log in /var/log/ovn/ovn-northd.log, if it shows similar error as follows, you can make sue that there is an exception in the database:
* ovn-northd is not running\novsdb-server: ovsdb error: error reading record 2739 from OVN_Northbound log: record 2739 advances commit index to 6308 but last log index is 6307\n * Starting ovsdb-nb\n
"},{"location":"en/ops/recover-db/#kick-node-from-cluster","title":"Kick Node from Cluster","text":"Select the corresponding database for the operation based on whether the log prompt is OVN_Northbound or OVN_Southbound. The above log prompt is OVN_Northbound then for ovn-nb do the following:
# kubectl ko nb status\n9182\nName: OVN_Northbound\nCluster ID: e75f (e75fa340-49ed-45ab-990e-26cb865ebc85)\nServer ID: 9182 (9182e8dd-b5b0-4dd8-8518-598cc1e374f3)\nAddress: tcp:[10.0.128.61]:6643\nStatus: cluster member\nRole: leader\nTerm: 1454\nLeader: self\nVote: self\n\nLast Election started 1732603 ms ago, reason: timeout\nLast Election won: 1732587 ms ago\nElection timer: 1000\nLog: [7332, 12512]\nEntries not yet committed: 1\nEntries not yet applied: 1\nConnections: ->f080 <-f080 <-e631 ->e631\nDisconnections: 1\nServers:\n f080 (f080 at tcp:[10.0.129.139]:6643) next_index=12512 match_index=12510 last msg 63 ms ago\n 9182 (9182 at tcp:[10.0.128.61]:6643) (self) next_index=10394 match_index=12510\n e631 (e631 at tcp:[10.0.131.173]:6643) next_index=12512 match_index=0\n
Kick abnormal nodes from the cluster:
kubectl ko nb kick e631\n
Log in to the abnormal node and delete the database file:
mv /etc/origin/ovn/ovnnb_db.db /tmp\n
Delete the ovn-central pod of the corresponding node and wait for the cluster to recover\uff1a
kubectl delete pod -n kube-system ovn-central-xxxx\n
"},{"location":"en/ops/recover-db/#recover-when-total-cluster-failed","title":"Recover when Total Cluster Failed","text":"If the majority of the cluster nodes are broken and the leader cannot be elected, please refer to the following steps to recover.
"},{"location":"en/ops/recover-db/#stop-ovn-central","title":"Stop ovn-central","text":"Record the current replicas of ovn-central and stop ovn-central to avoid new database changes that affect recovery:
kubectl scale deployment -n kube-system ovn-central --replicas=0\n
"},{"location":"en/ops/recover-db/#select-a-backup","title":"Select a Backup","text":"As most of the nodes are damaged, the cluster needs to be rebuilt by recovering from one of the database files. If you have previously backed up the database you can use the previous backup file to restore it. If not you can use the following steps to generate a backup from an existing file.
Since the database file in the default folder is a cluster format database file containing information about the current cluster, you can't rebuild the database directly with this file, you need to use ovsdb-tool cluster-to-standalone to convert the format.
Select the first node in the ovn-central environment variable NODE_IPS to restore the database files. If the database file of the first node is corrupted, copy the file from the other machine /etc/origin/ovn to the first machine. Run the following command to generate a database file backup.
docker run -it -v /etc/origin/ovn:/etc/ovn kubeovn/kube-ovn:v1.12.12 bash\ncd /etc/ovn/\novsdb-tool cluster-to-standalone ovnnb_db_standalone.db ovnnb_db.db\novsdb-tool cluster-to-standalone ovnsb_db_standalone.db ovnsb_db.db\n
"},{"location":"en/ops/recover-db/#delete-the-database-files-on-all-ovn-central-nodes","title":"Delete the Database Files on All ovn-central Nodes","text":"In order to avoid rebuilding the cluster with the wrong data, the existing database files need to be cleaned up:
mv /etc/origin/ovn/ovnnb_db.db /tmp\nmv /etc/origin/ovn/ovnsb_db.db /tmp\n
"},{"location":"en/ops/recover-db/#recovering-database-cluster","title":"Recovering Database Cluster","text":"Rename the backup databases to ovnnb_db.db and ovnsb_db.db respectively, and copy them to the /etc/origin/ovn/ directory of the first machine in the ovn-central environment variable NODE_IPS\uff1a
mv /etc/origin/ovn/ovnnb_db_standalone.db /etc/origin/ovn/ovnnb_db.db\nmv /etc/origin/ovn/ovnsb_db_standalone.db /etc/origin/ovn/ovnsb_db.db\n
Restore the number of replicas of ovn-central\uff1a
kubectl scale deployment -n kube-system ovn-central --replicas=3\nkubectl rollout status deployment/ovn-central -n kube-system\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/architecture/","title":"Architecture","text":"This document describes the general architecture of Kube-OVN, the functionality of each component and how they interact with each other.
Overall, Kube-OVN serves as a bridge between Kubernetes and OVN, combining proven SDN with Cloud Native. This means that Kube-OVN not only implements network specifications under Kubernetes, such as CNI, Service and Networkpolicy, but also brings a large number of SDN domain capabilities to cloud-native, such as logical switches, logical routers, VPCs, gateways, QoS, ACLs and traffic mirroring.
Kube-OVN also maintains a good openness to integrate with many technology solutions, such as Cilium, Submariner, Prometheus, KubeVirt, etc.
"},{"location":"en/reference/architecture/#component-introduction","title":"Component Introduction","text":"The components of Kube-OVN can be broadly divided into three categories.
- Upstream OVN/OVS components.
- Core Controller and Agent.
- Monitoring, operation and maintenance tools and extension components.
"},{"location":"en/reference/architecture/#upstream-ovnovs-components","title":"Upstream OVN/OVS Components","text":"This type of component comes from the OVN/OVS community with specific modifications for Kube-OVN usage scenarios. OVN/OVS itself is a mature SDN system for managing virtual machines and containers, and we strongly recommend that users interested in the Kube-OVN implementation read ovn-architecture(7) first to understand what OVN is and how to integrate with it. Kube-OVN uses the northbound interface of OVN to create and coordinate virtual networks and map the network concepts into Kubernetes.
All OVN/OVS-related components have been packaged into images and are ready to run in Kubernetes.
"},{"location":"en/reference/architecture/#ovn-central","title":"ovn-central","text":"The ovn-central Deployment runs the control plane components of OVN, including ovn-nb, ovn-sb, and ovn-northd.
ovn-nb: Saves the virtual network configuration and provides an API for virtual network management. kube-ovn-controller will mainly interact with ovn-nb to configure the virtual network.ovn-sb: Holds the logical flow table generated from the logical network of ovn-nb, as well as the actual physical network state of each node.ovn-northd: translates the virtual network of ovn-nb into a logical flow table in ovn-sb.
Multiple instances of ovn-central will synchronize data via the Raft protocol to ensure high availability.
"},{"location":"en/reference/architecture/#ovs-ovn","title":"ovs-ovn","text":"ovs-ovn runs as a DaemonSet on each node, with openvswitch, ovsdb, and ovn-controller running inside the Pod. These components act as agents for ovn-central to translate logical flow tables into real network configurations.
"},{"location":"en/reference/architecture/#core-controller-and-agent","title":"Core Controller and Agent","text":"This part is the core component of Kube-OVN, serving as a bridge between OVN and Kubernetes, bridging the two systems and translating network concepts between them. Most of the core functions are implemented in these components.
"},{"location":"en/reference/architecture/#kube-ovn-controller","title":"kube-ovn-controller","text":"This component performs the translation of all resources within Kubernetes to OVN resources and acts as the control plane for the entire Kube-OVN system. The kube-ovn-controller listens for events on all resources related to network functionality and updates the logical network within the OVN based on resource changes. The main resources listened including:
Pod\uff0cService\uff0cEndpoint\uff0cNode\uff0cNetworkPolicy\uff0cVPC\uff0cSubnet\uff0cVlan\uff0cProviderNetwork\u3002
Taking the Pod event as an example, kube-ovn-controller listens to the Pod creation event, allocates the address via the built-in in-memory IPAM function, and calls ovn-central to create logical ports, static routes and possible ACL rules. Next, kube-ovn-controller writes the assigned address and subnet information such as CIDR, gateway, route, etc. to the annotation of the Pod. This annotation is then read by kube-ovn-cni and used to configure the local network.
"},{"location":"en/reference/architecture/#kube-ovn-cni","title":"kube-ovn-cni","text":"This component runs on each node as a DaemonSet, implements the CNI interface, and operates the local OVS to configure the local network.
This DaemonSet copies the kube-ovn binary to each machine as a tool for interaction between kubelet and kube-ovn-cni. This binary sends the corresponding CNI request to kube-ovn-cni for further operation. The binary will be copied to the /opt/cni/bin directory by default.
kube-ovn-cni will configure the specific network to perform the appropriate traffic operations, and the main tasks including:
- Config
ovn-controller and vswitchd. - Handle CNI Add/Del requests:
- Create or delete veth pair and bind or unbind to OVS ports.
- Configure OVS ports
- Update host iptables/ipset/route rules.
- Dynamically update the network QoS.
- Create and configure the
ovn0 NIC to connect the container network and the host network. - Configure the host NIC to implement Vlan/Underlay/EIP.
- Dynamically config inter-cluster gateways.
"},{"location":"en/reference/architecture/#monitoring-operation-and-maintenance-tools-and-extension-components","title":"Monitoring, Operation and Maintenance Tools and Extension Components","text":"These components provide monitoring, diagnostics, operations tools, and external interface to extend the core network capabilities of Kube-OVN and simplify daily operations and maintenance.
"},{"location":"en/reference/architecture/#kube-ovn-speaker","title":"kube-ovn-speaker","text":"This component is a DaemonSet running on a specific labeled nodes that publish routes to the external, allowing external access to the container directly through the Pod IP.
For more information on how to use it, please refer to BGP Support.
"},{"location":"en/reference/architecture/#kube-ovn-pinger","title":"kube-ovn-pinger","text":"This component is a DaemonSet running on each node to collect OVS status information, node network quality, network latency, etc. The monitoring metrics collected can be found in Metrics.
"},{"location":"en/reference/architecture/#kube-ovn-monitor","title":"kube-ovn-monitor","text":"This component collects OVN status information and the monitoring metrics, all metrics can be found in Metrics.
"},{"location":"en/reference/architecture/#kubectl-ko","title":"kubectl-ko","text":"This component is a kubectl plugin, which can quickly run common operations, for more usage, please refer to [kubectl plugin].(../ops/kubectl-ko.en.md)\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/dev-env/","title":"Development Setup","text":""},{"location":"en/reference/dev-env/#environmental-preparation","title":"Environmental Preparation","text":"Kube-OVN uses Golang 1.20 to develop and Go Modules to manage dependency, please check env GO111MODULE=\"on\"\u3002
gosec is used to scan for code security related issues and requires to be installed in the development environment:
go install github.com/securego/gosec/v2/cmd/gosec@latest\n
To reduce the size of the final generated image, Kube-OVN uses some of the Docker buildx experimental features, please update Docker to the latest version and enable buildx:
docker buildx create --use\n
"},{"location":"en/reference/dev-env/#build-image","title":"Build Image","text":"Use the following command to download the code and generate the image required to run Kube-OVN:
git clone https://github.com/kubeovn/kube-ovn.git\ncd kube-ovn\nmake release\n
To build an image to run in an ARM environment, run the following command:
make release-arm\n
"},{"location":"en/reference/dev-env/#building-the-base-image","title":"Building the Base Image","text":"If you need to change the operating system version, dependencies, OVS/OVN code, etc., you need to rebuild the base image.
The Dockerfile used for the base image is dist/images/Dockerfile.base.
Build instructions:
# build x86 base image\nmake base-amd64\n\n# build arm base image\nmake base-arm64\n
"},{"location":"en/reference/dev-env/#run-e2e","title":"Run E2E","text":"Kube-OVN uses KIND to build local Kubernetes cluster, j2cli to render templates, and Ginkgo to run test cases. Please refer to the relevant documentation for dependency installation.
Run E2E locally:
make kind-init\nmake kind-install\nmake e2e\n
To run the Underlay E2E test, run the following commands:
make kind-init\nmake kind-install-underlay\nmake e2e-underlay-single-nic\n
To run the ovn vpc nat gw eip, fip, snat, dnat E2E test, run the following commands:
make kind-init\nmake kind-install\nmake ovn-vpc-nat-gw-conformance-e2e\n
To run the iptables vpc nat gw eip, fip, snat, dnat E2E test, run the following commands:
make kind-init\nmake kind-install\nmake kind-install-vpc-nat-gw\nmake iptables-vpc-nat-gw-conformance-e2e\n
To run the loadbalancer service E2E test, run the following commands:
make kind-init\nmake kind-install\nmake kind-install-lb-svc\nmake kube-ovn-lb-svc-conformance-e2e\n
To clean, run the following commands:
make kind-clean\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/document-convention/","title":"Document Specification","text":"In order to ensure a consistent document style, please follow the following style guidelines when submitting documents.
"},{"location":"en/reference/document-convention/#punctuation","title":"Punctuation","text":"All punctuation in the text content in Chinese documents should use Chinese format punctuation, and all text content in English documents should use English punctuation.
BadGood Here is a one-click installation script that can help you quickly install a highly available, production-ready container network. Here is a one-click installation script that can help you quickly install a highly available, production-ready container network. English numbers and Chinese characters should be separated by spaces.
BadGood Kube-OVN provides a one-click installation script to install version 1.10 of Kube-OVN. Kube-OVN provides a one-click installation script to install version 1.10 of Kube-OVN. Example content should start with :, other sentences should end with . End.
BadGood Please confirm that the environment configuration is correct before installation Download the installation script using the command below. wget 127.0.0.1\n
Please confirm that the environment configuration is correct before installation. Download the installation script using the following command: wget 127.0.0.1\n
"},{"location":"en/reference/document-convention/#code-block","title":"Code Block","text":"yaml code blocks need to be identified as yaml.
BadGood ````\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\n````\n
````yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\n````\n
Command-line manipulation example code blocks need to be identified as bash.
BadGood ````\nwget 127.0.0.1\n````\n
````bash\nwget 127.0.0.1\n````\n
If the command line operation example contains output content, the executed command needs to start with # to distinguish input from output.
BadGood oilbeater@macdeMac-3 ~ ping 114.114.114.114 -c 3\nPING 114.114.114.114 (114.114.114.114): 56 data bytes\n64 bytes from 114.114.114.114: icmp_seq=0 ttl=83 time=10.429 ms\n64 bytes from 114.114.114.114: icmp_seq=1 ttl=79 time=11.360 ms\n64 bytes from 114.114.114.114: icmp_seq=2 ttl=76 time=10.794 ms\n\n--- 114.114.114.114 ping statistics ---\n3 packets transmitted, 3 packets received, 0.0% packet loss\nround-trip min/avg/max/stddev = 10.429/10.861/11.360/0.383 ms\n
# ping 114.114.114.114 -c 3\nPING 114.114.114.114 (114.114.114.114): 56 data bytes\n64 bytes from 114.114.114.114: icmp_seq=0 ttl=83 time=10.429 ms\n64 bytes from 114.114.114.114: icmp_seq=1 ttl=79 time=11.360 ms\n64 bytes from 114.114.114.114: icmp_seq=2 ttl=76 time=10.794 ms\n\n--- 114.114.114.114 ping statistics ---\n3 packets transmitted, 3 packets received, 0.0% packet loss\nround-trip min/avg/max/stddev = 10.429/10.861/11.360/0.383 ms\n
If the command line operation example only contains execution commands and no output results, multiple commands do not need to start with #.
BadGood # mv /etc/origin/ovn/ovnnb_db.db /tmp\n# mv /etc/origin/ovn/ovnsb_db.db /tmp\n
mv /etc/origin/ovn/ovnnb_db.db /tmp\nmv /etc/origin/ovn/ovnsb_db.db /tmp\n
"},{"location":"en/reference/document-convention/#link","title":"Link","text":"Links in the site use the corresponding md file path.
BadGood Please refer to [Preparation](http://kubeovn.github.io/prepare) before installation.\n
Please refer to [Preparation](./prepare.md) before installation.\n
BadGood If you have any questions, please refer to [Kubernetes Documentation](http://kubernetes.io).\n
If you have any questions, please refer to [Kubernetes Documentation](http://kubernetes.io){: target=\"_blank\" }.\n
"},{"location":"en/reference/document-convention/#empty-line","title":"Empty Line","text":"Different logical blocks, such as title and text, text and code, text and number need to be separated by blank lines.
BadGood Download the script below to install it:\n```bash\nwget 127.0.0.1\n```\n
Download the script below to install it:\n\n```bash\nwget 127.0.0.1\n```\n
Separate logical blocks with only one blank line.
BadGood Download the script below to install it:\n\n\n\n```bash\nwget 127.0.0.1\n```\n
Download the script below to install it:\n\n```bash\nwget 127.0.0.1\n```\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/feature-stage/","title":"Feature Stage","text":"In Kube-OVN, feature stage is classified into Alpha, Beta and GA, based on the degree of feature usage, documentation and test coverage.
"},{"location":"en/reference/feature-stage/#definition-of-stage","title":"Definition of Stage","text":"For Alpha stage functions:
- The feature is not fully documented and well tested.
- This feature may change or even be removed in the future.
- This feature API is not guaranteed to be stable and may be removed.
- Community provides low priority support for this feature and long-term support cannot be guaranteed.
- Since feature stability and long-term support cannot be guaranteed, it can be tested and verified, but is not recommended for production use.
For Beta stage functions:
- This feature is partially documented and tested, but complete coverage is not guaranteed.
- This feature may change in the future and the upgrade may affect the network, but it will not be removed as a whole.
- This feature API may change in the future and the fields may be adjusted, but not removed as a whole.
- This feature will be supported by the community in the long term.
- It can be used on non-critical services as the functionality will be supported for a long time, but it is not recommended for critical production service as there is a possibility of changes in functionality and APIs that may break the network.
For GA stage functions:
- The feature has full documentation and test coverage.
- The feature will remain stable and upgrades will be guaranteed to be smooth.
- This feature API is not subject to disruptive changes.
- This feature will be supported with high priority by the community and long-term support will be guaranteed.
"},{"location":"en/reference/feature-stage/#feature-stage-list","title":"Feature Stage List","text":"This list records the feature stages from the 1.8 release.
Feature Default Stage Since Until Namespaced Subnet true GA 1.8 Distributed Gateway true GA 1.8 Active-backup Centralized Gateway true GA 1.8 ECMP Centralized Gateway false Beta 1.8 Subnet ACL true Alpha 1.9 Subnet Isolation (Will be replaced by ACL later) true Beta 1.8 Underlay Subnet true GA 1.8 Multiple Pod Interface true Beta 1.8 Subnet DHCP false Alpha 1.10 Subnet with External Gateway false Alpha 1.8 Cluster Inter-Connection with OVN-IC false Beta 1.8 Cluster Inter-Connection with Submariner false Alpha 1.9 VIP Reservation true Alpha 1.10 Create Custom VPC true Beta 1.8 Custom VPC Floating IP/SNAT/DNAT true Alpha 1.10 Custom VPC Static Route true Alpha 1.10 Custom VPC Policy Route true Alpha 1.10 Custom VPC Security Group true Alpha 1.10 Container Bandwidth QoS true GA 1.8 linux-netem QoS true Alpha 1.9 Prometheus Integration false GA 1.8 Grafana Integration false GA 1.8 IPv4/v6 DualStack false GA 1.8 Default VPC EIP/SNAT false Beta 1.8 Traffic Mirroring false GA 1.8 NetworkPolicy true Beta 1.8 Webhook false Alpha 1.10 Performance Tunning false Beta 1.8 Interconnection with Routes in Overlay Mode false Alpha 1.8 BGP Support false Alpha 1.9 Cilium Integration false Alpha 1.10 Custom VPC Peering false Alpha 1.10 Mellanox Offload false Alpha 1.8 Corigine Offload false Alpha 1.10 Windows Support false Alpha 1.10 DPDK Support false Alpha 1.10 OpenStack Integration false Alpha 1.9 Single Pod Fixed IP/Mac true GA 1.8 Workload with Fixed IP true GA 1.8 StatefulSet with Fixed IP true GA 1.8 VM with Fixed IP false Beta 1.9 Load Balancer Type Service in Default VPC false Alpha 1.11 Load Balance in Custom VPC false Alpha 1.11 DNS in Custom VPC false Alpha 1.11 Underlay and Overlay Interconnection false Alpha 1.11 \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/iptables-rules/","title":"Iptables Rules","text":"Kube-OVN uses ipset and iptables to implement gateway NAT functionality in the default VPC overlay Subnets.
The ipset used is shown in the following table:
Name\uff08IPv4/IPv6\uff09 Type Usage ovn40services/ovn60services hash:net Service CIDR ovn40subnets/ovn60subnets hash:net Overlay Subnet CIDR and NodeLocal DNS IP address ovn40subnets-nat/ovn60subnets-nat hash:net Overlay Subnet CIDRs that enable NatOutgoing ovn40subnets-distributed-gw/ovn60subnets-distributed-gw hash:net Overlay Subnet CIDRs that use distributed gateway ovn40other-node/ovn60other-node hash:net Internal IP addresses for other Nodes ovn40local-pod-ip-nat/ovn60local-pod-ip-nat hash:ip Deprecated ovn40subnets-nat-policy hash:net All subnet cidrs configured with natOutgoingPolicyRules ovn40natpr-418e79269dc5-dst hash:net The dstIPs corresponding to the rule in natOutgoingPolicyRules ovn40natpr-418e79269dc5-src hash:net The srcIPs corresponding to the rule in natOutgoingPolicyRules The iptables rules (IPv4) used are shown in the following table:
Table Chain Rule Usage Note filter INPUT -m set --match-set ovn40services src -j ACCEPT Allow k8s service and pod traffic to pass through -- filter INPUT -m set --match-set ovn40services dst -j ACCEPT Allow k8s service and pod traffic to pass through -- filter INPUT -m set --match-set ovn40subnets src -j ACCEPT Allow k8s service and pod traffic to pass through -- filter INPUT -m set --match-set ovn40subnets dst -j ACCEPT Allow k8s service and pod traffic to pass through -- filter FORWARD -m set --match-set ovn40services src -j ACCEPT Allow k8s service and pod traffic to pass through -- filter FORWARD -m set --match-set ovn40services dst -j ACCEPT Allow k8s service and pod traffic to pass through -- filter FORWARD -m set --match-set ovn40subnets src -j ACCEPT Allow k8s service and pod traffic to pass through -- filter FORWARD -m set --match-set ovn40subnets dst -j ACCEPT Allow k8s service and pod traffic to pass through -- filter FORWARD -s 10.16.0.0/16 -m comment --comment \"ovn-subnet-gateway,ovn-default\" Used to count packets from the subnet to the external network \"10.16.0.0/16\" is the cidr of the subnet, the \"ovn-subnet-gateway\" before the \",\" in comment is used to identify the iptables rule used to count the subnet inbound and outbound gateway packets, and the \"ovn-default\" after the \",\" is the name of the subnet filter FORWARD -d 10.16.0.0/16 -m comment --comment \"ovn-subnet-gateway,ovn-default\" Used to count packets from the external network accessing the subnet \"10.16.0.0/16\" is the cidr of the subnet, the \"ovn-subnet-gateway\" before the \",\" in comment is used to identify the iptables rule used to count the subnet inbound and outbound gateway packets, and the \"ovn-default\" after the \",\" is the name of the subnet filter OUTPUT -p udp -m udp --dport 6081 -j MARK --set-xmark 0x0 Clear traffic tag to prevent SNAT UDP: bad checksum on VXLAN interface nat PREROUTING -m comment --comment \"kube-ovn prerouting rules\" -j OVN-PREROUTING Enter OVN-PREROUTING chain processing -- nat POSTROUTING -m comment --comment \"kube-ovn postrouting rules\" -j OVN-POSTROUTING Enter OVN-POSTROUTING chain processing -- nat OVN-PREROUTING -i ovn0 -m set --match-set ovn40subnets src -m set --match-set ovn40services dst -j MARK --set-xmark 0x4000/0x4000 Adding masquerade tags to Pod access service traffic Used when the built-in LB is turned off nat OVN-PREROUTING -p tcp -m addrtype --dst-type LOCAL -m set --match-set KUBE-NODE-PORT-LOCAL-TCP dst -j MARK --set-xmark 0x80000/0x80000 Add specific tags to ExternalTrafficPolicy for Local's Service traffic (TCP) Only used when kube-proxy is using ipvs mode nat OVN-PREROUTING -p udp -m addrtype --dst-type LOCAL -m set --match-set KUBE-NODE-PORT-LOCAL-UDP dst -j MARK --set-xmark 0x80000/0x80000 Add specific tags to ExternalTrafficPolicy for Local's Service traffic (UDP) Only used when kube-proxy is using ipvs mode nat OVN-POSTROUTING -m set --match-set ovn40services src -m set --match-set ovn40subnets dst -m mark --mark 0x4000/0x4000 -j SNAT --to-source Use node IP as the source address for access from node to overlay Pods via service IP\u3002 Works only when kube-proxy is using ipvs mode nat OVN-POSTROUTING -m mark --mark 0x4000/0x4000 -j MASQUERADE Perform SNAT for specific tagged traffic -- nat OVN-POSTROUTING -m set --match-set ovn40subnets src -m set --match-set ovn40subnets dst -j MASQUERADE Perform SNAT for Service traffic between Pods passing through the node -- nat OVN-POSTROUTING -m mark --mark 0x80000/0x80000 -m set --match-set ovn40subnets-distributed-gw dst -j RETURN For Service traffic where ExternalTrafficPolicy is Local, if the Endpoint uses a distributed gateway, SNAT is not required. -- nat OVN-POSTROUTING -m mark --mark 0x80000/0x80000 -j MASQUERADE For Service traffic where ExternalTrafficPolicy is Local, if the Endpoint uses a centralized gateway, SNAT is required. -- nat OVN-POSTROUTING -p tcp -m tcp --tcp-flags SYN NONE -m conntrack --ctstate NEW -j RETURN No SNAT is performed when the Pod IP is exposed to the outside world -- nat OVN-POSTROUTING -s 10.16.0.0/16 -m set ! --match-set ovn40subnets dst -j SNAT --to-source 192.168.0.101 When the Pod accesses the network outside the cluster, if the subnet is NatOutgoing and a centralized gateway with the specified IP is used, perform SNAT 10.16.0.0/16 is the Subnet CIDR\uff0c192.168.0.101 is the specified IP of gateway node nat OVN-POSTROUTING -m set --match-set ovn40subnets-nat src -m set ! --match-set ovn40subnets dst -j MASQUERADE When the Pod accesses the network outside the cluster, if NatOutgoing is enabled on the subnet, perform SNAT -- nat OVN-POSTROUTING -m set --match-set ovn40subnets-nat-policy src -m set ! --match-set ovn40subnets dst -j OVN-NAT-POLICY When Pod accesses the network outside the cluster, if natOutgoingPolicyRules is enabled on the subnet, the packet with the specified policy will perform SNAT ovn40subnets-nat-policy is all subnet segments configured with natOutgoingPolicyRules nat OVN-POSTROUTING -m mark --mark 0x90001/0x90001 -j MASQUERADE --random-fully When Pod accesses the network outside the cluster, if natOutgoingPolicyRules is enabled on the subnet, the packet with the specified policy will perform SNAT After coming out of OVN-NAT-POLICY, if it is tagged with 0x90001/0x90001, it will do SNAT nat OVN-POSTROUTING -m mark --mark 0x90002/0x90002 -j RETURN When Pod accesses the network outside the cluster, if natOutgoingPolicyRules is enabled on the subnet, the packet with the specified policy will perform SNAT After coming out of OVN-NAT-POLICY, if it is tagged with 0x90002/0x90002, it will not do SNAT nat OVN-NAT-POLICY -s 10.0.11.0/24 -m comment --comment natPolicySubnet-net1 -j OVN-NAT-PSUBNET-aa98851157c5 When Pod accesses the network outside the cluster, if natOutgoingPolicyRules is enabled on the subnet, the packet with the specified policy will perform SNAT 10.0.11.0/24 represents the CIDR of the subnet net1, and the rules under the OVN-NAT-PSUBNET-aa98851157c5 chain correspond to the natOutgoingPolicyRules configuration of this subnet nat OVN-NAT-PSUBNET-xxxxxxxxxxxx -m set --match-set ovn40natpr-418e79269dc5-src src -m set --match-set ovn40natpr-418e79269dc5-dst dst -j MARK --set-xmark 0x90002/0x90002 When Pod accesses the network outside the cluster, if natOutgoingPolicyRules is enabled on the subnet, the packet with the specified policy will perform SNAT 418e79269dc5 indicates the ID of a rule in natOutgoingPolicyRules, which can be viewed through status.natOutgoingPolicyRules[index].RuleID, indicating that srcIPs meets ovn40natpr-418e79269dc5-src, and dstIPS meets ovn40natpr-418e79269dc5- dst will be marked with tag 0x90002 mangle OVN-OUTPUT -d 10.241.39.2/32 -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x90003/0x90003 Introduce kubelet's detection traffic to tproxy with a specific mark mangle OVN-PREROUTING -d 10.241.39.2/32 -p tcp -m tcp --dport 80 -j TPROXY --on-port 8102 --on-ip 172.18.0.3 --tproxy-mark 0x90004/0x90004 Introduce kubelet's detection traffic to tproxy with a specific mark \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/kube-ovn-api/","title":"Kube-OVN API Reference","text":"Based on Kube-OVN v1.12.0, we have compiled a list of CRD resources supported by Kube-OVN, listing the types and meanings of each field of CRD definition for reference.
"},{"location":"en/reference/kube-ovn-api/#generic-condition-definition","title":"Generic Condition Definition","text":"Property Name Type Description type String Type of status status String The value of status, in the range of True, False or Unknown reason String The reason for the status change message String The specific message of the status change lastUpdateTime Time The last time the status was updated lastTransitionTime Time Time of last status type change In each CRD definition, the Condition field in Status follows the above format, so we explain it in advance.
"},{"location":"en/reference/kube-ovn-api/#subnet-definition","title":"Subnet Definition","text":""},{"location":"en/reference/kube-ovn-api/#subnet","title":"Subnet","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have this value as kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value Subnet metadata ObjectMeta Standard Kubernetes resource metadata information spec SubnetSpec Subnet specific configuration information status SubnetStatus Subnet status information"},{"location":"en/reference/kube-ovn-api/#subnetspec","title":"SubnetSpec","text":"Property Name Type Description default Bool Whether this subnet is the default subnet vpc String The vpc which the subnet belongs to, default is ovn-cluster protocol String IP protocol, the value is in the range of IPv4, IPv6 or Dual namespaces []String The list of namespaces bound to this subnet cidrBlock String The range of the subnet, e.g. 10.16.0.0/16 gateway String The gateway address of the subnet, the default value is the first available address under the CIDRBlock of the subnet excludeIps []String The range of addresses under this subnet that will not be automatically assigned provider String Default value is ovn. In the case of multiple NICs, the value is <name>.<namespace> of the NetworkAttachmentDefinition, Kube-OVN will use this information to find the corresponding subnet resource gatewayType String The gateway type in overlay mode, either distributed or centralized gatewayNode String The gateway node when the gateway mode is centralized, node names can be comma-separated natOutgoing Bool Whether the outgoing traffic is NAT externalEgressGateway String The address of the external gateway. This parameter and the natOutgoing parameter cannot be set at the same time policyRoutingPriority Uint32 Policy route priority. Used to control the forwarding of traffic to the external gateway address after the subnet gateway policyRoutingTableID Uint32 The TableID of the local policy routing table, should be different for each subnet to avoid conflicts private Bool Whether the subnet is a private subnet, which denies access to addresses inside the subnet if the subnet is private allowSubnets []String If the subnet is a private subnet, the set of addresses that are allowed to access the subnet vlan String The name of vlan to which the subnet is bound vips []String The virtual-ip parameter information for virtual type lsp on the subnet logicalGateway Bool Whether to enable logical gateway disableGatewayCheck Bool Whether to skip the gateway connectivity check when creating a pod disableInterConnection Bool Whether to enable subnet interconnection across clusters enableDHCP Bool Whether to configure dhcp configuration options for lsps belong this subnet dhcpV4Options String The DHCP_Options record associated with lsp dhcpv4_options on the subnet dhcpV6Options String The DHCP_Options record associated with lsp dhcpv6_options on the subnet enableIPv6RA Bool Whether to configure the ipv6_ra_configs parameter for the lrp port of the router connected to the subnet ipv6RAConfigs String The ipv6_ra_configs parameter configuration for the lrp port of the router connected to the subnet acls []Acl The acls record associated with the logical-switch of the subnet u2oInterconnection Bool Whether to enable interconnection mode for Overlay/Underlay enableLb *Bool Whether the logical-switch of the subnet is associated with load-balancer records enableEcmp Bool Centralized subnet, whether to enable ECMP routing"},{"location":"en/reference/kube-ovn-api/#acl","title":"Acl","text":"Property Name Type Description direction String Restrict the direction of acl, which value is from-lport or to-lport priority Int Acl priority, in the range 0 to 32767 match String Acl rule match expression action String The action of the rule, which value is in the range of allow-related, allow-stateless, allow, drop, reject"},{"location":"en/reference/kube-ovn-api/#subnetstatus","title":"SubnetStatus","text":"Property Name Type Description conditions []SubnetCondition Subnet status change information, refer to the beginning of the document for the definition of Condition v4AvailableIPs Float64 Number of available IPv4 IPs v4availableIPrange String The available range of IPv4 addresses on the subnet v4UsingIPs Float64 Number of used IPv4 IPs v4usingIPrange String Used IPv4 address ranges on the subnet v6AvailableIPs Float64 Number of available IPv6 IPs v6availableIPrange String The available range of IPv6 addresses on the subnet v6UsingIPs Float64 Number of used IPv6 IPs v6usingIPrange String Used IPv6 address ranges on the subnet sctivateGateway String The currently working gateway node in centralized subnet of master-backup mode dhcpV4OptionsUUID String The DHCP_Options record identifier associated with the lsp dhcpv4_options on the subnet dhcpV6OptionsUUID String The DHCP_Options record identifier associated with the lsp dhcpv6_options on the subnet u2oInterconnectionIP String The IP address used for interconnection when Overlay/Underlay interconnection mode is enabled"},{"location":"en/reference/kube-ovn-api/#ip-definition","title":"IP Definition","text":""},{"location":"en/reference/kube-ovn-api/#ip","title":"IP","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources are kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource have the value IP metadata ObjectMeta Standard Kubernetes resource metadata information spec IPSpec IP specific configuration information"},{"location":"en/reference/kube-ovn-api/#ipsepc","title":"IPSepc","text":"Property Name Type Description podName String Pod name which assigned with this IP namespace String The name of the namespace where the pod is bound subnet String The subnet which the ip belongs to attachSubnets []String The name of the other subnets attached to this primary IP (field deprecated) nodeName String The name of the node where the pod is bound ipAddress String IP address, in v4IP,v6IP format for dual-stack cases v4IPAddress String IPv4 IP address v6IPAddress String IPv6 IP address attachIPs []String Other IP addresses attached to this primary IP (field is deprecated) macAddress String The Mac address of the bound pod attachMacs []String Other Mac addresses attached to this primary IP (field deprecated) containerID String The Container ID corresponding to the bound pod podType String Special workload pod, can be StatefulSet, VirtualMachine or empty"},{"location":"en/reference/kube-ovn-api/#underlay-configuration","title":"Underlay configuration","text":""},{"location":"en/reference/kube-ovn-api/#vlan","title":"Vlan","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all instances of this resource will be kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value Vlan metadata ObjectMeta Standard Kubernetes resource metadata information spec VlanSpec Vlan specific configuration information status VlanStatus Vlan status information"},{"location":"en/reference/kube-ovn-api/#vlanspec","title":"VlanSpec","text":"Property Name Type Description id Int Vlan tag number, in the range of 0~4096 provider String The name of the ProviderNetwork to which the vlan is bound"},{"location":"en/reference/kube-ovn-api/#vlanstatus","title":"VlanStatus","text":"Property Name Type Description subnets []String The list of subnets to which the vlan is bound conditions []VlanCondition Vlan status change information, refer to the beginning of the document for the definition of Condition"},{"location":"en/reference/kube-ovn-api/#providernetwork","title":"ProviderNetwork","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources are kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value ProviderNetwork metadata ObjectMeta Standard Kubernetes resource metadata information spec ProviderNetworkSpec ProviderNetwork specific configuration information status ProviderNetworkStatus ProviderNetwork status information"},{"location":"en/reference/kube-ovn-api/#providernetworkspec","title":"ProviderNetworkSpec","text":"Property Name Type Description defaultInterface String The name of the NIC interface used by default for this bridge network customInterfaces []CustomInterface The special NIC configuration used by this bridge network excludeNodes []String The names of the nodes that will not be bound to this bridge network exchangeLinkName Bool Whether to exchange the bridge NIC and the corresponding OVS bridge name"},{"location":"en/reference/kube-ovn-api/#custominterface","title":"CustomInterface","text":"Property Name Type Description interface String NIC interface name used for underlay nodes []String List of nodes using the custom NIC interface"},{"location":"en/reference/kube-ovn-api/#providernetworkstatus","title":"ProviderNetworkStatus","text":"Property Name Type Description ready Bool Whether the current bridge network is in the ready state readyNodes []String The name of the node whose bridge network is ready notReadyNodes []String The name of the node whose bridge network is not ready vlans []String The name of the vlan to which the bridge network is bound conditions []ProviderNetworkCondition ProviderNetwork status change information, refer to the beginning of the document for the definition of Condition"},{"location":"en/reference/kube-ovn-api/#vpc-definition","title":"Vpc Definition","text":""},{"location":"en/reference/kube-ovn-api/#vpc","title":"Vpc","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have this value as kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value Vpc metadata ObjectMeta Standard Kubernetes resource metadata information spec VpcSpec Vpc specific configuration information status VpcStatus Vpc status information"},{"location":"en/reference/kube-ovn-api/#vpcspec","title":"VpcSpec","text":"Property Name Type Description namespaces []String List of namespaces bound by Vpc staticRoutes []*StaticRoute The static route information configured under Vpc policyRoutes []*PolicyRoute The policy route information configured under Vpc vpcPeerings []*VpcPeering Vpc interconnection information enableExternal Bool Whether vpc is connected to an external switch"},{"location":"en/reference/kube-ovn-api/#staticroute","title":"StaticRoute","text":"Property Name Type Description policy String Routing policy, takes the value of policySrc or policyDst cidr String Routing cidr value nextHopIP String The next hop information of the route"},{"location":"en/reference/kube-ovn-api/#policyroute","title":"PolicyRoute","text":"Property Name Type Description priority Int32 Priority for policy route match String Match expression for policy route action String Action for policy route, the value is in the range of allow, drop, reroute nextHopIP String The next hop of the policy route, separated by commas in the case of ECMP routing"},{"location":"en/reference/kube-ovn-api/#vpcpeering","title":"VpcPeering","text":"Property Name Type Description remoteVpc String Name of the interconnected peering vpc localConnectIP String The local ip for vpc used to connect to peer vpc"},{"location":"en/reference/kube-ovn-api/#vpcstatus","title":"VpcStatus","text":"Property Name Type Description conditions []VpcCondition Vpc status change information, refer to the beginning of the documentation for the definition of Condition standby Bool Whether the vpc creation is complete, the subnet under the vpc needs to wait for the vpc creation to complete other proceeding default Bool Whether it is the default vpc defaultLogicalSwitch String The default subnet under vpc router String The logical-router name for the vpc tcpLoadBalancer String TCP LB information for vpc udpLoadBalancer String UDP LB information for vpc tcpSessionLoadBalancer String TCP Session Hold LB Information for Vpc udpSessionLoadBalancer String UDP session hold LB information for Vpc subnets []String List of subnets for vpc vpcPeerings []String List of peer vpcs for vpc interconnection enableExternal Bool Whether the vpc is connected to an external switch"},{"location":"en/reference/kube-ovn-api/#vpcnatgateway","title":"VpcNatGateway","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources are kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value VpcNatGateway metadata ObjectMeta Standard Kubernetes resource metadata information spec VpcNatSpec Vpc gateway specific configuration information"},{"location":"en/reference/kube-ovn-api/#vpcnatspec","title":"VpcNatSpec","text":"Property Name Type Description vpc String Vpc name which the vpc gateway belongs to subnet String The name of the subnet to which the gateway pod belongs lanIp String The IP address assigned to the gateway pod selector []String Standard Kubernetes selector match information tolerations []VpcNatToleration Standard Kubernetes tolerance information"},{"location":"en/reference/kube-ovn-api/#vpcnattoleration","title":"VpcNatToleration","text":"Property Name Type Description key String The key information of the taint tolerance operator String Takes the value of Exists or Equal value String The value information of the taint tolerance effect String The effect of the taint tolerance, takes the value of NoExecute, NoSchedule, or PreferNoSchedule tolerationSeconds Int64 The amount of time the pod can continue to run on the node after the taint is added The meaning of the above tolerance fields can be found in the official Kubernetes documentation Taint and Tolerance.
"},{"location":"en/reference/kube-ovn-api/#iptableseip","title":"IptablesEIP","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have this value as kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource have the value IptablesEIP metadata ObjectMeta Standard Kubernetes resource metadata information spec IptablesEipSpec IptablesEIP specific configuration information used by vpc gateway status IptablesEipStatus IptablesEIP status information used by vpc gateway"},{"location":"en/reference/kube-ovn-api/#iptableseipspec","title":"IptablesEipSpec","text":"Property Name Type Description v4ip String IptablesEIP v4 address v6ip String IptablesEIP v6 address macAddress String The assigned mac address, not actually used natGwDp String Vpc gateway name"},{"location":"en/reference/kube-ovn-api/#iptableseipstatus","title":"IptablesEipStatus","text":"Property Name Type Description ready Bool Whether IptablesEIP is configured complete ip String The IP address used by IptablesEIP, currently only IPv4 addresses are supported redo String IptablesEIP crd creation or update time nat String The type of IptablesEIP, either fip, snat, or dnat conditions []IptablesEIPCondition IptablesEIP status change information, refer to the beginning of the documentation for the definition of Condition"},{"location":"en/reference/kube-ovn-api/#iptablesfiprule","title":"IptablesFIPRule","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have this value as kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource have the value IptablesFIPRule metadata ObjectMeta Standard Kubernetes resource metadata information spec IptablesFIPRuleSpec The IptablesFIPRule specific configuration information used by vpc gateway status IptablesFIPRuleStatus IptablesFIPRule status information used by vpc gateway"},{"location":"en/reference/kube-ovn-api/#iptablesfiprulespec","title":"IptablesFIPRuleSpec","text":"Property Name Type Description eip String Name of the IptablesEIP used for IptablesFIPRule internalIp String The corresponding internal IP address"},{"location":"en/reference/kube-ovn-api/#iptablesfiprulestatus","title":"IptablesFIPRuleStatus","text":"Property Name Type Description ready Bool Whether IptablesFIPRule is configured or not v4ip String The v4 IP address used by IptablesEIP v6ip String The v6 IP address used by IptablesEIP natGwDp String Vpc gateway name redo String IptablesFIPRule crd creation or update time conditions []IptablesFIPRuleCondition IptablesFIPRule status change information, refer to the beginning of the documentation for the definition of Condition"},{"location":"en/reference/kube-ovn-api/#iptablessnatrule","title":"IptablesSnatRule","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have this value as kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource have the value IptablesSnatRule metadata ObjectMeta Standard Kubernetes resource metadata information spec IptablesSnatRuleSpec The IptablesSnatRule specific configuration information used by the vpc gateway status IptablesSnatRuleStatus IptablesSnatRule status information used by vpc gateway"},{"location":"en/reference/kube-ovn-api/#iptablessnatrulespec","title":"IptablesSnatRuleSpec","text":"Property Name Type Description eip String Name of the IptablesEIP used by IptablesSnatRule internalIp String IptablesSnatRule's corresponding internal IP address"},{"location":"en/reference/kube-ovn-api/#iptablessnatrulestatus","title":"IptablesSnatRuleStatus","text":"Property Name Type Description ready Bool Whether the configuration is complete v4ip String The v4 IP address used by IptablesSnatRule v6ip String The v6 IP address used by IptablesSnatRule natGwDp String Vpc gateway name redo String IptablesSnatRule crd creation or update time conditions []IptablesSnatRuleCondition IptablesSnatRule status change information, refer to the beginning of the documentation for the definition of Condition"},{"location":"en/reference/kube-ovn-api/#iptablesdnatrule","title":"IptablesDnatRule","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have this value as kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource have the value IptablesDnatRule metadata ObjectMeta Standard Kubernetes resource metadata information spec IptablesDnatRuleSpec The IptablesDnatRule specific configuration information used by vpc gateway status IptablesDnatRuleStatus IptablesDnatRule status information used by vpc gateway"},{"location":"en/reference/kube-ovn-api/#iptablesdnatrulespec","title":"IptablesDnatRuleSpec","text":"Property Name Type Description eip Sting Name of IptablesEIP used by IptablesDnatRule externalPort Sting External port used by IptablesDnatRule protocol Sting Vpc gateway dnat protocol type internalIp Sting Internal IP address used by IptablesDnatRule internalPort Sting Internal port used by IptablesDnatRule"},{"location":"en/reference/kube-ovn-api/#iptablesdnatrulestatus","title":"IptablesDnatRuleStatus","text":"Property Name Type Description ready Bool Whether the configuration is complete v4ip String The v4 IP address used by IptablesDnatRule v6ip String The v6 IP address used by IptablesDnatRule natGwDp String Vpc gateway name redo String IptablesDnatRule crd creation or update time conditions []IptablesDnatRuleCondition IptablesDnatRule Status change information, refer to the beginning of the documentation for the definition of Condition"},{"location":"en/reference/kube-ovn-api/#vpcdns","title":"VpcDns","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value VpcDns metadata ObjectMeta Standard Kubernetes resource metadata information spec VpcDnsSpec VpcDns specific configuration information status VpcDnsStatus VpcDns status information"},{"location":"en/reference/kube-ovn-api/#vpcdnsspec","title":"VpcDnsSpec","text":"Property Name Type Description vpc String Name of the vpc where VpcDns is located subnet String The subnet name of the address assigned to the VpcDns pod"},{"location":"en/reference/kube-ovn-api/#vpcdnsstatus","title":"VpcDnsStatus","text":"Property Name Type Description conditions []VpcDnsCondition VpcDns status change information, refer to the beginning of the document for the definition of Condition active Bool Whether VpcDns is in use For detailed documentation on the use of VpcDns, see Customizing VPC DNS.
"},{"location":"en/reference/kube-ovn-api/#switchlbrule","title":"SwitchLBRule","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have this value as kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value SwitchLBRule metadata ObjectMeta Standard Kubernetes resource metadata information spec SwitchLBRuleSpec SwitchLBRule specific configuration information status SwitchLBRuleStatus SwitchLBRule status information"},{"location":"en/reference/kube-ovn-api/#switchlbrulespec","title":"SwitchLBRuleSpec","text":"Property Name Type Description vip String Vip address of SwitchLBRule namespace String SwitchLBRule's namespace selector []String Standard Kubernetes selector match information sessionAffinity String Standard Kubernetes service sessionAffinity value ports []SlrPort List of SwitchLBRule ports For detailed configuration information of SwitchLBRule, you can refer to Customizing VPC Internal Load Balancing.
"},{"location":"en/reference/kube-ovn-api/#slrport","title":"SlrPort","text":"Property Name Type Description name String Port name port Int32 Port number targetPort Int32 Target port of SwitchLBRule protocol String Protocol type"},{"location":"en/reference/kube-ovn-api/#switchlbrulestatus","title":"SwitchLBRuleStatus","text":"Property Name Type Description conditions []SwitchLBRuleCondition SwitchLBRule status change information, refer to the beginning of the document for the definition of Condition ports String Port information service String Name of the service"},{"location":"en/reference/kube-ovn-api/#security-group-and-vip","title":"Security Group and Vip","text":""},{"location":"en/reference/kube-ovn-api/#securitygroup","title":"SecurityGroup","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources are kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have a value of SecurityGroup metadata ObjectMeta Standard Kubernetes resource metadata information spec SecurityGroupSpec Security Group specific configuration information status SecurityGroupStatus Security group status information"},{"location":"en/reference/kube-ovn-api/#securitygroupspec","title":"SecurityGroupSpec","text":"Property Name Type Description ingressRules []*SgRule Inbound security group rules egressRules []*SgRule Outbound security group rules allowSameGroupTraffic Bool Whether lsps in the same security group can interoperate and whether traffic rules need to be updated"},{"location":"en/reference/kube-ovn-api/#sgrule","title":"SgRule","text":"Property Name Type Description ipVersion String IP version number, ipv4 or ipv6 protocol String The value of icmp, tcp, or udp priority Int Acl priority. The value range is 1-200, the smaller the value, the higher the priority. remoteType String The value is either address or securityGroup remoteAddress String The address of the other side remoteSecurityGroup String The name of security group on the other side portRangeMin Int The starting value of the port range, the minimum value is 1. portRangeMax Int The ending value of the port range, the maximum value is 65535. policy String The value is allow or drop"},{"location":"en/reference/kube-ovn-api/#securitygroupstatus","title":"SecurityGroupStatus","text":"Property Name Type Description portGroup String The name of the port-group for the security group allowSameGroupTraffic Bool Whether lsps in the same security group can interoperate, and whether the security group traffic rules need to be updated ingressMd5 String The MD5 value of the inbound security group rule egressMd5 String The MD5 value of the outbound security group rule ingressLastSyncSuccess Bool Whether the last synchronization of the inbound rule was successful egressLastSyncSuccess Bool Whether the last synchronization of the outbound rule was successful"},{"location":"en/reference/kube-ovn-api/#vip","title":"Vip","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources are kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value Vip metadata ObjectMeta Standard Kubernetes resource metadata information spec VipSpec Vip specific configuration information status VipStatus Vip status information"},{"location":"en/reference/kube-ovn-api/#vipspec","title":"VipSpec","text":"Property Name Type Description namespace String Vip's namespace subnet String Vip's subnet v4ip String Vip IPv4 ip address v6ip String Vip IPv6 ip address macAddress String Vip mac address parentV4ip String Not currently in use parentV6ip String Not currently in use parentMac String Not currently in use attachSubnets []String This field is deprecated and no longer used"},{"location":"en/reference/kube-ovn-api/#vipstatus","title":"VipStatus","text":"Property Name Type Description conditions []VipCondition Vip status change information, refer to the beginning of the documentation for the definition of Condition ready Bool Vip is ready or not v4ip String Vip IPv4 ip address, should be the same as the spec field v6ip String Vip IPv6 ip address, should be the same as the spec field mac String The vip mac address, which should be the same as the spec field pv4ip String Not currently used pv6ip String Not currently used pmac String Not currently used"},{"location":"en/reference/kube-ovn-api/#ovneip","title":"OvnEip","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources are kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value OvnEip metadata ObjectMeta Standard Kubernetes resource metadata information spec OvnEipSpec OvnEip specific configuration information for default vpc status OvnEipStatus OvnEip status information for default vpc"},{"location":"en/reference/kube-ovn-api/#ovneipspec","title":"OvnEipSpec","text":"Property Name Type Description externalSubnet String OvnEip's subnet name v4ip String OvnEip IP address macAddress String OvnEip Mac address type String OvnEip use type, the value can be fip, snat or lrp"},{"location":"en/reference/kube-ovn-api/#ovneipstatus","title":"OvnEipStatus","text":"Property Name Type Description conditions []OvnEipCondition OvnEip status change information, refer to the beginning of the documentation for the definition of Condition v4ip String The IPv4 ip address used by ovnEip macAddress String Mac address used by ovnEip"},{"location":"en/reference/kube-ovn-api/#ovnfip","title":"OvnFip","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources are kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value OvnFip metadata ObjectMeta Standard Kubernetes resource metadata information spec OvnFipSpec OvnFip specific configuration information in default vpc status OvnFipStatus OvnFip status information in default vpc"},{"location":"en/reference/kube-ovn-api/#ovnfipspec","title":"OvnFipSpec","text":"Property Name Type Description ovnEip String Name of the bound ovnEip ipName String The IP crd name corresponding to the bound Pod"},{"location":"en/reference/kube-ovn-api/#ovnfipstatus","title":"OvnFipStatus","text":"Property Name Type Description ready Bool OvnFip is ready or not v4Eip String Name of the ovnEip to which ovnFip is bound v4Ip String The ovnEip address currently in use macAddress String OvnFip's configured mac address vpc String The name of the vpc where ovnFip is located conditions []OvnFipCondition OvnFip status change information, refer to the beginning of the document for the definition of Condition"},{"location":"en/reference/kube-ovn-api/#ovnsnatrule","title":"OvnSnatRule","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value OvnSnatRule metadata ObjectMeta Standard Kubernetes resource metadata information spec OvnSnatRuleSpec OvnSnatRule specific configuration information in default vpc status OvnSnatRuleStatus OvnSnatRule status information in default vpc"},{"location":"en/reference/kube-ovn-api/#ovnsnatrulespec","title":"OvnSnatRuleSpec","text":"Property Name Type Description ovnEip String Name of the ovnEip to which ovnSnatRule is bound vpcSubnet String The name of the subnet configured by ovnSnatRule ipName String The IP crd name corresponding to the ovnSnatRule bound Pod"},{"location":"en/reference/kube-ovn-api/#ovnsnatrulestatus","title":"OvnSnatRuleStatus","text":"Property Name Type Description ready Bool OvnSnatRule is ready or not v4Eip String The ovnEip address to which ovnSnatRule is bound v4IpCidr String The cidr address used to configure snat in the logical-router vpc String The name of the vpc where ovnSnatRule is located conditions []OvnSnatRuleCondition OvnSnatRule status change information, refer to the beginning of the document for the definition of Condition \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/kube-ovn-pinger-args/","title":"Kube-OVN-Pinger args Reference","text":"Based on the Kube-OVN v1.12.0 version, We have compiled the parameters supported by Kube-ovn-pinger, and listed the value types, meanings, and default values of each field defined by the parameters for reference
"},{"location":"en/reference/kube-ovn-pinger-args/#args-describeption","title":"Args Describeption","text":"Arg Name Type Description Default Value port Int metrics port 8080 kubeconfig String Path to kubeconfig file with authorization and master location information. If not set use the inCluster token. \"\" ds-namespace String kube-ovn-pinger daemonset namespace \"kube-system\" ds-name String kube-ovn-pinger daemonset name \"kube-ovn-pinger\" interval Int interval seconds between consecutive pings 5 mode String server or job Mode \"server\" exit-code Int exit code when failure happens 0 internal-dns String check dns from pod \"kubernetes.default\" external-dns String check external dns resolve from pod \"\" external-address String check ping connection to an external address \"114.114.114.114\" network-mode String The cni plugin current cluster used \"kube-ovn\" enable-metrics Bool Whether to support metrics query true ovs.timeout Int Timeout on JSON-RPC requests to OVS. 2 system.run.dir String OVS default run directory. \"/var/run/openvswitch\" database.vswitch.name String The name of OVS db. \"Open_vSwitch\" database.vswitch.socket.remote String JSON-RPC unix socket to OVS db. \"unix:/var/run/openvswitch/db.sock\" database.vswitch.file.data.path String OVS db file. \"/etc/openvswitch/conf.db\" database.vswitch.file.log.path String OVS db log file. \"/var/log/openvswitch/ovsdb-server.log\" database.vswitch.file.pid.path String OVS db process id file. \"/var/run/openvswitch/ovsdb-server.pid\" database.vswitch.file.system.id.path String OVS system id file. \"/etc/openvswitch/system-id.conf\" service.vswitchd.file.log.path String OVS vswitchd daemon log file. \"/var/log/openvswitch/ovs-vswitchd.log\" service.vswitchd.file.pid.path String OVS vswitchd daemon process id file. \"/var/run/openvswitch/ovs-vswitchd.pid\" service.ovncontroller.file.log.path String OVN controller daemon log file. \"/var/log/ovn/ovn-controller.log\" service.ovncontroller.file.pid.path String OVN controller daemon process id file. \"/var/run/ovn/ovn-controller.pid\" \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/metrics/","title":"Metrics","text":"This document lists all the monitoring metrics provided by Kube-OVN.
"},{"location":"en/reference/metrics/#ovn-monitor","title":"ovn-monitor","text":"OVN status metrics:
Type Metric Description Gauge kube_ovn_ovn_status OVN Health Status. The values are: (2) for standby or follower, (1) for active or leader, (0) for unhealthy. Gauge kube_ovn_failed_req_count The number of failed requests to OVN stack. Gauge kube_ovn_log_file_size The size of a log file associated with an OVN component. Gauge kube_ovn_db_file_size The size of a database file associated with an OVN component. Gauge kube_ovn_chassis_info Whether the OVN chassis is up (1) or down (0), together with additional information about the chassis. Gauge kube_ovn_db_status The status of OVN NB/SB DB, (1) for healthy, (0) for unhealthy. Gauge kube_ovn_logical_switch_info The information about OVN logical switch. This metric is always up (1). Gauge kube_ovn_logical_switch_external_id Provides the external IDs and values associated with OVN logical switches. This metric is always up (1). Gauge kube_ovn_logical_switch_port_binding Provides the association between a logical switch and a logical switch port. This metric is always up (1). Gauge kube_ovn_logical_switch_tunnel_key The value of the tunnel key associated with the logical switch. Gauge kube_ovn_logical_switch_ports_num The number of logical switch ports connected to the OVN logical switch. Gauge kube_ovn_logical_switch_port_info The information about OVN logical switch port. This metric is always up (1). Gauge kube_ovn_logical_switch_port_tunnel_key The value of the tunnel key associated with the logical switch port. Gauge kube_ovn_cluster_enabled Is OVN clustering enabled (1) or not (0). Gauge kube_ovn_cluster_role A metric with a constant '1' value labeled by server role. Gauge kube_ovn_cluster_status A metric with a constant '1' value labeled by server status. Gauge kube_ovn_cluster_term The current raft term known by this server. Gauge kube_ovn_cluster_leader_self Is this server consider itself a leader (1) or not (0). Gauge kube_ovn_cluster_vote_self Is this server voted itself as a leader (1) or not (0). Gauge kube_ovn_cluster_election_timer The current election timer value. Gauge kube_ovn_cluster_log_not_committed The number of log entries not yet committed by this server. Gauge kube_ovn_cluster_log_not_applied The number of log entries not yet applied by this server. Gauge kube_ovn_cluster_log_index_start The log entry index start value associated with this server. Gauge kube_ovn_cluster_log_index_next The log entry index next value associated with this server. Gauge kube_ovn_cluster_inbound_connections_total The total number of inbound connections to the server. Gauge kube_ovn_cluster_outbound_connections_total The total number of outbound connections from the server. Gauge kube_ovn_cluster_inbound_connections_error_total The total number of failed inbound connections to the server. Gauge kube_ovn_cluster_outbound_connections_error_total The total number of failed outbound connections from the server."},{"location":"en/reference/metrics/#ovs-monitor","title":"ovs-monitor","text":"ovsdb and vswitchd status metrics:
Type Metric Description Gauge ovs_status OVS Health Status. The values are: health(1), unhealthy(0). Gauge ovs_info This metric provides basic information about OVS. It is always set to 1. Gauge failed_req_count The number of failed requests to OVS stack. Gauge log_file_size The size of a log file associated with an OVS component. Gauge db_file_size The size of a database file associated with an OVS component. Gauge datapath Represents an existing datapath. This metrics is always 1. Gauge dp_total Represents total number of datapaths on the system. Gauge dp_if Represents an existing datapath interface. This metrics is always 1. Gauge dp_if_total Represents the number of ports connected to the datapath. Gauge dp_flows_total The number of flows in a datapath. Gauge dp_flows_lookup_hit The number of incoming packets in a datapath matching existing flows in the datapath. Gauge dp_flows_lookup_missed The number of incoming packets in a datapath not matching any existing flow in the datapath. Gauge dp_flows_lookup_lost The number of incoming packets in a datapath destined for userspace process but subsequently dropped before reaching userspace. Gauge dp_masks_hit The total number of masks visited for matching incoming packets. Gauge dp_masks_total The number of masks in a datapath. Gauge dp_masks_hit_ratio The average number of masks visited per packet. It is the ration between hit and total number of packets processed by a datapath. Gauge interface Represents OVS interface. This is the primary metric for all other interface metrics. This metrics is always 1. Gauge interface_admin_state The administrative state of the physical network link of OVS interface. The values are: down(0), up(1), other(2). Gauge interface_link_state The state of the physical network link of OVS interface. The values are: down(0), up(1), other(2). Gauge interface_mac_in_use The MAC address in use by OVS interface. Gauge interface_mtu The currently configured MTU for OVS interface. Gauge interface_of_port Represents the OpenFlow port ID associated with OVS interface. Gauge interface_if_index Represents the interface index associated with OVS interface. Gauge interface_tx_packets Represents the number of transmitted packets by OVS interface. Gauge interface_tx_bytes Represents the number of transmitted bytes by OVS interface. Gauge interface_rx_packets Represents the number of received packets by OVS interface. Gauge interface_rx_bytes Represents the number of received bytes by OVS interface. Gauge interface_rx_crc_err Represents the number of CRC errors for the packets received by OVS interface. Gauge interface_rx_dropped Represents the number of input packets dropped by OVS interface. Gauge interface_rx_errors Represents the total number of packets with errors received by OVS interface. Gauge interface_rx_frame_err Represents the number of frame alignment errors on the packets received by OVS interface. Gauge interface_rx_missed_err Represents the number of packets with RX missed received by OVS interface. Gauge interface_rx_over_err Represents the number of packets with RX overrun received by OVS interface. Gauge interface_tx_dropped Represents the number of output packets dropped by OVS interface. Gauge interface_tx_errors Represents the total number of transmit errors by OVS interface. Gauge interface_collisions Represents the number of collisions on OVS interface."},{"location":"en/reference/metrics/#kube-ovn-pinger","title":"kube-ovn-pinger","text":"Network quality related metrics:
Type Metric Description Gauge pinger_ovs_up If the ovs on the node is up Gauge pinger_ovs_down If the ovs on the node is down Gauge pinger_ovn_controller_up If the ovn_controller on the node is up Gauge pinger_ovn_controller_down If the ovn_controller on the node is down Gauge pinger_inconsistent_port_binding The number of mismatch port bindings between ovs and ovn-sb Gauge pinger_apiserver_healthy If the apiserver request is healthy on this node Gauge pinger_apiserver_unhealthy If the apiserver request is unhealthy on this node Histogram pinger_apiserver_latency_ms The latency ms histogram the node request apiserver Gauge pinger_internal_dns_healthy If the internal dns request is unhealthy on this node Gauge pinger_internal_dns_unhealthy If the internal dns request is unhealthy on this node Histogram pinger_internal_dns_latency_ms The latency ms histogram the node request internal dns Gauge pinger_external_dns_health If the external dns request is healthy on this node Gauge pinger_external_dns_unhealthy If the external dns request is unhealthy on this node Histogram pinger_external_dns_latency_ms The latency ms histogram the node request external dns Histogram pinger_pod_ping_latency_ms The latency ms histogram for pod peer ping Gauge pinger_pod_ping_lost_total The lost count for pod peer ping Gauge pinger_pod_ping_count_total The total count for pod peer ping Histogram pinger_node_ping_latency_ms The latency ms histogram for pod ping node Gauge pinger_node_ping_lost_total The lost count for pod ping node Gauge pinger_node_ping_count_total The total count for pod ping node Histogram pinger_external_ping_latency_ms The latency ms histogram for pod ping external address Gauge pinger_external_lost_total The lost count for pod ping external address"},{"location":"en/reference/metrics/#kube-ovn-controller","title":"kube-ovn-controller","text":"kube-ovn-controller status metrics\uff1a
Type Metric Description Histogram rest_client_request_latency_seconds Request latency in seconds. Broken down by verb and URL Counter rest_client_requests_total Number of HTTP requests, partitioned by status code, method, and host Counter lists_total Total number of API lists done by the reflectors Summary list_duration_seconds How long an API list takes to return and decode for the reflectors Summary items_per_list How many items an API list returns to the reflectors Counter watches_total Total number of API watches done by the reflectors Counter short_watches_total Total number of short API watches done by the reflectors Summary watch_duration_seconds How long an API watch takes to return and decode for the reflectors Summary items_per_watch How many items an API watch returns to the reflectors Gauge last_resource_version Last resource version seen for the reflectors Histogram ovs_client_request_latency_milliseconds The latency histogram for ovs request Gauge subnet_available_ip_count The available num of ip address in subnet Gauge subnet_used_ip_count The used num of ip address in subnet"},{"location":"en/reference/metrics/#kube-ovn-cni","title":"kube-ovn-cni","text":"kube-ovn-cni status metrics:
Type Metric Description Histogram cni_op_latency_seconds The latency seconds for cni operations Counter cni_wait_address_seconds_total Latency that cni wait controller to assign an address Counter cni_wait_connectivity_seconds_total Latency that cni wait address ready in overlay network Counter cni_wait_route_seconds_total Latency that cni wait controller to add routed annotation to pod Histogram rest_client_request_latency_seconds Request latency in seconds. Broken down by verb and URL Counter rest_client_requests_total Number of HTTP requests, partitioned by status code, method, and host Counter lists_total Total number of API lists done by the reflectors Summary list_duration_seconds How long an API list takes to return and decode for the reflectors Summary items_per_list How many items an API list returns to the reflectors Counter watches_total Total number of API watches done by the reflectors Counter short_watches_total Total number of short API watches done by the reflectors Summary watch_duration_seconds How long an API watch takes to return and decode for the reflectors Summary items_per_watch How many items an API watch returns to the reflectors Gauge last_resource_version Last resource version seen for the reflectors Histogram ovs_client_request_latency_milliseconds The latency histogram for ovs request \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/ovs-ovn-customized/","title":"OVS/OVN Customization","text":"Upstream OVN/OVS was originally designed with the goal of a general purpose SDN controller and data plane. Due to some specific usage of the Kubernetes network,Kube-OVN only focused on part of the features. In order to achieve better performance, stability and specific features, Kube-OVN has made some modifications to the upstream OVN/OVS. Users using their own OVN/OVS with Kube-OVN controllers need to be aware of the possible impact of the following changes:
Did not merge into the upstream modification.
- 38df6fa3f7 Adjust the election timer to avoid large-scale cluster election jitter.
- d4888c4e75 add fdb update logging.
- d4888c4e75 fdb: fix mac learning in environments with hairpin enabled.
- 9a81b91368 ovsdb-tool: add optional server id parameter for \"join-cluster\" command.
- 0700cb90f9 Destination non-service traffic bypasses conntrack to improve performance on a particular data path.
- c48049a64f ECMP algorithm is adjusted from
dp_hash to hash to avoid the hash error problem in some kernels. - 64383c14a9 Fix kernel Crash issue under Windows.
- 08a95db2ca Support for github action builds on Windows.
- 680e77a190 Windows uses tcp listening by default.
- 05e57b3227 add support for windows.
- 0181b68be1 br-int controller: listen on 127.0.0.1:6653 by default.
- b3801ecb73 modify src route priority.
- 977e569539 fix reaching resubmit limit in underlay.
- 45a4a22161 ovn-nbctl: do not remove LB if vips is empty.
- 540592b9ff Replaces the Mac address as the destination address after DNAT to reduce additional performance overhead.
- 10972d9632 Fix vswitchd ofport_usage memory leak.
Merged into upstream modification:
- 20626ea909 Multicast traffic bypasses LB and ACL processing stages to improve specific data path performance.
- a2d9ff3ccd Deb build adds compile optimization options.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/tunnel-protocol/","title":"Tunnel Protocol Selection","text":"Kube-OVN uses OVN/OVS as the data plane implementation and currently supports Geneve, Vxlan and STT tunnel encapsulation protocols. These three protocols differ in terms of functionality, performance and ease of use. This document will describe the differences in the use of the three protocols so that users can choose according to their situation.
"},{"location":"en/reference/tunnel-protocol/#geneve","title":"Geneve","text":"The Geneve protocol is the default tunneling protocol selected during Kube-OVN deployment and is also the default recommended tunneling protocol for OVN. This protocol is widely supported in the kernel and can be accelerated using the generic offload capability of modern NICs. Since Geneve has a variable header, it is possible to use 24bit space to mark different datapaths users can create a larger number of virtual networks.
If you are using Mellanox or Corigine SmartNIC OVS offload, Geneve requires a higher kernel version. Upstream kernel of 5.4 or higher, or other compatible kernels that backports this feature.
Due to the use of UDP encapsulation, this protocol does not make good use of the TCP-related offloads of modern NICs when handling TCP over UDP, and consumes more CPU resources when handling large packets.
"},{"location":"en/reference/tunnel-protocol/#vxlan","title":"Vxlan","text":"Vxlan is a recently supported protocol in the upstream OVN, which is widely supported in the kernel and can be accelerated using the common offload capabilities of modern NICs. Due to the limited length of the protocol header and the additional space required for OVN orchestration, there is a limit to the number of datapaths that can be created, with a maximum of 4096 datapaths and a maximum of 4096 ports under each datapath. Also, inport-based ACLs are not supported due to header length limitations.
Vxlan offloading is supported in common kernels if using Mellanox or Corigine SmartNIC.
Due to the use of UDP encapsulation, this protocol does not make good use of the TCP-related offloads of modern NICs when handling TCP over UDP, and consumes more CPU resources when handling large packets.
"},{"location":"en/reference/tunnel-protocol/#stt","title":"STT","text":"The STT protocol is an early tunneling protocol supported by the OVN that uses TCP-like headers to take advantage of the TCP offload capabilities common to modern NICs and significantly increase TCP throughput. The protocol also has a long header to support full OVN capabilities and large-scale datapaths.
This protocol is not supported in the kernel. To use it, you need to compile an additional OVS kernel module and recompile the new version of the kernel module when upgrading the kernel.
This protocol is not currently supported by the SmartNic and cannot use the offloading capability of OVS offloading.
"},{"location":"en/reference/tunnel-protocol/#references","title":"References","text":" - https://ipwithease.com/vxlan-vs-geneve-understand-the-difference/
- OVN FAQ
- What is Geneve
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/underlay-topology/","title":"Underlay Traffic Topology","text":"This document describes the forwarding path of traffic in Underlay mode under different scenarios.
"},{"location":"en/reference/underlay-topology/#pods-in-same-node-and-same-subnet","title":"Pods in Same Node and Same Subnet","text":"Internal logical switches exchange packets directly, without access to the external network.
"},{"location":"en/reference/underlay-topology/#pods-in-different-nodes-and-same-subnet","title":"Pods in Different Nodes and Same Subnet","text":"Packets enter the physic switch via the node NIC and are exchanged by the physic switch.
"},{"location":"en/reference/underlay-topology/#pods-in-same-node-and-different-subnets","title":"Pods in Same Node and Different Subnets","text":"Packets enter the physic network via the node NIC and are exchanged and routed and forwarded by physic switches and routers.
Here br-provider-1 and br-provider-2 can be the same OVS bridge\uff0cmultiple subnet can share a Provider Network\u3002
"},{"location":"en/reference/underlay-topology/#pods-in-different-nodes-and-different-subnets","title":"Pods in Different Nodes and Different Subnets","text":"Packets enter the physic network via the node NIC and are exchanged and routed and forwarded by physic switches and routers.
"},{"location":"en/reference/underlay-topology/#access-to-external","title":"Access to External","text":"Packets enter the physic network via the node NIC and are exchanged and routed and forwarded by physic switches and routers.
The communication between nodes and Pods follows the same logic.
"},{"location":"en/reference/underlay-topology/#overview-without-vlan-tag","title":"Overview without Vlan Tag","text":""},{"location":"en/reference/underlay-topology/#overview-with-vlan-tag","title":"Overview with Vlan Tag","text":""},{"location":"en/reference/underlay-topology/#pod-visit-service-ip","title":"Pod visit Service IP","text":"Kube-OVN configures load balancing for each Kubernetes Service on a logical switch on each subnet. When a Pod accesses other Pods by accessing the Service IP, a network packet is constructed with the Service IP as the destination address and the MAC address of the gateway as the destination MAC address. After the network packet enters the logical switch, load balancing will intercept and DNAT the network packet to modify the destination IP and port to the IP and port of one of the Endpoint corresponding to the Service. Since the logical switch does not modify the Layer 2 destination MAC address of the network packet, the network packet will still be delivered to the physic gateway after entering the physic switch, and the physic gateway will be required to forward the network packet.
"},{"location":"en/reference/underlay-topology/#service-backend-is-the-same-node-and-same-subnet-pod","title":"Service Backend is the Same Node and Same Subnet Pod","text":""},{"location":"en/reference/underlay-topology/#service-backend-is-the-same-node-and-different-subnets-pod","title":"Service Backend is the Same Node and Different Subnets Pod","text":" \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/start/one-step-install/","title":"One-Click Installation","text":"Kube-OVN provides a one-click installation script to help you quickly install a highly available, production-ready Kube-OVN container network with Overlay networking by default.
Helm Chart installation is supported since Kube-OVN v1.12.0, and the default deployment is Overlay networking.
If you need Underlay/Vlan networking as the default container network\uff0cplease read Underlay Installation
Before installation please read Prerequisites first to make sure the environment is ready.
"},{"location":"en/start/one-step-install/#script-installation","title":"Script Installation","text":""},{"location":"en/start/one-step-install/#download-the-installation-script","title":"Download the installation script","text":"We recommend using the stable release version for production environments, please use the following command to download:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
If you are interested in the latest features of the master branch, please use the following command to download:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/images/install.sh\n
"},{"location":"en/start/one-step-install/#modify-configuration-options","title":"Modify Configuration Options","text":"Open the script using the editor and change the following variables to the expected:
REGISTRY=\"kubeovn\" # Image Repo \nVERSION=\"v1.12.12\" # Image Tag\nPOD_CIDR=\"10.16.0.0/16\" # Default subnet CIDR don't overlay with SVC/NODE/JOIN CIDR\nSVC_CIDR=\"10.96.0.0/12\" # Be consistent with apiserver's service-cluster-ip-range\nJOIN_CIDR=\"100.64.0.0/16\" # Pod/Host communication Subnet CIDR, don't overlay with SVC/NODE/POD CIDR\nLABEL=\"node-role.kubernetes.io/master\" # The node label to deploy OVN DB\nIFACE=\"\" # The name of the host NIC used by the container network, or if empty use the NIC that host Node IP in Kubernetes\nTUNNEL_TYPE=\"geneve\" # Tunnel protocol\uff0cavailable options: geneve, vxlan or stt. stt requires compilation of ovs kernel module\n
You can also use regular expression to math NIC names\uff0csuch as IFACE=enp6s0f0,eth.*.
"},{"location":"en/start/one-step-install/#run-the-script","title":"Run the Script","text":"bash install.sh
Wait Kube-OVN ready.
"},{"location":"en/start/one-step-install/#helm-chart-installation","title":"Helm Chart Installation","text":"Since the installation of Kube-OVN requires setting some parameters, to install Kube-OVN using Helm, you need to follow the steps below.
"},{"location":"en/start/one-step-install/#view-the-node-ip-address","title":"View the node IP address","text":"$ kubectl get node -o wide\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\nkube-ovn-control-plane NotReady control-plane 20h v1.26.0 172.18.0.3 <none> Ubuntu 22.04.1 LTS 5.10.104-linuxkit containerd://1.6.9\nkube-ovn-worker NotReady <none> 20h v1.26.0 172.18.0.2 <none> Ubuntu 22.04.1 LTS 5.10.104-linuxkit containerd://1.6.9\n
"},{"location":"en/start/one-step-install/#remove-cluster-master-node-taint","title":"Remove cluster master node taint","text":"$ kubectl taint node kube-ovn-control-plane node-role.kubernetes.io/control-plane:NoSchedule-\nnode/kube-ovn-control-plane untainted\n
This step can be skipped if you are sure that you do not need to schedule the pod at the master node.
"},{"location":"en/start/one-step-install/#add-label-to-node","title":"Add label to node","text":"$ kubectl label node -lbeta.kubernetes.io/os=linux kubernetes.io/os=linux --overwrite\nnode/kube-ovn-control-plane not labeled\nnode/kube-ovn-worker not labeled\n\n$ kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=master --overwrite\nnode/kube-ovn-control-plane labeled\n\n# The following labels are used for the installation of dpdk images and can be ignored in non-dpdk cases\n$ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel --overwrite\nnode/kube-ovn-control-plane labeled\nnode/kube-ovn-worker labeled\n
"},{"location":"en/start/one-step-install/#add-helm-repo-information","title":"Add Helm Repo information","text":"$ helm repo add kubeovn https://kubeovn.github.io/kube-ovn/\n\"kubeovn\" has been added to your repositories\n\n$ helm repo list\nNAME URL\nkubeovn https://kubeovn.github.io/kube-ovn/\n\n$ helm search repo kubeovn\nNAME CHART VERSION APP VERSION DESCRIPTION\nkubeovn/kube-ovn 0.1.0 1.12.0 Helm chart for Kube-OVN\n
"},{"location":"en/start/one-step-install/#run-helm-install-to-install-kube-ovn","title":"Run helm install to install Kube-OVN","text":"The Node0IP, Node1IP, and Node2IP parameters are the IP addresses of the cluster master nodes, respectively. For other parameters, you can refer to the variable definitions in the values.yaml file.
# Single master node environment install\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=${Node0IP}\n\n# Using the node information above as an example, execute the install command\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=172.18.0.3\nNAME: kube-ovn\nLAST DEPLOYED: Fri Mar 31 12:43:43 2023\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\n\n# Highly Available Cluster Installation\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=${Node0IP}\\,${Node1IP}\\,${Node2IP} --set replicaCount=3\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/start/prepare/","title":"Prerequisites","text":"Kube-OVN is a CNI-compliant network system that depends on the Kubernetes environment and the corresponding kernel network module for its operation. Below are the operating system and software versions tested, the environment configuration and the ports that need to be opened.
"},{"location":"en/start/prepare/#software-version","title":"Software Version","text":" - Kubernetes >= 1.23.
- Docker >= 1.12.6, Containerd >= 1.3.4.
- OS: CentOS 7/8, Ubuntu 16.04/18.04/20.04.
- For other Linux distributions, please make sure
geneve, openvswitch, ip_tables and iptable_nat kernel modules exist.
Attention\uff1a
- For CentOS kernel version 3.10.0-862 bug exists in
netfilter modules that lead Kube-OVN embed nat and lb failure.Please update kernel and check Floating IPs broken after kernel upgrade to Centos/RHEL 7.5 - DNAT not working. - Kernel version 4.18.0-372.9.1.el8.x86_64 in Rocky Linux 8.6 has a TCP connection problem TCP connection failed in Rocky Linux 8.6\uff0cplease update kernel to 4.18.0-372.13.1.el8_6.x86_64 or later\u3002
- For kernel version 4.4, the related
openvswitch module has some issues for ct\uff0cplease update kernel version or manually compile openvswitch kernel module. - When building Geneve tunnel IPv6 in kernel should be enabled\uff0ccheck the kernel bootstrap options with
cat /proc/cmdline.Check Geneve tunnels don't work when ipv6 is disabled for the detail bug info.
"},{"location":"en/start/prepare/#environment-setup","title":"Environment Setup","text":" - Kernel should enable IPv6, if kernel bootstrap options contain
ipv6.disable=1, it should be set to 0. kube-proxy works, Kube-OVN can visit kube-apiserver from Service ClusterIP.- Make sure kubelet enabled
CNI and find cni-bin and cni-conf in default directories, kubelet bootstrap options should contain --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-conf-dir=/etc/cni/net.d. - Make sure no other CNI installed or has been removed\uff0ccheck if any config files still exist in
/etc/cni/net.d/.
"},{"location":"en/start/prepare/#ports-need-open","title":"Ports Need Open","text":"Component Port Usage ovn-central 6641/tcp, 6642/tcp, 6643/tcp, 6644/tcp ovn-db and raft server listen ports ovs-ovn Geneve 6081/udp, STT 7471/tcp, Vxlan 4789/udp tunnel ports kube-ovn-controller 10660/tcp metrics port kube-ovn-daemon 10665/tcp metrics port kube-ovn-monitor 10661/tcp metrics port \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/start/sealos-install/","title":"One-Click Deployment of Kubernetes and Kube-OVN with sealos","text":"sealos, a distribution of Kubernetes, helps users quickly initialize a container cluster from scratch. By using sealos, users can deploy a Kubernetes cluster with Kube-OVN installed in minutes with a single command.
"},{"location":"en/start/sealos-install/#download-sealos","title":"Download sealos","text":"AMD64 ARM64 wget https://github.com/labring/sealos/releases/download/v4.0.0/sealos_4.0.0_linux_amd64.tar.gz \\\n && tar zxvf sealos_4.0.0_linux_amd64.tar.gz sealos && chmod +x sealos && mv sealos /usr/bin\n
wget https://github.com/labring/sealos/releases/download/v4.0.0/sealos_4.0.0_linux_arm64.tar.gz \\\n && tar zxvf sealos_4.0.0_linux_arm64.tar.gz sealos && chmod +x sealos && mv sealos /usr/bin\n
"},{"location":"en/start/sealos-install/#deploy-kubernetes-and-kube-ovn","title":"Deploy Kubernetes and Kube-OVN","text":"```bash\nsealos run labring/kubernetes:v1.24.3 labring/kube-ovn:v1.10.5 \\\n --masters [masters ips seperated by comma] \\\n --nodes [nodes ips seperated by comma] -p [your-ssh-passwd]\n```\n
"},{"location":"en/start/sealos-install/#wait-to-finish","title":"Wait to finish","text":"```bash\n[Step 6/6] Finish\n\n ,,,,\n ,::,\n ,,::,,,,\n ,,,,,::::::::::::,,,,,\n ,,,::::::::::::::::::::::,,,\n ,,::::::::::::::::::::::::::::,,\n ,,::::::::::::::::::::::::::::::::,,\n ,::::::::::::::::::::::::::::::::::::,\n ,:::::::::::::,, ,,:::::,,,::::::::::,\n ,,:::::::::::::, ,::, ,:::::::::,\n ,:::::::::::::, :x, ,:: :, ,:::::::::,\n,:::::::::::::::, ,,, ,::, ,, ,::::::::::,\n,:::::::::::::::::,,,,,,:::::,,,,::::::::::::, ,:, ,:, ,xx, ,:::::, ,:, ,:: :::, ,x\n,::::::::::::::::::::::::::::::::::::::::::::, :x: ,:xx: , :xx, :xxxxxxxxx, :xx, ,xx:,xxxx, :x\n,::::::::::::::::::::::::::::::::::::::::::::, :xxxxx:, ,xx, :x: :xxx:x::, ::xxxx: :xx:, ,:xxx :xx, ,xx: ,xxxxx:, :x\n,::::::::::::::::::::::::::::::::::::::::::::, :xxxxx, :xx, :x: :xxx,,:xx,:xx:,:xx, ,,,,,,,,,xxx, ,xx: :xx:xx: ,xxx,:xx::x\n,::::::,,::::::::,,::::::::,,:::::::,,,::::::, :x:,xxx: ,xx, :xx :xx: ,xx,xxxxxx:, ,xxxxxxx:,xxx:, ,xxx, :xxx: ,xxx, :xxxx\n,::::, ,::::, ,:::::, ,,::::, ,::::, :x: ,:xx,,:xx::xxxx,,xxx::xx: :xx::::x: ,,,,,, ,xxxxxxxxx, ,xx: ,xxx, :xxx\n,::::, ,::::, ,::::, ,::::, ,::::, ,:, ,:, ,,::,,:, ,::::,, ,:::::, ,,:::::, ,, :x: ,::\n,::::, ,::::, ,::::, ,::::, ,::::,\n ,,,,, ,::::, ,::::, ,::::, ,:::, ,,,,,,,,,,,,,\n ,::::, ,::::, ,::::, ,:::, ,,,:::::::::::::::,\n ,::::, ,::::, ,::::, ,::::, ,,,,:::::::::,,,,,,,:::,\n ,::::, ,::::, ,::::, ,::::::::::::,,,,,\n ,,,, ,::::, ,,,, ,,,::::,,,,\n ,::::,\n ,,::,\n\nThanks for choosing Kube-OVN!\nFor more advanced features, please read https://github.com/kubeovn/kube-ovn#documents\nIf you have any question, please file an issue https://github.com/kubeovn/kube-ovn/issues/new/choose\n2022-08-10T16:31:34 info succeeded in creating a new cluster, enjoy it!\n2022-08-10T16:31:34 info\n ___ ___ ___ ___ ___ ___\n /\\ \\ /\\ \\ /\\ \\ /\\__\\ /\\ \\ /\\ \\\n /::\\ \\ /::\\ \\ /::\\ \\ /:/ / /::\\ \\ /::\\ \\\n /:/\\ \\ \\ /:/\\:\\ \\ /:/\\:\\ \\ /:/ / /:/\\:\\ \\ /:/\\ \\ \\\n _\\:\\~\\ \\ \\ /::\\~\\:\\ \\ /::\\~\\:\\ \\ /:/ / /:/ \\:\\ \\ _\\:\\~\\ \\ \\\n /\\ \\:\\ \\ \\__\\ /:/\\:\\ \\:\\__\\ /:/\\:\\ \\:\\__\\ /:/__/ /:/__/ \\:\\__\\ /\\ \\:\\ \\ \\__\\\n \\:\\ \\:\\ \\/__/ \\:\\~\\:\\ \\/__/ \\/__\\:\\/:/ / \\:\\ \\ \\:\\ \\ /:/ / \\:\\ \\:\\ \\/__/\n \\:\\ \\:\\__\\ \\:\\ \\:\\__\\ \\::/ / \\:\\ \\ \\:\\ /:/ / \\:\\ \\:\\__\\\n \\:\\/:/ / \\:\\ \\/__/ /:/ / \\:\\ \\ \\:\\/:/ / \\:\\/:/ /\n \\::/ / \\:\\__\\ /:/ / \\:\\__\\ \\::/ / \\::/ /\n \\/__/ \\/__/ \\/__/ \\/__/ \\/__/ \\/__/\n\n Website :https://www.sealos.io/\n Address :github.com/labring/sealos\n```\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/start/underlay/","title":"Underlay Installation","text":"By default, the default subnet uses Geneve to encapsulate cross-host traffic, and build an overlay network on top of the infrastructure.
For the case that you want the container network to use the physical network address directly, you can set the default subnet of Kube-OVN to work in Underlay mode, which can directly assign the address resources in the physical network to the containers, achieving better performance and connectivity with the physical network.
"},{"location":"en/start/underlay/#limitation","title":"Limitation","text":"Since the container network in this mode uses physical network directly for L2 packet forwarding, L3 functions such as SNAT/EIP, distributed gateway/centralized gateway in Overlay mode cannot be used. VPC level isolation is also not available for underlay subnet.
"},{"location":"en/start/underlay/#comparison-with-macvlan","title":"Comparison with Macvlan","text":"The Underlay mode of Kube-OVN is very similar to the Macvlan, with the following major differences in functionality and performance:
- Macvlan performs better in terms of throughput and latency performance metrics due to its shorter kernel path and the fact that it does not require OVS for packet processing.
- Kube-OVN provides arp-proxy functionality through flow tables to mitigate the risk of arp broadcast storms on large-scale networks.
- Since Macvlan works at the bottom of the kernel and bypasses the host netfilter, Service and NetworkPolicy functionality requires additional development. Kube-OVN provides Service and NetworkPolicy capabilities through the OVS flow table.
- Kube-OVN Underlay mode provides additional features such as address management, fixed IP and QoS compared to Macvlan.
"},{"location":"en/start/underlay/#environment-requirements","title":"Environment Requirements","text":"In Underlay mode, the OVS will bridge a node NIC to the OVS bridge and send packets directly through that node NIC, relying on the underlying network devices for L2/L3 level forwarding capabilities. You need to configure the corresponding gateway, Vlan and security policy in the underlying network device in advance.
- For OpenStack VM environments, you need to turn off
PortSecurity on the corresponding network port. - For VMware vSwitch networks,
MAC Address Changes, Forged Transmits and Promiscuous Mode Operation should be set to allow. - For Hyper-V virtualization,
MAC Address Spoofing should be enabled in VM nic advanced features. - Public clouds, such as AWS, GCE, AliCloud, etc., do not support user-defined Mac, so they cannot support Underlay mode network. In this scenario, if you want to use Underlay, it is recommended to use the VPC-CNI provided by the corresponding public cloud vendor..
- The network interface that is bridged into ovs can not be type of Linux Bridge.
For management and container networks using the same NIC, Kube-OVN will transfer the NIC's Mac address, IP address, route, and MTU to the corresponding OVS Bridge to support single NIC deployment of Underlay networks. OVS Bridge name format is br-PROVIDER_NAME\uff0cPROVIDER_NAME is the name of ProviderNetwork (Default: provider).
"},{"location":"en/start/underlay/#specify-network-mode-when-deploying","title":"Specify Network Mode When Deploying","text":"This deployment mode sets the default subnet to Underlay mode, and all Pods with no subnet specified will run in the Underlay network by default.
"},{"location":"en/start/underlay/#download-script","title":"Download Script","text":"wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
"},{"location":"en/start/underlay/#modify-configuration-options","title":"Modify Configuration Options","text":"ENABLE_ARP_DETECT_IP_CONFLICT # disable vlan arp conflict detection if necessary\nNETWORK_TYPE # set to vlan\nVLAN_INTERFACE_NAME # set to the NIC that carries the Underlay traffic, e.g. eth1\nVLAN_ID # The VLAN Tag need to be added\uff0cif set 0 no vlan tag will be added\nPOD_CIDR # The Underlay network CIDR\uff0c e.g. 192.168.1.0/24\nPOD_GATEWAY # Underlay physic gateway address, e.g. 192.168.1.1\nEXCLUDE_IPS # Exclude ranges to avoid conflicts between container network and IPs already in use on the physical network, e.g. 192.168.1.1..192.168.1.100\nENABLE_LB # If Underlay Subnet needs to visit Service set it to true\nEXCHANGE_LINK_NAME # If swap the names of the OVS bridge and the bridge interface under the default provider-network. Default to false.\nLS_DNAT_MOD_DL_DST # If DNAT translate MAC addresses to accelerate service access. Default to true.\n
"},{"location":"en/start/underlay/#run-the-script","title":"Run the Script","text":"bash install.sh\n
"},{"location":"en/start/underlay/#dynamically-create-underlay-networks-via-crd","title":"Dynamically Create Underlay Networks via CRD","text":"This approach dynamically creates an Underlay subnet that Pod can use after installation.
"},{"location":"en/start/underlay/#create-providernetwork","title":"Create ProviderNetwork","text":"ProviderNetwork provides the abstraction of host NIC to physical network mapping, unifies the management of NICs belonging to the same network, and solves the configuration problems in complex environments with multiple NICs on the same machine, inconsistent NIC names and inconsistent corresponding Underlay networks.
Create ProviderNetwork as below:
apiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: net1\nspec:\n defaultInterface: eth1\n customInterfaces:\n - interface: eth2\n nodes:\n - node1\n excludeNodes:\n - node2\n
Note: The length of the ProviderNetwork resource name must not exceed 12.
defaultInterface: The default node NIC name. When the ProviderNetwork is successfully created, an OVS bridge named br-net1 (in the format br-NAME) is created in each node (except excludeNodes) and the specified node NIC is bridged to this bridge.customInterfaces: Optionally, you can specify the NIC to be used for a specific node.excludeNodes: Optional, to specify nodes that do not bridge the NIC. Nodes in this list will be added with the net1.provider-network.ovn.kubernetes.io/exclude=true tag.
Other nodes will be added with the following tags:
Key Value Description net1.provider-network.ovn.kubernetes.io/ready true bridge work finished, ProviderNetwork is ready on this node net1.provider-network.ovn.kubernetes.io/interface eth1 The name of the bridged NIC in the node. net1.provider-network.ovn.kubernetes.io/mtu 1500 MTU of bridged NIC in node If an IP has been configured on the node NIC, the IP address and the route on the NIC are transferred to the corresponding OVS bridge.
"},{"location":"en/start/underlay/#create-vlan","title":"Create VLAN","text":"Vlan provides an abstraction to bind Vlan Tag and ProviderNetwork.
Create a VLAN as below:
apiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan1\nspec:\n id: 0\n provider: net1\n
id: VLAN ID/Tag\uff0cKube-OVN will add this Vlan tag to traffic, if set 0, no tag is added.provider: The name of ProviderNetwork. Multiple VLAN can use a same ProviderNetwork.
"},{"location":"en/start/underlay/#create-subnet","title":"Create Subnet","text":"Bind Vlan to a Subnet as below\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n vlan: vlan1\n
Simply specify the value of vlan as the name of the VLAN to be used. Multiple subnets can refer to the same VLAN.
"},{"location":"en/start/underlay/#create-pod","title":"Create Pod","text":"You can create containers in the normal way, check whether the container IP is in the specified range and whether the container can interoperate with the physical network.
For fixed IP requirements, please refer to Fixed Addresses
"},{"location":"en/start/underlay/#logical-gateway","title":"Logical Gateway","text":"For cases where no gateway exists in the physical network, Kube-OVN supports the use of logical gateways configured in the subnet in Underlay mode. To use this feature, set spec.logicalGateway to true for the subnet:
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n vlan: vlan1\n logicalGateway: true\n
When this feature is turned on, the Pod does not use an external gateway, but a Logical Router created by Kube-OVN to forward cross-subnet communication.
"},{"location":"en/start/underlay/#interconnection-of-underlay-and-overlay-networks","title":"Interconnection of Underlay and Overlay Networks","text":"If a cluster has both Underlay and Overlay subnets, by default, Pods in the Overlay subnet can access the Pod IPs in the Underlay subnet via a gateway using NAT. From the perspective of Pods in the Underlay subnet, the addresses in the Overlay subnet are external, and require the underlying physical device to forward, but the underlying physical device does not know the addresses in the Overlay subnet and cannot forward. Therefore, Pods in the Underlay subnet cannot access Pods in the Overlay subnet directly via Pod IPs.
If you need to enable communication between Underlay and Overlay networks, you need to set the u2oInterconnection of the subnet to true. In this case, Kube-OVN will use an additional Underlay IP to connect the Underlay subnet and the ovn-cluster logical router, and set the corresponding routing rules to enable communication. Unlike the logical gateway, this solution only connects the Underlay and Overlay subnets within Kube-OVN, and other traffic accessing the Internet will still be forwarded through the physical gateway.
"},{"location":"en/start/underlay/#specify-logical-gateway-ip","title":"Specify logical gateway IP","text":"After the interworking function is enabled, an IP from the subnet will be randomly selected as the logical gateway. If you need to specify the logical gateway of the Underlay Subnet, you can specify the field u2oInterconnectionIP.
"},{"location":"en/start/underlay/#specify-custom-vpc-for-underlay-subnet-connection","title":"Specify custom VPC for Underlay Subnet connection","text":"By default, the Underlay Subnet will communicate with the Overlay Subnet on the default VPC. If you want to specify to communicate with a certain VPC, after setting u2oInterconnection to true, specify the subnet.spec.vpc field as the name of the VPC.
"},{"location":"en/start/underlay/#notice","title":"Notice","text":"If you have an IP address configured on the network card of the node you are using, and the operating system configures the network using Netplan (such as Ubuntu), it is recommended that you set the renderer of Netplan to NetworkManager and configure a static IP address for the node's network card (disable DHCP).
network:\n renderer: NetworkManager\n ethernets:\n eth0:\n dhcp4: no\n addresses:\n - 172.16.143.129/24\n version: 2\n
If you want to modify the IP or routing configuration of the network card, you need to execute the following commands after modifying the Netplan configuration:
netplan generate\n\nnmcli connection reload netplan-eth0\nnmcli device set eth0 managed yes\n
After executing the above commands, Kube-OVN will transfer the IP and routing from the network card to the OVS bridge.
If your operating system manages the network using NetworkManager (such as CentOS), you need to execute the following command after modifying the network card configuration:
nmcli connection reload eth0\nnmcli device set eth0 managed yes\nnmcli -t -f GENERAL.STATE device show eth0 | grep -qw unmanaged || nmcli device reapply eth0\n
Notice\uff1aIf the host nic's MAC is changed, Kube-OVN will not change the OVS bridge's MAC unless kube-ovn-cni is restarted.
"},{"location":"en/start/underlay/#known-issues","title":"Known Issues","text":""},{"location":"en/start/underlay/#when-the-physical-network-is-enabled-with-hairpin-pod-network-is-abnormal","title":"When the physical network is enabled with hairpin, Pod network is abnormal","text":"When physical networks enable hairpin or similar behaviors, problems such as gateway check failure when creating Pods and abnormal network communication of Pods may occur. This is because the default MAC learning function of OVS bridge does not support this kind of network environment.
To solve this problem, it is necessary to turn off hairpin (or modify the relevant configuration of physical network), or update the Kube-OVN version.
"},{"location":"en/start/underlay/#when-there-are-a-large-number-of-pods-gateway-check-for-new-pods-fails","title":"When there are a large number of Pods, gateway check for new Pods fails","text":"If there are a large number of Pods running on the same node (more than 300), it may cause packet loss due to the OVS flow table resubmit times exceeding the upper limit of ARP broadcast packets.
2022-11-13T08:43:46.782Z|00222|ofproto_dpif_upcall(handler5)|WARN|Flow: arp,in_port=331,vlan_tci=0x0000,dl_src=00:00:00:25:eb:39,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.213.131.240,arp_tpa=10.213.159.254,arp_op=1,arp_sha=00:00:00:25:eb:39,arp_tha=ff:ff:ff:ff:ff:ff\n\nbridge(\"br-int\")\n----------------\n 0. No match.\n >>>> received packet on unknown port 331 <<<<\n drop\n\nFinal flow: unchanged\nMegaflow: recirc_id=0,eth,arp,in_port=331,dl_src=00:00:00:25:eb:39\nDatapath actions: drop\n2022-11-13T08:44:34.077Z|00224|ofproto_dpif_xlate(handler5)|WARN|over 4096 resubmit actions on bridge br-int while processing arp,in_port=13483,vlan_tci=0x0000,dl_src=00:00:00:59:ef:13,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.213.152.3,arp_tpa=10.213.159.254,arp_op=1,arp_sha=00:00:00:59:ef:13,arp_tha=ff:ff:ff:ff:ff:ff\n
To solve this issue, modify the OVN NB option bcast_arp_req_flood to false:
kubectl ko nbctl set NB_Global . options:bcast_arp_req_flood=false\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/start/uninstall/","title":"Uninstall","text":"If you need to remove the Kube-OVN and replace it with another network plugin, please follow the steps below to remove all the corresponding Kube-OVN component and OVS configuration to avoid interference with other network plugins.
Feel free to contact us with an Issue to give us feedback on why you don't use Kube-OVN to help us improve it.
"},{"location":"en/start/uninstall/#delete-resource-in-kubernetes","title":"Delete Resource in Kubernetes","text":"Download and run the script below to delete resource created in Kubernetes:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/cleanup.sh\nbash cleanup.sh\n
"},{"location":"en/start/uninstall/#cleanup-config-and-logs-on-every-node","title":"Cleanup Config and Logs on Every Node","text":"Run the following commands on each node to clean up the configuration retained by ovsdb and openvswitch:
rm -rf /var/run/openvswitch\nrm -rf /var/run/ovn\nrm -rf /etc/origin/openvswitch/\nrm -rf /etc/origin/ovn/\nrm -rf /etc/cni/net.d/00-kube-ovn.conflist\nrm -rf /etc/cni/net.d/01-kube-ovn.conflist\nrm -rf /var/log/openvswitch\nrm -rf /var/log/ovn\nrm -fr /var/log/kube-ovn\n
"},{"location":"en/start/uninstall/#reboot-node","title":"Reboot Node","text":"Reboot the machine to ensure that the corresponding NIC information and iptable/ipset rules are cleared to avoid the interference with other network plugins:
reboot\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"","title":"Kube-OVN","text":"Kube-OVN \u200b\u662f\u200b\u4e00\u6b3e\u200b CNCF \u200b\u65d7\u4e0b\u200b\u7684\u200b\u4f01\u4e1a\u7ea7\u200b\u4e91\u200b\u539f\u751f\u200b\u7f51\u7edc\u200b\u7f16\u6392\u200b\u7cfb\u7edf\u200b\uff0c\u200b\u5c06\u200b SDN \u200b\u7684\u200b\u80fd\u529b\u200b\u548c\u200b\u4e91\u200b\u539f\u751f\u200b\u7ed3\u5408\u200b\uff0c \u200b\u63d0\u4f9b\u200b\u4e30\u5bcc\u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u6781\u81f4\u200b\u7684\u200b\u6027\u80fd\u200b\u4ee5\u53ca\u200b\u826f\u597d\u200b\u7684\u200b\u53ef\u200b\u8fd0\u7ef4\u6027\u200b\u3002
\u200b\u4e30\u5bcc\u200b\u7684\u200b\u529f\u80fd\u200b\uff1a
\u200b\u5982\u679c\u200b\u4f60\u200b\u6000\u5ff5\u200b SDN \u200b\u9886\u57df\u200b\u4e30\u5bcc\u200b\u7684\u200b\u7f51\u7edc\u200b\u80fd\u529b\u200b\u5374\u200b\u5728\u200b\u4e91\u200b\u539f\u751f\u200b\u9886\u57df\u200b\u82e6\u82e6\u200b\u8ffd\u5bfb\u200b\u800c\u200b\u4e0d\u5f97\u200b\uff0c\u200b\u90a3\u4e48\u200b Kube-OVN \u200b\u5c06\u200b\u662f\u200b\u4f60\u200b\u7684\u200b\u6700\u4f73\u200b\u9009\u62e9\u200b\u3002
\u200b\u501f\u52a9\u200b OVS/OVN \u200b\u5728\u200b SDN \u200b\u9886\u57df\u200b\u6210\u719f\u200b\u7684\u200b\u80fd\u529b\u200b\uff0cKube-OVN \u200b\u5c06\u200b\u7f51\u7edc\u200b\u865a\u62df\u5316\u200b\u7684\u200b\u4e30\u5bcc\u200b\u529f\u80fd\u200b\u5e26\u5165\u200b\u4e91\u200b\u539f\u751f\u200b\u9886\u57df\u200b\u3002\u200b\u76ee\u524d\u200b\u5df2\u200b\u652f\u6301\u200b\u5b50\u7f51\u200b\u7ba1\u7406\u200b\uff0c \u200b\u9759\u6001\u200b IP \u200b\u5206\u914d\u200b\uff0c\u200b\u5206\u5e03\u5f0f\u200b/\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0cUnderlay/Overlay \u200b\u6df7\u5408\u200b\u7f51\u7edc\u200b\uff0c VPC \u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\uff0c\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u7f51\u7edc\u200b\uff0cQoS \u200b\u7ba1\u7406\u200b\uff0c \u200b\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406\u200b\uff0cACL \u200b\u7f51\u7edc\u200b\u63a7\u5236\u200b\uff0c\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\uff0cARM \u200b\u652f\u6301\u200b\uff0c Windows \u200b\u652f\u6301\u200b\u7b49\u200b\u8bf8\u591a\u200b\u529f\u80fd\u200b\u3002
\u200b\u6781\u81f4\u200b\u7684\u200b\u6027\u80fd\u200b\uff1a
\u200b\u5982\u679c\u200b\u4f60\u200b\u62c5\u5fc3\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u4f1a\u200b\u5e26\u6765\u200b\u989d\u5916\u200b\u7684\u200b\u6027\u80fd\u200b\u635f\u8017\u200b\uff0c\u200b\u90a3\u4e48\u200b\u6765\u770b\u200b\u4e00\u4e0b\u200b Kube-OVN \u200b\u662f\u200b\u5982\u4f55\u200b\u6781\u81f4\u200b\u7684\u200b\u4f18\u5316\u200b\u6027\u80fd\u200b\u3002
\u200b\u5728\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\uff0c\u200b\u901a\u8fc7\u200b\u4e00\u7cfb\u5217\u200b\u5bf9\u6d41\u200b\u8868\u200b\u548c\u200b\u5185\u6838\u200b\u7684\u200b\u7cbe\u5fc3\u200b\u4f18\u5316\u200b\uff0c\u200b\u5e76\u200b\u501f\u52a9\u200b eBPF\u3001DPDK\u3001\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b\u5378\u8f7d\u200b\u7b49\u200b\u65b0\u5174\u200b\u6280\u672f\u200b\uff0c Kube-OVN \u200b\u53ef\u4ee5\u200b\u5728\u200b\u5ef6\u8fdf\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u7b49\u200b\u65b9\u9762\u200b\u7684\u200b\u6307\u6807\u200b\u8fbe\u5230\u200b\u8fd1\u4f3c\u200b\u6216\u200b\u8d85\u51fa\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u6027\u80fd\u200b\u7684\u200b\u6c34\u5e73\u200b\u3002\u200b\u5728\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\uff0c\u200b\u901a\u8fc7\u200b\u5bf9\u200b OVN \u200b\u4e0a\u6e38\u200b\u6d41\u8868\u200b\u7684\u200b\u88c1\u526a\u200b\uff0c \u200b\u5404\u79cd\u200b\u7f13\u5b58\u200b\u6280\u672f\u200b\u7684\u200b\u4f7f\u7528\u200b\u548c\u200b\u8c03\u4f18\u200b\uff0cKube-OVN \u200b\u53ef\u4ee5\u200b\u652f\u6301\u200b\u5927\u89c4\u6a21\u200b\u4e0a\u5343\u200b\u8282\u70b9\u200b\u548c\u200b\u4e0a\u4e07\u200b Pod \u200b\u7684\u200b\u96c6\u7fa4\u200b\u3002
\u200b\u6b64\u5916\u200b Kube-OVN \u200b\u8fd8\u200b\u5728\u200b\u4e0d\u65ad\u200b\u4f18\u5316\u200b CPU \u200b\u548c\u200b\u5185\u5b58\u200b\u7b49\u200b\u8d44\u6e90\u200b\u7684\u200b\u4f7f\u7528\u91cf\u200b\uff0c\u200b\u4ee5\u200b\u9002\u5e94\u200b\u8fb9\u7f18\u200b\u7b49\u200b\u8d44\u6e90\u200b\u6709\u9650\u200b\u573a\u666f\u200b\u3002
\u200b\u826f\u597d\u200b\u7684\u200b\u53ef\u200b\u8fd0\u7ef4\u6027\u200b\uff1a
\u200b\u5982\u679c\u200b\u4f60\u200b\u5bf9\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u8fd0\u7ef4\u200b\u5fc3\u5b58\u200b\u5fe7\u8651\u200b\uff0cKube-OVN \u200b\u5185\u7f6e\u200b\u4e86\u200b\u5927\u91cf\u200b\u7684\u200b\u5de5\u5177\u200b\u6765\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u7b80\u5316\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u3002
Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff0c\u200b\u5e2e\u52a9\u200b\u7528\u6237\u200b\u8fc5\u901f\u200b\u642d\u5efa\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u3002\u200b\u540c\u65f6\u200b\u5185\u7f6e\u200b\u7684\u200b\u4e30\u5bcc\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u548c\u200b Grafana \u200b\u9762\u677f\u200b\uff0c \u200b\u53ef\u200b\u5e2e\u52a9\u200b\u7528\u6237\u200b\u5efa\u7acb\u200b\u5b8c\u5584\u200b\u7684\u200b\u76d1\u63a7\u200b\u4f53\u7cfb\u200b\u3002\u200b\u5f3a\u5927\u200b\u7684\u200b\u547d\u4ee4\u884c\u200b\u5de5\u5177\u200b\u53ef\u4ee5\u200b\u7b80\u5316\u200b\u7528\u6237\u200b\u7684\u200b\u65e5\u5e38\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u3002\u200b\u901a\u8fc7\u200b\u548c\u200b Cilium \u200b\u7ed3\u5408\u200b\uff0c\u200b\u5229\u7528\u200b eBPF \u200b\u80fd\u529b\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b \u200b\u589e\u5f3a\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u7684\u200b\u53ef\u200b\u89c2\u6d4b\u200b\u6027\u200b\u3002 \u200b\u6b64\u5916\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u7684\u200b\u80fd\u529b\u200b\u53ef\u4ee5\u200b\u65b9\u4fbf\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b\u6d41\u91cf\u200b\u76d1\u63a7\u200b\uff0c\u200b\u5e76\u200b\u548c\u200b\u4f20\u7edf\u200b\u7684\u200b NPM \u200b\u7cfb\u7edf\u200b\u5bf9\u63a5\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"contact/","title":"\u8054\u7cfb\u65b9\u5f0f","text":"\u200b\u5173\u6ce8\u200b\u516c\u4f17\u200b\u53f7\u200b\u83b7\u5f97\u200b\u66f4\u200b\u591a\u200b\u6700\u65b0\u200b\u4fe1\u606f\u200b\uff0c\u200b\u8bf7\u200b\u626b\u63cf\u200b\u4e0b\u65b9\u200b\u4e8c\u7ef4\u7801\u200b:
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/","title":"\u4f7f\u7528\u200b eBPF \u200b\u52a0\u901f\u200b\u8282\u70b9\u200b\u5185\u200b TCP \u200b\u901a\u4fe1","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u8fb9\u7f18\u200b\u548c\u200b 5G \u200b\u7684\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u540c\u200b\u8282\u70b9\u200b\u5185\u200b\u7684\u200b Pod \u200b\u4e4b\u95f4\u200b\u4f1a\u200b\u8fdb\u884c\u200b\u5927\u91cf\u200b\u7684\u200b TCP \u200b\u901a\u4fe1\u200b\uff0c\u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b Intel \u200b\u5f00\u6e90\u200b\u7684\u200b istio-tcpip-bypass \u200b\u9879\u76ee\u200b\uff0cPod \u200b\u53ef\u4ee5\u200b\u501f\u52a9\u200b eBPF \u200b\u7684\u200b\u80fd\u529b\u200b\u7ed5\u8fc7\u200b\u4e3b\u673a\u200b\u7684\u200b TCP/IP \u200b\u534f\u8bae\u200b\u6808\u200b\uff0c\u200b\u76f4\u63a5\u200b\u8fdb\u884c\u200b socket \u200b\u901a\u4fe1\u200b\uff0c\u200b\u4ece\u800c\u200b\u5927\u5e45\u200b\u964d\u4f4e\u200b\u5ef6\u8fdf\u200b\u5e76\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_1","title":"\u57fa\u672c\u539f\u7406","text":"\u200b\u5728\u200b\u5f53\u524d\u200b\u7684\u200b\u5b9e\u73b0\u200b\u4e0b\u200b\uff0c\u200b\u540c\u200b\u4e3b\u673a\u200b\u7684\u200b\u4e24\u4e2a\u200b Pod \u200b\u8fdb\u884c\u200b TCP \u200b\u8fdb\u884c\u200b\u901a\u4fe1\u200b\u9700\u8981\u200b\u7ecf\u8fc7\u200b\u5927\u91cf\u200b\u7684\u200b\u7f51\u7edc\u200b\u6808\u200b\uff0c\u200b\u5305\u62ec\u200b TCP/IP, netfilter\uff0cOVS \u200b\u7b49\u200b\u5982\u4e0b\u200b\u56fe\u200b\u6240\u793a\u200b\uff1a
istio-tcpip-bypass \u200b\u63d2\u4ef6\u200b\u53ef\u4ee5\u200b\u81ea\u52a8\u200b\u5206\u6790\u200b\u5e76\u200b\u8bc6\u522b\u200b\u51fa\u540c\u200b\u4e3b\u673a\u200b\u5185\u200b\u7684\u200b TCP \u200b\u901a\u4fe1\u200b\uff0c\u200b\u5e76\u200b\u7ed5\u8fc7\u200b\u590d\u6742\u200b\u7684\u200b\u5185\u6838\u200b\u6808\u200b\u4ece\u800c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u8fdb\u884c\u200b socket \u200b\u95f4\u200b\u7684\u200b\u6570\u636e\u4f20\u8f93\u200b\uff0c \u200b\u6765\u200b\u964d\u4f4e\u200b\u7f51\u7edc\u200b\u6808\u200b\u5904\u7406\u200b\u5f00\u9500\u200b\uff0c\u200b\u5982\u4e0b\u200b\u56fe\u200b\u6240\u793a\u200b\uff1a
\u200b\u7531\u4e8e\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u53ef\u4ee5\u200b\u81ea\u52a8\u8bc6\u522b\u200b\u540c\u200b\u4e3b\u673a\u200b\u5185\u200b\u7684\u200b TCP \u200b\u901a\u4fe1\u200b\uff0c\u200b\u5e76\u200b\u8fdb\u884c\u200b\u4f18\u5316\u200b\u3002\u200b\u5728\u200b\u57fa\u4e8e\u200b\u4ee3\u7406\u200b\u6a21\u5f0f\u200b\u7684\u200b Service Mesh \u200b\u73af\u5883\u200b\u4e0b\u200b\uff0c\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u589e\u5f3a\u200b Service Mesh \u200b\u7684\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\u3002
\u200b\u66f4\u200b\u591a\u200b\u6280\u672f\u200b\u5b9e\u73b0\u200b\u7ec6\u8282\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Tanzu Service Mesh Acceleration using eBPF\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_2","title":"\u73af\u5883\u200b\u51c6\u5907","text":"eBPF \u200b\u5bf9\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u6709\u200b\u4e00\u5b9a\u200b\u8981\u6c42\u200b\uff0c\u200b\u63a8\u8350\u200b\u4f7f\u7528\u200b Ubuntu 20.04 \u200b\u548c\u200b Linux 5.4.0-74-generic \u200b\u7248\u672c\u200b\u5185\u6838\u200b\u8fdb\u884c\u200b\u5b9e\u9a8c\u200b\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_3","title":"\u5b9e\u9a8c\u200b\u6b65\u9aa4","text":"\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u90e8\u7f72\u200b\u4e24\u4e2a\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b Pod\uff0c\u200b\u82e5\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5b58\u5728\u200b\u591a\u53f0\u200b\u673a\u5668\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b nodeSelector\uff1a
# kubectl create deployment perf --image=kubeovn/perf:dev --replicas=2\ndeployment.apps/perf created\n# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nperf-7697bc6ddf-b2cpv 1/1 Running 0 28s 100.64.0.3 sealos <none> <none>\nperf-7697bc6ddf-p2xpt 1/1 Running 0 28s 100.64.0.2 sealos <none> <none>\n
\u200b\u8fdb\u5165\u200b\u5176\u4e2d\u200b\u4e00\u4e2a\u200b Pod \u200b\u5f00\u542f\u200b qperf server\uff0c\u200b\u5728\u200b\u53e6\u200b\u4e00\u4e2a\u200b Pod \u200b\u4e2d\u200b\u542f\u52a8\u200b qperf client \u200b\u8fdb\u884c\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\uff1a
# kubectl exec -it perf-7697bc6ddf-b2cpv sh\n/ # qperf\n\n# kubectl exec -it perf-7697bc6ddf-p2xpt sh\n/ # qperf -t 60 100.64.0.3 -ub -oo msg_size:1:16K:*4 -vu tcp_lat tcp_bw\n
\u200b\u90e8\u7f72\u200b istio-tcpip-bypass \u200b\u63d2\u4ef6\u200b\uff1a
kubectl apply -f https://raw.githubusercontent.com/intel/istio-tcpip-bypass/main/bypass-tcpip-daemonset.yaml\n
\u200b\u518d\u6b21\u200b\u8fdb\u5165\u200b perf client \u200b\u5bb9\u5668\u200b\u8fdb\u884c\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\uff1a
# kubectl exec -it perf-7697bc6ddf-p2xpt sh\n/ # qperf -t 60 100.64.0.3 -ub -oo msg_size:1:16K:*4 -vu tcp_lat tcp_bw\n
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_4","title":"\u6d4b\u8bd5\u200b\u7ed3\u679c","text":"\u200b\u6839\u636e\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b TCP \u200b\u5ef6\u8fdf\u200b\u5728\u200b\u4e0d\u540c\u200b\u6570\u636e\u5305\u200b\u5927\u5c0f\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u4f1a\u200b\u6709\u200b 40% ~ 60% \u200b\u7684\u200b\u5ef6\u8fdf\u200b\u4e0b\u964d\u200b\uff0c\u200b\u5728\u200b\u6570\u636e\u5305\u200b\u5927\u4e8e\u200b 1024 \u200b\u5b57\u8282\u200b\u65f6\u200b\u541e\u5410\u91cf\u200b\u4f1a\u200b\u6709\u200b 40% ~ 80% \u200b\u63d0\u5347\u200b\u3002
Packet Size (byte) eBPF tcp_lat (us) Default tcp_lat (us) eBPF tcp_bw (Mb/s) Default tcp_bw(Mb/s) 1 20.2 44.5 1.36 4.27 4 20.2 48.7 5.48 16.7 16 19.6 41.6 21.7 63.5 64 18.8 41.3 96.8 201 256 19.2 36 395 539 1024 18.3 42.4 1360 846 4096 16.5 62.6 4460 2430 16384 20.2 58.8 9600 6900 \u200b\u5728\u200b\u6d4b\u8bd5\u200b\u7684\u200b\u786c\u4ef6\u200b\u73af\u5883\u200b\u4e0b\u200b\uff0c\u200b\u6570\u636e\u5305\u200b\u5c0f\u4e8e\u200b 512 \u200b\u5b57\u8282\u200b\u65f6\u200b\uff0c\u200b\u4f7f\u7528\u200b eBPF \u200b\u4f18\u5316\u200b\u541e\u5410\u91cf\u200b\u6307\u6807\u200b\u4f1a\u200b\u4f4e\u4e8e\u200b\u9ed8\u8ba4\u200b\u914d\u7f6e\u200b\u4e0b\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u3002 \u200b\u8be5\u200b\u60c5\u51b5\u200b\u53ef\u80fd\u200b\u548c\u200b\u9ed8\u8ba4\u200b\u914d\u7f6e\u200b\u4e0b\u200b\u7f51\u5361\u200b\u5f00\u542f\u200b TCP \u200b\u805a\u5408\u200b\u4f18\u5316\u200b\u76f8\u5173\u200b\u3002\u200b\u5982\u679c\u200b\u5e94\u7528\u200b\u573a\u666f\u200b\u5bf9\u200b\u5c0f\u5305\u200b\u541e\u5410\u91cf\u200b\u654f\u611f\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u76f8\u5e94\u200b\u73af\u5883\u200b\u4e0b\u200b \u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b\u5224\u65ad\u200b\u662f\u5426\u200b\u5f00\u542f\u200b eBPF \u200b\u4f18\u5316\u200b\u3002\u200b\u6211\u4eec\u200b\u4e5f\u200b\u4f1a\u200b\u540e\u7eed\u200b\u5bf9\u200b eBPF TCP \u200b\u5c0f\u5305\u200b\u573a\u666f\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u8fdb\u884c\u200b\u4f18\u5316\u200b\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_5","title":"\u53c2\u8003\u8d44\u6599","text":" - istio-tcpip-bypass
- Deep Dive TCP/IP Bypass with eBPF in Service Mesh
- Tanzu Service Mesh Acceleration using eBPF
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/cilium-hubble-observe/","title":"Cilium \u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b","text":"Kube-OVN \u200b\u5f53\u524d\u200b\u5df2\u7ecf\u200b\u652f\u6301\u200b\u4e0e\u200b Cilium \u200b\u96c6\u6210\u200b\uff0c\u200b\u5177\u4f53\u64cd\u4f5c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Cilium \u200b\u96c6\u6210\u200b\u3002
Cilium \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e30\u5bcc\u200b\u7684\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u80fd\u529b\u200b\uff0c\u200b\u6d41\u91cf\u200b\u53ef\u200b\u89c2\u6d4b\u200b\u6027\u662f\u200b\u7531\u200b Hubble \u200b\u63d0\u4f9b\u200b\u7684\u200b\u3002Hubble \u200b\u53ef\u4ee5\u200b\u89c2\u5bdf\u200b\u8282\u70b9\u200b\u3001\u200b\u96c6\u7fa4\u200b\u751a\u81f3\u200b\u591a\u200b\u96c6\u7fa4\u200b\u573a\u666f\u200b\u4e0b\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u7684\u200b\u6d41\u91cf\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#hubble","title":"\u5b89\u88c5\u200b Hubble","text":"\u200b\u9ed8\u8ba4\u200b\u7684\u200b Cilium \u200b\u96c6\u6210\u200b\u5b89\u88c5\u200b\u4e2d\u200b\uff0c\u200b\u5e76\u200b\u6ca1\u6709\u200b\u5b89\u88c5\u200b Hubble \u200b\u76f8\u5173\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u56e0\u6b64\u200b\u8981\u200b\u652f\u6301\u200b\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\uff0c\u200b\u9700\u8981\u200b\u5148\u200b\u5728\u200b\u73af\u5883\u200b\u4e0a\u200b\u8865\u5145\u200b\u5b89\u88c5\u200b Hubble\u3002
\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u4f7f\u7528\u200b helm \u200b\u5b89\u88c5\u200b Hubble\uff1a
helm upgrade cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --reuse-values \\\n --set hubble.relay.enabled=true \\\n --set hubble.ui.enabled=true\n
\u200b\u8865\u5145\u200b\u5b89\u88c5\u200b Hubble \u200b\u4e4b\u540e\u200b\uff0c\u200b\u6267\u884c\u200b cilium status \u200b\u67e5\u770b\u200b\u7ec4\u4ef6\u200b\u72b6\u6001\u200b\uff0c\u200b\u786e\u8ba4\u200b Hubble \u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\u3002
# cilium status\n /\u00af\u00af\\\n /\u00af\u00af\\__/\u00af\u00af\\ Cilium: OK\n \\__/\u00af\u00af\\__/ Operator: OK\n /\u00af\u00af\\__/\u00af\u00af\\ Hubble: OK\n \\__/\u00af\u00af\\__/ ClusterMesh: disabled\n \\__/\n\nDeployment hubble-relay Desired: 1, Ready: 1/1, Available: 1/1\nDeployment cilium-operator Desired: 2, Ready: 2/2, Available: 2/2\nDaemonSet cilium Desired: 2, Ready: 2/2, Available: 2/2\nDeployment hubble-ui Desired: 1, Ready: 1/1, Available: 1/1\nContainers: cilium Running: 2\n hubble-ui Running: 1\n hubble-relay Running: 1\n cilium-operator Running: 2\nCluster Pods: 16/17 managed by Cilium\nImage versions hubble-relay quay.io/cilium/hubble-relay:v1.11.6@sha256:fd9034a2d04d5b973f1e8ed44f230ea195b89c37955ff32e34e5aa68f3ed675a: 1\n cilium-operator quay.io/cilium/operator-generic:v1.11.6@sha256:9f6063c7bcaede801a39315ec7c166309f6a6783e98665f6693939cf1701bc17: 2\n cilium quay.io/cilium/cilium:v1.11.6@sha256:f7f93c26739b6641a3fa3d76b1e1605b15989f25d06625260099e01c8243f54c: 2\n hubble-ui quay.io/cilium/hubble-ui:v0.9.0@sha256:0ef04e9a29212925da6bdfd0ba5b581765e41a01f1cc30563cef9b30b457fea0: 1\n hubble-ui quay.io/cilium/hubble-ui-backend:v0.9.0@sha256:000df6b76719f607a9edefb9af94dfd1811a6f1b6a8a9c537cba90bf12df474b: 1\napple@bogon cilium %\n
\u200b\u5b89\u88c5\u200b Hubble \u200b\u7ec4\u4ef6\u200b\u4e4b\u540e\u200b\uff0c\u200b\u9700\u8981\u200b\u5b89\u88c5\u200b\u547d\u4ee4\u884c\u200b\uff0c\u200b\u7528\u4e8e\u200b\u5728\u200b\u73af\u5883\u200b\u4e0a\u200b\u67e5\u770b\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002 \u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u5b89\u88c5\u200b Hubble CLI :
curl -L --fail --remote-name-all https://github.com/cilium/hubble/releases/download/v0.10.0/hubble-linux-amd64.tar.gz\nsudo tar xzvfC hubble-linux-amd64.tar.gz /usr/local/bin\n
"},{"location":"advance/cilium-hubble-observe/#_1","title":"\u90e8\u7f72\u200b\u6d4b\u8bd5\u200b\u4e1a\u52a1","text":"Cilium \u200b\u5b98\u65b9\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u4e2a\u200b\u6d41\u91cf\u200b\u6d4b\u8bd5\u200b\u7684\u200b\u90e8\u7f72\u200b\u65b9\u6848\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u5b98\u65b9\u200b\u90e8\u7f72\u200b\u7684\u200b\u4e1a\u52a1\u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b\u3002
\u200b\u6267\u884c\u547d\u4ee4\u200b cilium connectivity test\uff0cCilium \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u521b\u5efa\u200b cilium-test \u200b\u7684\u200b Namespace\uff0c\u200b\u540c\u65f6\u200b\u5728\u200b cilium-test \u200b\u4e0b\u200b\u90e8\u7f72\u200b\u6d4b\u8bd5\u200b\u4e1a\u52a1\u200b\u3002
\u200b\u6b63\u5e38\u200b\u90e8\u7f72\u200b\u5b8c\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b cilium-test namespace \u200b\u4e0b\u200b\u7684\u200b\u8d44\u6e90\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b\uff1a
# kubectl get all -n cilium-test\nNAME READY STATUS RESTARTS AGE\npod/client-7df6cfbf7b-z5t2j 1/1 Running 0 21s\npod/client2-547996d7d8-nvgxg 1/1 Running 0 21s\npod/echo-other-node-d79544ccf-hl4gg 2/2 Running 0 21s\npod/echo-same-node-5d466d5444-ml7tc 2/2 Running 0 21s\n\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nservice/echo-other-node NodePort 10.109.58.126 <none> 8080:32269/TCP 21s\nservice/echo-same-node NodePort 10.108.70.32 <none> 8080:32490/TCP 21s\n\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps/client 1/1 1 1 21s\ndeployment.apps/client2 1/1 1 1 21s\ndeployment.apps/echo-other-node 1/1 1 1 21s\ndeployment.apps/echo-same-node 1/1 1 1 21s\n\nNAME DESIRED CURRENT READY AGE\nreplicaset.apps/client-7df6cfbf7b 1 1 1 21s\nreplicaset.apps/client2-547996d7d8 1 1 1 21s\nreplicaset.apps/echo-other-node-d79544ccf 1 1 1 21s\nreplicaset.apps/echo-same-node-5d466d5444 1 1 1 21s\n
"},{"location":"advance/cilium-hubble-observe/#_2","title":"\u4f7f\u7528\u200b\u547d\u4ee4\u884c\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u89c2\u6d4b","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u4ec5\u200b\u63d0\u4f9b\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b Cilium \u200b\u4ee3\u7406\u200b\u89c2\u5bdf\u200b\u5230\u200b\u7684\u200b\u6d41\u91cf\u200b\u3002 \u200b\u53ef\u4ee5\u200b\u5728\u200b kube-system namespace \u200b\u4e0b\u200b\u7684\u200b Cilium \u200b\u4ee3\u7406\u200b pod \u200b\u4e2d\u200b\u6267\u884c\u200b hubble observe \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u770b\u200b\u8be5\u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002
# kubectl get pod -n kube-system -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\ncilium-d6h56 1/1 Running 0 2d20h 172.18.0.2 kube-ovn-worker <none> <none>\ncilium-operator-5887f78bbb-c7sb2 1/1 Running 0 2d20h 172.18.0.2 kube-ovn-worker <none> <none>\ncilium-operator-5887f78bbb-wj8gt 1/1 Running 0 2d20h 172.18.0.3 kube-ovn-control-plane <none> <none>\ncilium-tq5xb 1/1 Running 0 2d20h 172.18.0.3 kube-ovn-control-plane <none> <none>\nkube-ovn-pinger-7lgk8 1/1 Running 0 21h 10.16.0.19 kube-ovn-control-plane <none> <none>\nkube-ovn-pinger-msvcn 1/1 Running 0 21h 10.16.0.18 kube-ovn-worker <none> <none>\n\n# kubectl exec -it -n kube-system cilium-d6h56 -- bash\nroot@kube-ovn-worker:/home/cilium# hubble observe --from-namespace kube-system\nJul 29 03:24:25.551: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.561: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: RST)\nJul 29 03:24:25.561: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, RST)\nJul 29 03:24:25.572: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: SYN)\nJul 29 03:24:25.572: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.651: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.661: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: RST)\nJul 29 03:24:25.661: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, RST)\nJul 29 03:24:25.761: kube-system/kube-ovn-pinger-msvcn:52004 -> 172.18.0.3:6443 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.779: kube-system/kube-ovn-pinger-msvcn -> kube-system/kube-ovn-pinger-7lgk8 to-stack FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:25.779: kube-system/kube-ovn-pinger-msvcn <- kube-system/kube-ovn-pinger-7lgk8 to-endpoint FORWARDED (ICMPv4 EchoReply)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 <- kube-system/hubble-relay-959988db5-zc5vv:4245 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 <- kube-system/hubble-relay-959988db5-zc5vv:80 to-endpoint FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 -> kube-system/hubble-relay-959988db5-zc5vv:4245 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 -> kube-system/hubble-relay-959988db5-zc5vv:4245 to-endpoint FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.975: kube-system/kube-ovn-pinger-7lgk8 -> kube-system/kube-ovn-pinger-msvcn to-endpoint FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:25.975: kube-system/kube-ovn-pinger-7lgk8 <- kube-system/kube-ovn-pinger-msvcn to-stack FORWARDED (ICMPv4 EchoReply)\nJul 29 03:24:25.979: kube-system/kube-ovn-pinger-msvcn -> 172.18.0.3 to-stack FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:26.037: kube-system/coredns-6d4b75cb6d-lbgjg:36430 -> 172.18.0.3:6443 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:26.282: kube-system/kube-ovn-pinger-msvcn -> 172.18.0.2 to-stack FORWARDED (ICMPv4 EchoRequest)\n
\u200b\u90e8\u7f72\u200b Hubble Relay \u200b\u540e\u200b\uff0cHubble \u200b\u53ef\u4ee5\u200b\u63d0\u4f9b\u200b\u5b8c\u6574\u200b\u7684\u200b\u96c6\u7fa4\u200b\u8303\u56f4\u200b\u7684\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#_3","title":"\u914d\u7f6e\u200b\u7aef\u53e3\u200b\u8f6c\u53d1","text":"\u200b\u4e3a\u4e86\u200b\u80fd\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b Hubble API\uff0c\u200b\u9700\u8981\u200b\u521b\u5efa\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u5c06\u200b\u672c\u5730\u200b\u8bf7\u6c42\u200b\u8f6c\u53d1\u200b\u5230\u200b Hubble Service\u3002\u200b\u53ef\u4ee5\u200b\u6267\u884c\u200b kubectl port-forward deployment/hubble-relay -n kube-system 4245:4245 \u200b\u547d\u4ee4\u200b\uff0c\u200b\u5728\u200b\u5f53\u524d\u200b\u7ec8\u7aef\u200b\u5f00\u542f\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u3002
\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b \u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u3002
kubectl port-forward \u200b\u547d\u4ee4\u200b\u4e0d\u4f1a\u200b\u8fd4\u56de\u200b\uff0c\u200b\u9700\u8981\u200b\u6253\u5f00\u200b\u53e6\u200b\u4e00\u4e2a\u200b\u7ec8\u7aef\u200b\u6765\u200b\u7ee7\u7eed\u200b\u6d4b\u8bd5\u200b\u3002
\u200b\u914d\u7f6e\u200b\u5b8c\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u4e4b\u540e\u200b\uff0c\u200b\u5728\u200b\u7ec8\u7aef\u200b\u6267\u884c\u200b hubble status \u200b\u547d\u4ee4\u200b\uff0c\u200b\u5982\u679c\u200b\u6709\u200b\u7c7b\u4f3c\u200b\u5982\u4e0b\u200b\u8f93\u51fa\u200b\uff0c\u200b\u5219\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u547d\u4ee4\u884c\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u3002
# hubble status\nHealthcheck (via localhost:4245): Ok\nCurrent/Max Flows: 8,190/8,190 (100.00%)\nFlows/s: 22.86\nConnected Nodes: 2/2\n
"},{"location":"advance/cilium-hubble-observe/#_4","title":"\u547d\u4ee4\u884c\u200b\u89c2\u6d4b","text":"\u200b\u5728\u200b\u7ec8\u7aef\u200b\u4e0a\u200b\u6267\u884c\u200b hubble observe \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u770b\u200b\u96c6\u7fa4\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002 \u200b\u89c2\u6d4b\u200b\u5230\u200b\u7684\u200b cilium-test \u200b\u76f8\u5173\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u6d41\u91cf\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b\uff1a
\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u7684\u200b\u662f\u200b\uff0c hubble observe \u200b\u547d\u4ee4\u200b\u7684\u200b\u663e\u793a\u200b\u7ed3\u679c\u200b\uff0c\u200b\u662f\u200b\u5f53\u524d\u200b\u547d\u4ee4\u884c\u200b\u6267\u884c\u200b\u65f6\u200b\u67e5\u8be2\u200b\u5230\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002\u200b\u591a\u6b21\u200b\u6267\u884c\u547d\u4ee4\u200b\u884c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b\u5230\u200b\u4e0d\u540c\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002 \u200b\u66f4\u200b\u591a\u200b\u8be6\u7ec6\u200b\u7684\u200b\u89c2\u6d4b\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u6267\u884c\u200b hubble help observe \u200b\u547d\u4ee4\u200b\u67e5\u770b\u200b Hubble CLI \u200b\u7684\u200b\u8be6\u7ec6\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#ui","title":"\u4f7f\u7528\u200b UI \u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u89c2\u6d4b","text":"\u200b\u6267\u884c\u200b cilium status \u200b\u547d\u4ee4\u200b\uff0c\u200b\u786e\u8ba4\u200b Hubble UI \u200b\u5df2\u7ecf\u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\u3002\u200b\u5728\u200b\u7b2c\u4e8c\u6b65\u200b\u7684\u200b Hubble \u200b\u5b89\u88c5\u200b\u4e2d\u200b\uff0c\u200b\u5df2\u7ecf\u200b\u8865\u5145\u200b\u4e86\u200b UI \u200b\u7684\u200b\u5b89\u88c5\u200b\u3002
\u200b\u6267\u884c\u547d\u4ee4\u200b cilium hubble ui \u200b\u53ef\u4ee5\u200b\u81ea\u52a8\u200b\u521b\u5efa\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u5c06\u200b hubble-ui service \u200b\u6620\u5c04\u200b\u5230\u200b\u672c\u5730\u200b\u7aef\u53e3\u200b\u3002 \u200b\u6b63\u5e38\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u6267\u884c\u200b\u5b8c\u200b\u547d\u4ee4\u200b\u540e\u200b\uff0c\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u6253\u5f00\u200b\u672c\u5730\u200b\u7684\u200b\u6d4f\u89c8\u5668\u200b\uff0c\u200b\u8df3\u8f6c\u200b\u5230\u200b Hubble UI \u200b\u754c\u9762\u200b\u3002\u200b\u5982\u679c\u200b\u6ca1\u6709\u200b\u81ea\u52a8\u200b\u8df3\u8f6c\u200b\uff0c\u200b\u5728\u200b\u6d4f\u89c8\u5668\u200b\u4e2d\u200b\u8f93\u5165\u200b http://localhost:12000 \u200b\u6253\u5f00\u200b UI \u200b\u89c2\u5bdf\u200b\u754c\u9762\u200b\u3002
\u200b\u5728\u200b\u754c\u9762\u200b\u5de6\u4e0a\u89d2\u200b\uff0c\u200b\u9009\u62e9\u200b cilium-test namespace\uff0c\u200b\u67e5\u770b\u200b Cilium \u200b\u63d0\u4f9b\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#hubble_1","title":"Hubble \u200b\u6d41\u91cf\u200b\u76d1\u63a7","text":"Hubble \u200b\u7ec4\u4ef6\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u96c6\u7fa4\u200b\u4e2d\u200b Pod \u200b\u7f51\u7edc\u200b\u884c\u4e3a\u200b\u7684\u200b\u76d1\u63a7\u200b\uff0c\u200b\u4e3a\u4e86\u200b\u652f\u6301\u200b\u67e5\u770b\u200b Hubble \u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\uff0c\u200b\u9700\u8981\u200b\u4f7f\u80fd\u200b\u76d1\u63a7\u200b\u7edf\u8ba1\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u8865\u5145\u200b hubble.metrics.enabled \u200b\u914d\u7f6e\u200b\u9879\u200b:
helm upgrade cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --reuse-values \\\n --set hubble.relay.enabled=true \\\n --set hubble.ui.enabled=true \\\n --set hubble.metrics.enabled=\"{dns,drop,tcp,flow,icmp,http}\"\n
\u200b\u90e8\u7f72\u200b\u4e4b\u540e\u200b\uff0c\u200b\u4f1a\u200b\u5728\u200b kube-system namespace \u200b\u751f\u6210\u200b\u540d\u79f0\u200b\u4e3a\u200b hubble-metrics \u200b\u7684\u200b\u670d\u52a1\u200b\u3002\u200b\u901a\u8fc7\u200b\u8bbf\u95ee\u200b Endpoints \u200b\u67e5\u8be2\u200b Hubble \u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff0c\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b:
# curl 172.18.0.2:9091/metrics\n# HELP hubble_drop_total Number of drops\n# TYPE hubble_drop_total counter\nhubble_drop_total{protocol=\"ICMPv6\",reason=\"Unsupported L3 protocol\"} 2\n# HELP hubble_flows_processed_total Total number of flows processed\n# TYPE hubble_flows_processed_total counter\nhubble_flows_processed_total{protocol=\"ICMPv4\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 335\nhubble_flows_processed_total{protocol=\"ICMPv4\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 335\nhubble_flows_processed_total{protocol=\"ICMPv6\",subtype=\"\",type=\"Drop\",verdict=\"DROPPED\"} 2\nhubble_flows_processed_total{protocol=\"TCP\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 8282\nhubble_flows_processed_total{protocol=\"TCP\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 6767\nhubble_flows_processed_total{protocol=\"UDP\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 1642\nhubble_flows_processed_total{protocol=\"UDP\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 1642\n# HELP hubble_icmp_total Number of ICMP messages\n# TYPE hubble_icmp_total counter\nhubble_icmp_total{family=\"IPv4\",type=\"EchoReply\"} 335\nhubble_icmp_total{family=\"IPv4\",type=\"EchoRequest\"} 335\nhubble_icmp_total{family=\"IPv4\",type=\"RouterSolicitation\"} 2\n# HELP hubble_tcp_flags_total TCP flag occurrences\n# TYPE hubble_tcp_flags_total counter\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"FIN\"} 2043\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"RST\"} 301\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"SYN\"} 1169\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"SYN-ACK\"} 1169\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/cilium-networkpolicy/","title":"Cilium NetworkPolicy \u200b\u652f\u6301","text":"Kube-OVN \u200b\u5f53\u524d\u200b\u5df2\u7ecf\u200b\u652f\u6301\u200b\u4e0e\u200b Cilium \u200b\u96c6\u6210\u200b\uff0c\u200b\u5177\u4f53\u64cd\u4f5c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Cilium \u200b\u96c6\u6210\u200b\u3002
\u200b\u5728\u200b\u96c6\u6210\u200b Cilium \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5c31\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b Cilium \u200b\u4f18\u79c0\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u80fd\u529b\u200b\uff0c\u200b\u5b9e\u73b0\u200b\u5bf9\u200b\u6d41\u91cf\u200b\u8bbf\u95ee\u200b\u7684\u200b\u63a7\u5236\u200b\u3002\u200b\u4ee5\u4e0b\u200b\u6587\u6863\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u5bf9\u200b Cilium L3 \u200b\u548c\u200b L4 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u80fd\u529b\u200b\u7684\u200b\u96c6\u6210\u200b\u9a8c\u8bc1\u200b\u3002
"},{"location":"advance/cilium-networkpolicy/#_1","title":"\u9a8c\u8bc1\u200b\u6b65\u9aa4","text":""},{"location":"advance/cilium-networkpolicy/#pod","title":"\u521b\u5efa\u200b\u6d4b\u8bd5\u200b Pod","text":"\u200b\u521b\u5efa\u200b namespace test\u3002\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u5728\u200b test namespace \u200b\u4e2d\u200b\u521b\u5efa\u200b\u6307\u5b9a\u200b label app=test \u200b\u7684\u200b Pod\uff0c\u200b\u4f5c\u4e3a\u200b\u6d4b\u8bd5\u200b\u8bbf\u95ee\u200b\u7684\u200b\u76ee\u7684\u200b Pod\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: test\n name: test\n namespace: test\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: test\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n labels:\n app: test\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n
\u200b\u540c\u6837\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u5728\u200b default namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b\u6307\u5b9a\u200b label app=dynamic \u200b\u7684\u200b Pod \u200b\u4e3a\u200b\u53d1\u8d77\u200b\u8bbf\u95ee\u200b\u6d4b\u8bd5\u200b\u7684\u200b Pod\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: dynamic\n name: dynamic\n namespace: default\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: dynamic\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: dynamic\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n
\u200b\u67e5\u770b\u200b\u6d4b\u8bd5\u200b Pod \u200b\u4ee5\u53ca\u200b Label \u200b\u4fe1\u606f\u200b:
# kubectl get pod -o wide --show-labels\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS\ndynamic-7d8d7874f5-9v5c4 1/1 Running 0 28h 10.16.0.35 kube-ovn-worker <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\ndynamic-7d8d7874f5-s8z2n 1/1 Running 0 28h 10.16.0.36 kube-ovn-control-plane <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\n# kubectl get pod -o wide -n test --show-labels\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS\ndynamic-7d8d7874f5-6dsg6 1/1 Running 0 7h20m 10.16.0.2 kube-ovn-control-plane <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\ndynamic-7d8d7874f5-tjgtp 1/1 Running 0 7h46m 10.16.0.42 kube-ovn-worker <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\nlabel-test1-77b6764857-swq4k 1/1 Running 0 3h43m 10.16.0.12 kube-ovn-worker <none> <none> app=test1,pod-template-hash=77b6764857\n\n// \u200b\u4ee5\u4e0b\u200b\u4e3a\u200b\u6d4b\u8bd5\u200b\u8bbf\u95ee\u200b\u76ee\u7684\u200b Pod\ntest-54c98bc466-mft5s 1/1 Running 0 8h 10.16.0.41 kube-ovn-worker <none> <none> app=test,pod-template-hash=54c98bc466\n
"},{"location":"advance/cilium-networkpolicy/#l3","title":"L3 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b CiliumNetworkPolicy \u200b\u8d44\u6e90\u200b:
apiVersion: \"cilium.io/v2\"\nkind: CiliumNetworkPolicy\nmetadata:\n name: \"l3-rule\"\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n
\u200b\u5728\u200b default namespace \u200b\u4e0b\u200b\u7684\u200b\u6d4b\u8bd5\u200b Pod \u200b\u4e2d\u200b\uff0c\u200b\u53d1\u8d77\u200b\u5bf9\u200b\u76ee\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u7ed3\u679c\u200b\u8bbf\u95ee\u200b\u4e0d\u901a\u200b\u3002 \u200b\u4f46\u662f\u200b\u5728\u200b test namespace \u200b\u4e0b\u200b\uff0c\u200b\u6d4b\u8bd5\u200b\u5230\u200b\u76ee\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u6d4b\u8bd5\u200b\u6b63\u5e38\u200b\u3002
default namespace \u200b\u4e0b\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b:
# kubectl exec -it dynamic-7d8d7874f5-9v5c4 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\n
test namepsace \u200b\u4e0b\u200b Pod \u200b\u7684\u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u8bbf\u95ee\u200b\u6b63\u5e38\u200b:
# kubectl exec -it -n test dynamic-7d8d7874f5-6dsg6 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n64 bytes from 10.16.0.41: seq=0 ttl=64 time=2.558 ms\n64 bytes from 10.16.0.41: seq=1 ttl=64 time=0.223 ms\n64 bytes from 10.16.0.41: seq=2 ttl=64 time=0.304 ms\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.223/1.028/2.558 ms\n
\u200b\u67e5\u770b\u200b Cilium \u200b\u5b98\u65b9\u200b\u6587\u6863\u200b\u89e3\u91ca\u200b\uff0cCiliumNetworkPolicy \u200b\u8d44\u6e90\u200b\u5c06\u200b\u9650\u5236\u200b\u63a7\u5236\u200b\u5728\u200b\u4e86\u200b Namespace \u200b\u7ea7\u522b\u200b\u3002\u200b\u8be6\u7ec6\u4fe1\u606f\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b Cilium \u200b\u9650\u5236\u200b\u3002
\u200b\u5728\u200b\u6709\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u5339\u914d\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u53ea\u6709\u200b\u540c\u4e00\u4e2a\u200b Namespace \u200b\u7684\u200b Pod \uff0c\u200b\u624d\u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b\u89c4\u5219\u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u62d2\u7edd\u200b\u5176\u4ed6\u200b Namespace \u200b\u7684\u200b Pod \u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\u3002
\u200b\u5982\u679c\u200b\u60f3\u200b\u5b9e\u73b0\u200b\u8de8\u200b Namespace \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u89c4\u5219\u200b\u4e2d\u200b\u660e\u786e\u200b\u6307\u5b9a\u200b Namespace \u200b\u4fe1\u606f\u200b\u3002
\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\uff0c\u200b\u4fee\u6539\u200b CiliumNetworkPolicy \u200b\u8d44\u6e90\u200b\uff0c\u200b\u589e\u52a0\u200b namespace \u200b\u4fe1\u606f\u200b:
ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n k8s:io.kubernetes.pod.namespace: default // \u200b\u63a7\u5236\u200b\u5176\u4ed6\u200b Namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\n
\u200b\u67e5\u770b\u200b\u4fee\u6539\u200b\u540e\u200b\u7684\u200b CiliumNetworkPolicy \u200b\u8d44\u6e90\u200b\u4fe1\u606f\u200b:
# kubectl get cnp -n test -o yaml l3-rule\napiVersion: cilium.io/v2\nkind: CiliumNetworkPolicy\nmetadata:\n name: l3-rule\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n - matchLabels:\n app: dynamic\n k8s:io.kubernetes.pod.namespace: default\n
\u200b\u518d\u6b21\u200b\u6d4b\u8bd5\u200b default namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\uff0c\u200b\u76ee\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u6b63\u5e38\u200b:
# kubectl exec -it dynamic-7d8d7874f5-9v5c4 -n test -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n64 bytes from 10.16.0.41: seq=0 ttl=64 time=2.383 ms\n64 bytes from 10.16.0.41: seq=1 ttl=64 time=0.115 ms\n64 bytes from 10.16.0.41: seq=2 ttl=64 time=0.142 ms\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.115/0.880/2.383 ms\n
\u200b\u4f7f\u7528\u200b\u6807\u51c6\u200b\u7684\u200b Kubernetes \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b networkpolicy\uff0c\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u663e\u793a\u200b Cilium \u200b\u540c\u6837\u200b\u5c06\u200b\u8bbf\u95ee\u200b\u9650\u5236\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b Namespace \u200b\u5185\u200b\uff0c\u200b\u8de8\u200b Namespace \u200b\u7684\u200b\u8bbf\u95ee\u200b\u662f\u200b\u7981\u6b62\u200b\u7684\u200b\u3002
\u200b\u8fd9\u70b9\u200b\u4e0e\u200b Kube-OVN \u200b\u5b9e\u73b0\u200b\u662f\u200b\u4e0d\u540c\u200b\u7684\u200b\u3002Kube-OVN \u200b\u652f\u6301\u200b\u6807\u51c6\u200b\u7684\u200b k8s \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\uff0c\u200b\u9650\u5236\u200b\u4e86\u200b\u5177\u4f53\u200b Namespace \u200b\u4e0b\u200b\u7684\u200b\u76ee\u7684\u200b Pod\uff0c\u200b\u4f46\u662f\u200b\u5bf9\u200b\u6e90\u5730\u5740\u200b Pod\uff0c\u200b\u662f\u200b\u6ca1\u6709\u200b Namespace \u200b\u9650\u5236\u200b\u7684\u200b\uff0c\u200b\u4efb\u4f55\u200b Namespace \u200b\u4e0b\u200b\u7b26\u5408\u200b\u9650\u5236\u200b\u89c4\u5219\u200b\u7684\u200b Pod\uff0c\u200b\u90fd\u200b\u53ef\u4ee5\u200b\u5b9e\u73b0\u200b\u5bf9\u200b\u76ee\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b\u3002
"},{"location":"advance/cilium-networkpolicy/#l4","title":"L4 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b L4 \u200b\u5c42\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u8d44\u6e90\u200b:
apiVersion: \"cilium.io/v2\"\nkind: CiliumNetworkPolicy\nmetadata:\n name: \"l4-rule\"\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n toPorts:\n - ports:\n - port: \"80\"\n protocol: TCP\n
\u200b\u6d4b\u8bd5\u200b\u76f8\u540c\u200b Namespace \u200b\u4e0b\u200b\uff0c\u200b\u7b26\u5408\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b
# kubectl exec -it -n test dynamic-7d8d7874f5-6dsg6 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\nbash-5.0#\nbash-5.0# curl 10.16.0.41:80\n<html>\n<head>\n <title>Hello World!</title>\n <link href='//fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>\n <style>\n body {\n background-color: white;\n text-align: center;\n padding: 50px;\n font-family: \"Open Sans\",\"Helvetica Neue\",Helvetica,Arial,sans-serif;\n }\n #logo {\n margin-bottom: 40px;\n }\n </style>\n</head>\n<body>\n <h1>Hello World!</h1>\n <h3>Links found</h3>\n <h3>I am on test-54c98bc466-mft5s</h3>\n <h3>Cookie =</h3>\n <b>KUBERNETES</b> listening in 443 available at tcp://10.96.0.1:443<br />\n <h3>my name is hanhouchao!</h3>\n <h3> RequestURI='/'</h3>\n</body>\n</html>\n
\u200b\u76f8\u540c\u200b Namespace \u200b\u4e0b\u200b\uff0c\u200b\u4e0d\u200b\u7b26\u5408\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u6d4b\u8bd5\u200b
# kubectl exec -it -n test label-test1-77b6764857-swq4k -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\nbash-5.0#\nbash-5.0# curl -v 10.16.0.41:80 --connect-timeout 10\n* Trying 10.16.0.41:80...\n* After 10000ms connect time, move on!\n* connect to 10.16.0.41 port 80 failed: Operation timed out\n* Connection timeout after 10001 ms\n* Closing connection 0\ncurl: (28) Connection timeout after 10001 ms\n
\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u751f\u6548\u200b\u540e\u200b\uff0c\u200b\u8de8\u200b Namespace \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u4f9d\u7136\u200b\u662f\u200b\u88ab\u200b\u7981\u6b62\u200b\u7684\u200b\uff0c\u200b\u8ddf\u200b L3 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b\u4e00\u81f4\u200b\u3002
\u200b\u5728\u200b L4 \u200b\u7f51\u7edc\u200b\u89c4\u5219\u200b\u751f\u6548\u200b\u540e\u200b\uff0cping \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\uff0c\u200b\u4f46\u662f\u200b\u7b26\u5408\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u7684\u200b TCP \u200b\u8bbf\u95ee\u200b\uff0c\u200b\u662f\u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u6267\u884c\u200b\u7684\u200b\u3002
\u200b\u5173\u4e8e\u200b ICMP \u200b\u7684\u200b\u9650\u5236\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u5b98\u65b9\u200b\u8bf4\u660e\u200b L4 \u200b\u9650\u5236\u200b\u8bf4\u660e\u200b\u3002
"},{"location":"advance/cilium-networkpolicy/#l7","title":"L7 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5","text":"chaining \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0cL7 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u76ee\u524d\u200b\u662f\u200b\u5b58\u5728\u200b\u95ee\u9898\u200b\u7684\u200b\u3002\u200b\u5728\u200b Cilium \u200b\u5b98\u65b9\u200b\u6587\u6863\u200b\u4e2d\u200b\uff0c\u200b\u5bf9\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u7ed9\u51fa\u200b\u4e86\u200b\u8bf4\u660e\u200b\uff0c\u200b\u53c2\u8003\u200b Generic Veth Chaining\u3002
\u200b\u8fd9\u4e2a\u200b\u95ee\u9898\u200b\u4f7f\u7528\u200b issue 12454 \u200b\u8ddf\u8e2a\u200b\uff0c\u200b\u76ee\u524d\u200b\u8fd8\u200b\u6ca1\u6709\u200b\u89e3\u51b3\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/dhcp/","title":"DHCP \u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u4f7f\u7528\u200b SR-IOV \u200b\u6216\u200b DPDK \u200b\u7c7b\u578b\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0cKubeVirt \u200b\u5185\u7f6e\u200b\u7684\u200b DHCP \u200b\u65e0\u6cd5\u200b\u5728\u200b\u8be5\u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u5de5\u4f5c\u200b\u3002Kube-OVN \u200b\u53ef\u4ee5\u200b\u5229\u7528\u200b OVN \u200b\u7684\u200b DHCP \u200b\u80fd\u529b\u200b\u5728\u200b\u5b50\u7f51\u200b\u7ea7\u522b\u200b\u8bbe\u7f6e\u200b DHCP \u200b\u9009\u9879\u200b\uff0c\u200b\u4ece\u800c\u200b\u5e2e\u52a9\u200b\u8be5\u200b\u7f51\u7edc\u200b\u7c7b\u578b\u200b\u7684\u200b KubeVirt \u200b\u865a\u673a\u200b\u6b63\u5e38\u200b\u4f7f\u7528\u200b DHCP \u200b\u83b7\u5f97\u200b\u5206\u914d\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002Kube-OVN \u200b\u540c\u65f6\u200b\u652f\u6301\u200b DHCPv4 \u200b\u548c\u200b DHCPv6\u3002
\u200b\u5b50\u7f51\u200b DHCP \u200b\u7684\u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sn-dual\nspec:\n cidrBlock: \"10.0.0.0/24,240e::a00/120\"\n default: false\n disableGatewayCheck: true\n disableInterConnection: false\n excludeIps:\n - 10.0.0.1\n - 240e::a01\n gateway: 10.0.0.1,240e::a01\n gatewayNode: ''\n gatewayType: distributed\n natOutgoing: false\n private: false\n protocol: Dual\n provider: ovn\n vpc: vpc-test\n enableDHCP: true\n dhcpV4Options: \"lease_time=3600,router=10.0.0.1,server_id=169.254.0.254,server_mac=00:00:00:2E:2F:B8\"\n dhcpV6Options: \"server_id=00:00:00:2E:2F:C5\"\n enableIPv6RA: true\n ipv6RAConfigs: \"address_mode=dhcpv6_stateful,max_interval=30,min_interval=5,send_periodic=true\"\n
enableDHCP: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u5b50\u7f51\u200b\u7684\u200b DHCP \u200b\u529f\u80fd\u200b\u3002dhcpV4Options,dhcpV6Options: \u200b\u8be5\u5b57\u6bb5\u200b\u76f4\u63a5\u200b\u66b4\u9732\u200b ovn-nb \u200b\u5185\u200b DHCP \u200b\u76f8\u5173\u200b\u9009\u9879\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b DHCP Options\u3002 \u200b\u9ed8\u8ba4\u503c\u200b\u5206\u522b\u200b\u4e3a\u200b \"lease_time=3600, router=$ipv4_gateway, server_id=169.254.0.254, server_mac=$random_mac\" \u200b\u548c\u200b server_id=$random_mac\u3002enableIPv6RA: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b DHCPv6 \u200b\u7684\u200b\u8def\u7531\u200b\u5e7f\u64ad\u200b\u529f\u80fd\u200b\u3002ipv6RAConfigs\uff1a\u200b\u8be5\u5b57\u6bb5\u200b\u76f4\u63a5\u200b\u66b4\u9732\u200b ovn-nb \u200b\u5185\u200b Logical_Router_Port \u200b\u76f8\u5173\u200b\u9009\u9879\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b Logical Router Port \u200b\u9ed8\u8ba4\u503c\u200b\u4e3a\u200b address_mode=dhcpv6_stateful, max_interval=30, min_interval=5, send_periodic=true\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/dpdk/","title":"DPDK \u200b\u652f\u6301","text":"\u200b\u8be5\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b Kube-OVN \u200b\u5982\u4f55\u200b\u548c\u200b OVS-DPDK \u200b\u7ed3\u5408\u200b\uff0c\u200b\u7ed9\u200b KubeVirt \u200b\u7684\u200b\u865a\u673a\u200b\u63d0\u4f9b\u200b DPDK \u200b\u7c7b\u578b\u200b\u7684\u200b\u7f51\u7edc\u63a5\u53e3\u200b\u3002
\u200b\u4e0a\u6e38\u200b\u7684\u200b KubeVirt \u200b\u76ee\u524d\u200b\u8fd8\u200b\u672a\u200b\u652f\u6301\u200b OVS-DPDK\uff0c\u200b\u7528\u6237\u200b\u9700\u8981\u200b\u81ea\u5df1\u200b\u901a\u8fc7\u200b\u76f8\u5173\u200b patch Vhostuser implementation \u200b\u6784\u5efa\u200b KubeVirt \u200b\u6216\u200b KVM Device Plugin \u200b\u6765\u200b\u4f7f\u7528\u200b OVS-DPDK\u3002
"},{"location":"advance/dpdk/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u8282\u70b9\u200b\u9700\u200b\u63d0\u4f9b\u200b\u4e13\u95e8\u200b\u7ed9\u200b DPDK \u200b\u9a71\u52a8\u200b\u8fd0\u884c\u200b\u7684\u200b\u7f51\u5361\u200b\u3002
- \u200b\u8282\u70b9\u200b\u9700\u200b\u5f00\u542f\u200b Hugepages\u3002
"},{"location":"advance/dpdk/#dpdk_1","title":"\u7f51\u5361\u200b\u8bbe\u7f6e\u200b DPDK \u200b\u9a71\u52a8","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b driverctl \u200b\u4e3a\u4f8b\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5177\u4f53\u200b\u53c2\u6570\u200b\u548c\u200b\u5176\u4ed6\u200b\u9a71\u52a8\u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b DPDK \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u3002
driverctl set-override 0000:00:0b.0 uio_pci_generic\n
"},{"location":"advance/dpdk/#_2","title":"\u8282\u70b9\u200b\u914d\u7f6e","text":"\u200b\u5bf9\u200b\u652f\u6301\u200b OVS-DPDK \u200b\u7684\u200b\u8282\u70b9\u200b\u6253\u200b\u6807\u7b7e\u200b\uff0c\u200b\u4ee5\u4fbf\u200b Kube-OVN \u200b\u8fdb\u884c\u200b\u8bc6\u522b\u200b\u5904\u7406\u200b\uff1a
kubectl label nodes <node> ovn.kubernetes.io/ovs_dp_type=\"userspace\"\n
\u200b\u5728\u200b\u652f\u6301\u200b OVS-DPDK \u200b\u8282\u70b9\u200b\u7684\u200b /opt/ovs-config \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u521b\u5efa\u200b\u914d\u7f6e\u6587\u4ef6\u200b ovs-dpdk-config\uff1a
ENCAP_IP=192.168.122.193/24\nDPDK_DEV=0000:00:0b.0\n
ENCAP_IP: \u200b\u96a7\u9053\u200b\u7aef\u70b9\u200b\u5730\u5740\u200b\u3002DPDK_DEV: \u200b\u8bbe\u5907\u200b\u7684\u200b PCI ID\u3002
"},{"location":"advance/dpdk/#kube-ovn","title":"\u5b89\u88c5\u200b Kube-OVN","text":"\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u542f\u7528\u200b DPDK \u200b\u5b89\u88c5\u200b\u9009\u9879\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a
bash install.sh --with-hybrid-dpdk\n
"},{"location":"advance/dpdk/#_3","title":"\u4f7f\u7528\u200b\u65b9\u5f0f","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u901a\u8fc7\u200b\u521b\u5efa\u200b\u4e00\u4e2a\u200b\u4f7f\u7528\u200b vhostuser \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\u7684\u200b\u865a\u200b\u673a\u6765\u200b\u9a8c\u8bc1\u200b OVS-DPDK \u200b\u529f\u80fd\u200b\u3002
\u200b\u5b89\u88c5\u200b KVM Device Plugin \u200b\u6765\u200b\u521b\u5efa\u200b\u865a\u673a\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u8bf7\u200b\u53c2\u8003\u200b KVM Device Plugin\u3002
kubectl apply -f https://raw.githubusercontent.com/kubevirt/kubernetes-device-plugins/master/manifests/kvm-ds.yml\n
\u200b\u521b\u5efa\u200b NetworkAttachmentDefinition\uff1a
apiVersion: k8s.cni.cncf.io/v1\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-dpdk\n namespace: default\nspec:\n config: >-\n {\n \"cniVersion\": \"0.3.0\", \n \"type\": \"kube-ovn\", \n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\", \n \"provider\": \"ovn-dpdk.default.ovn\",\n \"vhost_user_socket_volume_name\": \"vhostuser-sockets\",\n \"vhost_user_socket_name\": \"sock\"\n }\n
\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b Dockerfile \u200b\u521b\u5efa\u200b VM \u200b\u955c\u50cf\u200b\uff1a
FROM quay.io/kubevirt/virt-launcher:v0.46.1\n\n# wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2\nCOPY CentOS-7-x86_64-GenericCloud.qcow2 /var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2\n
\u200b\u521b\u5efa\u200b\u865a\u62df\u673a\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vm-config\ndata:\n start.sh: |\n chmod u+w /etc/libvirt/qemu.conf\n echo \"hugetlbfs_mount = \\\"/dev/hugepages\\\"\" >> /etc/libvirt/qemu.conf\n virtlogd &\n libvirtd &\n\n mkdir /var/lock\n\n sleep 5\n\n virsh define /root/vm/vm.xml\n virsh start vm\n\n tail -f /dev/null\n vm.xml: |\n <domain type='kvm'>\n <name>vm</name>\n <uuid>4a9b3f53-fa2a-47f3-a757-dd87720d9d1d</uuid>\n <memory unit='KiB'>2097152</memory>\n <currentMemory unit='KiB'>2097152</currentMemory>\n <memoryBacking>\n <hugepages>\n <page size='2' unit='M' nodeset='0'/>\n </hugepages>\n </memoryBacking>\n <vcpu placement='static'>2</vcpu>\n <cputune>\n <shares>4096</shares>\n <vcpupin vcpu='0' cpuset='4'/>\n <vcpupin vcpu='1' cpuset='5'/>\n <emulatorpin cpuset='1,3'/>\n </cputune>\n <os>\n <type arch='x86_64' machine='pc'>hvm</type>\n <boot dev='hd'/>\n </os>\n <features>\n <acpi/>\n <apic/>\n </features>\n <cpu mode='host-model'>\n <model fallback='allow'/>\n <topology sockets='1' cores='2' threads='1'/>\n <numa>\n <cell id='0' cpus='0-1' memory='2097152' unit='KiB' memAccess='shared'/>\n </numa>\n </cpu>\n <on_reboot>restart</on_reboot>\n <devices>\n <emulator>/usr/libexec/qemu-kvm</emulator>\n <disk type='file' device='disk'>\n <driver name='qemu' type='qcow2' cache='none'/>\n <source file='/var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2'/>\n <target dev='vda' bus='virtio'/>\n </disk>\n\n <interface type='vhostuser'>\n <mac address='00:00:00:0A:30:89'/>\n <source type='unix' path='/var/run/vm/sock' mode='server'/>\n <model type='virtio'/>\n <driver queues='2'>\n <host mrg_rxbuf='off'/>\n </driver>\n </interface>\n <serial type='pty'>\n <target type='isa-serial' port='0'>\n <model name='isa-serial'/>\n </target>\n </serial>\n <console type='pty'>\n <target type='serial' port='0'/>\n </console>\n <channel type='unix'>\n <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-1-vm/org.qemu.guest_agent.0'/>\n <target type='virtio' name='org.qemu.guest_agent.0' state='connected'/>\n <alias name='channel0'/>\n <address type='virtio-serial' controller='0' bus='0' port='1'/>\n </channel>\n\n </devices>\n </domain>\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: vm-deployment\n labels:\n app: vm\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: vm\n template:\n metadata:\n labels:\n app: vm\n annotations:\n k8s.v1.cni.cncf.io/networks: default/ovn-dpdk\n ovn-dpdk.default.ovn.kubernetes.io/ip_address: 10.16.0.96\n ovn-dpdk.default.ovn.kubernetes.io/mac_address: 00:00:00:0A:30:89\n spec:\n nodeSelector:\n ovn.kubernetes.io/ovs_dp_type: userspace\n securityContext:\n runAsUser: 0\n volumes:\n - name: vhostuser-sockets\n emptyDir: {}\n - name: xml\n configMap:\n name: vm-config\n - name: hugepage\n emptyDir:\n medium: HugePages-2Mi\n - name: libvirt-runtime\n emptyDir: {}\n containers:\n - name: vm\n image: vm-vhostuser:latest\n command: [\"bash\", \"/root/vm/start.sh\"]\n securityContext:\n capabilities:\n add:\n - NET_BIND_SERVICE\n - SYS_NICE\n - NET_RAW\n - NET_ADMIN\n privileged: false\n runAsUser: 0\n resources:\n limits:\n cpu: '2'\n devices.kubevirt.io/kvm: '1'\n memory: '8784969729'\n hugepages-2Mi: 2Gi\n requests:\n cpu: 666m\n devices.kubevirt.io/kvm: '1'\n ephemeral-storage: 50M\n memory: '4490002433'\n volumeMounts:\n - name: vhostuser-sockets\n mountPath: /var/run/vm\n - name: xml\n mountPath: /root/vm/\n - mountPath: /dev/hugepages\n name: hugepage\n - name: libvirt-runtime\n mountPath: /var/run/libvirt\n
\u200b\u7b49\u5f85\u200b\u865a\u62df\u673a\u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\u8fdb\u5165\u200b Pod \u200b\u8fdb\u884c\u200b\u865a\u673a\u200b\u914d\u7f6e\u200b\uff1a
# virsh set-user-password vm root 12345\nPassword set successfully for root in vm\n\n# virsh console vm\nConnected to domain 'vm'\nEscape character is ^] (Ctrl + ])\n\nCentOS Linux 7 (Core)\nKernel 3.10.0-1127.el7.x86_64 on an x86_64\n\nlocalhost login: root\nPassword:\nLast login: Fri Feb 25 09:52:54 on ttyS0\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u767b\u5f55\u200b\u865a\u673a\u200b\u8fdb\u884c\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u5e76\u200b\u6d4b\u8bd5\u200b\uff1a
ip link set eth0 mtu 1400\nip addr add 10.16.0.96/16 dev eth0\nip ro add default via 10.16.0.1\nping 114.114.114.114\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/external-gateway/","title":"\u5916\u90e8\u200b\u7f51\u5173\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u5bf9\u200b\u6240\u6709\u200b\u5bb9\u5668\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7684\u200b\u6d41\u91cf\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b\u7684\u200b\u7f51\u5173\u200b\u8fdb\u884c\u200b\u7edf\u4e00\u200b\u7684\u200b\u7ba1\u7406\u200b\u548c\u200b\u5ba1\u8ba1\u200b\u3002 Kube-OVN \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5728\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b\u8def\u7531\u200b\u914d\u7f6e\u200b\uff0c\u200b\u5c06\u200b\u51fa\u7f51\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\u81f3\u200b\u5bf9\u5e94\u200b\u7684\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u3002
"},{"location":"advance/external-gateway/#_2","title":"\u4f7f\u7528\u200b\u65b9\u5f0f","text":"kind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: external\nspec:\n cidrBlock: 172.31.0.0/16\n gatewayType: centralized\n natOutgoing: false\n externalEgressGateway: 192.168.0.1\n policyRoutingTableID: 1000\n policyRoutingPriority: 1500\n
natOutgoing: \u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\u3002externalEgressGateway\uff1a\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u9700\u8981\u200b\u548c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u53ef\u8fbe\u57df\u200b\u3002policyRoutingTableID\uff1a\u200b\u4f7f\u7528\u200b\u7684\u200b\u672c\u5730\u200b\u7b56\u7565\u200b\u8def\u7531\u8868\u200b\u7684\u200b TableID \u200b\u6bcf\u4e2a\u200b\u5b50\u7f51\u200b\u5747\u200b\u9700\u200b\u4e0d\u540c\u200b\u4ee5\u200b\u907f\u514d\u200b\u51b2\u7a81\u200b\u3002policyRoutingPriority\uff1a\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u4e3a\u200b\u907f\u514d\u200b\u540e\u7eed\u200b\u7528\u6237\u200b\u5b9a\u5236\u200b\u5316\u200b\u7684\u200b\u5176\u4ed6\u200b\u8def\u7531\u200b\u64cd\u4f5c\u200b\u51b2\u7a81\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u53ef\u4ee5\u200b\u6307\u5b9a\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u82e5\u200b\u65e0\u200b\u7279\u6b8a\u200b\u9700\u6c42\u200b\u586b\u5165\u200b\u4efb\u610f\u200b\u503c\u200b\u5373\u53ef\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/fastpath/","title":"\u624b\u52a8\u200b\u7f16\u8bd1\u200b FastPath \u200b\u6a21\u5757","text":"\u200b\u7ecf\u8fc7\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u7684\u200b\u6027\u80fd\u200b Profile\uff0cNetfilter \u200b\u5728\u200b\u5bb9\u5668\u200b\u5185\u200b\u548c\u200b\u5bbf\u4e3b\u673a\u200b\u4e0a\u200b\u7684\u200b\u76f8\u5173\u200b\u5904\u7406\u200b\u6d88\u8017\u200b\u4e86\u200b 20% \u200b\u5de6\u53f3\u200b\u7684\u200b CPU \u200b\u8d44\u6e90\u200b\uff0cFastPath \u200b\u6a21\u5757\u200b\u53ef\u4ee5\u200b\u7ed5\u8fc7\u200b Netfilter \u200b\u4ece\u800c\u200b \u200b\u964d\u4f4e\u200b CPU \u200b\u7684\u200b\u6d88\u8017\u200b\u548c\u200b\u5ef6\u8fdf\u200b\uff0c\u200b\u5e76\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b FastPath \u200b\u6a21\u5757\u200b\u3002
"},{"location":"advance/fastpath/#_1","title":"\u4e0b\u8f7d\u200b\u76f8\u5173\u200b\u5185\u6838\u6a21\u5757\u200b\u4ee3\u7801","text":"git clone --depth=1 https://github.com/kubeovn/kube-ovn.git\n
"},{"location":"advance/fastpath/#_2","title":"\u5b89\u88c5\u200b\u4f9d\u8d56","text":"\u200b\u8fd9\u91cc\u200b\u4ee5\u200b CentOS \u200b\u4e3a\u4f8b\u200b\u4e0b\u8f7d\u200b\u76f8\u5173\u200b\u4f9d\u8d56\u200b\uff1a
yum install -y kernel-devel-$(uname -r) gcc elfutils-libelf-devel\n
"},{"location":"advance/fastpath/#_3","title":"\u7f16\u8bd1\u200b\u76f8\u5173\u200b\u6a21\u5757","text":"\u200b\u9488\u5bf9\u200b 3.x \u200b\u7684\u200b\u5185\u6838\u200b\uff1a
cd kube-ovn/fastpath\nmake all\n
\u200b\u9488\u5bf9\u200b 4.x \u200b\u7684\u200b\u5185\u6838\u200b\uff1a
cd kube-ovn/fastpath/4.18\ncp ../Makefile .\nmake all\n
"},{"location":"advance/fastpath/#_4","title":"\u5b89\u88c5\u200b\u5185\u6838\u6a21\u5757","text":"\u200b\u5c06\u200b kube_ovn_fastpath.ko \u200b\u590d\u5236\u5230\u200b\u6bcf\u4e2a\u200b\u9700\u8981\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u7684\u200b\u8282\u70b9\u200b /tmp \u200b\u76ee\u5f55\u200b\u4e0b\u200b\uff0ckube-ovn-cni \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u52a0\u8f7d\u200b\u8be5\u200b\u6a21\u5757\u200b\u3002
\u200b\u4f7f\u7528\u200b dmesg \u200b\u786e\u8ba4\u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\uff1a
# dmesg\n[619631.323788] init_module,kube_ovn_fastpath_local_out\n[619631.323798] init_module,kube_ovn_fastpath_post_routing\n[619631.323800] init_module,kube_ovn_fastpath_pre_routing\n[619631.323801] init_module,kube_ovn_fastpath_local_in\n
\u200b\u5982\u9700\u200b\u5378\u8f7d\u200b\u6a21\u5757\u200b\uff0c\u200b\u53ef\u200b\u5c06\u200b\u8be5\u200b\u6a21\u5757\u200b\u4ece\u200b /tmp \u200b\u76ee\u5f55\u200b\u4e0b\u79fb\u200b\u9664\u200b\uff0ckube-ovn-cni \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5378\u8f7d\u200b\u8be5\u200b\u6a21\u5757\u200b\u3002
\u200b\u8be5\u200b\u6a21\u5757\u200b\u5728\u200b\u673a\u5668\u200b\u91cd\u542f\u200b\u540e\u200b\u4e0d\u4f1a\u200b\u81ea\u52a8\u200b\u52a0\u8f7d\u200b\uff0c\u200b\u5982\u9700\u200b\u81ea\u52a8\u200b\u52a0\u8f7d\u200b\u8bf7\u200b\u6839\u636e\u200b\u7cfb\u7edf\u200b\u5f04\u200b\u914d\u7f6e\u200b\u7f16\u5199\u200b\u76f8\u5e94\u200b\u81ea\u542f\u52a8\u200b\u811a\u672c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/multi-nic/","title":"\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406","text":"Kube-OVN \u200b\u53ef\u4ee5\u200b\u4e3a\u200b\u5176\u4ed6\u200b CNI \u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u4f8b\u5982\u200b macvlan\u3001vlan\u3001host-device \u200b\u7b49\u200b\u63d2\u4ef6\u200b\u63d0\u4f9b\u200b\u96c6\u7fa4\u200b\u7ea7\u522b\u200b\u7684\u200b IPAM \u200b\u80fd\u529b\u200b\uff0c \u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5230\u200b Kube-OVN \u200b\u4e2d\u5b50\u200b\u7f51\u200b\u4ee5\u53ca\u200b\u56fa\u5b9a\u200b IP \u200b\u529f\u80fd\u200b\u3002
\u200b\u540c\u65f6\u200b Kube-OVN \u200b\u4e5f\u200b\u652f\u6301\u200b\u591a\u5757\u200b\u7f51\u5361\u200b\u5747\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u7684\u200b\u5730\u5740\u200b\u7ba1\u7406\u200b\u3002
"},{"location":"advance/multi-nic/#_2","title":"\u5de5\u4f5c\u200b\u539f\u7406","text":"\u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b Multus CNI, \u200b\u6211\u4eec\u200b\u53ef\u4ee5\u200b\u7ed9\u200b\u4e00\u4e2a\u200b Pod \u200b\u6dfb\u52a0\u200b\u591a\u5757\u200b\u4e0d\u540c\u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u5361\u200b\u3002 \u200b\u7136\u800c\u200b\u6211\u4eec\u200b\u4ecd\u7136\u200b\u7f3a\u4e4f\u200b\u5bf9\u200b\u96c6\u7fa4\u200b\u8303\u56f4\u200b\u5185\u200b\u4e0d\u540c\u200b\u7f51\u7edc\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u8fdb\u884c\u200b\u7ba1\u7406\u200b\u7684\u200b\u80fd\u529b\u200b\u3002\u200b\u5728\u200b Kube-OVN \u200b\u4e2d\u200b\uff0c\u200b\u6211\u4eec\u200b\u5df2\u7ecf\u200b\u80fd\u591f\u200b\u901a\u8fc7\u200b Subnet \u200b\u548c\u200b IP \u200b\u7684\u200b CRD \u200b\u6765\u200b\u8fdb\u884c\u200b IP \u200b\u7684\u200b\u9ad8\u7ea7\u200b\u7ba1\u7406\u200b\uff0c \u200b\u4f8b\u5982\u200b\u5b50\u7f51\u200b\u7ba1\u7406\u200b\uff0cIP \u200b\u9884\u7559\u200b\uff0c\u200b\u968f\u673a\u200b\u5206\u914d\u200b\uff0c\u200b\u56fa\u5b9a\u200b\u5206\u914d\u200b\u7b49\u200b\u3002\u200b\u73b0\u5728\u200b\u6211\u4eec\u200b\u5bf9\u200b\u5b50\u7f51\u200b\u8fdb\u884c\u200b\u6269\u5c55\u200b\uff0c\u200b\u6765\u200b\u63a5\u5165\u200b\u5176\u4ed6\u200b\u4e0d\u540c\u200b\u7684\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u7684\u200b IPAM \u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/multi-nic/#_3","title":"\u5de5\u4f5c\u200b\u6d41\u7a0b","text":"\u200b\u4e0a\u200b\u56fe\u200b\u5c55\u793a\u200b\u4e86\u200b\u5982\u4f55\u200b\u901a\u8fc7\u200b Kube-OVN \u200b\u6765\u200b\u7ba1\u7406\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002\u200b\u5176\u4e2d\u200b\u5bb9\u5668\u200b\u7684\u200b eth0 \u200b\u7f51\u5361\u200b\u63a5\u5165\u200b OVN \u200b\u7f51\u7edc\u200b\uff0cnet1 \u200b\u7f51\u5361\u200b\u63a5\u5165\u200b\u5176\u4ed6\u200b CNI \u200b\u7f51\u7edc\u200b\u3002 net1 \u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u7edc\u200b\u5b9a\u4e49\u200b\u6765\u81ea\u200b\u4e8e\u200b multus-cni \u200b\u4e2d\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u8d44\u6e90\u200b\u5b9a\u4e49\u200b\u3002
\u200b\u5f53\u200b Pod \u200b\u521b\u5efa\u200b\u65f6\u200b\uff0ckube-ovn-controller \u200b\u4f1a\u200b\u76d1\u542c\u200b\u5230\u200b Pod \u200b\u6dfb\u52a0\u200b\u4e8b\u4ef6\u200b\uff0c\u200b\u5e76\u200b\u6839\u636e\u200b Pod \u200b\u4e2d\u200b\u7684\u200b annotation \u200b\u53bb\u200b\u5bfb\u627e\u200b\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u5e76\u200b\u4ece\u4e2d\u200b\u8fdb\u884c\u200b IP \u200b\u7684\u200b\u5206\u914d\u200b\u548c\u200b\u7ba1\u7406\u200b\uff0c \u200b\u5e76\u200b\u5c06\u200b Pod \u200b\u6240\u200b\u5206\u914d\u200b\u5230\u200b\u7684\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\u5199\u200b\u56de\u5230\u200b Pod annotation \u200b\u4e2d\u200b\u3002
\u200b\u5728\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u673a\u5668\u200b\u7684\u200b CNI \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5728\u200b\u914d\u7f6e\u200b\u4e2d\u200b\u914d\u7f6e\u200b kube-ovn-cni \u200b\u4f5c\u4e3a\u200b ipam \u200b\u63d2\u4ef6\u200b, kube-ovn-cni \u200b\u5c06\u4f1a\u200b\u8bfb\u53d6\u200b Pod annotation \u200b\u5e76\u200b\u5c06\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\u901a\u8fc7\u200b CNI \u200b\u534f\u8bae\u200b\u7684\u200b\u6807\u51c6\u200b\u683c\u5f0f\u200b\u8fd4\u56de\u200b\u7ed9\u200b\u76f8\u5e94\u200b\u7684\u200b CNI \u200b\u63d2\u4ef6\u200b\u3002
"},{"location":"advance/multi-nic/#_4","title":"\u4f7f\u7528\u200b\u65b9\u6cd5","text":""},{"location":"advance/multi-nic/#kube-ovn-multus","title":"\u5b89\u88c5\u200b Kube-OVN \u200b\u548c\u200b Multus","text":"\u200b\u8bf7\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b \u200b\u548c\u200b Multus how to use \u200b\u6765\u200b\u5b89\u88c5\u200b Kube-OVN \u200b\u548c\u200b Multus-CNI\u3002
"},{"location":"advance/multi-nic/#cni-ipam","title":"\u4e3a\u200b\u5176\u4ed6\u200b CNI \u200b\u63d0\u4f9b\u200b IPAM","text":"\u200b\u6b64\u65f6\u200b\u4e3b\u200b\u7f51\u5361\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\uff0c\u200b\u9644\u5c5e\u200b\u7f51\u5361\u200b\u4e3a\u200b\u5176\u4ed6\u200b\u7c7b\u578b\u200b CNI\u3002
"},{"location":"advance/multi-nic/#networkattachmentdefinition","title":"\u521b\u5efa\u200b NetworkAttachmentDefinition","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b macvlan \u200b\u4f5c\u4e3a\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u7b2c\u4e8c\u4e2a\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u5176\u200b ipam \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b kube-ovn\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: macvlan\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth0\",\n \"mode\": \"bridge\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"macvlan.default\"\n }\n }'\n
spec.config.ipam.type: \u200b\u9700\u8981\u200b\u4e3a\u200b kube-ovn \u200b\u6765\u200b\u8c03\u7528\u200b kube-ovn \u200b\u7684\u200b\u63d2\u4ef6\u200b\u6765\u200b\u83b7\u53d6\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\u3002server_socket: Kube-OVN \u200b\u901a\u4fe1\u200b\u4f7f\u7528\u200b\u7684\u200b socket \u200b\u6587\u4ef6\u200b\u3002 \u200b\u9ed8\u8ba4\u200b\u4f4d\u7f6e\u200b\u4e3a\u200b /run/openvswitch/kube-ovn-daemon.sock\u3002provider: \u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace> , Kube-OVN \u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u8fd9\u4e9b\u200b\u4fe1\u606f\u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u8d44\u6e90\u200b\u3002
"},{"location":"advance/multi-nic/#kube-ovn","title":"\u9644\u5c5e\u200b\u7f51\u5361\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361","text":"\u200b\u6b64\u65f6\u200b\u591a\u5757\u200b\u7f51\u5361\u200b\u5747\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\u3002
"},{"location":"advance/multi-nic/#networkattachmentdefinition_1","title":"\u521b\u5efa\u200b NetworkAttachmentDefinition","text":"\u200b\u5c06\u200b provider \u200b\u7684\u200b\u540e\u7f00\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b ovn\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: attachnet\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"attachnet.default.ovn\"\n }'\n
spec.config.type: \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b kube-ovn \u200b\u6765\u200b\u89e6\u53d1\u200b CNI \u200b\u63d2\u4ef6\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u5b50\u7f51\u200b\u3002server_socket: Kube-OVN \u200b\u901a\u4fe1\u200b\u4f7f\u7528\u200b\u7684\u200b socket \u200b\u6587\u4ef6\u200b\u3002 \u200b\u9ed8\u8ba4\u200b\u4f4d\u7f6e\u200b\u4e3a\u200b /run/openvswitch/kube-ovn-daemon.sock\u3002provider: \u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace>.ovn , Kube-OVN \u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u8fd9\u4e9b\u200b\u4fe1\u606f\u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u8d44\u6e90\u200b\uff0c\u200b\u6ce8\u610f\u200b\u540e\u7f00\u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b ovn\u3002
"},{"location":"advance/multi-nic/#kube-ovn-subnet","title":"\u521b\u5efa\u200b\u4e00\u4e2a\u200b Kube-OVN Subnet","text":"\u200b\u521b\u5efa\u200b\u4e00\u4e2a\u200b Kube-OVN Subnet,\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b cidrBlock \u200b\u548c\u200b exclude_ips, provider \u200b\u5e94\u8be5\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace>, \u200b\u4f8b\u5982\u200b\u7528\u200b macvlan \u200b\u63d0\u4f9b\u200b\u9644\u52a0\u200b\u7f51\u5361\u200b\uff0c\u200b\u521b\u5efa\u200b Subnet \u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: macvlan\nspec:\n protocol: IPv4\n provider: macvlan.default\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n excludeIps:\n - 172.17.0.0..172.17.0.10\n
gateway, private, nat \u200b\u53ea\u200b\u5bf9\u200b provider \u200b\u7c7b\u578b\u200b\u4e3a\u200b ovn \u200b\u7684\u200b\u7f51\u7edc\u200b\u751f\u6548\u200b\uff0c\u200b\u4e0d\u9002\u200b\u7528\u4e8e\u200b attachment network\u3002
\u200b\u5982\u679c\u200b\u4ee5\u200b Kube-OVN \u200b\u4f5c\u4e3a\u200b\u9644\u52a0\u200b\u7f51\u5361\u200b\uff0c\u200b\u5219\u200b provider \u200b\u5e94\u8be5\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace>.ovn\uff0c\u200b\u5e76\u200b\u8981\u200b\u4ee5\u200b ovn \u200b\u4f5c\u4e3a\u200b\u540e\u7f00\u200b\u7ed3\u675f\u200b\u3002 \u200b\u7528\u200b Kube-OVN \u200b\u63d0\u4f9b\u200b\u9644\u52a0\u200b\u7f51\u5361\u200b\uff0c\u200b\u521b\u5efa\u200b Subnet \u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attachnet\nspec:\n protocol: IPv4\n provider: attachnet.default.ovn\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n excludeIps:\n - 172.17.0.0..172.17.0.10\n
"},{"location":"advance/multi-nic/#pod","title":"\u521b\u5efa\u200b\u4e00\u4e2a\u591a\u200b\u7f51\u7edc\u200b\u7684\u200b Pod","text":"\u200b\u5bf9\u4e8e\u200b\u5730\u5740\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u7684\u200b Pod\uff0c\u200b\u53ea\u200b\u9700\u8981\u200b\u6dfb\u52a0\u200b\u5982\u4e0b\u200b annotation k8s.v1.cni.cncf.io/networks,\u200b\u53d6\u503c\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <namespace>/<name>\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: samplepod\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\nspec:\n containers:\n - name: samplepod\n command: [\"/bin/ash\", \"-c\", \"trap : TERM INT; sleep infinity & wait\"]\n image: docker.io/library/alpine:edge\n
"},{"location":"advance/multi-nic/#ip-pod","title":"\u521b\u5efa\u200b\u56fa\u5b9a\u200b IP \u200b\u7684\u200b Pod","text":"\u200b\u5bf9\u4e8e\u200b\u56fa\u5b9a\u200b IP \u200b\u7684\u200b Pod\uff0c\u200b\u6dfb\u52a0\u200b <networkAttachmentName>.<networkAttachmentNamespace>.kubernetes.io/ip_address annotation\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: static-ip\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\n macvlan.default.kubernetes.io/ip_address: 172.17.0.100\n macvlan.default.kubernetes.io/mac_address: 00:00:00:53:6B:BB\nspec:\n containers:\n - name: static-ip\n image: docker.io/library/nginx:alpine\n
"},{"location":"advance/multi-nic/#ip","title":"\u521b\u5efa\u200b\u4f7f\u7528\u200b\u56fa\u5b9a\u200b IP \u200b\u7684\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d","text":"\u200b\u5bf9\u4e8e\u200b\u4f7f\u7528\u200b ippool \u200b\u7684\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b, \u200b\u6dfb\u52a0\u200b <networkAttachmentName>.<networkAttachmentNamespace>.kubernetes.io/ip_pool annotations:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n namespace: default\n name: static-workload\n labels:\n app: static-workload\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: static-workload\n template:\n metadata:\n labels:\n app: static-workload\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\n ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17\n macvlan.default.kubernetes.io/ip_pool: 172.17.0.200,172.17.0.201,172.17.0.202\n spec:\n containers:\n - name: static-workload\n image: docker.io/library/nginx:alpine\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/nat-policy-rule/","title":"\u9ed8\u8ba4\u200b VPC NAT \u200b\u7b56\u7565\u200b\u89c4\u5219","text":""},{"location":"advance/nat-policy-rule/#_1","title":"\u7528\u9014","text":"\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Overlay \u200b\u5b50\u7f51\u200b\uff0c\u200b\u6253\u5f00\u200b natOutgoing \u200b\u5f00\u5173\u200b\u65f6\u200b\uff0cSubnet \u200b\u4e0b\u200b\u7684\u200b\u6240\u6709\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u90fd\u200b\u9700\u8981\u200b\u505a\u200b SNAT \u200b\u6210\u200b\u8282\u70b9\u200b\u7684\u200b IP\uff0c\u200b\u4f46\u662f\u200b\u6709\u4e9b\u200b\u573a\u666f\u200b\u6211\u4eec\u200b\u5e76\u200b\u4e0d\u200b\u5e0c\u671b\u200b\u5b50\u7f51\u200b\u5185\u200b\u6240\u6709\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u90fd\u200b\u505a\u200b SNAT\u3002
\u200b\u56e0\u6b64\u200b NAT \u200b\u7b56\u7565\u200b\u5c31\u662f\u200b\u4e3a\u4e86\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b\u63a5\u53e3\u200b\u8ba9\u200b\u7528\u6237\u200b\u51b3\u5b9a\u200b\u5b50\u7f51\u200b\u5185\u200b\u7684\u200b\u54ea\u4e9b\u200b CIDR \u200b\u6216\u8005\u200b IP \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u505a\u200b SNAT\u3002
"},{"location":"advance/nat-policy-rule/#_2","title":"\u4f7f\u7528\u200b\u65b9\u6cd5","text":"\u200b\u5728\u200b subnet.Spec \u200b\u4e2d\u200b\u5f00\u542f\u200b natOutgoing \u200b\u5f00\u5173\u200b\uff0c \u200b\u5e76\u4e14\u200b\u6dfb\u52a0\u200b\u5b57\u200b\u6bb5\u200b natOutgoingPolicyRules \u200b\u5982\u4e0b\u200b\uff1a
spec:\n natOutgoing: true\n natOutgoingPolicyRules:\n - action: forward\n match:\n srcIPs: 10.0.11.0/30,10.0.11.254\n - action: nat\n match:\n srcIPs: 10.0.11.128/26\n dstIPs: 114.114.114.114,8.8.8.8\n
\u200b\u4ee5\u4e0a\u200b\u6848\u4f8b\u200b\u8868\u793a\u200b\u6709\u200b\u4e24\u6761\u200b NAT \u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\uff1a
- \u200b\u6e90\u200b IP \u200b\u662f\u200b 10.0.11.0/30 \u200b\u6216\u8005\u200b 10.0.11.254 \u200b\u7684\u200b\u62a5\u6587\u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u65f6\u200b\u4e0d\u4f1a\u200b\u505a\u200b SNAT\u3002
- \u200b\u6e90\u200b IP \u200b\u662f\u200b 10.0.11.128/26 \u200b\u5e76\u4e14\u200b\u76ee\u7684\u200b IP \u200b\u662f\u200b 114.114.114.114 \u200b\u6216\u8005\u200b 8.8.8.8 \u200b\u7684\u200b\u62a5\u6587\u200b\u8bbf\u95ee\u200b\u5916\u200b\u7f51\u200b\u65f6\u4f1a\u200b\u505a\u200b SNAT\u3002
\u200b\u5b57\u200b\u6bb5\u200b\u63cf\u8ff0\u200b\uff1a
action\uff1a\u200b\u6ee1\u8db3\u200b match \u200b\u5bf9\u5e94\u200b\u6761\u4ef6\u200b\u7684\u200b\u62a5\u6587\u200b\uff0c\u200b\u4f1a\u200b\u6267\u884c\u200b\u7684\u200b action, action \u200b\u5206\u4e3a\u200b\u4e24\u79cd\u200b forward \u200b\u548c\u200b nat \uff0cforward \u200b\u8868\u793a\u200b\u62a5\u6587\u200b\u51fa\u5916\u200b\u7f51\u4e0d\u505a\u200b SNAT, nat \u200b\u8868\u793a\u200b\u62a5\u6587\u200b\u51fa\u5916\u200b\u7f51\u505a\u200b SNAT\u3002 \u200b\u6ca1\u6709\u200b\u914d\u7f6e\u200b natOutgoingPolicyRules \u200b\u65f6\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u62a5\u6587\u200b\u4ecd\u7136\u200b\u662f\u200b\u505a\u200b SNAT\u3002
match\uff1a\u200b\u8868\u793a\u200b\u62a5\u6587\u200b\u7684\u200b\u5339\u914d\u6bb5\u200b\uff0c\u200b\u5339\u914d\u6bb5\u200b\u6709\u200b srcIPs \u200b\u548c\u200b dstIPs\uff0c \u200b\u8fd9\u91cc\u200b\u8868\u793a\u200b\u4ece\u200b\u5b50\u7f51\u200b\u5185\u5230\u200b\u5916\u7f51\u200b\u65b9\u5411\u200b\u4e0a\u200b\u7684\u200b\u62a5\u6587\u200b\u7684\u200b\u6e90\u200b IP \u200b\u548c\u200b \u200b\u76ee\u7684\u200b IP\u3002match.srcIPs \u200b\u548c\u200b match.dstIPs \u200b\u652f\u6301\u200b\u591a\u4e2a\u200b CIDR \u200b\u548c\u200b IP\uff0c\u200b\u4e4b\u95f4\u200b\u7528\u200b\u9017\u53f7\u200b\u95f4\u9694\u200b\u3002
\u200b\u5982\u679c\u200b\u51fa\u73b0\u200b\u591a\u4e2a\u200b match \u200b\u89c4\u5219\u200b\u91cd\u53e0\u200b\uff0c\u200b\u5219\u200b\u6309\u7167\u200b natOutgoingPolicyRules \u200b\u6570\u7ec4\u200b\u987a\u5e8f\u200b\u8fdb\u884c\u200b\u5339\u914d\u200b\uff0c\u200b\u6700\u5148\u200b\u88ab\u200b\u5339\u914d\u200b\u7684\u200b action \u200b\u4f1a\u200b\u88ab\u200b\u6267\u884c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/node-local-dns/","title":"\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58\u200b\u548c\u200b Kube-OVN \u200b\u9002\u914d","text":"NodeLocal DNSCache \u200b\u662f\u200b\u901a\u8fc7\u200b\u96c6\u7fa4\u200b\u8282\u70b9\u200b\u4e0a\u200b\u4f5c\u4e3a\u200b DaemonSet \u200b\u8fd0\u884c\u200b DNS \u200b\u7f13\u5b58\u200b\u6765\u200b\u63d0\u9ad8\u200b\u96c6\u7fa4\u200b DNS \u200b\u6027\u80fd\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u548c\u200b Kube-OVN \u200b\u9002\u914d\u200b\u3002
"},{"location":"advance/node-local-dns/#dns","title":"\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58\u200b\u90e8\u7f72","text":""},{"location":"advance/node-local-dns/#kubernetes-dns","title":"\u90e8\u7f72\u200b Kubernetes \u200b\u7684\u200b\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58","text":"\u200b\u8be5\u200b\u6b65\u9aa4\u200b\u53c2\u8003\u200b Kubernetes \u200b\u5b98\u7f51\u200b\u914d\u7f6e\u200b Nodelocaldnscache\u3002
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u200b\u811a\u672c\u200b\u90e8\u7f72\u200b\uff1a
#!bin/bash\n\nlocaldns=169.254.20.10\ndomain=cluster.local\nkubedns=10.96.0.10\n\nwget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml\nsed -i \"s/__PILLAR__LOCAL__DNS__/$localdns/g; s/__PILLAR__DNS__DOMAIN__/$domain/g; s/,__PILLAR__DNS__SERVER__//g; s/__PILLAR__CLUSTER__DNS__/$kubedns/g\" nodelocaldns.yaml\n\nkubectl apply -f nodelocaldns.yaml\n
\u200b\u4fee\u6539\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b kubelet \u200b\u914d\u7f6e\u6587\u4ef6\u200b\uff0c\u200b\u5c06\u200b /var/lib/kubelet/config.yaml \u200b\u4e2d\u200b\u7684\u200b clusterDNS \u200b\u5b57\u200b\u6bb5\u200b\u4fee\u6539\u200b\u4e3a\u200b\u672c\u5730\u200b DNS IP 169.254.20.10\uff0c\u200b\u7136\u540e\u200b\u91cd\u542f\u200b kubelet \u200b\u670d\u52a1\u200b\u3002
"},{"location":"advance/node-local-dns/#kube-ovn-dns","title":"Kube-OVN \u200b\u76f8\u5e94\u200b DNS \u200b\u914d\u7f6e","text":"\u200b\u90e8\u7f72\u200b\u597d\u200b Kubernetes \u200b\u7684\u200b Nodelocal DNScache \u200b\u7ec4\u4ef6\u200b\u540e\u200b\uff0c Kube-OVN \u200b\u9700\u8981\u200b\u505a\u51fa\u200b\u4e0b\u9762\u200b\u4fee\u6539\u200b\uff1a
"},{"location":"advance/node-local-dns/#underlay-subnet-u2o","title":"Underlay Subnet \u200b\u5f00\u542f\u200b U2O \u200b\u5f00\u5173","text":"\u200b\u5982\u679c\u200b\u662f\u200b Underlay Subnet \u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u672c\u5730\u200b DNS \u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b U2O \u200b\u529f\u80fd\u200b\uff0c\u200b\u5373\u200b\u5728\u200b kubectl edit subnet {your subnet} \u200b\u4e2d\u200b\u914d\u7f6e\u200b spec.u2oInterconnection = true , \u200b\u5982\u679c\u200b\u662f\u200b Overlay Subnet \u200b\u5219\u200b\u4e0d\u200b\u9700\u8981\u200b\u8fd9\u6b65\u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"advance/node-local-dns/#kube-ovn-controller-dns-ip","title":"\u7ed9\u200b Kube-ovn-controller \u200b\u6307\u5b9a\u200b\u5bf9\u5e94\u200b\u7684\u200b\u672c\u5730\u200b DNS IP","text":"kubectl edit deployment kube-ovn-controller -n kube-system\n
\u200b\u7ed9\u200b spec.template.spec.containers.args \u200b\u589e\u52a0\u200b\u5b57\u200b\u6bb5\u200b --node-local-dns-ip=169.254.20.10
"},{"location":"advance/node-local-dns/#pod","title":"\u91cd\u5efa\u200b\u5df2\u7ecf\u200b\u521b\u5efa\u200b\u7684\u200b Pod","text":"\u200b\u8fd9\u6b65\u200b\u539f\u56e0\u200b\u662f\u200b\u8ba9\u200b Pod \u200b\u91cd\u65b0\u200b\u751f\u6210\u200b /etc/resolv.conf \u200b\u8ba9\u200b nameserver \u200b\u6307\u5411\u200b\u672c\u5730\u200b DNS IP\uff0c\u200b\u5982\u679c\u200b\u6ca1\u6709\u200b\u91cd\u5efa\u200b Pod \u200b\u7684\u200b nameserver \u200b\u5c06\u200b\u4ecd\u7136\u200b\u4f7f\u7528\u200b\u96c6\u7fa4\u200b\u7684\u200b DNS ClusterIP\u3002\u200b\u540c\u65f6\u200b u2o \u200b\u5f00\u5173\u200b\u5982\u679c\u200b\u5f00\u542f\u200b\u4e5f\u200b\u9700\u8981\u200b\u91cd\u5efa\u200b Pod \u200b\u6765\u200b\u91cd\u65b0\u200b\u751f\u6210\u200b Pod \u200b\u7f51\u5173\u200b\u3002
"},{"location":"advance/node-local-dns/#dns_1","title":"\u9a8c\u8bc1\u200b\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58\u200b\u529f\u80fd","text":"\u200b\u4ee5\u4e0a\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b\u540e\u200b\u53ef\u4ee5\u200b\u627e\u5230\u200b Pod \u200b\u9a8c\u8bc1\u200b\u5982\u4e0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b Pod \u200b\u7684\u200b DNS \u200b\u670d\u52a1\u5668\u200b\u662f\u200b\u6307\u5411\u200b\u672c\u5730\u200b 169.254.20.10 \uff0c\u200b\u5e76\u200b\u6210\u529f\u200b\u89e3\u6790\u200b\u57df\u540d\u200b\uff1a
# kubectl exec -it pod1 -- nslookup github.com\nServer: 169.254.20.10\nAddress: 169.254.20.10:53\n\n\nName: github.com\nAddress: 20.205.243.166\n
\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u8282\u70b9\u200b\u6293\u5305\u200b\u9a8c\u8bc1\u200b\u5982\u4e0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b DNS \u200b\u67e5\u8be2\u200b\u62a5\u6587\u200b\u901a\u8fc7\u200b ovn0 \u200b\u7f51\u5361\u200b\u5230\u8fbe\u200b\u672c\u5730\u200b\u7684\u200b DNS \u200b\u670d\u52a1\u200b\uff0cDNS \u200b\u54cd\u5e94\u200b\u62a5\u6587\u200b\u539f\u200b\u8def\u200b\u8fd4\u56de\u200b:
# tcpdump -i any port 53\n\n06:20:00.441889 659246098c56_h P ifindex 17 00:00:00:73:f1:06 ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1291+ A? baidu.com. (27)\n06:20:00.441889 ovn0 In ifindex 7 00:00:00:50:32:cd ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1291+ A? baidu.com. (27)\n06:20:00.441950 659246098c56_h P ifindex 17 00:00:00:73:f1:06 ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1611+ AAAA? baidu.com. (27)\n06:20:00.441950 ovn0 In ifindex 7 00:00:00:50:32:cd ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1611+ AAAA? baidu.com. (27)\n06:20:00.442203 ovn0 Out ifindex 7 00:00:00:52:99:d8 ethertype IPv4 (0x0800), length 145: 169.254.20.10.53 > 10.16.0.2.40230: 1611* 0/1/0 (97)\n06:20:00.442219 659246098c56_h Out ifindex 17 00:00:00:ea:b3:5e ethertype IPv4 (0x0800), length 145: 169.254.20.10.53 > 10.16.0.2.40230: 1611* 0/1/0 (97)\n06:20:00.442273 ovn0 Out ifindex 7 00:00:00:52:99:d8 ethertype IPv4 (0x0800), length 125: 169.254.20.10.53 > 10.16.0.2.40230: 1291* 2/0/0 A 39.156.66.10, A 110.242.68.66 (77)\n06:20:00.442278 659246098c56_h Out ifindex 17 00:00:00:ea:b3:5e ethertype IPv4 (0x0800), length 125: 169.254.20.10.53 > 10.16.0.2.40230: 1291* 2/0/0 A 39.156.66.10, A 110.242.68.66 (77)\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/offload-corigine/","title":"\u82af\u542f\u6e90\u200b\u7f51\u5361\u200b Offload \u200b\u652f\u6301","text":"Kube-OVN \u200b\u5728\u200b\u6700\u7ec8\u200b\u7684\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u4f7f\u7528\u200b OVS \u200b\u6765\u200b\u5b8c\u6210\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u76f8\u5173\u200b\u7684\u200b\u6d41\u8868\u200b\u5339\u914d\u200b\uff0c\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u7b49\u200b\u529f\u80fd\u200b\u4e3a\u200b CPU \u200b\u5bc6\u96c6\u578b\u200b\uff0c\u200b\u5728\u200b\u5927\u200b\u6d41\u91cf\u200b\u4e0b\u4f1a\u200b\u6d88\u8017\u200b\u5927\u91cf\u200b CPU \u200b\u8d44\u6e90\u200b\u5e76\u200b\u5bfc\u81f4\u200b \u200b\u5ef6\u8fdf\u200b\u4e0a\u5347\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u4e0b\u964d\u200b\u3002\u200b\u82af\u542f\u6e90\u200b\u7684\u200b Agilio CX \u200b\u7cfb\u5217\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b\u53ef\u4ee5\u200b\u5c06\u200b OVS \u200b\u76f8\u5173\u200b\u7684\u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\u5230\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u4e2d\u200b\u6267\u884c\u200b\u3002 \u200b\u8be5\u200b\u6280\u672f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u65e0\u9700\u200b\u5bf9\u200b OVS \u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f29\u77ed\u200b\u6570\u636e\u200b\u8def\u5f84\u200b\uff0c\u200b\u907f\u514d\u200b\u5bf9\u200b\u4e3b\u673a\u200b CPU \u200b\u8d44\u6e90\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u5927\u5e45\u200b\u964d\u4f4e\u200b\u5ef6\u8fdf\u200b\u5e76\u200b\u663e\u8457\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002
"},{"location":"advance/offload-corigine/#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":" - \u200b\u82af\u542f\u6e90\u200b Agilio CX \u200b\u7cfb\u5217\u200b\u7684\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u3002
- CentOS 8 Stream \u200b\u6216\u200b\u4e0a\u6e38\u200b Linux 5.7 \u200b\u4ee5\u4e0a\u200b\u5185\u6838\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u5f53\u524d\u200b\u7f51\u5361\u200b\u4e0d\u200b\u652f\u6301\u200b
dp_hash \u200b\u548c\u200b hash \u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\uff0c\u200b\u9700\u200b\u5173\u95ed\u200b OVN LB \u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/offload-corigine/#sr-iov","title":"\u8bbe\u7f6e\u200b\u7f51\u5361\u200b SR-IOV \u200b\u6a21\u5f0f","text":"\u200b\u7528\u6237\u200b\u53ef\u200b\u53c2\u8003\u200b Agilio Open vSwitch TC User Guide \u200b\u83b7\u5f97\u200b\u8be5\u200b\u7f51\u5361\u200b\u4f7f\u7528\u200b\u7684\u200b\u66f4\u200b\u591a\u200b\u8be6\u7ec6\u4fe1\u606f\u200b\u3002
\u200b\u4fdd\u5b58\u200b\u4e0b\u5217\u200b\u811a\u672c\u200b\u7528\u4e8e\u200b\u540e\u7eed\u200b\u6267\u884c\u200b\u56fa\u4ef6\u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b\uff1a
#!/bin/bash\nDEVICE=${1}\nDEFAULT_ASSY=scan\nASSY=${2:-${DEFAULT_ASSY}}\nAPP=${3:-flower}\n\nif [ \"x${DEVICE}\" = \"x\" -o ! -e /sys/class/net/${DEVICE} ]; then\n echo Syntax: ${0} device [ASSY] [APP]\n echo\n echo This script associates the TC Offload firmware\n echo with a Netronome SmartNIC.\n echo\n echo device: is the network device associated with the SmartNIC\n echo ASSY: defaults to ${DEFAULT_ASSY}\n echo APP: defaults to flower. flower-next is supported if updated\n echo firmware has been installed.\n exit 1\nfi\n\n# It is recommended that the assembly be determined by inspection\n# The following code determines the value via the debug interface\nif [ \"${ASSY}x\" = \"scanx\" ]; then\n ethtool -W ${DEVICE} 0\n DEBUG=$(ethtool -w ${DEVICE} data /dev/stdout | strings)\n SERIAL=$(echo \"${DEBUG}\" | grep \"^SN:\")\n ASSY=$(echo ${SERIAL} | grep -oE AMDA[0-9]{4})\nfi\n\nPCIADDR=$(basename $(readlink -e /sys/class/net/${DEVICE}/device))\nFWDIR=\"/lib/firmware/netronome\"\n\n# AMDA0081 and AMDA0097 uses the same firmware\nif [ \"${ASSY}\" = \"AMDA0081\" ]; then\n if [ ! -e ${FWDIR}/${APP}/nic_AMDA0081.nffw ]; then\n ln -sf nic_AMDA0097.nffw ${FWDIR}/${APP}/nic_AMDA0081.nffw\n fi\nfi\n\nFW=\"${FWDIR}/pci-${PCIADDR}.nffw\"\nln -sf \"${APP}/nic_${ASSY}.nffw\" \"${FW}\"\n\n# insert distro-specific initramfs section here...\n
\u200b\u5207\u6362\u200b\u56fa\u4ef6\u200b\u9009\u9879\u200b\u5e76\u200b\u91cd\u8f7d\u200b\u9a71\u52a8\u200b\uff1a
./agilio-tc-fw-select.sh ens47np0 scan\nrmmod nfp\nmodprobe nfp\n
\u200b\u68c0\u67e5\u200b\u53ef\u7528\u200b VF \u200b\u6570\u91cf\u200b\uff0c\u200b\u5e76\u200b\u521b\u5efa\u200b VF\uff1a
# cat /sys/class/net/ens3/device/sriov_totalvfs\n65\n\n# echo 4 > /sys/class/net/ens47/device/sriov_numvfs\n
"},{"location":"advance/offload-corigine/#sr-iov-device-plugin","title":"\u5b89\u88c5\u200b SR-IOV Device Plugin","text":"\u200b\u7531\u4e8e\u200b\u6bcf\u4e2a\u200b\u673a\u5668\u200b\u7684\u200b VF \u200b\u6570\u91cf\u200b\u6709\u9650\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4f7f\u7528\u200b\u52a0\u901f\u200b\u7684\u200b Pod \u200b\u4f1a\u200b\u5360\u7528\u200b VF \u200b\u8d44\u6e90\u200b\uff0c\u200b\u6211\u4eec\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b SR-IOV Device Plugin \u200b\u7ba1\u7406\u200b\u76f8\u5e94\u200b\u8d44\u6e90\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u8c03\u5ea6\u200b\u5668\u200b\u77e5\u9053\u200b\u5982\u4f55\u200b\u6839\u636e\u200b \u200b\u8d44\u6e90\u200b\u8fdb\u884c\u200b\u8c03\u5ea6\u200b\u3002
\u200b\u521b\u5efa\u200b SR-IOV \u200b\u76f8\u5173\u200b Configmap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sriovdp-config\n namespace: kube-system\ndata:\n config.json: |\n {\n \"resourceList\": [{\n \"resourcePrefix\": \"corigine.com\",\n \"resourceName\": \"agilio_sriov\",\n \"selectors\": {\n \"vendors\": [\"19ee\"],\n \"devices\": [\"6003\"],\n \"drivers\": [\"nfp_netvf\"]\n }\n }\n ]\n }\n
\u200b\u53c2\u8003\u200b SR-IOV \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b:
kubectl apply -f https://raw.githubusercontent.com/intel/sriov-network-device-plugin/master/deployments/k8s-v1.16/sriovdp-daemonset.yaml\n
\u200b\u68c0\u67e5\u200b SR-IOV \u200b\u8d44\u6e90\u200b\u662f\u5426\u200b\u5df2\u7ecf\u200b\u6ce8\u518c\u200b\u5230\u200b Kubernetes Node \u200b\u4e2d\u200b\uff1a
kubectl describe no containerserver | grep corigine\n\ncorigine.com/agilio_sriov: 4\ncorigine.com/agilio_sriov: 4\ncorigine.com/agilio_sriov 0 0\n
"},{"location":"advance/offload-corigine/#multus-cni","title":"\u5b89\u88c5\u200b Multus-CNI","text":"SR-IOV Device Plugin \u200b\u8c03\u5ea6\u200b\u65f6\u200b\u83b7\u5f97\u200b\u7684\u200b\u8bbe\u5907\u200b ID \u200b\u9700\u8981\u200b\u901a\u8fc7\u200b Multus-CNI \u200b\u4f20\u9012\u200b\u7ed9\u200b Kube-OVN\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b Multus-CNI \u200b\u914d\u5408\u200b\u5b8c\u6210\u200b\u76f8\u5173\u200b\u4efb\u52a1\u200b\u3002
\u200b\u53c2\u8003\u200b Multus-CNI \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset.yml\n
\u200b\u521b\u5efa\u200b NetworkAttachmentDefinition\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: default\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/resourceName: corigine.com/agilio_sriov\nspec:\n config: '{\n \"cniVersion\": \"0.3.1\",\n \"name\": \"kube-ovn\",\n \"plugins\":[\n {\n \"type\":\"kube-ovn\",\n \"server_socket\":\"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"default.default.ovn\"\n },\n {\n \"type\":\"portmap\",\n \"capabilities\":{\n \"portMappings\":true\n }\n }\n ]\n}'\n
provider: \u200b\u683c\u5f0f\u200b\u4e3a\u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {name}.{namespace}.ovn\u3002
"},{"location":"advance/offload-corigine/#kube-ovn","title":"Kube-OVN \u200b\u4e2d\u200b\u5f00\u542f\u200b\u5378\u8f7d\u200b\u6a21\u5f0f","text":"\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u4fee\u6539\u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\uff0cIFACE \u200b\u9700\u8981\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u8be5\u200b\u7f51\u5361\u200b\u9700\u8981\u200b\u6709\u200b\u53ef\u200b\u8def\u7531\u200b IP\uff1a
ENABLE_MIRROR=${ENABLE_MIRROR:-false}\nHW_OFFLOAD=${HW_OFFLOAD:-true}\nENABLE_LB=${ENABLE_LB:-false}\nIFACE=\"ensp01\"\n
\u200b\u5b89\u88c5\u200b Kube-OVN\uff1a
bash install.sh\n
"},{"location":"advance/offload-corigine/#vf-pod","title":"\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u7f51\u5361\u200b\u7684\u200b Pod","text":"\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5982\u4e0b\u200b yaml \u200b\u683c\u5f0f\u200b\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u8fdb\u884c\u200b\u7f51\u7edc\u200b\u5378\u8f7d\u200b\u52a0\u901f\u200b\u7684\u200b Pod:
apiVersion: v1\nkind: Pod\nmetadata:\n name: nginx\n namespace: default\n annotations:\n v1.multus-cni.io/default-network: default/default\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n resources:\n requests:\n corigine.com/agilio_sriov: '1'\n limits:\n corigine.com/agilio_sriov: '1'\n
v1.multus-cni.io/default-network: \u200b\u4e3a\u200b\u4e0a\u200b\u4e00\u200b\u6b65\u9aa4\u200b\u4e2d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {namespace}/{name}\u3002
\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5728\u200b Pod \u200b\u8fd0\u884c\u200b\u8282\u70b9\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\u4e2d\u200b\u8fd0\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u89c2\u5bdf\u200b\u5378\u8f7d\u200b\u662f\u5426\u200b\u6210\u529f\u200b\uff1a
# ovs-appctl dpctl/dump-flows -m type=offloaded\nufid:91cc45de-e7e9-4935-8f82-1890430b0f66, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(5b45c61b307e_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:c5:6d:4e,dst=00:00:00:e7:16:ce),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:941539, bytes:62142230, used:0.260s, offloaded:yes, dp:tc, actions:54235e5753b8_h\nufid:e00768d7-e652-4d79-8182-3291d852b791, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(54235e5753b8_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:e7:16:ce,dst=00:00:00:c5:6d:4e),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:82386659, bytes:115944854173, used:0.260s, offloaded:yes, dp:tc, actions:5b45c61b307e_h\n
\u200b\u5982\u679c\u200b\u6709\u200b offloaded:yes, dp:tc \u200b\u5185\u5bb9\u200b\u8bc1\u660e\u200b\u5378\u8f7d\u200b\u6210\u529f\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/offload-mellanox/","title":"Mellanox \u200b\u7f51\u5361\u200b Offload \u200b\u652f\u6301","text":"Kube-OVN \u200b\u5728\u200b\u6700\u7ec8\u200b\u7684\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u4f7f\u7528\u200b OVS \u200b\u6765\u200b\u5b8c\u6210\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u76f8\u5173\u200b\u7684\u200b\u6d41\u8868\u200b\u5339\u914d\u200b\uff0c\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u7b49\u200b\u529f\u80fd\u200b\u4e3a\u200b CPU \u200b\u5bc6\u96c6\u578b\u200b\uff0c\u200b\u5728\u200b\u5927\u200b\u6d41\u91cf\u200b\u4e0b\u4f1a\u200b\u6d88\u8017\u200b\u5927\u91cf\u200b CPU \u200b\u8d44\u6e90\u200b\u5e76\u200b\u5bfc\u81f4\u200b \u200b\u5ef6\u8fdf\u200b\u4e0a\u5347\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u4e0b\u964d\u200b\u3002Mellanox \u200b\u7684\u200b Accelerated Switching And Packet Processing (ASAP\u00b2) \u200b\u6280\u672f\u200b\u53ef\u4ee5\u200b\u5c06\u200b OVS \u200b\u76f8\u5173\u200b\u7684\u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\u5230\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u5185\u200b\u7684\u200b eSwitch \u200b\u4e0a\u200b\u6267\u884c\u200b\u3002\u200b\u8be5\u200b\u6280\u672f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u65e0\u9700\u200b\u5bf9\u200b OVS \u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f29\u77ed\u200b\u6570\u636e\u200b\u8def\u5f84\u200b\uff0c\u200b\u907f\u514d\u200b\u5bf9\u200b\u4e3b\u673a\u200b CPU \u200b\u8d44\u6e90\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u5927\u5e45\u200b\u964d\u4f4e\u200b\u5ef6\u8fdf\u200b\u5e76\u200b\u663e\u8457\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002
"},{"location":"advance/offload-mellanox/#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":" - Mellanox CX5/CX6/CX7/BlueField \u200b\u7b49\u200b\u652f\u6301\u200b ASAP\u00b2 \u200b\u7684\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u3002
- CentOS 8 Stream \u200b\u6216\u200b\u4e0a\u6e38\u200b Linux 5.7 \u200b\u4ee5\u4e0a\u200b\u5185\u6838\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u5f53\u524d\u200b\u7f51\u5361\u200b\u4e0d\u200b\u652f\u6301\u200b
dp_hash \u200b\u548c\u200b hash \u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\uff0c\u200b\u9700\u200b\u5173\u95ed\u200b OVN LB \u200b\u529f\u80fd\u200b\u3002 - \u200b\u4e3a\u4e86\u200b\u652f\u6301\u200b\u5378\u8f7d\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u7f51\u5361\u200b\u4e0d\u80fd\u200b\u505a\u200b bond\u3002
"},{"location":"advance/offload-mellanox/#sr-iov-device-plugin","title":"\u914d\u7f6e\u200b SR-IOV \u200b\u548c\u200b Device Plugin","text":"Mellanox \u200b\u7f51\u5361\u200b\u652f\u6301\u200b\u4e24\u79cd\u200b\u914d\u7f6e\u200b offload \u200b\u7684\u200b\u65b9\u5f0f\u200b\uff0c\u200b\u4e00\u79cd\u200b\u624b\u52a8\u200b\u914d\u7f6e\u200b\u7f51\u5361\u200b SR-IOV \u200b\u548c\u200b Device Plugin\uff0c\u200b\u53e6\u200b\u4e00\u79cd\u200b\u901a\u8fc7\u200b sriov-network-operator \u200b\u8fdb\u884c\u200b\u81ea\u52a8\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"advance/offload-mellanox/#sr-iov-device-plugin_1","title":"\u624b\u52a8\u200b\u914d\u7f6e\u200b SR-IOV \u200b\u548c\u200b Device Plugin","text":"\u200b\u67e5\u8be2\u200b\u7f51\u5361\u200b\u7684\u200b\u8bbe\u5907\u200b ID\uff0c\u200b\u4e0b\u9762\u200b\u7684\u200b\u4f8b\u5b50\u200b\u4e2d\u4e3a\u200b 42:00.0\uff1a
# lspci -nn | grep ConnectX-5\n42:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n
\u200b\u6839\u636e\u200b\u8bbe\u5907\u200b ID \u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7f51\u5361\u200b\uff1a
# ls -l /sys/class/net/ | grep 42:00.0\nlrwxrwxrwx. 1 root root 0 Jul 22 23:16 p4p1 -> ../../devices/pci0000:40/0000:40:02.0/0000:42:00.0/net/p4p1\n
\u200b\u68c0\u67e5\u200b\u53ef\u7528\u200b VF \u200b\u6570\u91cf\u200b\uff1a
# cat /sys/class/net/p4p1/device/sriov_totalvfs\n8\n
\u200b\u521b\u5efa\u200b VF\uff0c\u200b\u603b\u6570\u200b\u4e0d\u8981\u200b\u8d85\u8fc7\u200b\u4e0a\u9762\u200b\u67e5\u8be2\u200b\u51fa\u200b\u7684\u200b\u6570\u91cf\u200b\uff1a
# echo '4' > /sys/class/net/p4p1/device/sriov_numvfs\n# ip link show p4p1\n10: p4p1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000\n link/ether b8:59:9f:c1:ec:12 brd ff:ff:ff:ff:ff:ff\n vf 0 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 1 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 2 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 3 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n# ip link set p4p1 up\n
\u200b\u627e\u5230\u200b\u4e0a\u8ff0\u200b VF \u200b\u5bf9\u5e94\u200b\u7684\u200b\u8bbe\u5907\u200b ID\uff1a
# lspci -nn | grep ConnectX-5\n42:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n42:00.1 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n42:00.2 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.3 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.4 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.5 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n
\u200b\u5c06\u200b VF \u200b\u4ece\u200b\u9a71\u52a8\u200b\u4e2d\u89e3\u200b\u7ed1\u200b\uff1a
echo 0000:42:00.2 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.3 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.4 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.5 > /sys/bus/pci/drivers/mlx5_core/unbind\n
\u200b\u5f00\u542f\u200b eSwitch \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u786c\u4ef6\u200b\u5378\u8f7d\u200b\uff1a
devlink dev eswitch set pci/0000:42:00.0 mode switchdev\nethtool -K enp66s0f0 hw-tc-offload on\n
\u200b\u91cd\u65b0\u200b\u7ed1\u5b9a\u200b\u9a71\u52a8\u200b\uff0c\u200b\u5b8c\u6210\u200b VF \u200b\u8bbe\u7f6e\u200b\uff1a
echo 0000:42:00.2 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.3 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.4 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.5 > /sys/bus/pci/drivers/mlx5_core/bind\n
NetworkManager \u200b\u7684\u200b\u4e00\u4e9b\u200b\u884c\u4e3a\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u9a71\u52a8\u200b\u5f02\u5e38\u200b\uff0c\u200b\u5982\u679c\u200b\u5378\u8f7d\u200b\u51fa\u73b0\u200b\u95ee\u9898\u200b\u5efa\u8bae\u200b\u5173\u95ed\u200b NetworkManager \u200b\u518d\u200b\u8fdb\u884c\u200b\u5c1d\u8bd5\u200b\uff1a
systemctl stop NetworkManager\nsystemctl disable NetworkManager\n
\u200b\u7531\u4e8e\u200b\u6bcf\u4e2a\u200b\u673a\u5668\u200b\u7684\u200b VF \u200b\u6570\u91cf\u200b\u4f18\u5148\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4f7f\u7528\u200b\u52a0\u901f\u200b\u7684\u200b Pod \u200b\u4f1a\u200b\u5360\u7528\u200b VF \u200b\u8d44\u6e90\u200b\uff0c\u200b\u6211\u4eec\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b SR-IOV Device Plugin \u200b\u7ba1\u7406\u200b\u76f8\u5e94\u200b\u8d44\u6e90\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u8c03\u5ea6\u200b\u5668\u200b\u77e5\u9053\u200b\u5982\u4f55\u200b\u6839\u636e\u200b \u200b\u8d44\u6e90\u200b\u8fdb\u884c\u200b\u8c03\u5ea6\u200b\u3002
\u200b\u521b\u5efa\u200b SR-IOV \u200b\u76f8\u5173\u200b Configmap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sriovdp-config\n namespace: kube-system\ndata:\n config.json: |\n {\n \"resourceList\": [{\n \"resourcePrefix\": \"mellanox.com\",\n \"resourceName\": \"cx5_sriov_switchdev\",\n \"selectors\": {\n \"vendors\": [\"15b3\"],\n \"devices\": [\"1018\"],\n \"drivers\": [\"mlx5_core\"]\n }\n }\n ]\n }\n
\u200b\u53c2\u8003\u200b SR-IOV \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b:
kubectl apply -f https://raw.githubusercontent.com/intel/sriov-network-device-plugin/master/deployments/k8s-v1.16/sriovdp-daemonset.yaml\n
\u200b\u68c0\u67e5\u200b SR-IOV \u200b\u8d44\u6e90\u200b\u662f\u5426\u200b\u5df2\u7ecf\u200b\u6ce8\u518c\u200b\u5230\u200b Kubernetes Node \u200b\u4e2d\u200b\uff1a
kubectl describe node kube-ovn-01 | grep mellanox\n\nmellanox.com/cx5_sriov_switchdev: 4\nmellanox.com/cx5_sriov_switchdev: 4\nmellanox.com/cx5_sriov_switchdev 0 0\n
"},{"location":"advance/offload-mellanox/#sriov-network-operator-sr-iov-device-plugin","title":"\u4f7f\u7528\u200b sriov-network-operator \u200b\u914d\u7f6e\u200b SR-IOV \u200b\u548c\u200b Device Plugin","text":"\u200b\u5b89\u88c5\u200b node-feature-discovery \u200b\u81ea\u52a8\u68c0\u6d4b\u200b\u786c\u4ef6\u200b\u7684\u200b\u529f\u80fd\u200b\u548c\u200b\u7cfb\u7edf\u914d\u7f6e\u200b:
kubectl apply -k https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.11.3\n
\u200b\u6216\u8005\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff0c\u200b\u624b\u52a8\u200b\u7ed9\u200b\u6709\u200b offload \u200b\u80fd\u529b\u200b\u7684\u200b\u7f51\u5361\u200b\u589e\u52a0\u200b annotation:
kubectl label nodes [offloadNicNode] feature.node.kubernetes.io/network-sriov.capable=true\n
\u200b\u514b\u9686\u200b\u4ee3\u7801\u200b\u4ed3\u5e93\u200b\u5e76\u200b\u5b89\u88c5\u200b Operator\uff1a
git clone --depth=1 https://github.com/kubeovn/sriov-network-operator.git\nkubectl apply -k sriov-network-operator/deploy\n
\u200b\u68c0\u67e5\u200b Operator \u200b\u7ec4\u4ef6\u200b\u662f\u5426\u200b\u5de5\u4f5c\u200b\u6b63\u5e38\u200b\uff1a
# kubectl get -n kube-system all | grep sriov\nNAME READY STATUS RESTARTS AGE\npod/sriov-network-config-daemon-bf9nt 1/1 Running 0 8s\npod/sriov-network-operator-54d7545f65-296gb 1/1 Running 0 10s\n\nNAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE\ndaemonset.apps/sriov-network-config-daemon 1 1 1 1 1 beta.kubernetes.io/os=linux,feature.node.kubernetes.io/network-sriov.capable=true 8s\n\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps/sriov-network-operator 1/1 1 1 10s\n\nNAME DESIRED CURRENT READY AGE\nreplicaset.apps/sriov-network-operator-54d7545f65 1 1 1 10s\n
\u200b\u68c0\u67e5\u200b SriovNetworkNodeState\uff0c\u200b\u4e0b\u9762\u200b\u4ee5\u200b node1 \u200b\u8282\u70b9\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u8be5\u200b\u8282\u70b9\u200b\u4e0a\u200b\u6709\u200b\u4e24\u4e2a\u200b Mellanox \u200b\u7f51\u5361\u200b\uff1a
# kubectl get sriovnetworknodestates.sriovnetwork.openshift.io -n kube-system node1 -o yaml\napiVersion: sriovnetwork.openshift.io/v1\nkind: SriovNetworkNodeState\nspec: ...\nstatus:\n interfaces:\n - deviceID: \"1017\"\n driver: mlx5_core\n mtu: 1500\n pciAddress: \"0000:5f:00.0\"\n totalvfs: 8\n vendor: \"15b3\"\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:bb\n name: ens41f0np0\n - deviceID: \"1017\"\n driver: mlx5_core\n mtu: 1500\n pciAddress: \"0000:5f:00.1\"\n totalvfs: 8\n vendor: \"15b3\"\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:bb\n name: ens41f1np1\n
\u200b\u521b\u5efa\u200b SriovNetworkNodePolicy \u200b\u8d44\u6e90\u200b\uff0c\u200b\u5e76\u200b\u901a\u8fc7\u200b nicSelector \u200b\u9009\u62e9\u200b\u8981\u200b\u7ba1\u7406\u200b\u7684\u200b\u7f51\u5361\u200b\uff1a
apiVersion: sriovnetwork.openshift.io/v1\nkind: SriovNetworkNodePolicy\nmetadata:\n name: policy\n namespace: kube-system\nspec:\n nodeSelector:\n feature.node.kubernetes.io/network-sriov.capable: \"true\"\n eSwitchMode: switchdev\n numVfs: 3\n nicSelector:\n pfNames:\n - ens41f0np0\n - ens41f1np1\n resourceName: cx_sriov_switchdev\n
\u200b\u518d\u6b21\u200b\u68c0\u67e5\u200b SriovNetworkNodeState \u200b\u7684\u200b status \u200b\u5b57\u200b\u6bb5\u200b\uff1a
# kubectl get sriovnetworknodestates.sriovnetwork.openshift.io -n kube-system node1 -o yaml\n\n...\nspec:\n interfaces:\n - eSwitchMode: switchdev\n name: ens41f0np0\n numVfs: 3\n pciAddress: 0000:5f:00.0\n vfGroups:\n - policyName: policy\n vfRange: 0-2\n resourceName: cx_sriov_switchdev\n - eSwitchMode: switchdev\n name: ens41f1np1\n numVfs: 3\n pciAddress: 0000:5f:00.1\n vfGroups:\n - policyName: policy\n vfRange: 0-2\n resourceName: cx_sriov_switchdev\nstatus:\n interfaces\n - Vfs:\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.2\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.3\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.4\n vendor: \"15b3\"\n deviceID: \"1017\"\n driver: mlx5_core\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:ab\n mtu: 1500\n name: ens41f0np0\n numVfs: 3\n pciAddress: 0000:5f:00.0\n totalvfs: 3\n vendor: \"15b3\"\n - Vfs:\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.5\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.6\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.7\n vendor: \"15b3\"\n deviceID: \"1017\"\n driver: mlx5_core\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:bb\n mtu: 1500\n name: ens41f1np1\n numVfs: 3\n pciAddress: 0000:5f:00.1\n totalvfs: 3\n vendor: \"15b3\"\n
\u200b\u68c0\u67e5\u200b VF \u200b\u7684\u200b\u72b6\u6001\u200b\uff1a
# lspci -nn | grep ConnectX\n5f:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n5f:00.1 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n5f:00.2 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.3 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.4 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.5 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.6 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.7 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n
\u200b\u68c0\u67e5\u200b PF \u200b\u5de5\u4f5c\u200b\u6a21\u5f0f\u200b\uff1a
# cat /sys/class/net/ens41f0np0/compat/devlink/mode\nswitchdev\n
"},{"location":"advance/offload-mellanox/#multus-cni","title":"\u5b89\u88c5\u200b Multus-CNI","text":"SR-IOV Device Plugin \u200b\u8c03\u5ea6\u200b\u65f6\u200b\u83b7\u5f97\u200b\u7684\u200b\u8bbe\u5907\u200b ID \u200b\u9700\u8981\u200b\u901a\u8fc7\u200b Multus-CNI \u200b\u4f20\u9012\u200b\u7ed9\u200b Kube-OVN\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b Multus-CNI \u200b\u914d\u5408\u200b\u5b8c\u6210\u200b\u76f8\u5173\u200b\u4efb\u52a1\u200b\u3002
\u200b\u53c2\u8003\u200b Multus-CNI \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset.yml\n
\u200b\u521b\u5efa\u200b NetworkAttachmentDefinition\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: default\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/resourceName: mellanox.com/cx5_sriov_switchdev\nspec:\n config: '{\n \"cniVersion\": \"0.3.1\",\n \"name\": \"kube-ovn\",\n \"plugins\":[\n {\n \"type\":\"kube-ovn\",\n \"server_socket\":\"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"default.default.ovn\"\n },\n {\n \"type\":\"portmap\",\n \"capabilities\":{\n \"portMappings\":true\n }\n }\n ]\n}'\n
provider: \u200b\u683c\u5f0f\u200b\u4e3a\u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {name}.{namespace}.ovn\u3002
"},{"location":"advance/offload-mellanox/#kube-ovn","title":"Kube-OVN \u200b\u4e2d\u200b\u5f00\u542f\u200b\u5378\u8f7d\u200b\u6a21\u5f0f","text":"\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u4fee\u6539\u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\uff0cIFACE \u200b\u9700\u8981\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u8be5\u200b\u7f51\u5361\u200b\u9700\u8981\u200b\u6709\u200b\u53ef\u200b\u8def\u7531\u200b IP\uff1a
ENABLE_MIRROR=${ENABLE_MIRROR:-false}\nHW_OFFLOAD=${HW_OFFLOAD:-true}\nENABLE_LB=${ENABLE_LB:-false}\nIFACE=\"ensp01\"\n
\u200b\u5b89\u88c5\u200b Kube-OVN\uff1a
bash install.sh\n
"},{"location":"advance/offload-mellanox/#vf-pod","title":"\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u7f51\u5361\u200b\u7684\u200b Pod","text":"\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5982\u4e0b\u200b yaml \u200b\u683c\u5f0f\u200b\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u8fdb\u884c\u200b\u7f51\u7edc\u200b\u5378\u8f7d\u200b\u52a0\u901f\u200b\u7684\u200b Pod:
apiVersion: v1\nkind: Pod\nmetadata:\n name: nginx\n annotations:\n v1.multus-cni.io/default-network: default/default\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n resources:\n requests:\n mellanox.com/cx5_sriov_switchdev: '1'\n limits:\n mellanox.com/cx5_sriov_switchdev: '1'\n
v1.multus-cni.io/default-network: \u200b\u4e3a\u200b\u4e0a\u200b\u4e00\u200b\u6b65\u9aa4\u200b\u4e2d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {namespace}/{name}\u3002
\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5728\u200b Pod \u200b\u8fd0\u884c\u200b\u8282\u70b9\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\u4e2d\u200b\u8fd0\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u89c2\u5bdf\u200b\u5378\u8f7d\u200b\u662f\u5426\u200b\u6210\u529f\u200b\uff1a
# ovs-appctl dpctl/dump-flows -m type=offloaded\nufid:91cc45de-e7e9-4935-8f82-1890430b0f66, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(5b45c61b307e_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:c5:6d:4e,dst=00:00:00:e7:16:ce),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:941539, bytes:62142230, used:0.260s, offloaded:yes, dp:tc, actions:54235e5753b8_h\nufid:e00768d7-e652-4d79-8182-3291d852b791, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(54235e5753b8_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:e7:16:ce,dst=00:00:00:c5:6d:4e),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:82386659, bytes:115944854173, used:0.260s, offloaded:yes, dp:tc, actions:5b45c61b307e_h\n
\u200b\u5982\u679c\u200b\u6709\u200b offloaded:yes, dp:tc \u200b\u5185\u5bb9\u200b\u8bc1\u660e\u200b\u5378\u8f7d\u200b\u6210\u529f\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/overlay-with-route/","title":"Overlay \u200b\u4e0b\u200b\u8def\u7531\u200b\u65b9\u5f0f\u200b\u7f51\u7edc\u200b\u6253\u901a","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u7f51\u7edc\u200b\u73af\u5883\u200b\u4e0d\u200b\u652f\u6301\u200b Underlay \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u4f46\u662f\u200b\u4f9d\u7136\u200b\u9700\u8981\u200b Pod \u200b\u80fd\u200b\u548c\u200b\u5916\u90e8\u200b\u8bbe\u65bd\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b IP \u200b\u8fdb\u884c\u200b\u4e92\u8bbf\u200b\uff0c \u200b\u8fd9\u65f6\u5019\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u8def\u7531\u200b\u65b9\u5f0f\u200b\u5c06\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u5916\u90e8\u200b\u8054\u901a\u200b\u3002
\u200b\u8def\u7531\u200b\u6a21\u5f0f\u200b\u53ea\u200b\u652f\u6301\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Overlay \u200b\u7f51\u7edc\u200b\u548c\u200b\u5916\u90e8\u200b\u6253\u901a\u200b\uff0c\u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cPod IP \u200b\u4f1a\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u653e\u5f00\u200b\u5173\u4e8e\u200b\u6e90\u5730\u5740\u200b\u548c\u200b\u76ee\u200b\u5730\u5740\u200b\u7684\u200b IP \u200b\u68c0\u67e5\u200b\u3002
"},{"location":"advance/overlay-with-route/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u6b64\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u4e3b\u673a\u200b\u9700\u8981\u200b\u5f00\u653e\u200b
ip_forward\u3002 - \u200b\u68c0\u67e5\u200b\u4e3b\u673a\u200b iptables \u200b\u89c4\u5219\u200b\u4e2d\u200b\u662f\u5426\u200b\u5728\u200b forward \u200b\u94fe\u4e2d\u200b\u662f\u5426\u200b\u6709\u200b Drop \u200b\u89c4\u5219\u200b\uff0c\u200b\u9700\u8981\u200b\u653e\u884c\u200b\u5bb9\u5668\u200b\u76f8\u5173\u200b\u6d41\u91cf\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u53ef\u80fd\u200b\u5b58\u5728\u200b\u975e\u5bf9\u79f0\u200b\u8def\u7531\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0c\u200b\u4e3b\u673a\u200b\u9700\u200b\u653e\u884c\u200b ct \u200b\u72b6\u6001\u200b\u4e3a\u200b
INVALID \u200b\u7684\u200b\u6570\u636e\u5305\u200b\u3002
"},{"location":"advance/overlay-with-route/#_2","title":"\u8bbe\u7f6e\u200b\u6b65\u9aa4","text":"\u200b\u5bf9\u4e8e\u200b\u9700\u8981\u200b\u5bf9\u5916\u200b\u76f4\u63a5\u200b\u8def\u7531\u200b\u7684\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u5b50\u7f51\u200b\u7684\u200b natOutgoing \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\uff0c\u200b\u5173\u95ed\u200b nat \u200b\u6620\u5c04\u200b\uff0c\u200b\u4f7f\u5f97\u200b Pod IP \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: routed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: distributed\n natOutgoing: false\n
\u200b\u6b64\u65f6\u200b\uff0cPod \u200b\u7684\u200b\u6570\u636e\u5305\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e3b\u673a\u200b\u8def\u7531\u200b\u5230\u8fbe\u200b\u5bf9\u7aef\u200b\u8282\u70b9\u200b\uff0c\u200b\u4f46\u662f\u200b\u5bf9\u7aef\u200b\u8282\u70b9\u200b\u8fd8\u200b\u4e0d\u200b\u77e5\u9053\u200b\u56de\u7a0b\u200b\u6570\u636e\u5305\u200b\u5e94\u8be5\u200b\u53d1\u9001\u5230\u200b\u54ea\u91cc\u200b\uff0c\u200b\u9700\u8981\u200b\u6dfb\u52a0\u200b\u56de\u7a0b\u200b\u8def\u7531\u200b\u3002
\u200b\u5982\u679c\u200b\u5bf9\u7aef\u200b\u4e3b\u673a\u200b\u548c\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u6211\u4eec\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u5728\u200b\u5bf9\u200b\u7aef\u200b\u4e3b\u673a\u200b\u6dfb\u52a0\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u5c06\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u6307\u5411\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b\u4efb\u610f\u200b\u4e00\u53f0\u200b\u673a\u5668\u200b\u3002
ip route add 10.166.0.0/16 via 192.168.2.10 dev eth0\n
10.166.0.0/16 \u200b\u4e3a\u200b\u5bb9\u5668\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\uff0c192.168.2.10 \u200b\u4e3a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u5185\u200b\u4efb\u610f\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u3002
\u200b\u82e5\u200b\u5bf9\u200b\u7aef\u200b\u4e3b\u673a\u200b\u548c\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u4e0d\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5219\u200b\u9700\u8981\u200b\u5728\u200b\u8def\u7531\u5668\u200b\u4e0a\u200b\u914d\u7f6e\u200b\u76f8\u5e94\u200b\u7684\u200b\u89c4\u5219\u200b\uff0c\u200b\u901a\u8fc7\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u6253\u901a\u200b\u3002
\u200b\u6ce8\u610f\u200b\uff1a \u200b\u6307\u5b9a\u200b\u67d0\u4e2a\u200b\u8282\u70b9\u200b IP \u200b\u5b58\u5728\u200b\u5355\u70b9\u6545\u969c\u200b\u7684\u200b\u53ef\u80fd\u200b\uff0c\u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u505a\u5230\u200b\u5feb\u901f\u200b\u7684\u200b\u6545\u969c\u200b\u5207\u6362\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Keepalived \u200b\u7ed9\u200b\u591a\u4e2a\u200b\u8282\u70b9\u200b\u8bbe\u7f6e\u200b VIP\uff0c\u200b\u540c\u65f6\u200b\u5c06\u200b\u8def\u7531\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u6307\u5411\u200b VIP\u3002
\u200b\u5728\u200b\u4e00\u4e9b\u200b\u865a\u62df\u5316\u200b\u73af\u5883\u200b\u4e2d\u200b\uff0c\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u4f1a\u200b\u5c06\u200b\u975e\u5bf9\u79f0\u200b\u6d41\u91cf\u200b\u8bc6\u522b\u200b\u4e3a\u200b\u975e\u6cd5\u200b\u6d41\u91cf\u200b\u5e76\u200b\u4e22\u5f03\u200b\u3002 \u200b\u6b64\u65f6\u200b\u9700\u8981\u200b\u5c06\u200b Subnet \u200b\u7684\u200b gatewayType \u200b\u8c03\u6574\u200b\u4e3a\u200b centralized\uff0c\u200b\u5e76\u200b\u5728\u200b\u8def\u7531\u200b\u8bbe\u7f6e\u200b\u65f6\u200b\u5c06\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b gatewayNode \u200b\u8282\u70b9\u200b\u7684\u200b IP\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: routed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: centralized\n gatewayNode: \"node1\"\n natOutgoing: false\n
\u200b\u5982\u679c\u200b\u5bf9\u4e8e\u200b\u90e8\u5206\u200b\u6d41\u91cf\u200b\uff08\u200b\u5982\u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u7684\u200b\u6d41\u91cf\u200b\uff09\u200b\u4ecd\u7136\u200b\u5e0c\u671b\u200b\u8fdb\u884c\u200b nat \u200b\u5904\u7406\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u9ed8\u8ba4\u200b VPC NAT \u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-eip-fip-snat/","title":"OVN EIP FIP SNAT DNAT \u200b\u652f\u6301","text":"\u200b\u6ce8\u610f\u200b\uff1a\u200b\u7531\u4e8e\u200b\u5b58\u5728\u200b api \u200b\u53d8\u52a8\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u5728\u200b 1.12 \u200b\u5206\u652f\u200b\u7ee7\u7eed\u200b\u6f14\u8fdb\u200b\u8be5\u200b OVN EIP FIP DNAT \u200b\u529f\u80fd\u200b\uff0c\u200b\u5982\u200b\u6709\u200b\u9700\u8981\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b 1.12 \u200b\u4e4b\u540e\u200b\u7684\u200b\u5206\u652f\u200b \u200b\u6216\u8005\u200b master \u200b\u5206\u652f\u200b\u3002 \u200b\u7531\u4e8e\u200b master \u200b\u5206\u652f\u200b\u6f14\u8fdb\u200b\u8f83\u200b\u5feb\u200b\uff0c\u200b\u76ee\u524d\u200b\u4e13\u95e8\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u4e2a\u200b 1.12-mc \u200b\u5206\u652f\u200b\uff0c\u200b\u7528\u4e8e\u200b\u4fdd\u8bc1\u200b\u7a33\u5b9a\u6027\u200b\u3002
graph LR\n\n\npod-->vpc1-subnet-->vpc1-->snat-->lrp-->external-subnet-->gw-node-external-nic
Pod \u200b\u57fa\u4e8e\u200b SNAT \u200b\u51fa\u200b\u516c\u7f51\u200b\u7684\u200b\u5927\u81f4\u200b\u6d41\u7a0b\u200b\uff0c\u200b\u6700\u540e\u200b\u662f\u200b\u7ecf\u8fc7\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u7684\u200b\u516c\u7f51\u200b\u7f51\u5361\u200b\u3002
graph LR\n\n\npod-->vpc1-subnet-->vpc1-->fip-->lrp-->external-subnet-->local-node-external-nic
Pod \u200b\u57fa\u4e8e\u200b FIP \u200b\u51fa\u200b\u516c\u7f51\u200b\u7684\u200b\u5927\u81f4\u200b\u6d41\u7a0b\u200b\uff0c\u200b\u6700\u540e\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u672c\u5730\u200b\u8282\u70b9\u200b\u7684\u200b\u516c\u7f51\u200b\u7f51\u5361\u200b\u51fa\u200b\u516c\u7f51\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u6240\u200b\u652f\u6301\u200b\u7684\u200b CRD \u200b\u5728\u200b\u4f7f\u7528\u200b\u4e0a\u5c06\u200b\u548c\u200b iptable nat gw \u200b\u516c\u7f51\u200b\u65b9\u6848\u200b\u4fdd\u6301\u200b\u57fa\u672c\u4e00\u81f4\u200b\u3002
- ovn eip: \u200b\u7528\u4e8e\u200b\u516c\u7f51\u200b ip \u200b\u5360\u4f4d\u200b\uff0c\u200b\u4ece\u200b underlay provider network vlan subnet \u200b\u4e2d\u200b\u5206\u914d\u200b
- ovn fip\uff1a \u200b\u4e00\u5bf9\u4e00\u200b dnat snat\uff0c\u200b\u4e3a\u200b vpc \u200b\u5185\u200b\u7684\u200b ip \u200b\u6216\u8005\u200b vip \u200b\u63d0\u4f9b\u200b\u516c\u7f51\u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b\u80fd\u529b\u200b
- ovn snat\uff1a\u200b\u6574\u4e2a\u200b\u5b50\u7f51\u200b\u6216\u8005\u200b\u5355\u4e2a\u200b vpc \u200b\u5185\u200b ip \u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b snat \u200b\u8bbf\u95ee\u200b\u516c\u7f51\u200b
- ovn dnat\uff1a\u200b\u57fa\u4e8e\u200b router lb \u200b\u5b9e\u73b0\u200b, \u200b\u57fa\u4e8e\u200b\u516c\u7f51\u200b ip + \u200b\u7aef\u53e3\u200b \u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b vpc \u200b\u5185\u200b\u7684\u200b \u200b\u4e00\u7ec4\u200b endpoints
"},{"location":"advance/ovn-eip-fip-snat/#1","title":"1. \u200b\u90e8\u7f72","text":"\u200b\u76ee\u524d\u200b\u5141\u8bb8\u200b\u6240\u6709\u200b\uff08\u200b\u9ed8\u8ba4\u200b\u4ee5\u53ca\u200b\u81ea\u5b9a\u4e49\u200b\uff09vpc \u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b provider vlan subnet \u200b\u8d44\u6e90\u200b\uff0c\u200b\u540c\u65f6\u200b\u517c\u5bb9\u200b\u9ed8\u8ba4\u200b VPC EIP/SNAT\u200b\u7684\u200b\u573a\u666f\u200b\u3002
\u200b\u7c7b\u4f3c\u200b neutron ovn\uff0c\u200b\u670d\u52a1\u200b\u542f\u52a8\u200b\u914d\u7f6e\u200b\u4e2d\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b provider network \u200b\u76f8\u5173\u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u4e0b\u8ff0\u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u4e5f\u200b\u662f\u200b\u4e3a\u4e86\u200b\u517c\u5bb9\u200b VPC EIP/SNAT \u200b\u7684\u200b\u5b9e\u73b0\u200b\u3002
\u200b\u90e8\u7f72\u200b\u9636\u6bb5\u200b\uff0c\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u80fd\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b\u9ed8\u8ba4\u200b\u516c\u7f51\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u3002 \u200b\u5982\u679c\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4e2d\u200b\u6ca1\u6709\u200b vlan\uff08\u200b\u4f7f\u7528\u200b vlan 0\uff09\uff0c\u200b\u90a3\u4e48\u200b\u4e0b\u8ff0\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u65e0\u9700\u200b\u914d\u7f6e\u200b\u3002
# \u200b\u90e8\u7f72\u200b\u7684\u200b\u65f6\u5019\u200b\u4f60\u200b\u9700\u8981\u200b\u53c2\u8003\u200b\u4ee5\u4e0a\u200b\u573a\u666f\u200b\uff0c\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\uff0c\u200b\u6309\u200b\u9700\u200b\u6307\u5b9a\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\n# 1. kube-ovn-controller \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b\uff1a\n - --external-gateway-vlanid=204\n - --external-gateway-switch=external204\n\n# 2. kube-ovn-cni \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b:\n - --external-gateway-switch=external204 \n\n### \u200b\u4ee5\u4e0a\u200b\u914d\u7f6e\u200b\u90fd\u200b\u548c\u200b\u4e0b\u9762\u200b\u7684\u200b\u516c\u7f51\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b vlan id \u200b\u548c\u200b\u8d44\u6e90\u200b\u540d\u200b\u4fdd\u6301\u4e00\u81f4\u200b\uff0c\u200b\u76ee\u524d\u200b\u4ec5\u200b\u652f\u6301\u200b\u6307\u5b9a\u200b\u4e00\u4e2a\u200b underlay \u200b\u516c\u7f51\u200b\u4f5c\u4e3a\u200b\u9ed8\u8ba4\u200b\u5916\u90e8\u200b\u516c\u7f51\u200b\u3002\n
\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9879\u200b\u7684\u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u4e3b\u8981\u200b\u8003\u8651\u200b\u4e86\u200b\u5982\u4e0b\u200b\u56e0\u7d20\u200b\uff1a
- \u200b\u57fa\u4e8e\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9879\u200b\u53ef\u4ee5\u200b\u5bf9\u200b\u63a5\u5230\u200b provider network\uff0cvlan\uff0csubnet \u200b\u7684\u200b\u8d44\u6e90\u200b\u3002
- \u200b\u57fa\u4e8e\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9879\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u9ed8\u8ba4\u200b vpc enable_eip_snat \u200b\u529f\u80fd\u200b\u5bf9\u200b\u63a5\u5230\u200b\u5df2\u6709\u200b\u7684\u200b vlan\uff0csubnet \u200b\u8d44\u6e90\u200b\uff0c\u200b\u540c\u65f6\u200b\u652f\u6301\u200b\u516c\u7f51\u200b ip \u200b\u7684\u200b ipam\u3002
- \u200b\u5982\u679c\u200b\u4ec5\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b vpc \u200b\u7684\u200b enable_eip_snat \u200b\u6a21\u5f0f\u200b, \u200b\u4e14\u200b\u4ec5\u200b\u4f7f\u7528\u200b\u65e7\u200b\u7684\u200b\u57fa\u4e8e\u200b pod annotaion \u200b\u7684\u200b fip snat\uff0c\u200b\u90a3\u4e48\u200b\u8fd9\u4e2a\u200b\u914d\u7f6e\u200b\u65e0\u9700\u200b\u914d\u7f6e\u200b\u3002
- \u200b\u57fa\u4e8e\u200b\u8be5\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u4e0d\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b vpc enable_eip_snat \u200b\u6d41\u7a0b\u200b\uff0c\u200b\u4ec5\u200b\u901a\u8fc7\u200b\u5bf9\u5e94\u200b\u5230\u200b vlan\uff0csubnet \u200b\u6d41\u7a0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u517c\u5bb9\u200b\u4ec5\u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u4f7f\u7528\u200b eip snat \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\u3002
"},{"location":"advance/ovn-eip-fip-snat/#11-underlay","title":"1.1 \u200b\u51c6\u5907\u200b underlay \u200b\u516c\u7f51\u200b\u7f51\u7edc","text":"# \u200b\u51c6\u5907\u200b provider-network\uff0c vlan\uff0c subnet\n# cat 01-provider-network.yaml\napiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: external204\nspec:\n defaultInterface: vlan\n# cat 02-vlan.yaml\napiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan204\nspec:\n id: 204\n provider: external204\n# cat 03-vlan-subnet.yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: external204\nspec:\n protocol: IPv4\n cidrBlock: 10.5.204.0/24\n gateway: 10.5.204.254\n vlan: vlan204\n excludeIps:\n - 10.5.204.1..10.5.204.100\n
"},{"location":"advance/ovn-eip-fip-snat/#12-vpc-eip_snat","title":"1.2 \u200b\u9ed8\u8ba4\u200b vpc \u200b\u542f\u7528\u200b eip_snat","text":"# \u200b\u542f\u7528\u200b\u9ed8\u8ba4\u200b vpc \u200b\u548c\u200b\u4e0a\u8ff0\u200b underlay \u200b\u516c\u7f51\u200b provider subnet \u200b\u4e92\u8054\u200b\ncat 00-centralized-external-gw-no-ip.yaml\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-external-gw-config\n namespace: kube-system\ndata:\n enable-external-gw: \"true\"\n external-gw-nodes: \"pc-node-1,pc-node-2,pc-node-3\"\n type: \"centralized\" \n external-gw-nic: \"vlan\" # \u200b\u7528\u4e8e\u200b\u63a5\u5165\u200b ovs \u200b\u516c\u7f51\u200b\u7f51\u6865\u200b\u7684\u200b\u7f51\u5361\u200b\n external-gw-addr: \"10.5.204.254/24\" # underlay \u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u7684\u200b ip\n
\u200b\u76ee\u524d\u200b\u8be5\u200b\u529f\u80fd\u200b\u5df2\u200b\u652f\u6301\u200b\u53ef\u4ee5\u200b\u4e0d\u200b\u6307\u5b9a\u200b lrp ip \u200b\u548c\u200b mac\uff0c\u200b\u5df2\u200b\u652f\u6301\u200b\u81ea\u52a8\u200b\u83b7\u53d6\u200b\uff0c\u200b\u521b\u5efa\u200b lrp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn eip \u200b\u8d44\u6e90\u200b\u3002
\u200b\u5982\u679c\u200b\u6307\u5b9a\u200b\u4e86\u200b\uff0c\u200b\u5219\u200b\u76f8\u5f53\u4e8e\u200b\u6307\u5b9a\u200b ip \u200b\u521b\u5efa\u200b lrp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn-eip\u3002 \u200b\u5f53\u7136\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u63d0\u524d\u200b\u624b\u52a8\u200b\u521b\u5efa\u200b lrp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn eip\u3002
"},{"location":"advance/ovn-eip-fip-snat/#13-vpc-eip-snat-fip","title":"1.3 \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u542f\u7528\u200b eip snat fip \u200b\u529f\u80fd","text":"# cat 00-ns.yml\napiVersion: v1\nkind: Namespace\nmetadata:\n name: vpc1\n\n# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc1\nspec:\n namespaces:\n - vpc1\n enableExternal: true\n# vpc \u200b\u542f\u7528\u200b enableExternal \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u521b\u5efa\u200b lrp \u200b\u5173\u8054\u200b\u5230\u200b\u4e0a\u8ff0\u200b\u6307\u5b9a\u200b\u7684\u200b\u516c\u7f51\u200b\n\n# cat 02-subnet.yml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: vpc1-subnet1\nspec:\n cidrBlock: 192.168.0.0/24\n default: false\n disableGatewayCheck: false\n disableInterConnection: true\n enableEcmp: true\n gatewayNode: \"\"\n gatewayType: distributed\n #gatewayType: centralized\n natOutgoing: false\n private: false\n protocol: IPv4\n provider: ovn\n vpc: vpc1\n namespaces:\n - vpc1\n\n# \u200b\u8fd9\u91cc\u200b\u5b50\u7f51\u200b\u548c\u200b\u4e4b\u524d\u200b\u4f7f\u7528\u200b\u5b50\u7f51\u200b\u4e00\u6837\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u5728\u200b subnet \u200b\u4e0a\u200b\u6ca1\u6709\u200b\u65b0\u589e\u200b\u5c5e\u6027\u200b\uff0c\u200b\u6ca1\u6709\u200b\u4efb\u4f55\u200b\u53d8\u66f4\u200b\n
\u200b\u4ee5\u4e0a\u200b\u6a21\u677f\u200b\u5e94\u7528\u200b\u540e\u200b\uff0c\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\u5b58\u5728\u200b
# k ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 21d853b0-f7b4-40bd-9a53-31d2e2745739\n external ip: \"10.5.204.115\"\n logical ip: \"192.168.0.0/24\"\n type: \"snat\"\n
# k ko nbctl lr-route-list vpc1\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 10.5.204.254 dst-ip\n# \u200b\u76ee\u524d\u200b\u8be5\u200b\u8def\u7531\u200b\u5df2\u200b\u81ea\u52a8\u200b\u7ef4\u62a4\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#2-ovn-eip","title":"2. ovn-eip","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u548c\u200b iptables-eip \u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u57fa\u672c\u4e00\u81f4\u200b\uff0covn-eip \u200b\u76ee\u524d\u200b\u6709\u200b\u4e09\u79cd\u200b type
- nat: \u200b\u7528\u4e8e\u200b ovn dnat\uff0cfip, snat, \u200b\u8fd9\u4e9b\u200b nat \u200b\u7c7b\u578b\u200b\u4f1a\u200b\u8bb0\u5f55\u200b\u5728\u200b status \u200b\u4e2d\u200b
- lrp: Resources connected to the public network from a vpc can be used by nat
- lsp: \u200b\u7528\u4e8e\u200b ovn \u200b\u57fa\u4e8e\u200b bfd \u200b\u7684\u200b ecmp \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u573a\u666f\u200b\uff0c\u200b\u5728\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u4e0a\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b ovs internal port \u200b\u4f5c\u4e3a\u200b ecmp \u200b\u8def\u7531\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b
---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: external204\n type: nat\n\n# \u200b\u52a8\u6001\u5206\u914d\u200b\u4e00\u4e2a\u200b eip \u200b\u8d44\u6e90\u200b\uff0c\u200b\u8be5\u200b\u8d44\u6e90\u200b\u9884\u7559\u200b\u7528\u4e8e\u200b fip \u200b\u573a\u666f\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#21-ovn-fip-pod-fip","title":"2.1 ovn-fip \u200b\u4e3a\u200b pod \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b fip","text":"# k get po -o wide -n vpc1 vpc-1-busybox01\nNAME READY STATUS RESTARTS AGE IP NODE\nvpc-1-busybox01 1/1 Running 0 3d15h 192.168.0.2 pc-node-2\n\n# k get ip vpc-1-busybox01.vpc1\nNAME V4IP V6IP MAC NODE SUBNET\nvpc-1-busybox01.vpc1 192.168.0.2 00:00:00:0A:DD:27 pc-node-2 vpc1-subnet1\n\n---\n\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnFip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n ovnEip: eip-static\n ipName: vpc-1-busybox01.vpc1 # \u200b\u6ce8\u610f\u200b\u8fd9\u91cc\u200b\u662f\u200b ip crd \u200b\u7684\u200b\u540d\u5b57\u200b\uff0c\u200b\u5177\u6709\u200b\u552f\u4e00\u6027\u200b\n
# k get ofip\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-for-vip vpc1 10.5.204.106 192.168.0.3 true vip test-fip-vip\neip-static vpc1 10.5.204.101 192.168.0.2 true vpc-1-busybox01.vpc1\n# k get ofip eip-static\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-static vpc1 10.5.204.101 192.168.0.2 true vpc-1-busybox01.vpc1\n\n[root@pc-node-1 03-cust-vpc]# ping 10.5.204.101\nPING 10.5.204.101 (10.5.204.101) 56(84) bytes of data.\n64 bytes from 10.5.204.101: icmp_seq=2 ttl=62 time=1.21 ms\n64 bytes from 10.5.204.101: icmp_seq=3 ttl=62 time=0.624 ms\n64 bytes from 10.5.204.101: icmp_seq=4 ttl=62 time=0.368 ms\n^C\n--- 10.5.204.101 ping statistics ---\n4 packets transmitted, 3 received, 25% packet loss, time 3049ms\nrtt min/avg/max/mdev = 0.368/0.734/1.210/0.352 ms\n[root@pc-node-1 03-cust-vpc]#\n\n# \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5728\u200b node ping \u200b\u9ed8\u8ba4\u200b vpc \u200b\u4e0b\u200b\u7684\u200b pod \u200b\u7684\u200b\u516c\u7f51\u200b ip \u200b\u662f\u200b\u80fd\u901a\u200b\u7684\u200b\n
# \u200b\u8be5\u200b\u516c\u7f51\u200b ip \u200b\u80fd\u901a\u200b\u7684\u200b\u5173\u952e\u200b\u8d44\u6e90\u200b\u4e3b\u8981\u200b\u5305\u62ec\u200b\u4ee5\u4e0b\u200b\u90e8\u5206\u200b\n# k ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 813523e7-c68c-408f-bd8c-cba30cb2e4f4\n external ip: \"10.5.204.101\"\n logical ip: \"192.168.0.2\"\n type: \"dnat_and_snat\"\n
"},{"location":"advance/ovn-eip-fip-snat/#22-ovn-fip-vip-fip","title":"2.2 ovn-fip \u200b\u4e3a\u200b vip \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b fip","text":"\u200b\u4e3a\u4e86\u200b\u4fbf\u4e8e\u200b\u4e00\u4e9b\u200b vip \u200b\u573a\u666f\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u6bd4\u5982\u200b kubevirt \u200b\u865a\u62df\u673a\u200b\u5185\u90e8\u200b\u6211\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u4f7f\u7528\u200b\u4e00\u4e9b\u200b vip \u200b\u63d0\u4f9b\u200b\u7ed9\u200b keepalived\uff0ckube-vip \u200b\u7b49\u200b\u573a\u666f\u200b\u6765\u200b\u4f7f\u7528\u200b\uff0c\u200b\u540c\u65f6\u200b\u652f\u6301\u200b\u516c\u7f51\u200b\u8bbf\u95ee\u200b\u3002
\u200b\u90a3\u4e48\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b fip \u200b\u7ed1\u5b9a\u200b vpc \u200b\u5185\u90e8\u200b\u7684\u200b vip \u200b\u7684\u200b\u65b9\u5f0f\u200b\u6765\u200b\u63d0\u4f9b\u200b vip \u200b\u7684\u200b\u516c\u7f51\u200b\u80fd\u529b\u200b\u3002
# \u200b\u5148\u200b\u521b\u5efa\u200b vip\uff0ceip\uff0c\u200b\u518d\u200b\u5c06\u200b eip \u200b\u7ed1\u5b9a\u200b\u5230\u200b vip\n# cat vip.yaml\napiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: test-fip-vip\nspec:\n subnet: vpc1-subnet1\n\n# cat 04-fip.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-for-vip\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnFip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-for-vip\nspec:\n ovnEip: eip-for-vip\n ipType: vip # \u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b fip \u200b\u662f\u200b\u9762\u5411\u200b pod ip \u200b\u7684\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u9700\u8981\u200b\u6807\u6ce8\u200b\u6307\u5b9a\u200b\u5bf9\u200b\u63a5\u5230\u200b vip \u200b\u8d44\u6e90\u200b\n ipName: test-fip-vip\n
# k get ofip\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-for-vip vpc1 10.5.204.106 192.168.0.3 true vip test-fip-vip\n\n\n[root@pc-node-1 fip-vip]# ping 10.5.204.106\nPING 10.5.204.106 (10.5.204.106) 56(84) bytes of data.\n64 bytes from 10.5.204.106: icmp_seq=1 ttl=62 time=0.694 ms\n64 bytes from 10.5.204.106: icmp_seq=2 ttl=62 time=0.436 ms\n\n# \u200b\u5728\u200b node \u200b\u4e0a\u200b\u662f\u200b ping \u200b\u5f97\u901a\u200b\u7684\u200b\n\n\n# pod \u200b\u5185\u90e8\u200b\u7684\u200b ip \u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u5927\u81f4\u200b\u5c31\u662f\u200b\u5982\u4e0b\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\n\n[root@pc-node-1 fip-vip]# k -n vpc1 exec -it vpc-1-busybox03 -- bash\n[root@vpc-1-busybox03 /]#\n[root@vpc-1-busybox03 /]#\n[root@vpc-1-busybox03 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1568: eth0@if1569: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:56:40:e5 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.5/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet 192.168.0.3/24 scope global secondary eth0 # \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b vip \u200b\u7684\u200b\u914d\u7f6e\u200b\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe56:40e5/64 scope link\n valid_lft forever preferred_lft forever\n\n[root@vpc-1-busybox03 /]# tcpdump -i eth0 host 192.168.0.3 -netvv\ntcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes\n00:00:00:ed:8e:c7 > 00:00:00:56:40:e5, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 44830, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.32.51 > 192.168.0.3: ICMP echo request, id 177, seq 1, length 64\n00:00:00:56:40:e5 > 00:00:00:ed:8e:c7, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 43962, offset 0, flags [none], proto ICMP (1), length 84)\n 192.168.0.3 > 10.5.32.51: ICMP echo reply, id 177, seq 1, length 64\n\n# pod \u200b\u5185\u90e8\u200b\u53ef\u4ee5\u200b\u6293\u200b\u5230\u200b fip \u200b\u76f8\u5173\u200b\u7684\u200b icmp \u200b\u5305\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#3-ovn-snat","title":"3. ovn-snat","text":""},{"location":"advance/ovn-eip-fip-snat/#31-ovn-snat-subnet-cidr","title":"3.1 ovn-snat \u200b\u5bf9\u5e94\u200b\u4e00\u4e2a\u200b subnet \u200b\u7684\u200b cidr","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u548c\u200b iptables-snat \u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u57fa\u672c\u4e00\u81f4\u200b
# cat 03-subnet-snat.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-subnet-in-vpc\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-subnet-in-vpc\nspec:\n ovnEip: snat-for-subnet-in-vpc\n vpcSubnet: vpc1-subnet1 # eip \u200b\u5bf9\u5e94\u200b\u6574\u4e2a\u200b\u7f51\u6bb5\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#32-ovn-snat-pod-ip","title":"3.2 ovn-snat \u200b\u5bf9\u5e94\u200b\u5230\u200b\u4e00\u4e2a\u200b pod ip","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u548c\u200b iptables-snat \u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u57fa\u672c\u4e00\u81f4\u200b
# cat 03-pod-snat.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-pod-vpc-ip\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat01\nspec:\n ovnEip: snat-for-pod-vpc-ip\n ipName: vpc-1-busybox02.vpc1 # eip \u200b\u5bf9\u5e94\u200b\u5355\u4e2a\u200b pod ip\n
\u200b\u4ee5\u4e0a\u200b\u8d44\u6e90\u200b\u521b\u5efa\u200b\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b snat \u200b\u516c\u7f51\u200b\u529f\u80fd\u200b\u4f9d\u8d56\u200b\u7684\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\u3002
# kubectl ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 21d853b0-f7b4-40bd-9a53-31d2e2745739\n external ip: \"10.5.204.115\"\n logical ip: \"192.168.0.0/24\"\n type: \"snat\"\n nat da77a11f-c523-439c-b1d1-72c664196a0f\n external ip: \"10.5.204.116\"\n logical ip: \"192.168.0.4\"\n type: \"snat\"\n
[root@pc-node-1 03-cust-vpc]# k get po -A -o wide | grep busy\nvpc1 vpc-1-busybox01 1/1 Running 0 3d15h 192.168.0.2 pc-node-2 <none> <none>\nvpc1 vpc-1-busybox02 1/1 Running 0 17h 192.168.0.4 pc-node-1 <none> <none>\nvpc1 vpc-1-busybox03 1/1 Running 0 17h 192.168.0.5 pc-node-1 <none> <none>\nvpc1 vpc-1-busybox04 1/1 Running 0 17h 192.168.0.6 pc-node-3 <none> <none>\nvpc1 vpc-1-busybox05 1/1 Running 0 17h 192.168.0.7 pc-node-1 <none> <none>\n\n# k exec -it -n vpc1 vpc-1-busybox04 bash\nkubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.\n[root@vpc-1-busybox04 /]#\n[root@vpc-1-busybox04 /]#\n[root@vpc-1-busybox04 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n17095: eth0@if17096: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:76:94:55 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.6/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe76:9455/64 scope link\n valid_lft forever preferred_lft forever\n[root@vpc-1-busybox04 /]# ping 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=1 ttl=114 time=22.2 ms\n64 bytes from 223.5.5.5: icmp_seq=2 ttl=114 time=21.8 ms\n\n[root@pc-node-1 03-cust-vpc]# k exec -it -n vpc1 vpc-1-busybox02 bash\nkubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1566: eth0@if1567: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:0b:e9:d0 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.4/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe0b:e9d0/64 scope link\n valid_lft forever preferred_lft forever\n[root@vpc-1-busybox02 /]# ping 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=2 ttl=114 time=22.7 ms\n64 bytes from 223.5.5.5: icmp_seq=3 ttl=114 time=22.6 ms\n64 bytes from 223.5.5.5: icmp_seq=4 ttl=114 time=22.1 ms\n^C\n--- 223.5.5.5 ping statistics ---\n4 packets transmitted, 3 received, 25% packet loss, time 3064ms\nrtt min/avg/max/mdev = 22.126/22.518/22.741/0.278 ms\n\n# \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u4e24\u4e2a\u200b pod \u200b\u53ef\u4ee5\u200b\u5206\u522b\u200b\u57fa\u4e8e\u200b\u8fd9\u200b\u4e24\u79cd\u200b snat \u200b\u8d44\u6e90\u200b\u4e0a\u200b\u5916\u7f51\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#4-ovn-dnat","title":"4. ovn-dnat","text":""},{"location":"advance/ovn-eip-fip-snat/#41-ovn-dnat-pod-dnat","title":"4.1 ovn-dnat \u200b\u4e3a\u200b pod \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b dnat","text":"kind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: underlay\n---\nkind: OvnDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-dnat\nspec:\n ovnEip: eip-dnat\n ipName: vpc-1-busybox01.vpc1 # \u200b\u6ce8\u610f\u200b\u8fd9\u91cc\u200b\u662f\u200b pod ip crd \u200b\u7684\u200b\u540d\u5b57\u200b\uff0c\u200b\u5177\u6709\u200b\u552f\u4e00\u6027\u200b\n protocol: tcp\n internalPort: \"22\"\n externalPort: \"22\"\n
OvnDnatRule \u200b\u7684\u200b\u914d\u7f6e\u200b\u4e0e\u200b IptablesDnatRule \u200b\u7c7b\u4f3c\u200b
# kubectl get oeip eip-dnat\nNAME V4IP V6IP MAC TYPE READY\neip-dnat 10.5.49.4 00:00:00:4D:CE:49 dnat true\n\n# kubectl get odnat\nNAME EIP PROTOCOL V4EIP V4IP INTERNALPORT EXTERNALPORT IPNAME READY\neip-dnat eip-dnat tcp 10.5.49.4 192.168.0.3 22 22 vpc-1-busybox01.vpc1 true\n
"},{"location":"advance/ovn-eip-fip-snat/#42-ovn-dnat-vip-dnat","title":"4.2 ovn-dnat \u200b\u4e3a\u200b vip \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b dnat","text":"kind: OvnDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-dnat\nspec:\n ipType: vip # \u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b dnat \u200b\u662f\u200b\u9762\u5411\u200b pod ip \u200b\u7684\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u9700\u8981\u200b\u6807\u6ce8\u200b\u6307\u5b9a\u200b\u5bf9\u200b\u63a5\u5230\u200b vip \u200b\u8d44\u6e90\u200b\n ovnEip: eip-dnat\n ipName: test-dnat-vip\n protocol: tcp\n internalPort: \"22\"\n externalPort: \"22\"\n
OvnDnatRule \u200b\u7684\u200b\u914d\u7f6e\u200b\u4e0e\u200b IptablesDnatRule \u200b\u7c7b\u4f3c\u200b
# kubectl get vip test-dnat-vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\ntest-dnat-vip 192.168.0.4 00:00:00:D0:C0:B5 vpc1-subnet1 true\n\n# kubectl get oeip eip-dnat\nNAME V4IP V6IP MAC TYPE READY\neip-dnat 10.5.49.4 00:00:00:4D:CE:49 dnat true\n\n# kubectl get odnat eip-dnat \nNAME EIP PROTOCOL V4EIP V4IP INTERNALPORT EXTERNALPORT IPNAME READY\neip-dnat eip-dnat tcp 10.5.49.4 192.168.0.4 22 22 test-dnat-vip true\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-ipsec/","title":"\u4f7f\u7528\u200b IPsec \u200b\u52a0\u5bc6\u200b\u8282\u70b9\u200b\u95f4\u901a\u4fe1","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u4ece\u200b v1.10.11 \u200b\u548c\u200b v1.11.4 \u200b\u540e\u200b\u5f00\u59cb\u200b\u652f\u6301\u200b\uff0ckernel \u200b\u7248\u672c\u200b\u81f3\u5c11\u200b\u662f\u200b 3.10.0 \u200b\u4ee5\u4e0a\u200b\uff0c\u200b\u540c\u65f6\u200b\u9700\u8981\u200b\u4fdd\u8bc1\u200b\u4e3b\u673a\u200b UDP 500 \u200b\u548c\u200b 4500 \u200b\u7aef\u53e3\u200b\u53ef\u7528\u200b\u3002
"},{"location":"advance/ovn-ipsec/#ipsec_1","title":"\u542f\u52a8\u200b IPsec","text":"\u200b\u4ece\u200b Kube-OVN \u200b\u6e90\u7801\u200b\u62f7\u8d1d\u200b\u811a\u672c\u200b ipsec.sh\uff0c\u200b\u6267\u884c\u547d\u4ee4\u200b\u5982\u4e0b\u200b\uff0c\u200b\u8be5\u200b\u811a\u672c\u200b\u4f1a\u200b\u8c03\u7528\u200b ovs-pki \u200b\u751f\u6210\u200b\u548c\u200b\u5206\u914d\u200b\u52a0\u5bc6\u200b\u9700\u8981\u200b\u7684\u200b\u8bc1\u4e66\u200b\uff1a
bash ipsec.sh init\n
\u200b\u6267\u884c\u200b\u5b8c\u6bd5\u200b\u540e\u200b\uff0c\u200b\u8282\u70b9\u200b\u4e4b\u95f4\u200b\u4f1a\u200b\u534f\u5546\u200b\u4e00\u6bb5\u65f6\u95f4\u200b\u5efa\u7acb\u200b IPsec \u200b\u96a7\u9053\u200b\uff0c\u200b\u7ecf\u9a8c\u503c\u200b\u662f\u200b\u5341\u51e0\u79d2\u200b\u5230\u200b\u4e00\u5206\u949f\u200b\u4e4b\u95f4\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5982\u4e0b\u200b\u547d\u4ee4\u200b\u6765\u200b\u67e5\u770b\u200b IPsec \u200b\u72b6\u6001\u200b\uff1a
# bash ipsec.sh status\n Pod {ovs-ovn-d7hdt} ipsec status...\nInterface name: ovn-a4718e-0 v1 (CONFIGURED)\n Tunnel Type: geneve\n Local IP: 172.18.0.2\n Remote IP: 172.18.0.4\n Address Family: IPv4\n SKB mark: None\n Local cert: /etc/ipsec.d/certs/8aebd9df-46ef-47b9-85e3-73e9a765296d-cert.pem\n Local name: 8aebd9df-46ef-47b9-85e3-73e9a765296d\n Local key: /etc/ipsec.d/private/8aebd9df-46ef-47b9-85e3-73e9a765296d-privkey.pem\n Remote cert: None\n Remote name: a4718e55-5b85-4f46-90e6-63527d080590\n CA cert: /etc/ipsec.d/cacerts/cacert.pem\n PSK: None\n Custom Options: {}\n Ofport: 2\n CFM state: Disabled\nKernel policies installed:\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\nKernel security associations installed:\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\nIPsec connections that are active:\n\n Pod {ovs-ovn-fvbbj} ipsec status...\nInterface name: ovn-8aebd9-0 v1 (CONFIGURED)\n Tunnel Type: geneve\n Local IP: 172.18.0.4\n Remote IP: 172.18.0.2\n Address Family: IPv4\n SKB mark: None\n Local cert: /etc/ipsec.d/certs/a4718e55-5b85-4f46-90e6-63527d080590-cert.pem\n Local name: a4718e55-5b85-4f46-90e6-63527d080590\n Local key: /etc/ipsec.d/private/a4718e55-5b85-4f46-90e6-63527d080590-privkey.pem\n Remote cert: None\n Remote name: 8aebd9df-46ef-47b9-85e3-73e9a765296d\n CA cert: /etc/ipsec.d/cacerts/cacert.pem\n PSK: None\n Custom Options: {}\n Ofport: 1\n CFM state: Disabled\nKernel policies installed:\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\nKernel security associations installed:\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\nIPsec connections that are active:\n
\u200b\u5efa\u7acb\u200b\u5b8c\u6210\u200b\u540e\u200b\u53ef\u4ee5\u200b\u6293\u5305\u200b\u89c2\u5bdf\u200b\u62a5\u6587\u200b\u5df2\u7ecf\u200b\u88ab\u200b\u52a0\u5bc6\u200b\uff1a
# tcpdump -i eth0 -nel esp\n10:01:40.349896 IP kube-ovn-worker > kube-ovn-control-plane.kind: ESP(spi=0xcc91322a,seq=0x13d0), length 156\n10:01:40.350015 IP kube-ovn-control-plane.kind > kube-ovn-worker: ESP(spi=0xc8df4221,seq=0x1d37), length 156\n
\u200b\u5f53\u200b\u6267\u884c\u200b\u5b8c\u200b\u811a\u672c\u200b\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u6267\u884c\u547d\u4ee4\u200b\u5173\u95ed\u200b IPsec\uff1a
# bash ipsec.sh stop\n
\u200b\u6216\u8005\u200b\u6267\u884c\u547d\u4ee4\u200b\u518d\u6b21\u200b\u6253\u5f00\u200b\uff1a
# bash ipsec.sh start\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/","title":"OVN SNAT \u200b\u57fa\u4e8e\u200b ECMP BFD \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u7684\u200b L3 HA \u200b\u652f\u6301","text":"\u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u57fa\u4e8e\u200b ovn snat \u200b\u540e\u200b\u57fa\u4e8e\u200b ecmp \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u54c8\u5e0c\u200b\u5230\u200b\u591a\u4e2a\u200b gw node ovnext0 \u200b\u7f51\u5361\u200b\u51fa\u200b\u516c\u7f51\u200b
- \u200b\u652f\u6301\u200b\u57fa\u4e8e\u200b bfd \u200b\u7684\u200b\u9ad8\u200b\u53ef\u7528\u200b
- \u200b\u4ec5\u200b\u652f\u6301\u200b hash \u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b
graph LR\n\npod-->vpc-subnet-->vpc-->snat-->ecmp-->external-subnet-->gw-node1-ovnext0--> node1-external-switch\nexternal-subnet-->gw-node2-ovnext0--> node2-external-switch\nexternal-subnet-->gw-node3-ovnext0--> node3-external-switch
\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u548c\u200bovn-eip-fip-snat.md \u200b\u57fa\u672c\u4e00\u81f4\u200b\uff0c\u200b\u4e00\u81f4\u200b\u7684\u200b\u90e8\u5206\u200b\u5305\u62ec\u200b install.sh \u200b\u7684\u200b\u90e8\u7f72\u200b\u90e8\u5206\u200b\uff0cprovider-network\uff0cvlan\uff0csubnet \u200b\u7684\u200b\u51c6\u5907\u200b\u90e8\u5206\u200b\u3002
\u200b\u81f3\u4e8e\u200b\u4e0d\u200b\u76f8\u540c\u200b\u7684\u200b\u90e8\u5206\u200b\uff0c\u200b\u4f1a\u200b\u5728\u200b\u4ee5\u4e0b\u200b\u90e8\u5206\u200b\u5177\u4f53\u200b\u9610\u8ff0\u200b\uff0c\u200b\u4e3b\u8981\u200b\u5305\u62ec\u200b lsp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn-eip \u200b\u7684\u200b\u521b\u5efa\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u57fa\u4e8e\u200b vpc enable_bfd \u200b\u81ea\u52a8\u200b\u7ef4\u62a4\u200b bfd \u200b\u4ee5\u53ca\u200b ecmp \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u3002
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#1","title":"1. \u200b\u90e8\u7f72","text":""},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#11-underlay","title":"1.1 \u200b\u51c6\u5907\u200b underlay \u200b\u516c\u7f51\u200b\u7f51\u7edc","text":""},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#12-vpc-eip_snat","title":"1.2 \u200b\u9ed8\u8ba4\u200b vpc \u200b\u542f\u7528\u200b eip_snat","text":""},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#13-vpc-eip-snat-fip","title":"1.3 \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u542f\u7528\u200b eip snat fip \u200b\u529f\u80fd","text":"\u200b\u4ee5\u4e0a\u200b\u90e8\u5206\u200b\u548c\u200b ovn-eip-fip-snat.md \u200b\u5b8c\u5168\u4e00\u81f4\u200b\uff0c\u200b\u8fd9\u4e9b\u200b\u529f\u80fd\u200b\u9a8c\u8bc1\u200b\u901a\u8fc7\u200b\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u57fa\u4e8e\u200b\u5982\u4e0b\u200b\u65b9\u5f0f\u200b\uff0c\u200b\u5c06\u200b vpc \u200b\u5207\u6362\u200b\u5230\u200b\u57fa\u4e8e\u200b ecmp \u200b\u7684\u200b bfd \u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff0c\u200b\u5f53\u7136\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u5207\u56de\u200b\u3002
\u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u4f7f\u7528\u200b\u8be5\u200b\u529f\u80fd\u200b\u4e4b\u524d\u200b\uff0c\u200b\u9700\u8981\u200b\u5148\u200b\u63d0\u4f9b\u200b\u597d\u7f51\u200b\u5173\u8282\u70b9\u200b\uff0c\u200b\u81f3\u5c11\u200b\u9700\u8981\u200b\u63d0\u4f9b\u200b 2 \u200b\u4e2a\u200b\u4ee5\u4e0a\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\uff0c\u200b\u6ce8\u610f\u200b\u5f53\u524d\u200b\u5b9e\u73b0\u200b ovn-eip \u200b\u7684\u200b\u540d\u5b57\u200b\u5fc5\u987b\u200b\u548c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u540d\u200b\u4fdd\u6301\u4e00\u81f4\u200b\uff0c\u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u505a\u200b\u8be5\u200b\u8d44\u6e90\u200b\u7684\u200b\u81ea\u52a8\u5316\u200b\u7ef4\u62a4\u200b\u3002
# cat gw-node-eip.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-1\nspec:\n externalSubnet: external204\n type: lsp\n\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-2\nspec:\n externalSubnet: external204\n type: lsp\n\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-3\nspec:\n externalSubnet: external204\n type: lsp\n
\u200b\u7531\u4e8e\u200b\u8fd9\u4e2a\u200b\u573a\u666f\u200b\u76ee\u524d\u200b\u8bbe\u8ba1\u200b\u4e0a\u200b\u662f\u200b\u4f9b\u200b vpc ecmp \u200b\u51fa\u200b\u516c\u7f51\u200b\u4f7f\u7528\u200b\uff0c\u200b\u6240\u4ee5\u200b\u4ee5\u4e0a\u200b\u5728\u200b\u6ca1\u6709\u200b vpc \u200b\u542f\u7528\u200b bfd \u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u5373\u200b\u4e0d\u200b\u5b58\u5728\u200b\u5e26\u6709\u200b enable bfd \u200b\u6807\u7b7e\u200b\u7684\u200b lrp \u200b\u7684\u200b ovn eip \u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u4e0d\u4f1a\u200b\u89e6\u53d1\u200b\u521b\u5efa\u200b\u7f51\u5173\u200b\u7f51\u5361\u200b\uff0c\u200b\u4e5f\u200b\u65e0\u6cd5\u200b\u6210\u529f\u200b\u542f\u52a8\u200b\u5bf9\u7aef\u200b bfd \u200b\u4f1a\u8bdd\u200b\u7684\u200b\u76d1\u542c\u200b\u3002
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#2-vpc-ecmp-bfd-l3-ha","title":"2. \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u542f\u7528\u200b ecmp bfd L3 HA \u200b\u516c\u7f51\u200b\u529f\u80fd","text":"# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc1\nspec:\n namespaces:\n - vpc1\n enableExternal: true\n enableBfd: true # bfd \u200b\u5f00\u5173\u200b\u53ef\u4ee5\u200b\u968f\u610f\u200b\u5207\u6362\u200b\uff0c\u200b\u5f00\u200b\u8868\u793a\u200b\u542f\u7528\u200b bfd ecmp \u200b\u8def\u7531\u200b\n #enableBfd: false \n\n\n# cat 02-subnet.yml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: vpc1-subnet1\nspec:\n cidrBlock: 192.168.0.0/24\n default: false\n disableGatewayCheck: false\n disableInterConnection: true\n enableEcmp: true # \u200b\u53ea\u200b\u9700\u200b\u5f00\u542f\u200b ecmp\n gatewayNode: \"\"\n gatewayType: distributed\n #gatewayType: centralized\n natOutgoing: false\n private: false\n protocol: IPv4\n provider: ovn\n vpc: vpc1\n namespaces:\n - vpc1\n
\u200b\u4f7f\u7528\u200b\u4e0a\u200b\u7684\u200b\u6ce8\u610f\u200b\u70b9\u200b:
- \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u4e0b\u200b\u7684\u200b ecmp \u200b\u53ea\u7528\u200b\u9759\u6001\u200b ecmp bfd \u200b\u8def\u7531\u200b\uff0cvpc enableBfd \u200b\u548c\u200b subnet enableEcmp \u200b\u540c\u65f6\u200b\u5f00\u542f\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u624d\u200b\u4f1a\u200b\u751f\u6548\u200b\uff0c\u200b\u624d\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ba1\u7406\u200b\u9759\u6001\u200b ecmp bfd \u200b\u8def\u7531\u200b\u3002
- \u200b\u4e0a\u8ff0\u200b\u914d\u7f6e\u200b\u5173\u95ed\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5207\u56de\u200b\u5e38\u89c4\u200b\u9ed8\u8ba4\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u3002
- \u200b\u9ed8\u8ba4\u200b vpc \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\u8be5\u200b\u529f\u80fd\u200b\uff0c\u200b\u4ec5\u200b\u652f\u6301\u200b\u81ea\u5b9a\u4e49\u200b vpc\uff0c\u200b\u9ed8\u8ba4\u200b vpc \u200b\u6709\u200b\u66f4\u200b\u590d\u6742\u200b\u7684\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4ee5\u53ca\u200b snat \u200b\u8bbe\u8ba1\u200b\u3002
- \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u7684\u200b subnet \u200b\u7684\u200b enableEcmp \u200b\u4ec5\u200b\u4f7f\u7528\u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff0c\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b gatewayType \u200b\u6ca1\u6709\u200b\u4f5c\u7528\u200b\u3002
- \u200b\u5f53\u200b\u5173\u95ed\u200b EnableExternal \u200b\u65f6\u200b\uff0cvpc \u200b\u5185\u200b\u65e0\u6cd5\u200b\u901a\u5916\u200b\u7f51\u200b\u3002
- \u200b\u5f53\u200b\u5f00\u542f\u200b EnableExternal \u200b\u65f6\u200b\uff0c\u200b\u5173\u95ed\u200b EnableBfd \u200b\u65f6\u200b\uff0c\u200b\u4f1a\u200b\u57fa\u4e8e\u200b\u666e\u901a\u200b\u9ed8\u8ba4\u200b\u8def\u7531\u200b\u4e0a\u200b\u5916\u7f51\u200b\uff0c\u200b\u4e0d\u200b\u5177\u5907\u200b\u9ad8\u200b\u53ef\u7528\u200b\u3002
# \u200b\u4e0a\u8ff0\u200b\u6a21\u677f\u200b\u5e94\u7528\u200b\u540e\u200b ovn \u200b\u903b\u8f91\u200b\u5c42\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\n# \u200b\u67e5\u770b\u200b vpc\n# k get vpc\nNAME ENABLEEXTERNAL ENABLEBFD STANDBY SUBNETS NAMESPACES\novn-cluster true true [\"external204\",\"join\",\"ovn-default\"]\nvpc1 true true true [\"vpc1-subnet1\"] [\"vpc1\"]\n\n# \u200b\u9ed8\u8ba4\u200b vpc \u200b\u672a\u200b\u652f\u6301\u200b ENABLEBFD\n# \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u5df2\u200b\u652f\u6301\u200b\u4e14\u200b\u5df2\u200b\u542f\u7528\u200b\n\n\n# 1. \u200b\u521b\u5efa\u200b\u4e86\u200b bfd \u200b\u4f1a\u8bdd\u200b\n# k ko nbctl list bfd\n_uuid : be7df545-2c4c-4751-878f-b3507987f050\ndetect_mult : 3\ndst_ip : \"10.5.204.121\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n_uuid : 684c4489-5b59-4693-8d8c-3beab93f8093\ndetect_mult : 3\ndst_ip : \"10.5.204.109\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n_uuid : f0f62077-2ae9-4e79-b4f8-a446ec6e784c\ndetect_mult : 3\ndst_ip : \"10.5.204.108\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n### \u200b\u6ce8\u610f\u200b\u6240\u6709\u200b status \u200b\u6b63\u5e38\u200b\u90fd\u200b\u5e94\u8be5\u200b\u662f\u200b up \u200b\u7684\u200b\n\n# 2. \u200b\u521b\u5efa\u200b\u4e86\u200b\u57fa\u4e8e\u200b bfd \u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\n# k ko nbctl lr-route-list vpc1\nIPv4 Routes\nRoute Table <main>:\n 192.168.0.0/24 10.5.204.108 src-ip ecmp ecmp-symmetric-reply bfd\n 192.168.0.0/24 10.5.204.109 src-ip ecmp ecmp-symmetric-reply bfd\n 192.168.0.0/24 10.5.204.121 src-ip ecmp ecmp-symmetric-reply bfd\n\n# 3. \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u8be6\u60c5\u200b\n# k ko nbctl find Logical_Router_Static_Route policy=src-ip options=ecmp_symmetric_reply=\"true\"\n_uuid : 3aacb384-d5ee-4b14-aebf-59e8c11717ba\nbfd : 684c4489-5b59-4693-8d8c-3beab93f8093\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.109\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n\n_uuid : 18bcc585-bc05-430b-925b-ef673c8e1aef\nbfd : f0f62077-2ae9-4e79-b4f8-a446ec6e784c\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.108\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n\n_uuid : 7d0a4e6b-cde0-4110-8176-fbaf19738498\nbfd : be7df545-2c4c-4751-878f-b3507987f050\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.121\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n
# \u200b\u540c\u65f6\u200b\u5728\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u90fd\u200b\u5e94\u8be5\u200b\u5177\u5907\u200b\u4ee5\u4e0b\u200b\u8d44\u6e90\u200b\n\n[root@pc-node-1 ~]# ip netns exec ovnext bash ip a\n/usr/sbin/ip: /usr/sbin/ip: cannot execute binary file\n[root@pc-node-1 ~]#\n[root@pc-node-1 ~]# ip netns exec ovnext ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1541: ovnext0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UNKNOWN group default qlen 1000\n link/ether 00:00:00:ab:bd:87 brd ff:ff:ff:ff:ff:ff\n inet 10.5.204.108/24 brd 10.5.204.255 scope global ovnext0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:feab:bd87/64 scope link\n valid_lft forever preferred_lft forever\n[root@pc-node-1 ~]#\n[root@pc-node-1 ~]# ip netns exec ovnext route -n\nKernel IP routing table\nDestination Gateway Genmask Flags Metric Ref Use Iface\n0.0.0.0 10.5.204.254 0.0.0.0 UG 0 0 0 ovnext0\n10.5.204.0 0.0.0.0 255.255.255.0 U 0 0 0 ovnext0\n\n## \u200b\u6ce8\u610f\u200b\u4ee5\u4e0a\u200b\u5185\u5bb9\u200b\u548c\u200b\u4e00\u4e2a\u200b internal port unerlay \u200b\u516c\u7f51\u200b pod \u200b\u5185\u90e8\u200b\u7684\u200b ns \u200b\u5927\u81f4\u200b\u662f\u200b\u4e00\u81f4\u200b\u7684\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u53ea\u662f\u200b\u5728\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u4e0a\u200b\u5355\u72ec\u200b\u7ef4\u62a4\u200b\u4e86\u200b\u4e00\u4e2a\u200b ns\n\n[root@pc-node-1 ~]# ip netns exec ovnext bfdd-control status\nThere are 1 sessions:\nSession 1\n id=1 local=10.5.204.108 (p) remote=10.5.204.122 state=Up\n\n## \u200b\u8fd9\u91cc\u200b\u5373\u200b\u662f\u200b lrp bfd \u200b\u4f1a\u8bdd\u200b\u7684\u200b\u53e6\u4e00\u7aef\u200b\uff0c\u200b\u4e5f\u200b\u662f\u200b lrp ecmp \u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u7684\u200b\u5176\u4e2d\u200b\u4e00\u4e2a\u200b\n\n\n[root@pc-node-1 ~]# ip netns exec ovnext ping -c1 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=1 ttl=115 time=21.6 ms\n\n# \u200b\u5230\u200b\u516c\u7f51\u200b\u6ca1\u200b\u95ee\u9898\u200b\n
\u200b\u53ef\u4ee5\u200b\u5728\u200b\u67d0\u200b\u4e00\u4e2a\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u7684\u200b ovnext ns \u200b\u5185\u200b\u6293\u200b\u5230\u200b\u51fa\u53bb\u200b\u7684\u200b\u5305\u200b
# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n^C\n0 packets captured\n0 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-1 ~]# exit\n[root@pc-node-1 ~]# ssh pc-node-2\nLast login: Thu Feb 23 09:21:08 2023 from 10.5.32.51\n[root@pc-node-2 ~]# ip netns exec ovnext bash\n[root@pc-node-2 ~]# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n^C\n0 packets captured\n0 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-2 ~]# exit\n[root@pc-node-2 ~]# logout\nConnection to pc-node-2 closed.\n[root@pc-node-1 ~]# ssh pc-node-3\nLast login: Thu Feb 23 08:32:41 2023 from 10.5.32.51\n[root@pc-node-3 ~]# ip netns exec ovnext bash\n[root@pc-node-3 ~]# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n00:00:00:2d:f8:ce > 00:00:00:fd:b2:a4, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 57978, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.204.102 > 223.5.5.5: ICMP echo request, id 22, seq 71, length 64\n00:00:00:fd:b2:a4 > dc:ef:80:5a:44:1a, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 57978, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.204.102 > 223.5.5.5: ICMP echo request, id 22, seq 71, length 64\n^C\n2 packets captured\n2 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-3 ~]#\n\n# \u200b\u53ef\u4ee5\u200b\u5728\u200b\u8be5\u200b\u8282\u70b9\u200b down \u200b\u6389\u200b\u51fa\u53bb\u200b\u7684\u200b\u7f51\u5361\u200b\uff0c\u200b\u7136\u540e\u200b\u770b\u200b pod \u200b\u51fa\u53bb\u200b\u7684\u200b\u5305\u200b\u5728\u200b\u7f51\u7edc\u200b\u4e2d\u65ad\u200b\u4e2d\u200b\u4f1a\u200b\u51fa\u73b0\u200b\u51e0\u4e2a\u200b\u5305\u200b\n# \u200b\u4e00\u822c\u200b\u90fd\u200b\u4f1a\u200b\u770b\u5230\u200b\u4e22\u200b 3 \u200b\u4e2a\u200b\u5305\u200b\n
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#3-bfd","title":"3. \u200b\u5173\u95ed\u200b bfd \u200b\u6a21\u5f0f","text":"\u200b\u5728\u200b\u67d0\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u53ef\u80fd\u200b\u60f3\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\uff08\u200b\u96c6\u4e2d\u5f0f\u200b\uff09\u200b\u5355\u4e2a\u200b\u7f51\u5173\u200b\u76f4\u63a5\u200b\u51fa\u200b\u516c\u7f51\u200b\uff0c\u200b\u8fd9\u4e2a\u200b\u65f6\u5019\u200b\u548c\u200b\u9ed8\u8ba4\u200b vpc enable_eip_snat \u200b\u7684\u200b\u4f7f\u7528\u200b\u6a21\u5f0f\u200b\u662f\u200b\u4e00\u81f4\u200b\u7684\u200b
# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc2\nspec:\n namespaces:\n - vpc2\n enableExternal: true\n #enableBfd: true\n enableBfd: false\n\n## \u200b\u5c06\u200b bfd \u200b\u529f\u80fd\u200b\u76f4\u63a5\u200b\u7981\u7528\u200b\u5373\u53ef\u200b\n\n# k ko nbctl lr-route-list vpc2\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 10.5.204.254 dst-ip\n\n# \u200b\u5e94\u7528\u200b\u540e\u200b\u8def\u7531\u200b\u4f1a\u200b\u5207\u6362\u200b\u56de\u200b\u6b63\u5e38\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u9759\u6001\u200b\u8def\u7531\u200b\n# \u200b\u540c\u65f6\u200b nbctl list bfd \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b lrp \u200b\u5173\u8054\u200b\u7684\u200b bfd \u200b\u4f1a\u8bdd\u200b\u5df2\u7ecf\u200b\u79fb\u9664\u200b\n# \u200b\u800c\u4e14\u200b ovnext ns \u200b\u4e2d\u200b\u7684\u200b\u5bf9\u200b\u7aef\u200b bfd \u200b\u4f1a\u8bdd\u200b\u4e5f\u200b\u81ea\u52a8\u200b\u79fb\u9664\u200b\n# \u200b\u8be5\u200b\u5207\u6362\u200b\u8fc7\u7a0b\u200b\u4fdd\u6301\u200b vpc subnet \u200b\u5185\u200b\u4fdd\u6301\u200b ping \u200b\u672a\u200b\u770b\u5230\u200b(\u200b\u79d2\u7ea7\u200b)\u200b\u4e22\u5305\u200b\n# \u200b\u518d\u200b\u5207\u6362\u200b\u56de\u53bb\u200b \u200b\u4e5f\u200b\u672a\u200b\u770b\u5230\u200b(\u200b\u79d2\u7ea7\u200b)\u200b\u4e22\u5305\u200b\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-remote-port-mirroring/","title":"OVN \u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"\u200b\u6b64\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u6307\u5b9a\u200b Pod\u3001\u200b\u6307\u5b9a\u200b\u65b9\u5411\u200b\u7684\u200b\u6d41\u91cf\u200b\uff0c\u200b\u901a\u8fc7\u200b GRE/ERSPAN \u200b\u5c01\u88c5\u200b\u540e\u200b\uff0c\u200b\u4f20\u8f93\u200b\u5230\u200b\u8fdc\u7aef\u200b\u3002
\u200b\u6b64\u200b\u529f\u80fd\u200b\u8981\u6c42\u200b Kube-OVN \u200b\u7248\u672c\u200b\u4e0d\u200b\u4f4e\u4e8e\u200b v1.12\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#multus-cni","title":"\u90e8\u7f72\u200b Multus-CNI","text":"\u200b\u53c2\u8003\u200b Multus-CNI \u200b\u6587\u6863\u200b \u200b\u90e8\u7f72\u200b Multus\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#_1","title":"\u521b\u5efa\u200b\u9644\u5c5e\u200b\u7f51\u7edc","text":"\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u5185\u5bb9\u200b\u521b\u5efa\u200b\u9644\u5c5e\u200b\u7f51\u7edc\u200b\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: attachnet\n namespace: default\nspec:\n config: |\n {\n \"cniVersion\": \"0.3.1\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"attachnet.default.ovn\"\n }\n
\u200b\u5176\u4e2d\u200b provider \u200b\u5b57\u200b\u6bb5\u200b\u683c\u5f0f\u200b\u4e3a\u200b <NAME>.<NAMESPACE>.ovn\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#underlay","title":"\u521b\u5efa\u200b Underlay \u200b\u7f51\u7edc","text":"\u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u662f\u200b\u5c01\u88c5\u200b\u540e\u200b\u8fdb\u884c\u200b\u4f20\u8f93\u200b\u7684\u200b\uff0c\u200b\u56e0\u6b64\u200b\u7528\u4e8e\u200b\u4f20\u8f93\u200b\u7684\u200b\u7f51\u7edc\u200b\uff0cMTU \u200b\u9700\u8981\u200b\u5927\u4e8e\u200b\u88ab\u200b\u955c\u50cf\u200b\u7684\u200b LSP/Pod\u3002\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b Underlay \u200b\u4f5c\u4e3a\u200b\u4f20\u8f93\u200b\u7f51\u7edc\u200b\u3002
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u5185\u5bb9\u200b\u521b\u5efa\u200b Underlay \u200b\u7f51\u7edc\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: net1\nspec:\n defaultInterface: eth1\n---\napiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan1\nspec:\n id: 0\n provider: net1\n---\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.19.0.0/16\n excludeIps:\n - 172.19.0.2..172.19.0.20\n gateway: 172.19.0.1\n vlan: vlan1\n provider: attachnet.default.ovn\n
\u200b\u5176\u4e2d\u200b\uff0c\u200b\u5b50\u7f51\u200b\u7684\u200b provider \u200b\u5fc5\u987b\u200b\u4e0e\u200b\u9644\u5c5e\u200b\u7f51\u7edc\u200b\u7684\u200b provider \u200b\u76f8\u540c\u200b\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#pod","title":"\u521b\u5efa\u200b\u6d41\u91cf\u200b\u63a5\u6536\u200b Pod","text":"\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u5185\u5bb9\u200b\u521b\u5efa\u200b\u7528\u4e8e\u200b\u63a5\u6536\u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u7684\u200b Pod\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: pod1\n annotations:\n k8s.v1.cni.cncf.io/networks: default/attachnet\nspec:\n containers:\n - name: bash\n image: docker.io/kubeovn/kube-ovn:v1.12.12\n args:\n - bash\n - -c\n - sleep infinity\n securityContext:\n privileged: true\n
\u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\u540e\u200b\uff0c\u200b\u67e5\u770b\u200b Pod \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff1a
$ kubectl get ips | grep pod1\npod1.default 10.16.0.12 00:00:00:FF:34:24 kube-ovn-worker ovn-default\npod1.default.attachnet.default.ovn 172.19.0.21 00:00:00:A0:30:68 kube-ovn-worker subnet1\n
\u200b\u8bb0\u4f4f\u200b\u7b2c\u4e8c\u200b\u7f51\u5361\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b 172.19.0.21\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#ovn_1","title":"\u521b\u5efa\u200b OVN \u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\u521b\u5efa\u200b OVN \u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\uff1a
kubectl ko nbctl mirror-add mirror1 gre 99 from-lport 172.19.0.21\nkubectl ko nbctl lsp-attach-mirror coredns-787d4945fb-gpnkb.kube-system mirror1\n
\u200b\u5176\u4e2d\u200b coredns-787d4945fb-gpnkb.kube-system \u200b\u662f\u200b OVN LSP \u200b\u7684\u200b\u540d\u79f0\u200b\uff0c\u200b\u683c\u5f0f\u200b\u901a\u5e38\u200b\u4e3a\u200b <POD_NAME>.<POD_NAMESPACE>\u3002
\u200b\u76f8\u5173\u200b\u7684\u200b OVN \u200b\u547d\u4ee4\u200b\u4f7f\u7528\u200b\u65b9\u6cd5\u200b\u5982\u4e0b\u200b\uff1a
ovn-nbctl mirror-add <NAME> <TYPE> <INDEX> <FILTER> <IP>\n\nNAME - add a mirror with given name\nTYPE - specify TYPE 'gre' or 'erspan'\nINDEX - specify the tunnel INDEX value\n (indicates key if GRE, erpsan_idx if ERSPAN)\nFILTER - specify FILTER for mirroring selection\n ('to-lport' / 'from-lport')\nIP - specify Sink / Destination i.e. Remote IP\n\novn-nbctl mirror-del [NAME] remove mirrors\novn-nbctl mirror-list print mirrors\n\novn-nbctl lsp-attach-mirror PORT MIRROR attach source PORT to MIRROR\novn-nbctl lsp-detach-mirror PORT MIRROR detach source PORT from MIRROR\n
"},{"location":"advance/ovn-remote-port-mirroring/#pod_1","title":"\u914d\u7f6e\u200b\u6d41\u91cf\u200b\u63a5\u6536\u200b Pod","text":"\u200b\u5728\u200b\u524d\u9762\u200b\u521b\u5efa\u200b\u7684\u200b Pod \u200b\u4e2d\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff1a
root@pod1:/kube-ovn# ip link add mirror1 type gretap local 172.19.0.21 key 99 dev net1\nroot@pod1:/kube-ovn# ip link set mirror1 up\n
\u200b\u63a5\u4e0b\u6765\u200b\u5c31\u200b\u53ef\u4ee5\u200b\u5728\u200b\u63a5\u6536\u200b\u6d41\u91cf\u200b\u7684\u200b Pod \u200b\u4e2d\u200b\u8fdb\u884c\u200b\u6293\u5305\u200b\u9a8c\u8bc1\u200b\uff1a
root@pod1:/kube-ovn# tcpdump -i mirror1 -nnve\ntcpdump: listening on mirror1, link-type EN10MB (Ethernet), snapshot length 262144 bytes\n05:13:30.328808 00:00:00:a3:f5:e2 > 00:00:00:97:0f:6e, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.16.0.7 tell 10.16.0.4, length 28\n05:13:30.559167 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 212: (tos 0x0, ttl 64, id 57364, offset 0, flags [DF], proto UDP (17), length 198)\n 10.16.0.4.53 > 10.16.0.6.50472: 34511 NXDomain*- 0/1/1 (170)\n05:13:30.559343 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 212: (tos 0x0, ttl 64, id 57365, offset 0, flags [DF], proto UDP (17), length 198)\n 10.16.0.4.53 > 10.16.0.6.45177: 1659 NXDomain*- 0/1/1 (170)\n05:13:30.560625 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 200: (tos 0x0, ttl 64, id 57367, offset 0, flags [DF], proto UDP (17), length 186)\n 10.16.0.4.53 > 10.16.0.6.43848: 2636*- 0/1/1 (158)\n05:13:30.562774 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 191: (tos 0x0, ttl 64, id 57368, offset 0, flags [DF], proto UDP (17), length 177)\n 10.16.0.4.53 > 10.16.0.6.37755: 48737 NXDomain*- 0/1/1 (149)\n05:13:30.563523 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 187: (tos 0x0, ttl 64, id 57369, offset 0, flags [DF], proto UDP (17), length 173)\n 10.16.0.4.53 > 10.16.0.6.53887: 45519 NXDomain*- 0/1/1 (145)\n05:13:30.564940 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 201: (tos 0x0, ttl 64, id 57370, offset 0, flags [DF], proto UDP (17), length 187)\n 10.16.0.4.53 > 10.16.0.6.40846: 25745 NXDomain*- 0/1/1 (159)\n05:13:30.565140 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 201: (tos 0x0, ttl 64, id 57371, offset 0, flags [DF], proto UDP (17), length 187)\n 10.16.0.4.53 > 10.16.0.6.45214: 61875 NXDomain*- 0/1/1 (159)\n05:13:30.566023 00:00:00:a3:f5:e2 > 00:00:00:55:e4:4e, ethertype IPv4 (0x0800), length 80: (tos 0x0, ttl 64, id 45937, offset 0, flags [DF], proto UDP (17), length 66)\n 10.16.0.4.44116 > 172.18.0.1.53: 16025+ [1au] AAAA? alauda.cn. (38)\n
"},{"location":"advance/ovn-remote-port-mirroring/#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":" - \u200b\u5982\u679c\u200b\u4f7f\u7528\u200b ERSPAN \u200b\u4f5c\u4e3a\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\uff0cOVN \u200b\u8282\u70b9\u200b\u53ca\u200b\u8fdc\u7aef\u200b\u8bbe\u5907\u200b\u7684\u200b Linux \u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e0d\u5f97\u200b\u4f4e\u4e8e\u200b 4.14\u3002\u200b\u82e5\u200b\u4f7f\u7528\u200b ERSPAN \u200b\u4f5c\u4e3a\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\u4e14\u200b\u4f7f\u7528\u200b IPv6 \u200b\u4f5c\u4e3a\u200b\u4f20\u8f93\u200b\u7f51\u7edc\u200b\uff0cLinux \u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e0d\u5f97\u200b\u4f4e\u4e8e\u200b 4.16\u3002
- \u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u7684\u200b\u4f20\u8f93\u200b\u662f\u200b\u5355\u5411\u200b\u7684\u200b\uff0c\u200b\u53ea\u200b\u9700\u200b\u4fdd\u8bc1\u200b OVN \u200b\u8282\u70b9\u200b\u80fd\u591f\u200b\u8bbf\u95ee\u200b\u8fdc\u7aef\u200b\u8bbe\u5907\u200b\u5373\u53ef\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/performance-tuning/","title":"\u6027\u80fd\u200b\u8c03\u4f18","text":"\u200b\u4e3a\u4e86\u200b\u4fdd\u6301\u200b\u5b89\u88c5\u200b\u7684\u200b\u7b80\u5355\u200b\u548c\u200b\u529f\u80fd\u200b\u7684\u200b\u5b8c\u5907\u200b\uff0cKube-OVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u5e76\u200b\u6ca1\u6709\u200b\u5bf9\u200b\u6027\u80fd\u200b\u9488\u5bf9\u6027\u200b\u7684\u200b\u4f18\u5316\u200b\u3002\u200b\u5982\u679c\u200b\u5e94\u7528\u200b\u5bf9\u200b\u5ef6\u8fdf\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u654f\u611f\u200b\uff0c \u200b\u7ba1\u7406\u5458\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u672c\u200b\u6587\u6863\u200b\u5bf9\u200b\u6027\u80fd\u200b\u8fdb\u884c\u200b\u9488\u5bf9\u6027\u200b\u4f18\u5316\u200b\u3002
\u200b\u793e\u533a\u200b\u4f1a\u200b\u4e0d\u65ad\u200b\u8fed\u4ee3\u200b\u63a7\u5236\u9762\u677f\u200b\u548c\u200b\u4f18\u5316\u200b\u9762\u200b\u7684\u200b\u6027\u80fd\u200b\uff0c\u200b\u90e8\u5206\u200b\u901a\u7528\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u5df2\u7ecf\u200b\u96c6\u6210\u200b\u5230\u200b\u6700\u65b0\u200b\u7248\u672c\u200b\uff0c\u200b\u5efa\u8bae\u200b\u4f7f\u7528\u200b\u6700\u65b0\u200b\u7248\u672c\u200b\u83b7\u5f97\u200b\u66f4\u597d\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u6027\u80fd\u200b\u3002
\u200b\u66f4\u200b\u591a\u200b\u5173\u4e8e\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u7684\u200b\u8fc7\u7a0b\u200b\u548c\u200b\u65b9\u6cd5\u8bba\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u89c2\u770b\u200b\u89c6\u9891\u200b\u5206\u4eab\u200b\uff1aKube-OVN \u200b\u5bb9\u5668\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u4e4b\u65c5\u200b\u3002
"},{"location":"advance/performance-tuning/#_2","title":"\u57fa\u51c6\u200b\u6d4b\u8bd5","text":"\u200b\u7531\u4e8e\u200b\u8f6f\u786c\u4ef6\u200b\u73af\u5883\u200b\u7684\u200b\u5dee\u5f02\u200b\u6781\u5927\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u63d0\u4f9b\u200b\u7684\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u6570\u636e\u200b\u53ea\u80fd\u200b\u4f5c\u4e3a\u200b\u53c2\u8003\u200b\uff0c\u200b\u5b9e\u9645\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b\u4f1a\u200b\u548c\u200b\u672c\u200b\u6587\u6863\u200b\u4e2d\u200b\u7684\u200b\u7ed3\u679c\u200b\u5b58\u5728\u200b\u8f83\u5927\u200b\u5dee\u5f02\u200b\u3002 \u200b\u5efa\u8bae\u200b\u6bd4\u8f83\u200b\u4f18\u5316\u200b\u524d\u540e\u200b\u7684\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b\uff0c\u200b\u548c\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u548c\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\u6bd4\u8f83\u200b\u3002
"},{"location":"advance/performance-tuning/#overlay","title":"Overlay \u200b\u4f18\u5316\u200b\u524d\u540e\u200b\u6027\u80fd\u200b\u5bf9\u6bd4","text":"\u200b\u73af\u5883\u200b\u4fe1\u606f\u200b\uff1a
- Kubernetes: 1.22.0
- OS: CentOS 7
- Kube-OVN: 1.8.0 Overlay \u200b\u6a21\u5f0f\u200b
- CPU: Intel(R) Xeon(R) E-2278G
- Network: 2*10Gbps, xmit_hash_policy=layer3+4
\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b qperf -t 60 <server ip> -ub -oo msg_size:1 -vu tcp_lat tcp_bw udp_lat udp_bw \u200b\u6d4b\u8bd5\u200b 1 \u200b\u5b57\u8282\u200b\u5c0f\u5305\u200b\u4e0b\u200b tcp/udp \u200b\u7684\u200b\u5e26\u5bbd\u200b\u548c\u200b\u5ef6\u8fdf\u200b\uff0c\u200b\u5206\u522b\u200b\u6d4b\u8bd5\u200b\u4f18\u5316\u200b\u524d\u200b\uff0c\u200b\u4f18\u5316\u200b\u540e\u200b\u4ee5\u53ca\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\uff1a
Type tcp_lat (us) udp_lat (us) tcp_bw (Mb/s) udp_bw(Mb/s) Kube-OVN Default 25.7 22.9 27.1 1.59 Kube-OVN Optimized 13.9 12.9 27.6 5.57 HOST Network 13.1 12.4 28.2 6.02"},{"location":"advance/performance-tuning/#overlay-underlay-calico","title":"Overlay\uff0c Underlay \u200b\u4ee5\u53ca\u200b Calico \u200b\u4e0d\u540c\u200b\u6a21\u5f0f\u200b\u6027\u80fd\u200b\u5bf9\u6bd4","text":"\u200b\u4e0b\u9762\u200b\u6211\u4eec\u200b\u4f1a\u200b\u6bd4\u8f83\u200b\u4f18\u5316\u200b\u540e\u200b Kube-OVN \u200b\u5728\u200b\u4e0d\u540c\u200b\u5305\u200b\u5927\u5c0f\u200b\u4e0b\u200b\u7684\u200b Overlay \u200b\u548c\u200b Underlay \u200b\u6027\u80fd\u200b\uff0c\u200b\u5e76\u200b\u548c\u200b Calico \u200b\u7684\u200b IPIP Always, IPIP never \u200b\u4ee5\u53ca\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u505a\u200b\u6bd4\u8f83\u200b\u3002
Environment:
- Kubernetes: 1.22.0
- OS: CentOS 7
- Kube-OVN: 1.8.0
- CPU: AMD EPYC 7402P 24-Core Processor
- Network: Intel Corporation Ethernet Controller XXV710 for 25GbE SFP28
qperf -t 60 <server ip> -ub -oo msg_size:1 -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Mb/s) udp_bw(Mb/s) Kube-OVN Overlay 15.2 14.6 23.6 2.65 Kube-OVN Underlay 14.3 13.8 24.2 3.46 Calico IPIP 21.4 20.2 23.6 1.18 Calico NoEncap 19.3 16.9 23.6 1.76 HOST Network 16.6 15.4 24.8 2.64 qperf -t 60 <server ip> -ub -oo msg_size:1K -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Gb/s) udp_bw(Gb/s) Kube-OVN Overlay 16.5 15.8 10.2 2.77 Kube-OVN Underlay 15.9 14.5 9.6 3.22 Calico IPIP 22.5 21.5 1.45 1.14 Calico NoEncap 19.4 18.3 3.76 1.63 HOST Network 18.1 16.6 9.32 2.66 qperf -t 60 <server ip> -ub -oo msg_size:4K -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Gb/s) udp_bw(Gb/s) Kube-OVN Overlay 34.7 41.6 16.0 9.23 Kube-OVN Underlay 32.6 44 15.1 6.71 Calico IPIP 44.8 52.9 2.94 3.26 Calico NoEncap 40 49.6 6.56 4.19 HOST Network 35.9 45.9 14.6 5.59 \u200b\u5728\u200b\u90e8\u5206\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\u4f1a\u200b\u4f18\u4e8e\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\uff0c\u200b\u8fd9\u662f\u200b\u4f18\u4e8e\u200b\u7ecf\u8fc7\u200b\u4f18\u5316\u200b\u540e\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u8def\u5f84\u200b\u5b8c\u5168\u200b\u7ed5\u8fc7\u200b\u4e86\u200b netfilter\uff0c \u200b\u800c\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7531\u4e8e\u200b kube-proxy \u200b\u7684\u200b\u5b58\u5728\u200b\u6240\u6709\u200b\u6570\u636e\u5305\u200b\u5747\u200b\u9700\u200b\u7ecf\u8fc7\u200b netfilter\uff0c\u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u5728\u200b\u4e00\u4e9b\u200b\u73af\u5883\u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b \u200b\u7684\u200b\u6d88\u8017\u200b\u76f8\u5bf9\u200b\u66f4\u200b\u5c0f\u200b\uff0c\u200b\u56e0\u6b64\u200b\u4f1a\u200b\u6709\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\u3002
"},{"location":"advance/performance-tuning/#_3","title":"\u6570\u636e\u200b\u5e73\u9762\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u65b9\u6cd5","text":"\u200b\u8fd9\u91cc\u200b\u4ecb\u7ecd\u200b\u7684\u200b\u4f18\u5316\u200b\u65b9\u6cd5\u200b\u548c\u200b\u8f6f\u786c\u4ef6\u200b\u73af\u5883\u200b\u4ee5\u53ca\u200b\u6240\u200b\u9700\u8981\u200b\u7684\u200b\u529f\u80fd\u200b\u76f8\u5173\u200b\uff0c\u200b\u8bf7\u200b\u4ed4\u7ec6\u200b\u4e86\u89e3\u200b\u4f18\u5316\u200b\u7684\u200b\u524d\u63d0\u6761\u4ef6\u200b\u518d\u200b\u8fdb\u884c\u200b\u5c1d\u8bd5\u200b\u3002
"},{"location":"advance/performance-tuning/#cpu","title":"CPU \u200b\u6027\u80fd\u200b\u6a21\u5f0f\u200b\u8c03\u6574","text":"\u200b\u90e8\u5206\u200b\u73af\u5883\u200b\u4e0b\u200b CPU \u200b\u8fd0\u884c\u200b\u5728\u200b\u8282\u80fd\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\u5c06\u4f1a\u200b\u4e0d\u200b\u7a33\u5b9a\u200b\uff0c\u200b\u5ef6\u8fdf\u200b\u4f1a\u200b\u51fa\u73b0\u200b\u660e\u663e\u589e\u52a0\u200b\uff0c\u200b\u5efa\u8bae\u200b\u4f7f\u7528\u200b CPU \u200b\u7684\u200b\u6027\u80fd\u200b\u6a21\u5f0f\u200b\u83b7\u5f97\u200b\u66f4\u200b\u7a33\u5b9a\u200b\u7684\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\uff1a
cpupower frequency-set -g performance\n
"},{"location":"advance/performance-tuning/#_4","title":"\u7f51\u5361\u200b\u786c\u4ef6\u200b\u961f\u5217\u200b\u8c03\u6574","text":"\u200b\u5728\u200b\u6d41\u91cf\u200b\u589e\u5927\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f13\u51b2\u200b\u961f\u5217\u200b\u8fc7\u200b\u77ed\u200b\u53ef\u80fd\u200b\u5bfc\u81f4\u200b\u8f83\u200b\u9ad8\u200b\u7684\u200b\u4e22\u200b\u5305\u7387\u200b\u5bfc\u81f4\u200b\u6027\u80fd\u200b\u663e\u8457\u200b\u4e0b\u964d\u200b\uff0c\u200b\u9700\u8981\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b
\u200b\u68c0\u67e5\u200b\u5f53\u524d\u200b\u7f51\u5361\u200b\u961f\u5217\u200b\u957f\u5ea6\u200b\uff1a
# ethtool -g eno1\n Ring parameters for eno1:\n Pre-set maximums:\n RX: 4096\n RX Mini: 0\n RX Jumbo: 0\n TX: 4096\n Current hardware settings:\n RX: 255\n RX Mini: 0\n RX Jumbo: 0\n TX: 255\n
\u200b\u589e\u52a0\u200b\u961f\u5217\u200b\u957f\u5ea6\u200b\u81f3\u200b\u6700\u5927\u503c\u200b\uff1a
ethtool -G eno1 rx 4096\nethtool -G eno1 tx 4096\n
"},{"location":"advance/performance-tuning/#tuned","title":"\u4f7f\u7528\u200b tuned \u200b\u4f18\u5316\u200b\u7cfb\u7edf\u200b\u53c2\u6570","text":"tuned \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e00\u7cfb\u5217\u200b\u9884\u7f6e\u200b\u7684\u200b profile \u200b\u6587\u4ef6\u200b\u4fdd\u5b58\u200b\u4e86\u200b\u9488\u5bf9\u200b\u7279\u5b9a\u200b\u573a\u666f\u200b\u7684\u200b\u4e00\u7cfb\u5217\u200b\u7cfb\u7edf\u4f18\u5316\u200b\u914d\u7f6e\u200b\u3002
\u200b\u9488\u5bf9\u200b\u5ef6\u8fdf\u200b\u4f18\u5148\u200b\u573a\u666f\u200b\uff1a
tuned-adm profile network-latency\n
\u200b\u9488\u5bf9\u200b\u541e\u5410\u91cf\u200b\u4f18\u5148\u200b\u573a\u666f\u200b\uff1a
tuned-adm profile network-throughput\n
"},{"location":"advance/performance-tuning/#_5","title":"\u4e2d\u65ad\u200b\u7ed1\u5b9a","text":"\u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u7981\u7528\u200b irqbalance \u200b\u5e76\u200b\u5c06\u200b\u7f51\u5361\u200b\u4e2d\u65ad\u200b\u548c\u200b\u7279\u5b9a\u200b CPU \u200b\u8fdb\u884c\u200b\u7ed1\u5b9a\u200b\uff0c\u200b\u6765\u200b\u907f\u514d\u200b\u5728\u200b\u591a\u4e2a\u200b CPU \u200b\u4e4b\u95f4\u200b\u5207\u6362\u200b\u5bfc\u81f4\u200b\u7684\u200b\u6027\u80fd\u200b\u6ce2\u52a8\u200b\u3002
"},{"location":"advance/performance-tuning/#ovn-lb","title":"\u5173\u95ed\u200b OVN LB","text":"OVN \u200b\u7684\u200b L2 LB \u200b\u5b9e\u73b0\u200b\u8fc7\u7a0b\u200b\u4e2d\u200b\u9700\u8981\u200b\u8c03\u7528\u200b\u5185\u6838\u200b\u7684\u200b conntrack \u200b\u6a21\u5757\u200b\u5e76\u200b\u8fdb\u884c\u200b recirculate \u200b\u5bfc\u81f4\u200b\u5927\u91cf\u200b\u7684\u200b CPU \u200b\u5f00\u9500\u200b\uff0c\u200b\u7ecf\u200b\u6d4b\u8bd5\u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5e26\u6765\u200b 20% \u200b\u5de6\u53f3\u200b\u7684\u200b CPU \u200b\u5f00\u9500\u200b\uff0c \u200b\u5728\u200b Overlay \u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b kube-proxy \u200b\u5b8c\u6210\u200b Service \u200b\u8f6c\u53d1\u200b\u529f\u80fd\u200b\uff0c\u200b\u83b7\u5f97\u200b\u66f4\u597d\u200b\u7684\u200b Pod-to-Pod \u200b\u6027\u80fd\u200b\u3002\u200b\u53ef\u4ee5\u200b\u5728\u200b kube-ovn-controller \u200b\u4e2d\u200b\u5173\u95ed\u200b\u8be5\u200b\u529f\u80fd\u200b\uff1a
command:\n- /kube-ovn/start-controller.sh\nargs:\n...\n- --enable-lb=false\n...\n
Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b kube-proxy \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b iptables \u200b\u6216\u200b ipvs \u200b\u63a7\u5236\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\uff0c\u200b\u5982\u9700\u200b\u5173\u95ed\u200b LB \u200b\u529f\u80fd\u200b\u9700\u8981\u200b\u786e\u8ba4\u200b\u662f\u5426\u200b\u4e0d\u200b\u9700\u8981\u200b Service \u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/performance-tuning/#fastpath","title":"\u5185\u6838\u200b FastPath \u200b\u6a21\u5757","text":"\u200b\u7531\u4e8e\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u5728\u200b\u4e0d\u540c\u200b\u7684\u200b network ns\uff0c\u200b\u6570\u636e\u5305\u200b\u5728\u200b\u8de8\u200b\u5bbf\u4e3b\u673a\u200b\u4f20\u8f93\u200b\u65f6\u4f1a\u200b\u591a\u6b21\u200b\u7ecf\u8fc7\u200b netfilter \u200b\u6a21\u5757\u200b\uff0c\u200b\u4f1a\u200b\u5e26\u6765\u200b\u8fd1\u200b 20% \u200b\u7684\u200b CPU \u200b\u5f00\u9500\u200b\u3002\u200b\u7531\u4e8e\u200b\u5927\u90e8\u5206\u200b\u60c5\u51b5\u200b\u4e0b\u200b \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u5185\u200b\u5e94\u7528\u200b\u65e0\u987b\u200b\u4f7f\u7528\u200b netfilter \u200b\u6a21\u5757\u200b\u7684\u200b\u529f\u80fd\u200b\uff0cFastPath \u200b\u6a21\u5757\u200b\u53ef\u4ee5\u200b\u7ed5\u8fc7\u200b netfilter \u200b\u964d\u4f4e\u200b CPU \u200b\u5f00\u9500\u200b\u3002
\u200b\u5982\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u5185\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b netfilter \u200b\u63d0\u4f9b\u200b\u7684\u200b\u529f\u80fd\u200b\u5982\u200b iptables\uff0cipvs\uff0cnftables \u200b\u7b49\u200b\uff0c\u200b\u8be5\u200b\u6a21\u5757\u200b\u4f1a\u200b\u4f7f\u200b\u76f8\u5173\u200b\u529f\u80fd\u200b\u5931\u6548\u200b\u3002
\u200b\u7531\u4e8e\u200b\u5185\u6838\u6a21\u5757\u200b\u548c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u76f8\u5173\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b\u5355\u4e00\u200b\u9002\u5e94\u200b\u6240\u6709\u200b\u5185\u6838\u200b\u7684\u200b\u5185\u6838\u6a21\u5757\u200b\u5236\u54c1\u200b\u3002\u200b\u6211\u4eec\u200b\u9884\u5148\u200b\u7f16\u8bd1\u200b\u4e86\u200b\u90e8\u5206\u200b\u5185\u6838\u200b\u7684\u200b FastPath \u200b\u6a21\u5757\u200b\uff0c \u200b\u53ef\u4ee5\u200b\u524d\u5f80\u200b tunning-package \u200b\u8fdb\u884c\u200b\u4e0b\u8f7d\u200b\u3002
\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u624b\u52a8\u200b\u8fdb\u884c\u200b\u7f16\u8bd1\u200b\uff0c\u200b\u65b9\u6cd5\u200b\u53c2\u8003\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b FastPath \u200b\u6a21\u5757\u200b
\u200b\u83b7\u5f97\u200b\u5185\u6838\u6a21\u5757\u200b\u540e\u200b\u53ef\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4f7f\u7528\u200b insmod kube_ovn_fastpath.ko \u200b\u52a0\u8f7d\u200b FastPath \u200b\u6a21\u5757\u200b\uff0c\u200b\u5e76\u200b\u4f7f\u7528\u200b dmesg \u200b\u9a8c\u8bc1\u200b\u6a21\u5757\u200b\u52a0\u8f7d\u200b\u6210\u529f\u200b\uff1a
# dmesg\n...\n[619631.323788] init_module,kube_ovn_fastpath_local_out\n[619631.323798] init_module,kube_ovn_fastpath_post_routing\n[619631.323800] init_module,kube_ovn_fastpath_pre_routing\n[619631.323801] init_module,kube_ovn_fastpath_local_in\n...\n
"},{"location":"advance/performance-tuning/#ovs","title":"OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u4f18\u5316","text":"OVS \u200b\u7684\u200b flow \u200b\u5904\u7406\u200b\u5305\u62ec\u200b\u54c8\u5e0c\u200b\u8ba1\u7b97\u200b\uff0c\u200b\u5339\u914d\u200b\u7b49\u200b\u64cd\u4f5c\u200b\u4f1a\u200b\u6d88\u8017\u200b\u5927\u7ea6\u200b 10% \u200b\u5de6\u53f3\u200b\u7684\u200b CPU \u200b\u8d44\u6e90\u200b\u3002\u200b\u73b0\u4ee3\u200b x86 CPU \u200b\u4e0a\u200b\u7684\u200b\u4e00\u4e9b\u200b\u6307\u4ee4\u96c6\u200b\u4f8b\u5982\u200b popcnt \u200b\u548c\u200b sse4.2 \u200b\u53ef\u4ee5\u200b \u200b\u52a0\u901f\u200b\u76f8\u5173\u200b\u8ba1\u7b97\u200b\u8fc7\u7a0b\u200b\uff0c\u200b\u4f46\u200b\u5185\u6838\u200b\u9ed8\u8ba4\u200b\u7f16\u8bd1\u200b\u672a\u200b\u5f00\u542f\u200b\u76f8\u5173\u200b\u9009\u9879\u200b\u3002\u200b\u7ecf\u200b\u6d4b\u8bd5\u200b\u5728\u200b\u5f00\u542f\u200b\u76f8\u5e94\u200b\u6307\u4ee4\u96c6\u200b\u4f18\u5316\u200b\u540e\u200b\uff0cflow \u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b CPU \u200b\u6d88\u8017\u200b\u5c06\u4f1a\u200b\u964d\u81f3\u200b 5% \u200b\u5de6\u53f3\u200b\u3002
\u200b\u548c\u200b FastPath \u200b\u6a21\u5757\u200b\u7684\u200b\u7f16\u8bd1\u200b\u7c7b\u4f3c\u200b\uff0c\u200b\u7531\u4e8e\u200b\u5185\u6838\u6a21\u5757\u200b\u548c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u76f8\u5173\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b\u5355\u4e00\u200b\u9002\u5e94\u200b\u6240\u6709\u200b\u5185\u6838\u200b\u7684\u200b\u5185\u6838\u6a21\u5757\u200b\u5236\u54c1\u200b\u3002\u200b\u7528\u6237\u200b\u9700\u8981\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b\u6216\u8005\u200b \u200b\u524d\u5f80\u200b tunning-package \u200b\u67e5\u770b\u200b\u662f\u5426\u200b\u6709\u200b\u5df2\u200b\u7f16\u8bd1\u200b\u597d\u200b\u7684\u200b\u5236\u54c1\u200b\u8fdb\u884c\u200b\u4e0b\u8f7d\u200b\u3002
\u200b\u4f7f\u7528\u200b\u8be5\u200b\u5185\u6838\u6a21\u5757\u200b\u524d\u200b\u8bf7\u200b\u5148\u200b\u786e\u8ba4\u200b CPU \u200b\u662f\u5426\u200b\u652f\u6301\u200b\u76f8\u5173\u200b\u6307\u4ee4\u96c6\u200b\uff1a
cat /proc/cpuinfo | grep popcnt\ncat /proc/cpuinfo | grep sse4_2\n
"},{"location":"advance/performance-tuning/#centos","title":"CentOS \u200b\u4e0b\u200b\u7f16\u8bd1\u200b\u5b89\u88c5","text":"\u200b\u5b89\u88c5\u200b\u76f8\u5173\u200b\u7f16\u8bd1\u200b\u4f9d\u8d56\u200b\u548c\u200b\u5185\u6838\u200b\u5934\u6587\u4ef6\u200b\uff1a
yum install -y gcc kernel-devel-$(uname -r) python3 autoconf automake libtool rpm-build openssl-devel\n
\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u5e76\u200b\u751f\u6210\u200b\u5bf9\u5e94\u200b RPM \u200b\u6587\u4ef6\u200b:
git clone -b branch-2.17 --depth=1 https://github.com/openvswitch/ovs.git\ncd ovs\ncurl -s https://github.com/kubeovn/ovs/commit/2d2c83c26d4217446918f39d5cd5838e9ac27b32.patch | git apply\n./boot.sh\n./configure --with-linux=/lib/modules/$(uname -r)/build CFLAGS=\"-g -O2 -mpopcnt -msse4.2\"\nmake rpm-fedora-kmod\ncd rpm/rpmbuild/RPMS/x86_64/\n
\u200b\u590d\u5236\u200b RPM \u200b\u5230\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u5e76\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a
rpm -i openvswitch-kmod-2.15.2-1.el7.x86_64.rpm\n
\u200b\u82e5\u200b\u4e4b\u524d\u200b\u5df2\u7ecf\u200b\u542f\u52a8\u200b\u8fc7\u200b Kube-OVN\uff0c\u200b\u65e7\u7248\u672c\u200b OVS \u200b\u6a21\u5757\u200b\u5df2\u200b\u52a0\u8f7d\u200b\u81f3\u200b\u5185\u6838\u200b\uff0c\u200b\u5efa\u8bae\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u91cd\u65b0\u200b\u52a0\u8f7d\u200b\u65b0\u7248\u200b\u5185\u6838\u6a21\u5757\u200b\u3002
"},{"location":"advance/performance-tuning/#ubuntu","title":"Ubuntu \u200b\u4e0b\u200b\u7f16\u8bd1\u200b\u5b89\u88c5","text":"\u200b\u5b89\u88c5\u200b\u76f8\u5173\u200b\u7f16\u8bd1\u200b\u4f9d\u8d56\u200b\u548c\u200b\u5185\u6838\u200b\u5934\u6587\u4ef6\u200b\uff1a
apt install -y autoconf automake libtool gcc build-essential libssl-dev\n
\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u5e76\u200b\u5b89\u88c5\u200b\uff1a
apt install -y autoconf automake libtool gcc build-essential libssl-dev\n\ngit clone -b branch-2.17 --depth=1 https://github.com/openvswitch/ovs.git\ncd ovs\ncurl -s https://github.com/kubeovn/ovs/commit/2d2c83c26d4217446918f39d5cd5838e9ac27b32.patch | git apply\n./boot.sh\n./configure --prefix=/usr/ --localstatedir=/var --enable-ssl --with-linux=/lib/modules/$(uname -r)/build\nmake -j `nproc`\nmake install\nmake modules_install\n\ncat > /etc/depmod.d/openvswitch.conf << EOF\noverride openvswitch * extra\noverride vport-* * extra\nEOF\n\ndepmod -a\ncp debian/openvswitch-switch.init /etc/init.d/openvswitch-switch\n/etc/init.d/openvswitch-switch force-reload-kmod\n
\u200b\u82e5\u200b\u4e4b\u524d\u200b\u5df2\u7ecf\u200b\u542f\u52a8\u200b\u8fc7\u200b Kube-OVN\uff0c\u200b\u65e7\u7248\u672c\u200b OVS \u200b\u6a21\u5757\u200b\u5df2\u200b\u52a0\u8f7d\u200b\u81f3\u200b\u5185\u6838\u200b\uff0c\u200b\u5efa\u8bae\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u91cd\u65b0\u200b\u52a0\u8f7d\u200b\u65b0\u7248\u200b\u5185\u6838\u6a21\u5757\u200b\u3002
"},{"location":"advance/performance-tuning/#stt","title":"\u4f7f\u7528\u200b STT \u200b\u7c7b\u578b\u200b\u96a7\u9053","text":"\u200b\u5e38\u89c1\u200b\u7684\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\u4f8b\u5982\u200b Geneve \u200b\u548c\u200b Vxlan \u200b\u4f7f\u7528\u200b UDP \u200b\u534f\u8bae\u200b\u5bf9\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u6709\u200b\u826f\u597d\u200b\u7684\u200b\u652f\u6301\u200b\u3002\u200b\u4f46\u662f\u200b\u5f53\u200b\u4f7f\u7528\u200b UDP \u200b\u5c01\u88c5\u200b TCP \u200b\u6570\u636e\u5305\u200b\u65f6\u200b\uff0c \u200b\u73b0\u4ee3\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u548c\u200b\u7f51\u5361\u200b\u9488\u5bf9\u200b TCP \u200b\u534f\u8bae\u200b\u7684\u200b\u4f18\u5316\u200b\u548c\u200b offload \u200b\u529f\u80fd\u200b\u5c06\u200b\u65e0\u6cd5\u200b\u987a\u5229\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u5bfc\u81f4\u200b TCP \u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u51fa\u73b0\u200b\u663e\u8457\u200b\u4e0b\u964d\u200b\u3002\u200b\u5728\u200b\u865a\u62df\u5316\u200b\u573a\u666f\u200b\u4e0b\u200b\u7531\u4e8e\u200b CPU \u200b\u7684\u200b\u9650\u5236\u200b\uff0c TCP \u200b\u5927\u5305\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u751a\u81f3\u200b\u53ef\u80fd\u200b\u53ea\u6709\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u5341\u5206\u4e4b\u4e00\u200b\u3002
STT \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u79cd\u200b\u521b\u65b0\u200b\u5f0f\u200b\u7684\u200b\u4f7f\u7528\u200b TCP \u200b\u683c\u5f0f\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\u7684\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\uff0c\u200b\u8be5\u200b\u5c01\u88c5\u200b\u53ea\u662f\u200b\u6a21\u62df\u200b\u4e86\u200b TCP \u200b\u534f\u8bae\u200b\u7684\u200b\u5934\u90e8\u200b\u683c\u5f0f\u200b\uff0c\u200b\u5e76\u200b\u6ca1\u6709\u200b\u771f\u6b63\u200b\u5efa\u7acb\u200b TCP \u200b\u8fde\u63a5\u200b\uff0c\u200b\u4f46\u662f\u200b\u53ef\u4ee5\u200b \u200b\u5145\u5206\u5229\u7528\u200b\u73b0\u4ee3\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u548c\u200b\u7f51\u5361\u200b\u7684\u200b TCP \u200b\u4f18\u5316\u200b\u80fd\u529b\u200b\u3002\u200b\u5728\u200b\u6211\u4eec\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u4e2d\u200b TCP \u200b\u5927\u5305\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u80fd\u200b\u6709\u200b\u6570\u500d\u200b\u7684\u200b\u63d0\u5347\u200b\uff0c\u200b\u8fbe\u5230\u200b\u63a5\u8fd1\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\u6c34\u5e73\u200b\u3002
STT \u200b\u96a7\u9053\u200b\u5e76\u200b\u6ca1\u6709\u200b\u9884\u200b\u5b89\u88c5\u200b\u5728\u200b\u5185\u6838\u200b\u5185\u200b\uff0c\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u6765\u200b\u5b89\u88c5\u200b\uff0cOVS \u200b\u5185\u6838\u6a21\u5757\u200b\u7684\u200b\u7f16\u8bd1\u200b\u65b9\u6cd5\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u4e0a\u200b\u4e00\u8282\u200b\u3002
STT \u200b\u96a7\u9053\u200b\u5f00\u542f\u200b\uff1a
kubectl set env daemonset/ovs-ovn -n kube-system TUNNEL_TYPE=stt\n\nkubectl delete pod -n kube-system -lapp=ovs\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/security-group/","title":"SecurityGroup \u200b\u4f7f\u7528","text":"Kube-OVN \u200b\u652f\u6301\u200b\u4e86\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u914d\u7f6e\u200b\u5b89\u5168\u200b\u7ec4\u200b\u4f7f\u7528\u200b\u7684\u200b CRD \u200b\u4e3a\u200b SecurityGroup\u3002
"},{"location":"advance/security-group/#_1","title":"\u5b89\u5168\u200b\u7ec4\u200b\u793a\u4f8b","text":"apiVersion: kubeovn.io/v1\nkind: SecurityGroup\nmetadata:\n name: sg-example\nspec:\n allowSameGroupTraffic: true\n egressRules:\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: all\n remoteAddress: 10.16.0.13 # 10.16.0.0/16 \u200b\u914d\u7f6e\u200b\u7f51\u6bb5\u200b\n remoteType: address\n ingressRules:\n - ipVersion: ipv4\n policy: deny\n priority: 1\n protocol: icmp\n remoteAddress: 10.16.0.14\n remoteType: address\n
\u200b\u5b89\u5168\u200b\u7ec4\u5404\u5b57\u200b\u6bb5\u200b\u7684\u200b\u5177\u4f53\u200b\u542b\u4e49\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u63a5\u53e3\u200b\u89c4\u8303\u200b\u3002
Pod \u200b\u901a\u8fc7\u200b\u6dfb\u52a0\u200b annotation \u200b\u6765\u200b\u7ed1\u5b9a\u200b\u5b89\u5168\u200b\u7ec4\u200b\uff0c\u200b\u4f7f\u7528\u200b\u7684\u200b annotation \u200b\u6709\u200b\u4e24\u4e2a\u200b\uff1a
- port_security: \u200b\u6e90\u5730\u5740\u200b\u6821\u9a8c\u200b\uff0c\u200b\u5982\u679c\u200b\u5f00\u542f\u200b\uff0c\u200b\u53ea\u6709\u200b kube-ovn ipam \u200b\u5206\u914d\u200b\u5230\u200b\u7684\u200b ip \u200b\u6e90\u5730\u5740\u200b\u7684\u200b\u5305\u200b\u53ef\u4ee5\u200b\u4ece\u200b pod \u200b\u7f51\u5361\u200b\u51fa\u53bb\u200b\uff0c\u200b\u5173\u95ed\u200b\u540e\u200b, \u200b\u4efb\u610f\u200b ip \u200b\u90fd\u200b\u53ef\u4ee5\u200b\u3002
- security_groups\uff1a \u200b\u5b89\u5168\u200b\u7ec4\u200b\u5217\u8868\u200b\uff0c\u200b\u5305\u542b\u200b\u4e00\u7cfb\u5217\u200b ACL \u200b\u89c4\u5219\u200b\u3002
\u200b\u8fd9\u200b\u4e24\u4e2a\u200b annotation \u200b\u8d1f\u8d23\u200b\u7684\u200b\u529f\u80fd\u200b\u662f\u200b\u4e92\u76f8\u200b\u72ec\u7acb\u200b\u7684\u200b\u3002
ovn.kubernetes.io/port_security: \"true\"\n ovn.kubernetes.io/security_groups: sg-example\n
"},{"location":"advance/security-group/#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":" -
\u200b\u5b89\u5168\u200b\u7ec4\u200b\u6700\u540e\u200b\u662f\u200b\u901a\u8fc7\u200b\u8bbe\u7f6e\u200b ACL \u200b\u89c4\u5219\u200b\u6765\u200b\u9650\u5236\u200b\u8bbf\u95ee\u200b\u7684\u200b\uff0cOVN \u200b\u6587\u6863\u200b\u4e2d\u200b\u63d0\u5230\u200b\uff0c\u200b\u5982\u679c\u200b\u5339\u914d\u200b\u5230\u200b\u7684\u200b\u4e24\u4e2a\u200b ACL \u200b\u89c4\u5219\u200b\u62e5\u6709\u200b\u76f8\u540c\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u5b9e\u9645\u200b\u8d77\u200b\u4f5c\u7528\u200b\u7684\u200b\u662f\u200b\u54ea\u4e2a\u200b ACL \u200b\u662f\u200b\u4e0d\u200b\u786e\u5b9a\u200b\u7684\u200b\u3002\u200b\u56e0\u6b64\u200b\u8bbe\u7f6e\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u533a\u5206\u200b\u4f18\u5148\u7ea7\u200b\u3002
-
\u200b\u5f53\u200b\u6dfb\u52a0\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u8981\u200b\u6e05\u695a\u200b\u7684\u200b\u77e5\u9053\u200b\u662f\u200b\u5728\u200b\u6dfb\u52a0\u200b\u4ec0\u4e48\u200b\u9650\u5236\u200b\u3002Kube-OVN \u200b\u4f5c\u4e3a\u200b CNI\uff0c\u200b\u521b\u5efa\u200b Pod \u200b\u540e\u200b\u4f1a\u200b\u8fdb\u884c\u200b Pod \u200b\u5230\u200b\u7f51\u5173\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u5982\u679c\u200b\u8bbf\u95ee\u200b\u4e0d\u901a\u200b\u7f51\u5173\u200b\uff0c\u200b\u5c31\u200b\u4f1a\u200b\u5bfc\u81f4\u200b Pod \u200b\u4e00\u76f4\u200b\u5904\u4e8e\u200b ContainerCreating \u200b\u72b6\u6001\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u987a\u5229\u200b\u5207\u6362\u200b\u5230\u200b Running \u200b\u72b6\u6001\u200b\u3002
"},{"location":"advance/security-group/#_3","title":"\u5b9e\u9645\u200b\u6d4b\u8bd5","text":"\u200b\u5229\u7528\u200b\u4ee5\u4e0b\u200b yaml \u200b\u521b\u5efa\u200b Pod\uff0c\u200b\u5728\u200b annotation \u200b\u4e2d\u200b\u6307\u5b9a\u200b\u7ed1\u5b9a\u200b\u793a\u4f8b\u200b\u4e2d\u200b\u7684\u200b\u5b89\u5168\u200b\u7ec4\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n app: static\n annotations:\n ovn.kubernetes.io/port_security: 'true'\n ovn.kubernetes.io/security_groups: 'sg-example'\n name: sg-test-pod\n namespace: default\nspec:\n nodeName: kube-ovn-worker\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
\u200b\u5b9e\u9645\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u663e\u793a\u200b\u5982\u4e0b\u200b\uff1a
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nsg-test-pod 0/1 ContainerCreating 0 5h32m <none> kube-ovn-worker <none> <none>\ntest-99fff7f86-52h9r 1/1 Running 0 5h41m 10.16.0.14 kube-ovn-control-plane <none> <none>\ntest-99fff7f86-qcgjw 1/1 Running 0 5h43m 10.16.0.13 kube-ovn-worker <none> <none>\n
\u200b\u6267\u884c\u200b kubectl describe pod \u200b\u67e5\u770b\u200b Pod \u200b\u7684\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u62a5\u9519\u200b\u63d0\u793a\u200b\uff1a
# kubectl describe pod sg-test-pod\nName: sg-test-pod\nNamespace: default\nPriority: 0\nNode: kube-ovn-worker/172.18.0.2\nStart Time: Tue, 28 Feb 2023 10:29:36 +0800\nLabels: app=static\nAnnotations: ovn.kubernetes.io/allocated: true\n ovn.kubernetes.io/cidr: 10.16.0.0/16\n ovn.kubernetes.io/gateway: 10.16.0.1\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/logical_router: ovn-cluster\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:FA:17:97\n ovn.kubernetes.io/pod_nic_type: veth-pair\n ovn.kubernetes.io/port_security: true\n ovn.kubernetes.io/routed: true\n ovn.kubernetes.io/security_groups: sg-allow-reject\nStatus: Pending\nIP:\nIPs: <none>\n\u00b7\n\u00b7\n\u00b7\nEvents:\n Type Reason Age From Message\n ---- ------ ---- ---- -------\n Warning FailedCreatePodSandBox 5m3s (x70 over 4h59m) kubelet (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox \"40636e0c7f1ade5500fa958486163d74f2e2300051a71522a9afd7ba0538afb6\": plugin type=\"kube-ovn\" failed (add): RPC failed; request ip return 500 configure nic failed 10.16.0.15 network not ready after 200 ping 10.16.0.1\n
\u200b\u4fee\u6539\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u89c4\u5219\u200b\uff0c\u200b\u6dfb\u52a0\u200b\u5230\u200b\u7f51\u5173\u200b\u7684\u200b\u8bbf\u95ee\u200b\u89c4\u5219\u200b\uff0c\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SecurityGroup\nmetadata:\n name: sg-gw-both\nspec:\n allowSameGroupTraffic: true\n egressRules:\n - ipVersion: ipv4\n policy: allow\n priority: 2\n protocol: all\n remoteAddress: 10.16.0.13\n remoteType: address\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: all\n remoteAddress: 10.16.0.1\n remoteType: address\n ingressRules:\n - ipVersion: ipv4\n policy: deny\n priority: 2\n protocol: icmp\n remoteAddress: 10.16.0.14\n remoteType: address\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: icmp\n remoteAddress: 10.16.0.1\n remoteType: address\n
\u200b\u5206\u522b\u200b\u5728\u200b\u5165\u200b\u65b9\u5411\u200b\u548c\u200b\u51fa\u200b\u65b9\u5411\u200b\u89c4\u5219\u200b\u4e2d\u200b\uff0c\u200b\u6dfb\u52a0\u200b\u5141\u8bb8\u200b\u5230\u200b\u7f51\u5173\u200b\u7684\u200b\u8bbf\u95ee\u200b\u89c4\u5219\u200b\uff0c\u200b\u5e76\u4e14\u200b\u8bbe\u7f6e\u200b\u8be5\u200b\u89c4\u5219\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\u6700\u9ad8\u200b\u3002
\u200b\u5229\u7528\u200b\u4ee5\u4e0b\u200b yaml \u200b\u7ed1\u5b9a\u200b\u5b89\u5168\u200b\u7ec4\u200b\uff0c\u200b\u90e8\u7f72\u200b Pod \u200b\u540e\u200b\uff0c\u200b\u786e\u8ba4\u200b Pod \u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u8fd0\u884c\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n app: static\n annotations:\n ovn.kubernetes.io/port_security: 'true'\n ovn.kubernetes.io/security_groups: 'sg-gw-both'\n name: sg-gw-both\n namespace: default\nspec:\n nodeName: kube-ovn-worker\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
\u200b\u90e8\u7f72\u200b\u540e\u200b\u67e5\u770b\u200b Pod \u200b\u4fe1\u606f\u200b\uff1a
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nsg-test-pod 0/1 ContainerCreating 0 5h41m <none> kube-ovn-worker <none> <none>\nsg-gw-both 1/1 Running 0 5h37m 10.16.0.19 kube-ovn-worker <none> <none>\n
\u200b\u56e0\u6b64\u200b\u5bf9\u4e8e\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u8981\u200b\u7279\u522b\u200b\u660e\u786e\u200b\u6dfb\u52a0\u200b\u7684\u200b\u9650\u5236\u200b\u89c4\u5219\u200b\u7684\u200b\u4f5c\u7528\u200b\u3002\u200b\u5982\u679c\u200b\u5355\u7eaf\u200b\u662f\u200b\u9650\u5236\u200b\u6d41\u91cf\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u8003\u8651\u200b\u4f7f\u7528\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u5b9e\u73b0\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vip/","title":"VIP \u200b\u9884\u7559\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\u6211\u4eec\u200b\u5e0c\u671b\u200b\u52a8\u6001\u200b\u7684\u200b\u9884\u7559\u200b\u4e00\u90e8\u5206\u200b IP \u200b\u4f46\u662f\u200b\u5e76\u200b\u4e0d\u200b\u5206\u914d\u200b\u7ed9\u200b Pod \u200b\u800c\u662f\u200b\u5206\u914d\u200b\u7ed9\u200b\u5176\u4ed6\u200b\u7684\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u542f\u7528\u200b\uff0c\u200b\u4f8b\u5982\u200b\uff1a
- Kubernetes \u200b\u5d4c\u5957\u200b Kubernetes \u200b\u7684\u200b\u573a\u666f\u200b\u4e2d\u4e0a\u5c42\u200b Kubernetes \u200b\u4f7f\u7528\u200b Underlay \u200b\u7f51\u7edc\u200b\u4f1a\u200b\u5360\u7528\u200b\u5e95\u5c42\u200b Subnet \u200b\u53ef\u7528\u200b\u5730\u5740\u200b\u3002
- LB \u200b\u6216\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u4e00\u4e2a\u200b Subnet \u200b\u5185\u200b\u7684\u200b IP\uff0c\u200b\u4f46\u200b\u4e0d\u4f1a\u200b\u5355\u72ec\u200b\u8d77\u200b Pod\u3002
"},{"location":"advance/vip/#vip_1","title":"\u521b\u5efa\u200b\u968f\u673a\u200b\u5730\u5740\u200b VIP","text":"\u200b\u5982\u679c\u200b\u53ea\u662f\u200b\u4e3a\u4e86\u200b\u9884\u7559\u200b\u82e5\u5e72\u200b IP \u200b\u800c\u200b\u5bf9\u200b IP \u200b\u5730\u5740\u200b\u672c\u8eab\u200b\u6ca1\u6709\u200b\u8981\u6c42\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b yaml \u200b\u8fdb\u884c\u200b\u521b\u5efa\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: vip-dynamic-01\nspec:\n subnet: ovn-default\n type: \"\"\n
subnet: \u200b\u5c06\u200b\u4ece\u200b\u8be5\u200b Subnet \u200b\u4e2d\u200b\u9884\u7559\u200b IP\u3002type: \u200b\u76ee\u524d\u200b\u652f\u6301\u200b\u4e24\u79cd\u200b\u7c7b\u578b\u200b\uff0c\u200b\u4e3a\u7a7a\u200b\u8868\u793a\u200b\u4ec5\u200b\u7528\u4e8e\u200b ipam ip \u200b\u5360\u4f4d\u200b\uff0cswitch_lb_vip \u200b\u8868\u793a\u200b\u8be5\u200b vip \u200b\u4ec5\u200b\u7528\u4e8e\u200b switch lb \u200b\u524d\u7aef\u200b vip \u200b\u548c\u200b\u540e\u200b\u7aef\u200b ip \u200b\u9700\u200b\u5904\u4e8e\u200b\u540c\u4e00\u200b\u5b50\u7f51\u200b\u3002
\u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\u67e5\u8be2\u200b\u8be5\u200b VIP\uff1a
# kubectl get vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\nvip-dynamic-01 10.16.0.12 00:00:00:F0:DB:25 ovn-default true\n
\u200b\u53ef\u89c1\u200b\u8be5\u200b VIP \u200b\u88ab\u200b\u5206\u914d\u200b\u4e86\u200b 10.16.0.12 \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u53ef\u4ee5\u200b\u4e4b\u540e\u200b\u4f9b\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u4f7f\u7528\u200b\u3002
"},{"location":"advance/vip/#vip_2","title":"\u521b\u5efa\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b VIP","text":"\u200b\u5982\u5bf9\u200b\u9884\u7559\u200b\u7684\u200b VIP \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u6709\u200b\u9700\u6c42\u200b\u53ef\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b yaml \u200b\u8fdb\u884c\u200b\u56fa\u5b9a\u200b\u5206\u914d\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: static-vip01\nspec:\n subnet: ovn-default \n v4ip: \"10.16.0.121\"\n
subnet: \u200b\u5c06\u200b\u4ece\u200b\u8be5\u200b Subnet \u200b\u4e2d\u200b\u9884\u7559\u200b IP\u3002v4ip: \u200b\u56fa\u5b9a\u200b\u5206\u914d\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u9700\u5728\u200b subnet \u200b\u7684\u200b CIDR \u200b\u8303\u56f4\u200b\u5185\u200b\u3002
\u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\u67e5\u8be2\u200b\u8be5\u200b VIP\uff1a
# kubectl get vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\nstatic-vip01 10.16.0.121 00:00:00:F0:DB:26 ovn-default true\n
\u200b\u53ef\u89c1\u200b\u8be5\u200b VIP \u200b\u88ab\u200b\u5206\u914d\u200b\u4e86\u200b\u6240\u200b\u9884\u671f\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
"},{"location":"advance/vip/#pod-vip-ip","title":"Pod \u200b\u4f7f\u7528\u200b VIP \u200b\u6765\u200b\u56fa\u5b9a\u200b IP","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u4ece\u200b v1.12 \u200b\u5f00\u59cb\u200b\u652f\u6301\u200b\u3002
\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b annotation \u200b\u5c06\u200b\u67d0\u4e2a\u200b VIP \u200b\u5206\u914d\u200b\u7ed9\u200b\u4e00\u4e2a\u200b Pod\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: static-ip\n annotations:\n ovn.kubernetes.io/vip: vip-dynamic-01 # \u200b\u6307\u5b9a\u200b vip\n namespace: default\nspec:\n containers:\n - name: static-ip\n image: docker.io/library/nginx:alpine\n
"},{"location":"advance/vip/#statefulset-kubevirt-vm-vip","title":"StatefulSet \u200b\u548c\u200b Kubevirt VM \u200b\u4fdd\u7559\u200b VIP","text":"\u200b\u9488\u5bf9\u200b StatefulSet \u200b\u548c\u200b VM \u200b\u7684\u200b\u7279\u6b8a\u6027\u200b\uff0c\u200b\u5728\u200b\u4ed6\u4eec\u200b\u7684\u200b Pod \u200b\u9500\u6bc1\u200b\u518d\u62c9\u8d77\u200b\u8d77\u540e\u200b\u4f1a\u200b\u91cd\u65b0\u200b\u4f7f\u7528\u200b\u4e4b\u524d\u200b\u8bbe\u7f6e\u200b\u7684\u200b VIP\u3002
VM \u200b\u4fdd\u7559\u200b VIP \u200b\u9700\u8981\u200b\u786e\u4fdd\u200b kube-ovn-controller \u200b\u7684\u200b keep-vm-ip \u200b\u53c2\u6570\u200b\u4e3a\u200b true\u3002\u200b\u8bf7\u200b\u53c2\u8003\u200b Kubevirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u5f00\u542f\u200b\u8bbe\u7f6e\u200b
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vpc-dns/","title":"\u81ea\u5b9a\u4e49\u200b VPC DNS","text":"\u200b\u7531\u4e8e\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u548c\u200b \u200b\u9ed8\u8ba4\u200b VPC \u200b\u7f51\u7edc\u200b\u76f8\u4e92\u200b\u9694\u79bb\u200b\uff0c\u200b\u81ea\u200b\u5b9a\u200b VPC \u200b\u5185\u200b\u65e0\u6cd5\u8bbf\u95ee\u200b\u5230\u200b\u90e8\u7f72\u200b\u5728\u200b\u9ed8\u8ba4\u200b VPC \u200b\u5185\u200b\u7684\u200b coredns\u3002 \u200b\u5982\u679c\u200b\u7528\u6237\u200b\u5e0c\u671b\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u63d0\u4f9b\u200b\u7684\u200b\u96c6\u7fa4\u200b\u5185\u200b\u57df\u540d\u89e3\u6790\u200b\u80fd\u529b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u672c\u200b\u6587\u6863\u200b\uff0c\u200b\u5229\u7528\u200b vpc-dns CRD \u200b\u6765\u200b\u5b9e\u73b0\u200b\u3002
\u200b\u8be5\u200b CRD \u200b\u6700\u7ec8\u200b\u4f1a\u200b\u90e8\u7f72\u200b\u4e00\u4e2a\u200b coredns\uff0c\u200b\u8be5\u200b Pod \u200b\u6709\u200b\u4e24\u4e2a\u200b\u7f51\u5361\u200b\uff0c\u200b\u4e00\u4e2a\u200b\u7f51\u5361\u200b\u5728\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC\uff0c\u200b\u53e6\u200b\u4e00\u4e2a\u200b\u7f51\u5361\u200b\u5728\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4ece\u800c\u200b\u5b9e\u73b0\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\uff0c\u200b\u540c\u65f6\u200b\u901a\u8fc7\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u63d0\u4f9b\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u3002
"},{"location":"advance/vpc-dns/#vpc-dns_1","title":"\u90e8\u7f72\u200b vpc-dns \u200b\u6240\u200b\u4f9d\u8d56\u200b\u7684\u200b\u8d44\u6e90","text":"apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:vpc-dns\nrules:\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - namespaces\n verbs:\n - list\n - watch\n - apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n annotations:\n rbac.authorization.kubernetes.io/autoupdate: \"true\"\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: vpc-dns\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:vpc-dns\nsubjects:\n- kind: ServiceAccount\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-corefile\n namespace: kube-system\ndata:\n Corefile: |\n .:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n forward . /etc/resolv.conf {\n prefer_udp\n }\n cache 30\n loop\n reload\n loadbalance\n }\n
\u200b\u9664\u4e86\u200b\u4ee5\u4e0a\u200b\u8d44\u6e90\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u8fd8\u200b\u4f9d\u8d56\u200b nat-gw-pod \u200b\u955c\u50cf\u200b\u8fdb\u884c\u200b\u8def\u7531\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"advance/vpc-dns/#_1","title":"\u914d\u7f6e\u200b\u9644\u52a0\u200b\u7f51\u5361","text":"apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-nad\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-nad.default.ovn\"\n }'\n
"},{"location":"advance/vpc-dns/#vpc-dns-configmap","title":"\u914d\u7f6e\u200b vpc-dns \u200b\u7684\u200b Configmap","text":"\u200b\u5728\u200b kube-system \u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u4e0b\u200b\u521b\u5efa\u200b configmap\uff0c\u200b\u914d\u7f6e\u200b vpc-dns \u200b\u4f7f\u7528\u200b\u53c2\u6570\u200b\uff0c\u200b\u7528\u4e8e\u200b\u540e\u9762\u200b\u542f\u52a8\u200b vpc-dns \u200b\u529f\u80fd\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-config\n namespace: kube-system\ndata:\n coredns-vip: 10.96.0.3\n enable-vpc-dns: \"true\"\n nad-name: ovn-nad\n nad-provider: ovn-nad.default.ovn\n
enable-vpc-dns\uff1a\u200b\u662f\u5426\u200b\u542f\u7528\u200b\u529f\u80fd\u200b\uff0c\u200b\u9ed8\u8ba4\u200b true\u3002coredns-image\uff1adns \u200b\u90e8\u7f72\u200b\u955c\u50cf\u200b\u3002\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b coredns \u200b\u90e8\u7f72\u200b\u7248\u672c\u200b\u3002coredns-vip\uff1a\u200b\u4e3a\u200b coredns \u200b\u63d0\u4f9b\u200b lb \u200b\u670d\u52a1\u200b\u7684\u200b vip\u3002coredns-template\uff1acoredns \u200b\u90e8\u7f72\u200b\u6a21\u677f\u200b\u6240\u5728\u200b\u7684\u200b URL\u3002\u200b\u9ed8\u8ba4\u200b\u83b7\u53d6\u200b\u5f53\u524d\u200b\u7248\u672c\u200b ovn \u200b\u76ee\u5f55\u200b\u4e0b\u200b coredns-template.yaml \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b https://raw.githubusercontent.com/kubeovn/kube-ovn/\u200b\u5f53\u524d\u200b\u7248\u672c\u200b/yamls/coredns-template.yaml \u3002nad-name\uff1a\u200b\u914d\u7f6e\u200b\u7684\u200b network-attachment-definitions \u200b\u8d44\u6e90\u200b\u540d\u79f0\u200b\u3002nad-provider\uff1a\u200b\u4f7f\u7528\u200b\u7684\u200b provider \u200b\u540d\u79f0\u200b\u3002k8s-service-host\uff1a\u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b ip\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u5185\u200b apiserver \u200b\u5730\u5740\u200b\u3002k8s-service-port\uff1a\u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b port\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u5185\u200b apiserver \u200b\u7aef\u53e3\u200b\u3002
"},{"location":"advance/vpc-dns/#vpc-dns_2","title":"\u90e8\u7f72\u200b vpc-dns","text":"\u200b\u914d\u7f6e\u200b vpc-dns yaml\uff1a
kind: VpcDns\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-cjh1\nspec:\n vpc: cjh-vpc-1\n subnet: cjh-subnet-1\n replicas: 2\n
vpc \uff1a \u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b vpc \u200b\u540d\u79f0\u200b\u3002subnet\uff1a\u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b\u5b50\u200b\u540d\u79f0\u200b\u3002replicas: vpc dns deployment replicas
\u200b\u67e5\u770b\u200b\u90e8\u7f72\u200b\u8d44\u6e90\u200b\u7684\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get vpc-dns\nNAME ACTIVE VPC SUBNET \ntest-cjh1 false cjh-vpc-1 cjh-subnet-1 \ntest-cjh2 true cjh-vpc-1 cjh-subnet-2 \n
ACTIVE : true \u200b\u90e8\u7f72\u200b\u4e86\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b\uff0cfalse \u200b\u65e0\u200b\u90e8\u7f72\u200b\u3002
\u200b\u9650\u5236\u200b\uff1a\u200b\u4e00\u4e2a\u200b VPC \u200b\u4e0b\u200b\u53ea\u4f1a\u200b\u90e8\u7f72\u200b\u4e00\u4e2a\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b;
- \u200b\u5f53\u200b\u4e00\u4e2a\u200b VPC \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u591a\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\uff08\u200b\u5373\u200b\u540c\u4e00\u4e2a\u200b VPC \u200b\u4e0d\u540c\u200b\u7684\u200b subnet\uff09\uff0c\u200b\u53ea\u6709\u200b\u4e00\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\u72b6\u6001\u200b
true\uff0c\u200b\u5176\u4ed6\u200b\u4e3a\u200b fasle; - \u200b\u5f53\u200b
true \u200b\u7684\u200b vpc-dns \u200b\u88ab\u200b\u5220\u9664\u200b\u6389\u200b\uff0c\u200b\u4f1a\u200b\u83b7\u53d6\u200b\u5176\u4ed6\u200b false \u200b\u7684\u200b vpc-dns \u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\u3002
"},{"location":"advance/vpc-dns/#_2","title":"\u9a8c\u8bc1\u200b\u90e8\u7f72\u200b\u7ed3\u679c","text":"\u200b\u67e5\u770b\u200b vpc-dns Pod \u200b\u72b6\u6001\u200b\uff0c\u200b\u4f7f\u7528\u200b label app=vpc-dns\uff0c\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b\u6240\u6709\u200b vpc-dns pod \u200b\u72b6\u6001\u200b\uff1a
# kubectl -n kube-system get pods -l app=vpc-dns\nNAME READY STATUS RESTARTS AGE\nvpc-dns-test-cjh1-7b878d96b4-g5979 1/1 Running 0 28s\nvpc-dns-test-cjh1-7b878d96b4-ltmf9 1/1 Running 0 28s\n
\u200b\u67e5\u770b\u200b slr \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\uff1a
# kubectl -n kube-system get slr\nNAME VIP PORT(S) SERVICE AGE\nvpc-dns-test-cjh1 10.96.0.3 53/UDP,53/TCP,9153/TCP kube-system/slr-vpc-dns-test-cjh1 113s\n
\u200b\u8fdb\u5165\u200b\u8be5\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Pod\uff0c\u200b\u6d4b\u8bd5\u200b dns \u200b\u89e3\u6790\u200b:
nslookup kubernetes.default.svc.cluster.local 10.96.0.3\n
\u200b\u8be5\u200b VPC \u200b\u4e0b\u200b\u7684\u200b switch lb rule \u200b\u6240\u5728\u200b\u7684\u200b\u5b50\u7f51\u200b\u4ee5\u53ca\u200b\u540c\u4e00\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u5176\u4ed6\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b pod \u200b\u90fd\u200b\u53ef\u4ee5\u200b\u89e3\u6790\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vpc-internal-lb/","title":"\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861","text":"Kubernetes \u200b\u63d0\u4f9b\u200b\u7684\u200b Service \u200b\u53ef\u4ee5\u200b\u7528\u4f5c\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\uff0c \u200b\u4f46\u662f\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c \u200b\u4f7f\u7528\u200b Service \u200b\u4f5c\u4e3a\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u5b58\u5728\u200b\u5982\u4e0b\u200b\u51e0\u4e2a\u200b\u95ee\u9898\u200b\uff1a
- Service IP \u200b\u8303\u56f4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u8d44\u6e90\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5171\u4eab\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u91cd\u53e0\u200b\u3002
- \u200b\u7528\u6237\u200b\u65e0\u6cd5\u200b\u6309\u7167\u200b\u81ea\u5df1\u200b\u610f\u613f\u200b\u8bbe\u7f6e\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
\u200b\u4e3a\u4e86\u200b\u89e3\u51b3\u200b\u4e0a\u8ff0\u200b\u95ee\u9898\u200b\uff0cKube-OVN \u200b\u5728\u200b 1.11 \u200b\u5f15\u5165\u200b SwitchLBRule CRD\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u8bbe\u7f6e\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u3002
SwitchLBRule \u200b\u652f\u6301\u200b\u4ee5\u4e0b\u200b\u4e24\u79cd\u200b\u65b9\u5f0f\u200b\u8bbe\u7f6e\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u3002
"},{"location":"advance/vpc-internal-lb/#selector","title":"Selector \u200b\u81ea\u52a8\u200b\u751f\u6210\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b selector \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b label \u200b\u81ea\u52a8\u200b\u5173\u8054\u200b pod \u200b\u914d\u7f6e\u200b\u751f\u6210\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u3002
SwitchLBRule \u200b\u6837\u200b\u4f8b\u5982\u200b\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n selector:\n - app:nginx\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
-
selector, sessionAffinity \u200b\u548c\u200b port \u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u540c\u200b Kubernetes Service\u3002
-
vip\uff1a\u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
-
namespace\uff1aselector \u200b\u6240\u200b\u9009\u62e9\u200b Pod \u200b\u6240\u5728\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u3002
Kube-OVN \u200b\u4f1a\u200b\u6839\u636e\u200b SwitchLBRule \u200b\u5b9a\u4e49\u200b\u9009\u62e9\u200b\u7684\u200b Pod \u200b\u5f97\u51fa\u200b Pod \u200b\u6240\u5728\u200b VPC \u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b L2 LB\u3002
"},{"location":"advance/vpc-internal-lb/#endpoints","title":"Endpoints \u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b endpoints \u200b\u53ef\u4ee5\u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\uff0c\u200b\u7528\u4ee5\u200b\u652f\u6301\u200b\u65e0\u6cd5\u200b\u901a\u8fc7\u200b selector \u200b\u81ea\u52a8\u200b\u751f\u6210\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u7684\u200b\u573a\u666f\u200b\uff0c\u200b\u6bd4\u5982\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u540e\u7aef\u200b\u662f\u200b kubevirt \u200b\u521b\u5efa\u200b\u7684\u200b vm \u3002
SwitchLBRule \u200b\u6837\u200b\u4f8b\u5982\u200b\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n endpoints:\n - 192.168.0.101\n - 192.168.0.102\n - 192.168.0.103\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
-
sessionAffinity \u200b\u548c\u200b port \u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u540c\u200b Kubernetes Service\u3002
-
vip\uff1a\u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
-
namespace\uff1aselector \u200b\u6240\u200b\u9009\u62e9\u200b Pod \u200b\u6240\u5728\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u3002
-
endpoints\uff1a\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u540e\u200b\u7aef\u200b IP \u200b\u5217\u8868\u200b\u3002
\u200b\u6ce8\u200b\uff1a\u200b\u5982\u679c\u200b\u540c\u65f6\u200b\u914d\u7f6e\u200b\u4e86\u200b selector \u200b\u548c\u200b endpoints,\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5ffd\u7565\u200b selector \u200b\u914d\u7f6e\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vpc-peering/","title":"VPC \u200b\u4e92\u8054","text":"VPC \u200b\u4e92\u8054\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u79cd\u200b\u5c06\u200b\u4e24\u4e2a\u200b VPC \u200b\u7f51\u7edc\u200b\u901a\u8fc7\u200b\u903b\u8f91\u200b\u8def\u7531\u200b\u6253\u901a\u200b\u7684\u200b\u673a\u5236\u200b\uff0c\u200b\u4ece\u800c\u200b\u4f7f\u200b\u4e24\u4e2a\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b\u53ef\u4ee5\u200b\u50cf\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u79c1\u6709\u200b\u7f51\u7edc\u200b\u4e00\u6837\u200b\uff0c \u200b\u901a\u8fc7\u200b\u79c1\u6709\u200b\u5730\u5740\u200b\u76f8\u4e92\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u65e0\u9700\u200b\u901a\u8fc7\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u8fdb\u884c\u200b NAT \u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"advance/vpc-peering/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u8be5\u200b\u529f\u80fd\u200b\u53ea\u200b\u9002\u7528\u200b\u4e8e\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC\u3002
- \u200b\u4e3a\u4e86\u200b\u907f\u514d\u200b\u8def\u7531\u200b\u91cd\u53e0\u200b\u4e24\u4e2a\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u80fd\u200b\u91cd\u53e0\u200b\u3002
- \u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b\u4e24\u4e2a\u200b VPC \u200b\u7684\u200b\u4e92\u8054\u200b\uff0c\u200b\u66f4\u200b\u591a\u7ec4\u200b VPC \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4e92\u8054\u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b\u3002
"},{"location":"advance/vpc-peering/#_2","title":"\u4f7f\u7528\u200b\u65b9\u5f0f","text":"\u200b\u9996\u5148\u200b\u521b\u5efa\u200b\u4e24\u4e2a\u200b\u4e0d\u200b\u4e92\u8054\u200b\u7684\u200b VPC\uff0c\u200b\u6bcf\u4e2a\u200b VPC \u200b\u4e0b\u200b\u5404\u6709\u200b\u4e00\u4e2a\u200b Subnet\uff0cSubnet \u200b\u7684\u200b CIDR \u200b\u4e92\u4e0d\u200b\u91cd\u53e0\u200b\u3002
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-1\nspec: {}\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net1\nspec:\n vpc: vpc-1\n cidrBlock: 10.0.0.0/16\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-2\nspec: {}\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: vpc-2\n cidrBlock: 172.31.0.0/16\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b VPC \u200b\u5185\u200b\u5206\u522b\u200b\u589e\u52a0\u200b vpcPeerings \u200b\u548c\u200b\u5bf9\u5e94\u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff1a
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-1\nspec: \n vpcPeerings:\n - remoteVpc: vpc-2\n localConnectIP: 169.254.0.1/30\n staticRoutes:\n - cidr: 172.31.0.0/16\n nextHopIP: 169.254.0.2\n policy: policyDst\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-2\nspec:\n vpcPeerings:\n - remoteVpc: vpc-1\n localConnectIP: 169.254.0.2/30\n staticRoutes:\n - cidr: 10.0.0.0/16\n nextHopIP: 169.254.0.1\n policy: policyDst\n
remoteVpc: \u200b\u4e92\u8054\u200b\u7684\u200b\u53e6\u200b\u4e00\u4e2a\u200b VPC \u200b\u7684\u200b\u540d\u5b57\u200b\u3002localConnectIP: \u200b\u4f5c\u4e3a\u200b\u4e92\u8054\u200b\u7aef\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u548c\u200b CIDR\uff0c\u200b\u6ce8\u610f\u200b\u4e24\u7aef\u200b IP \u200b\u5e94\u200b\u5c5e\u4e8e\u200b\u540c\u4e00\u200b CIDR\uff0c\u200b\u4e14\u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u6709\u200b\u5b50\u7f51\u200b\u51b2\u7a81\u200b\u3002cidr\uff1a\u200b\u53e6\u4e00\u7aef\u200b Subnet \u200b\u7684\u200b CIDR\u3002nextHopIP\uff1a\u200b\u4e92\u8054\u200b VPC \u200b\u53e6\u4e00\u7aef\u200b\u7684\u200b localConnectIP\u3002
\u200b\u5206\u522b\u200b\u5728\u200b\u4e24\u4e2a\u200b Subnet \u200b\u4e0b\u200b\u521b\u5efa\u200b Pod
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net1\n name: vpc-1-pod\nspec:\n containers:\n - name: vpc-1-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net2\n name: vpc-2-pod\nspec:\n containers:\n - name: vpc-2-pod\n image: docker.io/library/nginx:alpine\n
\u200b\u6d4b\u8bd5\u200b\u7f51\u7edc\u200b\u8fde\u901a\u6027\u200b
# kubectl exec -it vpc-1-pod -- ping $(kubectl get pod vpc-2-pod -o jsonpath='{.status.podIP}')\nPING 172.31.0.2 (172.31.0.2): 56 data bytes\n64 bytes from 172.31.0.2: seq=0 ttl=62 time=0.655 ms\n64 bytes from 172.31.0.2: seq=1 ttl=62 time=0.086 ms\n64 bytes from 172.31.0.2: seq=2 ttl=62 time=0.098 ms\n^C\n--- 172.31.0.2 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.086/0.279/0.655 ms\n# kubectl exec -it vpc-2-pod -- ping $(kubectl get pod vpc-1-pod -o jsonpath='{.status.podIP}')\nPING 10.0.0.2 (10.0.0.2): 56 data bytes\n64 bytes from 10.0.0.2: seq=0 ttl=62 time=0.594 ms\n64 bytes from 10.0.0.2: seq=1 ttl=62 time=0.093 ms\n64 bytes from 10.0.0.2: seq=2 ttl=62 time=0.088 ms\n^C\n--- 10.0.0.2 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.088/0.258/0.594 ms\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/windows/","title":"Windows \u200b\u652f\u6301","text":"Kube-OVN \u200b\u652f\u6301\u200b\u5305\u542b\u200b Windows \u200b\u7cfb\u7edf\u200b\u8282\u70b9\u200b\u7684\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5c06\u200b Windows \u200b\u5bb9\u5668\u200b\u7684\u200b\u7f51\u7edc\u200b\u7edf\u4e00\u200b\u63a5\u5165\u200b\u8fdb\u884c\u200b\u7ba1\u7406\u200b\u3002
"},{"location":"advance/windows/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u53c2\u8003\u200b Adding Windows nodes \u200b\u589e\u52a0\u200b Windows \u200b\u8282\u70b9\u200b\u3002
- Windows \u200b\u8282\u70b9\u200b\u5fc5\u987b\u200b\u5b89\u88c5\u200b KB4489899 \u200b\u8865\u4e01\u200b\u4ee5\u200b\u4f7f\u200b Overlay/VXLAN \u200b\u7f51\u7edc\u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u5efa\u8bae\u200b\u66f4\u65b0\u200b\u7cfb\u7edf\u200b\u81f3\u200b\u6700\u65b0\u200b\u7248\u672c\u200b\u3002
- Windows \u200b\u8282\u70b9\u200b\u5fc5\u987b\u200b\u5b89\u88c5\u200b Hyper-V \u200b\u53ca\u200b\u7ba1\u7406\u5de5\u5177\u200b\u3002
- \u200b\u7531\u4e8e\u200b Windows \u200b\u9650\u5236\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u53ea\u80fd\u200b\u4f7f\u7528\u200b Vxlan \u200b\u6a21\u5f0f\u200b\u3002
- \u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b SSL\uff0cIPv6\uff0c\u200b\u53cc\u6808\u200b\uff0cQoS \u200b\u529f\u80fd\u200b\u3002
- \u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b\u52a8\u6001\u200b\u5b50\u7f51\u200b\uff0c\u200b\u52a8\u6001\u200b\u96a7\u9053\u200b\u63a5\u53e3\u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u5728\u200b\u5b89\u88c5\u200b Windows \u200b\u8282\u70b9\u200b\u524d\u200b\u5b8c\u6210\u200b\u5b50\u7f51\u200b\u521b\u5efa\u200b\uff0c\u200b\u5e76\u200b\u56fa\u5b9a\u200b\u7f51\u7edc\u63a5\u53e3\u200b\u3002
- \u200b\u4e0d\u200b\u652f\u6301\u200b\u591a\u4e2a\u200b
ProviderNetwork\uff0c\u200b\u4e14\u200b\u65e0\u6cd5\u200b\u52a8\u6001\u200b\u8c03\u6574\u200b\u6865\u63a5\u200b\u63a5\u53e3\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"advance/windows/#ovs","title":"\u5b89\u88c5\u200b OVS","text":"\u200b\u7531\u4e8e\u200b\u4e0a\u6e38\u200b OVN \u200b\u548c\u200b OVS \u200b\u5bf9\u200b Windows \u200b\u5bb9\u5668\u200b\u652f\u6301\u200b\u5b58\u5728\u200b\u4e00\u4e9b\u200b\u95ee\u9898\u200b\uff0c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u63d0\u4f9b\u200b\u7684\u200b\u7ecf\u8fc7\u200b\u4fee\u6539\u200b\u7684\u200b\u5b89\u88c5\u5305\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\u3002
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\u6253\u5f00\u200b Windows \u200b\u8282\u70b9\u200b\u7684\u200b TESTSIGNING \u200b\u542f\u52a8\u9879\u200b\uff0c\u200b\u6267\u884c\u200b\u6210\u529f\u200b\u540e\u200b\u9700\u8981\u200b\u91cd\u542f\u200b\u7cfb\u7edf\u200b\u751f\u6548\u200b\uff1a
bcdedit /set LOADOPTIONS DISABLE_INTEGRITY_CHECKS\nbcdedit /set TESTSIGNING ON\nbcdedit /set nointegritychecks ON\n
\u200b\u5728\u200b Windows \u200b\u8282\u70b9\u200b\u4e0b\u8f7d\u200b Windows \u200b\u5b89\u88c5\u5305\u200b\u5e76\u200b\u89e3\u538b\u200b\u5b89\u88c5\u200b\u3002
\u200b\u5b89\u88c5\u200b\u5b8c\u6210\u200b\u540e\u200b\u786e\u8ba4\u200b\u670d\u52a1\u200b\u6b63\u5e38\u200b\u8fd0\u884c\u200b\uff1a
PS > Get-Service | findstr ovs\nRunning ovsdb-server Open vSwitch DB Service\nRunning ovs-vswitchd Open vSwitch Service\n
"},{"location":"advance/windows/#kube-ovn","title":"\u5b89\u88c5\u200b Kube-OVN","text":"\u200b\u5728\u200b Windows \u200b\u8282\u70b9\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b install.ps1\u3002
\u200b\u8865\u5145\u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\u5e76\u200b\u6267\u884c\u200b\uff1a
.\\install.ps1 -KubeConfig C:\\k\\admin.conf -ApiServer https://192.168.140.180:6443 -ServiceCIDR 10.96.0.0/12\n
\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b, Kube-OVN \u200b\u4f7f\u7528\u200b\u8282\u70b9\u200b IP \u200b\u6240\u5728\u200b\u7684\u200b\u7f51\u5361\u200b\u4f5c\u4e3a\u200b\u96a7\u9053\u200b\u63a5\u53e3\u200b\u3002 \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u5176\u5b83\u200b\u7f51\u5361\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u524d\u200b\u7ed9\u200b\u8282\u70b9\u200b\u6dfb\u52a0\u200b\u6307\u5b9a\u200b\u7684\u200b Annotation\uff0c\u200b\u5982\u200b ovn.kubernetes.io/tunnel_interface=Ethernet1\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-bgp/","title":"BGP \u200b\u652f\u6301","text":"Kube-OVN \u200b\u652f\u6301\u200b\u5c06\u200b Pod \u200b\u6216\u200b Subnet \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u901a\u8fc7\u200b BGP \u200b\u534f\u8bae\u200b\u5411\u200b\u5916\u90e8\u200b\u8fdb\u884c\u200b\u8def\u7531\u200b\u5e7f\u64ad\u200b\uff0c\u200b\u4ece\u800c\u200b\u4f7f\u5f97\u200b Pod IP \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\u3002 \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u8be5\u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u5b89\u88c5\u200b kube-ovn-speaker \u200b\u5e76\u200b\u5bf9\u200b\u9700\u8981\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\u7684\u200b Pod \u200b\u6216\u200b Subnet \u200b\u589e\u52a0\u200b\u5bf9\u5e94\u200b\u7684\u200b annotation\u3002
"},{"location":"advance/with-bgp/#kube-ovn-speaker","title":"\u5b89\u88c5\u200b kube-ovn-speaker","text":"kube-ovn-speaker \u200b\u5185\u200b\u4f7f\u7528\u200b GoBGP \u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u8bbf\u95ee\u200b\u66b4\u9732\u200b\u5730\u5740\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u8def\u7531\u200b\u6307\u5411\u200b\u81ea\u8eab\u200b\u3002
\u200b\u7531\u4e8e\u200b\u90e8\u7f72\u200b kube-ovn-speaker \u200b\u7684\u200b\u8282\u70b9\u200b\u9700\u8981\u200b\u627f\u62c5\u200b\u56de\u7a0b\u200b\u6d41\u91cf\u200b\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u9009\u62e9\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
kubectl label nodes speaker-node-1 ovn.kubernetes.io/bgp=true\nkubectl label nodes speaker-node-2 ovn.kubernetes.io/bgp=true\n
\u200b\u5f53\u200b\u5b58\u5728\u200b\u591a\u4e2a\u200b kube-ovn-speaker \u200b\u5b9e\u4f8b\u200b\u65f6\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u5b9e\u4f8b\u200b\u90fd\u200b\u4f1a\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\uff0c\u200b\u4e0a\u6e38\u200b\u8def\u7531\u5668\u200b\u9700\u8981\u200b\u652f\u6301\u200b\u591a\u8def\u5f84\u200b ECMP\u3002
\u200b\u4e0b\u8f7d\u200b\u5bf9\u5e94\u200b yaml:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/yamls/speaker.yaml\n
\u200b\u4fee\u6539\u200b yaml \u200b\u5185\u200b\u76f8\u5e94\u200b\u914d\u7f6e\u200b\uff1a
--neighbor-address=10.32.32.1\n--neighbor-as=65030\n--cluster-as=65000\n
neighbor-address: BGP Peer \u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u901a\u5e38\u200b\u4e3a\u200b\u8def\u7531\u5668\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\u3002neighbor-as: BGP Peer \u200b\u7684\u200b AS \u200b\u53f7\u200b\u3002cluster-as: \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b AS \u200b\u53f7\u200b\u3002
\u200b\u90e8\u7f72\u200b yaml:
kubectl apply -f speaker.yaml\n
"},{"location":"advance/with-bgp/#podsubnet","title":"\u53d1\u5e03\u200b Pod/Subnet \u200b\u8def\u7531","text":"\u200b\u5982\u9700\u200b\u4f7f\u7528\u200b BGP \u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\uff0c\u200b\u9996\u5148\u200b\u9700\u8981\u200b\u5c06\u200b\u5bf9\u5e94\u200b Subnet \u200b\u7684\u200b natOutgoing \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\uff0c\u200b\u4f7f\u5f97\u200b Pod IP \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\u3002
\u200b\u589e\u52a0\u200b annotation \u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\uff1a
kubectl annotate pod sample ovn.kubernetes.io/bgp=true\nkubectl annotate subnet ovn-default ovn.kubernetes.io/bgp=true\n
\u200b\u5220\u9664\u200b annotation \u200b\u53d6\u6d88\u200b\u53d1\u5e03\u200b\uff1a
kubectl annotate pod perf-ovn-xzvd4 ovn.kubernetes.io/bgp-\nkubectl annotate subnet ovn-default ovn.kubernetes.io/bgp-\n
"},{"location":"advance/with-bgp/#bgp_1","title":"BGP \u200b\u9ad8\u7ea7\u200b\u9009\u9879","text":"kube-ovn-speaker \u200b\u652f\u6301\u200b\u66f4\u200b\u591a\u200b BGP \u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u9ad8\u7ea7\u200b\u914d\u7f6e\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u200b\u6839\u636e\u200b\u81ea\u5df1\u200b\u7f51\u7edc\u200b\u73af\u5883\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
announce-cluster-ip: \u200b\u662f\u5426\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b Service \u200b\u8def\u7531\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b false\u3002auth-password: BGP peer \u200b\u7684\u200b\u8bbf\u95ee\u200b\u5bc6\u7801\u200b\u3002holdtime: BGP \u200b\u90bb\u5c45\u200b\u95f4\u200b\u7684\u200b\u5fc3\u8df3\u200b\u63a2\u6d4b\u200b\u65f6\u95f4\u200b\uff0c\u200b\u8d85\u8fc7\u200b\u6539\u200b\u65f6\u95f4\u200b\u6ca1\u6709\u200b\u6d88\u606f\u200b\u7684\u200b\u90bb\u5c45\u200b\u5c06\u4f1a\u200b\u88ab\u200b\u79fb\u9664\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 90 \u200b\u79d2\u200b\u3002graceful-restart: \u200b\u662f\u5426\u200b\u542f\u7528\u200b BGP Graceful Restart\u3002graceful-restart-time: BGP Graceful restart time \u200b\u53ef\u200b\u53c2\u8003\u200b RFC4724 3\u3002graceful-restart-deferral-time: BGP Graceful restart deferral time \u200b\u53ef\u200b\u53c2\u8003\u200b RFC4724 4.1\u3002passivemode: Speaker \u200b\u8fd0\u884c\u200b\u5728\u200b passive \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u4e0d\u200b\u4e3b\u52a8\u200b\u8fde\u63a5\u200b peer\u3002ebgp-multihop: ebgp ttl \u200b\u9ed8\u8ba4\u503c\u200b\u4e3a\u200b 1\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-cilium/","title":"Cilium \u200b\u96c6\u6210","text":"Cilium \u200b\u662f\u200b\u4e00\u6b3e\u200b\u57fa\u4e8e\u200b eBPF \u200b\u7684\u200b\u7f51\u7edc\u200b\u548c\u200b\u5b89\u5168\u200b\u7ec4\u4ef6\u200b\uff0cKube-OVN \u200b\u5229\u7528\u200b\u5176\u4e2d\u200b\u7684\u200b CNI Chaining \u200b\u6a21\u5f0f\u200b\u6765\u200b\u5bf9\u200b\u5df2\u6709\u200b\u529f\u80fd\u200b\u8fdb\u884c\u200b\u589e\u5f3a\u200b\u3002 \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u4e30\u5bcc\u200b\u7684\u200b\u7f51\u7edc\u200b\u62bd\u8c61\u200b\u80fd\u529b\u200b\u548c\u200b eBPF \u200b\u5e26\u6765\u200b\u7684\u200b\u76d1\u63a7\u200b\u548c\u200b\u5b89\u5168\u200b\u80fd\u529b\u200b\u3002
\u200b\u901a\u8fc7\u200b\u96c6\u6210\u200b Cilium\uff0cKube-OVN \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u83b7\u5f97\u200b\u5982\u4e0b\u200b\u589e\u76ca\u200b\uff1a
- \u200b\u66f4\u200b\u4e30\u5bcc\u200b\u9ad8\u6548\u200b\u7684\u200b\u5b89\u5168\u7b56\u7565\u200b\u3002
- \u200b\u57fa\u4e8e\u200b Hubble \u200b\u7684\u200b\u76d1\u63a7\u200b\u89c6\u56fe\u200b\u3002
"},{"location":"advance/with-cilium/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - Linux \u200b\u5185\u6838\u200b\u7248\u672c\u200b\u9ad8\u4e8e\u200b 4.19 \u200b\u6216\u200b\u5176\u4ed6\u200b\u517c\u5bb9\u200b\u5185\u6838\u200b\u4ee5\u200b\u83b7\u5f97\u200b\u5b8c\u6574\u200b eBPF \u200b\u80fd\u529b\u200b\u652f\u6301\u200b\u3002
- \u200b\u63d0\u524d\u200b\u90e8\u7f72\u200b Helm \u200b\u4e3a\u200b\u5b89\u88c5\u200b Cilium \u200b\u505a\u200b\u51c6\u5907\u200b\uff0c\u200b\u90e8\u7f72\u200b Helm \u200b\u8bf7\u200b\u53c2\u8003\u200b Installing Helm\u3002
"},{"location":"advance/with-cilium/#kube-ovn","title":"\u914d\u7f6e\u200b Kube-OVN","text":"\u200b\u4e3a\u4e86\u200b\u5145\u5206\u200b\u4f7f\u7528\u200b Cilium \u200b\u7684\u200b\u5b89\u5168\u200b\u80fd\u529b\u200b\uff0c\u200b\u9700\u8981\u200b\u5173\u95ed\u200b Kube-OVN \u200b\u5185\u200b\u7684\u200b networkpolicy \u200b\u529f\u80fd\u200b\uff0c\u200b\u5e76\u200b\u8c03\u6574\u200b CNI \u200b\u914d\u7f6e\u200b\u4f18\u5148\u7ea7\u200b\u3002
\u200b\u5728\u200b install.sh \u200b\u811a\u672c\u200b\u91cc\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53d8\u91cf\u200b\uff1a
ENABLE_NP=false\nCNI_CONFIG_PRIORITY=10\n
\u200b\u82e5\u200b\u5df2\u200b\u90e8\u7f72\u200b\u5b8c\u6210\u200b\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b networkpolicy\uff1a
args:\n- --enable-np=false\n
\u200b\u4fee\u6539\u200b kube-ovn-cni \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u8c03\u6574\u200b CNI \u200b\u914d\u7f6e\u200b\u4f18\u5148\u7ea7\u200b\uff1a
args:\n- --cni-conf-name=10-kube-ovn.conflist\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u8c03\u6574\u200b Kube-OVN \u200b\u914d\u7f6e\u6587\u4ef6\u200b\u540d\u79f0\u200b\uff0c\u200b\u4ee5\u4fbf\u200b\u4f18\u5148\u200b\u4f7f\u7528\u200b Cilium \u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff1a
mv /etc/cni/net.d/01-kube-ovn.conflist /etc/cni/net.d/10-kube-ovn.conflist\n
"},{"location":"advance/with-cilium/#cilium_1","title":"\u90e8\u7f72\u200b Cilium","text":"\u200b\u521b\u5efa\u200b chaining.yaml \u200b\u914d\u7f6e\u6587\u4ef6\u200b\uff0c\u200b\u4f7f\u7528\u200b Cilium \u200b\u7684\u200b generic-veth \u200b\u6a21\u5f0f\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: cni-configuration\n namespace: kube-system\ndata:\n cni-config: |-\n {\n \"name\": \"generic-veth\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n },\n {\n \"type\": \"cilium-cni\"\n }\n ]\n }\n
\u200b\u5b89\u88c5\u200b\u914d\u7f6e\u6587\u4ef6\u200b\uff1a
kubectl apply -f chaining.yaml\n
\u200b\u4f7f\u7528\u200b Helm \u200b\u90e8\u7f72\u200b Cilium\uff1a
helm repo add cilium https://helm.cilium.io/\nhelm install cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --set cni.chainingMode=generic-veth \\\n --set cni.customConf=true \\\n --set cni.configMap=cni-configuration \\\n --set tunnel=disabled \\\n --set enableIPv4Masquerade=false \\\n --set enableIdentityMark=false \n
\u200b\u786e\u8ba4\u200b Cilium \u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\uff1a
# cilium status\n /\u00af\u00af\\\n /\u00af\u00af\\__/\u00af\u00af\\ Cilium: OK\n \\__/\u00af\u00af\\__/ Operator: OK\n /\u00af\u00af\\__/\u00af\u00af\\ Hubble: disabled\n \\__/\u00af\u00af\\__/ ClusterMesh: disabled\n \\__/\n\nDaemonSet cilium Desired: 2, Ready: 2/2, Available: 2/2\nDeployment cilium-operator Desired: 2, Ready: 2/2, Available: 2/2\nContainers: cilium Running: 2\n cilium-operator Running: 2\nCluster Pods: 8/11 managed by Cilium\nImage versions cilium quay.io/cilium/cilium:v1.10.5@sha256:0612218e28288db360c63677c09fafa2d17edda4f13867bcabf87056046b33bb: 2\n cilium-operator quay.io/cilium/operator-generic:v1.10.5@sha256:2d2f730f219d489ff0702923bf24c0002cd93eb4b47ba344375566202f56d972: 2\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-openstack/","title":"OpenStack \u200b\u96c6\u6210","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7528\u6237\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b OpenStack \u200b\u8fd0\u884c\u200b\u865a\u62df\u673a\u200b\uff0c\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u8fd0\u884c\u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u9700\u8981\u200b\u5bb9\u5668\u200b\u548c\u200b\u865a\u673a\u200b\u4e4b\u95f4\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u5e76\u200b\u5904\u4e8e\u200b\u7edf\u4e00\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u4e0b\u200b\u3002\u200b\u5982\u679c\u200b OpenStack Neutron \u200b\u4fa7\u200b\u540c\u6837\u200b\u4f7f\u7528\u200b OVN \u200b\u4f5c\u4e3a\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\u63a7\u5236\u200b\uff0c\u200b\u90a3\u4e48\u200b Kube-OVN \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u548c\u200b\u5171\u4eab\u200b\u5e95\u5c42\u200b OVN \u200b\u4e24\u79cd\u200b\u65b9\u5f0f\u200b\u6253\u901a\u200b OpenStack \u200b\u548c\u200b Kubernetes \u200b\u7684\u200b\u7f51\u7edc\u200b\u3002
"},{"location":"advance/with-openstack/#_1","title":"\u96c6\u7fa4\u200b\u4e92\u8054","text":"\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u548c\u200b\u4f7f\u7528\u200b OVN-IC \u200b\u8fdb\u884c\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u6253\u901a\u200b\u4e24\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u65b9\u5f0f\u200b\u7c7b\u4f3c\u200b\uff0c\u200b\u53ea\u4e0d\u8fc7\u200b\u5c06\u200b\u96c6\u7fa4\u200b\u4e24\u7aef\u200b\u6362\u6210\u200b OpenStack \u200b\u548c\u200b Kubernetes\u3002
"},{"location":"advance/with-openstack/#_2","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u81ea\u52a8\u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b\u4e0b\u200b OpenStack \u200b\u548c\u200b Kubernetes \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u80fd\u200b\u76f8\u4e92\u200b\u91cd\u53e0\u200b\u3002
- \u200b\u9700\u8981\u200b\u5b58\u5728\u200b\u4e00\u7ec4\u200b\u673a\u5668\u200b\u53ef\u4ee5\u200b\u88ab\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u901a\u8fc7\u200b\u7f51\u7edc\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u7528\u6765\u200b\u90e8\u7f72\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u7684\u200b\u63a7\u5236\u5668\u200b\u3002
- \u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u9700\u8981\u200b\u6709\u200b\u4e00\u7ec4\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b IP \u200b\u8fdb\u884c\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8bbf\u200b\u7684\u200b\u673a\u5668\u200b\u4f5c\u4e3a\u200b\u4e4b\u540e\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u3002
- \u200b\u8be5\u200b\u65b9\u6848\u200b\u53ea\u200b\u6253\u901a\u200b Kubernetes \u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u548c\u200b OpenStack \u200b\u7684\u200b\u9009\u5b9a\u200b VPC\u3002
"},{"location":"advance/with-openstack/#ovn-ic","title":"\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93","text":"\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u542f\u52a8\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh\n
"},{"location":"advance/with-openstack/#kubernetes","title":"Kubernetes \u200b\u4fa7\u200b\u64cd\u4f5c","text":"\u200b\u5728\u200b kube-system Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b ovn-ic-config ConfigMap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
enable-ic: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u3002az-name: \u200b\u533a\u5206\u200b\u4e0d\u540c\u200b\u96c6\u7fa4\u200b\u7684\u200b\u96c6\u7fa4\u200b\u540d\u79f0\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4e92\u8054\u200b\u96c6\u7fa4\u200b\u9700\u200b\u4e0d\u540c\u200b\u3002ic-db-host: \u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002ic-nb-port: OVN-IC \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6645\u3002ic-sb-port: OVN-IC \u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6646\u3002gw-nodes: \u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u4e2d\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u5de5\u4f5c\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u200b\uff0c\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u3002auto-route: \u200b\u662f\u5426\u200b\u81ea\u52a8\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u548c\u200b\u5b66\u4e60\u200b\u8def\u7531\u200b\u3002
"},{"location":"advance/with-openstack/#openstack_1","title":"OpenStack \u200b\u4fa7\u200b\u64cd\u4f5c","text":"\u200b\u521b\u5efa\u200b\u548c\u200b Kubernetes \u200b\u4e92\u8054\u200b\u7684\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff1a
# openstack router create router0\n# openstack router list\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| ID | Name | Status | State | Project |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| d5b38655-249a-4192-8046-71aa4d2b4af1 | router0 | ACTIVE | UP | 98a29ab7388347e7b5ff8bdd181ba4f9 |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n
\u200b\u5728\u200b OpenStack \u200b\u5185\u200b\u7684\u200b OVN \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b\u53ef\u7528\u200b\u533a\u200b\u540d\u5b57\u200b\uff0c\u200b\u8be5\u200b\u540d\u79f0\u200b\u9700\u200b\u548c\u200b\u5176\u4ed6\u200b\u4e92\u8054\u200b\u96c6\u7fa4\u200b\u4e0d\u540c\u200b\uff1a
ovn-nbctl set NB_Global . name=op-az\n
\u200b\u5728\u200b\u53ef\u200b\u8bbf\u95ee\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u8282\u70b9\u200b\u542f\u52a8\u200b OVN-IC \u200b\u63a7\u5236\u5668\u200b\uff1a
/usr/share/ovn/scripts/ovn-ctl --ovn-ic-nb-db=tcp:192.168.65.3:6645 \\\n --ovn-ic-sb-db=tcp:192.168.65.3:6646 \\\n --ovn-northd-nb-db=unix:/run/ovn/ovnnb_db.sock \\\n --ovn-northd-sb-db=unix:/run/ovn/ovnsb_db.sock \\\n start_ic\n
ovn-ic-nb-db\uff0covn-ic-sb-db: OVN-IC \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u548c\u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u5730\u5740\u200b\u3002ovn-northd-nb-db\uff0c ovn-northd-sb-db: \u200b\u5f53\u524d\u200b\u96c6\u7fa4\u200b OVN \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u548c\u200b\u5357\u5411\u200b\u6570\u636e\u200b\u5730\u5740\u200b\u3002
\u200b\u914d\u7f6e\u200b\u4e92\u8054\u7f51\u200b\u5173\u8282\u70b9\u200b\uff1a
ovs-vsctl set open_vswitch . external_ids:ovn-is-interconn=true\n
\u200b\u63a5\u4e0b\u6765\u200b\u9700\u8981\u200b\u5728\u200b OpenStack \u200b\u7684\u200b OVN \u200b\u5185\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u521b\u5efa\u200b\u903b\u8f91\u200b\u62d3\u6251\u200b\u3002
\u200b\u8fde\u63a5\u200b ts \u200b\u4e92\u8054\u200b\u4ea4\u6362\u673a\u200b\u548c\u200b router0 \u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff0c\u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u76f8\u5173\u200b\u89c4\u5219\u200b\uff1a
ovn-nbctl lrp-add router0 lrp-router0-ts 00:02:ef:11:39:4f 169.254.100.73/24\novn-nbctl lsp-add ts lsp-ts-router0 -- lsp-set-addresses lsp-ts-router0 router \\\n -- lsp-set-type lsp-ts-router0 router \\\n -- lsp-set-options lsp-ts-router0 router-port=lrp-router0-ts\novn-nbctl lrp-set-gateway-chassis lrp-router0-ts {gateway chassis} 1000\novn-nbctl set NB_Global . options:ic-route-adv=true options:ic-route-learn=true\n
\u200b\u9a8c\u8bc1\u200b\u5df2\u200b\u5b66\u4e60\u200b\u5230\u200b Kubernetes \u200b\u8def\u7531\u200b\u89c4\u5219\u200b\uff1a
# ovn-nbctl lr-route-list router0\nIPv4 Routes\n 10.0.0.22 169.254.100.34 dst-ip (learned)\n 10.16.0.0/16 169.254.100.34 dst-ip (learned)\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5728\u200b router0 \u200b\u7f51\u7edc\u200b\u4e0b\u200b\u521b\u5efa\u200b\u865a\u673a\u200b\u9a8c\u8bc1\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u548c\u200b Kubernetes \u200b\u4e0b\u200b Pod \u200b\u4e92\u901a\u200b\u3002
"},{"location":"advance/with-openstack/#ovn","title":"\u5171\u4eab\u200b\u5e95\u5c42\u200b OVN","text":"\u200b\u5728\u200b\u8be5\u200b\u65b9\u6848\u200b\u4e0b\u200b\uff0cOpenStack \u200b\u548c\u200b Kubernetes \u200b\u5171\u4eab\u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b OVN\uff0c\u200b\u56e0\u6b64\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u4e24\u8005\u200b\u7684\u200b VPC \u200b\u548c\u200b Subnet \u200b\u7b49\u200b\u6982\u5ff5\u200b\u62c9\u9f50\u200b\uff0c\u200b\u5b9e\u73b0\u200b\u66f4\u597d\u200b\u7684\u200b\u63a7\u5236\u200b\u548c\u200b\u4e92\u8054\u200b\u3002
\u200b\u5728\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u6211\u4eec\u200b\u6b63\u5e38\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u90e8\u7f72\u200b OVN\uff0cOpenStack \u200b\u4fee\u6539\u200b Neutron \u200b\u914d\u7f6e\u200b\u5b9e\u73b0\u200b\u8fde\u63a5\u200b\u540c\u4e00\u4e2a\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u3002OpenStack \u200b\u9700\u200b\u4f7f\u7528\u200b networking-ovn \u200b\u4f5c\u4e3a\u200b Neutron \u200b\u540e\u200b\u7aef\u200b\u5b9e\u73b0\u200b\u3002
"},{"location":"advance/with-openstack/#neutron","title":"Neutron \u200b\u914d\u7f6e\u200b\u4fee\u6539","text":"\u200b\u4fee\u6539\u200b Neutron \u200b\u914d\u7f6e\u6587\u4ef6\u200b /etc/neutron/plugins/ml2/ml2_conf.ini\uff1a
[ovn]\n...\novn_nb_connection = tcp:[192.168.137.176]:6641,tcp:[192.168.137.177]:6641,tcp:[192.168.137.178]:6641\novn_sb_connection = tcp:[192.168.137.176]:6642,tcp:[192.168.137.177]:6642,tcp:[192.168.137.178]:6642\novn_l3_scheduler = OVN_L3_SCHEDULER\n
ovn_nb_connection\uff0c ovn_sb_connection: \u200b\u5730\u5740\u200b\u9700\u200b\u4fee\u6539\u200b\u4e3a\u200b Kube-OVN \u200b\u90e8\u7f72\u200b ovn-central \u200b\u8282\u70b9\u200b\u7684\u200b\u5730\u5740\u200b\u3002
\u200b\u4fee\u6539\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b OVS \u200b\u914d\u7f6e\u200b\uff1a
ovs-vsctl set open . external-ids:ovn-remote=tcp:[192.168.137.176]:6642,tcp:[192.168.137.177]:6642,tcp:[192.168.137.178]:6642\novs-vsctl set open . external-ids:ovn-encap-type=geneve\novs-vsctl set open . external-ids:ovn-encap-ip=192.168.137.200\n
external-ids:ovn-remote: \u200b\u5730\u5740\u200b\u9700\u200b\u4fee\u6539\u200b\u4e3a\u200b Kube-OVN \u200b\u90e8\u7f72\u200b ovn-central \u200b\u8282\u70b9\u200b\u7684\u200b\u5730\u5740\u200b\u3002ovn-encap-ip: \u200b\u4fee\u6539\u200b\u4e3a\u200b\u5f53\u524d\u200b\u8282\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
"},{"location":"advance/with-openstack/#kubernetes-openstack","title":"\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u4f7f\u7528\u200b OpenStack \u200b\u5185\u200b\u8d44\u6e90","text":"\u200b\u63a5\u4e0b\u6765\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u67e5\u8be2\u200b OpenStack \u200b\u7684\u200b\u7f51\u7edc\u8d44\u6e90\u200b\u5e76\u200b\u5728\u200b OpenStack \u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u521b\u5efa\u200b Pod\u3002
\u200b\u67e5\u8be2\u200b OpenStack \u200b\u4e2d\u200b\u5df2\u6709\u200b\u7684\u200b\u7f51\u7edc\u8d44\u6e90\u200b\uff0c\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\u5df2\u7ecf\u200b\u9884\u5148\u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\uff1a
# openstack router list\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| ID | Name | Status | State | Project |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| 22040ed5-0598-4f77-bffd-e7fd4db47e93 | router0 | ACTIVE | UP | 62381a21d569404aa236a5dd8712449c |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n# openstack network list\n+--------------------------------------+----------+--------------------------------------+\n| ID | Name | Subnets |\n+--------------------------------------+----------+--------------------------------------+\n| cd59e36a-37db-4c27-b709-d35379a7920f | provider | 01d73d9f-fdaa-426c-9b60-aa34abbfacae |\n+--------------------------------------+----------+--------------------------------------+\n# openstack subnet list\n+--------------------------------------+-------------+--------------------------------------+----------------+\n| ID | Name | Network | Subnet |\n+--------------------------------------+-------------+--------------------------------------+----------------+\n| 01d73d9f-fdaa-426c-9b60-aa34abbfacae | provider-v4 | cd59e36a-37db-4c27-b709-d35379a7920f | 192.168.1.0/24 |\n+--------------------------------------+-------------+--------------------------------------+----------------+\n# openstack server list\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n| ID | Name | Status | Networks | Image | Flavor |\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n| 8433d622-a8d6-41a7-8b31-49abfd64f639 | provider-instance | ACTIVE | provider=192.168.1.61 | ubuntu | m1 |\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n
\u200b\u5728\u200b Kubernetes \u200b\u4fa7\u200b\uff0c\u200b\u67e5\u8be2\u200b VPC \u200b\u8d44\u6e90\u200b\uff1a
# kubectl get vpc\nNAME STANDBY SUBNETS\nneutron-22040ed5-0598-4f77-bffd-e7fd4db47e93 true [\"neutron-cd59e36a-37db-4c27-b709-d35379a7920f\"]\novn-cluster true [\"join\",\"ovn-default\"]\n
neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93 \u200b\u4e3a\u200b\u4ece\u200b OpenStack \u200b\u540c\u6b65\u200b\u8fc7\u6765\u200b\u7684\u200b VPC \u200b\u8d44\u6e90\u200b\u3002
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b Kube-OVN \u200b\u539f\u751f\u200b\u7684\u200b VPC \u200b\u548c\u200b Subnet \u200b\u64cd\u4f5c\u200b\u521b\u5efa\u200b Pod \u200b\u5e76\u200b\u8fd0\u884c\u200b\u3002
VPC, Subnet \u200b\u7ed1\u5b9a\u200b Namespace net2\uff0c\u200b\u5e76\u200b\u521b\u5efa\u200b Pod:
apiVersion: v1\nkind: Namespace\nmetadata:\n name: net2\n---\napiVersion: kubeovn.io/v1\nkind: Vpc\nmetadata:\n creationTimestamp: \"2021-06-20T13:34:11Z\"\n generation: 2\n labels:\n ovn.kubernetes.io/vpc_external: \"true\"\n name: neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93\n resourceVersion: \"583728\"\n uid: 18d4c654-f511-4def-a3a0-a6434d237c1e\nspec:\n namespaces:\n - net2\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93\n namespaces:\n - net2\n cidrBlock: 12.0.1.0/24\n natOutgoing: false\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: ubuntu\n namespace: net2\nspec:\n containers:\n - image: docker.io/kubeovn/kube-ovn:v1.8.0\n command:\n - \"sleep\"\n - \"604800\"\n imagePullPolicy: IfNotPresent\n name: ubuntu\n restartPolicy: Always\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-ovn-ic/","title":"\u4f7f\u7528\u200b OVN-IC \u200b\u8fdb\u884c\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054","text":"Kube-OVN \u200b\u652f\u6301\u200b\u901a\u8fc7\u200b OVN-IC \u200b\u5c06\u200b\u4e24\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b Pod \u200b\u7f51\u7edc\u200b\u6253\u901a\u200b\uff0c\u200b\u6253\u901a\u200b\u540e\u200b\u7684\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b Pod \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Pod IP \u200b\u8fdb\u884c\u200b\u76f4\u63a5\u200b\u901a\u4fe1\u200b\u3002 Kube-OVN \u200b\u4f7f\u7528\u200b\u96a7\u9053\u200b\u5bf9\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u4e4b\u95f4\u200b\u53ea\u8981\u200b\u5b58\u5728\u200b\u4e00\u7ec4\u200b IP \u200b\u53ef\u8fbe\u200b\u7684\u200b\u673a\u5668\u200b\u5373\u53ef\u200b\u5b8c\u6210\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u4e92\u901a\u200b\u3002
\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u7684\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u4e3a\u200b Overlay \u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\uff0cUnderlay \u200b\u7f51\u7edc\u200b\u5982\u679c\u200b\u60f3\u8981\u200b\u5b9e\u73b0\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u9700\u8981\u200b\u5e95\u5c42\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u505a\u200b\u7f51\u7edc\u200b\u6253\u901a\u200b\u3002
"},{"location":"advance/with-ovn-ic/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" -
1.11.16 \u200b\u4e4b\u540e\u200b\u7248\u672c\u200b\u90e8\u7f72\u200b\u7684\u200b\u96c6\u7fa4\u200b\u9ed8\u8ba4\u200b\u5173\u95ed\u200b\u4e86\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u7684\u200b\u5f00\u5173\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u90e8\u7f72\u200b\u811a\u672c\u200b install.sh \u200b\u91cc\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53d8\u91cf\u200b\uff1a
ENABLE_IC=true\n
\u200b\u6253\u5f00\u200b\u5f00\u5173\u200b\u540e\u200b\u90e8\u7f72\u200b\u96c6\u7fa4\u200b\uff0c\u200b\u4f1a\u200b\u51fa\u73b0\u200b\u7ec4\u4ef6\u200b deployment ovn-ic-controller\u3002 2. \u200b\u81ea\u52a8\u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u4e0d\u540c\u200b\u96c6\u7fa4\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u80fd\u200b\u76f8\u4e92\u200b\u91cd\u53e0\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u9700\u5728\u200b\u5b89\u88c5\u200b\u65f6\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u4e0d\u200b\u91cd\u53e0\u200b\u7684\u200b\u7f51\u6bb5\u200b\u3002\u200b\u82e5\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b\u9700\u200b\u53c2\u8003\u200b\u540e\u7eed\u200b\u624b\u52a8\u200b\u4e92\u8054\u200b\u8fc7\u7a0b\u200b\uff0c\u200b\u53ea\u80fd\u200b\u5c06\u200b\u4e0d\u200b\u91cd\u53e0\u200b\u7f51\u6bb5\u200b\u6253\u901a\u200b\u3002 3. \u200b\u9700\u8981\u200b\u5b58\u5728\u200b\u4e00\u7ec4\u200b\u673a\u5668\u200b\u53ef\u4ee5\u200b\u88ab\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u7684\u200b kube-ovn-controller \u200b\u901a\u8fc7\u200b IP \u200b\u8bbf\u95ee\u200b\uff0c\u200b\u7528\u6765\u200b\u90e8\u7f72\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u7684\u200b\u63a7\u5236\u5668\u200b\u3002 4. \u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u9700\u8981\u200b\u6709\u200b\u4e00\u7ec4\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b IP \u200b\u8fdb\u884c\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8bbf\u200b\u7684\u200b\u673a\u5668\u200b\u4f5c\u4e3a\u200b\u4e4b\u540e\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u3002 5. \u200b\u8be5\u200b\u529f\u80fd\u200b\u53ea\u200b\u5bf9\u200b\u9ed8\u8ba4\u200b VPC \u200b\u751f\u6548\u200b\uff0c\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\u4e92\u8054\u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/with-ovn-ic/#ovn-ic_1","title":"\u90e8\u7f72\u200b\u5355\u200b\u8282\u70b9\u200b OVN-IC \u200b\u6570\u636e\u5e93","text":"\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b kube-ovn-controller \u200b\u53ef\u200b\u901a\u8fc7\u200b IP \u200b\u8bbf\u95ee\u200b\u7684\u200b\u673a\u5668\u200b\u4e0a\u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\uff0c\u200b\u8be5\u200b\u8282\u70b9\u200b\u5c06\u200b\u4fdd\u5b58\u200b\u5404\u4e2a\u200b\u96c6\u7fa4\u200b\u540c\u6b65\u200b\u4e0a\u6765\u200b\u7684\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u3002
\u200b\u90e8\u7f72\u200b docker \u200b\u7684\u200b\u73af\u5883\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u542f\u52a8\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh\n
\u200b\u5bf9\u4e8e\u200b\u90e8\u7f72\u200b containerd \u200b\u53d6\u4ee3\u200b docker \u200b\u7684\u200b\u73af\u5883\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh\n
"},{"location":"advance/with-ovn-ic/#_2","title":"\u81ea\u52a8\u200b\u8def\u7531\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u81ea\u52a8\u200b\u8def\u7531\u200b\u8bbe\u7f6e\u200b\u4e0b\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u4f1a\u200b\u5c06\u200b\u81ea\u5df1\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b Subnet \u200b\u7684\u200b CIDR \u200b\u4fe1\u606f\u200b\u540c\u6b65\u200b\u7ed9\u200b OVN-IC\uff0c\u200b\u56e0\u6b64\u200b\u8981\u200b\u786e\u4fdd\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u7684\u200b Subnet CIDR \u200b\u4e0d\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b\u3002
\u200b\u5728\u200b kube-system Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b ovn-ic-config ConfigMap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
enable-ic: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u3002az-name: \u200b\u533a\u5206\u200b\u4e0d\u540c\u200b\u96c6\u7fa4\u200b\u7684\u200b\u96c6\u7fa4\u200b\u540d\u79f0\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4e92\u8054\u200b\u96c6\u7fa4\u200b\u9700\u200b\u4e0d\u540c\u200b\u3002ic-db-host: \u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002ic-nb-port: OVN-IC \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6645\u3002ic-sb-port: OVN-IC \u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6646\u3002gw-nodes: \u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u4e2d\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u5de5\u4f5c\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u200b\uff0c\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u3002auto-route: \u200b\u662f\u5426\u200b\u81ea\u52a8\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u548c\u200b\u5b66\u4e60\u200b\u8def\u7531\u200b\u3002
\u200b\u6ce8\u610f\u200b\uff1a \u200b\u4e3a\u4e86\u200b\u4fdd\u8bc1\u200b\u64cd\u4f5c\u200b\u7684\u200b\u6b63\u786e\u6027\u200b\uff0covn-ic-config \u200b\u8fd9\u4e2a\u200b ConfigMap \u200b\u4e0d\u200b\u5141\u8bb8\u200b\u4fee\u6539\u200b\u3002\u200b\u5982\u200b\u6709\u200b\u53c2\u6570\u200b\u9700\u8981\u200b\u53d8\u66f4\u200b\uff0c\u200b\u8bf7\u200b\u5220\u9664\u200b\u8be5\u200b ConfigMap\uff0c\u200b\u4fee\u6539\u200b\u540e\u200b\u518d\u200b\u5e94\u7528\u200b\u6b64\u200b ConfigMap\u3002
\u200b\u5728\u200b ovn-ic \u200b\u5bb9\u5668\u200b\u5185\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u67e5\u770b\u200b\u662f\u5426\u200b\u5df2\u200b\u5efa\u7acb\u200b\u4e92\u8054\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b ts\uff1a
# ovn-ic-sbctl show\navailability-zone az1\n gateway deee03e0-af16-4f45-91e9-b50c3960f809\n hostname: az1-gw\n type: geneve\n ip: 192.168.42.145\n port ts-az1\n transit switch: ts\n address: [\"00:00:00:50:AC:8C 169.254.100.45/24\"]\navailability-zone az2\n gateway e94cc831-8143-40e3-a478-90352773327b\n hostname: az2-gw\n type: geneve\n ip: 192.168.42.149\n port ts-az2\n transit switch: ts\n address: [\"00:00:00:07:4A:59 169.254.100.63/24\"]\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u89c2\u5bdf\u200b\u903b\u8f91\u200b\u8def\u7531\u200b\u662f\u5426\u200b\u6709\u200b\u5b66\u4e60\u200b\u5230\u200b\u7684\u200b\u5bf9\u200b\u7aef\u200b\u8def\u7531\u200b\uff1a
# kubectl ko nbctl lr-route-list ovn-cluster\nIPv4 Routes\n 10.42.1.1 169.254.100.45 dst-ip (learned)\n 10.42.1.3 100.64.0.2 dst-ip\n 10.16.0.2 100.64.0.2 src-ip\n 10.16.0.3 100.64.0.2 src-ip\n 10.16.0.4 100.64.0.2 src-ip\n 10.16.0.6 100.64.0.2 src-ip\n 10.17.0.0/16 169.254.100.45 dst-ip (learned)\n 100.65.0.0/16 169.254.100.45 dst-ip (learned)\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5c1d\u8bd5\u200b\u5728\u200b\u96c6\u7fa4\u200b 1 \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b Pod \u200b\u5185\u200b\u76f4\u63a5\u200b ping \u200b\u96c6\u7fa4\u200b 2 \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b Pod IP \u200b\u89c2\u5bdf\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u8054\u901a\u200b\u3002
\u200b\u5bf9\u4e8e\u200b\u67d0\u4e2a\u200b\u4e0d\u60f3\u200b\u5bf9\u5916\u200b\u81ea\u52a8\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\u7684\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b Subnet \u200b\u91cc\u200b\u7684\u200b disableInterConnection \u200b\u6765\u200b\u7981\u6b62\u200b\u8def\u7531\u200b\u5e7f\u64ad\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: no-advertise\nspec:\n cidrBlock: 10.199.0.0/16\n disableInterConnection: true\n
"},{"location":"advance/with-ovn-ic/#_3","title":"\u624b\u52a8\u200b\u8def\u7531\u200b\u8bbe\u7f6e","text":"\u200b\u5bf9\u4e8e\u200b\u96c6\u7fa4\u200b\u95f4\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b CIDR \u200b\u53ea\u200b\u5e0c\u671b\u200b\u505a\u200b\u90e8\u5206\u200b\u5b50\u7f51\u200b\u6253\u901a\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u624b\u52a8\u200b\u53d1\u5e03\u200b\u5b50\u200b\u7f51\u8def\u200b\u7531\u200b\u3002
\u200b\u5728\u200b kube-system Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b ovn-ic-config ConfigMap\uff0c\u200b\u5e76\u200b\u5c06\u200b auto-route \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"false\"\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u5206\u522b\u200b\u67e5\u770b\u200b\u8fdc\u7aef\u200b\u903b\u8f91\u200b\u7aef\u53e3\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u7528\u4e8e\u200b\u4e4b\u540e\u200b\u624b\u52a8\u200b\u914d\u7f6e\u200b\u8def\u7531\u200b\uff1a
[root@az1 ~]# kubectl ko nbctl show\nswitch a391d3a1-14a0-4841-9836-4bd930c447fb (ts)\n port ts-az1\n type: router\n router-port: az1-ts\n port ts-az2\n type: remote\n addresses: [\"00:00:00:4B:E2:9F 169.254.100.31/24\"]\n\n[root@az2 ~]# kubectl ko nbctl show\nswitch da6138b8-de81-4908-abf9-b2224ec4edf3 (ts)\n port ts-az2\n type: router\n router-port: az2-ts\n port ts-az1\n type: remote\n addresses: [\"00:00:00:FB:2A:F7 169.254.100.79/24\"] \n
\u200b\u7531\u200b\u4e0a\u200b\u8f93\u51fa\u200b\u53ef\u77e5\u200b\uff0c\u200b\u96c6\u7fa4\u200b az1 \u200b\u5230\u200b \u200b\u96c6\u7fa4\u200b az2 \u200b\u7684\u200b\u8fdc\u7aef\u200b\u5730\u5740\u200b\u4e3a\u200b 169.254.100.31\uff0caz2 \u200b\u5230\u200b az1 \u200b\u7684\u200b\u8fdc\u7aef\u200b\u5730\u5740\u200b\u4e3a\u200b 169.254.100.79\u3002
\u200b\u4e0b\u9762\u200b\u624b\u52a8\u200b\u8bbe\u7f6e\u200b\u8def\u7531\u200b\uff0c\u200b\u5728\u200b\u8be5\u200b\u4f8b\u5b50\u200b\u4e2d\u200b\uff0c\u200b\u96c6\u7fa4\u200b az1 \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 10.16.0.0/24\uff0c\u200b\u96c6\u7fa4\u200b az2 \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 10.17.0.0/24\u3002
\u200b\u5728\u200b\u96c6\u7fa4\u200b az1 \u200b\u8bbe\u7f6e\u200b\u5230\u200b\u96c6\u7fa4\u200b az2 \u200b\u7684\u200b\u8def\u7531\u200b:
kubectl ko nbctl lr-route-add ovn-cluster 10.17.0.0/24 169.254.100.31\n
\u200b\u5728\u200b\u96c6\u7fa4\u200b az2 \u200b\u8bbe\u7f6e\u200b\u5230\u200b\u96c6\u7fa4\u200b az1 \u200b\u7684\u200b\u8def\u7531\u200b:
kubectl ko nbctl lr-route-add ovn-cluster 10.16.0.0/24 169.254.100.79\n
"},{"location":"advance/with-ovn-ic/#ovn-ic_2","title":"\u9ad8\u200b\u53ef\u7528\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u90e8\u7f72","text":"OVN-IC \u200b\u6570\u636e\u5e93\u200b\u4e4b\u95f4\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Raft \u200b\u534f\u8bae\u200b\u7ec4\u6210\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b\u96c6\u7fa4\u200b\uff0c\u200b\u8be5\u200b\u90e8\u7f72\u200b\u6a21\u5f0f\u200b\u9700\u8981\u200b\u81f3\u5c11\u200b 3 \u200b\u4e2a\u200b\u8282\u70b9\u200b\u3002
\u200b\u9996\u5148\u200b\u5728\u200b\u7b2c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u542f\u52a8\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b leader\u3002
\u200b\u90e8\u7f72\u200b docker \u200b\u73af\u5883\u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP=\"192.168.65.3\" -e NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\" kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh\n
\u200b\u5982\u679c\u200b\u662f\u200b\u90e8\u7f72\u200b containerd \u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" --env=\"NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\"\" --env=\"LOCAL_IP=\"192.168.65.3\"\" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh\n
LOCAL_IP\uff1a \u200b\u5f53\u524d\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\u3002NODE_IPS\uff1a \u200b\u8fd0\u884c\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u4e09\u4e2a\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002
\u200b\u63a5\u4e0b\u6765\u200b\uff0c\u200b\u5728\u200b\u53e6\u5916\u200b\u4e24\u4e2a\u200b\u8282\u70b9\u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b follower\u3002
\u200b\u90e8\u7f72\u200b docker \u200b\u73af\u5883\u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP=\"192.168.65.2\" -e NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\" -e LEADER_IP=\"192.168.65.3\" kubeovn/kube-ovn:v1.12.12 bash start-ic-db.sh\n
\u200b\u5982\u679c\u200b\u662f\u200b\u90e8\u7f72\u200b containerd \u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" --env=\"NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\"\" --env=\"LOCAL_IP=\"192.168.65.2\"\" --env=\"LEADER_IP=\"192.168.65.3\"\" docker.io/kubeovn/kube-ovn:v1.12.12 ovn-ic-db bash start-ic-db.sh\n
LOCAL_IP\uff1a \u200b\u5f53\u524d\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\u3002NODE_IPS\uff1a \u200b\u8fd0\u884c\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u4e09\u4e2a\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002LEADER_IP: \u200b\u8fd0\u884c\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b leader \u200b\u8282\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u521b\u5efa\u200b ovn-ic-config \u200b\u65f6\u200b\u6307\u5b9a\u200b\u591a\u4e2a\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3,192.168.65.2,192.168.65.1\"\n ic-nb-port: \"6645\"\n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
"},{"location":"advance/with-ovn-ic/#_4","title":"\u624b\u52a8\u200b\u91cd\u7f6e","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7531\u4e8e\u200b\u914d\u7f6e\u200b\u9519\u8bef\u200b\u9700\u8981\u200b\u5bf9\u200b\u6574\u4e2a\u200b\u4e92\u8054\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u6e05\u7406\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u6e05\u7406\u200b\u73af\u5883\u200b\u3002
\u200b\u5220\u9664\u200b\u5f53\u524d\u200b\u7684\u200b ovn-ic-config Configmap\uff1a
kubectl -n kube-system delete cm ovn-ic-config\n
\u200b\u5220\u9664\u200b ts \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\uff1a
kubectl ko nbctl ls-del ts\n
\u200b\u5728\u200b\u5bf9\u200b\u7aef\u200b\u96c6\u7fa4\u200b\u91cd\u590d\u200b\u540c\u6837\u200b\u7684\u200b\u6b65\u9aa4\u200b\u3002
"},{"location":"advance/with-ovn-ic/#az-name","title":"\u4fee\u6539\u200b az-name","text":"\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b kubectl edit \u200b\u7684\u200b\u65b9\u5f0f\u200b\u5bf9\u200b ovn-ic-config \u200b\u8fd9\u4e2a\u200b configmap \u200b\u4e2d\u200b\u7684\u200b az-name \u200b\u5b57\u200b\u6bb5\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002 \u200b\u4f46\u662f\u200b\u9700\u8981\u200b\u5728\u200b\u6bcf\u4e2a\u200b ovn-cni pod \u200b\u4e0a\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u5426\u5219\u200b\u53ef\u80fd\u200b\u51fa\u73b0\u200b\u6700\u957f\u200b 10 \u200b\u5206\u949f\u200b\u7684\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u4e2d\u65ad\u200b\u3002
ovn-appctl -t ovn-controller inc-engine/recompute\n
"},{"location":"advance/with-ovn-ic/#_5","title":"\u6e05\u7406\u200b\u96c6\u7fa4\u200b\u4e92\u8054","text":"\u200b\u5220\u9664\u200b\u6240\u6709\u200b\u96c6\u7fa4\u200b\u7684\u200b ovn-ic-config Configmap\uff1a
kubectl -n kube-system delete cm ovn-ic-config\n
\u200b\u5220\u9664\u200b\u6240\u6709\u200b\u96c6\u7fa4\u200b\u7684\u200b ts \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\uff1a
kubectl ko nbctl ls-del ts\n
\u200b\u5220\u9664\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u63a7\u5236\u5668\u200b\uff0c\u200b\u5982\u679c\u200b\u662f\u200b\u9ad8\u200b\u53ef\u7528\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u90e8\u7f72\u200b\uff0c\u200b\u9700\u8981\u200b\u90fd\u200b\u6e05\u7406\u200b\u6389\u200b\u3002
\u200b\u5982\u679c\u200b\u63a7\u5236\u5668\u200b\u662f\u200b docker \u200b\u90e8\u7f72\u200b\u6267\u884c\u547d\u4ee4\u200b\uff1a
docker stop ovn-ic-db \ndocker rm ovn-ic-db\n
\u200b\u5982\u679c\u200b\u63a7\u5236\u5668\u200b\u662f\u200b containerd \u200b\u90e8\u7f72\u200b\u6267\u884c\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io task kill ovn-ic-db\nctr -n k8s.io containers rm ovn-ic-db\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-submariner/","title":"\u4f7f\u7528\u200b Submariner \u200b\u8fdb\u884c\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054","text":"Submariner \u200b\u4f5c\u4e3a\u200b\u53ef\u4ee5\u200b\u6253\u901a\u200b\u591a\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b Pod \u200b\u548c\u200b Service \u200b\u7f51\u7edc\u200b\u7684\u200b\u5f00\u6e90\u200b\u7f51\u7edc\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u80fd\u591f\u200b\u5e2e\u52a9\u200b Kube-OVN \u200b\u5b9e\u73b0\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u3002
\u200b\u76f8\u6bd4\u200b\u901a\u8fc7\u200b OVN-IC \u200b\u6253\u901a\u200b\u591a\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u7684\u200b\u65b9\u5f0f\u200b\uff0cSubmariner \u200b\u53ef\u4ee5\u200b\u6253\u901a\u200b Kube-OVN \u200b\u548c\u200b\u975e\u200b Kube-OVN \u200b\u7684\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b \u200b\u80fd\u200b\u63d0\u4f9b\u200b Service \u200b\u7684\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u80fd\u529b\u200b\u3002\u200b\u4f46\u662f\u200b Submariner \u200b\u76ee\u524d\u200b\u53ea\u80fd\u200b\u5b9e\u73b0\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b\u6253\u901a\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u5b9e\u73b0\u200b\u591a\u5b50\u200b\u7f51\u200b\u9009\u62e9\u6027\u200b\u6253\u901a\u200b\u3002
"},{"location":"advance/with-submariner/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u7684\u200b Service CIDR \u200b\u548c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u4e0d\u80fd\u200b\u91cd\u53e0\u200b\u3002
"},{"location":"advance/with-submariner/#submariner_1","title":"\u90e8\u7f72\u200b Submariner","text":"\u200b\u4e0b\u8f7d\u200b subctl \u200b\u4e8c\u8fdb\u5236\u200b\u6587\u4ef6\u200b\uff0c\u200b\u5e76\u200b\u90e8\u7f72\u200b\u5230\u200b\u76f8\u5e94\u200b\u8def\u5f84\u200b\uff1a
curl -Ls https://get.submariner.io | bash\nexport PATH=$PATH:~/.local/bin\necho export PATH=\\$PATH:~/.local/bin >> ~/.profile\n
\u200b\u5207\u6362\u200b kubeconfig \u200b\u81f3\u200b\u5e0c\u671b\u200b\u90e8\u7f72\u200b submariner-broker \u200b\u7684\u200b\u96c6\u7fa4\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
subctl deploy-broker\n
\u200b\u5728\u200b\u672c\u200b\u6587\u6863\u200b\u4e2d\u200b cluster0 \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 10.16.0.0/16\uff0cjoin \u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 100.64.0.0/16\uff0ccluster1 \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 11.16.0.0/16\uff0cjoin \u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b '100.68.0.0/16'\u3002
\u200b\u5207\u6362\u200b kubeconfig \u200b\u81f3\u200b cluster0 \u200b\u6ce8\u518c\u200b\u96c6\u7fa4\u200b\u81f3\u200b broker\uff0c\u200b\u5e76\u200b\u6ce8\u518c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b:
subctl join broker-info.subm --clusterid cluster0 --clustercidr 100.64.0.0/16,10.16.0.0/16 --natt=false --cable-driver vxlan --health-check=false\nkubectl label nodes cluster0 submariner.io/gateway=true\n
\u200b\u5207\u6362\u200b kubeconfig \u200b\u81f3\u200b cluster1 \u200b\u6ce8\u518c\u200b\u96c6\u7fa4\u200b\u81f3\u200b broker\uff0c\u200b\u5e76\u200b\u6ce8\u518c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b:
subctl join broker-info.subm --clusterid cluster1 --clustercidr 100.68.0.0/16,11.16.0.0/16 --natt=false --cable-driver vxlan --health-check=false\nkubectl label nodes cluster1 submariner.io/gateway=true\n
\u200b\u5982\u679c\u200b\u6267\u884c\u200b join \u200b\u547d\u4ee4\u200b\u4e4b\u540e\u200b\u6ca1\u6709\u200b\u65b0\u200b\u7684\u200b gateway, routeagentpod \u200b\u51fa\u73b0\u200b\u7684\u8bdd\u200b, \u200b\u8bf7\u200b\u4e3a\u200b submariner-operator \u200b\u8fd9\u4e2a\u200b clusterrole \u200b\u589e\u52a0\u200b\u4ee5\u4e0b\u200b\u6743\u9650\u200b:
- apiGroups:\n - \"apps\"\n resources:\n - daemonsets\n verbs:\n - create\n - get\n - list\n - watch\n - update\n
\u200b\u5bf9\u4e8e\u200b\u591a\u200b\u8282\u70b9\u200b\u7684\u200b\u96c6\u7fa4\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u9ed8\u8ba4\u200b\u7684\u200b subnet ovn-default \u200b\u7684\u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b\u6539\u4e3a\u200b centralized\u3002\u200b\u4e3a\u200b submariner \u200b\u914d\u7f6e\u200b\u7684\u200b gateway \u200b\u8282\u70b9\u200b\u9700\u8981\u200b\u548c\u200b subnet \u200b\u8282\u70b9\u200b\u5b8c\u5168\u76f8\u540c\u200b\u3002
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5728\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5206\u522b\u200b\u542f\u52a8\u200b Pod \u200b\u5e76\u200b\u5c1d\u8bd5\u200b\u4f7f\u7528\u200b IP \u200b\u8fdb\u884c\u200b\u76f8\u4e92\u200b\u8bbf\u95ee\u200b\u3002
\u200b\u5982\u679c\u200b\u51fa\u73b0\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u95ee\u9898\u200b\u53ef\u200b\u901a\u8fc7\u200b subctl \u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u8bca\u65ad\u200b\uff1a
subctl show all\nsubctl diagnose all\n
\u200b\u66f4\u200b\u591a\u200b Submariner \u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b\u8bf7\u200b\u67e5\u770b\u200b Submariner \u200b\u7528\u6237\u624b\u518c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/custom-routes/","title":"\u81ea\u5b9a\u4e49\u200b\u8def\u7531","text":"\u200b\u53ef\u4ee5\u200b\u5728\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u901a\u8fc7\u200b Annotations \u200b\u6765\u200b\u6307\u5b9a\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b\u7684\u200b\u8def\u7531\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: custom-routes\n annotations:\n ovn.kubernetes.io/routes: |\n [{\n \"dst\": \"192.168.0.101/24\",\n \"gw\": \"10.16.0.254\"\n }, {\n \"gw\": \"10.16.0.254\"\n }]\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n
dst \u200b\u5b57\u6bb5\u200b\u4e3a\u200b\u7a7a\u200b\u8868\u793a\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u8def\u7531\u200b\u3002
\u200b\u5982\u679c\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b\u4e3a\u200b Deployment\u3001DaemonSet \u200b\u6216\u200b StatefulSet\uff0c\u200b\u5bf9\u5e94\u200b\u7684\u200b Annotation \u200b\u9700\u8981\u200b\u914d\u7f6e\u200b\u5728\u200b\u8d44\u6e90\u200b\u7684\u200b .spec.template.metadata.annotations \u200b\u4e2d\u200b\uff0c\u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: custom-routes\n labels:\n app: nginx\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n annotations:\n ovn.kubernetes.io/routes: |\n [{\n \"dst\": \"192.168.0.101/24\",\n \"gw\": \"10.16.0.254\"\n }, {\n \"gw\": \"10.16.0.254\"\n }]\n spec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/dual-stack/","title":"\u53cc\u6808\u200b\u4f7f\u7528","text":"Kube-OVN \u200b\u4e2d\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u652f\u6301\u200b\u4e0d\u540c\u200b\u7684\u200b\u534f\u8bae\u200b\uff0c\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u5b58\u5728\u200b IPv4\uff0cIPv6 \u200b\u548c\u200b\u53cc\u6808\u200b\u7c7b\u578b\u200b\u7684\u200b\u5b50\u7f51\u200b\u3002 \u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u4f7f\u7528\u200b\u7edf\u4e00\u200b\u7684\u200b\u534f\u8bae\u200b\u7c7b\u578b\u200b\u4ee5\u200b\u7b80\u5316\u200b\u4f7f\u7528\u200b\u548c\u200b\u7ef4\u62a4\u200b\u3002
\u200b\u4e3a\u4e86\u200b\u652f\u6301\u200b\u53cc\u6808\u200b\uff0c\u200b\u9700\u8981\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u6ee1\u8db3\u200b\u53cc\u6808\u200b\u8981\u6c42\u200b\uff0c\u200b\u540c\u65f6\u200b\u9700\u8981\u200b\u5bf9\u200b Kubernetes \u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\u505a\u200b\u8c03\u6574\u200b\uff0c \u200b\u8bf7\u200b\u53c2\u8003\u200b Kubernetes \u200b\u7684\u200b\u53cc\u6808\u200b\u5b98\u65b9\u200b\u6307\u5bfc\u200b\u3002
"},{"location":"guide/dual-stack/#_2","title":"\u521b\u5efa\u200b\u53cc\u6808\u200b\u5b50\u7f51","text":"\u200b\u5728\u200b\u914d\u7f6e\u200b\u53cc\u6808\u200b\u65f6\u200b\uff0c\u200b\u53ea\u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u5b50\u7f51\u200b CIDR \u200b\u683c\u5f0f\u200b\u4e3a\u200b cidr=<IPv4 CIDR>,<IPv6 CIDR> \u200b\u5373\u53ef\u200b\u3002 CIDR \u200b\u987a\u5e8f\u200b\u8981\u6c42\u200b IPv4 \u200b\u5728\u200b\u524d\u200b\uff0cIPv6 \u200b\u5728\u200b\u540e\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata: \n name: ovn-test\nspec:\n cidrBlock: 10.16.0.0/16,fd00:10:16::/64\n excludeIps:\n - 10.16.0.1\n - fd00:10:16::1\n gateway: 10.16.0.1,fd00:10:16::1\n
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u65f6\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u53cc\u6808\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u4fee\u6539\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\uff1a
POD_CIDR=\"10.16.0.0/16,fd00:10:16::/64\"\nJOIN_CIDR=\"100.64.0.0/16,fd00:100:64::/64\"\n
"},{"location":"guide/dual-stack/#pod","title":"\u67e5\u770b\u200b Pod \u200b\u5730\u5740","text":"\u200b\u914d\u7f6e\u200b\u53cc\u6808\u200b\u7f51\u7edc\u200b\u7684\u200b Pod \u200b\u5c06\u4f1a\u200b\u4ece\u200b\u8be5\u200b\u5b50\u7f51\u200b\u540c\u65f6\u200b\u5206\u914d\u200b IPv4 \u200b\u548c\u200b IPv6 \u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u5206\u914d\u200b\u7ed3\u679c\u200b\u4f1a\u200b\u663e\u793a\u200b\u5728\u200b Pod \u200b\u7684\u200b annotation \u200b\u4e2d\u200b:
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/allocated: \"true\"\n ovn.kubernetes.io/cidr: 10.16.0.0/16,fd00:10:16::/64\n ovn.kubernetes.io/gateway: 10.16.0.1,fd00:10:16::1\n ovn.kubernetes.io/ip_address: 10.16.0.9,fd00:10:16::9\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:14:88:09\n ovn.kubernetes.io/network_types: geneve\n ovn.kubernetes.io/routed: \"true\"\n...\npodIP: 10.16.0.9\n podIPs:\n - ip: 10.16.0.9\n - ip: fd00:10:16::9\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/eip-snat/","title":"EIP \u200b\u548c\u200b SNAT \u200b\u914d\u7f6e","text":"\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9488\u5bf9\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u8bf7\u200b\u53c2\u8003\u200b VPC \u200b\u7f51\u5173\u200b
Kube-OVN \u200b\u652f\u6301\u200b\u5229\u7528\u200b OVN \u200b\u4e2d\u200b\u7684\u200b L3 Gateway \u200b\u529f\u80fd\u200b\u6765\u200b\u5b9e\u73b0\u200b Pod \u200b\u7ea7\u522b\u200b\u7684\u200b SNAT \u200b\u548c\u200b EIP \u200b\u529f\u80fd\u200b\u3002 \u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b SNAT\uff0c\u200b\u4e00\u7ec4\u200b Pod \u200b\u53ef\u4ee5\u200b\u5171\u4eab\u200b\u4e00\u4e2a\u200b IP \u200b\u5730\u5740\u200b\u5bf9\u5916\u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\u3002 \u200b\u901a\u8fc7\u200b EIP \u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u4e00\u4e2a\u200b Pod \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u548c\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b IP \u200b\u5173\u8054\u200b\uff0c \u200b\u5916\u90e8\u200b\u670d\u52a1\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b EIP \u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b Pod\uff0cPod \u200b\u4e5f\u200b\u5c06\u200b\u901a\u8fc7\u200b\u8fd9\u4e2a\u200b EIP \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u670d\u52a1\u200b\u3002
"},{"location":"guide/eip-snat/#_1","title":"\u51c6\u5907\u200b\u5de5\u4f5c","text":" - \u200b\u4e3a\u4e86\u200b\u4f7f\u7528\u200b OVN \u200b\u7684\u200b L3 Gateway \u200b\u80fd\u529b\u200b\uff0c\u200b\u5fc5\u987b\u200b\u5c06\u200b\u4e00\u4e2a\u200b\u5355\u72ec\u200b\u7684\u200b\u7f51\u5361\u200b\u63a5\u5165\u200b OVS \u200b\u7f51\u6865\u200b\u4e2d\u200b\u8fdb\u884c\u200b Overlay \u200b\u548c\u200b Underlay \u200b\u7f51\u7edc\u200b\u7684\u200b\u6253\u901a\u200b\uff0c \u200b\u4e3b\u673a\u200b\u5fc5\u987b\u200b\u6709\u200b\u5176\u4ed6\u200b\u7684\u200b\u7f51\u5361\u200b\u7528\u4e8e\u200b\u8fd0\u7ef4\u200b\u7ba1\u7406\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u7ecf\u8fc7\u200b NAT \u200b\u540e\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u4f1a\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b Underlay \u200b\u7f51\u7edc\u200b\uff0c\u200b\u5fc5\u987b\u200b\u786e\u8ba4\u200b\u5f53\u524d\u200b\u7684\u200b\u7f51\u7edc\u200b\u67b6\u6784\u200b\u4e0b\u200b\u6b64\u7c7b\u200b\u6570\u636e\u5305\u200b\u53ef\u4ee5\u200b\u5b89\u5168\u200b\u901a\u8fc7\u200b\u3002
- \u200b\u76ee\u524d\u200b EIP \u200b\u548c\u200b SNAT \u200b\u5730\u5740\u200b\u6ca1\u6709\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\uff0c\u200b\u9700\u8981\u200b\u7ba1\u7406\u5458\u200b\u624b\u52a8\u200b\u5206\u914d\u200b\u907f\u514d\u200b\u5730\u5740\u200b\u51b2\u7a81\u200b\u3002
"},{"location":"guide/eip-snat/#_2","title":"\u521b\u5efa\u200b\u914d\u7f6e\u6587\u4ef6","text":"\u200b\u5728\u200b kube-system \u200b\u4e0b\u200b\u521b\u5efa\u200b ConfigMap ovn-external-gw-config\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-external-gw-config\n namespace: kube-system\ndata:\n enable-external-gw: \"true\"\n external-gw-nodes: \"kube-ovn-worker\"\n external-gw-nic: \"eth1\"\n external-gw-addr: \"172.56.0.1/16\"\n nic-ip: \"172.56.0.254/16\"\n nic-mac: \"16:52:f3:13:6a:25\"\n
enable-external-gw: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b SNAT \u200b\u548c\u200b EIP \u200b\u529f\u80fd\u200b\u3002type: centrailized \u200b\u6216\u200b distributed\uff0c \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b centralized \u200b\u5982\u679c\u200b\u4f7f\u7528\u200b distributed\uff0c\u200b\u5219\u200b\u96c6\u7fa4\u200b\u6240\u6709\u200b\u8282\u70b9\u200b\u90fd\u200b\u9700\u8981\u200b\u6709\u200b\u540c\u540d\u200b\u7f51\u5361\u200b\u6765\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u3002external-gw-nodes: centralized \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u4f5c\u7528\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u200b\uff0c\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u3002external-gw-nic: \u200b\u8282\u70b9\u200b\u4e0a\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u4f5c\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u200b\u3002external-gw-addr: \u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7f51\u5173\u200b\u7684\u200b IP \u200b\u548c\u200b\u63a9\u7801\u200b\u3002nic-ip,nic-mac: \u200b\u5206\u914d\u200b\u7ed9\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u7aef\u53e3\u200b\u7684\u200b IP \u200b\u548c\u200b Mac\uff0c\u200b\u9700\u4e3a\u200b\u7269\u7406\u200b\u6bb5\u200b\u672a\u200b\u88ab\u200b\u5360\u7528\u200b\u7684\u200b IP \u200b\u548c\u200b Mac\u3002
"},{"location":"guide/eip-snat/#ovn-ovs","title":"\u89c2\u5bdf\u200b OVN \u200b\u548c\u200b OVS \u200b\u72b6\u6001\u200b\u786e\u8ba4\u200b\u914d\u7f6e\u200b\u751f\u6548","text":"\u200b\u68c0\u67e5\u200b OVN-NB \u200b\u72b6\u6001\u200b, \u200b\u786e\u8ba4\u200b ovn-external \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u5b58\u5728\u200b\uff0c\u200b\u5e76\u4e14\u200b ovn-cluster-ovn-external \u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\u7aef\u53e3\u200b\u4e0a\u200b \u200b\u7ed1\u5b9a\u200b\u4e86\u200b\u6b63\u786e\u200b\u7684\u200b\u5730\u5740\u200b\u548c\u200b chassis\u3002
# kubectl ko nbctl show\nswitch 3de4cea7-1a71-43f3-8b62-435a57ef16a6 (ovn-external)\n port ln-ovn-external\n type: localnet\n addresses: [\"unknown\"]\n port ovn-external-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-external\nrouter e1eb83ad-34be-4ed5-9a02-fcc8b1d357c4 (ovn-cluster)\n port ovn-cluster-ovn-external\n mac: \"ac:1f:6b:2d:33:f1\"\n networks: [\"172.56.0.100/16\"]\n gateway chassis: [a5682814-2e2c-46dd-9c1c-6803ef0dab66]\n
\u200b\u68c0\u67e5\u200b OVS \u200b\u72b6\u6001\u200b\uff0c\u200b\u786e\u8ba4\u200b\u76f8\u5e94\u200b\u7684\u200b\u7f51\u5361\u200b\u5df2\u7ecf\u200b\u6865\u63a5\u200b\u8fdb\u200b br-external \u200b\u7f51\u6865\u200b\uff1a
# kubectl ko vsctl ${gateway node name} show\ne7d81150-7743-4d6e-9e6f-5c688232e130\n Bridge br-external\n Port br-external\n Interface br-external\n type: internal\n Port eno2\n Interface eno2\n Port patch-ln-ovn-external-to-br-int\n Interface patch-ln-ovn-external-to-br-int\n type: patch\n options: {peer=patch-br-int-to-ln-ovn-external}\n
"},{"location":"guide/eip-snat/#pod-eip-snat","title":"Pod \u200b\u914d\u7f6e\u200b EIP \u200b\u548c\u200b SNAT","text":"\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5728\u200b Pod \u200b\u4e0a\u200b\u589e\u52a0\u200b ovn.kubernetes.io/snat \u200b\u6216\u200b ovn.kubernetes.io/eip annotation \u200b\u6765\u200b\u5206\u522b\u200b\u914d\u7f6e\u200b SNAT \u200b\u548c\u200b EIP\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: pod-gw\n annotations:\n ovn.kubernetes.io/snat: 172.56.0.200\nspec:\n containers:\n - name: snat-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: pod-gw\n annotations:\n ovn.kubernetes.io/eip: 172.56.0.233\nspec:\n containers:\n - name: eip-pod\n image: docker.io/library/nginx:alpine\n
\u200b\u53ef\u200b\u901a\u8fc7\u200b kubectl \u200b\u6216\u200b\u5176\u4ed6\u200b\u5de5\u5177\u200b\u52a8\u6001\u200b\u8c03\u6574\u200b Pod \u200b\u6240\u200b\u914d\u7f6e\u200b\u7684\u200b EIP \u200b\u6216\u200b SNAT \u200b\u89c4\u5219\u200b\uff0c\u200b\u66f4\u6539\u200b\u65f6\u8bf7\u200b\u6ce8\u610f\u200b\u8981\u200b\u540c\u65f6\u200b\u5220\u9664\u200b ovn.kubernetes.io/routed annotation \u200b\u89e6\u53d1\u200b\u8def\u7531\u200b\u7684\u200b\u53d8\u66f4\u200b\uff1a
kubectl annotate pod pod-gw ovn.kubernetes.io/eip=172.56.0.221 --overwrite\nkubectl annotate pod pod-gw ovn.kubernetes.io/routed-\n
\u200b\u5f53\u200b EIP \u200b\u6216\u200b SNAT \u200b\u89c4\u5219\u200b\u751f\u6548\u200b\u540e\u200b\uff0covn.kubernetes.io/routed annotation \u200b\u4f1a\u200b\u88ab\u200b\u91cd\u65b0\u200b\u6dfb\u52a0\u200b\u3002
"},{"location":"guide/eip-snat/#_3","title":"\u9ad8\u7ea7\u200b\u914d\u7f6e","text":"kube-ovn-controller \u200b\u7684\u200b\u90e8\u5206\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u53ef\u200b\u5bf9\u200b SNAT \u200b\u548c\u200b EIP \u200b\u529f\u80fd\u200b\u8fdb\u884c\u200b\u9ad8\u9636\u200b\u914d\u7f6e\u200b\uff1a
--external-gateway-config-ns: Configmap ovn-external-gw-config \u200b\u6240\u5c5e\u200b Namespace\uff0c \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b kube-system\u3002--external-gateway-net: \u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u6240\u200b\u6865\u63a5\u200b\u7684\u200b\u7f51\u6865\u200b\u540d\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b external\u3002--external-gateway-vlanid: \u200b\u7269\u7406\u200b\u7f51\u7edc\u200b Vlan Tag \u200b\u53f7\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 0\uff0c \u200b\u5373\u200b\u4e0d\u200b\u4f7f\u7528\u200b Vlan\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/ippool/","title":"IP \u200b\u6c60\u200b\u4f7f\u7528","text":"IP \u200b\u6c60\u200b\uff08IPPool\uff09\u200b\u662f\u200b\u6bd4\u200b\u5b50\u7f51\u200b\uff08Subnet\uff09\u200b\u66f4\u7ec6\u200b\u529b\u5ea6\u200b\u7684\u200b IPAM \u200b\u7ba1\u7406\u200b\u5355\u5143\u200b\u3002\u200b\u4f60\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b IP \u200b\u6c60\u5c06\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\u7ec6\u5206\u200b\u4e3a\u200b\u591a\u4e2a\u200b\u5355\u5143\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u5355\u5143\u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b\u6216\u200b\u591a\u4e2a\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\uff08Namespace\uff09\u3002
"},{"location":"guide/ippool/#_1","title":"\u4f7f\u7528\u200b\u65b9\u6cd5","text":"\u200b\u4f7f\u7528\u200b\u793a\u4f8b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: IPPool\nmetadata:\n name: pool-1\nspec:\n subnet: ovn-default\n ips:\n - \"10.16.0.201\"\n - \"10.16.0.210/30\"\n - \"10.16.0.220..10.16.0.230\"\n namespaces:\n - ns-1\n
\u200b\u5b57\u200b\u6bb5\u200b\u8bf4\u660e\u200b\uff1a
\u200b\u540d\u79f0\u200b \u200b\u7528\u9014\u200b \u200b\u5907\u6ce8\u200b subnet \u200b\u6307\u5b9a\u200b\u6240\u5c5e\u200b\u5b50\u7f51\u200b \u200b\u5fc5\u586b\u200b ips \u200b\u6307\u5b9a\u200b\u5305\u542b\u200b\u7684\u200b IP \u200b\u8303\u56f4\u200b \u200b\u652f\u6301\u200b \u3001 \u200b\u4ee5\u53ca\u200b .. \u200b\u4e09\u79cd\u200b\u683c\u5f0f\u200b\uff0c\u200b\u652f\u6301\u200b IPv6\u3002 namespaces \u200b\u7ed1\u5b9a\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b \u200b\u53ef\u200b\u9009"},{"location":"guide/ippool/#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":" - \u200b\u4e3a\u200b\u4fdd\u8bc1\u200b\u4e0e\u200b Workload \u200b\u901a\u7528\u200b IP Pool \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b \u200b\u7684\u200b\u517c\u5bb9\u6027\u200b\uff0cIP \u200b\u6c60\u200b\u7684\u200b\u540d\u79f0\u200b\u4e0d\u80fd\u200b\u662f\u200b\u4e00\u4e2a\u200b IP \u200b\u5730\u5740\u200b\uff1b
- IP \u200b\u6c60\u200b\u7684\u200b
.spec.ips \u200b\u53ef\u200b\u6307\u5b9a\u200b\u8d85\u51fa\u200b\u5b50\u7f51\u200b\u8303\u56f4\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4f46\u200b\u5b9e\u9645\u200b\u6709\u6548\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u662f\u200b .spec.ips \u200b\u4e0e\u200b\u5b50\u7f51\u200b CIDR \u200b\u7684\u200b\u4ea4\u96c6\u200b\uff1b - \u200b\u540c\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u4e0d\u540c\u200b IP \u200b\u6c60\u200b\uff0c\u200b\u4e0d\u80fd\u200b\u5305\u542b\u200b\u76f8\u540c\u200b\u7684\u200b\uff08\u200b\u6709\u6548\u200b\uff09IP \u200b\u5730\u5740\u200b\uff1b
- IP \u200b\u6c60\u200b\u7684\u200b
.spec.ips \u200b\u53ef\u200b\u52a8\u6001\u200b\u4fee\u6539\u200b\uff1b - IP \u200b\u6c60\u4f1a\u200b\u7ee7\u627f\u200b\u5b50\u7f51\u200b\u7684\u200b\u4fdd\u7559\u200b IP\uff0c\u200b\u4ece\u200b IP \u200b\u6c60\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP \u200b\u5730\u5740\u200b\u65f6\u200b\uff0c\u200b\u4f1a\u200b\u8df3\u200b\u8fc7\u200b\u5305\u542b\u200b\u5728\u200b IP \u200b\u6c60\u4e2d\u200b\u7684\u200b\u4fdd\u7559\u200b IP\uff1b
- \u200b\u4ece\u200b\u5b50\u7f51\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP \u200b\u5730\u5740\u200b\u65f6\u200b\uff0c\u200b\u53ea\u4f1a\u200b\u4ece\u200b\u5b50\u7f51\u200b\u6240\u6709\u200b IP \u200b\u6c60\u200b\u4ee5\u5916\u200b\u7684\u200b\u8303\u56f4\u200b\u5206\u914d\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/loadbalancer-service/","title":"LoadBalancer \u200b\u7c7b\u578b\u200b Service","text":"Kube-OVN \u200b\u5df2\u7ecf\u200b\u652f\u6301\u200b\u4e86\u200b VPC \u200b\u548c\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b\u5b9e\u73b0\u200b\uff0c\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b VPC \u200b\u914d\u7f6e\u200b\u3002
\u200b\u7531\u4e8e\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b\u4f7f\u7528\u200b\u6bd4\u8f83\u590d\u6742\u200b\uff0c\u200b\u57fa\u4e8e\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b\u5b9e\u73b0\u200b\u505a\u200b\u4e86\u200b\u7b80\u5316\u200b\uff0c\u200b\u652f\u6301\u200b\u5728\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u521b\u5efa\u200b LoadBalancer \u200b\u7c7b\u578b\u200b\u7684\u200b Service\uff0c\u200b\u5b9e\u73b0\u200b\u901a\u8fc7\u200b LoadBalancerIP \u200b\u6765\u200b\u8bbf\u95ee\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Service\u3002
\u200b\u9996\u5148\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u4e0a\u200b\u6ee1\u8db3\u200b\u4ee5\u4e0b\u200b\u6761\u4ef6\u200b\uff1a
- \u200b\u5b89\u88c5\u200b\u4e86\u200b
multus-cni \u200b\u548c\u200b macvlan cni\u3002 - LoadBalancer Service \u200b\u7684\u200b\u652f\u6301\u200b\uff0c\u200b\u662f\u200b\u5bf9\u200b VPC \u200b\u7f51\u5173\u200b\u4ee3\u7801\u200b\u8fdb\u884c\u200b\u7b80\u5316\u200b\u5b9e\u73b0\u200b\u7684\u200b\uff0c\u200b\u4ecd\u7136\u200b\u4f7f\u7528\u200b
vpc-nat-gw \u200b\u7684\u200b\u955c\u50cf\u200b\uff0c\u200b\u4f9d\u8d56\u200b macvlan \u200b\u63d0\u4f9b\u200b\u591a\u200b\u7f51\u5361\u200b\u529f\u80fd\u200b\u652f\u6301\u200b\u3002 - \u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b\u5728\u200b
\u200b\u9ed8\u8ba4\u200b VPC \u200b\u914d\u7f6e\u200b\uff0c\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b LoadBalancer \u200b\u652f\u6301\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b VPC \u200b\u7684\u200b\u6587\u6863\u200b VPC \u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/loadbalancer-service/#vpc-loadbalancer-service","title":"\u9ed8\u8ba4\u200b VPC LoadBalancer Service \u200b\u914d\u7f6e\u200b\u6b65\u9aa4","text":""},{"location":"guide/loadbalancer-service/#_1","title":"\u5f00\u542f\u200b\u7279\u6027\u200b\u5f00\u5173","text":"\u200b\u4fee\u6539\u200b kube-system namespace \u200b\u4e0b\u200b\u7684\u200b deployment kube-ovn-controller\uff0c\u200b\u5728\u200b args \u200b\u4e2d\u200b\u589e\u52a0\u200b\u53c2\u6570\u200b --enable-lb-svc=true\uff0c\u200b\u5f00\u542f\u200b\u529f\u80fd\u200b\u5f00\u5173\u200b\uff0c\u200b\u8be5\u200b\u53c2\u6570\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b false\u3002
containers:\n- args:\n - /kube-ovn/start-controller.sh\n - --default-cidr=10.16.0.0/16\n - --default-gateway=10.16.0.1\n - --default-gateway-check=true\n - --enable-lb-svc=true // \u200b\u53c2\u6570\u8bbe\u7f6e\u200b\u4e3a\u200b true\n
"},{"location":"guide/loadbalancer-service/#networkattachmentdefinition-crd","title":"\u521b\u5efa\u200b NetworkAttachmentDefinition CRD \u200b\u8d44\u6e90","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b net-attach-def \u200b\u8d44\u6e90\u200b:
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: lb-svc-attachment\n namespace: kube-system\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth0\", //\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\uff0c\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\u914d\u7f6e\u200b\n \"mode\": \"bridge\"\n }'\n
\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u901a\u8fc7\u200b\u7269\u7406\u200b\u7f51\u5361\u200b eth0 \u200b\u6765\u200b\u5b9e\u73b0\u200b\u591a\u200b\u7f51\u5361\u200b\u529f\u80fd\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u5176\u4ed6\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b master \u200b\u53d6\u503c\u200b\uff0c\u200b\u6307\u5b9a\u200b\u4f7f\u7528\u200b\u7684\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u540d\u79f0\u200b\u3002
"},{"location":"guide/loadbalancer-service/#subnet","title":"\u521b\u5efa\u200b Subnet","text":"\u200b\u521b\u5efa\u200b\u7684\u200b Subnet\uff0c\u200b\u7528\u4e8e\u200b\u7ed9\u200b LoadBalancer Service \u200b\u5206\u914d\u200b LoadBalancerIP\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u6b63\u5e38\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5916\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u8bbf\u95ee\u200b\u5230\u200b\u3002\u200b\u53ef\u4ee5\u200b\u914d\u7f6e\u200b Underlay Subnet \u200b\u7528\u4e8e\u200b\u5730\u5740\u200b\u5206\u914d\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b\u65b0\u200b\u5b50\u7f51\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\nspec:\n protocol: IPv4\n provider: lb-svc-attachment.kube-system # provider \u200b\u683c\u5f0f\u200b\u56fa\u5b9a\u200b\uff0c\u200b\u7531\u200b\u4e0a\u200b\u4e00\u6b65\u200b\u521b\u5efa\u200b\u7684\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u7684\u200b Name.Namespace \u200b\u7ec4\u6210\u200b\n cidrBlock: 172.18.0.0/16\n gateway: 172.18.0.1\n excludeIps:\n - 172.18.0.0..172.18.0.10\n
Subnet \u200b\u4e2d\u200b provider \u200b\u53c2\u6570\u200b\u4ee5\u200b ovn \u200b\u6216\u8005\u200b\u4ee5\u200b .ovn \u200b\u4e3a\u200b\u540e\u7f00\u200b\u7ed3\u675f\u200b\uff0c\u200b\u8868\u793a\u200b\u8be5\u200b\u5b50\u7f51\u200b\u662f\u200b\u7531\u200b Kube-OVN \u200b\u7ba1\u7406\u200b\u4f7f\u7528\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u5e94\u200b\u521b\u5efa\u200b logical switch \u200b\u8bb0\u5f55\u200b\u3002
provider \u200b\u975e\u200b ovn \u200b\u6216\u8005\u200b\u975e\u200b .ovn \u200b\u4e3a\u200b\u540e\u7f00\u200b\u7ed3\u675f\u200b\uff0c\u200b\u5219\u200b Kube-OVN \u200b\u53ea\u200b\u63d0\u4f9b\u200b IPAM \u200b\u529f\u80fd\u200b\uff0c\u200b\u8bb0\u5f55\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u60c5\u51b5\u200b\uff0c\u200b\u4e0d\u200b\u5bf9\u200b\u5b50\u7f51\u200b\u505a\u200b\u4e1a\u52a1\u200b\u903b\u8f91\u200b\u5904\u7406\u200b\u3002
"},{"location":"guide/loadbalancer-service/#loadbalancer-service_1","title":"\u521b\u5efa\u200b LoadBalancer Service","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b LoadBalancer Service\uff1a
apiVersion: v1\nkind: Service\nmetadata:\n annotations:\n lb-svc-attachment.kube-system.kubernetes.io/logical_switch: attach-subnet #\u200b\u53ef\u200b\u9009\u200b\n ovn.kubernetes.io/attachmentprovider: lb-svc-attachment.kube-system #\u200b\u5fc5\u987b\u200b\n labels:\n app: dynamic\n name: test-service\n namespace: default\nspec:\n loadBalancerIP: 172.18.0.18 #\u200b\u53ef\u200b\u9009\u200b\n ports:\n - name: test\n protocol: TCP\n port: 80\n targetPort: 80\n selector:\n app: dynamic\n sessionAffinity: None\n type: LoadBalancer\n
\u200b\u5728\u200b yaml \u200b\u4e2d\u200b\uff0cannotation ovn.kubernetes.io/attachmentprovider \u200b\u4e3a\u200b\u5fc5\u586b\u200b\u9879\u200b\uff0c\u200b\u53d6\u503c\u200b\u7531\u200b\u7b2c\u4e00\u6b65\u200b\u521b\u5efa\u200b\u7684\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u7684\u200b Name.Namespace \u200b\u7ec4\u6210\u200b\u3002\u200b\u8be5\u200b annotation \u200b\u7528\u4e8e\u200b\u5728\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\uff0c\u200b\u67e5\u627e\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u3002
\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b annotation \u200b\u6307\u5b9a\u200b\u591a\u200b\u7f51\u5361\u200b\u5730\u5740\u200b\u5206\u914d\u200b\u4f7f\u7528\u200b\u7684\u200b\u5b50\u7f51\u200b\u3002annotation key \u200b\u683c\u5f0f\u200b\u4e3a\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u7684\u200b Name.Namespace.kubernetes.io/logical_switch\u3002\u200b\u8be5\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u200b\u53ef\u200b\u9009\u200b\u200b\u9009\u9879\u200b\uff0c\u200b\u5728\u200b\u6ca1\u6709\u200b\u6307\u5b9a\u200b LoadBalancerIP \u200b\u5730\u5740\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u5c06\u200b\u4ece\u200b\u8be5\u200b\u5b50\u7f51\u200b\u52a8\u6001\u5206\u914d\u200b\u5730\u5740\u200b\uff0c\u200b\u586b\u5145\u200b\u5230\u200b LoadBalancerIP \u200b\u5b57\u200b\u6bb5\u200b\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u9759\u6001\u200b\u914d\u7f6e\u200b LoadBalancerIP \u200b\u5730\u5740\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u914d\u7f6e\u200b spec.loadBalancerIP \u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u9700\u8981\u200b\u5728\u200b\u6307\u5b9a\u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u5185\u200b\u3002
\u200b\u5728\u200b\u6267\u884c\u200b yaml \u200b\u521b\u5efa\u200b Service \u200b\u540e\u200b\uff0c\u200b\u5728\u200b Service \u200b\u540c\u200b Namespace \u200b\u4e0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b Pod \u200b\u542f\u52a8\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get pod\nNAME READY STATUS RESTARTS AGE\nlb-svc-test-service-6869d98dd8-cjvll 1/1 Running 0 107m\n# kubectl get svc\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\ntest-service LoadBalancer 10.109.201.193 172.18.0.18 80:30056/TCP 107m\n
\u200b\u6307\u5b9a\u200b service.spec.loadBalancerIP \u200b\u53c2\u6570\u200b\u65f6\u200b\uff0c\u200b\u6700\u7ec8\u200b\u5c06\u200b\u8be5\u200b\u53c2\u6570\u200b\u8d4b\u503c\u200b\u7ed9\u200b service external-ip \u200b\u5b57\u200b\u6bb5\u200b\u3002\u200b\u4e0d\u200b\u6307\u5b9a\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u8be5\u200b\u53c2\u6570\u200b\u4e3a\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u503c\u200b\u3002
\u200b\u67e5\u770b\u200b\u6d4b\u8bd5\u200b Pod \u200b\u7684\u200b yaml \u200b\u8f93\u51fa\u200b\uff0c\u200b\u5b58\u5728\u200b\u591a\u200b\u7f51\u5361\u200b\u5206\u914d\u200b\u7684\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get pod -o yaml lb-svc-test-service-6869d98dd8-cjvll\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n k8s.v1.cni.cncf.io/network-status: |-\n [{\n \"name\": \"kube-ovn\",\n \"ips\": [\n \"10.16.0.2\"\n ],\n \"default\": true,\n \"dns\": {}\n },{\n \"name\": \"default/test-service\",\n \"interface\": \"net1\",\n \"mac\": \"ba:85:f7:02:9f:42\",\n \"dns\": {}\n }]\n k8s.v1.cni.cncf.io/networks: default/test-service\n k8s.v1.cni.cncf.io/networks-status: |-\n [{\n \"name\": \"kube-ovn\",\n \"ips\": [\n \"10.16.0.2\"\n ],\n \"default\": true,\n \"dns\": {}\n },{\n \"name\": \"default/test-service\",\n \"interface\": \"net1\",\n \"mac\": \"ba:85:f7:02:9f:42\",\n \"dns\": {}\n }]\n ovn.kubernetes.io/allocated: \"true\"\n ovn.kubernetes.io/cidr: 10.16.0.0/16\n ovn.kubernetes.io/gateway: 10.16.0.1\n ovn.kubernetes.io/ip_address: 10.16.0.2\n ovn.kubernetes.io/logical_router: ovn-cluster\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:45:F4:29\n ovn.kubernetes.io/pod_nic_type: veth-pair\n ovn.kubernetes.io/routed: \"true\"\n test-service.default.kubernetes.io/allocated: \"true\"\n test-service.default.kubernetes.io/cidr: 172.18.0.0/16\n test-service.default.kubernetes.io/gateway: 172.18.0.1\n test-service.default.kubernetes.io/ip_address: 172.18.0.18\n test-service.default.kubernetes.io/logical_switch: attach-subnet\n test-service.default.kubernetes.io/mac_address: 00:00:00:AF:AA:BF\n test-service.default.kubernetes.io/pod_nic_type: veth-pair\n
\u200b\u67e5\u770b\u200b Service \u200b\u7684\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc -o yaml test-service\napiVersion: v1\nkind: Service\nmetadata:\n annotations:\n kubectl.kubernetes.io/last-applied-configuration: |\n {\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"annotations\":{\"test-service.default.kubernetes.io/logical_switch\":\"attach-subnet\"},\"labels\":{\"app\":\"dynamic\"},\"name\":\"test-service\",\"namespace\":\"default\"},\"spec\":{\"ports\":[{\"name\":\"test\",\"port\":80,\"protocol\":\"TCP\",\"targetPort\":80}],\"selector\":{\"app\":\"dynamic\"},\"sessionAffinity\":\"None\",\"type\":\"LoadBalancer\"}}\n ovn.kubernetes.io/vpc: ovn-cluster\n test-service.default.kubernetes.io/logical_switch: attach-subnet\n creationTimestamp: \"2022-06-15T09:01:58Z\"\n labels:\n app: dynamic\n name: test-service\n namespace: default\n resourceVersion: \"38485\"\n uid: 161edee1-7f6e-40f5-9e09-5a52c44267d0\nspec:\n allocateLoadBalancerNodePorts: true\n clusterIP: 10.109.201.193\n clusterIPs:\n - 10.109.201.193\n externalTrafficPolicy: Cluster\n internalTrafficPolicy: Cluster\n ipFamilies:\n - IPv4\n ipFamilyPolicy: SingleStack\n ports:\n - name: test\n nodePort: 30056\n port: 80\n protocol: TCP\n targetPort: 80\n selector:\n app: dynamic\n sessionAffinity: None\n type: LoadBalancer\nstatus:\n loadBalancer:\n ingress:\n - ip: 172.18.0.18\n
"},{"location":"guide/loadbalancer-service/#loadbalancerip","title":"\u6d4b\u8bd5\u200b LoadBalancerIP \u200b\u8bbf\u95ee","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml, \u200b\u521b\u5efa\u200b\u6d4b\u8bd5\u200b Pod\uff0c\u200b\u4f5c\u4e3a\u200b Service \u200b\u7684\u200b Endpoints \u200b\u63d0\u4f9b\u200b\u670d\u52a1\u200b:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: dynamic\n name: dynamic\n namespace: default\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: dynamic\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: dynamic\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n dnsPolicy: ClusterFirst\n restartPolicy: Always\n
\u200b\u6b63\u5e38\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u63d0\u4f9b\u200b\u7684\u200b\u5b50\u7f51\u200b\u5730\u5740\u200b\uff0c\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5916\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u8bbf\u95ee\u200b\u5230\u200b\u3002\u200b\u4e3a\u4e86\u200b\u7b80\u5355\u200b\u9a8c\u8bc1\u200b\uff0c\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\u8bbf\u95ee\u200b Service \u200b\u7684\u200b LoadBalancerIP:Port\uff0c\u200b\u67e5\u770b\u200b\u662f\u5426\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b\u6210\u529f\u200b\u3002
# curl 172.18.0.11:80\n<html>\n<head>\n <title>Hello World!</title>\n <link href='//fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>\n <style>\n body {\n background-color: white;\n text-align: center;\n padding: 50px;\n font-family: \"Open Sans\",\"Helvetica Neue\",Helvetica,Arial,sans-serif;\n }\n #logo {\n margin-bottom: 40px;\n }\n </style>\n</head>\n<body>\n <h1>Hello World!</h1>\n <h3>Links found</h3>\n <h3>I am on dynamic-7d8d7874f5-hsgc4</h3>\n <h3>Cookie =</h3>\n <b>KUBERNETES</b> listening in 443 available at tcp://10.96.0.1:443<br />\n <h3>my name is hanhouchao!</h3>\n <h3> RequestURI='/'</h3>\n</body>\n</html>\n
\u200b\u8fdb\u5165\u200b Service \u200b\u521b\u5efa\u200b\u7684\u200b Pod\uff0c\u200b\u67e5\u770b\u200b\u7f51\u7edc\u200b\u7684\u200b\u4fe1\u606f\u200b
# ip a\n4: net1@if62: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether ba:85:f7:02:9f:42 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 172.18.0.18/16 scope global net1\n valid_lft forever preferred_lft forever\n inet6 fe80::b885:f7ff:fe02:9f42/64 scope link\n valid_lft forever preferred_lft forever\n36: eth0@if37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default\n link/ether 00:00:00:45:f4:29 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 10.16.0.2/16 brd 10.16.255.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe45:f429/64 scope link\n valid_lft forever preferred_lft forever\n\n# ip rule\n0: from all lookup local\n32764: from all iif eth0 lookup 100\n32765: from all iif net1 lookup 100\n32766: from all lookup main\n32767: from all lookup default\n\n# ip route show table 100\ndefault via 172.18.0.1 dev net1\n10.109.201.193 via 10.16.0.1 dev eth0\n172.18.0.0/16 dev net1 scope link\n\n# iptables -t nat -L -n -v\nChain PREROUTING (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n 0 0 DNAT tcp -- * * 0.0.0.0/0 172.18.0.18 tcp dpt:80 to:10.109.201.193:80\n\nChain INPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n\nChain OUTPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n\nChain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n 0 0 MASQUERADE all -- * * 0.0.0.0/0 10.109.201.193\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/mirror/","title":"\u6d41\u91cf\u200b\u955c\u50cf","text":"\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u8fdb\u51fa\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u590d\u5236\u5230\u200b\u4e3b\u673a\u200b\u7684\u200b\u7279\u5b9a\u200b\u7f51\u5361\u200b\u3002\u200b\u7ba1\u7406\u5458\u200b\u6216\u200b\u5f00\u53d1\u8005\u200b \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u76d1\u542c\u200b\u8fd9\u5757\u200b\u7f51\u5361\u200b\u83b7\u5f97\u200b\u5b8c\u6574\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u6765\u200b\u8fdb\u4e00\u6b65\u200b\u8fdb\u884c\u200b\u5206\u6790\u200b\uff0c\u200b\u76d1\u63a7\u200b\uff0c\u200b\u5b89\u5168\u200b\u5ba1\u8ba1\u200b\u7b49\u200b\u64cd\u4f5c\u200b\u3002 \u200b\u4e5f\u200b\u53ef\u200b\u548c\u200b\u4f20\u7edf\u200b\u7684\u200b NPM \u200b\u5bf9\u63a5\u200b\u83b7\u53d6\u200b\u66f4\u200b\u7ec6\u7c92\u5ea6\u200b\u7684\u200b\u6d41\u91cf\u200b\u76d1\u63a7\u200b\u3002
\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5e26\u6765\u200b\u4e00\u5b9a\u200b\u7684\u200b\u6027\u80fd\u200b\u635f\u5931\u200b\uff0c\u200b\u6839\u636e\u200b CPU \u200b\u6027\u80fd\u200b\u4ee5\u53ca\u200b\u6d41\u91cf\u200b\u7684\u200b\u7279\u5f81\u200b\uff0c\u200b\u4f1a\u200b\u6709\u200b 5%~10% \u200b\u7684\u200b \u200b\u989d\u5916\u200b CPU \u200b\u6d88\u8017\u200b\u3002
"},{"location":"guide/mirror/#_2","title":"\u5168\u5c40\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u914d\u7f6e","text":"\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u5173\u95ed\u200b\u72b6\u6001\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u8bf7\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff1a
--enable-mirror=true\uff1a \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002--mirror-iface=mirror0: \u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u6240\u200b\u590d\u5236\u5230\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u200b\u3002\u200b\u8be5\u200b\u7f51\u5361\u200b\u53ef\u200b\u4e3a\u4e3b\u200b\u673a\u4e0a\u200b\u5df2\u200b\u5b58\u5728\u200b\u7684\u200b\u4e00\u5757\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\uff0c \u200b\u6b64\u65f6\u200b\u8be5\u200b\u7f51\u5361\u200b\u4f1a\u200b\u88ab\u200b\u6865\u63a5\u200b\u8fdb\u200b br-int \u200b\u7f51\u6865\u200b\uff0c\u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u4f1a\u200b\u76f4\u63a5\u200b\u63a5\u5165\u200b\u5e95\u5c42\u200b\u4ea4\u6362\u673a\u200b\u3002\u200b\u82e5\u200b\u7f51\u5361\u200b\u540d\u200b\u4e0d\u200b\u5b58\u5728\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u81ea\u52a8\u200b \u200b\u521b\u5efa\u200b\u4e00\u5757\u200b\u540c\u540d\u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u5361\u200b\uff0c\u200b\u7ba1\u7406\u5458\u200b\u6216\u200b\u5f00\u53d1\u8005\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u4e0a\u200b\u901a\u8fc7\u200b\u8be5\u200b\u7f51\u5361\u200b\u83b7\u53d6\u200b\u5f53\u524d\u200b\u8282\u70b9\u200b\u6240\u6709\u200b\u6d41\u91cf\u200b\u3002\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b mirror0\u3002
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u7528\u200b tcpdump \u200b\u6216\u200b\u5176\u4ed6\u200b\u6d41\u91cf\u200b\u5206\u6790\u200b\u5de5\u5177\u200b\u76d1\u542c\u200b mirror0 \u200b\u4e0a\u200b\u7684\u200b\u6d41\u91cf\u200b\uff1a
tcpdump -ni mirror0\n
"},{"location":"guide/mirror/#pod","title":"Pod \u200b\u7ea7\u522b\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u914d\u7f6e","text":"\u200b\u5982\u679c\u200b\u53ea\u200b\u9700\u200b\u5bf9\u200b\u90e8\u5206\u200b Pod \u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u955c\u50cf\u200b\uff0c\u200b\u5219\u200b\u9700\u8981\u200b\u5173\u95ed\u200b\u5168\u5c40\u200b\u7684\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\uff0c\u200b\u7136\u540e\u200b\u5728\u200b\u7279\u5b9a\u200b Pod \u200b\u4e0a\u200b\u589e\u52a0\u200b ovn.kubernetes.io/mirror annotation \u200b\u6765\u200b\u5f00\u542f\u200b Pod \u200b\u7ea7\u522b\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: mirror-pod\n namespace: ls1\n annotations:\n ovn.kubernetes.io/mirror: \"true\"\nspec:\n containers:\n - name: mirror-pod\n image: docker.io/library/nginx:alpine\n
"},{"location":"guide/mirror/#_3","title":"\u6027\u80fd\u200b\u6d4b\u8bd5","text":"\u200b\u5728\u200b\u76f8\u540c\u200b\u73af\u5883\u200b\u4e0a\u200b\uff0c\u200b\u5206\u522b\u200b\u5f00\u542f\u200b\u548c\u200b\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u5f00\u5173\u200b\uff0c\u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b
"},{"location":"guide/mirror/#1-pod-to-pod-in-the-same-nodes","title":"1. Pod to Pod in the same Nodes","text":""},{"location":"guide/mirror/#_4","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 12.7 us 289 Mbits/sec 12.6 us (1.8%) 77.9 Mbits/sec 128 15.5 us 517 Mbits/sec 12.7 us (0%) 155 Mbits/sec 512 12.2 us 1.64 Gbits/sec 12.4 us (0%) 624 Mbits/sec 1k 13 us 2.96 Gbits/sec 11.4 us (0.53%) 1.22 Gbits/sec 4k 18 us 7.67 Gbits/sec 25.7 us (0.41%) 1.50 Gbits/sec"},{"location":"guide/mirror/#_5","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 11.9 us 324 Mbits/sec 12.2 us (0.22%) 102 Mbits/sec 128 10.5 us 582 Mbits/sec 9.5 us (0.21%) 198 Mbits/sec 512 11.6 us 1.84 Gbits/sec 9.32 us (0.091%) 827 Mbits/sec 1k 10.5 us 3.44 Gbits/sec 10 us (1.2%) 1.52 Gbits/sec 4k 16.7 us 8.52 Gbits/sec 18.2 us (1.3%) 2.42 Gbits/sec"},{"location":"guide/mirror/#2-pod-to-pod-in-the-different-nodes","title":"2. Pod to Pod in the different Nodes","text":""},{"location":"guide/mirror/#_6","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 258 us 143 Mbits/sec 237 us (61%) 28.5 Mbits/sec 128 240 us 252 Mbits/sec 231 us (64%) 54.9 Mbits/sec 512 236 us 763 Mbits/sec 256 us (68%) 194 Mbits/sec 1k 242 us 969 Mbits/sec 225 us (62%) 449 Mbits/sec 4k 352 us 1.12 Gbits/sec 382 us (0.71%) 21.4 Mbits/sec"},{"location":"guide/mirror/#_7","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 278 us 140 Mbits/sec 227 us (24%) 59.6 Mbits/sec 128 249 us 265 Mbits/sec 265 us (23%) 114 Mbits/sec 512 233 us 914 Mbits/sec 235 us (21%) 468 Mbits/sec 1k 238 us 1.14 Gbits/sec 240 us (15%) 891 Mbits/sec 4k 370 us 1.25 Gbits/sec 361 us (0.43%) 7.54 Mbits/sec"},{"location":"guide/mirror/#3-node-to-node","title":"3. Node to Node","text":""},{"location":"guide/mirror/#_8","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 205 us 162 Mbits/sec 183 us (11%) 74.2 Mbits/sec 128 222 us 280 Mbits/sec 206 us (6.3%) 155 Mbits/sec 512 220 us 1.04 Gbits/sec 177 us (20%) 503 Mbits/sec 1k 213 us 2.06 Gbits/sec 201 us (8.6%) 1.14 Gbits/sec 4k 280 us 5.01 Gbits/sec 315 us (37%) 1.20 Gbits/sec"},{"location":"guide/mirror/#_9","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 204 us 157 Mbits/sec 204 us (8.8%) 81.9 Mbits/sec 128 213 us 262 Mbits/sec 225 us (19%) 136 Mbits/sec 512 220 us 1.02 Gbits/sec 227 us (21%) 486 Mbits/sec 1k 217 us 1.79 Gbits/sec 218 us (29%) 845 Mbits/sec 4k 275 us 5.27 Gbits/sec 336 us (34%) 1.21 Gbits/sec"},{"location":"guide/mirror/#4-pod-to-the-node-where-the-pod-is-located","title":"4. Pod to the Node where the Pod is located","text":""},{"location":"guide/mirror/#_10","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 12.2 us 295 Mbits/sec 12.7 us (0.27%) 74.1 Mbits/sec 128 14.1 us 549 Mbits/sec 10.6 us (0.41%) 153 Mbits/sec 512 13.5 us 1.83 Gbits/sec 12.7 us (0.23%) 586 Mbits/sec 1k 12 us 2.69 Gbits/sec 13 us (1%) 1.16 Gbits/sec 4k 18.9 us 4.51 Gbits/sec 21.8 us (0.42%) 1.81 Gbits/sec"},{"location":"guide/mirror/#_11","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 10.4 us 335 Mbits/sec 12.2 us (0.75%) 95.4 Mbits/sec 128 12.1 us 561 Mbits/sec 11.3 us (0.25%) 194 Mbits/sec 512 11.6 us 1.87 Gbits/sec 10.7 us (0.66%) 745 Mbits/sec 1k 12.7 us 3.12 Gbits/sec 10.9 us (1.2%) 1.46 Gbits/sec 4k 16.5 us 8.23 Gbits/sec 17.9 us (1.5%) 2.51 Gbits/sec"},{"location":"guide/mirror/#5-pod-to-the-node-where-the-pod-is-not-located","title":"5. Pod to the Node where the Pod is not located","text":""},{"location":"guide/mirror/#_12","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 234 us 153 Mbits/sec 232 us (63%) 29.4 Mbits/sec 128 237 us 261 Mbits/sec 238 us (49%) 76.1 Mbits/sec 512 231 us 701 Mbits/sec 238 us (57%) 279 Mbits/sec 1k 256 us 1.05 Gbits/sec 228 us (56%) 524 Mbits/sec 4k 330 us 1.08 Gbits/sec 359 us (1.5%) 35.7 Mbits/sec"},{"location":"guide/mirror/#_13","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 283 us 141 Mbits/sec 230 us (26%) 55.8 Mbits/sec 128 234 us 255 Mbits/sec 234 us (25%) 113 Mbits/sec 512 246 us 760 Mbits/sec 234 us (22%) 458 Mbits/sec 1k 268 us 1.23 Gbits/sec 242 us (20%) 879 Mbits/sec 4k 326 us 1.20 Gbits/sec 369 us (0.5%) 7.87 Mbits/sec"},{"location":"guide/mirror/#6-pod-to-the-cluster-ip-service","title":"6. Pod to the cluster ip service","text":""},{"location":"guide/mirror/#_14","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 237 us 133 Mbits/sec 213 us (65%) 25.5 Mbits/sec 128 232 us 271 Mbits/sec 222 us (62%) 54.8 Mbits/sec 512 266 us 800 Mbits/sec 234 us (60%) 232 Mbits/sec 1k 248 us 986 Mbits/sec 239 us (50%) 511 Mbits/sec 4k 314 us 1.03 Gbits/sec 367 us (0.6%) 13.2 Mbits/sec TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14305.17 0.87ms 1.48ms 24.46ms 100 29082.07 3.87ms 4.35ms 102.85ms"},{"location":"guide/mirror/#_15","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 241 us 145 Mbits/sec 225 us (19%) 60.2 Mbits/sec 128 245 us 261 Mbits/sec 212 us (15%) 123 Mbits/sec 512 252 us 821 Mbits/sec 219 us (14%) 499 Mbits/sec 1k 253 us 1.08 Gbits/sec 242 us (16%) 852 Mbits/sec 4k 320 us 1.32 Gbits/sec 360 us (0.47%) 6.70 Mbits/sec TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 13634.07 0.96ms 1.72ms 30.07ms 100 30215.23 3.59ms 3.20ms 77.56ms"},{"location":"guide/mirror/#7-host-to-the-node-port-service-where-the-pod-is-not-located-on-the-target-node","title":"7. Host to the Node port service where the Pod is not located on the target Node","text":""},{"location":"guide/mirror/#_16","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14802.73 0.88ms 1.66ms 31.49ms 100 29809.58 3.78ms 4.12ms 105.34ms"},{"location":"guide/mirror/#_17","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14273.33 0.90ms 1.60ms 37.16ms 100 30757.81 3.62ms 3.41ms 59.78ms"},{"location":"guide/mirror/#8-host-to-the-node-port-service-where-the-pod-is-located-on-the-target-node","title":"8. Host to the Node port service where the Pod is located on the target Node","text":""},{"location":"guide/mirror/#_18","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 15402.39 802.50us 1.42ms 30.91ms 100 29424.66 4.05ms 4.31ms 90.60ms"},{"location":"guide/mirror/#_19","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14649.21 0.91ms 1.72ms 43.92ms 100 32143.61 3.66ms 3.76ms 67.02ms \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/networkpolicy-log/","title":"NetworkPolicy \u200b\u65e5\u5fd7","text":"NetworkPolicy \u200b\u4e3a\u200b Kubernetes \u200b\u63d0\u4f9b\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u63a5\u53e3\u200b\uff0cKube-OVN \u200b\u901a\u8fc7\u200b OVN \u200b\u7684\u200b ACL \u200b\u8fdb\u884c\u200b\u4e86\u200b\u5b9e\u73b0\u200b\u3002 \u200b\u4f7f\u7528\u200b\u4e86\u200b NetworkPolicy \u200b\u540e\u200b\u5982\u679c\u200b\u51fa\u73b0\u200b\u7f51\u7edc\u200b\u4e0d\u901a\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0c\u200b\u96be\u4ee5\u200b\u5224\u65ad\u200b\u662f\u200b\u7f51\u7edc\u6545\u969c\u200b\u95ee\u9898\u200b\u8fd8\u662f\u200b NetworkPolicy \u200b\u89c4\u5219\u200b\u8bbe\u7f6e\u200b\u95ee\u9898\u200b\u5bfc\u81f4\u200b\u7684\u200b\u7f51\u7edc\u200b\u4e2d\u65ad\u200b\u3002 Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b NetworkPolicy \u200b\u65e5\u5fd7\u200b\u529f\u80fd\u200b\uff0c\u200b\u5e2e\u52a9\u200b\u7ba1\u7406\u5458\u200b\u5feb\u901f\u200b\u5b9a\u4f4d\u200b NetworkPolicy Drop \u200b\u89c4\u5219\u200b\u662f\u5426\u200b\u547d\u4e2d\u200b\uff0c\u200b\u5e76\u200b\u8bb0\u5f55\u200b\u6709\u200b\u54ea\u4e9b\u200b\u975e\u6cd5\u200b\u8bbf\u95ee\u200b\u3002
NetworkPolicy \u200b\u65e5\u5fd7\u200b\u529f\u80fd\u200b\u4e00\u65e6\u200b\u5f00\u542f\u200b\uff0c\u200b\u5bf9\u200b\u6bcf\u4e2a\u200b\u547d\u4e2d\u200b Drop \u200b\u89c4\u5219\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u90fd\u200b\u9700\u8981\u200b\u6253\u5370\u200b\u65e5\u5fd7\u200b\uff0c\u200b\u4f1a\u200b\u5e26\u6765\u200b\u989d\u5916\u200b\u6027\u80fd\u200b\u5f00\u9500\u200b\u3002 \u200b\u5728\u200b\u6076\u610f\u200b\u653b\u51fb\u200b\u4e0b\u200b\uff0c\u200b\u77ed\u65f6\u95f4\u200b\u5927\u91cf\u200b\u65e5\u5fd7\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u8017\u5c3d\u200b CPU\u3002\u200b\u6211\u4eec\u200b\u5efa\u8bae\u200b\u5728\u200b\u751f\u4ea7\u200b\u73af\u5883\u200b\u9ed8\u8ba4\u200b\u5173\u95ed\u200b\u65e5\u5fd7\u200b\u529f\u80fd\u200b\uff0c\u200b\u5728\u200b\u9700\u8981\u200b\u6392\u67e5\u200b\u95ee\u9898\u200b\u65f6\u200b\uff0c\u200b\u52a8\u6001\u200b\u5f00\u542f\u200b\u65e5\u5fd7\u200b\u3002
"},{"location":"guide/networkpolicy-log/#networkpolicy_1","title":"\u5f00\u542f\u200b NetworkPolicy \u200b\u65e5\u5fd7","text":"\u200b\u5728\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u65e5\u5fd7\u200b\u8bb0\u5f55\u200b\u7684\u200b NetworkPolicy \u200b\u4e2d\u200b\u589e\u52a0\u200b annotation ovn.kubernetes.io/enable_log\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: default-deny-ingress\n namespace: kube-system\n annotations:\n ovn.kubernetes.io/enable_log: \"true\"\nspec:\n podSelector: {}\n policyTypes:\n - Ingress\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5bf9\u5e94\u200b Pod \u200b\u6240\u5728\u200b\u4e3b\u673a\u200b\u7684\u200b /var/log/ovn/ovn-controller.log \u200b\u4e2d\u200b\u89c2\u5bdf\u200b\u5230\u200b\u88ab\u200b\u4e22\u5f03\u200b\u6570\u636e\u5305\u200b\u7684\u200b\u65e5\u5fd7\u200b\uff1a
# tail -f /var/log/ovn/ovn-controller.log\n2022-07-20T05:55:03.229Z|00394|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=54343,tp_dst=53\n2022-07-20T05:55:06.229Z|00395|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=44187,tp_dst=53\n2022-07-20T05:55:08.230Z|00396|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=54274,tp_dst=53\n2022-07-20T05:55:11.231Z|00397|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=32778,tp_dst=53\n2022-07-20T05:55:11.231Z|00398|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=34188,tp_dst=53\n2022-07-20T05:55:13.231Z|00399|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=43290,tp_dst=53\n2022-07-20T05:55:22.096Z|00400|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n2022-07-20T05:55:22.097Z|00401|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n2022-07-20T05:55:22.098Z|00402|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n
"},{"location":"guide/networkpolicy-log/#networkpolicy_2","title":"\u5173\u95ed\u200b NetworkPolicy \u200b\u65e5\u5fd7","text":"\u200b\u5c06\u200b\u5bf9\u5e94\u200b NetworkPolicy \u200b\u4e2d\u200b\u7684\u200b annotation ovn.kubernetes.io/enable_log \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false \u200b\u5373\u53ef\u200b\u5173\u95ed\u200b NetworkPolicy \u200b\u65e5\u5fd7\u200b\uff1a
kubectl annotate networkpolicy -n kube-system default-deny-ingress ovn.kubernetes.io/enable_log=false --overwrite\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/prometheus-grafana/","title":"\u914d\u7f6e\u200b\u76d1\u63a7\u200b\u548c\u200b\u9762\u677f","text":"Kube-OVN \u200b\u53ef\u4ee5\u200b\u5c06\u200b\u7f51\u7edc\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u4fe1\u606f\u200b\u4ee5\u53ca\u200b\u7f51\u7edc\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u8d28\u91cf\u200b\u4fe1\u606f\u200b\u6307\u6807\u200b\u4ee5\u200b Prometheus \u200b\u6240\u200b\u652f\u6301\u200b\u7684\u200b\u683c\u5f0f\u200b\u5bf9\u5916\u200b\u8f93\u51fa\u200b\u3002
\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b kube-prometheus \u200b\u6240\u200b\u63d0\u4f9b\u200b\u7684\u200b CRD \u200b\u6765\u200b\u5b9a\u4e49\u200b\u76f8\u5e94\u200b\u7684\u200b Prometheus \u200b\u76d1\u63a7\u200b\u89c4\u5219\u200b\u3002 \u200b\u7528\u6237\u200b\u9700\u8981\u200b\u9884\u5148\u200b\u5b89\u88c5\u200b kube-prometheus \u200b\u6765\u200b\u542f\u7528\u200b\u76f8\u5173\u200b\u7684\u200b CRD\u3002Kube-OVN \u200b\u6240\u200b\u652f\u6301\u200b\u7684\u200b\u5168\u90e8\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u8bf7\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b\u539f\u751f\u200b Prometheus \u200b\u8bf7\u200b\u53c2\u8003\u200b\u914d\u7f6e\u200b\u539f\u751f\u200b Prometheus \u200b\u83b7\u53d6\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b \u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/prometheus-grafana/#prometheus-monitor","title":"\u5b89\u88c5\u200b Prometheus Monitor","text":"Kube-OVN \u200b\u4f7f\u7528\u200b Prometheus Monitor CRD \u200b\u6765\u200b\u7ba1\u7406\u200b\u76d1\u63a7\u200b\u8f93\u51fa\u200b\uff1a
# \u200b\u7f51\u54af\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/pinger-monitor.yaml\n# kube-ovn-controller \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/controller-monitor.yaml\n# kube-ovn-cni \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/cni-monitor.yaml\n# ovn \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovn-monitor.yaml\n
Prometheus \u200b\u62c9\u53d6\u200b\u76d1\u63a7\u200b\u65f6\u95f4\u200b\u95f4\u9694\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 15s\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u8c03\u6574\u200b\u9700\u8981\u200b\u4fee\u6539\u200b yaml \u200b\u4e2d\u200b\u7684\u200b interval \u200b\u5b57\u200b\u6bb5\u200b\u3002
"},{"location":"guide/prometheus-grafana/#grafana","title":"\u52a0\u8f7d\u200b Grafana \u200b\u9762\u677f","text":"Kube-OVN \u200b\u8fd8\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u9884\u5148\u200b\u5b9a\u4e49\u200b\u597d\u200b\u7684\u200b Grafana Dashboard \u200b\u5c55\u793a\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u548c\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u76f8\u5173\u200b\u4fe1\u606f\u200b\u3002
\u200b\u4e0b\u8f7d\u200b\u5bf9\u5e94\u200b Dashboard \u200b\u6a21\u677f\u200b\uff1a
# \u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/pinger-grafana.json\n# kube-ovn-controller \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/controller-grafana.json\n# kube-ovn-cni \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/cni-grafana.json\n# ovn \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovn-grafana.json\n# ovs \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovs-grafana.json\n
\u200b\u5728\u200b Grafana \u200b\u4e2d\u200b\u5bfc\u5165\u200b\u6a21\u677f\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u6570\u636e\u6e90\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b Prometheus \u200b\u5373\u53ef\u200b\u770b\u5230\u200b\u5982\u4e0b\u200b Dashboard\uff1a
kube-ovn-controller \u200b\u8fd0\u884c\u72b6\u51b5\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\uff1a
kube-ovn-pinger \u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\uff1a
kube-ovn-cni \u200b\u8fd0\u884c\u72b6\u51b5\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\uff1a
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/prometheus/","title":"\u914d\u7f6e\u200b\u539f\u751f\u200b Prometheus \u200b\u83b7\u53d6\u200b\u76d1\u63a7\u200b\u6570\u636e","text":"Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e30\u5bcc\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\uff0c\u200b\u7528\u4e8e\u200b OVN/OVS \u200b\u5065\u5eb7\u200b\u72b6\u6001\u200b\u68c0\u67e5\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u68c0\u67e5\u200b\u3002Kube-OVN \u200b\u914d\u7f6e\u200b\u4e86\u200b ServiceMonitor\uff0c\u200b\u53ef\u4ee5\u200b\u7528\u4e8e\u200b Prometheus \u200b\u52a8\u6001\u200b\u83b7\u53d6\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
\u200b\u5728\u200b\u67d0\u4e9b\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u53ea\u200b\u5b89\u88c5\u200b\u4e86\u200b Prometheus Server\uff0c\u200b\u6ca1\u6709\u200b\u5b89\u88c5\u200b\u5176\u4ed6\u200b\u7684\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b Prometheus \u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u52a8\u6001\u200b\u83b7\u53d6\u200b\u96c6\u7fa4\u200b\u73af\u5883\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u3002
"},{"location":"guide/prometheus/#prometheus_1","title":"Prometheus \u200b\u914d\u7f6e","text":"\u200b\u4ee5\u4e0b\u200b\u7684\u200b\u914d\u7f6e\u200b\u6587\u6863\u200b\uff0c\u200b\u53c2\u8003\u200b\u81ea\u200b Prometheus \u200b\u670d\u52a1\u200b\u53d1\u73b0\u200b\u3002
"},{"location":"guide/prometheus/#_1","title":"\u6743\u9650\u200b\u914d\u7f6e","text":"Prometheus \u200b\u90e8\u7f72\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\uff0c\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b k8s apiserver \u200b\u6765\u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b\u8d44\u6e90\u200b\uff0c\u200b\u4ece\u800c\u200b\u5b9e\u73b0\u200b\u67e5\u8be2\u200b\u4e1a\u52a1\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u914d\u7f6e\u200b Prometheus \u200b\u9700\u8981\u200b\u7684\u200b\u6743\u9650\u200b\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: prometheus\nrules:\n- apiGroups: [\"\"]\n resources:\n - nodes\n - nodes/proxy\n - services\n - endpoints\n - pods\n verbs: [\"get\", \"list\", \"watch\"]\n- apiGroups:\n - extensions\n resources:\n - ingresses\n verbs: [\"get\", \"list\", \"watch\"]\n- nonResourceURLs: [\"/metrics\"]\n verbs: [\"get\"]\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: prometheus\n namespace: default\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: prometheus\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: prometheus\nsubjects:\n- kind: ServiceAccount\n name: prometheus\n namespace: default\n
"},{"location":"guide/prometheus/#prometheus_2","title":"Prometheus \u200b\u914d\u7f6e\u6587\u4ef6","text":"Prometheus \u200b\u7684\u200b\u542f\u52a8\u200b\uff0c\u200b\u4f9d\u8d56\u4e8e\u200b\u914d\u7f6e\u6587\u4ef6\u200b prometheus.yml\uff0c\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u8be5\u200b\u6587\u4ef6\u200b\u5185\u5bb9\u200b\u914d\u7f6e\u200b\u5728\u200b ConfigMap \u200b\u5185\u200b\uff0c\u200b\u52a8\u6001\u200b\u6302\u8f7d\u200b\u5230\u200b Pod \u200b\u4e2d\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b Prometheus \u200b\u4f7f\u7528\u200b\u7684\u200b ConfigMap \u200b\u6587\u4ef6\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: prometheus-config\ndata:\n prometheus.yml: |-\n global:\n scrape_interval: 15s \n evaluation_interval: 15s\n scrape_configs:\n - job_name: 'prometheus'\n static_configs:\n - targets: ['localhost:9090']\n\n - job_name: 'kubernetes-nodes'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: node\n\n - job_name: 'kubernetes-service'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: service\n\n - job_name: 'kubernetes-endpoints'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: endpoints\n\n - job_name: 'kubernetes-ingress'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: ingress\n\n - job_name: 'kubernetes-pods'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: pod\n
Prometheus \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u57fa\u4e8e\u200b\u89d2\u8272\u200b\u67e5\u8be2\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u76d1\u63a7\u200b\u7684\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b kubernetes_sd_config\u3002
\u200b\u5728\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\uff0cPrometheus \u200b\u652f\u6301\u200b\u67e5\u8be2\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u7684\u200b\u89d2\u8272\u200b\u5305\u542b\u200b node\u3001service\u3001pod\u3001endpoints \u200b\u548c\u200b ingress\u3002\u200b\u5728\u200b ConfigMap \u200b\u914d\u7f6e\u6587\u4ef6\u200b\u4e2d\u200b\u7ed9\u51fa\u200b\u4e86\u200b\u4ee5\u4e0a\u200b\u5168\u90e8\u200b\u8d44\u6e90\u200b\u7684\u200b\u76d1\u63a7\u200b\u67e5\u8be2\u200b\u914d\u7f6e\u200b\u793a\u4f8b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u6839\u636e\u200b\u9700\u8981\u200b\u9009\u62e9\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/prometheus/#prometheus_3","title":"Prometheus \u200b\u90e8\u7f72","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml \u200b\u6587\u4ef6\u200b\uff0c\u200b\u90e8\u7f72\u200b Prometheus Server\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: prometheus\n name: prometheus\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: prometheus\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n labels:\n app: prometheus\n spec:\n serviceAccountName: prometheus\n serviceAccount: prometheus\n containers:\n - image: docker.io/prom/prometheus:latest\n imagePullPolicy: IfNotPresent\n name: prometheus\n command:\n - \"/bin/prometheus\"\n args:\n - \"--config.file=/etc/prometheus/prometheus.yml\"\n ports:\n - containerPort: 9090\n protocol: TCP\n volumeMounts:\n - mountPath: \"/etc/prometheus\"\n name: prometheus-config\n volumes:\n - name: prometheus-config\n configMap:\n name: prometheus-config\n
\u200b\u5728\u200b\u90e8\u7f72\u200b\u5b8c\u200b Prometheus \u200b\u4e4b\u540e\u200b\uff0c\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml \u200b\u6587\u4ef6\u200b\uff0c\u200b\u90e8\u7f72\u200b Prometheus Service\uff1a
kind: Service\napiVersion: v1\nmetadata:\n name: prometheus\n namespace: default\n labels:\n name: prometheus\nspec:\n ports:\n - name: test\n protocol: TCP\n port: 9090\n targetPort: 9090\n type: NodePort\n selector:\n app: prometheus\n sessionAffinity: None\n
\u200b\u5c06\u200b Prometheus \u200b\u901a\u8fc7\u200b NodePort \u200b\u66b4\u9732\u200b\u540e\u200b\uff0c\u200b\u5373\u53ef\u200b\u901a\u8fc7\u200b\u8282\u70b9\u200b\u6765\u200b\u8bbf\u95ee\u200b Prometheus\u3002
"},{"location":"guide/prometheus/#prometheus_4","title":"Prometheus \u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u9a8c\u8bc1","text":"\u200b\u67e5\u770b\u200b\u73af\u5883\u200b\u4e0a\u200b Prometheus \u200b\u76f8\u5173\u200b\u7684\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc \nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkubernetes ClusterIP 10.4.0.1 <none> 443/TCP 8d\nprometheus NodePort 10.4.102.222 <none> 9090:32611/TCP 8d\n# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nprometheus-7544b6b84d-v9m8s 1/1 Running 0 3d5h 10.3.0.7 192.168.137.219 <none> <none>\n# kubectl get endpoints -o wide\nNAME ENDPOINTS AGE\nkubernetes 192.168.136.228:6443,192.168.136.232:6443,192.168.137.219:6443 8d\nprometheus 10.3.0.7:9090 8d\n
\u200b\u901a\u8fc7\u200b NodePort \u200b\u8bbf\u95ee\u200b Prometheus\uff0c\u200b\u67e5\u770b\u200b Status/Service Discovery \u200b\u52a8\u6001\u200b\u67e5\u8be2\u200b\u5230\u200b\u7684\u200b\u6570\u636e\u200b\uff1a
\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5f53\u524d\u200b\u53ef\u4ee5\u200b\u67e5\u8be2\u200b\u5230\u200b\u96c6\u7fa4\u200b\u4e0a\u200b\u5168\u90e8\u200b\u7684\u200b Service \u200b\u6570\u636e\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"guide/prometheus/#_2","title":"\u914d\u7f6e\u200b\u67e5\u8be2\u200b\u6307\u5b9a\u200b\u7684\u200b\u8d44\u6e90","text":"\u200b\u4ee5\u4e0a\u200b\u7684\u200b ConfigMap \u200b\u914d\u7f6e\u200b\u4e2d\u200b\uff0c\u200b\u6ca1\u6709\u200b\u6dfb\u52a0\u200b\u8fc7\u6ee4\u200b\u6761\u4ef6\u200b\uff0c\u200b\u67e5\u8be2\u200b\u4e86\u200b\u6240\u6709\u200b\u7684\u200b\u8d44\u6e90\u200b\u6570\u636e\u200b\u3002\u200b\u5982\u679c\u200b\u53ea\u200b\u9700\u8981\u200b\u67d0\u4e2a\u200b\u89d2\u8272\u200b\u7684\u200b\u8d44\u6e90\u200b\u6570\u636e\u200b\uff0c\u200b\u5219\u200b\u53ef\u4ee5\u200b\u6dfb\u52a0\u200b\u8fc7\u6ee4\u200b\u6761\u4ef6\u200b\u3002
\u200b\u4ee5\u200b Service \u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u4fee\u6539\u200b ConfigMap \u200b\u5185\u5bb9\u200b\uff0c\u200b\u53ea\u200b\u67e5\u8be2\u200b\u5173\u5fc3\u200b\u7684\u200b Service \u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u3002
- job_name: 'kubernetes-service'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: service\n relabel_configs:\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]\n action: \"keep\"\n regex: \"true\"\n - action: labelmap\n regex: __meta_kubernetes_service_label_(.+)\n - source_labels: [__meta_kubernetes_namespace]\n target_label: kubernetes_namespace\n - source_labels: [__meta_kubernetes_service_name]\n target_label: kubernetes_service_name\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]\n action: replace\n target_label: __metrics_path__\n regex: \"(.+)\"\n
Service \u200b\u9ed8\u8ba4\u200b\u76d1\u63a7\u200b\u8def\u5f84\u200b\u4e3a\u200b /metrics\u3002\u200b\u5982\u679c\u200b Service \u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u662f\u200b\u5176\u4ed6\u200b\u7684\u200b\u8def\u5f84\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u7ed9\u200b Service \u200b\u6dfb\u52a0\u200b annotation prometheus.io/path \u200b\u6765\u200b\u6307\u5b9a\u200b\u91c7\u96c6\u200b\u8def\u5f84\u200b\u3002
\u200b\u5e94\u7528\u200b\u4ee5\u4e0a\u200b yaml\uff0c\u200b\u66f4\u65b0\u200b ConfigMap \u200b\u4fe1\u606f\u200b\uff0c\u200b\u91cd\u5efa\u200b Prometheus Pod\uff0c\u200b\u4f7f\u200b\u914d\u7f6e\u200b\u751f\u6548\u200b\u3002
\u200b\u67e5\u770b\u200b kube-system Namespace \u200b\u4e0b\u200b\u7684\u200b Service \u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc -n kube-system\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkube-dns ClusterIP 10.4.0.10 <none> 53/UDP,53/TCP,9153/TCP 13d\nkube-ovn-cni ClusterIP 10.4.228.60 <none> 10665/TCP 13d\nkube-ovn-controller ClusterIP 10.4.172.213 <none> 10660/TCP 13d\nkube-ovn-monitor ClusterIP 10.4.242.9 <none> 10661/TCP 13d\nkube-ovn-pinger ClusterIP 10.4.122.52 <none> 8080/TCP 13d\novn-nb ClusterIP 10.4.80.213 <none> 6641/TCP 13d\novn-northd ClusterIP 10.4.126.234 <none> 6643/TCP 13d\novn-sb ClusterIP 10.4.216.249 <none> 6642/TCP 13d\n
\u200b\u7ed9\u200b Service \u200b\u6dfb\u52a0\u200b annotation prometheus.io/scrape=\"true\"\uff1a
# kubectl annotate svc -n kube-system kube-ovn-cni prometheus.io/scrape=true\nservice/kube-ovn-cni annotated\n# kubectl annotate svc -n kube-system kube-ovn-controller prometheus.io/scrape=true\nservice/kube-ovn-controller annotated\n# kubectl annotate svc -n kube-system kube-ovn-monitor prometheus.io/scrape=true\nservice/kube-ovn-monitor annotated\n# kubectl annotate svc -n kube-system kube-ovn-pinger prometheus.io/scrape=true\nservice/kube-ovn-pinger annotated\n
\u200b\u67e5\u770b\u200b\u914d\u7f6e\u200b\u540e\u200b\u7684\u200b Service \u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc -o yaml -n kube-system kube-ovn-controller\napiVersion: v1\nkind: Service\nmetadata:\n annotations:\n helm.sh/chart-version: v3.10.0-alpha.55\n helm.sh/original-name: kube-ovn-controller\n ovn.kubernetes.io/vpc: ovn-cluster\n prometheus.io/scrape: \"true\" // \u200b\u6dfb\u52a0\u200b\u7684\u200b annotation\n labels:\n app: kube-ovn-controller\n name: kube-ovn-controller\n namespace: kube-system\nspec:\n clusterIP: 10.4.172.213\n clusterIPs:\n - 10.4.172.213\n internalTrafficPolicy: Cluster\n ipFamilies:\n - IPv4\n ipFamilyPolicy: SingleStack\n ports:\n - name: metrics\n port: 10660\n protocol: TCP\n targetPort: 10660\n selector:\n app: kube-ovn-controller\n sessionAffinity: None\n type: ClusterIP\nstatus:\n loadBalancer: {}\n
\u200b\u67e5\u770b\u200b Prometheus Status Targets \u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u53ea\u6709\u200b\u6dfb\u52a0\u200b\u4e86\u200b annotation \u200b\u7684\u200b Service \u200b\u88ab\u200b\u8fc7\u6ee4\u51fa\u6765\u200b\uff1a
\u200b\u66f4\u200b\u591a\u200b\u5173\u4e8e\u200b relabel \u200b\u6dfb\u52a0\u200b\u8fc7\u6ee4\u200b\u53c2\u6570\u200b\u7684\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Prometheus-Relabel\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/qos/","title":"\u5bb9\u5668\u200b\u7f51\u7edc\u200b QoS \u200b\u914d\u7f6e","text":"Kube-OVN \u200b\u652f\u6301\u200b\u57fa\u4e8e\u200b\u5355\u4e2a\u200b Pod \u200b\u7684\u200b\u4e24\u79cd\u200b\u4e0d\u540c\u200b\u7c7b\u578b\u200b\u7684\u200b QoS\uff1a
- \u200b\u6700\u5927\u200b\u5e26\u5bbd\u200b\u9650\u5236\u200b QoS\u3002
linux-netem\uff0c\u200b\u6a21\u62df\u200b\u8bbe\u5907\u200b\u5e72\u6270\u200b\u4e22\u5305\u200b\u7b49\u200b\u7684\u200b QoS\uff0c\u200b\u53ef\u200b\u7528\u4e8e\u200b\u6a21\u62df\u200b\u6d4b\u8bd5\u200b\u3002
\u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b Pod \u200b\u7ea7\u522b\u200b QoS \u200b\u4e0d\u200b\u652f\u6301\u200b Namespace \u200b\u6216\u200b Subnet \u200b\u7ea7\u522b\u200b\u7684\u200b QoS \u200b\u9650\u5236\u200b\u3002
"},{"location":"guide/qos/#qos_1","title":"\u57fa\u4e8e\u200b\u6700\u5927\u200b\u5e26\u5bbd\u200b\u9650\u5236\u200b\u7684\u200b QoS","text":"\u200b\u8be5\u200b\u7c7b\u578b\u200b\u7684\u200b QoS \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Pod annotation \u200b\u52a8\u6001\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u4e0d\u200b\u4e2d\u65ad\u200b Pod \u200b\u8fd0\u884c\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\u3002 \u200b\u5e26\u5bbd\u200b\u9650\u901f\u200b\u7684\u200b\u5355\u4f4d\u200b\u4e3a\u200b Mbit/s\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: qos\n namespace: ls1\n annotations:\n ovn.kubernetes.io/ingress_rate: \"3\"\n ovn.kubernetes.io/egress_rate: \"1\"\nspec:\n containers:\n - name: qos\n image: docker.io/library/nginx:alpine\n
\u200b\u4f7f\u7528\u200b annotation \u200b\u52a8\u6001\u200b\u8c03\u6574\u200b QoS\uff1a
kubectl annotate --overwrite pod nginx-74d5899f46-d7qkn ovn.kubernetes.io/ingress_rate=3\n
"},{"location":"guide/qos/#qos_2","title":"\u6d4b\u8bd5\u200b QoS \u200b\u8c03\u6574","text":"\u200b\u90e8\u7f72\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\u9700\u8981\u200b\u7684\u200b\u5bb9\u5668\u200b\uff1a
kind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: perf\n namespace: ls1\n labels:\n app: perf\nspec:\n selector:\n matchLabels:\n app: perf\n template:\n metadata:\n labels:\n app: perf\n spec:\n containers:\n - name: nginx\n image: docker.io/kubeovn/perf\n
\u200b\u8fdb\u5165\u200b\u5176\u4e2d\u200b\u4e00\u4e2a\u200b Pod \u200b\u5e76\u200b\u5f00\u542f\u200b iperf3 server\uff1a
# kubectl exec -it perf-4n4gt -n ls1 sh\n# iperf3 -s\n-----------------------------------------------------------\nServer listening on 5201\n-----------------------------------------------------------\n
\u200b\u8fdb\u5165\u200b\u53e6\u200b\u4e00\u4e2a\u200b Pod \u200b\u8bf7\u6c42\u200b\u4e4b\u524d\u200b\u7684\u200b Pod\uff1a
# kubectl exec -it perf-d4mqc -n ls1 sh\n# iperf3 -c 10.66.0.12\nConnecting to host 10.66.0.12, port 5201\n[ 4] local 10.66.0.14 port 51544 connected to 10.66.0.12 port 5201\n[ ID] Interval Transfer Bandwidth Retr Cwnd\n[ 4] 0.00-1.00 sec 86.4 MBytes 725 Mbits/sec 3 350 KBytes\n[ 4] 1.00-2.00 sec 89.9 MBytes 754 Mbits/sec 118 473 KBytes\n[ 4] 2.00-3.00 sec 101 MBytes 848 Mbits/sec 184 586 KBytes\n[ 4] 3.00-4.00 sec 104 MBytes 875 Mbits/sec 217 671 KBytes\n[ 4] 4.00-5.00 sec 111 MBytes 935 Mbits/sec 175 772 KBytes\n[ 4] 5.00-6.00 sec 100 MBytes 840 Mbits/sec 658 598 KBytes\n[ 4] 6.00-7.00 sec 106 MBytes 890 Mbits/sec 742 668 KBytes\n[ 4] 7.00-8.00 sec 102 MBytes 857 Mbits/sec 764 724 KBytes\n[ 4] 8.00-9.00 sec 97.4 MBytes 817 Mbits/sec 1175 764 KBytes\n[ 4] 9.00-10.00 sec 111 MBytes 934 Mbits/sec 1083 838 KBytes\n- - - - - - - - - - - - - - - - - - - - - - - - -\n[ ID] Interval Transfer Bandwidth Retr\n[ 4] 0.00-10.00 sec 1010 MBytes 848 Mbits/sec 5119 sender\n[ 4] 0.00-10.00 sec 1008 MBytes 846 Mbits/sec receiver\n\niperf Done.\n
\u200b\u4fee\u6539\u200b\u7b2c\u4e00\u4e2a\u200b Pod \u200b\u7684\u200b\u5165\u53e3\u200b\u5e26\u5bbd\u200b QoS\uff1a
kubectl annotate --overwrite pod perf-4n4gt -n ls1 ovn.kubernetes.io/ingress_rate=30\n
\u200b\u518d\u6b21\u200b\u4ece\u200b\u7b2c\u4e8c\u4e2a\u200b Pod \u200b\u6d4b\u8bd5\u200b\u7b2c\u4e00\u4e2a\u200b Pod \u200b\u5e26\u5bbd\u200b\uff1a
# iperf3 -c 10.66.0.12\nConnecting to host 10.66.0.12, port 5201\n[ 4] local 10.66.0.14 port 52372 connected to 10.66.0.12 port 5201\n[ ID] Interval Transfer Bandwidth Retr Cwnd\n[ 4] 0.00-1.00 sec 3.66 MBytes 30.7 Mbits/sec 2 76.1 KBytes\n[ 4] 1.00-2.00 sec 3.43 MBytes 28.8 Mbits/sec 0 104 KBytes\n[ 4] 2.00-3.00 sec 3.50 MBytes 29.4 Mbits/sec 0 126 KBytes\n[ 4] 3.00-4.00 sec 3.50 MBytes 29.3 Mbits/sec 0 144 KBytes\n[ 4] 4.00-5.00 sec 3.43 MBytes 28.8 Mbits/sec 0 160 KBytes\n[ 4] 5.00-6.00 sec 3.43 MBytes 28.8 Mbits/sec 0 175 KBytes\n[ 4] 6.00-7.00 sec 3.50 MBytes 29.3 Mbits/sec 0 212 KBytes\n[ 4] 7.00-8.00 sec 3.68 MBytes 30.9 Mbits/sec 0 294 KBytes\n[ 4] 8.00-9.00 sec 3.74 MBytes 31.4 Mbits/sec 0 398 KBytes\n[ 4] 9.00-10.00 sec 3.80 MBytes 31.9 Mbits/sec 0 526 KBytes\n- - - - - - - - - - - - - - - - - - - - - - - - -\n[ ID] Interval Transfer Bandwidth Retr\n[ 4] 0.00-10.00 sec 35.7 MBytes 29.9 Mbits/sec 2 sender\n[ 4] 0.00-10.00 sec 34.5 MBytes 29.0 Mbits/sec receiver\n\niperf Done.\n
"},{"location":"guide/qos/#linux-netem-qos","title":"linux-netem QoS","text":"RHEL \u200b\u7cfb\u5217\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u9700\u8981\u200b\u5b89\u88c5\u200b netem \u200b\u76f8\u5173\u200b\u6a21\u5757\u200b\uff1a yum install -y kernel-modules-extra && modprobe sch_netem
Pod \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5982\u4e0b\u200b annotation \u200b\u914d\u7f6e\u200b linux-netem \u200b\u7c7b\u578b\u200b QoS\uff1a ovn.kubernetes.io/latency\u3001ovn.kubernetes.io/limit \u200b\u548c\u200b ovn.kubernetes.io/loss\u3002
ovn.kubernetes.io/latency\uff1a\u200b\u8bbe\u7f6e\u200b Pod \u200b\u6d41\u91cf\u200b\u5ef6\u8fdf\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b\u6574\u6570\u200b\uff0c\u200b\u5355\u4f4d\u200b\u4e3a\u200b ms\u3002ovn.kubernetes.io/limit\uff1a \u200b\u4e3a\u200b qdisc \u200b\u961f\u5217\u200b\u53ef\u200b\u5bb9\u7eb3\u200b\u7684\u200b\u6700\u5927\u200b\u6570\u636e\u5305\u200b\u6570\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b\u6574\u5f62\u200b\u6570\u503c\u200b\uff0c\u200b\u4f8b\u5982\u200b 1000\u3002ovn.kubernetes.io/loss\uff1a \u200b\u4e3a\u200b\u8bbe\u7f6e\u200b\u7684\u200b\u62a5\u6587\u200b\u4e22\u5305\u200b\u6982\u7387\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b float \u200b\u7c7b\u578b\u200b\uff0c\u200b\u4f8b\u5982\u200b\u53d6\u503c\u200b\u4e3a\u200b 20\uff0c\u200b\u5219\u200b\u4e3a\u200b\u8bbe\u7f6e\u200b 20% \u200b\u7684\u200b\u4e22\u200b\u5305\u200b\u6982\u7387\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/setup-options/","title":"\u5b89\u88c5\u200b\u548c\u200b\u914d\u7f6e\u200b\u9009\u9879","text":"\u200b\u5728\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u4e2d\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff0cKube-OVN \u200b\u8fd8\u200b\u652f\u6301\u200b\u66f4\u200b\u591a\u200b \u200b\u81ea\u5b9a\u4e49\u200b\u914d\u7f6e\u200b\uff0c\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff0c\u200b\u6216\u8005\u200b\u4e4b\u540e\u200b\u66f4\u6539\u200b\u5404\u4e2a\u200b\u7ec4\u4ef6\u200b\u7684\u200b\u53c2\u6570\u200b\u6765\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u4f1a\u200b\u4ecb\u7ecd\u200b\u8fd9\u4e9b\u200b\u81ea\u5b9a\u4e49\u200b\u9009\u9879\u200b \u200b\u7684\u200b\u4f5c\u7528\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5982\u4f55\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/setup-options/#_2","title":"\u5185\u7f6e\u200b\u7f51\u7edc\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u5728\u200b\u5b89\u88c5\u200b\u65f6\u4f1a\u200b\u914d\u7f6e\u200b\u4e24\u4e2a\u200b\u5185\u7f6e\u200b\u5b50\u7f51\u200b\uff1a
default \u200b\u5b50\u7f51\u200b\uff0c\u200b\u4f5c\u4e3a\u200b Pod \u200b\u5206\u914d\u200b IP \u200b\u4f7f\u7528\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9ed8\u8ba4\u200b CIDR \u200b\u4e3a\u200b 10.16.0.0/16\uff0c\u200b\u7f51\u5173\u200b\u4e3a\u200b 10.16.0.1\u3002join \u200b\u5b50\u7f51\u200b\uff0c\u200b\u4f5c\u4e3a\u200b Node \u200b\u548c\u200b Pod \u200b\u4e4b\u95f4\u200b\u8fdb\u884c\u200b\u7f51\u7edc\u901a\u4fe1\u200b\u7684\u200b\u7279\u6b8a\u200b\u5b50\u7f51\u200b, \u200b\u9ed8\u8ba4\u200b CIDR \u200b\u4e3a\u200b 100.64.0.0/16\uff0c\u200b\u7f51\u5173\u200b\u4e3a\u200b 100.64.0.1\u3002
\u200b\u5728\u200b\u5b89\u88c5\u200b\u65f6\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u5185\u200b\u7684\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u66f4\u6539\u200b\uff1a
POD_CIDR=\"10.16.0.0/16\"\nPOD_GATEWAY=\"10.16.0.1\"\nJOIN_CIDR=\"100.64.0.0/16\"\nEXCLUDE_IPS=\"\"\n
EXCLUDE_IP \u200b\u53ef\u200b\u8bbe\u7f6e\u200b POD_CIDR \u200b\u4e0d\u200b\u8fdb\u884c\u200b\u5206\u914d\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\uff0c\u200b\u683c\u5f0f\u200b\u4e3a\u200b\uff1a192.168.10.20..192.168.10.30\u3002
\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b Overlay \u200b\u60c5\u51b5\u200b\u4e0b\u200b\u8fd9\u200b\u4e24\u4e2a\u200b\u7f51\u7edc\u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u6709\u200b\u7684\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u548c\u200b Service CIDR \u200b\u51b2\u7a81\u200b\u3002
\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u53ef\u4ee5\u200b\u5bf9\u200b\u8fd9\u200b\u4e24\u4e2a\u200b\u7f51\u7edc\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u8bf7\u200b\u53c2\u8003\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u548c\u200b\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b\u3002
"},{"location":"guide/setup-options/#service","title":"Service \u200b\u7f51\u6bb5\u200b\u914d\u7f6e","text":"\u200b\u7531\u4e8e\u200b\u90e8\u5206\u200b kube-proxy \u200b\u8bbe\u7f6e\u200b\u7684\u200b iptables \u200b\u548c\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u4f1a\u200b\u548c\u200b Kube-OVN \u200b\u8bbe\u7f6e\u200b\u7684\u200b\u89c4\u5219\u200b\u4ea7\u751f\u200b\u4ea4\u96c6\u200b\uff0c\u200b\u56e0\u6b64\u200b Kube-OVN \u200b\u9700\u8981\u200b\u77e5\u9053\u200b Service \u200b\u7684\u200b CIDR \u200b\u6765\u200b\u6b63\u786e\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u89c4\u5219\u200b\u3002
\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b\uff1a
SVC_CIDR=\"10.96.0.0/12\" \n
\u200b\u6765\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002
\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\uff1a
args:\n- --service-cluster-ip-range=10.96.0.0/12\n
\u200b\u6765\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
"},{"location":"guide/setup-options/#overlay","title":"Overlay \u200b\u7f51\u5361\u200b\u9009\u62e9","text":"\u200b\u5728\u200b\u8282\u70b9\u200b\u5b58\u5728\u200b\u591a\u5757\u200b\u7f51\u5361\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cKube-OVN \u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u9009\u62e9\u200b Kubernetes Node IP \u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5361\u200b\u4f5c\u4e3a\u200b\u5bb9\u5668\u200b\u95f4\u200b\u8de8\u200b\u8282\u70b9\u200b\u901a\u4fe1\u200b\u7684\u200b\u7f51\u5361\u200b\u5e76\u200b\u5efa\u7acb\u200b\u5bf9\u5e94\u200b\u7684\u200b\u96a7\u9053\u200b\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u9009\u62e9\u200b\u5176\u4ed6\u200b\u7684\u200b\u7f51\u5361\u200b\u5efa\u7acb\u200b\u5bb9\u5668\u200b\u96a7\u9053\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u4fee\u6539\u200b\uff1a
IFACE=eth1\n
\u200b\u8be5\u200b\u9009\u9879\u200b\u652f\u6301\u200b\u4ee5\u200b\u9017\u53f7\u200b\u6240\u200b\u5206\u9694\u200b\u6b63\u5219\u8868\u8fbe\u5f0f\u200b,\u200b\u4f8b\u5982\u200b ens[a-z0-9]*,eth[a-z0-9]*\u3002
\u200b\u5b89\u88c5\u200b\u540e\u200b\u4e5f\u200b\u53ef\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
args:\n- --iface=eth1\n
\u200b\u5982\u679c\u200b\u6bcf\u53f0\u200b\u673a\u5668\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u5747\u200b\u4e0d\u540c\u200b\uff0c\u200b\u4e14\u200b\u6ca1\u6709\u200b\u56fa\u5b9a\u200b\u89c4\u5f8b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u8282\u70b9\u200b annotation ovn.kubernetes.io/tunnel_interface \u200b\u8fdb\u884c\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b\u9010\u4e00\u200b\u914d\u7f6e\u200b\uff0c\u200b\u62e5\u6709\u200b\u8be5\u200b annotation \u200b\u8282\u70b9\u200b\u4f1a\u200b\u8986\u76d6\u200b iface \u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u4f18\u5148\u200b\u4f7f\u7528\u200b annotation\u3002
kubectl annotate node no1 ovn.kubernetes.io/tunnel_interface=ethx\n
"},{"location":"guide/setup-options/#mtu","title":"MTU \u200b\u8bbe\u7f6e","text":"\u200b\u7531\u4e8e\u200b Overlay \u200b\u5c01\u88c5\u200b\u9700\u8981\u200b\u5360\u636e\u200b\u989d\u5916\u200b\u7684\u200b\u7a7a\u95f4\u200b\uff0cKube-OVN \u200b\u5728\u200b\u521b\u5efa\u200b\u5bb9\u5668\u200b\u7f51\u5361\u200b\u65f6\u4f1a\u200b\u6839\u636e\u200b\u9009\u62e9\u200b\u7f51\u5361\u200b\u7684\u200b MTU \u200b\u8fdb\u884c\u200b\u5bb9\u5668\u200b\u7f51\u5361\u200b\u7684\u200b MTU \u200b\u8c03\u6574\u200b\uff0c \u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b Pod \u200b\u7f51\u5361\u200b MTU \u200b\u4e3a\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b MTU - 100\uff0cUnderlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\uff0cPod \u200b\u7f51\u5361\u200b\u548c\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b\u6709\u200b\u76f8\u540c\u200b MTU\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u8c03\u6574\u200b Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b MTU \u200b\u7684\u200b\u5927\u5c0f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u53c2\u6570\u200b\uff1a
args:\n- --mtu=1333\n
"},{"location":"guide/setup-options/#_3","title":"\u5168\u5c40\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u5f00\u542f\u200b\u5168\u5c40\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u521b\u5efa\u200b\u4e00\u5757\u200b mirror0 \u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u5361\u200b\uff0c\u200b\u590d\u5236\u200b\u5f53\u524d\u200b\u673a\u5668\u200b\u6240\u6709\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u5230\u200b\u8be5\u200b\u7f51\u5361\u200b\u4e0a\u200b\uff0c \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b tcpdump \u200b\u53ca\u5176\u200b\u4ed6\u200b\u5de5\u5177\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u5206\u6790\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u914d\u7f6e\u200b\u5f00\u542f\u200b\uff1a
ENABLE_MIRROR=true\n
\u200b\u4e5f\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u53c2\u6570\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b:
args:\n- --enable-mirror=true\n
\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u7684\u200b\u80fd\u529b\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5173\u95ed\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u7ec6\u7c92\u5ea6\u200b\u7684\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u6216\u200b\u9700\u8981\u200b\u5c06\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u5230\u200b\u989d\u5916\u200b\u7684\u200b\u7f51\u5361\u200b\u8bf7\u200b\u53c2\u8003\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002
"},{"location":"guide/setup-options/#lb","title":"LB \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u4f7f\u7528\u200b OVN \u200b\u4e2d\u200b\u7684\u200b L2 LB \u200b\u6765\u200b\u5b9e\u73b0\u200b Service \u200b\u8f6c\u53d1\u200b\uff0c\u200b\u5728\u200b Overlay \u200b\u573a\u666f\u200b\u4e2d\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u4f7f\u7528\u200b kube-proxy \u200b\u6765\u200b\u5b8c\u6210\u200b Service \u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b, \u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u5173\u95ed\u200b Kube-OVN \u200b\u7684\u200b LB \u200b\u529f\u80fd\u200b\u4ee5\u200b\u8fbe\u5230\u200b\u63a7\u5236\u200b\u9762\u200b\u548c\u200b\u6570\u636e\u200b\u9762\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_LB=false\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-lb=false\n
LB \u200b\u7684\u200b\u529f\u80fd\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5f00\u542f\u200b\u3002
\u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u5728\u200b subnet crd \u200b\u5b9a\u4e49\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e86\u200b spec \u200b\u5b57\u200b\u6bb5\u200b enableLb\uff0c\u200b\u5c06\u200b Kube-OVN \u200b\u7684\u200b LB \u200b\u529f\u80fd\u200b\u8fc1\u79fb\u200b\u5230\u200b\u5b50\u7f51\u200b\u5c42\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u5206\u522b\u200b\u8bbe\u7f6e\u200b\u662f\u5426\u200b\u5f00\u542f\u200b LB \u200b\u529f\u80fd\u200b\u3002kube-ovn-controller Deployment \u200b\u4e2d\u200b\u7684\u200b enable-lb \u200b\u53c2\u6570\u200b\u4f5c\u4e3a\u200b\u5168\u5c40\u200b\u53c2\u6570\u200b\uff0c\u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u521b\u5efa\u200b load-balancer \u200b\u8bb0\u5f55\u200b\uff0c\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u65b0\u589e\u200b\u7684\u200b enableLb \u200b\u53c2\u6570\u200b\u7528\u4e8e\u200b\u63a7\u5236\u200b\u5b50\u7f51\u200b\u662f\u5426\u200b\u5173\u8054\u200b load-balancer \u200b\u8bb0\u5f55\u200b\u3002\u200b\u4e4b\u524d\u200b\u7248\u672c\u5347\u7ea7\u200b\u5230\u200b v1.12.0 \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5b50\u7f51\u200b enableLb \u200b\u53c2\u6570\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ee7\u627f\u200b\u539f\u6709\u200b\u7684\u200b\u5168\u5c40\u200b\u5f00\u5173\u200b\u53c2\u6570\u200b\u53d6\u503c\u200b\u3002
"},{"location":"guide/setup-options/#networkpolicy","title":"NetworkPolicy \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u4f7f\u7528\u200b OVN \u200b\u4e2d\u200b\u7684\u200b ACL \u200b\u6765\u200b\u5b9e\u73b0\u200b NetworkPolicy\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u5173\u95ed\u200b NetworkPolicy \u200b\u529f\u80fd\u200b \u200b\u6216\u8005\u200b\u4f7f\u7528\u200b Cilium Chain \u200b\u7684\u200b\u65b9\u5f0f\u200b\u5229\u7528\u200b eBPF \u200b\u5b9e\u73b0\u200b NetworkPolicy\uff0c \u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u5173\u95ed\u200b Kube-OVN \u200b\u7684\u200b NetworkPolicy \u200b\u529f\u80fd\u200b\u4ee5\u200b\u8fbe\u5230\u200b\u63a7\u5236\u200b\u9762\u200b\u548c\u200b\u6570\u636e\u200b\u9762\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_NP=false\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-np=false\n
NetworkPolicy \u200b\u7684\u200b\u80fd\u529b\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5f00\u542f\u200b\u3002
"},{"location":"guide/setup-options/#eip-snat","title":"EIP \u200b\u548c\u200b SNAT \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u4e0b\u200b\u5982\u679c\u200b\u65e0\u9700\u200b\u4f7f\u7528\u200b EIP \u200b\u548c\u200b SNAT \u200b\u7684\u200b\u80fd\u529b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u5173\u95ed\u200b\u76f8\u5173\u200b\u529f\u80fd\u200b\uff0c\u200b\u4ee5\u200b\u51cf\u5c11\u200b kube-ovn-controller \u200b\u5728\u200b\u521b\u5efa\u200b\u548c\u200b\u66f4\u65b0\u200b \u200b\u7f51\u7edc\u200b\u65f6\u200b\u7684\u200b\u68c0\u67e5\u200b\u6d88\u8017\u200b\uff0c\u200b\u5728\u200b\u5927\u89c4\u6a21\u200b\u96c6\u7fa4\u200b\u73af\u5883\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u63d0\u5347\u200b\u5904\u7406\u901f\u5ea6\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_EIP_SNAT=false\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-eip-snat=false\n
EIP \u200b\u548c\u200b SNAT \u200b\u7684\u200b\u80fd\u529b\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5f00\u542f\u200b\u3002\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u76f8\u5173\u200b\u4f7f\u7528\u200b\u548c\u200b\u5176\u4ed6\u200b\u53ef\u200b\u914d\u200b\u53c2\u6570\u200b\u8bf7\u200b\u53c2\u8003\u200b EIP \u200b\u548c\u200b SNAT \u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/setup-options/#load-balancer-service","title":"Load Balancer \u200b\u7c7b\u578b\u200b Service \u200b\u652f\u6301\u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5f00\u542f\u200b\u8be5\u200b\u9009\u9879\u200b\u6765\u200b\u652f\u6301\u200b Load Balancer \u200b\u7c7b\u578b\u200b Service\u3002\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u76f8\u5173\u200b\u4f7f\u7528\u200b\u548c\u200b\u5176\u4ed6\u200b\u53ef\u200b\u914d\u200b\u53c2\u6570\u200b\u8bf7\u200b\u53c2\u8003\u200b LoadBalancer \u200b\u7c7b\u578b\u200b Service\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u5173\u95ed\u200b\uff0c\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_LB_SVC=true\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-lb-svc=true\n
"},{"location":"guide/setup-options/#ecmp","title":"\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b ECMP \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u652f\u6301\u200b\u4e3b\u5907\u200b\u548c\u200b ECMP \u200b\u4e24\u79cd\u200b\u9ad8\u200b\u53ef\u7528\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u542f\u7528\u200b ECMP \u200b\u6a21\u5f0f\u200b\uff0c \u200b\u9700\u8981\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b:
args:\n- --enable-ecmp=true \n
\u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u5728\u200b subnet crd \u200b\u5b9a\u4e49\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e86\u200b spec \u200b\u5b57\u200b\u6bb5\u200b enableEcmp\uff0c\u200b\u5c06\u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b ECMP \u200b\u5f00\u5173\u200b\u63a7\u5236\u200b\u8fc1\u79fb\u200b\u5230\u200b\u5b50\u7f51\u200b\u5c42\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u5206\u522b\u200b\u8bbe\u7f6e\u200b\u662f\u5426\u200b\u5f00\u542f\u200b ECMP \u200b\u6a21\u5f0f\u200b\u3002\u200b\u539f\u6709\u200b\u7684\u200b kube-ovn-controller Deployment \u200b\u4e2d\u200b\u7684\u200b enable-ecmp \u200b\u53c2\u6570\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\u3002\u200b\u4e4b\u524d\u200b\u7248\u672c\u5347\u7ea7\u200b\u5230\u200b v1.12.0 \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5b50\u7f51\u200b\u5f00\u5173\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ee7\u627f\u200b\u539f\u6709\u200b\u7684\u200b\u5168\u5c40\u200b\u5f00\u5173\u200b\u53c2\u6570\u200b\u53d6\u503c\u200b\u3002
\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e0b\u200b\u4e3a\u4e3b\u200b\u5907\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u7f51\u5173\u200b\u76f8\u5173\u200b\u5185\u5bb9\u200b\u8bf7\u200b\u53c2\u8003\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u3002
"},{"location":"guide/setup-options/#kubevirt-vm","title":"Kubevirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u9488\u5bf9\u200b Kubevirt \u200b\u521b\u5efa\u200b\u7684\u200b VM \u200b\u5b9e\u4f8b\u200b\uff0ckube-ovn-controller \u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b\u7c7b\u4f3c\u200b StatefulSet Pod \u200b\u7684\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\u548c\u200b\u7ba1\u7406\u200b\u3002 \u200b\u4ee5\u200b\u8fbe\u5230\u200b VM \u200b\u5b9e\u4f8b\u200b\u5728\u200b\u751f\u547d\u5468\u671f\u200b\u5185\u542f\u505c\u200b\uff0c\u200b\u5347\u7ea7\u200b\uff0c\u200b\u8fc1\u79fb\u200b\u7b49\u200b\u64cd\u4f5c\u8fc7\u7a0b\u200b\u4e2d\u200b\u5730\u5740\u200b\u56fa\u5b9a\u200b\u4e0d\u53d8\u200b\uff0c\u200b\u66f4\u7b26\u200b\u865a\u62df\u5316\u200b\u5408\u200b\u7528\u6237\u200b\u7684\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4f53\u9a8c\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u5728\u200b 1.10.6 \u200b\u540e\u200b\u9ed8\u8ba4\u200b\u5f00\u542f\u200b\uff0c\u200b\u82e5\u200b\u8981\u200b\u5173\u95ed\u200b\u6b64\u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u542f\u52a8\u200b\u547d\u4ee4\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\uff1a
args:\n- --keep-vm-ip=false\n
"},{"location":"guide/setup-options/#cni","title":"CNI \u200b\u914d\u7f6e\u200b\u76f8\u5173\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u5728\u200b /opt/cni/bin \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u5b89\u88c5\u200b CNI \u200b\u6267\u884c\u200b\u6587\u4ef6\u200b\uff0c\u200b\u5728\u200b /etc/cni/net.d \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u5b89\u88c5\u200b CNI \u200b\u914d\u7f6e\u6587\u4ef6\u200b 01-kube-ovn.conflist\u3002 \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u66f4\u6539\u200b\u5b89\u88c5\u200b\u4f4d\u7f6e\u200b\u548c\u200b CNI \u200b\u914d\u7f6e\u6587\u4ef6\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u7684\u200b\u4e0b\u5217\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
CNI_CONF_DIR=\"/etc/cni/net.d\"\nCNI_BIN_DIR=\"/opt/cni/bin\"\nCNI_CONFIG_PRIORITY=\"01\"\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u66f4\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b Volume \u200b\u6302\u8f7d\u200b\u548c\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff1a
volumes:\n- name: cni-conf\n hostPath:\n path: \"/etc/cni/net.d\"\n- name: cni-bin\n hostPath:\n path:\"/opt/cni/bin\"\n...\nargs:\n- --cni-conf-name=01-kube-ovn.conflist\n
"},{"location":"guide/setup-options/#_4","title":"\u96a7\u9053\u200b\u7c7b\u578b\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u9ed8\u8ba4\u200b Overlay \u200b\u7684\u200b\u5c01\u88c5\u200b\u6a21\u5f0f\u200b\u4e3a\u200b Geneve\uff0c\u200b\u5982\u679c\u200b\u60f3\u200b\u66f4\u6362\u200b\u4e3a\u200b Vxlan \u200b\u6216\u200b STT\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u7684\u200b\u4e0b\u5217\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
TUNNEL_TYPE=\"vxlan\"\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u66f4\u6539\u200b ovs-ovn DaemonSet \u200b\u7684\u200b\u73af\u5883\u53d8\u91cf\u200b\uff1a
env:\n- name: TUNNEL_TYPE\n value: \"vxlan\"\n
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b STT \u200b\u96a7\u9053\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u7f16\u8bd1\u200b ovs \u200b\u7684\u200b\u5185\u6838\u6a21\u5757\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b\u3002
\u200b\u4e0d\u540c\u200b\u534f\u8bae\u200b\u5728\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4e2d\u200b\u7684\u200b\u533a\u522b\u200b\u8bf7\u200b\u53c2\u8003\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\u8bf4\u660e\u200b\u3002
"},{"location":"guide/setup-options/#ssl","title":"SSL \u200b\u8bbe\u7f6e","text":"OVN DB \u200b\u7684\u200b API \u200b\u63a5\u53e3\u200b\u652f\u6301\u200b SSL \u200b\u52a0\u5bc6\u200b\u6765\u200b\u4fdd\u8bc1\u200b\u8fde\u63a5\u200b\u5b89\u5168\u200b\uff0c\u200b\u5982\u200b\u8981\u200b\u5f00\u542f\u200b\u53ef\u200b\u8c03\u6574\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u7684\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b:
ENABLE_SSL=true\n
SSL \u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e0b\u200b\u4e3a\u200b\u5173\u95ed\u200b\u6a21\u5f0f\u200b\u3002
"},{"location":"guide/setup-options/#ip","title":"\u7ed1\u5b9a\u200b\u672c\u5730\u200b ip","text":"kube-ovn-controller/kube-ovn-cni/kube-ovn-monitor \u200b\u8fd9\u4e9b\u200b\u670d\u52a1\u200b\u652f\u6301\u200b\u7ed1\u5b9a\u200b\u672c\u5730\u200b ip\uff0c\u200b\u8be5\u200b\u529f\u80fd\u8bbe\u8ba1\u200b\u539f\u56e0\u200b\u4e3b\u8981\u200b\u662f\u56e0\u4e3a\u200b\u67d0\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\u51fa\u4e8e\u200b\u5b89\u5168\u200b\u8003\u8651\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u670d\u52a1\u200b\u7ed1\u5b9a\u200b 0.0.0.0 \uff08\u200b\u6bd4\u5982\u200b\u8be5\u200b\u670d\u52a1\u200b\u90e8\u7f72\u200b\u5728\u200b\u67d0\u4e2a\u200b\u5bf9\u5916\u200b\u7f51\u5173\u200b\u4e0a\u200b\uff0c\u200b\u5916\u90e8\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b\u516c\u7f51\u200b ip \u200b\u5e76\u200b\u6307\u5b9a\u200b\u7aef\u53e3\u200b\u53bb\u200b\u8bbf\u95ee\u200b\u5230\u200b\u8be5\u200b\u670d\u52a1\u200b\uff09\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u662f\u200b\u6253\u5f00\u200b\u7684\u200b\uff0c\u200b\u7531\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\u63a7\u5236\u200b\uff1a
ENABLE_BIND_LOCAL_IP=true\n
\u200b\u4ee5\u200b kube-ovn-monitor \u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u5f00\u542f\u200b\u529f\u80fd\u200b\u540e\u4f1a\u200b\u628a\u200b\u670d\u52a1\u200b\u7ed1\u5b9a\u200b\u672c\u5730\u200b\u7684\u200b pod ip \u200b\u5982\u4e0b\u200b\uff1a
# netstat -tunlp |grep kube-ovn\ntcp 0 0 172.18.0.5:10661 0.0.0.0:* LISTEN 2612/./kube-ovn-mon\n
\u200b\u5b89\u88c5\u200b\u540e\u200b\u4e5f\u200b\u53ef\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b\u670d\u52a1\u200b\u7684\u200b deployment \u200b\u6216\u8005\u200b daemonSet \u200b\u7684\u200b\u73af\u5883\u53d8\u91cf\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
env:\n- name: ENABLE_BIND_LOCAL_IP\n value: \"false\"\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/static-ip-mac/","title":"\u56fa\u5b9a\u200b\u5730\u5740","text":"Kube-OVN \u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u6839\u636e\u200b Pod \u200b\u6240\u5728\u200b Namespace \u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP \u200b\u548c\u200b Mac\u3002 \u200b\u9488\u5bf9\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b\u9700\u8981\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0cKube-OVN \u200b\u6839\u636e\u200b\u4e0d\u540c\u200b\u7684\u200b\u573a\u666f\u200b\uff0c\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u591a\u79cd\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u7684\u200b\u65b9\u6cd5\u200b\uff1a
- \u200b\u5355\u4e2a\u200b Pod \u200b\u56fa\u5b9a\u200b IP/Mac\u3002
- Workload \u200b\u901a\u7528\u200b IP Pool \u200b\u65b9\u5f0f\u200b\u6307\u5b9a\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u3002
- StatefulSet \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u3002
- KubeVirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u3002
"},{"location":"guide/static-ip-mac/#pod-ip-mac","title":"\u5355\u4e2a\u200b Pod \u200b\u56fa\u5b9a\u200b IP \u200b\u548c\u200b Mac","text":"\u200b\u53ef\u4ee5\u200b\u5728\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u901a\u8fc7\u200b annotation \u200b\u6765\u200b\u6307\u5b9a\u200b Pod \u200b\u8fd0\u884c\u200b\u65f6\u200b\u6240\u200b\u9700\u200b\u7684\u200b IP/Mac, kube-ovn-controller \u200b\u8fd0\u884c\u200b\u65f6\u200b\u5c06\u200b\u4f1a\u200b\u8df3\u200b\u8fc7\u200b\u5730\u5740\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u9636\u6bb5\u200b\uff0c\u200b\u7ecf\u8fc7\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\u540e\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u6307\u5b9a\u200b\u5730\u5740\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: static-ip\n annotations:\n ovn.kubernetes.io/ip_address: 10.16.0.15 // \u200b\u53cc\u6808\u200b\u5730\u5740\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u5206\u9694\u200b 10.16.0.15,fd00:10:16::15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\nspec:\n containers:\n - name: static-ip\n image: docker.io/library/nginx:alpine\n
\u200b\u5728\u200b\u4f7f\u7528\u200b annotation \u200b\u5b9a\u4e49\u200b\u5355\u4e2a\u200b Pod IP/Mac \u200b\u65f6\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u4ee5\u4e0b\u51e0\u70b9\u200b\uff1a
- \u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b IP/Mac \u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u6709\u200b\u7684\u200b IP/Mac \u200b\u51b2\u7a81\u200b\u3002
- IP \u200b\u5fc5\u987b\u200b\u5728\u200b\u6240\u5c5e\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u5185\u200b\u3002
- \u200b\u53ef\u4ee5\u200b\u53ea\u200b\u6307\u5b9a\u200b IP \u200b\u6216\u200b Mac\uff0c\u200b\u53ea\u200b\u6307\u5b9a\u200b\u4e00\u4e2a\u200b\u65f6\u200b\uff0c\u200b\u53e6\u200b\u4e00\u4e2a\u200b\u4f1a\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u3002
"},{"location":"guide/static-ip-mac/#workload-ip-pool","title":"Workload \u200b\u901a\u7528\u200b IP Pool \u200b\u56fa\u5b9a\u200b\u5730\u5740","text":"Kube-OVN \u200b\u652f\u6301\u200b\u901a\u8fc7\u200b annotation ovn.kubernetes.io/ip_pool \u200b\u7ed9\u200b Workload\uff08Deployment/StatefulSet/DaemonSet/Job/CronJob\uff09\u200b\u8bbe\u7f6e\u200b\u56fa\u5b9a\u200b IP\u3002 kube-ovn-controller \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u9009\u62e9\u200b ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u6307\u5b9a\u200b\u7684\u200b IP \u200b\u5e76\u200b\u8fdb\u884c\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\u3002
IP Pool \u200b\u7684\u200b Annotation \u200b\u9700\u8981\u200b\u52a0\u200b\u5728\u200b template \u200b\u5185\u200b\u7684\u200b annotation \u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u9664\u4e86\u200b Kubernetes \u200b\u5185\u7f6e\u200b\u7684\u200b Workload \u200b\u7c7b\u578b\u200b\uff0c \u200b\u5176\u4ed6\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b\u7684\u200b Workload \u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u540c\u6837\u200b\u7684\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u5206\u914d\u200b\u3002
"},{"location":"guide/static-ip-mac/#deployment-ip","title":"Deployment \u200b\u56fa\u5b9a\u200b IP \u200b\u793a\u4f8b","text":"apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: ippool\n labels:\n app: ippool\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: ippool\n template:\n metadata:\n labels:\n app: ippool\n annotations:\n ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17 // \u200b\u53cc\u6808\u200b\u5730\u5740\u200b\u4f7f\u7528\u200b\u5206\u200b\u53f7\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b 10.16.0.15,fd00:10:16::000E;10.16.0.16,fd00:10:16::000F;10.16.0.17,fd00:10:16::0010\n spec:\n containers:\n - name: ippool\n image: docker.io/library/nginx:alpine\n
\u200b\u5bf9\u200b Workload \u200b\u4f7f\u7528\u200b\u56fa\u5b9a\u200b IP \u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u4ee5\u4e0b\u51e0\u70b9\u200b\uff1a
ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP \u200b\u5e94\u8be5\u200b\u5c5e\u4e8e\u200b\u6240\u5728\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u5185\u200b\u3002ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP \u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u200b\u4f7f\u7528\u200b\u7684\u200b IP \u200b\u51b2\u7a81\u200b\u3002- \u200b\u5f53\u200b
ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP \u200b\u6570\u91cf\u200b\u5c0f\u4e8e\u200b replicas \u200b\u6570\u91cf\u200b\u65f6\u200b\uff0c\u200b\u591a\u51fa\u200b\u7684\u200b Pod \u200b\u5c06\u200b\u65e0\u6cd5\u200b\u521b\u5efa\u200b\u3002\u200b\u4f60\u200b\u9700\u8981\u200b\u6839\u636e\u200b Workload \u200b\u7684\u200b\u66f4\u65b0\u200b\u7b56\u7565\u200b\u4ee5\u53ca\u200b\u6269\u5bb9\u200b\u89c4\u5212\u200b\u8c03\u6574\u200b ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b IP \u200b\u7684\u200b\u6570\u91cf\u200b\u3002
"},{"location":"guide/static-ip-mac/#statefulset","title":"StatefulSet \u200b\u56fa\u5b9a\u200b\u5730\u5740","text":"StatefulSet \u200b\u9ed8\u8ba4\u200b\u652f\u6301\u200b\u56fa\u5b9a\u200b IP\uff0c\u200b\u800c\u4e14\u200b\u548c\u200b\u5176\u4ed6\u200b Workload \u200b\u76f8\u540c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b ovn.kubernetes.io/ip_pool \u200b\u6765\u200b\u6307\u5b9a\u200b Pod \u200b\u4f7f\u7528\u200b\u7684\u200b IP \u200b\u8303\u56f4\u200b\u3002
\u200b\u7531\u4e8e\u200b StatefulSet \u200b\u591a\u200b\u7528\u4e8e\u200b\u6709\u200b\u72b6\u6001\u200b\u670d\u52a1\u200b\uff0c\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u6807\u793a\u200b\u7684\u200b\u56fa\u5b9a\u200b\u6709\u200b\u66f4\u200b\u9ad8\u200b\u7684\u200b\u8981\u6c42\u200b\uff0cKube-OVN \u200b\u505a\u200b\u4e86\u200b\u7279\u6b8a\u200b\u7684\u200b\u5f3a\u5316\u200b\uff1a
- Pod \u200b\u4f1a\u200b\u6309\u200b\u987a\u5e8f\u200b\u5206\u914d\u200b
ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP\u3002\u200b\u4f8b\u5982\u200b StatefulSet \u200b\u7684\u200b\u540d\u5b57\u200b\u4e3a\u200b web\uff0c\u200b\u5219\u200b web-0 \u200b\u4f1a\u200b\u4f7f\u7528\u200b ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b\u7b2c\u4e00\u4e2a\u200b IP\uff0c web-1 \u200b\u4f1a\u200b\u4f7f\u7528\u200b\u7b2c\u4e8c\u4e2a\u200b IP\uff0c\u200b\u4ee5\u6b64\u7c7b\u63a8\u200b\u3002 - StatefulSet Pod \u200b\u5728\u200b\u66f4\u65b0\u200b\u6216\u200b\u5220\u9664\u200b\u7684\u200b\u8fc7\u7a0b\u200b\u4e2d\u200b OVN \u200b\u4e2d\u200b\u7684\u200b logical_switch_port \u200b\u4e0d\u4f1a\u200b\u5220\u9664\u200b\uff0c\u200b\u65b0\u200b\u751f\u6210\u200b\u7684\u200b Pod \u200b\u76f4\u63a5\u200b\u590d\u7528\u200b\u65e7\u200b\u7684\u200b interface \u200b\u4fe1\u606f\u200b\u3002\u200b\u56e0\u6b64\u200b Pod \u200b\u53ef\u4ee5\u200b\u590d\u7528\u200b IP/Mac \u200b\u53ca\u5176\u200b\u4ed6\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\uff0c\u200b\u8fbe\u5230\u200b\u548c\u200b StatefulSet Volume \u200b\u7c7b\u4f3c\u200b\u7684\u200b\u72b6\u6001\u200b\u4fdd\u7559\u200b\u529f\u80fd\u200b\u3002
- \u200b\u57fa\u4e8e\u200b 2 \u200b\u7684\u200b\u80fd\u529b\u200b\uff0c\u200b\u5bf9\u4e8e\u200b\u6ca1\u6709\u200b
ovn.kubernetes.io/ip_pool \u200b\u6ce8\u89e3\u200b\u7684\u200b StatefulSet\uff0cPod \u200b\u7b2c\u4e00\u6b21\u200b\u751f\u6210\u200b\u65f6\u4f1a\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP/Mac\uff0c\u200b\u4e4b\u540e\u200b\u5728\u200b\u6574\u4e2a\u200b StatefulSet \u200b\u7684\u200b\u751f\u547d\u5468\u671f\u200b\u5185\u200b\uff0c\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\u90fd\u200b\u4f1a\u200b\u4fdd\u6301\u200b\u56fa\u5b9a\u200b\u3002
"},{"location":"guide/static-ip-mac/#statefulset_1","title":"StatefulSet \u200b\u793a\u4f8b","text":"apiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n name: web\nspec:\n serviceName: \"nginx\"\n replicas: 2\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n ports:\n - containerPort: 80\n name: web\n
\u200b\u53ef\u4ee5\u200b\u5c1d\u8bd5\u200b\u5220\u9664\u200b StatefulSet \u200b\u4e0b\u200b Pod \u200b\u89c2\u5bdf\u200b Pod IP \u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"guide/static-ip-mac/#kubevirt-vm","title":"KubeVirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740","text":"\u200b\u9488\u5bf9\u200b KubeVirt \u200b\u521b\u5efa\u200b\u7684\u200b VM \u200b\u5b9e\u4f8b\u200b\uff0ckube-ovn-controller \u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b\u7c7b\u4f3c\u200b StatefulSet Pod \u200b\u7684\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\u548c\u200b\u7ba1\u7406\u200b\u3002 \u200b\u4ee5\u200b\u8fbe\u5230\u200b VM \u200b\u5b9e\u4f8b\u200b\u5728\u200b\u751f\u547d\u5468\u671f\u200b\u5185\u542f\u505c\u200b\uff0c\u200b\u5347\u7ea7\u200b\uff0c\u200b\u8fc1\u79fb\u200b\u7b49\u200b\u64cd\u4f5c\u8fc7\u7a0b\u200b\u4e2d\u200b\u5730\u5740\u200b\u56fa\u5b9a\u200b\u4e0d\u53d8\u200b\uff0c\u200b\u66f4\u7b26\u200b\u865a\u62df\u5316\u200b\u5408\u200b\u7528\u6237\u200b\u7684\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4f53\u9a8c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/subnet/","title":"\u5b50\u7f51\u200b\u4f7f\u7528","text":"\u200b\u5b50\u7f51\u200b\u662f\u200b Kube-OVN \u200b\u4e2d\u200b\u7684\u200b\u4e00\u4e2a\u200b\u6838\u5fc3\u200b\u6982\u5ff5\u200b\u548c\u200b\u57fa\u672c\u200b\u4f7f\u7528\u200b\u5355\u5143\u200b\uff0cKube-OVN \u200b\u4f1a\u4ee5\u200b\u5b50\u7f51\u200b\u6765\u200b\u7ec4\u7ec7\u200b IP \u200b\u548c\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c\u200b\u6bcf\u4e2a\u200b Namespace \u200b\u53ef\u4ee5\u200b\u5f52\u5c5e\u4e8e\u200b\u7279\u5b9a\u200b\u7684\u200b\u5b50\u7f51\u200b\uff0c Namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u4ece\u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u83b7\u53d6\u200b IP \u200b\u5e76\u200b\u5171\u4eab\u200b\u5b50\u7f51\u200b\u7684\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff08CIDR\uff0c\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b\uff0c\u200b\u8bbf\u95ee\u63a7\u5236\u200b\uff0cNAT \u200b\u63a7\u5236\u200b\u7b49\u200b\uff09\u3002
\u200b\u548c\u200b\u5176\u4ed6\u200b CNI \u200b\u7684\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u5b9e\u73b0\u200b\u4e0d\u540c\u200b\uff0c\u200b\u5728\u200b Kube-OVN \u200b\u4e2d\u5b50\u200b\u7f51\u4e3a\u200b\u4e00\u4e2a\u200b\u5168\u5c40\u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c\u200b\u540c\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u53ef\u4ee5\u200b\u5206\u5e03\u200b\u5728\u200b\u4efb\u610f\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u3002
Overlay \u200b\u548c\u200b Underlay \u200b\u7684\u200b\u5b50\u7f51\u200b\u5728\u200b\u4f7f\u7528\u200b\u548c\u200b\u914d\u7f6e\u200b\u4e0a\u200b\u5b58\u5728\u200b\u4e00\u4e9b\u200b\u5dee\u5f02\u200b\uff0c\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u4f1a\u200b\u4ecb\u7ecd\u200b\u4e0d\u540c\u200b\u7c7b\u578b\u200b\u5b50\u7f51\u200b\u7684\u200b\u4e00\u4e9b\u200b\u5171\u540c\u200b\u914d\u7f6e\u200b\u548c\u200b\u5dee\u5f02\u5316\u200b\u529f\u80fd\u200b\u3002
"},{"location":"guide/subnet/#_2","title":"\u9ed8\u8ba4\u200b\u5b50\u7f51","text":"\u200b\u4e3a\u4e86\u200b\u65b9\u4fbf\u200b\u7528\u6237\u200b\u7684\u200b\u5feb\u901f\u200b\u4e0a\u200b\u624b\u200b\u4f7f\u7528\u200b\uff0cKube-OVN \u200b\u5185\u7f6e\u200b\u4e86\u200b\u4e00\u4e2a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u6240\u6709\u200b\u672a\u200b\u663e\u5f0f\u200b\u58f0\u660e\u200b\u5b50\u7f51\u200b\u5f52\u5c5e\u200b\u7684\u200b Namespace \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u4ece\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u5206\u914d\u200b IP\uff0c \u200b\u5e76\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\u3002\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7684\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u5b89\u88c5\u200b\u65f6\u200b\u6307\u5b9a\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u5185\u7f6e\u200b\u7f51\u7edc\u200b\u8bbe\u7f6e\u200b\uff0c \u200b\u5982\u679c\u200b\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u7684\u200b CIDR \u200b\u8bf7\u200b\u53c2\u8003\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5728\u200b Overlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u4e86\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u5e76\u200b\u5bf9\u200b\u51fa\u7f51\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b NAT \u200b\u8f6c\u6362\u200b\uff0c\u200b\u5176\u200b\u884c\u4e3a\u200b\u548c\u200b Flannel \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u884c\u4e3a\u200b\u57fa\u672c\u4e00\u81f4\u200b\uff0c \u200b\u7528\u6237\u200b\u65e0\u9700\u200b\u989d\u5916\u200b\u7684\u200b\u914d\u7f6e\u200b\u5373\u53ef\u200b\u4f7f\u7528\u200b\u5230\u200b\u5927\u90e8\u5206\u200b\u7684\u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\u3002
\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u4f5c\u4e3a\u200b\u51fa\u7f51\u200b\u7f51\u5173\u200b\uff0c\u200b\u5e76\u200b\u5f00\u542f\u200b arping \u200b\u68c0\u67e5\u200b\u7f51\u7edc\u200b\u8fde\u901a\u6027\u200b\u3002
"},{"location":"guide/subnet/#_3","title":"\u67e5\u770b\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51","text":"\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b spec \u200b\u4e2d\u200b\u7684\u200b default \u200b\u5b57\u6bb5\u200b\u4e3a\u200b true\uff0c\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u4e0b\u200b\u53ea\u6709\u200b\u4e00\u4e2a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u540d\u4e3a\u200b ovn-default\u3002
\u200b\u67e5\u770b\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff1a
# kubectl get subnet ovn-default -o yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n creationTimestamp: \"2019-08-06T09:33:43Z\"\n generation: 1\n name: ovn-default\n resourceVersion: \"1571334\"\n selfLink: /apis/kubeovn.io/v1/subnets/ovn-default\n uid: 7e2451f8-fb44-4f7f-b3e0-cfd27f6fd5d6\nspec:\n cidrBlock: 10.16.0.0/16\n default: true\n excludeIps:\n - 10.16.0.1\n gateway: 10.16.0.1\n gatewayType: distributed\n natOutgoing: true\n private: false\n protocol: IPv4\n
"},{"location":"guide/subnet/#join","title":"Join \u200b\u5b50\u7f51","text":"\u200b\u5728\u200b Kubernetes \u200b\u7684\u200b\u7f51\u7edc\u200b\u89c4\u8303\u200b\u4e2d\u200b\uff0c\u200b\u8981\u6c42\u200b Node \u200b\u53ef\u4ee5\u200b\u548c\u200b\u6240\u6709\u200b\u7684\u200b Pod \u200b\u76f4\u63a5\u200b\u901a\u4fe1\u200b\u3002 \u200b\u4e3a\u4e86\u200b\u5728\u200b Overlay \u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u8fbe\u5230\u200b\u8fd9\u4e2a\u200b\u76ee\u7684\u200b\uff0c Kube-OVN \u200b\u521b\u5efa\u200b\u4e86\u200b\u4e00\u4e2a\u200b join \u200b\u5b50\u7f51\u200b\uff0c \u200b\u5e76\u200b\u5728\u200b\u6bcf\u4e2a\u200b Node \u200b\u8282\u70b9\u200b\u521b\u5efa\u200b\u4e86\u200b\u4e00\u5757\u200b\u865a\u62df\u200b\u7f51\u5361\u200b ovn0 \u200b\u63a5\u5165\u200b join \u200b\u5b50\u7f51\u200b\uff0c\u200b\u901a\u8fc7\u200b\u8be5\u200b\u7f51\u7edc\u200b\u5b8c\u6210\u200b\u8282\u70b9\u200b\u548c\u200b Pod \u200b\u4e4b\u95f4\u200b\u7684\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u3002
\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7684\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u5b89\u88c5\u200b\u65f6\u200b\u6307\u5b9a\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u5185\u7f6e\u200b\u7f51\u7edc\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u5982\u679c\u200b\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u4fee\u6539\u200b\u3002 join \u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u8bf7\u200b\u53c2\u8003\u200b\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b
"},{"location":"guide/subnet/#join_1","title":"\u67e5\u770b\u200b Join \u200b\u5b50\u7f51","text":"\u200b\u6ce8\u610f\u200b\uff1a\u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u65e0\u6cd5\u200b\u901a\u8fc7\u200b hostport, \u200b\u4ee5\u53ca\u200b\u8bbe\u7f6e\u200b\u4e86\u200b externalTrafficPolicy: Local \u200b\u7684\u200b NodePort \u200b\u7c7b\u578b\u200b Service \u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\uff0c
\u200b\u8be5\u200b\u5b50\u7f51\u200b\u9ed8\u8ba4\u200b\u540d\u4e3a\u200b join \u200b\u4e00\u822c\u200b\u65e0\u9700\u200b\u5bf9\u200b\u8be5\u200b\u5b50\u7f51\u200b CIDR \u200b\u5916\u200b\u7684\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
# kubectl get subnet join -o yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n creationTimestamp: \"2019-08-06T09:33:43Z\"\n generation: 1\n name: join\n resourceVersion: \"1571333\"\n selfLink: /apis/kubeovn.io/v1/subnets/join\n uid: 9c744810-c678-4d50-8a7d-b8ec12ef91b8\nspec:\n cidrBlock: 100.64.0.0/16\n default: false\n excludeIps:\n - 100.64.0.1\n gateway: 100.64.0.1\n gatewayNode: \"\"\n gatewayType: \"\"\n natOutgoing: false\n private: false\n protocol: IPv4\n
\u200b\u5728\u200b node \u200b\u8282\u70b9\u200b\u67e5\u770b\u200b ovn0 \u200b\u7f51\u5361\u200b\uff1a
# ifconfig ovn0\novn0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1420\n inet 100.64.0.4 netmask 255.255.0.0 broadcast 100.64.255.255\n inet6 fe80::800:ff:fe40:5 prefixlen 64 scopeid 0x20<link>\n ether 0a:00:00:40:00:05 txqueuelen 1000 (Ethernet)\n RX packets 18 bytes 1428 (1.3 KiB)\n RX errors 0 dropped 0 overruns 0 frame 0\n TX packets 19 bytes 1810 (1.7 KiB)\n TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0\n
"},{"location":"guide/subnet/#_4","title":"\u521b\u5efa\u200b\u81ea\u5b9a\u4e49\u200b\u5b50\u7f51","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4ecb\u7ecd\u200b\u521b\u5efa\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u5176\u200b\u548c\u200b\u67d0\u4e2a\u200b Namespace \u200b\u505a\u200b\u5173\u8054\u200b\u7684\u200b\u57fa\u672c\u64cd\u4f5c\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u9ad8\u7ea7\u200b\u914d\u7f6e\u200b\u8bf7\u200b\u53c2\u8003\u200b\u540e\u7eed\u200b\u5185\u5bb9\u200b\u3002
"},{"location":"guide/subnet/#_5","title":"\u521b\u5efa\u200b\u5b50\u7f51","text":"cat <<EOF | kubectl create -f -\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 10.66.0.0/16\n excludeIps:\n - 10.66.0.1..10.66.0.10\n - 10.66.0.101..10.66.0.151\n gateway: 10.66.0.1\n gatewayType: distributed\n natOutgoing: true\n routeTable: \"\"\n namespaces:\n - ns1\n - ns2\nEOF\n
cidrBlock: \u200b\u5b50\u7f51\u200b CIDR \u200b\u8303\u56f4\u200b\uff0c\u200b\u540c\u4e00\u4e2a\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u4e0d\u540c\u200b Subnet CIDR \u200b\u4e0d\u80fd\u200b\u91cd\u53e0\u200b\u3002excludeIps: \u200b\u4fdd\u7559\u200b\u5730\u5740\u200b\u5217\u8868\u200b\uff0c\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u5c06\u200b\u4e0d\u4f1a\u200b\u81ea\u52a8\u200b\u5206\u914d\u200b\u5217\u8868\u200b\u5185\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u53ef\u7528\u200b\u505a\u200b\u56fa\u5b9a\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\u6bb5\u200b\uff0c\u200b\u4e5f\u200b\u53ef\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u907f\u514d\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e2d\u200b\u5df2\u6709\u200b\u8bbe\u5907\u200b\u51b2\u7a81\u200b\u3002gateway\uff1a\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\uff0cOverlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b Kube-OVN \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5206\u914d\u200b\u5bf9\u5e94\u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\uff0cUnderlay \u200b\u6a21\u5f0f\u200b\u4e0b\u8be5\u200b\u5730\u5740\u200b\u9700\u4e3a\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\u3002namespaces: \u200b\u7ed1\u5b9a\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7684\u200b Namespace \u200b\u5217\u8868\u200b\uff0c\u200b\u7ed1\u5b9a\u200b\u540e\u200b Namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u5c06\u4f1a\u200b\u4ece\u200b\u5f53\u524d\u200b\u5b50\u7f51\u200b\u5206\u914d\u200b\u5730\u5740\u200b\u3002routeTable: \u200b\u5173\u8054\u200b\u7684\u200b\u8def\u7531\u8868\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5173\u8054\u200b\u4e3b\u200b\u8def\u7531\u8868\u200b\uff0c\u200b\u8def\u7531\u8868\u200b\u5b9a\u4e49\u200b\u8bf7\u200b\u53c2\u8003\u200b\u9759\u6001\u200b\u8def\u7531\u200b
"},{"location":"guide/subnet/#_6","title":"\u9a8c\u8bc1\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\u751f\u6548","text":"# kubectl create ns ns1\nnamespace/ns1 created\n\n# kubectl run nginx --image=docker.io/library/nginx:alpine -n ns1\ndeployment.apps/nginx created\n\n# kubectl get pod -n ns1 -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nnginx-74d5899f46-n8wtg 1/1 Running 0 10s 10.66.0.11 node1 <none> <none>\n
"},{"location":"guide/subnet/#workload","title":"Workload \u200b\u7ed1\u5b9a\u200b\u5b50\u7f51","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Pod \u200b\u4f1a\u200b\u4ece\u200b Namespace \u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u5185\u200b\u5206\u914d\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u5982\u679c\u200b Namespace \u200b\u4e0b\u200b\u67d0\u4e2a\u200b Workload \u200b\u9700\u8981\u200b\u7279\u6b8a\u200b\u6307\u5b9a\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u8bbe\u7f6e\u200b Pod \u200b\u7684\u200b Annotation ovn.kubernetes.io/logical_switch \u200b\u6765\u200b\u5b9e\u73b0\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: another-subnet\n annotations:\n ovn.kubernetes.io/logical_switch: subnet1\nspec:\n containers:\n - name: another-subnet\n image: docker.io/library/nginx:alpine\n
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u7ed9\u200b Workload \u200b\u7c7b\u578b\u200b\u8d44\u6e90\u200b\u5982\u200b Deployment\uff0cStatefulSet \u200b\u7ed1\u5b9a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b ovn.kubernetes.io/logical_switch Annotation \u200b\u8bbe\u7f6e\u200b\u5728\u200b spec.template.metadata.annotations\u3002
"},{"location":"guide/subnet/#overlay","title":"Overlay \u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u914d\u7f6e","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ea\u200b\u5bf9\u200b Overlay \u200b\u6a21\u5f0f\u200b\u5b50\u7f51\u200b\u751f\u6548\u200b\uff0cUnderlay \u200b\u7c7b\u578b\u200b\u5b50\u7f51\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u501f\u52a9\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u3002
Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u7f51\u5173\u200b\u6765\u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0cKube-OVN \u200b\u76ee\u524d\u200b\u652f\u6301\u200b\u4e24\u79cd\u200b\u7c7b\u578b\u200b\u7684\u200b\u7f51\u5173\u200b\uff1a \u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u548c\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u5bf9\u200b\u7f51\u5173\u200b\u7684\u200b\u7c7b\u578b\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\u3002
\u200b\u4e24\u79cd\u200b\u7c7b\u578b\u200b\u7f51\u5173\u200b\u5747\u200b\u652f\u6301\u200b natOutgoing \u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u65f6\u200b\u662f\u5426\u200b\u9700\u8981\u200b\u8fdb\u884c\u200b snat\u3002
"},{"location":"guide/subnet/#_7","title":"\u5206\u5e03\u5f0f\u200b\u7f51\u5173","text":"\u200b\u5b50\u7f51\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u7c7b\u578b\u200b\u7f51\u5173\u200b\uff0c\u200b\u6bcf\u4e2a\u200b node \u200b\u4f1a\u200b\u4f5c\u4e3a\u200b\u5f53\u524d\u200b node \u200b\u4e0a\u200b pod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u5173\u200b\u3002 \u200b\u6570\u636e\u5305\u200b\u4f1a\u200b\u901a\u8fc7\u200b\u672c\u673a\u200b\u7684\u200b ovn0 \u200b\u7f51\u5361\u200b\u6d41\u5165\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u6808\u200b\uff0c\u200b\u518d\u200b\u6839\u636e\u200b\u4e3b\u673a\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u8fdb\u884c\u200b\u51fa\u7f51\u200b\u3002 \u200b\u5f53\u200b natOutgoing \u200b\u4e3a\u200b true \u200b\u65f6\u200b\uff0cPod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u5f53\u524d\u200b\u6240\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b IP\u3002
\u200b\u5b50\u7f51\u200b\u793a\u4f8b\u200b\uff0c\u200b\u5176\u4e2d\u200b gatewayType \u200b\u5b57\u6bb5\u200b\u4e3a\u200b distributed\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: distributed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: distributed\n natOutgoing: true\n
"},{"location":"guide/subnet/#_8","title":"\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173","text":"\u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u5b50\u7f51\u200b\u5185\u200b\u6d41\u91cf\u200b\u8bbf\u95ee\u200b\u5916\u200b\u7f51\u200b\u4f7f\u7528\u200b\u56fa\u5b9a\u200b\u7684\u200b IP\uff0c\u200b\u4ee5\u4fbf\u200b\u5ba1\u8ba1\u200b\u548c\u200b\u767d\u540d\u5355\u200b\u7b49\u200b\u5b89\u5168\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b\u4e3a\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u3002 \u200b\u5728\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0cPod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u4f1a\u200b\u9996\u5148\u200b\u88ab\u200b\u8def\u7531\u200b\u5230\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u7684\u200b ovn0 \u200b\u7f51\u5361\u200b\uff0c\u200b\u518d\u200b\u901a\u8fc7\u200b\u4e3b\u673a\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u8fdb\u884c\u200b\u51fa\u7f51\u200b\u3002 \u200b\u5f53\u200b natOutgoing \u200b\u4e3a\u200b true \u200b\u65f6\u200b\uff0cPod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u7279\u5b9a\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b IP\u3002
\u200b\u5b50\u7f51\u200b\u793a\u4f8b\u200b\uff0c\u200b\u5176\u4e2d\u200b gatewayType \u200b\u5b57\u6bb5\u200b\u4e3a\u200b centralized\uff0cgatewayNode \u200b\u4e3a\u200b\u7279\u5b9a\u200b\u673a\u5668\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b NodeName\u3002 \u200b\u5176\u4e2d\u200b gatewayNode \u200b\u5b57\u200b\u6bb5\u200b\u53ef\u4ee5\u200b\u4e3a\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u7684\u200b\u591a\u53f0\u200b\u4e3b\u673a\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: centralized\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: centralized\n gatewayNode: \"node1,node2\"\n natOutgoing: true\n
- \u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u6307\u5b9a\u200b\u673a\u5668\u200b\u7684\u200b\u7279\u5b9a\u200b\u7f51\u5361\u200b\u8fdb\u884c\u200b\u51fa\u7f51\u200b\uff0c
gatewayNode \u200b\u53ef\u66f4\u6539\u200b\u4e3a\u200b kube-ovn-worker:172.18.0.2, kube-ovn-control-plane:172.18.0.3 \u200b\u683c\u5f0f\u200b\u3002 - \u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u9ed8\u8ba4\u200b\u4e3a\u4e3b\u200b\u5907\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u53ea\u6709\u200b\u4e3b\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\uff0c \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5207\u6362\u200b\u4e3a\u200b ECMP \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b ECMP \u200b\u5f00\u542f\u200b\u8bbe\u7f6e\u200b\u3002
- \u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u5728\u200b subnet crd \u200b\u5b9a\u4e49\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e86\u200b spec \u200b\u5b57\u200b\u6bb5\u200b
enableEcmp\uff0c\u200b\u5c06\u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b ECMP \u200b\u5f00\u5173\u200b\u63a7\u5236\u200b\u8fc1\u79fb\u200b\u5230\u200b\u5b50\u7f51\u200b\u5c42\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u5206\u522b\u200b\u8bbe\u7f6e\u200b\u662f\u5426\u200b\u5f00\u542f\u200b ECMP \u200b\u6a21\u5f0f\u200b\u3002\u200b\u539f\u6709\u200b\u7684\u200b kube-ovn-controller Deployment \u200b\u4e2d\u200b\u7684\u200b enable-ecmp \u200b\u53c2\u6570\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\u3002\u200b\u4e4b\u524d\u200b\u7248\u672c\u5347\u7ea7\u200b\u5230\u200b v1.12.0 \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5b50\u7f51\u200b\u5f00\u5173\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ee7\u627f\u200b\u539f\u6709\u200b\u7684\u200b\u5168\u5c40\u200b\u5f00\u5173\u200b\u53c2\u6570\u200b\u53d6\u503c\u200b\u3002
"},{"location":"guide/subnet/#acl","title":"\u5b50\u7f51\u200b ACL \u200b\u8bbe\u7f6e","text":"\u200b\u5bf9\u4e8e\u200b\u6709\u200b\u7ec6\u7c92\u5ea6\u200b ACL \u200b\u63a7\u5236\u200b\u7684\u200b\u573a\u666f\u200b\uff0cKube-OVN \u200b\u7684\u200b Subnet \u200b\u63d0\u4f9b\u200b\u4e86\u200b ACL \u200b\u89c4\u5219\u200b\u7684\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5b9e\u73b0\u200b\u7f51\u7edc\u200b\u89c4\u5219\u200b\u7684\u200b\u7cbe\u7ec6\u200b\u63a7\u5236\u200b\u3002
Subnet \u200b\u4e2d\u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u548c\u200b OVN \u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u4e00\u81f4\u200b\uff0c\u200b\u76f8\u5173\u200b\u5b57\u200b\u6bb5\u200b\u5185\u5bb9\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b ovn-nb ACL Table\uff0c match \u200b\u5b57\u200b\u6bb5\u200b\u652f\u6301\u200b\u7684\u200b\u5b57\u200b\u6bb5\u200b\u53ef\u200b\u53c2\u8003\u200b ovn-sb Logical Flow Table\u3002
\u200b\u5141\u8bb8\u200b IP \u200b\u5730\u5740\u200b\u4e3a\u200b 10.10.0.2 \u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u6240\u6709\u200b\u5730\u5740\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u5176\u4ed6\u200b\u5730\u5740\u200b\u4e3b\u52a8\u200b\u8bbf\u95ee\u200b\u81ea\u5df1\u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: acl\nspec:\n acls:\n - action: drop\n direction: to-lport\n match: ip4.dst == 10.10.0.2 && ip\n priority: 1002\n - action: allow-related\n direction: from-lport\n match: ip4.src == 10.10.0.2 && ip\n priority: 1002\n cidrBlock: 10.10.0.0/24\n
"},{"location":"guide/subnet/#_9","title":"\u5b50\u7f51\u200b\u9694\u79bb\u200b\u8bbe\u7f6e","text":"\u200b\u5b50\u7f51\u200b ACL \u200b\u7684\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u8986\u76d6\u200b\u5b50\u7f51\u200b\u9694\u79bb\u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u5e76\u200b\u6709\u200b\u66f4\u597d\u200b\u7684\u200b\u7075\u6d3b\u6027\u200b\uff0c\u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u4f7f\u7528\u200b\u5b50\u7f51\u200b ACL \u200b\u6765\u200b\u505a\u200b\u76f8\u5e94\u200b\u7684\u200b\u914d\u7f6e\u200b\u3002
\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Kube-OVN \u200b\u521b\u5efa\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e4b\u95f4\u200b\u53ef\u4ee5\u200b\u76f8\u4e92\u200b\u901a\u4fe1\u200b\uff0cPod \u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u7f51\u5173\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5982\u9700\u200b\u5bf9\u200b\u5b50\u7f51\u200b\u95f4\u200b\u7684\u200b\u8bbf\u95ee\u200b\u8fdb\u884c\u200b\u63a7\u5236\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b50\u7f51\u200b CRD \u200b\u4e2d\u5c06\u200b private \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true\uff0c\u200b\u5219\u200b\u8be5\u200b\u5b50\u7f51\u200b\u5c06\u200b\u548c\u200b\u5176\u4ed6\u200b\u5b50\u7f51\u200b\u4ee5\u53ca\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u9694\u79bb\u200b\uff0c \u200b\u53ea\u80fd\u200b\u8fdb\u884c\u200b\u5b50\u7f51\u200b\u5185\u90e8\u200b\u7684\u200b\u901a\u4fe1\u200b\u3002\u200b\u5982\u200b\u9700\u5f00\u200b\u767d\u540d\u5355\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b allowSubnets \u200b\u8fdb\u884c\u200b\u8bbe\u7f6e\u200b\u3002allowSubnets \u200b\u5185\u200b\u7684\u200b\u7f51\u6bb5\u200b\u548c\u200b\u8be5\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u53cc\u5411\u200b\u4e92\u8bbf\u200b\u3002
"},{"location":"guide/subnet/#_10","title":"\u5f00\u542f\u200b\u8bbf\u95ee\u63a7\u5236\u200b\u7684\u200b\u5b50\u7f51\u200b\u793a\u4f8b","text":"apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: private\nspec:\n protocol: IPv4\n default: false\n namespaces:\n - ns1\n - ns2\n cidrBlock: 10.69.0.0/16\n private: true\n allowSubnets:\n - 10.16.0.0/16\n - 10.18.0.0/16\n
"},{"location":"guide/subnet/#underlay","title":"Underlay \u200b\u76f8\u5173\u200b\u9009\u9879","text":"\u200b\u8be5\u200b\u90e8\u5206\u200b\u529f\u80fd\u200b\u53ea\u200b\u5bf9\u200b Underlay \u200b\u7c7b\u578b\u200b\u5b50\u7f51\u200b\u751f\u6548\u200b\u3002
vlan: \u200b\u5982\u679c\u200b\u4f7f\u7528\u200b Underlay \u200b\u7f51\u7edc\u200b\uff0c\u200b\u8be5\u5b57\u6bb5\u200b\u7528\u6765\u200b\u63a7\u5236\u200b\u8be5\u200b Subnet \u200b\u548c\u200b\u54ea\u4e2a\u200b Vlan CR \u200b\u8fdb\u884c\u200b\u7ed1\u5b9a\u200b\u3002\u200b\u8be5\u200b\u9009\u9879\u200b\u9ed8\u8ba4\u200b\u4e3a\u7a7a\u200b\u5b57\u7b26\u4e32\u200b\uff0c\u200b\u5373\u200b\u4e0d\u200b\u4f7f\u7528\u200b Underlay \u200b\u7f51\u7edc\u200b\u3002logicalGateway: \u200b\u4e00\u4e9b\u200b Underlay \u200b\u73af\u5883\u200b\u4e3a\u200b\u7eaf\u200b\u4e8c\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u4e0d\u200b\u5b58\u5728\u200b\u7269\u7406\u200b\u7684\u200b\u4e09\u5c42\u200b\u7f51\u5173\u200b\u3002\u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u501f\u52a9\u200b OVN \u200b\u672c\u8eab\u200b\u7684\u200b\u80fd\u529b\u200b\u8bbe\u7f6e\u200b\u4e00\u4e2a\u200b\u865a\u62df\u200b\u7f51\u5173\u200b\uff0c\u200b\u5c06\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u7f51\u7edc\u200b\u6253\u901a\u200b\u3002\u200b\u9ed8\u8ba4\u503c\u200b\u4e3a\u200b\uff1afalse\u3002
"},{"location":"guide/subnet/#_11","title":"\u7f51\u5173\u200b\u68c0\u67e5\u200b\u8bbe\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b kube-ovn-cni \u200b\u5728\u200b\u542f\u52a8\u200b Pod \u200b\u540e\u200b\u4f1a\u200b\u4f7f\u7528\u200b ICMP \u200b\u6216\u200b ARP \u200b\u534f\u8bae\u200b\u8bf7\u6c42\u200b\u7f51\u5173\u200b\u5e76\u200b\u7b49\u5f85\u200b\u8fd4\u56de\u200b\uff0c \u200b\u4ee5\u200b\u9a8c\u8bc1\u200b\u7f51\u7edc\u200b\u5de5\u4f5c\u200b\u6b63\u5e38\u200b\uff0c\u200b\u5728\u200b\u90e8\u5206\u200b Underlay \u200b\u73af\u5883\u200b\u7f51\u5173\u200b\u65e0\u6cd5\u200b\u54cd\u5e94\u200b ICMP \u200b\u8bf7\u6c42\u200b\uff0c\u200b\u6216\u200b\u65e0\u9700\u200b\u7f51\u7edc\u200b\u5916\u90e8\u200b\u8054\u901a\u200b\u7684\u200b\u573a\u666f\u200b \u200b\u53ef\u4ee5\u200b\u5173\u95ed\u200b\u7f51\u5173\u200b\u68c0\u67e5\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: disable-gw-check\nspec:\n disableGatewayCheck: true\n
"},{"location":"guide/subnet/#multicast-snoop","title":"Multicast-Snoop \u200b\u914d\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b subnet \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u5982\u679c\u200b\u53d1\u9001\u200b\u7ec4\u200b\u64ad\u62a5\u200b\u6587\u200b\uff0cOVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u884c\u4e3a\u200b\u662f\u200b\u4f1a\u200b\u5e7f\u64ad\u200b\u7ec4\u200b\u64ad\u62a5\u200b\u6587\u5230\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u6240\u6709\u200b\u7684\u200b Pod\u3002\u200b\u5982\u679c\u200b\u5f00\u542f\u200b subnet \u200b\u7684\u200b multicast snoop \u200b\u5f00\u5173\u200b\uff0cOVN \u200b\u4f1a\u200b\u6839\u636e\u200b South Database \u200b\u4e2d\u200b\u7684\u200b\u7ec4\u64ad\u8868\u200b Multicast_Group \u200b\u6765\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u800c\u200b\u4e0d\u200b\u5728\u200b\u8fdb\u884c\u200b\u5e7f\u64ad\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sample1\nspec:\n enableMulticastSnoop: true\n
"},{"location":"guide/subnet/#subnet-mtu","title":"Subnet MTU \u200b\u914d\u7f6e","text":"\u200b\u914d\u7f6e\u200b Subnet \u200b\u4e0b\u200b Pod \u200b\u7684\u200b MTU\uff0c\u200b\u914d\u7f6e\u200b\u540e\u200b\u9700\u8981\u200b\u91cd\u542f\u200b Subnet \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u624d\u200b\u751f\u6548\u200b
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sample1\nspec:\n mtu: 1300\n
"},{"location":"guide/subnet/#_12","title":"\u5176\u4ed6\u200b\u9ad8\u7ea7\u200b\u8bbe\u7f6e","text":" - IP \u200b\u6c60\u200b\u4f7f\u7528\u200b
- \u200b\u9ed8\u8ba4\u200b VPC NAT \u200b\u7b56\u7565\u200b\u89c4\u5219\u200b
- QoS \u200b\u8bbe\u7f6e\u200b
- \u200b\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406\u200b
- DHCP \u200b\u9009\u9879\u200b
- \u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u8bbe\u7f6e\u200b
- \u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u8bbe\u7f6e\u200b
- \u200b\u865a\u62df\u200b IP \u200b\u8bbe\u7f6e\u200b
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/vpc-qos/","title":"VPC QoS","text":"Kube-OVN \u200b\u652f\u6301\u200b\u4f7f\u7528\u200b QoSPolicy CRD \u200b\u5bf9\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u7684\u200b\u6d41\u91cf\u200b\u901f\u7387\u200b\u8fdb\u884c\u200b\u9650\u5236\u200b\u3002
"},{"location":"guide/vpc-qos/#eip-qos","title":"EIP QoS","text":"\u200b\u5bf9\u200b EIP \u200b\u8fdb\u884c\u200b\u9650\u901f\u200b\uff0c\u200b\u9650\u901f\u200b\u503c\u4e3a\u200b 1Mbps\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u4e3a\u200b 1\uff0c\u200b\u8fd9\u91cc\u200b shared=false\uff0c\u200b\u8868\u793a\u200b\u8fd9\u4e2a\u200b QoSPolicy \u200b\u53ea\u80fd\u200b\u7ed9\u200b\u8fd9\u4e2a\u200b EIP \u200b\u4f7f\u7528\u200b\u4e14\u200b\u652f\u6301\u200b\u52a8\u6001\u200b\u4fee\u6539\u200b QoSPolicy \u200b\u53bb\u200b\u53d8\u66f4\u200b QoS \u200b\u89c4\u5219\u200b\u3002
QoSPolicy \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-eip-example\nspec:\n shared: false\n bindingType: EIP\n bandwidthLimitRules:\n - name: eip-ingress\n rateMax: \"1\" # Mbps\n burstMax: \"1\" # Mbps\n priority: 1\n direction: ingress\n - name: eip-egress\n rateMax: \"1\" # Mbps\n burstMax: \"1\" # Mbps\n priority: 1\n direction: egress\n
IptablesEIP \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-1\nspec:\n natGwDp: gw1\n qosPolicy: qos-eip-example\n
.spec.qosPolicy \u200b\u7684\u200b\u503c\u200b\u652f\u6301\u200b\u521b\u5efa\u200b\u65f6\u200b\u4f20\u5165\u200b\uff0c\u200b\u4e5f\u200b\u652f\u6301\u200b\u521b\u5efa\u200b\u540e\u200b\u4fee\u6539\u200b\u3002
"},{"location":"guide/vpc-qos/#qos-eip","title":"\u67e5\u770b\u200b\u5df2\u200b\u542f\u7528\u200b QoS \u200b\u7684\u200b EIP","text":"\u200b\u901a\u8fc7\u200b label \u200b\u67e5\u770b\u200b\u5df2\u7ecf\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b qos \u200b\u7684\u200b eip\uff1a
# kubectl get eip -l ovn.kubernetes.io/qos=qos-eip-example\nNAME IP MAC NAT NATGWDP READY\neip-1 172.18.11.24 00:00:00:34:41:0B fip gw1 true\n
"},{"location":"guide/vpc-qos/#vpc-natgw-net1-qos","title":"VPC NATGW net1 \u200b\u7f51\u5361\u200b QoS","text":"\u200b\u5bf9\u200b VPC NATGW \u200b\u7684\u200b net1 \u200b\u7f51\u5361\u200b\u901f\u7387\u200b\u8fdb\u884c\u200b\u9650\u5236\u200b\uff0c\u200b\u9650\u901f\u200b\u503c\u4e3a\u200b 10Mbps\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u4e3a\u200b 3\uff0c\u200b\u8fd9\u91cc\u200b shared=true\uff0c\u200b\u8868\u793a\u200b\u8fd9\u4e2a\u200b QoSPolicy \u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u7ed9\u200b\u591a\u4e2a\u200b\u8d44\u6e90\u200b\u4f7f\u7528\u200b\uff0c\u200b\u8fd9\u79cd\u200b\u573a\u666f\u200b\u4e0b\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u4fee\u6539\u200b QoSPolicy \u200b\u7684\u200b\u5185\u5bb9\u200b\u3002
QoSPolicy \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-natgw-example\nspec:\n shared: true\n bindingType: NATGW\n bandwidthLimitRules:\n - name: net1-ingress\n interface: net1\n rateMax: \"10\" # Mbps\n burstMax: \"10\" # Mbps\n priority: 3\n direction: ingress\n - name: net1-egress\n interface: net1\n rateMax: \"10\" # Mbps\n burstMax: \"10\" # Mbps\n priority: 3\n direction: egress\n
VpcNatGateway \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n qosPolicy: qos-natgw-example\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n
.spec.qosPolicy \u200b\u7684\u200b\u503c\u200b\u652f\u6301\u200b\u521b\u5efa\u200b\u4f20\u5165\u200b\uff0c\u200b\u4e5f\u200b\u652f\u6301\u200b\u540e\u7eed\u200b\u4fee\u6539\u200b\u3002
"},{"location":"guide/vpc-qos/#net1-qos","title":"net1 \u200b\u7f51\u5361\u200b\u7279\u5b9a\u200b\u6d41\u91cf\u200b QoS","text":"\u200b\u5bf9\u200b net1 \u200b\u7f51\u5361\u200b\u4e0a\u200b\u7279\u5b9a\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u9650\u901f\u200b\uff0c\u200b\u9650\u901f\u200b\u503c\u4e3a\u200b 5Mbps\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u4e3a\u200b 2\uff0c\u200b\u8fd9\u91cc\u200b shared=true\uff0c\u200b\u8868\u793a\u200b\u8fd9\u4e2a\u200b QoSPolicy \u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u7ed9\u200b\u591a\u4e2a\u200b\u8d44\u6e90\u200b\u4f7f\u7528\u200b\uff0c\u200b\u6b64\u65f6\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u4fee\u6539\u200b QoSPolicy \u200b\u7684\u200b\u5185\u5bb9\u200b\u3002
QoSPolicy \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-natgw-example\nspec:\n shared: true\n bindingType: NATGW\n bandwidthLimitRules:\n - name: net1-extip-ingress\n interface: net1\n rateMax: \"5\" # Mbps\n burstMax: \"5\" # Mbps\n priority: 2\n direction: ingress\n matchType: ip\n matchValue: src 172.18.11.22/32\n - name: net1-extip-egress\n interface: net1\n rateMax: \"5\" # Mbps\n burstMax: \"5\" # Mbps\n priority: 2\n direction: egress\n matchType: ip\n matchValue: dst 172.18.11.23/32\n
VpcNatGateway \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n qosPolicy: qos-natgw-example\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n
"},{"location":"guide/vpc-qos/#qos-natgw","title":"\u67e5\u770b\u200b\u5df2\u200b\u542f\u7528\u200b QoS \u200b\u7684\u200b NATGW","text":"\u200b\u901a\u8fc7\u200b label \u200b\u67e5\u770b\u200b\u5df2\u7ecf\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b qos \u200b\u7684\u200b eip\uff1a
# kubectl get vpc-nat-gw -l ovn.kubernetes.io/qos=qos-natgw-example\nNAME VPC SUBNET LANIP\ngw1 test-vpc-1 net1 10.0.1.254\n
"},{"location":"guide/vpc-qos/#qos","title":"\u67e5\u770b\u200b qos \u200b\u89c4\u5219","text":"# kubectl get qos -A\nNAME SHARED BINDINGTYPE\nqos-eip-example false EIP\nqos-natgw-example true NATGW\n
"},{"location":"guide/vpc-qos/#_1","title":"\u9650\u5236","text":" - \u200b\u53ea\u6709\u200b\u5728\u200b\u672a\u200b\u4f7f\u7528\u200b\u65f6\u200b\u624d\u80fd\u200b\u5220\u9664\u200b QoS \u200b\u7b56\u7565\u200b\u3002\u200b\u56e0\u6b64\u200b\uff0c\u200b\u5728\u200b\u5220\u9664\u200b QoS \u200b\u7b56\u7565\u200b\u4e4b\u524d\u200b\uff0c\u200b\u8bf7\u200b\u5148\u200b\u67e5\u770b\u200b\u5df2\u200b\u542f\u7528\u200b QoS \u200b\u7684\u200b EIP \u200b\u548c\u200b NATGW\uff0c\u200b\u53bb\u6389\u200b\u5b83\u4eec\u200b\u7684\u200b
spec.qosPolicy \u200b\u914d\u7f6e\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/vpc/","title":"VPC \u200b\u4f7f\u7528","text":"Kube-OVN \u200b\u652f\u6301\u200b\u591a\u200b\u79df\u6237\u200b\u9694\u79bb\u200b\u7ea7\u522b\u200b\u7684\u200b VPC \u200b\u7f51\u7edc\u200b\u3002\u200b\u4e0d\u540c\u200b VPC \u200b\u7f51\u7edc\u200b\u76f8\u4e92\u200b\u72ec\u7acb\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5206\u522b\u200b\u914d\u7f6e\u200b Subnet \u200b\u7f51\u6bb5\u200b\uff0c \u200b\u8def\u7531\u200b\u7b56\u7565\u200b\uff0c\u200b\u5b89\u5168\u7b56\u7565\u200b\uff0c\u200b\u51fa\u7f51\u200b\u7f51\u5173\u200b\uff0cEIP \u200b\u7b49\u200b\u914d\u7f6e\u200b\u3002
VPC \u200b\u4e3b\u8981\u200b\u7528\u4e8e\u200b\u6709\u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u5f3a\u200b\u9694\u79bb\u200b\u7684\u200b\u573a\u666f\u200b\uff0c\u200b\u90e8\u5206\u200b Kubernetes \u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\u5728\u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u4e0b\u200b\u5b58\u5728\u200b\u51b2\u7a81\u200b\u3002 \u200b\u4f8b\u5982\u200b\u8282\u70b9\u200b\u548c\u200b Pod \u200b\u4e92\u8bbf\u200b\uff0cNodePort \u200b\u529f\u80fd\u200b\uff0c\u200b\u57fa\u4e8e\u200b\u7f51\u7edc\u200b\u8bbf\u95ee\u200b\u7684\u200b\u5065\u5eb7\u68c0\u67e5\u200b\u548c\u200b DNS \u200b\u80fd\u529b\u200b\u5728\u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u573a\u666f\u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b\u3002 \u200b\u4e3a\u4e86\u200b\u65b9\u4fbf\u200b\u5e38\u89c1\u200b Kubernetes \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\uff0cKube-OVN \u200b\u9ed8\u8ba4\u200b VPC \u200b\u505a\u200b\u4e86\u200b\u7279\u6b8a\u200b\u8bbe\u8ba1\u200b\uff0c\u200b\u8be5\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Subnet \u200b\u53ef\u4ee5\u200b\u6ee1\u8db3\u200b Kubernetes \u200b\u89c4\u8303\u200b\u3002\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u652f\u6301\u200b\u672c\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff0cEIP \u200b\u548c\u200b NAT \u200b\u7f51\u5173\u200b\u7b49\u200b\u529f\u80fd\u200b\u3002 \u200b\u5e38\u89c1\u200b\u9694\u79bb\u200b\u9700\u6c42\u200b\u53ef\u200b\u901a\u8fc7\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u548c\u200b\u5b50\u7f51\u200b ACL \u200b\u5b9e\u73b0\u200b\uff0c\u200b\u5728\u200b\u4f7f\u7528\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u524d\u200b\u8bf7\u200b\u660e\u786e\u200b\u662f\u5426\u200b\u9700\u8981\u200b VPC \u200b\u7ea7\u522b\u200b\u7684\u200b\u9694\u79bb\u200b\uff0c\u200b\u5e76\u200b\u4e86\u89e3\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u9650\u5236\u200b\u3002 \u200b\u5728\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e0b\u200b\uff0c\u200b\u7269\u7406\u200b\u4ea4\u6362\u673a\u200b\u8d1f\u8d23\u200b\u6570\u636e\u200b\u9762\u200b\u8f6c\u53d1\u200b\uff0cVPC \u200b\u65e0\u6cd5\u200b\u5bf9\u200b Underlay \u200b\u5b50\u7f51\u200b\u8fdb\u884c\u200b\u9694\u79bb\u200b\u3002
"},{"location":"guide/vpc/#vpc_1","title":"\u521b\u5efa\u200b\u81ea\u5b9a\u4e49\u200b VPC","text":"\u200b\u521b\u5efa\u200b\u4e24\u4e2a\u200b VPC\uff1a
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n namespaces:\n - ns1\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-2\nspec:\n namespaces:\n - ns2\n
namespaces \u200b\u53ef\u4ee5\u200b\u9650\u5b9a\u200b\u53ea\u6709\u200b\u54ea\u4e9b\u200b Namespace \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5f53\u524d\u200b VPC\uff0c\u200b\u82e5\u4e3a\u200b\u7a7a\u5219\u200b\u4e0d\u200b\u9650\u5b9a\u200b\u3002
\u200b\u521b\u5efa\u200b\u4e24\u4e2a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u5206\u5c5e\u200b\u4e24\u4e2a\u200b\u4e0d\u540c\u200b\u7684\u200b VPC \u200b\u5e76\u200b\u6709\u200b\u76f8\u540c\u200b\u7684\u200b CIDR:
kind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net1\nspec:\n vpc: test-vpc-1\n cidrBlock: 10.0.1.0/24\n protocol: IPv4\n namespaces:\n - ns1\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: test-vpc-2\n cidrBlock: 10.0.1.0/24\n protocol: IPv4\n namespaces:\n - ns2\n
\u200b\u5206\u522b\u200b\u5728\u200b\u4e24\u4e2a\u200b Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b Pod:
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net1\n namespace: ns1\n name: vpc1-pod\nspec:\n containers:\n - name: vpc1-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net2\n namespace: ns2\n name: vpc2-pod\nspec:\n containers:\n - name: vpc2-pod\n image: docker.io/library/nginx:alpine\n
\u200b\u8fd0\u884c\u200b\u6210\u529f\u200b\u540e\u200b\u53ef\u200b\u89c2\u5bdf\u200b\u4e24\u4e2a\u200b Pod \u200b\u5730\u5740\u200b\u5c5e\u4e8e\u200b\u540c\u4e00\u4e2a\u200b CIDR\uff0c\u200b\u4f46\u200b\u7531\u4e8e\u200b\u8fd0\u884c\u200b\u5728\u200b\u4e0d\u540c\u200b\u7684\u200b\u79df\u6237\u200b VPC\uff0c\u200b\u4e24\u4e2a\u200b Pod \u200b\u65e0\u6cd5\u200b\u76f8\u4e92\u200b\u8bbf\u95ee\u200b\u3002
"},{"location":"guide/vpc/#vpc-pod-livenessprobe-readinessprobe","title":"\u81ea\u5b9a\u4e49\u200b VPC Pod \u200b\u652f\u6301\u200b livenessProbe \u200b\u548c\u200b readinessProbe","text":"\u200b\u7531\u4e8e\u200b\u5e38\u89c4\u200b\u914d\u7f6e\u200b\u4e0b\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u548c\u200b\u8282\u70b9\u200b\u7684\u200b\u7f51\u7edc\u200b\u4e4b\u95f4\u200b\u5e76\u200b\u4e0d\u200b\u4e92\u901a\u200b\uff0c\u200b\u6240\u4ee5\u200b kubelet \u200b\u53d1\u9001\u200b\u7684\u200b\u63a2\u6d4b\u200b\u62a5\u6587\u200b\u65e0\u6cd5\u200b\u5230\u8fbe\u200b\u81ea\u200b\u5b9a\u200b VPC \u200b\u5185\u200b\u7684\u200b Pod\u3002Kube-OVN \u200b\u901a\u8fc7\u200b TProxy \u200b\u5c06\u200b kubelet \u200b\u53d1\u9001\u200b\u7684\u200b\u63a2\u6d4b\u200b\u62a5\u6587\u200b\u91cd\u5b9a\u5411\u200b\u5230\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b Pod\uff0c\u200b\u4ece\u800c\u200b\u5b9e\u73b0\u200b\u8fd9\u4e00\u200b\u529f\u80fd\u200b\u3002
\u200b\u914d\u7f6e\u200b\u65b9\u6cd5\u200b\u5982\u4e0b\u200b\uff0c\u200b\u5728\u200b Daemonset kube-ovn-cni \u200b\u4e2d\u200b\u589e\u52a0\u200b\u53c2\u6570\u200b --enable-tproxy=true\uff1a
spec:\n template:\n spec:\n containers:\n - args:\n - --enable-tproxy=true\n
\u200b\u8be5\u200b\u529f\u80fd\u200b\u9650\u5236\u200b\u6761\u4ef6\u200b\uff1a
- \u200b\u5f53\u200b\u540c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0b\u200b\u51fa\u73b0\u200b\u4e0d\u540c\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u5177\u6709\u200b\u76f8\u540c\u200b\u7684\u200b IP\uff0c\u200b\u63a2\u6d4b\u200b\u529f\u80fd\u200b\u5931\u6548\u200b\u3002
- \u200b\u76ee\u524d\u200b\u6682\u65f6\u200b\u53ea\u200b\u652f\u6301\u200b
tcpSocket \u200b\u548c\u200b httpGet \u200b\u4e24\u79cd\u200b\u63a2\u6d4b\u200b\u65b9\u5f0f\u200b\u3002
"},{"location":"guide/vpc/#vpc_2","title":"\u521b\u5efa\u200b VPC \u200b\u7f51\u5173","text":"\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e0d\u200b\u652f\u6301\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u548c\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u3002
VPC \u200b\u5185\u5bb9\u200b\u5668\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b VPC \u200b\u7f51\u5173\u200b\uff0cVPC \u200b\u7f51\u5173\u200b\u53ef\u4ee5\u200b\u6253\u901a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u548c\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b\u63d0\u4f9b\u200b \u200b\u6d6e\u52a8\u200b IP\uff0cSNAT \u200b\u548c\u200b DNAT \u200b\u529f\u80fd\u200b\u3002
VPC \u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u4f9d\u8d56\u200b Multus-CNI \u200b\u7684\u200b\u591a\u200b\u7f51\u5361\u200b\u529f\u80fd\u200b\uff0c\u200b\u5b89\u88c5\u200b\u8bf7\u200b\u53c2\u8003\u200b multus-cni\u3002
"},{"location":"guide/vpc/#_1","title":"\u914d\u7f6e\u200b\u5916\u90e8\u200b\u7f51\u7edc","text":"apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: ovn-vpc-external-network\nspec:\n protocol: IPv4\n provider: ovn-vpc-external-network.kube-system\n cidrBlock: 192.168.0.0/24\n gateway: 192.168.0.1 # IP address of the physical gateway\n excludeIps:\n - 192.168.0.1..192.168.0.10\n---\napiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-vpc-external-network\n namespace: kube-system\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth1\",\n \"mode\": \"bridge\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-vpc-external-network.kube-system\"\n }\n }'\n
- \u200b\u8be5\u200b Subnet \u200b\u7528\u6765\u200b\u7ba1\u7406\u200b\u53ef\u7528\u200b\u7684\u200b\u5916\u90e8\u200b\u5730\u5740\u200b\uff0c\u200b\u7f51\u6bb5\u200b\u5185\u200b\u7684\u200b\u5730\u5740\u200b\u5c06\u4f1a\u200b\u901a\u8fc7\u200b Macvlan \u200b\u5206\u914d\u200b\u7ed9\u200b VPC \u200b\u7f51\u5173\u200b\uff0c\u200b\u8bf7\u200b\u548c\u200b\u7f51\u7edc\u7ba1\u7406\u200b\u6c9f\u901a\u200b\u7ed9\u51fa\u200b\u53ef\u7528\u200b\u7684\u200b\u7269\u7406\u200b\u6bb5\u200b IP\u3002
- VPC \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b Macvlan \u200b\u505a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c
NetworkAttachmentDefinition \u200b\u7684\u200b master \u200b\u9700\u4e3a\u200b\u5bf9\u5e94\u200b\u7269\u7406\u200b\u7f51\u8def\u200b\u7f51\u5361\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u200b\u3002 name \u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u540d\u79f0\u200b\u3002
\u200b\u5728\u200b Macvlan \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u9644\u5c5e\u200b\u7f51\u5361\u200b\u4f1a\u200b\u5c06\u200b\u6570\u636e\u5305\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b\u8be5\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u5bf9\u5916\u200b\u53d1\u9001\u200b\uff0cL2/L3 \u200b\u5c42\u9762\u200b\u7684\u200b\u8f6c\u53d1\u200b\u80fd\u529b\u200b\u9700\u8981\u200b\u4f9d\u8d56\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u3002 \u200b\u9700\u8981\u200b\u9884\u5148\u200b\u5728\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u914d\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5173\u200b\u3001Vlan \u200b\u548c\u200b\u5b89\u5168\u7b56\u7565\u200b\u7b49\u200b\u914d\u7f6e\u200b\u3002
- \u200b\u5bf9\u4e8e\u200b OpenStack \u200b\u7684\u200b VM \u200b\u73af\u5883\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u5bf9\u5e94\u200b\u7f51\u7edc\u200b\u7aef\u53e3\u200b\u7684\u200b
PortSecurity \u200b\u5173\u95ed\u200b\u3002 - \u200b\u5bf9\u4e8e\u200b VMware \u200b\u7684\u200b vSwitch \u200b\u7f51\u7edc\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b
MAC Address Changes, Forged Transmits \u200b\u548c\u200b Promiscuous Mode Operation \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b allow\u3002 - \u200b\u5bf9\u4e8e\u200b Hyper-V \u200b\u865a\u62df\u5316\u200b\uff0c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u865a\u62df\u673a\u200b\u7f51\u5361\u200b\u9ad8\u7ea7\u200b\u529f\u80fd\u200b\u4e2d\u200b\u7684\u200b
MAC Address Spoofing\u3002 - \u200b\u516c\u6709\u200b\u4e91\u200b\uff0c\u200b\u4f8b\u5982\u200b AWS\u3001GCE\u3001\u200b\u963f\u91cc\u200b\u4e91\u200b\u7b49\u200b\u7531\u4e8e\u200b\u4e0d\u200b\u652f\u6301\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b Mac \u200b\u65e0\u6cd5\u200b\u652f\u6301\u200b Macvlan \u200b\u6a21\u5f0f\u200b\u7f51\u7edc\u200b\u3002
- \u200b\u7531\u4e8e\u200b Macvlan \u200b\u672c\u8eab\u200b\u7684\u200b\u9650\u5236\u200b\uff0cMacvlan \u200b\u5b50\u200b\u63a5\u53e3\u200b\u65e0\u6cd5\u8bbf\u95ee\u200b\u7236\u200b\u63a5\u53e3\u200b\u5730\u5740\u200b\u3002
- \u200b\u5982\u679c\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u5bf9\u5e94\u200b\u4ea4\u6362\u673a\u200b\u63a5\u53e3\u200b\u4e3a\u200b Trunk \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u8be5\u200b\u7f51\u5361\u200b\u4e0a\u200b\u521b\u5efa\u200b\u5b50\u200b\u63a5\u53e3\u200b\u518d\u200b\u63d0\u4f9b\u200b\u7ed9\u200b Macvlan \u200b\u4f7f\u7528\u200b\u3002
"},{"location":"guide/vpc/#vpc_3","title":"\u5f00\u542f\u200b VPC \u200b\u7f51\u5173\u200b\u529f\u80fd","text":"VPC \u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b kube-system \u200b\u4e0b\u200b\u7684\u200b ovn-vpc-nat-gw-config \u200b\u5f00\u542f\u200b\uff1a
---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: ovn-vpc-nat-config\n namespace: kube-system\ndata:\n image: 'docker.io/kubeovn/vpc-nat-gateway:v1.12.12' \n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: ovn-vpc-nat-gw-config\n namespace: kube-system\ndata:\n enable-vpc-nat-gw: 'true'\n
image: \u200b\u7f51\u5173\u200b Pod \u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b\u955c\u50cf\u200b\u3002enable-vpc-nat-gw\uff1a \u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u542f\u7528\u200b VPC \u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u3002
"},{"location":"guide/vpc/#vpc_4","title":"\u521b\u5efa\u200b VPC \u200b\u7f51\u5173\u200b\u5e76\u200b\u914d\u7f6e\u200b\u9ed8\u8ba4\u200b\u8def\u7531","text":"kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n externalSubnets:\n - ovn-vpc-external-network\n
vpc\uff1a\u200b\u8be5\u200b VpcNatGateway \u200b\u6240\u5c5e\u200b\u7684\u200b VPC\u3002subnet\uff1a\u200b\u4e3a\u200b VPC \u200b\u5185\u200b\u67d0\u4e2a\u200b Subnet \u200b\u540d\u200b\uff0cVPC \u200b\u7f51\u5173\u200b Pod \u200b\u4f1a\u200b\u5728\u200b\u8be5\u200b\u5b50\u7f51\u200b\u4e0b\u7528\u200b lanIp \u200b\u6765\u200b\u8fde\u63a5\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u3002lanIp\uff1asubnet \u200b\u5185\u200b\u67d0\u4e2a\u200b\u672a\u200b\u88ab\u200b\u4f7f\u7528\u200b\u7684\u200b IP\uff0cVPC \u200b\u7f51\u5173\u200b Pod \u200b\u6700\u7ec8\u200b\u4f1a\u200b\u4f7f\u7528\u200b\u8be5\u200b Pod\u3002\u200b\u5f53\u200b VPC \u200b\u914d\u7f6e\u200b\u8def\u7531\u200b\u9700\u8981\u200b\u6307\u5411\u200b\u5f53\u524d\u200b VpcNatGateway \u200b\u65f6\u200b nextHopIP \u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u8fd9\u4e2a\u200b lanIp\u3002selector\uff1aVpcNatGateway Pod \u200b\u7684\u200b\u8282\u70b9\u200b\u9009\u62e9\u5668\u200b\uff0c\u200b\u683c\u5f0f\u200b\u548c\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b NodeSelector \u200b\u683c\u5f0f\u200b\u76f8\u540c\u200b\u3002externalSubnets\uff1a VPC \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5982\u679c\u200b\u4e0d\u200b\u914d\u7f6e\u200b\u5219\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b ovn-vpc-external-network\uff0c\u200b\u5f53\u524d\u200b\u7248\u672c\u200b\u53ea\u200b\u652f\u6301\u200b\u914d\u7f6e\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5176\u4ed6\u200b\u53ef\u200b\u914d\u200b\u53c2\u6570\u200b\uff1a
tolerations : \u200b\u4e3a\u200b VPC \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b\u5bb9\u5fcd\u5ea6\u200b\uff0c\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u53c2\u8003\u200b \u200b\u6c61\u70b9\u200b\u548c\u200b\u5bb9\u5fcd\u5ea6\u200b\u3002affinity : \u200b\u4e3a\u200b VPC \u200b\u7f51\u5173\u200b Pod \u200b\u6216\u200b\u8282\u70b9\u200b\u914d\u7f6e\u200b\u4eb2\u548c\u6027\u200b\uff0c\u200b\u5177\u4f53\u200b\u8bbe\u7f6e\u200b\u53c2\u8003\u200b \u200b\u4eb2\u548c\u6027\u200b\u4e0e\u200b\u53cd\u200b\u4eb2\u548c\u6027\u200b\u3002
"},{"location":"guide/vpc/#eip","title":"\u521b\u5efa\u200b EIP","text":"EIP \u200b\u4e3a\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u6bb5\u200b\u7684\u200b\u67d0\u4e2a\u200b IP \u200b\u5206\u914d\u200b\u7ed9\u200b VPC \u200b\u7f51\u5173\u200b\u540e\u200b\u53ef\u200b\u8fdb\u884c\u200b DNAT\uff0cSNAT \u200b\u548c\u200b\u6d6e\u52a8\u200b IP \u200b\u64cd\u4f5c\u200b\u3002
\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u4e00\u4e2a\u200b\u5730\u5740\u200b\u7ed9\u200b EIP\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-random\nspec:\n natGwDp: gw1\n
\u200b\u56fa\u5b9a\u200b EIP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n natGwDp: gw1\n v4ip: 10.0.1.111\n
\u200b\u6307\u5b9a\u200b EIP \u200b\u6240\u5728\u200b\u7684\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-random\nspec:\n natGwDp: gw1\n externalSubnet: ovn-vpc-external-network\n
externalSubnet\uff1a EIP \u200b\u6240\u5728\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u540d\u79f0\u200b\uff0c\u200b\u5982\u679c\u200b\u4e0d\u200b\u6307\u5b9a\u200b\u5219\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b ovn-vpc-external-network\uff0c\u200b\u5982\u679c\u200b\u6307\u5b9a\u200b\u5219\u200b\u5fc5\u987b\u200b\u4e3a\u200b\u6240\u5728\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b externalSubnets \u200b\u4e2d\u200b\u7684\u200b\u4e00\u4e2a\u200b\u3002
"},{"location":"guide/vpc/#dnat","title":"\u521b\u5efa\u200b DNAT \u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b DNAT \u200b\u89c4\u5219\u200b\uff0c\u200b\u5916\u90e8\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e00\u4e2a\u200b EIP \u200b\u52a0\u200b\u7aef\u53e3\u200b\u7684\u200b\u65b9\u5f0f\u200b\u6765\u200b\u8bbf\u95ee\u200b VPC \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b IP \u200b\u548c\u200b\u7aef\u53e3\u200b\u3002
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eipd01\nspec:\n natGwDp: gw1\n\n---\nkind: IptablesDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: dnat01\nspec:\n eip: eipd01 \n externalPort: '8888'\n internalIp: 10.0.1.10\n internalPort: '80'\n protocol: tcp\n
"},{"location":"guide/vpc/#snat","title":"\u521b\u5efa\u200b SNAT \u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b SNAT \u200b\u89c4\u5219\u200b\uff0cVPC \u200b\u5185\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7684\u200b\u5730\u5740\u200b\u65f6\u200b\u5c06\u200b\u4f1a\u200b\u901a\u8fc7\u200b\u5bf9\u5e94\u200b EIP \u200b\u8fdb\u884c\u200b SNAT\u3002
---\nkind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eips01\nspec:\n natGwDp: gw1\n---\nkind: IptablesSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat01\nspec:\n eip: eips01\n internalCIDR: 10.0.1.0/24\n
"},{"location":"guide/vpc/#ip","title":"\u521b\u5efa\u200b\u6d6e\u52a8\u200b IP","text":"\u200b\u901a\u8fc7\u200b\u6d6e\u52a8\u200b IP \u200b\u89c4\u5219\u200b\uff0cVPC \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b IP \u200b\u4f1a\u200b\u548c\u200b EIP \u200b\u8fdb\u884c\u200b\u5b8c\u5168\u200b\u6620\u5c04\u200b\uff0c\u200b\u5916\u90e8\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u8fd9\u4e2a\u200b EIP \u200b\u8bbf\u95ee\u200b VPC \u200b\u5185\u200b\u7684\u200b IP\uff0cVPC \u200b\u5185\u200b\u7684\u200b\u8fd9\u4e2a\u200b IP \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u5730\u5740\u200b\u65f6\u200b\u4e5f\u200b\u4f1a\u200b SNAT \u200b\u6210\u200b\u8fd9\u4e2a\u200b EIP\u3002
---\nkind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eipf01\nspec:\n natGwDp: gw1\n\n---\nkind: IptablesFIPRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: fip01\nspec:\n eip: eipf01\n internalIp: 10.0.1.5\n
"},{"location":"guide/vpc/#_2","title":"\u81ea\u5b9a\u4e49\u200b\u8def\u7531","text":"\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u81ea\u5b9a\u4e49\u200b\u7f51\u7edc\u200b\u5185\u90e8\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\uff0c\u200b\u7ed3\u5408\u200b\u7f51\u5173\u200b\u5b9e\u73b0\u200b\u66f4\u200b\u7075\u6d3b\u200b\u7684\u200b\u8f6c\u53d1\u200b\u3002 Kube-OVN \u200b\u652f\u6301\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u548c\u200b\u66f4\u4e3a\u200b\u7075\u6d3b\u200b\u7684\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u3002
"},{"location":"guide/vpc/#_3","title":"\u9759\u6001\u200b\u8def\u7531","text":"kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n staticRoutes:\n - cidr: 0.0.0.0/0\n nextHopIP: 10.0.1.254\n policy: policyDst\n - cidr: 172.31.0.0/24\n nextHopIP: 10.0.1.253\n policy: policySrc\n routeTable: \"rtb1\"\n
policy: \u200b\u652f\u6301\u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u8def\u7531\u200b policyDst \u200b\u548c\u200b\u6e90\u5730\u5740\u200b\u8def\u7531\u200b policySrc\u3002- \u200b\u5f53\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b\u65f6\u200b\uff0cCIDR \u200b\u63a9\u7801\u200b\u8f83\u957f\u200b\u7684\u200b\u89c4\u5219\u200b\u4f18\u5148\u7ea7\u200b\u66f4\u9ad8\u200b\uff0c\u200b\u82e5\u200b\u63a9\u7801\u200b\u957f\u5ea6\u200b\u76f8\u540c\u200b\u5219\u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u8def\u7531\u200b\u4f18\u5148\u200b\u4e8e\u200b\u6e90\u5730\u5740\u200b\u8def\u7531\u200b\u3002
routeTable: \u200b\u53ef\u200b\u6307\u5b9a\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u6240\u5728\u200b\u7684\u200b\u8def\u7531\u8868\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5728\u200b\u4e3b\u200b\u8def\u7531\u8868\u200b\u3002\u200b\u5b50\u7f51\u200b\u5173\u8054\u200b\u8def\u7531\u8868\u200b\u8bf7\u200b\u53c2\u8003\u200b\u521b\u5efa\u200b\u5b50\u7f51\u200b
"},{"location":"guide/vpc/#_4","title":"\u7b56\u7565\u200b\u8def\u7531","text":"\u200b\u9488\u5bf9\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u5339\u914d\u200b\u7684\u200b\u6d41\u91cf\u200b\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u8fdb\u884c\u200b\u66f4\u200b\u7ec6\u7c92\u5ea6\u200b\u7684\u200b\u63a7\u5236\u200b\u3002\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u66f4\u200b\u7cbe\u786e\u200b\u7684\u200b\u5339\u914d\u200b\u89c4\u5219\u200b\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u63a7\u5236\u200b \u200b\u548c\u200b\u66f4\u200b\u591a\u200b\u7684\u200b\u8f6c\u53d1\u200b\u52a8\u4f5c\u200b\u3002\u200b\u8be5\u200b\u529f\u80fd\u200b\u4e3a\u200b OVN \u200b\u5185\u90e8\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\u7b56\u7565\u200b\u529f\u80fd\u200b\u7684\u200b\u4e00\u4e2a\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u4f7f\u7528\u200b\u4fe1\u606f\u200b\u8bf7\u200b\u53c2\u8003\u200b Logical Router Policy\u3002
\u200b\u7b80\u5355\u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n policyRoutes:\n - action: drop\n match: ip4.src==10.0.1.0/24 && ip4.dst==10.0.1.250\n priority: 11\n - action: reroute\n match: ip4.src==10.0.1.0/24\n nextHopIP: 10.0.1.252\n priority: 10\n
"},{"location":"guide/vpc/#_5","title":"\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219","text":"Kubernetes \u200b\u672c\u8eab\u200b\u63d0\u4f9b\u200b\u7684\u200b Service \u200b\u80fd\u529b\u200b\u53ef\u4ee5\u200b\u5b8c\u6210\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u4f46\u662f\u200b\u53d7\u9650\u4e8e\u200b Kubernetes \u200b\u5b9e\u73b0\u200b\uff0c Service \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u662f\u200b\u5168\u5c40\u200b\u5206\u914d\u200b\u4e14\u200b\u4e0d\u80fd\u200b\u91cd\u590d\u200b\u3002\u200b\u5bf9\u4e8e\u200b VPC \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\uff0c\u200b\u7528\u6237\u200b\u5e0c\u671b\u200b\u80fd\u200b\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u5730\u5740\u200b \u200b\u8303\u56f4\u200b\uff0c\u200b\u4e0d\u540c\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u5730\u5740\u200b\u53ef\u80fd\u200b\u91cd\u53e0\u200b\uff0cKubernetes \u200b\u5185\u7f6e\u200b\u7684\u200b Service \u200b\u529f\u80fd\u200b\u65e0\u6cd5\u200b\u5b8c\u5168\u200b\u6ee1\u8db3\u200b\u3002
\u200b\u9488\u5bf9\u200b\u8fd9\u200b\u7c7b\u200b\u573a\u666f\u200b\uff0cKube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b SwitchLBRule \u200b\u8d44\u6e90\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u3002
\u200b\u4e00\u4e2a\u200b `SwitchLBRule`` \u200b\u4f8b\u5b50\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n selector:\n - app:nginx\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
vip\uff1a\u200b\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u5730\u5740\u200b\u3002namespace\uff1a\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u5668\u200b\u540e\u200b\u7aef\u200b Pod \u200b\u6240\u5728\u200b\u7684\u200b Namespace\u3002sessionAffinity\uff1a\u200b\u548c\u200b Service \u200b\u7684\u200b sessionAffinity \u200b\u529f\u80fd\u200b\u76f8\u540c\u200b\u3002selector\uff1a\u200b\u548c\u200b Service \u200b\u7684\u200b selector \u200b\u529f\u80fd\u200b\u76f8\u540c\u200b\u3002ports\uff1a\u200b\u548c\u200b Service \u200b\u7684\u200b port \u200b\u529f\u80fd\u200b\u76f8\u540c\u200b\u3002
\u200b\u67e5\u770b\u200b\u90e8\u7f72\u200b\u7684\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u5668\u200b\u89c4\u5219\u200b\uff1a
# kubectl get slr\nNAME VIP PORT(S) SERVICE AGE\nvpc-dns-test-cjh2 10.96.0.3 53/UDP,53/TCP,9153/TCP kube-system/slr-vpc-dns-test-cjh2 88m\n
"},{"location":"guide/vpc/#vpc-dns","title":"\u81ea\u5b9a\u4e49\u200b vpc-dns","text":"\u200b\u7531\u4e8e\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u548c\u200b\u9ed8\u8ba4\u200b VPC \u200b\u7f51\u7edc\u200b\u76f8\u4e92\u200b\u9694\u79bb\u200b\uff0cVPC \u200b\u5185\u200b Pod \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b\u7684\u200b coredns \u200b\u670d\u52a1\u200b\u8fdb\u884c\u200b\u57df\u540d\u89e3\u6790\u200b\u3002 \u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u4f7f\u7528\u200b coredns \u200b\u89e3\u6790\u200b\u96c6\u7fa4\u200b\u5185\u200b Service \u200b\u57df\u540d\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Kube-OVN \u200b\u63d0\u4f9b\u200b\u7684\u200b vpc-dns \u200b\u8d44\u6e90\u200b\u6765\u200b\u5b9e\u73b0\u200b\u3002
"},{"location":"guide/vpc/#_6","title":"\u521b\u5efa\u200b\u9644\u52a0\u200b\u7f51\u5361","text":"apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-nad\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-nad.default.ovn\"\n }'\n
"},{"location":"guide/vpc/#ovn-default-provider","title":"\u4fee\u6539\u200b ovn-default \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u7684\u200b provider","text":"\u200b\u4fee\u6539\u200b ovn-default \u200b\u7684\u200b provider\uff0c\u200b\u4e3a\u200b\u4e0a\u9762\u200b nad \u200b\u914d\u7f6e\u200b\u7684\u200b provider ovn-nad.default.ovn\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: ovn-default\nspec:\n cidrBlock: 10.16.0.0/16\n default: true\n disableGatewayCheck: false\n disableInterConnection: false\n enableDHCP: false\n enableIPv6RA: false\n excludeIps:\n - 10.16.0.1\n gateway: 10.16.0.1\n gatewayType: distributed\n logicalGateway: false\n natOutgoing: true\n private: false\n protocol: IPv4\n provider: ovn-nad.default.ovn\n vpc: ovn-cluster\n
"},{"location":"guide/vpc/#vpc-dns-configmap","title":"\u914d\u7f6e\u200b vpc-dns \u200b\u7684\u200b ConfigMap","text":"\u200b\u5728\u200b kube-system \u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u4e0b\u200b\u521b\u5efa\u200b configmap\uff0c\u200b\u914d\u7f6e\u200b vpc-dns \u200b\u4f7f\u7528\u200b\u53c2\u6570\u200b\uff0c\u200b\u7528\u4e8e\u200b\u540e\u9762\u200b\u542f\u52a8\u200b vpc-dns \u200b\u529f\u80fd\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-config\n namespace: kube-system\ndata:\n coredns-vip: 10.96.0.3\n enable-vpc-dns: \"true\"\n nad-name: ovn-nad\n nad-provider: ovn-nad.default.ovn\n
enable-vpc-dns\uff1a\uff08\u200b\u53ef\u200b\u7f3a\u7701\u200b\uff09true \u200b\u542f\u7528\u200b\u529f\u80fd\u200b\uff0cfalse \u200b\u5173\u95ed\u200b\u529f\u80fd\u200b\u3002\u200b\u9ed8\u8ba4\u200b true\u3002coredns-image\uff1a\uff08\u200b\u53ef\u200b\u7701\u7565\u200b\uff09\uff1adns \u200b\u90e8\u7f72\u200b\u955c\u50cf\u200b\u3002\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b coredns \u200b\u90e8\u7f72\u200b\u7248\u672c\u200b\u3002coredns-template\uff1a\uff08\u200b\u53ef\u200b\u7701\u7565\u200b\uff09\uff1adns \u200b\u90e8\u7f72\u200b\u6a21\u677f\u200b\u6240\u5728\u200b\u7684\u200b URL\u3002\u200b\u9ed8\u8ba4\u200b\uff1a\u200b\u5f53\u524d\u200b\u7248\u672c\u200b\u4ed3\u5e93\u200b\u91cc\u200b\u7684\u200b yamls/coredns-template.yaml\u3002coredns-vip\uff1a\u200b\u4e3a\u200b coredns \u200b\u63d0\u4f9b\u200b lb \u200b\u670d\u52a1\u200b\u7684\u200b vip\u3002nad-name\uff1a\u200b\u914d\u7f6e\u200b\u7684\u200b network-attachment-definitions \u200b\u8d44\u6e90\u200b\u540d\u79f0\u200b\u3002nad-provider\uff1a\u200b\u4f7f\u7528\u200b\u7684\u200b provider \u200b\u540d\u79f0\u200b\u3002k8s-service-host\uff1a\uff08\u200b\u53ef\u200b\u7f3a\u7701\u200b\uff09 \u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b ip\u3002k8s-service-port\uff1a\uff08\u200b\u53ef\u200b\u7f3a\u7701\u200b\uff09\u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b port\u3002
"},{"location":"guide/vpc/#vpc-dns_1","title":"\u90e8\u7f72\u200b vpc-dns \u200b\u4f9d\u8d56\u200b\u8d44\u6e90","text":"apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:vpc-dns\nrules:\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - namespaces\n verbs:\n - list\n - watch\n - apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n annotations:\n rbac.authorization.kubernetes.io/autoupdate: \"true\"\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: vpc-dns\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:vpc-dns\nsubjects:\n- kind: ServiceAccount\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-corefile\n namespace: kube-system\ndata:\n Corefile: |\n .:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n forward . /etc/resolv.conf {\n prefer_udp\n }\n cache 30\n loop\n reload\n loadbalance\n }\n
"},{"location":"guide/vpc/#vpc-dns_2","title":"\u90e8\u7f72\u200b vpc-dns","text":"kind: VpcDns\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-cjh1\nspec:\n vpc: cjh-vpc-1\n subnet: cjh-subnet-1\n
vpc\uff1a \u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b vpc \u200b\u540d\u79f0\u200b\u3002subnet\uff1a\u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b\u5b50\u200b\u540d\u79f0\u200b\u3002
\u200b\u67e5\u770b\u200b\u8d44\u6e90\u200b\u4fe1\u606f\u200b\uff1a
[root@hci-dev-mst-1 kubeovn]# kubectl get vpc-dns\nNAME ACTIVE VPC SUBNET \ntest-cjh1 false cjh-vpc-1 cjh-subnet-1 \ntest-cjh2 true cjh-vpc-1 cjh-subnet-2 \n
ACTIVE: true \u200b\u6210\u529f\u200b\u90e8\u7f72\u200b\u4e86\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b\uff0cfalse \u200b\u65e0\u200b\u90e8\u7f72\u200b
"},{"location":"guide/vpc/#_7","title":"\u9650\u5236","text":" - \u200b\u4e00\u4e2a\u200b vpc \u200b\u4e0b\u200b\u53ea\u4f1a\u200b\u90e8\u7f72\u200b\u4e00\u4e2a\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b;
- \u200b\u5f53\u200b\u4e00\u4e2a\u200b vpc \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u591a\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\uff08\u200b\u5373\u200b\u540c\u4e00\u4e2a\u200b vpc \u200b\u4e0d\u540c\u200b\u7684\u200b subnet\uff09\uff0c\u200b\u53ea\u6709\u200b\u4e00\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\u72b6\u6001\u200b
true\uff0c\u200b\u5176\u4ed6\u200b\u4e3a\u200b fasle; - \u200b\u5f53\u200b
true \u200b\u7684\u200b vpc-dns \u200b\u88ab\u200b\u5220\u9664\u200b\u6389\u200b\uff0c\u200b\u4f1a\u200b\u83b7\u53d6\u200b\u5176\u4ed6\u200b false \u200b\u7684\u200b vpc-dns \u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/webhook/","title":"Webhook \u200b\u4f7f\u7528","text":"\u200b\u4f7f\u7528\u200b Webhook \u200b\u53ef\u4ee5\u200b\u5bf9\u200b Kube-OVN \u200b\u5185\u200b\u7684\u200b CRD \u200b\u8d44\u6e90\u200b\u8fdb\u884c\u200b\u6821\u9a8c\u200b\uff0c\u200b\u76ee\u524d\u200b Webhook \u200b\u4e3b\u8981\u200b\u5b8c\u6210\u200b \u200b\u56fa\u5b9a\u200b IP \u200b\u5730\u5740\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\u548c\u200b Subnet CIDR \u200b\u7684\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\uff0c\u200b\u5e76\u200b\u5728\u200b\u8fd9\u7c7b\u200b\u8d44\u6e90\u200b\u521b\u5efa\u200b\u51b2\u7a81\u200b\u65f6\u200b\u63d0\u793a\u200b\u9519\u8bef\u200b\u3002
\u200b\u7531\u4e8e\u200b Webhook \u200b\u4f1a\u200b\u62e6\u622a\u200b\u6240\u6709\u200b\u7684\u200b Subnet \u200b\u548c\u200b Pod \u200b\u521b\u5efa\u200b\u7684\u200b\u8bf7\u6c42\u200b\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u5148\u200b\u90e8\u7f72\u200b Kube-OVN \u200b\u540e\u200b\u90e8\u7f72\u200b Webhook \u200b\u907f\u514d\u200b\u65e0\u6cd5\u200b\u521b\u5efa\u200b Pod\u3002
"},{"location":"guide/webhook/#cert-manager","title":"Cert-Manager \u200b\u5b89\u88c5","text":"Webhook \u200b\u90e8\u7f72\u200b\u9700\u8981\u200b\u76f8\u5173\u200b\u8bc1\u4e66\u200b\u52a0\u5bc6\u200b\uff0c\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b cert-manager \u200b\u751f\u6210\u200b\u76f8\u5173\u200b\u8bc1\u4e66\u200b\uff0c\u200b\u6211\u4eec\u200b\u9700\u8981\u200b\u5728\u200b\u90e8\u7f72\u200b Webhook \u200b\u524d\u5148\u200b\u90e8\u7f72\u200b cert-manager\u3002
\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u6765\u200b\u90e8\u7f72\u200b cert-manager:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml\n
\u200b\u66f4\u200b\u591a\u200b cert-manager \u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b cert-manager \u200b\u6587\u6863\u200b\u3002
"},{"location":"guide/webhook/#webhook_1","title":"\u5b89\u88c5\u200b Webhook","text":"\u200b\u4e0b\u8f7d\u200b Webhook \u200b\u5bf9\u5e94\u200b\u7684\u200b yaml \u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b:
# kubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/yamls/webhook.yaml\ndeployment.apps/kube-ovn-webhook created\nservice/kube-ovn-webhook created\nvalidatingwebhookconfiguration.admissionregistration.k8s.io/kube-ovn-webhook created\ncertificate.cert-manager.io/kube-ovn-webhook-serving-cert created\nissuer.cert-manager.io/kube-ovn-webhook-selfsigned-issuer created\n
"},{"location":"guide/webhook/#webhook_2","title":"\u9a8c\u8bc1\u200b Webhook \u200b\u751f\u6548","text":"\u200b\u67e5\u770b\u200b\u5df2\u200b\u8fd0\u884c\u200b Pod\uff0c\u200b\u5f97\u5230\u200b Pod IP 10.16.0.15\uff1a
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nstatic-7584848b74-fw9dm 1/1 Running 0 2d13h 10.16.0.15 kube-ovn-worker <none> \n
\u200b\u7f16\u5199\u200b yaml \u200b\u521b\u5efa\u200b\u76f8\u540c\u200b IP \u200b\u7684\u200b Pod\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\n labels:\n app: static\n managedFields:\n name: staticip-pod\n namespace: default\nspec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0a\u200b yaml \u200b\u521b\u5efa\u200b\u9759\u6001\u200b\u5730\u5740\u200b Pod \u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u63d0\u793a\u200b IP \u200b\u5730\u5740\u200b\u51b2\u7a81\u200b\uff1a
# kubectl apply -f pod-static.yaml\nError from server (annotation ip address 10.16.0.15 is conflict with ip crd static-7584848b74-fw9dm.default 10.16.0.15): error when creating \"pod-static.yaml\": admission webhook \"pod-ip-validaing.kube-ovn.io\" denied the request: annotation ip address 10.16.0.15 is conflict with ip crd static-7584848b74-fw9dm.default 10.16.0.15\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-default-subnet/","title":"\u4fee\u6539\u200b\u5b50\u7f51\u200b CIDR","text":"\u200b\u5982\u679c\u200b\u521b\u5efa\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u51b2\u7a81\u200b\u6216\u200b\u4e0d\u200b\u7b26\u5408\u200b\u9884\u671f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u672c\u200b\u6587\u6863\u200b\u7684\u200b\u6b65\u9aa4\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
\u200b\u4fee\u6539\u200b\u5b50\u7f51\u200b CIDR \u200b\u540e\u200b\u4e4b\u524d\u200b\u521b\u5efa\u200b\u7684\u200b Pod \u200b\u5c06\u200b\u65e0\u6cd5\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u8fdb\u884c\u200b\u91cd\u5efa\u200b\u3002 \u200b\u5efa\u8bae\u200b\u64cd\u4f5c\u524d\u200b\u614e\u91cd\u8003\u8651\u200b\u3002\u200b\u672c\u6587\u200b\u53ea\u200b\u9488\u5bf9\u200b\u4e1a\u52a1\u200b\u5b50\u7f51\u200b CIDR \u200b\u66f4\u6539\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5982\u9700\u200b \u200b\u66f4\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR \u200b\u8bf7\u200b\u53c2\u8003\u200b\u66f4\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR\u3002
"},{"location":"ops/change-default-subnet/#_1","title":"\u7f16\u8f91\u200b\u5b50\u7f51","text":"\u200b\u4f7f\u7528\u200b kubectl edit \u200b\u4fee\u6539\u200b\u5b50\u7f51\u200b cidrBlock\uff0cgateway \u200b\u548c\u200b excludeIps\u3002
kubectl edit subnet test-subnet\n
"},{"location":"ops/change-default-subnet/#namespace-pod","title":"\u91cd\u5efa\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\u7684\u200b Namespace \u200b\u4e0b\u200b\u6240\u6709\u200b Pod","text":"\u200b\u4ee5\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b test Namespace \u200b\u4e3a\u4f8b\u200b\uff1a
for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n test --ignore-not-found\ndone\n
\u200b\u82e5\u200b\u53ea\u200b\u4f7f\u7528\u200b\u4e86\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\u5220\u9664\u200b\u6240\u6709\u200b\u975e\u200b host \u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u7684\u200b Pod\uff1a
for ns in $(kubectl get ns --no-headers -o custom-columns=NAME:.metadata.name); do\n for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n \"$ns\" --ignore-not-found\n done\ndone\n
"},{"location":"ops/change-default-subnet/#_2","title":"\u66f4\u6539\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u914d\u7f6e","text":"\u200b\u82e5\u200b\u4fee\u6539\u200b\u7684\u200b\u4e3a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u8fd8\u200b\u9700\u8981\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff1a
args:\n- --default-cidr=10.17.0.0/16\n- --default-gateway=10.17.0.1\n- --default-exclude-ips=10.17.0.1\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-join-subnet/","title":"\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR","text":"\u200b\u82e5\u200b\u53d1\u73b0\u200b\u521b\u5efa\u200b\u7684\u200b Join \u200b\u5b50\u7f51\u200b CIDR \u200b\u51b2\u7a81\u200b\u6216\u200b\u4e0d\u200b\u7b26\u5408\u200b\u9884\u671f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u672c\u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
\u200b\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR \u200b\u540e\u200b\u4e4b\u524d\u200b\u521b\u5efa\u200b\u7684\u200b Pod \u200b\u5c06\u200b\u65e0\u6cd5\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u9700\u8981\u200b\u7b49\u200b\u91cd\u5efa\u200b\u5b8c\u6210\u200b, \u200b\u5efa\u8bae\u200b\u524d\u200b\u64cd\u4f5c\u200b\u65f6\u200b\u614e\u91cd\u8003\u8651\u200b\u3002
"},{"location":"ops/change-join-subnet/#join","title":"\u5220\u9664\u200b Join \u200b\u5b50\u7f51","text":"kubectl patch subnet join --type='json' -p '[{\"op\": \"replace\", \"path\": \"/metadata/finalizers\", \"value\": []}]'\nkubectl delete subnet join\n
"},{"location":"ops/change-join-subnet/#_1","title":"\u6e05\u7406\u200b\u76f8\u5173\u200b\u5206\u914d\u200b\u4fe1\u606f","text":"kubectl annotate node ovn.kubernetes.io/allocated=false --all --overwrite\n
"},{"location":"ops/change-join-subnet/#join_1","title":"\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b\u76f8\u5173\u200b\u4fe1\u606f","text":"\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u5185\u200b Join \u200b\u5b50\u7f51\u200b\u76f8\u5173\u200b\u4fe1\u606f\u200b\uff1a
kubectl edit deployment -n kube-system kube-ovn-controller\n
\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53c2\u6570\u200b\uff1a
args:\n- --node-switch-cidr=100.51.0.0/16\n
\u200b\u91cd\u542f\u200b kube-ovn-controller \u200b\u91cd\u5efa\u200b join \u200b\u5b50\u7f51\u200b\uff1a
kubectl delete pod -n kube-system -lapp=kube-ovn-controller\n
\u200b\u67e5\u770b\u200b\u65b0\u200b\u7684\u200b Join \u200b\u5b50\u7f51\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get subnet\nNAME PROVIDER VPC PROTOCOL CIDR PRIVATE NAT DEFAULT GATEWAYTYPE V4USED V4AVAILABLE V6USED V6AVAILABLE EXCLUDEIPS\njoin ovn ovn-cluster IPv4 100.51.0.0/16 false false false distributed 2 65531 0 0 [\"100.51.0.1\"]\novn-default ovn ovn-cluster IPv4 10.17.0.0/16 false true true distributed 5 65528 0 0 [\"10.17.0.1\"]\n
"},{"location":"ops/change-join-subnet/#ovn0","title":"\u91cd\u65b0\u914d\u7f6e\u200b ovn0 \u200b\u7f51\u5361\u200b\u5730\u5740","text":"\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b ovn0 \u200b\u7f51\u5361\u200b\u4fe1\u606f\u200b\u9700\u8981\u200b\u91cd\u65b0\u200b\u66f4\u65b0\u200b\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b\u91cd\u542f\u200b kube-ovn-cni \u200b\u6765\u200b\u5b8c\u6210\u200b\uff1a
kubectl delete pod -n kube-system -l app=kube-ovn-cni\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-log-level/","title":"\u8c03\u6574\u200b\u65e5\u5fd7\u200b\u7b49\u7ea7","text":"\u200b\u6253\u5f00\u200b kube-ovn.yaml\uff0c\u200b\u5728\u200b\u670d\u52a1\u200b\u542f\u52a8\u200b\u811a\u672c\u200b\u7684\u200b\u53c2\u6570\u200b\u5217\u8868\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b log \u200b\u7b49\u7ea7\u200b\uff0c\u200b\u6bd4\u5982\u200b\uff1a
vi kube-ovn.yaml\n# ...\n - name: kube-ovn-controller\n image: \"docker.io/kubeovn/kube-ovn:v1.12.12\"\n imagePullPolicy: IfNotPresent\n args:\n - /kube-ovn/start-controller.sh\n - --v=3\n# ...\n# log \u200b\u7b49\u7ea7\u200b\u8d8a\u9ad8\u200b\uff0clog \u200b\u5c31\u200b\u8d8a\u200b\u8be6\u7ec6\u200b\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-ovn-central-node/","title":"\u66f4\u6362\u200b ovn-central \u200b\u8282\u70b9","text":"\u200b\u7531\u4e8e\u200b ovn-central \u200b\u5185\u200b\u7684\u200b ovn-nb \u200b\u548c\u200b ovn-sb \u200b\u5206\u522b\u200b\u5efa\u7acb\u200b\u4e86\u200b\u7c7b\u4f3c\u200b etcd \u200b\u7684\u200b raft \u200b\u96c6\u7fa4\u200b\uff0c\u200b\u56e0\u6b64\u200b\u66f4\u6362\u200b ovn-central \u200b\u8282\u70b9\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u7684\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u4fdd\u8bc1\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u7684\u200b\u6b63\u786e\u200b\u548c\u200b\u6570\u636e\u200b\u7684\u200b\u4e00\u81f4\u200b\u3002\u200b\u5efa\u8bae\u200b\u6bcf\u6b21\u200b\u53ea\u200b\u5bf9\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u4e0a\u4e0b\u200b\u7ebf\u200b\u5904\u7406\u200b\uff0c\u200b\u4ee5\u200b\u907f\u514d\u200b\u96c6\u7fa4\u200b\u8fdb\u5165\u200b\u4e0d\u53ef\u200b\u7528\u200b \u200b\u72b6\u6001\u200b\uff0c\u200b\u5f71\u54cd\u200b\u96c6\u7fa4\u200b\u6574\u4f53\u200b\u7f51\u7edc\u200b\u3002
"},{"location":"ops/change-ovn-central-node/#ovn-central_1","title":"ovn-central \u200b\u8282\u70b9\u200b\u4e0b\u7ebf","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u9488\u5bf9\u200b\u5982\u4e0b\u200b\u7684\u200b\u96c6\u7fa4\u200b\u60c5\u51b5\u200b\uff0c\u200b\u4ee5\u4e0b\u200b\u7ebf\u200b kube-ovn-control-plane2 \u200b\u8282\u70b9\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u5c06\u200b\u5176\u200b\u4ece\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u79fb\u9664\u200b\u3002
# kubectl -n kube-system get pod -o wide | grep central\novn-central-6bf58cbc97-2cdhg 1/1 Running 0 21m 172.18.0.3 kube-ovn-control-plane <none> <none>\novn-central-6bf58cbc97-crmfp 1/1 Running 0 21m 172.18.0.5 kube-ovn-control-plane2 <none> <none>\novn-central-6bf58cbc97-lxmpl 1/1 Running 0 21m 172.18.0.4 kube-ovn-control-plane3 <none> <none>\n
"},{"location":"ops/change-ovn-central-node/#ovn-nb","title":"\u4e0b\u7ebf\u200b ovn-nb \u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u8282\u70b9","text":"\u200b\u9996\u5148\u200b\u67e5\u770b\u200b\u8282\u70b9\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b ID\uff0c\u200b\u4ee5\u4fbf\u200b\u540e\u7eed\u200b\u64cd\u4f5c\u200b\u3002
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2135194 ms ago, reason: timeout\nLast Election won: 2135188 ms ago\nElection timer: 5000\nLog: [135, 135]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-d64b ->d64b <-4984 ->4984\nDisconnections: 0\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=135 match_index=134 last msg 1084 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=2 match_index=134\n d64b (d64b at tcp:[172.18.0.5]:6643) next_index=135 match_index=134 last msg 1084 ms ago\nstatus: ok\n
kube-ovn-control-plane2 \u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b IP \u200b\u4e3a\u200b 172.18.0.5\uff0c\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u7684\u200b ID \u200b\u4e3a\u200b d64b\u3002\u200b\u63a5\u4e0b\u6765\u200b\u4ece\u200b ovn-nb \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u8be5\u200b\u8282\u70b9\u200b\uff1a
# kubectl ko nb kick d64b\nstarted removal\n
\u200b\u786e\u8ba4\u200b\u8282\u70b9\u200b\u8e22\u200b\u51fa\u200b\u6210\u529f\u200b\uff1a
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2297649 ms ago, reason: timeout\nLast Election won: 2297643 ms ago\nElection timer: 5000\nLog: [136, 136]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-4984 ->4984\nDisconnections: 2\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=136 match_index=135 last msg 1270 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=2 match_index=135\nstatus: ok\n
"},{"location":"ops/change-ovn-central-node/#ovn-sb","title":"\u4e0b\u7ebf\u200b ovn-sb \u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u8282\u70b9","text":"\u200b\u63a5\u4e0b\u6765\u200b\u9700\u8981\u200b\u64cd\u4f5c\u200b ovn-sb \u200b\u96c6\u7fa4\u200b\uff0c\u200b\u9996\u5148\u200b\u67e5\u770b\u200b\u8282\u70b9\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b ID\uff0c\u200b\u4ee5\u4fbf\u200b\u540e\u7eed\u200b\u64cd\u4f5c\u200b\uff1a
kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2395317 ms ago, reason: timeout\nLast Election won: 2395316 ms ago\nElection timer: 5000\nLog: [130, 130]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-e9f7 ->e9f7 <-6e84 ->6e84\nDisconnections: 0\nServers:\n e9f7 (e9f7 at tcp:[172.18.0.5]:6644) next_index=130 match_index=129 last msg 1006 ms ago\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=130 match_index=129 last msg 1004 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=2 match_index=129\nstatus: ok\n
kube-ovn-control-plane2 \u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b IP \u200b\u4e3a\u200b 172.18.0.5\uff0c\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u7684\u200b ID \u200b\u4e3a\u200b e9f7\u3002\u200b\u63a5\u4e0b\u6765\u200b\u4ece\u200b ovn-sb \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u8be5\u200b\u8282\u70b9\u200b\uff1a
# kubectl ko sb kick e9f7\nstarted removal\n
\u200b\u786e\u8ba4\u200b\u8282\u70b9\u200b\u8e22\u200b\u51fa\u200b\u6210\u529f\u200b\uff1a
# kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2481636 ms ago, reason: timeout\nLast Election won: 2481635 ms ago\nElection timer: 5000\nLog: [131, 131]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-6e84 ->6e84\nDisconnections: 2\nServers:\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=131 match_index=130 last msg 642 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=2 match_index=130\nstatus: ok\n
"},{"location":"ops/change-ovn-central-node/#ovn-central_2","title":"\u5220\u9664\u200b\u8282\u70b9\u200b\u6807\u7b7e\u200b\uff0c\u200b\u5e76\u200b\u7f29\u5bb9\u200b ovn-central","text":"\u200b\u6ce8\u610f\u200b\u9700\u5728\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u4e2d\u200b\u5220\u9664\u200b\u4e0b\u7ebf\u200b\u8282\u70b9\u200b\u3002
kubectl label node kube-ovn-control-plane2 kube-ovn/role-\nkubectl scale deployment -n kube-system ovn-central --replicas=2\nkubectl set env deployment/ovn-central -n kube-system NODE_IPS=\"172.18.0.3,172.18.0.4\"\nkubectl rollout status deployment/ovn-central -n kube-system \n
"},{"location":"ops/change-ovn-central-node/#ovn-central_3","title":"\u4fee\u6539\u200b\u5176\u4ed6\u200b\u7ec4\u4ef6\u200b\u8fde\u63a5\u200b ovn-central \u200b\u5730\u5740","text":"\u200b\u4fee\u6539\u200b ovs-ovn \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5220\u9664\u200b\u4e0b\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002
# kubectl set env daemonset/ovs-ovn -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4\"\ndaemonset.apps/ovs-ovn env updated\n# kubectl delete pod -n kube-system -lapp=ovs\npod \"ovs-ovn-4f6jc\" deleted\npod \"ovs-ovn-csn2w\" deleted\npod \"ovs-ovn-mpbmb\" deleted\n
\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5220\u9664\u200b\u4e0b\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002
# kubectl set env deployment/kube-ovn-controller -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4\"\ndeployment.apps/kube-ovn-controller env updated\n\n# kubectl rollout status deployment/kube-ovn-controller -n kube-system\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 1 of 3 updated replicas are available...\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 2 of 3 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\n
"},{"location":"ops/change-ovn-central-node/#_1","title":"\u6e05\u7406\u200b\u8282\u70b9","text":"\u200b\u5220\u9664\u200b kube-ovn-control-plane2 \u200b\u8282\u70b9\u200b\u5185\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff0c\u200b\u907f\u514d\u200b\u91cd\u590d\u200b\u6dfb\u52a0\u200b\u8282\u70b9\u200b\u65f6\u200b\u53d1\u751f\u200b\u5f02\u5e38\u200b\uff1a
rm -rf /etc/origin/ovn\n
\u200b\u5982\u9700\u200b\u5c06\u200b\u8282\u70b9\u200b\u4ece\u200b\u6574\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u4e0b\u7ebf\u200b\uff0c\u200b\u8fd8\u200b\u9700\u200b\u7ee7\u7eed\u200b\u53c2\u8003\u200b\u5220\u9664\u200b\u5de5\u4f5c\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"ops/change-ovn-central-node/#ovn-central_4","title":"ovn-central \u200b\u8282\u70b9\u200b\u4e0a\u7ebf","text":"\u200b\u4e0b\u5217\u200b\u6b65\u9aa4\u200b\u4f1a\u200b\u5c06\u200b\u4e00\u4e2a\u200b\u65b0\u200b\u7684\u200b Kubernetes \u200b\u8282\u70b9\u200b\u52a0\u5165\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u3002
"},{"location":"ops/change-ovn-central-node/#_2","title":"\u76ee\u5f55\u200b\u68c0\u67e5","text":"\u200b\u68c0\u67e5\u200b\u65b0\u589e\u200b\u8282\u70b9\u200b\u7684\u200b /etc/origin/ovn \u200b\u76ee\u5f55\u200b\u4e2d\u200b\u662f\u5426\u200b\u5b58\u5728\u200b ovnnb_db.db \u200b\u6216\u200b ovnsb_db.db \u200b\u6587\u4ef6\u200b\uff0c\u200b\u82e5\u200b\u5b58\u5728\u200b\u9700\u200b\u63d0\u524d\u200b\u5220\u9664\u200b\uff1a
rm -rf /etc/origin/ovn\n
"},{"location":"ops/change-ovn-central-node/#ovn-central_5","title":"\u786e\u8ba4\u200b\u5f53\u524d\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u6b63\u5e38","text":"\u200b\u82e5\u200b\u5f53\u524d\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u5df2\u7ecf\u200b\u5f02\u5e38\u200b\uff0c\u200b\u65b0\u589e\u200b\u8282\u70b9\u200b\u53ef\u80fd\u200b\u5bfc\u81f4\u200b\u6295\u7968\u9009\u4e3e\u200b\u65e0\u6cd5\u200b\u8fc7\u534a\u6570\u200b\uff0c\u200b\u5f71\u54cd\u200b\u540e\u7eed\u200b\u64cd\u4f5c\u200b\u3002
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 44\nLeader: self\nVote: self\n\nLast Election started 1855739 ms ago, reason: timeout\nLast Election won: 1855729 ms ago\nElection timer: 5000\nLog: [147, 147]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: ->4984 <-4984\nDisconnections: 0\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=147 match_index=146 last msg 367 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=140 match_index=146\nstatus: ok\n\n# kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 33\nLeader: self\nVote: self\n\nLast Election started 1868589 ms ago, reason: timeout\nLast Election won: 1868579 ms ago\nElection timer: 5000\nLog: [142, 142]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: ->6e84 <-6e84\nDisconnections: 0\nServers:\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=142 match_index=141 last msg 728 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=134 match_index=141\nstatus: ok\n
"},{"location":"ops/change-ovn-central-node/#_3","title":"\u7ed9\u200b\u8282\u70b9\u200b\u589e\u52a0\u200b\u6807\u7b7e\u200b\u5e76\u200b\u6269\u5bb9","text":"\u200b\u6ce8\u610f\u200b\u9700\u5728\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e0a\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002
kubectl label node kube-ovn-control-plane2 kube-ovn/role=master\nkubectl scale deployment -n kube-system ovn-central --replicas=3\nkubectl set env deployment/ovn-central -n kube-system NODE_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\nkubectl rollout status deployment/ovn-central -n kube-system\n
"},{"location":"ops/change-ovn-central-node/#ovn-central_6","title":"\u4fee\u6539\u200b\u5176\u4ed6\u200b\u7ec4\u4ef6\u200b\u8fde\u63a5\u200b ovn-central \u200b\u5730\u5740","text":"\u200b\u4fee\u6539\u200b ovs-ovn \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u589e\u52a0\u200b\u4e0a\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\uff1a
# kubectl set env daemonset/ovs-ovn -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\ndaemonset.apps/ovs-ovn env updated\n# kubectl delete pod -n kube-system -lapp=ovs\npod \"ovs-ovn-4f6jc\" deleted\npod \"ovs-ovn-csn2w\" deleted\npod \"ovs-ovn-mpbmb\" deleted\n
\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u589e\u52a0\u200b\u4e0a\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\uff1a
# kubectl set env deployment/kube-ovn-controller -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\ndeployment.apps/kube-ovn-controller env updated\n\n# kubectl rollout status deployment/kube-ovn-controller -n kube-system\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 1 of 3 updated replicas are available...\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 2 of 3 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/delete-worker-node/","title":"\u5220\u9664\u200b\u5de5\u4f5c\u200b\u8282\u70b9","text":"\u200b\u5982\u679c\u200b\u53ea\u662f\u200b\u7b80\u5355\u200b\u4ece\u200b Kubernetes \u200b\u4e2d\u200b\u5220\u9664\u200b\u8282\u70b9\u200b\uff0c\u200b\u7531\u4e8e\u200b\u8282\u70b9\u200b\u4e0a\u200b ovs-ovn \u200b\u4e2d\u200b\u8fd0\u884c\u200b\u7684\u200b ovn-controller \u200b\u8fdb\u7a0b\u200b\u4ecd\u200b\u5728\u200b\u8fd0\u884c\u200b\u4f1a\u200b\u5b9a\u671f\u200b\u8fde\u63a5\u200b ovn-central \u200b\u6ce8\u518c\u200b\u76f8\u5173\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\uff0c \u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u989d\u5916\u200b\u8d44\u6e90\u200b\u6d6a\u8d39\u200b\u5e76\u200b\u6709\u200b\u6f5c\u5728\u200b\u7684\u200b\u89c4\u5219\u200b\u51b2\u7a81\u200b\u98ce\u9669\u200b\u3002 \u200b\u56e0\u6b64\u200b\u5728\u200b\u4ece\u200b Kubernetes \u200b\u5185\u200b\u5220\u9664\u200b\u8282\u70b9\u200b\u65f6\u200b\uff0c\u200b\u8bf7\u200b\u6309\u7167\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u6765\u200b\u4fdd\u8bc1\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u88ab\u200b\u6e05\u7406\u200b\u3002
\u200b\u8be5\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b\u5220\u9664\u200b\u5de5\u4f5c\u200b\u8282\u70b9\u200b\u7684\u200b\u6b65\u9aa4\u200b\uff0c\u200b\u5982\u9700\u200b\u66f4\u6362\u200b ovn-central \u200b\u6240\u5728\u200b\u8282\u70b9\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u66f4\u6362\u200b ovn-central \u200b\u8282\u70b9\u200b\u3002
"},{"location":"ops/delete-worker-node/#_2","title":"\u9a71\u9010\u200b\u8282\u70b9\u200b\u4e0a\u200b\u6240\u6709\u200b\u5bb9\u5668","text":" # kubectl drain kube-ovn-worker --ignore-daemonsets --force\n node/kube-ovn-worker cordoned\n WARNING: ignoring DaemonSet-managed Pods: kube-system/kube-ovn-cni-zt74b, kube-system/kube-ovn-pinger-5rxfs, kube-system/kube-proxy-jpmnm, kube-system/ovs-ovn-v2kll\n evicting pod kube-system/coredns-64897985d-qsgpt\n evicting pod local-path-storage/local-path-provisioner-5ddd94ff66-llss6\n evicting pod kube-system/kube-ovn-controller-8459db5ff4-94lxb\n pod/kube-ovn-controller-8459db5ff4-94lxb evicted\n pod/coredns-64897985d-qsgpt evicted\n pod/local-path-provisioner-5ddd94ff66-llss6 evicted\n node/kube-ovn-worker drained\n
"},{"location":"ops/delete-worker-node/#kubelet-docker","title":"\u505c\u6b62\u200b kubelet \u200b\u548c\u200b docker","text":"\u200b\u8be5\u200b\u6b65\u9aa4\u200b\u4f1a\u200b\u505c\u6b62\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u4ee5\u200b\u907f\u514d\u200b\u5411\u200b ovn-central \u200b\u8fdb\u884c\u200b\u4fe1\u606f\u200b\u6ce8\u518c\u200b\uff0c\u200b\u767b\u5f55\u200b\u5230\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
systemctl stop kubelet\nsystemctl stop docker\n
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b\u7684\u200b CRI \u200b\u4e3a\u200b containerd\uff0c\u200b\u9700\u8981\u200b\u6267\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u6765\u200b\u505c\u6b62\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff1a
crictl rm -f $(crictl ps | grep openvswitch | awk '{print $1}')\n
"},{"location":"ops/delete-worker-node/#node","title":"\u6e05\u7406\u200b Node \u200b\u4e0a\u200b\u7684\u200b\u6b8b\u7559\u200b\u6570\u636e","text":"rm -rf /var/run/openvswitch\nrm -rf /var/run/ovn\nrm -rf /etc/origin/openvswitch/\nrm -rf /etc/origin/ovn/\nrm -rf /etc/cni/net.d/00-kube-ovn.conflist\nrm -rf /etc/cni/net.d/01-kube-ovn.conflist\nrm -rf /var/log/openvswitch\nrm -rf /var/log/ovn\n
"},{"location":"ops/delete-worker-node/#kubectl","title":"\u4f7f\u7528\u200b kubectl \u200b\u5220\u9664\u200b\u8282\u70b9","text":"kubectl delete no kube-ovn-01\n
"},{"location":"ops/delete-worker-node/#ovn-sb","title":"\u68c0\u67e5\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u662f\u5426\u200b\u4ece\u200b ovn-sb \u200b\u4e2d\u200b\u5220\u9664","text":"\u200b\u4e0b\u9762\u200b\u7684\u200b\u793a\u4f8b\u200b\u4e3a\u200b kube-ovn-worker \u200b\u4f9d\u7136\u200b\u672a\u200b\u88ab\u200b\u5220\u9664\u200b\uff1a
# kubectl ko sbctl show\nChassis \"b0564934-5a0d-4804-a4c0-476c93596a17\"\n hostname: kube-ovn-worker\n Encap geneve\n ip: \"172.18.0.2\"\n options: {csum=\"true\"}\n Port_Binding kube-ovn-pinger-5rxfs.kube-system\nChassis \"6a29de7e-d731-4eaf-bacd-2f239ee52b28\"\n hostname: kube-ovn-control-plane\n Encap geneve\n ip: \"172.18.0.3\"\n options: {csum=\"true\"}\n Port_Binding coredns-64897985d-nbfln.kube-system\n Port_Binding node-kube-ovn-control-plane\n Port_Binding local-path-provisioner-5ddd94ff66-h4tn9.local-path-storage\n Port_Binding kube-ovn-pinger-hf2p6.kube-system\n Port_Binding coredns-64897985d-fhwlw.kube-system\n
"},{"location":"ops/delete-worker-node/#chassis","title":"\u82e5\u200b\u8282\u70b9\u200b\u5bf9\u5e94\u200b\u7684\u200b chassis \u200b\u4f9d\u7136\u200b\u5b58\u5728\u200b\uff0c\u200b\u624b\u52a8\u200b\u8fdb\u884c\u200b\u5220\u9664","text":"uuid \u200b\u4e3a\u200b\u4e4b\u524d\u200b\u547d\u4ee4\u200b\u6240\u200b\u67e5\u51fa\u200b\u7684\u200b Chassis \u200b\u5bf9\u5e94\u200b id\uff1a
# kubectl ko sbctl chassis-del b0564934-5a0d-4804-a4c0-476c93596a17\n# kubectl ko sbctl show\nChassis \"6a29de7e-d731-4eaf-bacd-2f239ee52b28\"\n hostname: kube-ovn-control-plane\n Encap geneve\n ip: \"172.18.0.3\"\n options: {csum=\"true\"}\n Port_Binding coredns-64897985d-nbfln.kube-system\n Port_Binding node-kube-ovn-control-plane\n Port_Binding local-path-provisioner-5ddd94ff66-h4tn9.local-path-storage\n Port_Binding kube-ovn-pinger-hf2p6.kube-system\n Port_Binding coredns-64897985d-fhwlw.kube-system\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/faq/","title":"\u5176\u4ed6\u200b\u5e38\u89c1\u95ee\u9898","text":""},{"location":"ops/faq/#arm","title":"\u9e92\u9e9f\u200b ARM \u200b\u7cfb\u7edf\u200b\u8de8\u200b\u4e3b\u673a\u200b\u5bb9\u5668\u200b\u8bbf\u95ee\u200b\u95f4\u6b47\u200b\u5931\u8d25","text":""},{"location":"ops/faq/#_2","title":"\u73b0\u8c61","text":"\u200b\u9e92\u9e9f\u200b ARM \u200b\u7cfb\u7edf\u200b\u548c\u200b\u90e8\u5206\u200b\u56fd\u4ea7\u5316\u200b\u7f51\u5361\u200b offload \u200b\u914d\u5408\u200b\u5b58\u5728\u200b\u95ee\u9898\u200b\uff0c\u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u95f4\u6b47\u200b\u6545\u969c\u200b\u3002
\u200b\u4f7f\u7528\u200b netstat \u200b\u786e\u8ba4\u200b\u95ee\u9898\u200b\uff1a
# netstat -us\nIcmpMsg:\n InType0: 22\n InType3: 24\n InType8: 117852\n OutType0: 117852\n OutType3: 29\n OutType8: 22\nUdp:\n 3040636 packets received\n 0 packets to unknown port received.\n 4 packet receive errors\n 602 packets sent\n 0 receive buffer errors\n 0 send buffer errors\n InCsumErrors: 4\nUdpLite:\nIpExt:\n InBcastPkts: 10244\n InOctets: 4446320361\n OutOctets: 1496815600\n InBcastOctets: 3095950\n InNoECTPkts: 7683903\n
\u200b\u82e5\u200b\u5b58\u5728\u200b InCsumErrors\uff0c\u200b\u4e14\u200b\u968f\u7740\u200b\u8bbf\u95ee\u200b\u5931\u8d25\u200b\u589e\u52a0\u200b\uff0c\u200b\u53ef\u200b\u786e\u8ba4\u200b\u662f\u200b\u8be5\u200b\u95ee\u9898\u200b\u3002
"},{"location":"ops/faq/#_3","title":"\u89e3\u51b3\u200b\u65b9\u6cd5","text":"\u200b\u6839\u672c\u200b\u89e3\u51b3\u200b\u9700\u8981\u200b\u548c\u200b\u9e92\u9e9f\u200b\u4ee5\u53ca\u200b\u5bf9\u5e94\u200b\u7f51\u5361\u200b\u5382\u5546\u200b\u6c9f\u901a\u200b\uff0c\u200b\u66f4\u65b0\u200b\u7cfb\u7edf\u200b\u548c\u200b\u9a71\u52a8\u200b\u3002\u200b\u4e34\u65f6\u200b\u89e3\u51b3\u200b\u53ef\u200b\u5148\u200b\u5173\u95ed\u200b\u7269\u7406\u200b \u200b\u7f51\u5361\u200b\u7684\u200b tx offload \u200b\u4f46\u662f\u200b\u4f1a\u200b\u5bfc\u81f4\u200b tcp \u200b\u6027\u80fd\u200b\u6709\u200b\u8f83\u200b\u660e\u663e\u200b\u4e0b\u964d\u200b\u3002
ethtool -K eth0 tx off\n
\u200b\u7ecf\u200b\u793e\u533a\u200b\u53cd\u9988\u200b\u4f7f\u7528\u200b 4.19.90-25.16.v2101 \u200b\u5185\u6838\u200b\u540e\u200b\u53ef\u4ee5\u200b\u89e3\u51b3\u200b\u8be5\u200b\u95ee\u9898\u200b\u3002
"},{"location":"ops/faq/#pod-service","title":"Pod \u200b\u8bbf\u95ee\u200b Service \u200b\u4e0d\u901a","text":""},{"location":"ops/faq/#_4","title":"\u73b0\u8c61","text":"Pod \u200b\u5185\u200b\u65e0\u6cd5\u8bbf\u95ee\u200b Service \u200b\u5bf9\u5e94\u200b\u7684\u200b\u670d\u52a1\u200b\uff0cdmesg \u200b\u663e\u793a\u200b\u5f02\u5e38\u200b\uff1a
netlink: Unknown conntrack attr (type=6, max=5)\nopenvswitch: netlink: Flow actions may not be safe on all matching packets.\n
\u200b\u8be5\u200b\u65e5\u5fd7\u200b\u8bf4\u660e\u200b\u5185\u6838\u200b\u5185\u200b OVS \u200b\u7248\u672c\u200b\u8fc7\u4f4e\u200b\u4e0d\u200b\u652f\u6301\u200b\u5bf9\u5e94\u200b NAT \u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"ops/faq/#_5","title":"\u89e3\u51b3\u200b\u65b9\u6cd5","text":" - \u200b\u5347\u7ea7\u200b\u5185\u6838\u6a21\u5757\u200b\u6216\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u3002
- \u200b\u82e5\u200b\u53ea\u200b\u4f7f\u7528\u200b Overlay \u200b\u7f51\u7edc\u200b\u53ef\u4ee5\u200b\u66f4\u6539\u200b
kube-ovn-controller \u200b\u542f\u52a8\u200b\u53c2\u6570\u8bbe\u7f6e\u200b --enable-lb=false \u200b\u5173\u95ed\u200b OVN LB \u200b\u4f7f\u7528\u200b kube-proxy \u200b\u8fdb\u884c\u200b Service \u200b\u8f6c\u53d1\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/from-calico/","title":"\u5378\u8f7d\u200b Calico \u200b\u5b89\u88c5\u200b Kube-OVN","text":"\u200b\u82e5\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u5df2\u200b\u5b89\u88c5\u200b Calico \u200b\u9700\u8981\u200b\u53d8\u66f4\u200b\u4e3a\u200b Kube-OVN \u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u672c\u200b\u6587\u6863\u200b\u3002
\u200b\u672c\u6587\u200b\u4ee5\u200b Calico v3.24.1 \u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u5176\u5b83\u200b Calico \u200b\u7248\u672c\u200b\u9700\u8981\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\u3002
"},{"location":"ops/from-calico/#_1","title":"\u51c6\u5907\u200b\u5de5\u4f5c","text":"\u200b\u4e3a\u4e86\u200b\u4fdd\u8bc1\u200b\u5207\u6362\u200b CNI \u200b\u8fc7\u7a0b\u200b\u4e2d\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u4fdd\u6301\u200b\u7545\u901a\u200b\uff0cCalico ippool \u200b\u9700\u8981\u200b\u5f00\u542f\u200b nat outgoing\uff0c\u200b\u6216\u200b\u5728\u200b\u6240\u6709\u200b\u8282\u70b9\u200b\u4e0a\u200b\u5173\u95ed\u200b rp_filter\uff1a
sysctl net.ipv4.conf.all.rp_filter=0\nsysctl net.ipv4.conf.default.rp_filter=0\n# IPIP \u200b\u6a21\u5f0f\u200b\nsysctl net.ipv4.conf.tunl0.rp_filter=0\n# VXLAN \u200b\u6a21\u5f0f\u200b\nsysctl net.ipv4.conf.vxlan/calico.rp_filter=0\n# \u200b\u8def\u7531\u200b\u6a21\u5f0f\u200b\uff0ceth0 \u200b\u9700\u8981\u200b\u4fee\u6539\u200b\u4e3a\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\nsysctl net.ipv4.conf.eth0.rp_filter=0\n
"},{"location":"ops/from-calico/#kube-ovn","title":"\u90e8\u7f72\u200b Kube-OVN","text":""},{"location":"ops/from-calico/#_2","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c","text":"wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
"},{"location":"ops/from-calico/#_3","title":"\u4fee\u6539\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"\u200b\u5c06\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u91cd\u5efa\u200b Pod \u200b\u7684\u200b\u90e8\u5206\u200b\u5220\u9664\u200b\uff1a
echo \"[Step 4/6] Delete pod that not in host network mode\"\nfor ns in $(kubectl get ns --no-headers -o custom-columns=NAME:.metadata.name); do\n for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n \"$ns\" --ignore-not-found\n done\ndone\n
\u200b\u6309\u200b\u9700\u200b\u4fee\u6539\u200b\u4ee5\u4e0b\u200b\u914d\u7f6e\u200b\uff1a
REGISTRY=\"kubeovn\" # \u200b\u955c\u50cf\u200b\u4ed3\u5e93\u200b\u5730\u5740\u200b\nVERSION=\"v1.12.12\" # \u200b\u955c\u50cf\u200b\u7248\u672c\u200b/Tag\nPOD_CIDR=\"10.16.0.0/16\" # \u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/JOIN CIDR \u200b\u91cd\u53e0\u200b\nSVC_CIDR=\"10.96.0.0/12\" # \u200b\u9700\u8981\u200b\u548c\u200b apiserver \u200b\u7684\u200b service-cluster-ip-range \u200b\u4fdd\u6301\u4e00\u81f4\u200b\nJOIN_CIDR=\"100.64.0.0/16\" # Pod \u200b\u548c\u200b\u4e3b\u673a\u200b\u901a\u4fe1\u200b\u7f51\u7edc\u200b CIDR\uff0c\u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/POD CIDR \u200b\u91cd\u53e0\u200b \nLABEL=\"node-role.kubernetes.io/master\" # \u200b\u90e8\u7f72\u200b OVN DB \u200b\u8282\u70b9\u200b\u7684\u200b\u6807\u7b7e\u200b\nIFACE=\"\" # \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b\u7684\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u5982\u679c\u200b\u4e3a\u200b\u7a7a\u5219\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b Node IP \u200b\u6240\u5728\u200b\u7f51\u5361\u200b\nTUNNEL_TYPE=\"geneve\" # \u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\uff0c\u200b\u53ef\u200b\u9009\u200b geneve, vxlan \u200b\u6216\u200b stt\uff0cstt \u200b\u9700\u8981\u200b\u5355\u72ec\u200b\u7f16\u8bd1\u200b ovs \u200b\u5185\u6838\u6a21\u5757\u200b\n
\u200b\u6ce8\u610f\u200b\uff1aPOD_CIDR \u200b\u53ca\u200b JOIN_CIDR \u200b\u4e0d\u53ef\u200b\u4e0e\u200b Calico ippool \u200b\u7684\u200b CIDR \u200b\u51b2\u7a81\u200b\uff0c\u200b\u4e14\u200b POD_CIDR \u200b\u9700\u8981\u200b\u5305\u542b\u200b\u8db3\u591f\u200b\u591a\u200b\u7684\u200b IP \u200b\u6765\u200b\u5bb9\u7eb3\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u5df2\u6709\u200b\u7684\u200b Pod\u3002
"},{"location":"ops/from-calico/#_4","title":"\u6267\u884c\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"bash install.sh\n
"},{"location":"ops/from-calico/#_5","title":"\u9010\u4e2a\u200b\u8282\u70b9\u200b\u8fc1\u79fb","text":"\u200b\u6309\u7167\u200b\u4ee5\u4e0b\u200b\u65b9\u6cd5\u200b\u4e3a\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u9010\u4e2a\u200b\u8fdb\u884c\u200b\u8fc1\u79fb\u200b\u3002 \u200b\u6ce8\u610f\u200b\uff1a\u200b\u547d\u4ee4\u200b\u4e2d\u200b\u7684\u200b \\<NODE> \u200b\u9700\u8981\u200b\u66ff\u6362\u200b\u4e3a\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b\u3002
"},{"location":"ops/from-calico/#_6","title":"\u9a71\u9010\u200b\u8282\u70b9","text":"kubectl drain --ignore-daemonsets <NODE>\n
\u200b\u82e5\u6b64\u200b\u547d\u4ee4\u200b\u4e00\u76f4\u200b\u7b49\u5f85\u200b Pod \u200b\u88ab\u200b\u9a71\u9010\u200b\uff0c\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\u5f3a\u5236\u200b\u5220\u9664\u200b\u88ab\u200b\u9a71\u9010\u200b\u7684\u200b Pod\uff1a
kubectl get pod -A --field-selector=spec.nodeName=<NODE> --no-headers | \\\n awk '$4==\"Terminating\" {print $1\" \"$2}' | \\\n while read s; do kubectl delete pod --force -n $s; done\n
"},{"location":"ops/from-calico/#_7","title":"\u91cd\u542f\u200b\u8282\u70b9","text":"\u200b\u5728\u200b\u8282\u70b9\u200b\u4e2d\u200b\u6267\u884c\u200b\uff1a
shutdown -r 0\n
"},{"location":"ops/from-calico/#_8","title":"\u6062\u590d\u200b\u8282\u70b9","text":"kubectl uncordon <NODE>\n
"},{"location":"ops/from-calico/#calico","title":"\u5378\u8f7d\u200b Calico","text":""},{"location":"ops/from-calico/#k8s","title":"\u5220\u9664\u200b k8s \u200b\u8d44\u6e90","text":"kubectl -n kube-system delete deploy calico-kube-controllers\nkubectl -n kube-system delete ds calico-node\nkubectl -n kube-system delete cm calico-config\n# \u200b\u5220\u9664\u200b CRD \u200b\u53ca\u200b\u76f8\u5173\u200b\u8d44\u6e90\u200b\nkubectl get crd -o jsonpath='{range .items[*]}{.metadata.name}{\"\\n\"}{end}' | while read crd; do\n if ! echo $crd | grep '.crd.projectcalico.org$' >/dev/null; then\n continue\n fi\n\n for name in $(kubectl get $crd -o jsonpath='{.items[*].metadata.name}'); do\n kubectl delete $crd $name\n done\n kubectl delete crd $crd\ndone\n# \u200b\u5176\u5b83\u200b\u8d44\u6e90\u200b\nkubectl delete --ignore-not-found clusterrolebinding calico-node calico-kube-controllers\nkubectl delete --ignore-not-found clusterrole calico-node calico-kube-controllers\nkubectl delete --ignore-not-found sa -n kube-system calico-kube-controllers calico-node\nkubectl delete --ignore-not-found pdb -n kube-system calico-kube-controllers\n
"},{"location":"ops/from-calico/#_9","title":"\u6e05\u7406\u200b\u8282\u70b9\u200b\u6587\u4ef6","text":"\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e2d\u200b\u6267\u884c\u200b\uff1a
rm -f /etc/cni/net.d/10-calico.conflist /etc/cni/net.d/calico-kubeconfig\nrm -f /opt/cni/bin/calico /opt/cni/bin/calico-ipam\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/kubectl-ko/","title":"kubectl \u200b\u63d2\u4ef6\u200b\u4f7f\u7528","text":"\u200b\u4e3a\u4e86\u200b\u65b9\u4fbf\u200b\u65e5\u5e38\u200b\u7684\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\uff0cKube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b kubectl \u200b\u63d2\u4ef6\u200b\u5de5\u5177\u200b\uff0c\u200b\u7f51\u7edc\u7ba1\u7406\u5458\u200b \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u8be5\u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u65e5\u5e38\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u4f8b\u5982\u200b\uff1a\u200b\u67e5\u770b\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u4fe1\u606f\u200b\u548c\u200b\u72b6\u6001\u200b\uff0cOVN \u200b\u6570\u636e\u5e93\u200b \u200b\u5907\u4efd\u200b\u548c\u200b\u6062\u590d\u200b\uff0cOVS \u200b\u76f8\u5173\u200b\u4fe1\u606f\u200b\u67e5\u770b\u200b\uff0ctcpdump \u200b\u7279\u5b9a\u200b\u5bb9\u5668\u200b\uff0c\u200b\u7279\u5b9a\u200b\u94fe\u8def\u200b\u903b\u8f91\u200b\u62d3\u6251\u200b\u5c55\u793a\u200b\uff0c \u200b\u7f51\u7edc\u200b\u95ee\u9898\u200b\u8bca\u65ad\u200b\u548c\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u3002
"},{"location":"ops/kubectl-ko/#_1","title":"\u63d2\u4ef6\u200b\u5b89\u88c5","text":"Kube-OVN \u200b\u5b89\u88c5\u200b\u65f6\u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u90e8\u7f72\u200b\u63d2\u4ef6\u200b\u5230\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\uff0c\u200b\u82e5\u200b\u6267\u884c\u200b kubectl \u200b\u7684\u200b\u673a\u5668\u200b\u4e0d\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\uff0c \u200b\u6216\u200b\u9700\u8981\u200b\u91cd\u88c5\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u53ef\u200b\u53c2\u8003\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\uff1a
\u200b\u4e0b\u8f7d\u200b kubectl-ko \u200b\u6587\u4ef6\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/kubectl-ko\n
\u200b\u5c06\u200b\u8be5\u200b\u6587\u4ef6\u200b\u79fb\u52a8\u200b\u81f3\u200b $PATH \u200b\u76ee\u5f55\u200b\u4e0b\u200b\uff1a
mv kubectl-ko /usr/local/bin/kubectl-ko\n
\u200b\u589e\u52a0\u200b\u53ef\u200b\u6267\u884c\u200b\u6743\u9650\u200b\uff1a
chmod +x /usr/local/bin/kubectl-ko\n
\u200b\u68c0\u67e5\u200b\u63d2\u4ef6\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u4f7f\u7528\u200b\uff1a
# kubectl plugin list\nThe following compatible plugins are available:\n\n/usr/local/bin/kubectl-ko\n
"},{"location":"ops/kubectl-ko/#_2","title":"\u63d2\u4ef6\u200b\u4f7f\u7528","text":"\u200b\u8fd0\u884c\u200b kubectl ko \u200b\u4f1a\u200b\u5c55\u793a\u200b\u8be5\u200b\u63d2\u4ef6\u200b\u6240\u6709\u200b\u53ef\u7528\u200b\u7684\u200b\u547d\u4ee4\u200b\u548c\u200b\u7528\u6cd5\u200b\u63cf\u8ff0\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
# kubectl ko\nkubectl ko {subcommand} [option...]\nAvailable Subcommands:\n [nb|sb] [status|kick|backup|dbstatus|restore] ovn-db operations show cluster status, kick stale server, backup database, get db consistency status or restore ovn nb db when met 'inconsistent data' error\n nbctl [ovn-nbctl options ...] invoke ovn-nbctl\n sbctl [ovn-sbctl options ...] invoke ovn-sbctl\n vsctl {nodeName} [ovs-vsctl options ...] invoke ovs-vsctl on the specified node\n ofctl {nodeName} [ovs-ofctl options ...] invoke ovs-ofctl on the specified node\n dpctl {nodeName} [ovs-dpctl options ...] invoke ovs-dpctl on the specified node\n appctl {nodeName} [ovs-appctl options ...] invoke ovs-appctl on the specified node\n tcpdump {namespace/podname} [tcpdump options ...] capture pod traffic\n {trace|ovn-trace} ... trace ovn microflow of specific packet\"\n {trace|ovn-trace} {namespace/podname} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port] trace ICMP/TCP/UDP\n {trace|ovn-trace} {namespace/podname} {target ip address} [target mac address] arp {request|reply} trace ARP request/reply\n {trace|ovn-trace} {node//nodename} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port] trace ICMP/TCP/UDP\n {trace|ovn-trace} {node//nodename} {target ip address} [target mac address] arp {request|reply} trace ARP request/reply\n echo \" diagnose {all|node|subnet|IPPorts} [nodename|subnetName|{proto1}-{IP1}-{Port1},{proto2}-{IP2}-{Port2}] diagnose connectivity of all nodes or a specific node or specify subnet's ds pod or IPPorts like 'tcp-172.18.0.2-53,udp-172.18.0.3-53'\"\n tuning {install-fastpath|local-install-fastpath|remove-fastpath|install-stt|local-install-stt|remove-stt} {centos7|centos8}} [kernel-devel-version] deploy kernel optimisation components to the system\n reload restart all kube-ovn components\n log {kube-ovn|ovn|ovs|linux|all} save log to ./kubectl-ko-log/\n perf [image] performance test default image is kubeovn/test:v1.12.0 \n
\u200b\u4e0b\u9762\u200b\u5c06\u200b\u4ecb\u7ecd\u200b\u6bcf\u4e2a\u200b\u547d\u4ee4\u200b\u7684\u200b\u5177\u4f53\u200b\u529f\u80fd\u200b\u548c\u200b\u4f7f\u7528\u200b\u3002
"},{"location":"ops/kubectl-ko/#nb-sb-status-kick-backup-dbstatus-restore","title":"[nb | sb] [status | kick | backup | dbstatus | restore]","text":"\u200b\u8be5\u5b50\u200b\u547d\u4ee4\u200b\u4e3b\u8981\u200b\u5bf9\u200b OVN \u200b\u5317\u5411\u200b\u6216\u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5305\u62ec\u200b\u6570\u636e\u5e93\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u67e5\u770b\u200b\uff0c\u200b\u6570\u636e\u5e93\u200b\u8282\u70b9\u200b\u4e0b\u7ebf\u200b\uff0c \u200b\u6570\u636e\u5e93\u200b\u5907\u4efd\u200b\uff0c\u200b\u6570\u636e\u5e93\u200b\u5b58\u50a8\u72b6\u6001\u200b\u67e5\u770b\u200b\u548c\u200b\u6570\u636e\u5e93\u200b\u4fee\u590d\u200b\u3002
"},{"location":"ops/kubectl-ko/#_3","title":"\u6570\u636e\u5e93\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u67e5\u770b","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u5728\u200b\u5bf9\u5e94\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u7684\u200b leader \u200b\u8282\u70b9\u200b\u6267\u884c\u200b ovs-appctl cluster/status \u200b\u5c55\u793a\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b:
# kubectl ko nb status\n306b\nName: OVN_Northbound\nCluster ID: 9a87 (9a872522-3e7d-47ca-83a3-d74333e1a7ca)\nServer ID: 306b (306b256b-b5e1-4eb0-be91-4ca96adf6bad)\nAddress: tcp:[172.18.0.2]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 280309 ms ago, reason: timeout\nLast Election won: 280309 ms ago\nElection timer: 5000\nLog: [139, 139]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-8723 ->8723 <-85d6 ->85d6\nDisconnections: 0\nServers:\n 85d6 (85d6 at tcp:[172.18.0.4]:6643) next_index=139 match_index=138 last msg 763 ms ago\n 8723 (8723 at tcp:[172.18.0.3]:6643) next_index=139 match_index=138 last msg 763 ms ago\n 306b (306b at tcp:[172.18.0.2]:6643) (self) next_index=2 match_index=138\nstatus: ok\n
\u200b\u82e5\u200b Server \u200b\u4e0b\u200b\u7684\u200b match_index \u200b\u51fa\u73b0\u200b\u8f83\u5927\u200b\u5dee\u522b\u200b\uff0c\u200b\u4e14\u200b last msg \u200b\u65f6\u95f4\u200b\u8f83\u957f\u200b\u5219\u200b\u5bf9\u5e94\u200b Server \u200b\u53ef\u80fd\u200b\u957f\u65f6\u95f4\u200b\u6ca1\u6709\u54cd\u5e94\u200b\uff0c \u200b\u9700\u8981\u200b\u8fdb\u4e00\u6b65\u200b\u67e5\u770b\u200b\u3002
"},{"location":"ops/kubectl-ko/#_4","title":"\u6570\u636e\u5e93\u200b\u8282\u70b9\u200b\u4e0b\u7ebf","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u5c06\u200b\u67d0\u4e2a\u200b\u8282\u70b9\u200b\u4ece\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u4e2d\u200b\u79fb\u9664\u200b\uff0c\u200b\u5728\u200b\u8282\u70b9\u200b\u4e0b\u7ebf\u200b\u6216\u200b\u66f4\u6362\u200b\u8282\u70b9\u200b\u65f6\u200b\u9700\u8981\u200b\u7528\u5230\u200b\u3002 \u200b\u4e0b\u9762\u200b\u5c06\u200b\u4ee5\u4e0a\u200b\u4e00\u6761\u200b\u547d\u4ee4\u200b\u6240\u200b\u67e5\u770b\u200b\u5230\u200b\u7684\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u4e0b\u7ebf\u200b 172.18.0.3 \u200b\u8282\u70b9\u200b:
# kubectl ko nb kick 8723\nstarted removal\n
\u200b\u518d\u6b21\u200b\u67e5\u770b\u200b\u6570\u636e\u5e93\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u786e\u8ba4\u200b\u8282\u70b9\u200b\u5df2\u200b\u79fb\u9664\u200b\uff1a
# kubectl ko nb status\n306b\nName: OVN_Northbound\nCluster ID: 9a87 (9a872522-3e7d-47ca-83a3-d74333e1a7ca)\nServer ID: 306b (306b256b-b5e1-4eb0-be91-4ca96adf6bad)\nAddress: tcp:[172.18.0.2]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 324356 ms ago, reason: timeout\nLast Election won: 324356 ms ago\nElection timer: 5000\nLog: [140, 140]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-85d6 ->85d6\nDisconnections: 2\nServers:\n 85d6 (85d6 at tcp:[172.18.0.4]:6643) next_index=140 match_index=139 last msg 848 ms ago\n 306b (306b at tcp:[172.18.0.2]:6643) (self) next_index=2 match_index=139\nstatus: ok\n
"},{"location":"ops/kubectl-ko/#_5","title":"\u6570\u636e\u5e93\u200b\u5907\u4efd","text":"\u200b\u8be5\u5b50\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u5907\u4efd\u200b\u5f53\u524d\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u81f3\u200b\u672c\u5730\u200b\uff0c\u200b\u53ef\u200b\u7528\u4e8e\u200b\u707e\u5907\u200b\u548c\u200b\u6062\u590d\u200b\uff1a
# kubectl ko nb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnnb_db.060223191654183154.backup\n
"},{"location":"ops/kubectl-ko/#_6","title":"\u6570\u636e\u5e93\u200b\u5b58\u50a8\u72b6\u6001\u200b\u67e5\u770b","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u7528\u6765\u200b\u67e5\u770b\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u662f\u5426\u200b\u5b58\u5728\u200b\u635f\u574f\u200b\uff1a
# kubectl ko nb dbstatus\nstatus: ok\n
\u200b\u82e5\u200b\u5f02\u5e38\u200b\u5219\u200b\u663e\u793a\u200b inconsistent data \u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u4fee\u590d\u200b\u3002
"},{"location":"ops/kubectl-ko/#_7","title":"\u6570\u636e\u5e93\u200b\u4fee\u590d","text":"\u200b\u82e5\u200b\u6570\u636e\u5e93\u200b\u72b6\u6001\u200b\u8fdb\u5165\u200b inconsistent data \u200b\u53ef\u200b\u4f7f\u7528\u200b\u8be5\u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u4fee\u590d\u200b\uff1a
# kubectl ko nb restore\ndeployment.apps/ovn-central scaled\novn-central original replicas is 3\nfirst nodeIP is 172.18.0.5\novs-ovn pod on node 172.18.0.5 is ovs-ovn-8jxv9\novs-ovn pod on node 172.18.0.3 is ovs-ovn-sjzb6\novs-ovn pod on node 172.18.0.4 is ovs-ovn-t87zk\nbackup nb db file\nrestore nb db file, operate in pod ovs-ovn-8jxv9\ndeployment.apps/ovn-central scaled\nfinish restore nb db file and ovn-central replicas\nrecreate ovs-ovn pods\npod \"ovs-ovn-8jxv9\" deleted\npod \"ovs-ovn-sjzb6\" deleted\npod \"ovs-ovn-t87zk\" deleted\n
"},{"location":"ops/kubectl-ko/#nbctl-sbctl-options","title":"[nbctl | sbctl] [options ...]","text":"\u200b\u8be5\u5b50\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b OVN \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u6216\u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b \u200b\u7684\u200b leader \u200b\u8282\u70b9\u200b\u5206\u522b\u200b\u6267\u884c\u200b ovn-nbctl \u200b\u548c\u200b ovn-sbctl \u200b\u547d\u4ee4\u200b\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVN \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovn-nbctl(8) \u200b\u548c\u200b ovn-sbctl(8)\u3002
# kubectl ko nbctl show\nswitch c7cd17e8-ceee-4a91-9bb3-e5a313fe1ece (snat)\n port snat-ovn-cluster\n type: router\n router-port: ovn-cluster-snat\nswitch 20e0c6d0-023a-4756-aec5-200e0c60f95d (join)\n port node-liumengxin-ovn3-192.168.137.178\n addresses: [\"00:00:00:64:FF:A8 100.64.0.4\"]\n port node-liumengxin-ovn1-192.168.137.176\n addresses: [\"00:00:00:AF:98:62 100.64.0.2\"]\n port node-liumengxin-ovn2-192.168.137.177\n addresses: [\"00:00:00:D9:58:B8 100.64.0.3\"]\n port join-ovn-cluster\n type: router\n router-port: ovn-cluster-join\nswitch 0191705c-f827-427b-9de3-3c3b7d971ba5 (central)\n port central-ovn-cluster\n type: router\n router-port: ovn-cluster-central\nswitch 2a45ff05-388d-4f85-9daf-e6fccd5833dc (ovn-default)\n port alertmanager-main-0.monitoring\n addresses: [\"00:00:00:6C:DF:A3 10.16.0.19\"]\n port kube-state-metrics-5d6885d89-4nf8h.monitoring\n addresses: [\"00:00:00:6F:02:1C 10.16.0.15\"]\n port fake-kubelet-67c55dfd89-pv86k.kube-system\n addresses: [\"00:00:00:5C:12:E8 10.16.19.177\"]\n port ovn-default-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-default\nrouter 212f73dd-d63d-4d72-864b-a537e9afbee1 (ovn-cluster)\n port ovn-cluster-snat\n mac: \"00:00:00:7A:82:8F\"\n networks: [\"172.22.0.1/16\"]\n port ovn-cluster-join\n mac: \"00:00:00:F8:18:5A\"\n networks: [\"100.64.0.1/16\"]\n port ovn-cluster-central\n mac: \"00:00:00:4D:8C:F5\"\n networks: [\"192.101.0.1/16\"]\n port ovn-cluster-ovn-default\n mac: \"00:00:00:A3:F8:18\"\n networks: [\"10.16.0.1/16\"]\n
"},{"location":"ops/kubectl-ko/#vsctl-nodename-options","title":"vsctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-vsctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u8be2\u200b\u5e76\u200b\u914d\u7f6e\u200b vswitchd\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-vsctl(8)\u3002
# kubectl ko vsctl kube-ovn-01 show\n0d4c4675-c9cc-440a-8c1a-878e17f81b88\n Bridge br-int\n fail_mode: secure\n datapath_type: system\n Port a2c1a8a8b83a_h\n Interface a2c1a8a8b83a_h\n Port \"4fa5c4cbb1a5_h\"\n Interface \"4fa5c4cbb1a5_h\"\n Port ovn-eef07d-0\n Interface ovn-eef07d-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.178\"}\n Port ovn0\n Interface ovn0\n type: internal\n Port mirror0\n Interface mirror0\n type: internal\n Port ovn-efa253-0\n Interface ovn-efa253-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.177\"}\n Port br-int\n Interface br-int\n type: internal\n ovs_version: \"2.17.2\"\n
"},{"location":"ops/kubectl-ko/#ofctl-nodename-options","title":"ofctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-ofctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u8be2\u200b\u6216\u200b\u7ba1\u7406\u200b OpenFlow\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-ofctl(8)\u3002
# kubectl ko ofctl kube-ovn-01 dump-flows br-int\nNXST_FLOW reply (xid=0x4): flags=[more]\n cookie=0xcf3429e6, duration=671791.432s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=100,in_port=2 actions=load:0x4->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x1->NXM_NX_REG14[],resubmit(,8)\n cookie=0xc91413c6, duration=671791.431s, table=0, n_packets=907489, n_bytes=99978275, idle_age=0, hard_age=65534, priority=100,in_port=7 actions=load:0x1->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x4->NXM_NX_REG14[],resubmit(,8)\n cookie=0xf180459, duration=671791.431s, table=0, n_packets=17348582, n_bytes=2667811214, idle_age=0, hard_age=65534, priority=100,in_port=6317 actions=load:0xa->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x9->NXM_NX_REG14[],resubmit(,8)\n cookie=0x7806dd90, duration=671791.431s, table=0, n_packets=3235428, n_bytes=833821312, idle_age=0, hard_age=65534, priority=100,in_port=1 actions=load:0xd->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x3->NXM_NX_REG14[],resubmit(,8)\n...\n
"},{"location":"ops/kubectl-ko/#dpctl-nodename-options","title":"dpctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-dpctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u8be2\u200b\u6216\u200b\u7ba1\u7406\u200b OVS datapath\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-dpctl(8)\u3002
# kubectl ko dpctl kube-ovn-01 show\nsystem@ovs-system:\n lookups: hit:350805055 missed:21983648 lost:73\n flows: 105\n masks: hit:1970748791 total:22 hit/pkt:5.29\n port 0: ovs-system (internal)\n port 1: ovn0 (internal)\n port 2: mirror0 (internal)\n port 3: br-int (internal)\n port 4: stt_sys_7471 (stt: packet_type=ptap)\n port 5: eeb4d9e51b5d_h\n port 6: a2c1a8a8b83a_h\n port 7: 4fa5c4cbb1a5_h\n
"},{"location":"ops/kubectl-ko/#appctl-nodename-options","title":"appctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-appctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u6765\u200b\u64cd\u4f5c\u200b\u76f8\u5173\u200b daemon \u200b\u8fdb\u7a0b\u200b\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-appctl(8)\u3002
# kubectl ko appctl kube-ovn-01 vlog/list\n console syslog file\n ------- ------ ------\nbacktrace OFF ERR INFO\nbfd OFF ERR INFO\nbond OFF ERR INFO\nbridge OFF ERR INFO\nbundle OFF ERR INFO\nbundles OFF ERR INFO\n...\n
"},{"location":"ops/kubectl-ko/#tcpdump-namespacepodname-tcpdump-options","title":"tcpdump {namespace/podname} [tcpdump options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b namespace/podname \u200b\u6240\u5728\u200b\u673a\u5668\u200b\u7684\u200b kube-ovn-cni \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b tcpdump \u200b\u6293\u53d6\u200b\u5bf9\u5e94\u200b\u5bb9\u5668\u200b veth \u200b\u7f51\u5361\u200b \u200b\u7aef\u7684\u200b\u6d41\u91cf\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u65b9\u4fbf\u200b\u6392\u67e5\u200b\u7f51\u7edc\u200b\u76f8\u5173\u200b\u95ee\u9898\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
# kubectl ko tcpdump default/ds1-l6n7p icmp\n+ kubectl exec -it kube-ovn-cni-wlg4s -n kube-ovn -- tcpdump -nn -i d7176fe7b4e0_h icmp\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\nlistening on d7176fe7b4e0_h, link-type EN10MB (Ethernet), capture size 262144 bytes\n06:52:36.619688 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 1, length 64\n06:52:36.619746 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 1, length 64\n06:52:37.619588 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 2, length 64\n06:52:37.619630 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 2, length 64\n06:52:38.619933 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 3, length 64\n06:52:38.619973 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 3, length 64\n
"},{"location":"ops/kubectl-ko/#trace-arguments","title":"trace [arguments ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u5c06\u4f1a\u200b\u6253\u5370\u200b Pod \u200b\u6216\u200b\u8282\u70b9\u200b\u901a\u8fc7\u200b\u7279\u5b9a\u200b\u534f\u8bae\u200b\u8bbf\u95ee\u200b\u67d0\u200b\u5730\u5740\u200b\u65f6\u200b\u5bf9\u5e94\u200b\u7684\u200b OVN \u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\u548c\u200b\u6700\u7ec8\u200b\u7684\u200b Openflow \u200b\u6d41\u8868\u200b\uff0c \u200b\u65b9\u4fbf\u200b\u5f00\u53d1\u200b\u6216\u200b\u8fd0\u7ef4\u65f6\u200b\u5b9a\u4f4d\u200b\u6d41\u8868\u200b\u76f8\u5173\u200b\u95ee\u9898\u200b\u3002
\u200b\u652f\u6301\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
kubectl ko trace {namespace/podname} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]\nkubectl ko trace {namespace/podname} {target ip address} [target mac address] arp {request|reply}\nkubectl ko trace {node//nodename} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]\nkubectl ko trace {node//nodename} {target ip address} [target mac address] arp {request|reply}\n
\u200b\u793a\u4f8b\u200b\uff1a
# kubectl ko trace default/ds1-l6n7p 8.8.8.8 icmp\n+ kubectl exec ovn-central-5bc494cb5-np9hm -n kube-ovn -- ovn-trace --ct=new ovn-default 'inport == \"ds1-l6n7p.default\" && ip.ttl == 64 && icmp && eth.src == 0a:00:00:10:00:05 && ip4.src == 10.16.0.4 && eth.dst == 00:00:00:B8:CA:43 && ip4.dst == 8.8.8.8'\n# icmp,reg14=0xf,vlan_tci=0x0000,dl_src=0a:00:00:10:00:05,dl_dst=00:00:00:b8:ca:43,nw_src=10.16.0.4,nw_dst=8.8.8.8,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=0,icmp_code=0\n\ningress(dp=\"ovn-default\", inport=\"ds1-l6n7p.default\")\n-----------------------------------------------------\n 0. ls_in_port_sec_l2 (ovn-northd.c:4143): inport == \"ds1-l6n7p.default\" && eth.src == {0a:00:00:10:00:05}, priority 50, uuid 39453393\n next;\n 1. ls_in_port_sec_ip (ovn-northd.c:2898): inport == \"ds1-l6n7p.default\" && eth.src == 0a:00:00:10:00:05 && ip4.src == {10.16.0.4}, priority 90, uuid 81bcd485\n next;\n 3. ls_in_pre_acl (ovn-northd.c:3269): ip, priority 100, uuid 7b4f4971\n reg0[0] = 1;\n next;\n 5. ls_in_pre_stateful (ovn-northd.c:3396): reg0[0] == 1, priority 100, uuid 36cdd577\n ct_next;\n\nct_next(ct_state=new|trk)\n-------------------------\n 6. ls_in_acl (ovn-northd.c:3759): ip && (!ct.est || (ct.est && ct_label.blocked == 1)), priority 1, uuid 7608af5b\n reg0[1] = 1;\n next;\n10. ls_in_stateful (ovn-northd.c:3995): reg0[1] == 1, priority 100, uuid 2aba1b90\n ct_commit(ct_label=0/0x1);\n next;\n16. ls_in_l2_lkup (ovn-northd.c:4470): eth.dst == 00:00:00:b8:ca:43, priority 50, uuid 5c9c3c9f\n outport = \"ovn-default-ovn-cluster\";\n output;\n\n...\n
\u200b\u82e5\u200b trace \u200b\u5bf9\u8c61\u200b\u4e3a\u200b\u8fd0\u884c\u200b\u4e8e\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e0b\u200b\u7684\u200b\u865a\u62df\u673a\u200b\uff0c\u200b\u9700\u8981\u200b\u6dfb\u52a0\u200b\u989d\u5916\u200b\u53c2\u6570\u200b\u6765\u200b\u6307\u5b9a\u200b\u76ee\u7684\u200b Mac \u200b\u5730\u5740\u200b\uff1a
kubectl ko trace default/virt-handler-7lvml 8.8.8.8 82:7c:9f:83:8c:01 icmp\n
"},{"location":"ops/kubectl-ko/#diagnose-allnodesubnetipports-nodenamesubnetnameproto1-ip1-port1proto2-ip2-port2","title":"diagnose {all|node|subnet|IPPorts} [nodename|subnetName|{proto1}-{IP1}-{Port1},{proto2}-{IP2}-{Port2}]","text":"\u200b\u8bca\u65ad\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u7ec4\u4ef6\u200b\u72b6\u6001\u200b\uff0c\u200b\u5e76\u200b\u53bb\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u7684\u200b kube-ovn-pinger \u200b\u68c0\u6d4b\u200b\u5f53\u524d\u200b\u8282\u70b9\u200b\u5230\u200b\u5176\u4ed6\u200b\u8282\u70b9\u200b\u548c\u200b\u5173\u952e\u200b\u670d\u52a1\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u548c\u200b\u7f51\u7edc\u200b\u5ef6\u8fdf\u200b\uff1a
# kubectl ko diagnose all\nswitch c7cd17e8-ceee-4a91-9bb3-e5a313fe1ece (snat)\n port snat-ovn-cluster\n type: router\n router-port: ovn-cluster-snat\nswitch 20e0c6d0-023a-4756-aec5-200e0c60f95d (join)\n port node-liumengxin-ovn3-192.168.137.178\n addresses: [\"00:00:00:64:FF:A8 100.64.0.4\"]\n port node-liumengxin-ovn1-192.168.137.176\n addresses: [\"00:00:00:AF:98:62 100.64.0.2\"]\n port join-ovn-cluster\n type: router\n router-port: ovn-cluster-join\nswitch 0191705c-f827-427b-9de3-3c3b7d971ba5 (central)\n port central-ovn-cluster\n type: router\n router-port: ovn-cluster-central\nswitch 2a45ff05-388d-4f85-9daf-e6fccd5833dc (ovn-default)\n port ovn-default-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-default\n port prometheus-k8s-1.monitoring\n addresses: [\"00:00:00:AA:37:DF 10.16.0.23\"]\nrouter 212f73dd-d63d-4d72-864b-a537e9afbee1 (ovn-cluster)\n port ovn-cluster-snat\n mac: \"00:00:00:7A:82:8F\"\n networks: [\"172.22.0.1/16\"]\n port ovn-cluster-join\n mac: \"00:00:00:F8:18:5A\"\n networks: [\"100.64.0.1/16\"]\n port ovn-cluster-central\n mac: \"00:00:00:4D:8C:F5\"\n networks: [\"192.101.0.1/16\"]\n port ovn-cluster-ovn-default\n mac: \"00:00:00:A3:F8:18\"\n networks: [\"10.16.0.1/16\"]\nRouting Policies\n 31000 ip4.dst == 10.16.0.0/16 allow\n 31000 ip4.dst == 100.64.0.0/16 allow\n 30000 ip4.dst == 192.168.137.177 reroute 100.64.0.3\n 30000 ip4.dst == 192.168.137.178 reroute 100.64.0.4\n 29000 ip4.src == $ovn.default.fake.6_ip4 reroute 100.64.0.22\n 29000 ip4.src == $ovn.default.fake.7_ip4 reroute 100.64.0.21\n 29000 ip4.src == $ovn.default.fake.8_ip4 reroute 100.64.0.23\n 29000 ip4.src == $ovn.default.liumengxin.ovn3.192.168.137.178_ip4 reroute 100.64.0.4\n 20000 ip4.src == $ovn.default.liumengxin.ovn1.192.168.137.176_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.2\n 20000 ip4.src == $ovn.default.liumengxin.ovn2.192.168.137.177_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.3\n 20000 ip4.src == $ovn.default.liumengxin.ovn3.192.168.137.178_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.4\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 100.64.0.1 dst-ip\nUUID LB PROTO VIP IPs\ne9bcfd9d-793e-4431-9073-6dec96b75d71 cluster-tcp-load tcp 10.100.209.132:10660 192.168.137.176:10660\n tcp 10.101.239.192:6641 192.168.137.177:6641\n tcp 10.101.240.101:3000 10.16.0.7:3000\n tcp 10.103.184.186:6642 192.168.137.177:6642\n35d2b7a5-e3a7-485a-a4b7-b4970eb0e63b cluster-tcp-sess tcp 10.100.158.128:8080 10.16.0.10:8080,10.16.0.5:8080,10.16.63.30:8080\n tcp 10.107.26.215:8080 10.16.0.19:8080,10.16.0.20:8080,10.16.0.21:8080\n tcp 10.107.26.215:9093 10.16.0.19:9093,10.16.0.20:9093,10.16.0.21:9093\n tcp 10.98.187.99:8080 10.16.0.22:8080,10.16.0.23:8080\n tcp 10.98.187.99:9090 10.16.0.22:9090,10.16.0.23:9090\nf43303e4-89aa-4d3e-a3dc-278a552fe27b cluster-udp-load udp 10.96.0.10:53 10.16.0.4:53,10.16.0.9:53\n_uuid : 06776304-5a96-43ed-90c4-c4854c251699\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn2_192.168.137.177_underlay_v6\n\n_uuid : 62690625-87d5-491c-8675-9fd83b1f433c\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn1_192.168.137.176_underlay_v6\n\n_uuid : b03a9bae-94d5-4562-b34c-b5f6198e180b\naddresses : [\"10.16.0.0/16\", \"100.64.0.0/16\", \"172.22.0.0/16\", \"192.101.0.0/16\"]\nexternal_ids : {vendor=kube-ovn}\nname : ovn.cluster.overlay.subnets.IPv4\n\n_uuid : e1056f3a-24cc-4666-8a91-75ee6c3c2426\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : ovn.cluster.overlay.subnets.IPv6\n\n_uuid : 3e5d5fff-e670-47b2-a2f5-a39f4698a8c5\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn3_192.168.137.178_underlay_v6\n_uuid : 2d85dbdc-d0db-4abe-b19e-cc806d32b492\naction : drop\ndirection : from-lport\nexternal_ids : {}\nlabel : 0\nlog : false\nmatch : \"inport==@ovn.sg.kubeovn_deny_all && ip\"\nmeter : []\nname : []\noptions : {}\npriority : 2003\nseverity : []\n\n_uuid : de790cc8-f155-405f-bb32-5a51f30c545f\naction : drop\ndirection : to-lport\nexternal_ids : {}\nlabel : 0\nlog : false\nmatch : \"outport==@ovn.sg.kubeovn_deny_all && ip\"\nmeter : []\nname : []\noptions : {}\npriority : 2003\nseverity : []\nChassis \"e15ed4d4-1780-4d50-b09e-ea8372ed48b8\"\n hostname: liumengxin-ovn1-192.168.137.176\n Encap stt\n ip: \"192.168.137.176\"\n options: {csum=\"true\"}\n Port_Binding node-liumengxin-ovn1-192.168.137.176\n Port_Binding perf-6vxkn.default\n Port_Binding kube-state-metrics-5d6885d89-4nf8h.monitoring\n Port_Binding alertmanager-main-0.monitoring\n Port_Binding kube-ovn-pinger-6ftdf.kube-system\n Port_Binding fake-kubelet-67c55dfd89-pv86k.kube-system\n Port_Binding prometheus-k8s-0.monitoring\nChassis \"eef07da1-f8ad-4775-b14d-bd6a3b4eb0d5\"\n hostname: liumengxin-ovn3-192.168.137.178\n Encap stt\n ip: \"192.168.137.178\"\n options: {csum=\"true\"}\n Port_Binding kube-ovn-pinger-7twb4.kube-system\n Port_Binding prometheus-adapter-86df476d87-rl88g.monitoring\n Port_Binding prometheus-k8s-1.monitoring\n Port_Binding node-liumengxin-ovn3-192.168.137.178\n Port_Binding perf-ff475.default\n Port_Binding alertmanager-main-1.monitoring\n Port_Binding blackbox-exporter-676d976865-tvsjd.monitoring\nChassis \"efa253c9-494d-4719-83ae-b48ab0f11c03\"\n hostname: liumengxin-ovn2-192.168.137.177\n Encap stt\n ip: \"192.168.137.177\"\n options: {csum=\"true\"}\n Port_Binding grafana-6c4c6b8fb7-pzd2c.monitoring\n Port_Binding node-liumengxin-ovn2-192.168.137.177\n Port_Binding alertmanager-main-2.monitoring\n Port_Binding coredns-6789c94dd8-9jqsz.kube-system\n Port_Binding coredns-6789c94dd8-25d4r.kube-system\n Port_Binding prometheus-operator-7bbc99fc8b-wgjm4.monitoring\n Port_Binding prometheus-adapter-86df476d87-gdxmc.monitoring\n Port_Binding perf-fjnws.default\n Port_Binding kube-ovn-pinger-vh2xg.kube-system\nds kube-proxy ready\nkube-proxy ready\ndeployment ovn-central ready\ndeployment kube-ovn-controller ready\nds kube-ovn-cni ready\nds ovs-ovn ready\ndeployment coredns ready\novn-nb leader check ok\novn-sb leader check ok\novn-northd leader check ok\n### kube-ovn-controller recent log\n\n### start to diagnose node liumengxin-ovn1-192.168.137.176\n#### ovn-controller log:\n2022-06-03T00:56:44.897Z|16722|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:06:44.912Z|16723|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:16:44.925Z|16724|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:26:44.936Z|16725|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:36:44.959Z|16726|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:46:44.974Z|16727|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:56:44.988Z|16728|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:06:45.001Z|16729|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:16:45.025Z|16730|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:26:45.040Z|16731|inc_proc_eng|INFO|User triggered force recompute.\n\n#### ovs-vswitchd log:\n2022-06-02T23:03:00.137Z|00079|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:f9d1\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-02T23:23:31.840Z|00080|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:15b2\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T00:09:15.659Z|00081|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:dc:e3:63,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.63.30,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:e5a5\n with metadata skb_priority(0),tunnel(tun_id=0x150017000004,src=192.168.137.178,dst=192.168.137.176,ttl=64,tp_src=9239,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.63.30,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T00:30:13.409Z|00064|dpif(handler2)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:6b4a\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T02:02:33.832Z|00082|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:a819\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n\n#### ovs-vsctl show results:\n0d4c4675-c9cc-440a-8c1a-878e17f81b88\n Bridge br-int\n fail_mode: secure\n datapath_type: system\n Port a2c1a8a8b83a_h\n Interface a2c1a8a8b83a_h\n Port \"4fa5c4cbb1a5_h\"\n Interface \"4fa5c4cbb1a5_h\"\n Port ovn-eef07d-0\n Interface ovn-eef07d-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.178\"}\n Port ovn0\n Interface ovn0\n type: internal\n Port \"04d03360e9a0_h\"\n Interface \"04d03360e9a0_h\"\n Port eeb4d9e51b5d_h\n Interface eeb4d9e51b5d_h\n Port mirror0\n Interface mirror0\n type: internal\n Port \"8e5d887ccd80_h\"\n Interface \"8e5d887ccd80_h\"\n Port ovn-efa253-0\n Interface ovn-efa253-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.177\"}\n Port \"17512d5be1f1_h\"\n Interface \"17512d5be1f1_h\"\n Port br-int\n Interface br-int\n type: internal\n ovs_version: \"2.17.2\"\n\n#### pinger diagnose results:\nI0603 10:35:04.349404 17619 pinger.go:19]\n-------------------------------------------------------------------------------\nKube-OVN:\n Version: v1.12.12\n Build: 2022-04-24_08:02:50\n Commit: git-73f9d15\n Go Version: go1.17.8\n Arch: amd64\n-------------------------------------------------------------------------------\nI0603 10:35:04.376797 17619 config.go:166] pinger config is &{KubeConfigFile: KubeClient:0xc000493380 Port:8080 DaemonSetNamespace:kube-system DaemonSetName:kube-ovn-pinger Interval:5 Mode:job ExitCode:0 InternalDNS:kubernetes.default ExternalDNS: NodeName:liumengxin-ovn1-192.168.137.176 HostIP:192.168.137.176 PodName:kube-ovn-pinger-6ftdf PodIP:10.16.0.10 PodProtocols:[IPv4] ExternalAddress: NetworkMode:kube-ovn PollTimeout:2 PollInterval:15 SystemRunDir:/var/run/openvswitch DatabaseVswitchName:Open_vSwitch DatabaseVswitchSocketRemote:unix:/var/run/openvswitch/db.sock DatabaseVswitchFileDataPath:/etc/openvswitch/conf.db DatabaseVswitchFileLogPath:/var/log/openvswitch/ovsdb-server.log DatabaseVswitchFilePidPath:/var/run/openvswitch/ovsdb-server.pid DatabaseVswitchFileSystemIDPath:/etc/openvswitch/system-id.conf ServiceVswitchdFileLogPath:/var/log/openvswitch/ovs-vswitchd.log ServiceVswitchdFilePidPath:/var/run/openvswitch/ovs-vswitchd.pid ServiceOvnControllerFileLogPath:/var/log/ovn/ovn-controller.log ServiceOvnControllerFilePidPath:/var/run/ovn/ovn-controller.pid}\nI0603 10:35:04.449166 17619 exporter.go:75] liumengxin-ovn1-192.168.137.176: exporter connect successfully\nI0603 10:35:04.554011 17619 ovn.go:21] ovs-vswitchd and ovsdb are up\nI0603 10:35:04.651293 17619 ovn.go:33] ovn_controller is up\nI0603 10:35:04.651342 17619 ovn.go:39] start to check port binding\nI0603 10:35:04.749613 17619 ovn.go:135] chassis id is 1d7f3d6c-eec5-4b3c-adca-2969d9cdfd80\nI0603 10:35:04.763487 17619 ovn.go:49] port in sb is [node-liumengxin-ovn1-192.168.137.176 perf-6vxkn.default kube-state-metrics-5d6885d89-4nf8h.monitoring alertmanager-main-0.monitoring kube-ovn-pinger-6ftdf.kube-system fake-kubelet-67c55dfd89-pv86k.kube-system prometheus-k8s-0.monitoring]\nI0603 10:35:04.763583 17619 ovn.go:61] ovs and ovn-sb binding check passed\nI0603 10:35:05.049309 17619 ping.go:259] start to check apiserver connectivity\nI0603 10:35:05.053666 17619 ping.go:268] connect to apiserver success in 4.27ms\nI0603 10:35:05.053786 17619 ping.go:129] start to check pod connectivity\nI0603 10:35:05.249590 17619 ping.go:159] ping pod: kube-ovn-pinger-6ftdf 10.16.0.10, count: 3, loss count 0, average rtt 16.30ms\nI0603 10:35:05.354135 17619 ping.go:159] ping pod: kube-ovn-pinger-7twb4 10.16.63.30, count: 3, loss count 0, average rtt 1.81ms\nI0603 10:35:05.458460 17619 ping.go:159] ping pod: kube-ovn-pinger-vh2xg 10.16.0.5, count: 3, loss count 0, average rtt 1.92ms\nI0603 10:35:05.458523 17619 ping.go:83] start to check node connectivity\n
\u200b\u5982\u679c\u200b diagnose \u200b\u7684\u200b\u76ee\u6807\u200b\u6307\u5b9a\u200b\u4e3a\u200b subnet \u200b\u8be5\u200b\u811a\u672c\u200b\u4f1a\u200b\u5728\u200b subnet \u200b\u4e0a\u200b\u5efa\u7acb\u200b daemonset\uff0c\u200b\u7531\u200b kube-ovn-pinger \u200b\u53bb\u200b\u63a2\u6d4b\u200b\u8fd9\u4e2a\u200b daemonset \u200b\u7684\u200b\u6240\u6709\u200b pod \u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u548c\u200b\u7f51\u7edc\u5ef6\u65f6\u200b\uff0c\u200b\u6d4b\u8bd5\u200b\u5b8c\u540e\u200b\u81ea\u52a8\u200b\u9500\u6bc1\u200b\u8be5\u200b daemonset\u3002
\u200b\u5982\u679c\u200b diagnose \u200b\u7684\u200b\u76ee\u6807\u200b\u6307\u5b9a\u200b\u4e3a\u200b IPPorts \u200b\u8be5\u200b\u811a\u672c\u200b\u4f1a\u200b\u8ba9\u200b\u6bcf\u4e2a\u200b kube-ovn-pinger pod \u200b\u53bb\u200b\u63a2\u6d4b\u200b\u76ee\u6807\u200b\u534f\u8bae\u200b\uff0cIP\uff0cPort \u200b\u662f\u5426\u200b\u53ef\u200b\u8fbe\u200b\u3002
"},{"location":"ops/kubectl-ko/#tuning-install-fastpathlocal-install-fastpathremove-fastpathinstall-sttlocal-install-sttremove-stt-centos7centos8-kernel-devel-version","title":"tuning {install-fastpath|local-install-fastpath|remove-fastpath|install-stt|local-install-stt|remove-stt} {centos7|centos8}} [kernel-devel-version]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u6267\u884c\u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5177\u4f53\u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b\u3002
"},{"location":"ops/kubectl-ko/#reload","title":"reload","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u91cd\u542f\u200b\u6240\u6709\u200b Kube-OVN \u200b\u76f8\u5173\u200b\u7ec4\u4ef6\u200b\uff1a
# kubectl ko reload\npod \"ovn-central-8684dd94bd-vzgcr\" deleted\nWaiting for deployment \"ovn-central\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"ovn-central\" successfully rolled out\npod \"ovs-ovn-bsnvz\" deleted\npod \"ovs-ovn-m9b98\" deleted\npod \"kube-ovn-controller-8459db5ff4-64c62\" deleted\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\npod \"kube-ovn-cni-2klnh\" deleted\npod \"kube-ovn-cni-t2jz4\" deleted\nWaiting for daemon set \"kube-ovn-cni\" rollout to finish: 0 of 2 updated pods are available...\nWaiting for daemon set \"kube-ovn-cni\" rollout to finish: 1 of 2 updated pods are available...\ndaemon set \"kube-ovn-cni\" successfully rolled out\npod \"kube-ovn-pinger-ln72z\" deleted\npod \"kube-ovn-pinger-w8lrk\" deleted\nWaiting for daemon set \"kube-ovn-pinger\" rollout to finish: 0 of 2 updated pods are available...\nWaiting for daemon set \"kube-ovn-pinger\" rollout to finish: 1 of 2 updated pods are available...\ndaemon set \"kube-ovn-pinger\" successfully rolled out\npod \"kube-ovn-monitor-7fb67d5488-7q6zb\" deleted\nWaiting for deployment \"kube-ovn-monitor\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"kube-ovn-monitor\" successfully rolled out\n
"},{"location":"ops/kubectl-ko/#log","title":"log","text":"\u200b\u4f7f\u7528\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u6293\u53d6\u200b kube-ovn \u200b\u6240\u6709\u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b Kube-OVN\uff0cOVN\uff0cOpenvswitch \u200b\u7684\u200b log \u200b\u4ee5\u53ca\u200b linux \u200b\u5e38\u7528\u200b\u7684\u200b\u4e00\u4e9b\u200b debug \u200b\u4fe1\u606f\u200b\u3002
# kubectl ko log all\nCollecting kube-ovn logging files\nCollecting ovn logging files\nCollecting openvswitch logging files\nCollecting linux dmesg files\nCollecting linux iptables-legacy files\nCollecting linux iptables-nft files\nCollecting linux route files\nCollecting linux link files\nCollecting linux neigh files\nCollecting linux memory files\nCollecting linux top files\nCollecting linux sysctl files\nCollecting linux netstat files\nCollecting linux addr files\nCollecting linux ipset files\nCollecting linux tcp files\nCollected files have been saved in the directory /root/kubectl-ko-log\n
\u200b\u76ee\u5f55\u200b\u5982\u4e0b\u200b\uff1a
# tree kubectl-ko-log/\nkubectl-ko-log/\n|-- kube-ovn-control-plane\n| |-- kube-ovn\n| | |-- kube-ovn-cni.log\n| | |-- kube-ovn-monitor.log\n| | `-- kube-ovn-pinger.log\n| |-- linux\n| | |-- addr.log\n| | |-- dmesg.log\n| | |-- ipset.log\n| | |-- iptables-legacy.log\n| | |-- iptables-nft.log\n| | |-- link.log\n| | |-- memory.log\n| | |-- neigh.log\n| | |-- netstat.log\n| | |-- route.log\n| | |-- sysctl.log\n| | |-- tcp.log\n| | `-- top.log\n| |-- openvswitch\n| | |-- ovs-vswitchd.log\n| | `-- ovsdb-server.log\n| `-- ovn\n| |-- ovn-controller.log\n| |-- ovn-northd.log\n| |-- ovsdb-server-nb.log\n| `-- ovsdb-server-sb.log\n
"},{"location":"ops/kubectl-ko/#perf-image","title":"perf [image]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u53bb\u200b\u6d4b\u8bd5\u200b Kube-OVN \u200b\u7684\u200b\u4e00\u4e9b\u200b\u6027\u80fd\u6307\u6807\u200b\u5982\u4e0b\u200b\uff1a
- \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u6307\u6807\u200b\uff1b
- Hostnetwork \u200b\u7f51\u7edc\u200b\u6027\u80fd\u6307\u6807\u200b\uff1b
- \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7ec4\u200b\u64ad\u62a5\u200b\u6587\u200b\u6027\u80fd\u6307\u6807\u200b\uff1b
- OVN-NB, OVN-SB, OVN-Northd leader \u200b\u5220\u9664\u200b\u6062\u590d\u200b\u6240\u200b\u9700\u200b\u65f6\u95f4\u200b\u3002
\u200b\u53c2\u6570\u200b image \u200b\u7528\u4e8e\u200b\u6307\u5b9a\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b pod \u200b\u6240\u7528\u200b\u7684\u200b\u955c\u50cf\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u662f\u200b kubeovn/test:v1.12.0, \u200b\u8bbe\u7f6e\u200b\u8be5\u200b\u53c2\u6570\u200b\u4e3b\u8981\u200b\u662f\u200b\u4e3a\u4e86\u200b\u79bb\u7ebf\u200b\u573a\u666f\u200b\uff0c\u200b\u5c06\u200b\u955c\u50cf\u200b\u62c9\u5230\u200b\u5185\u7f51\u200b\u73af\u5883\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u6709\u200b\u955c\u50cf\u200b\u540d\u200b\u53d8\u5316\u200b\u3002
# kubectl ko perf\n============================== Prepareing Performance Test Resources ===============================\npod/test-client created\npod/test-host-client created\npod/test-server created\npod/test-host-server created\nservice/test-server created\npod/test-client condition met\npod/test-host-client condition met\npod/test-host-server condition met\npod/test-server condition met\n====================================================================================================\n============================ Start Pod Network Unicast Performance Test ============================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 82.8 us 97.7 Mbits/sec 67.6 us (0%) 8.42 Mbits/sec\n128 85.4 us 167 Mbits/sec 67.2 us (0%) 17.2 Mbits/sec\n512 85.8 us 440 Mbits/sec 68.7 us (0%) 68.4 Mbits/sec\n1k 85.1 us 567 Mbits/sec 68.7 us (0%) 134 Mbits/sec\n4k 138 us 826 Mbits/sec 78.1 us (1.4%) 503 Mbits/sec\n====================================================================================================\n=============================== Start Host Network Performance Test ================================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 49.7 us 120 Mbits/sec 37.9 us (0%) 18.6 Mbits/sec\n128 49.7 us 200 Mbits/sec 38.1 us (0%) 35.5 Mbits/sec\n512 51.9 us 588 Mbits/sec 38.9 us (0%) 142 Mbits/sec\n1k 51.7 us 944 Mbits/sec 37.2 us (0%) 279 Mbits/sec\n4k 74.9 us 1.66 Gbits/sec 39.9 us (0%) 1.20 Gbits/sec\n====================================================================================================\n============================== Start Service Network Performance Test ==============================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 111 us 96.3 Mbits/sec 88.4 us (0%) 7.59 Mbits/sec\n128 83.7 us 150 Mbits/sec 69.2 us (0%) 16.9 Mbits/sec\n512 87.4 us 374 Mbits/sec 75.8 us (0%) 60.9 Mbits/sec\n1k 88.2 us 521 Mbits/sec 73.1 us (0%) 123 Mbits/sec\n4k 148 us 813 Mbits/sec 77.6 us (0.0044%) 451 Mbits/sec\n====================================================================================================\n=========================== Start Pod Multicast Network Performance Test ===========================\nSize UDP Latency UDP Lost Rate UDP Bandwidth\n64 0.014 ms (0.17%) 5.80 Mbits/sec\n128 0.012 ms (0%) 11.4 Mbits/sec\n512 0.016 ms (0%) 46.1 Mbits/sec\n1k 0.023 ms (0.073%) 89.8 Mbits/sec\n4k 0.035 ms (1.3%) 126 Mbits/sec\n====================================================================================================\n============================= Start Host Multicast Network Performance =============================\nSize UDP Latency UDP Lost Rate UDP Bandwidth\n64 0.007 ms (0%) 9.95 Mbits/sec\n128 0.005 ms (0%) 21.8 Mbits/sec\n512 0.008 ms (0%) 86.8 Mbits/sec\n1k 0.013 ms (0.045%) 168 Mbits/sec\n4k 0.010 ms (0.31%) 242 Mbits/sec\n====================================================================================================\n================================== Start Leader Recover Time Test ==================================\nDelete ovn central nb pod\npod \"ovn-central-5cb9c67d75-tlz9w\" deleted\nWaiting for ovn central nb pod running\n=============================== OVN nb Recovery takes 3.305236803 s ================================\nDelete ovn central sb pod\npod \"ovn-central-5cb9c67d75-szx4c\" deleted\nWaiting for ovn central sb pod running\n=============================== OVN sb Recovery takes 3.462698535 s ================================\nDelete ovn central northd pod\npod \"ovn-central-5cb9c67d75-zqmqv\" deleted\nWaiting for ovn central northd pod running\n============================= OVN northd Recovery takes 2.691291403 s ==============================\n====================================================================================================\n================================= Remove Performance Test Resource =================================\nrm -f unicast-test-client.log\nrm -f unicast-test-host-client.log\nrm -f unicast-test-client.log\nkubectl ko nbctl lb-del test-server\nrm -f multicast-test-server.log\nkubectl exec ovs-ovn-gxdrf -n kube-system -- ip maddr del 01:00:5e:00:00:64 dev eth0\nkubectl exec ovs-ovn-h57bf -n kube-system -- ip maddr del 01:00:5e:00:00:64 dev eth0\nrm -f multicast-test-host-server.log\npod \"test-client\" deleted\npod \"test-host-client\" deleted\npod \"test-host-server\" deleted\npod \"test-server\" deleted\nservice \"test-server\" deleted\n====================================================================================================\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/recover-db/","title":"OVN \u200b\u6570\u636e\u5e93\u200b\u5907\u4efd\u200b\u548c\u200b\u6062\u590d","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u8fdb\u884c\u200b\u6570\u636e\u5e93\u200b\u5907\u4efd\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5728\u200b\u4e0d\u540c\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u5982\u4f55\u200b\u901a\u8fc7\u200b\u5df2\u6709\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u96c6\u7fa4\u200b\u6062\u590d\u200b\u3002
"},{"location":"ops/recover-db/#_1","title":"\u6570\u636e\u5e93\u200b\u5907\u4efd","text":"\u200b\u5229\u7528\u200b kubectl \u200b\u63d2\u4ef6\u200b\u7684\u200b backup \u200b\u547d\u4ee4\u200b\u53ef\u4ee5\u200b\u5bf9\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u5907\u4efd\u200b\uff0c\u200b\u4ee5\u200b\u7528\u4e8e\u200b\u6545\u969c\u200b\u65f6\u200b\u6062\u590d\u200b\uff1a
# kubectl ko nb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnnb_db.060223191654183154.backup\n\n# kubectl ko sb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnsb_db.060223191654183154.backup\n
"},{"location":"ops/recover-db/#_2","title":"\u96c6\u7fa4\u200b\u90e8\u5206\u200b\u6545\u969c\u200b\u6062\u590d","text":"\u200b\u82e5\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u5b58\u5728\u200b\u90e8\u5206\u200b\u8282\u70b9\u200b\u56e0\u4e3a\u200b\u65ad\u7535\u200b\uff0c\u200b\u6587\u4ef6\u7cfb\u7edf\u200b\u6545\u969c\u200b\u6216\u200b\u78c1\u76d8\u7a7a\u95f4\u200b\u4e0d\u8db3\u200b\u5bfc\u81f4\u200b\u5de5\u4f5c\u200b\u5f02\u5e38\u200b\uff0c \u200b\u4f46\u662f\u200b\u96c6\u7fa4\u200b\u4ecd\u200b\u53ef\u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5982\u4e0b\u200b\u6b65\u9aa4\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u3002
"},{"location":"ops/recover-db/#_3","title":"\u67e5\u770b\u200b\u65e5\u5fd7\u200b\u786e\u8ba4\u200b\u72b6\u6001\u200b\u5f02\u5e38","text":"\u200b\u67e5\u770b\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b /var/log/ovn/ovn-northd.log\uff0c\u200b\u82e5\u200b\u63d0\u793a\u200b\u7c7b\u4f3c\u200b\u9519\u8bef\u200b\u5219\u200b\u53ef\u200b\u5224\u65ad\u200b\u6570\u636e\u5e93\u200b\u5b58\u5728\u200b\u5f02\u5e38\u200b
* ovn-northd is not running\novsdb-server: ovsdb error: error reading record 2739 from OVN_Northbound log: record 2739 advances commit index to 6308 but last log index is 6307\n * Starting ovsdb-nb\n
"},{"location":"ops/recover-db/#_4","title":"\u4ece\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u200b\u5bf9\u5e94\u200b\u8282\u70b9","text":"\u200b\u6839\u636e\u200b\u65e5\u5fd7\u200b\u63d0\u793a\u200b\u662f\u200b OVN_Northbound \u200b\u8fd8\u662f\u200b OVN_Southbound \u200b\u9009\u62e9\u200b\u5bf9\u5e94\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u3002 \u200b\u4e0a\u8ff0\u200b\u65e5\u5fd7\u200b\u63d0\u793a\u200b\u4e3a\u200b OVN_Northbound \u200b\u5219\u200b\u5bf9\u200b ovn-nb \u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff1a
# kubectl ko nb status\n9182\nName: OVN_Northbound\nCluster ID: e75f (e75fa340-49ed-45ab-990e-26cb865ebc85)\nServer ID: 9182 (9182e8dd-b5b0-4dd8-8518-598cc1e374f3)\nAddress: tcp:[10.0.128.61]:6643\nStatus: cluster member\nRole: leader\nTerm: 1454\nLeader: self\nVote: self\n\nLast Election started 1732603 ms ago, reason: timeout\nLast Election won: 1732587 ms ago\nElection timer: 1000\nLog: [7332, 12512]\nEntries not yet committed: 1\nEntries not yet applied: 1\nConnections: ->f080 <-f080 <-e631 ->e631\nDisconnections: 1\nServers:\n f080 (f080 at tcp:[10.0.129.139]:6643) next_index=12512 match_index=12510 last msg 63 ms ago\n 9182 (9182 at tcp:[10.0.128.61]:6643) (self) next_index=10394 match_index=12510\n e631 (e631 at tcp:[10.0.131.173]:6643) next_index=12512 match_index=0\n
\u200b\u4ece\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u200b\u72b6\u6001\u200b\u5f02\u5e38\u200b\u8282\u70b9\u200b\uff1a
kubectl ko nb kick e631\n
\u200b\u767b\u5f55\u200b\u5f02\u5e38\u200b\u8282\u70b9\u200b\uff0c\u200b\u5220\u9664\u200b\u5bf9\u5e94\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff1a
mv /etc/origin/ovn/ovnnb_db.db /tmp\n
\u200b\u5220\u9664\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u7684\u200b ovn-central Pod\uff0c\u200b\u7b49\u5f85\u200b\u96c6\u7fa4\u200b\u81ea\u52a8\u200b\u6062\u590d\u200b\uff1a
kubectl delete pod -n kube-system ovn-central-xxxx\n
"},{"location":"ops/recover-db/#_5","title":"\u96c6\u7fa4\u200b\u4e0d\u80fd\u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\u4e0b\u200b\u7684\u200b\u6062\u590d","text":"\u200b\u82e5\u200b\u96c6\u7fa4\u200b\u591a\u6570\u200b\u8282\u70b9\u200b\u53d7\u635f\u200b\u65e0\u6cd5\u200b\u9009\u4e3e\u200b\u51fa\u200b leader\uff0c\u200b\u8bf7\u200b\u53c2\u7167\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u3002
"},{"location":"ops/recover-db/#ovn-central","title":"\u505c\u6b62\u200b ovn-central","text":"\u200b\u8bb0\u5f55\u200b\u5f53\u524d\u200b ovn-central \u200b\u526f\u672c\u200b\u6570\u91cf\u200b\uff0c\u200b\u5e76\u200b\u505c\u6b62\u200b ovn-central \u200b\u907f\u514d\u200b\u65b0\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u53d8\u66f4\u200b\u5f71\u54cd\u200b\u6062\u590d\u200b\uff1a
kubectl scale deployment -n kube-system ovn-central --replicas=0\n
"},{"location":"ops/recover-db/#_6","title":"\u9009\u62e9\u200b\u5907\u4efd","text":"\u200b\u7531\u4e8e\u200b\u591a\u6570\u200b\u8282\u70b9\u200b\u53d7\u635f\u200b\uff0c\u200b\u9700\u8981\u200b\u4ece\u200b\u67d0\u4e2a\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u91cd\u5efa\u200b\u96c6\u7fa4\u200b\u3002\u200b\u5982\u679c\u200b\u4e4b\u524d\u200b\u5907\u4efd\u200b\u8fc7\u200b\u6570\u636e\u5e93\u200b \u200b\u53ef\u200b\u4f7f\u7528\u200b\u4e4b\u524d\u200b\u7684\u200b\u5907\u4efd\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u3002\u200b\u5982\u679c\u200b\u6ca1\u6709\u200b\u8fdb\u884c\u200b\u8fc7\u200b\u5907\u4efd\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u4ece\u200b\u5df2\u6709\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b \u200b\u4e2d\u200b\u751f\u6210\u200b\u4e00\u4e2a\u200b\u5907\u4efd\u200b\u3002
\u200b\u7531\u4e8e\u200b\u9ed8\u8ba4\u200b\u6587\u4ef6\u5939\u200b\u4e0b\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u683c\u5f0f\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff0c\u200b\u5305\u542b\u200b\u5f53\u524d\u200b\u96c6\u7fa4\u200b\u7684\u200b\u4fe1\u606f\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u76f4\u63a5\u200b \u200b\u7528\u8be5\u200b\u6587\u4ef6\u200b\u91cd\u5efa\u200b\u6570\u636e\u5e93\u200b\uff0c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b ovsdb-tool cluster-to-standalone \u200b\u8fdb\u884c\u200b\u683c\u5f0f\u200b\u8f6c\u6362\u200b\u3002
\u200b\u9009\u62e9\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u4e2d\u6392\u200b\u7b2c\u4e00\u200b\u7684\u200b\u8282\u70b9\u200b\u6062\u590d\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff0c \u200b\u5982\u679c\u200b\u7b2c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u5df2\u635f\u574f\u200b\uff0c\u200b\u4ece\u200b\u5176\u4ed6\u200b\u673a\u5668\u200b /etc/origin/ovn \u200b\u4e0b\u200b\u590d\u5236\u200b\u6587\u4ef6\u200b\u5230\u200b\u7b2c\u4e00\u53f0\u200b\u673a\u5668\u200b \uff0c \u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\u751f\u6210\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u5907\u4efd\u200b\u3002
docker run -it -v /etc/origin/ovn:/etc/ovn kubeovn/kube-ovn:v1.12.12 bash\ncd /etc/ovn/\novsdb-tool cluster-to-standalone ovnnb_db_standalone.db ovnnb_db.db\novsdb-tool cluster-to-standalone ovnsb_db_standalone.db ovnsb_db.db\n
"},{"location":"ops/recover-db/#ovn-central_1","title":"\u5220\u9664\u200b\u6bcf\u4e2a\u200b ovn-central \u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6","text":"\u200b\u4e3a\u4e86\u200b\u907f\u514d\u200b\u91cd\u5efa\u200b\u96c6\u7fa4\u200b\u65f6\u200b\u4f7f\u7528\u200b\u5230\u200b\u9519\u8bef\u200b\u7684\u200b\u6570\u636e\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u200b\u5df2\u6709\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u6e05\u7406\u200b\uff1a
mv /etc/origin/ovn/ovnnb_db.db /tmp\nmv /etc/origin/ovn/ovnsb_db.db /tmp\n
"},{"location":"ops/recover-db/#_7","title":"\u6062\u590d\u200b\u6570\u636e\u5e93\u200b\u96c6\u7fa4","text":"\u200b\u5c06\u200b\u5907\u4efd\u200b\u6570\u636e\u5e93\u200b\u5206\u522b\u200b\u91cd\u547d\u540d\u200b\u4e3a\u200b ovnnb_db.db \u200b\u548c\u200b ovnsb_db.db\uff0c\u200b\u5e76\u200b\u590d\u5236\u5230\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u4e2d\u6392\u200b\u7b2c\u4e00\u200b\u673a\u5668\u200b\u7684\u200b /etc/origin/ovn/ \u200b\u76ee\u5f55\u200b\u4e0b\u200b\uff1a
mv /etc/origin/ovn/ovnnb_db_standalone.db /etc/origin/ovn/ovnnb_db.db\nmv /etc/origin/ovn/ovnsb_db_standalone.db /etc/origin/ovn/ovnsb_db.db\n
\u200b\u6062\u590d\u200b ovn-central \u200b\u7684\u200b\u526f\u672c\u200b\u6570\u200b\uff1a
kubectl scale deployment -n kube-system ovn-central --replicas=3\nkubectl rollout status deployment/ovn-central -n kube-system\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/architecture/","title":"\u603b\u4f53\u200b\u67b6\u6784","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u200b\u4ecb\u7ecd\u200b Kube-OVN \u200b\u7684\u200b\u603b\u4f53\u200b\u67b6\u6784\u200b\uff0c\u200b\u548c\u200b\u5404\u4e2a\u200b\u7ec4\u4ef6\u200b\u7684\u200b\u529f\u80fd\u200b\u4ee5\u53ca\u200b\u5176\u200b\u4e4b\u95f4\u200b\u7684\u200b\u4ea4\u4e92\u200b\u3002
\u200b\u603b\u4f53\u200b\u6765\u770b\u200b\uff0cKube-OVN \u200b\u4f5c\u4e3a\u200b Kubernetes \u200b\u548c\u200b OVN \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4e00\u4e2a\u200b\u6865\u6881\u200b\uff0c\u200b\u5c06\u200b\u6210\u719f\u200b\u7684\u200b SDN \u200b\u548c\u200b\u4e91\u200b\u539f\u751f\u200b\u76f8\u7ed3\u5408\u200b\u3002 \u200b\u8fd9\u200b\u610f\u5473\u7740\u200b Kube-OVN \u200b\u4e0d\u4ec5\u200b\u901a\u8fc7\u200b OVN \u200b\u5b9e\u73b0\u200b\u4e86\u200b Kubernetes \u200b\u4e0b\u200b\u7684\u200b\u7f51\u7edc\u200b\u89c4\u8303\u200b\uff0c\u200b\u4f8b\u5982\u200b CNI\uff0cService \u200b\u548c\u200b Networkpolicy\uff0c\u200b\u8fd8\u200b\u5c06\u200b\u5927\u91cf\u200b\u7684\u200b SDN \u200b\u9886\u57df\u200b\u80fd\u529b\u200b\u5e26\u5165\u200b\u4e91\u200b\u539f\u751f\u200b\uff0c\u200b\u4f8b\u5982\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\uff0c\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff0cVPC\uff0c\u200b\u7f51\u5173\u200b\uff0cQoS\uff0cACL \u200b\u548c\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002
\u200b\u540c\u65f6\u200b Kube-OVN \u200b\u8fd8\u200b\u4fdd\u6301\u200b\u4e86\u200b\u826f\u597d\u200b\u7684\u200b\u5f00\u653e\u6027\u200b\u53ef\u4ee5\u200b\u548c\u200b\u8bf8\u591a\u200b\u6280\u672f\u200b\u65b9\u6848\u200b\u96c6\u6210\u200b\uff0c\u200b\u4f8b\u5982\u200b Cilium\uff0cSubmariner\uff0cPrometheus\uff0cKubeVirt \u200b\u7b49\u7b49\u200b\u3002
"},{"location":"reference/architecture/#_2","title":"\u7ec4\u4ef6\u200b\u4ecb\u7ecd","text":"Kube-OVN \u200b\u7684\u200b\u7ec4\u4ef6\u200b\u53ef\u4ee5\u200b\u5927\u81f4\u200b\u5206\u4e3a\u200b\u4e09\u7c7b\u200b\uff1a
- \u200b\u4e0a\u6e38\u200b OVN/OVS \u200b\u7ec4\u4ef6\u200b\u3002
- \u200b\u6838\u5fc3\u200b\u63a7\u5236\u5668\u200b\u548c\u200b Agent\u3002
- \u200b\u76d1\u63a7\u200b\uff0c\u200b\u8fd0\u7ef4\u200b\u5de5\u5177\u200b\u548c\u200b\u6269\u5c55\u200b\u7ec4\u4ef6\u200b\u3002
"},{"location":"reference/architecture/#ovnovs","title":"\u4e0a\u6e38\u200b OVN/OVS \u200b\u7ec4\u4ef6","text":"\u200b\u8be5\u200b\u7c7b\u578b\u200b\u7ec4\u4ef6\u200b\u6765\u81ea\u200b OVN/OVS \u200b\u793e\u533a\u200b\uff0c\u200b\u5e76\u200b\u9488\u5bf9\u200b Kube-OVN \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\u505a\u200b\u4e86\u200b\u7279\u5b9a\u200b\u4fee\u6539\u200b\u3002 OVN/OVS \u200b\u672c\u8eab\u200b\u662f\u200b\u4e00\u5957\u200b\u6210\u719f\u200b\u7684\u200b\u7ba1\u7406\u200b\u865a\u673a\u200b\u548c\u200b\u5bb9\u5668\u200b\u7684\u200b SDN \u200b\u7cfb\u7edf\u200b\uff0c\u200b\u6211\u4eec\u200b\u5f3a\u70c8\u5efa\u8bae\u200b \u200b\u5bf9\u200b Kube-OVN \u200b\u5b9e\u73b0\u200b\u611f\u5174\u8da3\u200b\u7684\u200b\u7528\u6237\u200b\u5148\u53bb\u200b\u8bfb\u200b\u4e00\u4e0b\u200b ovn-architecture(7) \u200b\u6765\u200b\u4e86\u89e3\u200b\u4ec0\u4e48\u200b\u662f\u200b OVN \u200b\u4ee5\u53ca\u200b \u200b\u5982\u4f55\u200b\u548c\u200b\u5b83\u200b\u8fdb\u884c\u200b\u96c6\u6210\u200b\u3002Kube-OVN \u200b\u4f7f\u7528\u200b OVN \u200b\u7684\u200b\u5317\u5411\u200b\u63a5\u53e3\u200b\u521b\u5efa\u200b\u548c\u200b\u8c03\u6574\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u5176\u4e2d\u200b\u7684\u200b\u7f51\u7edc\u200b\u6982\u5ff5\u200b\u6620\u5c04\u200b\u5230\u200b Kubernetes \u200b\u4e4b\u5185\u200b\u3002
\u200b\u6240\u6709\u200b OVN/OVS \u200b\u76f8\u5173\u200b\u7ec4\u4ef6\u200b\u90fd\u200b\u5df2\u200b\u6253\u5305\u200b\u6210\u200b\u5bf9\u5e94\u200b\u955c\u50cf\u200b\uff0c\u200b\u5e76\u200b\u53ef\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u8fd0\u884c\u200b\u3002
"},{"location":"reference/architecture/#ovn-central","title":"ovn-central","text":"ovn-central Deployment \u200b\u8fd0\u884c\u200b OVN \u200b\u7684\u200b\u7ba1\u7406\u200b\u5e73\u9762\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u5305\u62ec\u200b ovn-nb, ovn-sb, \u200b\u548c\u200b ovn-northd\u3002
ovn-nb\uff1a \u200b\u4fdd\u5b58\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c\u200b\u5e76\u200b\u63d0\u4f9b\u200b API \u200b\u8fdb\u884c\u200b\u865a\u62df\u200b\u7f51\u7edc\u7ba1\u7406\u200b\u3002kube-ovn-controller \u200b\u5c06\u4f1a\u200b\u4e3b\u8981\u200b\u548c\u200b ovn-nb \u200b\u8fdb\u884c\u200b\u4ea4\u4e92\u200b\u914d\u7f6e\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u3002ovn-sb\uff1a \u200b\u4fdd\u5b58\u200b\u4ece\u200b ovn-nb \u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u7edc\u200b\u751f\u6210\u200b\u7684\u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5404\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b\u5b9e\u9645\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u72b6\u6001\u200b\u3002ovn-northd\uff1a\u200b\u5c06\u200b ovn-nb \u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u7ffb\u8bd1\u6210\u200b ovn-sb \u200b\u4e2d\u200b\u7684\u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\u3002
\u200b\u591a\u4e2a\u200b ovn-central \u200b\u5b9e\u4f8b\u200b\u4f1a\u200b\u901a\u8fc7\u200b Raft \u200b\u534f\u8bae\u200b\u540c\u6b65\u200b\u6570\u636e\u200b\u4fdd\u8bc1\u200b\u9ad8\u200b\u53ef\u7528\u200b\u3002
"},{"location":"reference/architecture/#ovs-ovn","title":"ovs-ovn","text":"ovs-ovn \u200b\u4ee5\u200b DaemonSet \u200b\u5f62\u5f0f\u200b\u8fd0\u884c\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\uff0c\u200b\u5728\u200b Pod \u200b\u5185\u200b\u8fd0\u884c\u200b\u4e86\u200b openvswitch, ovsdb, \u200b\u548c\u200b ovn-controller\u3002\u200b\u8fd9\u4e9b\u200b\u7ec4\u4ef6\u200b\u4f5c\u4e3a\u200b ovn-central \u200b\u7684\u200b Agent \u200b\u5c06\u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\u7ffb\u8bd1\u6210\u200b\u771f\u5b9e\u200b\u7684\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"reference/architecture/#agent","title":"\u6838\u5fc3\u200b\u63a7\u5236\u5668\u200b\u548c\u200b Agent","text":"\u200b\u8be5\u200b\u90e8\u5206\u200b\u4e3a\u200b Kube-OVN \u200b\u7684\u200b\u6838\u5fc3\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u4f5c\u4e3a\u200b OVN \u200b\u548c\u200b Kubernetes \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4e00\u4e2a\u200b\u6865\u6881\u200b\uff0c\u200b\u5c06\u200b\u4e24\u4e2a\u200b\u7cfb\u7edf\u200b\u6253\u901a\u200b\u5e76\u200b\u5c06\u200b\u7f51\u7edc\u200b\u6982\u5ff5\u200b\u8fdb\u884c\u200b\u76f8\u4e92\u200b\u8f6c\u6362\u200b\u3002 \u200b\u5927\u90e8\u5206\u200b\u7684\u200b\u6838\u5fc3\u200b\u529f\u80fd\u200b\u90fd\u200b\u5728\u200b\u8be5\u200b\u90e8\u5206\u200b\u7ec4\u4ef6\u200b\u4e2d\u200b\u5b9e\u73b0\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-controller","title":"kube-ovn-controller","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b Deployment \u200b\u6267\u884c\u200b\u6240\u6709\u200b Kubernetes \u200b\u5185\u200b\u8d44\u6e90\u200b\u5230\u200b OVN \u200b\u8d44\u6e90\u200b\u7684\u200b\u7ffb\u8bd1\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u5176\u200b\u4f5c\u7528\u200b\u76f8\u5f53\u4e8e\u200b\u6574\u4e2a\u200b Kube-OVN \u200b\u7cfb\u7edf\u200b\u7684\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u3002 kube-ovn-controller \u200b\u76d1\u542c\u200b\u4e86\u200b\u6240\u6709\u200b\u548c\u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\u76f8\u5173\u200b\u8d44\u6e90\u200b\u7684\u200b\u4e8b\u4ef6\u200b\uff0c\u200b\u5e76\u200b\u6839\u636e\u200b\u8d44\u6e90\u200b\u53d8\u5316\u200b\u60c5\u51b5\u200b\u66f4\u65b0\u200b OVN \u200b\u5185\u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u7edc\u200b\u3002\u200b\u4e3b\u8981\u200b\u76d1\u542c\u200b\u7684\u200b\u8d44\u6e90\u200b\u5305\u62ec\u200b\uff1a Pod\uff0cService\uff0cEndpoint\uff0cNode\uff0cNetworkPolicy\uff0cVPC\uff0cSubnet\uff0cVlan\uff0cProviderNetwork\u3002
\u200b\u4ee5\u200b Pod \u200b\u4e8b\u4ef6\u200b\u4e3a\u4f8b\u200b\uff0c kube-ovn-controller \u200b\u76d1\u542c\u200b\u5230\u200b Pod \u200b\u521b\u5efa\u200b\u4e8b\u4ef6\u200b\u540e\u200b\uff0c\u200b\u901a\u8fc7\u200b\u5185\u7f6e\u200b\u7684\u200b\u5185\u5b58\u200b IPAM \u200b\u529f\u80fd\u200b\u5206\u914d\u200b\u5730\u5740\u200b\uff0c\u200b\u5e76\u200b\u8c03\u7528\u200b ovn-central \u200b\u521b\u5efa\u200b \u200b\u903b\u8f91\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u548c\u200b\u53ef\u80fd\u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u3002\u200b\u63a5\u4e0b\u6765\u200b kube-ovn-controller \u200b\u5c06\u200b\u5206\u914d\u200b\u5230\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u548c\u200b\u5b50\u7f51\u200b\u4fe1\u606f\u200b\u4f8b\u5982\u200b CIDR\uff0c\u200b\u7f51\u5173\u200b\uff0c\u200b\u8def\u7531\u200b\u7b49\u200b\u4fe1\u606f\u200b\u5199\u4f1a\u200b\u5230\u200b Pod \u200b\u7684\u200b annotation \u200b\u4e2d\u200b\u3002\u200b\u8be5\u200b annotation \u200b\u540e\u7eed\u200b\u4f1a\u200b\u88ab\u200b kube-ovn-cni \u200b\u8bfb\u53d6\u200b\u7528\u6765\u200b\u914d\u7f6e\u200b\u672c\u5730\u7f51\u7edc\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-cni","title":"kube-ovn-cni","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b DaemonSet \u200b\u8fd0\u884c\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\uff0c\u200b\u5b9e\u73b0\u200b CNI \u200b\u63a5\u53e3\u200b\uff0c\u200b\u5e76\u200b\u64cd\u4f5c\u200b\u672c\u5730\u200b\u7684\u200b OVS \u200b\u914d\u7f6e\u200b\u5355\u673a\u200b\u7f51\u7edc\u200b\u3002
\u200b\u8be5\u200b DaemonSet \u200b\u4f1a\u200b\u590d\u5236\u200b kube-ovn \u200b\u4e8c\u8fdb\u5236\u200b\u6587\u4ef6\u200b\u5230\u200b\u6bcf\u53f0\u200b\u673a\u5668\u200b\uff0c\u200b\u4f5c\u4e3a\u200b kubelet \u200b\u548c\u200b kube-ovn-cni \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4ea4\u4e92\u200b\u5de5\u5177\u200b\uff0c\u200b\u5c06\u200b\u76f8\u5e94\u200b CNI \u200b\u8bf7\u6c42\u200b \u200b\u53d1\u9001\u7ed9\u200b kube-ovn-cni \u200b\u6267\u884c\u200b\u3002\u200b\u8be5\u200b\u4e8c\u8fdb\u5236\u200b\u6587\u4ef6\u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u88ab\u200b\u590d\u5236\u5230\u200b /opt/cni/bin \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u3002
kube-ovn-cni \u200b\u4f1a\u200b\u914d\u7f6e\u200b\u5177\u4f53\u200b\u7684\u200b\u7f51\u7edc\u200b\u6765\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u6d41\u91cf\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u4e3b\u8981\u200b\u5de5\u4f5c\u200b\u5305\u62ec\u200b\uff1a
- \u200b\u914d\u7f6e\u200b
ovn-controller \u200b\u548c\u200b vswitchd\u3002 - \u200b\u5904\u7406\u200b CNI add/del \u200b\u8bf7\u6c42\u200b\uff1a
- \u200b\u521b\u5efa\u200b\u5220\u9664\u200b veth \u200b\u5e76\u200b\u548c\u200b OVS \u200b\u7aef\u53e3\u200b\u7ed1\u5b9a\u200b\u3002
- \u200b\u914d\u7f6e\u200b OVS \u200b\u7aef\u53e3\u200b\u4fe1\u606f\u200b\u3002
- \u200b\u66f4\u65b0\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b iptables/ipset/route \u200b\u7b49\u200b\u89c4\u5219\u200b\u3002
- \u200b\u52a8\u6001\u200b\u66f4\u65b0\u200b\u5bb9\u5668\u200b QoS.
- \u200b\u521b\u5efa\u200b\u5e76\u200b\u914d\u7f6e\u200b
ovn0 \u200b\u7f51\u5361\u200b\u8054\u901a\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u3002 - \u200b\u914d\u7f6e\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b\u6765\u200b\u5b9e\u73b0\u200b Vlan/Underlay/EIP \u200b\u7b49\u200b\u529f\u80fd\u200b\u3002
- \u200b\u52a8\u6001\u200b\u914d\u7f6e\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u7f51\u200b\u5173\u200b\u3002
"},{"location":"reference/architecture/#_3","title":"\u76d1\u63a7\u200b\uff0c\u200b\u8fd0\u7ef4\u200b\u5de5\u5177\u200b\u548c\u200b\u6269\u5c55\u200b\u7ec4\u4ef6","text":"\u200b\u8be5\u200b\u90e8\u5206\u200b\u7ec4\u4ef6\u200b\u4e3b\u8981\u200b\u63d0\u4f9b\u200b\u76d1\u63a7\u200b\uff0c\u200b\u8bca\u65ad\u200b\uff0c\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u4ee5\u53ca\u200b\u548c\u200b\u5916\u90e8\u200b\u8fdb\u884c\u200b\u5bf9\u63a5\u200b\uff0c\u200b\u5bf9\u200b Kube-OVN \u200b\u7684\u200b\u6838\u5fc3\u200b\u7f51\u7edc\u200b\u80fd\u529b\u200b\u8fdb\u884c\u200b\u6269\u5c55\u200b\uff0c\u200b\u5e76\u200b\u7b80\u5316\u200b\u65e5\u5e38\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-speaker","title":"kube-ovn-speaker","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b DaemonSet \u200b\u8fd0\u884c\u200b\u5728\u200b\u7279\u5b9a\u200b\u6807\u7b7e\u200b\u7684\u200b\u8282\u70b9\u200b\u4e0a\u200b\uff0c\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u8def\u7531\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u5916\u90e8\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b Pod IP \u200b\u8bbf\u95ee\u200b\u5bb9\u5668\u200b\u3002
\u200b\u66f4\u200b\u591a\u200b\u76f8\u5173\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u8bf7\u200b\u53c2\u8003\u200b BGP \u200b\u652f\u6301\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-pinger","title":"kube-ovn-pinger","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b DaemonSet \u200b\u8fd0\u884c\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u6536\u96c6\u200b OVS \u200b\u8fd0\u884c\u200b\u4fe1\u606f\u200b\uff0c\u200b\u8282\u70b9\u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\uff0c\u200b\u7f51\u7edc\u200b\u5ef6\u8fdf\u200b\u7b49\u200b\u4fe1\u606f\u200b\uff0c\u200b\u6536\u96c6\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u53ef\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-monitor","title":"kube-ovn-monitor","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b Deployment \u200b\u6536\u96c6\u200b OVN \u200b\u7684\u200b\u8fd0\u884c\u200b\u4fe1\u606f\u200b\uff0c\u200b\u6536\u96c6\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u53ef\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
"},{"location":"reference/architecture/#kubectl-ko","title":"kubectl-ko","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b kubectl \u200b\u63d2\u4ef6\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5feb\u901f\u200b\u8fd0\u884c\u200b\u5e38\u89c1\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b kubectl \u200b\u63d2\u4ef6\u200b\u4f7f\u7528\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/dev-env/","title":"\u5f00\u53d1\u200b\u73af\u5883\u200b\u6784\u5efa","text":""},{"location":"reference/dev-env/#_2","title":"\u73af\u5883\u200b\u51c6\u5907","text":"Kube-OVN \u200b\u4f7f\u7528\u200b Go 1.20 \u200b\u5f00\u53d1\u200b\u5e76\u200b\u4f7f\u7528\u200b Go Modules \u200b\u7ba1\u7406\u200b\u4f9d\u8d56\u200b\uff0c \u200b\u8bf7\u200b\u786e\u8ba4\u200b\u73af\u5883\u53d8\u91cf\u200b GO111MODULE=\"on\"\u3002
gosec \u200b\u88ab\u200b\u7528\u6765\u200b\u626b\u63cf\u200b\u4ee3\u7801\u200b\u5b89\u5168\u200b\u76f8\u5173\u200b\u95ee\u9898\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u5f00\u53d1\u200b\u73af\u5883\u200b\u5b89\u88c5\u200b\uff1a
go install github.com/securego/gosec/v2/cmd/gosec@latest\n
\u200b\u4e3a\u4e86\u200b\u964d\u4f4e\u200b\u6700\u7ec8\u200b\u751f\u6210\u200b\u955c\u50cf\u200b\u5927\u5c0f\u200b\uff0cKube-OVN \u200b\u4f7f\u7528\u200b\u4e86\u200b\u90e8\u5206\u200b Docker buildx \u200b\u8bd5\u9a8c\u200b\u7279\u6027\u200b\uff0c\u200b\u8bf7\u200b\u66f4\u65b0\u200b Docker \u200b\u81f3\u200b\u6700\u65b0\u200b\u7248\u672c\u200b \u200b\u5e76\u200b\u5f00\u542f\u200b buildx:
docker buildx create --use\n
"},{"location":"reference/dev-env/#_3","title":"\u6784\u5efa\u200b\u955c\u50cf","text":"\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u200b\u4ee3\u7801\u200b\uff0c\u200b\u5e76\u200b\u751f\u6210\u200b\u8fd0\u884c\u200b Kube-OVN \u200b\u6240\u200b\u9700\u200b\u955c\u50cf\u200b\uff1a
git clone https://github.com/kubeovn/kube-ovn.git\ncd kube-ovn\nmake release\n
\u200b\u5982\u9700\u200b\u6784\u5efa\u200b\u5728\u200b ARM \u200b\u73af\u5883\u200b\u4e0b\u200b\u8fd0\u884c\u200b\u7684\u200b\u955c\u50cf\u200b\uff0c\u200b\u8bf7\u200b\u6267\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
make release-arm\n
"},{"location":"reference/dev-env/#base","title":"\u6784\u5efa\u200b base \u200b\u955c\u50cf","text":"\u200b\u5982\u200b\u9700\u8981\u200b\u66f4\u6539\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u7248\u672c\u200b\uff0c\u200b\u4f9d\u8d56\u200b\u5e93\u200b\uff0cOVS/OVN \u200b\u4ee3\u7801\u200b\u7b49\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u200b base \u200b\u955c\u50cf\u200b\u8fdb\u884c\u200b\u91cd\u65b0\u200b\u6784\u5efa\u200b\u3002
base \u200b\u955c\u50cf\u200b\u4f7f\u7528\u200b\u7684\u200b Dockerfile \u200b\u4e3a\u200b dist/images/Dockerfile.base\u3002
\u200b\u6784\u5efa\u200b\u65b9\u6cd5\u200b\uff1a
# build x86 base image\nmake base-amd64\n\n# build arm base image\nmake base-arm64\n
"},{"location":"reference/dev-env/#e2e","title":"\u8fd0\u884c\u200b E2E","text":"Kube-OVN \u200b\u4f7f\u7528\u200b KIND \u200b\u6784\u5efa\u200b\u672c\u5730\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\uff0cj2cli \u200b\u6e32\u67d3\u200b\u6a21\u677f\u200b\uff0c Ginkgo \u200b\u6765\u200b\u8fd0\u884c\u200b\u6d4b\u8bd5\u4ee3\u7801\u200b\u3002\u200b\u8bf7\u200b\u53c2\u8003\u200b\u76f8\u5173\u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u4f9d\u8d56\u200b\u5b89\u88c5\u200b\u3002
\u200b\u672c\u5730\u200b\u6267\u884c\u200b E2E \u200b\u6d4b\u8bd5\u200b\uff1a
make kind-init\nmake kind-install\nmake e2e\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b Underlay E2E \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install-underlay\nmake e2e-underlay-single-nic\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b ovn vpc nat gw eip, fip, snat, dnat \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install\nmake ovn-vpc-nat-gw-conformance-e2e\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b iptables vpc nat gw eip, fip, snat, dnat \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install\nmake kind-install-vpc-nat-gw\nmake iptables-vpc-nat-gw-conformance-e2e\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b loadbalancer service \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install\nmake kind-install-lb-svc\nmake kube-ovn-lb-svc-conformance-e2e\n
\u200b\u5982\u9700\u200b\u6e05\u7406\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-clean\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/document-convention/","title":"\u6587\u6863\u200b\u89c4\u8303","text":"\u200b\u4e3a\u4e86\u200b\u4fdd\u8bc1\u200b\u6587\u6863\u200b\u98ce\u683c\u200b\u4e00\u81f4\u200b\uff0c\u200b\u8bf7\u200b\u5728\u200b\u63d0\u4ea4\u200b\u6587\u6863\u200b\u65f6\u200b\u9075\u5faa\u200b\u4e0b\u5217\u200b\u7684\u200b\u98ce\u683c\u200b\u89c4\u8303\u200b\u3002
"},{"location":"reference/document-convention/#_2","title":"\u6807\u70b9","text":"\u200b\u4e2d\u6587\u200b\u6587\u6863\u200b\u4e2d\u200b\u6587\u672c\u200b\u5185\u5bb9\u200b\u6240\u6709\u200b\u6807\u70b9\u200b\u5e94\u200b\u4f7f\u7528\u200b\u4e2d\u6587\u200b\u683c\u5f0f\u200b\u6807\u70b9\u200b\uff0c\u200b\u82f1\u6587\u200b\u6587\u6863\u200b\u4e2d\u200b\u6240\u6709\u200b\u6587\u672c\u200b\u5185\u5bb9\u200b\u4e2d\u5e94\u200b\u4f7f\u7528\u200b\u82f1\u6587\u200b\u6807\u70b9\u200b\u3002
BadGood \u200b\u8fd9\u91cc\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b,\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u5feb\u901f\u200b\u5b89\u88c5\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b,\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b. \u200b\u8fd9\u91cc\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u5feb\u901f\u200b\u5b89\u88c5\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b\uff0c\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u3002 \u200b\u82f1\u6587\u200b\u6570\u5b57\u200b\u548c\u200b\u4e2d\u6587\u200b\u5e94\u8be5\u200b\u7528\u200b\u7a7a\u683c\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002
BadGood Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u6765\u200b\u5b89\u88c5\u200b 1.10 \u200b\u7248\u672c\u200b Kube-OVN\u3002 Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u6765\u200b\u5b89\u88c5\u200b 1.10 \u200b\u7248\u672c\u200b Kube-OVN\u3002 \u200b\u793a\u4f8b\u200b\u5185\u5bb9\u200b\u5e94\u8be5\u200b\u4ee5\u200b \uff1a \u200b\u5f00\u542f\u200b\uff0c\u200b\u5176\u4ed6\u200b\u53e5\u200b\u5c3e\u200b\u9700\u8981\u200b\u7528\u200b \u3002 \u200b\u7ed3\u675f\u200b\u3002
BadGood \u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b \u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\u3002 wget 127.0.0.1\n
\u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b\u3002 \u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a wget 127.0.0.1\n
"},{"location":"reference/document-convention/#_3","title":"\u4ee3\u7801\u200b\u5757","text":"yaml \u200b\u4ee3\u7801\u200b\u5757\u200b\u9700\u8981\u200b\u6807\u8bc6\u200b\u4e3a\u200b yaml\u3002
BadGood ````\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\n````\n
````yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\n````\n
\u200b\u547d\u4ee4\u884c\u200b\u64cd\u4f5c\u200b\u793a\u4f8b\u200b\u4ee3\u7801\u200b\u5757\u200b\u9700\u8981\u200b\u6807\u8bc6\u200b\u4e3a\u200b bash\u3002
BadGood ````\nwget 127.0.0.1\n````\n
````bash\nwget 127.0.0.1\n````\n
\u200b\u5982\u679c\u200b\u547d\u4ee4\u884c\u200b\u64cd\u4f5c\u200b\u793a\u4f8b\u200b\u4e2d\u200b\u5305\u542b\u200b\u8f93\u51fa\u200b\u5185\u5bb9\u200b\uff0c\u200b\u5219\u200b\u6240\u200b\u6267\u884c\u547d\u4ee4\u200b\u9700\u8981\u200b\u4ee5\u200b # \u200b\u5f00\u59cb\u200b\uff0c\u200b\u4ee5\u200b\u533a\u5206\u200b\u8f93\u5165\u200b\u4e0e\u200b\u8f93\u51fa\u200b\u3002
BadGood oilbeater@macdeMac-3 ~ ping 114.114.114.114 -c 3\nPING 114.114.114.114 (114.114.114.114): 56 data bytes\n64 bytes from 114.114.114.114: icmp_seq=0 ttl=83 time=10.429 ms\n64 bytes from 114.114.114.114: icmp_seq=1 ttl=79 time=11.360 ms\n64 bytes from 114.114.114.114: icmp_seq=2 ttl=76 time=10.794 ms\n\n--- 114.114.114.114 ping statistics ---\n3 packets transmitted, 3 packets received, 0.0% packet loss\nround-trip min/avg/max/stddev = 10.429/10.861/11.360/0.383 ms\n
# ping 114.114.114.114 -c 3\nPING 114.114.114.114 (114.114.114.114): 56 data bytes\n64 bytes from 114.114.114.114: icmp_seq=0 ttl=83 time=10.429 ms\n64 bytes from 114.114.114.114: icmp_seq=1 ttl=79 time=11.360 ms\n64 bytes from 114.114.114.114: icmp_seq=2 ttl=76 time=10.794 ms\n\n--- 114.114.114.114 ping statistics ---\n3 packets transmitted, 3 packets received, 0.0% packet loss\nround-trip min/avg/max/stddev = 10.429/10.861/11.360/0.383 ms\n
\u200b\u5982\u679c\u200b\u547d\u4ee4\u884c\u200b\u64cd\u4f5c\u200b\u793a\u4f8b\u200b\u4e2d\u200b\u53ea\u200b\u5305\u542b\u200b\u6267\u884c\u547d\u4ee4\u200b\uff0c\u200b\u6ca1\u6709\u200b\u8f93\u51fa\u200b\u7ed3\u679c\u200b\uff0c\u200b\u5219\u200b\u591a\u6761\u200b\u547d\u4ee4\u200b\u65e0\u9700\u200b # \u200b\u5f00\u59cb\u200b\u3002
BadGood # mv /etc/origin/ovn/ovnnb_db.db /tmp\n# mv /etc/origin/ovn/ovnsb_db.db /tmp\n
mv /etc/origin/ovn/ovnnb_db.db /tmp\nmv /etc/origin/ovn/ovnsb_db.db /tmp\n
"},{"location":"reference/document-convention/#_4","title":"\u94fe\u63a5","text":"\u200b\u7ad9\u200b\u5185\u200b\u94fe\u63a5\u200b\u4f7f\u7528\u200b\u5bf9\u5e94\u200b md \u200b\u6587\u4ef6\u200b\u8def\u5f84\u200b\u3002
BadGood \u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u53c2\u8003\u200b[\u200b\u51c6\u5907\u200b\u5de5\u4f5c\u200b](http://kubeovn.github.io/prepare)\u3002\n
\u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u53c2\u8003\u200b[\u200b\u51c6\u5907\u200b\u5de5\u4f5c\u200b](./prepare.md)\u3002\n
BadGood \u200b\u5982\u200b\u6709\u200b\u95ee\u9898\u200b\u8bf7\u200b\u53c2\u8003\u200b [Kubernetes \u200b\u6587\u6863\u200b](http://kubernetes.io)\u3002\n
\u200b\u5982\u200b\u6709\u200b\u95ee\u9898\u200b\u8bf7\u200b\u53c2\u8003\u200b [Kubernetes \u200b\u6587\u6863\u200b](http://kubernetes.io){: target=\"_blank\" }\u3002\n
"},{"location":"reference/document-convention/#_5","title":"\u7a7a\u884c","text":"\u200b\u4e0d\u540c\u200b\u903b\u8f91\u200b\u5757\u200b\uff0c\u200b\u4f8b\u5982\u200b\u6807\u9898\u200b\u548c\u200b\u6587\u672c\u200b\uff0c\u200b\u6587\u672c\u200b\u548c\u200b\u4ee3\u7801\u200b\uff0c\u200b\u6587\u672c\u200b\u548c\u200b\u7f16\u53f7\u200b\u4e4b\u95f4\u200b\u9700\u8981\u200b\u7528\u200b\u7a7a\u884c\u200b\u5206\u9694\u200b\u3002
BadGood \u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n```bash\nwget 127.0.0.1\n```\n
\u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n\n```bash\nwget 127.0.0.1\n```\n
\u200b\u4e0d\u540c\u200b\u903b\u8f91\u200b\u5757\u200b\u4e4b\u95f4\u200b\u53ea\u200b\u4f7f\u7528\u200b\u4e00\u4e2a\u200b\u7a7a\u884c\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002
BadGood \u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n\n\n\n```bash\nwget 127.0.0.1\n```\n
\u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n\n```bash\nwget 127.0.0.1\n```\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/feature-stage/","title":"\u529f\u80fd\u200b\u6210\u719f\u5ea6","text":"\u200b\u5728\u200b Kube-OVN \u200b\u4e2d\u200b\u6839\u636e\u200b\u529f\u80fd\u200b\u4f7f\u7528\u200b\u5ea6\u200b\uff0c\u200b\u6587\u6863\u200b\u5b8c\u5584\u200b\u7a0b\u5ea6\u200b\u548c\u200b\u6d4b\u8bd5\u200b\u8986\u76d6\u200b\u7a0b\u5ea6\u200b\u5c06\u200b\u529f\u80fd\u200b\u6210\u719f\u5ea6\u200b\u5206\u4e3a\u200b Alpha\uff0cBeta \u200b\u548c\u200b GA \u200b\u4e09\u4e2a\u200b\u9636\u6bb5\u200b\u3002
"},{"location":"reference/feature-stage/#_2","title":"\u6210\u719f\u5ea6\u200b\u5b9a\u4e49","text":"\u200b\u5bf9\u4e8e\u200b Alpha \u200b\u529f\u80fd\u200b\uff1a
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u6ca1\u6709\u200b\u5b8c\u6574\u200b\u7684\u200b\u6587\u6863\u200b\u548c\u200b\u5b8c\u5584\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u8986\u76d6\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u672a\u6765\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u53d1\u751f\u53d8\u5316\u200b\u751a\u81f3\u200b\u6574\u4f53\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b API \u200b\u4e0d\u200b\u4fdd\u8bc1\u200b\u7a33\u5b9a\u200b\uff0c\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u88ab\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u793e\u533a\u200b\u652f\u6301\u200b\u4f18\u5148\u7ea7\u200b\u8f83\u200b\u4f4e\u200b\uff0c\u200b\u4e14\u200b\u65e0\u6cd5\u200b\u4fdd\u8bc1\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u529f\u80fd\u200b\u7a33\u5b9a\u6027\u200b\u548c\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u65e0\u6cd5\u200b\u4fdd\u8bc1\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b\u9a8c\u8bc1\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u200b\u63a8\u8350\u200b\u751f\u4ea7\u200b\u4f7f\u7528\u200b\u3002
\u200b\u5bf9\u4e8e\u200b Beta \u200b\u529f\u80fd\u200b\uff1a
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u6709\u200b\u90e8\u5206\u200b\u6587\u6863\u200b\u548c\u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u4f46\u662f\u200b\u4e0d\u200b\u4fdd\u8bc1\u200b\u5b8c\u6574\u200b\u7684\u200b\u8986\u76d6\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u672a\u6765\u200b\u53ef\u80fd\u200b\u53d1\u751f\u53d8\u5316\u200b\uff0c\u200b\u5347\u7ea7\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u5f71\u54cd\u200b\u7f51\u7edc\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u4f1a\u200b\u88ab\u200b\u6574\u4f53\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b API \u200b\u672a\u6765\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u53d1\u751f\u53d8\u5316\u200b\uff0c\u200b\u5b57\u200b\u6bb5\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u4f1a\u200b\u6574\u4f53\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5f97\u5230\u200b\u793e\u533a\u200b\u7684\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5f97\u5230\u200b\u957f\u671f\u200b\u652f\u6301\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u975e\u5173\u952e\u200b\u4e1a\u52a1\u200b\u4e0a\u200b\u8fdb\u884c\u200b\u4f7f\u7528\u200b\uff0c\u200b\u4f46\u662f\u200b\u7531\u4e8e\u200b\u529f\u80fd\u200b\u548c\u200b API \u200b\u5b58\u5728\u200b\u53d8\u5316\u200b\u7684\u200b\u53ef\u80fd\u200b\uff0c\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u5728\u200b\u5347\u7ea7\u200b\u4e2d\u200b\u51fa\u73b0\u200b\u4e2d\u65ad\u200b\uff0c\u200b\u4e0d\u200b\u63a8\u8350\u200b\u5728\u200b\u5173\u952e\u200b\u751f\u4ea7\u200b\u4e1a\u52a1\u200b\u4e0a\u200b\u4f7f\u7528\u200b\u3002
\u200b\u5bf9\u4e8e\u200b GA \u200b\u529f\u80fd\u200b\uff1a
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u6709\u200b\u5b8c\u6574\u200b\u7684\u200b\u6587\u6863\u200b\u548c\u200b\u6d4b\u8bd5\u200b\u8986\u76d6\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u4fdd\u6301\u7a33\u5b9a\u200b\uff0c\u200b\u5347\u7ea7\u200b\u4f1a\u200b\u4fdd\u8bc1\u200b\u5e73\u6ed1\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b API \u200b\u4e0d\u4f1a\u200b\u53d1\u751f\u200b\u7834\u574f\u6027\u200b\u53d8\u5316\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5f97\u5230\u200b\u793e\u533a\u200b\u9ad8\u200b\u4f18\u5148\u7ea7\u200b\u652f\u6301\u200b\uff0c\u200b\u5e76\u4f1a\u200b\u4fdd\u8bc1\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u3002
"},{"location":"reference/feature-stage/#_3","title":"\u6210\u719f\u5ea6\u200b\u5217\u8868","text":"\u200b\u672c\u200b\u5217\u8868\u200b\u7edf\u8ba1\u200b\u4ece\u200b v1.8 \u200b\u7248\u672c\u200b\u4e2d\u200b\u5305\u542b\u200b\u7684\u200b\u529f\u80fd\u200b\u5bf9\u5e94\u200b\u6210\u719f\u5ea6\u200b\u3002
\u200b\u529f\u80fd\u200b \u200b\u9ed8\u8ba4\u200b\u5f00\u542f\u200b \u200b\u72b6\u6001\u200b \u200b\u5f00\u59cb\u200b\uff08Since\uff09 \u200b\u7ed3\u675f\u200b\uff08Until\uff09 Namespaced Subnet true GA 1.8 \u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b true GA 1.8 \u200b\u4e3b\u4ece\u200b\u6a21\u5f0f\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b true GA 1.8 ECMP \u200b\u6a21\u5f0f\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b false Beta 1.8 \u200b\u5b50\u7f51\u200b ACL true Alpha 1.9 \u200b\u5b50\u7f51\u200b\u9694\u79bb\u200b (\u200b\u672a\u6765\u200b\u4f1a\u200b\u548c\u200b\u5b50\u7f51\u200b ACL \u200b\u5408\u5e76\u200b) true Beta 1.8 Underlay \u200b\u5b50\u7f51\u200b true GA 1.8 \u200b\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406\u200b true Beta 1.8 \u200b\u5b50\u7f51\u200b DHCP false Alpha 1.10 \u200b\u5b50\u7f51\u200b\u8bbe\u7f6e\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b false Alpha 1.8 \u200b\u4f7f\u7528\u200b OVN-IC \u200b\u8fdb\u884c\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b false Beta 1.8 \u200b\u4f7f\u7528\u200b Submariner \u200b\u8fdb\u884c\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b false Alpha 1.9 \u200b\u5b50\u7f51\u200b VIP \u200b\u9884\u7559\u200b true Alpha 1.10 \u200b\u521b\u5efa\u200b\u81ea\u5b9a\u4e49\u200b VPC true Beta 1.8 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u6d6e\u52a8\u200b IP/SNAT/DNAT true Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u9759\u6001\u200b\u8def\u7531\u200b true Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u7b56\u7565\u200b\u8def\u7531\u200b true Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5b89\u5168\u200b\u7ec4\u200b true Alpha 1.10 \u200b\u5bb9\u5668\u200b\u6700\u5927\u200b\u5e26\u5bbd\u200b QoS true GA 1.8 linux-netem QoS true Alpha 1.9 Prometheus \u200b\u96c6\u6210\u200b false GA 1.8 Grafana \u200b\u96c6\u6210\u200b false GA 1.8 \u200b\u53cc\u6808\u200b\u7f51\u7edc\u200b false GA 1.8 \u200b\u9ed8\u8ba4\u200b VPC EIP/SNAT false Beta 1.8 \u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b false GA 1.8 NetworkPolicy true Beta 1.8 Webhook false Alpha 1.10 \u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b false Beta 1.8 Overlay \u200b\u5b50\u7f51\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b false Alpha 1.8 Overlay \u200b\u5b50\u7f51\u200b BGP \u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b false Alpha 1.9 Cilium \u200b\u96c6\u6210\u200b false Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e92\u8054\u200b false Alpha 1.10 Mellanox Offload false Alpha 1.8 \u200b\u82af\u542f\u6e90\u200b Offload false Alpha 1.10 Windows \u200b\u652f\u6301\u200b false Alpha 1.10 DPDK \u200b\u652f\u6301\u200b false Alpha 1.10 OpenStack \u200b\u96c6\u6210\u200b false Alpha 1.9 \u200b\u5355\u4e2a\u200b Pod \u200b\u56fa\u5b9a\u200b IP/Mac true GA 1.8 Workload \u200b\u56fa\u5b9a\u200b IP true GA 1.8 StatefulSet \u200b\u56fa\u5b9a\u200b IP true GA 1.8 VM \u200b\u56fa\u5b9a\u200b IP false Beta 1.9 \u200b\u9ed8\u8ba4\u200b VPC Load Balancer \u200b\u7c7b\u578b\u200b Service false Alpha 1.11 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b false Alpha 1.11 \u200b\u81ea\u5b9a\u4e49\u200b VPC DNS false Alpha 1.11 Underlay \u200b\u548c\u200b Overlay \u200b\u4e92\u901a\u200b false Alpha 1.11 \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/iptables-rules/","title":"Iptables \u200b\u89c4\u5219","text":"Kube-OVN \u200b\u4f7f\u7528\u200b ipset \u200b\u53ca\u200b iptables \u200b\u8f85\u52a9\u200b\u5b9e\u73b0\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\uff08Overlay\uff09\u200b\u7f51\u5173\u200b NAT \u200b\u7684\u200b\u529f\u80fd\u200b\u3002
\u200b\u4f7f\u7528\u200b\u7684\u200b ipset \u200b\u5982\u4e0b\u200b\u8868\u200b\u6240\u793a\u200b\uff1a
\u200b\u540d\u79f0\u200b\uff08IPv4/IPv6\uff09 \u200b\u7c7b\u578b\u200b \u200b\u5b58\u50a8\u200b\u5bf9\u8c61\u200b ovn40services/ovn60services hash:net Service \u200b\u7f51\u6bb5\u200b ovn40subnets/ovn60subnets hash:net Overlay \u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\u4ee5\u53ca\u200b NodeLocal DNS IP \u200b\u5730\u5740\u200b ovn40subnets-nat/ovn60subnets-nat hash:net \u200b\u5f00\u542f\u200b NatOutgoing \u200b\u7684\u200b Overlay \u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b ovn40subnets-distributed-gw/ovn60subnets-distributed-gw hash:net \u200b\u5f00\u542f\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u7684\u200b Overlay \u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b ovn40other-node/ovn60other-node hash:net \u200b\u5176\u5b83\u200b\u8282\u70b9\u200b\u7684\u200b\u5185\u90e8\u200b IP \u200b\u5730\u5740\u200b ovn40local-pod-ip-nat/ovn60local-pod-ip-nat hash:ip \u200b\u5df2\u5f03\u200b\u7528\u200b ovn40subnets-nat-policy hash:net \u200b\u914d\u7f6e\u200b\u4e86\u200b natOutgoingPolicyRules \u200b\u7684\u200b\u6240\u6709\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b ovn40natpr-418e79269dc5-dst hash:net natOutgoingPolicyRules \u200b\u4e2d\u200b rule \u200b\u5bf9\u5e94\u200b\u7684\u200b dstIPs ovn40natpr-418e79269dc5-src hash:net natOutgoingPolicyRules \u200b\u4e2d\u200b rule \u200b\u5bf9\u5e94\u200b\u7684\u200b srcIPs \u200b\u4f7f\u7528\u200b\u7684\u200b iptables \u200b\u89c4\u5219\u200b\uff08IPv4\uff09\u200b\u5982\u4e0b\u200b\u8868\u200b\u6240\u793a\u200b\uff1a
\u200b\u8868\u200b \u200b\u94fe\u200b \u200b\u89c4\u5219\u200b \u200b\u7528\u9014\u200b \u200b\u5907\u6ce8\u200b filter INPUT -m set --match-set ovn40services src -j ACCEPT \u200b\u5141\u8bb8\u200b k8s Service \u200b\u548c\u200b Pod \u200b\u76f8\u5173\u200b\u6d41\u91cf\u200b\u901a\u8fc7\u200b -- filter INPUT -m set --match-set ovn40services dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter INPUT -m set --match-set ovn40subnets src -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter INPUT -m set --match-set ovn40subnets dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40services src -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40services dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40subnets src -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40subnets dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -s 10.16.0.0/16 -m comment --comment \"ovn-subnet-gateway,ovn-default\" \u200b\u7528\u4e8e\u200b\u8ba1\u6570\u200b\u4ece\u200b subnet \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u7684\u200b\u62a5\u6587\u200b 10.16.0.0/16 \u200b\u4e3a\u200b subnet \u200b\u7684\u200b cidr \uff0ccomment \u200b\u4e2d\u200b\u9017\u53f7\u200b\u524d\u9762\u200b\u7684\u200b ovn-subnet-gateway \u200b\u7528\u4e8e\u200b\u6807\u8bc6\u200b\u8be5\u200b iptables \u200b\u89c4\u5219\u200b\u7528\u4e8e\u200b subnet \u200b\u51fa\u5165\u200b\u7f51\u5173\u200b\u62a5\u6587\u200b\u8ba1\u6570\u200b\uff0c\u200b\u9017\u53f7\u200b\u540e\u9762\u200b ovn-default \u200b\u662f\u200b\u8be5\u200b subnet \u200b\u7684\u200b\u540d\u5b57\u200b filter FORWARD -d 10.16.0.0/16 -m comment --comment \"ovn-subnet-gateway,ovn-default\" \u200b\u7528\u4e8e\u200b\u8ba1\u6570\u200b\u4ece\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u8bbf\u95ee\u200b subnet \u200b\u7684\u200b\u62a5\u6587\u200b \u200b\u540c\u200b\u4e0a\u200b filter OUTPUT -p udp -m udp --dport 6081 -j MARK --set-xmark 0x0 \u200b\u6e05\u9664\u200b\u6d41\u91cf\u200b\u6807\u8bb0\u200b\uff0c\u200b\u907f\u514d\u200b\u6267\u884c\u200b SNAT UDP: bad checksum on VXLAN interface nat PREROUTING -m comment --comment \"kube-ovn prerouting rules\" -j OVN-PREROUTING \u200b\u8fdb\u5165\u200b OVN-PREROUTING \u200b\u94fe\u200b\u5904\u7406\u200b -- nat POSTROUTING -m comment --comment \"kube-ovn postrouting rules\" -j OVN-POSTROUTING \u200b\u8fdb\u5165\u200b OVN-POSTROUTING \u200b\u94fe\u200b\u5904\u7406\u200b -- nat OVN-PREROUTING -i ovn0 -m set --match-set ovn40subnets src -m set --match-set ovn40services dst -j MARK --set-xmark 0x4000/0x4000 \u200b\u4e3a\u200b Pod \u200b\u8bbf\u95ee\u200b Service \u200b\u6d41\u91cf\u200b\u6dfb\u52a0\u200b masquerade \u200b\u6807\u8bb0\u200b \u200b\u4f5c\u7528\u200b\u4e8e\u200b\u5173\u95ed\u200b\u5185\u7f6e\u200b LB \u200b\u7684\u200b\u573a\u666f\u200b nat OVN-PREROUTING -p tcp -m addrtype --dst-type LOCAL -m set --match-set KUBE-NODE-PORT-LOCAL-TCP dst -j MARK --set-xmark 0x80000/0x80000 \u200b\u4e3a\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff08TCP\uff09\u200b\u6dfb\u52a0\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b \u200b\u4ec5\u200b kube-proxy \u200b\u4f7f\u7528\u200b ipvs \u200b\u6a21\u5f0f\u200b\u65f6\u200b\u5b58\u5728\u200b nat OVN-PREROUTING -p udp -m addrtype --dst-type LOCAL -m set --match-set KUBE-NODE-PORT-LOCAL-UDP dst -j MARK --set-xmark 0x80000/0x80000 \u200b\u4e3a\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff08UDP\uff09\u200b\u6dfb\u52a0\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b \u200b\u540c\u200b\u4e0a\u200b nat OVN-POSTROUTING -m set --match-set ovn40services src -m set --match-set ovn40subnets dst -m mark --mark 0x4000/0x4000 -j SNAT --to-source \u200b\u5f53\u200b\u8282\u70b9\u200b\u901a\u8fc7\u200b Service IP \u200b\u8bbf\u95ee\u200b Overlay Pod \u200b\u65f6\u200b\uff0c\u200b\u4fdd\u6301\u200b\u6e90\u200b IP \u200b\u4e3a\u200b\u8282\u70b9\u200b IP\u3002 \u200b\u4ec5\u200b kube-proxy \u200b\u4f7f\u7528\u200b ipvs \u200b\u6a21\u5f0f\u200b\u65f6\u200b\u751f\u6548\u200b nat OVN-POSTROUTING -m mark --mark 0x4000/0x4000 -j MASQUERADE \u200b\u4e3a\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b\u7684\u200b\u6d41\u91cf\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m set --match-set ovn40subnets src -m set --match-set ovn40subnets dst -j MASQUERADE \u200b\u4e3a\u200b\u901a\u8fc7\u200b\u8282\u70b9\u200b\u7684\u200b Pod \u200b\u4e4b\u95f4\u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m mark --mark 0x80000/0x80000 -m set --match-set ovn40subnets-distributed-gw dst -j RETURN \u200b\u5bf9\u4e8e\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff0c\u200b\u82e5\u200b Endpoint \u200b\u4f7f\u7528\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u65e0\u9700\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m mark --mark 0x80000/0x80000 -j MASQUERADE \u200b\u5bf9\u4e8e\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff0c\u200b\u82e5\u200b Endpoint \u200b\u4f7f\u7528\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -p tcp -m tcp --tcp-flags SYN NONE -m conntrack --ctstate NEW -j RETURN Pod IP \u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\u65f6\u200b\uff0c\u200b\u4e0d\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -s 10.16.0.0/16 -m set ! --match-set ovn40subnets dst -j SNAT --to-source 192.168.0.101 Pod \u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0c\u200b\u82e5\u200b\u5b50\u7f51\u200b\u5f00\u542f\u200b NatOutgoing \u200b\u4e14\u200b\u4f7f\u7528\u200b\u6307\u5b9a\u200b IP \u200b\u7684\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u6267\u884c\u200b SNAT 10.16.0.0/16 \u200b\u4e3a\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\uff0c192.168.0.101 \u200b\u4e3a\u200b\u6307\u5b9a\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b IP nat OVN-POSTROUTING -m set --match-set ovn40subnets-nat src -m set ! --match-set ovn40subnets dst -j MASQUERADE Pod \u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0c\u200b\u82e5\u200b\u5b50\u7f51\u200b\u5f00\u542f\u200b NatOutgoing\uff0c\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m set --match-set ovn40subnets-nat-policy src -m set ! --match-set ovn40subnets dst -j OVN-NAT-POLICY Pod \u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0c\u200b\u82e5\u200b\u5b50\u7f51\u200b\u5f00\u542f\u200b natOutgoingPolicyRules\uff0c\u200b\u6307\u5b9a\u200b\u7b56\u7565\u200b\u7684\u200b\u62a5\u6587\u200b\u6267\u884c\u200b SNAT \u200b\u914d\u7f6e\u200b\u4e86\u200b natOutgoingPolicyRules \u200b\u5b50\u7f51\u200b\u7684\u200b\u51fa\u5916\u200b\u7f51\u200b\u62a5\u6587\u200b\u7684\u200b\u8fdb\u5165\u200b\u94fe\u200b OVN-NAT-POLICY nat OVN-POSTROUTING -m mark --mark 0x90001/0x90001 -j MASQUERADE --random-fully \u200b\u540c\u200b\u4e0a\u200b \u200b\u4ece\u200b OVN-NAT-POLICY \u200b\u51fa\u6765\u200b\u540e\u200b\uff0c\u200b\u5982\u679c\u200b\u88ab\u200b\u6253\u200b\u4e0a\u200b tag 0x90001/0x90001 \u200b\u5c31\u200b\u4f1a\u200b\u505a\u200b SNAT nat OVN-POSTROUTING -m mark --mark 0x90002/0x90002 -j RETURN \u200b\u540c\u200b\u4e0a\u200b \u200b\u4ece\u200b OVN-NAT-POLICY \u200b\u51fa\u6765\u200b\u540e\u200b, \u200b\u5982\u679c\u200b\u88ab\u200b\u6253\u200b\u4e0a\u200b tag 0x90002/0x90002 \u200b\u4e0d\u4f1a\u200b\u505a\u200b SNAT nat OVN-NAT-POLICY -s 10.0.11.0/24 -m comment --comment natPolicySubnet-net1 -j OVN-NAT-PSUBNET-aa98851157c5 \u200b\u540c\u200b\u4e0a\u200b 10.0.11.0/24 \u200b\u8868\u793a\u200b\u5b50\u7f51\u200b net1 \u200b\u7684\u200b CIDR\uff0c OVN-NAT-PSUBNET-aa98851157c5 \u200b\u8fd9\u6761\u200b\u94fe\u4e0b\u200b\u7684\u200b\u89c4\u5219\u200b\u5c31\u200b\u5bf9\u5e94\u200b\u8fd9\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b natOutgoingPolicyRules \u200b\u914d\u7f6e\u200b nat OVN-NAT-PSUBNET-xxxxxxxxxxxx -m set --match-set ovn40natpr-418e79269dc5-src src -m set --match-set ovn40natpr-418e79269dc5-dst dst -j MARK --set-xmark 0x90002/0x90002 \u200b\u540c\u200b\u4e0a\u200b 418e79269dc5 \u200b\u8868\u793a\u200b natOutgoingPolicyRules \u200b\u4e2d\u200b\u7684\u200b\u4e00\u6761\u200b\u89c4\u5219\u200b\u7684\u200b ID\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b status.natOutgoingPolicyRules[index].RuleID \u200b\u67e5\u770b\u200b\u5230\u200b\uff0c \u200b\u8868\u793a\u200b srcIPs \u200b\u6ee1\u8db3\u200b ovn40natpr-418e79269dc5-src\uff0c dstIPS \u200b\u6ee1\u8db3\u200b ovn40natpr-418e79269dc5-dst \u200b\u4f1a\u200b\u6253\u200b\u4e0a\u200b tag 0x90002 mangle OVN-OUTPUT -d 10.241.39.2/32 -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x90003/0x90003 \u200b\u5c06\u200b kubelet \u200b\u7684\u200b\u63a2\u6d4b\u200b\u6d41\u91cf\u200b\u52a0\u4e0a\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b\u4ece\u800c\u200b\u5f15\u5165\u200b\u5230\u200b tproxy mangle OVN-PREROUTING -d 10.241.39.2/32 -p tcp -m tcp --dport 80 -j TPROXY --on-port 8102 --on-ip 172.18.0.3 --tproxy-mark 0x90004/0x90004 \u200b\u5c06\u200b kubelet \u200b\u7684\u200b\u63a2\u6d4b\u200b\u6d41\u91cf\u200b\u52a0\u4e0a\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b\u4ece\u800c\u200b\u5f15\u5165\u200b\u5230\u200b tproxy \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/kube-ovn-api/","title":"Kube-OVN \u200b\u63a5\u53e3\u200b\u89c4\u8303","text":"\u200b\u57fa\u4e8e\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\uff0c\u200b\u6574\u7406\u200b\u4e86\u200b Kube-OVN \u200b\u652f\u6301\u200b\u7684\u200b CRD \u200b\u8d44\u6e90\u200b\u5217\u8868\u200b\uff0c\u200b\u5217\u51fa\u200b CRD \u200b\u5b9a\u4e49\u200b\u5404\u5b57\u200b\u6bb5\u200b\u7684\u200b\u53d6\u503c\u200b\u7c7b\u578b\u200b\u548c\u200b\u542b\u4e49\u200b\uff0c\u200b\u4ee5\u200b\u4f9b\u53c2\u8003\u200b\u3002
"},{"location":"reference/kube-ovn-api/#condition","title":"\u901a\u7528\u200b\u7684\u200b Condition \u200b\u5b9a\u4e49","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b type String \u200b\u72b6\u6001\u200b\u7c7b\u578b\u200b status String \u200b\u72b6\u6001\u503c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b True\uff0cFalse \u200b\u6216\u200b Unknown reason String \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u7684\u200b\u539f\u56e0\u200b message String \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u7684\u200b\u5177\u4f53\u200b\u4fe1\u606f\u200b lastUpdateTime Time \u200b\u4e0a\u6b21\u200b\u72b6\u6001\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b lastTransitionTime Time \u200b\u4e0a\u6b21\u200b\u72b6\u6001\u200b\u7c7b\u578b\u200b\u53d1\u751f\u53d8\u5316\u200b\u7684\u200b\u65f6\u95f4\u200b \u200b\u5728\u200b\u5404\u200b CRD \u200b\u7684\u200b\u5b9a\u4e49\u200b\u4e2d\u200b\uff0cStatus \u200b\u4e2d\u200b\u7684\u200b Condition \u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u90fd\u200b\u9075\u5faa\u200b\u4e0a\u8ff0\u200b\u683c\u5f0f\u200b\uff0c\u200b\u56e0\u6b64\u200b\u63d0\u524d\u200b\u8fdb\u884c\u200b\u8bf4\u660e\u200b\u3002
"},{"location":"reference/kube-ovn-api/#subnet","title":"Subnet \u200b\u5b9a\u4e49","text":""},{"location":"reference/kube-ovn-api/#subnet_1","title":"Subnet","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Subnet metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec SubnetSpec Subnet \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status SubnetStatus Subnet \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#subnetspec","title":"SubnetSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b default Bool \u200b\u8be5\u200b\u5b50\u7f51\u200b\u662f\u5426\u200b\u4e3a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b vpc String \u200b\u5b50\u7f51\u200b\u6240\u5c5e\u200b Vpc\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b ovn-cluster protocol String IP \u200b\u534f\u8bae\u200b\uff0c\u200b\u53d6\u503c\u200b\u53ef\u4ee5\u200b\u4e3a\u200b IPv4\uff0cIPv6 \u200b\u6216\u200b Dual namespaces []String \u200b\u8be5\u200b\u5b50\u7f51\u200b\u6240\u200b\u7ed1\u5b9a\u200b\u7684\u200b namespace \u200b\u5217\u8868\u200b cidrBlock String \u200b\u5b50\u7f51\u200b\u7684\u200b\u7f51\u6bb5\u200b\u8303\u56f4\u200b\uff0c\u200b\u5982\u200b 10.16.0.0/16 gateway String \u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u8be5\u200b\u5b50\u7f51\u200b CIDRBlock \u200b\u4e0b\u200b\u7684\u200b\u7b2c\u4e00\u4e2a\u200b\u53ef\u7528\u200b\u5730\u5740\u200b excludeIps []String \u200b\u8be5\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u4e0d\u4f1a\u200b\u88ab\u200b\u81ea\u52a8\u200b\u5206\u914d\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b provider String \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b ovn\u3002\u200b\u591a\u200b\u7f51\u5361\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u914d\u7f6e\u200b\u53d6\u503c\u200b\u4e3a\u200b NetworkAttachmentDefinition \u200b\u7684\u200b .\uff0cKube-OVN \u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u8fd9\u4e9b\u200b\u4fe1\u606f\u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u8d44\u6e90\u200b gatewayType String Overlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u7684\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b\uff0c\u200b\u53d6\u503c\u200b\u53ef\u4ee5\u200b\u4e3a\u200b distributed \u200b\u6216\u200b centralized gatewayNode String \u200b\u5f53\u200b\u7f51\u5173\u200b\u6a21\u5f0f\u200b\u4e3a\u200b centralized \u200b\u65f6\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4e3a\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u7684\u200b\u591a\u4e2a\u200b\u8282\u70b9\u200b natOutgoing Bool \u200b\u51fa\u7f51\u200b\u6d41\u91cf\u200b\u662f\u5426\u200b\u8fdb\u884c\u200b NAT\u3002\u200b\u8be5\u200b\u53c2\u6570\u200b\u548c\u200b externalEgressGateway \u200b\u53c2\u6570\u200b\u4e0d\u80fd\u200b\u540c\u65f6\u200b\u8bbe\u7f6e\u200b\u3002 externalEgressGateway String \u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\u3002\u200b\u9700\u8981\u200b\u548c\u5b50\u200b\u7f51\u7f51\u200b\u5173\u8282\u70b9\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u53ef\u8fbe\u57df\u200b\uff0c\u200b\u8be5\u200b\u53c2\u6570\u200b\u548c\u200b natOutgoing \u200b\u53c2\u6570\u200b\u4e0d\u80fd\u200b\u540c\u65f6\u200b\u8bbe\u7f6e\u200b policyRoutingPriority Uint32 \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b\u3002\u200b\u6dfb\u52a0\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4f7f\u7528\u200b\u53c2\u6570\u200b\uff0c\u200b\u63a7\u5236\u200b\u6d41\u91cf\u200b\u7ecf\u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u4e4b\u540e\u200b\uff0c\u200b\u8f6c\u53d1\u200b\u5230\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u5730\u5740\u200b policyRoutingTableID Uint32 \u200b\u4f7f\u7528\u200b\u7684\u200b\u672c\u5730\u200b\u7b56\u7565\u200b\u8def\u7531\u8868\u200b\u7684\u200b TableID\uff0c\u200b\u6bcf\u4e2a\u200b\u5b50\u7f51\u200b\u5747\u200b\u9700\u200b\u4e0d\u540c\u200b\u4ee5\u200b\u907f\u514d\u200b\u51b2\u7a81\u200b private Bool \u200b\u6807\u8bc6\u200b\u8be5\u200b\u5b50\u7f51\u200b\u662f\u5426\u200b\u4e3a\u200b\u79c1\u6709\u200b\u5b50\u7f51\u200b\uff0c\u200b\u79c1\u6709\u200b\u5b50\u7f51\u200b\u9ed8\u8ba4\u200b\u62d2\u7edd\u200b\u5b50\u7f51\u200b\u5916\u200b\u7684\u200b\u5730\u5740\u200b\u8bbf\u95ee\u200b allowSubnets []String \u200b\u5b50\u7f51\u200b\u4e3a\u200b\u79c1\u6709\u200b\u5b50\u7f51\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u5141\u8bb8\u200b\u8bbf\u95ee\u200b\u8be5\u200b\u5b50\u7f51\u200b\u5730\u5740\u200b\u7684\u200b\u96c6\u5408\u200b vlan String \u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\u7684\u200b Vlan \u200b\u540d\u79f0\u200b vips []String \u200b\u5b50\u7f51\u200b\u4e0b\u200b virtual \u200b\u7c7b\u578b\u200b lsp \u200b\u7684\u200b virtual-ip \u200b\u53c2\u6570\u4fe1\u606f\u200b logicalGateway Bool \u200b\u662f\u5426\u200b\u542f\u7528\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b disableGatewayCheck Bool \u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u662f\u5426\u200b\u8df3\u8fc7\u200b\u7f51\u5173\u200b\u8054\u901a\u200b\u6027\u200b\u68c0\u67e5\u200b disableInterConnection Bool \u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u5b50\u7f51\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b enableDHCP Bool \u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp \u200b\u7684\u200b dhcp \u200b\u914d\u7f6e\u200b\u9009\u9879\u200b dhcpV4Options String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv4_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b dhcpV6Options String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv6_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b enableIPv6RA Bool \u200b\u63a7\u5236\u200b\u5b50\u7f51\u200b\u8fde\u63a5\u200b\u8def\u7531\u5668\u200b\u7684\u200b lrp \u200b\u7aef\u53e3\u200b\uff0c\u200b\u662f\u5426\u200b\u914d\u7f6e\u200b ipv6_ra_configs \u200b\u53c2\u6570\u200b ipv6RAConfigs String \u200b\u5b50\u7f51\u200b\u8fde\u63a5\u200b\u8def\u7531\u5668\u200b\u7684\u200b lrp \u200b\u7aef\u53e3\u200b\uff0cipv6_ra_configs \u200b\u53c2\u6570\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b acls []Acl \u200b\u5b50\u7f51\u200b\u5bf9\u5e94\u200b logical-switch \u200b\u5173\u8054\u200b\u7684\u200b acls \u200b\u8bb0\u5f55\u200b u2oInterconnection Bool \u200b\u662f\u5426\u200b\u5f00\u542f\u200b Overlay/Underlay \u200b\u7684\u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b enableLb *Bool \u200b\u63a7\u5236\u200b\u5b50\u7f51\u200b\u5bf9\u5e94\u200b\u7684\u200b logical-switch \u200b\u662f\u5426\u200b\u5173\u8054\u200b load-balancer \u200b\u8bb0\u5f55\u200b enableEcmp Bool \u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u662f\u5426\u200b\u5f00\u542f\u200b ECMP \u200b\u8def\u7531"},{"location":"reference/kube-ovn-api/#acl","title":"Acl","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b direction String Acl \u200b\u9650\u5236\u200b\u65b9\u5411\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b from-lport \u200b\u6216\u8005\u200b to-lport priority Int Acl \u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u53d6\u503c\u200b\u8303\u56f4\u200b 0 \u200b\u5230\u200b 32767 match String Acl \u200b\u89c4\u5219\u200b\u5339\u914d\u200b\u8868\u8fbe\u5f0f\u200b action String Acl \u200b\u89c4\u5219\u200b\u52a8\u4f5c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b allow-related, allow-stateless, allow, drop, reject \u200b\u5176\u4e2d\u200b\u4e00\u4e2a"},{"location":"reference/kube-ovn-api/#subnetstatus","title":"SubnetStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []SubnetCondition \u200b\u5b50\u7f51\u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b v4AvailableIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv4 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v4availableIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv4 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b v4UsingIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv4 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v4usingIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv4 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b v6AvailableIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv6 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v6availableIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv6 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b v6UsingIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv6 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v6usingIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv6 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b sctivateGateway String \u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b\uff0c\u200b\u4e3b\u5907\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u5f53\u524d\u200b\u6b63\u5728\u200b\u5de5\u4f5c\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b dhcpV4OptionsUUID String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv4_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b\u6807\u8bc6\u200b dhcpV6OptionsUUID String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv6_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b\u6807\u8bc6\u200b u2oInterconnectionIP String \u200b\u5f00\u542f\u200b Overlay/Underlay \u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b\u540e\u200b\uff0c\u200b\u6240\u200b\u5360\u7528\u200b\u7684\u200b\u7528\u4e8e\u200b\u4e92\u8054\u200b\u7684\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#ip","title":"IP \u200b\u5b9a\u4e49","text":""},{"location":"reference/kube-ovn-api/#ip_1","title":"IP","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IP metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IPSpec IP \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#ipsepc","title":"IPSepc","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b podName String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u540d\u79f0\u200b namespace String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u6240\u5728\u200b Namespace \u200b\u540d\u79f0\u200b subnet String IP \u200b\u6240\u5c5e\u200b Subnet attachSubnets []String \u200b\u8be5\u4e3b\u200b IP \u200b\u4e0b\u200b\u5176\u4ed6\u200b\u9644\u5c5e\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b\uff08\u200b\u5b57\u200b\u6bb5\u200b\u5e9f\u5f03\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\uff09 nodeName String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u6240\u5728\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b ipAddress String IP \u200b\u5730\u5740\u200b\uff0c\u200b\u53cc\u6808\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u4e3a\u200b v4IP,v6IP \u200b\u683c\u5f0f\u200b v4IPAddress String IPv4 IP \u200b\u5730\u5740\u200b v6IPAddress String IPv6 IP \u200b\u5730\u5740\u200b attachIPs []String \u200b\u8be5\u4e3b\u200b IP \u200b\u4e0b\u200b\u5176\u4ed6\u200b\u9644\u5c5e\u200b IP \u200b\u5730\u5740\u200b\uff08\u200b\u5b57\u200b\u6bb5\u200b\u5e9f\u5f03\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\uff09 macAddress String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u7684\u200b Mac \u200b\u5730\u5740\u200b attachMacs []String \u200b\u8be5\u4e3b\u200b IP \u200b\u4e0b\u200b\u5176\u4ed6\u200b\u9644\u5c5e\u200b Mac \u200b\u5730\u5740\u200b\uff08\u200b\u5b57\u200b\u6bb5\u200b\u5e9f\u5f03\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\uff09 containerID String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u5bf9\u5e94\u200b\u7684\u200b Container ID podType String \u200b\u7279\u6b8a\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b Pod\uff0c\u200b\u53ef\u200b\u4e3a\u200b StatefulSet\uff0cVirtualMachine \u200b\u6216\u7a7a"},{"location":"reference/kube-ovn-api/#underlay","title":"Underlay \u200b\u914d\u7f6e","text":""},{"location":"reference/kube-ovn-api/#vlan","title":"Vlan","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Vlan metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VlanSpec Vlan \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VlanStatus Vlan \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#vlanspec","title":"VlanSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b id Int Vlan tag \u200b\u53f7\u200b\uff0c\u200b\u53d6\u503c\u200b\u8303\u56f4\u200b\u4e3a\u200b 0~4096 provider String Vlan \u200b\u7ed1\u5b9a\u200b\u7684\u200b ProviderNetwork \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#vlanstatus","title":"VlanStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b subnets []String Vlan \u200b\u7ed1\u5b9a\u200b\u7684\u200b\u5b50\u7f51\u200b\u5217\u8868\u200b conditions []VlanCondition Vlan \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#providernetwork","title":"ProviderNetwork","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b ProviderNetwork metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec ProviderNetworkSpec ProviderNetwork \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status ProviderNetworkStatus ProviderNetwork \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#providernetworkspec","title":"ProviderNetworkSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b defaultInterface String \u200b\u8be5\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u63a5\u53e3\u200b\u540d\u79f0\u200b customInterfaces []CustomInterface \u200b\u8be5\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u7279\u6b8a\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b excludeNodes []String \u200b\u8be5\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u4e0d\u4f1a\u200b\u7ed1\u5b9a\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b exchangeLinkName Bool \u200b\u662f\u5426\u200b\u4ea4\u6362\u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u548c\u200b\u5bf9\u5e94\u200b OVS \u200b\u7f51\u6865\u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#custominterface","title":"CustomInterface","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b interface String Underlay \u200b\u4f7f\u7528\u200b\u7f51\u5361\u200b\u63a5\u53e3\u200b\u540d\u79f0\u200b nodes []String \u200b\u4f7f\u7528\u200b\u81ea\u5b9a\u4e49\u200b\u7f51\u5361\u200b\u63a5\u53e3\u200b\u7684\u200b\u8282\u70b9\u200b\u5217\u8868"},{"location":"reference/kube-ovn-api/#providernetworkstatus","title":"ProviderNetworkStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool \u200b\u5f53\u524d\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u662f\u5426\u200b\u8fdb\u5165\u200b\u5c31\u7eea\u200b\u72b6\u6001\u200b readyNodes []String \u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u8fdb\u5165\u200b\u5c31\u7eea\u200b\u72b6\u6001\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b notReadyNodes []String \u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u672a\u200b\u8fdb\u5165\u200b\u5c31\u7eea\u200b\u72b6\u6001\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b vlans []String \u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u7ed1\u5b9a\u200b\u7684\u200b Vlan \u200b\u540d\u79f0\u200b conditions []ProviderNetworkCondition ProviderNetwork \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#vpc","title":"Vpc \u200b\u5b9a\u4e49","text":""},{"location":"reference/kube-ovn-api/#vpc_1","title":"Vpc","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Vpc metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VpcSpec Vpc \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VpcStatus Vpc \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#vpcspec","title":"VpcSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b namespaces []String Vpc \u200b\u7ed1\u5b9a\u200b\u7684\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u5217\u8868\u200b staticRoutes []*StaticRoute Vpc \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u4fe1\u606f\u200b policyRoutes []*PolicyRoute Vpc \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u7684\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4fe1\u606f\u200b vpcPeerings []*VpcPeering Vpc \u200b\u4e92\u8054\u200b\u4fe1\u606f\u200b enableExternal Bool Vpc \u200b\u662f\u5426\u200b\u8fde\u63a5\u200b\u5230\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a"},{"location":"reference/kube-ovn-api/#staticroute","title":"StaticRoute","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b policy String \u200b\u8def\u7531\u200b\u7b56\u7565\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b policySrc \u200b\u6216\u8005\u200b policyDst cidr String \u200b\u8def\u7531\u200b Cidr \u200b\u7f51\u6bb5\u200b nextHopIP String \u200b\u8def\u7531\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#policyroute","title":"PolicyRoute","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b priority Int32 \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b match String \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u5339\u914d\u200b\u6761\u4ef6\u200b action String \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u52a8\u4f5c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b allow\u3001drop \u200b\u6216\u8005\u200b reroute nextHopIP String \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u4fe1\u606f\u200b\uff0cECMP \u200b\u8def\u7531\u200b\u60c5\u51b5\u200b\u4e0b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u5730\u5740\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u9694\u5f00"},{"location":"reference/kube-ovn-api/#vpcpeering","title":"VpcPeering","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b remoteVpc String Vpc \u200b\u4e92\u8054\u200b\u5bf9\u7aef\u200b Vpc \u200b\u540d\u79f0\u200b localConnectIP String Vpc \u200b\u4e92\u8054\u200b\u672c\u7aef\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#vpcstatus","title":"VpcStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []VpcCondition Vpc \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b standby Bool \u200b\u6807\u8bc6\u200b Vpc \u200b\u662f\u5426\u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\uff0cVpc \u200b\u4e0b\u200b\u7684\u200b Subnet \u200b\u9700\u8981\u200b\u7b49\u200b Vpc \u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\u8f6c\u6362\u200b\u518d\u200b\u7ee7\u7eed\u200b\u5904\u7406\u200b default Bool \u200b\u662f\u5426\u662f\u200b\u9ed8\u8ba4\u200b Vpc defaultLogicalSwitch String Vpc \u200b\u4e0b\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b router String Vpc \u200b\u5bf9\u5e94\u200b\u7684\u200b logical-router \u200b\u540d\u79f0\u200b tcpLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b TCP LB \u200b\u4fe1\u606f\u200b udpLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b UDP LB \u200b\u4fe1\u606f\u200b tcpSessionLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b TCP \u200b\u4f1a\u8bdd\u200b\u4fdd\u6301\u200b LB \u200b\u4fe1\u606f\u200b udpSessionLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b UDP \u200b\u4f1a\u8bdd\u200b\u4fdd\u6301\u200b LB \u200b\u4fe1\u606f\u200b subnets []String Vpc \u200b\u4e0b\u200b\u7684\u200b\u5b50\u7f51\u200b\u5217\u8868\u200b vpcPeerings []String Vpc \u200b\u4e92\u8054\u200b\u7684\u200b\u5bf9\u200b\u7aef\u200b Vpc \u200b\u5217\u8868\u200b enableExternal Bool Vpc \u200b\u662f\u5426\u200b\u8fde\u63a5\u200b\u5230\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a"},{"location":"reference/kube-ovn-api/#vpcnatgateway","title":"VpcNatGateway","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b VpcNatGateway metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VpcNatSpec Vpc \u200b\u7f51\u5173\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#vpcnatspec","title":"VpcNatSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b vpc String Vpc \u200b\u7f51\u5173\u200b Pod \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b subnet String Vpc \u200b\u7f51\u5173\u200b Pod \u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b lanIp String Vpc \u200b\u7f51\u5173\u200b Pod \u200b\u6307\u5b9a\u200b\u5206\u914d\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b selector []String \u200b\u6807\u51c6\u200b Kubernetes Selector \u200b\u5339\u914d\u200b\u4fe1\u606f\u200b tolerations []VpcNatToleration \u200b\u6807\u51c6\u200b Kubernetes \u200b\u5bb9\u5fcd\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#vpcnattoleration","title":"VpcNatToleration","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b key String \u200b\u5bb9\u5fcd\u200b\u6c61\u70b9\u200b\u7684\u200b key \u200b\u4fe1\u606f\u200b operator String \u200b\u53d6\u503c\u200b\u4e3a\u200b Exists \u200b\u6216\u8005\u200b Equal value String \u200b\u5bb9\u5fcd\u200b\u6c61\u70b9\u200b\u7684\u200b value \u200b\u4fe1\u606f\u200b effect String \u200b\u5bb9\u5fcd\u200b\u6c61\u70b9\u200b\u7684\u200b\u4f5c\u7528\u200b\u6548\u679c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b NoExecute \u3001NoSchedule \u200b\u6216\u8005\u200b PreferNoSchedule tolerationSeconds Int64 \u200b\u6dfb\u52a0\u200b\u6c61\u70b9\u200b\u540e\u200b\uff0cPod \u200b\u8fd8\u200b\u80fd\u200b\u7ee7\u7eed\u200b\u5728\u200b\u8282\u70b9\u200b\u4e0a\u200b\u8fd0\u884c\u200b\u7684\u200b\u65f6\u95f4\u200b \u200b\u4ee5\u4e0a\u200b\u5bb9\u5fcd\u200b\u5b57\u6bb5\u200b\u7684\u200b\u542b\u4e49\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Kubernetes \u200b\u5b98\u65b9\u200b\u6587\u6863\u200b \u200b\u6c61\u70b9\u200b\u548c\u200b\u5bb9\u5fcd\u5ea6\u200b\u3002
"},{"location":"reference/kube-ovn-api/#iptableseip","title":"IptablesEIP","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesEIP metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesEipSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesEipStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptableseipspec","title":"IptablesEipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b v4ip String IptablesEIP v4 \u200b\u5730\u5740\u200b v6ip String IptablesEIP v6 \u200b\u5730\u5740\u200b macAddress String IptablesEIP crd \u200b\u8bb0\u5f55\u200b\u5206\u914d\u200b\u7684\u200b mac \u200b\u5730\u5740\u200b\uff0c\u200b\u6ca1\u6709\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#iptableseipstatus","title":"IptablesEipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesEIP \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b ip String IptablesEIP \u200b\u4f7f\u7528\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b\u4e86\u200b IPv4 \u200b\u5730\u5740\u200b redo String IptablesEIP crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b nat String IptablesEIP \u200b\u7684\u200b\u4f7f\u7528\u200b\u7c7b\u578b\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b fip\u3001snat \u200b\u6216\u8005\u200b dnat conditions []IptablesEIPCondition IptablesEIP \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#iptablesfiprule","title":"IptablesFIPRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesFIPRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesFIPRuleSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesFIPRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesFIPRuleStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesFIPRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptablesfiprulespec","title":"IptablesFIPRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b eip String IptablesFIPRule \u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u540d\u79f0\u200b internalIp String IptablesFIPRule \u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u90e8\u200b\u7684\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#iptablesfiprulestatus","title":"IptablesFIPRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesFIPRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4ip String IptablesEIP \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b v6ip String IptablesEIP \u200b\u4f7f\u7528\u200b\u7684\u200b v6 IP \u200b\u5730\u5740\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0\u200b redo String IptablesFIPRule crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b conditions []IptablesFIPRuleCondition IptablesFIPRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#iptablessnatrule","title":"IptablesSnatRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesSnatRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesSnatRuleSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesSnatRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesSnatRuleStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesSnatRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptablessnatrulespec","title":"IptablesSnatRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b eip String IptablesSnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u540d\u79f0\u200b internalIp String IptablesSnatRule \u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u90e8\u200b\u7684\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#iptablessnatrulestatus","title":"IptablesSnatRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesSnatRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4ip String IptablesSnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b v6ip String IptablesSnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v6 IP \u200b\u5730\u5740\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0\u200b redo String IptablesSnatRule crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b conditions []IptablesSnatRuleCondition IptablesSnatRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#iptablesdnatrule","title":"IptablesDnatRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesDnatRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesDnatRuleSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesDnatRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesDnatRuleStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesDnatRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptablesdnatrulespec","title":"IptablesDnatRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b eip Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u540d\u79f0\u200b externalPort Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b\u5916\u90e8\u200b\u7aef\u53e3\u200b protocol Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u7684\u200b\u534f\u8bae\u200b\u7c7b\u578b\u200b internalIp Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b\u5185\u90e8\u200b IP \u200b\u5730\u5740\u200b internalPort Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b\u5185\u90e8\u200b\u7aef\u53e3"},{"location":"reference/kube-ovn-api/#iptablesdnatrulestatus","title":"IptablesDnatRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesDnatRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4ip String IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b v6ip String IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v6 IP \u200b\u5730\u5740\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0\u200b redo String IptablesDnatRule crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b conditions []IptablesDnatRuleCondition IptablesDnatRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#vpcdns","title":"VpcDns","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b VpcDns metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VpcDnsSpec VpcDns \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VpcDnsStatus VpcDns \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#vpcdnsspec","title":"VpcDnsSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b vpc String VpcDns \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b subnet String VpcDns Pod \u200b\u5206\u914d\u200b\u5730\u5740\u200b\u7684\u200b Subnet \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#vpcdnsstatus","title":"VpcDnsStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []VpcDnsCondition VpcDns \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b active Bool VpcDns \u200b\u662f\u5426\u200b\u6b63\u5728\u200b\u4f7f\u7528\u200b VpcDns \u200b\u7684\u200b\u8be6\u7ec6\u200b\u4f7f\u7528\u200b\u6587\u6863\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b \u200b\u81ea\u5b9a\u4e49\u200b VPC DNS\u3002
"},{"location":"reference/kube-ovn-api/#switchlbrule","title":"SwitchLBRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b SwitchLBRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec SwitchLBRuleSpec SwitchLBRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status SwitchLBRuleStatus SwitchLBRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#switchlbrulespec","title":"SwitchLBRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b vip String SwitchLBRule \u200b\u914d\u7f6e\u200b\u7684\u200b vip \u200b\u5730\u5740\u200b namespace String SwitchLBRule \u200b\u7684\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b selector []String \u200b\u6807\u51c6\u200b Kubernetes Selector \u200b\u5339\u914d\u200b\u4fe1\u606f\u200b sessionAffinity String \u200b\u6807\u51c6\u200b Kubernetes Service \u200b\u4e2d\u200b sessionAffinity \u200b\u53d6\u503c\u200b ports []SlrPort SwitchLBRule \u200b\u7aef\u53e3\u200b\u5217\u8868\u200b SwitchLBRule \u200b\u7684\u200b\u8be6\u7ec6\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u3002
"},{"location":"reference/kube-ovn-api/#slrport","title":"SlrPort","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b name String \u200b\u7aef\u53e3\u200b\u540d\u79f0\u200b port Int32 \u200b\u7aef\u53e3\u53f7\u200b targetPort Int32 \u200b\u76ee\u6807\u200b\u7aef\u53e3\u53f7\u200b protocol String \u200b\u534f\u8bae\u200b\u7c7b\u578b"},{"location":"reference/kube-ovn-api/#switchlbrulestatus","title":"SwitchLBRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []SwitchLBRuleCondition SwitchLBRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b ports String SwitchLBRule \u200b\u7aef\u53e3\u200b\u4fe1\u606f\u200b service String SwitchLBRule \u200b\u63d0\u4f9b\u200b\u670d\u52a1\u200b\u7684\u200b service \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#vip","title":"\u5b89\u5168\u200b\u7ec4\u4e0e\u200b Vip","text":""},{"location":"reference/kube-ovn-api/#securitygroup","title":"SecurityGroup","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b SecurityGroup metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec SecurityGroupSpec \u200b\u5b89\u5168\u200b\u7ec4\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status SecurityGroupStatus \u200b\u5b89\u5168\u200b\u7ec4\u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#securitygroupspec","title":"SecurityGroupSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ingressRules []*SgRule \u200b\u5165\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b egressRules []*SgRule \u200b\u51fa\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b allowSameGroupTraffic Bool \u200b\u540c\u4e00\u200b\u5b89\u5168\u200b\u7ec4\u5185\u200b\u7684\u200b lsp \u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u4e92\u901a\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u6d41\u91cf\u200b\u89c4\u5219\u200b\u662f\u5426\u200b\u9700\u8981\u200b\u66f4\u65b0"},{"location":"reference/kube-ovn-api/#sgrule","title":"SgRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ipVersion String IP \u200b\u7248\u672c\u53f7\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b ipv4 \u200b\u6216\u8005\u200b ipv6 protocol String \u200b\u53d6\u503c\u200b\u4e3a\u200b all\u3001icmp\u3001tcp \u200b\u6216\u8005\u200b udp priority Int Acl \u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u53d6\u503c\u200b\u8303\u56f4\u200b\u4e3a\u200b 1-200\uff0c\u200b\u6570\u503c\u200b\u8d8a\u5c0f\u200b\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u8d8a\u9ad8\u200b remoteType String \u200b\u53d6\u503c\u200b\u4e3a\u200b address \u200b\u6216\u8005\u200b securityGroup remoteAddress String \u200b\u5bf9\u7aef\u200b\u5730\u5740\u200b remoteSecurityGroup String \u200b\u5bf9\u7aef\u200b\u5b89\u5168\u200b\u7ec4\u200b portRangeMin Int \u200b\u7aef\u53e3\u200b\u8303\u56f4\u200b\u8d77\u59cb\u503c\u200b\uff0c\u200b\u6700\u5c0f\u200b\u53d6\u503c\u200b\u4e3a\u200b 1 portRangeMax Int \u200b\u7aef\u53e3\u200b\u8303\u56f4\u200b\u6700\u5927\u503c\u200b\uff0c\u200b\u6700\u5927\u200b\u53d6\u503c\u200b\u4e3a\u200b 65535 policy String \u200b\u53d6\u503c\u200b\u4e3a\u200b allow \u200b\u6216\u8005\u200b drop"},{"location":"reference/kube-ovn-api/#securitygroupstatus","title":"SecurityGroupStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b portGroup String \u200b\u5b89\u5168\u200b\u7ec4\u200b\u5bf9\u5e94\u200b\u7684\u200b port-group \u200b\u540d\u79f0\u200b allowSameGroupTraffic Bool \u200b\u540c\u4e00\u200b\u5b89\u5168\u200b\u7ec4\u5185\u200b\u7684\u200b lsp \u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u4e92\u901a\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u6d41\u91cf\u200b\u89c4\u5219\u200b\u662f\u5426\u200b\u9700\u8981\u200b\u66f4\u65b0\u200b ingressMd5 String \u200b\u5165\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b MD5 \u200b\u53d6\u503c\u200b egressMd5 String \u200b\u51fa\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b MD5 \u200b\u53d6\u503c\u200b ingressLastSyncSuccess Bool \u200b\u5165\u200b\u65b9\u5411\u200b\u89c4\u5219\u200b\u4e0a\u200b\u4e00\u6b21\u200b\u540c\u6b65\u200b\u662f\u5426\u200b\u6210\u529f\u200b egressLastSyncSuccess Bool \u200b\u51fa\u200b\u65b9\u5411\u200b\u89c4\u5219\u200b\u4e0a\u200b\u4e00\u6b21\u200b\u540c\u6b65\u200b\u662f\u5426\u200b\u6210\u529f"},{"location":"reference/kube-ovn-api/#vip_1","title":"Vip","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Vip metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VipSpec Vip \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VipStatus Vip \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#vipspec","title":"VipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b namespace String Vip \u200b\u6240\u5728\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b subnet String Vip \u200b\u6240\u5c5e\u200b\u5b50\u7f51\u200b v4ip String Vip v4 IP \u200b\u5730\u5740\u200b v6ip String Vip v6 IP \u200b\u5730\u5740\u200b macAddress String Vip mac \u200b\u5730\u5740\u200b parentV4ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b parentV6ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b parentMac String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b attachSubnets []String \u200b\u8be5\u5b57\u6bb5\u200b\u5e9f\u5f03\u200b\uff0c\u200b\u4e0d\u518d\u200b\u4f7f\u7528"},{"location":"reference/kube-ovn-api/#vipstatus","title":"VipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []VipCondition Vip \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b ready Bool Vip \u200b\u662f\u5426\u200b\u51c6\u5907\u200b\u597d\u200b v4ip String Vip v4 IP \u200b\u5730\u5740\u200b\uff0c\u200b\u5e94\u8be5\u200b\u548c\u200b spec \u200b\u5b57\u200b\u6bb5\u200b\u53d6\u503c\u200b\u4e00\u81f4\u200b v6ip String Vip v6 IP \u200b\u5730\u5740\u200b\uff0c\u200b\u5e94\u8be5\u200b\u548c\u200b spec \u200b\u5b57\u200b\u6bb5\u200b\u53d6\u503c\u200b\u4e00\u81f4\u200b mac String Vip mac \u200b\u5730\u5740\u200b\uff0c\u200b\u5e94\u8be5\u200b\u548c\u200b spec \u200b\u5b57\u200b\u6bb5\u200b\u53d6\u503c\u200b\u4e00\u81f4\u200b pv4ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b pv6ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b pmac String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528"},{"location":"reference/kube-ovn-api/#ovneip","title":"OvnEip","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b OvnEip metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec OvnEipSpec \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnEip \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status OvnEipStatus \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnEip \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#ovneipspec","title":"OvnEipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b externalSubnet String OvnEip \u200b\u6240\u5728\u200b\u7684\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b v4ip String OvnEip IP \u200b\u5730\u5740\u200b macAddress String OvnEip Mac \u200b\u5730\u5740\u200b type String OvnEip \u200b\u4f7f\u7528\u200b\u7c7b\u578b\u200b\uff0c\u200b\u53d6\u503c\u200b\u6709\u200b fip\u3001snat \u200b\u6216\u8005\u200b lrp"},{"location":"reference/kube-ovn-api/#ovneipstatus","title":"OvnEipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []OvnEipCondition \u200b\u9ed8\u8ba4\u200b Vpc OvnEip \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b v4ip String OvnEip \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b macAddress String OvnEip \u200b\u4f7f\u7528\u200b\u7684\u200b Mac \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#ovnfip","title":"OvnFip","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b OvnFip metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec OvnFipSpec \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnFip \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status OvnFipStatus \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnFip \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#ovnfipspec","title":"OvnFipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ovnEip String OvnFip \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u540d\u79f0\u200b ipName String OvnFip \u200b\u7ed1\u5b9a\u200b Pod \u200b\u5bf9\u5e94\u200b\u7684\u200b IP crd \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#ovnfipstatus","title":"OvnFipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool OvnFip \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4Eip String OvnFip \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u540d\u79f0\u200b v4Ip String OvnFip \u200b\u5f53\u524d\u200b\u4f7f\u7528\u200b\u7684\u200b OvnEip \u200b\u5730\u5740\u200b macAddress String OvnFip \u200b\u914d\u7f6e\u200b\u7684\u200b Mac \u200b\u5730\u5740\u200b vpc String OvnFip \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b conditions []OvnFipCondition OvnFip \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#ovnsnatrule","title":"OvnSnatRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b OvnSnatRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec OvnSnatRuleSpec \u200b\u9ed8\u8ba4\u200b Vpc OvnSnatRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status OvnSnatRuleStatus \u200b\u9ed8\u8ba4\u200b Vpc OvnSnatRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#ovnsnatrulespec","title":"OvnSnatRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ovnEip String OvnSnatRule \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u540d\u79f0\u200b vpcSubnet String OvnSnatRule \u200b\u914d\u7f6e\u200b\u7684\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b ipName String OvnSnatRule \u200b\u7ed1\u5b9a\u200b Pod \u200b\u5bf9\u5e94\u200b\u7684\u200b IP crd \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#ovnsnatrulestatus","title":"OvnSnatRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool OvnSnatRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4Eip String OvnSnatRule \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u5730\u5740\u200b v4IpCidr String \u200b\u5728\u200b logical-router \u200b\u4e2d\u200b\u914d\u7f6e\u200b snat \u200b\u8f6c\u6362\u200b\u4f7f\u7528\u200b\u7684\u200b cidr \u200b\u5730\u5740\u200b vpc String OvnSnatRule \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b conditions []OvnSnatRuleCondition OvnSnatRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/kube-ovn-pinger-args/","title":"Kube-OVN-Pinger \u200b\u53c2\u6570\u200b\u53c2\u8003","text":"\u200b\u57fa\u4e8e\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\uff0c\u200b\u6574\u7406\u200b\u4e86\u200b Kube-ovn-pinger \u200b\u652f\u6301\u200b\u7684\u200b\u53c2\u6570\u200b\uff0c\u200b\u5217\u51fa\u200b\u53c2\u6570\u200b\u5b9a\u4e49\u200b\u5404\u5b57\u200b\u6bb5\u200b\u7684\u200b\u53d6\u503c\u200b\u7c7b\u578b\u200b\uff0c\u200b\u542b\u4e49\u200b\u548c\u200b\u9ed8\u8ba4\u503c\u200b\uff0c\u200b\u4ee5\u200b\u4f9b\u53c2\u8003\u200b
"},{"location":"reference/kube-ovn-pinger-args/#_1","title":"\u53c2\u6570\u200b\u63cf\u8ff0","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b \u200b\u9ed8\u8ba4\u503c\u200b port Int metrics \u200b\u7aef\u53e3\u200b 8080 kubeconfig String \u200b\u5177\u6709\u200b\u8ba4\u8bc1\u200b\u4fe1\u606f\u200b\u7684\u200b kubeconfig \u200b\u6587\u4ef6\u200b\u8def\u5f84\u200b\uff0c \u200b\u5982\u679c\u200b\u672a\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u4f7f\u7528\u200b inCluster \u200b\u4ee4\u724c\u200b\u3002 \"\" ds-namespace String kube-ovn-pinger \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b \"kube-system\" ds-name String kube-ovn-pinger \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u540d\u5b57\u200b \"kube-ovn-pinger\" interval Int \u200b\u8fde\u7eed\u200b ping \u200b\u4e4b\u95f4\u200b\u7684\u200b\u95f4\u9694\u200b\u79d2\u6570\u200b 5 mode String \u200b\u670d\u52a1\u5668\u200b\u6216\u200b\u5de5\u4f5c\u200b\u6a21\u5f0f\u200b \"server\" exit-code Int \u200b\u5931\u8d25\u200b\u65f6\u200b\u9000\u51fa\u200b\u4ee3\u7801\u200b 0 internal-dns String \u200b\u4ece\u200b pod \u200b\u5185\u200b\u89e3\u6790\u200b\u5185\u90e8\u200b dns \"kubernetes.default\" external-dns String \u200b\u4ece\u200b pod \u200b\u5185\u200b\u89e3\u6790\u200b\u5916\u90e8\u200b dns \"\" external-address String \u200b\u68c0\u67e5\u200b\u4e0e\u200b\u5916\u90e8\u200b\u5730\u5740\u200b\u7684\u200b ping \u200b\u8fde\u901a\u200b \"114.114.114.114\" network-mode String \u200b\u5f53\u524d\u200b\u96c6\u7fa4\u200b\u4f7f\u7528\u200b\u7684\u200b cni \u200b\u63d2\u4ef6\u200b \"kube-ovn\" enable-metrics Bool \u200b\u662f\u5426\u200b\u652f\u6301\u200b metrics \u200b\u67e5\u8be2\u200b true ovs.timeout Int \u200b\u5bf9\u200b OVS \u200b\u7684\u200b JSON-RPC \u200b\u8bf7\u6c42\u200b\u8d85\u65f6\u200b\u3002 2 system.run.dir String OVS \u200b\u9ed8\u8ba4\u200b\u8fd0\u884c\u200b\u76ee\u5f55\u200b\u3002 \"/var/run/openvswitch\" database.vswitch.name String OVS \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u540d\u79f0\u200b\u3002 \"Open_vSwitch\" database.vswitch.socket.remote String JSON-RPC unix \u200b\u5957\u200b\u63a5\u5b57\u200b\u5230\u200b OVS \u200b\u6570\u636e\u5e93\u200b\u3002 \"unix:/var/run/openvswitch/db.sock\" database.vswitch.file.data.path String OVS \u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u3002 \"/etc/openvswitch/conf.db\" database.vswitch.file.log.path String OVS \u200b\u6570\u636e\u5e93\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u200b\u3002 \"/var/log/openvswitch/ovsdb-server.log\" database.vswitch.file.pid.path String OVS \u200b\u6570\u636e\u5e93\u200b\u8fdb\u7a0b\u200b ID \u200b\u6587\u4ef6\u200b\u3002 \"/var/run/openvswitch/ovsdb-server.pid\" database.vswitch.file.system.id.path String OVS \u200b\u7cfb\u7edf\u200b\u6807\u8bc6\u200b\u6587\u4ef6\u200b\u3002 \"/etc/openvswitch/system-id.conf\" service.vswitchd.file.log.path String OVS vswitchd \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u200b\u3002 \"/var/log/openvswitch/ovs-vswitchd.log\" service.vswitchd.file.pid.path String OVS vswitchd \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u8fdb\u7a0b\u200b ID \u200b\u6587\u4ef6\u200b\u3002 \"/var/run/openvswitch/ovs-vswitchd.pid\" service.ovncontroller.file.log.path String OVN \u200b\u63a7\u5236\u5668\u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u200b\u3002 \"/var/log/ovn/ovn-controller.log\" service.ovncontroller.file.pid.path String OVN \u200b\u63a7\u5236\u5668\u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u8fdb\u7a0b\u200b ID \u200b\u6587\u4ef6\u200b\u3002 \"/var/run/ovn/ovn-controller.pid\" \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/metrics/","title":"Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u5217\u4e3e\u200b Kube-OVN \u200b\u6240\u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
"},{"location":"reference/metrics/#ovn-monitor","title":"ovn-monitor","text":"OVN \u200b\u81ea\u8eab\u200b\u72b6\u6001\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Gauge kube_ovn_ovn_status OVN \u200b\u89d2\u8272\u200b\u72b6\u6001\u200b\uff0c (2) \u200b\u4e3a\u200b follower\uff1b (1) \u200b\u4e3a\u200b leader, (0) \u200b\u4e3a\u200b\u5f02\u5e38\u200b\u72b6\u6001\u200b\u3002 Gauge kube_ovn_failed_req_count OVN \u200b\u5931\u8d25\u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_log_file_size_bytes OVN \u200b\u7ec4\u4ef6\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge kube_ovn_db_file_size_bytes OVN \u200b\u7ec4\u4ef6\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge kube_ovn_chassis_info OVN chassis \u200b\u72b6\u6001\u200b (1) \u200b\u8fd0\u884c\u200b\u4e2d\u200b\uff0c(0) \u200b\u505c\u6b62\u200b\u3002 Gauge kube_ovn_db_status OVN \u200b\u6570\u636e\u5e93\u200b\u72b6\u6001\u200b, (1) \u200b\u4e3a\u200b\u6b63\u5e38\u200b\uff1b (0) \u200b\u4e3a\u200b\u5f02\u5e38\u200b\u3002 Gauge kube_ovn_logical_switch_info OVN logical switch \u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b logical switch \u200b\u540d\u5b57\u200b\u3002 Gauge kube_ovn_logical_switch_external_id OVN logical switch external_id \u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b external-id \u200b\u5185\u5bb9\u200b\u3002 Gauge kube_ovn_logical_switch_port_binding OVN logical switch \u200b\u548c\u200b logical switch port \u200b\u5173\u8054\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u901a\u8fc7\u200b\u6807\u7b7e\u200b\u8fdb\u884c\u200b\u5173\u8054\u200b\u3002 Gauge kube_ovn_logical_switch_tunnel_key \u200b\u548c\u200b OVN logical switch \u200b\u5173\u8054\u200b\u7684\u200b tunnel key \u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_logical_switch_ports_num OVN logical switch \u200b\u4e0a\u200b logical port \u200b\u7684\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_logical_switch_port_info OVN logical switch port \u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5177\u4f53\u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_logical_switch_port_tunnel_key \u200b\u548c\u200b OVN logical switch port \u200b\u5173\u8054\u200b\u7684\u200b tunnel key \u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_enabled (1) OVN \u200b\u6570\u636e\u5e93\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u6a21\u5f0f\u200b\uff1b (0) OVN \u200b\u6570\u636e\u5e93\u200b\u4e3a\u200b\u975e\u200b\u96c6\u7fa4\u200b\u6a21\u5f0f\u200b\u3002 Gauge kube_ovn_cluster_role \u200b\u6bcf\u4e2a\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u89d2\u8272\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u89d2\u8272\u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_status \u200b\u6bcf\u4e2a\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u72b6\u6001\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u72b6\u6001\u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_term RAFT term \u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_leader_self \u200b\u5f53\u524d\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u662f\u5426\u200b\u4e3a\u200b leader (1) \u200b\u662f\u200b\uff0c (0) \u200b\u4e0d\u662f\u200b\u3002 Gauge kube_ovn_cluster_vote_self \u200b\u5f53\u524d\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u662f\u5426\u200b\u9009\u4e3e\u200b\u81ea\u5df1\u200b\u4e3a\u200b leader (1) \u200b\u662f\u200b\uff0c (0) \u200b\u4e0d\u662f\u200b\u3002 Gauge kube_ovn_cluster_election_timer \u200b\u5f53\u524d\u200b election timer \u200b\u503c\u200b\u3002 Gauge kube_ovn_cluster_log_not_committed \u200b\u672a\u200b commit \u200b\u7684\u200b RAFT \u200b\u65e5\u5fd7\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_log_not_applied \u200b\u672a\u200b apply \u200b\u7684\u200b RAFT \u200b\u65e5\u5fd7\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_log_index_start \u200b\u5f53\u524d\u200b RAFT \u200b\u65e5\u5fd7\u200b\u6761\u200b\u76ee\u7684\u200b\u8d77\u59cb\u503c\u200b\u3002 Gauge kube_ovn_cluster_log_index_next RAFT \u200b\u65e5\u5fd7\u200b\u6761\u200b\u76ee\u7684\u200b\u4e0b\u200b\u4e00\u4e2a\u200b\u503c\u200b\u3002 Gauge kube_ovn_cluster_inbound_connections_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u5165\u200b\u5411\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_outbound_connections_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u51fa\u200b\u5411\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_inbound_connections_error_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u5165\u200b\u5411\u200b\u9519\u8bef\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_outbound_connections_error_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u51fa\u200b\u5411\u200b\u9519\u8bef\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#ovs-monitor","title":"ovs-monitor","text":"ovsdb \u200b\u548c\u200b vswitchd \u200b\u81ea\u8eab\u200b\u72b6\u6001\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Gauge ovs_status OVS \u200b\u5065\u5eb7\u200b\u72b6\u6001\u200b\uff0c (1) \u200b\u4e3a\u200b\u6b63\u5e38\u200b\uff0c(0) \u200b\u4e3a\u200b\u5f02\u5e38\u200b\u3002 Gauge ovs_info OVS \u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge failed_req_count OVS \u200b\u5931\u8d25\u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Gauge log_file_size OVS \u200b\u7ec4\u4ef6\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge db_file_size OVS \u200b\u7ec4\u4ef6\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge datapath Datapath \u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge dp_total \u200b\u5f53\u524d\u200b OVS \u200b\u4e2d\u200b datapath \u200b\u6570\u91cf\u200b\u3002 Gauge dp_if Datapath \u200b\u63a5\u53e3\u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge dp_if_total \u200b\u5f53\u524d\u200b datapath \u200b\u4e2d\u200b port \u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_total Datapath \u200b\u4e2d\u200b flow \u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_lookup_hit Datapath \u200b\u4e2d\u200b\u547d\u4e2d\u200b\u5f53\u524d\u200b flow \u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_lookup_missed Datapath \u200b\u4e2d\u672a\u200b\u547d\u4e2d\u200b\u5f53\u524d\u200b flow \u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_lookup_lost Datapath \u200b\u4e2d\u200b\u9700\u8981\u200b\u53d1\u9001\u7ed9\u200b userspace \u200b\u5904\u7406\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_masks_hit Datapath \u200b\u4e2d\u200b\u547d\u4e2d\u200b\u5f53\u524d\u200b mask \u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_masks_total Datapath \u200b\u4e2d\u200b mask \u200b\u7684\u200b\u6570\u91cf\u200b\u3002 Gauge dp_masks_hit_ratio Datapath \u200b\u4e2d\u200b \u200b\u6570\u636e\u5305\u200b\u547d\u4e2d\u200b mask \u200b\u7684\u200b\u6bd4\u7387\u200b\u3002 Gauge interface OVS \u200b\u63a5\u53e3\u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge interface_admin_state \u200b\u63a5\u53e3\u200b\u7ba1\u7406\u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b (0) \u200b\u4e3a\u200b down, (1) \u200b\u4e3a\u200b up, (2) \u200b\u4e3a\u200b\u5176\u4ed6\u200b\u72b6\u6001\u200b\u3002 Gauge interface_link_state \u200b\u63a5\u53e3\u200b\u94fe\u8def\u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b (0) \u200b\u4e3a\u200b down, (1) \u200b\u4e3a\u200b up, (2) \u200b\u4e3a\u200b\u5176\u4ed6\u200b\u72b6\u6001\u200b\u3002 Gauge interface_mac_in_use OVS Interface \u200b\u4f7f\u7528\u200b\u7684\u200b MAC \u200b\u5730\u5740\u200b Gauge interface_mtu OVS Interface \u200b\u4f7f\u7528\u200b\u7684\u200b MTU\u3002 Gauge interface_of_port OVS Interface \u200b\u5173\u8054\u200b\u7684\u200b OpenFlow Port ID\u3002 Gauge interface_if_index OVS Interface \u200b\u5173\u8054\u200b\u7684\u200b Index\u3002 Gauge interface_tx_packets OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge interface_tx_bytes OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u5927\u5c0f\u200b\u3002 Gauge interface_rx_packets OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_bytes OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u5927\u5c0f\u200b\u3002 Gauge interface_rx_crc_err OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u6821\u9a8c\u200b\u548c\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_dropped OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u4e22\u5f03\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_errors OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_frame_err OVS Interface \u200b\u63a5\u6536\u200b\u5e27\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_missed_err OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b miss \u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_over_err OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b overrun \u200b\u6570\u91cf\u200b\u3002 Gauge interface_tx_dropped OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u4e22\u5f03\u200b\u6570\u91cf\u200b\u3002 Gauge interface_tx_errors OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_collisions OVS interface \u200b\u51b2\u7a81\u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#kube-ovn-pinger","title":"kube-ovn-pinger","text":"\u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Gauge pinger_ovs_up \u200b\u8282\u70b9\u200b OVS \u200b\u8fd0\u884c\u200b\u3002 Gauge pinger_ovs_down \u200b\u8282\u70b9\u200b OVS \u200b\u505c\u6b62\u200b\u3002 Gauge pinger_ovn_controller_up \u200b\u8282\u70b9\u200b ovn-controller \u200b\u8fd0\u884c\u200b\u3002 Gauge pinger_ovn_controller_down \u200b\u8282\u70b9\u200b ovn-controller \u200b\u505c\u6b62\u200b\u3002 Gauge pinger_inconsistent_port_binding OVN-SB \u200b\u91cc\u200b portbinding \u200b\u6570\u91cf\u200b\u548c\u200b\u4e3b\u673a\u200b OVS interface \u200b\u4e0d\u200b\u4e00\u81f4\u200b\u7684\u200b\u6570\u91cf\u200b\u3002 Gauge pinger_apiserver_healthy kube-ovn-pinger \u200b\u53ef\u4ee5\u200b\u8054\u901a\u200b apiserver\u3002 Gauge pinger_apiserver_unhealthy kube-ovn-pinger \u200b\u65e0\u6cd5\u200b\u8054\u901a\u200b apiserver\u3002 Histogram pinger_apiserver_latency_ms kube-ovn-pinger \u200b\u8bbf\u95ee\u200b apiserver \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_internal_dns_healthy kube-ovn-pinger \u200b\u53ef\u4ee5\u200b\u89e3\u6790\u200b\u5185\u90e8\u200b\u57df\u540d\u200b\u3002 Gauge pinger_internal_dns_unhealthy kube-ovn-pinger \u200b\u65e0\u6cd5\u200b\u89e3\u6790\u200b\u5185\u90e8\u200b\u57df\u540d\u200b\u3002 Histogram pinger_internal_dns_latency_ms kube-ovn-pinger \u200b\u89e3\u6790\u200b\u5185\u90e8\u200b\u57df\u540d\u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_external_dns_health kube-ovn-pinger \u200b\u53ef\u4ee5\u200b\u89e3\u6790\u200b\u5916\u90e8\u200b\u57df\u540d\u200b\u3002 Gauge pinger_external_dns_unhealthy kube-ovn-pinger \u200b\u65e0\u6cd5\u200b\u89e3\u6790\u200b\u5916\u90e8\u200b\u57df\u540d\u200b\u3002 Histogram pinger_external_dns_latency_ms kube-ovn-pinger \u200b\u89e3\u6790\u200b\u5916\u90e8\u200b\u57df\u540d\u200b\u5ef6\u8fdf\u200b\u3002 Histogram pinger_pod_ping_latency_ms kube-ovn-pinger ping Pod \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_pod_ping_lost_total kube-ovn-pinger ping Pod \u200b\u4e22\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge pinger_pod_ping_count_total kube-ovn-pinger ping Pod \u200b\u6570\u91cf\u200b\u3002 Histogram pinger_node_ping_latency_ms kube-ovn-pinger ping Node \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_node_ping_lost_total kube-ovn-pinger ping Node \u200b\u4e22\u5305\u200b\u3002 Gauge pinger_node_ping_count_total kube-ovn-pinger ping Node \u200b\u6570\u91cf\u200b\u3002 Histogram pinger_external_ping_latency_ms kube-ovn-pinger ping \u200b\u5916\u90e8\u200b\u5730\u5740\u200b \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_external_lost_total kube-ovn-pinger ping \u200b\u5916\u90e8\u200b\u4e22\u5305\u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#kube-ovn-controller","title":"kube-ovn-controller","text":"kube-ovn-controller \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Histogram rest_client_request_latency_seconds \u200b\u8bf7\u6c42\u200b apiserver \u200b\u5ef6\u8fdf\u200b\u3002 Counter rest_client_requests_total \u200b\u8bf7\u6c42\u200b apiserver \u200b\u6570\u91cf\u200b\u3002 Counter lists_total API list \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary list_duration_seconds API list \u200b\u8bf7\u6c42\u200b\u5ef6\u8fdf\u200b\u3002 Summary items_per_list API list \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Counter watches_total API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Counter short_watches_total \u200b\u77ed\u65f6\u95f4\u200b API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary watch_duration_seconds API watch \u200b\u6301\u7eed\u65f6\u95f4\u200b\u3002 Summary items_per_watch API watch \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Gauge last_resource_version \u200b\u6700\u65b0\u200b\u7684\u200b resource version\u3002 Histogram ovs_client_request_latency_milliseconds \u200b\u8bf7\u6c42\u200b OVN \u200b\u7ec4\u4ef6\u200b\u5ef6\u8fdf\u200b\u3002 Gauge subnet_available_ip_count \u200b\u5b50\u7f51\u200b\u53ef\u7528\u200b IP \u200b\u6570\u91cf\u200b\u3002 Gauge subnet_used_ip_count \u200b\u5b50\u7f51\u200b\u5df2\u200b\u7528\u200b IP \u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#kube-ovn-cni","title":"kube-ovn-cni","text":"kube-ovn-cni \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Histogram cni_op_latency_seconds CNI \u200b\u64cd\u4f5c\u200b\u5ef6\u8fdf\u200b\u3002 Counter cni_wait_address_seconds_total CNI \u200b\u7b49\u5f85\u200b\u5730\u5740\u200b\u5c31\u7eea\u200b\u65f6\u95f4\u200b\u3002 Counter cni_wait_connectivity_seconds_total CNI \u200b\u7b49\u5f85\u200b\u8fde\u63a5\u200b\u5c31\u7eea\u200b\u65f6\u95f4\u200b\u3002 Counter cni_wait_route_seconds_total CNI \u200b\u7b49\u5f85\u200b\u8def\u7531\u200b\u5c31\u7eea\u200b\u65f6\u95f4\u200b\u3002 Histogram rest_client_request_latency_seconds \u200b\u8bf7\u6c42\u200b apiserver \u200b\u5ef6\u8fdf\u200b\u3002 Counter rest_client_requests_total \u200b\u8bf7\u6c42\u200b apiserver \u200b\u6570\u91cf\u200b\u3002 Counter lists_total API list \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary list_duration_seconds API list \u200b\u8bf7\u6c42\u200b\u5ef6\u8fdf\u200b\u3002 Summary items_per_list API list \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Counter watches_total API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Counter short_watches_total \u200b\u77ed\u65f6\u95f4\u200b API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary watch_duration_seconds API watch \u200b\u6301\u7eed\u65f6\u95f4\u200b\u3002 Summary items_per_watch API watch \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Gauge last_resource_version \u200b\u6700\u65b0\u200b\u7684\u200b resource version\u3002 Histogram ovs_client_request_latency_milliseconds \u200b\u8bf7\u6c42\u200b OVN \u200b\u7ec4\u4ef6\u200b\u5ef6\u8fdf\u200b\u3002 \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/ovs-ovn-customized/","title":"\u5bf9\u200b\u4e0a\u6e38\u200b OVS/OVN \u200b\u4fee\u6539","text":"\u200b\u4e0a\u6e38\u200b OVN/OVS \u200b\u6700\u521d\u200b\u8bbe\u8ba1\u200b\u76ee\u6807\u200b\u4e3a\u200b\u901a\u7528\u200b SDN \u200b\u63a7\u5236\u5668\u200b\u548c\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u3002\u200b\u7531\u4e8e\u200b Kubernetes \u200b\u7f51\u7edc\u200b\u5b58\u5728\u200b\u4e00\u4e9b\u200b\u7279\u6b8a\u200b\u7684\u200b\u7528\u6cd5\u200b\uff0c \u200b\u5e76\u4e14\u200b Kube-OVN \u200b\u53ea\u200b\u91cd\u70b9\u200b\u4f7f\u7528\u200b\u4e86\u200b\u90e8\u5206\u200b\u529f\u80fd\u200b\uff0c\u200b\u4e3a\u4e86\u200b \u200b\u8fbe\u5230\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u3001\u200b\u7a33\u5b9a\u6027\u200b\u548c\u200b\u7279\u5b9a\u200b\u7684\u200b\u529f\u80fd\u200b\uff0cKube-OVN \u200b\u5bf9\u200b\u4e0a\u6e38\u200b OVN/OVS \u200b\u505a\u200b\u4e86\u200b\u90e8\u5206\u200b\u4fee\u6539\u200b\u3002\u200b\u7528\u6237\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b\u81ea\u5df1\u200b\u7684\u200b OVN/OVS \u200b\u914d\u5408\u200b Kube-OVN \u200b\u7684\u200b\u63a7\u5236\u5668\u200b\u8fdb\u884c\u200b\u5de5\u4f5c\u200b\u65f6\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b \u200b\u4e0b\u8ff0\u200b\u7684\u200b\u6539\u52a8\u200b\u53ef\u80fd\u200b\u9020\u6210\u200b\u7684\u200b\u5f71\u54cd\u200b\u3002
\u200b\u672a\u5408\u5165\u200b\u4e0a\u6e38\u200b\u4fee\u6539\u200b\uff1a
- 38df6fa3f7 \u200b\u8c03\u6574\u200b\u9009\u4e3e\u200b timer\uff0c\u200b\u907f\u514d\u200b\u5927\u89c4\u6a21\u200b\u96c6\u7fa4\u200b\u9009\u4e3e\u200b\u6296\u52a8\u200b\u3002
- d4888c4e75 \u200b\u6dfb\u52a0\u200b fdb \u200b\u66f4\u65b0\u200b\u65e5\u5fd7\u200b\u3002
- d4888c4e75 \u200b\u4fee\u590d\u200b hairpin \u200b\u73af\u5883\u200b\u4e0b\u200b fdb \u200b\u5b66\u4e60\u200b\u9519\u8bef\u200b\u7684\u200b\u95ee\u9898\u200b\u3002
- 9a81b91368 \u200b\u4e3a\u200b ovsdb-tool \u200b\u7684\u200b join-cluster \u200b\u5b50\u200b\u547d\u4ee4\u200b\u6dfb\u52a0\u200b Server ID \u200b\u53c2\u6570\u200b\u3002
- 62d4969877 \u200b\u4fee\u590d\u200b\u5f00\u542f\u200b SSL \u200b\u540e\u200b OVSDB \u200b\u76d1\u542c\u200b\u5730\u5740\u200b\u9519\u8bef\u200b\u7684\u200b\u95ee\u9898\u200b\u3002
- 0700cb90f9 \u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u975e\u200b Service \u200b\u6d41\u91cf\u200b\u7ed5\u8fc7\u200b conntrack \u200b\u4ee5\u200b\u63d0\u9ad8\u200b\u7279\u5b9a\u200b\u6570\u636e\u94fe\u200b\u8def\u200b\u6027\u80fd\u200b\u3002
- c48049a64f ECMP \u200b\u7b97\u6cd5\u200b\u7531\u200b dp_hash \u200b\u8c03\u6574\u200b\u4e3a\u200b hash\uff0c\u200b\u907f\u514d\u200b\u90e8\u5206\u200b\u5185\u6838\u200b\u51fa\u73b0\u200b\u7684\u200b\u54c8\u5e0c\u200b\u9519\u8bef\u200b\u95ee\u9898\u200b\u3002
- 64383c14a9 \u200b\u4fee\u590d\u200b Windows \u200b\u4e0b\u200b\u5185\u6838\u200b Crash \u200b\u95ee\u9898\u200b\u3002
- 08a95db2ca \u200b\u652f\u6301\u200b Windows \u200b\u4e0b\u200b\u7684\u200b github action \u200b\u6784\u5efa\u200b\u3002
- 680e77a190 Windows \u200b\u4e0b\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b tcp \u200b\u76d1\u542c\u200b\u3002
- 05e57b3227 \u200b\u652f\u6301\u200b Windows \u200b\u7f16\u8bd1\u200b\u3002
- b3801ecb73 \u200b\u4fee\u6539\u200b\u6e90\u200b\u8def\u7531\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\u3002
- 977e569539 \u200b\u4fee\u590d\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b Pod \u200b\u6570\u91cf\u200b\u8fc7\u591a\u200b\u5bfc\u81f4\u200b OVS \u200b\u6d41\u8868\u200b resubmit \u200b\u6b21\u6570\u200b\u8d85\u8fc7\u200b\u4e0a\u9650\u200b\u7684\u200b\u95ee\u9898\u200b\u3002
- 45a4a22161 ovn-nbctl\uff1avips \u200b\u4e3a\u200b\u7a7a\u65f6\u200b\u4e0d\u200b\u5220\u9664\u200b Load Balancer\u3002
- 540592b9ff DNAT \u200b\u540e\u200b\u66ff\u6362\u200b Mac \u200b\u5730\u5740\u200b\u4e3a\u200b\u76ee\u6807\u200b\u5730\u5740\u200b\uff0c\u200b\u51cf\u5c11\u200b\u989d\u5916\u200b\u6027\u80fd\u200b\u5f00\u9500\u200b\u3002
- 10972d9632 \u200b\u4fee\u590d\u200b vswitchd ofport_usage \u200b\u5185\u5b58\u200b\u6cc4\u9732\u200b\u3002
\u200b\u5df2\u5408\u5165\u200b\u4e0a\u6e38\u200b\u4fee\u6539\u200b\uff1a
- 20626ea909 \u200b\u7ec4\u64ad\u200b\u6d41\u91cf\u200b\u7ed5\u8fc7\u200b LB \u200b\u548c\u200b ACL \u200b\u5904\u7406\u200b\u9636\u6bb5\u200b\uff0c\u200b\u4ee5\u200b\u63d0\u9ad8\u200b\u7279\u5b9a\u200b\u6570\u636e\u94fe\u200b\u8def\u200b\u6027\u80fd\u200b\u3002
- a2d9ff3ccd Deb \u200b\u6784\u5efa\u200b\u589e\u52a0\u200b\u7f16\u8bd1\u200b\u4f18\u5316\u200b\u9009\u9879\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/tunnel-protocol/","title":"\u96a7\u9053\u200b\u534f\u8bae\u200b\u8bf4\u660e","text":"Kube-OVN \u200b\u4f7f\u7528\u200b OVN/OVS \u200b\u4f5c\u4e3a\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u5b9e\u73b0\u200b\uff0c\u200b\u76ee\u524d\u200b\u652f\u6301\u200b Geneve\uff0cVxlan \u200b\u548c\u200b STT \u200b\u4e09\u79cd\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\u3002 \u200b\u8fd9\u200b\u4e09\u79cd\u200b\u534f\u8bae\u200b\u5728\u200b\u529f\u80fd\u200b\uff0c\u200b\u6027\u80fd\u200b\u548c\u200b\u6613\u7528\u6027\u200b\u4e0a\u200b\u5b58\u5728\u200b\u7740\u200b\u533a\u522b\u200b\uff0c\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u200b\u4ecb\u7ecd\u200b\u4e09\u79cd\u200b\u534f\u8bae\u200b\u5728\u200b\u4f7f\u7528\u200b\u4e2d\u200b\u7684\u200b\u5dee\u5f02\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u200b\u6839\u636e\u200b\u81ea\u5df1\u200b\u7684\u200b\u60c5\u51b5\u200b\u8fdb\u884c\u200b\u9009\u62e9\u200b\u3002
"},{"location":"reference/tunnel-protocol/#geneve","title":"Geneve","text":"Geneve \u200b\u534f\u8bae\u200b\u4e3a\u200b Kube-OVN \u200b\u90e8\u7f72\u200b\u65f6\u200b\u9009\u62e9\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\uff0c\u200b\u4e5f\u200b\u662f\u200b OVN \u200b\u9ed8\u8ba4\u200b\u63a8\u8350\u200b\u7684\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\u3002\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u200b\u5f97\u5230\u200b\u4e86\u200b\u5e7f\u6cdb\u200b\u7684\u200b\u652f\u6301\u200b\uff0c \u200b\u5e76\u200b\u53ef\u4ee5\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b\u901a\u7528\u200b Offload \u200b\u80fd\u529b\u200b\u8fdb\u884c\u200b\u52a0\u901f\u200b\u3002\u200b\u7531\u4e8e\u200b Geneve \u200b\u6709\u7740\u200b\u53ef\u53d8\u200b\u957f\u200b\u7684\u200b\u5934\u90e8\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b 24bit \u200b\u7a7a\u95f4\u200b\u6765\u200b\u6807\u5fd7\u200b\u4e0d\u540c\u200b\u7684\u200b datapath \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u521b\u5efa\u200b\u66f4\u200b\u591a\u200b\u6570\u91cf\u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b Mellanox \u200b\u6216\u200b\u82af\u542f\u6e90\u200b\u7684\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b OVS \u200b\u5378\u8f7d\u200b\uff0cGeneve \u200b\u9700\u8981\u200b\u8f83\u200b\u9ad8\u200b\u7248\u672c\u200b\u7684\u200b\u5185\u6838\u200b\u652f\u6301\u200b\uff0c\u200b\u9700\u8981\u200b\u9009\u62e9\u200b 5.4 \u200b\u4ee5\u4e0a\u200b\u7684\u200b\u4e0a\u6e38\u200b\u5185\u6838\u200b\uff0c \u200b\u6216\u200b backport \u200b\u4e86\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u5176\u4ed6\u200b\u517c\u5bb9\u200b\u5185\u6838\u200b\u3002
\u200b\u7531\u4e8e\u200b\u4f7f\u7528\u200b UDP \u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5904\u7406\u200b TCP over UDP \u200b\u65f6\u200b\u4e0d\u80fd\u200b\u5f88\u200b\u597d\u200b\u7684\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b TCP \u200b\u76f8\u5173\u200b\u5378\u8f7d\u200b\uff0c\u200b\u5728\u200b\u5904\u7406\u200b\u5927\u5305\u200b\u65f6\u4f1a\u200b\u6d88\u8017\u200b\u8f83\u200b\u591a\u200b CPU \u200b\u8d44\u6e90\u200b\u3002
"},{"location":"reference/tunnel-protocol/#vxlan","title":"Vxlan","text":"Vxlan \u200b\u4e3a\u200b\u4e0a\u6e38\u200b OVN \u200b\u8fd1\u671f\u200b\u652f\u6301\u200b\u7684\u200b\u534f\u8bae\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u200b\u5f97\u5230\u200b\u4e86\u200b\u5e7f\u6cdb\u200b\u7684\u200b\u652f\u6301\u200b\uff0c \u200b\u5e76\u200b\u53ef\u4ee5\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b\u901a\u7528\u200b Offload \u200b\u80fd\u529b\u200b\u8fdb\u884c\u200b\u52a0\u901f\u200b\u3002 \u200b\u7531\u4e8e\u200b\u8be5\u200b\u534f\u8bae\u200b\u5934\u90e8\u200b\u957f\u5ea6\u200b\u6709\u9650\u200b\uff0c\u200b\u5e76\u4e14\u200b OVN \u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u989d\u5916\u200b\u7684\u200b\u7a7a\u95f4\u200b\u8fdb\u884c\u200b\u7f16\u6392\u200b\uff0cdatapath \u200b\u7684\u200b\u6570\u91cf\u200b\u5b58\u5728\u200b\u9650\u5236\u200b\uff0c\u200b\u6700\u200b\u591a\u200b\u53ea\u80fd\u200b\u521b\u5efa\u200b 4096 \u200b\u4e2a\u200b datapath\uff0c \u200b\u6bcf\u4e2a\u200b datapath \u200b\u4e0b\u200b\u6700\u200b\u591a\u200b 4096 \u200b\u4e2a\u200b\u7aef\u53e3\u200b\u3002\u200b\u540c\u65f6\u200b\u7531\u4e8e\u200b\u7a7a\u95f4\u200b\u6709\u9650\u200b\uff0c\u200b\u57fa\u4e8e\u200b inport \u200b\u7684\u200b ACL \u200b\u6ca1\u6709\u200b\u8fdb\u884c\u200b\u652f\u6301\u200b\u3002
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b Mellanox \u200b\u6216\u200b\u82af\u542f\u6e90\u200b\u7684\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b OVS \u200b\u5378\u8f7d\u200b\uff0cVxlan \u200b\u7684\u200b\u5378\u8f7d\u200b\u5728\u200b\u5e38\u89c1\u200b\u5185\u6838\u200b\u4e2d\u200b\u5df2\u200b\u83b7\u5f97\u200b\u652f\u6301\u200b\u3002
\u200b\u7531\u4e8e\u200b\u4f7f\u7528\u200b UDP \u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5904\u7406\u200b TCP over UDP \u200b\u65f6\u200b\u4e0d\u80fd\u200b\u5f88\u200b\u597d\u200b\u7684\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b TCP \u200b\u76f8\u5173\u200b\u5378\u8f7d\u200b\uff0c\u200b\u5728\u200b\u5904\u7406\u200b\u5927\u5305\u200b\u65f6\u4f1a\u200b\u6d88\u8017\u200b\u8f83\u200b\u591a\u200b CPU \u200b\u8d44\u6e90\u200b\u3002
"},{"location":"reference/tunnel-protocol/#stt","title":"STT","text":"STT \u200b\u534f\u8bae\u200b\u4e3a\u200b OVN \u200b\u8f83\u200b\u65e9\u200b\u652f\u6301\u200b\u7684\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u4f7f\u7528\u200b\u7c7b\u200b TCP \u200b\u7684\u200b\u5934\u90e8\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5145\u5206\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u901a\u7528\u200b\u7684\u200b TCP \u200b\u5378\u8f7d\u200b\u80fd\u529b\u200b\uff0c\u200b\u5927\u5e45\u200b\u63d0\u5347\u200b TCP \u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u3002\u200b\u540c\u65f6\u200b\u8be5\u200b\u534f\u8bae\u200b\u5934\u90e8\u200b\u8f83\u957f\u200b\u53ef\u200b\u652f\u6301\u200b\u5b8c\u6574\u200b\u7684\u200b OVN \u200b\u80fd\u529b\u200b\u548c\u200b\u5927\u89c4\u6a21\u200b\u7684\u200b datapath\u3002
\u200b\u8be5\u200b\u534f\u8bae\u200b\u672a\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u200b\u652f\u6301\u200b\uff0c\u200b\u82e5\u200b\u8981\u200b\u4f7f\u7528\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\uff0c\u200b\u5e76\u200b\u5728\u200b\u5347\u7ea7\u200b\u5185\u6838\u200b\u65f6\u200b\u5bf9\u5e94\u200b\u518d\u6b21\u200b\u7f16\u8bd1\u200b\u65b0\u200b\u7248\u672c\u200b\u5185\u6838\u6a21\u5757\u200b\u3002
\u200b\u8be5\u200b\u534f\u8bae\u200b\u76ee\u524d\u200b\u672a\u200b\u88ab\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b\u652f\u6301\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b OVS \u200b\u7684\u200b\u5378\u8f7d\u200b\u80fd\u529b\u200b\u3002
"},{"location":"reference/tunnel-protocol/#_2","title":"\u53c2\u8003\u8d44\u6599","text":" - https://ipwithease.com/vxlan-vs-geneve-understand-the-difference/
- OVN FAQ
- What is Geneve
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/underlay-topology/","title":"Underlay \u200b\u6d41\u91cf\u200b\u62d3\u6251","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u6d41\u91cf\u200b\u5728\u200b\u4e0d\u540c\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u7684\u200b\u8f6c\u53d1\u200b\u8def\u5f84\u200b\u3002
"},{"location":"reference/underlay-topology/#_1","title":"\u540c\u200b\u8282\u70b9\u200b\u540c\u200b\u5b50\u7f51","text":"\u200b\u5185\u90e8\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u76f4\u63a5\u200b\u4ea4\u6362\u200b\u6570\u636e\u5305\u200b\uff0c\u200b\u4e0d\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
"},{"location":"reference/underlay-topology/#_2","title":"\u8de8\u200b\u8282\u70b9\u200b\u540c\u200b\u5b50\u7f51","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u3002
"},{"location":"reference/underlay-topology/#_3","title":"\u540c\u200b\u8282\u70b9\u200b\u4e0d\u540c\u200b\u5b50\u7f51","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u53ca\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u548c\u200b\u8def\u7531\u200b\u8f6c\u53d1\u200b\u3002
\u200b\u6b64\u5904\u200b br-provider-1 \u200b\u548c\u200b br-provider-2 \u200b\u53ef\u4ee5\u200b\u662f\u200b\u540c\u4e00\u4e2a\u200b OVS \u200b\u7f51\u6865\u200b\uff0c\u200b\u5373\u200b\u591a\u4e2a\u200b\u4e0d\u540c\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b Provider Network\u3002
"},{"location":"reference/underlay-topology/#_4","title":"\u8de8\u200b\u8282\u70b9\u200b\u4e0d\u540c\u200b\u5b50\u7f51","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u53ca\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u548c\u200b\u8def\u7531\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"reference/underlay-topology/#_5","title":"\u8bbf\u95ee\u200b\u5916\u90e8","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u53ca\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u548c\u200b\u8def\u7531\u200b\u8f6c\u53d1\u200b\u3002
\u200b\u8282\u70b9\u200b\u4e0e\u200b Pod \u200b\u4e4b\u95f4\u200b\u7684\u200b\u901a\u4fe1\u200b\u5927\u4f53\u4e0a\u200b\u4e5f\u200b\u9075\u5faa\u200b\u6b64\u200b\u903b\u8f91\u200b\u3002
"},{"location":"reference/underlay-topology/#vlan-tag","title":"\u65e0\u200b Vlan Tag \u200b\u4e0b\u200b\u603b\u89c8","text":""},{"location":"reference/underlay-topology/#vlan","title":"\u591a\u200b VLAN \u200b\u603b\u89c8","text":""},{"location":"reference/underlay-topology/#pod-service-ip","title":"Pod \u200b\u8bbf\u95ee\u200b Service IP","text":"Kube-OVN \u200b\u4e3a\u200b\u6bcf\u4e2a\u200b Kubernetes Service \u200b\u5728\u200b\u6bcf\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u4e0a\u200b\u914d\u7f6e\u200b\u4e86\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u3002 \u200b\u5f53\u200b Pod \u200b\u901a\u8fc7\u200b\u8bbf\u95ee\u200b Service IP \u200b\u8bbf\u95ee\u200b\u5176\u5b83\u200b Pod \u200b\u65f6\u200b\uff0c\u200b\u4f1a\u200b\u6784\u9020\u200b\u4e00\u4e2a\u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u4e3a\u200b Service IP\u3001\u200b\u76ee\u7684\u200b MAC \u200b\u5730\u5740\u200b\u4e3a\u200b\u7f51\u5173\u200b MAC \u200b\u5730\u5740\u200b\u7684\u200b\u7f51\u7edc\u200b\u5305\u200b\u3002 \u200b\u7f51\u7edc\u200b\u5305\u200b\u8fdb\u5165\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u540e\u200b\uff0c\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u4f1a\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u5305\u200b\u8fdb\u884c\u200b\u62e6\u622a\u200b\u548c\u200b DNAT \u200b\u5904\u7406\u200b\uff0c\u200b\u5c06\u200b\u76ee\u7684\u200b IP \u200b\u548c\u200b\u7aef\u53e3\u200b\u4fee\u6539\u200b\u4e3a\u200b Service \u200b\u5bf9\u5e94\u200b\u7684\u200b\u67d0\u4e2a\u200b Endpoint \u200b\u7684\u200b IP \u200b\u548c\u200b\u7aef\u53e3\u200b\u3002 \u200b\u7531\u4e8e\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u5e76\u672a\u200b\u4fee\u6539\u200b\u7f51\u7edc\u200b\u5305\u200b\u7684\u200b\u4e8c\u5c42\u200b\u76ee\u7684\u200b MAC \u200b\u5730\u5740\u200b\uff0c\u200b\u7f51\u7edc\u200b\u5305\u200b\u5728\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u540e\u200b\u4ecd\u7136\u200b\u4f1a\u200b\u9001\u5230\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\uff0c\u200b\u6b64\u65f6\u200b\u9700\u8981\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u5305\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"reference/underlay-topology/#service-pod","title":"Service \u200b\u540e\u7aef\u200b\u4e3a\u200b\u540c\u200b\u8282\u70b9\u200b\u540c\u200b\u5b50\u7f51\u200b Pod","text":""},{"location":"reference/underlay-topology/#service-pod_1","title":"Service \u200b\u540e\u7aef\u200b\u4e3a\u200b\u540c\u200b\u8282\u70b9\u200b\u4e0d\u540c\u200b\u5b50\u7f51\u200b Pod","text":" \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/one-step-install/","title":"\u4e00\u952e\u200b\u5b89\u88c5","text":"Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u5feb\u901f\u200b\u5b89\u88c5\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b\uff0c\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b Kube-OVN \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u90e8\u7f72\u200b\u4e3a\u200b Overlay \u200b\u7c7b\u578b\u200b\u7f51\u7edc\u200b\u3002
\u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u652f\u6301\u200b Helm Chart \u200b\u5b89\u88c5\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u90e8\u7f72\u200b\u4e3a\u200b Overlay \u200b\u7c7b\u578b\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5982\u679c\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u642d\u5efa\u200b Underlay/Vlan \u200b\u7f51\u7edc\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b Underlay \u200b\u7f51\u7edc\u200b\u652f\u6301\u200b\u3002
\u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u53c2\u8003\u200b\u51c6\u5907\u200b\u5de5\u4f5c\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b\u3002
"},{"location":"start/one-step-install/#_2","title":"\u811a\u672c\u200b\u5b89\u88c5","text":""},{"location":"start/one-step-install/#_3","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c","text":"\u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u5728\u200b\u751f\u4ea7\u200b\u73af\u5883\u200b\u4f7f\u7528\u200b\u7a33\u5b9a\u200b\u7684\u200b release \u200b\u7248\u672c\u200b\uff0c\u200b\u8bf7\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u200b\u7a33\u5b9a\u200b\u7248\u672c\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u5982\u679c\u200b\u5bf9\u200b master \u200b\u5206\u652f\u200b\u7684\u200b\u6700\u65b0\u200b\u529f\u80fd\u200b\u611f\u5174\u8da3\u200b\uff0c\u200b\u60f3\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u200b\u5f00\u53d1\u200b\u7248\u672c\u200b\u90e8\u7f72\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/images/install.sh\n
"},{"location":"start/one-step-install/#_4","title":"\u4fee\u6539\u200b\u914d\u7f6e\u200b\u53c2\u6570","text":"\u200b\u4f7f\u7528\u200b\u7f16\u8f91\u5668\u200b\u6253\u5f00\u200b\u811a\u672c\u200b\uff0c\u200b\u5e76\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53d8\u91cf\u200b\u4e3a\u200b\u9884\u671f\u200b\u503c\u200b\uff1a
REGISTRY=\"kubeovn\" # \u200b\u955c\u50cf\u200b\u4ed3\u5e93\u200b\u5730\u5740\u200b\nVERSION=\"v1.12.12\" # \u200b\u955c\u50cf\u200b\u7248\u672c\u200b/Tag\nPOD_CIDR=\"10.16.0.0/16\" # \u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/JOIN CIDR \u200b\u91cd\u53e0\u200b\nSVC_CIDR=\"10.96.0.0/12\" # \u200b\u9700\u8981\u200b\u548c\u200b apiserver \u200b\u7684\u200b service-cluster-ip-range \u200b\u4fdd\u6301\u4e00\u81f4\u200b\nJOIN_CIDR=\"100.64.0.0/16\" # Pod \u200b\u548c\u200b\u4e3b\u673a\u200b\u901a\u4fe1\u200b\u7f51\u7edc\u200b CIDR\uff0c\u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/POD CIDR \u200b\u91cd\u53e0\u200b \nLABEL=\"node-role.kubernetes.io/master\" # \u200b\u90e8\u7f72\u200b OVN DB \u200b\u8282\u70b9\u200b\u7684\u200b\u6807\u7b7e\u200b\nIFACE=\"\" # \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b\u7684\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u5982\u679c\u200b\u4e3a\u200b\u7a7a\u5219\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b Node IP \u200b\u6240\u5728\u200b\u7f51\u5361\u200b\nTUNNEL_TYPE=\"geneve\" # \u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\uff0c\u200b\u53ef\u200b\u9009\u200b geneve, vxlan \u200b\u6216\u200b stt\uff0cstt \u200b\u9700\u8981\u200b\u5355\u72ec\u200b\u7f16\u8bd1\u200b ovs \u200b\u5185\u6838\u6a21\u5757\u200b\n
\u200b\u53ef\u200b\u4f7f\u7528\u200b\u6b63\u5219\u8868\u8fbe\u5f0f\u200b\u6765\u200b\u5339\u914d\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u4f8b\u5982\u200b IFACE=enp6s0f0,eth.*\u3002
"},{"location":"start/one-step-install/#_5","title":"\u6267\u884c\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"bash install.sh
\u200b\u7b49\u5f85\u200b\u5b89\u88c5\u200b\u5b8c\u6210\u200b\u3002
"},{"location":"start/one-step-install/#helm-chart","title":"Helm Chart \u200b\u5b89\u88c5","text":"\u200b\u7531\u4e8e\u200b Kube-OVN \u200b\u7684\u200b\u5b89\u88c5\u200b\uff0c\u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e00\u4e9b\u200b\u53c2\u6570\u200b\uff0c\u200b\u56e0\u6b64\u200b\u4f7f\u7528\u200b Helm \u200b\u5b89\u88c5\u200b Kube-OVN\uff0c\u200b\u9700\u8981\u200b\u6309\u7167\u200b\u4ee5\u4e0b\u200b\u6b65\u9aa4\u200b\u6267\u884c\u200b\u3002
"},{"location":"start/one-step-install/#ip","title":"\u67e5\u770b\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740","text":"$ kubectl get node -o wide\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\nkube-ovn-control-plane NotReady control-plane 20h v1.26.0 172.18.0.3 <none> Ubuntu 22.04.1 LTS 5.10.104-linuxkit containerd://1.6.9\nkube-ovn-worker NotReady <none> 20h v1.26.0 172.18.0.2 <none> Ubuntu 22.04.1 LTS 5.10.104-linuxkit containerd://1.6.9\n
"},{"location":"start/one-step-install/#master","title":"\u53bb\u6389\u200b\u96c6\u7fa4\u200b master \u200b\u8282\u70b9\u200b\u6c61\u70b9","text":"$ kubectl taint node kube-ovn-control-plane node-role.kubernetes.io/control-plane:NoSchedule-\nnode/kube-ovn-control-plane untainted\n
\u200b\u5982\u679c\u200b\u786e\u5b9a\u200b\u4e0d\u200b\u9700\u8981\u200b\u5728\u200b master \u200b\u8282\u70b9\u200b\u8c03\u5ea6\u200b\u4e1a\u52a1\u200b Pod\uff0c\u200b\u8fd9\u200b\u4e00\u6b65\u200b\u53ef\u4ee5\u200b\u8df3\u8fc7\u200b\u3002
"},{"location":"start/one-step-install/#label","title":"\u7ed9\u200b\u8282\u70b9\u200b\u6dfb\u52a0\u200b label","text":"$ kubectl label node -lbeta.kubernetes.io/os=linux kubernetes.io/os=linux --overwrite\nnode/kube-ovn-control-plane not labeled\nnode/kube-ovn-worker not labeled\n\n$ kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=master --overwrite\nnode/kube-ovn-control-plane labeled\n\n# \u200b\u4ee5\u4e0b\u200b label \u200b\u7528\u4e8e\u200b dpdk \u200b\u955c\u50cf\u200b\u7684\u200b\u5b89\u88c5\u200b\uff0c\u200b\u975e\u200b dpdk \u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5ffd\u7565\u200b\n$ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel --overwrite\nnode/kube-ovn-control-plane labeled\nnode/kube-ovn-worker labeled\n
"},{"location":"start/one-step-install/#helm-repo","title":"\u6dfb\u52a0\u200b Helm Repo \u200b\u4fe1\u606f","text":"$ helm repo add kubeovn https://kubeovn.github.io/kube-ovn/\n\"kubeovn\" has been added to your repositories\n\n$ helm repo list\nNAME URL\nkubeovn https://kubeovn.github.io/kube-ovn/\n\n$ helm search repo kubeovn\nNAME CHART VERSION APP VERSION DESCRIPTION\nkubeovn/kube-ovn 0.1.0 1.12.0 Helm chart for Kube-OVN\n
"},{"location":"start/one-step-install/#helm-install-kube-ovn","title":"\u6267\u884c\u200b helm install \u200b\u5b89\u88c5\u200b Kube-OVN","text":"Node0IP\u3001Node1IP\u3001Node2IP \u200b\u53c2\u6570\u200b\u5206\u522b\u200b\u4e3a\u200b\u96c6\u7fa4\u200b master \u200b\u8282\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002\u200b\u5176\u4ed6\u200b\u53c2\u6570\u200b\u7684\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b values.yaml \u200b\u6587\u4ef6\u200b\u4e2d\u200b\u53d8\u91cf\u200b\u5b9a\u4e49\u200b\u3002
# \u200b\u5355\u200b master \u200b\u8282\u70b9\u200b\u73af\u5883\u200b\u5b89\u88c5\u200b\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=${Node0IP}\n\n# \u200b\u4ee5\u4e0a\u200b\u8fb9\u200b\u7684\u200b node \u200b\u4fe1\u606f\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u6267\u884c\u200b\u5b89\u88c5\u200b\u547d\u4ee4\u200b\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=172.18.0.3\nNAME: kube-ovn\nLAST DEPLOYED: Fri Mar 31 12:43:43 2023\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\n\n# \u200b\u9ad8\u200b\u53ef\u7528\u200b\u96c6\u7fa4\u200b\u5b89\u88c5\u200b\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=${Node0IP}\\,${Node1IP}\\,${Node2IP} --set replicaCount=3\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/prepare/","title":"\u51c6\u5907\u200b\u5de5\u4f5c","text":"Kube-OVN \u200b\u662f\u200b\u4e00\u4e2a\u200b\u7b26\u5408\u200b CNI \u200b\u89c4\u8303\u200b\u7684\u200b\u7f51\u7edc\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u5176\u200b\u8fd0\u884c\u200b\u9700\u8981\u200b\u4f9d\u8d56\u200b Kubernetes \u200b\u73af\u5883\u200b\u53ca\u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u6838\u200b\u7f51\u7edc\u200b\u6a21\u5757\u200b\u3002 \u200b\u4ee5\u4e0b\u200b\u662f\u200b\u901a\u8fc7\u200b\u6d4b\u8bd5\u200b\u7684\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u548c\u200b\u8f6f\u4ef6\u200b\u7248\u672c\u200b\uff0c\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u548c\u200b\u6240\u200b\u9700\u8981\u200b\u5f00\u653e\u200b\u7684\u200b\u7aef\u53e3\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"start/prepare/#_2","title":"\u8f6f\u4ef6\u200b\u7248\u672c","text":" - Kubernetes >= 1.23\u3002
- Docker >= 1.12.6, Containerd >= 1.3.4\u3002
- \u200b\u64cd\u4f5c\u7cfb\u7edf\u200b: CentOS 7/8, Ubuntu 16.04/18.04/20.04\u3002
- \u200b\u5176\u4ed6\u200b Linux \u200b\u53d1\u884c\u7248\u200b\uff0c\u200b\u9700\u8981\u200b\u68c0\u67e5\u4e00\u4e0b\u200b\u5185\u6838\u6a21\u5757\u200b\u662f\u5426\u200b\u5b58\u5728\u200b
geneve, openvswitch, ip_tables \u200b\u548c\u200b iptable_nat\uff0cKube-OVN \u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\u4f9d\u8d56\u200b\u4e0a\u8ff0\u200b\u6a21\u5757\u200b\u3002
\u200b\u6ce8\u610f\u4e8b\u9879\u200b\uff1a
- \u200b\u5982\u679c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e3a\u200b 3.10.0-862 \u200b\u5185\u6838\u200b
netfilter \u200b\u6a21\u5757\u200b\u5b58\u5728\u200b bug \u200b\u4f1a\u200b\u5bfc\u81f4\u200b Kube-OVN \u200b\u5185\u7f6e\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u5668\u200b\u65e0\u6cd5\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u200b\u5185\u6838\u200b\u5347\u7ea7\u200b\uff0c\u200b\u5efa\u8bae\u200b\u4f7f\u7528\u200b CentOS \u200b\u5b98\u65b9\u200b\u5bf9\u5e94\u200b\u7248\u672c\u200b\u6700\u65b0\u200b\u5185\u6838\u200b\u4fdd\u8bc1\u7cfb\u7edf\u200b\u7684\u200b\u5b89\u5168\u200b\u3002\u200b\u76f8\u5173\u200b\u5185\u6838\u200b bug \u200b\u53c2\u8003\u200b Floating IPs broken after kernel upgrade to Centos/RHEL 7.5 - DNAT not working\u3002 - Rocky Linux 8.6 \u200b\u7684\u200b\u5185\u6838\u200b 4.18.0-372.9.1.el8.x86_64 \u200b\u5b58\u5728\u200b TCP \u200b\u901a\u4fe1\u200b\u95ee\u9898\u200b TCP connection failed in Rocky Linux 8.6\uff0c\u200b\u8bf7\u200b\u5347\u7ea7\u200b\u5185\u6838\u200b\u81f3\u200b 4.18.0-372.13.1.el8_6.x86_64 \u200b\u6216\u200b\u66f4\u200b\u9ad8\u200b\u7248\u672c\u200b\u3002
- \u200b\u5982\u679c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e3a\u200b 4.4 \u200b\u5219\u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u6838\u200b
openvswitch \u200b\u6a21\u5757\u200b\u5b58\u5728\u200b\u95ee\u9898\u200b\uff0c\u200b\u5efa\u8bae\u200b\u5347\u7ea7\u200b\u6216\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b openvswitch \u200b\u65b0\u200b\u7248\u672c\u200b\u6a21\u5757\u200b\u8fdb\u884c\u200b\u66f4\u65b0\u200b - Geneve \u200b\u96a7\u9053\u200b\u5efa\u7acb\u200b\u9700\u8981\u200b\u68c0\u67e5\u200b IPv6\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b
cat /proc/cmdline \u200b\u68c0\u67e5\u200b\u5185\u6838\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff0c \u200b\u76f8\u5173\u200b\u5185\u6838\u200b bug \u200b\u8bf7\u200b\u53c2\u8003\u200b Geneve tunnels don't work when ipv6 is disabled\u3002
"},{"location":"start/prepare/#_3","title":"\u73af\u5883\u200b\u914d\u7f6e","text":" - Kernel \u200b\u542f\u52a8\u200b\u9700\u8981\u200b\u5f00\u542f\u200b IPv6, \u200b\u5982\u679c\u200b kernel \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u5305\u542b\u200b
ipv6.disable=1 \u200b\u9700\u8981\u200b\u5c06\u200b\u5176\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b 0\u3002 kube-proxy \u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\uff0cKube-OVN \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Service ClusterIP \u200b\u8bbf\u95ee\u200b\u5230\u200b kube-apiserver\u3002- \u200b\u786e\u8ba4\u200b kubelet \u200b\u914d\u7f6e\u200b\u53c2\u6570\u200b\u5f00\u542f\u200b\u4e86\u200b CNI\uff0c\u200b\u5e76\u4e14\u200b\u914d\u7f6e\u200b\u5728\u200b\u6807\u51c6\u200b\u8def\u5f84\u200b\u4e0b\u200b, kubelet \u200b\u542f\u52a8\u200b\u65f6\u5e94\u200b\u5305\u542b\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b
--network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-conf-dir=/etc/cni/net.d\u3002 - \u200b\u786e\u8ba4\u200b\u672a\u200b\u5b89\u88c5\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u6216\u8005\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u5df2\u7ecf\u200b\u88ab\u200b\u6e05\u9664\u200b\uff0c\u200b\u68c0\u67e5\u200b
/etc/cni/net.d/ \u200b\u8def\u5f84\u200b\u4e0b\u200b\u65e0\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u914d\u7f6e\u6587\u4ef6\u200b\u3002\u200b\u5982\u679c\u200b\u4e4b\u524d\u200b\u5b89\u88c5\u200b\u8fc7\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u5efa\u8bae\u200b\u5220\u9664\u200b\u540e\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u6e05\u7406\u200b\u6b8b\u7559\u200b\u7f51\u7edc\u8d44\u6e90\u200b\u3002
"},{"location":"start/prepare/#_4","title":"\u7aef\u53e3\u200b\u4fe1\u606f","text":"\u7ec4\u4ef6\u200b \u200b\u7aef\u53e3\u200b \u200b\u7528\u9014\u200b ovn-central 6641/tcp, 6642/tcp, 6643/tcp, 6644/tcp ovn-db \u200b\u548c\u200b raft server \u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b ovs-ovn Geneve 6081/udp, STT 7471/tcp, Vxlan 4789/udp \u200b\u96a7\u9053\u200b\u7aef\u53e3\u200b kube-ovn-controller 10660/tcp \u200b\u76d1\u63a7\u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b kube-ovn-daemon 10665/tcp \u200b\u76d1\u63a7\u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b kube-ovn-monitor 10661/tcp \u200b\u76d1\u63a7\u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/sealos-install/","title":"\u4f7f\u7528\u200b sealos \u200b\u4e00\u952e\u200b\u90e8\u7f72\u200b Kubernetes \u200b\u548c\u200b Kube-OVN","text":"sealos \u200b\u4f5c\u4e3a\u200b Kubernetes \u200b\u7684\u200b\u4e00\u4e2a\u200b\u53d1\u884c\u7248\u200b\uff0c\u200b\u901a\u8fc7\u200b\u6781\u7b80\u200b\u7684\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u548c\u200b\u56fd\u5185\u200b\u7684\u200b\u955c\u50cf\u200b\u4ed3\u5e93\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u7528\u6237\u200b\u5feb\u901f\u200b\u4ece\u200b\u96f6\u200b\u521d\u59cb\u5316\u200b\u4e00\u4e2a\u200b\u5bb9\u5668\u200b\u96c6\u7fa4\u200b\u3002 \u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b sealos \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e00\u6761\u200b\u547d\u4ee4\u200b\u5728\u200b\u51e0\u5206\u949f\u200b\u5185\u200b\u90e8\u7f72\u200b\u51fa\u200b\u4e00\u4e2a\u200b\u5b89\u88c5\u200b\u597d\u200b Kube-OVN \u200b\u7684\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u3002
"},{"location":"start/sealos-install/#sealos","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b sealos","text":"AMD64 ARM64 wget https://github.com/labring/sealos/releases/download/v4.1.4/sealos_4.1.4_linux_amd64.tar.gz && \\\ntar -zxvf sealos_4.1.4_linux_amd64.tar.gz sealos && chmod +x sealos && mv sealos /usr/bin\n
wget https://github.com/labring/sealos/releases/download/v4.1.4/sealos_4.1.4_linux_arm64.tar.gz && \\\ntar -zxvf sealos_4.1.4_linux_arm64.tar.gz sealos && chmod +x sealos && mv sealos /usr/bin\n
"},{"location":"start/sealos-install/#kubernetes-kube-ovn","title":"\u90e8\u7f72\u200b Kubernetes \u200b\u548c\u200b Kube-OVN","text":"```bash\nsealos run labring/kubernetes:v1.24.3 labring/kube-ovn:v1.10.5 \\\n --masters [masters ips seperated by comma] \\\n --nodes [nodes ips seperated by comma] -p [your-ssh-passwd]\n```\n
"},{"location":"start/sealos-install/#_1","title":"\u7b49\u5f85\u200b\u90e8\u7f72\u200b\u5b8c\u6210","text":"```bash\n[Step 6/6] Finish\n\n ,,,,\n ,::,\n ,,::,,,,\n ,,,,,::::::::::::,,,,,\n ,,,::::::::::::::::::::::,,,\n ,,::::::::::::::::::::::::::::,,\n ,,::::::::::::::::::::::::::::::::,,\n ,::::::::::::::::::::::::::::::::::::,\n ,:::::::::::::,, ,,:::::,,,::::::::::,\n ,,:::::::::::::, ,::, ,:::::::::,\n ,:::::::::::::, :x, ,:: :, ,:::::::::,\n,:::::::::::::::, ,,, ,::, ,, ,::::::::::,\n,:::::::::::::::::,,,,,,:::::,,,,::::::::::::, ,:, ,:, ,xx, ,:::::, ,:, ,:: :::, ,x\n,::::::::::::::::::::::::::::::::::::::::::::, :x: ,:xx: , :xx, :xxxxxxxxx, :xx, ,xx:,xxxx, :x\n,::::::::::::::::::::::::::::::::::::::::::::, :xxxxx:, ,xx, :x: :xxx:x::, ::xxxx: :xx:, ,:xxx :xx, ,xx: ,xxxxx:, :x\n,::::::::::::::::::::::::::::::::::::::::::::, :xxxxx, :xx, :x: :xxx,,:xx,:xx:,:xx, ,,,,,,,,,xxx, ,xx: :xx:xx: ,xxx,:xx::x\n,::::::,,::::::::,,::::::::,,:::::::,,,::::::, :x:,xxx: ,xx, :xx :xx: ,xx,xxxxxx:, ,xxxxxxx:,xxx:, ,xxx, :xxx: ,xxx, :xxxx\n,::::, ,::::, ,:::::, ,,::::, ,::::, :x: ,:xx,,:xx::xxxx,,xxx::xx: :xx::::x: ,,,,,, ,xxxxxxxxx, ,xx: ,xxx, :xxx\n,::::, ,::::, ,::::, ,::::, ,::::, ,:, ,:, ,,::,,:, ,::::,, ,:::::, ,,:::::, ,, :x: ,::\n,::::, ,::::, ,::::, ,::::, ,::::,\n ,,,,, ,::::, ,::::, ,::::, ,:::, ,,,,,,,,,,,,,\n ,::::, ,::::, ,::::, ,:::, ,,,:::::::::::::::,\n ,::::, ,::::, ,::::, ,::::, ,,,,:::::::::,,,,,,,:::,\n ,::::, ,::::, ,::::, ,::::::::::::,,,,,\n ,,,, ,::::, ,,,, ,,,::::,,,,\n ,::::,\n ,,::,\n\nThanks for choosing Kube-OVN!\nFor more advanced features, please read https://github.com/kubeovn/kube-ovn#documents\nIf you have any question, please file an issue https://github.com/kubeovn/kube-ovn/issues/new/choose\n2022-08-10T16:31:34 info succeeded in creating a new cluster, enjoy it!\n2022-08-10T16:31:34 info\n ___ ___ ___ ___ ___ ___\n /\\ \\ /\\ \\ /\\ \\ /\\__\\ /\\ \\ /\\ \\\n /::\\ \\ /::\\ \\ /::\\ \\ /:/ / /::\\ \\ /::\\ \\\n /:/\\ \\ \\ /:/\\:\\ \\ /:/\\:\\ \\ /:/ / /:/\\:\\ \\ /:/\\ \\ \\\n _\\:\\~\\ \\ \\ /::\\~\\:\\ \\ /::\\~\\:\\ \\ /:/ / /:/ \\:\\ \\ _\\:\\~\\ \\ \\\n /\\ \\:\\ \\ \\__\\ /:/\\:\\ \\:\\__\\ /:/\\:\\ \\:\\__\\ /:/__/ /:/__/ \\:\\__\\ /\\ \\:\\ \\ \\__\\\n \\:\\ \\:\\ \\/__/ \\:\\~\\:\\ \\/__/ \\/__\\:\\/:/ / \\:\\ \\ \\:\\ \\ /:/ / \\:\\ \\:\\ \\/__/\n \\:\\ \\:\\__\\ \\:\\ \\:\\__\\ \\::/ / \\:\\ \\ \\:\\ /:/ / \\:\\ \\:\\__\\\n \\:\\/:/ / \\:\\ \\/__/ /:/ / \\:\\ \\ \\:\\/:/ / \\:\\/:/ /\n \\::/ / \\:\\__\\ /:/ / \\:\\__\\ \\::/ / \\::/ /\n \\/__/ \\/__/ \\/__/ \\/__/ \\/__/ \\/__/\n\n Website :https://www.sealos.io/\n Address :github.com/labring/sealos\n```\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/underlay/","title":"Underlay \u200b\u7f51\u7edc\u200b\u5b89\u88c5","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Kube-OVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b Geneve \u200b\u5bf9\u200b\u8de8\u200b\u4e3b\u673a\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u5728\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u4e4b\u4e0a\u200b\u62bd\u8c61\u200b\u51fa\u200b\u4e00\u5c42\u200b\u865a\u62df\u200b\u7684\u200b Overlay \u200b\u7f51\u7edc\u200b\u3002
\u200b\u5bf9\u4e8e\u200b\u5e0c\u671b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u7269\u7406\u200b\u7f51\u7edc\u5730\u5740\u200b\u6bb5\u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5c06\u200b Kube-OVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u5de5\u4f5c\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u7ed9\u200b\u5bb9\u5668\u200b\u5206\u914d\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e2d\u200b\u7684\u200b\u5730\u5740\u200b\u8d44\u6e90\u200b\uff0c\u200b\u8fbe\u5230\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u4ee5\u53ca\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u3002
"},{"location":"start/underlay/#_1","title":"\u529f\u80fd\u200b\u9650\u5236","text":"\u200b\u7531\u4e8e\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u8fdb\u884c\u200b\u4e8c\u5c42\u200b\u5305\u8f6c\u53d1\u200b\uff0cOverlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u7684\u200b SNAT/EIP\uff0c \u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b/\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u7b49\u200b L3 \u200b\u529f\u80fd\u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\uff0cVPC \u200b\u7ea7\u522b\u200b\u7684\u200b\u9694\u79bb\u200b\u4e5f\u200b\u65e0\u6cd5\u200b\u5bf9\u200b Underlay \u200b\u5b50\u7f51\u200b\u751f\u6548\u200b\u3002
"},{"location":"start/underlay/#macvlan","title":"\u548c\u200b Macvlan \u200b\u6bd4\u8f83","text":"Kube-OVN \u200b\u7684\u200b Underlay \u200b\u6a21\u5f0f\u200b\u548c\u200b Macvlan \u200b\u5de5\u4f5c\u200b\u6a21\u5f0f\u200b\u5341\u5206\u200b\u7c7b\u4f3c\u200b\uff0c\u200b\u5728\u200b\u529f\u80fd\u200b\u548c\u200b\u6027\u80fd\u200b\u4e0a\u200b\u4e3b\u8981\u200b\u6709\u200b\u4ee5\u4e0b\u200b\u51e0\u4e2a\u200b\u533a\u522b\u200b\uff1a
- \u200b\u7531\u4e8e\u200b Macvlan \u200b\u7684\u200b\u5185\u6838\u200b\u8def\u5f84\u200b\u66f4\u200b\u77ed\u200b\uff0c\u200b\u5e76\u4e14\u200b\u4e0d\u200b\u9700\u8981\u200b OVS \u200b\u5bf9\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u5904\u7406\u200b\uff0cMacvlan \u200b\u5728\u200b\u541e\u5410\u91cf\u200b\u548c\u200b\u5ef6\u8fdf\u200b\u6027\u80fd\u6307\u6807\u200b\u4e0a\u200b\u8868\u73b0\u200b\u4f1a\u200b\u66f4\u597d\u200b\u3002
- Kube-OVN \u200b\u901a\u8fc7\u200b\u6d41\u8868\u200b\u63d0\u4f9b\u200b\u4e86\u200b arp-proxy \u200b\u529f\u80fd\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u7f13\u89e3\u200b\u5927\u89c4\u6a21\u200b\u7f51\u7edc\u200b\u4e0b\u200b\u7684\u200b arp \u200b\u5e7f\u64ad\u200b\u98ce\u66b4\u200b\u98ce\u9669\u200b\u3002
- \u200b\u7531\u4e8e\u200b Macvlan \u200b\u5de5\u4f5c\u200b\u5728\u200b\u5185\u6838\u200b\u5e95\u5c42\u200b\uff0c\u200b\u4f1a\u200b\u7ed5\u8fc7\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b netfilter\uff0cService \u200b\u548c\u200b NetworkPolicy \u200b\u529f\u80fd\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u5f00\u53d1\u200b\u3002Kube-OVN \u200b\u901a\u8fc7\u200b OVS \u200b\u6d41\u8868\u200b\u63d0\u4f9b\u200b\u4e86\u200b Service \u200b\u548c\u200b NetworkPolicy \u200b\u7684\u200b\u80fd\u529b\u200b\u3002
- Kube-OVN \u200b\u7684\u200b Underlay \u200b\u6a21\u5f0f\u200b\u76f8\u6bd4\u200b Macvlan \u200b\u989d\u5916\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u5730\u5740\u200b\u7ba1\u7406\u200b\uff0c\u200b\u56fa\u5b9a\u200b IP \u200b\u548c\u200b QoS \u200b\u7b49\u200b\u529f\u80fd\u200b\u3002
"},{"location":"start/underlay/#_2","title":"\u73af\u5883\u200b\u8981\u6c42","text":"\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0cOVS \u200b\u5c06\u4f1a\u200b\u6865\u63a5\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u5230\u200b OVS \u200b\u7f51\u6865\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u6570\u636e\u5305\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b\u8be5\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u5bf9\u5916\u200b\u53d1\u9001\u200b\uff0cL2/L3 \u200b\u5c42\u9762\u200b\u7684\u200b\u8f6c\u53d1\u200b\u80fd\u529b\u200b\u9700\u8981\u200b\u4f9d\u8d56\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u3002 \u200b\u9700\u8981\u200b\u9884\u5148\u200b\u5728\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u914d\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5173\u200b\u3001Vlan \u200b\u548c\u200b\u5b89\u5168\u7b56\u7565\u200b\u7b49\u200b\u914d\u7f6e\u200b\u3002
- \u200b\u5bf9\u4e8e\u200b OpenStack \u200b\u7684\u200b VM \u200b\u73af\u5883\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u5bf9\u5e94\u200b\u7f51\u7edc\u200b\u7aef\u53e3\u200b\u7684\u200b
PortSecurity \u200b\u5173\u95ed\u200b\u3002 - \u200b\u5bf9\u4e8e\u200b VMware \u200b\u7684\u200b vSwitch \u200b\u7f51\u7edc\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b
MAC Address Changes, Forged Transmits \u200b\u548c\u200b Promiscuous Mode Operation \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b allow\u3002 - \u200b\u5bf9\u4e8e\u200b Hyper-V \u200b\u865a\u62df\u5316\u200b\uff0c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u865a\u62df\u673a\u200b\u7f51\u5361\u200b\u9ad8\u7ea7\u200b\u529f\u80fd\u200b\u4e2d\u200b\u7684\u200b
MAC Address Spoofing\u3002 - \u200b\u516c\u6709\u200b\u4e91\u200b\uff0c\u200b\u4f8b\u5982\u200b AWS\u3001GCE\u3001\u200b\u963f\u91cc\u200b\u4e91\u200b\u7b49\u200b\u7531\u4e8e\u200b\u4e0d\u200b\u652f\u6301\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b Mac \u200b\u65e0\u6cd5\u200b\u652f\u6301\u200b Underlay \u200b\u6a21\u5f0f\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5728\u200b\u8fd9\u79cd\u200b\u573a\u666f\u200b\u4e0b\u200b\u5982\u679c\u200b\u60f3\u200b\u4f7f\u7528\u200b Underlay \u200b\u63a8\u8350\u200b\u4f7f\u7528\u200b\u5bf9\u5e94\u200b\u516c\u6709\u200b\u4e91\u200b\u5382\u5546\u200b\u63d0\u4f9b\u200b\u7684\u200b VPC-CNI\u3002
- \u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u4e0d\u80fd\u200b\u4e3a\u200b Linux Bridge\u3002
\u200b\u5bf9\u4e8e\u200b\u7ba1\u7406\u200b\u7f51\u200b\u548c\u200b\u5bb9\u5668\u200b\u7f51\u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b\u7f51\u5361\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u5c06\u200b\u7f51\u5361\u200b\u7684\u200b Mac \u200b\u5730\u5740\u200b\u3001IP \u200b\u5730\u5740\u200b\u3001\u200b\u8def\u7531\u200b\u4ee5\u53ca\u200b MTU \u200b\u5c06\u200b\u8f6c\u79fb\u200b\u6216\u200b\u590d\u5236\u200b\u81f3\u200b\u5bf9\u5e94\u200b\u7684\u200b OVS Bridge\uff0c \u200b\u4ee5\u200b\u652f\u6301\u200b\u5355\u200b\u7f51\u5361\u200b\u90e8\u7f72\u200b Underlay \u200b\u7f51\u7edc\u200b\u3002OVS Bridge \u200b\u540d\u79f0\u200b\u683c\u5f0f\u200b\u4e3a\u200b br-PROVIDER_NAME\uff0cPROVIDER_NAME \u200b\u4e3a\u200b Provider \u200b\u7f51\u7edc\u200b\u540d\u79f0\u200b\uff08\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b provider\uff09\u3002
"},{"location":"start/underlay/#_3","title":"\u90e8\u7f72\u200b\u65f6\u200b\u6307\u5b9a\u200b\u7f51\u7edc\u200b\u6a21\u5f0f","text":"\u200b\u8be5\u200b\u90e8\u7f72\u200b\u6a21\u5f0f\u200b\u5c06\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b Underlay \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u6240\u6709\u200b\u672a\u6307\u5b9a\u200b\u5b50\u7f51\u200b\u7684\u200b Pod \u200b\u5747\u4f1a\u200b\u9ed8\u8ba4\u200b\u8fd0\u884c\u200b\u5728\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e2d\u200b\u3002
"},{"location":"start/underlay/#_4","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c","text":"wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
"},{"location":"start/underlay/#_5","title":"\u4fee\u6539\u200b\u811a\u672c\u200b\u4e2d\u200b\u76f8\u5e94\u200b\u914d\u7f6e","text":"ENABLE_ARP_DETECT_IP_CONFLICT # \u200b\u5982\u200b\u6709\u200b\u9700\u8981\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u5173\u95ed\u200b vlan \u200b\u7f51\u7edc\u200b arp \u200b\u51b2\u7a81\u68c0\u6d4b\u200b\nNETWORK_TYPE # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b vlan\nVLAN_INTERFACE_NAME # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bbf\u4e3b\u673a\u200b\u4e0a\u200b\u627f\u62c5\u200b\u5bb9\u5668\u200b\u6d41\u91cf\u200b\u7684\u200b\u7f51\u5361\u200b\uff0c\u200b\u4f8b\u5982\u200b eth1\nVLAN_ID # \u200b\u4ea4\u6362\u673a\u200b\u6240\u200b\u63a5\u53d7\u200b\u7684\u200b VLAN Tag\uff0c\u200b\u82e5\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b 0 \u200b\u5219\u200b\u4e0d\u200b\u505a\u200b VLAN \u200b\u5c01\u88c5\u200b\nPOD_CIDR # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b CIDR\uff0c \u200b\u4f8b\u5982\u200b 192.168.1.0/24\nPOD_GATEWAY # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7f51\u5173\u200b\uff0c\u200b\u4f8b\u5982\u200b 192.168.1.1\nEXCLUDE_IPS # \u200b\u6392\u9664\u200b\u8303\u56f4\u200b\uff0c\u200b\u907f\u514d\u200b\u5bb9\u5668\u200b\u7f51\u6bb5\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u5df2\u200b\u7528\u200b IP \u200b\u51b2\u7a81\u200b\uff0c\u200b\u4f8b\u5982\u200b 192.168.1.1..192.168.1.100\nENABLE_LB # \u200b\u5982\u679c\u200b Underlay \u200b\u5b50\u7f51\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b Service \u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true \nEXCHANGE_LINK_NAME # \u200b\u662f\u5426\u200b\u4ea4\u6362\u200b\u9ed8\u8ba4\u200b provider-network \u200b\u4e0b\u200b OVS \u200b\u7f51\u6865\u200b\u548c\u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u7684\u200b\u540d\u5b57\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b false\nLS_DNAT_MOD_DL_DST # DNAT \u200b\u65f6\u200b\u662f\u5426\u200b\u5bf9\u200b MAC \u200b\u5730\u5740\u200b\u8fdb\u884c\u200b\u8f6c\u6362\u200b\uff0c\u200b\u53ef\u200b\u52a0\u901f\u200b Service \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b true\n
"},{"location":"start/underlay/#_6","title":"\u8fd0\u884c\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"bash install.sh\n
"},{"location":"start/underlay/#crd-underlay","title":"\u901a\u8fc7\u200b CRD \u200b\u52a8\u6001\u521b\u5efa\u200b Underlay \u200b\u7f51\u7edc","text":"\u200b\u8be5\u200b\u65b9\u5f0f\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u52a8\u6001\u200b\u7684\u200b\u521b\u5efa\u200b\u67d0\u4e2a\u200b Underlay \u200b\u5b50\u7f51\u200b\u4f9b\u200b Pod \u200b\u4f7f\u7528\u200b\u3002\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b ProviderNetwork\uff0cVlan \u200b\u548c\u200b Subnet \u200b\u4e09\u79cd\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u3002
"},{"location":"start/underlay/#providernetwork","title":"\u521b\u5efa\u200b ProviderNetwork","text":"ProviderNetwork \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b\u5230\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u6620\u5c04\u200b\u7684\u200b\u62bd\u8c61\u200b\uff0c\u200b\u5c06\u200b\u540c\u5c5e\u200b\u4e00\u4e2a\u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u5361\u200b\u8fdb\u884c\u200b\u7edf\u4e00\u200b\u7ba1\u7406\u200b\uff0c \u200b\u5e76\u200b\u89e3\u51b3\u200b\u5728\u200b\u590d\u6742\u200b\u73af\u5883\u200b\u4e0b\u540c\u200b\u673a\u5668\u200b\u591a\u200b\u7f51\u5361\u200b\u3001\u200b\u7f51\u5361\u200b\u540d\u200b\u4e0d\u200b\u4e00\u81f4\u200b\u3001\u200b\u5bf9\u5e94\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e0d\u200b\u4e00\u81f4\u200b\u7b49\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u7684\u200b\u914d\u7f6e\u200b\u95ee\u9898\u200b\u3002
\u200b\u521b\u5efa\u200b\u5982\u4e0b\u200b ProviderNetwork \u200b\u5e76\u200b\u5e94\u7528\u200b:
apiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: net1\nspec:\n defaultInterface: eth1\n customInterfaces:\n - interface: eth2\n nodes:\n - node1\n excludeNodes:\n - node2\n
\u200b\u6ce8\u610f\u200b\uff1aProviderNetwork \u200b\u8d44\u6e90\u200b\u540d\u79f0\u200b\u7684\u200b\u957f\u5ea6\u200b\u4e0d\u5f97\u200b\u8d85\u8fc7\u200b 12\u3002
defaultInterface: \u200b\u4e3a\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b\u7684\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u540d\u79f0\u200b\u3002 ProviderNetwork \u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\uff0c\u200b\u5404\u200b\u8282\u70b9\u200b\uff08\u200b\u9664\u200b excludeNodes \u200b\u5916\u200b\uff09\u200b\u4e2d\u200b\u4f1a\u200b\u521b\u5efa\u200b\u540d\u4e3a\u200b br-net1\uff08\u200b\u683c\u5f0f\u200b\u4e3a\u200b br-NAME\uff09\u200b\u7684\u200b OVS \u200b\u7f51\u6865\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u6307\u5b9a\u200b\u7684\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u6865\u63a5\u200b\u81f3\u6b64\u200b\u7f51\u6865\u200b\u3002customInterfaces: \u200b\u4e3a\u200b\u53ef\u9009\u9879\u200b\uff0c\u200b\u53ef\u200b\u9488\u5bf9\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u6307\u5b9a\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u3002excludeNodes: \u200b\u53ef\u9009\u9879\u200b\uff0c\u200b\u7528\u4e8e\u200b\u6307\u5b9a\u200b\u4e0d\u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u7684\u200b\u8282\u70b9\u200b\u3002\u200b\u8be5\u200b\u5217\u8868\u200b\u4e2d\u200b\u7684\u200b\u8282\u70b9\u200b\u4f1a\u200b\u88ab\u200b\u6dfb\u52a0\u200b net1.provider-network.ovn.kubernetes.io/exclude=true \u200b\u6807\u7b7e\u200b\u3002
\u200b\u5176\u5b83\u200b\u8282\u70b9\u200b\u4f1a\u200b\u88ab\u200b\u6dfb\u52a0\u200b\u5982\u4e0b\u200b\u6807\u7b7e\u200b\uff1a
Key Value \u200b\u63cf\u8ff0\u200b net1.provider-network.ovn.kubernetes.io/ready true \u200b\u8282\u70b9\u200b\u4e2d\u200b\u7684\u200b\u6865\u63a5\u200b\u5de5\u4f5c\u200b\u5df2\u200b\u5b8c\u6210\u200b\uff0cProviderNetwork \u200b\u5728\u200b\u8282\u70b9\u200b\u4e2d\u200b\u53ef\u7528\u200b net1.provider-network.ovn.kubernetes.io/interface eth1 \u200b\u8282\u70b9\u200b\u4e2d\u200b\u88ab\u200b\u6865\u63a5\u200b\u7684\u200b\u7f51\u5361\u200b\u7684\u200b\u540d\u79f0\u200b net1.provider-network.ovn.kubernetes.io/mtu 1500 \u200b\u8282\u70b9\u200b\u4e2d\u200b\u88ab\u200b\u6865\u63a5\u200b\u7684\u200b\u7f51\u5361\u200b\u7684\u200b MTU \u200b\u5982\u679c\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u4e0a\u200b\u5df2\u7ecf\u200b\u914d\u7f6e\u200b\u4e86\u200b IP\uff0c\u200b\u5219\u200b IP \u200b\u5730\u5740\u200b\u548c\u200b\u7f51\u5361\u200b\u4e0a\u200b\u7684\u200b\u8def\u7531\u200b\u4f1a\u200b\u88ab\u200b\u8f6c\u79fb\u200b\u81f3\u200b\u5bf9\u5e94\u200b\u7684\u200b OVS \u200b\u7f51\u6865\u200b\u3002
"},{"location":"start/underlay/#vlan","title":"\u521b\u5efa\u200b VLAN","text":"Vlan \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u5c06\u200b Vlan Tag \u200b\u548c\u200b ProviderNetwork \u200b\u8fdb\u884c\u200b\u7ed1\u5b9a\u200b\u7684\u200b\u80fd\u529b\u200b\u3002
\u200b\u521b\u5efa\u200b\u5982\u4e0b\u200b VLAN \u200b\u5e76\u200b\u5e94\u7528\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan1\nspec:\n id: 0\n provider: net1\n
id: \u200b\u4e3a\u200b VLAN ID/Tag\uff0cKube-OVN \u200b\u4f1a\u200b\u5bf9\u200b\u5bf9\u200b\u8be5\u200b Vlan \u200b\u4e0b\u200b\u7684\u200b\u6d41\u91cf\u200b\u589e\u52a0\u200b Vlan \u200b\u6807\u7b7e\u200b\uff0c\u200b\u4e3a\u200b 0 \u200b\u65f6\u200b\u4e0d\u200b\u589e\u52a0\u200b\u4efb\u4f55\u200b\u6807\u7b7e\u200b\u3002provider: \u200b\u4e3a\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u7684\u200b ProviderNetwork \u200b\u8d44\u6e90\u200b\u7684\u200b\u540d\u79f0\u200b\u3002\u200b\u591a\u4e2a\u200b VLAN \u200b\u53ef\u4ee5\u200b\u5f15\u7528\u200b\u540c\u4e00\u4e2a\u200b ProviderNetwork\u3002
"},{"location":"start/underlay/#subnet","title":"\u521b\u5efa\u200b Subnet","text":"\u200b\u5c06\u200b Vlan \u200b\u548c\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n vlan: vlan1\n
\u200b\u5c06\u200b vlan \u200b\u7684\u200b\u503c\u200b\u6307\u5b9a\u200b\u4e3a\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u7684\u200b VLAN \u200b\u540d\u79f0\u200b\u5373\u53ef\u200b\u3002\u200b\u591a\u4e2a\u200b Subnet \u200b\u53ef\u4ee5\u200b\u5f15\u7528\u200b\u540c\u4e00\u4e2a\u200b VLAN\u3002
"},{"location":"start/underlay/#_7","title":"\u5bb9\u5668\u200b\u521b\u5efa","text":"\u200b\u53ef\u200b\u6309\u200b\u6b63\u5e38\u200b\u5bb9\u5668\u200b\u521b\u5efa\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b\u521b\u5efa\u200b\uff0c\u200b\u67e5\u770b\u200b\u5bb9\u5668\u200b IP \u200b\u662f\u5426\u200b\u5728\u200b\u89c4\u5b9a\u200b\u8303\u56f4\u200b\u5185\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5bb9\u5668\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u3002
\u200b\u5982\u200b\u6709\u200b\u56fa\u5b9a\u200b IP \u200b\u9700\u6c42\u200b\uff0c\u200b\u53ef\u200b\u53c2\u8003\u200b Pod \u200b\u56fa\u5b9a\u200b IP \u200b\u548c\u200b Mac
"},{"location":"start/underlay/#_8","title":"\u4f7f\u7528\u200b\u903b\u8f91\u200b\u7f51\u5173","text":"\u200b\u5bf9\u4e8e\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e0d\u200b\u5b58\u5728\u200b\u7f51\u5173\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0cKube-OVN \u200b\u652f\u6301\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u914d\u7f6e\u200b\u4f7f\u7528\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u3002 \u200b\u82e5\u200b\u8981\u200b\u4f7f\u7528\u200b\u6b64\u200b\u529f\u80fd\u200b\uff0c\u200b\u8bbe\u7f6e\u200b\u5b50\u7f51\u200b\u7684\u200b spec.logicalGateway \u200b\u4e3a\u200b true \u200b\u5373\u53ef\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n vlan: vlan1\n logicalGateway: true\n
\u200b\u5f00\u542f\u200b\u6b64\u200b\u529f\u80fd\u200b\u540e\u200b\uff0cPod \u200b\u4e0d\u200b\u4f7f\u7528\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\uff0c\u200b\u800c\u662f\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u521b\u5efa\u200b\u7684\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff08Logical Router\uff09\u200b\u5bf9\u4e8e\u200b\u8de8\u200b\u7f51\u6bb5\u200b\u901a\u4fe1\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"start/underlay/#underlay-overlay","title":"Underlay \u200b\u548c\u200b Overlay \u200b\u7f51\u7edc\u200b\u4e92\u901a","text":"\u200b\u5982\u679c\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u540c\u65f6\u200b\u5b58\u5728\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u5b50\u7f51\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u7f51\u5173\u200b\u4ee5\u200b NAT \u200b\u7684\u200b\u65b9\u5f0f\u200b\u8bbf\u95ee\u200b Underlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod IP\u3002 \u200b\u5728\u200b Underlay \u200b\u5b50\u7f51\u200b\u7684\u200b Pod \u200b\u770b\u6765\u200b Overlay \u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u662f\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u8bbe\u5907\u200b\u53bb\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u4f46\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u8bbe\u5907\u200b\u5e76\u200b\u4e0d\u200b\u6e05\u695a\u200b Overlay \u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u65e0\u6cd5\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002 \u200b\u56e0\u6b64\u200b Underlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u65e0\u6cd5\u200b\u901a\u8fc7\u200b Pod IP \u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b Overlay \u200b\u5b50\u7f51\u200b\u7684\u200b Pod\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u4e92\u901a\u200b\u9700\u8981\u200b\u5c06\u200b\u5b50\u7f51\u200b\u7684\u200b u2oInterconnection \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true\uff0c\u200b\u5728\u200b\u8fd9\u4e2a\u200b\u60c5\u51b5\u200b\u4e0b\u200b Kube-OVN \u200b\u4f1a\u200b\u989d\u5916\u200b\u4f7f\u7528\u200b\u4e00\u4e2a\u200b Underlay IP \u200b\u5c06\u200b Underlay \u200b\u5b50\u7f51\u200b \u200b\u548c\u200b ovn-cluster \u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\u8fde\u63a5\u200b\uff0c\u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u5b9e\u73b0\u200b\u4e92\u901a\u200b\u3002 \u200b\u548c\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u4e0d\u540c\u200b\uff0c\u200b\u8be5\u200b\u65b9\u6848\u200b\u53ea\u4f1a\u200b\u8fde\u63a5\u200b Kube-OVN \u200b\u5185\u90e8\u200b\u7684\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u5b50\u7f51\u200b\uff0c\u200b\u5176\u4ed6\u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u7684\u200b\u6d41\u91cf\u200b\u8fd8\u662f\u200b\u4f1a\u200b\u901a\u8fc7\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"start/underlay/#ip","title":"\u6307\u5b9a\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b IP","text":"\u200b\u5f00\u542f\u200b\u4e92\u901a\u200b\u529f\u80fd\u200b\u540e\u200b\uff0c\u200b\u4f1a\u200b\u968f\u673a\u200b\u4ece\u200b subnet \u200b\u5185\u200b\u7684\u200b\u53d6\u200b\u4e00\u4e2a\u200b IP \u200b\u4f5c\u4e3a\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b Underlay Subnet \u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u53ef\u4ee5\u200b\u6307\u5b9a\u200b\u5b57\u200b\u6bb5\u200b u2oInterconnectionIP\u3002
"},{"location":"start/underlay/#underlay-subnet-vpc","title":"\u6307\u5b9a\u200b Underlay Subnet \u200b\u8fde\u63a5\u200b\u7684\u200b\u81ea\u5b9a\u4e49\u200b VPC","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Underlay Subnet \u200b\u4f1a\u200b\u548c\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0a\u200b\u7684\u200b Overlay Subnet \u200b\u4e92\u901a\u200b\uff0c\u200b\u5982\u679c\u200b\u8981\u200b\u6307\u5b9a\u200b\u548c\u200b\u67d0\u4e2a\u200b VPC \u200b\u4e92\u901a\u200b\uff0c\u200b\u5728\u200b u2oInterconnection \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true \u200b\u540e\u200b\uff0c\u200b\u6307\u5b9a\u200b subnet.spec.vpc \u200b\u5b57\u6bb5\u200b\u4e3a\u200b\u8be5\u200b VPC \u200b\u540d\u5b57\u200b\u5373\u53ef\u200b\u3002
"},{"location":"start/underlay/#_9","title":"\u6ce8\u610f\u4e8b\u9879","text":"\u200b\u5982\u679c\u200b\u60a8\u200b\u4f7f\u7528\u200b\u7684\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u4e0a\u200b\u914d\u7f6e\u200b\u6709\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4e14\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u901a\u8fc7\u200b Netplan \u200b\u914d\u7f6e\u200b\u7f51\u7edc\u200b\uff08\u200b\u5982\u200b Ubuntu\uff09\uff0c\u200b\u5efa\u8bae\u60a8\u200b\u5c06\u200b Netplan \u200b\u7684\u200b renderer \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b NetworkManager\uff0c\u200b\u5e76\u200b\u4e3a\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b\u9759\u6001\u200b IP \u200b\u5730\u5740\u200b\uff08\u200b\u5173\u95ed\u200b DHCP\uff09\uff1a
network:\n renderer: NetworkManager\n ethernets:\n eth0:\n dhcp4: no\n addresses:\n - 172.16.143.129/24\n version: 2\n
\u200b\u5982\u679c\u200b\u60a8\u200b\u8981\u200b\u4fee\u6539\u200b\u7f51\u5361\u200b\u7684\u200b IP \u200b\u6216\u200b\u8def\u7531\u200b\u914d\u7f6e\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u4fee\u6539\u200b netplan \u200b\u914d\u7f6e\u200b\u540e\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff1a
netplan generate\n\nnmcli connection reload netplan-eth0\nnmcli device set eth0 managed yes\n
\u200b\u6267\u884c\u200b\u4ee5\u4e0a\u200b\u547d\u4ee4\u200b\u540e\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u5c06\u200b\u7f51\u5361\u200b\u4e0a\u200b\u7684\u200b IP \u200b\u53ca\u200b\u8def\u7531\u200b\u91cd\u65b0\u200b\u8f6c\u79fb\u200b\u81f3\u200b OVS \u200b\u7f51\u6865\u200b\u3002
\u200b\u5982\u679c\u200b\u60a8\u200b\u4f7f\u7528\u200b\u7684\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u901a\u8fc7\u200b NetworkManager \u200b\u7ba1\u7406\u7f51\u7edc\u200b\uff08\u200b\u5982\u200b CentOS\uff09\uff0c\u200b\u5728\u200b\u4fee\u6539\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b\u540e\u200b\u9700\u8981\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff1a
nmcli connection reload eth0\nnmcli device set eth0 managed yes\nnmcli -t -f GENERAL.STATE device show eth0 | grep -qw unmanaged || nmcli device reapply eth0\n
\u200b\u6ce8\u610f\u200b\uff1a\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b\u7684\u200b\u52a8\u6001\u200b\u4fee\u6539\u200b\u4ec5\u200b\u652f\u6301\u200b IP \u200b\u548c\u200b\u8def\u7531\u200b\uff0c\u200b\u4e0d\u200b\u652f\u6301\u200b MAC \u200b\u5730\u5740\u200b\u7684\u200b\u4fee\u6539\u200b\u3002
"},{"location":"start/underlay/#_10","title":"\u5df2\u77e5\u200b\u95ee\u9898","text":""},{"location":"start/underlay/#hairpin-pod","title":"\u7269\u7406\u200b\u7f51\u7edc\u200b\u5f00\u542f\u200b hairpin \u200b\u65f6\u200b Pod \u200b\u7f51\u7edc\u200b\u5f02\u5e38","text":"\u200b\u5f53\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u5f00\u542f\u200b hairpin \u200b\u6216\u200b\u7c7b\u4f3c\u200b\u884c\u4e3a\u200b\u65f6\u200b\uff0c\u200b\u53ef\u80fd\u200b\u51fa\u73b0\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u7f51\u5173\u200b\u68c0\u67e5\u200b\u5931\u8d25\u200b\u3001Pod \u200b\u7f51\u7edc\u901a\u4fe1\u200b\u5f02\u5e38\u200b\u7b49\u200b\u95ee\u9898\u200b\u3002\u200b\u8fd9\u200b\u662f\u56e0\u4e3a\u200b OVS \u200b\u7f51\u6865\u200b\u9ed8\u8ba4\u200b\u7684\u200b MAC \u200b\u5b66\u4e60\u200b\u529f\u80fd\u200b\u4e0d\u200b\u652f\u6301\u200b\u8fd9\u79cd\u200b\u7f51\u7edc\u200b\u73af\u5883\u200b\u3002
\u200b\u8981\u200b\u89e3\u51b3\u200b\u6b64\u200b\u95ee\u9898\u200b\uff0c\u200b\u9700\u8981\u200b\u5173\u95ed\u200b hairpin\uff08\u200b\u6216\u200b\u4fee\u6539\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7684\u200b\u76f8\u5173\u200b\u914d\u7f6e\u200b\uff09\uff0c\u200b\u6216\u200b\u66f4\u65b0\u200b Kube-OVN \u200b\u7248\u672c\u200b\u3002
"},{"location":"start/underlay/#pod-pod","title":"Pod \u200b\u6570\u91cf\u200b\u8f83\u591a\u65f6\u200b\u65b0\u5efa\u200b Pod \u200b\u7f51\u5173\u200b\u68c0\u67e5\u200b\u5931\u8d25","text":"\u200b\u82e5\u200b\u540c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u8fd0\u884c\u200b\u7684\u200b Pod \u200b\u6570\u91cf\u200b\u8f83\u200b\u591a\u200b\uff08\u200b\u5927\u4e8e\u200b 300\uff09\uff0c\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u51fa\u73b0\u200b ARP \u200b\u5e7f\u64ad\u200b\u5305\u200b\u7684\u200b OVS \u200b\u6d41\u8868\u200b resubmit \u200b\u6b21\u6570\u200b\u8d85\u8fc7\u200b\u4e0a\u9650\u200b\u5bfc\u81f4\u200b\u4e22\u5305\u200b\u7684\u200b\u73b0\u8c61\u200b\uff1a
2022-11-13T08:43:46.782Z|00222|ofproto_dpif_upcall(handler5)|WARN|Flow: arp,in_port=331,vlan_tci=0x0000,dl_src=00:00:00:25:eb:39,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.213.131.240,arp_tpa=10.213.159.254,arp_op=1,arp_sha=00:00:00:25:eb:39,arp_tha=ff:ff:ff:ff:ff:ff\n\nbridge(\"br-int\")\n----------------\n 0. No match.\n >>>> received packet on unknown port 331 <<<<\n drop\n\nFinal flow: unchanged\nMegaflow: recirc_id=0,eth,arp,in_port=331,dl_src=00:00:00:25:eb:39\nDatapath actions: drop\n2022-11-13T08:44:34.077Z|00224|ofproto_dpif_xlate(handler5)|WARN|over 4096 resubmit actions on bridge br-int while processing arp,in_port=13483,vlan_tci=0x0000,dl_src=00:00:00:59:ef:13,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.213.152.3,arp_tpa=10.213.159.254,arp_op=1,arp_sha=00:00:00:59:ef:13,arp_tha=ff:ff:ff:ff:ff:ff\n
\u200b\u8981\u200b\u89e3\u51b3\u200b\u6b64\u200b\u95ee\u9898\u200b\uff0c\u200b\u53ef\u200b\u4fee\u6539\u200b OVN NB \u200b\u9009\u9879\u200b bcast_arp_req_flood \u200b\u4e3a\u200b false\uff1a
kubectl ko nbctl set NB_Global . options:bcast_arp_req_flood=false\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/uninstall/","title":"\u5378\u8f7d","text":"\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5220\u9664\u200b Kube-OVN \u200b\u5e76\u200b\u66f4\u6362\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u8bf7\u200b\u6309\u7167\u200b\u4e0b\u5217\u200b\u7684\u200b\u6b65\u9aa4\u200b\u5220\u9664\u200b\u5bf9\u5e94\u200b\u7684\u200b Kube-OVN \u200b\u7ec4\u4ef6\u200b\u4ee5\u53ca\u200b OVS \u200b\u914d\u7f6e\u200b\uff0c\u200b\u4ee5\u200b\u907f\u514d\u200b\u5bf9\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u4ea7\u751f\u200b\u5e72\u6270\u200b\u3002 \u200b\u4e5f\u200b\u6b22\u8fce\u200b\u63d0\u200b issue \u200b\u8054\u7cfb\u200b\u6211\u4eec\u200b\u53cd\u9988\u200b\u4e0d\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u7684\u200b\u539f\u56e0\u200b\u5e2e\u52a9\u200b\u6211\u4eec\u200b\u6539\u8fdb\u200b\u3002
"},{"location":"start/uninstall/#kubernetes","title":"\u5220\u9664\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u521b\u5efa\u200b\u7684\u200b\u8d44\u6e90","text":"\u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u6267\u884c\u200b\u811a\u672c\u200b\u5220\u9664\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u521b\u5efa\u200b\u7684\u200b\u8d44\u6e90\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/cleanup.sh\nbash cleanup.sh\n
"},{"location":"start/uninstall/#_2","title":"\u6e05\u7406\u200b\u4e3b\u673a\u200b\u4e0a\u200b\u7684\u200b\u65e5\u5fd7\u200b\u548c\u200b\u914d\u7f6e\u6587\u4ef6","text":"\u200b\u5728\u200b\u6bcf\u53f0\u200b\u673a\u5668\u200b\u4e0a\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u6e05\u7406\u200b ovsdb \u200b\u4ee5\u53ca\u200b openvswitch \u200b\u4fdd\u5b58\u200b\u7684\u200b\u914d\u7f6e\u200b\uff1a
rm -rf /var/run/openvswitch\nrm -rf /var/run/ovn\nrm -rf /etc/origin/openvswitch/\nrm -rf /etc/origin/ovn/\nrm -rf /etc/cni/net.d/00-kube-ovn.conflist\nrm -rf /etc/cni/net.d/01-kube-ovn.conflist\nrm -rf /var/log/openvswitch\nrm -rf /var/log/ovn\nrm -fr /var/log/kube-ovn\n
"},{"location":"start/uninstall/#_3","title":"\u91cd\u542f\u200b\u8282\u70b9","text":"\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u786e\u4fdd\u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5361\u200b\u4fe1\u606f\u200b\uff0ciptable/ipset \u200b\u89c4\u5219\u200b\u5f97\u4ee5\u200b\u6e05\u9664\u200b\uff0c\u200b\u907f\u514d\u200b\u5bf9\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u7684\u200b\u5f71\u54cd\u200b\uff1a
reboot\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"}]}
\ No newline at end of file
+{"config":{"lang":["en","zh"],"separator":"[\\s\\u200b\\-]","pipeline":["stemmer"]},"docs":[{"location":"","title":"Kube-OVN","text":"Kube-OVN \u200b\u662f\u200b\u4e00\u6b3e\u200b CNCF \u200b\u65d7\u4e0b\u200b\u7684\u200b\u4f01\u4e1a\u7ea7\u200b\u4e91\u200b\u539f\u751f\u200b\u7f51\u7edc\u200b\u7f16\u6392\u200b\u7cfb\u7edf\u200b\uff0c\u200b\u5c06\u200b SDN \u200b\u7684\u200b\u80fd\u529b\u200b\u548c\u200b\u4e91\u200b\u539f\u751f\u200b\u7ed3\u5408\u200b\uff0c \u200b\u63d0\u4f9b\u200b\u4e30\u5bcc\u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u6781\u81f4\u200b\u7684\u200b\u6027\u80fd\u200b\u4ee5\u53ca\u200b\u826f\u597d\u200b\u7684\u200b\u53ef\u200b\u8fd0\u7ef4\u6027\u200b\u3002
\u200b\u4e30\u5bcc\u200b\u7684\u200b\u529f\u80fd\u200b\uff1a
\u200b\u5982\u679c\u200b\u4f60\u200b\u6000\u5ff5\u200b SDN \u200b\u9886\u57df\u200b\u4e30\u5bcc\u200b\u7684\u200b\u7f51\u7edc\u200b\u80fd\u529b\u200b\u5374\u200b\u5728\u200b\u4e91\u200b\u539f\u751f\u200b\u9886\u57df\u200b\u82e6\u82e6\u200b\u8ffd\u5bfb\u200b\u800c\u200b\u4e0d\u5f97\u200b\uff0c\u200b\u90a3\u4e48\u200b Kube-OVN \u200b\u5c06\u200b\u662f\u200b\u4f60\u200b\u7684\u200b\u6700\u4f73\u200b\u9009\u62e9\u200b\u3002
\u200b\u501f\u52a9\u200b OVS/OVN \u200b\u5728\u200b SDN \u200b\u9886\u57df\u200b\u6210\u719f\u200b\u7684\u200b\u80fd\u529b\u200b\uff0cKube-OVN \u200b\u5c06\u200b\u7f51\u7edc\u200b\u865a\u62df\u5316\u200b\u7684\u200b\u4e30\u5bcc\u200b\u529f\u80fd\u200b\u5e26\u5165\u200b\u4e91\u200b\u539f\u751f\u200b\u9886\u57df\u200b\u3002\u200b\u76ee\u524d\u200b\u5df2\u200b\u652f\u6301\u200b\u5b50\u7f51\u200b\u7ba1\u7406\u200b\uff0c \u200b\u9759\u6001\u200b IP \u200b\u5206\u914d\u200b\uff0c\u200b\u5206\u5e03\u5f0f\u200b/\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0cUnderlay/Overlay \u200b\u6df7\u5408\u200b\u7f51\u7edc\u200b\uff0c VPC \u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\uff0c\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u7f51\u7edc\u200b\uff0cQoS \u200b\u7ba1\u7406\u200b\uff0c \u200b\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406\u200b\uff0cACL \u200b\u7f51\u7edc\u200b\u63a7\u5236\u200b\uff0c\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\uff0cARM \u200b\u652f\u6301\u200b\uff0c Windows \u200b\u652f\u6301\u200b\u7b49\u200b\u8bf8\u591a\u200b\u529f\u80fd\u200b\u3002
\u200b\u6781\u81f4\u200b\u7684\u200b\u6027\u80fd\u200b\uff1a
\u200b\u5982\u679c\u200b\u4f60\u200b\u62c5\u5fc3\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u4f1a\u200b\u5e26\u6765\u200b\u989d\u5916\u200b\u7684\u200b\u6027\u80fd\u200b\u635f\u8017\u200b\uff0c\u200b\u90a3\u4e48\u200b\u6765\u770b\u200b\u4e00\u4e0b\u200b Kube-OVN \u200b\u662f\u200b\u5982\u4f55\u200b\u6781\u81f4\u200b\u7684\u200b\u4f18\u5316\u200b\u6027\u80fd\u200b\u3002
\u200b\u5728\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\uff0c\u200b\u901a\u8fc7\u200b\u4e00\u7cfb\u5217\u200b\u5bf9\u6d41\u200b\u8868\u200b\u548c\u200b\u5185\u6838\u200b\u7684\u200b\u7cbe\u5fc3\u200b\u4f18\u5316\u200b\uff0c\u200b\u5e76\u200b\u501f\u52a9\u200b eBPF\u3001DPDK\u3001\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b\u5378\u8f7d\u200b\u7b49\u200b\u65b0\u5174\u200b\u6280\u672f\u200b\uff0c Kube-OVN \u200b\u53ef\u4ee5\u200b\u5728\u200b\u5ef6\u8fdf\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u7b49\u200b\u65b9\u9762\u200b\u7684\u200b\u6307\u6807\u200b\u8fbe\u5230\u200b\u8fd1\u4f3c\u200b\u6216\u200b\u8d85\u51fa\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u6027\u80fd\u200b\u7684\u200b\u6c34\u5e73\u200b\u3002\u200b\u5728\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\uff0c\u200b\u901a\u8fc7\u200b\u5bf9\u200b OVN \u200b\u4e0a\u6e38\u200b\u6d41\u8868\u200b\u7684\u200b\u88c1\u526a\u200b\uff0c \u200b\u5404\u79cd\u200b\u7f13\u5b58\u200b\u6280\u672f\u200b\u7684\u200b\u4f7f\u7528\u200b\u548c\u200b\u8c03\u4f18\u200b\uff0cKube-OVN \u200b\u53ef\u4ee5\u200b\u652f\u6301\u200b\u5927\u89c4\u6a21\u200b\u4e0a\u5343\u200b\u8282\u70b9\u200b\u548c\u200b\u4e0a\u4e07\u200b Pod \u200b\u7684\u200b\u96c6\u7fa4\u200b\u3002
\u200b\u6b64\u5916\u200b Kube-OVN \u200b\u8fd8\u200b\u5728\u200b\u4e0d\u65ad\u200b\u4f18\u5316\u200b CPU \u200b\u548c\u200b\u5185\u5b58\u200b\u7b49\u200b\u8d44\u6e90\u200b\u7684\u200b\u4f7f\u7528\u91cf\u200b\uff0c\u200b\u4ee5\u200b\u9002\u5e94\u200b\u8fb9\u7f18\u200b\u7b49\u200b\u8d44\u6e90\u200b\u6709\u9650\u200b\u573a\u666f\u200b\u3002
\u200b\u826f\u597d\u200b\u7684\u200b\u53ef\u200b\u8fd0\u7ef4\u6027\u200b\uff1a
\u200b\u5982\u679c\u200b\u4f60\u200b\u5bf9\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u8fd0\u7ef4\u200b\u5fc3\u5b58\u200b\u5fe7\u8651\u200b\uff0cKube-OVN \u200b\u5185\u7f6e\u200b\u4e86\u200b\u5927\u91cf\u200b\u7684\u200b\u5de5\u5177\u200b\u6765\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u7b80\u5316\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u3002
Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff0c\u200b\u5e2e\u52a9\u200b\u7528\u6237\u200b\u8fc5\u901f\u200b\u642d\u5efa\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u3002\u200b\u540c\u65f6\u200b\u5185\u7f6e\u200b\u7684\u200b\u4e30\u5bcc\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u548c\u200b Grafana \u200b\u9762\u677f\u200b\uff0c \u200b\u53ef\u200b\u5e2e\u52a9\u200b\u7528\u6237\u200b\u5efa\u7acb\u200b\u5b8c\u5584\u200b\u7684\u200b\u76d1\u63a7\u200b\u4f53\u7cfb\u200b\u3002\u200b\u5f3a\u5927\u200b\u7684\u200b\u547d\u4ee4\u884c\u200b\u5de5\u5177\u200b\u53ef\u4ee5\u200b\u7b80\u5316\u200b\u7528\u6237\u200b\u7684\u200b\u65e5\u5e38\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u3002\u200b\u901a\u8fc7\u200b\u548c\u200b Cilium \u200b\u7ed3\u5408\u200b\uff0c\u200b\u5229\u7528\u200b eBPF \u200b\u80fd\u529b\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b \u200b\u589e\u5f3a\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u7684\u200b\u53ef\u200b\u89c2\u6d4b\u200b\u6027\u200b\u3002 \u200b\u6b64\u5916\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u7684\u200b\u80fd\u529b\u200b\u53ef\u4ee5\u200b\u65b9\u4fbf\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b\u6d41\u91cf\u200b\u76d1\u63a7\u200b\uff0c\u200b\u5e76\u200b\u548c\u200b\u4f20\u7edf\u200b\u7684\u200b NPM \u200b\u7cfb\u7edf\u200b\u5bf9\u63a5\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"contact/","title":"\u8054\u7cfb\u65b9\u5f0f","text":"\u200b\u5173\u6ce8\u200b\u516c\u4f17\u200b\u53f7\u200b\u83b7\u5f97\u200b\u66f4\u200b\u591a\u200b\u6700\u65b0\u200b\u4fe1\u606f\u200b\uff0c\u200b\u8bf7\u200b\u626b\u63cf\u200b\u4e0b\u65b9\u200b\u4e8c\u7ef4\u7801\u200b:
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/","title":"\u4f7f\u7528\u200b eBPF \u200b\u52a0\u901f\u200b\u8282\u70b9\u200b\u5185\u200b TCP \u200b\u901a\u4fe1","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u8fb9\u7f18\u200b\u548c\u200b 5G \u200b\u7684\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u540c\u200b\u8282\u70b9\u200b\u5185\u200b\u7684\u200b Pod \u200b\u4e4b\u95f4\u200b\u4f1a\u200b\u8fdb\u884c\u200b\u5927\u91cf\u200b\u7684\u200b TCP \u200b\u901a\u4fe1\u200b\uff0c\u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b Intel \u200b\u5f00\u6e90\u200b\u7684\u200b istio-tcpip-bypass \u200b\u9879\u76ee\u200b\uff0cPod \u200b\u53ef\u4ee5\u200b\u501f\u52a9\u200b eBPF \u200b\u7684\u200b\u80fd\u529b\u200b\u7ed5\u8fc7\u200b\u4e3b\u673a\u200b\u7684\u200b TCP/IP \u200b\u534f\u8bae\u200b\u6808\u200b\uff0c\u200b\u76f4\u63a5\u200b\u8fdb\u884c\u200b socket \u200b\u901a\u4fe1\u200b\uff0c\u200b\u4ece\u800c\u200b\u5927\u5e45\u200b\u964d\u4f4e\u200b\u5ef6\u8fdf\u200b\u5e76\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_1","title":"\u57fa\u672c\u539f\u7406","text":"\u200b\u5728\u200b\u5f53\u524d\u200b\u7684\u200b\u5b9e\u73b0\u200b\u4e0b\u200b\uff0c\u200b\u540c\u200b\u4e3b\u673a\u200b\u7684\u200b\u4e24\u4e2a\u200b Pod \u200b\u8fdb\u884c\u200b TCP \u200b\u8fdb\u884c\u200b\u901a\u4fe1\u200b\u9700\u8981\u200b\u7ecf\u8fc7\u200b\u5927\u91cf\u200b\u7684\u200b\u7f51\u7edc\u200b\u6808\u200b\uff0c\u200b\u5305\u62ec\u200b TCP/IP, netfilter\uff0cOVS \u200b\u7b49\u200b\u5982\u4e0b\u200b\u56fe\u200b\u6240\u793a\u200b\uff1a
istio-tcpip-bypass \u200b\u63d2\u4ef6\u200b\u53ef\u4ee5\u200b\u81ea\u52a8\u200b\u5206\u6790\u200b\u5e76\u200b\u8bc6\u522b\u200b\u51fa\u540c\u200b\u4e3b\u673a\u200b\u5185\u200b\u7684\u200b TCP \u200b\u901a\u4fe1\u200b\uff0c\u200b\u5e76\u200b\u7ed5\u8fc7\u200b\u590d\u6742\u200b\u7684\u200b\u5185\u6838\u200b\u6808\u200b\u4ece\u800c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u8fdb\u884c\u200b socket \u200b\u95f4\u200b\u7684\u200b\u6570\u636e\u4f20\u8f93\u200b\uff0c \u200b\u6765\u200b\u964d\u4f4e\u200b\u7f51\u7edc\u200b\u6808\u200b\u5904\u7406\u200b\u5f00\u9500\u200b\uff0c\u200b\u5982\u4e0b\u200b\u56fe\u200b\u6240\u793a\u200b\uff1a
\u200b\u7531\u4e8e\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u53ef\u4ee5\u200b\u81ea\u52a8\u8bc6\u522b\u200b\u540c\u200b\u4e3b\u673a\u200b\u5185\u200b\u7684\u200b TCP \u200b\u901a\u4fe1\u200b\uff0c\u200b\u5e76\u200b\u8fdb\u884c\u200b\u4f18\u5316\u200b\u3002\u200b\u5728\u200b\u57fa\u4e8e\u200b\u4ee3\u7406\u200b\u6a21\u5f0f\u200b\u7684\u200b Service Mesh \u200b\u73af\u5883\u200b\u4e0b\u200b\uff0c\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u589e\u5f3a\u200b Service Mesh \u200b\u7684\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\u3002
\u200b\u66f4\u200b\u591a\u200b\u6280\u672f\u200b\u5b9e\u73b0\u200b\u7ec6\u8282\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Tanzu Service Mesh Acceleration using eBPF\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_2","title":"\u73af\u5883\u200b\u51c6\u5907","text":"eBPF \u200b\u5bf9\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u6709\u200b\u4e00\u5b9a\u200b\u8981\u6c42\u200b\uff0c\u200b\u63a8\u8350\u200b\u4f7f\u7528\u200b Ubuntu 20.04 \u200b\u548c\u200b Linux 5.4.0-74-generic \u200b\u7248\u672c\u200b\u5185\u6838\u200b\u8fdb\u884c\u200b\u5b9e\u9a8c\u200b\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_3","title":"\u5b9e\u9a8c\u200b\u6b65\u9aa4","text":"\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u90e8\u7f72\u200b\u4e24\u4e2a\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b Pod\uff0c\u200b\u82e5\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5b58\u5728\u200b\u591a\u53f0\u200b\u673a\u5668\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b nodeSelector\uff1a
# kubectl create deployment perf --image=kubeovn/perf:dev --replicas=2\ndeployment.apps/perf created\n# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nperf-7697bc6ddf-b2cpv 1/1 Running 0 28s 100.64.0.3 sealos <none> <none>\nperf-7697bc6ddf-p2xpt 1/1 Running 0 28s 100.64.0.2 sealos <none> <none>\n
\u200b\u8fdb\u5165\u200b\u5176\u4e2d\u200b\u4e00\u4e2a\u200b Pod \u200b\u5f00\u542f\u200b qperf server\uff0c\u200b\u5728\u200b\u53e6\u200b\u4e00\u4e2a\u200b Pod \u200b\u4e2d\u200b\u542f\u52a8\u200b qperf client \u200b\u8fdb\u884c\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\uff1a
# kubectl exec -it perf-7697bc6ddf-b2cpv sh\n/ # qperf\n\n# kubectl exec -it perf-7697bc6ddf-p2xpt sh\n/ # qperf -t 60 100.64.0.3 -ub -oo msg_size:1:16K:*4 -vu tcp_lat tcp_bw\n
\u200b\u90e8\u7f72\u200b istio-tcpip-bypass \u200b\u63d2\u4ef6\u200b\uff1a
kubectl apply -f https://raw.githubusercontent.com/intel/istio-tcpip-bypass/main/bypass-tcpip-daemonset.yaml\n
\u200b\u518d\u6b21\u200b\u8fdb\u5165\u200b perf client \u200b\u5bb9\u5668\u200b\u8fdb\u884c\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\uff1a
# kubectl exec -it perf-7697bc6ddf-p2xpt sh\n/ # qperf -t 60 100.64.0.3 -ub -oo msg_size:1:16K:*4 -vu tcp_lat tcp_bw\n
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_4","title":"\u6d4b\u8bd5\u200b\u7ed3\u679c","text":"\u200b\u6839\u636e\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b TCP \u200b\u5ef6\u8fdf\u200b\u5728\u200b\u4e0d\u540c\u200b\u6570\u636e\u5305\u200b\u5927\u5c0f\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u4f1a\u200b\u6709\u200b 40% ~ 60% \u200b\u7684\u200b\u5ef6\u8fdf\u200b\u4e0b\u964d\u200b\uff0c\u200b\u5728\u200b\u6570\u636e\u5305\u200b\u5927\u4e8e\u200b 1024 \u200b\u5b57\u8282\u200b\u65f6\u200b\u541e\u5410\u91cf\u200b\u4f1a\u200b\u6709\u200b 40% ~ 80% \u200b\u63d0\u5347\u200b\u3002
Packet Size (byte) eBPF tcp_lat (us) Default tcp_lat (us) eBPF tcp_bw (Mb/s) Default tcp_bw(Mb/s) 1 20.2 44.5 1.36 4.27 4 20.2 48.7 5.48 16.7 16 19.6 41.6 21.7 63.5 64 18.8 41.3 96.8 201 256 19.2 36 395 539 1024 18.3 42.4 1360 846 4096 16.5 62.6 4460 2430 16384 20.2 58.8 9600 6900 \u200b\u5728\u200b\u6d4b\u8bd5\u200b\u7684\u200b\u786c\u4ef6\u200b\u73af\u5883\u200b\u4e0b\u200b\uff0c\u200b\u6570\u636e\u5305\u200b\u5c0f\u4e8e\u200b 512 \u200b\u5b57\u8282\u200b\u65f6\u200b\uff0c\u200b\u4f7f\u7528\u200b eBPF \u200b\u4f18\u5316\u200b\u541e\u5410\u91cf\u200b\u6307\u6807\u200b\u4f1a\u200b\u4f4e\u4e8e\u200b\u9ed8\u8ba4\u200b\u914d\u7f6e\u200b\u4e0b\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u3002 \u200b\u8be5\u200b\u60c5\u51b5\u200b\u53ef\u80fd\u200b\u548c\u200b\u9ed8\u8ba4\u200b\u914d\u7f6e\u200b\u4e0b\u200b\u7f51\u5361\u200b\u5f00\u542f\u200b TCP \u200b\u805a\u5408\u200b\u4f18\u5316\u200b\u76f8\u5173\u200b\u3002\u200b\u5982\u679c\u200b\u5e94\u7528\u200b\u573a\u666f\u200b\u5bf9\u200b\u5c0f\u5305\u200b\u541e\u5410\u91cf\u200b\u654f\u611f\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u76f8\u5e94\u200b\u73af\u5883\u200b\u4e0b\u200b \u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b\u5224\u65ad\u200b\u662f\u5426\u200b\u5f00\u542f\u200b eBPF \u200b\u4f18\u5316\u200b\u3002\u200b\u6211\u4eec\u200b\u4e5f\u200b\u4f1a\u200b\u540e\u7eed\u200b\u5bf9\u200b eBPF TCP \u200b\u5c0f\u5305\u200b\u573a\u666f\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u8fdb\u884c\u200b\u4f18\u5316\u200b\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_5","title":"\u53c2\u8003\u8d44\u6599","text":" - istio-tcpip-bypass
- Deep Dive TCP/IP Bypass with eBPF in Service Mesh
- Tanzu Service Mesh Acceleration using eBPF
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/cilium-hubble-observe/","title":"Cilium \u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b","text":"Kube-OVN \u200b\u5f53\u524d\u200b\u5df2\u7ecf\u200b\u652f\u6301\u200b\u4e0e\u200b Cilium \u200b\u96c6\u6210\u200b\uff0c\u200b\u5177\u4f53\u64cd\u4f5c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Cilium \u200b\u96c6\u6210\u200b\u3002
Cilium \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e30\u5bcc\u200b\u7684\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u80fd\u529b\u200b\uff0c\u200b\u6d41\u91cf\u200b\u53ef\u200b\u89c2\u6d4b\u200b\u6027\u662f\u200b\u7531\u200b Hubble \u200b\u63d0\u4f9b\u200b\u7684\u200b\u3002Hubble \u200b\u53ef\u4ee5\u200b\u89c2\u5bdf\u200b\u8282\u70b9\u200b\u3001\u200b\u96c6\u7fa4\u200b\u751a\u81f3\u200b\u591a\u200b\u96c6\u7fa4\u200b\u573a\u666f\u200b\u4e0b\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u7684\u200b\u6d41\u91cf\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#hubble","title":"\u5b89\u88c5\u200b Hubble","text":"\u200b\u9ed8\u8ba4\u200b\u7684\u200b Cilium \u200b\u96c6\u6210\u200b\u5b89\u88c5\u200b\u4e2d\u200b\uff0c\u200b\u5e76\u200b\u6ca1\u6709\u200b\u5b89\u88c5\u200b Hubble \u200b\u76f8\u5173\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u56e0\u6b64\u200b\u8981\u200b\u652f\u6301\u200b\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\uff0c\u200b\u9700\u8981\u200b\u5148\u200b\u5728\u200b\u73af\u5883\u200b\u4e0a\u200b\u8865\u5145\u200b\u5b89\u88c5\u200b Hubble\u3002
\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u4f7f\u7528\u200b helm \u200b\u5b89\u88c5\u200b Hubble\uff1a
helm upgrade cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --reuse-values \\\n --set hubble.relay.enabled=true \\\n --set hubble.ui.enabled=true\n
\u200b\u8865\u5145\u200b\u5b89\u88c5\u200b Hubble \u200b\u4e4b\u540e\u200b\uff0c\u200b\u6267\u884c\u200b cilium status \u200b\u67e5\u770b\u200b\u7ec4\u4ef6\u200b\u72b6\u6001\u200b\uff0c\u200b\u786e\u8ba4\u200b Hubble \u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\u3002
# cilium status\n /\u00af\u00af\\\n /\u00af\u00af\\__/\u00af\u00af\\ Cilium: OK\n \\__/\u00af\u00af\\__/ Operator: OK\n /\u00af\u00af\\__/\u00af\u00af\\ Hubble: OK\n \\__/\u00af\u00af\\__/ ClusterMesh: disabled\n \\__/\n\nDeployment hubble-relay Desired: 1, Ready: 1/1, Available: 1/1\nDeployment cilium-operator Desired: 2, Ready: 2/2, Available: 2/2\nDaemonSet cilium Desired: 2, Ready: 2/2, Available: 2/2\nDeployment hubble-ui Desired: 1, Ready: 1/1, Available: 1/1\nContainers: cilium Running: 2\n hubble-ui Running: 1\n hubble-relay Running: 1\n cilium-operator Running: 2\nCluster Pods: 16/17 managed by Cilium\nImage versions hubble-relay quay.io/cilium/hubble-relay:v1.11.6@sha256:fd9034a2d04d5b973f1e8ed44f230ea195b89c37955ff32e34e5aa68f3ed675a: 1\n cilium-operator quay.io/cilium/operator-generic:v1.11.6@sha256:9f6063c7bcaede801a39315ec7c166309f6a6783e98665f6693939cf1701bc17: 2\n cilium quay.io/cilium/cilium:v1.11.6@sha256:f7f93c26739b6641a3fa3d76b1e1605b15989f25d06625260099e01c8243f54c: 2\n hubble-ui quay.io/cilium/hubble-ui:v0.9.0@sha256:0ef04e9a29212925da6bdfd0ba5b581765e41a01f1cc30563cef9b30b457fea0: 1\n hubble-ui quay.io/cilium/hubble-ui-backend:v0.9.0@sha256:000df6b76719f607a9edefb9af94dfd1811a6f1b6a8a9c537cba90bf12df474b: 1\napple@bogon cilium %\n
\u200b\u5b89\u88c5\u200b Hubble \u200b\u7ec4\u4ef6\u200b\u4e4b\u540e\u200b\uff0c\u200b\u9700\u8981\u200b\u5b89\u88c5\u200b\u547d\u4ee4\u884c\u200b\uff0c\u200b\u7528\u4e8e\u200b\u5728\u200b\u73af\u5883\u200b\u4e0a\u200b\u67e5\u770b\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002 \u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u5b89\u88c5\u200b Hubble CLI :
curl -L --fail --remote-name-all https://github.com/cilium/hubble/releases/download/v0.10.0/hubble-linux-amd64.tar.gz\nsudo tar xzvfC hubble-linux-amd64.tar.gz /usr/local/bin\n
"},{"location":"advance/cilium-hubble-observe/#_1","title":"\u90e8\u7f72\u200b\u6d4b\u8bd5\u200b\u4e1a\u52a1","text":"Cilium \u200b\u5b98\u65b9\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u4e2a\u200b\u6d41\u91cf\u200b\u6d4b\u8bd5\u200b\u7684\u200b\u90e8\u7f72\u200b\u65b9\u6848\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u5b98\u65b9\u200b\u90e8\u7f72\u200b\u7684\u200b\u4e1a\u52a1\u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b\u3002
\u200b\u6267\u884c\u547d\u4ee4\u200b cilium connectivity test\uff0cCilium \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u521b\u5efa\u200b cilium-test \u200b\u7684\u200b Namespace\uff0c\u200b\u540c\u65f6\u200b\u5728\u200b cilium-test \u200b\u4e0b\u200b\u90e8\u7f72\u200b\u6d4b\u8bd5\u200b\u4e1a\u52a1\u200b\u3002
\u200b\u6b63\u5e38\u200b\u90e8\u7f72\u200b\u5b8c\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b cilium-test namespace \u200b\u4e0b\u200b\u7684\u200b\u8d44\u6e90\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b\uff1a
# kubectl get all -n cilium-test\nNAME READY STATUS RESTARTS AGE\npod/client-7df6cfbf7b-z5t2j 1/1 Running 0 21s\npod/client2-547996d7d8-nvgxg 1/1 Running 0 21s\npod/echo-other-node-d79544ccf-hl4gg 2/2 Running 0 21s\npod/echo-same-node-5d466d5444-ml7tc 2/2 Running 0 21s\n\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nservice/echo-other-node NodePort 10.109.58.126 <none> 8080:32269/TCP 21s\nservice/echo-same-node NodePort 10.108.70.32 <none> 8080:32490/TCP 21s\n\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps/client 1/1 1 1 21s\ndeployment.apps/client2 1/1 1 1 21s\ndeployment.apps/echo-other-node 1/1 1 1 21s\ndeployment.apps/echo-same-node 1/1 1 1 21s\n\nNAME DESIRED CURRENT READY AGE\nreplicaset.apps/client-7df6cfbf7b 1 1 1 21s\nreplicaset.apps/client2-547996d7d8 1 1 1 21s\nreplicaset.apps/echo-other-node-d79544ccf 1 1 1 21s\nreplicaset.apps/echo-same-node-5d466d5444 1 1 1 21s\n
"},{"location":"advance/cilium-hubble-observe/#_2","title":"\u4f7f\u7528\u200b\u547d\u4ee4\u884c\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u89c2\u6d4b","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u4ec5\u200b\u63d0\u4f9b\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b Cilium \u200b\u4ee3\u7406\u200b\u89c2\u5bdf\u200b\u5230\u200b\u7684\u200b\u6d41\u91cf\u200b\u3002 \u200b\u53ef\u4ee5\u200b\u5728\u200b kube-system namespace \u200b\u4e0b\u200b\u7684\u200b Cilium \u200b\u4ee3\u7406\u200b pod \u200b\u4e2d\u200b\u6267\u884c\u200b hubble observe \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u770b\u200b\u8be5\u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002
# kubectl get pod -n kube-system -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\ncilium-d6h56 1/1 Running 0 2d20h 172.18.0.2 kube-ovn-worker <none> <none>\ncilium-operator-5887f78bbb-c7sb2 1/1 Running 0 2d20h 172.18.0.2 kube-ovn-worker <none> <none>\ncilium-operator-5887f78bbb-wj8gt 1/1 Running 0 2d20h 172.18.0.3 kube-ovn-control-plane <none> <none>\ncilium-tq5xb 1/1 Running 0 2d20h 172.18.0.3 kube-ovn-control-plane <none> <none>\nkube-ovn-pinger-7lgk8 1/1 Running 0 21h 10.16.0.19 kube-ovn-control-plane <none> <none>\nkube-ovn-pinger-msvcn 1/1 Running 0 21h 10.16.0.18 kube-ovn-worker <none> <none>\n\n# kubectl exec -it -n kube-system cilium-d6h56 -- bash\nroot@kube-ovn-worker:/home/cilium# hubble observe --from-namespace kube-system\nJul 29 03:24:25.551: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.561: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: RST)\nJul 29 03:24:25.561: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, RST)\nJul 29 03:24:25.572: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: SYN)\nJul 29 03:24:25.572: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.651: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.661: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: RST)\nJul 29 03:24:25.661: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, RST)\nJul 29 03:24:25.761: kube-system/kube-ovn-pinger-msvcn:52004 -> 172.18.0.3:6443 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.779: kube-system/kube-ovn-pinger-msvcn -> kube-system/kube-ovn-pinger-7lgk8 to-stack FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:25.779: kube-system/kube-ovn-pinger-msvcn <- kube-system/kube-ovn-pinger-7lgk8 to-endpoint FORWARDED (ICMPv4 EchoReply)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 <- kube-system/hubble-relay-959988db5-zc5vv:4245 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 <- kube-system/hubble-relay-959988db5-zc5vv:80 to-endpoint FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 -> kube-system/hubble-relay-959988db5-zc5vv:4245 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 -> kube-system/hubble-relay-959988db5-zc5vv:4245 to-endpoint FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.975: kube-system/kube-ovn-pinger-7lgk8 -> kube-system/kube-ovn-pinger-msvcn to-endpoint FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:25.975: kube-system/kube-ovn-pinger-7lgk8 <- kube-system/kube-ovn-pinger-msvcn to-stack FORWARDED (ICMPv4 EchoReply)\nJul 29 03:24:25.979: kube-system/kube-ovn-pinger-msvcn -> 172.18.0.3 to-stack FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:26.037: kube-system/coredns-6d4b75cb6d-lbgjg:36430 -> 172.18.0.3:6443 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:26.282: kube-system/kube-ovn-pinger-msvcn -> 172.18.0.2 to-stack FORWARDED (ICMPv4 EchoRequest)\n
\u200b\u90e8\u7f72\u200b Hubble Relay \u200b\u540e\u200b\uff0cHubble \u200b\u53ef\u4ee5\u200b\u63d0\u4f9b\u200b\u5b8c\u6574\u200b\u7684\u200b\u96c6\u7fa4\u200b\u8303\u56f4\u200b\u7684\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#_3","title":"\u914d\u7f6e\u200b\u7aef\u53e3\u200b\u8f6c\u53d1","text":"\u200b\u4e3a\u4e86\u200b\u80fd\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b Hubble API\uff0c\u200b\u9700\u8981\u200b\u521b\u5efa\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u5c06\u200b\u672c\u5730\u200b\u8bf7\u6c42\u200b\u8f6c\u53d1\u200b\u5230\u200b Hubble Service\u3002\u200b\u53ef\u4ee5\u200b\u6267\u884c\u200b kubectl port-forward deployment/hubble-relay -n kube-system 4245:4245 \u200b\u547d\u4ee4\u200b\uff0c\u200b\u5728\u200b\u5f53\u524d\u200b\u7ec8\u7aef\u200b\u5f00\u542f\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u3002
\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b \u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u3002
kubectl port-forward \u200b\u547d\u4ee4\u200b\u4e0d\u4f1a\u200b\u8fd4\u56de\u200b\uff0c\u200b\u9700\u8981\u200b\u6253\u5f00\u200b\u53e6\u200b\u4e00\u4e2a\u200b\u7ec8\u7aef\u200b\u6765\u200b\u7ee7\u7eed\u200b\u6d4b\u8bd5\u200b\u3002
\u200b\u914d\u7f6e\u200b\u5b8c\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u4e4b\u540e\u200b\uff0c\u200b\u5728\u200b\u7ec8\u7aef\u200b\u6267\u884c\u200b hubble status \u200b\u547d\u4ee4\u200b\uff0c\u200b\u5982\u679c\u200b\u6709\u200b\u7c7b\u4f3c\u200b\u5982\u4e0b\u200b\u8f93\u51fa\u200b\uff0c\u200b\u5219\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u547d\u4ee4\u884c\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u3002
# hubble status\nHealthcheck (via localhost:4245): Ok\nCurrent/Max Flows: 8,190/8,190 (100.00%)\nFlows/s: 22.86\nConnected Nodes: 2/2\n
"},{"location":"advance/cilium-hubble-observe/#_4","title":"\u547d\u4ee4\u884c\u200b\u89c2\u6d4b","text":"\u200b\u5728\u200b\u7ec8\u7aef\u200b\u4e0a\u200b\u6267\u884c\u200b hubble observe \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u770b\u200b\u96c6\u7fa4\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002 \u200b\u89c2\u6d4b\u200b\u5230\u200b\u7684\u200b cilium-test \u200b\u76f8\u5173\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u6d41\u91cf\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b\uff1a
\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u7684\u200b\u662f\u200b\uff0c hubble observe \u200b\u547d\u4ee4\u200b\u7684\u200b\u663e\u793a\u200b\u7ed3\u679c\u200b\uff0c\u200b\u662f\u200b\u5f53\u524d\u200b\u547d\u4ee4\u884c\u200b\u6267\u884c\u200b\u65f6\u200b\u67e5\u8be2\u200b\u5230\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002\u200b\u591a\u6b21\u200b\u6267\u884c\u547d\u4ee4\u200b\u884c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b\u5230\u200b\u4e0d\u540c\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002 \u200b\u66f4\u200b\u591a\u200b\u8be6\u7ec6\u200b\u7684\u200b\u89c2\u6d4b\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u6267\u884c\u200b hubble help observe \u200b\u547d\u4ee4\u200b\u67e5\u770b\u200b Hubble CLI \u200b\u7684\u200b\u8be6\u7ec6\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#ui","title":"\u4f7f\u7528\u200b UI \u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u89c2\u6d4b","text":"\u200b\u6267\u884c\u200b cilium status \u200b\u547d\u4ee4\u200b\uff0c\u200b\u786e\u8ba4\u200b Hubble UI \u200b\u5df2\u7ecf\u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\u3002\u200b\u5728\u200b\u7b2c\u4e8c\u6b65\u200b\u7684\u200b Hubble \u200b\u5b89\u88c5\u200b\u4e2d\u200b\uff0c\u200b\u5df2\u7ecf\u200b\u8865\u5145\u200b\u4e86\u200b UI \u200b\u7684\u200b\u5b89\u88c5\u200b\u3002
\u200b\u6267\u884c\u547d\u4ee4\u200b cilium hubble ui \u200b\u53ef\u4ee5\u200b\u81ea\u52a8\u200b\u521b\u5efa\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u5c06\u200b hubble-ui service \u200b\u6620\u5c04\u200b\u5230\u200b\u672c\u5730\u200b\u7aef\u53e3\u200b\u3002 \u200b\u6b63\u5e38\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u6267\u884c\u200b\u5b8c\u200b\u547d\u4ee4\u200b\u540e\u200b\uff0c\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u6253\u5f00\u200b\u672c\u5730\u200b\u7684\u200b\u6d4f\u89c8\u5668\u200b\uff0c\u200b\u8df3\u8f6c\u200b\u5230\u200b Hubble UI \u200b\u754c\u9762\u200b\u3002\u200b\u5982\u679c\u200b\u6ca1\u6709\u200b\u81ea\u52a8\u200b\u8df3\u8f6c\u200b\uff0c\u200b\u5728\u200b\u6d4f\u89c8\u5668\u200b\u4e2d\u200b\u8f93\u5165\u200b http://localhost:12000 \u200b\u6253\u5f00\u200b UI \u200b\u89c2\u5bdf\u200b\u754c\u9762\u200b\u3002
\u200b\u5728\u200b\u754c\u9762\u200b\u5de6\u4e0a\u89d2\u200b\uff0c\u200b\u9009\u62e9\u200b cilium-test namespace\uff0c\u200b\u67e5\u770b\u200b Cilium \u200b\u63d0\u4f9b\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#hubble_1","title":"Hubble \u200b\u6d41\u91cf\u200b\u76d1\u63a7","text":"Hubble \u200b\u7ec4\u4ef6\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u96c6\u7fa4\u200b\u4e2d\u200b Pod \u200b\u7f51\u7edc\u200b\u884c\u4e3a\u200b\u7684\u200b\u76d1\u63a7\u200b\uff0c\u200b\u4e3a\u4e86\u200b\u652f\u6301\u200b\u67e5\u770b\u200b Hubble \u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\uff0c\u200b\u9700\u8981\u200b\u4f7f\u80fd\u200b\u76d1\u63a7\u200b\u7edf\u8ba1\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u8865\u5145\u200b hubble.metrics.enabled \u200b\u914d\u7f6e\u200b\u9879\u200b:
helm upgrade cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --reuse-values \\\n --set hubble.relay.enabled=true \\\n --set hubble.ui.enabled=true \\\n --set hubble.metrics.enabled=\"{dns,drop,tcp,flow,icmp,http}\"\n
\u200b\u90e8\u7f72\u200b\u4e4b\u540e\u200b\uff0c\u200b\u4f1a\u200b\u5728\u200b kube-system namespace \u200b\u751f\u6210\u200b\u540d\u79f0\u200b\u4e3a\u200b hubble-metrics \u200b\u7684\u200b\u670d\u52a1\u200b\u3002\u200b\u901a\u8fc7\u200b\u8bbf\u95ee\u200b Endpoints \u200b\u67e5\u8be2\u200b Hubble \u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff0c\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b:
# curl 172.18.0.2:9091/metrics\n# HELP hubble_drop_total Number of drops\n# TYPE hubble_drop_total counter\nhubble_drop_total{protocol=\"ICMPv6\",reason=\"Unsupported L3 protocol\"} 2\n# HELP hubble_flows_processed_total Total number of flows processed\n# TYPE hubble_flows_processed_total counter\nhubble_flows_processed_total{protocol=\"ICMPv4\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 335\nhubble_flows_processed_total{protocol=\"ICMPv4\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 335\nhubble_flows_processed_total{protocol=\"ICMPv6\",subtype=\"\",type=\"Drop\",verdict=\"DROPPED\"} 2\nhubble_flows_processed_total{protocol=\"TCP\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 8282\nhubble_flows_processed_total{protocol=\"TCP\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 6767\nhubble_flows_processed_total{protocol=\"UDP\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 1642\nhubble_flows_processed_total{protocol=\"UDP\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 1642\n# HELP hubble_icmp_total Number of ICMP messages\n# TYPE hubble_icmp_total counter\nhubble_icmp_total{family=\"IPv4\",type=\"EchoReply\"} 335\nhubble_icmp_total{family=\"IPv4\",type=\"EchoRequest\"} 335\nhubble_icmp_total{family=\"IPv4\",type=\"RouterSolicitation\"} 2\n# HELP hubble_tcp_flags_total TCP flag occurrences\n# TYPE hubble_tcp_flags_total counter\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"FIN\"} 2043\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"RST\"} 301\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"SYN\"} 1169\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"SYN-ACK\"} 1169\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/cilium-networkpolicy/","title":"Cilium NetworkPolicy \u200b\u652f\u6301","text":"Kube-OVN \u200b\u5f53\u524d\u200b\u5df2\u7ecf\u200b\u652f\u6301\u200b\u4e0e\u200b Cilium \u200b\u96c6\u6210\u200b\uff0c\u200b\u5177\u4f53\u64cd\u4f5c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Cilium \u200b\u96c6\u6210\u200b\u3002
\u200b\u5728\u200b\u96c6\u6210\u200b Cilium \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5c31\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b Cilium \u200b\u4f18\u79c0\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u80fd\u529b\u200b\uff0c\u200b\u5b9e\u73b0\u200b\u5bf9\u200b\u6d41\u91cf\u200b\u8bbf\u95ee\u200b\u7684\u200b\u63a7\u5236\u200b\u3002\u200b\u4ee5\u4e0b\u200b\u6587\u6863\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u5bf9\u200b Cilium L3 \u200b\u548c\u200b L4 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u80fd\u529b\u200b\u7684\u200b\u96c6\u6210\u200b\u9a8c\u8bc1\u200b\u3002
"},{"location":"advance/cilium-networkpolicy/#_1","title":"\u9a8c\u8bc1\u200b\u6b65\u9aa4","text":""},{"location":"advance/cilium-networkpolicy/#pod","title":"\u521b\u5efa\u200b\u6d4b\u8bd5\u200b Pod","text":"\u200b\u521b\u5efa\u200b namespace test\u3002\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u5728\u200b test namespace \u200b\u4e2d\u200b\u521b\u5efa\u200b\u6307\u5b9a\u200b label app=test \u200b\u7684\u200b Pod\uff0c\u200b\u4f5c\u4e3a\u200b\u6d4b\u8bd5\u200b\u8bbf\u95ee\u200b\u7684\u200b\u76ee\u7684\u200b Pod\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: test\n name: test\n namespace: test\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: test\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n labels:\n app: test\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n
\u200b\u540c\u6837\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u5728\u200b default namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b\u6307\u5b9a\u200b label app=dynamic \u200b\u7684\u200b Pod \u200b\u4e3a\u200b\u53d1\u8d77\u200b\u8bbf\u95ee\u200b\u6d4b\u8bd5\u200b\u7684\u200b Pod\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: dynamic\n name: dynamic\n namespace: default\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: dynamic\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: dynamic\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n
\u200b\u67e5\u770b\u200b\u6d4b\u8bd5\u200b Pod \u200b\u4ee5\u53ca\u200b Label \u200b\u4fe1\u606f\u200b:
# kubectl get pod -o wide --show-labels\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS\ndynamic-7d8d7874f5-9v5c4 1/1 Running 0 28h 10.16.0.35 kube-ovn-worker <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\ndynamic-7d8d7874f5-s8z2n 1/1 Running 0 28h 10.16.0.36 kube-ovn-control-plane <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\n# kubectl get pod -o wide -n test --show-labels\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS\ndynamic-7d8d7874f5-6dsg6 1/1 Running 0 7h20m 10.16.0.2 kube-ovn-control-plane <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\ndynamic-7d8d7874f5-tjgtp 1/1 Running 0 7h46m 10.16.0.42 kube-ovn-worker <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\nlabel-test1-77b6764857-swq4k 1/1 Running 0 3h43m 10.16.0.12 kube-ovn-worker <none> <none> app=test1,pod-template-hash=77b6764857\n\n// \u200b\u4ee5\u4e0b\u200b\u4e3a\u200b\u6d4b\u8bd5\u200b\u8bbf\u95ee\u200b\u76ee\u7684\u200b Pod\ntest-54c98bc466-mft5s 1/1 Running 0 8h 10.16.0.41 kube-ovn-worker <none> <none> app=test,pod-template-hash=54c98bc466\n
"},{"location":"advance/cilium-networkpolicy/#l3","title":"L3 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b CiliumNetworkPolicy \u200b\u8d44\u6e90\u200b:
apiVersion: \"cilium.io/v2\"\nkind: CiliumNetworkPolicy\nmetadata:\n name: \"l3-rule\"\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n
\u200b\u5728\u200b default namespace \u200b\u4e0b\u200b\u7684\u200b\u6d4b\u8bd5\u200b Pod \u200b\u4e2d\u200b\uff0c\u200b\u53d1\u8d77\u200b\u5bf9\u200b\u76ee\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u7ed3\u679c\u200b\u8bbf\u95ee\u200b\u4e0d\u901a\u200b\u3002 \u200b\u4f46\u662f\u200b\u5728\u200b test namespace \u200b\u4e0b\u200b\uff0c\u200b\u6d4b\u8bd5\u200b\u5230\u200b\u76ee\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u6d4b\u8bd5\u200b\u6b63\u5e38\u200b\u3002
default namespace \u200b\u4e0b\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b:
# kubectl exec -it dynamic-7d8d7874f5-9v5c4 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\n
test namepsace \u200b\u4e0b\u200b Pod \u200b\u7684\u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u8bbf\u95ee\u200b\u6b63\u5e38\u200b:
# kubectl exec -it -n test dynamic-7d8d7874f5-6dsg6 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n64 bytes from 10.16.0.41: seq=0 ttl=64 time=2.558 ms\n64 bytes from 10.16.0.41: seq=1 ttl=64 time=0.223 ms\n64 bytes from 10.16.0.41: seq=2 ttl=64 time=0.304 ms\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.223/1.028/2.558 ms\n
\u200b\u67e5\u770b\u200b Cilium \u200b\u5b98\u65b9\u200b\u6587\u6863\u200b\u89e3\u91ca\u200b\uff0cCiliumNetworkPolicy \u200b\u8d44\u6e90\u200b\u5c06\u200b\u9650\u5236\u200b\u63a7\u5236\u200b\u5728\u200b\u4e86\u200b Namespace \u200b\u7ea7\u522b\u200b\u3002\u200b\u8be6\u7ec6\u4fe1\u606f\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b Cilium \u200b\u9650\u5236\u200b\u3002
\u200b\u5728\u200b\u6709\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u5339\u914d\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u53ea\u6709\u200b\u540c\u4e00\u4e2a\u200b Namespace \u200b\u7684\u200b Pod \uff0c\u200b\u624d\u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b\u89c4\u5219\u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u62d2\u7edd\u200b\u5176\u4ed6\u200b Namespace \u200b\u7684\u200b Pod \u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\u3002
\u200b\u5982\u679c\u200b\u60f3\u200b\u5b9e\u73b0\u200b\u8de8\u200b Namespace \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u89c4\u5219\u200b\u4e2d\u200b\u660e\u786e\u200b\u6307\u5b9a\u200b Namespace \u200b\u4fe1\u606f\u200b\u3002
\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\uff0c\u200b\u4fee\u6539\u200b CiliumNetworkPolicy \u200b\u8d44\u6e90\u200b\uff0c\u200b\u589e\u52a0\u200b namespace \u200b\u4fe1\u606f\u200b:
ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n k8s:io.kubernetes.pod.namespace: default // \u200b\u63a7\u5236\u200b\u5176\u4ed6\u200b Namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\n
\u200b\u67e5\u770b\u200b\u4fee\u6539\u200b\u540e\u200b\u7684\u200b CiliumNetworkPolicy \u200b\u8d44\u6e90\u200b\u4fe1\u606f\u200b:
# kubectl get cnp -n test -o yaml l3-rule\napiVersion: cilium.io/v2\nkind: CiliumNetworkPolicy\nmetadata:\n name: l3-rule\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n - matchLabels:\n app: dynamic\n k8s:io.kubernetes.pod.namespace: default\n
\u200b\u518d\u6b21\u200b\u6d4b\u8bd5\u200b default namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\uff0c\u200b\u76ee\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u6b63\u5e38\u200b:
# kubectl exec -it dynamic-7d8d7874f5-9v5c4 -n test -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n64 bytes from 10.16.0.41: seq=0 ttl=64 time=2.383 ms\n64 bytes from 10.16.0.41: seq=1 ttl=64 time=0.115 ms\n64 bytes from 10.16.0.41: seq=2 ttl=64 time=0.142 ms\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.115/0.880/2.383 ms\n
\u200b\u4f7f\u7528\u200b\u6807\u51c6\u200b\u7684\u200b Kubernetes \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b networkpolicy\uff0c\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u663e\u793a\u200b Cilium \u200b\u540c\u6837\u200b\u5c06\u200b\u8bbf\u95ee\u200b\u9650\u5236\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b Namespace \u200b\u5185\u200b\uff0c\u200b\u8de8\u200b Namespace \u200b\u7684\u200b\u8bbf\u95ee\u200b\u662f\u200b\u7981\u6b62\u200b\u7684\u200b\u3002
\u200b\u8fd9\u70b9\u200b\u4e0e\u200b Kube-OVN \u200b\u5b9e\u73b0\u200b\u662f\u200b\u4e0d\u540c\u200b\u7684\u200b\u3002Kube-OVN \u200b\u652f\u6301\u200b\u6807\u51c6\u200b\u7684\u200b k8s \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\uff0c\u200b\u9650\u5236\u200b\u4e86\u200b\u5177\u4f53\u200b Namespace \u200b\u4e0b\u200b\u7684\u200b\u76ee\u7684\u200b Pod\uff0c\u200b\u4f46\u662f\u200b\u5bf9\u200b\u6e90\u5730\u5740\u200b Pod\uff0c\u200b\u662f\u200b\u6ca1\u6709\u200b Namespace \u200b\u9650\u5236\u200b\u7684\u200b\uff0c\u200b\u4efb\u4f55\u200b Namespace \u200b\u4e0b\u200b\u7b26\u5408\u200b\u9650\u5236\u200b\u89c4\u5219\u200b\u7684\u200b Pod\uff0c\u200b\u90fd\u200b\u53ef\u4ee5\u200b\u5b9e\u73b0\u200b\u5bf9\u200b\u76ee\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b\u3002
"},{"location":"advance/cilium-networkpolicy/#l4","title":"L4 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b L4 \u200b\u5c42\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u8d44\u6e90\u200b:
apiVersion: \"cilium.io/v2\"\nkind: CiliumNetworkPolicy\nmetadata:\n name: \"l4-rule\"\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n toPorts:\n - ports:\n - port: \"80\"\n protocol: TCP\n
\u200b\u6d4b\u8bd5\u200b\u76f8\u540c\u200b Namespace \u200b\u4e0b\u200b\uff0c\u200b\u7b26\u5408\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b
# kubectl exec -it -n test dynamic-7d8d7874f5-6dsg6 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\nbash-5.0#\nbash-5.0# curl 10.16.0.41:80\n<html>\n<head>\n <title>Hello World!</title>\n <link href='//fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>\n <style>\n body {\n background-color: white;\n text-align: center;\n padding: 50px;\n font-family: \"Open Sans\",\"Helvetica Neue\",Helvetica,Arial,sans-serif;\n }\n #logo {\n margin-bottom: 40px;\n }\n </style>\n</head>\n<body>\n <h1>Hello World!</h1>\n <h3>Links found</h3>\n <h3>I am on test-54c98bc466-mft5s</h3>\n <h3>Cookie =</h3>\n <b>KUBERNETES</b> listening in 443 available at tcp://10.96.0.1:443<br />\n <h3>my name is hanhouchao!</h3>\n <h3> RequestURI='/'</h3>\n</body>\n</html>\n
\u200b\u76f8\u540c\u200b Namespace \u200b\u4e0b\u200b\uff0c\u200b\u4e0d\u200b\u7b26\u5408\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u6d4b\u8bd5\u200b
# kubectl exec -it -n test label-test1-77b6764857-swq4k -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\nbash-5.0#\nbash-5.0# curl -v 10.16.0.41:80 --connect-timeout 10\n* Trying 10.16.0.41:80...\n* After 10000ms connect time, move on!\n* connect to 10.16.0.41 port 80 failed: Operation timed out\n* Connection timeout after 10001 ms\n* Closing connection 0\ncurl: (28) Connection timeout after 10001 ms\n
\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u751f\u6548\u200b\u540e\u200b\uff0c\u200b\u8de8\u200b Namespace \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u4f9d\u7136\u200b\u662f\u200b\u88ab\u200b\u7981\u6b62\u200b\u7684\u200b\uff0c\u200b\u8ddf\u200b L3 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b\u4e00\u81f4\u200b\u3002
\u200b\u5728\u200b L4 \u200b\u7f51\u7edc\u200b\u89c4\u5219\u200b\u751f\u6548\u200b\u540e\u200b\uff0cping \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\uff0c\u200b\u4f46\u662f\u200b\u7b26\u5408\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u7684\u200b TCP \u200b\u8bbf\u95ee\u200b\uff0c\u200b\u662f\u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u6267\u884c\u200b\u7684\u200b\u3002
\u200b\u5173\u4e8e\u200b ICMP \u200b\u7684\u200b\u9650\u5236\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u5b98\u65b9\u200b\u8bf4\u660e\u200b L4 \u200b\u9650\u5236\u200b\u8bf4\u660e\u200b\u3002
"},{"location":"advance/cilium-networkpolicy/#l7","title":"L7 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5","text":"chaining \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0cL7 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u76ee\u524d\u200b\u662f\u200b\u5b58\u5728\u200b\u95ee\u9898\u200b\u7684\u200b\u3002\u200b\u5728\u200b Cilium \u200b\u5b98\u65b9\u200b\u6587\u6863\u200b\u4e2d\u200b\uff0c\u200b\u5bf9\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u7ed9\u51fa\u200b\u4e86\u200b\u8bf4\u660e\u200b\uff0c\u200b\u53c2\u8003\u200b Generic Veth Chaining\u3002
\u200b\u8fd9\u4e2a\u200b\u95ee\u9898\u200b\u4f7f\u7528\u200b issue 12454 \u200b\u8ddf\u8e2a\u200b\uff0c\u200b\u76ee\u524d\u200b\u8fd8\u200b\u6ca1\u6709\u200b\u89e3\u51b3\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/dhcp/","title":"DHCP \u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u4f7f\u7528\u200b SR-IOV \u200b\u6216\u200b DPDK \u200b\u7c7b\u578b\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0cKubeVirt \u200b\u5185\u7f6e\u200b\u7684\u200b DHCP \u200b\u65e0\u6cd5\u200b\u5728\u200b\u8be5\u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u5de5\u4f5c\u200b\u3002Kube-OVN \u200b\u53ef\u4ee5\u200b\u5229\u7528\u200b OVN \u200b\u7684\u200b DHCP \u200b\u80fd\u529b\u200b\u5728\u200b\u5b50\u7f51\u200b\u7ea7\u522b\u200b\u8bbe\u7f6e\u200b DHCP \u200b\u9009\u9879\u200b\uff0c\u200b\u4ece\u800c\u200b\u5e2e\u52a9\u200b\u8be5\u200b\u7f51\u7edc\u200b\u7c7b\u578b\u200b\u7684\u200b KubeVirt \u200b\u865a\u673a\u200b\u6b63\u5e38\u200b\u4f7f\u7528\u200b DHCP \u200b\u83b7\u5f97\u200b\u5206\u914d\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002Kube-OVN \u200b\u540c\u65f6\u200b\u652f\u6301\u200b DHCPv4 \u200b\u548c\u200b DHCPv6\u3002
\u200b\u5b50\u7f51\u200b DHCP \u200b\u7684\u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sn-dual\nspec:\n cidrBlock: \"10.0.0.0/24,240e::a00/120\"\n default: false\n disableGatewayCheck: true\n disableInterConnection: false\n excludeIps:\n - 10.0.0.1\n - 240e::a01\n gateway: 10.0.0.1,240e::a01\n gatewayNode: ''\n gatewayType: distributed\n natOutgoing: false\n private: false\n protocol: Dual\n provider: ovn\n vpc: vpc-test\n enableDHCP: true\n dhcpV4Options: \"lease_time=3600,router=10.0.0.1,server_id=169.254.0.254,server_mac=00:00:00:2E:2F:B8\"\n dhcpV6Options: \"server_id=00:00:00:2E:2F:C5\"\n enableIPv6RA: true\n ipv6RAConfigs: \"address_mode=dhcpv6_stateful,max_interval=30,min_interval=5,send_periodic=true\"\n
enableDHCP: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u5b50\u7f51\u200b\u7684\u200b DHCP \u200b\u529f\u80fd\u200b\u3002dhcpV4Options,dhcpV6Options: \u200b\u8be5\u5b57\u6bb5\u200b\u76f4\u63a5\u200b\u66b4\u9732\u200b ovn-nb \u200b\u5185\u200b DHCP \u200b\u76f8\u5173\u200b\u9009\u9879\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b DHCP Options\u3002 \u200b\u9ed8\u8ba4\u503c\u200b\u5206\u522b\u200b\u4e3a\u200b \"lease_time=3600, router=$ipv4_gateway, server_id=169.254.0.254, server_mac=$random_mac\" \u200b\u548c\u200b server_id=$random_mac\u3002enableIPv6RA: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b DHCPv6 \u200b\u7684\u200b\u8def\u7531\u200b\u5e7f\u64ad\u200b\u529f\u80fd\u200b\u3002ipv6RAConfigs\uff1a\u200b\u8be5\u5b57\u6bb5\u200b\u76f4\u63a5\u200b\u66b4\u9732\u200b ovn-nb \u200b\u5185\u200b Logical_Router_Port \u200b\u76f8\u5173\u200b\u9009\u9879\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b Logical Router Port \u200b\u9ed8\u8ba4\u503c\u200b\u4e3a\u200b address_mode=dhcpv6_stateful, max_interval=30, min_interval=5, send_periodic=true\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/dpdk/","title":"DPDK \u200b\u652f\u6301","text":"\u200b\u8be5\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b Kube-OVN \u200b\u5982\u4f55\u200b\u548c\u200b OVS-DPDK \u200b\u7ed3\u5408\u200b\uff0c\u200b\u7ed9\u200b KubeVirt \u200b\u7684\u200b\u865a\u673a\u200b\u63d0\u4f9b\u200b DPDK \u200b\u7c7b\u578b\u200b\u7684\u200b\u7f51\u7edc\u63a5\u53e3\u200b\u3002
\u200b\u4e0a\u6e38\u200b\u7684\u200b KubeVirt \u200b\u76ee\u524d\u200b\u8fd8\u200b\u672a\u200b\u652f\u6301\u200b OVS-DPDK\uff0c\u200b\u7528\u6237\u200b\u9700\u8981\u200b\u81ea\u5df1\u200b\u901a\u8fc7\u200b\u76f8\u5173\u200b patch Vhostuser implementation \u200b\u6784\u5efa\u200b KubeVirt \u200b\u6216\u200b KVM Device Plugin \u200b\u6765\u200b\u4f7f\u7528\u200b OVS-DPDK\u3002
"},{"location":"advance/dpdk/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u8282\u70b9\u200b\u9700\u200b\u63d0\u4f9b\u200b\u4e13\u95e8\u200b\u7ed9\u200b DPDK \u200b\u9a71\u52a8\u200b\u8fd0\u884c\u200b\u7684\u200b\u7f51\u5361\u200b\u3002
- \u200b\u8282\u70b9\u200b\u9700\u200b\u5f00\u542f\u200b Hugepages\u3002
"},{"location":"advance/dpdk/#dpdk_1","title":"\u7f51\u5361\u200b\u8bbe\u7f6e\u200b DPDK \u200b\u9a71\u52a8","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b driverctl \u200b\u4e3a\u4f8b\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5177\u4f53\u200b\u53c2\u6570\u200b\u548c\u200b\u5176\u4ed6\u200b\u9a71\u52a8\u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b DPDK \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u3002
driverctl set-override 0000:00:0b.0 uio_pci_generic\n
"},{"location":"advance/dpdk/#_2","title":"\u8282\u70b9\u200b\u914d\u7f6e","text":"\u200b\u5bf9\u200b\u652f\u6301\u200b OVS-DPDK \u200b\u7684\u200b\u8282\u70b9\u200b\u6253\u200b\u6807\u7b7e\u200b\uff0c\u200b\u4ee5\u4fbf\u200b Kube-OVN \u200b\u8fdb\u884c\u200b\u8bc6\u522b\u200b\u5904\u7406\u200b\uff1a
kubectl label nodes <node> ovn.kubernetes.io/ovs_dp_type=\"userspace\"\n
\u200b\u5728\u200b\u652f\u6301\u200b OVS-DPDK \u200b\u8282\u70b9\u200b\u7684\u200b /opt/ovs-config \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u521b\u5efa\u200b\u914d\u7f6e\u6587\u4ef6\u200b ovs-dpdk-config\uff1a
ENCAP_IP=192.168.122.193/24\nDPDK_DEV=0000:00:0b.0\n
ENCAP_IP: \u200b\u96a7\u9053\u200b\u7aef\u70b9\u200b\u5730\u5740\u200b\u3002DPDK_DEV: \u200b\u8bbe\u5907\u200b\u7684\u200b PCI ID\u3002
"},{"location":"advance/dpdk/#kube-ovn","title":"\u5b89\u88c5\u200b Kube-OVN","text":"\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u542f\u7528\u200b DPDK \u200b\u5b89\u88c5\u200b\u9009\u9879\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a
bash install.sh --with-hybrid-dpdk\n
"},{"location":"advance/dpdk/#_3","title":"\u4f7f\u7528\u200b\u65b9\u5f0f","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u901a\u8fc7\u200b\u521b\u5efa\u200b\u4e00\u4e2a\u200b\u4f7f\u7528\u200b vhostuser \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\u7684\u200b\u865a\u200b\u673a\u6765\u200b\u9a8c\u8bc1\u200b OVS-DPDK \u200b\u529f\u80fd\u200b\u3002
\u200b\u5b89\u88c5\u200b KVM Device Plugin \u200b\u6765\u200b\u521b\u5efa\u200b\u865a\u673a\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u8bf7\u200b\u53c2\u8003\u200b KVM Device Plugin\u3002
kubectl apply -f https://raw.githubusercontent.com/kubevirt/kubernetes-device-plugins/master/manifests/kvm-ds.yml\n
\u200b\u521b\u5efa\u200b NetworkAttachmentDefinition\uff1a
apiVersion: k8s.cni.cncf.io/v1\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-dpdk\n namespace: default\nspec:\n config: >-\n {\n \"cniVersion\": \"0.3.0\", \n \"type\": \"kube-ovn\", \n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\", \n \"provider\": \"ovn-dpdk.default.ovn\",\n \"vhost_user_socket_volume_name\": \"vhostuser-sockets\",\n \"vhost_user_socket_name\": \"sock\"\n }\n
\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b Dockerfile \u200b\u521b\u5efa\u200b VM \u200b\u955c\u50cf\u200b\uff1a
FROM quay.io/kubevirt/virt-launcher:v0.46.1\n\n# wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2\nCOPY CentOS-7-x86_64-GenericCloud.qcow2 /var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2\n
\u200b\u521b\u5efa\u200b\u865a\u62df\u673a\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vm-config\ndata:\n start.sh: |\n chmod u+w /etc/libvirt/qemu.conf\n echo \"hugetlbfs_mount = \\\"/dev/hugepages\\\"\" >> /etc/libvirt/qemu.conf\n virtlogd &\n libvirtd &\n\n mkdir /var/lock\n\n sleep 5\n\n virsh define /root/vm/vm.xml\n virsh start vm\n\n tail -f /dev/null\n vm.xml: |\n <domain type='kvm'>\n <name>vm</name>\n <uuid>4a9b3f53-fa2a-47f3-a757-dd87720d9d1d</uuid>\n <memory unit='KiB'>2097152</memory>\n <currentMemory unit='KiB'>2097152</currentMemory>\n <memoryBacking>\n <hugepages>\n <page size='2' unit='M' nodeset='0'/>\n </hugepages>\n </memoryBacking>\n <vcpu placement='static'>2</vcpu>\n <cputune>\n <shares>4096</shares>\n <vcpupin vcpu='0' cpuset='4'/>\n <vcpupin vcpu='1' cpuset='5'/>\n <emulatorpin cpuset='1,3'/>\n </cputune>\n <os>\n <type arch='x86_64' machine='pc'>hvm</type>\n <boot dev='hd'/>\n </os>\n <features>\n <acpi/>\n <apic/>\n </features>\n <cpu mode='host-model'>\n <model fallback='allow'/>\n <topology sockets='1' cores='2' threads='1'/>\n <numa>\n <cell id='0' cpus='0-1' memory='2097152' unit='KiB' memAccess='shared'/>\n </numa>\n </cpu>\n <on_reboot>restart</on_reboot>\n <devices>\n <emulator>/usr/libexec/qemu-kvm</emulator>\n <disk type='file' device='disk'>\n <driver name='qemu' type='qcow2' cache='none'/>\n <source file='/var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2'/>\n <target dev='vda' bus='virtio'/>\n </disk>\n\n <interface type='vhostuser'>\n <mac address='00:00:00:0A:30:89'/>\n <source type='unix' path='/var/run/vm/sock' mode='server'/>\n <model type='virtio'/>\n <driver queues='2'>\n <host mrg_rxbuf='off'/>\n </driver>\n </interface>\n <serial type='pty'>\n <target type='isa-serial' port='0'>\n <model name='isa-serial'/>\n </target>\n </serial>\n <console type='pty'>\n <target type='serial' port='0'/>\n </console>\n <channel type='unix'>\n <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-1-vm/org.qemu.guest_agent.0'/>\n <target type='virtio' name='org.qemu.guest_agent.0' state='connected'/>\n <alias name='channel0'/>\n <address type='virtio-serial' controller='0' bus='0' port='1'/>\n </channel>\n\n </devices>\n </domain>\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: vm-deployment\n labels:\n app: vm\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: vm\n template:\n metadata:\n labels:\n app: vm\n annotations:\n k8s.v1.cni.cncf.io/networks: default/ovn-dpdk\n ovn-dpdk.default.ovn.kubernetes.io/ip_address: 10.16.0.96\n ovn-dpdk.default.ovn.kubernetes.io/mac_address: 00:00:00:0A:30:89\n spec:\n nodeSelector:\n ovn.kubernetes.io/ovs_dp_type: userspace\n securityContext:\n runAsUser: 0\n volumes:\n - name: vhostuser-sockets\n emptyDir: {}\n - name: xml\n configMap:\n name: vm-config\n - name: hugepage\n emptyDir:\n medium: HugePages-2Mi\n - name: libvirt-runtime\n emptyDir: {}\n containers:\n - name: vm\n image: vm-vhostuser:latest\n command: [\"bash\", \"/root/vm/start.sh\"]\n securityContext:\n capabilities:\n add:\n - NET_BIND_SERVICE\n - SYS_NICE\n - NET_RAW\n - NET_ADMIN\n privileged: false\n runAsUser: 0\n resources:\n limits:\n cpu: '2'\n devices.kubevirt.io/kvm: '1'\n memory: '8784969729'\n hugepages-2Mi: 2Gi\n requests:\n cpu: 666m\n devices.kubevirt.io/kvm: '1'\n ephemeral-storage: 50M\n memory: '4490002433'\n volumeMounts:\n - name: vhostuser-sockets\n mountPath: /var/run/vm\n - name: xml\n mountPath: /root/vm/\n - mountPath: /dev/hugepages\n name: hugepage\n - name: libvirt-runtime\n mountPath: /var/run/libvirt\n
\u200b\u7b49\u5f85\u200b\u865a\u62df\u673a\u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\u8fdb\u5165\u200b Pod \u200b\u8fdb\u884c\u200b\u865a\u673a\u200b\u914d\u7f6e\u200b\uff1a
# virsh set-user-password vm root 12345\nPassword set successfully for root in vm\n\n# virsh console vm\nConnected to domain 'vm'\nEscape character is ^] (Ctrl + ])\n\nCentOS Linux 7 (Core)\nKernel 3.10.0-1127.el7.x86_64 on an x86_64\n\nlocalhost login: root\nPassword:\nLast login: Fri Feb 25 09:52:54 on ttyS0\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u767b\u5f55\u200b\u865a\u673a\u200b\u8fdb\u884c\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u5e76\u200b\u6d4b\u8bd5\u200b\uff1a
ip link set eth0 mtu 1400\nip addr add 10.16.0.96/16 dev eth0\nip ro add default via 10.16.0.1\nping 114.114.114.114\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/external-gateway/","title":"\u5916\u90e8\u200b\u7f51\u5173\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u5bf9\u200b\u6240\u6709\u200b\u5bb9\u5668\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7684\u200b\u6d41\u91cf\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b\u7684\u200b\u7f51\u5173\u200b\u8fdb\u884c\u200b\u7edf\u4e00\u200b\u7684\u200b\u7ba1\u7406\u200b\u548c\u200b\u5ba1\u8ba1\u200b\u3002 Kube-OVN \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5728\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b\u8def\u7531\u200b\u914d\u7f6e\u200b\uff0c\u200b\u5c06\u200b\u51fa\u7f51\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\u81f3\u200b\u5bf9\u5e94\u200b\u7684\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u3002
"},{"location":"advance/external-gateway/#_2","title":"\u4f7f\u7528\u200b\u65b9\u5f0f","text":"kind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: external\nspec:\n cidrBlock: 172.31.0.0/16\n gatewayType: centralized\n natOutgoing: false\n externalEgressGateway: 192.168.0.1\n policyRoutingTableID: 1000\n policyRoutingPriority: 1500\n
natOutgoing: \u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\u3002externalEgressGateway\uff1a\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u9700\u8981\u200b\u548c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u53ef\u8fbe\u57df\u200b\u3002policyRoutingTableID\uff1a\u200b\u4f7f\u7528\u200b\u7684\u200b\u672c\u5730\u200b\u7b56\u7565\u200b\u8def\u7531\u8868\u200b\u7684\u200b TableID \u200b\u6bcf\u4e2a\u200b\u5b50\u7f51\u200b\u5747\u200b\u9700\u200b\u4e0d\u540c\u200b\u4ee5\u200b\u907f\u514d\u200b\u51b2\u7a81\u200b\u3002policyRoutingPriority\uff1a\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u4e3a\u200b\u907f\u514d\u200b\u540e\u7eed\u200b\u7528\u6237\u200b\u5b9a\u5236\u200b\u5316\u200b\u7684\u200b\u5176\u4ed6\u200b\u8def\u7531\u200b\u64cd\u4f5c\u200b\u51b2\u7a81\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u53ef\u4ee5\u200b\u6307\u5b9a\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u82e5\u200b\u65e0\u200b\u7279\u6b8a\u200b\u9700\u6c42\u200b\u586b\u5165\u200b\u4efb\u610f\u200b\u503c\u200b\u5373\u53ef\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/fastpath/","title":"\u624b\u52a8\u200b\u7f16\u8bd1\u200b FastPath \u200b\u6a21\u5757","text":"\u200b\u7ecf\u8fc7\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u7684\u200b\u6027\u80fd\u200b Profile\uff0cNetfilter \u200b\u5728\u200b\u5bb9\u5668\u200b\u5185\u200b\u548c\u200b\u5bbf\u4e3b\u673a\u200b\u4e0a\u200b\u7684\u200b\u76f8\u5173\u200b\u5904\u7406\u200b\u6d88\u8017\u200b\u4e86\u200b 20% \u200b\u5de6\u53f3\u200b\u7684\u200b CPU \u200b\u8d44\u6e90\u200b\uff0cFastPath \u200b\u6a21\u5757\u200b\u53ef\u4ee5\u200b\u7ed5\u8fc7\u200b Netfilter \u200b\u4ece\u800c\u200b \u200b\u964d\u4f4e\u200b CPU \u200b\u7684\u200b\u6d88\u8017\u200b\u548c\u200b\u5ef6\u8fdf\u200b\uff0c\u200b\u5e76\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b FastPath \u200b\u6a21\u5757\u200b\u3002
"},{"location":"advance/fastpath/#_1","title":"\u4e0b\u8f7d\u200b\u76f8\u5173\u200b\u5185\u6838\u6a21\u5757\u200b\u4ee3\u7801","text":"git clone --depth=1 https://github.com/kubeovn/kube-ovn.git\n
"},{"location":"advance/fastpath/#_2","title":"\u5b89\u88c5\u200b\u4f9d\u8d56","text":"\u200b\u8fd9\u91cc\u200b\u4ee5\u200b CentOS \u200b\u4e3a\u4f8b\u200b\u4e0b\u8f7d\u200b\u76f8\u5173\u200b\u4f9d\u8d56\u200b\uff1a
yum install -y kernel-devel-$(uname -r) gcc elfutils-libelf-devel\n
"},{"location":"advance/fastpath/#_3","title":"\u7f16\u8bd1\u200b\u76f8\u5173\u200b\u6a21\u5757","text":"\u200b\u9488\u5bf9\u200b 3.x \u200b\u7684\u200b\u5185\u6838\u200b\uff1a
cd kube-ovn/fastpath\nmake all\n
\u200b\u9488\u5bf9\u200b 4.x \u200b\u7684\u200b\u5185\u6838\u200b\uff1a
cd kube-ovn/fastpath/4.18\ncp ../Makefile .\nmake all\n
"},{"location":"advance/fastpath/#_4","title":"\u5b89\u88c5\u200b\u5185\u6838\u6a21\u5757","text":"\u200b\u5c06\u200b kube_ovn_fastpath.ko \u200b\u590d\u5236\u5230\u200b\u6bcf\u4e2a\u200b\u9700\u8981\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u7684\u200b\u8282\u70b9\u200b /tmp \u200b\u76ee\u5f55\u200b\u4e0b\u200b\uff0ckube-ovn-cni \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u52a0\u8f7d\u200b\u8be5\u200b\u6a21\u5757\u200b\u3002
\u200b\u4f7f\u7528\u200b dmesg \u200b\u786e\u8ba4\u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\uff1a
# dmesg\n[619631.323788] init_module,kube_ovn_fastpath_local_out\n[619631.323798] init_module,kube_ovn_fastpath_post_routing\n[619631.323800] init_module,kube_ovn_fastpath_pre_routing\n[619631.323801] init_module,kube_ovn_fastpath_local_in\n
\u200b\u5982\u9700\u200b\u5378\u8f7d\u200b\u6a21\u5757\u200b\uff0c\u200b\u53ef\u200b\u5c06\u200b\u8be5\u200b\u6a21\u5757\u200b\u4ece\u200b /tmp \u200b\u76ee\u5f55\u200b\u4e0b\u79fb\u200b\u9664\u200b\uff0ckube-ovn-cni \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5378\u8f7d\u200b\u8be5\u200b\u6a21\u5757\u200b\u3002
\u200b\u8be5\u200b\u6a21\u5757\u200b\u5728\u200b\u673a\u5668\u200b\u91cd\u542f\u200b\u540e\u200b\u4e0d\u4f1a\u200b\u81ea\u52a8\u200b\u52a0\u8f7d\u200b\uff0c\u200b\u5982\u9700\u200b\u81ea\u52a8\u200b\u52a0\u8f7d\u200b\u8bf7\u200b\u6839\u636e\u200b\u7cfb\u7edf\u200b\u5f04\u200b\u914d\u7f6e\u200b\u7f16\u5199\u200b\u76f8\u5e94\u200b\u81ea\u542f\u52a8\u200b\u811a\u672c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/multi-nic/","title":"\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406","text":"Kube-OVN \u200b\u53ef\u4ee5\u200b\u4e3a\u200b\u5176\u4ed6\u200b CNI \u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u4f8b\u5982\u200b macvlan\u3001vlan\u3001host-device \u200b\u7b49\u200b\u63d2\u4ef6\u200b\u63d0\u4f9b\u200b\u96c6\u7fa4\u200b\u7ea7\u522b\u200b\u7684\u200b IPAM \u200b\u80fd\u529b\u200b\uff0c \u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5230\u200b Kube-OVN \u200b\u4e2d\u5b50\u200b\u7f51\u200b\u4ee5\u53ca\u200b\u56fa\u5b9a\u200b IP \u200b\u529f\u80fd\u200b\u3002
\u200b\u540c\u65f6\u200b Kube-OVN \u200b\u4e5f\u200b\u652f\u6301\u200b\u591a\u5757\u200b\u7f51\u5361\u200b\u5747\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u7684\u200b\u5730\u5740\u200b\u7ba1\u7406\u200b\u3002
"},{"location":"advance/multi-nic/#_2","title":"\u5de5\u4f5c\u200b\u539f\u7406","text":"\u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b Multus CNI, \u200b\u6211\u4eec\u200b\u53ef\u4ee5\u200b\u7ed9\u200b\u4e00\u4e2a\u200b Pod \u200b\u6dfb\u52a0\u200b\u591a\u5757\u200b\u4e0d\u540c\u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u5361\u200b\u3002 \u200b\u7136\u800c\u200b\u6211\u4eec\u200b\u4ecd\u7136\u200b\u7f3a\u4e4f\u200b\u5bf9\u200b\u96c6\u7fa4\u200b\u8303\u56f4\u200b\u5185\u200b\u4e0d\u540c\u200b\u7f51\u7edc\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u8fdb\u884c\u200b\u7ba1\u7406\u200b\u7684\u200b\u80fd\u529b\u200b\u3002\u200b\u5728\u200b Kube-OVN \u200b\u4e2d\u200b\uff0c\u200b\u6211\u4eec\u200b\u5df2\u7ecf\u200b\u80fd\u591f\u200b\u901a\u8fc7\u200b Subnet \u200b\u548c\u200b IP \u200b\u7684\u200b CRD \u200b\u6765\u200b\u8fdb\u884c\u200b IP \u200b\u7684\u200b\u9ad8\u7ea7\u200b\u7ba1\u7406\u200b\uff0c \u200b\u4f8b\u5982\u200b\u5b50\u7f51\u200b\u7ba1\u7406\u200b\uff0cIP \u200b\u9884\u7559\u200b\uff0c\u200b\u968f\u673a\u200b\u5206\u914d\u200b\uff0c\u200b\u56fa\u5b9a\u200b\u5206\u914d\u200b\u7b49\u200b\u3002\u200b\u73b0\u5728\u200b\u6211\u4eec\u200b\u5bf9\u200b\u5b50\u7f51\u200b\u8fdb\u884c\u200b\u6269\u5c55\u200b\uff0c\u200b\u6765\u200b\u63a5\u5165\u200b\u5176\u4ed6\u200b\u4e0d\u540c\u200b\u7684\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u7684\u200b IPAM \u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/multi-nic/#_3","title":"\u5de5\u4f5c\u200b\u6d41\u7a0b","text":"\u200b\u4e0a\u200b\u56fe\u200b\u5c55\u793a\u200b\u4e86\u200b\u5982\u4f55\u200b\u901a\u8fc7\u200b Kube-OVN \u200b\u6765\u200b\u7ba1\u7406\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002\u200b\u5176\u4e2d\u200b\u5bb9\u5668\u200b\u7684\u200b eth0 \u200b\u7f51\u5361\u200b\u63a5\u5165\u200b OVN \u200b\u7f51\u7edc\u200b\uff0cnet1 \u200b\u7f51\u5361\u200b\u63a5\u5165\u200b\u5176\u4ed6\u200b CNI \u200b\u7f51\u7edc\u200b\u3002 net1 \u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u7edc\u200b\u5b9a\u4e49\u200b\u6765\u81ea\u200b\u4e8e\u200b multus-cni \u200b\u4e2d\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u8d44\u6e90\u200b\u5b9a\u4e49\u200b\u3002
\u200b\u5f53\u200b Pod \u200b\u521b\u5efa\u200b\u65f6\u200b\uff0ckube-ovn-controller \u200b\u4f1a\u200b\u76d1\u542c\u200b\u5230\u200b Pod \u200b\u6dfb\u52a0\u200b\u4e8b\u4ef6\u200b\uff0c\u200b\u5e76\u200b\u6839\u636e\u200b Pod \u200b\u4e2d\u200b\u7684\u200b annotation \u200b\u53bb\u200b\u5bfb\u627e\u200b\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u5e76\u200b\u4ece\u4e2d\u200b\u8fdb\u884c\u200b IP \u200b\u7684\u200b\u5206\u914d\u200b\u548c\u200b\u7ba1\u7406\u200b\uff0c \u200b\u5e76\u200b\u5c06\u200b Pod \u200b\u6240\u200b\u5206\u914d\u200b\u5230\u200b\u7684\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\u5199\u200b\u56de\u5230\u200b Pod annotation \u200b\u4e2d\u200b\u3002
\u200b\u5728\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u673a\u5668\u200b\u7684\u200b CNI \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5728\u200b\u914d\u7f6e\u200b\u4e2d\u200b\u914d\u7f6e\u200b kube-ovn-cni \u200b\u4f5c\u4e3a\u200b ipam \u200b\u63d2\u4ef6\u200b, kube-ovn-cni \u200b\u5c06\u4f1a\u200b\u8bfb\u53d6\u200b Pod annotation \u200b\u5e76\u200b\u5c06\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\u901a\u8fc7\u200b CNI \u200b\u534f\u8bae\u200b\u7684\u200b\u6807\u51c6\u200b\u683c\u5f0f\u200b\u8fd4\u56de\u200b\u7ed9\u200b\u76f8\u5e94\u200b\u7684\u200b CNI \u200b\u63d2\u4ef6\u200b\u3002
"},{"location":"advance/multi-nic/#_4","title":"\u4f7f\u7528\u200b\u65b9\u6cd5","text":""},{"location":"advance/multi-nic/#kube-ovn-multus","title":"\u5b89\u88c5\u200b Kube-OVN \u200b\u548c\u200b Multus","text":"\u200b\u8bf7\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b \u200b\u548c\u200b Multus how to use \u200b\u6765\u200b\u5b89\u88c5\u200b Kube-OVN \u200b\u548c\u200b Multus-CNI\u3002
"},{"location":"advance/multi-nic/#cni-ipam","title":"\u4e3a\u200b\u5176\u4ed6\u200b CNI \u200b\u63d0\u4f9b\u200b IPAM","text":"\u200b\u6b64\u65f6\u200b\u4e3b\u200b\u7f51\u5361\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\uff0c\u200b\u9644\u5c5e\u200b\u7f51\u5361\u200b\u4e3a\u200b\u5176\u4ed6\u200b\u7c7b\u578b\u200b CNI\u3002
"},{"location":"advance/multi-nic/#networkattachmentdefinition","title":"\u521b\u5efa\u200b NetworkAttachmentDefinition","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b macvlan \u200b\u4f5c\u4e3a\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u7b2c\u4e8c\u4e2a\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u5176\u200b ipam \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b kube-ovn\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: macvlan\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth0\",\n \"mode\": \"bridge\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"macvlan.default\"\n }\n }'\n
spec.config.ipam.type: \u200b\u9700\u8981\u200b\u4e3a\u200b kube-ovn \u200b\u6765\u200b\u8c03\u7528\u200b kube-ovn \u200b\u7684\u200b\u63d2\u4ef6\u200b\u6765\u200b\u83b7\u53d6\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\u3002server_socket: Kube-OVN \u200b\u901a\u4fe1\u200b\u4f7f\u7528\u200b\u7684\u200b socket \u200b\u6587\u4ef6\u200b\u3002 \u200b\u9ed8\u8ba4\u200b\u4f4d\u7f6e\u200b\u4e3a\u200b /run/openvswitch/kube-ovn-daemon.sock\u3002provider: \u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace> , Kube-OVN \u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u8fd9\u4e9b\u200b\u4fe1\u606f\u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u8d44\u6e90\u200b\u3002
"},{"location":"advance/multi-nic/#kube-ovn","title":"\u9644\u5c5e\u200b\u7f51\u5361\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361","text":"\u200b\u6b64\u65f6\u200b\u591a\u5757\u200b\u7f51\u5361\u200b\u5747\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\u3002
"},{"location":"advance/multi-nic/#networkattachmentdefinition_1","title":"\u521b\u5efa\u200b NetworkAttachmentDefinition","text":"\u200b\u5c06\u200b provider \u200b\u7684\u200b\u540e\u7f00\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b ovn\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: attachnet\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"attachnet.default.ovn\"\n }'\n
spec.config.type: \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b kube-ovn \u200b\u6765\u200b\u89e6\u53d1\u200b CNI \u200b\u63d2\u4ef6\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u5b50\u7f51\u200b\u3002server_socket: Kube-OVN \u200b\u901a\u4fe1\u200b\u4f7f\u7528\u200b\u7684\u200b socket \u200b\u6587\u4ef6\u200b\u3002 \u200b\u9ed8\u8ba4\u200b\u4f4d\u7f6e\u200b\u4e3a\u200b /run/openvswitch/kube-ovn-daemon.sock\u3002provider: \u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace>.ovn , Kube-OVN \u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u8fd9\u4e9b\u200b\u4fe1\u606f\u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u8d44\u6e90\u200b\uff0c\u200b\u6ce8\u610f\u200b\u540e\u7f00\u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b ovn\u3002
"},{"location":"advance/multi-nic/#kube-ovn-subnet","title":"\u521b\u5efa\u200b\u4e00\u4e2a\u200b Kube-OVN Subnet","text":"\u200b\u521b\u5efa\u200b\u4e00\u4e2a\u200b Kube-OVN Subnet,\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b cidrBlock \u200b\u548c\u200b exclude_ips, provider \u200b\u5e94\u8be5\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace>, \u200b\u4f8b\u5982\u200b\u7528\u200b macvlan \u200b\u63d0\u4f9b\u200b\u9644\u52a0\u200b\u7f51\u5361\u200b\uff0c\u200b\u521b\u5efa\u200b Subnet \u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: macvlan\nspec:\n protocol: IPv4\n provider: macvlan.default\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n excludeIps:\n - 172.17.0.0..172.17.0.10\n
gateway, private, nat \u200b\u53ea\u200b\u5bf9\u200b provider \u200b\u7c7b\u578b\u200b\u4e3a\u200b ovn \u200b\u7684\u200b\u7f51\u7edc\u200b\u751f\u6548\u200b\uff0c\u200b\u4e0d\u9002\u200b\u7528\u4e8e\u200b attachment network\u3002
\u200b\u5982\u679c\u200b\u4ee5\u200b Kube-OVN \u200b\u4f5c\u4e3a\u200b\u9644\u52a0\u200b\u7f51\u5361\u200b\uff0c\u200b\u5219\u200b provider \u200b\u5e94\u8be5\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace>.ovn\uff0c\u200b\u5e76\u200b\u8981\u200b\u4ee5\u200b ovn \u200b\u4f5c\u4e3a\u200b\u540e\u7f00\u200b\u7ed3\u675f\u200b\u3002 \u200b\u7528\u200b Kube-OVN \u200b\u63d0\u4f9b\u200b\u9644\u52a0\u200b\u7f51\u5361\u200b\uff0c\u200b\u521b\u5efa\u200b Subnet \u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attachnet\nspec:\n protocol: IPv4\n provider: attachnet.default.ovn\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n excludeIps:\n - 172.17.0.0..172.17.0.10\n
"},{"location":"advance/multi-nic/#pod","title":"\u521b\u5efa\u200b\u4e00\u4e2a\u591a\u200b\u7f51\u7edc\u200b\u7684\u200b Pod","text":"\u200b\u5bf9\u4e8e\u200b\u5730\u5740\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u7684\u200b Pod\uff0c\u200b\u53ea\u200b\u9700\u8981\u200b\u6dfb\u52a0\u200b\u5982\u4e0b\u200b annotation k8s.v1.cni.cncf.io/networks,\u200b\u53d6\u503c\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <namespace>/<name>\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: samplepod\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\nspec:\n containers:\n - name: samplepod\n command: [\"/bin/ash\", \"-c\", \"trap : TERM INT; sleep infinity & wait\"]\n image: docker.io/library/alpine:edge\n
"},{"location":"advance/multi-nic/#ip-pod","title":"\u521b\u5efa\u200b\u56fa\u5b9a\u200b IP \u200b\u7684\u200b Pod","text":"\u200b\u5bf9\u4e8e\u200b\u56fa\u5b9a\u200b IP \u200b\u7684\u200b Pod\uff0c\u200b\u6dfb\u52a0\u200b <networkAttachmentName>.<networkAttachmentNamespace>.kubernetes.io/ip_address annotation\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: static-ip\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\n macvlan.default.kubernetes.io/ip_address: 172.17.0.100\n macvlan.default.kubernetes.io/mac_address: 00:00:00:53:6B:BB\nspec:\n containers:\n - name: static-ip\n image: docker.io/library/nginx:alpine\n
"},{"location":"advance/multi-nic/#ip","title":"\u521b\u5efa\u200b\u4f7f\u7528\u200b\u56fa\u5b9a\u200b IP \u200b\u7684\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d","text":"\u200b\u5bf9\u4e8e\u200b\u4f7f\u7528\u200b ippool \u200b\u7684\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b, \u200b\u6dfb\u52a0\u200b <networkAttachmentName>.<networkAttachmentNamespace>.kubernetes.io/ip_pool annotations:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n namespace: default\n name: static-workload\n labels:\n app: static-workload\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: static-workload\n template:\n metadata:\n labels:\n app: static-workload\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\n ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17\n macvlan.default.kubernetes.io/ip_pool: 172.17.0.200,172.17.0.201,172.17.0.202\n spec:\n containers:\n - name: static-workload\n image: docker.io/library/nginx:alpine\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/nat-policy-rule/","title":"\u9ed8\u8ba4\u200b VPC NAT \u200b\u7b56\u7565\u200b\u89c4\u5219","text":""},{"location":"advance/nat-policy-rule/#_1","title":"\u7528\u9014","text":"\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Overlay \u200b\u5b50\u7f51\u200b\uff0c\u200b\u6253\u5f00\u200b natOutgoing \u200b\u5f00\u5173\u200b\u65f6\u200b\uff0cSubnet \u200b\u4e0b\u200b\u7684\u200b\u6240\u6709\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u90fd\u200b\u9700\u8981\u200b\u505a\u200b SNAT \u200b\u6210\u200b\u8282\u70b9\u200b\u7684\u200b IP\uff0c\u200b\u4f46\u662f\u200b\u6709\u4e9b\u200b\u573a\u666f\u200b\u6211\u4eec\u200b\u5e76\u200b\u4e0d\u200b\u5e0c\u671b\u200b\u5b50\u7f51\u200b\u5185\u200b\u6240\u6709\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u90fd\u200b\u505a\u200b SNAT\u3002
\u200b\u56e0\u6b64\u200b NAT \u200b\u7b56\u7565\u200b\u5c31\u662f\u200b\u4e3a\u4e86\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b\u63a5\u53e3\u200b\u8ba9\u200b\u7528\u6237\u200b\u51b3\u5b9a\u200b\u5b50\u7f51\u200b\u5185\u200b\u7684\u200b\u54ea\u4e9b\u200b CIDR \u200b\u6216\u8005\u200b IP \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u505a\u200b SNAT\u3002
"},{"location":"advance/nat-policy-rule/#_2","title":"\u4f7f\u7528\u200b\u65b9\u6cd5","text":"\u200b\u5728\u200b subnet.Spec \u200b\u4e2d\u200b\u5f00\u542f\u200b natOutgoing \u200b\u5f00\u5173\u200b\uff0c \u200b\u5e76\u4e14\u200b\u6dfb\u52a0\u200b\u5b57\u200b\u6bb5\u200b natOutgoingPolicyRules \u200b\u5982\u4e0b\u200b\uff1a
spec:\n natOutgoing: true\n natOutgoingPolicyRules:\n - action: forward\n match:\n srcIPs: 10.0.11.0/30,10.0.11.254\n - action: nat\n match:\n srcIPs: 10.0.11.128/26\n dstIPs: 114.114.114.114,8.8.8.8\n
\u200b\u4ee5\u4e0a\u200b\u6848\u4f8b\u200b\u8868\u793a\u200b\u6709\u200b\u4e24\u6761\u200b NAT \u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\uff1a
- \u200b\u6e90\u200b IP \u200b\u662f\u200b 10.0.11.0/30 \u200b\u6216\u8005\u200b 10.0.11.254 \u200b\u7684\u200b\u62a5\u6587\u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u65f6\u200b\u4e0d\u4f1a\u200b\u505a\u200b SNAT\u3002
- \u200b\u6e90\u200b IP \u200b\u662f\u200b 10.0.11.128/26 \u200b\u5e76\u4e14\u200b\u76ee\u7684\u200b IP \u200b\u662f\u200b 114.114.114.114 \u200b\u6216\u8005\u200b 8.8.8.8 \u200b\u7684\u200b\u62a5\u6587\u200b\u8bbf\u95ee\u200b\u5916\u200b\u7f51\u200b\u65f6\u4f1a\u200b\u505a\u200b SNAT\u3002
\u200b\u5b57\u200b\u6bb5\u200b\u63cf\u8ff0\u200b\uff1a
action\uff1a\u200b\u6ee1\u8db3\u200b match \u200b\u5bf9\u5e94\u200b\u6761\u4ef6\u200b\u7684\u200b\u62a5\u6587\u200b\uff0c\u200b\u4f1a\u200b\u6267\u884c\u200b\u7684\u200b action, action \u200b\u5206\u4e3a\u200b\u4e24\u79cd\u200b forward \u200b\u548c\u200b nat \uff0cforward \u200b\u8868\u793a\u200b\u62a5\u6587\u200b\u51fa\u5916\u200b\u7f51\u4e0d\u505a\u200b SNAT, nat \u200b\u8868\u793a\u200b\u62a5\u6587\u200b\u51fa\u5916\u200b\u7f51\u505a\u200b SNAT\u3002 \u200b\u6ca1\u6709\u200b\u914d\u7f6e\u200b natOutgoingPolicyRules \u200b\u65f6\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u62a5\u6587\u200b\u4ecd\u7136\u200b\u662f\u200b\u505a\u200b SNAT\u3002
match\uff1a\u200b\u8868\u793a\u200b\u62a5\u6587\u200b\u7684\u200b\u5339\u914d\u6bb5\u200b\uff0c\u200b\u5339\u914d\u6bb5\u200b\u6709\u200b srcIPs \u200b\u548c\u200b dstIPs\uff0c \u200b\u8fd9\u91cc\u200b\u8868\u793a\u200b\u4ece\u200b\u5b50\u7f51\u200b\u5185\u5230\u200b\u5916\u7f51\u200b\u65b9\u5411\u200b\u4e0a\u200b\u7684\u200b\u62a5\u6587\u200b\u7684\u200b\u6e90\u200b IP \u200b\u548c\u200b \u200b\u76ee\u7684\u200b IP\u3002match.srcIPs \u200b\u548c\u200b match.dstIPs \u200b\u652f\u6301\u200b\u591a\u4e2a\u200b CIDR \u200b\u548c\u200b IP\uff0c\u200b\u4e4b\u95f4\u200b\u7528\u200b\u9017\u53f7\u200b\u95f4\u9694\u200b\u3002
\u200b\u5982\u679c\u200b\u51fa\u73b0\u200b\u591a\u4e2a\u200b match \u200b\u89c4\u5219\u200b\u91cd\u53e0\u200b\uff0c\u200b\u5219\u200b\u6309\u7167\u200b natOutgoingPolicyRules \u200b\u6570\u7ec4\u200b\u987a\u5e8f\u200b\u8fdb\u884c\u200b\u5339\u914d\u200b\uff0c\u200b\u6700\u5148\u200b\u88ab\u200b\u5339\u914d\u200b\u7684\u200b action \u200b\u4f1a\u200b\u88ab\u200b\u6267\u884c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/node-local-dns/","title":"\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58\u200b\u548c\u200b Kube-OVN \u200b\u9002\u914d","text":"NodeLocal DNSCache \u200b\u662f\u200b\u901a\u8fc7\u200b\u96c6\u7fa4\u200b\u8282\u70b9\u200b\u4e0a\u200b\u4f5c\u4e3a\u200b DaemonSet \u200b\u8fd0\u884c\u200b DNS \u200b\u7f13\u5b58\u200b\u6765\u200b\u63d0\u9ad8\u200b\u96c6\u7fa4\u200b DNS \u200b\u6027\u80fd\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u548c\u200b Kube-OVN \u200b\u9002\u914d\u200b\u3002
"},{"location":"advance/node-local-dns/#dns","title":"\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58\u200b\u90e8\u7f72","text":""},{"location":"advance/node-local-dns/#kubernetes-dns","title":"\u90e8\u7f72\u200b Kubernetes \u200b\u7684\u200b\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58","text":"\u200b\u8be5\u200b\u6b65\u9aa4\u200b\u53c2\u8003\u200b Kubernetes \u200b\u5b98\u7f51\u200b\u914d\u7f6e\u200b Nodelocaldnscache\u3002
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u200b\u811a\u672c\u200b\u90e8\u7f72\u200b\uff1a
#!bin/bash\n\nlocaldns=169.254.20.10\ndomain=cluster.local\nkubedns=10.96.0.10\n\nwget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml\nsed -i \"s/__PILLAR__LOCAL__DNS__/$localdns/g; s/__PILLAR__DNS__DOMAIN__/$domain/g; s/,__PILLAR__DNS__SERVER__//g; s/__PILLAR__CLUSTER__DNS__/$kubedns/g\" nodelocaldns.yaml\n\nkubectl apply -f nodelocaldns.yaml\n
\u200b\u4fee\u6539\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b kubelet \u200b\u914d\u7f6e\u6587\u4ef6\u200b\uff0c\u200b\u5c06\u200b /var/lib/kubelet/config.yaml \u200b\u4e2d\u200b\u7684\u200b clusterDNS \u200b\u5b57\u200b\u6bb5\u200b\u4fee\u6539\u200b\u4e3a\u200b\u672c\u5730\u200b DNS IP 169.254.20.10\uff0c\u200b\u7136\u540e\u200b\u91cd\u542f\u200b kubelet \u200b\u670d\u52a1\u200b\u3002
"},{"location":"advance/node-local-dns/#kube-ovn-dns","title":"Kube-OVN \u200b\u76f8\u5e94\u200b DNS \u200b\u914d\u7f6e","text":"\u200b\u90e8\u7f72\u200b\u597d\u200b Kubernetes \u200b\u7684\u200b Nodelocal DNScache \u200b\u7ec4\u4ef6\u200b\u540e\u200b\uff0c Kube-OVN \u200b\u9700\u8981\u200b\u505a\u51fa\u200b\u4e0b\u9762\u200b\u4fee\u6539\u200b\uff1a
"},{"location":"advance/node-local-dns/#underlay-subnet-u2o","title":"Underlay Subnet \u200b\u5f00\u542f\u200b U2O \u200b\u5f00\u5173","text":"\u200b\u5982\u679c\u200b\u662f\u200b Underlay Subnet \u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u672c\u5730\u200b DNS \u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b U2O \u200b\u529f\u80fd\u200b\uff0c\u200b\u5373\u200b\u5728\u200b kubectl edit subnet {your subnet} \u200b\u4e2d\u200b\u914d\u7f6e\u200b spec.u2oInterconnection = true , \u200b\u5982\u679c\u200b\u662f\u200b Overlay Subnet \u200b\u5219\u200b\u4e0d\u200b\u9700\u8981\u200b\u8fd9\u6b65\u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"advance/node-local-dns/#kube-ovn-controller-dns-ip","title":"\u7ed9\u200b Kube-ovn-controller \u200b\u6307\u5b9a\u200b\u5bf9\u5e94\u200b\u7684\u200b\u672c\u5730\u200b DNS IP","text":"kubectl edit deployment kube-ovn-controller -n kube-system\n
\u200b\u7ed9\u200b spec.template.spec.containers.args \u200b\u589e\u52a0\u200b\u5b57\u200b\u6bb5\u200b --node-local-dns-ip=169.254.20.10
"},{"location":"advance/node-local-dns/#pod","title":"\u91cd\u5efa\u200b\u5df2\u7ecf\u200b\u521b\u5efa\u200b\u7684\u200b Pod","text":"\u200b\u8fd9\u6b65\u200b\u539f\u56e0\u200b\u662f\u200b\u8ba9\u200b Pod \u200b\u91cd\u65b0\u200b\u751f\u6210\u200b /etc/resolv.conf \u200b\u8ba9\u200b nameserver \u200b\u6307\u5411\u200b\u672c\u5730\u200b DNS IP\uff0c\u200b\u5982\u679c\u200b\u6ca1\u6709\u200b\u91cd\u5efa\u200b Pod \u200b\u7684\u200b nameserver \u200b\u5c06\u200b\u4ecd\u7136\u200b\u4f7f\u7528\u200b\u96c6\u7fa4\u200b\u7684\u200b DNS ClusterIP\u3002\u200b\u540c\u65f6\u200b u2o \u200b\u5f00\u5173\u200b\u5982\u679c\u200b\u5f00\u542f\u200b\u4e5f\u200b\u9700\u8981\u200b\u91cd\u5efa\u200b Pod \u200b\u6765\u200b\u91cd\u65b0\u200b\u751f\u6210\u200b Pod \u200b\u7f51\u5173\u200b\u3002
"},{"location":"advance/node-local-dns/#dns_1","title":"\u9a8c\u8bc1\u200b\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58\u200b\u529f\u80fd","text":"\u200b\u4ee5\u4e0a\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b\u540e\u200b\u53ef\u4ee5\u200b\u627e\u5230\u200b Pod \u200b\u9a8c\u8bc1\u200b\u5982\u4e0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b Pod \u200b\u7684\u200b DNS \u200b\u670d\u52a1\u5668\u200b\u662f\u200b\u6307\u5411\u200b\u672c\u5730\u200b 169.254.20.10 \uff0c\u200b\u5e76\u200b\u6210\u529f\u200b\u89e3\u6790\u200b\u57df\u540d\u200b\uff1a
# kubectl exec -it pod1 -- nslookup github.com\nServer: 169.254.20.10\nAddress: 169.254.20.10:53\n\n\nName: github.com\nAddress: 20.205.243.166\n
\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u8282\u70b9\u200b\u6293\u5305\u200b\u9a8c\u8bc1\u200b\u5982\u4e0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b DNS \u200b\u67e5\u8be2\u200b\u62a5\u6587\u200b\u901a\u8fc7\u200b ovn0 \u200b\u7f51\u5361\u200b\u5230\u8fbe\u200b\u672c\u5730\u200b\u7684\u200b DNS \u200b\u670d\u52a1\u200b\uff0cDNS \u200b\u54cd\u5e94\u200b\u62a5\u6587\u200b\u539f\u200b\u8def\u200b\u8fd4\u56de\u200b:
# tcpdump -i any port 53\n\n06:20:00.441889 659246098c56_h P ifindex 17 00:00:00:73:f1:06 ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1291+ A? baidu.com. (27)\n06:20:00.441889 ovn0 In ifindex 7 00:00:00:50:32:cd ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1291+ A? baidu.com. (27)\n06:20:00.441950 659246098c56_h P ifindex 17 00:00:00:73:f1:06 ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1611+ AAAA? baidu.com. (27)\n06:20:00.441950 ovn0 In ifindex 7 00:00:00:50:32:cd ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1611+ AAAA? baidu.com. (27)\n06:20:00.442203 ovn0 Out ifindex 7 00:00:00:52:99:d8 ethertype IPv4 (0x0800), length 145: 169.254.20.10.53 > 10.16.0.2.40230: 1611* 0/1/0 (97)\n06:20:00.442219 659246098c56_h Out ifindex 17 00:00:00:ea:b3:5e ethertype IPv4 (0x0800), length 145: 169.254.20.10.53 > 10.16.0.2.40230: 1611* 0/1/0 (97)\n06:20:00.442273 ovn0 Out ifindex 7 00:00:00:52:99:d8 ethertype IPv4 (0x0800), length 125: 169.254.20.10.53 > 10.16.0.2.40230: 1291* 2/0/0 A 39.156.66.10, A 110.242.68.66 (77)\n06:20:00.442278 659246098c56_h Out ifindex 17 00:00:00:ea:b3:5e ethertype IPv4 (0x0800), length 125: 169.254.20.10.53 > 10.16.0.2.40230: 1291* 2/0/0 A 39.156.66.10, A 110.242.68.66 (77)\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/offload-corigine/","title":"\u82af\u542f\u6e90\u200b\u7f51\u5361\u200b Offload \u200b\u652f\u6301","text":"Kube-OVN \u200b\u5728\u200b\u6700\u7ec8\u200b\u7684\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u4f7f\u7528\u200b OVS \u200b\u6765\u200b\u5b8c\u6210\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u76f8\u5173\u200b\u7684\u200b\u6d41\u8868\u200b\u5339\u914d\u200b\uff0c\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u7b49\u200b\u529f\u80fd\u200b\u4e3a\u200b CPU \u200b\u5bc6\u96c6\u578b\u200b\uff0c\u200b\u5728\u200b\u5927\u200b\u6d41\u91cf\u200b\u4e0b\u4f1a\u200b\u6d88\u8017\u200b\u5927\u91cf\u200b CPU \u200b\u8d44\u6e90\u200b\u5e76\u200b\u5bfc\u81f4\u200b \u200b\u5ef6\u8fdf\u200b\u4e0a\u5347\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u4e0b\u964d\u200b\u3002\u200b\u82af\u542f\u6e90\u200b\u7684\u200b Agilio CX \u200b\u7cfb\u5217\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b\u53ef\u4ee5\u200b\u5c06\u200b OVS \u200b\u76f8\u5173\u200b\u7684\u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\u5230\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u4e2d\u200b\u6267\u884c\u200b\u3002 \u200b\u8be5\u200b\u6280\u672f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u65e0\u9700\u200b\u5bf9\u200b OVS \u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f29\u77ed\u200b\u6570\u636e\u200b\u8def\u5f84\u200b\uff0c\u200b\u907f\u514d\u200b\u5bf9\u200b\u4e3b\u673a\u200b CPU \u200b\u8d44\u6e90\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u5927\u5e45\u200b\u964d\u4f4e\u200b\u5ef6\u8fdf\u200b\u5e76\u200b\u663e\u8457\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002
"},{"location":"advance/offload-corigine/#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":" - \u200b\u82af\u542f\u6e90\u200b Agilio CX \u200b\u7cfb\u5217\u200b\u7684\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u3002
- CentOS 8 Stream \u200b\u6216\u200b\u4e0a\u6e38\u200b Linux 5.7 \u200b\u4ee5\u4e0a\u200b\u5185\u6838\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u5f53\u524d\u200b\u7f51\u5361\u200b\u4e0d\u200b\u652f\u6301\u200b
dp_hash \u200b\u548c\u200b hash \u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\uff0c\u200b\u9700\u200b\u5173\u95ed\u200b OVN LB \u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/offload-corigine/#sr-iov","title":"\u8bbe\u7f6e\u200b\u7f51\u5361\u200b SR-IOV \u200b\u6a21\u5f0f","text":"\u200b\u7528\u6237\u200b\u53ef\u200b\u53c2\u8003\u200b Agilio Open vSwitch TC User Guide \u200b\u83b7\u5f97\u200b\u8be5\u200b\u7f51\u5361\u200b\u4f7f\u7528\u200b\u7684\u200b\u66f4\u200b\u591a\u200b\u8be6\u7ec6\u4fe1\u606f\u200b\u3002
\u200b\u4fdd\u5b58\u200b\u4e0b\u5217\u200b\u811a\u672c\u200b\u7528\u4e8e\u200b\u540e\u7eed\u200b\u6267\u884c\u200b\u56fa\u4ef6\u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b\uff1a
#!/bin/bash\nDEVICE=${1}\nDEFAULT_ASSY=scan\nASSY=${2:-${DEFAULT_ASSY}}\nAPP=${3:-flower}\n\nif [ \"x${DEVICE}\" = \"x\" -o ! -e /sys/class/net/${DEVICE} ]; then\n echo Syntax: ${0} device [ASSY] [APP]\n echo\n echo This script associates the TC Offload firmware\n echo with a Netronome SmartNIC.\n echo\n echo device: is the network device associated with the SmartNIC\n echo ASSY: defaults to ${DEFAULT_ASSY}\n echo APP: defaults to flower. flower-next is supported if updated\n echo firmware has been installed.\n exit 1\nfi\n\n# It is recommended that the assembly be determined by inspection\n# The following code determines the value via the debug interface\nif [ \"${ASSY}x\" = \"scanx\" ]; then\n ethtool -W ${DEVICE} 0\n DEBUG=$(ethtool -w ${DEVICE} data /dev/stdout | strings)\n SERIAL=$(echo \"${DEBUG}\" | grep \"^SN:\")\n ASSY=$(echo ${SERIAL} | grep -oE AMDA[0-9]{4})\nfi\n\nPCIADDR=$(basename $(readlink -e /sys/class/net/${DEVICE}/device))\nFWDIR=\"/lib/firmware/netronome\"\n\n# AMDA0081 and AMDA0097 uses the same firmware\nif [ \"${ASSY}\" = \"AMDA0081\" ]; then\n if [ ! -e ${FWDIR}/${APP}/nic_AMDA0081.nffw ]; then\n ln -sf nic_AMDA0097.nffw ${FWDIR}/${APP}/nic_AMDA0081.nffw\n fi\nfi\n\nFW=\"${FWDIR}/pci-${PCIADDR}.nffw\"\nln -sf \"${APP}/nic_${ASSY}.nffw\" \"${FW}\"\n\n# insert distro-specific initramfs section here...\n
\u200b\u5207\u6362\u200b\u56fa\u4ef6\u200b\u9009\u9879\u200b\u5e76\u200b\u91cd\u8f7d\u200b\u9a71\u52a8\u200b\uff1a
./agilio-tc-fw-select.sh ens47np0 scan\nrmmod nfp\nmodprobe nfp\n
\u200b\u68c0\u67e5\u200b\u53ef\u7528\u200b VF \u200b\u6570\u91cf\u200b\uff0c\u200b\u5e76\u200b\u521b\u5efa\u200b VF\uff1a
# cat /sys/class/net/ens3/device/sriov_totalvfs\n65\n\n# echo 4 > /sys/class/net/ens47/device/sriov_numvfs\n
"},{"location":"advance/offload-corigine/#sr-iov-device-plugin","title":"\u5b89\u88c5\u200b SR-IOV Device Plugin","text":"\u200b\u7531\u4e8e\u200b\u6bcf\u4e2a\u200b\u673a\u5668\u200b\u7684\u200b VF \u200b\u6570\u91cf\u200b\u6709\u9650\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4f7f\u7528\u200b\u52a0\u901f\u200b\u7684\u200b Pod \u200b\u4f1a\u200b\u5360\u7528\u200b VF \u200b\u8d44\u6e90\u200b\uff0c\u200b\u6211\u4eec\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b SR-IOV Device Plugin \u200b\u7ba1\u7406\u200b\u76f8\u5e94\u200b\u8d44\u6e90\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u8c03\u5ea6\u200b\u5668\u200b\u77e5\u9053\u200b\u5982\u4f55\u200b\u6839\u636e\u200b \u200b\u8d44\u6e90\u200b\u8fdb\u884c\u200b\u8c03\u5ea6\u200b\u3002
\u200b\u521b\u5efa\u200b SR-IOV \u200b\u76f8\u5173\u200b Configmap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sriovdp-config\n namespace: kube-system\ndata:\n config.json: |\n {\n \"resourceList\": [{\n \"resourcePrefix\": \"corigine.com\",\n \"resourceName\": \"agilio_sriov\",\n \"selectors\": {\n \"vendors\": [\"19ee\"],\n \"devices\": [\"6003\"],\n \"drivers\": [\"nfp_netvf\"]\n }\n }\n ]\n }\n
\u200b\u53c2\u8003\u200b SR-IOV \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b:
kubectl apply -f https://raw.githubusercontent.com/intel/sriov-network-device-plugin/master/deployments/k8s-v1.16/sriovdp-daemonset.yaml\n
\u200b\u68c0\u67e5\u200b SR-IOV \u200b\u8d44\u6e90\u200b\u662f\u5426\u200b\u5df2\u7ecf\u200b\u6ce8\u518c\u200b\u5230\u200b Kubernetes Node \u200b\u4e2d\u200b\uff1a
kubectl describe no containerserver | grep corigine\n\ncorigine.com/agilio_sriov: 4\ncorigine.com/agilio_sriov: 4\ncorigine.com/agilio_sriov 0 0\n
"},{"location":"advance/offload-corigine/#multus-cni","title":"\u5b89\u88c5\u200b Multus-CNI","text":"SR-IOV Device Plugin \u200b\u8c03\u5ea6\u200b\u65f6\u200b\u83b7\u5f97\u200b\u7684\u200b\u8bbe\u5907\u200b ID \u200b\u9700\u8981\u200b\u901a\u8fc7\u200b Multus-CNI \u200b\u4f20\u9012\u200b\u7ed9\u200b Kube-OVN\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b Multus-CNI \u200b\u914d\u5408\u200b\u5b8c\u6210\u200b\u76f8\u5173\u200b\u4efb\u52a1\u200b\u3002
\u200b\u53c2\u8003\u200b Multus-CNI \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset.yml\n
\u200b\u521b\u5efa\u200b NetworkAttachmentDefinition\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: default\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/resourceName: corigine.com/agilio_sriov\nspec:\n config: '{\n \"cniVersion\": \"0.3.1\",\n \"name\": \"kube-ovn\",\n \"plugins\":[\n {\n \"type\":\"kube-ovn\",\n \"server_socket\":\"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"default.default.ovn\"\n },\n {\n \"type\":\"portmap\",\n \"capabilities\":{\n \"portMappings\":true\n }\n }\n ]\n}'\n
provider: \u200b\u683c\u5f0f\u200b\u4e3a\u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {name}.{namespace}.ovn\u3002
"},{"location":"advance/offload-corigine/#kube-ovn","title":"Kube-OVN \u200b\u4e2d\u200b\u5f00\u542f\u200b\u5378\u8f7d\u200b\u6a21\u5f0f","text":"\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u4fee\u6539\u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\uff0cIFACE \u200b\u9700\u8981\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u8be5\u200b\u7f51\u5361\u200b\u9700\u8981\u200b\u6709\u200b\u53ef\u200b\u8def\u7531\u200b IP\uff1a
ENABLE_MIRROR=${ENABLE_MIRROR:-false}\nHW_OFFLOAD=${HW_OFFLOAD:-true}\nENABLE_LB=${ENABLE_LB:-false}\nIFACE=\"ensp01\"\n
\u200b\u5b89\u88c5\u200b Kube-OVN\uff1a
bash install.sh\n
"},{"location":"advance/offload-corigine/#vf-pod","title":"\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u7f51\u5361\u200b\u7684\u200b Pod","text":"\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5982\u4e0b\u200b yaml \u200b\u683c\u5f0f\u200b\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u8fdb\u884c\u200b\u7f51\u7edc\u200b\u5378\u8f7d\u200b\u52a0\u901f\u200b\u7684\u200b Pod:
apiVersion: v1\nkind: Pod\nmetadata:\n name: nginx\n namespace: default\n annotations:\n v1.multus-cni.io/default-network: default/default\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n resources:\n requests:\n corigine.com/agilio_sriov: '1'\n limits:\n corigine.com/agilio_sriov: '1'\n
v1.multus-cni.io/default-network: \u200b\u4e3a\u200b\u4e0a\u200b\u4e00\u200b\u6b65\u9aa4\u200b\u4e2d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {namespace}/{name}\u3002
\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5728\u200b Pod \u200b\u8fd0\u884c\u200b\u8282\u70b9\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\u4e2d\u200b\u8fd0\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u89c2\u5bdf\u200b\u5378\u8f7d\u200b\u662f\u5426\u200b\u6210\u529f\u200b\uff1a
# ovs-appctl dpctl/dump-flows -m type=offloaded\nufid:91cc45de-e7e9-4935-8f82-1890430b0f66, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(5b45c61b307e_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:c5:6d:4e,dst=00:00:00:e7:16:ce),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:941539, bytes:62142230, used:0.260s, offloaded:yes, dp:tc, actions:54235e5753b8_h\nufid:e00768d7-e652-4d79-8182-3291d852b791, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(54235e5753b8_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:e7:16:ce,dst=00:00:00:c5:6d:4e),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:82386659, bytes:115944854173, used:0.260s, offloaded:yes, dp:tc, actions:5b45c61b307e_h\n
\u200b\u5982\u679c\u200b\u6709\u200b offloaded:yes, dp:tc \u200b\u5185\u5bb9\u200b\u8bc1\u660e\u200b\u5378\u8f7d\u200b\u6210\u529f\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/offload-mellanox/","title":"Mellanox \u200b\u7f51\u5361\u200b Offload \u200b\u652f\u6301","text":"Kube-OVN \u200b\u5728\u200b\u6700\u7ec8\u200b\u7684\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u4f7f\u7528\u200b OVS \u200b\u6765\u200b\u5b8c\u6210\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u76f8\u5173\u200b\u7684\u200b\u6d41\u8868\u200b\u5339\u914d\u200b\uff0c\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u7b49\u200b\u529f\u80fd\u200b\u4e3a\u200b CPU \u200b\u5bc6\u96c6\u578b\u200b\uff0c\u200b\u5728\u200b\u5927\u200b\u6d41\u91cf\u200b\u4e0b\u4f1a\u200b\u6d88\u8017\u200b\u5927\u91cf\u200b CPU \u200b\u8d44\u6e90\u200b\u5e76\u200b\u5bfc\u81f4\u200b \u200b\u5ef6\u8fdf\u200b\u4e0a\u5347\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u4e0b\u964d\u200b\u3002Mellanox \u200b\u7684\u200b Accelerated Switching And Packet Processing (ASAP\u00b2) \u200b\u6280\u672f\u200b\u53ef\u4ee5\u200b\u5c06\u200b OVS \u200b\u76f8\u5173\u200b\u7684\u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\u5230\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u5185\u200b\u7684\u200b eSwitch \u200b\u4e0a\u200b\u6267\u884c\u200b\u3002\u200b\u8be5\u200b\u6280\u672f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u65e0\u9700\u200b\u5bf9\u200b OVS \u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f29\u77ed\u200b\u6570\u636e\u200b\u8def\u5f84\u200b\uff0c\u200b\u907f\u514d\u200b\u5bf9\u200b\u4e3b\u673a\u200b CPU \u200b\u8d44\u6e90\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u5927\u5e45\u200b\u964d\u4f4e\u200b\u5ef6\u8fdf\u200b\u5e76\u200b\u663e\u8457\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002
"},{"location":"advance/offload-mellanox/#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":" - Mellanox CX5/CX6/CX7/BlueField \u200b\u7b49\u200b\u652f\u6301\u200b ASAP\u00b2 \u200b\u7684\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u3002
- CentOS 8 Stream \u200b\u6216\u200b\u4e0a\u6e38\u200b Linux 5.7 \u200b\u4ee5\u4e0a\u200b\u5185\u6838\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u5f53\u524d\u200b\u7f51\u5361\u200b\u4e0d\u200b\u652f\u6301\u200b
dp_hash \u200b\u548c\u200b hash \u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\uff0c\u200b\u9700\u200b\u5173\u95ed\u200b OVN LB \u200b\u529f\u80fd\u200b\u3002 - \u200b\u4e3a\u4e86\u200b\u652f\u6301\u200b\u5378\u8f7d\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u7f51\u5361\u200b\u4e0d\u80fd\u200b\u505a\u200b bond\u3002
"},{"location":"advance/offload-mellanox/#sr-iov-device-plugin","title":"\u914d\u7f6e\u200b SR-IOV \u200b\u548c\u200b Device Plugin","text":"Mellanox \u200b\u7f51\u5361\u200b\u652f\u6301\u200b\u4e24\u79cd\u200b\u914d\u7f6e\u200b offload \u200b\u7684\u200b\u65b9\u5f0f\u200b\uff0c\u200b\u4e00\u79cd\u200b\u624b\u52a8\u200b\u914d\u7f6e\u200b\u7f51\u5361\u200b SR-IOV \u200b\u548c\u200b Device Plugin\uff0c\u200b\u53e6\u200b\u4e00\u79cd\u200b\u901a\u8fc7\u200b sriov-network-operator \u200b\u8fdb\u884c\u200b\u81ea\u52a8\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"advance/offload-mellanox/#sr-iov-device-plugin_1","title":"\u624b\u52a8\u200b\u914d\u7f6e\u200b SR-IOV \u200b\u548c\u200b Device Plugin","text":"\u200b\u67e5\u8be2\u200b\u7f51\u5361\u200b\u7684\u200b\u8bbe\u5907\u200b ID\uff0c\u200b\u4e0b\u9762\u200b\u7684\u200b\u4f8b\u5b50\u200b\u4e2d\u4e3a\u200b 42:00.0\uff1a
# lspci -nn | grep ConnectX-5\n42:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n
\u200b\u6839\u636e\u200b\u8bbe\u5907\u200b ID \u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7f51\u5361\u200b\uff1a
# ls -l /sys/class/net/ | grep 42:00.0\nlrwxrwxrwx. 1 root root 0 Jul 22 23:16 p4p1 -> ../../devices/pci0000:40/0000:40:02.0/0000:42:00.0/net/p4p1\n
\u200b\u68c0\u67e5\u200b\u53ef\u7528\u200b VF \u200b\u6570\u91cf\u200b\uff1a
# cat /sys/class/net/p4p1/device/sriov_totalvfs\n8\n
\u200b\u521b\u5efa\u200b VF\uff0c\u200b\u603b\u6570\u200b\u4e0d\u8981\u200b\u8d85\u8fc7\u200b\u4e0a\u9762\u200b\u67e5\u8be2\u200b\u51fa\u200b\u7684\u200b\u6570\u91cf\u200b\uff1a
# echo '4' > /sys/class/net/p4p1/device/sriov_numvfs\n# ip link show p4p1\n10: p4p1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000\n link/ether b8:59:9f:c1:ec:12 brd ff:ff:ff:ff:ff:ff\n vf 0 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 1 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 2 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 3 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n# ip link set p4p1 up\n
\u200b\u627e\u5230\u200b\u4e0a\u8ff0\u200b VF \u200b\u5bf9\u5e94\u200b\u7684\u200b\u8bbe\u5907\u200b ID\uff1a
# lspci -nn | grep ConnectX-5\n42:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n42:00.1 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n42:00.2 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.3 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.4 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.5 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n
\u200b\u5c06\u200b VF \u200b\u4ece\u200b\u9a71\u52a8\u200b\u4e2d\u89e3\u200b\u7ed1\u200b\uff1a
echo 0000:42:00.2 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.3 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.4 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.5 > /sys/bus/pci/drivers/mlx5_core/unbind\n
\u200b\u5f00\u542f\u200b eSwitch \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u786c\u4ef6\u200b\u5378\u8f7d\u200b\uff1a
devlink dev eswitch set pci/0000:42:00.0 mode switchdev\nethtool -K enp66s0f0 hw-tc-offload on\n
\u200b\u91cd\u65b0\u200b\u7ed1\u5b9a\u200b\u9a71\u52a8\u200b\uff0c\u200b\u5b8c\u6210\u200b VF \u200b\u8bbe\u7f6e\u200b\uff1a
echo 0000:42:00.2 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.3 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.4 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.5 > /sys/bus/pci/drivers/mlx5_core/bind\n
NetworkManager \u200b\u7684\u200b\u4e00\u4e9b\u200b\u884c\u4e3a\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u9a71\u52a8\u200b\u5f02\u5e38\u200b\uff0c\u200b\u5982\u679c\u200b\u5378\u8f7d\u200b\u51fa\u73b0\u200b\u95ee\u9898\u200b\u5efa\u8bae\u200b\u5173\u95ed\u200b NetworkManager \u200b\u518d\u200b\u8fdb\u884c\u200b\u5c1d\u8bd5\u200b\uff1a
systemctl stop NetworkManager\nsystemctl disable NetworkManager\n
\u200b\u7531\u4e8e\u200b\u6bcf\u4e2a\u200b\u673a\u5668\u200b\u7684\u200b VF \u200b\u6570\u91cf\u200b\u4f18\u5148\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4f7f\u7528\u200b\u52a0\u901f\u200b\u7684\u200b Pod \u200b\u4f1a\u200b\u5360\u7528\u200b VF \u200b\u8d44\u6e90\u200b\uff0c\u200b\u6211\u4eec\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b SR-IOV Device Plugin \u200b\u7ba1\u7406\u200b\u76f8\u5e94\u200b\u8d44\u6e90\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u8c03\u5ea6\u200b\u5668\u200b\u77e5\u9053\u200b\u5982\u4f55\u200b\u6839\u636e\u200b \u200b\u8d44\u6e90\u200b\u8fdb\u884c\u200b\u8c03\u5ea6\u200b\u3002
\u200b\u521b\u5efa\u200b SR-IOV \u200b\u76f8\u5173\u200b Configmap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sriovdp-config\n namespace: kube-system\ndata:\n config.json: |\n {\n \"resourceList\": [{\n \"resourcePrefix\": \"mellanox.com\",\n \"resourceName\": \"cx5_sriov_switchdev\",\n \"selectors\": {\n \"vendors\": [\"15b3\"],\n \"devices\": [\"1018\"],\n \"drivers\": [\"mlx5_core\"]\n }\n }\n ]\n }\n
\u200b\u53c2\u8003\u200b SR-IOV \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b:
kubectl apply -f https://raw.githubusercontent.com/intel/sriov-network-device-plugin/master/deployments/k8s-v1.16/sriovdp-daemonset.yaml\n
\u200b\u68c0\u67e5\u200b SR-IOV \u200b\u8d44\u6e90\u200b\u662f\u5426\u200b\u5df2\u7ecf\u200b\u6ce8\u518c\u200b\u5230\u200b Kubernetes Node \u200b\u4e2d\u200b\uff1a
kubectl describe node kube-ovn-01 | grep mellanox\n\nmellanox.com/cx5_sriov_switchdev: 4\nmellanox.com/cx5_sriov_switchdev: 4\nmellanox.com/cx5_sriov_switchdev 0 0\n
"},{"location":"advance/offload-mellanox/#sriov-network-operator-sr-iov-device-plugin","title":"\u4f7f\u7528\u200b sriov-network-operator \u200b\u914d\u7f6e\u200b SR-IOV \u200b\u548c\u200b Device Plugin","text":"\u200b\u5b89\u88c5\u200b node-feature-discovery \u200b\u81ea\u52a8\u68c0\u6d4b\u200b\u786c\u4ef6\u200b\u7684\u200b\u529f\u80fd\u200b\u548c\u200b\u7cfb\u7edf\u914d\u7f6e\u200b:
kubectl apply -k https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.11.3\n
\u200b\u6216\u8005\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff0c\u200b\u624b\u52a8\u200b\u7ed9\u200b\u6709\u200b offload \u200b\u80fd\u529b\u200b\u7684\u200b\u7f51\u5361\u200b\u589e\u52a0\u200b annotation:
kubectl label nodes [offloadNicNode] feature.node.kubernetes.io/network-sriov.capable=true\n
\u200b\u514b\u9686\u200b\u4ee3\u7801\u200b\u4ed3\u5e93\u200b\u5e76\u200b\u5b89\u88c5\u200b Operator\uff1a
git clone --depth=1 https://github.com/kubeovn/sriov-network-operator.git\nkubectl apply -k sriov-network-operator/deploy\n
\u200b\u68c0\u67e5\u200b Operator \u200b\u7ec4\u4ef6\u200b\u662f\u5426\u200b\u5de5\u4f5c\u200b\u6b63\u5e38\u200b\uff1a
# kubectl get -n kube-system all | grep sriov\nNAME READY STATUS RESTARTS AGE\npod/sriov-network-config-daemon-bf9nt 1/1 Running 0 8s\npod/sriov-network-operator-54d7545f65-296gb 1/1 Running 0 10s\n\nNAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE\ndaemonset.apps/sriov-network-config-daemon 1 1 1 1 1 beta.kubernetes.io/os=linux,feature.node.kubernetes.io/network-sriov.capable=true 8s\n\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps/sriov-network-operator 1/1 1 1 10s\n\nNAME DESIRED CURRENT READY AGE\nreplicaset.apps/sriov-network-operator-54d7545f65 1 1 1 10s\n
\u200b\u68c0\u67e5\u200b SriovNetworkNodeState\uff0c\u200b\u4e0b\u9762\u200b\u4ee5\u200b node1 \u200b\u8282\u70b9\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u8be5\u200b\u8282\u70b9\u200b\u4e0a\u200b\u6709\u200b\u4e24\u4e2a\u200b Mellanox \u200b\u7f51\u5361\u200b\uff1a
# kubectl get sriovnetworknodestates.sriovnetwork.openshift.io -n kube-system node1 -o yaml\napiVersion: sriovnetwork.openshift.io/v1\nkind: SriovNetworkNodeState\nspec: ...\nstatus:\n interfaces:\n - deviceID: \"1017\"\n driver: mlx5_core\n mtu: 1500\n pciAddress: \"0000:5f:00.0\"\n totalvfs: 8\n vendor: \"15b3\"\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:bb\n name: ens41f0np0\n - deviceID: \"1017\"\n driver: mlx5_core\n mtu: 1500\n pciAddress: \"0000:5f:00.1\"\n totalvfs: 8\n vendor: \"15b3\"\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:bb\n name: ens41f1np1\n
\u200b\u521b\u5efa\u200b SriovNetworkNodePolicy \u200b\u8d44\u6e90\u200b\uff0c\u200b\u5e76\u200b\u901a\u8fc7\u200b nicSelector \u200b\u9009\u62e9\u200b\u8981\u200b\u7ba1\u7406\u200b\u7684\u200b\u7f51\u5361\u200b\uff1a
apiVersion: sriovnetwork.openshift.io/v1\nkind: SriovNetworkNodePolicy\nmetadata:\n name: policy\n namespace: kube-system\nspec:\n nodeSelector:\n feature.node.kubernetes.io/network-sriov.capable: \"true\"\n eSwitchMode: switchdev\n numVfs: 3\n nicSelector:\n pfNames:\n - ens41f0np0\n - ens41f1np1\n resourceName: cx_sriov_switchdev\n
\u200b\u518d\u6b21\u200b\u68c0\u67e5\u200b SriovNetworkNodeState \u200b\u7684\u200b status \u200b\u5b57\u200b\u6bb5\u200b\uff1a
# kubectl get sriovnetworknodestates.sriovnetwork.openshift.io -n kube-system node1 -o yaml\n\n...\nspec:\n interfaces:\n - eSwitchMode: switchdev\n name: ens41f0np0\n numVfs: 3\n pciAddress: 0000:5f:00.0\n vfGroups:\n - policyName: policy\n vfRange: 0-2\n resourceName: cx_sriov_switchdev\n - eSwitchMode: switchdev\n name: ens41f1np1\n numVfs: 3\n pciAddress: 0000:5f:00.1\n vfGroups:\n - policyName: policy\n vfRange: 0-2\n resourceName: cx_sriov_switchdev\nstatus:\n interfaces\n - Vfs:\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.2\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.3\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.4\n vendor: \"15b3\"\n deviceID: \"1017\"\n driver: mlx5_core\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:ab\n mtu: 1500\n name: ens41f0np0\n numVfs: 3\n pciAddress: 0000:5f:00.0\n totalvfs: 3\n vendor: \"15b3\"\n - Vfs:\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.5\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.6\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.7\n vendor: \"15b3\"\n deviceID: \"1017\"\n driver: mlx5_core\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:bb\n mtu: 1500\n name: ens41f1np1\n numVfs: 3\n pciAddress: 0000:5f:00.1\n totalvfs: 3\n vendor: \"15b3\"\n
\u200b\u68c0\u67e5\u200b VF \u200b\u7684\u200b\u72b6\u6001\u200b\uff1a
# lspci -nn | grep ConnectX\n5f:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n5f:00.1 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n5f:00.2 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.3 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.4 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.5 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.6 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.7 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n
\u200b\u68c0\u67e5\u200b PF \u200b\u5de5\u4f5c\u200b\u6a21\u5f0f\u200b\uff1a
# cat /sys/class/net/ens41f0np0/compat/devlink/mode\nswitchdev\n
"},{"location":"advance/offload-mellanox/#multus-cni","title":"\u5b89\u88c5\u200b Multus-CNI","text":"SR-IOV Device Plugin \u200b\u8c03\u5ea6\u200b\u65f6\u200b\u83b7\u5f97\u200b\u7684\u200b\u8bbe\u5907\u200b ID \u200b\u9700\u8981\u200b\u901a\u8fc7\u200b Multus-CNI \u200b\u4f20\u9012\u200b\u7ed9\u200b Kube-OVN\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b Multus-CNI \u200b\u914d\u5408\u200b\u5b8c\u6210\u200b\u76f8\u5173\u200b\u4efb\u52a1\u200b\u3002
\u200b\u53c2\u8003\u200b Multus-CNI \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset.yml\n
\u200b\u521b\u5efa\u200b NetworkAttachmentDefinition\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: default\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/resourceName: mellanox.com/cx5_sriov_switchdev\nspec:\n config: '{\n \"cniVersion\": \"0.3.1\",\n \"name\": \"kube-ovn\",\n \"plugins\":[\n {\n \"type\":\"kube-ovn\",\n \"server_socket\":\"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"default.default.ovn\"\n },\n {\n \"type\":\"portmap\",\n \"capabilities\":{\n \"portMappings\":true\n }\n }\n ]\n}'\n
provider: \u200b\u683c\u5f0f\u200b\u4e3a\u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {name}.{namespace}.ovn\u3002
"},{"location":"advance/offload-mellanox/#kube-ovn","title":"Kube-OVN \u200b\u4e2d\u200b\u5f00\u542f\u200b\u5378\u8f7d\u200b\u6a21\u5f0f","text":"\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u4fee\u6539\u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\uff0cIFACE \u200b\u9700\u8981\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u8be5\u200b\u7f51\u5361\u200b\u9700\u8981\u200b\u6709\u200b\u53ef\u200b\u8def\u7531\u200b IP\uff1a
ENABLE_MIRROR=${ENABLE_MIRROR:-false}\nHW_OFFLOAD=${HW_OFFLOAD:-true}\nENABLE_LB=${ENABLE_LB:-false}\nIFACE=\"ensp01\"\n
\u200b\u5b89\u88c5\u200b Kube-OVN\uff1a
bash install.sh\n
"},{"location":"advance/offload-mellanox/#vf-pod","title":"\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u7f51\u5361\u200b\u7684\u200b Pod","text":"\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5982\u4e0b\u200b yaml \u200b\u683c\u5f0f\u200b\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u8fdb\u884c\u200b\u7f51\u7edc\u200b\u5378\u8f7d\u200b\u52a0\u901f\u200b\u7684\u200b Pod:
apiVersion: v1\nkind: Pod\nmetadata:\n name: nginx\n annotations:\n v1.multus-cni.io/default-network: default/default\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n resources:\n requests:\n mellanox.com/cx5_sriov_switchdev: '1'\n limits:\n mellanox.com/cx5_sriov_switchdev: '1'\n
v1.multus-cni.io/default-network: \u200b\u4e3a\u200b\u4e0a\u200b\u4e00\u200b\u6b65\u9aa4\u200b\u4e2d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {namespace}/{name}\u3002
\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5728\u200b Pod \u200b\u8fd0\u884c\u200b\u8282\u70b9\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\u4e2d\u200b\u8fd0\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u89c2\u5bdf\u200b\u5378\u8f7d\u200b\u662f\u5426\u200b\u6210\u529f\u200b\uff1a
# ovs-appctl dpctl/dump-flows -m type=offloaded\nufid:91cc45de-e7e9-4935-8f82-1890430b0f66, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(5b45c61b307e_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:c5:6d:4e,dst=00:00:00:e7:16:ce),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:941539, bytes:62142230, used:0.260s, offloaded:yes, dp:tc, actions:54235e5753b8_h\nufid:e00768d7-e652-4d79-8182-3291d852b791, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(54235e5753b8_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:e7:16:ce,dst=00:00:00:c5:6d:4e),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:82386659, bytes:115944854173, used:0.260s, offloaded:yes, dp:tc, actions:5b45c61b307e_h\n
\u200b\u5982\u679c\u200b\u6709\u200b offloaded:yes, dp:tc \u200b\u5185\u5bb9\u200b\u8bc1\u660e\u200b\u5378\u8f7d\u200b\u6210\u529f\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/overlay-with-route/","title":"Overlay \u200b\u4e0b\u200b\u8def\u7531\u200b\u65b9\u5f0f\u200b\u7f51\u7edc\u200b\u6253\u901a","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u7f51\u7edc\u200b\u73af\u5883\u200b\u4e0d\u200b\u652f\u6301\u200b Underlay \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u4f46\u662f\u200b\u4f9d\u7136\u200b\u9700\u8981\u200b Pod \u200b\u80fd\u200b\u548c\u200b\u5916\u90e8\u200b\u8bbe\u65bd\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b IP \u200b\u8fdb\u884c\u200b\u4e92\u8bbf\u200b\uff0c \u200b\u8fd9\u65f6\u5019\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u8def\u7531\u200b\u65b9\u5f0f\u200b\u5c06\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u5916\u90e8\u200b\u8054\u901a\u200b\u3002
\u200b\u8def\u7531\u200b\u6a21\u5f0f\u200b\u53ea\u200b\u652f\u6301\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Overlay \u200b\u7f51\u7edc\u200b\u548c\u200b\u5916\u90e8\u200b\u6253\u901a\u200b\uff0c\u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cPod IP \u200b\u4f1a\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u653e\u5f00\u200b\u5173\u4e8e\u200b\u6e90\u5730\u5740\u200b\u548c\u200b\u76ee\u200b\u5730\u5740\u200b\u7684\u200b IP \u200b\u68c0\u67e5\u200b\u3002
"},{"location":"advance/overlay-with-route/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u6b64\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u4e3b\u673a\u200b\u9700\u8981\u200b\u5f00\u653e\u200b
ip_forward\u3002 - \u200b\u68c0\u67e5\u200b\u4e3b\u673a\u200b iptables \u200b\u89c4\u5219\u200b\u4e2d\u200b\u662f\u5426\u200b\u5728\u200b forward \u200b\u94fe\u4e2d\u200b\u662f\u5426\u200b\u6709\u200b Drop \u200b\u89c4\u5219\u200b\uff0c\u200b\u9700\u8981\u200b\u653e\u884c\u200b\u5bb9\u5668\u200b\u76f8\u5173\u200b\u6d41\u91cf\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u53ef\u80fd\u200b\u5b58\u5728\u200b\u975e\u5bf9\u79f0\u200b\u8def\u7531\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0c\u200b\u4e3b\u673a\u200b\u9700\u200b\u653e\u884c\u200b ct \u200b\u72b6\u6001\u200b\u4e3a\u200b
INVALID \u200b\u7684\u200b\u6570\u636e\u5305\u200b\u3002
"},{"location":"advance/overlay-with-route/#_2","title":"\u8bbe\u7f6e\u200b\u6b65\u9aa4","text":"\u200b\u5bf9\u4e8e\u200b\u9700\u8981\u200b\u5bf9\u5916\u200b\u76f4\u63a5\u200b\u8def\u7531\u200b\u7684\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u5b50\u7f51\u200b\u7684\u200b natOutgoing \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\uff0c\u200b\u5173\u95ed\u200b nat \u200b\u6620\u5c04\u200b\uff0c\u200b\u4f7f\u5f97\u200b Pod IP \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: routed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: distributed\n natOutgoing: false\n
\u200b\u6b64\u65f6\u200b\uff0cPod \u200b\u7684\u200b\u6570\u636e\u5305\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e3b\u673a\u200b\u8def\u7531\u200b\u5230\u8fbe\u200b\u5bf9\u7aef\u200b\u8282\u70b9\u200b\uff0c\u200b\u4f46\u662f\u200b\u5bf9\u7aef\u200b\u8282\u70b9\u200b\u8fd8\u200b\u4e0d\u200b\u77e5\u9053\u200b\u56de\u7a0b\u200b\u6570\u636e\u5305\u200b\u5e94\u8be5\u200b\u53d1\u9001\u5230\u200b\u54ea\u91cc\u200b\uff0c\u200b\u9700\u8981\u200b\u6dfb\u52a0\u200b\u56de\u7a0b\u200b\u8def\u7531\u200b\u3002
\u200b\u5982\u679c\u200b\u5bf9\u7aef\u200b\u4e3b\u673a\u200b\u548c\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u6211\u4eec\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u5728\u200b\u5bf9\u200b\u7aef\u200b\u4e3b\u673a\u200b\u6dfb\u52a0\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u5c06\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u6307\u5411\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b\u4efb\u610f\u200b\u4e00\u53f0\u200b\u673a\u5668\u200b\u3002
ip route add 10.166.0.0/16 via 192.168.2.10 dev eth0\n
10.166.0.0/16 \u200b\u4e3a\u200b\u5bb9\u5668\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\uff0c192.168.2.10 \u200b\u4e3a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u5185\u200b\u4efb\u610f\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u3002
\u200b\u82e5\u200b\u5bf9\u200b\u7aef\u200b\u4e3b\u673a\u200b\u548c\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u4e0d\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5219\u200b\u9700\u8981\u200b\u5728\u200b\u8def\u7531\u5668\u200b\u4e0a\u200b\u914d\u7f6e\u200b\u76f8\u5e94\u200b\u7684\u200b\u89c4\u5219\u200b\uff0c\u200b\u901a\u8fc7\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u6253\u901a\u200b\u3002
\u200b\u6ce8\u610f\u200b\uff1a \u200b\u6307\u5b9a\u200b\u67d0\u4e2a\u200b\u8282\u70b9\u200b IP \u200b\u5b58\u5728\u200b\u5355\u70b9\u6545\u969c\u200b\u7684\u200b\u53ef\u80fd\u200b\uff0c\u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u505a\u5230\u200b\u5feb\u901f\u200b\u7684\u200b\u6545\u969c\u200b\u5207\u6362\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Keepalived \u200b\u7ed9\u200b\u591a\u4e2a\u200b\u8282\u70b9\u200b\u8bbe\u7f6e\u200b VIP\uff0c\u200b\u540c\u65f6\u200b\u5c06\u200b\u8def\u7531\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u6307\u5411\u200b VIP\u3002
\u200b\u5728\u200b\u4e00\u4e9b\u200b\u865a\u62df\u5316\u200b\u73af\u5883\u200b\u4e2d\u200b\uff0c\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u4f1a\u200b\u5c06\u200b\u975e\u5bf9\u79f0\u200b\u6d41\u91cf\u200b\u8bc6\u522b\u200b\u4e3a\u200b\u975e\u6cd5\u200b\u6d41\u91cf\u200b\u5e76\u200b\u4e22\u5f03\u200b\u3002 \u200b\u6b64\u65f6\u200b\u9700\u8981\u200b\u5c06\u200b Subnet \u200b\u7684\u200b gatewayType \u200b\u8c03\u6574\u200b\u4e3a\u200b centralized\uff0c\u200b\u5e76\u200b\u5728\u200b\u8def\u7531\u200b\u8bbe\u7f6e\u200b\u65f6\u200b\u5c06\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b gatewayNode \u200b\u8282\u70b9\u200b\u7684\u200b IP\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: routed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: centralized\n gatewayNode: \"node1\"\n natOutgoing: false\n
\u200b\u5982\u679c\u200b\u5bf9\u4e8e\u200b\u90e8\u5206\u200b\u6d41\u91cf\u200b\uff08\u200b\u5982\u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u7684\u200b\u6d41\u91cf\u200b\uff09\u200b\u4ecd\u7136\u200b\u5e0c\u671b\u200b\u8fdb\u884c\u200b nat \u200b\u5904\u7406\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u9ed8\u8ba4\u200b VPC NAT \u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-eip-fip-snat/","title":"OVN EIP FIP SNAT DNAT \u200b\u652f\u6301","text":"\u200b\u6ce8\u610f\u200b\uff1a\u200b\u7531\u4e8e\u200b\u5b58\u5728\u200b api \u200b\u53d8\u52a8\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u5728\u200b 1.12 \u200b\u5206\u652f\u200b\u7ee7\u7eed\u200b\u6f14\u8fdb\u200b\u8be5\u200b OVN EIP FIP DNAT \u200b\u529f\u80fd\u200b\uff0c\u200b\u5982\u200b\u6709\u200b\u9700\u8981\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b 1.12 \u200b\u4e4b\u540e\u200b\u7684\u200b\u5206\u652f\u200b \u200b\u6216\u8005\u200b master \u200b\u5206\u652f\u200b\u3002 \u200b\u7531\u4e8e\u200b master \u200b\u5206\u652f\u200b\u6f14\u8fdb\u200b\u8f83\u200b\u5feb\u200b\uff0c\u200b\u76ee\u524d\u200b\u4e13\u95e8\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u4e2a\u200b 1.12-mc \u200b\u5206\u652f\u200b\uff0c\u200b\u7528\u4e8e\u200b\u4fdd\u8bc1\u200b\u7a33\u5b9a\u6027\u200b\u3002
graph LR\n\n\npod-->vpc1-subnet-->vpc1-->snat-->lrp-->external-subnet-->gw-node-external-nic
Pod \u200b\u57fa\u4e8e\u200b SNAT \u200b\u51fa\u200b\u516c\u7f51\u200b\u7684\u200b\u5927\u81f4\u200b\u6d41\u7a0b\u200b\uff0c\u200b\u6700\u540e\u200b\u662f\u200b\u7ecf\u8fc7\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u7684\u200b\u516c\u7f51\u200b\u7f51\u5361\u200b\u3002
graph LR\n\n\npod-->vpc1-subnet-->vpc1-->fip-->lrp-->external-subnet-->local-node-external-nic
Pod \u200b\u57fa\u4e8e\u200b FIP \u200b\u51fa\u200b\u516c\u7f51\u200b\u7684\u200b\u5927\u81f4\u200b\u6d41\u7a0b\u200b\uff0c\u200b\u6700\u540e\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u672c\u5730\u200b\u8282\u70b9\u200b\u7684\u200b\u516c\u7f51\u200b\u7f51\u5361\u200b\u51fa\u200b\u516c\u7f51\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u6240\u200b\u652f\u6301\u200b\u7684\u200b CRD \u200b\u5728\u200b\u4f7f\u7528\u200b\u4e0a\u5c06\u200b\u548c\u200b iptable nat gw \u200b\u516c\u7f51\u200b\u65b9\u6848\u200b\u4fdd\u6301\u200b\u57fa\u672c\u4e00\u81f4\u200b\u3002
- ovn eip: \u200b\u7528\u4e8e\u200b\u516c\u7f51\u200b ip \u200b\u5360\u4f4d\u200b\uff0c\u200b\u4ece\u200b underlay provider network vlan subnet \u200b\u4e2d\u200b\u5206\u914d\u200b
- ovn fip\uff1a \u200b\u4e00\u5bf9\u4e00\u200b dnat snat\uff0c\u200b\u4e3a\u200b vpc \u200b\u5185\u200b\u7684\u200b ip \u200b\u6216\u8005\u200b vip \u200b\u63d0\u4f9b\u200b\u516c\u7f51\u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b\u80fd\u529b\u200b
- ovn snat\uff1a\u200b\u6574\u4e2a\u200b\u5b50\u7f51\u200b\u6216\u8005\u200b\u5355\u4e2a\u200b vpc \u200b\u5185\u200b ip \u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b snat \u200b\u8bbf\u95ee\u200b\u516c\u7f51\u200b
- ovn dnat\uff1a\u200b\u57fa\u4e8e\u200b router lb \u200b\u5b9e\u73b0\u200b, \u200b\u57fa\u4e8e\u200b\u516c\u7f51\u200b ip + \u200b\u7aef\u53e3\u200b \u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b vpc \u200b\u5185\u200b\u7684\u200b \u200b\u4e00\u7ec4\u200b endpoints
"},{"location":"advance/ovn-eip-fip-snat/#1","title":"1. \u200b\u90e8\u7f72","text":"\u200b\u76ee\u524d\u200b\u5141\u8bb8\u200b\u6240\u6709\u200b\uff08\u200b\u9ed8\u8ba4\u200b\u4ee5\u53ca\u200b\u81ea\u5b9a\u4e49\u200b\uff09vpc \u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b provider vlan subnet \u200b\u8d44\u6e90\u200b\uff0c\u200b\u540c\u65f6\u200b\u517c\u5bb9\u200b\u9ed8\u8ba4\u200b VPC EIP/SNAT\u200b\u7684\u200b\u573a\u666f\u200b\u3002
\u200b\u7c7b\u4f3c\u200b neutron ovn\uff0c\u200b\u670d\u52a1\u200b\u542f\u52a8\u200b\u914d\u7f6e\u200b\u4e2d\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b provider network \u200b\u76f8\u5173\u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u4e0b\u8ff0\u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u4e5f\u200b\u662f\u200b\u4e3a\u4e86\u200b\u517c\u5bb9\u200b VPC EIP/SNAT \u200b\u7684\u200b\u5b9e\u73b0\u200b\u3002
\u200b\u90e8\u7f72\u200b\u9636\u6bb5\u200b\uff0c\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u80fd\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b\u9ed8\u8ba4\u200b\u516c\u7f51\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u3002 \u200b\u5982\u679c\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4e2d\u200b\u6ca1\u6709\u200b vlan\uff08\u200b\u4f7f\u7528\u200b vlan 0\uff09\uff0c\u200b\u90a3\u4e48\u200b\u4e0b\u8ff0\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u65e0\u9700\u200b\u914d\u7f6e\u200b\u3002
# \u200b\u90e8\u7f72\u200b\u7684\u200b\u65f6\u5019\u200b\u4f60\u200b\u9700\u8981\u200b\u53c2\u8003\u200b\u4ee5\u4e0a\u200b\u573a\u666f\u200b\uff0c\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\uff0c\u200b\u6309\u200b\u9700\u200b\u6307\u5b9a\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\n# 1. kube-ovn-controller \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b\uff1a\n - --external-gateway-vlanid=204\n - --external-gateway-switch=external204\n\n# 2. kube-ovn-cni \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b:\n - --external-gateway-switch=external204 \n\n### \u200b\u4ee5\u4e0a\u200b\u914d\u7f6e\u200b\u90fd\u200b\u548c\u200b\u4e0b\u9762\u200b\u7684\u200b\u516c\u7f51\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b vlan id \u200b\u548c\u200b\u8d44\u6e90\u200b\u540d\u200b\u4fdd\u6301\u4e00\u81f4\u200b\uff0c\u200b\u76ee\u524d\u200b\u4ec5\u200b\u652f\u6301\u200b\u6307\u5b9a\u200b\u4e00\u4e2a\u200b underlay \u200b\u516c\u7f51\u200b\u4f5c\u4e3a\u200b\u9ed8\u8ba4\u200b\u5916\u90e8\u200b\u516c\u7f51\u200b\u3002\n
\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9879\u200b\u7684\u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u4e3b\u8981\u200b\u8003\u8651\u200b\u4e86\u200b\u5982\u4e0b\u200b\u56e0\u7d20\u200b\uff1a
- \u200b\u57fa\u4e8e\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9879\u200b\u53ef\u4ee5\u200b\u5bf9\u200b\u63a5\u5230\u200b provider network\uff0cvlan\uff0csubnet \u200b\u7684\u200b\u8d44\u6e90\u200b\u3002
- \u200b\u57fa\u4e8e\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9879\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u9ed8\u8ba4\u200b vpc enable_eip_snat \u200b\u529f\u80fd\u200b\u5bf9\u200b\u63a5\u5230\u200b\u5df2\u6709\u200b\u7684\u200b vlan\uff0csubnet \u200b\u8d44\u6e90\u200b\uff0c\u200b\u540c\u65f6\u200b\u652f\u6301\u200b\u516c\u7f51\u200b ip \u200b\u7684\u200b ipam\u3002
- \u200b\u5982\u679c\u200b\u4ec5\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b vpc \u200b\u7684\u200b enable_eip_snat \u200b\u6a21\u5f0f\u200b, \u200b\u4e14\u200b\u4ec5\u200b\u4f7f\u7528\u200b\u65e7\u200b\u7684\u200b\u57fa\u4e8e\u200b pod annotaion \u200b\u7684\u200b fip snat\uff0c\u200b\u90a3\u4e48\u200b\u8fd9\u4e2a\u200b\u914d\u7f6e\u200b\u65e0\u9700\u200b\u914d\u7f6e\u200b\u3002
- \u200b\u57fa\u4e8e\u200b\u8be5\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u4e0d\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b vpc enable_eip_snat \u200b\u6d41\u7a0b\u200b\uff0c\u200b\u4ec5\u200b\u901a\u8fc7\u200b\u5bf9\u5e94\u200b\u5230\u200b vlan\uff0csubnet \u200b\u6d41\u7a0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u517c\u5bb9\u200b\u4ec5\u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u4f7f\u7528\u200b eip snat \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\u3002
"},{"location":"advance/ovn-eip-fip-snat/#11-underlay","title":"1.1 \u200b\u51c6\u5907\u200b underlay \u200b\u516c\u7f51\u200b\u7f51\u7edc","text":"# \u200b\u51c6\u5907\u200b provider-network\uff0c vlan\uff0c subnet\n# cat 01-provider-network.yaml\napiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: external204\nspec:\n defaultInterface: vlan\n# cat 02-vlan.yaml\napiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan204\nspec:\n id: 204\n provider: external204\n# cat 03-vlan-subnet.yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: external204\nspec:\n protocol: IPv4\n cidrBlock: 10.5.204.0/24\n gateway: 10.5.204.254\n vlan: vlan204\n excludeIps:\n - 10.5.204.1..10.5.204.100\n
"},{"location":"advance/ovn-eip-fip-snat/#12-vpc-eip_snat","title":"1.2 \u200b\u9ed8\u8ba4\u200b vpc \u200b\u542f\u7528\u200b eip_snat","text":"# \u200b\u542f\u7528\u200b\u9ed8\u8ba4\u200b vpc \u200b\u548c\u200b\u4e0a\u8ff0\u200b underlay \u200b\u516c\u7f51\u200b provider subnet \u200b\u4e92\u8054\u200b\ncat 00-centralized-external-gw-no-ip.yaml\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-external-gw-config\n namespace: kube-system\ndata:\n enable-external-gw: \"true\"\n external-gw-nodes: \"pc-node-1,pc-node-2,pc-node-3\"\n type: \"centralized\" \n external-gw-nic: \"vlan\" # \u200b\u7528\u4e8e\u200b\u63a5\u5165\u200b ovs \u200b\u516c\u7f51\u200b\u7f51\u6865\u200b\u7684\u200b\u7f51\u5361\u200b\n external-gw-addr: \"10.5.204.254/24\" # underlay \u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u7684\u200b ip\n
\u200b\u76ee\u524d\u200b\u8be5\u200b\u529f\u80fd\u200b\u5df2\u200b\u652f\u6301\u200b\u53ef\u4ee5\u200b\u4e0d\u200b\u6307\u5b9a\u200b lrp ip \u200b\u548c\u200b mac\uff0c\u200b\u5df2\u200b\u652f\u6301\u200b\u81ea\u52a8\u200b\u83b7\u53d6\u200b\uff0c\u200b\u521b\u5efa\u200b lrp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn eip \u200b\u8d44\u6e90\u200b\u3002
\u200b\u5982\u679c\u200b\u6307\u5b9a\u200b\u4e86\u200b\uff0c\u200b\u5219\u200b\u76f8\u5f53\u4e8e\u200b\u6307\u5b9a\u200b ip \u200b\u521b\u5efa\u200b lrp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn-eip\u3002 \u200b\u5f53\u7136\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u63d0\u524d\u200b\u624b\u52a8\u200b\u521b\u5efa\u200b lrp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn eip\u3002
"},{"location":"advance/ovn-eip-fip-snat/#13-vpc-eip-snat-fip","title":"1.3 \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u542f\u7528\u200b eip snat fip \u200b\u529f\u80fd","text":"# cat 00-ns.yml\napiVersion: v1\nkind: Namespace\nmetadata:\n name: vpc1\n\n# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc1\nspec:\n namespaces:\n - vpc1\n enableExternal: true\n# vpc \u200b\u542f\u7528\u200b enableExternal \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u521b\u5efa\u200b lrp \u200b\u5173\u8054\u200b\u5230\u200b\u4e0a\u8ff0\u200b\u6307\u5b9a\u200b\u7684\u200b\u516c\u7f51\u200b\n\n# cat 02-subnet.yml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: vpc1-subnet1\nspec:\n cidrBlock: 192.168.0.0/24\n default: false\n disableGatewayCheck: false\n disableInterConnection: true\n enableEcmp: true\n gatewayNode: \"\"\n gatewayType: distributed\n #gatewayType: centralized\n natOutgoing: false\n private: false\n protocol: IPv4\n provider: ovn\n vpc: vpc1\n namespaces:\n - vpc1\n\n# \u200b\u8fd9\u91cc\u200b\u5b50\u7f51\u200b\u548c\u200b\u4e4b\u524d\u200b\u4f7f\u7528\u200b\u5b50\u7f51\u200b\u4e00\u6837\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u5728\u200b subnet \u200b\u4e0a\u200b\u6ca1\u6709\u200b\u65b0\u589e\u200b\u5c5e\u6027\u200b\uff0c\u200b\u6ca1\u6709\u200b\u4efb\u4f55\u200b\u53d8\u66f4\u200b\n
\u200b\u4ee5\u4e0a\u200b\u6a21\u677f\u200b\u5e94\u7528\u200b\u540e\u200b\uff0c\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\u5b58\u5728\u200b
# k ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 21d853b0-f7b4-40bd-9a53-31d2e2745739\n external ip: \"10.5.204.115\"\n logical ip: \"192.168.0.0/24\"\n type: \"snat\"\n
# k ko nbctl lr-route-list vpc1\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 10.5.204.254 dst-ip\n# \u200b\u76ee\u524d\u200b\u8be5\u200b\u8def\u7531\u200b\u5df2\u200b\u81ea\u52a8\u200b\u7ef4\u62a4\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#2-ovn-eip","title":"2. ovn-eip","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u548c\u200b iptables-eip \u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u57fa\u672c\u4e00\u81f4\u200b\uff0covn-eip \u200b\u76ee\u524d\u200b\u6709\u200b\u4e09\u79cd\u200b type
- nat: \u200b\u7528\u4e8e\u200b ovn dnat\uff0cfip, snat, \u200b\u8fd9\u4e9b\u200b nat \u200b\u7c7b\u578b\u200b\u4f1a\u200b\u8bb0\u5f55\u200b\u5728\u200b status \u200b\u4e2d\u200b
- lrp: Resources connected to the public network from a vpc can be used by nat
- lsp: \u200b\u7528\u4e8e\u200b ovn \u200b\u57fa\u4e8e\u200b bfd \u200b\u7684\u200b ecmp \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u573a\u666f\u200b\uff0c\u200b\u5728\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u4e0a\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b ovs internal port \u200b\u4f5c\u4e3a\u200b ecmp \u200b\u8def\u7531\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b
---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: external204\n type: nat\n\n# \u200b\u52a8\u6001\u5206\u914d\u200b\u4e00\u4e2a\u200b eip \u200b\u8d44\u6e90\u200b\uff0c\u200b\u8be5\u200b\u8d44\u6e90\u200b\u9884\u7559\u200b\u7528\u4e8e\u200b fip \u200b\u573a\u666f\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#21-ovn-fip-pod-fip","title":"2.1 ovn-fip \u200b\u4e3a\u200b pod \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b fip","text":"# k get po -o wide -n vpc1 vpc-1-busybox01\nNAME READY STATUS RESTARTS AGE IP NODE\nvpc-1-busybox01 1/1 Running 0 3d15h 192.168.0.2 pc-node-2\n\n# k get ip vpc-1-busybox01.vpc1\nNAME V4IP V6IP MAC NODE SUBNET\nvpc-1-busybox01.vpc1 192.168.0.2 00:00:00:0A:DD:27 pc-node-2 vpc1-subnet1\n\n---\n\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnFip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n ovnEip: eip-static\n ipName: vpc-1-busybox01.vpc1 # \u200b\u6ce8\u610f\u200b\u8fd9\u91cc\u200b\u662f\u200b ip crd \u200b\u7684\u200b\u540d\u5b57\u200b\uff0c\u200b\u5177\u6709\u200b\u552f\u4e00\u6027\u200b\n
# k get ofip\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-for-vip vpc1 10.5.204.106 192.168.0.3 true vip test-fip-vip\neip-static vpc1 10.5.204.101 192.168.0.2 true vpc-1-busybox01.vpc1\n# k get ofip eip-static\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-static vpc1 10.5.204.101 192.168.0.2 true vpc-1-busybox01.vpc1\n\n[root@pc-node-1 03-cust-vpc]# ping 10.5.204.101\nPING 10.5.204.101 (10.5.204.101) 56(84) bytes of data.\n64 bytes from 10.5.204.101: icmp_seq=2 ttl=62 time=1.21 ms\n64 bytes from 10.5.204.101: icmp_seq=3 ttl=62 time=0.624 ms\n64 bytes from 10.5.204.101: icmp_seq=4 ttl=62 time=0.368 ms\n^C\n--- 10.5.204.101 ping statistics ---\n4 packets transmitted, 3 received, 25% packet loss, time 3049ms\nrtt min/avg/max/mdev = 0.368/0.734/1.210/0.352 ms\n[root@pc-node-1 03-cust-vpc]#\n\n# \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5728\u200b node ping \u200b\u9ed8\u8ba4\u200b vpc \u200b\u4e0b\u200b\u7684\u200b pod \u200b\u7684\u200b\u516c\u7f51\u200b ip \u200b\u662f\u200b\u80fd\u901a\u200b\u7684\u200b\n
# \u200b\u8be5\u200b\u516c\u7f51\u200b ip \u200b\u80fd\u901a\u200b\u7684\u200b\u5173\u952e\u200b\u8d44\u6e90\u200b\u4e3b\u8981\u200b\u5305\u62ec\u200b\u4ee5\u4e0b\u200b\u90e8\u5206\u200b\n# k ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 813523e7-c68c-408f-bd8c-cba30cb2e4f4\n external ip: \"10.5.204.101\"\n logical ip: \"192.168.0.2\"\n type: \"dnat_and_snat\"\n
"},{"location":"advance/ovn-eip-fip-snat/#22-ovn-fip-vip-fip","title":"2.2 ovn-fip \u200b\u4e3a\u200b vip \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b fip","text":"\u200b\u4e3a\u4e86\u200b\u4fbf\u4e8e\u200b\u4e00\u4e9b\u200b vip \u200b\u573a\u666f\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u6bd4\u5982\u200b kubevirt \u200b\u865a\u62df\u673a\u200b\u5185\u90e8\u200b\u6211\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u4f7f\u7528\u200b\u4e00\u4e9b\u200b vip \u200b\u63d0\u4f9b\u200b\u7ed9\u200b keepalived\uff0ckube-vip \u200b\u7b49\u200b\u573a\u666f\u200b\u6765\u200b\u4f7f\u7528\u200b\uff0c\u200b\u540c\u65f6\u200b\u652f\u6301\u200b\u516c\u7f51\u200b\u8bbf\u95ee\u200b\u3002
\u200b\u90a3\u4e48\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b fip \u200b\u7ed1\u5b9a\u200b vpc \u200b\u5185\u90e8\u200b\u7684\u200b vip \u200b\u7684\u200b\u65b9\u5f0f\u200b\u6765\u200b\u63d0\u4f9b\u200b vip \u200b\u7684\u200b\u516c\u7f51\u200b\u80fd\u529b\u200b\u3002
# \u200b\u5148\u200b\u521b\u5efa\u200b vip\uff0ceip\uff0c\u200b\u518d\u200b\u5c06\u200b eip \u200b\u7ed1\u5b9a\u200b\u5230\u200b vip\n# cat vip.yaml\napiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: test-fip-vip\nspec:\n subnet: vpc1-subnet1\n\n# cat 04-fip.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-for-vip\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnFip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-for-vip\nspec:\n ovnEip: eip-for-vip\n ipType: vip # \u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b fip \u200b\u662f\u200b\u9762\u5411\u200b pod ip \u200b\u7684\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u9700\u8981\u200b\u6807\u6ce8\u200b\u6307\u5b9a\u200b\u5bf9\u200b\u63a5\u5230\u200b vip \u200b\u8d44\u6e90\u200b\n ipName: test-fip-vip\n
# k get ofip\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-for-vip vpc1 10.5.204.106 192.168.0.3 true vip test-fip-vip\n\n\n[root@pc-node-1 fip-vip]# ping 10.5.204.106\nPING 10.5.204.106 (10.5.204.106) 56(84) bytes of data.\n64 bytes from 10.5.204.106: icmp_seq=1 ttl=62 time=0.694 ms\n64 bytes from 10.5.204.106: icmp_seq=2 ttl=62 time=0.436 ms\n\n# \u200b\u5728\u200b node \u200b\u4e0a\u200b\u662f\u200b ping \u200b\u5f97\u901a\u200b\u7684\u200b\n\n\n# pod \u200b\u5185\u90e8\u200b\u7684\u200b ip \u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u5927\u81f4\u200b\u5c31\u662f\u200b\u5982\u4e0b\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\n\n[root@pc-node-1 fip-vip]# k -n vpc1 exec -it vpc-1-busybox03 -- bash\n[root@vpc-1-busybox03 /]#\n[root@vpc-1-busybox03 /]#\n[root@vpc-1-busybox03 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1568: eth0@if1569: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:56:40:e5 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.5/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet 192.168.0.3/24 scope global secondary eth0 # \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b vip \u200b\u7684\u200b\u914d\u7f6e\u200b\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe56:40e5/64 scope link\n valid_lft forever preferred_lft forever\n\n[root@vpc-1-busybox03 /]# tcpdump -i eth0 host 192.168.0.3 -netvv\ntcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes\n00:00:00:ed:8e:c7 > 00:00:00:56:40:e5, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 44830, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.32.51 > 192.168.0.3: ICMP echo request, id 177, seq 1, length 64\n00:00:00:56:40:e5 > 00:00:00:ed:8e:c7, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 43962, offset 0, flags [none], proto ICMP (1), length 84)\n 192.168.0.3 > 10.5.32.51: ICMP echo reply, id 177, seq 1, length 64\n\n# pod \u200b\u5185\u90e8\u200b\u53ef\u4ee5\u200b\u6293\u200b\u5230\u200b fip \u200b\u76f8\u5173\u200b\u7684\u200b icmp \u200b\u5305\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#3-ovn-snat","title":"3. ovn-snat","text":""},{"location":"advance/ovn-eip-fip-snat/#31-ovn-snat-subnet-cidr","title":"3.1 ovn-snat \u200b\u5bf9\u5e94\u200b\u4e00\u4e2a\u200b subnet \u200b\u7684\u200b cidr","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u548c\u200b iptables-snat \u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u57fa\u672c\u4e00\u81f4\u200b
# cat 03-subnet-snat.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-subnet-in-vpc\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-subnet-in-vpc\nspec:\n ovnEip: snat-for-subnet-in-vpc\n vpcSubnet: vpc1-subnet1 # eip \u200b\u5bf9\u5e94\u200b\u6574\u4e2a\u200b\u7f51\u6bb5\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#32-ovn-snat-pod-ip","title":"3.2 ovn-snat \u200b\u5bf9\u5e94\u200b\u5230\u200b\u4e00\u4e2a\u200b pod ip","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u548c\u200b iptables-snat \u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u57fa\u672c\u4e00\u81f4\u200b
# cat 03-pod-snat.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-pod-vpc-ip\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat01\nspec:\n ovnEip: snat-for-pod-vpc-ip\n ipName: vpc-1-busybox02.vpc1 # eip \u200b\u5bf9\u5e94\u200b\u5355\u4e2a\u200b pod ip\n
\u200b\u4ee5\u4e0a\u200b\u8d44\u6e90\u200b\u521b\u5efa\u200b\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b snat \u200b\u516c\u7f51\u200b\u529f\u80fd\u200b\u4f9d\u8d56\u200b\u7684\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\u3002
# kubectl ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 21d853b0-f7b4-40bd-9a53-31d2e2745739\n external ip: \"10.5.204.115\"\n logical ip: \"192.168.0.0/24\"\n type: \"snat\"\n nat da77a11f-c523-439c-b1d1-72c664196a0f\n external ip: \"10.5.204.116\"\n logical ip: \"192.168.0.4\"\n type: \"snat\"\n
[root@pc-node-1 03-cust-vpc]# k get po -A -o wide | grep busy\nvpc1 vpc-1-busybox01 1/1 Running 0 3d15h 192.168.0.2 pc-node-2 <none> <none>\nvpc1 vpc-1-busybox02 1/1 Running 0 17h 192.168.0.4 pc-node-1 <none> <none>\nvpc1 vpc-1-busybox03 1/1 Running 0 17h 192.168.0.5 pc-node-1 <none> <none>\nvpc1 vpc-1-busybox04 1/1 Running 0 17h 192.168.0.6 pc-node-3 <none> <none>\nvpc1 vpc-1-busybox05 1/1 Running 0 17h 192.168.0.7 pc-node-1 <none> <none>\n\n# k exec -it -n vpc1 vpc-1-busybox04 bash\nkubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.\n[root@vpc-1-busybox04 /]#\n[root@vpc-1-busybox04 /]#\n[root@vpc-1-busybox04 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n17095: eth0@if17096: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:76:94:55 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.6/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe76:9455/64 scope link\n valid_lft forever preferred_lft forever\n[root@vpc-1-busybox04 /]# ping 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=1 ttl=114 time=22.2 ms\n64 bytes from 223.5.5.5: icmp_seq=2 ttl=114 time=21.8 ms\n\n[root@pc-node-1 03-cust-vpc]# k exec -it -n vpc1 vpc-1-busybox02 bash\nkubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1566: eth0@if1567: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:0b:e9:d0 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.4/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe0b:e9d0/64 scope link\n valid_lft forever preferred_lft forever\n[root@vpc-1-busybox02 /]# ping 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=2 ttl=114 time=22.7 ms\n64 bytes from 223.5.5.5: icmp_seq=3 ttl=114 time=22.6 ms\n64 bytes from 223.5.5.5: icmp_seq=4 ttl=114 time=22.1 ms\n^C\n--- 223.5.5.5 ping statistics ---\n4 packets transmitted, 3 received, 25% packet loss, time 3064ms\nrtt min/avg/max/mdev = 22.126/22.518/22.741/0.278 ms\n\n# \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u4e24\u4e2a\u200b pod \u200b\u53ef\u4ee5\u200b\u5206\u522b\u200b\u57fa\u4e8e\u200b\u8fd9\u200b\u4e24\u79cd\u200b snat \u200b\u8d44\u6e90\u200b\u4e0a\u200b\u5916\u7f51\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#4-ovn-dnat","title":"4. ovn-dnat","text":""},{"location":"advance/ovn-eip-fip-snat/#41-ovn-dnat-pod-dnat","title":"4.1 ovn-dnat \u200b\u4e3a\u200b pod \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b dnat","text":"kind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: underlay\n---\nkind: OvnDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-dnat\nspec:\n ovnEip: eip-dnat\n ipName: vpc-1-busybox01.vpc1 # \u200b\u6ce8\u610f\u200b\u8fd9\u91cc\u200b\u662f\u200b pod ip crd \u200b\u7684\u200b\u540d\u5b57\u200b\uff0c\u200b\u5177\u6709\u200b\u552f\u4e00\u6027\u200b\n protocol: tcp\n internalPort: \"22\"\n externalPort: \"22\"\n
OvnDnatRule \u200b\u7684\u200b\u914d\u7f6e\u200b\u4e0e\u200b IptablesDnatRule \u200b\u7c7b\u4f3c\u200b
# kubectl get oeip eip-dnat\nNAME V4IP V6IP MAC TYPE READY\neip-dnat 10.5.49.4 00:00:00:4D:CE:49 dnat true\n\n# kubectl get odnat\nNAME EIP PROTOCOL V4EIP V4IP INTERNALPORT EXTERNALPORT IPNAME READY\neip-dnat eip-dnat tcp 10.5.49.4 192.168.0.3 22 22 vpc-1-busybox01.vpc1 true\n
"},{"location":"advance/ovn-eip-fip-snat/#42-ovn-dnat-vip-dnat","title":"4.2 ovn-dnat \u200b\u4e3a\u200b vip \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b dnat","text":"kind: OvnDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-dnat\nspec:\n ipType: vip # \u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b dnat \u200b\u662f\u200b\u9762\u5411\u200b pod ip \u200b\u7684\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u9700\u8981\u200b\u6807\u6ce8\u200b\u6307\u5b9a\u200b\u5bf9\u200b\u63a5\u5230\u200b vip \u200b\u8d44\u6e90\u200b\n ovnEip: eip-dnat\n ipName: test-dnat-vip\n protocol: tcp\n internalPort: \"22\"\n externalPort: \"22\"\n
OvnDnatRule \u200b\u7684\u200b\u914d\u7f6e\u200b\u4e0e\u200b IptablesDnatRule \u200b\u7c7b\u4f3c\u200b
# kubectl get vip test-dnat-vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\ntest-dnat-vip 192.168.0.4 00:00:00:D0:C0:B5 vpc1-subnet1 true\n\n# kubectl get oeip eip-dnat\nNAME V4IP V6IP MAC TYPE READY\neip-dnat 10.5.49.4 00:00:00:4D:CE:49 dnat true\n\n# kubectl get odnat eip-dnat \nNAME EIP PROTOCOL V4EIP V4IP INTERNALPORT EXTERNALPORT IPNAME READY\neip-dnat eip-dnat tcp 10.5.49.4 192.168.0.4 22 22 test-dnat-vip true\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-ipsec/","title":"\u4f7f\u7528\u200b IPsec \u200b\u52a0\u5bc6\u200b\u8282\u70b9\u200b\u95f4\u901a\u4fe1","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u4ece\u200b v1.10.11 \u200b\u548c\u200b v1.11.4 \u200b\u540e\u200b\u5f00\u59cb\u200b\u652f\u6301\u200b\uff0ckernel \u200b\u7248\u672c\u200b\u81f3\u5c11\u200b\u662f\u200b 3.10.0 \u200b\u4ee5\u4e0a\u200b\uff0c\u200b\u540c\u65f6\u200b\u9700\u8981\u200b\u4fdd\u8bc1\u200b\u4e3b\u673a\u200b UDP 500 \u200b\u548c\u200b 4500 \u200b\u7aef\u53e3\u200b\u53ef\u7528\u200b\u3002
"},{"location":"advance/ovn-ipsec/#ipsec_1","title":"\u542f\u52a8\u200b IPsec","text":"\u200b\u4ece\u200b Kube-OVN \u200b\u6e90\u7801\u200b\u62f7\u8d1d\u200b\u811a\u672c\u200b ipsec.sh\uff0c\u200b\u6267\u884c\u547d\u4ee4\u200b\u5982\u4e0b\u200b\uff0c\u200b\u8be5\u200b\u811a\u672c\u200b\u4f1a\u200b\u8c03\u7528\u200b ovs-pki \u200b\u751f\u6210\u200b\u548c\u200b\u5206\u914d\u200b\u52a0\u5bc6\u200b\u9700\u8981\u200b\u7684\u200b\u8bc1\u4e66\u200b\uff1a
bash ipsec.sh init\n
\u200b\u6267\u884c\u200b\u5b8c\u6bd5\u200b\u540e\u200b\uff0c\u200b\u8282\u70b9\u200b\u4e4b\u95f4\u200b\u4f1a\u200b\u534f\u5546\u200b\u4e00\u6bb5\u65f6\u95f4\u200b\u5efa\u7acb\u200b IPsec \u200b\u96a7\u9053\u200b\uff0c\u200b\u7ecf\u9a8c\u503c\u200b\u662f\u200b\u5341\u51e0\u79d2\u200b\u5230\u200b\u4e00\u5206\u949f\u200b\u4e4b\u95f4\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5982\u4e0b\u200b\u547d\u4ee4\u200b\u6765\u200b\u67e5\u770b\u200b IPsec \u200b\u72b6\u6001\u200b\uff1a
# bash ipsec.sh status\n Pod {ovs-ovn-d7hdt} ipsec status...\nInterface name: ovn-a4718e-0 v1 (CONFIGURED)\n Tunnel Type: geneve\n Local IP: 172.18.0.2\n Remote IP: 172.18.0.4\n Address Family: IPv4\n SKB mark: None\n Local cert: /etc/ipsec.d/certs/8aebd9df-46ef-47b9-85e3-73e9a765296d-cert.pem\n Local name: 8aebd9df-46ef-47b9-85e3-73e9a765296d\n Local key: /etc/ipsec.d/private/8aebd9df-46ef-47b9-85e3-73e9a765296d-privkey.pem\n Remote cert: None\n Remote name: a4718e55-5b85-4f46-90e6-63527d080590\n CA cert: /etc/ipsec.d/cacerts/cacert.pem\n PSK: None\n Custom Options: {}\n Ofport: 2\n CFM state: Disabled\nKernel policies installed:\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\nKernel security associations installed:\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\nIPsec connections that are active:\n\n Pod {ovs-ovn-fvbbj} ipsec status...\nInterface name: ovn-8aebd9-0 v1 (CONFIGURED)\n Tunnel Type: geneve\n Local IP: 172.18.0.4\n Remote IP: 172.18.0.2\n Address Family: IPv4\n SKB mark: None\n Local cert: /etc/ipsec.d/certs/a4718e55-5b85-4f46-90e6-63527d080590-cert.pem\n Local name: a4718e55-5b85-4f46-90e6-63527d080590\n Local key: /etc/ipsec.d/private/a4718e55-5b85-4f46-90e6-63527d080590-privkey.pem\n Remote cert: None\n Remote name: 8aebd9df-46ef-47b9-85e3-73e9a765296d\n CA cert: /etc/ipsec.d/cacerts/cacert.pem\n PSK: None\n Custom Options: {}\n Ofport: 1\n CFM state: Disabled\nKernel policies installed:\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\nKernel security associations installed:\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\nIPsec connections that are active:\n
\u200b\u5efa\u7acb\u200b\u5b8c\u6210\u200b\u540e\u200b\u53ef\u4ee5\u200b\u6293\u5305\u200b\u89c2\u5bdf\u200b\u62a5\u6587\u200b\u5df2\u7ecf\u200b\u88ab\u200b\u52a0\u5bc6\u200b\uff1a
# tcpdump -i eth0 -nel esp\n10:01:40.349896 IP kube-ovn-worker > kube-ovn-control-plane.kind: ESP(spi=0xcc91322a,seq=0x13d0), length 156\n10:01:40.350015 IP kube-ovn-control-plane.kind > kube-ovn-worker: ESP(spi=0xc8df4221,seq=0x1d37), length 156\n
\u200b\u5f53\u200b\u6267\u884c\u200b\u5b8c\u200b\u811a\u672c\u200b\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u6267\u884c\u547d\u4ee4\u200b\u5173\u95ed\u200b IPsec\uff1a
# bash ipsec.sh stop\n
\u200b\u6216\u8005\u200b\u6267\u884c\u547d\u4ee4\u200b\u518d\u6b21\u200b\u6253\u5f00\u200b\uff1a
# bash ipsec.sh start\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/","title":"OVN SNAT \u200b\u57fa\u4e8e\u200b ECMP BFD \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u7684\u200b L3 HA \u200b\u652f\u6301","text":"\u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u57fa\u4e8e\u200b ovn snat \u200b\u540e\u200b\u57fa\u4e8e\u200b ecmp \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u54c8\u5e0c\u200b\u5230\u200b\u591a\u4e2a\u200b gw node ovnext0 \u200b\u7f51\u5361\u200b\u51fa\u200b\u516c\u7f51\u200b
- \u200b\u652f\u6301\u200b\u57fa\u4e8e\u200b bfd \u200b\u7684\u200b\u9ad8\u200b\u53ef\u7528\u200b
- \u200b\u4ec5\u200b\u652f\u6301\u200b hash \u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b
graph LR\n\npod-->vpc-subnet-->vpc-->snat-->ecmp-->external-subnet-->gw-node1-ovnext0--> node1-external-switch\nexternal-subnet-->gw-node2-ovnext0--> node2-external-switch\nexternal-subnet-->gw-node3-ovnext0--> node3-external-switch
\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u548c\u200bovn-eip-fip-snat.md \u200b\u57fa\u672c\u4e00\u81f4\u200b\uff0c\u200b\u4e00\u81f4\u200b\u7684\u200b\u90e8\u5206\u200b\u5305\u62ec\u200b install.sh \u200b\u7684\u200b\u90e8\u7f72\u200b\u90e8\u5206\u200b\uff0cprovider-network\uff0cvlan\uff0csubnet \u200b\u7684\u200b\u51c6\u5907\u200b\u90e8\u5206\u200b\u3002
\u200b\u81f3\u4e8e\u200b\u4e0d\u200b\u76f8\u540c\u200b\u7684\u200b\u90e8\u5206\u200b\uff0c\u200b\u4f1a\u200b\u5728\u200b\u4ee5\u4e0b\u200b\u90e8\u5206\u200b\u5177\u4f53\u200b\u9610\u8ff0\u200b\uff0c\u200b\u4e3b\u8981\u200b\u5305\u62ec\u200b lsp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn-eip \u200b\u7684\u200b\u521b\u5efa\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u57fa\u4e8e\u200b vpc enable_bfd \u200b\u81ea\u52a8\u200b\u7ef4\u62a4\u200b bfd \u200b\u4ee5\u53ca\u200b ecmp \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u3002
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#1","title":"1. \u200b\u90e8\u7f72","text":""},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#11-underlay","title":"1.1 \u200b\u51c6\u5907\u200b underlay \u200b\u516c\u7f51\u200b\u7f51\u7edc","text":""},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#12-vpc-eip_snat","title":"1.2 \u200b\u9ed8\u8ba4\u200b vpc \u200b\u542f\u7528\u200b eip_snat","text":""},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#13-vpc-eip-snat-fip","title":"1.3 \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u542f\u7528\u200b eip snat fip \u200b\u529f\u80fd","text":"\u200b\u4ee5\u4e0a\u200b\u90e8\u5206\u200b\u548c\u200b ovn-eip-fip-snat.md \u200b\u5b8c\u5168\u4e00\u81f4\u200b\uff0c\u200b\u8fd9\u4e9b\u200b\u529f\u80fd\u200b\u9a8c\u8bc1\u200b\u901a\u8fc7\u200b\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u57fa\u4e8e\u200b\u5982\u4e0b\u200b\u65b9\u5f0f\u200b\uff0c\u200b\u5c06\u200b vpc \u200b\u5207\u6362\u200b\u5230\u200b\u57fa\u4e8e\u200b ecmp \u200b\u7684\u200b bfd \u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff0c\u200b\u5f53\u7136\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u5207\u56de\u200b\u3002
\u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u4f7f\u7528\u200b\u8be5\u200b\u529f\u80fd\u200b\u4e4b\u524d\u200b\uff0c\u200b\u9700\u8981\u200b\u5148\u200b\u63d0\u4f9b\u200b\u597d\u7f51\u200b\u5173\u8282\u70b9\u200b\uff0c\u200b\u81f3\u5c11\u200b\u9700\u8981\u200b\u63d0\u4f9b\u200b 2 \u200b\u4e2a\u200b\u4ee5\u4e0a\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\uff0c\u200b\u6ce8\u610f\u200b\u5f53\u524d\u200b\u5b9e\u73b0\u200b ovn-eip \u200b\u7684\u200b\u540d\u5b57\u200b\u5fc5\u987b\u200b\u548c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u540d\u200b\u4fdd\u6301\u4e00\u81f4\u200b\uff0c\u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u505a\u200b\u8be5\u200b\u8d44\u6e90\u200b\u7684\u200b\u81ea\u52a8\u5316\u200b\u7ef4\u62a4\u200b\u3002
# cat gw-node-eip.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-1\nspec:\n externalSubnet: external204\n type: lsp\n\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-2\nspec:\n externalSubnet: external204\n type: lsp\n\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-3\nspec:\n externalSubnet: external204\n type: lsp\n
\u200b\u7531\u4e8e\u200b\u8fd9\u4e2a\u200b\u573a\u666f\u200b\u76ee\u524d\u200b\u8bbe\u8ba1\u200b\u4e0a\u200b\u662f\u200b\u4f9b\u200b vpc ecmp \u200b\u51fa\u200b\u516c\u7f51\u200b\u4f7f\u7528\u200b\uff0c\u200b\u6240\u4ee5\u200b\u4ee5\u4e0a\u200b\u5728\u200b\u6ca1\u6709\u200b vpc \u200b\u542f\u7528\u200b bfd \u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u5373\u200b\u4e0d\u200b\u5b58\u5728\u200b\u5e26\u6709\u200b enable bfd \u200b\u6807\u7b7e\u200b\u7684\u200b lrp \u200b\u7684\u200b ovn eip \u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u4e0d\u4f1a\u200b\u89e6\u53d1\u200b\u521b\u5efa\u200b\u7f51\u5173\u200b\u7f51\u5361\u200b\uff0c\u200b\u4e5f\u200b\u65e0\u6cd5\u200b\u6210\u529f\u200b\u542f\u52a8\u200b\u5bf9\u7aef\u200b bfd \u200b\u4f1a\u8bdd\u200b\u7684\u200b\u76d1\u542c\u200b\u3002
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#2-vpc-ecmp-bfd-l3-ha","title":"2. \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u542f\u7528\u200b ecmp bfd L3 HA \u200b\u516c\u7f51\u200b\u529f\u80fd","text":"# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc1\nspec:\n namespaces:\n - vpc1\n enableExternal: true\n enableBfd: true # bfd \u200b\u5f00\u5173\u200b\u53ef\u4ee5\u200b\u968f\u610f\u200b\u5207\u6362\u200b\uff0c\u200b\u5f00\u200b\u8868\u793a\u200b\u542f\u7528\u200b bfd ecmp \u200b\u8def\u7531\u200b\n #enableBfd: false \n\n\n# cat 02-subnet.yml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: vpc1-subnet1\nspec:\n cidrBlock: 192.168.0.0/24\n default: false\n disableGatewayCheck: false\n disableInterConnection: true\n enableEcmp: true # \u200b\u53ea\u200b\u9700\u200b\u5f00\u542f\u200b ecmp\n gatewayNode: \"\"\n gatewayType: distributed\n #gatewayType: centralized\n natOutgoing: false\n private: false\n protocol: IPv4\n provider: ovn\n vpc: vpc1\n namespaces:\n - vpc1\n
\u200b\u4f7f\u7528\u200b\u4e0a\u200b\u7684\u200b\u6ce8\u610f\u200b\u70b9\u200b:
- \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u4e0b\u200b\u7684\u200b ecmp \u200b\u53ea\u7528\u200b\u9759\u6001\u200b ecmp bfd \u200b\u8def\u7531\u200b\uff0cvpc enableBfd \u200b\u548c\u200b subnet enableEcmp \u200b\u540c\u65f6\u200b\u5f00\u542f\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u624d\u200b\u4f1a\u200b\u751f\u6548\u200b\uff0c\u200b\u624d\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ba1\u7406\u200b\u9759\u6001\u200b ecmp bfd \u200b\u8def\u7531\u200b\u3002
- \u200b\u4e0a\u8ff0\u200b\u914d\u7f6e\u200b\u5173\u95ed\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5207\u56de\u200b\u5e38\u89c4\u200b\u9ed8\u8ba4\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u3002
- \u200b\u9ed8\u8ba4\u200b vpc \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\u8be5\u200b\u529f\u80fd\u200b\uff0c\u200b\u4ec5\u200b\u652f\u6301\u200b\u81ea\u5b9a\u4e49\u200b vpc\uff0c\u200b\u9ed8\u8ba4\u200b vpc \u200b\u6709\u200b\u66f4\u200b\u590d\u6742\u200b\u7684\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4ee5\u53ca\u200b snat \u200b\u8bbe\u8ba1\u200b\u3002
- \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u7684\u200b subnet \u200b\u7684\u200b enableEcmp \u200b\u4ec5\u200b\u4f7f\u7528\u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff0c\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b gatewayType \u200b\u6ca1\u6709\u200b\u4f5c\u7528\u200b\u3002
- \u200b\u5f53\u200b\u5173\u95ed\u200b EnableExternal \u200b\u65f6\u200b\uff0cvpc \u200b\u5185\u200b\u65e0\u6cd5\u200b\u901a\u5916\u200b\u7f51\u200b\u3002
- \u200b\u5f53\u200b\u5f00\u542f\u200b EnableExternal \u200b\u65f6\u200b\uff0c\u200b\u5173\u95ed\u200b EnableBfd \u200b\u65f6\u200b\uff0c\u200b\u4f1a\u200b\u57fa\u4e8e\u200b\u666e\u901a\u200b\u9ed8\u8ba4\u200b\u8def\u7531\u200b\u4e0a\u200b\u5916\u7f51\u200b\uff0c\u200b\u4e0d\u200b\u5177\u5907\u200b\u9ad8\u200b\u53ef\u7528\u200b\u3002
# \u200b\u4e0a\u8ff0\u200b\u6a21\u677f\u200b\u5e94\u7528\u200b\u540e\u200b ovn \u200b\u903b\u8f91\u200b\u5c42\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\n# \u200b\u67e5\u770b\u200b vpc\n# k get vpc\nNAME ENABLEEXTERNAL ENABLEBFD STANDBY SUBNETS NAMESPACES\novn-cluster true true [\"external204\",\"join\",\"ovn-default\"]\nvpc1 true true true [\"vpc1-subnet1\"] [\"vpc1\"]\n\n# \u200b\u9ed8\u8ba4\u200b vpc \u200b\u672a\u200b\u652f\u6301\u200b ENABLEBFD\n# \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u5df2\u200b\u652f\u6301\u200b\u4e14\u200b\u5df2\u200b\u542f\u7528\u200b\n\n\n# 1. \u200b\u521b\u5efa\u200b\u4e86\u200b bfd \u200b\u4f1a\u8bdd\u200b\n# k ko nbctl list bfd\n_uuid : be7df545-2c4c-4751-878f-b3507987f050\ndetect_mult : 3\ndst_ip : \"10.5.204.121\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n_uuid : 684c4489-5b59-4693-8d8c-3beab93f8093\ndetect_mult : 3\ndst_ip : \"10.5.204.109\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n_uuid : f0f62077-2ae9-4e79-b4f8-a446ec6e784c\ndetect_mult : 3\ndst_ip : \"10.5.204.108\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n### \u200b\u6ce8\u610f\u200b\u6240\u6709\u200b status \u200b\u6b63\u5e38\u200b\u90fd\u200b\u5e94\u8be5\u200b\u662f\u200b up \u200b\u7684\u200b\n\n# 2. \u200b\u521b\u5efa\u200b\u4e86\u200b\u57fa\u4e8e\u200b bfd \u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\n# k ko nbctl lr-route-list vpc1\nIPv4 Routes\nRoute Table <main>:\n 192.168.0.0/24 10.5.204.108 src-ip ecmp ecmp-symmetric-reply bfd\n 192.168.0.0/24 10.5.204.109 src-ip ecmp ecmp-symmetric-reply bfd\n 192.168.0.0/24 10.5.204.121 src-ip ecmp ecmp-symmetric-reply bfd\n\n# 3. \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u8be6\u60c5\u200b\n# k ko nbctl find Logical_Router_Static_Route policy=src-ip options=ecmp_symmetric_reply=\"true\"\n_uuid : 3aacb384-d5ee-4b14-aebf-59e8c11717ba\nbfd : 684c4489-5b59-4693-8d8c-3beab93f8093\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.109\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n\n_uuid : 18bcc585-bc05-430b-925b-ef673c8e1aef\nbfd : f0f62077-2ae9-4e79-b4f8-a446ec6e784c\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.108\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n\n_uuid : 7d0a4e6b-cde0-4110-8176-fbaf19738498\nbfd : be7df545-2c4c-4751-878f-b3507987f050\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.121\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n
# \u200b\u540c\u65f6\u200b\u5728\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u90fd\u200b\u5e94\u8be5\u200b\u5177\u5907\u200b\u4ee5\u4e0b\u200b\u8d44\u6e90\u200b\n\n[root@pc-node-1 ~]# ip netns exec ovnext bash ip a\n/usr/sbin/ip: /usr/sbin/ip: cannot execute binary file\n[root@pc-node-1 ~]#\n[root@pc-node-1 ~]# ip netns exec ovnext ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1541: ovnext0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UNKNOWN group default qlen 1000\n link/ether 00:00:00:ab:bd:87 brd ff:ff:ff:ff:ff:ff\n inet 10.5.204.108/24 brd 10.5.204.255 scope global ovnext0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:feab:bd87/64 scope link\n valid_lft forever preferred_lft forever\n[root@pc-node-1 ~]#\n[root@pc-node-1 ~]# ip netns exec ovnext route -n\nKernel IP routing table\nDestination Gateway Genmask Flags Metric Ref Use Iface\n0.0.0.0 10.5.204.254 0.0.0.0 UG 0 0 0 ovnext0\n10.5.204.0 0.0.0.0 255.255.255.0 U 0 0 0 ovnext0\n\n## \u200b\u6ce8\u610f\u200b\u4ee5\u4e0a\u200b\u5185\u5bb9\u200b\u548c\u200b\u4e00\u4e2a\u200b internal port unerlay \u200b\u516c\u7f51\u200b pod \u200b\u5185\u90e8\u200b\u7684\u200b ns \u200b\u5927\u81f4\u200b\u662f\u200b\u4e00\u81f4\u200b\u7684\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u53ea\u662f\u200b\u5728\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u4e0a\u200b\u5355\u72ec\u200b\u7ef4\u62a4\u200b\u4e86\u200b\u4e00\u4e2a\u200b ns\n\n[root@pc-node-1 ~]# ip netns exec ovnext bfdd-control status\nThere are 1 sessions:\nSession 1\n id=1 local=10.5.204.108 (p) remote=10.5.204.122 state=Up\n\n## \u200b\u8fd9\u91cc\u200b\u5373\u200b\u662f\u200b lrp bfd \u200b\u4f1a\u8bdd\u200b\u7684\u200b\u53e6\u4e00\u7aef\u200b\uff0c\u200b\u4e5f\u200b\u662f\u200b lrp ecmp \u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u7684\u200b\u5176\u4e2d\u200b\u4e00\u4e2a\u200b\n\n\n[root@pc-node-1 ~]# ip netns exec ovnext ping -c1 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=1 ttl=115 time=21.6 ms\n\n# \u200b\u5230\u200b\u516c\u7f51\u200b\u6ca1\u200b\u95ee\u9898\u200b\n
\u200b\u53ef\u4ee5\u200b\u5728\u200b\u67d0\u200b\u4e00\u4e2a\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u7684\u200b ovnext ns \u200b\u5185\u200b\u6293\u200b\u5230\u200b\u51fa\u53bb\u200b\u7684\u200b\u5305\u200b
# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n^C\n0 packets captured\n0 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-1 ~]# exit\n[root@pc-node-1 ~]# ssh pc-node-2\nLast login: Thu Feb 23 09:21:08 2023 from 10.5.32.51\n[root@pc-node-2 ~]# ip netns exec ovnext bash\n[root@pc-node-2 ~]# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n^C\n0 packets captured\n0 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-2 ~]# exit\n[root@pc-node-2 ~]# logout\nConnection to pc-node-2 closed.\n[root@pc-node-1 ~]# ssh pc-node-3\nLast login: Thu Feb 23 08:32:41 2023 from 10.5.32.51\n[root@pc-node-3 ~]# ip netns exec ovnext bash\n[root@pc-node-3 ~]# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n00:00:00:2d:f8:ce > 00:00:00:fd:b2:a4, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 57978, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.204.102 > 223.5.5.5: ICMP echo request, id 22, seq 71, length 64\n00:00:00:fd:b2:a4 > dc:ef:80:5a:44:1a, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 57978, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.204.102 > 223.5.5.5: ICMP echo request, id 22, seq 71, length 64\n^C\n2 packets captured\n2 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-3 ~]#\n\n# \u200b\u53ef\u4ee5\u200b\u5728\u200b\u8be5\u200b\u8282\u70b9\u200b down \u200b\u6389\u200b\u51fa\u53bb\u200b\u7684\u200b\u7f51\u5361\u200b\uff0c\u200b\u7136\u540e\u200b\u770b\u200b pod \u200b\u51fa\u53bb\u200b\u7684\u200b\u5305\u200b\u5728\u200b\u7f51\u7edc\u200b\u4e2d\u65ad\u200b\u4e2d\u200b\u4f1a\u200b\u51fa\u73b0\u200b\u51e0\u4e2a\u200b\u5305\u200b\n# \u200b\u4e00\u822c\u200b\u90fd\u200b\u4f1a\u200b\u770b\u5230\u200b\u4e22\u200b 3 \u200b\u4e2a\u200b\u5305\u200b\n
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#3-bfd","title":"3. \u200b\u5173\u95ed\u200b bfd \u200b\u6a21\u5f0f","text":"\u200b\u5728\u200b\u67d0\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u53ef\u80fd\u200b\u60f3\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\uff08\u200b\u96c6\u4e2d\u5f0f\u200b\uff09\u200b\u5355\u4e2a\u200b\u7f51\u5173\u200b\u76f4\u63a5\u200b\u51fa\u200b\u516c\u7f51\u200b\uff0c\u200b\u8fd9\u4e2a\u200b\u65f6\u5019\u200b\u548c\u200b\u9ed8\u8ba4\u200b vpc enable_eip_snat \u200b\u7684\u200b\u4f7f\u7528\u200b\u6a21\u5f0f\u200b\u662f\u200b\u4e00\u81f4\u200b\u7684\u200b
# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc2\nspec:\n namespaces:\n - vpc2\n enableExternal: true\n #enableBfd: true\n enableBfd: false\n\n## \u200b\u5c06\u200b bfd \u200b\u529f\u80fd\u200b\u76f4\u63a5\u200b\u7981\u7528\u200b\u5373\u53ef\u200b\n\n# k ko nbctl lr-route-list vpc2\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 10.5.204.254 dst-ip\n\n# \u200b\u5e94\u7528\u200b\u540e\u200b\u8def\u7531\u200b\u4f1a\u200b\u5207\u6362\u200b\u56de\u200b\u6b63\u5e38\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u9759\u6001\u200b\u8def\u7531\u200b\n# \u200b\u540c\u65f6\u200b nbctl list bfd \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b lrp \u200b\u5173\u8054\u200b\u7684\u200b bfd \u200b\u4f1a\u8bdd\u200b\u5df2\u7ecf\u200b\u79fb\u9664\u200b\n# \u200b\u800c\u4e14\u200b ovnext ns \u200b\u4e2d\u200b\u7684\u200b\u5bf9\u200b\u7aef\u200b bfd \u200b\u4f1a\u8bdd\u200b\u4e5f\u200b\u81ea\u52a8\u200b\u79fb\u9664\u200b\n# \u200b\u8be5\u200b\u5207\u6362\u200b\u8fc7\u7a0b\u200b\u4fdd\u6301\u200b vpc subnet \u200b\u5185\u200b\u4fdd\u6301\u200b ping \u200b\u672a\u200b\u770b\u5230\u200b(\u200b\u79d2\u7ea7\u200b)\u200b\u4e22\u5305\u200b\n# \u200b\u518d\u200b\u5207\u6362\u200b\u56de\u53bb\u200b \u200b\u4e5f\u200b\u672a\u200b\u770b\u5230\u200b(\u200b\u79d2\u7ea7\u200b)\u200b\u4e22\u5305\u200b\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-remote-port-mirroring/","title":"OVN \u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"\u200b\u6b64\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u6307\u5b9a\u200b Pod\u3001\u200b\u6307\u5b9a\u200b\u65b9\u5411\u200b\u7684\u200b\u6d41\u91cf\u200b\uff0c\u200b\u901a\u8fc7\u200b GRE/ERSPAN \u200b\u5c01\u88c5\u200b\u540e\u200b\uff0c\u200b\u4f20\u8f93\u200b\u5230\u200b\u8fdc\u7aef\u200b\u3002
\u200b\u6b64\u200b\u529f\u80fd\u200b\u8981\u6c42\u200b Kube-OVN \u200b\u7248\u672c\u200b\u4e0d\u200b\u4f4e\u4e8e\u200b v1.12\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#multus-cni","title":"\u90e8\u7f72\u200b Multus-CNI","text":"\u200b\u53c2\u8003\u200b Multus-CNI \u200b\u6587\u6863\u200b \u200b\u90e8\u7f72\u200b Multus\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#_1","title":"\u521b\u5efa\u200b\u9644\u5c5e\u200b\u7f51\u7edc","text":"\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u5185\u5bb9\u200b\u521b\u5efa\u200b\u9644\u5c5e\u200b\u7f51\u7edc\u200b\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: attachnet\n namespace: default\nspec:\n config: |\n {\n \"cniVersion\": \"0.3.1\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"attachnet.default.ovn\"\n }\n
\u200b\u5176\u4e2d\u200b provider \u200b\u5b57\u200b\u6bb5\u200b\u683c\u5f0f\u200b\u4e3a\u200b <NAME>.<NAMESPACE>.ovn\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#underlay","title":"\u521b\u5efa\u200b Underlay \u200b\u7f51\u7edc","text":"\u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u662f\u200b\u5c01\u88c5\u200b\u540e\u200b\u8fdb\u884c\u200b\u4f20\u8f93\u200b\u7684\u200b\uff0c\u200b\u56e0\u6b64\u200b\u7528\u4e8e\u200b\u4f20\u8f93\u200b\u7684\u200b\u7f51\u7edc\u200b\uff0cMTU \u200b\u9700\u8981\u200b\u5927\u4e8e\u200b\u88ab\u200b\u955c\u50cf\u200b\u7684\u200b LSP/Pod\u3002\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b Underlay \u200b\u4f5c\u4e3a\u200b\u4f20\u8f93\u200b\u7f51\u7edc\u200b\u3002
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u5185\u5bb9\u200b\u521b\u5efa\u200b Underlay \u200b\u7f51\u7edc\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: net1\nspec:\n defaultInterface: eth1\n---\napiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan1\nspec:\n id: 0\n provider: net1\n---\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.19.0.0/16\n excludeIps:\n - 172.19.0.2..172.19.0.20\n gateway: 172.19.0.1\n vlan: vlan1\n provider: attachnet.default.ovn\n
\u200b\u5176\u4e2d\u200b\uff0c\u200b\u5b50\u7f51\u200b\u7684\u200b provider \u200b\u5fc5\u987b\u200b\u4e0e\u200b\u9644\u5c5e\u200b\u7f51\u7edc\u200b\u7684\u200b provider \u200b\u76f8\u540c\u200b\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#pod","title":"\u521b\u5efa\u200b\u6d41\u91cf\u200b\u63a5\u6536\u200b Pod","text":"\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u5185\u5bb9\u200b\u521b\u5efa\u200b\u7528\u4e8e\u200b\u63a5\u6536\u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u7684\u200b Pod\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: pod1\n annotations:\n k8s.v1.cni.cncf.io/networks: default/attachnet\nspec:\n containers:\n - name: bash\n image: docker.io/kubeovn/kube-ovn:v1.12.13\n args:\n - bash\n - -c\n - sleep infinity\n securityContext:\n privileged: true\n
\u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\u540e\u200b\uff0c\u200b\u67e5\u770b\u200b Pod \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff1a
$ kubectl get ips | grep pod1\npod1.default 10.16.0.12 00:00:00:FF:34:24 kube-ovn-worker ovn-default\npod1.default.attachnet.default.ovn 172.19.0.21 00:00:00:A0:30:68 kube-ovn-worker subnet1\n
\u200b\u8bb0\u4f4f\u200b\u7b2c\u4e8c\u200b\u7f51\u5361\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b 172.19.0.21\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#ovn_1","title":"\u521b\u5efa\u200b OVN \u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\u521b\u5efa\u200b OVN \u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\uff1a
kubectl ko nbctl mirror-add mirror1 gre 99 from-lport 172.19.0.21\nkubectl ko nbctl lsp-attach-mirror coredns-787d4945fb-gpnkb.kube-system mirror1\n
\u200b\u5176\u4e2d\u200b coredns-787d4945fb-gpnkb.kube-system \u200b\u662f\u200b OVN LSP \u200b\u7684\u200b\u540d\u79f0\u200b\uff0c\u200b\u683c\u5f0f\u200b\u901a\u5e38\u200b\u4e3a\u200b <POD_NAME>.<POD_NAMESPACE>\u3002
\u200b\u76f8\u5173\u200b\u7684\u200b OVN \u200b\u547d\u4ee4\u200b\u4f7f\u7528\u200b\u65b9\u6cd5\u200b\u5982\u4e0b\u200b\uff1a
ovn-nbctl mirror-add <NAME> <TYPE> <INDEX> <FILTER> <IP>\n\nNAME - add a mirror with given name\nTYPE - specify TYPE 'gre' or 'erspan'\nINDEX - specify the tunnel INDEX value\n (indicates key if GRE, erpsan_idx if ERSPAN)\nFILTER - specify FILTER for mirroring selection\n ('to-lport' / 'from-lport')\nIP - specify Sink / Destination i.e. Remote IP\n\novn-nbctl mirror-del [NAME] remove mirrors\novn-nbctl mirror-list print mirrors\n\novn-nbctl lsp-attach-mirror PORT MIRROR attach source PORT to MIRROR\novn-nbctl lsp-detach-mirror PORT MIRROR detach source PORT from MIRROR\n
"},{"location":"advance/ovn-remote-port-mirroring/#pod_1","title":"\u914d\u7f6e\u200b\u6d41\u91cf\u200b\u63a5\u6536\u200b Pod","text":"\u200b\u5728\u200b\u524d\u9762\u200b\u521b\u5efa\u200b\u7684\u200b Pod \u200b\u4e2d\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff1a
root@pod1:/kube-ovn# ip link add mirror1 type gretap local 172.19.0.21 key 99 dev net1\nroot@pod1:/kube-ovn# ip link set mirror1 up\n
\u200b\u63a5\u4e0b\u6765\u200b\u5c31\u200b\u53ef\u4ee5\u200b\u5728\u200b\u63a5\u6536\u200b\u6d41\u91cf\u200b\u7684\u200b Pod \u200b\u4e2d\u200b\u8fdb\u884c\u200b\u6293\u5305\u200b\u9a8c\u8bc1\u200b\uff1a
root@pod1:/kube-ovn# tcpdump -i mirror1 -nnve\ntcpdump: listening on mirror1, link-type EN10MB (Ethernet), snapshot length 262144 bytes\n05:13:30.328808 00:00:00:a3:f5:e2 > 00:00:00:97:0f:6e, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.16.0.7 tell 10.16.0.4, length 28\n05:13:30.559167 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 212: (tos 0x0, ttl 64, id 57364, offset 0, flags [DF], proto UDP (17), length 198)\n 10.16.0.4.53 > 10.16.0.6.50472: 34511 NXDomain*- 0/1/1 (170)\n05:13:30.559343 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 212: (tos 0x0, ttl 64, id 57365, offset 0, flags [DF], proto UDP (17), length 198)\n 10.16.0.4.53 > 10.16.0.6.45177: 1659 NXDomain*- 0/1/1 (170)\n05:13:30.560625 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 200: (tos 0x0, ttl 64, id 57367, offset 0, flags [DF], proto UDP (17), length 186)\n 10.16.0.4.53 > 10.16.0.6.43848: 2636*- 0/1/1 (158)\n05:13:30.562774 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 191: (tos 0x0, ttl 64, id 57368, offset 0, flags [DF], proto UDP (17), length 177)\n 10.16.0.4.53 > 10.16.0.6.37755: 48737 NXDomain*- 0/1/1 (149)\n05:13:30.563523 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 187: (tos 0x0, ttl 64, id 57369, offset 0, flags [DF], proto UDP (17), length 173)\n 10.16.0.4.53 > 10.16.0.6.53887: 45519 NXDomain*- 0/1/1 (145)\n05:13:30.564940 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 201: (tos 0x0, ttl 64, id 57370, offset 0, flags [DF], proto UDP (17), length 187)\n 10.16.0.4.53 > 10.16.0.6.40846: 25745 NXDomain*- 0/1/1 (159)\n05:13:30.565140 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 201: (tos 0x0, ttl 64, id 57371, offset 0, flags [DF], proto UDP (17), length 187)\n 10.16.0.4.53 > 10.16.0.6.45214: 61875 NXDomain*- 0/1/1 (159)\n05:13:30.566023 00:00:00:a3:f5:e2 > 00:00:00:55:e4:4e, ethertype IPv4 (0x0800), length 80: (tos 0x0, ttl 64, id 45937, offset 0, flags [DF], proto UDP (17), length 66)\n 10.16.0.4.44116 > 172.18.0.1.53: 16025+ [1au] AAAA? alauda.cn. (38)\n
"},{"location":"advance/ovn-remote-port-mirroring/#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":" - \u200b\u5982\u679c\u200b\u4f7f\u7528\u200b ERSPAN \u200b\u4f5c\u4e3a\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\uff0cOVN \u200b\u8282\u70b9\u200b\u53ca\u200b\u8fdc\u7aef\u200b\u8bbe\u5907\u200b\u7684\u200b Linux \u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e0d\u5f97\u200b\u4f4e\u4e8e\u200b 4.14\u3002\u200b\u82e5\u200b\u4f7f\u7528\u200b ERSPAN \u200b\u4f5c\u4e3a\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\u4e14\u200b\u4f7f\u7528\u200b IPv6 \u200b\u4f5c\u4e3a\u200b\u4f20\u8f93\u200b\u7f51\u7edc\u200b\uff0cLinux \u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e0d\u5f97\u200b\u4f4e\u4e8e\u200b 4.16\u3002
- \u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u7684\u200b\u4f20\u8f93\u200b\u662f\u200b\u5355\u5411\u200b\u7684\u200b\uff0c\u200b\u53ea\u200b\u9700\u200b\u4fdd\u8bc1\u200b OVN \u200b\u8282\u70b9\u200b\u80fd\u591f\u200b\u8bbf\u95ee\u200b\u8fdc\u7aef\u200b\u8bbe\u5907\u200b\u5373\u53ef\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/performance-tuning/","title":"\u6027\u80fd\u200b\u8c03\u4f18","text":"\u200b\u4e3a\u4e86\u200b\u4fdd\u6301\u200b\u5b89\u88c5\u200b\u7684\u200b\u7b80\u5355\u200b\u548c\u200b\u529f\u80fd\u200b\u7684\u200b\u5b8c\u5907\u200b\uff0cKube-OVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u5e76\u200b\u6ca1\u6709\u200b\u5bf9\u200b\u6027\u80fd\u200b\u9488\u5bf9\u6027\u200b\u7684\u200b\u4f18\u5316\u200b\u3002\u200b\u5982\u679c\u200b\u5e94\u7528\u200b\u5bf9\u200b\u5ef6\u8fdf\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u654f\u611f\u200b\uff0c \u200b\u7ba1\u7406\u5458\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u672c\u200b\u6587\u6863\u200b\u5bf9\u200b\u6027\u80fd\u200b\u8fdb\u884c\u200b\u9488\u5bf9\u6027\u200b\u4f18\u5316\u200b\u3002
\u200b\u793e\u533a\u200b\u4f1a\u200b\u4e0d\u65ad\u200b\u8fed\u4ee3\u200b\u63a7\u5236\u9762\u677f\u200b\u548c\u200b\u4f18\u5316\u200b\u9762\u200b\u7684\u200b\u6027\u80fd\u200b\uff0c\u200b\u90e8\u5206\u200b\u901a\u7528\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u5df2\u7ecf\u200b\u96c6\u6210\u200b\u5230\u200b\u6700\u65b0\u200b\u7248\u672c\u200b\uff0c\u200b\u5efa\u8bae\u200b\u4f7f\u7528\u200b\u6700\u65b0\u200b\u7248\u672c\u200b\u83b7\u5f97\u200b\u66f4\u597d\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u6027\u80fd\u200b\u3002
\u200b\u66f4\u200b\u591a\u200b\u5173\u4e8e\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u7684\u200b\u8fc7\u7a0b\u200b\u548c\u200b\u65b9\u6cd5\u8bba\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u89c2\u770b\u200b\u89c6\u9891\u200b\u5206\u4eab\u200b\uff1aKube-OVN \u200b\u5bb9\u5668\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u4e4b\u65c5\u200b\u3002
"},{"location":"advance/performance-tuning/#_2","title":"\u57fa\u51c6\u200b\u6d4b\u8bd5","text":"\u200b\u7531\u4e8e\u200b\u8f6f\u786c\u4ef6\u200b\u73af\u5883\u200b\u7684\u200b\u5dee\u5f02\u200b\u6781\u5927\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u63d0\u4f9b\u200b\u7684\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u6570\u636e\u200b\u53ea\u80fd\u200b\u4f5c\u4e3a\u200b\u53c2\u8003\u200b\uff0c\u200b\u5b9e\u9645\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b\u4f1a\u200b\u548c\u200b\u672c\u200b\u6587\u6863\u200b\u4e2d\u200b\u7684\u200b\u7ed3\u679c\u200b\u5b58\u5728\u200b\u8f83\u5927\u200b\u5dee\u5f02\u200b\u3002 \u200b\u5efa\u8bae\u200b\u6bd4\u8f83\u200b\u4f18\u5316\u200b\u524d\u540e\u200b\u7684\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b\uff0c\u200b\u548c\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u548c\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\u6bd4\u8f83\u200b\u3002
"},{"location":"advance/performance-tuning/#overlay","title":"Overlay \u200b\u4f18\u5316\u200b\u524d\u540e\u200b\u6027\u80fd\u200b\u5bf9\u6bd4","text":"\u200b\u73af\u5883\u200b\u4fe1\u606f\u200b\uff1a
- Kubernetes: 1.22.0
- OS: CentOS 7
- Kube-OVN: 1.8.0 Overlay \u200b\u6a21\u5f0f\u200b
- CPU: Intel(R) Xeon(R) E-2278G
- Network: 2*10Gbps, xmit_hash_policy=layer3+4
\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b qperf -t 60 <server ip> -ub -oo msg_size:1 -vu tcp_lat tcp_bw udp_lat udp_bw \u200b\u6d4b\u8bd5\u200b 1 \u200b\u5b57\u8282\u200b\u5c0f\u5305\u200b\u4e0b\u200b tcp/udp \u200b\u7684\u200b\u5e26\u5bbd\u200b\u548c\u200b\u5ef6\u8fdf\u200b\uff0c\u200b\u5206\u522b\u200b\u6d4b\u8bd5\u200b\u4f18\u5316\u200b\u524d\u200b\uff0c\u200b\u4f18\u5316\u200b\u540e\u200b\u4ee5\u53ca\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\uff1a
Type tcp_lat (us) udp_lat (us) tcp_bw (Mb/s) udp_bw(Mb/s) Kube-OVN Default 25.7 22.9 27.1 1.59 Kube-OVN Optimized 13.9 12.9 27.6 5.57 HOST Network 13.1 12.4 28.2 6.02"},{"location":"advance/performance-tuning/#overlay-underlay-calico","title":"Overlay\uff0c Underlay \u200b\u4ee5\u53ca\u200b Calico \u200b\u4e0d\u540c\u200b\u6a21\u5f0f\u200b\u6027\u80fd\u200b\u5bf9\u6bd4","text":"\u200b\u4e0b\u9762\u200b\u6211\u4eec\u200b\u4f1a\u200b\u6bd4\u8f83\u200b\u4f18\u5316\u200b\u540e\u200b Kube-OVN \u200b\u5728\u200b\u4e0d\u540c\u200b\u5305\u200b\u5927\u5c0f\u200b\u4e0b\u200b\u7684\u200b Overlay \u200b\u548c\u200b Underlay \u200b\u6027\u80fd\u200b\uff0c\u200b\u5e76\u200b\u548c\u200b Calico \u200b\u7684\u200b IPIP Always, IPIP never \u200b\u4ee5\u53ca\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u505a\u200b\u6bd4\u8f83\u200b\u3002
Environment:
- Kubernetes: 1.22.0
- OS: CentOS 7
- Kube-OVN: 1.8.0
- CPU: AMD EPYC 7402P 24-Core Processor
- Network: Intel Corporation Ethernet Controller XXV710 for 25GbE SFP28
qperf -t 60 <server ip> -ub -oo msg_size:1 -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Mb/s) udp_bw(Mb/s) Kube-OVN Overlay 15.2 14.6 23.6 2.65 Kube-OVN Underlay 14.3 13.8 24.2 3.46 Calico IPIP 21.4 20.2 23.6 1.18 Calico NoEncap 19.3 16.9 23.6 1.76 HOST Network 16.6 15.4 24.8 2.64 qperf -t 60 <server ip> -ub -oo msg_size:1K -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Gb/s) udp_bw(Gb/s) Kube-OVN Overlay 16.5 15.8 10.2 2.77 Kube-OVN Underlay 15.9 14.5 9.6 3.22 Calico IPIP 22.5 21.5 1.45 1.14 Calico NoEncap 19.4 18.3 3.76 1.63 HOST Network 18.1 16.6 9.32 2.66 qperf -t 60 <server ip> -ub -oo msg_size:4K -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Gb/s) udp_bw(Gb/s) Kube-OVN Overlay 34.7 41.6 16.0 9.23 Kube-OVN Underlay 32.6 44 15.1 6.71 Calico IPIP 44.8 52.9 2.94 3.26 Calico NoEncap 40 49.6 6.56 4.19 HOST Network 35.9 45.9 14.6 5.59 \u200b\u5728\u200b\u90e8\u5206\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\u4f1a\u200b\u4f18\u4e8e\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\uff0c\u200b\u8fd9\u662f\u200b\u4f18\u4e8e\u200b\u7ecf\u8fc7\u200b\u4f18\u5316\u200b\u540e\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u8def\u5f84\u200b\u5b8c\u5168\u200b\u7ed5\u8fc7\u200b\u4e86\u200b netfilter\uff0c \u200b\u800c\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7531\u4e8e\u200b kube-proxy \u200b\u7684\u200b\u5b58\u5728\u200b\u6240\u6709\u200b\u6570\u636e\u5305\u200b\u5747\u200b\u9700\u200b\u7ecf\u8fc7\u200b netfilter\uff0c\u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u5728\u200b\u4e00\u4e9b\u200b\u73af\u5883\u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b \u200b\u7684\u200b\u6d88\u8017\u200b\u76f8\u5bf9\u200b\u66f4\u200b\u5c0f\u200b\uff0c\u200b\u56e0\u6b64\u200b\u4f1a\u200b\u6709\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\u3002
"},{"location":"advance/performance-tuning/#_3","title":"\u6570\u636e\u200b\u5e73\u9762\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u65b9\u6cd5","text":"\u200b\u8fd9\u91cc\u200b\u4ecb\u7ecd\u200b\u7684\u200b\u4f18\u5316\u200b\u65b9\u6cd5\u200b\u548c\u200b\u8f6f\u786c\u4ef6\u200b\u73af\u5883\u200b\u4ee5\u53ca\u200b\u6240\u200b\u9700\u8981\u200b\u7684\u200b\u529f\u80fd\u200b\u76f8\u5173\u200b\uff0c\u200b\u8bf7\u200b\u4ed4\u7ec6\u200b\u4e86\u89e3\u200b\u4f18\u5316\u200b\u7684\u200b\u524d\u63d0\u6761\u4ef6\u200b\u518d\u200b\u8fdb\u884c\u200b\u5c1d\u8bd5\u200b\u3002
"},{"location":"advance/performance-tuning/#cpu","title":"CPU \u200b\u6027\u80fd\u200b\u6a21\u5f0f\u200b\u8c03\u6574","text":"\u200b\u90e8\u5206\u200b\u73af\u5883\u200b\u4e0b\u200b CPU \u200b\u8fd0\u884c\u200b\u5728\u200b\u8282\u80fd\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\u5c06\u4f1a\u200b\u4e0d\u200b\u7a33\u5b9a\u200b\uff0c\u200b\u5ef6\u8fdf\u200b\u4f1a\u200b\u51fa\u73b0\u200b\u660e\u663e\u589e\u52a0\u200b\uff0c\u200b\u5efa\u8bae\u200b\u4f7f\u7528\u200b CPU \u200b\u7684\u200b\u6027\u80fd\u200b\u6a21\u5f0f\u200b\u83b7\u5f97\u200b\u66f4\u200b\u7a33\u5b9a\u200b\u7684\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\uff1a
cpupower frequency-set -g performance\n
"},{"location":"advance/performance-tuning/#_4","title":"\u7f51\u5361\u200b\u786c\u4ef6\u200b\u961f\u5217\u200b\u8c03\u6574","text":"\u200b\u5728\u200b\u6d41\u91cf\u200b\u589e\u5927\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f13\u51b2\u200b\u961f\u5217\u200b\u8fc7\u200b\u77ed\u200b\u53ef\u80fd\u200b\u5bfc\u81f4\u200b\u8f83\u200b\u9ad8\u200b\u7684\u200b\u4e22\u200b\u5305\u7387\u200b\u5bfc\u81f4\u200b\u6027\u80fd\u200b\u663e\u8457\u200b\u4e0b\u964d\u200b\uff0c\u200b\u9700\u8981\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b
\u200b\u68c0\u67e5\u200b\u5f53\u524d\u200b\u7f51\u5361\u200b\u961f\u5217\u200b\u957f\u5ea6\u200b\uff1a
# ethtool -g eno1\n Ring parameters for eno1:\n Pre-set maximums:\n RX: 4096\n RX Mini: 0\n RX Jumbo: 0\n TX: 4096\n Current hardware settings:\n RX: 255\n RX Mini: 0\n RX Jumbo: 0\n TX: 255\n
\u200b\u589e\u52a0\u200b\u961f\u5217\u200b\u957f\u5ea6\u200b\u81f3\u200b\u6700\u5927\u503c\u200b\uff1a
ethtool -G eno1 rx 4096\nethtool -G eno1 tx 4096\n
"},{"location":"advance/performance-tuning/#tuned","title":"\u4f7f\u7528\u200b tuned \u200b\u4f18\u5316\u200b\u7cfb\u7edf\u200b\u53c2\u6570","text":"tuned \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e00\u7cfb\u5217\u200b\u9884\u7f6e\u200b\u7684\u200b profile \u200b\u6587\u4ef6\u200b\u4fdd\u5b58\u200b\u4e86\u200b\u9488\u5bf9\u200b\u7279\u5b9a\u200b\u573a\u666f\u200b\u7684\u200b\u4e00\u7cfb\u5217\u200b\u7cfb\u7edf\u4f18\u5316\u200b\u914d\u7f6e\u200b\u3002
\u200b\u9488\u5bf9\u200b\u5ef6\u8fdf\u200b\u4f18\u5148\u200b\u573a\u666f\u200b\uff1a
tuned-adm profile network-latency\n
\u200b\u9488\u5bf9\u200b\u541e\u5410\u91cf\u200b\u4f18\u5148\u200b\u573a\u666f\u200b\uff1a
tuned-adm profile network-throughput\n
"},{"location":"advance/performance-tuning/#_5","title":"\u4e2d\u65ad\u200b\u7ed1\u5b9a","text":"\u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u7981\u7528\u200b irqbalance \u200b\u5e76\u200b\u5c06\u200b\u7f51\u5361\u200b\u4e2d\u65ad\u200b\u548c\u200b\u7279\u5b9a\u200b CPU \u200b\u8fdb\u884c\u200b\u7ed1\u5b9a\u200b\uff0c\u200b\u6765\u200b\u907f\u514d\u200b\u5728\u200b\u591a\u4e2a\u200b CPU \u200b\u4e4b\u95f4\u200b\u5207\u6362\u200b\u5bfc\u81f4\u200b\u7684\u200b\u6027\u80fd\u200b\u6ce2\u52a8\u200b\u3002
"},{"location":"advance/performance-tuning/#ovn-lb","title":"\u5173\u95ed\u200b OVN LB","text":"OVN \u200b\u7684\u200b L2 LB \u200b\u5b9e\u73b0\u200b\u8fc7\u7a0b\u200b\u4e2d\u200b\u9700\u8981\u200b\u8c03\u7528\u200b\u5185\u6838\u200b\u7684\u200b conntrack \u200b\u6a21\u5757\u200b\u5e76\u200b\u8fdb\u884c\u200b recirculate \u200b\u5bfc\u81f4\u200b\u5927\u91cf\u200b\u7684\u200b CPU \u200b\u5f00\u9500\u200b\uff0c\u200b\u7ecf\u200b\u6d4b\u8bd5\u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5e26\u6765\u200b 20% \u200b\u5de6\u53f3\u200b\u7684\u200b CPU \u200b\u5f00\u9500\u200b\uff0c \u200b\u5728\u200b Overlay \u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b kube-proxy \u200b\u5b8c\u6210\u200b Service \u200b\u8f6c\u53d1\u200b\u529f\u80fd\u200b\uff0c\u200b\u83b7\u5f97\u200b\u66f4\u597d\u200b\u7684\u200b Pod-to-Pod \u200b\u6027\u80fd\u200b\u3002\u200b\u53ef\u4ee5\u200b\u5728\u200b kube-ovn-controller \u200b\u4e2d\u200b\u5173\u95ed\u200b\u8be5\u200b\u529f\u80fd\u200b\uff1a
command:\n- /kube-ovn/start-controller.sh\nargs:\n...\n- --enable-lb=false\n...\n
Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b kube-proxy \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b iptables \u200b\u6216\u200b ipvs \u200b\u63a7\u5236\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\uff0c\u200b\u5982\u9700\u200b\u5173\u95ed\u200b LB \u200b\u529f\u80fd\u200b\u9700\u8981\u200b\u786e\u8ba4\u200b\u662f\u5426\u200b\u4e0d\u200b\u9700\u8981\u200b Service \u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/performance-tuning/#fastpath","title":"\u5185\u6838\u200b FastPath \u200b\u6a21\u5757","text":"\u200b\u7531\u4e8e\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u5728\u200b\u4e0d\u540c\u200b\u7684\u200b network ns\uff0c\u200b\u6570\u636e\u5305\u200b\u5728\u200b\u8de8\u200b\u5bbf\u4e3b\u673a\u200b\u4f20\u8f93\u200b\u65f6\u4f1a\u200b\u591a\u6b21\u200b\u7ecf\u8fc7\u200b netfilter \u200b\u6a21\u5757\u200b\uff0c\u200b\u4f1a\u200b\u5e26\u6765\u200b\u8fd1\u200b 20% \u200b\u7684\u200b CPU \u200b\u5f00\u9500\u200b\u3002\u200b\u7531\u4e8e\u200b\u5927\u90e8\u5206\u200b\u60c5\u51b5\u200b\u4e0b\u200b \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u5185\u200b\u5e94\u7528\u200b\u65e0\u987b\u200b\u4f7f\u7528\u200b netfilter \u200b\u6a21\u5757\u200b\u7684\u200b\u529f\u80fd\u200b\uff0cFastPath \u200b\u6a21\u5757\u200b\u53ef\u4ee5\u200b\u7ed5\u8fc7\u200b netfilter \u200b\u964d\u4f4e\u200b CPU \u200b\u5f00\u9500\u200b\u3002
\u200b\u5982\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u5185\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b netfilter \u200b\u63d0\u4f9b\u200b\u7684\u200b\u529f\u80fd\u200b\u5982\u200b iptables\uff0cipvs\uff0cnftables \u200b\u7b49\u200b\uff0c\u200b\u8be5\u200b\u6a21\u5757\u200b\u4f1a\u200b\u4f7f\u200b\u76f8\u5173\u200b\u529f\u80fd\u200b\u5931\u6548\u200b\u3002
\u200b\u7531\u4e8e\u200b\u5185\u6838\u6a21\u5757\u200b\u548c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u76f8\u5173\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b\u5355\u4e00\u200b\u9002\u5e94\u200b\u6240\u6709\u200b\u5185\u6838\u200b\u7684\u200b\u5185\u6838\u6a21\u5757\u200b\u5236\u54c1\u200b\u3002\u200b\u6211\u4eec\u200b\u9884\u5148\u200b\u7f16\u8bd1\u200b\u4e86\u200b\u90e8\u5206\u200b\u5185\u6838\u200b\u7684\u200b FastPath \u200b\u6a21\u5757\u200b\uff0c \u200b\u53ef\u4ee5\u200b\u524d\u5f80\u200b tunning-package \u200b\u8fdb\u884c\u200b\u4e0b\u8f7d\u200b\u3002
\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u624b\u52a8\u200b\u8fdb\u884c\u200b\u7f16\u8bd1\u200b\uff0c\u200b\u65b9\u6cd5\u200b\u53c2\u8003\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b FastPath \u200b\u6a21\u5757\u200b
\u200b\u83b7\u5f97\u200b\u5185\u6838\u6a21\u5757\u200b\u540e\u200b\u53ef\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4f7f\u7528\u200b insmod kube_ovn_fastpath.ko \u200b\u52a0\u8f7d\u200b FastPath \u200b\u6a21\u5757\u200b\uff0c\u200b\u5e76\u200b\u4f7f\u7528\u200b dmesg \u200b\u9a8c\u8bc1\u200b\u6a21\u5757\u200b\u52a0\u8f7d\u200b\u6210\u529f\u200b\uff1a
# dmesg\n...\n[619631.323788] init_module,kube_ovn_fastpath_local_out\n[619631.323798] init_module,kube_ovn_fastpath_post_routing\n[619631.323800] init_module,kube_ovn_fastpath_pre_routing\n[619631.323801] init_module,kube_ovn_fastpath_local_in\n...\n
"},{"location":"advance/performance-tuning/#ovs","title":"OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u4f18\u5316","text":"OVS \u200b\u7684\u200b flow \u200b\u5904\u7406\u200b\u5305\u62ec\u200b\u54c8\u5e0c\u200b\u8ba1\u7b97\u200b\uff0c\u200b\u5339\u914d\u200b\u7b49\u200b\u64cd\u4f5c\u200b\u4f1a\u200b\u6d88\u8017\u200b\u5927\u7ea6\u200b 10% \u200b\u5de6\u53f3\u200b\u7684\u200b CPU \u200b\u8d44\u6e90\u200b\u3002\u200b\u73b0\u4ee3\u200b x86 CPU \u200b\u4e0a\u200b\u7684\u200b\u4e00\u4e9b\u200b\u6307\u4ee4\u96c6\u200b\u4f8b\u5982\u200b popcnt \u200b\u548c\u200b sse4.2 \u200b\u53ef\u4ee5\u200b \u200b\u52a0\u901f\u200b\u76f8\u5173\u200b\u8ba1\u7b97\u200b\u8fc7\u7a0b\u200b\uff0c\u200b\u4f46\u200b\u5185\u6838\u200b\u9ed8\u8ba4\u200b\u7f16\u8bd1\u200b\u672a\u200b\u5f00\u542f\u200b\u76f8\u5173\u200b\u9009\u9879\u200b\u3002\u200b\u7ecf\u200b\u6d4b\u8bd5\u200b\u5728\u200b\u5f00\u542f\u200b\u76f8\u5e94\u200b\u6307\u4ee4\u96c6\u200b\u4f18\u5316\u200b\u540e\u200b\uff0cflow \u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b CPU \u200b\u6d88\u8017\u200b\u5c06\u4f1a\u200b\u964d\u81f3\u200b 5% \u200b\u5de6\u53f3\u200b\u3002
\u200b\u548c\u200b FastPath \u200b\u6a21\u5757\u200b\u7684\u200b\u7f16\u8bd1\u200b\u7c7b\u4f3c\u200b\uff0c\u200b\u7531\u4e8e\u200b\u5185\u6838\u6a21\u5757\u200b\u548c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u76f8\u5173\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b\u5355\u4e00\u200b\u9002\u5e94\u200b\u6240\u6709\u200b\u5185\u6838\u200b\u7684\u200b\u5185\u6838\u6a21\u5757\u200b\u5236\u54c1\u200b\u3002\u200b\u7528\u6237\u200b\u9700\u8981\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b\u6216\u8005\u200b \u200b\u524d\u5f80\u200b tunning-package \u200b\u67e5\u770b\u200b\u662f\u5426\u200b\u6709\u200b\u5df2\u200b\u7f16\u8bd1\u200b\u597d\u200b\u7684\u200b\u5236\u54c1\u200b\u8fdb\u884c\u200b\u4e0b\u8f7d\u200b\u3002
\u200b\u4f7f\u7528\u200b\u8be5\u200b\u5185\u6838\u6a21\u5757\u200b\u524d\u200b\u8bf7\u200b\u5148\u200b\u786e\u8ba4\u200b CPU \u200b\u662f\u5426\u200b\u652f\u6301\u200b\u76f8\u5173\u200b\u6307\u4ee4\u96c6\u200b\uff1a
cat /proc/cpuinfo | grep popcnt\ncat /proc/cpuinfo | grep sse4_2\n
"},{"location":"advance/performance-tuning/#centos","title":"CentOS \u200b\u4e0b\u200b\u7f16\u8bd1\u200b\u5b89\u88c5","text":"\u200b\u5b89\u88c5\u200b\u76f8\u5173\u200b\u7f16\u8bd1\u200b\u4f9d\u8d56\u200b\u548c\u200b\u5185\u6838\u200b\u5934\u6587\u4ef6\u200b\uff1a
yum install -y gcc kernel-devel-$(uname -r) python3 autoconf automake libtool rpm-build openssl-devel\n
\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u5e76\u200b\u751f\u6210\u200b\u5bf9\u5e94\u200b RPM \u200b\u6587\u4ef6\u200b:
git clone -b branch-2.17 --depth=1 https://github.com/openvswitch/ovs.git\ncd ovs\ncurl -s https://github.com/kubeovn/ovs/commit/2d2c83c26d4217446918f39d5cd5838e9ac27b32.patch | git apply\n./boot.sh\n./configure --with-linux=/lib/modules/$(uname -r)/build CFLAGS=\"-g -O2 -mpopcnt -msse4.2\"\nmake rpm-fedora-kmod\ncd rpm/rpmbuild/RPMS/x86_64/\n
\u200b\u590d\u5236\u200b RPM \u200b\u5230\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u5e76\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a
rpm -i openvswitch-kmod-2.15.2-1.el7.x86_64.rpm\n
\u200b\u82e5\u200b\u4e4b\u524d\u200b\u5df2\u7ecf\u200b\u542f\u52a8\u200b\u8fc7\u200b Kube-OVN\uff0c\u200b\u65e7\u7248\u672c\u200b OVS \u200b\u6a21\u5757\u200b\u5df2\u200b\u52a0\u8f7d\u200b\u81f3\u200b\u5185\u6838\u200b\uff0c\u200b\u5efa\u8bae\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u91cd\u65b0\u200b\u52a0\u8f7d\u200b\u65b0\u7248\u200b\u5185\u6838\u6a21\u5757\u200b\u3002
"},{"location":"advance/performance-tuning/#ubuntu","title":"Ubuntu \u200b\u4e0b\u200b\u7f16\u8bd1\u200b\u5b89\u88c5","text":"\u200b\u5b89\u88c5\u200b\u76f8\u5173\u200b\u7f16\u8bd1\u200b\u4f9d\u8d56\u200b\u548c\u200b\u5185\u6838\u200b\u5934\u6587\u4ef6\u200b\uff1a
apt install -y autoconf automake libtool gcc build-essential libssl-dev\n
\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u5e76\u200b\u5b89\u88c5\u200b\uff1a
apt install -y autoconf automake libtool gcc build-essential libssl-dev\n\ngit clone -b branch-2.17 --depth=1 https://github.com/openvswitch/ovs.git\ncd ovs\ncurl -s https://github.com/kubeovn/ovs/commit/2d2c83c26d4217446918f39d5cd5838e9ac27b32.patch | git apply\n./boot.sh\n./configure --prefix=/usr/ --localstatedir=/var --enable-ssl --with-linux=/lib/modules/$(uname -r)/build\nmake -j `nproc`\nmake install\nmake modules_install\n\ncat > /etc/depmod.d/openvswitch.conf << EOF\noverride openvswitch * extra\noverride vport-* * extra\nEOF\n\ndepmod -a\ncp debian/openvswitch-switch.init /etc/init.d/openvswitch-switch\n/etc/init.d/openvswitch-switch force-reload-kmod\n
\u200b\u82e5\u200b\u4e4b\u524d\u200b\u5df2\u7ecf\u200b\u542f\u52a8\u200b\u8fc7\u200b Kube-OVN\uff0c\u200b\u65e7\u7248\u672c\u200b OVS \u200b\u6a21\u5757\u200b\u5df2\u200b\u52a0\u8f7d\u200b\u81f3\u200b\u5185\u6838\u200b\uff0c\u200b\u5efa\u8bae\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u91cd\u65b0\u200b\u52a0\u8f7d\u200b\u65b0\u7248\u200b\u5185\u6838\u6a21\u5757\u200b\u3002
"},{"location":"advance/performance-tuning/#stt","title":"\u4f7f\u7528\u200b STT \u200b\u7c7b\u578b\u200b\u96a7\u9053","text":"\u200b\u5e38\u89c1\u200b\u7684\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\u4f8b\u5982\u200b Geneve \u200b\u548c\u200b Vxlan \u200b\u4f7f\u7528\u200b UDP \u200b\u534f\u8bae\u200b\u5bf9\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u6709\u200b\u826f\u597d\u200b\u7684\u200b\u652f\u6301\u200b\u3002\u200b\u4f46\u662f\u200b\u5f53\u200b\u4f7f\u7528\u200b UDP \u200b\u5c01\u88c5\u200b TCP \u200b\u6570\u636e\u5305\u200b\u65f6\u200b\uff0c \u200b\u73b0\u4ee3\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u548c\u200b\u7f51\u5361\u200b\u9488\u5bf9\u200b TCP \u200b\u534f\u8bae\u200b\u7684\u200b\u4f18\u5316\u200b\u548c\u200b offload \u200b\u529f\u80fd\u200b\u5c06\u200b\u65e0\u6cd5\u200b\u987a\u5229\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u5bfc\u81f4\u200b TCP \u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u51fa\u73b0\u200b\u663e\u8457\u200b\u4e0b\u964d\u200b\u3002\u200b\u5728\u200b\u865a\u62df\u5316\u200b\u573a\u666f\u200b\u4e0b\u200b\u7531\u4e8e\u200b CPU \u200b\u7684\u200b\u9650\u5236\u200b\uff0c TCP \u200b\u5927\u5305\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u751a\u81f3\u200b\u53ef\u80fd\u200b\u53ea\u6709\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u5341\u5206\u4e4b\u4e00\u200b\u3002
STT \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u79cd\u200b\u521b\u65b0\u200b\u5f0f\u200b\u7684\u200b\u4f7f\u7528\u200b TCP \u200b\u683c\u5f0f\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\u7684\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\uff0c\u200b\u8be5\u200b\u5c01\u88c5\u200b\u53ea\u662f\u200b\u6a21\u62df\u200b\u4e86\u200b TCP \u200b\u534f\u8bae\u200b\u7684\u200b\u5934\u90e8\u200b\u683c\u5f0f\u200b\uff0c\u200b\u5e76\u200b\u6ca1\u6709\u200b\u771f\u6b63\u200b\u5efa\u7acb\u200b TCP \u200b\u8fde\u63a5\u200b\uff0c\u200b\u4f46\u662f\u200b\u53ef\u4ee5\u200b \u200b\u5145\u5206\u5229\u7528\u200b\u73b0\u4ee3\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u548c\u200b\u7f51\u5361\u200b\u7684\u200b TCP \u200b\u4f18\u5316\u200b\u80fd\u529b\u200b\u3002\u200b\u5728\u200b\u6211\u4eec\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u4e2d\u200b TCP \u200b\u5927\u5305\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u80fd\u200b\u6709\u200b\u6570\u500d\u200b\u7684\u200b\u63d0\u5347\u200b\uff0c\u200b\u8fbe\u5230\u200b\u63a5\u8fd1\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\u6c34\u5e73\u200b\u3002
STT \u200b\u96a7\u9053\u200b\u5e76\u200b\u6ca1\u6709\u200b\u9884\u200b\u5b89\u88c5\u200b\u5728\u200b\u5185\u6838\u200b\u5185\u200b\uff0c\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u6765\u200b\u5b89\u88c5\u200b\uff0cOVS \u200b\u5185\u6838\u6a21\u5757\u200b\u7684\u200b\u7f16\u8bd1\u200b\u65b9\u6cd5\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u4e0a\u200b\u4e00\u8282\u200b\u3002
STT \u200b\u96a7\u9053\u200b\u5f00\u542f\u200b\uff1a
kubectl set env daemonset/ovs-ovn -n kube-system TUNNEL_TYPE=stt\n\nkubectl delete pod -n kube-system -lapp=ovs\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/security-group/","title":"SecurityGroup \u200b\u4f7f\u7528","text":"Kube-OVN \u200b\u652f\u6301\u200b\u4e86\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u914d\u7f6e\u200b\u5b89\u5168\u200b\u7ec4\u200b\u4f7f\u7528\u200b\u7684\u200b CRD \u200b\u4e3a\u200b SecurityGroup\u3002
"},{"location":"advance/security-group/#_1","title":"\u5b89\u5168\u200b\u7ec4\u200b\u793a\u4f8b","text":"apiVersion: kubeovn.io/v1\nkind: SecurityGroup\nmetadata:\n name: sg-example\nspec:\n allowSameGroupTraffic: true\n egressRules:\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: all\n remoteAddress: 10.16.0.13 # 10.16.0.0/16 \u200b\u914d\u7f6e\u200b\u7f51\u6bb5\u200b\n remoteType: address\n ingressRules:\n - ipVersion: ipv4\n policy: deny\n priority: 1\n protocol: icmp\n remoteAddress: 10.16.0.14\n remoteType: address\n
\u200b\u5b89\u5168\u200b\u7ec4\u5404\u5b57\u200b\u6bb5\u200b\u7684\u200b\u5177\u4f53\u200b\u542b\u4e49\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u63a5\u53e3\u200b\u89c4\u8303\u200b\u3002
Pod \u200b\u901a\u8fc7\u200b\u6dfb\u52a0\u200b annotation \u200b\u6765\u200b\u7ed1\u5b9a\u200b\u5b89\u5168\u200b\u7ec4\u200b\uff0c\u200b\u4f7f\u7528\u200b\u7684\u200b annotation \u200b\u6709\u200b\u4e24\u4e2a\u200b\uff1a
- port_security: \u200b\u6e90\u5730\u5740\u200b\u6821\u9a8c\u200b\uff0c\u200b\u5982\u679c\u200b\u5f00\u542f\u200b\uff0c\u200b\u53ea\u6709\u200b kube-ovn ipam \u200b\u5206\u914d\u200b\u5230\u200b\u7684\u200b ip \u200b\u6e90\u5730\u5740\u200b\u7684\u200b\u5305\u200b\u53ef\u4ee5\u200b\u4ece\u200b pod \u200b\u7f51\u5361\u200b\u51fa\u53bb\u200b\uff0c\u200b\u5173\u95ed\u200b\u540e\u200b, \u200b\u4efb\u610f\u200b ip \u200b\u90fd\u200b\u53ef\u4ee5\u200b\u3002
- security_groups\uff1a \u200b\u5b89\u5168\u200b\u7ec4\u200b\u5217\u8868\u200b\uff0c\u200b\u5305\u542b\u200b\u4e00\u7cfb\u5217\u200b ACL \u200b\u89c4\u5219\u200b\u3002
\u200b\u8fd9\u200b\u4e24\u4e2a\u200b annotation \u200b\u8d1f\u8d23\u200b\u7684\u200b\u529f\u80fd\u200b\u662f\u200b\u4e92\u76f8\u200b\u72ec\u7acb\u200b\u7684\u200b\u3002
ovn.kubernetes.io/port_security: \"true\"\n ovn.kubernetes.io/security_groups: sg-example\n
"},{"location":"advance/security-group/#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":" -
\u200b\u5b89\u5168\u200b\u7ec4\u200b\u6700\u540e\u200b\u662f\u200b\u901a\u8fc7\u200b\u8bbe\u7f6e\u200b ACL \u200b\u89c4\u5219\u200b\u6765\u200b\u9650\u5236\u200b\u8bbf\u95ee\u200b\u7684\u200b\uff0cOVN \u200b\u6587\u6863\u200b\u4e2d\u200b\u63d0\u5230\u200b\uff0c\u200b\u5982\u679c\u200b\u5339\u914d\u200b\u5230\u200b\u7684\u200b\u4e24\u4e2a\u200b ACL \u200b\u89c4\u5219\u200b\u62e5\u6709\u200b\u76f8\u540c\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u5b9e\u9645\u200b\u8d77\u200b\u4f5c\u7528\u200b\u7684\u200b\u662f\u200b\u54ea\u4e2a\u200b ACL \u200b\u662f\u200b\u4e0d\u200b\u786e\u5b9a\u200b\u7684\u200b\u3002\u200b\u56e0\u6b64\u200b\u8bbe\u7f6e\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u533a\u5206\u200b\u4f18\u5148\u7ea7\u200b\u3002
-
\u200b\u5f53\u200b\u6dfb\u52a0\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u8981\u200b\u6e05\u695a\u200b\u7684\u200b\u77e5\u9053\u200b\u662f\u200b\u5728\u200b\u6dfb\u52a0\u200b\u4ec0\u4e48\u200b\u9650\u5236\u200b\u3002Kube-OVN \u200b\u4f5c\u4e3a\u200b CNI\uff0c\u200b\u521b\u5efa\u200b Pod \u200b\u540e\u200b\u4f1a\u200b\u8fdb\u884c\u200b Pod \u200b\u5230\u200b\u7f51\u5173\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u5982\u679c\u200b\u8bbf\u95ee\u200b\u4e0d\u901a\u200b\u7f51\u5173\u200b\uff0c\u200b\u5c31\u200b\u4f1a\u200b\u5bfc\u81f4\u200b Pod \u200b\u4e00\u76f4\u200b\u5904\u4e8e\u200b ContainerCreating \u200b\u72b6\u6001\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u987a\u5229\u200b\u5207\u6362\u200b\u5230\u200b Running \u200b\u72b6\u6001\u200b\u3002
"},{"location":"advance/security-group/#_3","title":"\u5b9e\u9645\u200b\u6d4b\u8bd5","text":"\u200b\u5229\u7528\u200b\u4ee5\u4e0b\u200b yaml \u200b\u521b\u5efa\u200b Pod\uff0c\u200b\u5728\u200b annotation \u200b\u4e2d\u200b\u6307\u5b9a\u200b\u7ed1\u5b9a\u200b\u793a\u4f8b\u200b\u4e2d\u200b\u7684\u200b\u5b89\u5168\u200b\u7ec4\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n app: static\n annotations:\n ovn.kubernetes.io/port_security: 'true'\n ovn.kubernetes.io/security_groups: 'sg-example'\n name: sg-test-pod\n namespace: default\nspec:\n nodeName: kube-ovn-worker\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
\u200b\u5b9e\u9645\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u663e\u793a\u200b\u5982\u4e0b\u200b\uff1a
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nsg-test-pod 0/1 ContainerCreating 0 5h32m <none> kube-ovn-worker <none> <none>\ntest-99fff7f86-52h9r 1/1 Running 0 5h41m 10.16.0.14 kube-ovn-control-plane <none> <none>\ntest-99fff7f86-qcgjw 1/1 Running 0 5h43m 10.16.0.13 kube-ovn-worker <none> <none>\n
\u200b\u6267\u884c\u200b kubectl describe pod \u200b\u67e5\u770b\u200b Pod \u200b\u7684\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u62a5\u9519\u200b\u63d0\u793a\u200b\uff1a
# kubectl describe pod sg-test-pod\nName: sg-test-pod\nNamespace: default\nPriority: 0\nNode: kube-ovn-worker/172.18.0.2\nStart Time: Tue, 28 Feb 2023 10:29:36 +0800\nLabels: app=static\nAnnotations: ovn.kubernetes.io/allocated: true\n ovn.kubernetes.io/cidr: 10.16.0.0/16\n ovn.kubernetes.io/gateway: 10.16.0.1\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/logical_router: ovn-cluster\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:FA:17:97\n ovn.kubernetes.io/pod_nic_type: veth-pair\n ovn.kubernetes.io/port_security: true\n ovn.kubernetes.io/routed: true\n ovn.kubernetes.io/security_groups: sg-allow-reject\nStatus: Pending\nIP:\nIPs: <none>\n\u00b7\n\u00b7\n\u00b7\nEvents:\n Type Reason Age From Message\n ---- ------ ---- ---- -------\n Warning FailedCreatePodSandBox 5m3s (x70 over 4h59m) kubelet (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox \"40636e0c7f1ade5500fa958486163d74f2e2300051a71522a9afd7ba0538afb6\": plugin type=\"kube-ovn\" failed (add): RPC failed; request ip return 500 configure nic failed 10.16.0.15 network not ready after 200 ping 10.16.0.1\n
\u200b\u4fee\u6539\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u89c4\u5219\u200b\uff0c\u200b\u6dfb\u52a0\u200b\u5230\u200b\u7f51\u5173\u200b\u7684\u200b\u8bbf\u95ee\u200b\u89c4\u5219\u200b\uff0c\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SecurityGroup\nmetadata:\n name: sg-gw-both\nspec:\n allowSameGroupTraffic: true\n egressRules:\n - ipVersion: ipv4\n policy: allow\n priority: 2\n protocol: all\n remoteAddress: 10.16.0.13\n remoteType: address\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: all\n remoteAddress: 10.16.0.1\n remoteType: address\n ingressRules:\n - ipVersion: ipv4\n policy: deny\n priority: 2\n protocol: icmp\n remoteAddress: 10.16.0.14\n remoteType: address\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: icmp\n remoteAddress: 10.16.0.1\n remoteType: address\n
\u200b\u5206\u522b\u200b\u5728\u200b\u5165\u200b\u65b9\u5411\u200b\u548c\u200b\u51fa\u200b\u65b9\u5411\u200b\u89c4\u5219\u200b\u4e2d\u200b\uff0c\u200b\u6dfb\u52a0\u200b\u5141\u8bb8\u200b\u5230\u200b\u7f51\u5173\u200b\u7684\u200b\u8bbf\u95ee\u200b\u89c4\u5219\u200b\uff0c\u200b\u5e76\u4e14\u200b\u8bbe\u7f6e\u200b\u8be5\u200b\u89c4\u5219\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\u6700\u9ad8\u200b\u3002
\u200b\u5229\u7528\u200b\u4ee5\u4e0b\u200b yaml \u200b\u7ed1\u5b9a\u200b\u5b89\u5168\u200b\u7ec4\u200b\uff0c\u200b\u90e8\u7f72\u200b Pod \u200b\u540e\u200b\uff0c\u200b\u786e\u8ba4\u200b Pod \u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u8fd0\u884c\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n app: static\n annotations:\n ovn.kubernetes.io/port_security: 'true'\n ovn.kubernetes.io/security_groups: 'sg-gw-both'\n name: sg-gw-both\n namespace: default\nspec:\n nodeName: kube-ovn-worker\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
\u200b\u90e8\u7f72\u200b\u540e\u200b\u67e5\u770b\u200b Pod \u200b\u4fe1\u606f\u200b\uff1a
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nsg-test-pod 0/1 ContainerCreating 0 5h41m <none> kube-ovn-worker <none> <none>\nsg-gw-both 1/1 Running 0 5h37m 10.16.0.19 kube-ovn-worker <none> <none>\n
\u200b\u56e0\u6b64\u200b\u5bf9\u4e8e\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u8981\u200b\u7279\u522b\u200b\u660e\u786e\u200b\u6dfb\u52a0\u200b\u7684\u200b\u9650\u5236\u200b\u89c4\u5219\u200b\u7684\u200b\u4f5c\u7528\u200b\u3002\u200b\u5982\u679c\u200b\u5355\u7eaf\u200b\u662f\u200b\u9650\u5236\u200b\u6d41\u91cf\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u8003\u8651\u200b\u4f7f\u7528\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u5b9e\u73b0\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vip/","title":"VIP \u200b\u9884\u7559\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\u6211\u4eec\u200b\u5e0c\u671b\u200b\u52a8\u6001\u200b\u7684\u200b\u9884\u7559\u200b\u4e00\u90e8\u5206\u200b IP \u200b\u4f46\u662f\u200b\u5e76\u200b\u4e0d\u200b\u5206\u914d\u200b\u7ed9\u200b Pod \u200b\u800c\u662f\u200b\u5206\u914d\u200b\u7ed9\u200b\u5176\u4ed6\u200b\u7684\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u542f\u7528\u200b\uff0c\u200b\u4f8b\u5982\u200b\uff1a
- Kubernetes \u200b\u5d4c\u5957\u200b Kubernetes \u200b\u7684\u200b\u573a\u666f\u200b\u4e2d\u4e0a\u5c42\u200b Kubernetes \u200b\u4f7f\u7528\u200b Underlay \u200b\u7f51\u7edc\u200b\u4f1a\u200b\u5360\u7528\u200b\u5e95\u5c42\u200b Subnet \u200b\u53ef\u7528\u200b\u5730\u5740\u200b\u3002
- LB \u200b\u6216\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u4e00\u4e2a\u200b Subnet \u200b\u5185\u200b\u7684\u200b IP\uff0c\u200b\u4f46\u200b\u4e0d\u4f1a\u200b\u5355\u72ec\u200b\u8d77\u200b Pod\u3002
"},{"location":"advance/vip/#vip_1","title":"\u521b\u5efa\u200b\u968f\u673a\u200b\u5730\u5740\u200b VIP","text":"\u200b\u5982\u679c\u200b\u53ea\u662f\u200b\u4e3a\u4e86\u200b\u9884\u7559\u200b\u82e5\u5e72\u200b IP \u200b\u800c\u200b\u5bf9\u200b IP \u200b\u5730\u5740\u200b\u672c\u8eab\u200b\u6ca1\u6709\u200b\u8981\u6c42\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b yaml \u200b\u8fdb\u884c\u200b\u521b\u5efa\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: vip-dynamic-01\nspec:\n subnet: ovn-default\n type: \"\"\n
subnet: \u200b\u5c06\u200b\u4ece\u200b\u8be5\u200b Subnet \u200b\u4e2d\u200b\u9884\u7559\u200b IP\u3002type: \u200b\u76ee\u524d\u200b\u652f\u6301\u200b\u4e24\u79cd\u200b\u7c7b\u578b\u200b\uff0c\u200b\u4e3a\u7a7a\u200b\u8868\u793a\u200b\u4ec5\u200b\u7528\u4e8e\u200b ipam ip \u200b\u5360\u4f4d\u200b\uff0cswitch_lb_vip \u200b\u8868\u793a\u200b\u8be5\u200b vip \u200b\u4ec5\u200b\u7528\u4e8e\u200b switch lb \u200b\u524d\u7aef\u200b vip \u200b\u548c\u200b\u540e\u200b\u7aef\u200b ip \u200b\u9700\u200b\u5904\u4e8e\u200b\u540c\u4e00\u200b\u5b50\u7f51\u200b\u3002
\u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\u67e5\u8be2\u200b\u8be5\u200b VIP\uff1a
# kubectl get vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\nvip-dynamic-01 10.16.0.12 00:00:00:F0:DB:25 ovn-default true\n
\u200b\u53ef\u89c1\u200b\u8be5\u200b VIP \u200b\u88ab\u200b\u5206\u914d\u200b\u4e86\u200b 10.16.0.12 \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u53ef\u4ee5\u200b\u4e4b\u540e\u200b\u4f9b\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u4f7f\u7528\u200b\u3002
"},{"location":"advance/vip/#vip_2","title":"\u521b\u5efa\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b VIP","text":"\u200b\u5982\u5bf9\u200b\u9884\u7559\u200b\u7684\u200b VIP \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u6709\u200b\u9700\u6c42\u200b\u53ef\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b yaml \u200b\u8fdb\u884c\u200b\u56fa\u5b9a\u200b\u5206\u914d\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: static-vip01\nspec:\n subnet: ovn-default \n v4ip: \"10.16.0.121\"\n
subnet: \u200b\u5c06\u200b\u4ece\u200b\u8be5\u200b Subnet \u200b\u4e2d\u200b\u9884\u7559\u200b IP\u3002v4ip: \u200b\u56fa\u5b9a\u200b\u5206\u914d\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u9700\u5728\u200b subnet \u200b\u7684\u200b CIDR \u200b\u8303\u56f4\u200b\u5185\u200b\u3002
\u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\u67e5\u8be2\u200b\u8be5\u200b VIP\uff1a
# kubectl get vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\nstatic-vip01 10.16.0.121 00:00:00:F0:DB:26 ovn-default true\n
\u200b\u53ef\u89c1\u200b\u8be5\u200b VIP \u200b\u88ab\u200b\u5206\u914d\u200b\u4e86\u200b\u6240\u200b\u9884\u671f\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
"},{"location":"advance/vip/#pod-vip-ip","title":"Pod \u200b\u4f7f\u7528\u200b VIP \u200b\u6765\u200b\u56fa\u5b9a\u200b IP","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u4ece\u200b v1.12 \u200b\u5f00\u59cb\u200b\u652f\u6301\u200b\u3002
\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b annotation \u200b\u5c06\u200b\u67d0\u4e2a\u200b VIP \u200b\u5206\u914d\u200b\u7ed9\u200b\u4e00\u4e2a\u200b Pod\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: static-ip\n annotations:\n ovn.kubernetes.io/vip: vip-dynamic-01 # \u200b\u6307\u5b9a\u200b vip\n namespace: default\nspec:\n containers:\n - name: static-ip\n image: docker.io/library/nginx:alpine\n
"},{"location":"advance/vip/#statefulset-kubevirt-vm-vip","title":"StatefulSet \u200b\u548c\u200b Kubevirt VM \u200b\u4fdd\u7559\u200b VIP","text":"\u200b\u9488\u5bf9\u200b StatefulSet \u200b\u548c\u200b VM \u200b\u7684\u200b\u7279\u6b8a\u6027\u200b\uff0c\u200b\u5728\u200b\u4ed6\u4eec\u200b\u7684\u200b Pod \u200b\u9500\u6bc1\u200b\u518d\u62c9\u8d77\u200b\u8d77\u540e\u200b\u4f1a\u200b\u91cd\u65b0\u200b\u4f7f\u7528\u200b\u4e4b\u524d\u200b\u8bbe\u7f6e\u200b\u7684\u200b VIP\u3002
VM \u200b\u4fdd\u7559\u200b VIP \u200b\u9700\u8981\u200b\u786e\u4fdd\u200b kube-ovn-controller \u200b\u7684\u200b keep-vm-ip \u200b\u53c2\u6570\u200b\u4e3a\u200b true\u3002\u200b\u8bf7\u200b\u53c2\u8003\u200b Kubevirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u5f00\u542f\u200b\u8bbe\u7f6e\u200b
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vpc-dns/","title":"\u81ea\u5b9a\u4e49\u200b VPC DNS","text":"\u200b\u7531\u4e8e\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u548c\u200b \u200b\u9ed8\u8ba4\u200b VPC \u200b\u7f51\u7edc\u200b\u76f8\u4e92\u200b\u9694\u79bb\u200b\uff0c\u200b\u81ea\u200b\u5b9a\u200b VPC \u200b\u5185\u200b\u65e0\u6cd5\u8bbf\u95ee\u200b\u5230\u200b\u90e8\u7f72\u200b\u5728\u200b\u9ed8\u8ba4\u200b VPC \u200b\u5185\u200b\u7684\u200b coredns\u3002 \u200b\u5982\u679c\u200b\u7528\u6237\u200b\u5e0c\u671b\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u63d0\u4f9b\u200b\u7684\u200b\u96c6\u7fa4\u200b\u5185\u200b\u57df\u540d\u89e3\u6790\u200b\u80fd\u529b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u672c\u200b\u6587\u6863\u200b\uff0c\u200b\u5229\u7528\u200b vpc-dns CRD \u200b\u6765\u200b\u5b9e\u73b0\u200b\u3002
\u200b\u8be5\u200b CRD \u200b\u6700\u7ec8\u200b\u4f1a\u200b\u90e8\u7f72\u200b\u4e00\u4e2a\u200b coredns\uff0c\u200b\u8be5\u200b Pod \u200b\u6709\u200b\u4e24\u4e2a\u200b\u7f51\u5361\u200b\uff0c\u200b\u4e00\u4e2a\u200b\u7f51\u5361\u200b\u5728\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC\uff0c\u200b\u53e6\u200b\u4e00\u4e2a\u200b\u7f51\u5361\u200b\u5728\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4ece\u800c\u200b\u5b9e\u73b0\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\uff0c\u200b\u540c\u65f6\u200b\u901a\u8fc7\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u63d0\u4f9b\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u3002
"},{"location":"advance/vpc-dns/#vpc-dns_1","title":"\u90e8\u7f72\u200b vpc-dns \u200b\u6240\u200b\u4f9d\u8d56\u200b\u7684\u200b\u8d44\u6e90","text":"apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:vpc-dns\nrules:\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - namespaces\n verbs:\n - list\n - watch\n - apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n annotations:\n rbac.authorization.kubernetes.io/autoupdate: \"true\"\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: vpc-dns\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:vpc-dns\nsubjects:\n- kind: ServiceAccount\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-corefile\n namespace: kube-system\ndata:\n Corefile: |\n .:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n forward . /etc/resolv.conf {\n prefer_udp\n }\n cache 30\n loop\n reload\n loadbalance\n }\n
\u200b\u9664\u4e86\u200b\u4ee5\u4e0a\u200b\u8d44\u6e90\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u8fd8\u200b\u4f9d\u8d56\u200b nat-gw-pod \u200b\u955c\u50cf\u200b\u8fdb\u884c\u200b\u8def\u7531\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"advance/vpc-dns/#_1","title":"\u914d\u7f6e\u200b\u9644\u52a0\u200b\u7f51\u5361","text":"apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-nad\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-nad.default.ovn\"\n }'\n
"},{"location":"advance/vpc-dns/#vpc-dns-configmap","title":"\u914d\u7f6e\u200b vpc-dns \u200b\u7684\u200b Configmap","text":"\u200b\u5728\u200b kube-system \u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u4e0b\u200b\u521b\u5efa\u200b configmap\uff0c\u200b\u914d\u7f6e\u200b vpc-dns \u200b\u4f7f\u7528\u200b\u53c2\u6570\u200b\uff0c\u200b\u7528\u4e8e\u200b\u540e\u9762\u200b\u542f\u52a8\u200b vpc-dns \u200b\u529f\u80fd\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-config\n namespace: kube-system\ndata:\n coredns-vip: 10.96.0.3\n enable-vpc-dns: \"true\"\n nad-name: ovn-nad\n nad-provider: ovn-nad.default.ovn\n
enable-vpc-dns\uff1a\u200b\u662f\u5426\u200b\u542f\u7528\u200b\u529f\u80fd\u200b\uff0c\u200b\u9ed8\u8ba4\u200b true\u3002coredns-image\uff1adns \u200b\u90e8\u7f72\u200b\u955c\u50cf\u200b\u3002\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b coredns \u200b\u90e8\u7f72\u200b\u7248\u672c\u200b\u3002coredns-vip\uff1a\u200b\u4e3a\u200b coredns \u200b\u63d0\u4f9b\u200b lb \u200b\u670d\u52a1\u200b\u7684\u200b vip\u3002coredns-template\uff1acoredns \u200b\u90e8\u7f72\u200b\u6a21\u677f\u200b\u6240\u5728\u200b\u7684\u200b URL\u3002\u200b\u9ed8\u8ba4\u200b\u83b7\u53d6\u200b\u5f53\u524d\u200b\u7248\u672c\u200b ovn \u200b\u76ee\u5f55\u200b\u4e0b\u200b coredns-template.yaml \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b https://raw.githubusercontent.com/kubeovn/kube-ovn/\u200b\u5f53\u524d\u200b\u7248\u672c\u200b/yamls/coredns-template.yaml \u3002nad-name\uff1a\u200b\u914d\u7f6e\u200b\u7684\u200b network-attachment-definitions \u200b\u8d44\u6e90\u200b\u540d\u79f0\u200b\u3002nad-provider\uff1a\u200b\u4f7f\u7528\u200b\u7684\u200b provider \u200b\u540d\u79f0\u200b\u3002k8s-service-host\uff1a\u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b ip\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u5185\u200b apiserver \u200b\u5730\u5740\u200b\u3002k8s-service-port\uff1a\u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b port\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u5185\u200b apiserver \u200b\u7aef\u53e3\u200b\u3002
"},{"location":"advance/vpc-dns/#vpc-dns_2","title":"\u90e8\u7f72\u200b vpc-dns","text":"\u200b\u914d\u7f6e\u200b vpc-dns yaml\uff1a
kind: VpcDns\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-cjh1\nspec:\n vpc: cjh-vpc-1\n subnet: cjh-subnet-1\n replicas: 2\n
vpc \uff1a \u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b vpc \u200b\u540d\u79f0\u200b\u3002subnet\uff1a\u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b\u5b50\u200b\u540d\u79f0\u200b\u3002replicas: vpc dns deployment replicas
\u200b\u67e5\u770b\u200b\u90e8\u7f72\u200b\u8d44\u6e90\u200b\u7684\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get vpc-dns\nNAME ACTIVE VPC SUBNET \ntest-cjh1 false cjh-vpc-1 cjh-subnet-1 \ntest-cjh2 true cjh-vpc-1 cjh-subnet-2 \n
ACTIVE : true \u200b\u90e8\u7f72\u200b\u4e86\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b\uff0cfalse \u200b\u65e0\u200b\u90e8\u7f72\u200b\u3002
\u200b\u9650\u5236\u200b\uff1a\u200b\u4e00\u4e2a\u200b VPC \u200b\u4e0b\u200b\u53ea\u4f1a\u200b\u90e8\u7f72\u200b\u4e00\u4e2a\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b;
- \u200b\u5f53\u200b\u4e00\u4e2a\u200b VPC \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u591a\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\uff08\u200b\u5373\u200b\u540c\u4e00\u4e2a\u200b VPC \u200b\u4e0d\u540c\u200b\u7684\u200b subnet\uff09\uff0c\u200b\u53ea\u6709\u200b\u4e00\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\u72b6\u6001\u200b
true\uff0c\u200b\u5176\u4ed6\u200b\u4e3a\u200b fasle; - \u200b\u5f53\u200b
true \u200b\u7684\u200b vpc-dns \u200b\u88ab\u200b\u5220\u9664\u200b\u6389\u200b\uff0c\u200b\u4f1a\u200b\u83b7\u53d6\u200b\u5176\u4ed6\u200b false \u200b\u7684\u200b vpc-dns \u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\u3002
"},{"location":"advance/vpc-dns/#_2","title":"\u9a8c\u8bc1\u200b\u90e8\u7f72\u200b\u7ed3\u679c","text":"\u200b\u67e5\u770b\u200b vpc-dns Pod \u200b\u72b6\u6001\u200b\uff0c\u200b\u4f7f\u7528\u200b label app=vpc-dns\uff0c\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b\u6240\u6709\u200b vpc-dns pod \u200b\u72b6\u6001\u200b\uff1a
# kubectl -n kube-system get pods -l app=vpc-dns\nNAME READY STATUS RESTARTS AGE\nvpc-dns-test-cjh1-7b878d96b4-g5979 1/1 Running 0 28s\nvpc-dns-test-cjh1-7b878d96b4-ltmf9 1/1 Running 0 28s\n
\u200b\u67e5\u770b\u200b slr \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\uff1a
# kubectl -n kube-system get slr\nNAME VIP PORT(S) SERVICE AGE\nvpc-dns-test-cjh1 10.96.0.3 53/UDP,53/TCP,9153/TCP kube-system/slr-vpc-dns-test-cjh1 113s\n
\u200b\u8fdb\u5165\u200b\u8be5\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Pod\uff0c\u200b\u6d4b\u8bd5\u200b dns \u200b\u89e3\u6790\u200b:
nslookup kubernetes.default.svc.cluster.local 10.96.0.3\n
\u200b\u8be5\u200b VPC \u200b\u4e0b\u200b\u7684\u200b switch lb rule \u200b\u6240\u5728\u200b\u7684\u200b\u5b50\u7f51\u200b\u4ee5\u53ca\u200b\u540c\u4e00\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u5176\u4ed6\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b pod \u200b\u90fd\u200b\u53ef\u4ee5\u200b\u89e3\u6790\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vpc-internal-lb/","title":"\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861","text":"Kubernetes \u200b\u63d0\u4f9b\u200b\u7684\u200b Service \u200b\u53ef\u4ee5\u200b\u7528\u4f5c\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\uff0c \u200b\u4f46\u662f\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c \u200b\u4f7f\u7528\u200b Service \u200b\u4f5c\u4e3a\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u5b58\u5728\u200b\u5982\u4e0b\u200b\u51e0\u4e2a\u200b\u95ee\u9898\u200b\uff1a
- Service IP \u200b\u8303\u56f4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u8d44\u6e90\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5171\u4eab\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u91cd\u53e0\u200b\u3002
- \u200b\u7528\u6237\u200b\u65e0\u6cd5\u200b\u6309\u7167\u200b\u81ea\u5df1\u200b\u610f\u613f\u200b\u8bbe\u7f6e\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
\u200b\u4e3a\u4e86\u200b\u89e3\u51b3\u200b\u4e0a\u8ff0\u200b\u95ee\u9898\u200b\uff0cKube-OVN \u200b\u5728\u200b 1.11 \u200b\u5f15\u5165\u200b SwitchLBRule CRD\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u8bbe\u7f6e\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u3002
SwitchLBRule \u200b\u652f\u6301\u200b\u4ee5\u4e0b\u200b\u4e24\u79cd\u200b\u65b9\u5f0f\u200b\u8bbe\u7f6e\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u3002
"},{"location":"advance/vpc-internal-lb/#selector","title":"Selector \u200b\u81ea\u52a8\u200b\u751f\u6210\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b selector \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b label \u200b\u81ea\u52a8\u200b\u5173\u8054\u200b pod \u200b\u914d\u7f6e\u200b\u751f\u6210\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u3002
SwitchLBRule \u200b\u6837\u200b\u4f8b\u5982\u200b\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n selector:\n - app:nginx\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
-
selector, sessionAffinity \u200b\u548c\u200b port \u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u540c\u200b Kubernetes Service\u3002
-
vip\uff1a\u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
-
namespace\uff1aselector \u200b\u6240\u200b\u9009\u62e9\u200b Pod \u200b\u6240\u5728\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u3002
Kube-OVN \u200b\u4f1a\u200b\u6839\u636e\u200b SwitchLBRule \u200b\u5b9a\u4e49\u200b\u9009\u62e9\u200b\u7684\u200b Pod \u200b\u5f97\u51fa\u200b Pod \u200b\u6240\u5728\u200b VPC \u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b L2 LB\u3002
"},{"location":"advance/vpc-internal-lb/#endpoints","title":"Endpoints \u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b endpoints \u200b\u53ef\u4ee5\u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\uff0c\u200b\u7528\u4ee5\u200b\u652f\u6301\u200b\u65e0\u6cd5\u200b\u901a\u8fc7\u200b selector \u200b\u81ea\u52a8\u200b\u751f\u6210\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u7684\u200b\u573a\u666f\u200b\uff0c\u200b\u6bd4\u5982\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u540e\u7aef\u200b\u662f\u200b kubevirt \u200b\u521b\u5efa\u200b\u7684\u200b vm \u3002
SwitchLBRule \u200b\u6837\u200b\u4f8b\u5982\u200b\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n endpoints:\n - 192.168.0.101\n - 192.168.0.102\n - 192.168.0.103\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
-
sessionAffinity \u200b\u548c\u200b port \u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u540c\u200b Kubernetes Service\u3002
-
vip\uff1a\u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
-
namespace\uff1aselector \u200b\u6240\u200b\u9009\u62e9\u200b Pod \u200b\u6240\u5728\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u3002
-
endpoints\uff1a\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u540e\u200b\u7aef\u200b IP \u200b\u5217\u8868\u200b\u3002
\u200b\u6ce8\u200b\uff1a\u200b\u5982\u679c\u200b\u540c\u65f6\u200b\u914d\u7f6e\u200b\u4e86\u200b selector \u200b\u548c\u200b endpoints,\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5ffd\u7565\u200b selector \u200b\u914d\u7f6e\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vpc-peering/","title":"VPC \u200b\u4e92\u8054","text":"VPC \u200b\u4e92\u8054\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u79cd\u200b\u5c06\u200b\u4e24\u4e2a\u200b VPC \u200b\u7f51\u7edc\u200b\u901a\u8fc7\u200b\u903b\u8f91\u200b\u8def\u7531\u200b\u6253\u901a\u200b\u7684\u200b\u673a\u5236\u200b\uff0c\u200b\u4ece\u800c\u200b\u4f7f\u200b\u4e24\u4e2a\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b\u53ef\u4ee5\u200b\u50cf\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u79c1\u6709\u200b\u7f51\u7edc\u200b\u4e00\u6837\u200b\uff0c \u200b\u901a\u8fc7\u200b\u79c1\u6709\u200b\u5730\u5740\u200b\u76f8\u4e92\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u65e0\u9700\u200b\u901a\u8fc7\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u8fdb\u884c\u200b NAT \u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"advance/vpc-peering/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u8be5\u200b\u529f\u80fd\u200b\u53ea\u200b\u9002\u7528\u200b\u4e8e\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC\u3002
- \u200b\u4e3a\u4e86\u200b\u907f\u514d\u200b\u8def\u7531\u200b\u91cd\u53e0\u200b\u4e24\u4e2a\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u80fd\u200b\u91cd\u53e0\u200b\u3002
- \u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b\u4e24\u4e2a\u200b VPC \u200b\u7684\u200b\u4e92\u8054\u200b\uff0c\u200b\u66f4\u200b\u591a\u7ec4\u200b VPC \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4e92\u8054\u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b\u3002
"},{"location":"advance/vpc-peering/#_2","title":"\u4f7f\u7528\u200b\u65b9\u5f0f","text":"\u200b\u9996\u5148\u200b\u521b\u5efa\u200b\u4e24\u4e2a\u200b\u4e0d\u200b\u4e92\u8054\u200b\u7684\u200b VPC\uff0c\u200b\u6bcf\u4e2a\u200b VPC \u200b\u4e0b\u200b\u5404\u6709\u200b\u4e00\u4e2a\u200b Subnet\uff0cSubnet \u200b\u7684\u200b CIDR \u200b\u4e92\u4e0d\u200b\u91cd\u53e0\u200b\u3002
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-1\nspec: {}\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net1\nspec:\n vpc: vpc-1\n cidrBlock: 10.0.0.0/16\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-2\nspec: {}\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: vpc-2\n cidrBlock: 172.31.0.0/16\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b VPC \u200b\u5185\u200b\u5206\u522b\u200b\u589e\u52a0\u200b vpcPeerings \u200b\u548c\u200b\u5bf9\u5e94\u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff1a
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-1\nspec: \n vpcPeerings:\n - remoteVpc: vpc-2\n localConnectIP: 169.254.0.1/30\n staticRoutes:\n - cidr: 172.31.0.0/16\n nextHopIP: 169.254.0.2\n policy: policyDst\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-2\nspec:\n vpcPeerings:\n - remoteVpc: vpc-1\n localConnectIP: 169.254.0.2/30\n staticRoutes:\n - cidr: 10.0.0.0/16\n nextHopIP: 169.254.0.1\n policy: policyDst\n
remoteVpc: \u200b\u4e92\u8054\u200b\u7684\u200b\u53e6\u200b\u4e00\u4e2a\u200b VPC \u200b\u7684\u200b\u540d\u5b57\u200b\u3002localConnectIP: \u200b\u4f5c\u4e3a\u200b\u4e92\u8054\u200b\u7aef\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u548c\u200b CIDR\uff0c\u200b\u6ce8\u610f\u200b\u4e24\u7aef\u200b IP \u200b\u5e94\u200b\u5c5e\u4e8e\u200b\u540c\u4e00\u200b CIDR\uff0c\u200b\u4e14\u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u6709\u200b\u5b50\u7f51\u200b\u51b2\u7a81\u200b\u3002cidr\uff1a\u200b\u53e6\u4e00\u7aef\u200b Subnet \u200b\u7684\u200b CIDR\u3002nextHopIP\uff1a\u200b\u4e92\u8054\u200b VPC \u200b\u53e6\u4e00\u7aef\u200b\u7684\u200b localConnectIP\u3002
\u200b\u5206\u522b\u200b\u5728\u200b\u4e24\u4e2a\u200b Subnet \u200b\u4e0b\u200b\u521b\u5efa\u200b Pod
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net1\n name: vpc-1-pod\nspec:\n containers:\n - name: vpc-1-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net2\n name: vpc-2-pod\nspec:\n containers:\n - name: vpc-2-pod\n image: docker.io/library/nginx:alpine\n
\u200b\u6d4b\u8bd5\u200b\u7f51\u7edc\u200b\u8fde\u901a\u6027\u200b
# kubectl exec -it vpc-1-pod -- ping $(kubectl get pod vpc-2-pod -o jsonpath='{.status.podIP}')\nPING 172.31.0.2 (172.31.0.2): 56 data bytes\n64 bytes from 172.31.0.2: seq=0 ttl=62 time=0.655 ms\n64 bytes from 172.31.0.2: seq=1 ttl=62 time=0.086 ms\n64 bytes from 172.31.0.2: seq=2 ttl=62 time=0.098 ms\n^C\n--- 172.31.0.2 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.086/0.279/0.655 ms\n# kubectl exec -it vpc-2-pod -- ping $(kubectl get pod vpc-1-pod -o jsonpath='{.status.podIP}')\nPING 10.0.0.2 (10.0.0.2): 56 data bytes\n64 bytes from 10.0.0.2: seq=0 ttl=62 time=0.594 ms\n64 bytes from 10.0.0.2: seq=1 ttl=62 time=0.093 ms\n64 bytes from 10.0.0.2: seq=2 ttl=62 time=0.088 ms\n^C\n--- 10.0.0.2 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.088/0.258/0.594 ms\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/windows/","title":"Windows \u200b\u652f\u6301","text":"Kube-OVN \u200b\u652f\u6301\u200b\u5305\u542b\u200b Windows \u200b\u7cfb\u7edf\u200b\u8282\u70b9\u200b\u7684\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5c06\u200b Windows \u200b\u5bb9\u5668\u200b\u7684\u200b\u7f51\u7edc\u200b\u7edf\u4e00\u200b\u63a5\u5165\u200b\u8fdb\u884c\u200b\u7ba1\u7406\u200b\u3002
"},{"location":"advance/windows/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u53c2\u8003\u200b Adding Windows nodes \u200b\u589e\u52a0\u200b Windows \u200b\u8282\u70b9\u200b\u3002
- Windows \u200b\u8282\u70b9\u200b\u5fc5\u987b\u200b\u5b89\u88c5\u200b KB4489899 \u200b\u8865\u4e01\u200b\u4ee5\u200b\u4f7f\u200b Overlay/VXLAN \u200b\u7f51\u7edc\u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u5efa\u8bae\u200b\u66f4\u65b0\u200b\u7cfb\u7edf\u200b\u81f3\u200b\u6700\u65b0\u200b\u7248\u672c\u200b\u3002
- Windows \u200b\u8282\u70b9\u200b\u5fc5\u987b\u200b\u5b89\u88c5\u200b Hyper-V \u200b\u53ca\u200b\u7ba1\u7406\u5de5\u5177\u200b\u3002
- \u200b\u7531\u4e8e\u200b Windows \u200b\u9650\u5236\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u53ea\u80fd\u200b\u4f7f\u7528\u200b Vxlan \u200b\u6a21\u5f0f\u200b\u3002
- \u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b SSL\uff0cIPv6\uff0c\u200b\u53cc\u6808\u200b\uff0cQoS \u200b\u529f\u80fd\u200b\u3002
- \u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b\u52a8\u6001\u200b\u5b50\u7f51\u200b\uff0c\u200b\u52a8\u6001\u200b\u96a7\u9053\u200b\u63a5\u53e3\u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u5728\u200b\u5b89\u88c5\u200b Windows \u200b\u8282\u70b9\u200b\u524d\u200b\u5b8c\u6210\u200b\u5b50\u7f51\u200b\u521b\u5efa\u200b\uff0c\u200b\u5e76\u200b\u56fa\u5b9a\u200b\u7f51\u7edc\u63a5\u53e3\u200b\u3002
- \u200b\u4e0d\u200b\u652f\u6301\u200b\u591a\u4e2a\u200b
ProviderNetwork\uff0c\u200b\u4e14\u200b\u65e0\u6cd5\u200b\u52a8\u6001\u200b\u8c03\u6574\u200b\u6865\u63a5\u200b\u63a5\u53e3\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"advance/windows/#ovs","title":"\u5b89\u88c5\u200b OVS","text":"\u200b\u7531\u4e8e\u200b\u4e0a\u6e38\u200b OVN \u200b\u548c\u200b OVS \u200b\u5bf9\u200b Windows \u200b\u5bb9\u5668\u200b\u652f\u6301\u200b\u5b58\u5728\u200b\u4e00\u4e9b\u200b\u95ee\u9898\u200b\uff0c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u63d0\u4f9b\u200b\u7684\u200b\u7ecf\u8fc7\u200b\u4fee\u6539\u200b\u7684\u200b\u5b89\u88c5\u5305\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\u3002
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\u6253\u5f00\u200b Windows \u200b\u8282\u70b9\u200b\u7684\u200b TESTSIGNING \u200b\u542f\u52a8\u9879\u200b\uff0c\u200b\u6267\u884c\u200b\u6210\u529f\u200b\u540e\u200b\u9700\u8981\u200b\u91cd\u542f\u200b\u7cfb\u7edf\u200b\u751f\u6548\u200b\uff1a
bcdedit /set LOADOPTIONS DISABLE_INTEGRITY_CHECKS\nbcdedit /set TESTSIGNING ON\nbcdedit /set nointegritychecks ON\n
\u200b\u5728\u200b Windows \u200b\u8282\u70b9\u200b\u4e0b\u8f7d\u200b Windows \u200b\u5b89\u88c5\u5305\u200b\u5e76\u200b\u89e3\u538b\u200b\u5b89\u88c5\u200b\u3002
\u200b\u5b89\u88c5\u200b\u5b8c\u6210\u200b\u540e\u200b\u786e\u8ba4\u200b\u670d\u52a1\u200b\u6b63\u5e38\u200b\u8fd0\u884c\u200b\uff1a
PS > Get-Service | findstr ovs\nRunning ovsdb-server Open vSwitch DB Service\nRunning ovs-vswitchd Open vSwitch Service\n
"},{"location":"advance/windows/#kube-ovn","title":"\u5b89\u88c5\u200b Kube-OVN","text":"\u200b\u5728\u200b Windows \u200b\u8282\u70b9\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b install.ps1\u3002
\u200b\u8865\u5145\u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\u5e76\u200b\u6267\u884c\u200b\uff1a
.\\install.ps1 -KubeConfig C:\\k\\admin.conf -ApiServer https://192.168.140.180:6443 -ServiceCIDR 10.96.0.0/12\n
\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b, Kube-OVN \u200b\u4f7f\u7528\u200b\u8282\u70b9\u200b IP \u200b\u6240\u5728\u200b\u7684\u200b\u7f51\u5361\u200b\u4f5c\u4e3a\u200b\u96a7\u9053\u200b\u63a5\u53e3\u200b\u3002 \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u5176\u5b83\u200b\u7f51\u5361\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u524d\u200b\u7ed9\u200b\u8282\u70b9\u200b\u6dfb\u52a0\u200b\u6307\u5b9a\u200b\u7684\u200b Annotation\uff0c\u200b\u5982\u200b ovn.kubernetes.io/tunnel_interface=Ethernet1\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-bgp/","title":"BGP \u200b\u652f\u6301","text":"Kube-OVN \u200b\u652f\u6301\u200b\u5c06\u200b Pod \u200b\u6216\u200b Subnet \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u901a\u8fc7\u200b BGP \u200b\u534f\u8bae\u200b\u5411\u200b\u5916\u90e8\u200b\u8fdb\u884c\u200b\u8def\u7531\u200b\u5e7f\u64ad\u200b\uff0c\u200b\u4ece\u800c\u200b\u4f7f\u5f97\u200b Pod IP \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\u3002 \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u8be5\u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u5b89\u88c5\u200b kube-ovn-speaker \u200b\u5e76\u200b\u5bf9\u200b\u9700\u8981\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\u7684\u200b Pod \u200b\u6216\u200b Subnet \u200b\u589e\u52a0\u200b\u5bf9\u5e94\u200b\u7684\u200b annotation\u3002
"},{"location":"advance/with-bgp/#kube-ovn-speaker","title":"\u5b89\u88c5\u200b kube-ovn-speaker","text":"kube-ovn-speaker \u200b\u5185\u200b\u4f7f\u7528\u200b GoBGP \u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u8bbf\u95ee\u200b\u66b4\u9732\u200b\u5730\u5740\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u8def\u7531\u200b\u6307\u5411\u200b\u81ea\u8eab\u200b\u3002
\u200b\u7531\u4e8e\u200b\u90e8\u7f72\u200b kube-ovn-speaker \u200b\u7684\u200b\u8282\u70b9\u200b\u9700\u8981\u200b\u627f\u62c5\u200b\u56de\u7a0b\u200b\u6d41\u91cf\u200b\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u9009\u62e9\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
kubectl label nodes speaker-node-1 ovn.kubernetes.io/bgp=true\nkubectl label nodes speaker-node-2 ovn.kubernetes.io/bgp=true\n
\u200b\u5f53\u200b\u5b58\u5728\u200b\u591a\u4e2a\u200b kube-ovn-speaker \u200b\u5b9e\u4f8b\u200b\u65f6\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u5b9e\u4f8b\u200b\u90fd\u200b\u4f1a\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\uff0c\u200b\u4e0a\u6e38\u200b\u8def\u7531\u5668\u200b\u9700\u8981\u200b\u652f\u6301\u200b\u591a\u8def\u5f84\u200b ECMP\u3002
\u200b\u4e0b\u8f7d\u200b\u5bf9\u5e94\u200b yaml:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/yamls/speaker.yaml\n
\u200b\u4fee\u6539\u200b yaml \u200b\u5185\u200b\u76f8\u5e94\u200b\u914d\u7f6e\u200b\uff1a
--neighbor-address=10.32.32.1\n--neighbor-as=65030\n--cluster-as=65000\n
neighbor-address: BGP Peer \u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u901a\u5e38\u200b\u4e3a\u200b\u8def\u7531\u5668\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\u3002neighbor-as: BGP Peer \u200b\u7684\u200b AS \u200b\u53f7\u200b\u3002cluster-as: \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b AS \u200b\u53f7\u200b\u3002
\u200b\u90e8\u7f72\u200b yaml:
kubectl apply -f speaker.yaml\n
"},{"location":"advance/with-bgp/#podsubnet","title":"\u53d1\u5e03\u200b Pod/Subnet \u200b\u8def\u7531","text":"\u200b\u5982\u9700\u200b\u4f7f\u7528\u200b BGP \u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\uff0c\u200b\u9996\u5148\u200b\u9700\u8981\u200b\u5c06\u200b\u5bf9\u5e94\u200b Subnet \u200b\u7684\u200b natOutgoing \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\uff0c\u200b\u4f7f\u5f97\u200b Pod IP \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\u3002
\u200b\u589e\u52a0\u200b annotation \u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\uff1a
kubectl annotate pod sample ovn.kubernetes.io/bgp=true\nkubectl annotate subnet ovn-default ovn.kubernetes.io/bgp=true\n
\u200b\u5220\u9664\u200b annotation \u200b\u53d6\u6d88\u200b\u53d1\u5e03\u200b\uff1a
kubectl annotate pod perf-ovn-xzvd4 ovn.kubernetes.io/bgp-\nkubectl annotate subnet ovn-default ovn.kubernetes.io/bgp-\n
"},{"location":"advance/with-bgp/#bgp_1","title":"BGP \u200b\u9ad8\u7ea7\u200b\u9009\u9879","text":"kube-ovn-speaker \u200b\u652f\u6301\u200b\u66f4\u200b\u591a\u200b BGP \u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u9ad8\u7ea7\u200b\u914d\u7f6e\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u200b\u6839\u636e\u200b\u81ea\u5df1\u200b\u7f51\u7edc\u200b\u73af\u5883\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
announce-cluster-ip: \u200b\u662f\u5426\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b Service \u200b\u8def\u7531\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b false\u3002auth-password: BGP peer \u200b\u7684\u200b\u8bbf\u95ee\u200b\u5bc6\u7801\u200b\u3002holdtime: BGP \u200b\u90bb\u5c45\u200b\u95f4\u200b\u7684\u200b\u5fc3\u8df3\u200b\u63a2\u6d4b\u200b\u65f6\u95f4\u200b\uff0c\u200b\u8d85\u8fc7\u200b\u6539\u200b\u65f6\u95f4\u200b\u6ca1\u6709\u200b\u6d88\u606f\u200b\u7684\u200b\u90bb\u5c45\u200b\u5c06\u4f1a\u200b\u88ab\u200b\u79fb\u9664\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 90 \u200b\u79d2\u200b\u3002graceful-restart: \u200b\u662f\u5426\u200b\u542f\u7528\u200b BGP Graceful Restart\u3002graceful-restart-time: BGP Graceful restart time \u200b\u53ef\u200b\u53c2\u8003\u200b RFC4724 3\u3002graceful-restart-deferral-time: BGP Graceful restart deferral time \u200b\u53ef\u200b\u53c2\u8003\u200b RFC4724 4.1\u3002passivemode: Speaker \u200b\u8fd0\u884c\u200b\u5728\u200b passive \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u4e0d\u200b\u4e3b\u52a8\u200b\u8fde\u63a5\u200b peer\u3002ebgp-multihop: ebgp ttl \u200b\u9ed8\u8ba4\u503c\u200b\u4e3a\u200b 1\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-cilium/","title":"Cilium \u200b\u96c6\u6210","text":"Cilium \u200b\u662f\u200b\u4e00\u6b3e\u200b\u57fa\u4e8e\u200b eBPF \u200b\u7684\u200b\u7f51\u7edc\u200b\u548c\u200b\u5b89\u5168\u200b\u7ec4\u4ef6\u200b\uff0cKube-OVN \u200b\u5229\u7528\u200b\u5176\u4e2d\u200b\u7684\u200b CNI Chaining \u200b\u6a21\u5f0f\u200b\u6765\u200b\u5bf9\u200b\u5df2\u6709\u200b\u529f\u80fd\u200b\u8fdb\u884c\u200b\u589e\u5f3a\u200b\u3002 \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u4e30\u5bcc\u200b\u7684\u200b\u7f51\u7edc\u200b\u62bd\u8c61\u200b\u80fd\u529b\u200b\u548c\u200b eBPF \u200b\u5e26\u6765\u200b\u7684\u200b\u76d1\u63a7\u200b\u548c\u200b\u5b89\u5168\u200b\u80fd\u529b\u200b\u3002
\u200b\u901a\u8fc7\u200b\u96c6\u6210\u200b Cilium\uff0cKube-OVN \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u83b7\u5f97\u200b\u5982\u4e0b\u200b\u589e\u76ca\u200b\uff1a
- \u200b\u66f4\u200b\u4e30\u5bcc\u200b\u9ad8\u6548\u200b\u7684\u200b\u5b89\u5168\u7b56\u7565\u200b\u3002
- \u200b\u57fa\u4e8e\u200b Hubble \u200b\u7684\u200b\u76d1\u63a7\u200b\u89c6\u56fe\u200b\u3002
"},{"location":"advance/with-cilium/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - Linux \u200b\u5185\u6838\u200b\u7248\u672c\u200b\u9ad8\u4e8e\u200b 4.19 \u200b\u6216\u200b\u5176\u4ed6\u200b\u517c\u5bb9\u200b\u5185\u6838\u200b\u4ee5\u200b\u83b7\u5f97\u200b\u5b8c\u6574\u200b eBPF \u200b\u80fd\u529b\u200b\u652f\u6301\u200b\u3002
- \u200b\u63d0\u524d\u200b\u90e8\u7f72\u200b Helm \u200b\u4e3a\u200b\u5b89\u88c5\u200b Cilium \u200b\u505a\u200b\u51c6\u5907\u200b\uff0c\u200b\u90e8\u7f72\u200b Helm \u200b\u8bf7\u200b\u53c2\u8003\u200b Installing Helm\u3002
"},{"location":"advance/with-cilium/#kube-ovn","title":"\u914d\u7f6e\u200b Kube-OVN","text":"\u200b\u4e3a\u4e86\u200b\u5145\u5206\u200b\u4f7f\u7528\u200b Cilium \u200b\u7684\u200b\u5b89\u5168\u200b\u80fd\u529b\u200b\uff0c\u200b\u9700\u8981\u200b\u5173\u95ed\u200b Kube-OVN \u200b\u5185\u200b\u7684\u200b networkpolicy \u200b\u529f\u80fd\u200b\uff0c\u200b\u5e76\u200b\u8c03\u6574\u200b CNI \u200b\u914d\u7f6e\u200b\u4f18\u5148\u7ea7\u200b\u3002
\u200b\u5728\u200b install.sh \u200b\u811a\u672c\u200b\u91cc\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53d8\u91cf\u200b\uff1a
ENABLE_NP=false\nCNI_CONFIG_PRIORITY=10\n
\u200b\u82e5\u200b\u5df2\u200b\u90e8\u7f72\u200b\u5b8c\u6210\u200b\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b networkpolicy\uff1a
args:\n- --enable-np=false\n
\u200b\u4fee\u6539\u200b kube-ovn-cni \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u8c03\u6574\u200b CNI \u200b\u914d\u7f6e\u200b\u4f18\u5148\u7ea7\u200b\uff1a
args:\n- --cni-conf-name=10-kube-ovn.conflist\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u8c03\u6574\u200b Kube-OVN \u200b\u914d\u7f6e\u6587\u4ef6\u200b\u540d\u79f0\u200b\uff0c\u200b\u4ee5\u4fbf\u200b\u4f18\u5148\u200b\u4f7f\u7528\u200b Cilium \u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff1a
mv /etc/cni/net.d/01-kube-ovn.conflist /etc/cni/net.d/10-kube-ovn.conflist\n
"},{"location":"advance/with-cilium/#cilium_1","title":"\u90e8\u7f72\u200b Cilium","text":"\u200b\u521b\u5efa\u200b chaining.yaml \u200b\u914d\u7f6e\u6587\u4ef6\u200b\uff0c\u200b\u4f7f\u7528\u200b Cilium \u200b\u7684\u200b generic-veth \u200b\u6a21\u5f0f\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: cni-configuration\n namespace: kube-system\ndata:\n cni-config: |-\n {\n \"name\": \"generic-veth\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n },\n {\n \"type\": \"cilium-cni\"\n }\n ]\n }\n
\u200b\u5b89\u88c5\u200b\u914d\u7f6e\u6587\u4ef6\u200b\uff1a
kubectl apply -f chaining.yaml\n
\u200b\u4f7f\u7528\u200b Helm \u200b\u90e8\u7f72\u200b Cilium\uff1a
helm repo add cilium https://helm.cilium.io/\nhelm install cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --set cni.chainingMode=generic-veth \\\n --set cni.customConf=true \\\n --set cni.configMap=cni-configuration \\\n --set tunnel=disabled \\\n --set enableIPv4Masquerade=false \\\n --set enableIdentityMark=false \n
\u200b\u786e\u8ba4\u200b Cilium \u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\uff1a
# cilium status\n /\u00af\u00af\\\n /\u00af\u00af\\__/\u00af\u00af\\ Cilium: OK\n \\__/\u00af\u00af\\__/ Operator: OK\n /\u00af\u00af\\__/\u00af\u00af\\ Hubble: disabled\n \\__/\u00af\u00af\\__/ ClusterMesh: disabled\n \\__/\n\nDaemonSet cilium Desired: 2, Ready: 2/2, Available: 2/2\nDeployment cilium-operator Desired: 2, Ready: 2/2, Available: 2/2\nContainers: cilium Running: 2\n cilium-operator Running: 2\nCluster Pods: 8/11 managed by Cilium\nImage versions cilium quay.io/cilium/cilium:v1.10.5@sha256:0612218e28288db360c63677c09fafa2d17edda4f13867bcabf87056046b33bb: 2\n cilium-operator quay.io/cilium/operator-generic:v1.10.5@sha256:2d2f730f219d489ff0702923bf24c0002cd93eb4b47ba344375566202f56d972: 2\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-openstack/","title":"OpenStack \u200b\u96c6\u6210","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7528\u6237\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b OpenStack \u200b\u8fd0\u884c\u200b\u865a\u62df\u673a\u200b\uff0c\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u8fd0\u884c\u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u9700\u8981\u200b\u5bb9\u5668\u200b\u548c\u200b\u865a\u673a\u200b\u4e4b\u95f4\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u5e76\u200b\u5904\u4e8e\u200b\u7edf\u4e00\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u4e0b\u200b\u3002\u200b\u5982\u679c\u200b OpenStack Neutron \u200b\u4fa7\u200b\u540c\u6837\u200b\u4f7f\u7528\u200b OVN \u200b\u4f5c\u4e3a\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\u63a7\u5236\u200b\uff0c\u200b\u90a3\u4e48\u200b Kube-OVN \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u548c\u200b\u5171\u4eab\u200b\u5e95\u5c42\u200b OVN \u200b\u4e24\u79cd\u200b\u65b9\u5f0f\u200b\u6253\u901a\u200b OpenStack \u200b\u548c\u200b Kubernetes \u200b\u7684\u200b\u7f51\u7edc\u200b\u3002
"},{"location":"advance/with-openstack/#_1","title":"\u96c6\u7fa4\u200b\u4e92\u8054","text":"\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u548c\u200b\u4f7f\u7528\u200b OVN-IC \u200b\u8fdb\u884c\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u6253\u901a\u200b\u4e24\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u65b9\u5f0f\u200b\u7c7b\u4f3c\u200b\uff0c\u200b\u53ea\u4e0d\u8fc7\u200b\u5c06\u200b\u96c6\u7fa4\u200b\u4e24\u7aef\u200b\u6362\u6210\u200b OpenStack \u200b\u548c\u200b Kubernetes\u3002
"},{"location":"advance/with-openstack/#_2","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u81ea\u52a8\u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b\u4e0b\u200b OpenStack \u200b\u548c\u200b Kubernetes \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u80fd\u200b\u76f8\u4e92\u200b\u91cd\u53e0\u200b\u3002
- \u200b\u9700\u8981\u200b\u5b58\u5728\u200b\u4e00\u7ec4\u200b\u673a\u5668\u200b\u53ef\u4ee5\u200b\u88ab\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u901a\u8fc7\u200b\u7f51\u7edc\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u7528\u6765\u200b\u90e8\u7f72\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u7684\u200b\u63a7\u5236\u5668\u200b\u3002
- \u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u9700\u8981\u200b\u6709\u200b\u4e00\u7ec4\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b IP \u200b\u8fdb\u884c\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8bbf\u200b\u7684\u200b\u673a\u5668\u200b\u4f5c\u4e3a\u200b\u4e4b\u540e\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u3002
- \u200b\u8be5\u200b\u65b9\u6848\u200b\u53ea\u200b\u6253\u901a\u200b Kubernetes \u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u548c\u200b OpenStack \u200b\u7684\u200b\u9009\u5b9a\u200b VPC\u3002
"},{"location":"advance/with-openstack/#ovn-ic","title":"\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93","text":"\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u542f\u52a8\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh\n
"},{"location":"advance/with-openstack/#kubernetes","title":"Kubernetes \u200b\u4fa7\u200b\u64cd\u4f5c","text":"\u200b\u5728\u200b kube-system Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b ovn-ic-config ConfigMap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
enable-ic: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u3002az-name: \u200b\u533a\u5206\u200b\u4e0d\u540c\u200b\u96c6\u7fa4\u200b\u7684\u200b\u96c6\u7fa4\u200b\u540d\u79f0\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4e92\u8054\u200b\u96c6\u7fa4\u200b\u9700\u200b\u4e0d\u540c\u200b\u3002ic-db-host: \u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002ic-nb-port: OVN-IC \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6645\u3002ic-sb-port: OVN-IC \u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6646\u3002gw-nodes: \u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u4e2d\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u5de5\u4f5c\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u200b\uff0c\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u3002auto-route: \u200b\u662f\u5426\u200b\u81ea\u52a8\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u548c\u200b\u5b66\u4e60\u200b\u8def\u7531\u200b\u3002
"},{"location":"advance/with-openstack/#openstack_1","title":"OpenStack \u200b\u4fa7\u200b\u64cd\u4f5c","text":"\u200b\u521b\u5efa\u200b\u548c\u200b Kubernetes \u200b\u4e92\u8054\u200b\u7684\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff1a
# openstack router create router0\n# openstack router list\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| ID | Name | Status | State | Project |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| d5b38655-249a-4192-8046-71aa4d2b4af1 | router0 | ACTIVE | UP | 98a29ab7388347e7b5ff8bdd181ba4f9 |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n
\u200b\u5728\u200b OpenStack \u200b\u5185\u200b\u7684\u200b OVN \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b\u53ef\u7528\u200b\u533a\u200b\u540d\u5b57\u200b\uff0c\u200b\u8be5\u200b\u540d\u79f0\u200b\u9700\u200b\u548c\u200b\u5176\u4ed6\u200b\u4e92\u8054\u200b\u96c6\u7fa4\u200b\u4e0d\u540c\u200b\uff1a
ovn-nbctl set NB_Global . name=op-az\n
\u200b\u5728\u200b\u53ef\u200b\u8bbf\u95ee\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u8282\u70b9\u200b\u542f\u52a8\u200b OVN-IC \u200b\u63a7\u5236\u5668\u200b\uff1a
/usr/share/ovn/scripts/ovn-ctl --ovn-ic-nb-db=tcp:192.168.65.3:6645 \\\n --ovn-ic-sb-db=tcp:192.168.65.3:6646 \\\n --ovn-northd-nb-db=unix:/run/ovn/ovnnb_db.sock \\\n --ovn-northd-sb-db=unix:/run/ovn/ovnsb_db.sock \\\n start_ic\n
ovn-ic-nb-db\uff0covn-ic-sb-db: OVN-IC \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u548c\u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u5730\u5740\u200b\u3002ovn-northd-nb-db\uff0c ovn-northd-sb-db: \u200b\u5f53\u524d\u200b\u96c6\u7fa4\u200b OVN \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u548c\u200b\u5357\u5411\u200b\u6570\u636e\u200b\u5730\u5740\u200b\u3002
\u200b\u914d\u7f6e\u200b\u4e92\u8054\u7f51\u200b\u5173\u8282\u70b9\u200b\uff1a
ovs-vsctl set open_vswitch . external_ids:ovn-is-interconn=true\n
\u200b\u63a5\u4e0b\u6765\u200b\u9700\u8981\u200b\u5728\u200b OpenStack \u200b\u7684\u200b OVN \u200b\u5185\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u521b\u5efa\u200b\u903b\u8f91\u200b\u62d3\u6251\u200b\u3002
\u200b\u8fde\u63a5\u200b ts \u200b\u4e92\u8054\u200b\u4ea4\u6362\u673a\u200b\u548c\u200b router0 \u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff0c\u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u76f8\u5173\u200b\u89c4\u5219\u200b\uff1a
ovn-nbctl lrp-add router0 lrp-router0-ts 00:02:ef:11:39:4f 169.254.100.73/24\novn-nbctl lsp-add ts lsp-ts-router0 -- lsp-set-addresses lsp-ts-router0 router \\\n -- lsp-set-type lsp-ts-router0 router \\\n -- lsp-set-options lsp-ts-router0 router-port=lrp-router0-ts\novn-nbctl lrp-set-gateway-chassis lrp-router0-ts {gateway chassis} 1000\novn-nbctl set NB_Global . options:ic-route-adv=true options:ic-route-learn=true\n
\u200b\u9a8c\u8bc1\u200b\u5df2\u200b\u5b66\u4e60\u200b\u5230\u200b Kubernetes \u200b\u8def\u7531\u200b\u89c4\u5219\u200b\uff1a
# ovn-nbctl lr-route-list router0\nIPv4 Routes\n 10.0.0.22 169.254.100.34 dst-ip (learned)\n 10.16.0.0/16 169.254.100.34 dst-ip (learned)\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5728\u200b router0 \u200b\u7f51\u7edc\u200b\u4e0b\u200b\u521b\u5efa\u200b\u865a\u673a\u200b\u9a8c\u8bc1\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u548c\u200b Kubernetes \u200b\u4e0b\u200b Pod \u200b\u4e92\u901a\u200b\u3002
"},{"location":"advance/with-openstack/#ovn","title":"\u5171\u4eab\u200b\u5e95\u5c42\u200b OVN","text":"\u200b\u5728\u200b\u8be5\u200b\u65b9\u6848\u200b\u4e0b\u200b\uff0cOpenStack \u200b\u548c\u200b Kubernetes \u200b\u5171\u4eab\u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b OVN\uff0c\u200b\u56e0\u6b64\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u4e24\u8005\u200b\u7684\u200b VPC \u200b\u548c\u200b Subnet \u200b\u7b49\u200b\u6982\u5ff5\u200b\u62c9\u9f50\u200b\uff0c\u200b\u5b9e\u73b0\u200b\u66f4\u597d\u200b\u7684\u200b\u63a7\u5236\u200b\u548c\u200b\u4e92\u8054\u200b\u3002
\u200b\u5728\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u6211\u4eec\u200b\u6b63\u5e38\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u90e8\u7f72\u200b OVN\uff0cOpenStack \u200b\u4fee\u6539\u200b Neutron \u200b\u914d\u7f6e\u200b\u5b9e\u73b0\u200b\u8fde\u63a5\u200b\u540c\u4e00\u4e2a\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u3002OpenStack \u200b\u9700\u200b\u4f7f\u7528\u200b networking-ovn \u200b\u4f5c\u4e3a\u200b Neutron \u200b\u540e\u200b\u7aef\u200b\u5b9e\u73b0\u200b\u3002
"},{"location":"advance/with-openstack/#neutron","title":"Neutron \u200b\u914d\u7f6e\u200b\u4fee\u6539","text":"\u200b\u4fee\u6539\u200b Neutron \u200b\u914d\u7f6e\u6587\u4ef6\u200b /etc/neutron/plugins/ml2/ml2_conf.ini\uff1a
[ovn]\n...\novn_nb_connection = tcp:[192.168.137.176]:6641,tcp:[192.168.137.177]:6641,tcp:[192.168.137.178]:6641\novn_sb_connection = tcp:[192.168.137.176]:6642,tcp:[192.168.137.177]:6642,tcp:[192.168.137.178]:6642\novn_l3_scheduler = OVN_L3_SCHEDULER\n
ovn_nb_connection\uff0c ovn_sb_connection: \u200b\u5730\u5740\u200b\u9700\u200b\u4fee\u6539\u200b\u4e3a\u200b Kube-OVN \u200b\u90e8\u7f72\u200b ovn-central \u200b\u8282\u70b9\u200b\u7684\u200b\u5730\u5740\u200b\u3002
\u200b\u4fee\u6539\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b OVS \u200b\u914d\u7f6e\u200b\uff1a
ovs-vsctl set open . external-ids:ovn-remote=tcp:[192.168.137.176]:6642,tcp:[192.168.137.177]:6642,tcp:[192.168.137.178]:6642\novs-vsctl set open . external-ids:ovn-encap-type=geneve\novs-vsctl set open . external-ids:ovn-encap-ip=192.168.137.200\n
external-ids:ovn-remote: \u200b\u5730\u5740\u200b\u9700\u200b\u4fee\u6539\u200b\u4e3a\u200b Kube-OVN \u200b\u90e8\u7f72\u200b ovn-central \u200b\u8282\u70b9\u200b\u7684\u200b\u5730\u5740\u200b\u3002ovn-encap-ip: \u200b\u4fee\u6539\u200b\u4e3a\u200b\u5f53\u524d\u200b\u8282\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
"},{"location":"advance/with-openstack/#kubernetes-openstack","title":"\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u4f7f\u7528\u200b OpenStack \u200b\u5185\u200b\u8d44\u6e90","text":"\u200b\u63a5\u4e0b\u6765\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u67e5\u8be2\u200b OpenStack \u200b\u7684\u200b\u7f51\u7edc\u8d44\u6e90\u200b\u5e76\u200b\u5728\u200b OpenStack \u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u521b\u5efa\u200b Pod\u3002
\u200b\u67e5\u8be2\u200b OpenStack \u200b\u4e2d\u200b\u5df2\u6709\u200b\u7684\u200b\u7f51\u7edc\u8d44\u6e90\u200b\uff0c\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\u5df2\u7ecf\u200b\u9884\u5148\u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\uff1a
# openstack router list\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| ID | Name | Status | State | Project |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| 22040ed5-0598-4f77-bffd-e7fd4db47e93 | router0 | ACTIVE | UP | 62381a21d569404aa236a5dd8712449c |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n# openstack network list\n+--------------------------------------+----------+--------------------------------------+\n| ID | Name | Subnets |\n+--------------------------------------+----------+--------------------------------------+\n| cd59e36a-37db-4c27-b709-d35379a7920f | provider | 01d73d9f-fdaa-426c-9b60-aa34abbfacae |\n+--------------------------------------+----------+--------------------------------------+\n# openstack subnet list\n+--------------------------------------+-------------+--------------------------------------+----------------+\n| ID | Name | Network | Subnet |\n+--------------------------------------+-------------+--------------------------------------+----------------+\n| 01d73d9f-fdaa-426c-9b60-aa34abbfacae | provider-v4 | cd59e36a-37db-4c27-b709-d35379a7920f | 192.168.1.0/24 |\n+--------------------------------------+-------------+--------------------------------------+----------------+\n# openstack server list\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n| ID | Name | Status | Networks | Image | Flavor |\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n| 8433d622-a8d6-41a7-8b31-49abfd64f639 | provider-instance | ACTIVE | provider=192.168.1.61 | ubuntu | m1 |\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n
\u200b\u5728\u200b Kubernetes \u200b\u4fa7\u200b\uff0c\u200b\u67e5\u8be2\u200b VPC \u200b\u8d44\u6e90\u200b\uff1a
# kubectl get vpc\nNAME STANDBY SUBNETS\nneutron-22040ed5-0598-4f77-bffd-e7fd4db47e93 true [\"neutron-cd59e36a-37db-4c27-b709-d35379a7920f\"]\novn-cluster true [\"join\",\"ovn-default\"]\n
neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93 \u200b\u4e3a\u200b\u4ece\u200b OpenStack \u200b\u540c\u6b65\u200b\u8fc7\u6765\u200b\u7684\u200b VPC \u200b\u8d44\u6e90\u200b\u3002
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b Kube-OVN \u200b\u539f\u751f\u200b\u7684\u200b VPC \u200b\u548c\u200b Subnet \u200b\u64cd\u4f5c\u200b\u521b\u5efa\u200b Pod \u200b\u5e76\u200b\u8fd0\u884c\u200b\u3002
VPC, Subnet \u200b\u7ed1\u5b9a\u200b Namespace net2\uff0c\u200b\u5e76\u200b\u521b\u5efa\u200b Pod:
apiVersion: v1\nkind: Namespace\nmetadata:\n name: net2\n---\napiVersion: kubeovn.io/v1\nkind: Vpc\nmetadata:\n creationTimestamp: \"2021-06-20T13:34:11Z\"\n generation: 2\n labels:\n ovn.kubernetes.io/vpc_external: \"true\"\n name: neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93\n resourceVersion: \"583728\"\n uid: 18d4c654-f511-4def-a3a0-a6434d237c1e\nspec:\n namespaces:\n - net2\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93\n namespaces:\n - net2\n cidrBlock: 12.0.1.0/24\n natOutgoing: false\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: ubuntu\n namespace: net2\nspec:\n containers:\n - image: docker.io/kubeovn/kube-ovn:v1.8.0\n command:\n - \"sleep\"\n - \"604800\"\n imagePullPolicy: IfNotPresent\n name: ubuntu\n restartPolicy: Always\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-ovn-ic/","title":"\u4f7f\u7528\u200b OVN-IC \u200b\u8fdb\u884c\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054","text":"Kube-OVN \u200b\u652f\u6301\u200b\u901a\u8fc7\u200b OVN-IC \u200b\u5c06\u200b\u4e24\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b Pod \u200b\u7f51\u7edc\u200b\u6253\u901a\u200b\uff0c\u200b\u6253\u901a\u200b\u540e\u200b\u7684\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b Pod \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Pod IP \u200b\u8fdb\u884c\u200b\u76f4\u63a5\u200b\u901a\u4fe1\u200b\u3002 Kube-OVN \u200b\u4f7f\u7528\u200b\u96a7\u9053\u200b\u5bf9\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u4e4b\u95f4\u200b\u53ea\u8981\u200b\u5b58\u5728\u200b\u4e00\u7ec4\u200b IP \u200b\u53ef\u8fbe\u200b\u7684\u200b\u673a\u5668\u200b\u5373\u53ef\u200b\u5b8c\u6210\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u4e92\u901a\u200b\u3002
\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u7684\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u4e3a\u200b Overlay \u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\uff0cUnderlay \u200b\u7f51\u7edc\u200b\u5982\u679c\u200b\u60f3\u8981\u200b\u5b9e\u73b0\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u9700\u8981\u200b\u5e95\u5c42\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u505a\u200b\u7f51\u7edc\u200b\u6253\u901a\u200b\u3002
"},{"location":"advance/with-ovn-ic/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" -
1.11.16 \u200b\u4e4b\u540e\u200b\u7248\u672c\u200b\u90e8\u7f72\u200b\u7684\u200b\u96c6\u7fa4\u200b\u9ed8\u8ba4\u200b\u5173\u95ed\u200b\u4e86\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u7684\u200b\u5f00\u5173\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u90e8\u7f72\u200b\u811a\u672c\u200b install.sh \u200b\u91cc\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53d8\u91cf\u200b\uff1a
ENABLE_IC=true\n
\u200b\u6253\u5f00\u200b\u5f00\u5173\u200b\u540e\u200b\u90e8\u7f72\u200b\u96c6\u7fa4\u200b\uff0c\u200b\u4f1a\u200b\u51fa\u73b0\u200b\u7ec4\u4ef6\u200b deployment ovn-ic-controller\u3002 2. \u200b\u81ea\u52a8\u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u4e0d\u540c\u200b\u96c6\u7fa4\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u80fd\u200b\u76f8\u4e92\u200b\u91cd\u53e0\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u9700\u5728\u200b\u5b89\u88c5\u200b\u65f6\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u4e0d\u200b\u91cd\u53e0\u200b\u7684\u200b\u7f51\u6bb5\u200b\u3002\u200b\u82e5\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b\u9700\u200b\u53c2\u8003\u200b\u540e\u7eed\u200b\u624b\u52a8\u200b\u4e92\u8054\u200b\u8fc7\u7a0b\u200b\uff0c\u200b\u53ea\u80fd\u200b\u5c06\u200b\u4e0d\u200b\u91cd\u53e0\u200b\u7f51\u6bb5\u200b\u6253\u901a\u200b\u3002 3. \u200b\u9700\u8981\u200b\u5b58\u5728\u200b\u4e00\u7ec4\u200b\u673a\u5668\u200b\u53ef\u4ee5\u200b\u88ab\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u7684\u200b kube-ovn-controller \u200b\u901a\u8fc7\u200b IP \u200b\u8bbf\u95ee\u200b\uff0c\u200b\u7528\u6765\u200b\u90e8\u7f72\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u7684\u200b\u63a7\u5236\u5668\u200b\u3002 4. \u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u9700\u8981\u200b\u6709\u200b\u4e00\u7ec4\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b IP \u200b\u8fdb\u884c\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8bbf\u200b\u7684\u200b\u673a\u5668\u200b\u4f5c\u4e3a\u200b\u4e4b\u540e\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u3002 5. \u200b\u8be5\u200b\u529f\u80fd\u200b\u53ea\u200b\u5bf9\u200b\u9ed8\u8ba4\u200b VPC \u200b\u751f\u6548\u200b\uff0c\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\u4e92\u8054\u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/with-ovn-ic/#ovn-ic_1","title":"\u90e8\u7f72\u200b\u5355\u200b\u8282\u70b9\u200b OVN-IC \u200b\u6570\u636e\u5e93","text":"\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b kube-ovn-controller \u200b\u53ef\u200b\u901a\u8fc7\u200b IP \u200b\u8bbf\u95ee\u200b\u7684\u200b\u673a\u5668\u200b\u4e0a\u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\uff0c\u200b\u8be5\u200b\u8282\u70b9\u200b\u5c06\u200b\u4fdd\u5b58\u200b\u5404\u4e2a\u200b\u96c6\u7fa4\u200b\u540c\u6b65\u200b\u4e0a\u6765\u200b\u7684\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u3002
\u200b\u90e8\u7f72\u200b docker \u200b\u7684\u200b\u73af\u5883\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u542f\u52a8\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh\n
\u200b\u5bf9\u4e8e\u200b\u90e8\u7f72\u200b containerd \u200b\u53d6\u4ee3\u200b docker \u200b\u7684\u200b\u73af\u5883\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh\n
"},{"location":"advance/with-ovn-ic/#_2","title":"\u81ea\u52a8\u200b\u8def\u7531\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u81ea\u52a8\u200b\u8def\u7531\u200b\u8bbe\u7f6e\u200b\u4e0b\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u4f1a\u200b\u5c06\u200b\u81ea\u5df1\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b Subnet \u200b\u7684\u200b CIDR \u200b\u4fe1\u606f\u200b\u540c\u6b65\u200b\u7ed9\u200b OVN-IC\uff0c\u200b\u56e0\u6b64\u200b\u8981\u200b\u786e\u4fdd\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u7684\u200b Subnet CIDR \u200b\u4e0d\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b\u3002
\u200b\u5728\u200b kube-system Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b ovn-ic-config ConfigMap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
enable-ic: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u3002az-name: \u200b\u533a\u5206\u200b\u4e0d\u540c\u200b\u96c6\u7fa4\u200b\u7684\u200b\u96c6\u7fa4\u200b\u540d\u79f0\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4e92\u8054\u200b\u96c6\u7fa4\u200b\u9700\u200b\u4e0d\u540c\u200b\u3002ic-db-host: \u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002ic-nb-port: OVN-IC \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6645\u3002ic-sb-port: OVN-IC \u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6646\u3002gw-nodes: \u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u4e2d\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u5de5\u4f5c\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u200b\uff0c\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u3002auto-route: \u200b\u662f\u5426\u200b\u81ea\u52a8\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u548c\u200b\u5b66\u4e60\u200b\u8def\u7531\u200b\u3002
\u200b\u6ce8\u610f\u200b\uff1a \u200b\u4e3a\u4e86\u200b\u4fdd\u8bc1\u200b\u64cd\u4f5c\u200b\u7684\u200b\u6b63\u786e\u6027\u200b\uff0covn-ic-config \u200b\u8fd9\u4e2a\u200b ConfigMap \u200b\u4e0d\u200b\u5141\u8bb8\u200b\u4fee\u6539\u200b\u3002\u200b\u5982\u200b\u6709\u200b\u53c2\u6570\u200b\u9700\u8981\u200b\u53d8\u66f4\u200b\uff0c\u200b\u8bf7\u200b\u5220\u9664\u200b\u8be5\u200b ConfigMap\uff0c\u200b\u4fee\u6539\u200b\u540e\u200b\u518d\u200b\u5e94\u7528\u200b\u6b64\u200b ConfigMap\u3002
\u200b\u5728\u200b ovn-ic \u200b\u5bb9\u5668\u200b\u5185\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u67e5\u770b\u200b\u662f\u5426\u200b\u5df2\u200b\u5efa\u7acb\u200b\u4e92\u8054\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b ts\uff1a
# ovn-ic-sbctl show\navailability-zone az1\n gateway deee03e0-af16-4f45-91e9-b50c3960f809\n hostname: az1-gw\n type: geneve\n ip: 192.168.42.145\n port ts-az1\n transit switch: ts\n address: [\"00:00:00:50:AC:8C 169.254.100.45/24\"]\navailability-zone az2\n gateway e94cc831-8143-40e3-a478-90352773327b\n hostname: az2-gw\n type: geneve\n ip: 192.168.42.149\n port ts-az2\n transit switch: ts\n address: [\"00:00:00:07:4A:59 169.254.100.63/24\"]\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u89c2\u5bdf\u200b\u903b\u8f91\u200b\u8def\u7531\u200b\u662f\u5426\u200b\u6709\u200b\u5b66\u4e60\u200b\u5230\u200b\u7684\u200b\u5bf9\u200b\u7aef\u200b\u8def\u7531\u200b\uff1a
# kubectl ko nbctl lr-route-list ovn-cluster\nIPv4 Routes\n 10.42.1.1 169.254.100.45 dst-ip (learned)\n 10.42.1.3 100.64.0.2 dst-ip\n 10.16.0.2 100.64.0.2 src-ip\n 10.16.0.3 100.64.0.2 src-ip\n 10.16.0.4 100.64.0.2 src-ip\n 10.16.0.6 100.64.0.2 src-ip\n 10.17.0.0/16 169.254.100.45 dst-ip (learned)\n 100.65.0.0/16 169.254.100.45 dst-ip (learned)\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5c1d\u8bd5\u200b\u5728\u200b\u96c6\u7fa4\u200b 1 \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b Pod \u200b\u5185\u200b\u76f4\u63a5\u200b ping \u200b\u96c6\u7fa4\u200b 2 \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b Pod IP \u200b\u89c2\u5bdf\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u8054\u901a\u200b\u3002
\u200b\u5bf9\u4e8e\u200b\u67d0\u4e2a\u200b\u4e0d\u60f3\u200b\u5bf9\u5916\u200b\u81ea\u52a8\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\u7684\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b Subnet \u200b\u91cc\u200b\u7684\u200b disableInterConnection \u200b\u6765\u200b\u7981\u6b62\u200b\u8def\u7531\u200b\u5e7f\u64ad\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: no-advertise\nspec:\n cidrBlock: 10.199.0.0/16\n disableInterConnection: true\n
"},{"location":"advance/with-ovn-ic/#_3","title":"\u624b\u52a8\u200b\u8def\u7531\u200b\u8bbe\u7f6e","text":"\u200b\u5bf9\u4e8e\u200b\u96c6\u7fa4\u200b\u95f4\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b CIDR \u200b\u53ea\u200b\u5e0c\u671b\u200b\u505a\u200b\u90e8\u5206\u200b\u5b50\u7f51\u200b\u6253\u901a\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u624b\u52a8\u200b\u53d1\u5e03\u200b\u5b50\u200b\u7f51\u8def\u200b\u7531\u200b\u3002
\u200b\u5728\u200b kube-system Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b ovn-ic-config ConfigMap\uff0c\u200b\u5e76\u200b\u5c06\u200b auto-route \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"false\"\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u5206\u522b\u200b\u67e5\u770b\u200b\u8fdc\u7aef\u200b\u903b\u8f91\u200b\u7aef\u53e3\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u7528\u4e8e\u200b\u4e4b\u540e\u200b\u624b\u52a8\u200b\u914d\u7f6e\u200b\u8def\u7531\u200b\uff1a
[root@az1 ~]# kubectl ko nbctl show\nswitch a391d3a1-14a0-4841-9836-4bd930c447fb (ts)\n port ts-az1\n type: router\n router-port: az1-ts\n port ts-az2\n type: remote\n addresses: [\"00:00:00:4B:E2:9F 169.254.100.31/24\"]\n\n[root@az2 ~]# kubectl ko nbctl show\nswitch da6138b8-de81-4908-abf9-b2224ec4edf3 (ts)\n port ts-az2\n type: router\n router-port: az2-ts\n port ts-az1\n type: remote\n addresses: [\"00:00:00:FB:2A:F7 169.254.100.79/24\"] \n
\u200b\u7531\u200b\u4e0a\u200b\u8f93\u51fa\u200b\u53ef\u77e5\u200b\uff0c\u200b\u96c6\u7fa4\u200b az1 \u200b\u5230\u200b \u200b\u96c6\u7fa4\u200b az2 \u200b\u7684\u200b\u8fdc\u7aef\u200b\u5730\u5740\u200b\u4e3a\u200b 169.254.100.31\uff0caz2 \u200b\u5230\u200b az1 \u200b\u7684\u200b\u8fdc\u7aef\u200b\u5730\u5740\u200b\u4e3a\u200b 169.254.100.79\u3002
\u200b\u4e0b\u9762\u200b\u624b\u52a8\u200b\u8bbe\u7f6e\u200b\u8def\u7531\u200b\uff0c\u200b\u5728\u200b\u8be5\u200b\u4f8b\u5b50\u200b\u4e2d\u200b\uff0c\u200b\u96c6\u7fa4\u200b az1 \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 10.16.0.0/24\uff0c\u200b\u96c6\u7fa4\u200b az2 \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 10.17.0.0/24\u3002
\u200b\u5728\u200b\u96c6\u7fa4\u200b az1 \u200b\u8bbe\u7f6e\u200b\u5230\u200b\u96c6\u7fa4\u200b az2 \u200b\u7684\u200b\u8def\u7531\u200b:
kubectl ko nbctl lr-route-add ovn-cluster 10.17.0.0/24 169.254.100.31\n
\u200b\u5728\u200b\u96c6\u7fa4\u200b az2 \u200b\u8bbe\u7f6e\u200b\u5230\u200b\u96c6\u7fa4\u200b az1 \u200b\u7684\u200b\u8def\u7531\u200b:
kubectl ko nbctl lr-route-add ovn-cluster 10.16.0.0/24 169.254.100.79\n
"},{"location":"advance/with-ovn-ic/#ovn-ic_2","title":"\u9ad8\u200b\u53ef\u7528\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u90e8\u7f72","text":"OVN-IC \u200b\u6570\u636e\u5e93\u200b\u4e4b\u95f4\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Raft \u200b\u534f\u8bae\u200b\u7ec4\u6210\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b\u96c6\u7fa4\u200b\uff0c\u200b\u8be5\u200b\u90e8\u7f72\u200b\u6a21\u5f0f\u200b\u9700\u8981\u200b\u81f3\u5c11\u200b 3 \u200b\u4e2a\u200b\u8282\u70b9\u200b\u3002
\u200b\u9996\u5148\u200b\u5728\u200b\u7b2c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u542f\u52a8\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b leader\u3002
\u200b\u90e8\u7f72\u200b docker \u200b\u73af\u5883\u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP=\"192.168.65.3\" -e NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\" kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh\n
\u200b\u5982\u679c\u200b\u662f\u200b\u90e8\u7f72\u200b containerd \u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" --env=\"NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\"\" --env=\"LOCAL_IP=\"192.168.65.3\"\" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh\n
LOCAL_IP\uff1a \u200b\u5f53\u524d\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\u3002NODE_IPS\uff1a \u200b\u8fd0\u884c\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u4e09\u4e2a\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002
\u200b\u63a5\u4e0b\u6765\u200b\uff0c\u200b\u5728\u200b\u53e6\u5916\u200b\u4e24\u4e2a\u200b\u8282\u70b9\u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b follower\u3002
\u200b\u90e8\u7f72\u200b docker \u200b\u73af\u5883\u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP=\"192.168.65.2\" -e NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\" -e LEADER_IP=\"192.168.65.3\" kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh\n
\u200b\u5982\u679c\u200b\u662f\u200b\u90e8\u7f72\u200b containerd \u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" --env=\"NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\"\" --env=\"LOCAL_IP=\"192.168.65.2\"\" --env=\"LEADER_IP=\"192.168.65.3\"\" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh\n
LOCAL_IP\uff1a \u200b\u5f53\u524d\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\u3002NODE_IPS\uff1a \u200b\u8fd0\u884c\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u4e09\u4e2a\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002LEADER_IP: \u200b\u8fd0\u884c\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b leader \u200b\u8282\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u521b\u5efa\u200b ovn-ic-config \u200b\u65f6\u200b\u6307\u5b9a\u200b\u591a\u4e2a\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3,192.168.65.2,192.168.65.1\"\n ic-nb-port: \"6645\"\n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
"},{"location":"advance/with-ovn-ic/#_4","title":"\u624b\u52a8\u200b\u91cd\u7f6e","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7531\u4e8e\u200b\u914d\u7f6e\u200b\u9519\u8bef\u200b\u9700\u8981\u200b\u5bf9\u200b\u6574\u4e2a\u200b\u4e92\u8054\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u6e05\u7406\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u6e05\u7406\u200b\u73af\u5883\u200b\u3002
\u200b\u5220\u9664\u200b\u5f53\u524d\u200b\u7684\u200b ovn-ic-config Configmap\uff1a
kubectl -n kube-system delete cm ovn-ic-config\n
\u200b\u5220\u9664\u200b ts \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\uff1a
kubectl ko nbctl ls-del ts\n
\u200b\u5728\u200b\u5bf9\u200b\u7aef\u200b\u96c6\u7fa4\u200b\u91cd\u590d\u200b\u540c\u6837\u200b\u7684\u200b\u6b65\u9aa4\u200b\u3002
"},{"location":"advance/with-ovn-ic/#az-name","title":"\u4fee\u6539\u200b az-name","text":"\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b kubectl edit \u200b\u7684\u200b\u65b9\u5f0f\u200b\u5bf9\u200b ovn-ic-config \u200b\u8fd9\u4e2a\u200b configmap \u200b\u4e2d\u200b\u7684\u200b az-name \u200b\u5b57\u200b\u6bb5\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002 \u200b\u4f46\u662f\u200b\u9700\u8981\u200b\u5728\u200b\u6bcf\u4e2a\u200b ovn-cni pod \u200b\u4e0a\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u5426\u5219\u200b\u53ef\u80fd\u200b\u51fa\u73b0\u200b\u6700\u957f\u200b 10 \u200b\u5206\u949f\u200b\u7684\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u4e2d\u65ad\u200b\u3002
ovn-appctl -t ovn-controller inc-engine/recompute\n
"},{"location":"advance/with-ovn-ic/#_5","title":"\u6e05\u7406\u200b\u96c6\u7fa4\u200b\u4e92\u8054","text":"\u200b\u5220\u9664\u200b\u6240\u6709\u200b\u96c6\u7fa4\u200b\u7684\u200b ovn-ic-config Configmap\uff1a
kubectl -n kube-system delete cm ovn-ic-config\n
\u200b\u5220\u9664\u200b\u6240\u6709\u200b\u96c6\u7fa4\u200b\u7684\u200b ts \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\uff1a
kubectl ko nbctl ls-del ts\n
\u200b\u5220\u9664\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u63a7\u5236\u5668\u200b\uff0c\u200b\u5982\u679c\u200b\u662f\u200b\u9ad8\u200b\u53ef\u7528\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u90e8\u7f72\u200b\uff0c\u200b\u9700\u8981\u200b\u90fd\u200b\u6e05\u7406\u200b\u6389\u200b\u3002
\u200b\u5982\u679c\u200b\u63a7\u5236\u5668\u200b\u662f\u200b docker \u200b\u90e8\u7f72\u200b\u6267\u884c\u547d\u4ee4\u200b\uff1a
docker stop ovn-ic-db \ndocker rm ovn-ic-db\n
\u200b\u5982\u679c\u200b\u63a7\u5236\u5668\u200b\u662f\u200b containerd \u200b\u90e8\u7f72\u200b\u6267\u884c\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io task kill ovn-ic-db\nctr -n k8s.io containers rm ovn-ic-db\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-submariner/","title":"\u4f7f\u7528\u200b Submariner \u200b\u8fdb\u884c\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054","text":"Submariner \u200b\u4f5c\u4e3a\u200b\u53ef\u4ee5\u200b\u6253\u901a\u200b\u591a\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b Pod \u200b\u548c\u200b Service \u200b\u7f51\u7edc\u200b\u7684\u200b\u5f00\u6e90\u200b\u7f51\u7edc\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u80fd\u591f\u200b\u5e2e\u52a9\u200b Kube-OVN \u200b\u5b9e\u73b0\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u3002
\u200b\u76f8\u6bd4\u200b\u901a\u8fc7\u200b OVN-IC \u200b\u6253\u901a\u200b\u591a\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u7684\u200b\u65b9\u5f0f\u200b\uff0cSubmariner \u200b\u53ef\u4ee5\u200b\u6253\u901a\u200b Kube-OVN \u200b\u548c\u200b\u975e\u200b Kube-OVN \u200b\u7684\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b \u200b\u80fd\u200b\u63d0\u4f9b\u200b Service \u200b\u7684\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u80fd\u529b\u200b\u3002\u200b\u4f46\u662f\u200b Submariner \u200b\u76ee\u524d\u200b\u53ea\u80fd\u200b\u5b9e\u73b0\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b\u6253\u901a\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u5b9e\u73b0\u200b\u591a\u5b50\u200b\u7f51\u200b\u9009\u62e9\u6027\u200b\u6253\u901a\u200b\u3002
"},{"location":"advance/with-submariner/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u7684\u200b Service CIDR \u200b\u548c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u4e0d\u80fd\u200b\u91cd\u53e0\u200b\u3002
"},{"location":"advance/with-submariner/#submariner_1","title":"\u90e8\u7f72\u200b Submariner","text":"\u200b\u4e0b\u8f7d\u200b subctl \u200b\u4e8c\u8fdb\u5236\u200b\u6587\u4ef6\u200b\uff0c\u200b\u5e76\u200b\u90e8\u7f72\u200b\u5230\u200b\u76f8\u5e94\u200b\u8def\u5f84\u200b\uff1a
curl -Ls https://get.submariner.io | bash\nexport PATH=$PATH:~/.local/bin\necho export PATH=\\$PATH:~/.local/bin >> ~/.profile\n
\u200b\u5207\u6362\u200b kubeconfig \u200b\u81f3\u200b\u5e0c\u671b\u200b\u90e8\u7f72\u200b submariner-broker \u200b\u7684\u200b\u96c6\u7fa4\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
subctl deploy-broker\n
\u200b\u5728\u200b\u672c\u200b\u6587\u6863\u200b\u4e2d\u200b cluster0 \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 10.16.0.0/16\uff0cjoin \u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 100.64.0.0/16\uff0ccluster1 \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 11.16.0.0/16\uff0cjoin \u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b '100.68.0.0/16'\u3002
\u200b\u5207\u6362\u200b kubeconfig \u200b\u81f3\u200b cluster0 \u200b\u6ce8\u518c\u200b\u96c6\u7fa4\u200b\u81f3\u200b broker\uff0c\u200b\u5e76\u200b\u6ce8\u518c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b:
subctl join broker-info.subm --clusterid cluster0 --clustercidr 100.64.0.0/16,10.16.0.0/16 --natt=false --cable-driver vxlan --health-check=false\nkubectl label nodes cluster0 submariner.io/gateway=true\n
\u200b\u5207\u6362\u200b kubeconfig \u200b\u81f3\u200b cluster1 \u200b\u6ce8\u518c\u200b\u96c6\u7fa4\u200b\u81f3\u200b broker\uff0c\u200b\u5e76\u200b\u6ce8\u518c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b:
subctl join broker-info.subm --clusterid cluster1 --clustercidr 100.68.0.0/16,11.16.0.0/16 --natt=false --cable-driver vxlan --health-check=false\nkubectl label nodes cluster1 submariner.io/gateway=true\n
\u200b\u5982\u679c\u200b\u6267\u884c\u200b join \u200b\u547d\u4ee4\u200b\u4e4b\u540e\u200b\u6ca1\u6709\u200b\u65b0\u200b\u7684\u200b gateway, routeagentpod \u200b\u51fa\u73b0\u200b\u7684\u8bdd\u200b, \u200b\u8bf7\u200b\u4e3a\u200b submariner-operator \u200b\u8fd9\u4e2a\u200b clusterrole \u200b\u589e\u52a0\u200b\u4ee5\u4e0b\u200b\u6743\u9650\u200b:
- apiGroups:\n - \"apps\"\n resources:\n - daemonsets\n verbs:\n - create\n - get\n - list\n - watch\n - update\n
\u200b\u5bf9\u4e8e\u200b\u591a\u200b\u8282\u70b9\u200b\u7684\u200b\u96c6\u7fa4\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u9ed8\u8ba4\u200b\u7684\u200b subnet ovn-default \u200b\u7684\u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b\u6539\u4e3a\u200b centralized\u3002\u200b\u4e3a\u200b submariner \u200b\u914d\u7f6e\u200b\u7684\u200b gateway \u200b\u8282\u70b9\u200b\u9700\u8981\u200b\u548c\u200b subnet \u200b\u8282\u70b9\u200b\u5b8c\u5168\u76f8\u540c\u200b\u3002
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5728\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5206\u522b\u200b\u542f\u52a8\u200b Pod \u200b\u5e76\u200b\u5c1d\u8bd5\u200b\u4f7f\u7528\u200b IP \u200b\u8fdb\u884c\u200b\u76f8\u4e92\u200b\u8bbf\u95ee\u200b\u3002
\u200b\u5982\u679c\u200b\u51fa\u73b0\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u95ee\u9898\u200b\u53ef\u200b\u901a\u8fc7\u200b subctl \u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u8bca\u65ad\u200b\uff1a
subctl show all\nsubctl diagnose all\n
\u200b\u66f4\u200b\u591a\u200b Submariner \u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b\u8bf7\u200b\u67e5\u770b\u200b Submariner \u200b\u7528\u6237\u624b\u518c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/custom-routes/","title":"\u81ea\u5b9a\u4e49\u200b\u8def\u7531","text":"\u200b\u53ef\u4ee5\u200b\u5728\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u901a\u8fc7\u200b Annotations \u200b\u6765\u200b\u6307\u5b9a\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b\u7684\u200b\u8def\u7531\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: custom-routes\n annotations:\n ovn.kubernetes.io/routes: |\n [{\n \"dst\": \"192.168.0.101/24\",\n \"gw\": \"10.16.0.254\"\n }, {\n \"gw\": \"10.16.0.254\"\n }]\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n
dst \u200b\u5b57\u6bb5\u200b\u4e3a\u200b\u7a7a\u200b\u8868\u793a\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u8def\u7531\u200b\u3002
\u200b\u5982\u679c\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b\u4e3a\u200b Deployment\u3001DaemonSet \u200b\u6216\u200b StatefulSet\uff0c\u200b\u5bf9\u5e94\u200b\u7684\u200b Annotation \u200b\u9700\u8981\u200b\u914d\u7f6e\u200b\u5728\u200b\u8d44\u6e90\u200b\u7684\u200b .spec.template.metadata.annotations \u200b\u4e2d\u200b\uff0c\u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: custom-routes\n labels:\n app: nginx\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n annotations:\n ovn.kubernetes.io/routes: |\n [{\n \"dst\": \"192.168.0.101/24\",\n \"gw\": \"10.16.0.254\"\n }, {\n \"gw\": \"10.16.0.254\"\n }]\n spec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/dual-stack/","title":"\u53cc\u6808\u200b\u4f7f\u7528","text":"Kube-OVN \u200b\u4e2d\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u652f\u6301\u200b\u4e0d\u540c\u200b\u7684\u200b\u534f\u8bae\u200b\uff0c\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u5b58\u5728\u200b IPv4\uff0cIPv6 \u200b\u548c\u200b\u53cc\u6808\u200b\u7c7b\u578b\u200b\u7684\u200b\u5b50\u7f51\u200b\u3002 \u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u4f7f\u7528\u200b\u7edf\u4e00\u200b\u7684\u200b\u534f\u8bae\u200b\u7c7b\u578b\u200b\u4ee5\u200b\u7b80\u5316\u200b\u4f7f\u7528\u200b\u548c\u200b\u7ef4\u62a4\u200b\u3002
\u200b\u4e3a\u4e86\u200b\u652f\u6301\u200b\u53cc\u6808\u200b\uff0c\u200b\u9700\u8981\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u6ee1\u8db3\u200b\u53cc\u6808\u200b\u8981\u6c42\u200b\uff0c\u200b\u540c\u65f6\u200b\u9700\u8981\u200b\u5bf9\u200b Kubernetes \u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\u505a\u200b\u8c03\u6574\u200b\uff0c \u200b\u8bf7\u200b\u53c2\u8003\u200b Kubernetes \u200b\u7684\u200b\u53cc\u6808\u200b\u5b98\u65b9\u200b\u6307\u5bfc\u200b\u3002
"},{"location":"guide/dual-stack/#_2","title":"\u521b\u5efa\u200b\u53cc\u6808\u200b\u5b50\u7f51","text":"\u200b\u5728\u200b\u914d\u7f6e\u200b\u53cc\u6808\u200b\u65f6\u200b\uff0c\u200b\u53ea\u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u5b50\u7f51\u200b CIDR \u200b\u683c\u5f0f\u200b\u4e3a\u200b cidr=<IPv4 CIDR>,<IPv6 CIDR> \u200b\u5373\u53ef\u200b\u3002 CIDR \u200b\u987a\u5e8f\u200b\u8981\u6c42\u200b IPv4 \u200b\u5728\u200b\u524d\u200b\uff0cIPv6 \u200b\u5728\u200b\u540e\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata: \n name: ovn-test\nspec:\n cidrBlock: 10.16.0.0/16,fd00:10:16::/64\n excludeIps:\n - 10.16.0.1\n - fd00:10:16::1\n gateway: 10.16.0.1,fd00:10:16::1\n
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u65f6\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u53cc\u6808\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u4fee\u6539\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\uff1a
POD_CIDR=\"10.16.0.0/16,fd00:10:16::/64\"\nJOIN_CIDR=\"100.64.0.0/16,fd00:100:64::/64\"\n
"},{"location":"guide/dual-stack/#pod","title":"\u67e5\u770b\u200b Pod \u200b\u5730\u5740","text":"\u200b\u914d\u7f6e\u200b\u53cc\u6808\u200b\u7f51\u7edc\u200b\u7684\u200b Pod \u200b\u5c06\u4f1a\u200b\u4ece\u200b\u8be5\u200b\u5b50\u7f51\u200b\u540c\u65f6\u200b\u5206\u914d\u200b IPv4 \u200b\u548c\u200b IPv6 \u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u5206\u914d\u200b\u7ed3\u679c\u200b\u4f1a\u200b\u663e\u793a\u200b\u5728\u200b Pod \u200b\u7684\u200b annotation \u200b\u4e2d\u200b:
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/allocated: \"true\"\n ovn.kubernetes.io/cidr: 10.16.0.0/16,fd00:10:16::/64\n ovn.kubernetes.io/gateway: 10.16.0.1,fd00:10:16::1\n ovn.kubernetes.io/ip_address: 10.16.0.9,fd00:10:16::9\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:14:88:09\n ovn.kubernetes.io/network_types: geneve\n ovn.kubernetes.io/routed: \"true\"\n...\npodIP: 10.16.0.9\n podIPs:\n - ip: 10.16.0.9\n - ip: fd00:10:16::9\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/eip-snat/","title":"EIP \u200b\u548c\u200b SNAT \u200b\u914d\u7f6e","text":"\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9488\u5bf9\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u8bf7\u200b\u53c2\u8003\u200b VPC \u200b\u7f51\u5173\u200b
Kube-OVN \u200b\u652f\u6301\u200b\u5229\u7528\u200b OVN \u200b\u4e2d\u200b\u7684\u200b L3 Gateway \u200b\u529f\u80fd\u200b\u6765\u200b\u5b9e\u73b0\u200b Pod \u200b\u7ea7\u522b\u200b\u7684\u200b SNAT \u200b\u548c\u200b EIP \u200b\u529f\u80fd\u200b\u3002 \u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b SNAT\uff0c\u200b\u4e00\u7ec4\u200b Pod \u200b\u53ef\u4ee5\u200b\u5171\u4eab\u200b\u4e00\u4e2a\u200b IP \u200b\u5730\u5740\u200b\u5bf9\u5916\u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\u3002 \u200b\u901a\u8fc7\u200b EIP \u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u4e00\u4e2a\u200b Pod \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u548c\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b IP \u200b\u5173\u8054\u200b\uff0c \u200b\u5916\u90e8\u200b\u670d\u52a1\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b EIP \u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b Pod\uff0cPod \u200b\u4e5f\u200b\u5c06\u200b\u901a\u8fc7\u200b\u8fd9\u4e2a\u200b EIP \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u670d\u52a1\u200b\u3002
"},{"location":"guide/eip-snat/#_1","title":"\u51c6\u5907\u200b\u5de5\u4f5c","text":" - \u200b\u4e3a\u4e86\u200b\u4f7f\u7528\u200b OVN \u200b\u7684\u200b L3 Gateway \u200b\u80fd\u529b\u200b\uff0c\u200b\u5fc5\u987b\u200b\u5c06\u200b\u4e00\u4e2a\u200b\u5355\u72ec\u200b\u7684\u200b\u7f51\u5361\u200b\u63a5\u5165\u200b OVS \u200b\u7f51\u6865\u200b\u4e2d\u200b\u8fdb\u884c\u200b Overlay \u200b\u548c\u200b Underlay \u200b\u7f51\u7edc\u200b\u7684\u200b\u6253\u901a\u200b\uff0c \u200b\u4e3b\u673a\u200b\u5fc5\u987b\u200b\u6709\u200b\u5176\u4ed6\u200b\u7684\u200b\u7f51\u5361\u200b\u7528\u4e8e\u200b\u8fd0\u7ef4\u200b\u7ba1\u7406\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u7ecf\u8fc7\u200b NAT \u200b\u540e\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u4f1a\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b Underlay \u200b\u7f51\u7edc\u200b\uff0c\u200b\u5fc5\u987b\u200b\u786e\u8ba4\u200b\u5f53\u524d\u200b\u7684\u200b\u7f51\u7edc\u200b\u67b6\u6784\u200b\u4e0b\u200b\u6b64\u7c7b\u200b\u6570\u636e\u5305\u200b\u53ef\u4ee5\u200b\u5b89\u5168\u200b\u901a\u8fc7\u200b\u3002
- \u200b\u76ee\u524d\u200b EIP \u200b\u548c\u200b SNAT \u200b\u5730\u5740\u200b\u6ca1\u6709\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\uff0c\u200b\u9700\u8981\u200b\u7ba1\u7406\u5458\u200b\u624b\u52a8\u200b\u5206\u914d\u200b\u907f\u514d\u200b\u5730\u5740\u200b\u51b2\u7a81\u200b\u3002
"},{"location":"guide/eip-snat/#_2","title":"\u521b\u5efa\u200b\u914d\u7f6e\u6587\u4ef6","text":"\u200b\u5728\u200b kube-system \u200b\u4e0b\u200b\u521b\u5efa\u200b ConfigMap ovn-external-gw-config\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-external-gw-config\n namespace: kube-system\ndata:\n enable-external-gw: \"true\"\n external-gw-nodes: \"kube-ovn-worker\"\n external-gw-nic: \"eth1\"\n external-gw-addr: \"172.56.0.1/16\"\n nic-ip: \"172.56.0.254/16\"\n nic-mac: \"16:52:f3:13:6a:25\"\n
enable-external-gw: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b SNAT \u200b\u548c\u200b EIP \u200b\u529f\u80fd\u200b\u3002type: centrailized \u200b\u6216\u200b distributed\uff0c \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b centralized \u200b\u5982\u679c\u200b\u4f7f\u7528\u200b distributed\uff0c\u200b\u5219\u200b\u96c6\u7fa4\u200b\u6240\u6709\u200b\u8282\u70b9\u200b\u90fd\u200b\u9700\u8981\u200b\u6709\u200b\u540c\u540d\u200b\u7f51\u5361\u200b\u6765\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u3002external-gw-nodes: centralized \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u4f5c\u7528\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u200b\uff0c\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u3002external-gw-nic: \u200b\u8282\u70b9\u200b\u4e0a\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u4f5c\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u200b\u3002external-gw-addr: \u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7f51\u5173\u200b\u7684\u200b IP \u200b\u548c\u200b\u63a9\u7801\u200b\u3002nic-ip,nic-mac: \u200b\u5206\u914d\u200b\u7ed9\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u7aef\u53e3\u200b\u7684\u200b IP \u200b\u548c\u200b Mac\uff0c\u200b\u9700\u4e3a\u200b\u7269\u7406\u200b\u6bb5\u200b\u672a\u200b\u88ab\u200b\u5360\u7528\u200b\u7684\u200b IP \u200b\u548c\u200b Mac\u3002
"},{"location":"guide/eip-snat/#ovn-ovs","title":"\u89c2\u5bdf\u200b OVN \u200b\u548c\u200b OVS \u200b\u72b6\u6001\u200b\u786e\u8ba4\u200b\u914d\u7f6e\u200b\u751f\u6548","text":"\u200b\u68c0\u67e5\u200b OVN-NB \u200b\u72b6\u6001\u200b, \u200b\u786e\u8ba4\u200b ovn-external \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u5b58\u5728\u200b\uff0c\u200b\u5e76\u4e14\u200b ovn-cluster-ovn-external \u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\u7aef\u53e3\u200b\u4e0a\u200b \u200b\u7ed1\u5b9a\u200b\u4e86\u200b\u6b63\u786e\u200b\u7684\u200b\u5730\u5740\u200b\u548c\u200b chassis\u3002
# kubectl ko nbctl show\nswitch 3de4cea7-1a71-43f3-8b62-435a57ef16a6 (ovn-external)\n port ln-ovn-external\n type: localnet\n addresses: [\"unknown\"]\n port ovn-external-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-external\nrouter e1eb83ad-34be-4ed5-9a02-fcc8b1d357c4 (ovn-cluster)\n port ovn-cluster-ovn-external\n mac: \"ac:1f:6b:2d:33:f1\"\n networks: [\"172.56.0.100/16\"]\n gateway chassis: [a5682814-2e2c-46dd-9c1c-6803ef0dab66]\n
\u200b\u68c0\u67e5\u200b OVS \u200b\u72b6\u6001\u200b\uff0c\u200b\u786e\u8ba4\u200b\u76f8\u5e94\u200b\u7684\u200b\u7f51\u5361\u200b\u5df2\u7ecf\u200b\u6865\u63a5\u200b\u8fdb\u200b br-external \u200b\u7f51\u6865\u200b\uff1a
# kubectl ko vsctl ${gateway node name} show\ne7d81150-7743-4d6e-9e6f-5c688232e130\n Bridge br-external\n Port br-external\n Interface br-external\n type: internal\n Port eno2\n Interface eno2\n Port patch-ln-ovn-external-to-br-int\n Interface patch-ln-ovn-external-to-br-int\n type: patch\n options: {peer=patch-br-int-to-ln-ovn-external}\n
"},{"location":"guide/eip-snat/#pod-eip-snat","title":"Pod \u200b\u914d\u7f6e\u200b EIP \u200b\u548c\u200b SNAT","text":"\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5728\u200b Pod \u200b\u4e0a\u200b\u589e\u52a0\u200b ovn.kubernetes.io/snat \u200b\u6216\u200b ovn.kubernetes.io/eip annotation \u200b\u6765\u200b\u5206\u522b\u200b\u914d\u7f6e\u200b SNAT \u200b\u548c\u200b EIP\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: pod-gw\n annotations:\n ovn.kubernetes.io/snat: 172.56.0.200\nspec:\n containers:\n - name: snat-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: pod-gw\n annotations:\n ovn.kubernetes.io/eip: 172.56.0.233\nspec:\n containers:\n - name: eip-pod\n image: docker.io/library/nginx:alpine\n
\u200b\u53ef\u200b\u901a\u8fc7\u200b kubectl \u200b\u6216\u200b\u5176\u4ed6\u200b\u5de5\u5177\u200b\u52a8\u6001\u200b\u8c03\u6574\u200b Pod \u200b\u6240\u200b\u914d\u7f6e\u200b\u7684\u200b EIP \u200b\u6216\u200b SNAT \u200b\u89c4\u5219\u200b\uff0c\u200b\u66f4\u6539\u200b\u65f6\u8bf7\u200b\u6ce8\u610f\u200b\u8981\u200b\u540c\u65f6\u200b\u5220\u9664\u200b ovn.kubernetes.io/routed annotation \u200b\u89e6\u53d1\u200b\u8def\u7531\u200b\u7684\u200b\u53d8\u66f4\u200b\uff1a
kubectl annotate pod pod-gw ovn.kubernetes.io/eip=172.56.0.221 --overwrite\nkubectl annotate pod pod-gw ovn.kubernetes.io/routed-\n
\u200b\u5f53\u200b EIP \u200b\u6216\u200b SNAT \u200b\u89c4\u5219\u200b\u751f\u6548\u200b\u540e\u200b\uff0covn.kubernetes.io/routed annotation \u200b\u4f1a\u200b\u88ab\u200b\u91cd\u65b0\u200b\u6dfb\u52a0\u200b\u3002
"},{"location":"guide/eip-snat/#_3","title":"\u9ad8\u7ea7\u200b\u914d\u7f6e","text":"kube-ovn-controller \u200b\u7684\u200b\u90e8\u5206\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u53ef\u200b\u5bf9\u200b SNAT \u200b\u548c\u200b EIP \u200b\u529f\u80fd\u200b\u8fdb\u884c\u200b\u9ad8\u9636\u200b\u914d\u7f6e\u200b\uff1a
--external-gateway-config-ns: Configmap ovn-external-gw-config \u200b\u6240\u5c5e\u200b Namespace\uff0c \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b kube-system\u3002--external-gateway-net: \u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u6240\u200b\u6865\u63a5\u200b\u7684\u200b\u7f51\u6865\u200b\u540d\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b external\u3002--external-gateway-vlanid: \u200b\u7269\u7406\u200b\u7f51\u7edc\u200b Vlan Tag \u200b\u53f7\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 0\uff0c \u200b\u5373\u200b\u4e0d\u200b\u4f7f\u7528\u200b Vlan\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/ippool/","title":"IP \u200b\u6c60\u200b\u4f7f\u7528","text":"IP \u200b\u6c60\u200b\uff08IPPool\uff09\u200b\u662f\u200b\u6bd4\u200b\u5b50\u7f51\u200b\uff08Subnet\uff09\u200b\u66f4\u7ec6\u200b\u529b\u5ea6\u200b\u7684\u200b IPAM \u200b\u7ba1\u7406\u200b\u5355\u5143\u200b\u3002\u200b\u4f60\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b IP \u200b\u6c60\u5c06\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\u7ec6\u5206\u200b\u4e3a\u200b\u591a\u4e2a\u200b\u5355\u5143\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u5355\u5143\u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b\u6216\u200b\u591a\u4e2a\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\uff08Namespace\uff09\u3002
"},{"location":"guide/ippool/#_1","title":"\u4f7f\u7528\u200b\u65b9\u6cd5","text":"\u200b\u4f7f\u7528\u200b\u793a\u4f8b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: IPPool\nmetadata:\n name: pool-1\nspec:\n subnet: ovn-default\n ips:\n - \"10.16.0.201\"\n - \"10.16.0.210/30\"\n - \"10.16.0.220..10.16.0.230\"\n namespaces:\n - ns-1\n
\u200b\u5b57\u200b\u6bb5\u200b\u8bf4\u660e\u200b\uff1a
\u200b\u540d\u79f0\u200b \u200b\u7528\u9014\u200b \u200b\u5907\u6ce8\u200b subnet \u200b\u6307\u5b9a\u200b\u6240\u5c5e\u200b\u5b50\u7f51\u200b \u200b\u5fc5\u586b\u200b ips \u200b\u6307\u5b9a\u200b\u5305\u542b\u200b\u7684\u200b IP \u200b\u8303\u56f4\u200b \u200b\u652f\u6301\u200b \u3001 \u200b\u4ee5\u53ca\u200b .. \u200b\u4e09\u79cd\u200b\u683c\u5f0f\u200b\uff0c\u200b\u652f\u6301\u200b IPv6\u3002 namespaces \u200b\u7ed1\u5b9a\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b \u200b\u53ef\u200b\u9009"},{"location":"guide/ippool/#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":" - \u200b\u4e3a\u200b\u4fdd\u8bc1\u200b\u4e0e\u200b Workload \u200b\u901a\u7528\u200b IP Pool \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b \u200b\u7684\u200b\u517c\u5bb9\u6027\u200b\uff0cIP \u200b\u6c60\u200b\u7684\u200b\u540d\u79f0\u200b\u4e0d\u80fd\u200b\u662f\u200b\u4e00\u4e2a\u200b IP \u200b\u5730\u5740\u200b\uff1b
- IP \u200b\u6c60\u200b\u7684\u200b
.spec.ips \u200b\u53ef\u200b\u6307\u5b9a\u200b\u8d85\u51fa\u200b\u5b50\u7f51\u200b\u8303\u56f4\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4f46\u200b\u5b9e\u9645\u200b\u6709\u6548\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u662f\u200b .spec.ips \u200b\u4e0e\u200b\u5b50\u7f51\u200b CIDR \u200b\u7684\u200b\u4ea4\u96c6\u200b\uff1b - \u200b\u540c\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u4e0d\u540c\u200b IP \u200b\u6c60\u200b\uff0c\u200b\u4e0d\u80fd\u200b\u5305\u542b\u200b\u76f8\u540c\u200b\u7684\u200b\uff08\u200b\u6709\u6548\u200b\uff09IP \u200b\u5730\u5740\u200b\uff1b
- IP \u200b\u6c60\u200b\u7684\u200b
.spec.ips \u200b\u53ef\u200b\u52a8\u6001\u200b\u4fee\u6539\u200b\uff1b - IP \u200b\u6c60\u4f1a\u200b\u7ee7\u627f\u200b\u5b50\u7f51\u200b\u7684\u200b\u4fdd\u7559\u200b IP\uff0c\u200b\u4ece\u200b IP \u200b\u6c60\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP \u200b\u5730\u5740\u200b\u65f6\u200b\uff0c\u200b\u4f1a\u200b\u8df3\u200b\u8fc7\u200b\u5305\u542b\u200b\u5728\u200b IP \u200b\u6c60\u4e2d\u200b\u7684\u200b\u4fdd\u7559\u200b IP\uff1b
- \u200b\u4ece\u200b\u5b50\u7f51\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP \u200b\u5730\u5740\u200b\u65f6\u200b\uff0c\u200b\u53ea\u4f1a\u200b\u4ece\u200b\u5b50\u7f51\u200b\u6240\u6709\u200b IP \u200b\u6c60\u200b\u4ee5\u5916\u200b\u7684\u200b\u8303\u56f4\u200b\u5206\u914d\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/loadbalancer-service/","title":"LoadBalancer \u200b\u7c7b\u578b\u200b Service","text":"Kube-OVN \u200b\u5df2\u7ecf\u200b\u652f\u6301\u200b\u4e86\u200b VPC \u200b\u548c\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b\u5b9e\u73b0\u200b\uff0c\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b VPC \u200b\u914d\u7f6e\u200b\u3002
\u200b\u7531\u4e8e\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b\u4f7f\u7528\u200b\u6bd4\u8f83\u590d\u6742\u200b\uff0c\u200b\u57fa\u4e8e\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b\u5b9e\u73b0\u200b\u505a\u200b\u4e86\u200b\u7b80\u5316\u200b\uff0c\u200b\u652f\u6301\u200b\u5728\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u521b\u5efa\u200b LoadBalancer \u200b\u7c7b\u578b\u200b\u7684\u200b Service\uff0c\u200b\u5b9e\u73b0\u200b\u901a\u8fc7\u200b LoadBalancerIP \u200b\u6765\u200b\u8bbf\u95ee\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Service\u3002
\u200b\u9996\u5148\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u4e0a\u200b\u6ee1\u8db3\u200b\u4ee5\u4e0b\u200b\u6761\u4ef6\u200b\uff1a
- \u200b\u5b89\u88c5\u200b\u4e86\u200b
multus-cni \u200b\u548c\u200b macvlan cni\u3002 - LoadBalancer Service \u200b\u7684\u200b\u652f\u6301\u200b\uff0c\u200b\u662f\u200b\u5bf9\u200b VPC \u200b\u7f51\u5173\u200b\u4ee3\u7801\u200b\u8fdb\u884c\u200b\u7b80\u5316\u200b\u5b9e\u73b0\u200b\u7684\u200b\uff0c\u200b\u4ecd\u7136\u200b\u4f7f\u7528\u200b
vpc-nat-gw \u200b\u7684\u200b\u955c\u50cf\u200b\uff0c\u200b\u4f9d\u8d56\u200b macvlan \u200b\u63d0\u4f9b\u200b\u591a\u200b\u7f51\u5361\u200b\u529f\u80fd\u200b\u652f\u6301\u200b\u3002 - \u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b\u5728\u200b
\u200b\u9ed8\u8ba4\u200b VPC \u200b\u914d\u7f6e\u200b\uff0c\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b LoadBalancer \u200b\u652f\u6301\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b VPC \u200b\u7684\u200b\u6587\u6863\u200b VPC \u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/loadbalancer-service/#vpc-loadbalancer-service","title":"\u9ed8\u8ba4\u200b VPC LoadBalancer Service \u200b\u914d\u7f6e\u200b\u6b65\u9aa4","text":""},{"location":"guide/loadbalancer-service/#_1","title":"\u5f00\u542f\u200b\u7279\u6027\u200b\u5f00\u5173","text":"\u200b\u4fee\u6539\u200b kube-system namespace \u200b\u4e0b\u200b\u7684\u200b deployment kube-ovn-controller\uff0c\u200b\u5728\u200b args \u200b\u4e2d\u200b\u589e\u52a0\u200b\u53c2\u6570\u200b --enable-lb-svc=true\uff0c\u200b\u5f00\u542f\u200b\u529f\u80fd\u200b\u5f00\u5173\u200b\uff0c\u200b\u8be5\u200b\u53c2\u6570\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b false\u3002
containers:\n- args:\n - /kube-ovn/start-controller.sh\n - --default-cidr=10.16.0.0/16\n - --default-gateway=10.16.0.1\n - --default-gateway-check=true\n - --enable-lb-svc=true // \u200b\u53c2\u6570\u8bbe\u7f6e\u200b\u4e3a\u200b true\n
"},{"location":"guide/loadbalancer-service/#networkattachmentdefinition-crd","title":"\u521b\u5efa\u200b NetworkAttachmentDefinition CRD \u200b\u8d44\u6e90","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b net-attach-def \u200b\u8d44\u6e90\u200b:
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: lb-svc-attachment\n namespace: kube-system\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth0\", //\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\uff0c\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\u914d\u7f6e\u200b\n \"mode\": \"bridge\"\n }'\n
\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u901a\u8fc7\u200b\u7269\u7406\u200b\u7f51\u5361\u200b eth0 \u200b\u6765\u200b\u5b9e\u73b0\u200b\u591a\u200b\u7f51\u5361\u200b\u529f\u80fd\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u5176\u4ed6\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b master \u200b\u53d6\u503c\u200b\uff0c\u200b\u6307\u5b9a\u200b\u4f7f\u7528\u200b\u7684\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u540d\u79f0\u200b\u3002
"},{"location":"guide/loadbalancer-service/#subnet","title":"\u521b\u5efa\u200b Subnet","text":"\u200b\u521b\u5efa\u200b\u7684\u200b Subnet\uff0c\u200b\u7528\u4e8e\u200b\u7ed9\u200b LoadBalancer Service \u200b\u5206\u914d\u200b LoadBalancerIP\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u6b63\u5e38\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5916\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u8bbf\u95ee\u200b\u5230\u200b\u3002\u200b\u53ef\u4ee5\u200b\u914d\u7f6e\u200b Underlay Subnet \u200b\u7528\u4e8e\u200b\u5730\u5740\u200b\u5206\u914d\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b\u65b0\u200b\u5b50\u7f51\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\nspec:\n protocol: IPv4\n provider: lb-svc-attachment.kube-system # provider \u200b\u683c\u5f0f\u200b\u56fa\u5b9a\u200b\uff0c\u200b\u7531\u200b\u4e0a\u200b\u4e00\u6b65\u200b\u521b\u5efa\u200b\u7684\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u7684\u200b Name.Namespace \u200b\u7ec4\u6210\u200b\n cidrBlock: 172.18.0.0/16\n gateway: 172.18.0.1\n excludeIps:\n - 172.18.0.0..172.18.0.10\n
Subnet \u200b\u4e2d\u200b provider \u200b\u53c2\u6570\u200b\u4ee5\u200b ovn \u200b\u6216\u8005\u200b\u4ee5\u200b .ovn \u200b\u4e3a\u200b\u540e\u7f00\u200b\u7ed3\u675f\u200b\uff0c\u200b\u8868\u793a\u200b\u8be5\u200b\u5b50\u7f51\u200b\u662f\u200b\u7531\u200b Kube-OVN \u200b\u7ba1\u7406\u200b\u4f7f\u7528\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u5e94\u200b\u521b\u5efa\u200b logical switch \u200b\u8bb0\u5f55\u200b\u3002
provider \u200b\u975e\u200b ovn \u200b\u6216\u8005\u200b\u975e\u200b .ovn \u200b\u4e3a\u200b\u540e\u7f00\u200b\u7ed3\u675f\u200b\uff0c\u200b\u5219\u200b Kube-OVN \u200b\u53ea\u200b\u63d0\u4f9b\u200b IPAM \u200b\u529f\u80fd\u200b\uff0c\u200b\u8bb0\u5f55\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u60c5\u51b5\u200b\uff0c\u200b\u4e0d\u200b\u5bf9\u200b\u5b50\u7f51\u200b\u505a\u200b\u4e1a\u52a1\u200b\u903b\u8f91\u200b\u5904\u7406\u200b\u3002
"},{"location":"guide/loadbalancer-service/#loadbalancer-service_1","title":"\u521b\u5efa\u200b LoadBalancer Service","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b LoadBalancer Service\uff1a
apiVersion: v1\nkind: Service\nmetadata:\n annotations:\n lb-svc-attachment.kube-system.kubernetes.io/logical_switch: attach-subnet #\u200b\u53ef\u200b\u9009\u200b\n ovn.kubernetes.io/attachmentprovider: lb-svc-attachment.kube-system #\u200b\u5fc5\u987b\u200b\n labels:\n app: dynamic\n name: test-service\n namespace: default\nspec:\n loadBalancerIP: 172.18.0.18 #\u200b\u53ef\u200b\u9009\u200b\n ports:\n - name: test\n protocol: TCP\n port: 80\n targetPort: 80\n selector:\n app: dynamic\n sessionAffinity: None\n type: LoadBalancer\n
\u200b\u5728\u200b yaml \u200b\u4e2d\u200b\uff0cannotation ovn.kubernetes.io/attachmentprovider \u200b\u4e3a\u200b\u5fc5\u586b\u200b\u9879\u200b\uff0c\u200b\u53d6\u503c\u200b\u7531\u200b\u7b2c\u4e00\u6b65\u200b\u521b\u5efa\u200b\u7684\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u7684\u200b Name.Namespace \u200b\u7ec4\u6210\u200b\u3002\u200b\u8be5\u200b annotation \u200b\u7528\u4e8e\u200b\u5728\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\uff0c\u200b\u67e5\u627e\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u3002
\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b annotation \u200b\u6307\u5b9a\u200b\u591a\u200b\u7f51\u5361\u200b\u5730\u5740\u200b\u5206\u914d\u200b\u4f7f\u7528\u200b\u7684\u200b\u5b50\u7f51\u200b\u3002annotation key \u200b\u683c\u5f0f\u200b\u4e3a\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u7684\u200b Name.Namespace.kubernetes.io/logical_switch\u3002\u200b\u8be5\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u200b\u53ef\u200b\u9009\u200b\u200b\u9009\u9879\u200b\uff0c\u200b\u5728\u200b\u6ca1\u6709\u200b\u6307\u5b9a\u200b LoadBalancerIP \u200b\u5730\u5740\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u5c06\u200b\u4ece\u200b\u8be5\u200b\u5b50\u7f51\u200b\u52a8\u6001\u5206\u914d\u200b\u5730\u5740\u200b\uff0c\u200b\u586b\u5145\u200b\u5230\u200b LoadBalancerIP \u200b\u5b57\u200b\u6bb5\u200b\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u9759\u6001\u200b\u914d\u7f6e\u200b LoadBalancerIP \u200b\u5730\u5740\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u914d\u7f6e\u200b spec.loadBalancerIP \u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u9700\u8981\u200b\u5728\u200b\u6307\u5b9a\u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u5185\u200b\u3002
\u200b\u5728\u200b\u6267\u884c\u200b yaml \u200b\u521b\u5efa\u200b Service \u200b\u540e\u200b\uff0c\u200b\u5728\u200b Service \u200b\u540c\u200b Namespace \u200b\u4e0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b Pod \u200b\u542f\u52a8\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get pod\nNAME READY STATUS RESTARTS AGE\nlb-svc-test-service-6869d98dd8-cjvll 1/1 Running 0 107m\n# kubectl get svc\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\ntest-service LoadBalancer 10.109.201.193 172.18.0.18 80:30056/TCP 107m\n
\u200b\u6307\u5b9a\u200b service.spec.loadBalancerIP \u200b\u53c2\u6570\u200b\u65f6\u200b\uff0c\u200b\u6700\u7ec8\u200b\u5c06\u200b\u8be5\u200b\u53c2\u6570\u200b\u8d4b\u503c\u200b\u7ed9\u200b service external-ip \u200b\u5b57\u200b\u6bb5\u200b\u3002\u200b\u4e0d\u200b\u6307\u5b9a\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u8be5\u200b\u53c2\u6570\u200b\u4e3a\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u503c\u200b\u3002
\u200b\u67e5\u770b\u200b\u6d4b\u8bd5\u200b Pod \u200b\u7684\u200b yaml \u200b\u8f93\u51fa\u200b\uff0c\u200b\u5b58\u5728\u200b\u591a\u200b\u7f51\u5361\u200b\u5206\u914d\u200b\u7684\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get pod -o yaml lb-svc-test-service-6869d98dd8-cjvll\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n k8s.v1.cni.cncf.io/network-status: |-\n [{\n \"name\": \"kube-ovn\",\n \"ips\": [\n \"10.16.0.2\"\n ],\n \"default\": true,\n \"dns\": {}\n },{\n \"name\": \"default/test-service\",\n \"interface\": \"net1\",\n \"mac\": \"ba:85:f7:02:9f:42\",\n \"dns\": {}\n }]\n k8s.v1.cni.cncf.io/networks: default/test-service\n k8s.v1.cni.cncf.io/networks-status: |-\n [{\n \"name\": \"kube-ovn\",\n \"ips\": [\n \"10.16.0.2\"\n ],\n \"default\": true,\n \"dns\": {}\n },{\n \"name\": \"default/test-service\",\n \"interface\": \"net1\",\n \"mac\": \"ba:85:f7:02:9f:42\",\n \"dns\": {}\n }]\n ovn.kubernetes.io/allocated: \"true\"\n ovn.kubernetes.io/cidr: 10.16.0.0/16\n ovn.kubernetes.io/gateway: 10.16.0.1\n ovn.kubernetes.io/ip_address: 10.16.0.2\n ovn.kubernetes.io/logical_router: ovn-cluster\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:45:F4:29\n ovn.kubernetes.io/pod_nic_type: veth-pair\n ovn.kubernetes.io/routed: \"true\"\n test-service.default.kubernetes.io/allocated: \"true\"\n test-service.default.kubernetes.io/cidr: 172.18.0.0/16\n test-service.default.kubernetes.io/gateway: 172.18.0.1\n test-service.default.kubernetes.io/ip_address: 172.18.0.18\n test-service.default.kubernetes.io/logical_switch: attach-subnet\n test-service.default.kubernetes.io/mac_address: 00:00:00:AF:AA:BF\n test-service.default.kubernetes.io/pod_nic_type: veth-pair\n
\u200b\u67e5\u770b\u200b Service \u200b\u7684\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc -o yaml test-service\napiVersion: v1\nkind: Service\nmetadata:\n annotations:\n kubectl.kubernetes.io/last-applied-configuration: |\n {\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"annotations\":{\"test-service.default.kubernetes.io/logical_switch\":\"attach-subnet\"},\"labels\":{\"app\":\"dynamic\"},\"name\":\"test-service\",\"namespace\":\"default\"},\"spec\":{\"ports\":[{\"name\":\"test\",\"port\":80,\"protocol\":\"TCP\",\"targetPort\":80}],\"selector\":{\"app\":\"dynamic\"},\"sessionAffinity\":\"None\",\"type\":\"LoadBalancer\"}}\n ovn.kubernetes.io/vpc: ovn-cluster\n test-service.default.kubernetes.io/logical_switch: attach-subnet\n creationTimestamp: \"2022-06-15T09:01:58Z\"\n labels:\n app: dynamic\n name: test-service\n namespace: default\n resourceVersion: \"38485\"\n uid: 161edee1-7f6e-40f5-9e09-5a52c44267d0\nspec:\n allocateLoadBalancerNodePorts: true\n clusterIP: 10.109.201.193\n clusterIPs:\n - 10.109.201.193\n externalTrafficPolicy: Cluster\n internalTrafficPolicy: Cluster\n ipFamilies:\n - IPv4\n ipFamilyPolicy: SingleStack\n ports:\n - name: test\n nodePort: 30056\n port: 80\n protocol: TCP\n targetPort: 80\n selector:\n app: dynamic\n sessionAffinity: None\n type: LoadBalancer\nstatus:\n loadBalancer:\n ingress:\n - ip: 172.18.0.18\n
"},{"location":"guide/loadbalancer-service/#loadbalancerip","title":"\u6d4b\u8bd5\u200b LoadBalancerIP \u200b\u8bbf\u95ee","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml, \u200b\u521b\u5efa\u200b\u6d4b\u8bd5\u200b Pod\uff0c\u200b\u4f5c\u4e3a\u200b Service \u200b\u7684\u200b Endpoints \u200b\u63d0\u4f9b\u200b\u670d\u52a1\u200b:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: dynamic\n name: dynamic\n namespace: default\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: dynamic\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: dynamic\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n dnsPolicy: ClusterFirst\n restartPolicy: Always\n
\u200b\u6b63\u5e38\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u63d0\u4f9b\u200b\u7684\u200b\u5b50\u7f51\u200b\u5730\u5740\u200b\uff0c\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5916\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u8bbf\u95ee\u200b\u5230\u200b\u3002\u200b\u4e3a\u4e86\u200b\u7b80\u5355\u200b\u9a8c\u8bc1\u200b\uff0c\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\u8bbf\u95ee\u200b Service \u200b\u7684\u200b LoadBalancerIP:Port\uff0c\u200b\u67e5\u770b\u200b\u662f\u5426\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b\u6210\u529f\u200b\u3002
# curl 172.18.0.11:80\n<html>\n<head>\n <title>Hello World!</title>\n <link href='//fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>\n <style>\n body {\n background-color: white;\n text-align: center;\n padding: 50px;\n font-family: \"Open Sans\",\"Helvetica Neue\",Helvetica,Arial,sans-serif;\n }\n #logo {\n margin-bottom: 40px;\n }\n </style>\n</head>\n<body>\n <h1>Hello World!</h1>\n <h3>Links found</h3>\n <h3>I am on dynamic-7d8d7874f5-hsgc4</h3>\n <h3>Cookie =</h3>\n <b>KUBERNETES</b> listening in 443 available at tcp://10.96.0.1:443<br />\n <h3>my name is hanhouchao!</h3>\n <h3> RequestURI='/'</h3>\n</body>\n</html>\n
\u200b\u8fdb\u5165\u200b Service \u200b\u521b\u5efa\u200b\u7684\u200b Pod\uff0c\u200b\u67e5\u770b\u200b\u7f51\u7edc\u200b\u7684\u200b\u4fe1\u606f\u200b
# ip a\n4: net1@if62: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether ba:85:f7:02:9f:42 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 172.18.0.18/16 scope global net1\n valid_lft forever preferred_lft forever\n inet6 fe80::b885:f7ff:fe02:9f42/64 scope link\n valid_lft forever preferred_lft forever\n36: eth0@if37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default\n link/ether 00:00:00:45:f4:29 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 10.16.0.2/16 brd 10.16.255.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe45:f429/64 scope link\n valid_lft forever preferred_lft forever\n\n# ip rule\n0: from all lookup local\n32764: from all iif eth0 lookup 100\n32765: from all iif net1 lookup 100\n32766: from all lookup main\n32767: from all lookup default\n\n# ip route show table 100\ndefault via 172.18.0.1 dev net1\n10.109.201.193 via 10.16.0.1 dev eth0\n172.18.0.0/16 dev net1 scope link\n\n# iptables -t nat -L -n -v\nChain PREROUTING (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n 0 0 DNAT tcp -- * * 0.0.0.0/0 172.18.0.18 tcp dpt:80 to:10.109.201.193:80\n\nChain INPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n\nChain OUTPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n\nChain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n 0 0 MASQUERADE all -- * * 0.0.0.0/0 10.109.201.193\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/mirror/","title":"\u6d41\u91cf\u200b\u955c\u50cf","text":"\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u8fdb\u51fa\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u590d\u5236\u5230\u200b\u4e3b\u673a\u200b\u7684\u200b\u7279\u5b9a\u200b\u7f51\u5361\u200b\u3002\u200b\u7ba1\u7406\u5458\u200b\u6216\u200b\u5f00\u53d1\u8005\u200b \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u76d1\u542c\u200b\u8fd9\u5757\u200b\u7f51\u5361\u200b\u83b7\u5f97\u200b\u5b8c\u6574\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u6765\u200b\u8fdb\u4e00\u6b65\u200b\u8fdb\u884c\u200b\u5206\u6790\u200b\uff0c\u200b\u76d1\u63a7\u200b\uff0c\u200b\u5b89\u5168\u200b\u5ba1\u8ba1\u200b\u7b49\u200b\u64cd\u4f5c\u200b\u3002 \u200b\u4e5f\u200b\u53ef\u200b\u548c\u200b\u4f20\u7edf\u200b\u7684\u200b NPM \u200b\u5bf9\u63a5\u200b\u83b7\u53d6\u200b\u66f4\u200b\u7ec6\u7c92\u5ea6\u200b\u7684\u200b\u6d41\u91cf\u200b\u76d1\u63a7\u200b\u3002
\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5e26\u6765\u200b\u4e00\u5b9a\u200b\u7684\u200b\u6027\u80fd\u200b\u635f\u5931\u200b\uff0c\u200b\u6839\u636e\u200b CPU \u200b\u6027\u80fd\u200b\u4ee5\u53ca\u200b\u6d41\u91cf\u200b\u7684\u200b\u7279\u5f81\u200b\uff0c\u200b\u4f1a\u200b\u6709\u200b 5%~10% \u200b\u7684\u200b \u200b\u989d\u5916\u200b CPU \u200b\u6d88\u8017\u200b\u3002
"},{"location":"guide/mirror/#_2","title":"\u5168\u5c40\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u914d\u7f6e","text":"\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u5173\u95ed\u200b\u72b6\u6001\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u8bf7\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff1a
--enable-mirror=true\uff1a \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002--mirror-iface=mirror0: \u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u6240\u200b\u590d\u5236\u5230\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u200b\u3002\u200b\u8be5\u200b\u7f51\u5361\u200b\u53ef\u200b\u4e3a\u4e3b\u200b\u673a\u4e0a\u200b\u5df2\u200b\u5b58\u5728\u200b\u7684\u200b\u4e00\u5757\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\uff0c \u200b\u6b64\u65f6\u200b\u8be5\u200b\u7f51\u5361\u200b\u4f1a\u200b\u88ab\u200b\u6865\u63a5\u200b\u8fdb\u200b br-int \u200b\u7f51\u6865\u200b\uff0c\u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u4f1a\u200b\u76f4\u63a5\u200b\u63a5\u5165\u200b\u5e95\u5c42\u200b\u4ea4\u6362\u673a\u200b\u3002\u200b\u82e5\u200b\u7f51\u5361\u200b\u540d\u200b\u4e0d\u200b\u5b58\u5728\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u81ea\u52a8\u200b \u200b\u521b\u5efa\u200b\u4e00\u5757\u200b\u540c\u540d\u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u5361\u200b\uff0c\u200b\u7ba1\u7406\u5458\u200b\u6216\u200b\u5f00\u53d1\u8005\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u4e0a\u200b\u901a\u8fc7\u200b\u8be5\u200b\u7f51\u5361\u200b\u83b7\u53d6\u200b\u5f53\u524d\u200b\u8282\u70b9\u200b\u6240\u6709\u200b\u6d41\u91cf\u200b\u3002\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b mirror0\u3002
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u7528\u200b tcpdump \u200b\u6216\u200b\u5176\u4ed6\u200b\u6d41\u91cf\u200b\u5206\u6790\u200b\u5de5\u5177\u200b\u76d1\u542c\u200b mirror0 \u200b\u4e0a\u200b\u7684\u200b\u6d41\u91cf\u200b\uff1a
tcpdump -ni mirror0\n
"},{"location":"guide/mirror/#pod","title":"Pod \u200b\u7ea7\u522b\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u914d\u7f6e","text":"\u200b\u5982\u679c\u200b\u53ea\u200b\u9700\u200b\u5bf9\u200b\u90e8\u5206\u200b Pod \u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u955c\u50cf\u200b\uff0c\u200b\u5219\u200b\u9700\u8981\u200b\u5173\u95ed\u200b\u5168\u5c40\u200b\u7684\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\uff0c\u200b\u7136\u540e\u200b\u5728\u200b\u7279\u5b9a\u200b Pod \u200b\u4e0a\u200b\u589e\u52a0\u200b ovn.kubernetes.io/mirror annotation \u200b\u6765\u200b\u5f00\u542f\u200b Pod \u200b\u7ea7\u522b\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: mirror-pod\n namespace: ls1\n annotations:\n ovn.kubernetes.io/mirror: \"true\"\nspec:\n containers:\n - name: mirror-pod\n image: docker.io/library/nginx:alpine\n
"},{"location":"guide/mirror/#_3","title":"\u6027\u80fd\u200b\u6d4b\u8bd5","text":"\u200b\u5728\u200b\u76f8\u540c\u200b\u73af\u5883\u200b\u4e0a\u200b\uff0c\u200b\u5206\u522b\u200b\u5f00\u542f\u200b\u548c\u200b\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u5f00\u5173\u200b\uff0c\u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b
"},{"location":"guide/mirror/#1-pod-to-pod-in-the-same-nodes","title":"1. Pod to Pod in the same Nodes","text":""},{"location":"guide/mirror/#_4","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 12.7 us 289 Mbits/sec 12.6 us (1.8%) 77.9 Mbits/sec 128 15.5 us 517 Mbits/sec 12.7 us (0%) 155 Mbits/sec 512 12.2 us 1.64 Gbits/sec 12.4 us (0%) 624 Mbits/sec 1k 13 us 2.96 Gbits/sec 11.4 us (0.53%) 1.22 Gbits/sec 4k 18 us 7.67 Gbits/sec 25.7 us (0.41%) 1.50 Gbits/sec"},{"location":"guide/mirror/#_5","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 11.9 us 324 Mbits/sec 12.2 us (0.22%) 102 Mbits/sec 128 10.5 us 582 Mbits/sec 9.5 us (0.21%) 198 Mbits/sec 512 11.6 us 1.84 Gbits/sec 9.32 us (0.091%) 827 Mbits/sec 1k 10.5 us 3.44 Gbits/sec 10 us (1.2%) 1.52 Gbits/sec 4k 16.7 us 8.52 Gbits/sec 18.2 us (1.3%) 2.42 Gbits/sec"},{"location":"guide/mirror/#2-pod-to-pod-in-the-different-nodes","title":"2. Pod to Pod in the different Nodes","text":""},{"location":"guide/mirror/#_6","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 258 us 143 Mbits/sec 237 us (61%) 28.5 Mbits/sec 128 240 us 252 Mbits/sec 231 us (64%) 54.9 Mbits/sec 512 236 us 763 Mbits/sec 256 us (68%) 194 Mbits/sec 1k 242 us 969 Mbits/sec 225 us (62%) 449 Mbits/sec 4k 352 us 1.12 Gbits/sec 382 us (0.71%) 21.4 Mbits/sec"},{"location":"guide/mirror/#_7","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 278 us 140 Mbits/sec 227 us (24%) 59.6 Mbits/sec 128 249 us 265 Mbits/sec 265 us (23%) 114 Mbits/sec 512 233 us 914 Mbits/sec 235 us (21%) 468 Mbits/sec 1k 238 us 1.14 Gbits/sec 240 us (15%) 891 Mbits/sec 4k 370 us 1.25 Gbits/sec 361 us (0.43%) 7.54 Mbits/sec"},{"location":"guide/mirror/#3-node-to-node","title":"3. Node to Node","text":""},{"location":"guide/mirror/#_8","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 205 us 162 Mbits/sec 183 us (11%) 74.2 Mbits/sec 128 222 us 280 Mbits/sec 206 us (6.3%) 155 Mbits/sec 512 220 us 1.04 Gbits/sec 177 us (20%) 503 Mbits/sec 1k 213 us 2.06 Gbits/sec 201 us (8.6%) 1.14 Gbits/sec 4k 280 us 5.01 Gbits/sec 315 us (37%) 1.20 Gbits/sec"},{"location":"guide/mirror/#_9","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 204 us 157 Mbits/sec 204 us (8.8%) 81.9 Mbits/sec 128 213 us 262 Mbits/sec 225 us (19%) 136 Mbits/sec 512 220 us 1.02 Gbits/sec 227 us (21%) 486 Mbits/sec 1k 217 us 1.79 Gbits/sec 218 us (29%) 845 Mbits/sec 4k 275 us 5.27 Gbits/sec 336 us (34%) 1.21 Gbits/sec"},{"location":"guide/mirror/#4-pod-to-the-node-where-the-pod-is-located","title":"4. Pod to the Node where the Pod is located","text":""},{"location":"guide/mirror/#_10","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 12.2 us 295 Mbits/sec 12.7 us (0.27%) 74.1 Mbits/sec 128 14.1 us 549 Mbits/sec 10.6 us (0.41%) 153 Mbits/sec 512 13.5 us 1.83 Gbits/sec 12.7 us (0.23%) 586 Mbits/sec 1k 12 us 2.69 Gbits/sec 13 us (1%) 1.16 Gbits/sec 4k 18.9 us 4.51 Gbits/sec 21.8 us (0.42%) 1.81 Gbits/sec"},{"location":"guide/mirror/#_11","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 10.4 us 335 Mbits/sec 12.2 us (0.75%) 95.4 Mbits/sec 128 12.1 us 561 Mbits/sec 11.3 us (0.25%) 194 Mbits/sec 512 11.6 us 1.87 Gbits/sec 10.7 us (0.66%) 745 Mbits/sec 1k 12.7 us 3.12 Gbits/sec 10.9 us (1.2%) 1.46 Gbits/sec 4k 16.5 us 8.23 Gbits/sec 17.9 us (1.5%) 2.51 Gbits/sec"},{"location":"guide/mirror/#5-pod-to-the-node-where-the-pod-is-not-located","title":"5. Pod to the Node where the Pod is not located","text":""},{"location":"guide/mirror/#_12","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 234 us 153 Mbits/sec 232 us (63%) 29.4 Mbits/sec 128 237 us 261 Mbits/sec 238 us (49%) 76.1 Mbits/sec 512 231 us 701 Mbits/sec 238 us (57%) 279 Mbits/sec 1k 256 us 1.05 Gbits/sec 228 us (56%) 524 Mbits/sec 4k 330 us 1.08 Gbits/sec 359 us (1.5%) 35.7 Mbits/sec"},{"location":"guide/mirror/#_13","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 283 us 141 Mbits/sec 230 us (26%) 55.8 Mbits/sec 128 234 us 255 Mbits/sec 234 us (25%) 113 Mbits/sec 512 246 us 760 Mbits/sec 234 us (22%) 458 Mbits/sec 1k 268 us 1.23 Gbits/sec 242 us (20%) 879 Mbits/sec 4k 326 us 1.20 Gbits/sec 369 us (0.5%) 7.87 Mbits/sec"},{"location":"guide/mirror/#6-pod-to-the-cluster-ip-service","title":"6. Pod to the cluster ip service","text":""},{"location":"guide/mirror/#_14","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 237 us 133 Mbits/sec 213 us (65%) 25.5 Mbits/sec 128 232 us 271 Mbits/sec 222 us (62%) 54.8 Mbits/sec 512 266 us 800 Mbits/sec 234 us (60%) 232 Mbits/sec 1k 248 us 986 Mbits/sec 239 us (50%) 511 Mbits/sec 4k 314 us 1.03 Gbits/sec 367 us (0.6%) 13.2 Mbits/sec TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14305.17 0.87ms 1.48ms 24.46ms 100 29082.07 3.87ms 4.35ms 102.85ms"},{"location":"guide/mirror/#_15","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 241 us 145 Mbits/sec 225 us (19%) 60.2 Mbits/sec 128 245 us 261 Mbits/sec 212 us (15%) 123 Mbits/sec 512 252 us 821 Mbits/sec 219 us (14%) 499 Mbits/sec 1k 253 us 1.08 Gbits/sec 242 us (16%) 852 Mbits/sec 4k 320 us 1.32 Gbits/sec 360 us (0.47%) 6.70 Mbits/sec TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 13634.07 0.96ms 1.72ms 30.07ms 100 30215.23 3.59ms 3.20ms 77.56ms"},{"location":"guide/mirror/#7-host-to-the-node-port-service-where-the-pod-is-not-located-on-the-target-node","title":"7. Host to the Node port service where the Pod is not located on the target Node","text":""},{"location":"guide/mirror/#_16","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14802.73 0.88ms 1.66ms 31.49ms 100 29809.58 3.78ms 4.12ms 105.34ms"},{"location":"guide/mirror/#_17","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14273.33 0.90ms 1.60ms 37.16ms 100 30757.81 3.62ms 3.41ms 59.78ms"},{"location":"guide/mirror/#8-host-to-the-node-port-service-where-the-pod-is-located-on-the-target-node","title":"8. Host to the Node port service where the Pod is located on the target Node","text":""},{"location":"guide/mirror/#_18","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 15402.39 802.50us 1.42ms 30.91ms 100 29424.66 4.05ms 4.31ms 90.60ms"},{"location":"guide/mirror/#_19","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14649.21 0.91ms 1.72ms 43.92ms 100 32143.61 3.66ms 3.76ms 67.02ms \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/networkpolicy-log/","title":"NetworkPolicy \u200b\u65e5\u5fd7","text":"NetworkPolicy \u200b\u4e3a\u200b Kubernetes \u200b\u63d0\u4f9b\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u63a5\u53e3\u200b\uff0cKube-OVN \u200b\u901a\u8fc7\u200b OVN \u200b\u7684\u200b ACL \u200b\u8fdb\u884c\u200b\u4e86\u200b\u5b9e\u73b0\u200b\u3002 \u200b\u4f7f\u7528\u200b\u4e86\u200b NetworkPolicy \u200b\u540e\u200b\u5982\u679c\u200b\u51fa\u73b0\u200b\u7f51\u7edc\u200b\u4e0d\u901a\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0c\u200b\u96be\u4ee5\u200b\u5224\u65ad\u200b\u662f\u200b\u7f51\u7edc\u6545\u969c\u200b\u95ee\u9898\u200b\u8fd8\u662f\u200b NetworkPolicy \u200b\u89c4\u5219\u200b\u8bbe\u7f6e\u200b\u95ee\u9898\u200b\u5bfc\u81f4\u200b\u7684\u200b\u7f51\u7edc\u200b\u4e2d\u65ad\u200b\u3002 Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b NetworkPolicy \u200b\u65e5\u5fd7\u200b\u529f\u80fd\u200b\uff0c\u200b\u5e2e\u52a9\u200b\u7ba1\u7406\u5458\u200b\u5feb\u901f\u200b\u5b9a\u4f4d\u200b NetworkPolicy Drop \u200b\u89c4\u5219\u200b\u662f\u5426\u200b\u547d\u4e2d\u200b\uff0c\u200b\u5e76\u200b\u8bb0\u5f55\u200b\u6709\u200b\u54ea\u4e9b\u200b\u975e\u6cd5\u200b\u8bbf\u95ee\u200b\u3002
NetworkPolicy \u200b\u65e5\u5fd7\u200b\u529f\u80fd\u200b\u4e00\u65e6\u200b\u5f00\u542f\u200b\uff0c\u200b\u5bf9\u200b\u6bcf\u4e2a\u200b\u547d\u4e2d\u200b Drop \u200b\u89c4\u5219\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u90fd\u200b\u9700\u8981\u200b\u6253\u5370\u200b\u65e5\u5fd7\u200b\uff0c\u200b\u4f1a\u200b\u5e26\u6765\u200b\u989d\u5916\u200b\u6027\u80fd\u200b\u5f00\u9500\u200b\u3002 \u200b\u5728\u200b\u6076\u610f\u200b\u653b\u51fb\u200b\u4e0b\u200b\uff0c\u200b\u77ed\u65f6\u95f4\u200b\u5927\u91cf\u200b\u65e5\u5fd7\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u8017\u5c3d\u200b CPU\u3002\u200b\u6211\u4eec\u200b\u5efa\u8bae\u200b\u5728\u200b\u751f\u4ea7\u200b\u73af\u5883\u200b\u9ed8\u8ba4\u200b\u5173\u95ed\u200b\u65e5\u5fd7\u200b\u529f\u80fd\u200b\uff0c\u200b\u5728\u200b\u9700\u8981\u200b\u6392\u67e5\u200b\u95ee\u9898\u200b\u65f6\u200b\uff0c\u200b\u52a8\u6001\u200b\u5f00\u542f\u200b\u65e5\u5fd7\u200b\u3002
"},{"location":"guide/networkpolicy-log/#networkpolicy_1","title":"\u5f00\u542f\u200b NetworkPolicy \u200b\u65e5\u5fd7","text":"\u200b\u5728\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u65e5\u5fd7\u200b\u8bb0\u5f55\u200b\u7684\u200b NetworkPolicy \u200b\u4e2d\u200b\u589e\u52a0\u200b annotation ovn.kubernetes.io/enable_log\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: default-deny-ingress\n namespace: kube-system\n annotations:\n ovn.kubernetes.io/enable_log: \"true\"\nspec:\n podSelector: {}\n policyTypes:\n - Ingress\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5bf9\u5e94\u200b Pod \u200b\u6240\u5728\u200b\u4e3b\u673a\u200b\u7684\u200b /var/log/ovn/ovn-controller.log \u200b\u4e2d\u200b\u89c2\u5bdf\u200b\u5230\u200b\u88ab\u200b\u4e22\u5f03\u200b\u6570\u636e\u5305\u200b\u7684\u200b\u65e5\u5fd7\u200b\uff1a
# tail -f /var/log/ovn/ovn-controller.log\n2022-07-20T05:55:03.229Z|00394|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=54343,tp_dst=53\n2022-07-20T05:55:06.229Z|00395|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=44187,tp_dst=53\n2022-07-20T05:55:08.230Z|00396|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=54274,tp_dst=53\n2022-07-20T05:55:11.231Z|00397|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=32778,tp_dst=53\n2022-07-20T05:55:11.231Z|00398|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=34188,tp_dst=53\n2022-07-20T05:55:13.231Z|00399|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=43290,tp_dst=53\n2022-07-20T05:55:22.096Z|00400|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n2022-07-20T05:55:22.097Z|00401|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n2022-07-20T05:55:22.098Z|00402|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n
"},{"location":"guide/networkpolicy-log/#networkpolicy_2","title":"\u5173\u95ed\u200b NetworkPolicy \u200b\u65e5\u5fd7","text":"\u200b\u5c06\u200b\u5bf9\u5e94\u200b NetworkPolicy \u200b\u4e2d\u200b\u7684\u200b annotation ovn.kubernetes.io/enable_log \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false \u200b\u5373\u53ef\u200b\u5173\u95ed\u200b NetworkPolicy \u200b\u65e5\u5fd7\u200b\uff1a
kubectl annotate networkpolicy -n kube-system default-deny-ingress ovn.kubernetes.io/enable_log=false --overwrite\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/prometheus-grafana/","title":"\u914d\u7f6e\u200b\u76d1\u63a7\u200b\u548c\u200b\u9762\u677f","text":"Kube-OVN \u200b\u53ef\u4ee5\u200b\u5c06\u200b\u7f51\u7edc\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u4fe1\u606f\u200b\u4ee5\u53ca\u200b\u7f51\u7edc\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u8d28\u91cf\u200b\u4fe1\u606f\u200b\u6307\u6807\u200b\u4ee5\u200b Prometheus \u200b\u6240\u200b\u652f\u6301\u200b\u7684\u200b\u683c\u5f0f\u200b\u5bf9\u5916\u200b\u8f93\u51fa\u200b\u3002
\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b kube-prometheus \u200b\u6240\u200b\u63d0\u4f9b\u200b\u7684\u200b CRD \u200b\u6765\u200b\u5b9a\u4e49\u200b\u76f8\u5e94\u200b\u7684\u200b Prometheus \u200b\u76d1\u63a7\u200b\u89c4\u5219\u200b\u3002 \u200b\u7528\u6237\u200b\u9700\u8981\u200b\u9884\u5148\u200b\u5b89\u88c5\u200b kube-prometheus \u200b\u6765\u200b\u542f\u7528\u200b\u76f8\u5173\u200b\u7684\u200b CRD\u3002Kube-OVN \u200b\u6240\u200b\u652f\u6301\u200b\u7684\u200b\u5168\u90e8\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u8bf7\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b\u539f\u751f\u200b Prometheus \u200b\u8bf7\u200b\u53c2\u8003\u200b\u914d\u7f6e\u200b\u539f\u751f\u200b Prometheus \u200b\u83b7\u53d6\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b \u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/prometheus-grafana/#prometheus-monitor","title":"\u5b89\u88c5\u200b Prometheus Monitor","text":"Kube-OVN \u200b\u4f7f\u7528\u200b Prometheus Monitor CRD \u200b\u6765\u200b\u7ba1\u7406\u200b\u76d1\u63a7\u200b\u8f93\u51fa\u200b\uff1a
# \u200b\u7f51\u54af\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/pinger-monitor.yaml\n# kube-ovn-controller \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/controller-monitor.yaml\n# kube-ovn-cni \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/cni-monitor.yaml\n# ovn \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovn-monitor.yaml\n
Prometheus \u200b\u62c9\u53d6\u200b\u76d1\u63a7\u200b\u65f6\u95f4\u200b\u95f4\u9694\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 15s\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u8c03\u6574\u200b\u9700\u8981\u200b\u4fee\u6539\u200b yaml \u200b\u4e2d\u200b\u7684\u200b interval \u200b\u5b57\u200b\u6bb5\u200b\u3002
"},{"location":"guide/prometheus-grafana/#grafana","title":"\u52a0\u8f7d\u200b Grafana \u200b\u9762\u677f","text":"Kube-OVN \u200b\u8fd8\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u9884\u5148\u200b\u5b9a\u4e49\u200b\u597d\u200b\u7684\u200b Grafana Dashboard \u200b\u5c55\u793a\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u548c\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u76f8\u5173\u200b\u4fe1\u606f\u200b\u3002
\u200b\u4e0b\u8f7d\u200b\u5bf9\u5e94\u200b Dashboard \u200b\u6a21\u677f\u200b\uff1a
# \u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/pinger-grafana.json\n# kube-ovn-controller \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/controller-grafana.json\n# kube-ovn-cni \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/cni-grafana.json\n# ovn \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovn-grafana.json\n# ovs \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovs-grafana.json\n
\u200b\u5728\u200b Grafana \u200b\u4e2d\u200b\u5bfc\u5165\u200b\u6a21\u677f\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u6570\u636e\u6e90\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b Prometheus \u200b\u5373\u53ef\u200b\u770b\u5230\u200b\u5982\u4e0b\u200b Dashboard\uff1a
kube-ovn-controller \u200b\u8fd0\u884c\u72b6\u51b5\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\uff1a
kube-ovn-pinger \u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\uff1a
kube-ovn-cni \u200b\u8fd0\u884c\u72b6\u51b5\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\uff1a
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/prometheus/","title":"\u914d\u7f6e\u200b\u539f\u751f\u200b Prometheus \u200b\u83b7\u53d6\u200b\u76d1\u63a7\u200b\u6570\u636e","text":"Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e30\u5bcc\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\uff0c\u200b\u7528\u4e8e\u200b OVN/OVS \u200b\u5065\u5eb7\u200b\u72b6\u6001\u200b\u68c0\u67e5\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u68c0\u67e5\u200b\u3002Kube-OVN \u200b\u914d\u7f6e\u200b\u4e86\u200b ServiceMonitor\uff0c\u200b\u53ef\u4ee5\u200b\u7528\u4e8e\u200b Prometheus \u200b\u52a8\u6001\u200b\u83b7\u53d6\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
\u200b\u5728\u200b\u67d0\u4e9b\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u53ea\u200b\u5b89\u88c5\u200b\u4e86\u200b Prometheus Server\uff0c\u200b\u6ca1\u6709\u200b\u5b89\u88c5\u200b\u5176\u4ed6\u200b\u7684\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b Prometheus \u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u52a8\u6001\u200b\u83b7\u53d6\u200b\u96c6\u7fa4\u200b\u73af\u5883\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u3002
"},{"location":"guide/prometheus/#prometheus_1","title":"Prometheus \u200b\u914d\u7f6e","text":"\u200b\u4ee5\u4e0b\u200b\u7684\u200b\u914d\u7f6e\u200b\u6587\u6863\u200b\uff0c\u200b\u53c2\u8003\u200b\u81ea\u200b Prometheus \u200b\u670d\u52a1\u200b\u53d1\u73b0\u200b\u3002
"},{"location":"guide/prometheus/#_1","title":"\u6743\u9650\u200b\u914d\u7f6e","text":"Prometheus \u200b\u90e8\u7f72\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\uff0c\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b k8s apiserver \u200b\u6765\u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b\u8d44\u6e90\u200b\uff0c\u200b\u4ece\u800c\u200b\u5b9e\u73b0\u200b\u67e5\u8be2\u200b\u4e1a\u52a1\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u914d\u7f6e\u200b Prometheus \u200b\u9700\u8981\u200b\u7684\u200b\u6743\u9650\u200b\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: prometheus\nrules:\n- apiGroups: [\"\"]\n resources:\n - nodes\n - nodes/proxy\n - services\n - endpoints\n - pods\n verbs: [\"get\", \"list\", \"watch\"]\n- apiGroups:\n - extensions\n resources:\n - ingresses\n verbs: [\"get\", \"list\", \"watch\"]\n- nonResourceURLs: [\"/metrics\"]\n verbs: [\"get\"]\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: prometheus\n namespace: default\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: prometheus\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: prometheus\nsubjects:\n- kind: ServiceAccount\n name: prometheus\n namespace: default\n
"},{"location":"guide/prometheus/#prometheus_2","title":"Prometheus \u200b\u914d\u7f6e\u6587\u4ef6","text":"Prometheus \u200b\u7684\u200b\u542f\u52a8\u200b\uff0c\u200b\u4f9d\u8d56\u4e8e\u200b\u914d\u7f6e\u6587\u4ef6\u200b prometheus.yml\uff0c\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u8be5\u200b\u6587\u4ef6\u200b\u5185\u5bb9\u200b\u914d\u7f6e\u200b\u5728\u200b ConfigMap \u200b\u5185\u200b\uff0c\u200b\u52a8\u6001\u200b\u6302\u8f7d\u200b\u5230\u200b Pod \u200b\u4e2d\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b Prometheus \u200b\u4f7f\u7528\u200b\u7684\u200b ConfigMap \u200b\u6587\u4ef6\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: prometheus-config\ndata:\n prometheus.yml: |-\n global:\n scrape_interval: 15s \n evaluation_interval: 15s\n scrape_configs:\n - job_name: 'prometheus'\n static_configs:\n - targets: ['localhost:9090']\n\n - job_name: 'kubernetes-nodes'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: node\n\n - job_name: 'kubernetes-service'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: service\n\n - job_name: 'kubernetes-endpoints'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: endpoints\n\n - job_name: 'kubernetes-ingress'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: ingress\n\n - job_name: 'kubernetes-pods'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: pod\n
Prometheus \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u57fa\u4e8e\u200b\u89d2\u8272\u200b\u67e5\u8be2\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u76d1\u63a7\u200b\u7684\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b kubernetes_sd_config\u3002
\u200b\u5728\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\uff0cPrometheus \u200b\u652f\u6301\u200b\u67e5\u8be2\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u7684\u200b\u89d2\u8272\u200b\u5305\u542b\u200b node\u3001service\u3001pod\u3001endpoints \u200b\u548c\u200b ingress\u3002\u200b\u5728\u200b ConfigMap \u200b\u914d\u7f6e\u6587\u4ef6\u200b\u4e2d\u200b\u7ed9\u51fa\u200b\u4e86\u200b\u4ee5\u4e0a\u200b\u5168\u90e8\u200b\u8d44\u6e90\u200b\u7684\u200b\u76d1\u63a7\u200b\u67e5\u8be2\u200b\u914d\u7f6e\u200b\u793a\u4f8b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u6839\u636e\u200b\u9700\u8981\u200b\u9009\u62e9\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/prometheus/#prometheus_3","title":"Prometheus \u200b\u90e8\u7f72","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml \u200b\u6587\u4ef6\u200b\uff0c\u200b\u90e8\u7f72\u200b Prometheus Server\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: prometheus\n name: prometheus\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: prometheus\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n labels:\n app: prometheus\n spec:\n serviceAccountName: prometheus\n serviceAccount: prometheus\n containers:\n - image: docker.io/prom/prometheus:latest\n imagePullPolicy: IfNotPresent\n name: prometheus\n command:\n - \"/bin/prometheus\"\n args:\n - \"--config.file=/etc/prometheus/prometheus.yml\"\n ports:\n - containerPort: 9090\n protocol: TCP\n volumeMounts:\n - mountPath: \"/etc/prometheus\"\n name: prometheus-config\n volumes:\n - name: prometheus-config\n configMap:\n name: prometheus-config\n
\u200b\u5728\u200b\u90e8\u7f72\u200b\u5b8c\u200b Prometheus \u200b\u4e4b\u540e\u200b\uff0c\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml \u200b\u6587\u4ef6\u200b\uff0c\u200b\u90e8\u7f72\u200b Prometheus Service\uff1a
kind: Service\napiVersion: v1\nmetadata:\n name: prometheus\n namespace: default\n labels:\n name: prometheus\nspec:\n ports:\n - name: test\n protocol: TCP\n port: 9090\n targetPort: 9090\n type: NodePort\n selector:\n app: prometheus\n sessionAffinity: None\n
\u200b\u5c06\u200b Prometheus \u200b\u901a\u8fc7\u200b NodePort \u200b\u66b4\u9732\u200b\u540e\u200b\uff0c\u200b\u5373\u53ef\u200b\u901a\u8fc7\u200b\u8282\u70b9\u200b\u6765\u200b\u8bbf\u95ee\u200b Prometheus\u3002
"},{"location":"guide/prometheus/#prometheus_4","title":"Prometheus \u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u9a8c\u8bc1","text":"\u200b\u67e5\u770b\u200b\u73af\u5883\u200b\u4e0a\u200b Prometheus \u200b\u76f8\u5173\u200b\u7684\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc \nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkubernetes ClusterIP 10.4.0.1 <none> 443/TCP 8d\nprometheus NodePort 10.4.102.222 <none> 9090:32611/TCP 8d\n# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nprometheus-7544b6b84d-v9m8s 1/1 Running 0 3d5h 10.3.0.7 192.168.137.219 <none> <none>\n# kubectl get endpoints -o wide\nNAME ENDPOINTS AGE\nkubernetes 192.168.136.228:6443,192.168.136.232:6443,192.168.137.219:6443 8d\nprometheus 10.3.0.7:9090 8d\n
\u200b\u901a\u8fc7\u200b NodePort \u200b\u8bbf\u95ee\u200b Prometheus\uff0c\u200b\u67e5\u770b\u200b Status/Service Discovery \u200b\u52a8\u6001\u200b\u67e5\u8be2\u200b\u5230\u200b\u7684\u200b\u6570\u636e\u200b\uff1a
\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5f53\u524d\u200b\u53ef\u4ee5\u200b\u67e5\u8be2\u200b\u5230\u200b\u96c6\u7fa4\u200b\u4e0a\u200b\u5168\u90e8\u200b\u7684\u200b Service \u200b\u6570\u636e\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"guide/prometheus/#_2","title":"\u914d\u7f6e\u200b\u67e5\u8be2\u200b\u6307\u5b9a\u200b\u7684\u200b\u8d44\u6e90","text":"\u200b\u4ee5\u4e0a\u200b\u7684\u200b ConfigMap \u200b\u914d\u7f6e\u200b\u4e2d\u200b\uff0c\u200b\u6ca1\u6709\u200b\u6dfb\u52a0\u200b\u8fc7\u6ee4\u200b\u6761\u4ef6\u200b\uff0c\u200b\u67e5\u8be2\u200b\u4e86\u200b\u6240\u6709\u200b\u7684\u200b\u8d44\u6e90\u200b\u6570\u636e\u200b\u3002\u200b\u5982\u679c\u200b\u53ea\u200b\u9700\u8981\u200b\u67d0\u4e2a\u200b\u89d2\u8272\u200b\u7684\u200b\u8d44\u6e90\u200b\u6570\u636e\u200b\uff0c\u200b\u5219\u200b\u53ef\u4ee5\u200b\u6dfb\u52a0\u200b\u8fc7\u6ee4\u200b\u6761\u4ef6\u200b\u3002
\u200b\u4ee5\u200b Service \u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u4fee\u6539\u200b ConfigMap \u200b\u5185\u5bb9\u200b\uff0c\u200b\u53ea\u200b\u67e5\u8be2\u200b\u5173\u5fc3\u200b\u7684\u200b Service \u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u3002
- job_name: 'kubernetes-service'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: service\n relabel_configs:\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]\n action: \"keep\"\n regex: \"true\"\n - action: labelmap\n regex: __meta_kubernetes_service_label_(.+)\n - source_labels: [__meta_kubernetes_namespace]\n target_label: kubernetes_namespace\n - source_labels: [__meta_kubernetes_service_name]\n target_label: kubernetes_service_name\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]\n action: replace\n target_label: __metrics_path__\n regex: \"(.+)\"\n
Service \u200b\u9ed8\u8ba4\u200b\u76d1\u63a7\u200b\u8def\u5f84\u200b\u4e3a\u200b /metrics\u3002\u200b\u5982\u679c\u200b Service \u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u662f\u200b\u5176\u4ed6\u200b\u7684\u200b\u8def\u5f84\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u7ed9\u200b Service \u200b\u6dfb\u52a0\u200b annotation prometheus.io/path \u200b\u6765\u200b\u6307\u5b9a\u200b\u91c7\u96c6\u200b\u8def\u5f84\u200b\u3002
\u200b\u5e94\u7528\u200b\u4ee5\u4e0a\u200b yaml\uff0c\u200b\u66f4\u65b0\u200b ConfigMap \u200b\u4fe1\u606f\u200b\uff0c\u200b\u91cd\u5efa\u200b Prometheus Pod\uff0c\u200b\u4f7f\u200b\u914d\u7f6e\u200b\u751f\u6548\u200b\u3002
\u200b\u67e5\u770b\u200b kube-system Namespace \u200b\u4e0b\u200b\u7684\u200b Service \u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc -n kube-system\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkube-dns ClusterIP 10.4.0.10 <none> 53/UDP,53/TCP,9153/TCP 13d\nkube-ovn-cni ClusterIP 10.4.228.60 <none> 10665/TCP 13d\nkube-ovn-controller ClusterIP 10.4.172.213 <none> 10660/TCP 13d\nkube-ovn-monitor ClusterIP 10.4.242.9 <none> 10661/TCP 13d\nkube-ovn-pinger ClusterIP 10.4.122.52 <none> 8080/TCP 13d\novn-nb ClusterIP 10.4.80.213 <none> 6641/TCP 13d\novn-northd ClusterIP 10.4.126.234 <none> 6643/TCP 13d\novn-sb ClusterIP 10.4.216.249 <none> 6642/TCP 13d\n
\u200b\u7ed9\u200b Service \u200b\u6dfb\u52a0\u200b annotation prometheus.io/scrape=\"true\"\uff1a
# kubectl annotate svc -n kube-system kube-ovn-cni prometheus.io/scrape=true\nservice/kube-ovn-cni annotated\n# kubectl annotate svc -n kube-system kube-ovn-controller prometheus.io/scrape=true\nservice/kube-ovn-controller annotated\n# kubectl annotate svc -n kube-system kube-ovn-monitor prometheus.io/scrape=true\nservice/kube-ovn-monitor annotated\n# kubectl annotate svc -n kube-system kube-ovn-pinger prometheus.io/scrape=true\nservice/kube-ovn-pinger annotated\n
\u200b\u67e5\u770b\u200b\u914d\u7f6e\u200b\u540e\u200b\u7684\u200b Service \u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc -o yaml -n kube-system kube-ovn-controller\napiVersion: v1\nkind: Service\nmetadata:\n annotations:\n helm.sh/chart-version: v3.10.0-alpha.55\n helm.sh/original-name: kube-ovn-controller\n ovn.kubernetes.io/vpc: ovn-cluster\n prometheus.io/scrape: \"true\" // \u200b\u6dfb\u52a0\u200b\u7684\u200b annotation\n labels:\n app: kube-ovn-controller\n name: kube-ovn-controller\n namespace: kube-system\nspec:\n clusterIP: 10.4.172.213\n clusterIPs:\n - 10.4.172.213\n internalTrafficPolicy: Cluster\n ipFamilies:\n - IPv4\n ipFamilyPolicy: SingleStack\n ports:\n - name: metrics\n port: 10660\n protocol: TCP\n targetPort: 10660\n selector:\n app: kube-ovn-controller\n sessionAffinity: None\n type: ClusterIP\nstatus:\n loadBalancer: {}\n
\u200b\u67e5\u770b\u200b Prometheus Status Targets \u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u53ea\u6709\u200b\u6dfb\u52a0\u200b\u4e86\u200b annotation \u200b\u7684\u200b Service \u200b\u88ab\u200b\u8fc7\u6ee4\u51fa\u6765\u200b\uff1a
\u200b\u66f4\u200b\u591a\u200b\u5173\u4e8e\u200b relabel \u200b\u6dfb\u52a0\u200b\u8fc7\u6ee4\u200b\u53c2\u6570\u200b\u7684\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Prometheus-Relabel\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/qos/","title":"\u5bb9\u5668\u200b\u7f51\u7edc\u200b QoS \u200b\u914d\u7f6e","text":"Kube-OVN \u200b\u652f\u6301\u200b\u57fa\u4e8e\u200b\u5355\u4e2a\u200b Pod \u200b\u7684\u200b\u4e24\u79cd\u200b\u4e0d\u540c\u200b\u7c7b\u578b\u200b\u7684\u200b QoS\uff1a
- \u200b\u6700\u5927\u200b\u5e26\u5bbd\u200b\u9650\u5236\u200b QoS\u3002
linux-netem\uff0c\u200b\u6a21\u62df\u200b\u8bbe\u5907\u200b\u5e72\u6270\u200b\u4e22\u5305\u200b\u7b49\u200b\u7684\u200b QoS\uff0c\u200b\u53ef\u200b\u7528\u4e8e\u200b\u6a21\u62df\u200b\u6d4b\u8bd5\u200b\u3002
\u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b Pod \u200b\u7ea7\u522b\u200b QoS \u200b\u4e0d\u200b\u652f\u6301\u200b Namespace \u200b\u6216\u200b Subnet \u200b\u7ea7\u522b\u200b\u7684\u200b QoS \u200b\u9650\u5236\u200b\u3002
"},{"location":"guide/qos/#qos_1","title":"\u57fa\u4e8e\u200b\u6700\u5927\u200b\u5e26\u5bbd\u200b\u9650\u5236\u200b\u7684\u200b QoS","text":"\u200b\u8be5\u200b\u7c7b\u578b\u200b\u7684\u200b QoS \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Pod annotation \u200b\u52a8\u6001\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u4e0d\u200b\u4e2d\u65ad\u200b Pod \u200b\u8fd0\u884c\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\u3002 \u200b\u5e26\u5bbd\u200b\u9650\u901f\u200b\u7684\u200b\u5355\u4f4d\u200b\u4e3a\u200b Mbit/s\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: qos\n namespace: ls1\n annotations:\n ovn.kubernetes.io/ingress_rate: \"3\"\n ovn.kubernetes.io/egress_rate: \"1\"\nspec:\n containers:\n - name: qos\n image: docker.io/library/nginx:alpine\n
\u200b\u4f7f\u7528\u200b annotation \u200b\u52a8\u6001\u200b\u8c03\u6574\u200b QoS\uff1a
kubectl annotate --overwrite pod nginx-74d5899f46-d7qkn ovn.kubernetes.io/ingress_rate=3\n
"},{"location":"guide/qos/#qos_2","title":"\u6d4b\u8bd5\u200b QoS \u200b\u8c03\u6574","text":"\u200b\u90e8\u7f72\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\u9700\u8981\u200b\u7684\u200b\u5bb9\u5668\u200b\uff1a
kind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: perf\n namespace: ls1\n labels:\n app: perf\nspec:\n selector:\n matchLabels:\n app: perf\n template:\n metadata:\n labels:\n app: perf\n spec:\n containers:\n - name: nginx\n image: docker.io/kubeovn/perf\n
\u200b\u8fdb\u5165\u200b\u5176\u4e2d\u200b\u4e00\u4e2a\u200b Pod \u200b\u5e76\u200b\u5f00\u542f\u200b iperf3 server\uff1a
# kubectl exec -it perf-4n4gt -n ls1 sh\n# iperf3 -s\n-----------------------------------------------------------\nServer listening on 5201\n-----------------------------------------------------------\n
\u200b\u8fdb\u5165\u200b\u53e6\u200b\u4e00\u4e2a\u200b Pod \u200b\u8bf7\u6c42\u200b\u4e4b\u524d\u200b\u7684\u200b Pod\uff1a
# kubectl exec -it perf-d4mqc -n ls1 sh\n# iperf3 -c 10.66.0.12\nConnecting to host 10.66.0.12, port 5201\n[ 4] local 10.66.0.14 port 51544 connected to 10.66.0.12 port 5201\n[ ID] Interval Transfer Bandwidth Retr Cwnd\n[ 4] 0.00-1.00 sec 86.4 MBytes 725 Mbits/sec 3 350 KBytes\n[ 4] 1.00-2.00 sec 89.9 MBytes 754 Mbits/sec 118 473 KBytes\n[ 4] 2.00-3.00 sec 101 MBytes 848 Mbits/sec 184 586 KBytes\n[ 4] 3.00-4.00 sec 104 MBytes 875 Mbits/sec 217 671 KBytes\n[ 4] 4.00-5.00 sec 111 MBytes 935 Mbits/sec 175 772 KBytes\n[ 4] 5.00-6.00 sec 100 MBytes 840 Mbits/sec 658 598 KBytes\n[ 4] 6.00-7.00 sec 106 MBytes 890 Mbits/sec 742 668 KBytes\n[ 4] 7.00-8.00 sec 102 MBytes 857 Mbits/sec 764 724 KBytes\n[ 4] 8.00-9.00 sec 97.4 MBytes 817 Mbits/sec 1175 764 KBytes\n[ 4] 9.00-10.00 sec 111 MBytes 934 Mbits/sec 1083 838 KBytes\n- - - - - - - - - - - - - - - - - - - - - - - - -\n[ ID] Interval Transfer Bandwidth Retr\n[ 4] 0.00-10.00 sec 1010 MBytes 848 Mbits/sec 5119 sender\n[ 4] 0.00-10.00 sec 1008 MBytes 846 Mbits/sec receiver\n\niperf Done.\n
\u200b\u4fee\u6539\u200b\u7b2c\u4e00\u4e2a\u200b Pod \u200b\u7684\u200b\u5165\u53e3\u200b\u5e26\u5bbd\u200b QoS\uff1a
kubectl annotate --overwrite pod perf-4n4gt -n ls1 ovn.kubernetes.io/ingress_rate=30\n
\u200b\u518d\u6b21\u200b\u4ece\u200b\u7b2c\u4e8c\u4e2a\u200b Pod \u200b\u6d4b\u8bd5\u200b\u7b2c\u4e00\u4e2a\u200b Pod \u200b\u5e26\u5bbd\u200b\uff1a
# iperf3 -c 10.66.0.12\nConnecting to host 10.66.0.12, port 5201\n[ 4] local 10.66.0.14 port 52372 connected to 10.66.0.12 port 5201\n[ ID] Interval Transfer Bandwidth Retr Cwnd\n[ 4] 0.00-1.00 sec 3.66 MBytes 30.7 Mbits/sec 2 76.1 KBytes\n[ 4] 1.00-2.00 sec 3.43 MBytes 28.8 Mbits/sec 0 104 KBytes\n[ 4] 2.00-3.00 sec 3.50 MBytes 29.4 Mbits/sec 0 126 KBytes\n[ 4] 3.00-4.00 sec 3.50 MBytes 29.3 Mbits/sec 0 144 KBytes\n[ 4] 4.00-5.00 sec 3.43 MBytes 28.8 Mbits/sec 0 160 KBytes\n[ 4] 5.00-6.00 sec 3.43 MBytes 28.8 Mbits/sec 0 175 KBytes\n[ 4] 6.00-7.00 sec 3.50 MBytes 29.3 Mbits/sec 0 212 KBytes\n[ 4] 7.00-8.00 sec 3.68 MBytes 30.9 Mbits/sec 0 294 KBytes\n[ 4] 8.00-9.00 sec 3.74 MBytes 31.4 Mbits/sec 0 398 KBytes\n[ 4] 9.00-10.00 sec 3.80 MBytes 31.9 Mbits/sec 0 526 KBytes\n- - - - - - - - - - - - - - - - - - - - - - - - -\n[ ID] Interval Transfer Bandwidth Retr\n[ 4] 0.00-10.00 sec 35.7 MBytes 29.9 Mbits/sec 2 sender\n[ 4] 0.00-10.00 sec 34.5 MBytes 29.0 Mbits/sec receiver\n\niperf Done.\n
"},{"location":"guide/qos/#linux-netem-qos","title":"linux-netem QoS","text":"RHEL \u200b\u7cfb\u5217\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u9700\u8981\u200b\u5b89\u88c5\u200b netem \u200b\u76f8\u5173\u200b\u6a21\u5757\u200b\uff1a yum install -y kernel-modules-extra && modprobe sch_netem
Pod \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5982\u4e0b\u200b annotation \u200b\u914d\u7f6e\u200b linux-netem \u200b\u7c7b\u578b\u200b QoS\uff1a ovn.kubernetes.io/latency\u3001ovn.kubernetes.io/limit \u200b\u548c\u200b ovn.kubernetes.io/loss\u3002
ovn.kubernetes.io/latency\uff1a\u200b\u8bbe\u7f6e\u200b Pod \u200b\u6d41\u91cf\u200b\u5ef6\u8fdf\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b\u6574\u6570\u200b\uff0c\u200b\u5355\u4f4d\u200b\u4e3a\u200b ms\u3002ovn.kubernetes.io/limit\uff1a \u200b\u4e3a\u200b qdisc \u200b\u961f\u5217\u200b\u53ef\u200b\u5bb9\u7eb3\u200b\u7684\u200b\u6700\u5927\u200b\u6570\u636e\u5305\u200b\u6570\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b\u6574\u5f62\u200b\u6570\u503c\u200b\uff0c\u200b\u4f8b\u5982\u200b 1000\u3002ovn.kubernetes.io/loss\uff1a \u200b\u4e3a\u200b\u8bbe\u7f6e\u200b\u7684\u200b\u62a5\u6587\u200b\u4e22\u5305\u200b\u6982\u7387\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b float \u200b\u7c7b\u578b\u200b\uff0c\u200b\u4f8b\u5982\u200b\u53d6\u503c\u200b\u4e3a\u200b 20\uff0c\u200b\u5219\u200b\u4e3a\u200b\u8bbe\u7f6e\u200b 20% \u200b\u7684\u200b\u4e22\u200b\u5305\u200b\u6982\u7387\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/setup-options/","title":"\u5b89\u88c5\u200b\u548c\u200b\u914d\u7f6e\u200b\u9009\u9879","text":"\u200b\u5728\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u4e2d\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff0cKube-OVN \u200b\u8fd8\u200b\u652f\u6301\u200b\u66f4\u200b\u591a\u200b \u200b\u81ea\u5b9a\u4e49\u200b\u914d\u7f6e\u200b\uff0c\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff0c\u200b\u6216\u8005\u200b\u4e4b\u540e\u200b\u66f4\u6539\u200b\u5404\u4e2a\u200b\u7ec4\u4ef6\u200b\u7684\u200b\u53c2\u6570\u200b\u6765\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u4f1a\u200b\u4ecb\u7ecd\u200b\u8fd9\u4e9b\u200b\u81ea\u5b9a\u4e49\u200b\u9009\u9879\u200b \u200b\u7684\u200b\u4f5c\u7528\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5982\u4f55\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/setup-options/#_2","title":"\u5185\u7f6e\u200b\u7f51\u7edc\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u5728\u200b\u5b89\u88c5\u200b\u65f6\u4f1a\u200b\u914d\u7f6e\u200b\u4e24\u4e2a\u200b\u5185\u7f6e\u200b\u5b50\u7f51\u200b\uff1a
default \u200b\u5b50\u7f51\u200b\uff0c\u200b\u4f5c\u4e3a\u200b Pod \u200b\u5206\u914d\u200b IP \u200b\u4f7f\u7528\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9ed8\u8ba4\u200b CIDR \u200b\u4e3a\u200b 10.16.0.0/16\uff0c\u200b\u7f51\u5173\u200b\u4e3a\u200b 10.16.0.1\u3002join \u200b\u5b50\u7f51\u200b\uff0c\u200b\u4f5c\u4e3a\u200b Node \u200b\u548c\u200b Pod \u200b\u4e4b\u95f4\u200b\u8fdb\u884c\u200b\u7f51\u7edc\u901a\u4fe1\u200b\u7684\u200b\u7279\u6b8a\u200b\u5b50\u7f51\u200b, \u200b\u9ed8\u8ba4\u200b CIDR \u200b\u4e3a\u200b 100.64.0.0/16\uff0c\u200b\u7f51\u5173\u200b\u4e3a\u200b 100.64.0.1\u3002
\u200b\u5728\u200b\u5b89\u88c5\u200b\u65f6\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u5185\u200b\u7684\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u66f4\u6539\u200b\uff1a
POD_CIDR=\"10.16.0.0/16\"\nPOD_GATEWAY=\"10.16.0.1\"\nJOIN_CIDR=\"100.64.0.0/16\"\nEXCLUDE_IPS=\"\"\n
EXCLUDE_IP \u200b\u53ef\u200b\u8bbe\u7f6e\u200b POD_CIDR \u200b\u4e0d\u200b\u8fdb\u884c\u200b\u5206\u914d\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\uff0c\u200b\u683c\u5f0f\u200b\u4e3a\u200b\uff1a192.168.10.20..192.168.10.30\u3002
\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b Overlay \u200b\u60c5\u51b5\u200b\u4e0b\u200b\u8fd9\u200b\u4e24\u4e2a\u200b\u7f51\u7edc\u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u6709\u200b\u7684\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u548c\u200b Service CIDR \u200b\u51b2\u7a81\u200b\u3002
\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u53ef\u4ee5\u200b\u5bf9\u200b\u8fd9\u200b\u4e24\u4e2a\u200b\u7f51\u7edc\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u8bf7\u200b\u53c2\u8003\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u548c\u200b\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b\u3002
"},{"location":"guide/setup-options/#service","title":"Service \u200b\u7f51\u6bb5\u200b\u914d\u7f6e","text":"\u200b\u7531\u4e8e\u200b\u90e8\u5206\u200b kube-proxy \u200b\u8bbe\u7f6e\u200b\u7684\u200b iptables \u200b\u548c\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u4f1a\u200b\u548c\u200b Kube-OVN \u200b\u8bbe\u7f6e\u200b\u7684\u200b\u89c4\u5219\u200b\u4ea7\u751f\u200b\u4ea4\u96c6\u200b\uff0c\u200b\u56e0\u6b64\u200b Kube-OVN \u200b\u9700\u8981\u200b\u77e5\u9053\u200b Service \u200b\u7684\u200b CIDR \u200b\u6765\u200b\u6b63\u786e\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u89c4\u5219\u200b\u3002
\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b\uff1a
SVC_CIDR=\"10.96.0.0/12\" \n
\u200b\u6765\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002
\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\uff1a
args:\n- --service-cluster-ip-range=10.96.0.0/12\n
\u200b\u6765\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
"},{"location":"guide/setup-options/#overlay","title":"Overlay \u200b\u7f51\u5361\u200b\u9009\u62e9","text":"\u200b\u5728\u200b\u8282\u70b9\u200b\u5b58\u5728\u200b\u591a\u5757\u200b\u7f51\u5361\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cKube-OVN \u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u9009\u62e9\u200b Kubernetes Node IP \u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5361\u200b\u4f5c\u4e3a\u200b\u5bb9\u5668\u200b\u95f4\u200b\u8de8\u200b\u8282\u70b9\u200b\u901a\u4fe1\u200b\u7684\u200b\u7f51\u5361\u200b\u5e76\u200b\u5efa\u7acb\u200b\u5bf9\u5e94\u200b\u7684\u200b\u96a7\u9053\u200b\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u9009\u62e9\u200b\u5176\u4ed6\u200b\u7684\u200b\u7f51\u5361\u200b\u5efa\u7acb\u200b\u5bb9\u5668\u200b\u96a7\u9053\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u4fee\u6539\u200b\uff1a
IFACE=eth1\n
\u200b\u8be5\u200b\u9009\u9879\u200b\u652f\u6301\u200b\u4ee5\u200b\u9017\u53f7\u200b\u6240\u200b\u5206\u9694\u200b\u6b63\u5219\u8868\u8fbe\u5f0f\u200b,\u200b\u4f8b\u5982\u200b ens[a-z0-9]*,eth[a-z0-9]*\u3002
\u200b\u5b89\u88c5\u200b\u540e\u200b\u4e5f\u200b\u53ef\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
args:\n- --iface=eth1\n
\u200b\u5982\u679c\u200b\u6bcf\u53f0\u200b\u673a\u5668\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u5747\u200b\u4e0d\u540c\u200b\uff0c\u200b\u4e14\u200b\u6ca1\u6709\u200b\u56fa\u5b9a\u200b\u89c4\u5f8b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u8282\u70b9\u200b annotation ovn.kubernetes.io/tunnel_interface \u200b\u8fdb\u884c\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b\u9010\u4e00\u200b\u914d\u7f6e\u200b\uff0c\u200b\u62e5\u6709\u200b\u8be5\u200b annotation \u200b\u8282\u70b9\u200b\u4f1a\u200b\u8986\u76d6\u200b iface \u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u4f18\u5148\u200b\u4f7f\u7528\u200b annotation\u3002
kubectl annotate node no1 ovn.kubernetes.io/tunnel_interface=ethx\n
"},{"location":"guide/setup-options/#mtu","title":"MTU \u200b\u8bbe\u7f6e","text":"\u200b\u7531\u4e8e\u200b Overlay \u200b\u5c01\u88c5\u200b\u9700\u8981\u200b\u5360\u636e\u200b\u989d\u5916\u200b\u7684\u200b\u7a7a\u95f4\u200b\uff0cKube-OVN \u200b\u5728\u200b\u521b\u5efa\u200b\u5bb9\u5668\u200b\u7f51\u5361\u200b\u65f6\u4f1a\u200b\u6839\u636e\u200b\u9009\u62e9\u200b\u7f51\u5361\u200b\u7684\u200b MTU \u200b\u8fdb\u884c\u200b\u5bb9\u5668\u200b\u7f51\u5361\u200b\u7684\u200b MTU \u200b\u8c03\u6574\u200b\uff0c \u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b Pod \u200b\u7f51\u5361\u200b MTU \u200b\u4e3a\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b MTU - 100\uff0cUnderlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\uff0cPod \u200b\u7f51\u5361\u200b\u548c\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b\u6709\u200b\u76f8\u540c\u200b MTU\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u8c03\u6574\u200b Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b MTU \u200b\u7684\u200b\u5927\u5c0f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u53c2\u6570\u200b\uff1a
args:\n- --mtu=1333\n
"},{"location":"guide/setup-options/#_3","title":"\u5168\u5c40\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u5f00\u542f\u200b\u5168\u5c40\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u521b\u5efa\u200b\u4e00\u5757\u200b mirror0 \u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u5361\u200b\uff0c\u200b\u590d\u5236\u200b\u5f53\u524d\u200b\u673a\u5668\u200b\u6240\u6709\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u5230\u200b\u8be5\u200b\u7f51\u5361\u200b\u4e0a\u200b\uff0c \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b tcpdump \u200b\u53ca\u5176\u200b\u4ed6\u200b\u5de5\u5177\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u5206\u6790\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u914d\u7f6e\u200b\u5f00\u542f\u200b\uff1a
ENABLE_MIRROR=true\n
\u200b\u4e5f\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u53c2\u6570\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b:
args:\n- --enable-mirror=true\n
\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u7684\u200b\u80fd\u529b\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5173\u95ed\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u7ec6\u7c92\u5ea6\u200b\u7684\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u6216\u200b\u9700\u8981\u200b\u5c06\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u5230\u200b\u989d\u5916\u200b\u7684\u200b\u7f51\u5361\u200b\u8bf7\u200b\u53c2\u8003\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002
"},{"location":"guide/setup-options/#lb","title":"LB \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u4f7f\u7528\u200b OVN \u200b\u4e2d\u200b\u7684\u200b L2 LB \u200b\u6765\u200b\u5b9e\u73b0\u200b Service \u200b\u8f6c\u53d1\u200b\uff0c\u200b\u5728\u200b Overlay \u200b\u573a\u666f\u200b\u4e2d\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u4f7f\u7528\u200b kube-proxy \u200b\u6765\u200b\u5b8c\u6210\u200b Service \u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b, \u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u5173\u95ed\u200b Kube-OVN \u200b\u7684\u200b LB \u200b\u529f\u80fd\u200b\u4ee5\u200b\u8fbe\u5230\u200b\u63a7\u5236\u200b\u9762\u200b\u548c\u200b\u6570\u636e\u200b\u9762\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_LB=false\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-lb=false\n
LB \u200b\u7684\u200b\u529f\u80fd\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5f00\u542f\u200b\u3002
\u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u5728\u200b subnet crd \u200b\u5b9a\u4e49\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e86\u200b spec \u200b\u5b57\u200b\u6bb5\u200b enableLb\uff0c\u200b\u5c06\u200b Kube-OVN \u200b\u7684\u200b LB \u200b\u529f\u80fd\u200b\u8fc1\u79fb\u200b\u5230\u200b\u5b50\u7f51\u200b\u5c42\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u5206\u522b\u200b\u8bbe\u7f6e\u200b\u662f\u5426\u200b\u5f00\u542f\u200b LB \u200b\u529f\u80fd\u200b\u3002kube-ovn-controller Deployment \u200b\u4e2d\u200b\u7684\u200b enable-lb \u200b\u53c2\u6570\u200b\u4f5c\u4e3a\u200b\u5168\u5c40\u200b\u53c2\u6570\u200b\uff0c\u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u521b\u5efa\u200b load-balancer \u200b\u8bb0\u5f55\u200b\uff0c\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u65b0\u589e\u200b\u7684\u200b enableLb \u200b\u53c2\u6570\u200b\u7528\u4e8e\u200b\u63a7\u5236\u200b\u5b50\u7f51\u200b\u662f\u5426\u200b\u5173\u8054\u200b load-balancer \u200b\u8bb0\u5f55\u200b\u3002\u200b\u4e4b\u524d\u200b\u7248\u672c\u5347\u7ea7\u200b\u5230\u200b v1.12.0 \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5b50\u7f51\u200b enableLb \u200b\u53c2\u6570\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ee7\u627f\u200b\u539f\u6709\u200b\u7684\u200b\u5168\u5c40\u200b\u5f00\u5173\u200b\u53c2\u6570\u200b\u53d6\u503c\u200b\u3002
"},{"location":"guide/setup-options/#networkpolicy","title":"NetworkPolicy \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u4f7f\u7528\u200b OVN \u200b\u4e2d\u200b\u7684\u200b ACL \u200b\u6765\u200b\u5b9e\u73b0\u200b NetworkPolicy\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u5173\u95ed\u200b NetworkPolicy \u200b\u529f\u80fd\u200b \u200b\u6216\u8005\u200b\u4f7f\u7528\u200b Cilium Chain \u200b\u7684\u200b\u65b9\u5f0f\u200b\u5229\u7528\u200b eBPF \u200b\u5b9e\u73b0\u200b NetworkPolicy\uff0c \u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u5173\u95ed\u200b Kube-OVN \u200b\u7684\u200b NetworkPolicy \u200b\u529f\u80fd\u200b\u4ee5\u200b\u8fbe\u5230\u200b\u63a7\u5236\u200b\u9762\u200b\u548c\u200b\u6570\u636e\u200b\u9762\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_NP=false\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-np=false\n
NetworkPolicy \u200b\u7684\u200b\u80fd\u529b\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5f00\u542f\u200b\u3002
"},{"location":"guide/setup-options/#eip-snat","title":"EIP \u200b\u548c\u200b SNAT \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u4e0b\u200b\u5982\u679c\u200b\u65e0\u9700\u200b\u4f7f\u7528\u200b EIP \u200b\u548c\u200b SNAT \u200b\u7684\u200b\u80fd\u529b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u5173\u95ed\u200b\u76f8\u5173\u200b\u529f\u80fd\u200b\uff0c\u200b\u4ee5\u200b\u51cf\u5c11\u200b kube-ovn-controller \u200b\u5728\u200b\u521b\u5efa\u200b\u548c\u200b\u66f4\u65b0\u200b \u200b\u7f51\u7edc\u200b\u65f6\u200b\u7684\u200b\u68c0\u67e5\u200b\u6d88\u8017\u200b\uff0c\u200b\u5728\u200b\u5927\u89c4\u6a21\u200b\u96c6\u7fa4\u200b\u73af\u5883\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u63d0\u5347\u200b\u5904\u7406\u901f\u5ea6\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_EIP_SNAT=false\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-eip-snat=false\n
EIP \u200b\u548c\u200b SNAT \u200b\u7684\u200b\u80fd\u529b\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5f00\u542f\u200b\u3002\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u76f8\u5173\u200b\u4f7f\u7528\u200b\u548c\u200b\u5176\u4ed6\u200b\u53ef\u200b\u914d\u200b\u53c2\u6570\u200b\u8bf7\u200b\u53c2\u8003\u200b EIP \u200b\u548c\u200b SNAT \u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/setup-options/#load-balancer-service","title":"Load Balancer \u200b\u7c7b\u578b\u200b Service \u200b\u652f\u6301\u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5f00\u542f\u200b\u8be5\u200b\u9009\u9879\u200b\u6765\u200b\u652f\u6301\u200b Load Balancer \u200b\u7c7b\u578b\u200b Service\u3002\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u76f8\u5173\u200b\u4f7f\u7528\u200b\u548c\u200b\u5176\u4ed6\u200b\u53ef\u200b\u914d\u200b\u53c2\u6570\u200b\u8bf7\u200b\u53c2\u8003\u200b LoadBalancer \u200b\u7c7b\u578b\u200b Service\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u5173\u95ed\u200b\uff0c\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_LB_SVC=true\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-lb-svc=true\n
"},{"location":"guide/setup-options/#ecmp","title":"\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b ECMP \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u652f\u6301\u200b\u4e3b\u5907\u200b\u548c\u200b ECMP \u200b\u4e24\u79cd\u200b\u9ad8\u200b\u53ef\u7528\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u542f\u7528\u200b ECMP \u200b\u6a21\u5f0f\u200b\uff0c \u200b\u9700\u8981\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b:
args:\n- --enable-ecmp=true \n
\u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u5728\u200b subnet crd \u200b\u5b9a\u4e49\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e86\u200b spec \u200b\u5b57\u200b\u6bb5\u200b enableEcmp\uff0c\u200b\u5c06\u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b ECMP \u200b\u5f00\u5173\u200b\u63a7\u5236\u200b\u8fc1\u79fb\u200b\u5230\u200b\u5b50\u7f51\u200b\u5c42\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u5206\u522b\u200b\u8bbe\u7f6e\u200b\u662f\u5426\u200b\u5f00\u542f\u200b ECMP \u200b\u6a21\u5f0f\u200b\u3002\u200b\u539f\u6709\u200b\u7684\u200b kube-ovn-controller Deployment \u200b\u4e2d\u200b\u7684\u200b enable-ecmp \u200b\u53c2\u6570\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\u3002\u200b\u4e4b\u524d\u200b\u7248\u672c\u5347\u7ea7\u200b\u5230\u200b v1.12.0 \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5b50\u7f51\u200b\u5f00\u5173\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ee7\u627f\u200b\u539f\u6709\u200b\u7684\u200b\u5168\u5c40\u200b\u5f00\u5173\u200b\u53c2\u6570\u200b\u53d6\u503c\u200b\u3002
\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e0b\u200b\u4e3a\u4e3b\u200b\u5907\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u7f51\u5173\u200b\u76f8\u5173\u200b\u5185\u5bb9\u200b\u8bf7\u200b\u53c2\u8003\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u3002
"},{"location":"guide/setup-options/#kubevirt-vm","title":"Kubevirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u9488\u5bf9\u200b Kubevirt \u200b\u521b\u5efa\u200b\u7684\u200b VM \u200b\u5b9e\u4f8b\u200b\uff0ckube-ovn-controller \u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b\u7c7b\u4f3c\u200b StatefulSet Pod \u200b\u7684\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\u548c\u200b\u7ba1\u7406\u200b\u3002 \u200b\u4ee5\u200b\u8fbe\u5230\u200b VM \u200b\u5b9e\u4f8b\u200b\u5728\u200b\u751f\u547d\u5468\u671f\u200b\u5185\u542f\u505c\u200b\uff0c\u200b\u5347\u7ea7\u200b\uff0c\u200b\u8fc1\u79fb\u200b\u7b49\u200b\u64cd\u4f5c\u8fc7\u7a0b\u200b\u4e2d\u200b\u5730\u5740\u200b\u56fa\u5b9a\u200b\u4e0d\u53d8\u200b\uff0c\u200b\u66f4\u7b26\u200b\u865a\u62df\u5316\u200b\u5408\u200b\u7528\u6237\u200b\u7684\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4f53\u9a8c\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u5728\u200b 1.10.6 \u200b\u540e\u200b\u9ed8\u8ba4\u200b\u5f00\u542f\u200b\uff0c\u200b\u82e5\u200b\u8981\u200b\u5173\u95ed\u200b\u6b64\u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u542f\u52a8\u200b\u547d\u4ee4\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\uff1a
args:\n- --keep-vm-ip=false\n
"},{"location":"guide/setup-options/#cni","title":"CNI \u200b\u914d\u7f6e\u200b\u76f8\u5173\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u5728\u200b /opt/cni/bin \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u5b89\u88c5\u200b CNI \u200b\u6267\u884c\u200b\u6587\u4ef6\u200b\uff0c\u200b\u5728\u200b /etc/cni/net.d \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u5b89\u88c5\u200b CNI \u200b\u914d\u7f6e\u6587\u4ef6\u200b 01-kube-ovn.conflist\u3002 \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u66f4\u6539\u200b\u5b89\u88c5\u200b\u4f4d\u7f6e\u200b\u548c\u200b CNI \u200b\u914d\u7f6e\u6587\u4ef6\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u7684\u200b\u4e0b\u5217\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
CNI_CONF_DIR=\"/etc/cni/net.d\"\nCNI_BIN_DIR=\"/opt/cni/bin\"\nCNI_CONFIG_PRIORITY=\"01\"\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u66f4\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b Volume \u200b\u6302\u8f7d\u200b\u548c\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff1a
volumes:\n- name: cni-conf\n hostPath:\n path: \"/etc/cni/net.d\"\n- name: cni-bin\n hostPath:\n path:\"/opt/cni/bin\"\n...\nargs:\n- --cni-conf-name=01-kube-ovn.conflist\n
"},{"location":"guide/setup-options/#_4","title":"\u96a7\u9053\u200b\u7c7b\u578b\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u9ed8\u8ba4\u200b Overlay \u200b\u7684\u200b\u5c01\u88c5\u200b\u6a21\u5f0f\u200b\u4e3a\u200b Geneve\uff0c\u200b\u5982\u679c\u200b\u60f3\u200b\u66f4\u6362\u200b\u4e3a\u200b Vxlan \u200b\u6216\u200b STT\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u7684\u200b\u4e0b\u5217\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
TUNNEL_TYPE=\"vxlan\"\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u66f4\u6539\u200b ovs-ovn DaemonSet \u200b\u7684\u200b\u73af\u5883\u53d8\u91cf\u200b\uff1a
env:\n- name: TUNNEL_TYPE\n value: \"vxlan\"\n
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b STT \u200b\u96a7\u9053\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u7f16\u8bd1\u200b ovs \u200b\u7684\u200b\u5185\u6838\u6a21\u5757\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b\u3002
\u200b\u4e0d\u540c\u200b\u534f\u8bae\u200b\u5728\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4e2d\u200b\u7684\u200b\u533a\u522b\u200b\u8bf7\u200b\u53c2\u8003\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\u8bf4\u660e\u200b\u3002
"},{"location":"guide/setup-options/#ssl","title":"SSL \u200b\u8bbe\u7f6e","text":"OVN DB \u200b\u7684\u200b API \u200b\u63a5\u53e3\u200b\u652f\u6301\u200b SSL \u200b\u52a0\u5bc6\u200b\u6765\u200b\u4fdd\u8bc1\u200b\u8fde\u63a5\u200b\u5b89\u5168\u200b\uff0c\u200b\u5982\u200b\u8981\u200b\u5f00\u542f\u200b\u53ef\u200b\u8c03\u6574\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u7684\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b:
ENABLE_SSL=true\n
SSL \u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e0b\u200b\u4e3a\u200b\u5173\u95ed\u200b\u6a21\u5f0f\u200b\u3002
"},{"location":"guide/setup-options/#ip","title":"\u7ed1\u5b9a\u200b\u672c\u5730\u200b ip","text":"kube-ovn-controller/kube-ovn-cni/kube-ovn-monitor \u200b\u8fd9\u4e9b\u200b\u670d\u52a1\u200b\u652f\u6301\u200b\u7ed1\u5b9a\u200b\u672c\u5730\u200b ip\uff0c\u200b\u8be5\u200b\u529f\u80fd\u8bbe\u8ba1\u200b\u539f\u56e0\u200b\u4e3b\u8981\u200b\u662f\u56e0\u4e3a\u200b\u67d0\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\u51fa\u4e8e\u200b\u5b89\u5168\u200b\u8003\u8651\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u670d\u52a1\u200b\u7ed1\u5b9a\u200b 0.0.0.0 \uff08\u200b\u6bd4\u5982\u200b\u8be5\u200b\u670d\u52a1\u200b\u90e8\u7f72\u200b\u5728\u200b\u67d0\u4e2a\u200b\u5bf9\u5916\u200b\u7f51\u5173\u200b\u4e0a\u200b\uff0c\u200b\u5916\u90e8\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b\u516c\u7f51\u200b ip \u200b\u5e76\u200b\u6307\u5b9a\u200b\u7aef\u53e3\u200b\u53bb\u200b\u8bbf\u95ee\u200b\u5230\u200b\u8be5\u200b\u670d\u52a1\u200b\uff09\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u662f\u200b\u6253\u5f00\u200b\u7684\u200b\uff0c\u200b\u7531\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\u63a7\u5236\u200b\uff1a
ENABLE_BIND_LOCAL_IP=true\n
\u200b\u4ee5\u200b kube-ovn-monitor \u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u5f00\u542f\u200b\u529f\u80fd\u200b\u540e\u4f1a\u200b\u628a\u200b\u670d\u52a1\u200b\u7ed1\u5b9a\u200b\u672c\u5730\u200b\u7684\u200b pod ip \u200b\u5982\u4e0b\u200b\uff1a
# netstat -tunlp |grep kube-ovn\ntcp 0 0 172.18.0.5:10661 0.0.0.0:* LISTEN 2612/./kube-ovn-mon\n
\u200b\u5b89\u88c5\u200b\u540e\u200b\u4e5f\u200b\u53ef\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b\u670d\u52a1\u200b\u7684\u200b deployment \u200b\u6216\u8005\u200b daemonSet \u200b\u7684\u200b\u73af\u5883\u53d8\u91cf\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
env:\n- name: ENABLE_BIND_LOCAL_IP\n value: \"false\"\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/static-ip-mac/","title":"\u56fa\u5b9a\u200b\u5730\u5740","text":"Kube-OVN \u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u6839\u636e\u200b Pod \u200b\u6240\u5728\u200b Namespace \u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP \u200b\u548c\u200b Mac\u3002 \u200b\u9488\u5bf9\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b\u9700\u8981\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0cKube-OVN \u200b\u6839\u636e\u200b\u4e0d\u540c\u200b\u7684\u200b\u573a\u666f\u200b\uff0c\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u591a\u79cd\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u7684\u200b\u65b9\u6cd5\u200b\uff1a
- \u200b\u5355\u4e2a\u200b Pod \u200b\u56fa\u5b9a\u200b IP/Mac\u3002
- Workload \u200b\u901a\u7528\u200b IP Pool \u200b\u65b9\u5f0f\u200b\u6307\u5b9a\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u3002
- StatefulSet \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u3002
- KubeVirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u3002
"},{"location":"guide/static-ip-mac/#pod-ip-mac","title":"\u5355\u4e2a\u200b Pod \u200b\u56fa\u5b9a\u200b IP \u200b\u548c\u200b Mac","text":"\u200b\u53ef\u4ee5\u200b\u5728\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u901a\u8fc7\u200b annotation \u200b\u6765\u200b\u6307\u5b9a\u200b Pod \u200b\u8fd0\u884c\u200b\u65f6\u200b\u6240\u200b\u9700\u200b\u7684\u200b IP/Mac, kube-ovn-controller \u200b\u8fd0\u884c\u200b\u65f6\u200b\u5c06\u200b\u4f1a\u200b\u8df3\u200b\u8fc7\u200b\u5730\u5740\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u9636\u6bb5\u200b\uff0c\u200b\u7ecf\u8fc7\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\u540e\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u6307\u5b9a\u200b\u5730\u5740\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: static-ip\n annotations:\n ovn.kubernetes.io/ip_address: 10.16.0.15 // \u200b\u53cc\u6808\u200b\u5730\u5740\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u5206\u9694\u200b 10.16.0.15,fd00:10:16::15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\nspec:\n containers:\n - name: static-ip\n image: docker.io/library/nginx:alpine\n
\u200b\u5728\u200b\u4f7f\u7528\u200b annotation \u200b\u5b9a\u4e49\u200b\u5355\u4e2a\u200b Pod IP/Mac \u200b\u65f6\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u4ee5\u4e0b\u51e0\u70b9\u200b\uff1a
- \u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b IP/Mac \u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u6709\u200b\u7684\u200b IP/Mac \u200b\u51b2\u7a81\u200b\u3002
- IP \u200b\u5fc5\u987b\u200b\u5728\u200b\u6240\u5c5e\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u5185\u200b\u3002
- \u200b\u53ef\u4ee5\u200b\u53ea\u200b\u6307\u5b9a\u200b IP \u200b\u6216\u200b Mac\uff0c\u200b\u53ea\u200b\u6307\u5b9a\u200b\u4e00\u4e2a\u200b\u65f6\u200b\uff0c\u200b\u53e6\u200b\u4e00\u4e2a\u200b\u4f1a\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u3002
"},{"location":"guide/static-ip-mac/#workload-ip-pool","title":"Workload \u200b\u901a\u7528\u200b IP Pool \u200b\u56fa\u5b9a\u200b\u5730\u5740","text":"Kube-OVN \u200b\u652f\u6301\u200b\u901a\u8fc7\u200b annotation ovn.kubernetes.io/ip_pool \u200b\u7ed9\u200b Workload\uff08Deployment/StatefulSet/DaemonSet/Job/CronJob\uff09\u200b\u8bbe\u7f6e\u200b\u56fa\u5b9a\u200b IP\u3002 kube-ovn-controller \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u9009\u62e9\u200b ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u6307\u5b9a\u200b\u7684\u200b IP \u200b\u5e76\u200b\u8fdb\u884c\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\u3002
IP Pool \u200b\u7684\u200b Annotation \u200b\u9700\u8981\u200b\u52a0\u200b\u5728\u200b template \u200b\u5185\u200b\u7684\u200b annotation \u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u9664\u4e86\u200b Kubernetes \u200b\u5185\u7f6e\u200b\u7684\u200b Workload \u200b\u7c7b\u578b\u200b\uff0c \u200b\u5176\u4ed6\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b\u7684\u200b Workload \u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u540c\u6837\u200b\u7684\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u5206\u914d\u200b\u3002
"},{"location":"guide/static-ip-mac/#deployment-ip","title":"Deployment \u200b\u56fa\u5b9a\u200b IP \u200b\u793a\u4f8b","text":"apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: ippool\n labels:\n app: ippool\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: ippool\n template:\n metadata:\n labels:\n app: ippool\n annotations:\n ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17 // \u200b\u53cc\u6808\u200b\u5730\u5740\u200b\u4f7f\u7528\u200b\u5206\u200b\u53f7\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b 10.16.0.15,fd00:10:16::000E;10.16.0.16,fd00:10:16::000F;10.16.0.17,fd00:10:16::0010\n spec:\n containers:\n - name: ippool\n image: docker.io/library/nginx:alpine\n
\u200b\u5bf9\u200b Workload \u200b\u4f7f\u7528\u200b\u56fa\u5b9a\u200b IP \u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u4ee5\u4e0b\u51e0\u70b9\u200b\uff1a
ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP \u200b\u5e94\u8be5\u200b\u5c5e\u4e8e\u200b\u6240\u5728\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u5185\u200b\u3002ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP \u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u200b\u4f7f\u7528\u200b\u7684\u200b IP \u200b\u51b2\u7a81\u200b\u3002- \u200b\u5f53\u200b
ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP \u200b\u6570\u91cf\u200b\u5c0f\u4e8e\u200b replicas \u200b\u6570\u91cf\u200b\u65f6\u200b\uff0c\u200b\u591a\u51fa\u200b\u7684\u200b Pod \u200b\u5c06\u200b\u65e0\u6cd5\u200b\u521b\u5efa\u200b\u3002\u200b\u4f60\u200b\u9700\u8981\u200b\u6839\u636e\u200b Workload \u200b\u7684\u200b\u66f4\u65b0\u200b\u7b56\u7565\u200b\u4ee5\u53ca\u200b\u6269\u5bb9\u200b\u89c4\u5212\u200b\u8c03\u6574\u200b ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b IP \u200b\u7684\u200b\u6570\u91cf\u200b\u3002
"},{"location":"guide/static-ip-mac/#statefulset","title":"StatefulSet \u200b\u56fa\u5b9a\u200b\u5730\u5740","text":"StatefulSet \u200b\u9ed8\u8ba4\u200b\u652f\u6301\u200b\u56fa\u5b9a\u200b IP\uff0c\u200b\u800c\u4e14\u200b\u548c\u200b\u5176\u4ed6\u200b Workload \u200b\u76f8\u540c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b ovn.kubernetes.io/ip_pool \u200b\u6765\u200b\u6307\u5b9a\u200b Pod \u200b\u4f7f\u7528\u200b\u7684\u200b IP \u200b\u8303\u56f4\u200b\u3002
\u200b\u7531\u4e8e\u200b StatefulSet \u200b\u591a\u200b\u7528\u4e8e\u200b\u6709\u200b\u72b6\u6001\u200b\u670d\u52a1\u200b\uff0c\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u6807\u793a\u200b\u7684\u200b\u56fa\u5b9a\u200b\u6709\u200b\u66f4\u200b\u9ad8\u200b\u7684\u200b\u8981\u6c42\u200b\uff0cKube-OVN \u200b\u505a\u200b\u4e86\u200b\u7279\u6b8a\u200b\u7684\u200b\u5f3a\u5316\u200b\uff1a
- Pod \u200b\u4f1a\u200b\u6309\u200b\u987a\u5e8f\u200b\u5206\u914d\u200b
ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP\u3002\u200b\u4f8b\u5982\u200b StatefulSet \u200b\u7684\u200b\u540d\u5b57\u200b\u4e3a\u200b web\uff0c\u200b\u5219\u200b web-0 \u200b\u4f1a\u200b\u4f7f\u7528\u200b ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b\u7b2c\u4e00\u4e2a\u200b IP\uff0c web-1 \u200b\u4f1a\u200b\u4f7f\u7528\u200b\u7b2c\u4e8c\u4e2a\u200b IP\uff0c\u200b\u4ee5\u6b64\u7c7b\u63a8\u200b\u3002 - StatefulSet Pod \u200b\u5728\u200b\u66f4\u65b0\u200b\u6216\u200b\u5220\u9664\u200b\u7684\u200b\u8fc7\u7a0b\u200b\u4e2d\u200b OVN \u200b\u4e2d\u200b\u7684\u200b logical_switch_port \u200b\u4e0d\u4f1a\u200b\u5220\u9664\u200b\uff0c\u200b\u65b0\u200b\u751f\u6210\u200b\u7684\u200b Pod \u200b\u76f4\u63a5\u200b\u590d\u7528\u200b\u65e7\u200b\u7684\u200b interface \u200b\u4fe1\u606f\u200b\u3002\u200b\u56e0\u6b64\u200b Pod \u200b\u53ef\u4ee5\u200b\u590d\u7528\u200b IP/Mac \u200b\u53ca\u5176\u200b\u4ed6\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\uff0c\u200b\u8fbe\u5230\u200b\u548c\u200b StatefulSet Volume \u200b\u7c7b\u4f3c\u200b\u7684\u200b\u72b6\u6001\u200b\u4fdd\u7559\u200b\u529f\u80fd\u200b\u3002
- \u200b\u57fa\u4e8e\u200b 2 \u200b\u7684\u200b\u80fd\u529b\u200b\uff0c\u200b\u5bf9\u4e8e\u200b\u6ca1\u6709\u200b
ovn.kubernetes.io/ip_pool \u200b\u6ce8\u89e3\u200b\u7684\u200b StatefulSet\uff0cPod \u200b\u7b2c\u4e00\u6b21\u200b\u751f\u6210\u200b\u65f6\u4f1a\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP/Mac\uff0c\u200b\u4e4b\u540e\u200b\u5728\u200b\u6574\u4e2a\u200b StatefulSet \u200b\u7684\u200b\u751f\u547d\u5468\u671f\u200b\u5185\u200b\uff0c\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\u90fd\u200b\u4f1a\u200b\u4fdd\u6301\u200b\u56fa\u5b9a\u200b\u3002
"},{"location":"guide/static-ip-mac/#statefulset_1","title":"StatefulSet \u200b\u793a\u4f8b","text":"apiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n name: web\nspec:\n serviceName: \"nginx\"\n replicas: 2\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n ports:\n - containerPort: 80\n name: web\n
\u200b\u53ef\u4ee5\u200b\u5c1d\u8bd5\u200b\u5220\u9664\u200b StatefulSet \u200b\u4e0b\u200b Pod \u200b\u89c2\u5bdf\u200b Pod IP \u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"guide/static-ip-mac/#kubevirt-vm","title":"KubeVirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740","text":"\u200b\u9488\u5bf9\u200b KubeVirt \u200b\u521b\u5efa\u200b\u7684\u200b VM \u200b\u5b9e\u4f8b\u200b\uff0ckube-ovn-controller \u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b\u7c7b\u4f3c\u200b StatefulSet Pod \u200b\u7684\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\u548c\u200b\u7ba1\u7406\u200b\u3002 \u200b\u4ee5\u200b\u8fbe\u5230\u200b VM \u200b\u5b9e\u4f8b\u200b\u5728\u200b\u751f\u547d\u5468\u671f\u200b\u5185\u542f\u505c\u200b\uff0c\u200b\u5347\u7ea7\u200b\uff0c\u200b\u8fc1\u79fb\u200b\u7b49\u200b\u64cd\u4f5c\u8fc7\u7a0b\u200b\u4e2d\u200b\u5730\u5740\u200b\u56fa\u5b9a\u200b\u4e0d\u53d8\u200b\uff0c\u200b\u66f4\u7b26\u200b\u865a\u62df\u5316\u200b\u5408\u200b\u7528\u6237\u200b\u7684\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4f53\u9a8c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/subnet/","title":"\u5b50\u7f51\u200b\u4f7f\u7528","text":"\u200b\u5b50\u7f51\u200b\u662f\u200b Kube-OVN \u200b\u4e2d\u200b\u7684\u200b\u4e00\u4e2a\u200b\u6838\u5fc3\u200b\u6982\u5ff5\u200b\u548c\u200b\u57fa\u672c\u200b\u4f7f\u7528\u200b\u5355\u5143\u200b\uff0cKube-OVN \u200b\u4f1a\u4ee5\u200b\u5b50\u7f51\u200b\u6765\u200b\u7ec4\u7ec7\u200b IP \u200b\u548c\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c\u200b\u6bcf\u4e2a\u200b Namespace \u200b\u53ef\u4ee5\u200b\u5f52\u5c5e\u4e8e\u200b\u7279\u5b9a\u200b\u7684\u200b\u5b50\u7f51\u200b\uff0c Namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u4ece\u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u83b7\u53d6\u200b IP \u200b\u5e76\u200b\u5171\u4eab\u200b\u5b50\u7f51\u200b\u7684\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff08CIDR\uff0c\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b\uff0c\u200b\u8bbf\u95ee\u63a7\u5236\u200b\uff0cNAT \u200b\u63a7\u5236\u200b\u7b49\u200b\uff09\u3002
\u200b\u548c\u200b\u5176\u4ed6\u200b CNI \u200b\u7684\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u5b9e\u73b0\u200b\u4e0d\u540c\u200b\uff0c\u200b\u5728\u200b Kube-OVN \u200b\u4e2d\u5b50\u200b\u7f51\u4e3a\u200b\u4e00\u4e2a\u200b\u5168\u5c40\u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c\u200b\u540c\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u53ef\u4ee5\u200b\u5206\u5e03\u200b\u5728\u200b\u4efb\u610f\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u3002
Overlay \u200b\u548c\u200b Underlay \u200b\u7684\u200b\u5b50\u7f51\u200b\u5728\u200b\u4f7f\u7528\u200b\u548c\u200b\u914d\u7f6e\u200b\u4e0a\u200b\u5b58\u5728\u200b\u4e00\u4e9b\u200b\u5dee\u5f02\u200b\uff0c\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u4f1a\u200b\u4ecb\u7ecd\u200b\u4e0d\u540c\u200b\u7c7b\u578b\u200b\u5b50\u7f51\u200b\u7684\u200b\u4e00\u4e9b\u200b\u5171\u540c\u200b\u914d\u7f6e\u200b\u548c\u200b\u5dee\u5f02\u5316\u200b\u529f\u80fd\u200b\u3002
"},{"location":"guide/subnet/#_2","title":"\u9ed8\u8ba4\u200b\u5b50\u7f51","text":"\u200b\u4e3a\u4e86\u200b\u65b9\u4fbf\u200b\u7528\u6237\u200b\u7684\u200b\u5feb\u901f\u200b\u4e0a\u200b\u624b\u200b\u4f7f\u7528\u200b\uff0cKube-OVN \u200b\u5185\u7f6e\u200b\u4e86\u200b\u4e00\u4e2a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u6240\u6709\u200b\u672a\u200b\u663e\u5f0f\u200b\u58f0\u660e\u200b\u5b50\u7f51\u200b\u5f52\u5c5e\u200b\u7684\u200b Namespace \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u4ece\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u5206\u914d\u200b IP\uff0c \u200b\u5e76\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\u3002\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7684\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u5b89\u88c5\u200b\u65f6\u200b\u6307\u5b9a\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u5185\u7f6e\u200b\u7f51\u7edc\u200b\u8bbe\u7f6e\u200b\uff0c \u200b\u5982\u679c\u200b\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u7684\u200b CIDR \u200b\u8bf7\u200b\u53c2\u8003\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5728\u200b Overlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u4e86\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u5e76\u200b\u5bf9\u200b\u51fa\u7f51\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b NAT \u200b\u8f6c\u6362\u200b\uff0c\u200b\u5176\u200b\u884c\u4e3a\u200b\u548c\u200b Flannel \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u884c\u4e3a\u200b\u57fa\u672c\u4e00\u81f4\u200b\uff0c \u200b\u7528\u6237\u200b\u65e0\u9700\u200b\u989d\u5916\u200b\u7684\u200b\u914d\u7f6e\u200b\u5373\u53ef\u200b\u4f7f\u7528\u200b\u5230\u200b\u5927\u90e8\u5206\u200b\u7684\u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\u3002
\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u4f5c\u4e3a\u200b\u51fa\u7f51\u200b\u7f51\u5173\u200b\uff0c\u200b\u5e76\u200b\u5f00\u542f\u200b arping \u200b\u68c0\u67e5\u200b\u7f51\u7edc\u200b\u8fde\u901a\u6027\u200b\u3002
"},{"location":"guide/subnet/#_3","title":"\u67e5\u770b\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51","text":"\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b spec \u200b\u4e2d\u200b\u7684\u200b default \u200b\u5b57\u6bb5\u200b\u4e3a\u200b true\uff0c\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u4e0b\u200b\u53ea\u6709\u200b\u4e00\u4e2a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u540d\u4e3a\u200b ovn-default\u3002
\u200b\u67e5\u770b\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff1a
# kubectl get subnet ovn-default -o yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n creationTimestamp: \"2019-08-06T09:33:43Z\"\n generation: 1\n name: ovn-default\n resourceVersion: \"1571334\"\n selfLink: /apis/kubeovn.io/v1/subnets/ovn-default\n uid: 7e2451f8-fb44-4f7f-b3e0-cfd27f6fd5d6\nspec:\n cidrBlock: 10.16.0.0/16\n default: true\n excludeIps:\n - 10.16.0.1\n gateway: 10.16.0.1\n gatewayType: distributed\n natOutgoing: true\n private: false\n protocol: IPv4\n
"},{"location":"guide/subnet/#join","title":"Join \u200b\u5b50\u7f51","text":"\u200b\u5728\u200b Kubernetes \u200b\u7684\u200b\u7f51\u7edc\u200b\u89c4\u8303\u200b\u4e2d\u200b\uff0c\u200b\u8981\u6c42\u200b Node \u200b\u53ef\u4ee5\u200b\u548c\u200b\u6240\u6709\u200b\u7684\u200b Pod \u200b\u76f4\u63a5\u200b\u901a\u4fe1\u200b\u3002 \u200b\u4e3a\u4e86\u200b\u5728\u200b Overlay \u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u8fbe\u5230\u200b\u8fd9\u4e2a\u200b\u76ee\u7684\u200b\uff0c Kube-OVN \u200b\u521b\u5efa\u200b\u4e86\u200b\u4e00\u4e2a\u200b join \u200b\u5b50\u7f51\u200b\uff0c \u200b\u5e76\u200b\u5728\u200b\u6bcf\u4e2a\u200b Node \u200b\u8282\u70b9\u200b\u521b\u5efa\u200b\u4e86\u200b\u4e00\u5757\u200b\u865a\u62df\u200b\u7f51\u5361\u200b ovn0 \u200b\u63a5\u5165\u200b join \u200b\u5b50\u7f51\u200b\uff0c\u200b\u901a\u8fc7\u200b\u8be5\u200b\u7f51\u7edc\u200b\u5b8c\u6210\u200b\u8282\u70b9\u200b\u548c\u200b Pod \u200b\u4e4b\u95f4\u200b\u7684\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u3002
\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7684\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u5b89\u88c5\u200b\u65f6\u200b\u6307\u5b9a\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u5185\u7f6e\u200b\u7f51\u7edc\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u5982\u679c\u200b\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u4fee\u6539\u200b\u3002 join \u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u8bf7\u200b\u53c2\u8003\u200b\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b
"},{"location":"guide/subnet/#join_1","title":"\u67e5\u770b\u200b Join \u200b\u5b50\u7f51","text":"\u200b\u6ce8\u610f\u200b\uff1a\u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u65e0\u6cd5\u200b\u901a\u8fc7\u200b hostport, \u200b\u4ee5\u53ca\u200b\u8bbe\u7f6e\u200b\u4e86\u200b externalTrafficPolicy: Local \u200b\u7684\u200b NodePort \u200b\u7c7b\u578b\u200b Service \u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\uff0c
\u200b\u8be5\u200b\u5b50\u7f51\u200b\u9ed8\u8ba4\u200b\u540d\u4e3a\u200b join \u200b\u4e00\u822c\u200b\u65e0\u9700\u200b\u5bf9\u200b\u8be5\u200b\u5b50\u7f51\u200b CIDR \u200b\u5916\u200b\u7684\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
# kubectl get subnet join -o yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n creationTimestamp: \"2019-08-06T09:33:43Z\"\n generation: 1\n name: join\n resourceVersion: \"1571333\"\n selfLink: /apis/kubeovn.io/v1/subnets/join\n uid: 9c744810-c678-4d50-8a7d-b8ec12ef91b8\nspec:\n cidrBlock: 100.64.0.0/16\n default: false\n excludeIps:\n - 100.64.0.1\n gateway: 100.64.0.1\n gatewayNode: \"\"\n gatewayType: \"\"\n natOutgoing: false\n private: false\n protocol: IPv4\n
\u200b\u5728\u200b node \u200b\u8282\u70b9\u200b\u67e5\u770b\u200b ovn0 \u200b\u7f51\u5361\u200b\uff1a
# ifconfig ovn0\novn0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1420\n inet 100.64.0.4 netmask 255.255.0.0 broadcast 100.64.255.255\n inet6 fe80::800:ff:fe40:5 prefixlen 64 scopeid 0x20<link>\n ether 0a:00:00:40:00:05 txqueuelen 1000 (Ethernet)\n RX packets 18 bytes 1428 (1.3 KiB)\n RX errors 0 dropped 0 overruns 0 frame 0\n TX packets 19 bytes 1810 (1.7 KiB)\n TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0\n
"},{"location":"guide/subnet/#_4","title":"\u521b\u5efa\u200b\u81ea\u5b9a\u4e49\u200b\u5b50\u7f51","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4ecb\u7ecd\u200b\u521b\u5efa\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u5176\u200b\u548c\u200b\u67d0\u4e2a\u200b Namespace \u200b\u505a\u200b\u5173\u8054\u200b\u7684\u200b\u57fa\u672c\u64cd\u4f5c\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u9ad8\u7ea7\u200b\u914d\u7f6e\u200b\u8bf7\u200b\u53c2\u8003\u200b\u540e\u7eed\u200b\u5185\u5bb9\u200b\u3002
"},{"location":"guide/subnet/#_5","title":"\u521b\u5efa\u200b\u5b50\u7f51","text":"cat <<EOF | kubectl create -f -\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 10.66.0.0/16\n excludeIps:\n - 10.66.0.1..10.66.0.10\n - 10.66.0.101..10.66.0.151\n gateway: 10.66.0.1\n gatewayType: distributed\n natOutgoing: true\n routeTable: \"\"\n namespaces:\n - ns1\n - ns2\nEOF\n
cidrBlock: \u200b\u5b50\u7f51\u200b CIDR \u200b\u8303\u56f4\u200b\uff0c\u200b\u540c\u4e00\u4e2a\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u4e0d\u540c\u200b Subnet CIDR \u200b\u4e0d\u80fd\u200b\u91cd\u53e0\u200b\u3002excludeIps: \u200b\u4fdd\u7559\u200b\u5730\u5740\u200b\u5217\u8868\u200b\uff0c\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u5c06\u200b\u4e0d\u4f1a\u200b\u81ea\u52a8\u200b\u5206\u914d\u200b\u5217\u8868\u200b\u5185\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u53ef\u7528\u200b\u505a\u200b\u56fa\u5b9a\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\u6bb5\u200b\uff0c\u200b\u4e5f\u200b\u53ef\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u907f\u514d\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e2d\u200b\u5df2\u6709\u200b\u8bbe\u5907\u200b\u51b2\u7a81\u200b\u3002gateway\uff1a\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\uff0cOverlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b Kube-OVN \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5206\u914d\u200b\u5bf9\u5e94\u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\uff0cUnderlay \u200b\u6a21\u5f0f\u200b\u4e0b\u8be5\u200b\u5730\u5740\u200b\u9700\u4e3a\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\u3002namespaces: \u200b\u7ed1\u5b9a\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7684\u200b Namespace \u200b\u5217\u8868\u200b\uff0c\u200b\u7ed1\u5b9a\u200b\u540e\u200b Namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u5c06\u4f1a\u200b\u4ece\u200b\u5f53\u524d\u200b\u5b50\u7f51\u200b\u5206\u914d\u200b\u5730\u5740\u200b\u3002routeTable: \u200b\u5173\u8054\u200b\u7684\u200b\u8def\u7531\u8868\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5173\u8054\u200b\u4e3b\u200b\u8def\u7531\u8868\u200b\uff0c\u200b\u8def\u7531\u8868\u200b\u5b9a\u4e49\u200b\u8bf7\u200b\u53c2\u8003\u200b\u9759\u6001\u200b\u8def\u7531\u200b
"},{"location":"guide/subnet/#_6","title":"\u9a8c\u8bc1\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\u751f\u6548","text":"# kubectl create ns ns1\nnamespace/ns1 created\n\n# kubectl run nginx --image=docker.io/library/nginx:alpine -n ns1\ndeployment.apps/nginx created\n\n# kubectl get pod -n ns1 -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nnginx-74d5899f46-n8wtg 1/1 Running 0 10s 10.66.0.11 node1 <none> <none>\n
"},{"location":"guide/subnet/#workload","title":"Workload \u200b\u7ed1\u5b9a\u200b\u5b50\u7f51","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Pod \u200b\u4f1a\u200b\u4ece\u200b Namespace \u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u5185\u200b\u5206\u914d\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u5982\u679c\u200b Namespace \u200b\u4e0b\u200b\u67d0\u4e2a\u200b Workload \u200b\u9700\u8981\u200b\u7279\u6b8a\u200b\u6307\u5b9a\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u8bbe\u7f6e\u200b Pod \u200b\u7684\u200b Annotation ovn.kubernetes.io/logical_switch \u200b\u6765\u200b\u5b9e\u73b0\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: another-subnet\n annotations:\n ovn.kubernetes.io/logical_switch: subnet1\nspec:\n containers:\n - name: another-subnet\n image: docker.io/library/nginx:alpine\n
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u7ed9\u200b Workload \u200b\u7c7b\u578b\u200b\u8d44\u6e90\u200b\u5982\u200b Deployment\uff0cStatefulSet \u200b\u7ed1\u5b9a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b ovn.kubernetes.io/logical_switch Annotation \u200b\u8bbe\u7f6e\u200b\u5728\u200b spec.template.metadata.annotations\u3002
"},{"location":"guide/subnet/#overlay","title":"Overlay \u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u914d\u7f6e","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ea\u200b\u5bf9\u200b Overlay \u200b\u6a21\u5f0f\u200b\u5b50\u7f51\u200b\u751f\u6548\u200b\uff0cUnderlay \u200b\u7c7b\u578b\u200b\u5b50\u7f51\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u501f\u52a9\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u3002
Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u7f51\u5173\u200b\u6765\u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0cKube-OVN \u200b\u76ee\u524d\u200b\u652f\u6301\u200b\u4e24\u79cd\u200b\u7c7b\u578b\u200b\u7684\u200b\u7f51\u5173\u200b\uff1a \u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u548c\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u5bf9\u200b\u7f51\u5173\u200b\u7684\u200b\u7c7b\u578b\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\u3002
\u200b\u4e24\u79cd\u200b\u7c7b\u578b\u200b\u7f51\u5173\u200b\u5747\u200b\u652f\u6301\u200b natOutgoing \u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u65f6\u200b\u662f\u5426\u200b\u9700\u8981\u200b\u8fdb\u884c\u200b snat\u3002
"},{"location":"guide/subnet/#_7","title":"\u5206\u5e03\u5f0f\u200b\u7f51\u5173","text":"\u200b\u5b50\u7f51\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u7c7b\u578b\u200b\u7f51\u5173\u200b\uff0c\u200b\u6bcf\u4e2a\u200b node \u200b\u4f1a\u200b\u4f5c\u4e3a\u200b\u5f53\u524d\u200b node \u200b\u4e0a\u200b pod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u5173\u200b\u3002 \u200b\u6570\u636e\u5305\u200b\u4f1a\u200b\u901a\u8fc7\u200b\u672c\u673a\u200b\u7684\u200b ovn0 \u200b\u7f51\u5361\u200b\u6d41\u5165\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u6808\u200b\uff0c\u200b\u518d\u200b\u6839\u636e\u200b\u4e3b\u673a\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u8fdb\u884c\u200b\u51fa\u7f51\u200b\u3002 \u200b\u5f53\u200b natOutgoing \u200b\u4e3a\u200b true \u200b\u65f6\u200b\uff0cPod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u5f53\u524d\u200b\u6240\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b IP\u3002
\u200b\u5b50\u7f51\u200b\u793a\u4f8b\u200b\uff0c\u200b\u5176\u4e2d\u200b gatewayType \u200b\u5b57\u6bb5\u200b\u4e3a\u200b distributed\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: distributed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: distributed\n natOutgoing: true\n
"},{"location":"guide/subnet/#_8","title":"\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173","text":"\u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u5b50\u7f51\u200b\u5185\u200b\u6d41\u91cf\u200b\u8bbf\u95ee\u200b\u5916\u200b\u7f51\u200b\u4f7f\u7528\u200b\u56fa\u5b9a\u200b\u7684\u200b IP\uff0c\u200b\u4ee5\u4fbf\u200b\u5ba1\u8ba1\u200b\u548c\u200b\u767d\u540d\u5355\u200b\u7b49\u200b\u5b89\u5168\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b\u4e3a\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u3002 \u200b\u5728\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0cPod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u4f1a\u200b\u9996\u5148\u200b\u88ab\u200b\u8def\u7531\u200b\u5230\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u7684\u200b ovn0 \u200b\u7f51\u5361\u200b\uff0c\u200b\u518d\u200b\u901a\u8fc7\u200b\u4e3b\u673a\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u8fdb\u884c\u200b\u51fa\u7f51\u200b\u3002 \u200b\u5f53\u200b natOutgoing \u200b\u4e3a\u200b true \u200b\u65f6\u200b\uff0cPod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u7279\u5b9a\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b IP\u3002
\u200b\u5b50\u7f51\u200b\u793a\u4f8b\u200b\uff0c\u200b\u5176\u4e2d\u200b gatewayType \u200b\u5b57\u6bb5\u200b\u4e3a\u200b centralized\uff0cgatewayNode \u200b\u4e3a\u200b\u7279\u5b9a\u200b\u673a\u5668\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b NodeName\u3002 \u200b\u5176\u4e2d\u200b gatewayNode \u200b\u5b57\u200b\u6bb5\u200b\u53ef\u4ee5\u200b\u4e3a\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u7684\u200b\u591a\u53f0\u200b\u4e3b\u673a\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: centralized\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: centralized\n gatewayNode: \"node1,node2\"\n natOutgoing: true\n
- \u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u6307\u5b9a\u200b\u673a\u5668\u200b\u7684\u200b\u7279\u5b9a\u200b\u7f51\u5361\u200b\u8fdb\u884c\u200b\u51fa\u7f51\u200b\uff0c
gatewayNode \u200b\u53ef\u66f4\u6539\u200b\u4e3a\u200b kube-ovn-worker:172.18.0.2, kube-ovn-control-plane:172.18.0.3 \u200b\u683c\u5f0f\u200b\u3002 - \u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u9ed8\u8ba4\u200b\u4e3a\u4e3b\u200b\u5907\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u53ea\u6709\u200b\u4e3b\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\uff0c \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5207\u6362\u200b\u4e3a\u200b ECMP \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b ECMP \u200b\u5f00\u542f\u200b\u8bbe\u7f6e\u200b\u3002
- \u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u5728\u200b subnet crd \u200b\u5b9a\u4e49\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e86\u200b spec \u200b\u5b57\u200b\u6bb5\u200b
enableEcmp\uff0c\u200b\u5c06\u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b ECMP \u200b\u5f00\u5173\u200b\u63a7\u5236\u200b\u8fc1\u79fb\u200b\u5230\u200b\u5b50\u7f51\u200b\u5c42\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u5206\u522b\u200b\u8bbe\u7f6e\u200b\u662f\u5426\u200b\u5f00\u542f\u200b ECMP \u200b\u6a21\u5f0f\u200b\u3002\u200b\u539f\u6709\u200b\u7684\u200b kube-ovn-controller Deployment \u200b\u4e2d\u200b\u7684\u200b enable-ecmp \u200b\u53c2\u6570\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\u3002\u200b\u4e4b\u524d\u200b\u7248\u672c\u5347\u7ea7\u200b\u5230\u200b v1.12.0 \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5b50\u7f51\u200b\u5f00\u5173\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ee7\u627f\u200b\u539f\u6709\u200b\u7684\u200b\u5168\u5c40\u200b\u5f00\u5173\u200b\u53c2\u6570\u200b\u53d6\u503c\u200b\u3002
"},{"location":"guide/subnet/#acl","title":"\u5b50\u7f51\u200b ACL \u200b\u8bbe\u7f6e","text":"\u200b\u5bf9\u4e8e\u200b\u6709\u200b\u7ec6\u7c92\u5ea6\u200b ACL \u200b\u63a7\u5236\u200b\u7684\u200b\u573a\u666f\u200b\uff0cKube-OVN \u200b\u7684\u200b Subnet \u200b\u63d0\u4f9b\u200b\u4e86\u200b ACL \u200b\u89c4\u5219\u200b\u7684\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5b9e\u73b0\u200b\u7f51\u7edc\u200b\u89c4\u5219\u200b\u7684\u200b\u7cbe\u7ec6\u200b\u63a7\u5236\u200b\u3002
Subnet \u200b\u4e2d\u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u548c\u200b OVN \u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u4e00\u81f4\u200b\uff0c\u200b\u76f8\u5173\u200b\u5b57\u200b\u6bb5\u200b\u5185\u5bb9\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b ovn-nb ACL Table\uff0c match \u200b\u5b57\u200b\u6bb5\u200b\u652f\u6301\u200b\u7684\u200b\u5b57\u200b\u6bb5\u200b\u53ef\u200b\u53c2\u8003\u200b ovn-sb Logical Flow Table\u3002
\u200b\u5141\u8bb8\u200b IP \u200b\u5730\u5740\u200b\u4e3a\u200b 10.10.0.2 \u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u6240\u6709\u200b\u5730\u5740\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u5176\u4ed6\u200b\u5730\u5740\u200b\u4e3b\u52a8\u200b\u8bbf\u95ee\u200b\u81ea\u5df1\u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: acl\nspec:\n acls:\n - action: drop\n direction: to-lport\n match: ip4.dst == 10.10.0.2 && ip\n priority: 1002\n - action: allow-related\n direction: from-lport\n match: ip4.src == 10.10.0.2 && ip\n priority: 1002\n cidrBlock: 10.10.0.0/24\n
"},{"location":"guide/subnet/#_9","title":"\u5b50\u7f51\u200b\u9694\u79bb\u200b\u8bbe\u7f6e","text":"\u200b\u5b50\u7f51\u200b ACL \u200b\u7684\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u8986\u76d6\u200b\u5b50\u7f51\u200b\u9694\u79bb\u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u5e76\u200b\u6709\u200b\u66f4\u597d\u200b\u7684\u200b\u7075\u6d3b\u6027\u200b\uff0c\u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u4f7f\u7528\u200b\u5b50\u7f51\u200b ACL \u200b\u6765\u200b\u505a\u200b\u76f8\u5e94\u200b\u7684\u200b\u914d\u7f6e\u200b\u3002
\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Kube-OVN \u200b\u521b\u5efa\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e4b\u95f4\u200b\u53ef\u4ee5\u200b\u76f8\u4e92\u200b\u901a\u4fe1\u200b\uff0cPod \u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u7f51\u5173\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5982\u9700\u200b\u5bf9\u200b\u5b50\u7f51\u200b\u95f4\u200b\u7684\u200b\u8bbf\u95ee\u200b\u8fdb\u884c\u200b\u63a7\u5236\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b50\u7f51\u200b CRD \u200b\u4e2d\u5c06\u200b private \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true\uff0c\u200b\u5219\u200b\u8be5\u200b\u5b50\u7f51\u200b\u5c06\u200b\u548c\u200b\u5176\u4ed6\u200b\u5b50\u7f51\u200b\u4ee5\u53ca\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u9694\u79bb\u200b\uff0c \u200b\u53ea\u80fd\u200b\u8fdb\u884c\u200b\u5b50\u7f51\u200b\u5185\u90e8\u200b\u7684\u200b\u901a\u4fe1\u200b\u3002\u200b\u5982\u200b\u9700\u5f00\u200b\u767d\u540d\u5355\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b allowSubnets \u200b\u8fdb\u884c\u200b\u8bbe\u7f6e\u200b\u3002allowSubnets \u200b\u5185\u200b\u7684\u200b\u7f51\u6bb5\u200b\u548c\u200b\u8be5\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u53cc\u5411\u200b\u4e92\u8bbf\u200b\u3002
"},{"location":"guide/subnet/#_10","title":"\u5f00\u542f\u200b\u8bbf\u95ee\u63a7\u5236\u200b\u7684\u200b\u5b50\u7f51\u200b\u793a\u4f8b","text":"apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: private\nspec:\n protocol: IPv4\n default: false\n namespaces:\n - ns1\n - ns2\n cidrBlock: 10.69.0.0/16\n private: true\n allowSubnets:\n - 10.16.0.0/16\n - 10.18.0.0/16\n
"},{"location":"guide/subnet/#underlay","title":"Underlay \u200b\u76f8\u5173\u200b\u9009\u9879","text":"\u200b\u8be5\u200b\u90e8\u5206\u200b\u529f\u80fd\u200b\u53ea\u200b\u5bf9\u200b Underlay \u200b\u7c7b\u578b\u200b\u5b50\u7f51\u200b\u751f\u6548\u200b\u3002
vlan: \u200b\u5982\u679c\u200b\u4f7f\u7528\u200b Underlay \u200b\u7f51\u7edc\u200b\uff0c\u200b\u8be5\u5b57\u6bb5\u200b\u7528\u6765\u200b\u63a7\u5236\u200b\u8be5\u200b Subnet \u200b\u548c\u200b\u54ea\u4e2a\u200b Vlan CR \u200b\u8fdb\u884c\u200b\u7ed1\u5b9a\u200b\u3002\u200b\u8be5\u200b\u9009\u9879\u200b\u9ed8\u8ba4\u200b\u4e3a\u7a7a\u200b\u5b57\u7b26\u4e32\u200b\uff0c\u200b\u5373\u200b\u4e0d\u200b\u4f7f\u7528\u200b Underlay \u200b\u7f51\u7edc\u200b\u3002logicalGateway: \u200b\u4e00\u4e9b\u200b Underlay \u200b\u73af\u5883\u200b\u4e3a\u200b\u7eaf\u200b\u4e8c\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u4e0d\u200b\u5b58\u5728\u200b\u7269\u7406\u200b\u7684\u200b\u4e09\u5c42\u200b\u7f51\u5173\u200b\u3002\u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u501f\u52a9\u200b OVN \u200b\u672c\u8eab\u200b\u7684\u200b\u80fd\u529b\u200b\u8bbe\u7f6e\u200b\u4e00\u4e2a\u200b\u865a\u62df\u200b\u7f51\u5173\u200b\uff0c\u200b\u5c06\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u7f51\u7edc\u200b\u6253\u901a\u200b\u3002\u200b\u9ed8\u8ba4\u503c\u200b\u4e3a\u200b\uff1afalse\u3002
"},{"location":"guide/subnet/#_11","title":"\u7f51\u5173\u200b\u68c0\u67e5\u200b\u8bbe\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b kube-ovn-cni \u200b\u5728\u200b\u542f\u52a8\u200b Pod \u200b\u540e\u200b\u4f1a\u200b\u4f7f\u7528\u200b ICMP \u200b\u6216\u200b ARP \u200b\u534f\u8bae\u200b\u8bf7\u6c42\u200b\u7f51\u5173\u200b\u5e76\u200b\u7b49\u5f85\u200b\u8fd4\u56de\u200b\uff0c \u200b\u4ee5\u200b\u9a8c\u8bc1\u200b\u7f51\u7edc\u200b\u5de5\u4f5c\u200b\u6b63\u5e38\u200b\uff0c\u200b\u5728\u200b\u90e8\u5206\u200b Underlay \u200b\u73af\u5883\u200b\u7f51\u5173\u200b\u65e0\u6cd5\u200b\u54cd\u5e94\u200b ICMP \u200b\u8bf7\u6c42\u200b\uff0c\u200b\u6216\u200b\u65e0\u9700\u200b\u7f51\u7edc\u200b\u5916\u90e8\u200b\u8054\u901a\u200b\u7684\u200b\u573a\u666f\u200b \u200b\u53ef\u4ee5\u200b\u5173\u95ed\u200b\u7f51\u5173\u200b\u68c0\u67e5\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: disable-gw-check\nspec:\n disableGatewayCheck: true\n
"},{"location":"guide/subnet/#multicast-snoop","title":"Multicast-Snoop \u200b\u914d\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b subnet \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u5982\u679c\u200b\u53d1\u9001\u200b\u7ec4\u200b\u64ad\u62a5\u200b\u6587\u200b\uff0cOVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u884c\u4e3a\u200b\u662f\u200b\u4f1a\u200b\u5e7f\u64ad\u200b\u7ec4\u200b\u64ad\u62a5\u200b\u6587\u5230\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u6240\u6709\u200b\u7684\u200b Pod\u3002\u200b\u5982\u679c\u200b\u5f00\u542f\u200b subnet \u200b\u7684\u200b multicast snoop \u200b\u5f00\u5173\u200b\uff0cOVN \u200b\u4f1a\u200b\u6839\u636e\u200b South Database \u200b\u4e2d\u200b\u7684\u200b\u7ec4\u64ad\u8868\u200b Multicast_Group \u200b\u6765\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u800c\u200b\u4e0d\u200b\u5728\u200b\u8fdb\u884c\u200b\u5e7f\u64ad\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sample1\nspec:\n enableMulticastSnoop: true\n
"},{"location":"guide/subnet/#subnet-mtu","title":"Subnet MTU \u200b\u914d\u7f6e","text":"\u200b\u914d\u7f6e\u200b Subnet \u200b\u4e0b\u200b Pod \u200b\u7684\u200b MTU\uff0c\u200b\u914d\u7f6e\u200b\u540e\u200b\u9700\u8981\u200b\u91cd\u542f\u200b Subnet \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u624d\u200b\u751f\u6548\u200b
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sample1\nspec:\n mtu: 1300\n
"},{"location":"guide/subnet/#_12","title":"\u5176\u4ed6\u200b\u9ad8\u7ea7\u200b\u8bbe\u7f6e","text":" - IP \u200b\u6c60\u200b\u4f7f\u7528\u200b
- \u200b\u9ed8\u8ba4\u200b VPC NAT \u200b\u7b56\u7565\u200b\u89c4\u5219\u200b
- QoS \u200b\u8bbe\u7f6e\u200b
- \u200b\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406\u200b
- DHCP \u200b\u9009\u9879\u200b
- \u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u8bbe\u7f6e\u200b
- \u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u8bbe\u7f6e\u200b
- \u200b\u865a\u62df\u200b IP \u200b\u8bbe\u7f6e\u200b
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/vpc-qos/","title":"VPC QoS","text":"Kube-OVN \u200b\u652f\u6301\u200b\u4f7f\u7528\u200b QoSPolicy CRD \u200b\u5bf9\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u7684\u200b\u6d41\u91cf\u200b\u901f\u7387\u200b\u8fdb\u884c\u200b\u9650\u5236\u200b\u3002
"},{"location":"guide/vpc-qos/#eip-qos","title":"EIP QoS","text":"\u200b\u5bf9\u200b EIP \u200b\u8fdb\u884c\u200b\u9650\u901f\u200b\uff0c\u200b\u9650\u901f\u200b\u503c\u4e3a\u200b 1Mbps\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u4e3a\u200b 1\uff0c\u200b\u8fd9\u91cc\u200b shared=false\uff0c\u200b\u8868\u793a\u200b\u8fd9\u4e2a\u200b QoSPolicy \u200b\u53ea\u80fd\u200b\u7ed9\u200b\u8fd9\u4e2a\u200b EIP \u200b\u4f7f\u7528\u200b\u4e14\u200b\u652f\u6301\u200b\u52a8\u6001\u200b\u4fee\u6539\u200b QoSPolicy \u200b\u53bb\u200b\u53d8\u66f4\u200b QoS \u200b\u89c4\u5219\u200b\u3002
QoSPolicy \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-eip-example\nspec:\n shared: false\n bindingType: EIP\n bandwidthLimitRules:\n - name: eip-ingress\n rateMax: \"1\" # Mbps\n burstMax: \"1\" # Mbps\n priority: 1\n direction: ingress\n - name: eip-egress\n rateMax: \"1\" # Mbps\n burstMax: \"1\" # Mbps\n priority: 1\n direction: egress\n
IptablesEIP \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-1\nspec:\n natGwDp: gw1\n qosPolicy: qos-eip-example\n
.spec.qosPolicy \u200b\u7684\u200b\u503c\u200b\u652f\u6301\u200b\u521b\u5efa\u200b\u65f6\u200b\u4f20\u5165\u200b\uff0c\u200b\u4e5f\u200b\u652f\u6301\u200b\u521b\u5efa\u200b\u540e\u200b\u4fee\u6539\u200b\u3002
"},{"location":"guide/vpc-qos/#qos-eip","title":"\u67e5\u770b\u200b\u5df2\u200b\u542f\u7528\u200b QoS \u200b\u7684\u200b EIP","text":"\u200b\u901a\u8fc7\u200b label \u200b\u67e5\u770b\u200b\u5df2\u7ecf\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b qos \u200b\u7684\u200b eip\uff1a
# kubectl get eip -l ovn.kubernetes.io/qos=qos-eip-example\nNAME IP MAC NAT NATGWDP READY\neip-1 172.18.11.24 00:00:00:34:41:0B fip gw1 true\n
"},{"location":"guide/vpc-qos/#vpc-natgw-net1-qos","title":"VPC NATGW net1 \u200b\u7f51\u5361\u200b QoS","text":"\u200b\u5bf9\u200b VPC NATGW \u200b\u7684\u200b net1 \u200b\u7f51\u5361\u200b\u901f\u7387\u200b\u8fdb\u884c\u200b\u9650\u5236\u200b\uff0c\u200b\u9650\u901f\u200b\u503c\u4e3a\u200b 10Mbps\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u4e3a\u200b 3\uff0c\u200b\u8fd9\u91cc\u200b shared=true\uff0c\u200b\u8868\u793a\u200b\u8fd9\u4e2a\u200b QoSPolicy \u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u7ed9\u200b\u591a\u4e2a\u200b\u8d44\u6e90\u200b\u4f7f\u7528\u200b\uff0c\u200b\u8fd9\u79cd\u200b\u573a\u666f\u200b\u4e0b\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u4fee\u6539\u200b QoSPolicy \u200b\u7684\u200b\u5185\u5bb9\u200b\u3002
QoSPolicy \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-natgw-example\nspec:\n shared: true\n bindingType: NATGW\n bandwidthLimitRules:\n - name: net1-ingress\n interface: net1\n rateMax: \"10\" # Mbps\n burstMax: \"10\" # Mbps\n priority: 3\n direction: ingress\n - name: net1-egress\n interface: net1\n rateMax: \"10\" # Mbps\n burstMax: \"10\" # Mbps\n priority: 3\n direction: egress\n
VpcNatGateway \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n qosPolicy: qos-natgw-example\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n
.spec.qosPolicy \u200b\u7684\u200b\u503c\u200b\u652f\u6301\u200b\u521b\u5efa\u200b\u4f20\u5165\u200b\uff0c\u200b\u4e5f\u200b\u652f\u6301\u200b\u540e\u7eed\u200b\u4fee\u6539\u200b\u3002
"},{"location":"guide/vpc-qos/#net1-qos","title":"net1 \u200b\u7f51\u5361\u200b\u7279\u5b9a\u200b\u6d41\u91cf\u200b QoS","text":"\u200b\u5bf9\u200b net1 \u200b\u7f51\u5361\u200b\u4e0a\u200b\u7279\u5b9a\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u9650\u901f\u200b\uff0c\u200b\u9650\u901f\u200b\u503c\u4e3a\u200b 5Mbps\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u4e3a\u200b 2\uff0c\u200b\u8fd9\u91cc\u200b shared=true\uff0c\u200b\u8868\u793a\u200b\u8fd9\u4e2a\u200b QoSPolicy \u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u7ed9\u200b\u591a\u4e2a\u200b\u8d44\u6e90\u200b\u4f7f\u7528\u200b\uff0c\u200b\u6b64\u65f6\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u4fee\u6539\u200b QoSPolicy \u200b\u7684\u200b\u5185\u5bb9\u200b\u3002
QoSPolicy \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-natgw-example\nspec:\n shared: true\n bindingType: NATGW\n bandwidthLimitRules:\n - name: net1-extip-ingress\n interface: net1\n rateMax: \"5\" # Mbps\n burstMax: \"5\" # Mbps\n priority: 2\n direction: ingress\n matchType: ip\n matchValue: src 172.18.11.22/32\n - name: net1-extip-egress\n interface: net1\n rateMax: \"5\" # Mbps\n burstMax: \"5\" # Mbps\n priority: 2\n direction: egress\n matchType: ip\n matchValue: dst 172.18.11.23/32\n
VpcNatGateway \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n qosPolicy: qos-natgw-example\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n
"},{"location":"guide/vpc-qos/#qos-natgw","title":"\u67e5\u770b\u200b\u5df2\u200b\u542f\u7528\u200b QoS \u200b\u7684\u200b NATGW","text":"\u200b\u901a\u8fc7\u200b label \u200b\u67e5\u770b\u200b\u5df2\u7ecf\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b qos \u200b\u7684\u200b eip\uff1a
# kubectl get vpc-nat-gw -l ovn.kubernetes.io/qos=qos-natgw-example\nNAME VPC SUBNET LANIP\ngw1 test-vpc-1 net1 10.0.1.254\n
"},{"location":"guide/vpc-qos/#qos","title":"\u67e5\u770b\u200b qos \u200b\u89c4\u5219","text":"# kubectl get qos -A\nNAME SHARED BINDINGTYPE\nqos-eip-example false EIP\nqos-natgw-example true NATGW\n
"},{"location":"guide/vpc-qos/#_1","title":"\u9650\u5236","text":" - \u200b\u53ea\u6709\u200b\u5728\u200b\u672a\u200b\u4f7f\u7528\u200b\u65f6\u200b\u624d\u80fd\u200b\u5220\u9664\u200b QoS \u200b\u7b56\u7565\u200b\u3002\u200b\u56e0\u6b64\u200b\uff0c\u200b\u5728\u200b\u5220\u9664\u200b QoS \u200b\u7b56\u7565\u200b\u4e4b\u524d\u200b\uff0c\u200b\u8bf7\u200b\u5148\u200b\u67e5\u770b\u200b\u5df2\u200b\u542f\u7528\u200b QoS \u200b\u7684\u200b EIP \u200b\u548c\u200b NATGW\uff0c\u200b\u53bb\u6389\u200b\u5b83\u4eec\u200b\u7684\u200b
spec.qosPolicy \u200b\u914d\u7f6e\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/vpc/","title":"VPC \u200b\u4f7f\u7528","text":"Kube-OVN \u200b\u652f\u6301\u200b\u591a\u200b\u79df\u6237\u200b\u9694\u79bb\u200b\u7ea7\u522b\u200b\u7684\u200b VPC \u200b\u7f51\u7edc\u200b\u3002\u200b\u4e0d\u540c\u200b VPC \u200b\u7f51\u7edc\u200b\u76f8\u4e92\u200b\u72ec\u7acb\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5206\u522b\u200b\u914d\u7f6e\u200b Subnet \u200b\u7f51\u6bb5\u200b\uff0c \u200b\u8def\u7531\u200b\u7b56\u7565\u200b\uff0c\u200b\u5b89\u5168\u7b56\u7565\u200b\uff0c\u200b\u51fa\u7f51\u200b\u7f51\u5173\u200b\uff0cEIP \u200b\u7b49\u200b\u914d\u7f6e\u200b\u3002
VPC \u200b\u4e3b\u8981\u200b\u7528\u4e8e\u200b\u6709\u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u5f3a\u200b\u9694\u79bb\u200b\u7684\u200b\u573a\u666f\u200b\uff0c\u200b\u90e8\u5206\u200b Kubernetes \u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\u5728\u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u4e0b\u200b\u5b58\u5728\u200b\u51b2\u7a81\u200b\u3002 \u200b\u4f8b\u5982\u200b\u8282\u70b9\u200b\u548c\u200b Pod \u200b\u4e92\u8bbf\u200b\uff0cNodePort \u200b\u529f\u80fd\u200b\uff0c\u200b\u57fa\u4e8e\u200b\u7f51\u7edc\u200b\u8bbf\u95ee\u200b\u7684\u200b\u5065\u5eb7\u68c0\u67e5\u200b\u548c\u200b DNS \u200b\u80fd\u529b\u200b\u5728\u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u573a\u666f\u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b\u3002 \u200b\u4e3a\u4e86\u200b\u65b9\u4fbf\u200b\u5e38\u89c1\u200b Kubernetes \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\uff0cKube-OVN \u200b\u9ed8\u8ba4\u200b VPC \u200b\u505a\u200b\u4e86\u200b\u7279\u6b8a\u200b\u8bbe\u8ba1\u200b\uff0c\u200b\u8be5\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Subnet \u200b\u53ef\u4ee5\u200b\u6ee1\u8db3\u200b Kubernetes \u200b\u89c4\u8303\u200b\u3002\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u652f\u6301\u200b\u672c\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff0cEIP \u200b\u548c\u200b NAT \u200b\u7f51\u5173\u200b\u7b49\u200b\u529f\u80fd\u200b\u3002 \u200b\u5e38\u89c1\u200b\u9694\u79bb\u200b\u9700\u6c42\u200b\u53ef\u200b\u901a\u8fc7\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u548c\u200b\u5b50\u7f51\u200b ACL \u200b\u5b9e\u73b0\u200b\uff0c\u200b\u5728\u200b\u4f7f\u7528\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u524d\u200b\u8bf7\u200b\u660e\u786e\u200b\u662f\u5426\u200b\u9700\u8981\u200b VPC \u200b\u7ea7\u522b\u200b\u7684\u200b\u9694\u79bb\u200b\uff0c\u200b\u5e76\u200b\u4e86\u89e3\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u9650\u5236\u200b\u3002 \u200b\u5728\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e0b\u200b\uff0c\u200b\u7269\u7406\u200b\u4ea4\u6362\u673a\u200b\u8d1f\u8d23\u200b\u6570\u636e\u200b\u9762\u200b\u8f6c\u53d1\u200b\uff0cVPC \u200b\u65e0\u6cd5\u200b\u5bf9\u200b Underlay \u200b\u5b50\u7f51\u200b\u8fdb\u884c\u200b\u9694\u79bb\u200b\u3002
"},{"location":"guide/vpc/#vpc_1","title":"\u521b\u5efa\u200b\u81ea\u5b9a\u4e49\u200b VPC","text":"\u200b\u521b\u5efa\u200b\u4e24\u4e2a\u200b VPC\uff1a
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n namespaces:\n - ns1\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-2\nspec:\n namespaces:\n - ns2\n
namespaces \u200b\u53ef\u4ee5\u200b\u9650\u5b9a\u200b\u53ea\u6709\u200b\u54ea\u4e9b\u200b Namespace \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5f53\u524d\u200b VPC\uff0c\u200b\u82e5\u4e3a\u200b\u7a7a\u5219\u200b\u4e0d\u200b\u9650\u5b9a\u200b\u3002
\u200b\u521b\u5efa\u200b\u4e24\u4e2a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u5206\u5c5e\u200b\u4e24\u4e2a\u200b\u4e0d\u540c\u200b\u7684\u200b VPC \u200b\u5e76\u200b\u6709\u200b\u76f8\u540c\u200b\u7684\u200b CIDR:
kind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net1\nspec:\n vpc: test-vpc-1\n cidrBlock: 10.0.1.0/24\n protocol: IPv4\n namespaces:\n - ns1\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: test-vpc-2\n cidrBlock: 10.0.1.0/24\n protocol: IPv4\n namespaces:\n - ns2\n
\u200b\u5206\u522b\u200b\u5728\u200b\u4e24\u4e2a\u200b Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b Pod:
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net1\n namespace: ns1\n name: vpc1-pod\nspec:\n containers:\n - name: vpc1-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net2\n namespace: ns2\n name: vpc2-pod\nspec:\n containers:\n - name: vpc2-pod\n image: docker.io/library/nginx:alpine\n
\u200b\u8fd0\u884c\u200b\u6210\u529f\u200b\u540e\u200b\u53ef\u200b\u89c2\u5bdf\u200b\u4e24\u4e2a\u200b Pod \u200b\u5730\u5740\u200b\u5c5e\u4e8e\u200b\u540c\u4e00\u4e2a\u200b CIDR\uff0c\u200b\u4f46\u200b\u7531\u4e8e\u200b\u8fd0\u884c\u200b\u5728\u200b\u4e0d\u540c\u200b\u7684\u200b\u79df\u6237\u200b VPC\uff0c\u200b\u4e24\u4e2a\u200b Pod \u200b\u65e0\u6cd5\u200b\u76f8\u4e92\u200b\u8bbf\u95ee\u200b\u3002
"},{"location":"guide/vpc/#vpc-pod-livenessprobe-readinessprobe","title":"\u81ea\u5b9a\u4e49\u200b VPC Pod \u200b\u652f\u6301\u200b livenessProbe \u200b\u548c\u200b readinessProbe","text":"\u200b\u7531\u4e8e\u200b\u5e38\u89c4\u200b\u914d\u7f6e\u200b\u4e0b\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u548c\u200b\u8282\u70b9\u200b\u7684\u200b\u7f51\u7edc\u200b\u4e4b\u95f4\u200b\u5e76\u200b\u4e0d\u200b\u4e92\u901a\u200b\uff0c\u200b\u6240\u4ee5\u200b kubelet \u200b\u53d1\u9001\u200b\u7684\u200b\u63a2\u6d4b\u200b\u62a5\u6587\u200b\u65e0\u6cd5\u200b\u5230\u8fbe\u200b\u81ea\u200b\u5b9a\u200b VPC \u200b\u5185\u200b\u7684\u200b Pod\u3002Kube-OVN \u200b\u901a\u8fc7\u200b TProxy \u200b\u5c06\u200b kubelet \u200b\u53d1\u9001\u200b\u7684\u200b\u63a2\u6d4b\u200b\u62a5\u6587\u200b\u91cd\u5b9a\u5411\u200b\u5230\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b Pod\uff0c\u200b\u4ece\u800c\u200b\u5b9e\u73b0\u200b\u8fd9\u4e00\u200b\u529f\u80fd\u200b\u3002
\u200b\u914d\u7f6e\u200b\u65b9\u6cd5\u200b\u5982\u4e0b\u200b\uff0c\u200b\u5728\u200b Daemonset kube-ovn-cni \u200b\u4e2d\u200b\u589e\u52a0\u200b\u53c2\u6570\u200b --enable-tproxy=true\uff1a
spec:\n template:\n spec:\n containers:\n - args:\n - --enable-tproxy=true\n
\u200b\u8be5\u200b\u529f\u80fd\u200b\u9650\u5236\u200b\u6761\u4ef6\u200b\uff1a
- \u200b\u5f53\u200b\u540c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0b\u200b\u51fa\u73b0\u200b\u4e0d\u540c\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u5177\u6709\u200b\u76f8\u540c\u200b\u7684\u200b IP\uff0c\u200b\u63a2\u6d4b\u200b\u529f\u80fd\u200b\u5931\u6548\u200b\u3002
- \u200b\u76ee\u524d\u200b\u6682\u65f6\u200b\u53ea\u200b\u652f\u6301\u200b
tcpSocket \u200b\u548c\u200b httpGet \u200b\u4e24\u79cd\u200b\u63a2\u6d4b\u200b\u65b9\u5f0f\u200b\u3002
"},{"location":"guide/vpc/#vpc_2","title":"\u521b\u5efa\u200b VPC \u200b\u7f51\u5173","text":"\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e0d\u200b\u652f\u6301\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u548c\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u3002
VPC \u200b\u5185\u5bb9\u200b\u5668\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b VPC \u200b\u7f51\u5173\u200b\uff0cVPC \u200b\u7f51\u5173\u200b\u53ef\u4ee5\u200b\u6253\u901a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u548c\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b\u63d0\u4f9b\u200b \u200b\u6d6e\u52a8\u200b IP\uff0cSNAT \u200b\u548c\u200b DNAT \u200b\u529f\u80fd\u200b\u3002
VPC \u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u4f9d\u8d56\u200b Multus-CNI \u200b\u7684\u200b\u591a\u200b\u7f51\u5361\u200b\u529f\u80fd\u200b\uff0c\u200b\u5b89\u88c5\u200b\u8bf7\u200b\u53c2\u8003\u200b multus-cni\u3002
"},{"location":"guide/vpc/#_1","title":"\u914d\u7f6e\u200b\u5916\u90e8\u200b\u7f51\u7edc","text":"apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: ovn-vpc-external-network\nspec:\n protocol: IPv4\n provider: ovn-vpc-external-network.kube-system\n cidrBlock: 192.168.0.0/24\n gateway: 192.168.0.1 # IP address of the physical gateway\n excludeIps:\n - 192.168.0.1..192.168.0.10\n---\napiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-vpc-external-network\n namespace: kube-system\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth1\",\n \"mode\": \"bridge\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-vpc-external-network.kube-system\"\n }\n }'\n
- \u200b\u8be5\u200b Subnet \u200b\u7528\u6765\u200b\u7ba1\u7406\u200b\u53ef\u7528\u200b\u7684\u200b\u5916\u90e8\u200b\u5730\u5740\u200b\uff0c\u200b\u7f51\u6bb5\u200b\u5185\u200b\u7684\u200b\u5730\u5740\u200b\u5c06\u4f1a\u200b\u901a\u8fc7\u200b Macvlan \u200b\u5206\u914d\u200b\u7ed9\u200b VPC \u200b\u7f51\u5173\u200b\uff0c\u200b\u8bf7\u200b\u548c\u200b\u7f51\u7edc\u7ba1\u7406\u200b\u6c9f\u901a\u200b\u7ed9\u51fa\u200b\u53ef\u7528\u200b\u7684\u200b\u7269\u7406\u200b\u6bb5\u200b IP\u3002
- VPC \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b Macvlan \u200b\u505a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c
NetworkAttachmentDefinition \u200b\u7684\u200b master \u200b\u9700\u4e3a\u200b\u5bf9\u5e94\u200b\u7269\u7406\u200b\u7f51\u8def\u200b\u7f51\u5361\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u200b\u3002 name \u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u540d\u79f0\u200b\u3002
\u200b\u5728\u200b Macvlan \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u9644\u5c5e\u200b\u7f51\u5361\u200b\u4f1a\u200b\u5c06\u200b\u6570\u636e\u5305\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b\u8be5\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u5bf9\u5916\u200b\u53d1\u9001\u200b\uff0cL2/L3 \u200b\u5c42\u9762\u200b\u7684\u200b\u8f6c\u53d1\u200b\u80fd\u529b\u200b\u9700\u8981\u200b\u4f9d\u8d56\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u3002 \u200b\u9700\u8981\u200b\u9884\u5148\u200b\u5728\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u914d\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5173\u200b\u3001Vlan \u200b\u548c\u200b\u5b89\u5168\u7b56\u7565\u200b\u7b49\u200b\u914d\u7f6e\u200b\u3002
- \u200b\u5bf9\u4e8e\u200b OpenStack \u200b\u7684\u200b VM \u200b\u73af\u5883\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u5bf9\u5e94\u200b\u7f51\u7edc\u200b\u7aef\u53e3\u200b\u7684\u200b
PortSecurity \u200b\u5173\u95ed\u200b\u3002 - \u200b\u5bf9\u4e8e\u200b VMware \u200b\u7684\u200b vSwitch \u200b\u7f51\u7edc\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b
MAC Address Changes, Forged Transmits \u200b\u548c\u200b Promiscuous Mode Operation \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b allow\u3002 - \u200b\u5bf9\u4e8e\u200b Hyper-V \u200b\u865a\u62df\u5316\u200b\uff0c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u865a\u62df\u673a\u200b\u7f51\u5361\u200b\u9ad8\u7ea7\u200b\u529f\u80fd\u200b\u4e2d\u200b\u7684\u200b
MAC Address Spoofing\u3002 - \u200b\u516c\u6709\u200b\u4e91\u200b\uff0c\u200b\u4f8b\u5982\u200b AWS\u3001GCE\u3001\u200b\u963f\u91cc\u200b\u4e91\u200b\u7b49\u200b\u7531\u4e8e\u200b\u4e0d\u200b\u652f\u6301\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b Mac \u200b\u65e0\u6cd5\u200b\u652f\u6301\u200b Macvlan \u200b\u6a21\u5f0f\u200b\u7f51\u7edc\u200b\u3002
- \u200b\u7531\u4e8e\u200b Macvlan \u200b\u672c\u8eab\u200b\u7684\u200b\u9650\u5236\u200b\uff0cMacvlan \u200b\u5b50\u200b\u63a5\u53e3\u200b\u65e0\u6cd5\u8bbf\u95ee\u200b\u7236\u200b\u63a5\u53e3\u200b\u5730\u5740\u200b\u3002
- \u200b\u5982\u679c\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u5bf9\u5e94\u200b\u4ea4\u6362\u673a\u200b\u63a5\u53e3\u200b\u4e3a\u200b Trunk \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u8be5\u200b\u7f51\u5361\u200b\u4e0a\u200b\u521b\u5efa\u200b\u5b50\u200b\u63a5\u53e3\u200b\u518d\u200b\u63d0\u4f9b\u200b\u7ed9\u200b Macvlan \u200b\u4f7f\u7528\u200b\u3002
"},{"location":"guide/vpc/#vpc_3","title":"\u5f00\u542f\u200b VPC \u200b\u7f51\u5173\u200b\u529f\u80fd","text":"VPC \u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b kube-system \u200b\u4e0b\u200b\u7684\u200b ovn-vpc-nat-gw-config \u200b\u5f00\u542f\u200b\uff1a
---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: ovn-vpc-nat-config\n namespace: kube-system\ndata:\n image: 'docker.io/kubeovn/vpc-nat-gateway:v1.12.13' \n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: ovn-vpc-nat-gw-config\n namespace: kube-system\ndata:\n enable-vpc-nat-gw: 'true'\n
image: \u200b\u7f51\u5173\u200b Pod \u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b\u955c\u50cf\u200b\u3002enable-vpc-nat-gw\uff1a \u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u542f\u7528\u200b VPC \u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u3002
"},{"location":"guide/vpc/#vpc_4","title":"\u521b\u5efa\u200b VPC \u200b\u7f51\u5173\u200b\u5e76\u200b\u914d\u7f6e\u200b\u9ed8\u8ba4\u200b\u8def\u7531","text":"kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n externalSubnets:\n - ovn-vpc-external-network\n
vpc\uff1a\u200b\u8be5\u200b VpcNatGateway \u200b\u6240\u5c5e\u200b\u7684\u200b VPC\u3002subnet\uff1a\u200b\u4e3a\u200b VPC \u200b\u5185\u200b\u67d0\u4e2a\u200b Subnet \u200b\u540d\u200b\uff0cVPC \u200b\u7f51\u5173\u200b Pod \u200b\u4f1a\u200b\u5728\u200b\u8be5\u200b\u5b50\u7f51\u200b\u4e0b\u7528\u200b lanIp \u200b\u6765\u200b\u8fde\u63a5\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u3002lanIp\uff1asubnet \u200b\u5185\u200b\u67d0\u4e2a\u200b\u672a\u200b\u88ab\u200b\u4f7f\u7528\u200b\u7684\u200b IP\uff0cVPC \u200b\u7f51\u5173\u200b Pod \u200b\u6700\u7ec8\u200b\u4f1a\u200b\u4f7f\u7528\u200b\u8be5\u200b Pod\u3002\u200b\u5f53\u200b VPC \u200b\u914d\u7f6e\u200b\u8def\u7531\u200b\u9700\u8981\u200b\u6307\u5411\u200b\u5f53\u524d\u200b VpcNatGateway \u200b\u65f6\u200b nextHopIP \u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u8fd9\u4e2a\u200b lanIp\u3002selector\uff1aVpcNatGateway Pod \u200b\u7684\u200b\u8282\u70b9\u200b\u9009\u62e9\u5668\u200b\uff0c\u200b\u683c\u5f0f\u200b\u548c\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b NodeSelector \u200b\u683c\u5f0f\u200b\u76f8\u540c\u200b\u3002externalSubnets\uff1a VPC \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5982\u679c\u200b\u4e0d\u200b\u914d\u7f6e\u200b\u5219\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b ovn-vpc-external-network\uff0c\u200b\u5f53\u524d\u200b\u7248\u672c\u200b\u53ea\u200b\u652f\u6301\u200b\u914d\u7f6e\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5176\u4ed6\u200b\u53ef\u200b\u914d\u200b\u53c2\u6570\u200b\uff1a
tolerations : \u200b\u4e3a\u200b VPC \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b\u5bb9\u5fcd\u5ea6\u200b\uff0c\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u53c2\u8003\u200b \u200b\u6c61\u70b9\u200b\u548c\u200b\u5bb9\u5fcd\u5ea6\u200b\u3002affinity : \u200b\u4e3a\u200b VPC \u200b\u7f51\u5173\u200b Pod \u200b\u6216\u200b\u8282\u70b9\u200b\u914d\u7f6e\u200b\u4eb2\u548c\u6027\u200b\uff0c\u200b\u5177\u4f53\u200b\u8bbe\u7f6e\u200b\u53c2\u8003\u200b \u200b\u4eb2\u548c\u6027\u200b\u4e0e\u200b\u53cd\u200b\u4eb2\u548c\u6027\u200b\u3002
"},{"location":"guide/vpc/#eip","title":"\u521b\u5efa\u200b EIP","text":"EIP \u200b\u4e3a\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u6bb5\u200b\u7684\u200b\u67d0\u4e2a\u200b IP \u200b\u5206\u914d\u200b\u7ed9\u200b VPC \u200b\u7f51\u5173\u200b\u540e\u200b\u53ef\u200b\u8fdb\u884c\u200b DNAT\uff0cSNAT \u200b\u548c\u200b\u6d6e\u52a8\u200b IP \u200b\u64cd\u4f5c\u200b\u3002
\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u4e00\u4e2a\u200b\u5730\u5740\u200b\u7ed9\u200b EIP\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-random\nspec:\n natGwDp: gw1\n
\u200b\u56fa\u5b9a\u200b EIP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n natGwDp: gw1\n v4ip: 10.0.1.111\n
\u200b\u6307\u5b9a\u200b EIP \u200b\u6240\u5728\u200b\u7684\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-random\nspec:\n natGwDp: gw1\n externalSubnet: ovn-vpc-external-network\n
externalSubnet\uff1a EIP \u200b\u6240\u5728\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u540d\u79f0\u200b\uff0c\u200b\u5982\u679c\u200b\u4e0d\u200b\u6307\u5b9a\u200b\u5219\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b ovn-vpc-external-network\uff0c\u200b\u5982\u679c\u200b\u6307\u5b9a\u200b\u5219\u200b\u5fc5\u987b\u200b\u4e3a\u200b\u6240\u5728\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b externalSubnets \u200b\u4e2d\u200b\u7684\u200b\u4e00\u4e2a\u200b\u3002
"},{"location":"guide/vpc/#dnat","title":"\u521b\u5efa\u200b DNAT \u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b DNAT \u200b\u89c4\u5219\u200b\uff0c\u200b\u5916\u90e8\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e00\u4e2a\u200b EIP \u200b\u52a0\u200b\u7aef\u53e3\u200b\u7684\u200b\u65b9\u5f0f\u200b\u6765\u200b\u8bbf\u95ee\u200b VPC \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b IP \u200b\u548c\u200b\u7aef\u53e3\u200b\u3002
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eipd01\nspec:\n natGwDp: gw1\n\n---\nkind: IptablesDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: dnat01\nspec:\n eip: eipd01 \n externalPort: '8888'\n internalIp: 10.0.1.10\n internalPort: '80'\n protocol: tcp\n
"},{"location":"guide/vpc/#snat","title":"\u521b\u5efa\u200b SNAT \u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b SNAT \u200b\u89c4\u5219\u200b\uff0cVPC \u200b\u5185\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7684\u200b\u5730\u5740\u200b\u65f6\u200b\u5c06\u200b\u4f1a\u200b\u901a\u8fc7\u200b\u5bf9\u5e94\u200b EIP \u200b\u8fdb\u884c\u200b SNAT\u3002
---\nkind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eips01\nspec:\n natGwDp: gw1\n---\nkind: IptablesSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat01\nspec:\n eip: eips01\n internalCIDR: 10.0.1.0/24\n
"},{"location":"guide/vpc/#ip","title":"\u521b\u5efa\u200b\u6d6e\u52a8\u200b IP","text":"\u200b\u901a\u8fc7\u200b\u6d6e\u52a8\u200b IP \u200b\u89c4\u5219\u200b\uff0cVPC \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b IP \u200b\u4f1a\u200b\u548c\u200b EIP \u200b\u8fdb\u884c\u200b\u5b8c\u5168\u200b\u6620\u5c04\u200b\uff0c\u200b\u5916\u90e8\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u8fd9\u4e2a\u200b EIP \u200b\u8bbf\u95ee\u200b VPC \u200b\u5185\u200b\u7684\u200b IP\uff0cVPC \u200b\u5185\u200b\u7684\u200b\u8fd9\u4e2a\u200b IP \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u5730\u5740\u200b\u65f6\u200b\u4e5f\u200b\u4f1a\u200b SNAT \u200b\u6210\u200b\u8fd9\u4e2a\u200b EIP\u3002
---\nkind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eipf01\nspec:\n natGwDp: gw1\n\n---\nkind: IptablesFIPRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: fip01\nspec:\n eip: eipf01\n internalIp: 10.0.1.5\n
"},{"location":"guide/vpc/#_2","title":"\u81ea\u5b9a\u4e49\u200b\u8def\u7531","text":"\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u81ea\u5b9a\u4e49\u200b\u7f51\u7edc\u200b\u5185\u90e8\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\uff0c\u200b\u7ed3\u5408\u200b\u7f51\u5173\u200b\u5b9e\u73b0\u200b\u66f4\u200b\u7075\u6d3b\u200b\u7684\u200b\u8f6c\u53d1\u200b\u3002 Kube-OVN \u200b\u652f\u6301\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u548c\u200b\u66f4\u4e3a\u200b\u7075\u6d3b\u200b\u7684\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u3002
"},{"location":"guide/vpc/#_3","title":"\u9759\u6001\u200b\u8def\u7531","text":"kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n staticRoutes:\n - cidr: 0.0.0.0/0\n nextHopIP: 10.0.1.254\n policy: policyDst\n - cidr: 172.31.0.0/24\n nextHopIP: 10.0.1.253\n policy: policySrc\n routeTable: \"rtb1\"\n
policy: \u200b\u652f\u6301\u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u8def\u7531\u200b policyDst \u200b\u548c\u200b\u6e90\u5730\u5740\u200b\u8def\u7531\u200b policySrc\u3002- \u200b\u5f53\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b\u65f6\u200b\uff0cCIDR \u200b\u63a9\u7801\u200b\u8f83\u957f\u200b\u7684\u200b\u89c4\u5219\u200b\u4f18\u5148\u7ea7\u200b\u66f4\u9ad8\u200b\uff0c\u200b\u82e5\u200b\u63a9\u7801\u200b\u957f\u5ea6\u200b\u76f8\u540c\u200b\u5219\u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u8def\u7531\u200b\u4f18\u5148\u200b\u4e8e\u200b\u6e90\u5730\u5740\u200b\u8def\u7531\u200b\u3002
routeTable: \u200b\u53ef\u200b\u6307\u5b9a\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u6240\u5728\u200b\u7684\u200b\u8def\u7531\u8868\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5728\u200b\u4e3b\u200b\u8def\u7531\u8868\u200b\u3002\u200b\u5b50\u7f51\u200b\u5173\u8054\u200b\u8def\u7531\u8868\u200b\u8bf7\u200b\u53c2\u8003\u200b\u521b\u5efa\u200b\u5b50\u7f51\u200b
"},{"location":"guide/vpc/#_4","title":"\u7b56\u7565\u200b\u8def\u7531","text":"\u200b\u9488\u5bf9\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u5339\u914d\u200b\u7684\u200b\u6d41\u91cf\u200b\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u8fdb\u884c\u200b\u66f4\u200b\u7ec6\u7c92\u5ea6\u200b\u7684\u200b\u63a7\u5236\u200b\u3002\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u66f4\u200b\u7cbe\u786e\u200b\u7684\u200b\u5339\u914d\u200b\u89c4\u5219\u200b\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u63a7\u5236\u200b \u200b\u548c\u200b\u66f4\u200b\u591a\u200b\u7684\u200b\u8f6c\u53d1\u200b\u52a8\u4f5c\u200b\u3002\u200b\u8be5\u200b\u529f\u80fd\u200b\u4e3a\u200b OVN \u200b\u5185\u90e8\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\u7b56\u7565\u200b\u529f\u80fd\u200b\u7684\u200b\u4e00\u4e2a\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u4f7f\u7528\u200b\u4fe1\u606f\u200b\u8bf7\u200b\u53c2\u8003\u200b Logical Router Policy\u3002
\u200b\u7b80\u5355\u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n policyRoutes:\n - action: drop\n match: ip4.src==10.0.1.0/24 && ip4.dst==10.0.1.250\n priority: 11\n - action: reroute\n match: ip4.src==10.0.1.0/24\n nextHopIP: 10.0.1.252\n priority: 10\n
"},{"location":"guide/vpc/#_5","title":"\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219","text":"Kubernetes \u200b\u672c\u8eab\u200b\u63d0\u4f9b\u200b\u7684\u200b Service \u200b\u80fd\u529b\u200b\u53ef\u4ee5\u200b\u5b8c\u6210\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u4f46\u662f\u200b\u53d7\u9650\u4e8e\u200b Kubernetes \u200b\u5b9e\u73b0\u200b\uff0c Service \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u662f\u200b\u5168\u5c40\u200b\u5206\u914d\u200b\u4e14\u200b\u4e0d\u80fd\u200b\u91cd\u590d\u200b\u3002\u200b\u5bf9\u4e8e\u200b VPC \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\uff0c\u200b\u7528\u6237\u200b\u5e0c\u671b\u200b\u80fd\u200b\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u5730\u5740\u200b \u200b\u8303\u56f4\u200b\uff0c\u200b\u4e0d\u540c\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u5730\u5740\u200b\u53ef\u80fd\u200b\u91cd\u53e0\u200b\uff0cKubernetes \u200b\u5185\u7f6e\u200b\u7684\u200b Service \u200b\u529f\u80fd\u200b\u65e0\u6cd5\u200b\u5b8c\u5168\u200b\u6ee1\u8db3\u200b\u3002
\u200b\u9488\u5bf9\u200b\u8fd9\u200b\u7c7b\u200b\u573a\u666f\u200b\uff0cKube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b SwitchLBRule \u200b\u8d44\u6e90\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u3002
\u200b\u4e00\u4e2a\u200b `SwitchLBRule`` \u200b\u4f8b\u5b50\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n selector:\n - app:nginx\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
vip\uff1a\u200b\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u5730\u5740\u200b\u3002namespace\uff1a\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u5668\u200b\u540e\u200b\u7aef\u200b Pod \u200b\u6240\u5728\u200b\u7684\u200b Namespace\u3002sessionAffinity\uff1a\u200b\u548c\u200b Service \u200b\u7684\u200b sessionAffinity \u200b\u529f\u80fd\u200b\u76f8\u540c\u200b\u3002selector\uff1a\u200b\u548c\u200b Service \u200b\u7684\u200b selector \u200b\u529f\u80fd\u200b\u76f8\u540c\u200b\u3002ports\uff1a\u200b\u548c\u200b Service \u200b\u7684\u200b port \u200b\u529f\u80fd\u200b\u76f8\u540c\u200b\u3002
\u200b\u67e5\u770b\u200b\u90e8\u7f72\u200b\u7684\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u5668\u200b\u89c4\u5219\u200b\uff1a
# kubectl get slr\nNAME VIP PORT(S) SERVICE AGE\nvpc-dns-test-cjh2 10.96.0.3 53/UDP,53/TCP,9153/TCP kube-system/slr-vpc-dns-test-cjh2 88m\n
"},{"location":"guide/vpc/#vpc-dns","title":"\u81ea\u5b9a\u4e49\u200b vpc-dns","text":"\u200b\u7531\u4e8e\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u548c\u200b\u9ed8\u8ba4\u200b VPC \u200b\u7f51\u7edc\u200b\u76f8\u4e92\u200b\u9694\u79bb\u200b\uff0cVPC \u200b\u5185\u200b Pod \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b\u7684\u200b coredns \u200b\u670d\u52a1\u200b\u8fdb\u884c\u200b\u57df\u540d\u89e3\u6790\u200b\u3002 \u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u4f7f\u7528\u200b coredns \u200b\u89e3\u6790\u200b\u96c6\u7fa4\u200b\u5185\u200b Service \u200b\u57df\u540d\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Kube-OVN \u200b\u63d0\u4f9b\u200b\u7684\u200b vpc-dns \u200b\u8d44\u6e90\u200b\u6765\u200b\u5b9e\u73b0\u200b\u3002
"},{"location":"guide/vpc/#_6","title":"\u521b\u5efa\u200b\u9644\u52a0\u200b\u7f51\u5361","text":"apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-nad\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-nad.default.ovn\"\n }'\n
"},{"location":"guide/vpc/#ovn-default-provider","title":"\u4fee\u6539\u200b ovn-default \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u7684\u200b provider","text":"\u200b\u4fee\u6539\u200b ovn-default \u200b\u7684\u200b provider\uff0c\u200b\u4e3a\u200b\u4e0a\u9762\u200b nad \u200b\u914d\u7f6e\u200b\u7684\u200b provider ovn-nad.default.ovn\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: ovn-default\nspec:\n cidrBlock: 10.16.0.0/16\n default: true\n disableGatewayCheck: false\n disableInterConnection: false\n enableDHCP: false\n enableIPv6RA: false\n excludeIps:\n - 10.16.0.1\n gateway: 10.16.0.1\n gatewayType: distributed\n logicalGateway: false\n natOutgoing: true\n private: false\n protocol: IPv4\n provider: ovn-nad.default.ovn\n vpc: ovn-cluster\n
"},{"location":"guide/vpc/#vpc-dns-configmap","title":"\u914d\u7f6e\u200b vpc-dns \u200b\u7684\u200b ConfigMap","text":"\u200b\u5728\u200b kube-system \u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u4e0b\u200b\u521b\u5efa\u200b configmap\uff0c\u200b\u914d\u7f6e\u200b vpc-dns \u200b\u4f7f\u7528\u200b\u53c2\u6570\u200b\uff0c\u200b\u7528\u4e8e\u200b\u540e\u9762\u200b\u542f\u52a8\u200b vpc-dns \u200b\u529f\u80fd\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-config\n namespace: kube-system\ndata:\n coredns-vip: 10.96.0.3\n enable-vpc-dns: \"true\"\n nad-name: ovn-nad\n nad-provider: ovn-nad.default.ovn\n
enable-vpc-dns\uff1a\uff08\u200b\u53ef\u200b\u7f3a\u7701\u200b\uff09true \u200b\u542f\u7528\u200b\u529f\u80fd\u200b\uff0cfalse \u200b\u5173\u95ed\u200b\u529f\u80fd\u200b\u3002\u200b\u9ed8\u8ba4\u200b true\u3002coredns-image\uff1a\uff08\u200b\u53ef\u200b\u7701\u7565\u200b\uff09\uff1adns \u200b\u90e8\u7f72\u200b\u955c\u50cf\u200b\u3002\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b coredns \u200b\u90e8\u7f72\u200b\u7248\u672c\u200b\u3002coredns-template\uff1a\uff08\u200b\u53ef\u200b\u7701\u7565\u200b\uff09\uff1adns \u200b\u90e8\u7f72\u200b\u6a21\u677f\u200b\u6240\u5728\u200b\u7684\u200b URL\u3002\u200b\u9ed8\u8ba4\u200b\uff1a\u200b\u5f53\u524d\u200b\u7248\u672c\u200b\u4ed3\u5e93\u200b\u91cc\u200b\u7684\u200b yamls/coredns-template.yaml\u3002coredns-vip\uff1a\u200b\u4e3a\u200b coredns \u200b\u63d0\u4f9b\u200b lb \u200b\u670d\u52a1\u200b\u7684\u200b vip\u3002nad-name\uff1a\u200b\u914d\u7f6e\u200b\u7684\u200b network-attachment-definitions \u200b\u8d44\u6e90\u200b\u540d\u79f0\u200b\u3002nad-provider\uff1a\u200b\u4f7f\u7528\u200b\u7684\u200b provider \u200b\u540d\u79f0\u200b\u3002k8s-service-host\uff1a\uff08\u200b\u53ef\u200b\u7f3a\u7701\u200b\uff09 \u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b ip\u3002k8s-service-port\uff1a\uff08\u200b\u53ef\u200b\u7f3a\u7701\u200b\uff09\u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b port\u3002
"},{"location":"guide/vpc/#vpc-dns_1","title":"\u90e8\u7f72\u200b vpc-dns \u200b\u4f9d\u8d56\u200b\u8d44\u6e90","text":"apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:vpc-dns\nrules:\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - namespaces\n verbs:\n - list\n - watch\n - apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n annotations:\n rbac.authorization.kubernetes.io/autoupdate: \"true\"\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: vpc-dns\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:vpc-dns\nsubjects:\n- kind: ServiceAccount\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-corefile\n namespace: kube-system\ndata:\n Corefile: |\n .:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n forward . /etc/resolv.conf {\n prefer_udp\n }\n cache 30\n loop\n reload\n loadbalance\n }\n
"},{"location":"guide/vpc/#vpc-dns_2","title":"\u90e8\u7f72\u200b vpc-dns","text":"kind: VpcDns\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-cjh1\nspec:\n vpc: cjh-vpc-1\n subnet: cjh-subnet-1\n
vpc\uff1a \u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b vpc \u200b\u540d\u79f0\u200b\u3002subnet\uff1a\u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b\u5b50\u200b\u540d\u79f0\u200b\u3002
\u200b\u67e5\u770b\u200b\u8d44\u6e90\u200b\u4fe1\u606f\u200b\uff1a
[root@hci-dev-mst-1 kubeovn]# kubectl get vpc-dns\nNAME ACTIVE VPC SUBNET \ntest-cjh1 false cjh-vpc-1 cjh-subnet-1 \ntest-cjh2 true cjh-vpc-1 cjh-subnet-2 \n
ACTIVE: true \u200b\u6210\u529f\u200b\u90e8\u7f72\u200b\u4e86\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b\uff0cfalse \u200b\u65e0\u200b\u90e8\u7f72\u200b
"},{"location":"guide/vpc/#_7","title":"\u9650\u5236","text":" - \u200b\u4e00\u4e2a\u200b vpc \u200b\u4e0b\u200b\u53ea\u4f1a\u200b\u90e8\u7f72\u200b\u4e00\u4e2a\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b;
- \u200b\u5f53\u200b\u4e00\u4e2a\u200b vpc \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u591a\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\uff08\u200b\u5373\u200b\u540c\u4e00\u4e2a\u200b vpc \u200b\u4e0d\u540c\u200b\u7684\u200b subnet\uff09\uff0c\u200b\u53ea\u6709\u200b\u4e00\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\u72b6\u6001\u200b
true\uff0c\u200b\u5176\u4ed6\u200b\u4e3a\u200b fasle; - \u200b\u5f53\u200b
true \u200b\u7684\u200b vpc-dns \u200b\u88ab\u200b\u5220\u9664\u200b\u6389\u200b\uff0c\u200b\u4f1a\u200b\u83b7\u53d6\u200b\u5176\u4ed6\u200b false \u200b\u7684\u200b vpc-dns \u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/webhook/","title":"Webhook \u200b\u4f7f\u7528","text":"\u200b\u4f7f\u7528\u200b Webhook \u200b\u53ef\u4ee5\u200b\u5bf9\u200b Kube-OVN \u200b\u5185\u200b\u7684\u200b CRD \u200b\u8d44\u6e90\u200b\u8fdb\u884c\u200b\u6821\u9a8c\u200b\uff0c\u200b\u76ee\u524d\u200b Webhook \u200b\u4e3b\u8981\u200b\u5b8c\u6210\u200b \u200b\u56fa\u5b9a\u200b IP \u200b\u5730\u5740\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\u548c\u200b Subnet CIDR \u200b\u7684\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\uff0c\u200b\u5e76\u200b\u5728\u200b\u8fd9\u7c7b\u200b\u8d44\u6e90\u200b\u521b\u5efa\u200b\u51b2\u7a81\u200b\u65f6\u200b\u63d0\u793a\u200b\u9519\u8bef\u200b\u3002
\u200b\u7531\u4e8e\u200b Webhook \u200b\u4f1a\u200b\u62e6\u622a\u200b\u6240\u6709\u200b\u7684\u200b Subnet \u200b\u548c\u200b Pod \u200b\u521b\u5efa\u200b\u7684\u200b\u8bf7\u6c42\u200b\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u5148\u200b\u90e8\u7f72\u200b Kube-OVN \u200b\u540e\u200b\u90e8\u7f72\u200b Webhook \u200b\u907f\u514d\u200b\u65e0\u6cd5\u200b\u521b\u5efa\u200b Pod\u3002
"},{"location":"guide/webhook/#cert-manager","title":"Cert-Manager \u200b\u5b89\u88c5","text":"Webhook \u200b\u90e8\u7f72\u200b\u9700\u8981\u200b\u76f8\u5173\u200b\u8bc1\u4e66\u200b\u52a0\u5bc6\u200b\uff0c\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b cert-manager \u200b\u751f\u6210\u200b\u76f8\u5173\u200b\u8bc1\u4e66\u200b\uff0c\u200b\u6211\u4eec\u200b\u9700\u8981\u200b\u5728\u200b\u90e8\u7f72\u200b Webhook \u200b\u524d\u5148\u200b\u90e8\u7f72\u200b cert-manager\u3002
\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u6765\u200b\u90e8\u7f72\u200b cert-manager:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml\n
\u200b\u66f4\u200b\u591a\u200b cert-manager \u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b cert-manager \u200b\u6587\u6863\u200b\u3002
"},{"location":"guide/webhook/#webhook_1","title":"\u5b89\u88c5\u200b Webhook","text":"\u200b\u4e0b\u8f7d\u200b Webhook \u200b\u5bf9\u5e94\u200b\u7684\u200b yaml \u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b:
# kubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/yamls/webhook.yaml\ndeployment.apps/kube-ovn-webhook created\nservice/kube-ovn-webhook created\nvalidatingwebhookconfiguration.admissionregistration.k8s.io/kube-ovn-webhook created\ncertificate.cert-manager.io/kube-ovn-webhook-serving-cert created\nissuer.cert-manager.io/kube-ovn-webhook-selfsigned-issuer created\n
"},{"location":"guide/webhook/#webhook_2","title":"\u9a8c\u8bc1\u200b Webhook \u200b\u751f\u6548","text":"\u200b\u67e5\u770b\u200b\u5df2\u200b\u8fd0\u884c\u200b Pod\uff0c\u200b\u5f97\u5230\u200b Pod IP 10.16.0.15\uff1a
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nstatic-7584848b74-fw9dm 1/1 Running 0 2d13h 10.16.0.15 kube-ovn-worker <none> \n
\u200b\u7f16\u5199\u200b yaml \u200b\u521b\u5efa\u200b\u76f8\u540c\u200b IP \u200b\u7684\u200b Pod\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\n labels:\n app: static\n managedFields:\n name: staticip-pod\n namespace: default\nspec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0a\u200b yaml \u200b\u521b\u5efa\u200b\u9759\u6001\u200b\u5730\u5740\u200b Pod \u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u63d0\u793a\u200b IP \u200b\u5730\u5740\u200b\u51b2\u7a81\u200b\uff1a
# kubectl apply -f pod-static.yaml\nError from server (annotation ip address 10.16.0.15 is conflict with ip crd static-7584848b74-fw9dm.default 10.16.0.15): error when creating \"pod-static.yaml\": admission webhook \"pod-ip-validaing.kube-ovn.io\" denied the request: annotation ip address 10.16.0.15 is conflict with ip crd static-7584848b74-fw9dm.default 10.16.0.15\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-default-subnet/","title":"\u4fee\u6539\u200b\u5b50\u7f51\u200b CIDR","text":"\u200b\u5982\u679c\u200b\u521b\u5efa\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u51b2\u7a81\u200b\u6216\u200b\u4e0d\u200b\u7b26\u5408\u200b\u9884\u671f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u672c\u200b\u6587\u6863\u200b\u7684\u200b\u6b65\u9aa4\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
\u200b\u4fee\u6539\u200b\u5b50\u7f51\u200b CIDR \u200b\u540e\u200b\u4e4b\u524d\u200b\u521b\u5efa\u200b\u7684\u200b Pod \u200b\u5c06\u200b\u65e0\u6cd5\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u8fdb\u884c\u200b\u91cd\u5efa\u200b\u3002 \u200b\u5efa\u8bae\u200b\u64cd\u4f5c\u524d\u200b\u614e\u91cd\u8003\u8651\u200b\u3002\u200b\u672c\u6587\u200b\u53ea\u200b\u9488\u5bf9\u200b\u4e1a\u52a1\u200b\u5b50\u7f51\u200b CIDR \u200b\u66f4\u6539\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5982\u9700\u200b \u200b\u66f4\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR \u200b\u8bf7\u200b\u53c2\u8003\u200b\u66f4\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR\u3002
"},{"location":"ops/change-default-subnet/#_1","title":"\u7f16\u8f91\u200b\u5b50\u7f51","text":"\u200b\u4f7f\u7528\u200b kubectl edit \u200b\u4fee\u6539\u200b\u5b50\u7f51\u200b cidrBlock\uff0cgateway \u200b\u548c\u200b excludeIps\u3002
kubectl edit subnet test-subnet\n
"},{"location":"ops/change-default-subnet/#namespace-pod","title":"\u91cd\u5efa\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\u7684\u200b Namespace \u200b\u4e0b\u200b\u6240\u6709\u200b Pod","text":"\u200b\u4ee5\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b test Namespace \u200b\u4e3a\u4f8b\u200b\uff1a
for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n test --ignore-not-found\ndone\n
\u200b\u82e5\u200b\u53ea\u200b\u4f7f\u7528\u200b\u4e86\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\u5220\u9664\u200b\u6240\u6709\u200b\u975e\u200b host \u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u7684\u200b Pod\uff1a
for ns in $(kubectl get ns --no-headers -o custom-columns=NAME:.metadata.name); do\n for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n \"$ns\" --ignore-not-found\n done\ndone\n
"},{"location":"ops/change-default-subnet/#_2","title":"\u66f4\u6539\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u914d\u7f6e","text":"\u200b\u82e5\u200b\u4fee\u6539\u200b\u7684\u200b\u4e3a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u8fd8\u200b\u9700\u8981\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff1a
args:\n- --default-cidr=10.17.0.0/16\n- --default-gateway=10.17.0.1\n- --default-exclude-ips=10.17.0.1\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-join-subnet/","title":"\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR","text":"\u200b\u82e5\u200b\u53d1\u73b0\u200b\u521b\u5efa\u200b\u7684\u200b Join \u200b\u5b50\u7f51\u200b CIDR \u200b\u51b2\u7a81\u200b\u6216\u200b\u4e0d\u200b\u7b26\u5408\u200b\u9884\u671f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u672c\u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
\u200b\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR \u200b\u540e\u200b\u4e4b\u524d\u200b\u521b\u5efa\u200b\u7684\u200b Pod \u200b\u5c06\u200b\u65e0\u6cd5\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u9700\u8981\u200b\u7b49\u200b\u91cd\u5efa\u200b\u5b8c\u6210\u200b, \u200b\u5efa\u8bae\u200b\u524d\u200b\u64cd\u4f5c\u200b\u65f6\u200b\u614e\u91cd\u8003\u8651\u200b\u3002
"},{"location":"ops/change-join-subnet/#join","title":"\u5220\u9664\u200b Join \u200b\u5b50\u7f51","text":"kubectl patch subnet join --type='json' -p '[{\"op\": \"replace\", \"path\": \"/metadata/finalizers\", \"value\": []}]'\nkubectl delete subnet join\n
"},{"location":"ops/change-join-subnet/#_1","title":"\u6e05\u7406\u200b\u76f8\u5173\u200b\u5206\u914d\u200b\u4fe1\u606f","text":"kubectl annotate node ovn.kubernetes.io/allocated=false --all --overwrite\n
"},{"location":"ops/change-join-subnet/#join_1","title":"\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b\u76f8\u5173\u200b\u4fe1\u606f","text":"\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u5185\u200b Join \u200b\u5b50\u7f51\u200b\u76f8\u5173\u200b\u4fe1\u606f\u200b\uff1a
kubectl edit deployment -n kube-system kube-ovn-controller\n
\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53c2\u6570\u200b\uff1a
args:\n- --node-switch-cidr=100.51.0.0/16\n
\u200b\u91cd\u542f\u200b kube-ovn-controller \u200b\u91cd\u5efa\u200b join \u200b\u5b50\u7f51\u200b\uff1a
kubectl delete pod -n kube-system -lapp=kube-ovn-controller\n
\u200b\u67e5\u770b\u200b\u65b0\u200b\u7684\u200b Join \u200b\u5b50\u7f51\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get subnet\nNAME PROVIDER VPC PROTOCOL CIDR PRIVATE NAT DEFAULT GATEWAYTYPE V4USED V4AVAILABLE V6USED V6AVAILABLE EXCLUDEIPS\njoin ovn ovn-cluster IPv4 100.51.0.0/16 false false false distributed 2 65531 0 0 [\"100.51.0.1\"]\novn-default ovn ovn-cluster IPv4 10.17.0.0/16 false true true distributed 5 65528 0 0 [\"10.17.0.1\"]\n
"},{"location":"ops/change-join-subnet/#ovn0","title":"\u91cd\u65b0\u914d\u7f6e\u200b ovn0 \u200b\u7f51\u5361\u200b\u5730\u5740","text":"\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b ovn0 \u200b\u7f51\u5361\u200b\u4fe1\u606f\u200b\u9700\u8981\u200b\u91cd\u65b0\u200b\u66f4\u65b0\u200b\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b\u91cd\u542f\u200b kube-ovn-cni \u200b\u6765\u200b\u5b8c\u6210\u200b\uff1a
kubectl delete pod -n kube-system -l app=kube-ovn-cni\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-log-level/","title":"\u8c03\u6574\u200b\u65e5\u5fd7\u200b\u7b49\u7ea7","text":"\u200b\u6253\u5f00\u200b kube-ovn.yaml\uff0c\u200b\u5728\u200b\u670d\u52a1\u200b\u542f\u52a8\u200b\u811a\u672c\u200b\u7684\u200b\u53c2\u6570\u200b\u5217\u8868\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b log \u200b\u7b49\u7ea7\u200b\uff0c\u200b\u6bd4\u5982\u200b\uff1a
vi kube-ovn.yaml\n# ...\n - name: kube-ovn-controller\n image: \"docker.io/kubeovn/kube-ovn:v1.12.13\"\n imagePullPolicy: IfNotPresent\n args:\n - /kube-ovn/start-controller.sh\n - --v=3\n# ...\n# log \u200b\u7b49\u7ea7\u200b\u8d8a\u9ad8\u200b\uff0clog \u200b\u5c31\u200b\u8d8a\u200b\u8be6\u7ec6\u200b\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-ovn-central-node/","title":"\u66f4\u6362\u200b ovn-central \u200b\u8282\u70b9","text":"\u200b\u7531\u4e8e\u200b ovn-central \u200b\u5185\u200b\u7684\u200b ovn-nb \u200b\u548c\u200b ovn-sb \u200b\u5206\u522b\u200b\u5efa\u7acb\u200b\u4e86\u200b\u7c7b\u4f3c\u200b etcd \u200b\u7684\u200b raft \u200b\u96c6\u7fa4\u200b\uff0c\u200b\u56e0\u6b64\u200b\u66f4\u6362\u200b ovn-central \u200b\u8282\u70b9\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u7684\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u4fdd\u8bc1\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u7684\u200b\u6b63\u786e\u200b\u548c\u200b\u6570\u636e\u200b\u7684\u200b\u4e00\u81f4\u200b\u3002\u200b\u5efa\u8bae\u200b\u6bcf\u6b21\u200b\u53ea\u200b\u5bf9\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u4e0a\u4e0b\u200b\u7ebf\u200b\u5904\u7406\u200b\uff0c\u200b\u4ee5\u200b\u907f\u514d\u200b\u96c6\u7fa4\u200b\u8fdb\u5165\u200b\u4e0d\u53ef\u200b\u7528\u200b \u200b\u72b6\u6001\u200b\uff0c\u200b\u5f71\u54cd\u200b\u96c6\u7fa4\u200b\u6574\u4f53\u200b\u7f51\u7edc\u200b\u3002
"},{"location":"ops/change-ovn-central-node/#ovn-central_1","title":"ovn-central \u200b\u8282\u70b9\u200b\u4e0b\u7ebf","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u9488\u5bf9\u200b\u5982\u4e0b\u200b\u7684\u200b\u96c6\u7fa4\u200b\u60c5\u51b5\u200b\uff0c\u200b\u4ee5\u4e0b\u200b\u7ebf\u200b kube-ovn-control-plane2 \u200b\u8282\u70b9\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u5c06\u200b\u5176\u200b\u4ece\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u79fb\u9664\u200b\u3002
# kubectl -n kube-system get pod -o wide | grep central\novn-central-6bf58cbc97-2cdhg 1/1 Running 0 21m 172.18.0.3 kube-ovn-control-plane <none> <none>\novn-central-6bf58cbc97-crmfp 1/1 Running 0 21m 172.18.0.5 kube-ovn-control-plane2 <none> <none>\novn-central-6bf58cbc97-lxmpl 1/1 Running 0 21m 172.18.0.4 kube-ovn-control-plane3 <none> <none>\n
"},{"location":"ops/change-ovn-central-node/#ovn-nb","title":"\u4e0b\u7ebf\u200b ovn-nb \u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u8282\u70b9","text":"\u200b\u9996\u5148\u200b\u67e5\u770b\u200b\u8282\u70b9\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b ID\uff0c\u200b\u4ee5\u4fbf\u200b\u540e\u7eed\u200b\u64cd\u4f5c\u200b\u3002
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2135194 ms ago, reason: timeout\nLast Election won: 2135188 ms ago\nElection timer: 5000\nLog: [135, 135]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-d64b ->d64b <-4984 ->4984\nDisconnections: 0\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=135 match_index=134 last msg 1084 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=2 match_index=134\n d64b (d64b at tcp:[172.18.0.5]:6643) next_index=135 match_index=134 last msg 1084 ms ago\nstatus: ok\n
kube-ovn-control-plane2 \u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b IP \u200b\u4e3a\u200b 172.18.0.5\uff0c\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u7684\u200b ID \u200b\u4e3a\u200b d64b\u3002\u200b\u63a5\u4e0b\u6765\u200b\u4ece\u200b ovn-nb \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u8be5\u200b\u8282\u70b9\u200b\uff1a
# kubectl ko nb kick d64b\nstarted removal\n
\u200b\u786e\u8ba4\u200b\u8282\u70b9\u200b\u8e22\u200b\u51fa\u200b\u6210\u529f\u200b\uff1a
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2297649 ms ago, reason: timeout\nLast Election won: 2297643 ms ago\nElection timer: 5000\nLog: [136, 136]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-4984 ->4984\nDisconnections: 2\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=136 match_index=135 last msg 1270 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=2 match_index=135\nstatus: ok\n
"},{"location":"ops/change-ovn-central-node/#ovn-sb","title":"\u4e0b\u7ebf\u200b ovn-sb \u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u8282\u70b9","text":"\u200b\u63a5\u4e0b\u6765\u200b\u9700\u8981\u200b\u64cd\u4f5c\u200b ovn-sb \u200b\u96c6\u7fa4\u200b\uff0c\u200b\u9996\u5148\u200b\u67e5\u770b\u200b\u8282\u70b9\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b ID\uff0c\u200b\u4ee5\u4fbf\u200b\u540e\u7eed\u200b\u64cd\u4f5c\u200b\uff1a
kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2395317 ms ago, reason: timeout\nLast Election won: 2395316 ms ago\nElection timer: 5000\nLog: [130, 130]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-e9f7 ->e9f7 <-6e84 ->6e84\nDisconnections: 0\nServers:\n e9f7 (e9f7 at tcp:[172.18.0.5]:6644) next_index=130 match_index=129 last msg 1006 ms ago\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=130 match_index=129 last msg 1004 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=2 match_index=129\nstatus: ok\n
kube-ovn-control-plane2 \u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b IP \u200b\u4e3a\u200b 172.18.0.5\uff0c\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u7684\u200b ID \u200b\u4e3a\u200b e9f7\u3002\u200b\u63a5\u4e0b\u6765\u200b\u4ece\u200b ovn-sb \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u8be5\u200b\u8282\u70b9\u200b\uff1a
# kubectl ko sb kick e9f7\nstarted removal\n
\u200b\u786e\u8ba4\u200b\u8282\u70b9\u200b\u8e22\u200b\u51fa\u200b\u6210\u529f\u200b\uff1a
# kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2481636 ms ago, reason: timeout\nLast Election won: 2481635 ms ago\nElection timer: 5000\nLog: [131, 131]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-6e84 ->6e84\nDisconnections: 2\nServers:\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=131 match_index=130 last msg 642 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=2 match_index=130\nstatus: ok\n
"},{"location":"ops/change-ovn-central-node/#ovn-central_2","title":"\u5220\u9664\u200b\u8282\u70b9\u200b\u6807\u7b7e\u200b\uff0c\u200b\u5e76\u200b\u7f29\u5bb9\u200b ovn-central","text":"\u200b\u6ce8\u610f\u200b\u9700\u5728\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u4e2d\u200b\u5220\u9664\u200b\u4e0b\u7ebf\u200b\u8282\u70b9\u200b\u3002
kubectl label node kube-ovn-control-plane2 kube-ovn/role-\nkubectl scale deployment -n kube-system ovn-central --replicas=2\nkubectl set env deployment/ovn-central -n kube-system NODE_IPS=\"172.18.0.3,172.18.0.4\"\nkubectl rollout status deployment/ovn-central -n kube-system \n
"},{"location":"ops/change-ovn-central-node/#ovn-central_3","title":"\u4fee\u6539\u200b\u5176\u4ed6\u200b\u7ec4\u4ef6\u200b\u8fde\u63a5\u200b ovn-central \u200b\u5730\u5740","text":"\u200b\u4fee\u6539\u200b ovs-ovn \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5220\u9664\u200b\u4e0b\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002
# kubectl set env daemonset/ovs-ovn -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4\"\ndaemonset.apps/ovs-ovn env updated\n# kubectl delete pod -n kube-system -lapp=ovs\npod \"ovs-ovn-4f6jc\" deleted\npod \"ovs-ovn-csn2w\" deleted\npod \"ovs-ovn-mpbmb\" deleted\n
\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5220\u9664\u200b\u4e0b\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002
# kubectl set env deployment/kube-ovn-controller -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4\"\ndeployment.apps/kube-ovn-controller env updated\n\n# kubectl rollout status deployment/kube-ovn-controller -n kube-system\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 1 of 3 updated replicas are available...\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 2 of 3 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\n
"},{"location":"ops/change-ovn-central-node/#_1","title":"\u6e05\u7406\u200b\u8282\u70b9","text":"\u200b\u5220\u9664\u200b kube-ovn-control-plane2 \u200b\u8282\u70b9\u200b\u5185\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff0c\u200b\u907f\u514d\u200b\u91cd\u590d\u200b\u6dfb\u52a0\u200b\u8282\u70b9\u200b\u65f6\u200b\u53d1\u751f\u200b\u5f02\u5e38\u200b\uff1a
rm -rf /etc/origin/ovn\n
\u200b\u5982\u9700\u200b\u5c06\u200b\u8282\u70b9\u200b\u4ece\u200b\u6574\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u4e0b\u7ebf\u200b\uff0c\u200b\u8fd8\u200b\u9700\u200b\u7ee7\u7eed\u200b\u53c2\u8003\u200b\u5220\u9664\u200b\u5de5\u4f5c\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"ops/change-ovn-central-node/#ovn-central_4","title":"ovn-central \u200b\u8282\u70b9\u200b\u4e0a\u7ebf","text":"\u200b\u4e0b\u5217\u200b\u6b65\u9aa4\u200b\u4f1a\u200b\u5c06\u200b\u4e00\u4e2a\u200b\u65b0\u200b\u7684\u200b Kubernetes \u200b\u8282\u70b9\u200b\u52a0\u5165\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u3002
"},{"location":"ops/change-ovn-central-node/#_2","title":"\u76ee\u5f55\u200b\u68c0\u67e5","text":"\u200b\u68c0\u67e5\u200b\u65b0\u589e\u200b\u8282\u70b9\u200b\u7684\u200b /etc/origin/ovn \u200b\u76ee\u5f55\u200b\u4e2d\u200b\u662f\u5426\u200b\u5b58\u5728\u200b ovnnb_db.db \u200b\u6216\u200b ovnsb_db.db \u200b\u6587\u4ef6\u200b\uff0c\u200b\u82e5\u200b\u5b58\u5728\u200b\u9700\u200b\u63d0\u524d\u200b\u5220\u9664\u200b\uff1a
rm -rf /etc/origin/ovn\n
"},{"location":"ops/change-ovn-central-node/#ovn-central_5","title":"\u786e\u8ba4\u200b\u5f53\u524d\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u6b63\u5e38","text":"\u200b\u82e5\u200b\u5f53\u524d\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u5df2\u7ecf\u200b\u5f02\u5e38\u200b\uff0c\u200b\u65b0\u589e\u200b\u8282\u70b9\u200b\u53ef\u80fd\u200b\u5bfc\u81f4\u200b\u6295\u7968\u9009\u4e3e\u200b\u65e0\u6cd5\u200b\u8fc7\u534a\u6570\u200b\uff0c\u200b\u5f71\u54cd\u200b\u540e\u7eed\u200b\u64cd\u4f5c\u200b\u3002
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 44\nLeader: self\nVote: self\n\nLast Election started 1855739 ms ago, reason: timeout\nLast Election won: 1855729 ms ago\nElection timer: 5000\nLog: [147, 147]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: ->4984 <-4984\nDisconnections: 0\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=147 match_index=146 last msg 367 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=140 match_index=146\nstatus: ok\n\n# kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 33\nLeader: self\nVote: self\n\nLast Election started 1868589 ms ago, reason: timeout\nLast Election won: 1868579 ms ago\nElection timer: 5000\nLog: [142, 142]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: ->6e84 <-6e84\nDisconnections: 0\nServers:\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=142 match_index=141 last msg 728 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=134 match_index=141\nstatus: ok\n
"},{"location":"ops/change-ovn-central-node/#_3","title":"\u7ed9\u200b\u8282\u70b9\u200b\u589e\u52a0\u200b\u6807\u7b7e\u200b\u5e76\u200b\u6269\u5bb9","text":"\u200b\u6ce8\u610f\u200b\u9700\u5728\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e0a\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002
kubectl label node kube-ovn-control-plane2 kube-ovn/role=master\nkubectl scale deployment -n kube-system ovn-central --replicas=3\nkubectl set env deployment/ovn-central -n kube-system NODE_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\nkubectl rollout status deployment/ovn-central -n kube-system\n
"},{"location":"ops/change-ovn-central-node/#ovn-central_6","title":"\u4fee\u6539\u200b\u5176\u4ed6\u200b\u7ec4\u4ef6\u200b\u8fde\u63a5\u200b ovn-central \u200b\u5730\u5740","text":"\u200b\u4fee\u6539\u200b ovs-ovn \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u589e\u52a0\u200b\u4e0a\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\uff1a
# kubectl set env daemonset/ovs-ovn -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\ndaemonset.apps/ovs-ovn env updated\n# kubectl delete pod -n kube-system -lapp=ovs\npod \"ovs-ovn-4f6jc\" deleted\npod \"ovs-ovn-csn2w\" deleted\npod \"ovs-ovn-mpbmb\" deleted\n
\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u589e\u52a0\u200b\u4e0a\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\uff1a
# kubectl set env deployment/kube-ovn-controller -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\ndeployment.apps/kube-ovn-controller env updated\n\n# kubectl rollout status deployment/kube-ovn-controller -n kube-system\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 1 of 3 updated replicas are available...\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 2 of 3 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/delete-worker-node/","title":"\u5220\u9664\u200b\u5de5\u4f5c\u200b\u8282\u70b9","text":"\u200b\u5982\u679c\u200b\u53ea\u662f\u200b\u7b80\u5355\u200b\u4ece\u200b Kubernetes \u200b\u4e2d\u200b\u5220\u9664\u200b\u8282\u70b9\u200b\uff0c\u200b\u7531\u4e8e\u200b\u8282\u70b9\u200b\u4e0a\u200b ovs-ovn \u200b\u4e2d\u200b\u8fd0\u884c\u200b\u7684\u200b ovn-controller \u200b\u8fdb\u7a0b\u200b\u4ecd\u200b\u5728\u200b\u8fd0\u884c\u200b\u4f1a\u200b\u5b9a\u671f\u200b\u8fde\u63a5\u200b ovn-central \u200b\u6ce8\u518c\u200b\u76f8\u5173\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\uff0c \u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u989d\u5916\u200b\u8d44\u6e90\u200b\u6d6a\u8d39\u200b\u5e76\u200b\u6709\u200b\u6f5c\u5728\u200b\u7684\u200b\u89c4\u5219\u200b\u51b2\u7a81\u200b\u98ce\u9669\u200b\u3002 \u200b\u56e0\u6b64\u200b\u5728\u200b\u4ece\u200b Kubernetes \u200b\u5185\u200b\u5220\u9664\u200b\u8282\u70b9\u200b\u65f6\u200b\uff0c\u200b\u8bf7\u200b\u6309\u7167\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u6765\u200b\u4fdd\u8bc1\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u88ab\u200b\u6e05\u7406\u200b\u3002
\u200b\u8be5\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b\u5220\u9664\u200b\u5de5\u4f5c\u200b\u8282\u70b9\u200b\u7684\u200b\u6b65\u9aa4\u200b\uff0c\u200b\u5982\u9700\u200b\u66f4\u6362\u200b ovn-central \u200b\u6240\u5728\u200b\u8282\u70b9\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u66f4\u6362\u200b ovn-central \u200b\u8282\u70b9\u200b\u3002
"},{"location":"ops/delete-worker-node/#_2","title":"\u9a71\u9010\u200b\u8282\u70b9\u200b\u4e0a\u200b\u6240\u6709\u200b\u5bb9\u5668","text":" # kubectl drain kube-ovn-worker --ignore-daemonsets --force\n node/kube-ovn-worker cordoned\n WARNING: ignoring DaemonSet-managed Pods: kube-system/kube-ovn-cni-zt74b, kube-system/kube-ovn-pinger-5rxfs, kube-system/kube-proxy-jpmnm, kube-system/ovs-ovn-v2kll\n evicting pod kube-system/coredns-64897985d-qsgpt\n evicting pod local-path-storage/local-path-provisioner-5ddd94ff66-llss6\n evicting pod kube-system/kube-ovn-controller-8459db5ff4-94lxb\n pod/kube-ovn-controller-8459db5ff4-94lxb evicted\n pod/coredns-64897985d-qsgpt evicted\n pod/local-path-provisioner-5ddd94ff66-llss6 evicted\n node/kube-ovn-worker drained\n
"},{"location":"ops/delete-worker-node/#kubelet-docker","title":"\u505c\u6b62\u200b kubelet \u200b\u548c\u200b docker","text":"\u200b\u8be5\u200b\u6b65\u9aa4\u200b\u4f1a\u200b\u505c\u6b62\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u4ee5\u200b\u907f\u514d\u200b\u5411\u200b ovn-central \u200b\u8fdb\u884c\u200b\u4fe1\u606f\u200b\u6ce8\u518c\u200b\uff0c\u200b\u767b\u5f55\u200b\u5230\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
systemctl stop kubelet\nsystemctl stop docker\n
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b\u7684\u200b CRI \u200b\u4e3a\u200b containerd\uff0c\u200b\u9700\u8981\u200b\u6267\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u6765\u200b\u505c\u6b62\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff1a
crictl rm -f $(crictl ps | grep openvswitch | awk '{print $1}')\n
"},{"location":"ops/delete-worker-node/#node","title":"\u6e05\u7406\u200b Node \u200b\u4e0a\u200b\u7684\u200b\u6b8b\u7559\u200b\u6570\u636e","text":"rm -rf /var/run/openvswitch\nrm -rf /var/run/ovn\nrm -rf /etc/origin/openvswitch/\nrm -rf /etc/origin/ovn/\nrm -rf /etc/cni/net.d/00-kube-ovn.conflist\nrm -rf /etc/cni/net.d/01-kube-ovn.conflist\nrm -rf /var/log/openvswitch\nrm -rf /var/log/ovn\n
"},{"location":"ops/delete-worker-node/#kubectl","title":"\u4f7f\u7528\u200b kubectl \u200b\u5220\u9664\u200b\u8282\u70b9","text":"kubectl delete no kube-ovn-01\n
"},{"location":"ops/delete-worker-node/#ovn-sb","title":"\u68c0\u67e5\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u662f\u5426\u200b\u4ece\u200b ovn-sb \u200b\u4e2d\u200b\u5220\u9664","text":"\u200b\u4e0b\u9762\u200b\u7684\u200b\u793a\u4f8b\u200b\u4e3a\u200b kube-ovn-worker \u200b\u4f9d\u7136\u200b\u672a\u200b\u88ab\u200b\u5220\u9664\u200b\uff1a
# kubectl ko sbctl show\nChassis \"b0564934-5a0d-4804-a4c0-476c93596a17\"\n hostname: kube-ovn-worker\n Encap geneve\n ip: \"172.18.0.2\"\n options: {csum=\"true\"}\n Port_Binding kube-ovn-pinger-5rxfs.kube-system\nChassis \"6a29de7e-d731-4eaf-bacd-2f239ee52b28\"\n hostname: kube-ovn-control-plane\n Encap geneve\n ip: \"172.18.0.3\"\n options: {csum=\"true\"}\n Port_Binding coredns-64897985d-nbfln.kube-system\n Port_Binding node-kube-ovn-control-plane\n Port_Binding local-path-provisioner-5ddd94ff66-h4tn9.local-path-storage\n Port_Binding kube-ovn-pinger-hf2p6.kube-system\n Port_Binding coredns-64897985d-fhwlw.kube-system\n
"},{"location":"ops/delete-worker-node/#chassis","title":"\u82e5\u200b\u8282\u70b9\u200b\u5bf9\u5e94\u200b\u7684\u200b chassis \u200b\u4f9d\u7136\u200b\u5b58\u5728\u200b\uff0c\u200b\u624b\u52a8\u200b\u8fdb\u884c\u200b\u5220\u9664","text":"uuid \u200b\u4e3a\u200b\u4e4b\u524d\u200b\u547d\u4ee4\u200b\u6240\u200b\u67e5\u51fa\u200b\u7684\u200b Chassis \u200b\u5bf9\u5e94\u200b id\uff1a
# kubectl ko sbctl chassis-del b0564934-5a0d-4804-a4c0-476c93596a17\n# kubectl ko sbctl show\nChassis \"6a29de7e-d731-4eaf-bacd-2f239ee52b28\"\n hostname: kube-ovn-control-plane\n Encap geneve\n ip: \"172.18.0.3\"\n options: {csum=\"true\"}\n Port_Binding coredns-64897985d-nbfln.kube-system\n Port_Binding node-kube-ovn-control-plane\n Port_Binding local-path-provisioner-5ddd94ff66-h4tn9.local-path-storage\n Port_Binding kube-ovn-pinger-hf2p6.kube-system\n Port_Binding coredns-64897985d-fhwlw.kube-system\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/faq/","title":"\u5176\u4ed6\u200b\u5e38\u89c1\u95ee\u9898","text":""},{"location":"ops/faq/#arm","title":"\u9e92\u9e9f\u200b ARM \u200b\u7cfb\u7edf\u200b\u8de8\u200b\u4e3b\u673a\u200b\u5bb9\u5668\u200b\u8bbf\u95ee\u200b\u95f4\u6b47\u200b\u5931\u8d25","text":""},{"location":"ops/faq/#_2","title":"\u73b0\u8c61","text":"\u200b\u9e92\u9e9f\u200b ARM \u200b\u7cfb\u7edf\u200b\u548c\u200b\u90e8\u5206\u200b\u56fd\u4ea7\u5316\u200b\u7f51\u5361\u200b offload \u200b\u914d\u5408\u200b\u5b58\u5728\u200b\u95ee\u9898\u200b\uff0c\u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u95f4\u6b47\u200b\u6545\u969c\u200b\u3002
\u200b\u4f7f\u7528\u200b netstat \u200b\u786e\u8ba4\u200b\u95ee\u9898\u200b\uff1a
# netstat -us\nIcmpMsg:\n InType0: 22\n InType3: 24\n InType8: 117852\n OutType0: 117852\n OutType3: 29\n OutType8: 22\nUdp:\n 3040636 packets received\n 0 packets to unknown port received.\n 4 packet receive errors\n 602 packets sent\n 0 receive buffer errors\n 0 send buffer errors\n InCsumErrors: 4\nUdpLite:\nIpExt:\n InBcastPkts: 10244\n InOctets: 4446320361\n OutOctets: 1496815600\n InBcastOctets: 3095950\n InNoECTPkts: 7683903\n
\u200b\u82e5\u200b\u5b58\u5728\u200b InCsumErrors\uff0c\u200b\u4e14\u200b\u968f\u7740\u200b\u8bbf\u95ee\u200b\u5931\u8d25\u200b\u589e\u52a0\u200b\uff0c\u200b\u53ef\u200b\u786e\u8ba4\u200b\u662f\u200b\u8be5\u200b\u95ee\u9898\u200b\u3002
"},{"location":"ops/faq/#_3","title":"\u89e3\u51b3\u200b\u65b9\u6cd5","text":"\u200b\u6839\u672c\u200b\u89e3\u51b3\u200b\u9700\u8981\u200b\u548c\u200b\u9e92\u9e9f\u200b\u4ee5\u53ca\u200b\u5bf9\u5e94\u200b\u7f51\u5361\u200b\u5382\u5546\u200b\u6c9f\u901a\u200b\uff0c\u200b\u66f4\u65b0\u200b\u7cfb\u7edf\u200b\u548c\u200b\u9a71\u52a8\u200b\u3002\u200b\u4e34\u65f6\u200b\u89e3\u51b3\u200b\u53ef\u200b\u5148\u200b\u5173\u95ed\u200b\u7269\u7406\u200b \u200b\u7f51\u5361\u200b\u7684\u200b tx offload \u200b\u4f46\u662f\u200b\u4f1a\u200b\u5bfc\u81f4\u200b tcp \u200b\u6027\u80fd\u200b\u6709\u200b\u8f83\u200b\u660e\u663e\u200b\u4e0b\u964d\u200b\u3002
ethtool -K eth0 tx off\n
\u200b\u7ecf\u200b\u793e\u533a\u200b\u53cd\u9988\u200b\u4f7f\u7528\u200b 4.19.90-25.16.v2101 \u200b\u5185\u6838\u200b\u540e\u200b\u53ef\u4ee5\u200b\u89e3\u51b3\u200b\u8be5\u200b\u95ee\u9898\u200b\u3002
"},{"location":"ops/faq/#pod-service","title":"Pod \u200b\u8bbf\u95ee\u200b Service \u200b\u4e0d\u901a","text":""},{"location":"ops/faq/#_4","title":"\u73b0\u8c61","text":"Pod \u200b\u5185\u200b\u65e0\u6cd5\u8bbf\u95ee\u200b Service \u200b\u5bf9\u5e94\u200b\u7684\u200b\u670d\u52a1\u200b\uff0cdmesg \u200b\u663e\u793a\u200b\u5f02\u5e38\u200b\uff1a
netlink: Unknown conntrack attr (type=6, max=5)\nopenvswitch: netlink: Flow actions may not be safe on all matching packets.\n
\u200b\u8be5\u200b\u65e5\u5fd7\u200b\u8bf4\u660e\u200b\u5185\u6838\u200b\u5185\u200b OVS \u200b\u7248\u672c\u200b\u8fc7\u4f4e\u200b\u4e0d\u200b\u652f\u6301\u200b\u5bf9\u5e94\u200b NAT \u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"ops/faq/#_5","title":"\u89e3\u51b3\u200b\u65b9\u6cd5","text":" - \u200b\u5347\u7ea7\u200b\u5185\u6838\u6a21\u5757\u200b\u6216\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u3002
- \u200b\u82e5\u200b\u53ea\u200b\u4f7f\u7528\u200b Overlay \u200b\u7f51\u7edc\u200b\u53ef\u4ee5\u200b\u66f4\u6539\u200b
kube-ovn-controller \u200b\u542f\u52a8\u200b\u53c2\u6570\u8bbe\u7f6e\u200b --enable-lb=false \u200b\u5173\u95ed\u200b OVN LB \u200b\u4f7f\u7528\u200b kube-proxy \u200b\u8fdb\u884c\u200b Service \u200b\u8f6c\u53d1\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/from-calico/","title":"\u5378\u8f7d\u200b Calico \u200b\u5b89\u88c5\u200b Kube-OVN","text":"\u200b\u82e5\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u5df2\u200b\u5b89\u88c5\u200b Calico \u200b\u9700\u8981\u200b\u53d8\u66f4\u200b\u4e3a\u200b Kube-OVN \u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u672c\u200b\u6587\u6863\u200b\u3002
\u200b\u672c\u6587\u200b\u4ee5\u200b Calico v3.24.1 \u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u5176\u5b83\u200b Calico \u200b\u7248\u672c\u200b\u9700\u8981\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\u3002
"},{"location":"ops/from-calico/#_1","title":"\u51c6\u5907\u200b\u5de5\u4f5c","text":"\u200b\u4e3a\u4e86\u200b\u4fdd\u8bc1\u200b\u5207\u6362\u200b CNI \u200b\u8fc7\u7a0b\u200b\u4e2d\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u4fdd\u6301\u200b\u7545\u901a\u200b\uff0cCalico ippool \u200b\u9700\u8981\u200b\u5f00\u542f\u200b nat outgoing\uff0c\u200b\u6216\u200b\u5728\u200b\u6240\u6709\u200b\u8282\u70b9\u200b\u4e0a\u200b\u5173\u95ed\u200b rp_filter\uff1a
sysctl net.ipv4.conf.all.rp_filter=0\nsysctl net.ipv4.conf.default.rp_filter=0\n# IPIP \u200b\u6a21\u5f0f\u200b\nsysctl net.ipv4.conf.tunl0.rp_filter=0\n# VXLAN \u200b\u6a21\u5f0f\u200b\nsysctl net.ipv4.conf.vxlan/calico.rp_filter=0\n# \u200b\u8def\u7531\u200b\u6a21\u5f0f\u200b\uff0ceth0 \u200b\u9700\u8981\u200b\u4fee\u6539\u200b\u4e3a\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\nsysctl net.ipv4.conf.eth0.rp_filter=0\n
"},{"location":"ops/from-calico/#kube-ovn","title":"\u90e8\u7f72\u200b Kube-OVN","text":""},{"location":"ops/from-calico/#_2","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c","text":"wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
"},{"location":"ops/from-calico/#_3","title":"\u4fee\u6539\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"\u200b\u5c06\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u91cd\u5efa\u200b Pod \u200b\u7684\u200b\u90e8\u5206\u200b\u5220\u9664\u200b\uff1a
echo \"[Step 4/6] Delete pod that not in host network mode\"\nfor ns in $(kubectl get ns --no-headers -o custom-columns=NAME:.metadata.name); do\n for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n \"$ns\" --ignore-not-found\n done\ndone\n
\u200b\u6309\u200b\u9700\u200b\u4fee\u6539\u200b\u4ee5\u4e0b\u200b\u914d\u7f6e\u200b\uff1a
REGISTRY=\"kubeovn\" # \u200b\u955c\u50cf\u200b\u4ed3\u5e93\u200b\u5730\u5740\u200b\nVERSION=\"v1.12.13\" # \u200b\u955c\u50cf\u200b\u7248\u672c\u200b/Tag\nPOD_CIDR=\"10.16.0.0/16\" # \u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/JOIN CIDR \u200b\u91cd\u53e0\u200b\nSVC_CIDR=\"10.96.0.0/12\" # \u200b\u9700\u8981\u200b\u548c\u200b apiserver \u200b\u7684\u200b service-cluster-ip-range \u200b\u4fdd\u6301\u4e00\u81f4\u200b\nJOIN_CIDR=\"100.64.0.0/16\" # Pod \u200b\u548c\u200b\u4e3b\u673a\u200b\u901a\u4fe1\u200b\u7f51\u7edc\u200b CIDR\uff0c\u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/POD CIDR \u200b\u91cd\u53e0\u200b \nLABEL=\"node-role.kubernetes.io/master\" # \u200b\u90e8\u7f72\u200b OVN DB \u200b\u8282\u70b9\u200b\u7684\u200b\u6807\u7b7e\u200b\nIFACE=\"\" # \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b\u7684\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u5982\u679c\u200b\u4e3a\u200b\u7a7a\u5219\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b Node IP \u200b\u6240\u5728\u200b\u7f51\u5361\u200b\nTUNNEL_TYPE=\"geneve\" # \u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\uff0c\u200b\u53ef\u200b\u9009\u200b geneve, vxlan \u200b\u6216\u200b stt\uff0cstt \u200b\u9700\u8981\u200b\u5355\u72ec\u200b\u7f16\u8bd1\u200b ovs \u200b\u5185\u6838\u6a21\u5757\u200b\n
\u200b\u6ce8\u610f\u200b\uff1aPOD_CIDR \u200b\u53ca\u200b JOIN_CIDR \u200b\u4e0d\u53ef\u200b\u4e0e\u200b Calico ippool \u200b\u7684\u200b CIDR \u200b\u51b2\u7a81\u200b\uff0c\u200b\u4e14\u200b POD_CIDR \u200b\u9700\u8981\u200b\u5305\u542b\u200b\u8db3\u591f\u200b\u591a\u200b\u7684\u200b IP \u200b\u6765\u200b\u5bb9\u7eb3\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u5df2\u6709\u200b\u7684\u200b Pod\u3002
"},{"location":"ops/from-calico/#_4","title":"\u6267\u884c\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"bash install.sh\n
"},{"location":"ops/from-calico/#_5","title":"\u9010\u4e2a\u200b\u8282\u70b9\u200b\u8fc1\u79fb","text":"\u200b\u6309\u7167\u200b\u4ee5\u4e0b\u200b\u65b9\u6cd5\u200b\u4e3a\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u9010\u4e2a\u200b\u8fdb\u884c\u200b\u8fc1\u79fb\u200b\u3002 \u200b\u6ce8\u610f\u200b\uff1a\u200b\u547d\u4ee4\u200b\u4e2d\u200b\u7684\u200b \\<NODE> \u200b\u9700\u8981\u200b\u66ff\u6362\u200b\u4e3a\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b\u3002
"},{"location":"ops/from-calico/#_6","title":"\u9a71\u9010\u200b\u8282\u70b9","text":"kubectl drain --ignore-daemonsets <NODE>\n
\u200b\u82e5\u6b64\u200b\u547d\u4ee4\u200b\u4e00\u76f4\u200b\u7b49\u5f85\u200b Pod \u200b\u88ab\u200b\u9a71\u9010\u200b\uff0c\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\u5f3a\u5236\u200b\u5220\u9664\u200b\u88ab\u200b\u9a71\u9010\u200b\u7684\u200b Pod\uff1a
kubectl get pod -A --field-selector=spec.nodeName=<NODE> --no-headers | \\\n awk '$4==\"Terminating\" {print $1\" \"$2}' | \\\n while read s; do kubectl delete pod --force -n $s; done\n
"},{"location":"ops/from-calico/#_7","title":"\u91cd\u542f\u200b\u8282\u70b9","text":"\u200b\u5728\u200b\u8282\u70b9\u200b\u4e2d\u200b\u6267\u884c\u200b\uff1a
shutdown -r 0\n
"},{"location":"ops/from-calico/#_8","title":"\u6062\u590d\u200b\u8282\u70b9","text":"kubectl uncordon <NODE>\n
"},{"location":"ops/from-calico/#calico","title":"\u5378\u8f7d\u200b Calico","text":""},{"location":"ops/from-calico/#k8s","title":"\u5220\u9664\u200b k8s \u200b\u8d44\u6e90","text":"kubectl -n kube-system delete deploy calico-kube-controllers\nkubectl -n kube-system delete ds calico-node\nkubectl -n kube-system delete cm calico-config\n# \u200b\u5220\u9664\u200b CRD \u200b\u53ca\u200b\u76f8\u5173\u200b\u8d44\u6e90\u200b\nkubectl get crd -o jsonpath='{range .items[*]}{.metadata.name}{\"\\n\"}{end}' | while read crd; do\n if ! echo $crd | grep '.crd.projectcalico.org$' >/dev/null; then\n continue\n fi\n\n for name in $(kubectl get $crd -o jsonpath='{.items[*].metadata.name}'); do\n kubectl delete $crd $name\n done\n kubectl delete crd $crd\ndone\n# \u200b\u5176\u5b83\u200b\u8d44\u6e90\u200b\nkubectl delete --ignore-not-found clusterrolebinding calico-node calico-kube-controllers\nkubectl delete --ignore-not-found clusterrole calico-node calico-kube-controllers\nkubectl delete --ignore-not-found sa -n kube-system calico-kube-controllers calico-node\nkubectl delete --ignore-not-found pdb -n kube-system calico-kube-controllers\n
"},{"location":"ops/from-calico/#_9","title":"\u6e05\u7406\u200b\u8282\u70b9\u200b\u6587\u4ef6","text":"\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e2d\u200b\u6267\u884c\u200b\uff1a
rm -f /etc/cni/net.d/10-calico.conflist /etc/cni/net.d/calico-kubeconfig\nrm -f /opt/cni/bin/calico /opt/cni/bin/calico-ipam\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/kubectl-ko/","title":"kubectl \u200b\u63d2\u4ef6\u200b\u4f7f\u7528","text":"\u200b\u4e3a\u4e86\u200b\u65b9\u4fbf\u200b\u65e5\u5e38\u200b\u7684\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\uff0cKube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b kubectl \u200b\u63d2\u4ef6\u200b\u5de5\u5177\u200b\uff0c\u200b\u7f51\u7edc\u7ba1\u7406\u5458\u200b \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u8be5\u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u65e5\u5e38\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u4f8b\u5982\u200b\uff1a\u200b\u67e5\u770b\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u4fe1\u606f\u200b\u548c\u200b\u72b6\u6001\u200b\uff0cOVN \u200b\u6570\u636e\u5e93\u200b \u200b\u5907\u4efd\u200b\u548c\u200b\u6062\u590d\u200b\uff0cOVS \u200b\u76f8\u5173\u200b\u4fe1\u606f\u200b\u67e5\u770b\u200b\uff0ctcpdump \u200b\u7279\u5b9a\u200b\u5bb9\u5668\u200b\uff0c\u200b\u7279\u5b9a\u200b\u94fe\u8def\u200b\u903b\u8f91\u200b\u62d3\u6251\u200b\u5c55\u793a\u200b\uff0c \u200b\u7f51\u7edc\u200b\u95ee\u9898\u200b\u8bca\u65ad\u200b\u548c\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u3002
"},{"location":"ops/kubectl-ko/#_1","title":"\u63d2\u4ef6\u200b\u5b89\u88c5","text":"Kube-OVN \u200b\u5b89\u88c5\u200b\u65f6\u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u90e8\u7f72\u200b\u63d2\u4ef6\u200b\u5230\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\uff0c\u200b\u82e5\u200b\u6267\u884c\u200b kubectl \u200b\u7684\u200b\u673a\u5668\u200b\u4e0d\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\uff0c \u200b\u6216\u200b\u9700\u8981\u200b\u91cd\u88c5\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u53ef\u200b\u53c2\u8003\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\uff1a
\u200b\u4e0b\u8f7d\u200b kubectl-ko \u200b\u6587\u4ef6\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/kubectl-ko\n
\u200b\u5c06\u200b\u8be5\u200b\u6587\u4ef6\u200b\u79fb\u52a8\u200b\u81f3\u200b $PATH \u200b\u76ee\u5f55\u200b\u4e0b\u200b\uff1a
mv kubectl-ko /usr/local/bin/kubectl-ko\n
\u200b\u589e\u52a0\u200b\u53ef\u200b\u6267\u884c\u200b\u6743\u9650\u200b\uff1a
chmod +x /usr/local/bin/kubectl-ko\n
\u200b\u68c0\u67e5\u200b\u63d2\u4ef6\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u4f7f\u7528\u200b\uff1a
# kubectl plugin list\nThe following compatible plugins are available:\n\n/usr/local/bin/kubectl-ko\n
"},{"location":"ops/kubectl-ko/#_2","title":"\u63d2\u4ef6\u200b\u4f7f\u7528","text":"\u200b\u8fd0\u884c\u200b kubectl ko \u200b\u4f1a\u200b\u5c55\u793a\u200b\u8be5\u200b\u63d2\u4ef6\u200b\u6240\u6709\u200b\u53ef\u7528\u200b\u7684\u200b\u547d\u4ee4\u200b\u548c\u200b\u7528\u6cd5\u200b\u63cf\u8ff0\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
# kubectl ko\nkubectl ko {subcommand} [option...]\nAvailable Subcommands:\n [nb|sb] [status|kick|backup|dbstatus|restore] ovn-db operations show cluster status, kick stale server, backup database, get db consistency status or restore ovn nb db when met 'inconsistent data' error\n nbctl [ovn-nbctl options ...] invoke ovn-nbctl\n sbctl [ovn-sbctl options ...] invoke ovn-sbctl\n vsctl {nodeName} [ovs-vsctl options ...] invoke ovs-vsctl on the specified node\n ofctl {nodeName} [ovs-ofctl options ...] invoke ovs-ofctl on the specified node\n dpctl {nodeName} [ovs-dpctl options ...] invoke ovs-dpctl on the specified node\n appctl {nodeName} [ovs-appctl options ...] invoke ovs-appctl on the specified node\n tcpdump {namespace/podname} [tcpdump options ...] capture pod traffic\n {trace|ovn-trace} ... trace ovn microflow of specific packet\"\n {trace|ovn-trace} {namespace/podname} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port] trace ICMP/TCP/UDP\n {trace|ovn-trace} {namespace/podname} {target ip address} [target mac address] arp {request|reply} trace ARP request/reply\n {trace|ovn-trace} {node//nodename} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port] trace ICMP/TCP/UDP\n {trace|ovn-trace} {node//nodename} {target ip address} [target mac address] arp {request|reply} trace ARP request/reply\n echo \" diagnose {all|node|subnet|IPPorts} [nodename|subnetName|{proto1}-{IP1}-{Port1},{proto2}-{IP2}-{Port2}] diagnose connectivity of all nodes or a specific node or specify subnet's ds pod or IPPorts like 'tcp-172.18.0.2-53,udp-172.18.0.3-53'\"\n tuning {install-fastpath|local-install-fastpath|remove-fastpath|install-stt|local-install-stt|remove-stt} {centos7|centos8}} [kernel-devel-version] deploy kernel optimisation components to the system\n reload restart all kube-ovn components\n log {kube-ovn|ovn|ovs|linux|all} save log to ./kubectl-ko-log/\n perf [image] performance test default image is kubeovn/test:v1.12.0 \n
\u200b\u4e0b\u9762\u200b\u5c06\u200b\u4ecb\u7ecd\u200b\u6bcf\u4e2a\u200b\u547d\u4ee4\u200b\u7684\u200b\u5177\u4f53\u200b\u529f\u80fd\u200b\u548c\u200b\u4f7f\u7528\u200b\u3002
"},{"location":"ops/kubectl-ko/#nb-sb-status-kick-backup-dbstatus-restore","title":"[nb | sb] [status | kick | backup | dbstatus | restore]","text":"\u200b\u8be5\u5b50\u200b\u547d\u4ee4\u200b\u4e3b\u8981\u200b\u5bf9\u200b OVN \u200b\u5317\u5411\u200b\u6216\u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5305\u62ec\u200b\u6570\u636e\u5e93\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u67e5\u770b\u200b\uff0c\u200b\u6570\u636e\u5e93\u200b\u8282\u70b9\u200b\u4e0b\u7ebf\u200b\uff0c \u200b\u6570\u636e\u5e93\u200b\u5907\u4efd\u200b\uff0c\u200b\u6570\u636e\u5e93\u200b\u5b58\u50a8\u72b6\u6001\u200b\u67e5\u770b\u200b\u548c\u200b\u6570\u636e\u5e93\u200b\u4fee\u590d\u200b\u3002
"},{"location":"ops/kubectl-ko/#_3","title":"\u6570\u636e\u5e93\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u67e5\u770b","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u5728\u200b\u5bf9\u5e94\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u7684\u200b leader \u200b\u8282\u70b9\u200b\u6267\u884c\u200b ovs-appctl cluster/status \u200b\u5c55\u793a\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b:
# kubectl ko nb status\n306b\nName: OVN_Northbound\nCluster ID: 9a87 (9a872522-3e7d-47ca-83a3-d74333e1a7ca)\nServer ID: 306b (306b256b-b5e1-4eb0-be91-4ca96adf6bad)\nAddress: tcp:[172.18.0.2]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 280309 ms ago, reason: timeout\nLast Election won: 280309 ms ago\nElection timer: 5000\nLog: [139, 139]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-8723 ->8723 <-85d6 ->85d6\nDisconnections: 0\nServers:\n 85d6 (85d6 at tcp:[172.18.0.4]:6643) next_index=139 match_index=138 last msg 763 ms ago\n 8723 (8723 at tcp:[172.18.0.3]:6643) next_index=139 match_index=138 last msg 763 ms ago\n 306b (306b at tcp:[172.18.0.2]:6643) (self) next_index=2 match_index=138\nstatus: ok\n
\u200b\u82e5\u200b Server \u200b\u4e0b\u200b\u7684\u200b match_index \u200b\u51fa\u73b0\u200b\u8f83\u5927\u200b\u5dee\u522b\u200b\uff0c\u200b\u4e14\u200b last msg \u200b\u65f6\u95f4\u200b\u8f83\u957f\u200b\u5219\u200b\u5bf9\u5e94\u200b Server \u200b\u53ef\u80fd\u200b\u957f\u65f6\u95f4\u200b\u6ca1\u6709\u54cd\u5e94\u200b\uff0c \u200b\u9700\u8981\u200b\u8fdb\u4e00\u6b65\u200b\u67e5\u770b\u200b\u3002
"},{"location":"ops/kubectl-ko/#_4","title":"\u6570\u636e\u5e93\u200b\u8282\u70b9\u200b\u4e0b\u7ebf","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u5c06\u200b\u67d0\u4e2a\u200b\u8282\u70b9\u200b\u4ece\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u4e2d\u200b\u79fb\u9664\u200b\uff0c\u200b\u5728\u200b\u8282\u70b9\u200b\u4e0b\u7ebf\u200b\u6216\u200b\u66f4\u6362\u200b\u8282\u70b9\u200b\u65f6\u200b\u9700\u8981\u200b\u7528\u5230\u200b\u3002 \u200b\u4e0b\u9762\u200b\u5c06\u200b\u4ee5\u4e0a\u200b\u4e00\u6761\u200b\u547d\u4ee4\u200b\u6240\u200b\u67e5\u770b\u200b\u5230\u200b\u7684\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u4e0b\u7ebf\u200b 172.18.0.3 \u200b\u8282\u70b9\u200b:
# kubectl ko nb kick 8723\nstarted removal\n
\u200b\u518d\u6b21\u200b\u67e5\u770b\u200b\u6570\u636e\u5e93\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u786e\u8ba4\u200b\u8282\u70b9\u200b\u5df2\u200b\u79fb\u9664\u200b\uff1a
# kubectl ko nb status\n306b\nName: OVN_Northbound\nCluster ID: 9a87 (9a872522-3e7d-47ca-83a3-d74333e1a7ca)\nServer ID: 306b (306b256b-b5e1-4eb0-be91-4ca96adf6bad)\nAddress: tcp:[172.18.0.2]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 324356 ms ago, reason: timeout\nLast Election won: 324356 ms ago\nElection timer: 5000\nLog: [140, 140]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-85d6 ->85d6\nDisconnections: 2\nServers:\n 85d6 (85d6 at tcp:[172.18.0.4]:6643) next_index=140 match_index=139 last msg 848 ms ago\n 306b (306b at tcp:[172.18.0.2]:6643) (self) next_index=2 match_index=139\nstatus: ok\n
"},{"location":"ops/kubectl-ko/#_5","title":"\u6570\u636e\u5e93\u200b\u5907\u4efd","text":"\u200b\u8be5\u5b50\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u5907\u4efd\u200b\u5f53\u524d\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u81f3\u200b\u672c\u5730\u200b\uff0c\u200b\u53ef\u200b\u7528\u4e8e\u200b\u707e\u5907\u200b\u548c\u200b\u6062\u590d\u200b\uff1a
# kubectl ko nb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnnb_db.060223191654183154.backup\n
"},{"location":"ops/kubectl-ko/#_6","title":"\u6570\u636e\u5e93\u200b\u5b58\u50a8\u72b6\u6001\u200b\u67e5\u770b","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u7528\u6765\u200b\u67e5\u770b\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u662f\u5426\u200b\u5b58\u5728\u200b\u635f\u574f\u200b\uff1a
# kubectl ko nb dbstatus\nstatus: ok\n
\u200b\u82e5\u200b\u5f02\u5e38\u200b\u5219\u200b\u663e\u793a\u200b inconsistent data \u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u4fee\u590d\u200b\u3002
"},{"location":"ops/kubectl-ko/#_7","title":"\u6570\u636e\u5e93\u200b\u4fee\u590d","text":"\u200b\u82e5\u200b\u6570\u636e\u5e93\u200b\u72b6\u6001\u200b\u8fdb\u5165\u200b inconsistent data \u200b\u53ef\u200b\u4f7f\u7528\u200b\u8be5\u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u4fee\u590d\u200b\uff1a
# kubectl ko nb restore\ndeployment.apps/ovn-central scaled\novn-central original replicas is 3\nfirst nodeIP is 172.18.0.5\novs-ovn pod on node 172.18.0.5 is ovs-ovn-8jxv9\novs-ovn pod on node 172.18.0.3 is ovs-ovn-sjzb6\novs-ovn pod on node 172.18.0.4 is ovs-ovn-t87zk\nbackup nb db file\nrestore nb db file, operate in pod ovs-ovn-8jxv9\ndeployment.apps/ovn-central scaled\nfinish restore nb db file and ovn-central replicas\nrecreate ovs-ovn pods\npod \"ovs-ovn-8jxv9\" deleted\npod \"ovs-ovn-sjzb6\" deleted\npod \"ovs-ovn-t87zk\" deleted\n
"},{"location":"ops/kubectl-ko/#nbctl-sbctl-options","title":"[nbctl | sbctl] [options ...]","text":"\u200b\u8be5\u5b50\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b OVN \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u6216\u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b \u200b\u7684\u200b leader \u200b\u8282\u70b9\u200b\u5206\u522b\u200b\u6267\u884c\u200b ovn-nbctl \u200b\u548c\u200b ovn-sbctl \u200b\u547d\u4ee4\u200b\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVN \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovn-nbctl(8) \u200b\u548c\u200b ovn-sbctl(8)\u3002
# kubectl ko nbctl show\nswitch c7cd17e8-ceee-4a91-9bb3-e5a313fe1ece (snat)\n port snat-ovn-cluster\n type: router\n router-port: ovn-cluster-snat\nswitch 20e0c6d0-023a-4756-aec5-200e0c60f95d (join)\n port node-liumengxin-ovn3-192.168.137.178\n addresses: [\"00:00:00:64:FF:A8 100.64.0.4\"]\n port node-liumengxin-ovn1-192.168.137.176\n addresses: [\"00:00:00:AF:98:62 100.64.0.2\"]\n port node-liumengxin-ovn2-192.168.137.177\n addresses: [\"00:00:00:D9:58:B8 100.64.0.3\"]\n port join-ovn-cluster\n type: router\n router-port: ovn-cluster-join\nswitch 0191705c-f827-427b-9de3-3c3b7d971ba5 (central)\n port central-ovn-cluster\n type: router\n router-port: ovn-cluster-central\nswitch 2a45ff05-388d-4f85-9daf-e6fccd5833dc (ovn-default)\n port alertmanager-main-0.monitoring\n addresses: [\"00:00:00:6C:DF:A3 10.16.0.19\"]\n port kube-state-metrics-5d6885d89-4nf8h.monitoring\n addresses: [\"00:00:00:6F:02:1C 10.16.0.15\"]\n port fake-kubelet-67c55dfd89-pv86k.kube-system\n addresses: [\"00:00:00:5C:12:E8 10.16.19.177\"]\n port ovn-default-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-default\nrouter 212f73dd-d63d-4d72-864b-a537e9afbee1 (ovn-cluster)\n port ovn-cluster-snat\n mac: \"00:00:00:7A:82:8F\"\n networks: [\"172.22.0.1/16\"]\n port ovn-cluster-join\n mac: \"00:00:00:F8:18:5A\"\n networks: [\"100.64.0.1/16\"]\n port ovn-cluster-central\n mac: \"00:00:00:4D:8C:F5\"\n networks: [\"192.101.0.1/16\"]\n port ovn-cluster-ovn-default\n mac: \"00:00:00:A3:F8:18\"\n networks: [\"10.16.0.1/16\"]\n
"},{"location":"ops/kubectl-ko/#vsctl-nodename-options","title":"vsctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-vsctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u8be2\u200b\u5e76\u200b\u914d\u7f6e\u200b vswitchd\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-vsctl(8)\u3002
# kubectl ko vsctl kube-ovn-01 show\n0d4c4675-c9cc-440a-8c1a-878e17f81b88\n Bridge br-int\n fail_mode: secure\n datapath_type: system\n Port a2c1a8a8b83a_h\n Interface a2c1a8a8b83a_h\n Port \"4fa5c4cbb1a5_h\"\n Interface \"4fa5c4cbb1a5_h\"\n Port ovn-eef07d-0\n Interface ovn-eef07d-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.178\"}\n Port ovn0\n Interface ovn0\n type: internal\n Port mirror0\n Interface mirror0\n type: internal\n Port ovn-efa253-0\n Interface ovn-efa253-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.177\"}\n Port br-int\n Interface br-int\n type: internal\n ovs_version: \"2.17.2\"\n
"},{"location":"ops/kubectl-ko/#ofctl-nodename-options","title":"ofctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-ofctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u8be2\u200b\u6216\u200b\u7ba1\u7406\u200b OpenFlow\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-ofctl(8)\u3002
# kubectl ko ofctl kube-ovn-01 dump-flows br-int\nNXST_FLOW reply (xid=0x4): flags=[more]\n cookie=0xcf3429e6, duration=671791.432s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=100,in_port=2 actions=load:0x4->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x1->NXM_NX_REG14[],resubmit(,8)\n cookie=0xc91413c6, duration=671791.431s, table=0, n_packets=907489, n_bytes=99978275, idle_age=0, hard_age=65534, priority=100,in_port=7 actions=load:0x1->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x4->NXM_NX_REG14[],resubmit(,8)\n cookie=0xf180459, duration=671791.431s, table=0, n_packets=17348582, n_bytes=2667811214, idle_age=0, hard_age=65534, priority=100,in_port=6317 actions=load:0xa->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x9->NXM_NX_REG14[],resubmit(,8)\n cookie=0x7806dd90, duration=671791.431s, table=0, n_packets=3235428, n_bytes=833821312, idle_age=0, hard_age=65534, priority=100,in_port=1 actions=load:0xd->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x3->NXM_NX_REG14[],resubmit(,8)\n...\n
"},{"location":"ops/kubectl-ko/#dpctl-nodename-options","title":"dpctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-dpctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u8be2\u200b\u6216\u200b\u7ba1\u7406\u200b OVS datapath\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-dpctl(8)\u3002
# kubectl ko dpctl kube-ovn-01 show\nsystem@ovs-system:\n lookups: hit:350805055 missed:21983648 lost:73\n flows: 105\n masks: hit:1970748791 total:22 hit/pkt:5.29\n port 0: ovs-system (internal)\n port 1: ovn0 (internal)\n port 2: mirror0 (internal)\n port 3: br-int (internal)\n port 4: stt_sys_7471 (stt: packet_type=ptap)\n port 5: eeb4d9e51b5d_h\n port 6: a2c1a8a8b83a_h\n port 7: 4fa5c4cbb1a5_h\n
"},{"location":"ops/kubectl-ko/#appctl-nodename-options","title":"appctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-appctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u6765\u200b\u64cd\u4f5c\u200b\u76f8\u5173\u200b daemon \u200b\u8fdb\u7a0b\u200b\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-appctl(8)\u3002
# kubectl ko appctl kube-ovn-01 vlog/list\n console syslog file\n ------- ------ ------\nbacktrace OFF ERR INFO\nbfd OFF ERR INFO\nbond OFF ERR INFO\nbridge OFF ERR INFO\nbundle OFF ERR INFO\nbundles OFF ERR INFO\n...\n
"},{"location":"ops/kubectl-ko/#tcpdump-namespacepodname-tcpdump-options","title":"tcpdump {namespace/podname} [tcpdump options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b namespace/podname \u200b\u6240\u5728\u200b\u673a\u5668\u200b\u7684\u200b kube-ovn-cni \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b tcpdump \u200b\u6293\u53d6\u200b\u5bf9\u5e94\u200b\u5bb9\u5668\u200b veth \u200b\u7f51\u5361\u200b \u200b\u7aef\u7684\u200b\u6d41\u91cf\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u65b9\u4fbf\u200b\u6392\u67e5\u200b\u7f51\u7edc\u200b\u76f8\u5173\u200b\u95ee\u9898\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
# kubectl ko tcpdump default/ds1-l6n7p icmp\n+ kubectl exec -it kube-ovn-cni-wlg4s -n kube-ovn -- tcpdump -nn -i d7176fe7b4e0_h icmp\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\nlistening on d7176fe7b4e0_h, link-type EN10MB (Ethernet), capture size 262144 bytes\n06:52:36.619688 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 1, length 64\n06:52:36.619746 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 1, length 64\n06:52:37.619588 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 2, length 64\n06:52:37.619630 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 2, length 64\n06:52:38.619933 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 3, length 64\n06:52:38.619973 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 3, length 64\n
"},{"location":"ops/kubectl-ko/#trace-arguments","title":"trace [arguments ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u5c06\u4f1a\u200b\u6253\u5370\u200b Pod \u200b\u6216\u200b\u8282\u70b9\u200b\u901a\u8fc7\u200b\u7279\u5b9a\u200b\u534f\u8bae\u200b\u8bbf\u95ee\u200b\u67d0\u200b\u5730\u5740\u200b\u65f6\u200b\u5bf9\u5e94\u200b\u7684\u200b OVN \u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\u548c\u200b\u6700\u7ec8\u200b\u7684\u200b Openflow \u200b\u6d41\u8868\u200b\uff0c \u200b\u65b9\u4fbf\u200b\u5f00\u53d1\u200b\u6216\u200b\u8fd0\u7ef4\u65f6\u200b\u5b9a\u4f4d\u200b\u6d41\u8868\u200b\u76f8\u5173\u200b\u95ee\u9898\u200b\u3002
\u200b\u652f\u6301\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
kubectl ko trace {namespace/podname} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]\nkubectl ko trace {namespace/podname} {target ip address} [target mac address] arp {request|reply}\nkubectl ko trace {node//nodename} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]\nkubectl ko trace {node//nodename} {target ip address} [target mac address] arp {request|reply}\n
\u200b\u793a\u4f8b\u200b\uff1a
# kubectl ko trace default/ds1-l6n7p 8.8.8.8 icmp\n+ kubectl exec ovn-central-5bc494cb5-np9hm -n kube-ovn -- ovn-trace --ct=new ovn-default 'inport == \"ds1-l6n7p.default\" && ip.ttl == 64 && icmp && eth.src == 0a:00:00:10:00:05 && ip4.src == 10.16.0.4 && eth.dst == 00:00:00:B8:CA:43 && ip4.dst == 8.8.8.8'\n# icmp,reg14=0xf,vlan_tci=0x0000,dl_src=0a:00:00:10:00:05,dl_dst=00:00:00:b8:ca:43,nw_src=10.16.0.4,nw_dst=8.8.8.8,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=0,icmp_code=0\n\ningress(dp=\"ovn-default\", inport=\"ds1-l6n7p.default\")\n-----------------------------------------------------\n 0. ls_in_port_sec_l2 (ovn-northd.c:4143): inport == \"ds1-l6n7p.default\" && eth.src == {0a:00:00:10:00:05}, priority 50, uuid 39453393\n next;\n 1. ls_in_port_sec_ip (ovn-northd.c:2898): inport == \"ds1-l6n7p.default\" && eth.src == 0a:00:00:10:00:05 && ip4.src == {10.16.0.4}, priority 90, uuid 81bcd485\n next;\n 3. ls_in_pre_acl (ovn-northd.c:3269): ip, priority 100, uuid 7b4f4971\n reg0[0] = 1;\n next;\n 5. ls_in_pre_stateful (ovn-northd.c:3396): reg0[0] == 1, priority 100, uuid 36cdd577\n ct_next;\n\nct_next(ct_state=new|trk)\n-------------------------\n 6. ls_in_acl (ovn-northd.c:3759): ip && (!ct.est || (ct.est && ct_label.blocked == 1)), priority 1, uuid 7608af5b\n reg0[1] = 1;\n next;\n10. ls_in_stateful (ovn-northd.c:3995): reg0[1] == 1, priority 100, uuid 2aba1b90\n ct_commit(ct_label=0/0x1);\n next;\n16. ls_in_l2_lkup (ovn-northd.c:4470): eth.dst == 00:00:00:b8:ca:43, priority 50, uuid 5c9c3c9f\n outport = \"ovn-default-ovn-cluster\";\n output;\n\n...\n
\u200b\u82e5\u200b trace \u200b\u5bf9\u8c61\u200b\u4e3a\u200b\u8fd0\u884c\u200b\u4e8e\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e0b\u200b\u7684\u200b\u865a\u62df\u673a\u200b\uff0c\u200b\u9700\u8981\u200b\u6dfb\u52a0\u200b\u989d\u5916\u200b\u53c2\u6570\u200b\u6765\u200b\u6307\u5b9a\u200b\u76ee\u7684\u200b Mac \u200b\u5730\u5740\u200b\uff1a
kubectl ko trace default/virt-handler-7lvml 8.8.8.8 82:7c:9f:83:8c:01 icmp\n
"},{"location":"ops/kubectl-ko/#diagnose-allnodesubnetipports-nodenamesubnetnameproto1-ip1-port1proto2-ip2-port2","title":"diagnose {all|node|subnet|IPPorts} [nodename|subnetName|{proto1}-{IP1}-{Port1},{proto2}-{IP2}-{Port2}]","text":"\u200b\u8bca\u65ad\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u7ec4\u4ef6\u200b\u72b6\u6001\u200b\uff0c\u200b\u5e76\u200b\u53bb\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u7684\u200b kube-ovn-pinger \u200b\u68c0\u6d4b\u200b\u5f53\u524d\u200b\u8282\u70b9\u200b\u5230\u200b\u5176\u4ed6\u200b\u8282\u70b9\u200b\u548c\u200b\u5173\u952e\u200b\u670d\u52a1\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u548c\u200b\u7f51\u7edc\u200b\u5ef6\u8fdf\u200b\uff1a
# kubectl ko diagnose all\nswitch c7cd17e8-ceee-4a91-9bb3-e5a313fe1ece (snat)\n port snat-ovn-cluster\n type: router\n router-port: ovn-cluster-snat\nswitch 20e0c6d0-023a-4756-aec5-200e0c60f95d (join)\n port node-liumengxin-ovn3-192.168.137.178\n addresses: [\"00:00:00:64:FF:A8 100.64.0.4\"]\n port node-liumengxin-ovn1-192.168.137.176\n addresses: [\"00:00:00:AF:98:62 100.64.0.2\"]\n port join-ovn-cluster\n type: router\n router-port: ovn-cluster-join\nswitch 0191705c-f827-427b-9de3-3c3b7d971ba5 (central)\n port central-ovn-cluster\n type: router\n router-port: ovn-cluster-central\nswitch 2a45ff05-388d-4f85-9daf-e6fccd5833dc (ovn-default)\n port ovn-default-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-default\n port prometheus-k8s-1.monitoring\n addresses: [\"00:00:00:AA:37:DF 10.16.0.23\"]\nrouter 212f73dd-d63d-4d72-864b-a537e9afbee1 (ovn-cluster)\n port ovn-cluster-snat\n mac: \"00:00:00:7A:82:8F\"\n networks: [\"172.22.0.1/16\"]\n port ovn-cluster-join\n mac: \"00:00:00:F8:18:5A\"\n networks: [\"100.64.0.1/16\"]\n port ovn-cluster-central\n mac: \"00:00:00:4D:8C:F5\"\n networks: [\"192.101.0.1/16\"]\n port ovn-cluster-ovn-default\n mac: \"00:00:00:A3:F8:18\"\n networks: [\"10.16.0.1/16\"]\nRouting Policies\n 31000 ip4.dst == 10.16.0.0/16 allow\n 31000 ip4.dst == 100.64.0.0/16 allow\n 30000 ip4.dst == 192.168.137.177 reroute 100.64.0.3\n 30000 ip4.dst == 192.168.137.178 reroute 100.64.0.4\n 29000 ip4.src == $ovn.default.fake.6_ip4 reroute 100.64.0.22\n 29000 ip4.src == $ovn.default.fake.7_ip4 reroute 100.64.0.21\n 29000 ip4.src == $ovn.default.fake.8_ip4 reroute 100.64.0.23\n 29000 ip4.src == $ovn.default.liumengxin.ovn3.192.168.137.178_ip4 reroute 100.64.0.4\n 20000 ip4.src == $ovn.default.liumengxin.ovn1.192.168.137.176_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.2\n 20000 ip4.src == $ovn.default.liumengxin.ovn2.192.168.137.177_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.3\n 20000 ip4.src == $ovn.default.liumengxin.ovn3.192.168.137.178_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.4\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 100.64.0.1 dst-ip\nUUID LB PROTO VIP IPs\ne9bcfd9d-793e-4431-9073-6dec96b75d71 cluster-tcp-load tcp 10.100.209.132:10660 192.168.137.176:10660\n tcp 10.101.239.192:6641 192.168.137.177:6641\n tcp 10.101.240.101:3000 10.16.0.7:3000\n tcp 10.103.184.186:6642 192.168.137.177:6642\n35d2b7a5-e3a7-485a-a4b7-b4970eb0e63b cluster-tcp-sess tcp 10.100.158.128:8080 10.16.0.10:8080,10.16.0.5:8080,10.16.63.30:8080\n tcp 10.107.26.215:8080 10.16.0.19:8080,10.16.0.20:8080,10.16.0.21:8080\n tcp 10.107.26.215:9093 10.16.0.19:9093,10.16.0.20:9093,10.16.0.21:9093\n tcp 10.98.187.99:8080 10.16.0.22:8080,10.16.0.23:8080\n tcp 10.98.187.99:9090 10.16.0.22:9090,10.16.0.23:9090\nf43303e4-89aa-4d3e-a3dc-278a552fe27b cluster-udp-load udp 10.96.0.10:53 10.16.0.4:53,10.16.0.9:53\n_uuid : 06776304-5a96-43ed-90c4-c4854c251699\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn2_192.168.137.177_underlay_v6\n\n_uuid : 62690625-87d5-491c-8675-9fd83b1f433c\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn1_192.168.137.176_underlay_v6\n\n_uuid : b03a9bae-94d5-4562-b34c-b5f6198e180b\naddresses : [\"10.16.0.0/16\", \"100.64.0.0/16\", \"172.22.0.0/16\", \"192.101.0.0/16\"]\nexternal_ids : {vendor=kube-ovn}\nname : ovn.cluster.overlay.subnets.IPv4\n\n_uuid : e1056f3a-24cc-4666-8a91-75ee6c3c2426\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : ovn.cluster.overlay.subnets.IPv6\n\n_uuid : 3e5d5fff-e670-47b2-a2f5-a39f4698a8c5\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn3_192.168.137.178_underlay_v6\n_uuid : 2d85dbdc-d0db-4abe-b19e-cc806d32b492\naction : drop\ndirection : from-lport\nexternal_ids : {}\nlabel : 0\nlog : false\nmatch : \"inport==@ovn.sg.kubeovn_deny_all && ip\"\nmeter : []\nname : []\noptions : {}\npriority : 2003\nseverity : []\n\n_uuid : de790cc8-f155-405f-bb32-5a51f30c545f\naction : drop\ndirection : to-lport\nexternal_ids : {}\nlabel : 0\nlog : false\nmatch : \"outport==@ovn.sg.kubeovn_deny_all && ip\"\nmeter : []\nname : []\noptions : {}\npriority : 2003\nseverity : []\nChassis \"e15ed4d4-1780-4d50-b09e-ea8372ed48b8\"\n hostname: liumengxin-ovn1-192.168.137.176\n Encap stt\n ip: \"192.168.137.176\"\n options: {csum=\"true\"}\n Port_Binding node-liumengxin-ovn1-192.168.137.176\n Port_Binding perf-6vxkn.default\n Port_Binding kube-state-metrics-5d6885d89-4nf8h.monitoring\n Port_Binding alertmanager-main-0.monitoring\n Port_Binding kube-ovn-pinger-6ftdf.kube-system\n Port_Binding fake-kubelet-67c55dfd89-pv86k.kube-system\n Port_Binding prometheus-k8s-0.monitoring\nChassis \"eef07da1-f8ad-4775-b14d-bd6a3b4eb0d5\"\n hostname: liumengxin-ovn3-192.168.137.178\n Encap stt\n ip: \"192.168.137.178\"\n options: {csum=\"true\"}\n Port_Binding kube-ovn-pinger-7twb4.kube-system\n Port_Binding prometheus-adapter-86df476d87-rl88g.monitoring\n Port_Binding prometheus-k8s-1.monitoring\n Port_Binding node-liumengxin-ovn3-192.168.137.178\n Port_Binding perf-ff475.default\n Port_Binding alertmanager-main-1.monitoring\n Port_Binding blackbox-exporter-676d976865-tvsjd.monitoring\nChassis \"efa253c9-494d-4719-83ae-b48ab0f11c03\"\n hostname: liumengxin-ovn2-192.168.137.177\n Encap stt\n ip: \"192.168.137.177\"\n options: {csum=\"true\"}\n Port_Binding grafana-6c4c6b8fb7-pzd2c.monitoring\n Port_Binding node-liumengxin-ovn2-192.168.137.177\n Port_Binding alertmanager-main-2.monitoring\n Port_Binding coredns-6789c94dd8-9jqsz.kube-system\n Port_Binding coredns-6789c94dd8-25d4r.kube-system\n Port_Binding prometheus-operator-7bbc99fc8b-wgjm4.monitoring\n Port_Binding prometheus-adapter-86df476d87-gdxmc.monitoring\n Port_Binding perf-fjnws.default\n Port_Binding kube-ovn-pinger-vh2xg.kube-system\nds kube-proxy ready\nkube-proxy ready\ndeployment ovn-central ready\ndeployment kube-ovn-controller ready\nds kube-ovn-cni ready\nds ovs-ovn ready\ndeployment coredns ready\novn-nb leader check ok\novn-sb leader check ok\novn-northd leader check ok\n### kube-ovn-controller recent log\n\n### start to diagnose node liumengxin-ovn1-192.168.137.176\n#### ovn-controller log:\n2022-06-03T00:56:44.897Z|16722|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:06:44.912Z|16723|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:16:44.925Z|16724|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:26:44.936Z|16725|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:36:44.959Z|16726|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:46:44.974Z|16727|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:56:44.988Z|16728|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:06:45.001Z|16729|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:16:45.025Z|16730|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:26:45.040Z|16731|inc_proc_eng|INFO|User triggered force recompute.\n\n#### ovs-vswitchd log:\n2022-06-02T23:03:00.137Z|00079|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:f9d1\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-02T23:23:31.840Z|00080|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:15b2\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T00:09:15.659Z|00081|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:dc:e3:63,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.63.30,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:e5a5\n with metadata skb_priority(0),tunnel(tun_id=0x150017000004,src=192.168.137.178,dst=192.168.137.176,ttl=64,tp_src=9239,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.63.30,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T00:30:13.409Z|00064|dpif(handler2)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:6b4a\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T02:02:33.832Z|00082|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:a819\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n\n#### ovs-vsctl show results:\n0d4c4675-c9cc-440a-8c1a-878e17f81b88\n Bridge br-int\n fail_mode: secure\n datapath_type: system\n Port a2c1a8a8b83a_h\n Interface a2c1a8a8b83a_h\n Port \"4fa5c4cbb1a5_h\"\n Interface \"4fa5c4cbb1a5_h\"\n Port ovn-eef07d-0\n Interface ovn-eef07d-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.178\"}\n Port ovn0\n Interface ovn0\n type: internal\n Port \"04d03360e9a0_h\"\n Interface \"04d03360e9a0_h\"\n Port eeb4d9e51b5d_h\n Interface eeb4d9e51b5d_h\n Port mirror0\n Interface mirror0\n type: internal\n Port \"8e5d887ccd80_h\"\n Interface \"8e5d887ccd80_h\"\n Port ovn-efa253-0\n Interface ovn-efa253-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.177\"}\n Port \"17512d5be1f1_h\"\n Interface \"17512d5be1f1_h\"\n Port br-int\n Interface br-int\n type: internal\n ovs_version: \"2.17.2\"\n\n#### pinger diagnose results:\nI0603 10:35:04.349404 17619 pinger.go:19]\n-------------------------------------------------------------------------------\nKube-OVN:\n Version: v1.12.13\n Build: 2022-04-24_08:02:50\n Commit: git-73f9d15\n Go Version: go1.17.8\n Arch: amd64\n-------------------------------------------------------------------------------\nI0603 10:35:04.376797 17619 config.go:166] pinger config is &{KubeConfigFile: KubeClient:0xc000493380 Port:8080 DaemonSetNamespace:kube-system DaemonSetName:kube-ovn-pinger Interval:5 Mode:job ExitCode:0 InternalDNS:kubernetes.default ExternalDNS: NodeName:liumengxin-ovn1-192.168.137.176 HostIP:192.168.137.176 PodName:kube-ovn-pinger-6ftdf PodIP:10.16.0.10 PodProtocols:[IPv4] ExternalAddress: NetworkMode:kube-ovn PollTimeout:2 PollInterval:15 SystemRunDir:/var/run/openvswitch DatabaseVswitchName:Open_vSwitch DatabaseVswitchSocketRemote:unix:/var/run/openvswitch/db.sock DatabaseVswitchFileDataPath:/etc/openvswitch/conf.db DatabaseVswitchFileLogPath:/var/log/openvswitch/ovsdb-server.log DatabaseVswitchFilePidPath:/var/run/openvswitch/ovsdb-server.pid DatabaseVswitchFileSystemIDPath:/etc/openvswitch/system-id.conf ServiceVswitchdFileLogPath:/var/log/openvswitch/ovs-vswitchd.log ServiceVswitchdFilePidPath:/var/run/openvswitch/ovs-vswitchd.pid ServiceOvnControllerFileLogPath:/var/log/ovn/ovn-controller.log ServiceOvnControllerFilePidPath:/var/run/ovn/ovn-controller.pid}\nI0603 10:35:04.449166 17619 exporter.go:75] liumengxin-ovn1-192.168.137.176: exporter connect successfully\nI0603 10:35:04.554011 17619 ovn.go:21] ovs-vswitchd and ovsdb are up\nI0603 10:35:04.651293 17619 ovn.go:33] ovn_controller is up\nI0603 10:35:04.651342 17619 ovn.go:39] start to check port binding\nI0603 10:35:04.749613 17619 ovn.go:135] chassis id is 1d7f3d6c-eec5-4b3c-adca-2969d9cdfd80\nI0603 10:35:04.763487 17619 ovn.go:49] port in sb is [node-liumengxin-ovn1-192.168.137.176 perf-6vxkn.default kube-state-metrics-5d6885d89-4nf8h.monitoring alertmanager-main-0.monitoring kube-ovn-pinger-6ftdf.kube-system fake-kubelet-67c55dfd89-pv86k.kube-system prometheus-k8s-0.monitoring]\nI0603 10:35:04.763583 17619 ovn.go:61] ovs and ovn-sb binding check passed\nI0603 10:35:05.049309 17619 ping.go:259] start to check apiserver connectivity\nI0603 10:35:05.053666 17619 ping.go:268] connect to apiserver success in 4.27ms\nI0603 10:35:05.053786 17619 ping.go:129] start to check pod connectivity\nI0603 10:35:05.249590 17619 ping.go:159] ping pod: kube-ovn-pinger-6ftdf 10.16.0.10, count: 3, loss count 0, average rtt 16.30ms\nI0603 10:35:05.354135 17619 ping.go:159] ping pod: kube-ovn-pinger-7twb4 10.16.63.30, count: 3, loss count 0, average rtt 1.81ms\nI0603 10:35:05.458460 17619 ping.go:159] ping pod: kube-ovn-pinger-vh2xg 10.16.0.5, count: 3, loss count 0, average rtt 1.92ms\nI0603 10:35:05.458523 17619 ping.go:83] start to check node connectivity\n
\u200b\u5982\u679c\u200b diagnose \u200b\u7684\u200b\u76ee\u6807\u200b\u6307\u5b9a\u200b\u4e3a\u200b subnet \u200b\u8be5\u200b\u811a\u672c\u200b\u4f1a\u200b\u5728\u200b subnet \u200b\u4e0a\u200b\u5efa\u7acb\u200b daemonset\uff0c\u200b\u7531\u200b kube-ovn-pinger \u200b\u53bb\u200b\u63a2\u6d4b\u200b\u8fd9\u4e2a\u200b daemonset \u200b\u7684\u200b\u6240\u6709\u200b pod \u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u548c\u200b\u7f51\u7edc\u5ef6\u65f6\u200b\uff0c\u200b\u6d4b\u8bd5\u200b\u5b8c\u540e\u200b\u81ea\u52a8\u200b\u9500\u6bc1\u200b\u8be5\u200b daemonset\u3002
\u200b\u5982\u679c\u200b diagnose \u200b\u7684\u200b\u76ee\u6807\u200b\u6307\u5b9a\u200b\u4e3a\u200b IPPorts \u200b\u8be5\u200b\u811a\u672c\u200b\u4f1a\u200b\u8ba9\u200b\u6bcf\u4e2a\u200b kube-ovn-pinger pod \u200b\u53bb\u200b\u63a2\u6d4b\u200b\u76ee\u6807\u200b\u534f\u8bae\u200b\uff0cIP\uff0cPort \u200b\u662f\u5426\u200b\u53ef\u200b\u8fbe\u200b\u3002
"},{"location":"ops/kubectl-ko/#tuning-install-fastpathlocal-install-fastpathremove-fastpathinstall-sttlocal-install-sttremove-stt-centos7centos8-kernel-devel-version","title":"tuning {install-fastpath|local-install-fastpath|remove-fastpath|install-stt|local-install-stt|remove-stt} {centos7|centos8}} [kernel-devel-version]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u6267\u884c\u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5177\u4f53\u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b\u3002
"},{"location":"ops/kubectl-ko/#reload","title":"reload","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u91cd\u542f\u200b\u6240\u6709\u200b Kube-OVN \u200b\u76f8\u5173\u200b\u7ec4\u4ef6\u200b\uff1a
# kubectl ko reload\npod \"ovn-central-8684dd94bd-vzgcr\" deleted\nWaiting for deployment \"ovn-central\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"ovn-central\" successfully rolled out\npod \"ovs-ovn-bsnvz\" deleted\npod \"ovs-ovn-m9b98\" deleted\npod \"kube-ovn-controller-8459db5ff4-64c62\" deleted\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\npod \"kube-ovn-cni-2klnh\" deleted\npod \"kube-ovn-cni-t2jz4\" deleted\nWaiting for daemon set \"kube-ovn-cni\" rollout to finish: 0 of 2 updated pods are available...\nWaiting for daemon set \"kube-ovn-cni\" rollout to finish: 1 of 2 updated pods are available...\ndaemon set \"kube-ovn-cni\" successfully rolled out\npod \"kube-ovn-pinger-ln72z\" deleted\npod \"kube-ovn-pinger-w8lrk\" deleted\nWaiting for daemon set \"kube-ovn-pinger\" rollout to finish: 0 of 2 updated pods are available...\nWaiting for daemon set \"kube-ovn-pinger\" rollout to finish: 1 of 2 updated pods are available...\ndaemon set \"kube-ovn-pinger\" successfully rolled out\npod \"kube-ovn-monitor-7fb67d5488-7q6zb\" deleted\nWaiting for deployment \"kube-ovn-monitor\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"kube-ovn-monitor\" successfully rolled out\n
"},{"location":"ops/kubectl-ko/#log","title":"log","text":"\u200b\u4f7f\u7528\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u6293\u53d6\u200b kube-ovn \u200b\u6240\u6709\u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b Kube-OVN\uff0cOVN\uff0cOpenvswitch \u200b\u7684\u200b log \u200b\u4ee5\u53ca\u200b linux \u200b\u5e38\u7528\u200b\u7684\u200b\u4e00\u4e9b\u200b debug \u200b\u4fe1\u606f\u200b\u3002
# kubectl ko log all\nCollecting kube-ovn logging files\nCollecting ovn logging files\nCollecting openvswitch logging files\nCollecting linux dmesg files\nCollecting linux iptables-legacy files\nCollecting linux iptables-nft files\nCollecting linux route files\nCollecting linux link files\nCollecting linux neigh files\nCollecting linux memory files\nCollecting linux top files\nCollecting linux sysctl files\nCollecting linux netstat files\nCollecting linux addr files\nCollecting linux ipset files\nCollecting linux tcp files\nCollected files have been saved in the directory /root/kubectl-ko-log\n
\u200b\u76ee\u5f55\u200b\u5982\u4e0b\u200b\uff1a
# tree kubectl-ko-log/\nkubectl-ko-log/\n|-- kube-ovn-control-plane\n| |-- kube-ovn\n| | |-- kube-ovn-cni.log\n| | |-- kube-ovn-monitor.log\n| | `-- kube-ovn-pinger.log\n| |-- linux\n| | |-- addr.log\n| | |-- dmesg.log\n| | |-- ipset.log\n| | |-- iptables-legacy.log\n| | |-- iptables-nft.log\n| | |-- link.log\n| | |-- memory.log\n| | |-- neigh.log\n| | |-- netstat.log\n| | |-- route.log\n| | |-- sysctl.log\n| | |-- tcp.log\n| | `-- top.log\n| |-- openvswitch\n| | |-- ovs-vswitchd.log\n| | `-- ovsdb-server.log\n| `-- ovn\n| |-- ovn-controller.log\n| |-- ovn-northd.log\n| |-- ovsdb-server-nb.log\n| `-- ovsdb-server-sb.log\n
"},{"location":"ops/kubectl-ko/#perf-image","title":"perf [image]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u53bb\u200b\u6d4b\u8bd5\u200b Kube-OVN \u200b\u7684\u200b\u4e00\u4e9b\u200b\u6027\u80fd\u6307\u6807\u200b\u5982\u4e0b\u200b\uff1a
- \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u6307\u6807\u200b\uff1b
- Hostnetwork \u200b\u7f51\u7edc\u200b\u6027\u80fd\u6307\u6807\u200b\uff1b
- \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7ec4\u200b\u64ad\u62a5\u200b\u6587\u200b\u6027\u80fd\u6307\u6807\u200b\uff1b
- OVN-NB, OVN-SB, OVN-Northd leader \u200b\u5220\u9664\u200b\u6062\u590d\u200b\u6240\u200b\u9700\u200b\u65f6\u95f4\u200b\u3002
\u200b\u53c2\u6570\u200b image \u200b\u7528\u4e8e\u200b\u6307\u5b9a\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b pod \u200b\u6240\u7528\u200b\u7684\u200b\u955c\u50cf\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u662f\u200b kubeovn/test:v1.12.0, \u200b\u8bbe\u7f6e\u200b\u8be5\u200b\u53c2\u6570\u200b\u4e3b\u8981\u200b\u662f\u200b\u4e3a\u4e86\u200b\u79bb\u7ebf\u200b\u573a\u666f\u200b\uff0c\u200b\u5c06\u200b\u955c\u50cf\u200b\u62c9\u5230\u200b\u5185\u7f51\u200b\u73af\u5883\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u6709\u200b\u955c\u50cf\u200b\u540d\u200b\u53d8\u5316\u200b\u3002
# kubectl ko perf\n============================== Prepareing Performance Test Resources ===============================\npod/test-client created\npod/test-host-client created\npod/test-server created\npod/test-host-server created\nservice/test-server created\npod/test-client condition met\npod/test-host-client condition met\npod/test-host-server condition met\npod/test-server condition met\n====================================================================================================\n============================ Start Pod Network Unicast Performance Test ============================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 82.8 us 97.7 Mbits/sec 67.6 us (0%) 8.42 Mbits/sec\n128 85.4 us 167 Mbits/sec 67.2 us (0%) 17.2 Mbits/sec\n512 85.8 us 440 Mbits/sec 68.7 us (0%) 68.4 Mbits/sec\n1k 85.1 us 567 Mbits/sec 68.7 us (0%) 134 Mbits/sec\n4k 138 us 826 Mbits/sec 78.1 us (1.4%) 503 Mbits/sec\n====================================================================================================\n=============================== Start Host Network Performance Test ================================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 49.7 us 120 Mbits/sec 37.9 us (0%) 18.6 Mbits/sec\n128 49.7 us 200 Mbits/sec 38.1 us (0%) 35.5 Mbits/sec\n512 51.9 us 588 Mbits/sec 38.9 us (0%) 142 Mbits/sec\n1k 51.7 us 944 Mbits/sec 37.2 us (0%) 279 Mbits/sec\n4k 74.9 us 1.66 Gbits/sec 39.9 us (0%) 1.20 Gbits/sec\n====================================================================================================\n============================== Start Service Network Performance Test ==============================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 111 us 96.3 Mbits/sec 88.4 us (0%) 7.59 Mbits/sec\n128 83.7 us 150 Mbits/sec 69.2 us (0%) 16.9 Mbits/sec\n512 87.4 us 374 Mbits/sec 75.8 us (0%) 60.9 Mbits/sec\n1k 88.2 us 521 Mbits/sec 73.1 us (0%) 123 Mbits/sec\n4k 148 us 813 Mbits/sec 77.6 us (0.0044%) 451 Mbits/sec\n====================================================================================================\n=========================== Start Pod Multicast Network Performance Test ===========================\nSize UDP Latency UDP Lost Rate UDP Bandwidth\n64 0.014 ms (0.17%) 5.80 Mbits/sec\n128 0.012 ms (0%) 11.4 Mbits/sec\n512 0.016 ms (0%) 46.1 Mbits/sec\n1k 0.023 ms (0.073%) 89.8 Mbits/sec\n4k 0.035 ms (1.3%) 126 Mbits/sec\n====================================================================================================\n============================= Start Host Multicast Network Performance =============================\nSize UDP Latency UDP Lost Rate UDP Bandwidth\n64 0.007 ms (0%) 9.95 Mbits/sec\n128 0.005 ms (0%) 21.8 Mbits/sec\n512 0.008 ms (0%) 86.8 Mbits/sec\n1k 0.013 ms (0.045%) 168 Mbits/sec\n4k 0.010 ms (0.31%) 242 Mbits/sec\n====================================================================================================\n================================== Start Leader Recover Time Test ==================================\nDelete ovn central nb pod\npod \"ovn-central-5cb9c67d75-tlz9w\" deleted\nWaiting for ovn central nb pod running\n=============================== OVN nb Recovery takes 3.305236803 s ================================\nDelete ovn central sb pod\npod \"ovn-central-5cb9c67d75-szx4c\" deleted\nWaiting for ovn central sb pod running\n=============================== OVN sb Recovery takes 3.462698535 s ================================\nDelete ovn central northd pod\npod \"ovn-central-5cb9c67d75-zqmqv\" deleted\nWaiting for ovn central northd pod running\n============================= OVN northd Recovery takes 2.691291403 s ==============================\n====================================================================================================\n================================= Remove Performance Test Resource =================================\nrm -f unicast-test-client.log\nrm -f unicast-test-host-client.log\nrm -f unicast-test-client.log\nkubectl ko nbctl lb-del test-server\nrm -f multicast-test-server.log\nkubectl exec ovs-ovn-gxdrf -n kube-system -- ip maddr del 01:00:5e:00:00:64 dev eth0\nkubectl exec ovs-ovn-h57bf -n kube-system -- ip maddr del 01:00:5e:00:00:64 dev eth0\nrm -f multicast-test-host-server.log\npod \"test-client\" deleted\npod \"test-host-client\" deleted\npod \"test-host-server\" deleted\npod \"test-server\" deleted\nservice \"test-server\" deleted\n====================================================================================================\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/recover-db/","title":"OVN \u200b\u6570\u636e\u5e93\u200b\u5907\u4efd\u200b\u548c\u200b\u6062\u590d","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u8fdb\u884c\u200b\u6570\u636e\u5e93\u200b\u5907\u4efd\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5728\u200b\u4e0d\u540c\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u5982\u4f55\u200b\u901a\u8fc7\u200b\u5df2\u6709\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u96c6\u7fa4\u200b\u6062\u590d\u200b\u3002
"},{"location":"ops/recover-db/#_1","title":"\u6570\u636e\u5e93\u200b\u5907\u4efd","text":"\u200b\u5229\u7528\u200b kubectl \u200b\u63d2\u4ef6\u200b\u7684\u200b backup \u200b\u547d\u4ee4\u200b\u53ef\u4ee5\u200b\u5bf9\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u5907\u4efd\u200b\uff0c\u200b\u4ee5\u200b\u7528\u4e8e\u200b\u6545\u969c\u200b\u65f6\u200b\u6062\u590d\u200b\uff1a
# kubectl ko nb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnnb_db.060223191654183154.backup\n\n# kubectl ko sb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnsb_db.060223191654183154.backup\n
"},{"location":"ops/recover-db/#_2","title":"\u96c6\u7fa4\u200b\u90e8\u5206\u200b\u6545\u969c\u200b\u6062\u590d","text":"\u200b\u82e5\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u5b58\u5728\u200b\u90e8\u5206\u200b\u8282\u70b9\u200b\u56e0\u4e3a\u200b\u65ad\u7535\u200b\uff0c\u200b\u6587\u4ef6\u7cfb\u7edf\u200b\u6545\u969c\u200b\u6216\u200b\u78c1\u76d8\u7a7a\u95f4\u200b\u4e0d\u8db3\u200b\u5bfc\u81f4\u200b\u5de5\u4f5c\u200b\u5f02\u5e38\u200b\uff0c \u200b\u4f46\u662f\u200b\u96c6\u7fa4\u200b\u4ecd\u200b\u53ef\u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5982\u4e0b\u200b\u6b65\u9aa4\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u3002
"},{"location":"ops/recover-db/#_3","title":"\u67e5\u770b\u200b\u65e5\u5fd7\u200b\u786e\u8ba4\u200b\u72b6\u6001\u200b\u5f02\u5e38","text":"\u200b\u67e5\u770b\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b /var/log/ovn/ovn-northd.log\uff0c\u200b\u82e5\u200b\u63d0\u793a\u200b\u7c7b\u4f3c\u200b\u9519\u8bef\u200b\u5219\u200b\u53ef\u200b\u5224\u65ad\u200b\u6570\u636e\u5e93\u200b\u5b58\u5728\u200b\u5f02\u5e38\u200b
* ovn-northd is not running\novsdb-server: ovsdb error: error reading record 2739 from OVN_Northbound log: record 2739 advances commit index to 6308 but last log index is 6307\n * Starting ovsdb-nb\n
"},{"location":"ops/recover-db/#_4","title":"\u4ece\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u200b\u5bf9\u5e94\u200b\u8282\u70b9","text":"\u200b\u6839\u636e\u200b\u65e5\u5fd7\u200b\u63d0\u793a\u200b\u662f\u200b OVN_Northbound \u200b\u8fd8\u662f\u200b OVN_Southbound \u200b\u9009\u62e9\u200b\u5bf9\u5e94\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u3002 \u200b\u4e0a\u8ff0\u200b\u65e5\u5fd7\u200b\u63d0\u793a\u200b\u4e3a\u200b OVN_Northbound \u200b\u5219\u200b\u5bf9\u200b ovn-nb \u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff1a
# kubectl ko nb status\n9182\nName: OVN_Northbound\nCluster ID: e75f (e75fa340-49ed-45ab-990e-26cb865ebc85)\nServer ID: 9182 (9182e8dd-b5b0-4dd8-8518-598cc1e374f3)\nAddress: tcp:[10.0.128.61]:6643\nStatus: cluster member\nRole: leader\nTerm: 1454\nLeader: self\nVote: self\n\nLast Election started 1732603 ms ago, reason: timeout\nLast Election won: 1732587 ms ago\nElection timer: 1000\nLog: [7332, 12512]\nEntries not yet committed: 1\nEntries not yet applied: 1\nConnections: ->f080 <-f080 <-e631 ->e631\nDisconnections: 1\nServers:\n f080 (f080 at tcp:[10.0.129.139]:6643) next_index=12512 match_index=12510 last msg 63 ms ago\n 9182 (9182 at tcp:[10.0.128.61]:6643) (self) next_index=10394 match_index=12510\n e631 (e631 at tcp:[10.0.131.173]:6643) next_index=12512 match_index=0\n
\u200b\u4ece\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u200b\u72b6\u6001\u200b\u5f02\u5e38\u200b\u8282\u70b9\u200b\uff1a
kubectl ko nb kick e631\n
\u200b\u767b\u5f55\u200b\u5f02\u5e38\u200b\u8282\u70b9\u200b\uff0c\u200b\u5220\u9664\u200b\u5bf9\u5e94\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff1a
mv /etc/origin/ovn/ovnnb_db.db /tmp\n
\u200b\u5220\u9664\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u7684\u200b ovn-central Pod\uff0c\u200b\u7b49\u5f85\u200b\u96c6\u7fa4\u200b\u81ea\u52a8\u200b\u6062\u590d\u200b\uff1a
kubectl delete pod -n kube-system ovn-central-xxxx\n
"},{"location":"ops/recover-db/#_5","title":"\u96c6\u7fa4\u200b\u4e0d\u80fd\u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\u4e0b\u200b\u7684\u200b\u6062\u590d","text":"\u200b\u82e5\u200b\u96c6\u7fa4\u200b\u591a\u6570\u200b\u8282\u70b9\u200b\u53d7\u635f\u200b\u65e0\u6cd5\u200b\u9009\u4e3e\u200b\u51fa\u200b leader\uff0c\u200b\u8bf7\u200b\u53c2\u7167\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u3002
"},{"location":"ops/recover-db/#ovn-central","title":"\u505c\u6b62\u200b ovn-central","text":"\u200b\u8bb0\u5f55\u200b\u5f53\u524d\u200b ovn-central \u200b\u526f\u672c\u200b\u6570\u91cf\u200b\uff0c\u200b\u5e76\u200b\u505c\u6b62\u200b ovn-central \u200b\u907f\u514d\u200b\u65b0\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u53d8\u66f4\u200b\u5f71\u54cd\u200b\u6062\u590d\u200b\uff1a
kubectl scale deployment -n kube-system ovn-central --replicas=0\n
"},{"location":"ops/recover-db/#_6","title":"\u9009\u62e9\u200b\u5907\u4efd","text":"\u200b\u7531\u4e8e\u200b\u591a\u6570\u200b\u8282\u70b9\u200b\u53d7\u635f\u200b\uff0c\u200b\u9700\u8981\u200b\u4ece\u200b\u67d0\u4e2a\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u91cd\u5efa\u200b\u96c6\u7fa4\u200b\u3002\u200b\u5982\u679c\u200b\u4e4b\u524d\u200b\u5907\u4efd\u200b\u8fc7\u200b\u6570\u636e\u5e93\u200b \u200b\u53ef\u200b\u4f7f\u7528\u200b\u4e4b\u524d\u200b\u7684\u200b\u5907\u4efd\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u3002\u200b\u5982\u679c\u200b\u6ca1\u6709\u200b\u8fdb\u884c\u200b\u8fc7\u200b\u5907\u4efd\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u4ece\u200b\u5df2\u6709\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b \u200b\u4e2d\u200b\u751f\u6210\u200b\u4e00\u4e2a\u200b\u5907\u4efd\u200b\u3002
\u200b\u7531\u4e8e\u200b\u9ed8\u8ba4\u200b\u6587\u4ef6\u5939\u200b\u4e0b\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u683c\u5f0f\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff0c\u200b\u5305\u542b\u200b\u5f53\u524d\u200b\u96c6\u7fa4\u200b\u7684\u200b\u4fe1\u606f\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u76f4\u63a5\u200b \u200b\u7528\u8be5\u200b\u6587\u4ef6\u200b\u91cd\u5efa\u200b\u6570\u636e\u5e93\u200b\uff0c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b ovsdb-tool cluster-to-standalone \u200b\u8fdb\u884c\u200b\u683c\u5f0f\u200b\u8f6c\u6362\u200b\u3002
\u200b\u9009\u62e9\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u4e2d\u6392\u200b\u7b2c\u4e00\u200b\u7684\u200b\u8282\u70b9\u200b\u6062\u590d\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff0c \u200b\u5982\u679c\u200b\u7b2c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u5df2\u635f\u574f\u200b\uff0c\u200b\u4ece\u200b\u5176\u4ed6\u200b\u673a\u5668\u200b /etc/origin/ovn \u200b\u4e0b\u200b\u590d\u5236\u200b\u6587\u4ef6\u200b\u5230\u200b\u7b2c\u4e00\u53f0\u200b\u673a\u5668\u200b \uff0c \u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\u751f\u6210\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u5907\u4efd\u200b\u3002
docker run -it -v /etc/origin/ovn:/etc/ovn kubeovn/kube-ovn:v1.12.13 bash\ncd /etc/ovn/\novsdb-tool cluster-to-standalone ovnnb_db_standalone.db ovnnb_db.db\novsdb-tool cluster-to-standalone ovnsb_db_standalone.db ovnsb_db.db\n
"},{"location":"ops/recover-db/#ovn-central_1","title":"\u5220\u9664\u200b\u6bcf\u4e2a\u200b ovn-central \u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6","text":"\u200b\u4e3a\u4e86\u200b\u907f\u514d\u200b\u91cd\u5efa\u200b\u96c6\u7fa4\u200b\u65f6\u200b\u4f7f\u7528\u200b\u5230\u200b\u9519\u8bef\u200b\u7684\u200b\u6570\u636e\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u200b\u5df2\u6709\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u6e05\u7406\u200b\uff1a
mv /etc/origin/ovn/ovnnb_db.db /tmp\nmv /etc/origin/ovn/ovnsb_db.db /tmp\n
"},{"location":"ops/recover-db/#_7","title":"\u6062\u590d\u200b\u6570\u636e\u5e93\u200b\u96c6\u7fa4","text":"\u200b\u5c06\u200b\u5907\u4efd\u200b\u6570\u636e\u5e93\u200b\u5206\u522b\u200b\u91cd\u547d\u540d\u200b\u4e3a\u200b ovnnb_db.db \u200b\u548c\u200b ovnsb_db.db\uff0c\u200b\u5e76\u200b\u590d\u5236\u5230\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u4e2d\u6392\u200b\u7b2c\u4e00\u200b\u673a\u5668\u200b\u7684\u200b /etc/origin/ovn/ \u200b\u76ee\u5f55\u200b\u4e0b\u200b\uff1a
mv /etc/origin/ovn/ovnnb_db_standalone.db /etc/origin/ovn/ovnnb_db.db\nmv /etc/origin/ovn/ovnsb_db_standalone.db /etc/origin/ovn/ovnsb_db.db\n
\u200b\u6062\u590d\u200b ovn-central \u200b\u7684\u200b\u526f\u672c\u200b\u6570\u200b\uff1a
kubectl scale deployment -n kube-system ovn-central --replicas=3\nkubectl rollout status deployment/ovn-central -n kube-system\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/architecture/","title":"\u603b\u4f53\u200b\u67b6\u6784","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u200b\u4ecb\u7ecd\u200b Kube-OVN \u200b\u7684\u200b\u603b\u4f53\u200b\u67b6\u6784\u200b\uff0c\u200b\u548c\u200b\u5404\u4e2a\u200b\u7ec4\u4ef6\u200b\u7684\u200b\u529f\u80fd\u200b\u4ee5\u53ca\u200b\u5176\u200b\u4e4b\u95f4\u200b\u7684\u200b\u4ea4\u4e92\u200b\u3002
\u200b\u603b\u4f53\u200b\u6765\u770b\u200b\uff0cKube-OVN \u200b\u4f5c\u4e3a\u200b Kubernetes \u200b\u548c\u200b OVN \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4e00\u4e2a\u200b\u6865\u6881\u200b\uff0c\u200b\u5c06\u200b\u6210\u719f\u200b\u7684\u200b SDN \u200b\u548c\u200b\u4e91\u200b\u539f\u751f\u200b\u76f8\u7ed3\u5408\u200b\u3002 \u200b\u8fd9\u200b\u610f\u5473\u7740\u200b Kube-OVN \u200b\u4e0d\u4ec5\u200b\u901a\u8fc7\u200b OVN \u200b\u5b9e\u73b0\u200b\u4e86\u200b Kubernetes \u200b\u4e0b\u200b\u7684\u200b\u7f51\u7edc\u200b\u89c4\u8303\u200b\uff0c\u200b\u4f8b\u5982\u200b CNI\uff0cService \u200b\u548c\u200b Networkpolicy\uff0c\u200b\u8fd8\u200b\u5c06\u200b\u5927\u91cf\u200b\u7684\u200b SDN \u200b\u9886\u57df\u200b\u80fd\u529b\u200b\u5e26\u5165\u200b\u4e91\u200b\u539f\u751f\u200b\uff0c\u200b\u4f8b\u5982\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\uff0c\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff0cVPC\uff0c\u200b\u7f51\u5173\u200b\uff0cQoS\uff0cACL \u200b\u548c\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002
\u200b\u540c\u65f6\u200b Kube-OVN \u200b\u8fd8\u200b\u4fdd\u6301\u200b\u4e86\u200b\u826f\u597d\u200b\u7684\u200b\u5f00\u653e\u6027\u200b\u53ef\u4ee5\u200b\u548c\u200b\u8bf8\u591a\u200b\u6280\u672f\u200b\u65b9\u6848\u200b\u96c6\u6210\u200b\uff0c\u200b\u4f8b\u5982\u200b Cilium\uff0cSubmariner\uff0cPrometheus\uff0cKubeVirt \u200b\u7b49\u7b49\u200b\u3002
"},{"location":"reference/architecture/#_2","title":"\u7ec4\u4ef6\u200b\u4ecb\u7ecd","text":"Kube-OVN \u200b\u7684\u200b\u7ec4\u4ef6\u200b\u53ef\u4ee5\u200b\u5927\u81f4\u200b\u5206\u4e3a\u200b\u4e09\u7c7b\u200b\uff1a
- \u200b\u4e0a\u6e38\u200b OVN/OVS \u200b\u7ec4\u4ef6\u200b\u3002
- \u200b\u6838\u5fc3\u200b\u63a7\u5236\u5668\u200b\u548c\u200b Agent\u3002
- \u200b\u76d1\u63a7\u200b\uff0c\u200b\u8fd0\u7ef4\u200b\u5de5\u5177\u200b\u548c\u200b\u6269\u5c55\u200b\u7ec4\u4ef6\u200b\u3002
"},{"location":"reference/architecture/#ovnovs","title":"\u4e0a\u6e38\u200b OVN/OVS \u200b\u7ec4\u4ef6","text":"\u200b\u8be5\u200b\u7c7b\u578b\u200b\u7ec4\u4ef6\u200b\u6765\u81ea\u200b OVN/OVS \u200b\u793e\u533a\u200b\uff0c\u200b\u5e76\u200b\u9488\u5bf9\u200b Kube-OVN \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\u505a\u200b\u4e86\u200b\u7279\u5b9a\u200b\u4fee\u6539\u200b\u3002 OVN/OVS \u200b\u672c\u8eab\u200b\u662f\u200b\u4e00\u5957\u200b\u6210\u719f\u200b\u7684\u200b\u7ba1\u7406\u200b\u865a\u673a\u200b\u548c\u200b\u5bb9\u5668\u200b\u7684\u200b SDN \u200b\u7cfb\u7edf\u200b\uff0c\u200b\u6211\u4eec\u200b\u5f3a\u70c8\u5efa\u8bae\u200b \u200b\u5bf9\u200b Kube-OVN \u200b\u5b9e\u73b0\u200b\u611f\u5174\u8da3\u200b\u7684\u200b\u7528\u6237\u200b\u5148\u53bb\u200b\u8bfb\u200b\u4e00\u4e0b\u200b ovn-architecture(7) \u200b\u6765\u200b\u4e86\u89e3\u200b\u4ec0\u4e48\u200b\u662f\u200b OVN \u200b\u4ee5\u53ca\u200b \u200b\u5982\u4f55\u200b\u548c\u200b\u5b83\u200b\u8fdb\u884c\u200b\u96c6\u6210\u200b\u3002Kube-OVN \u200b\u4f7f\u7528\u200b OVN \u200b\u7684\u200b\u5317\u5411\u200b\u63a5\u53e3\u200b\u521b\u5efa\u200b\u548c\u200b\u8c03\u6574\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u5176\u4e2d\u200b\u7684\u200b\u7f51\u7edc\u200b\u6982\u5ff5\u200b\u6620\u5c04\u200b\u5230\u200b Kubernetes \u200b\u4e4b\u5185\u200b\u3002
\u200b\u6240\u6709\u200b OVN/OVS \u200b\u76f8\u5173\u200b\u7ec4\u4ef6\u200b\u90fd\u200b\u5df2\u200b\u6253\u5305\u200b\u6210\u200b\u5bf9\u5e94\u200b\u955c\u50cf\u200b\uff0c\u200b\u5e76\u200b\u53ef\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u8fd0\u884c\u200b\u3002
"},{"location":"reference/architecture/#ovn-central","title":"ovn-central","text":"ovn-central Deployment \u200b\u8fd0\u884c\u200b OVN \u200b\u7684\u200b\u7ba1\u7406\u200b\u5e73\u9762\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u5305\u62ec\u200b ovn-nb, ovn-sb, \u200b\u548c\u200b ovn-northd\u3002
ovn-nb\uff1a \u200b\u4fdd\u5b58\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c\u200b\u5e76\u200b\u63d0\u4f9b\u200b API \u200b\u8fdb\u884c\u200b\u865a\u62df\u200b\u7f51\u7edc\u7ba1\u7406\u200b\u3002kube-ovn-controller \u200b\u5c06\u4f1a\u200b\u4e3b\u8981\u200b\u548c\u200b ovn-nb \u200b\u8fdb\u884c\u200b\u4ea4\u4e92\u200b\u914d\u7f6e\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u3002ovn-sb\uff1a \u200b\u4fdd\u5b58\u200b\u4ece\u200b ovn-nb \u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u7edc\u200b\u751f\u6210\u200b\u7684\u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5404\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b\u5b9e\u9645\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u72b6\u6001\u200b\u3002ovn-northd\uff1a\u200b\u5c06\u200b ovn-nb \u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u7ffb\u8bd1\u6210\u200b ovn-sb \u200b\u4e2d\u200b\u7684\u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\u3002
\u200b\u591a\u4e2a\u200b ovn-central \u200b\u5b9e\u4f8b\u200b\u4f1a\u200b\u901a\u8fc7\u200b Raft \u200b\u534f\u8bae\u200b\u540c\u6b65\u200b\u6570\u636e\u200b\u4fdd\u8bc1\u200b\u9ad8\u200b\u53ef\u7528\u200b\u3002
"},{"location":"reference/architecture/#ovs-ovn","title":"ovs-ovn","text":"ovs-ovn \u200b\u4ee5\u200b DaemonSet \u200b\u5f62\u5f0f\u200b\u8fd0\u884c\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\uff0c\u200b\u5728\u200b Pod \u200b\u5185\u200b\u8fd0\u884c\u200b\u4e86\u200b openvswitch, ovsdb, \u200b\u548c\u200b ovn-controller\u3002\u200b\u8fd9\u4e9b\u200b\u7ec4\u4ef6\u200b\u4f5c\u4e3a\u200b ovn-central \u200b\u7684\u200b Agent \u200b\u5c06\u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\u7ffb\u8bd1\u6210\u200b\u771f\u5b9e\u200b\u7684\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"reference/architecture/#agent","title":"\u6838\u5fc3\u200b\u63a7\u5236\u5668\u200b\u548c\u200b Agent","text":"\u200b\u8be5\u200b\u90e8\u5206\u200b\u4e3a\u200b Kube-OVN \u200b\u7684\u200b\u6838\u5fc3\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u4f5c\u4e3a\u200b OVN \u200b\u548c\u200b Kubernetes \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4e00\u4e2a\u200b\u6865\u6881\u200b\uff0c\u200b\u5c06\u200b\u4e24\u4e2a\u200b\u7cfb\u7edf\u200b\u6253\u901a\u200b\u5e76\u200b\u5c06\u200b\u7f51\u7edc\u200b\u6982\u5ff5\u200b\u8fdb\u884c\u200b\u76f8\u4e92\u200b\u8f6c\u6362\u200b\u3002 \u200b\u5927\u90e8\u5206\u200b\u7684\u200b\u6838\u5fc3\u200b\u529f\u80fd\u200b\u90fd\u200b\u5728\u200b\u8be5\u200b\u90e8\u5206\u200b\u7ec4\u4ef6\u200b\u4e2d\u200b\u5b9e\u73b0\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-controller","title":"kube-ovn-controller","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b Deployment \u200b\u6267\u884c\u200b\u6240\u6709\u200b Kubernetes \u200b\u5185\u200b\u8d44\u6e90\u200b\u5230\u200b OVN \u200b\u8d44\u6e90\u200b\u7684\u200b\u7ffb\u8bd1\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u5176\u200b\u4f5c\u7528\u200b\u76f8\u5f53\u4e8e\u200b\u6574\u4e2a\u200b Kube-OVN \u200b\u7cfb\u7edf\u200b\u7684\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u3002 kube-ovn-controller \u200b\u76d1\u542c\u200b\u4e86\u200b\u6240\u6709\u200b\u548c\u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\u76f8\u5173\u200b\u8d44\u6e90\u200b\u7684\u200b\u4e8b\u4ef6\u200b\uff0c\u200b\u5e76\u200b\u6839\u636e\u200b\u8d44\u6e90\u200b\u53d8\u5316\u200b\u60c5\u51b5\u200b\u66f4\u65b0\u200b OVN \u200b\u5185\u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u7edc\u200b\u3002\u200b\u4e3b\u8981\u200b\u76d1\u542c\u200b\u7684\u200b\u8d44\u6e90\u200b\u5305\u62ec\u200b\uff1a Pod\uff0cService\uff0cEndpoint\uff0cNode\uff0cNetworkPolicy\uff0cVPC\uff0cSubnet\uff0cVlan\uff0cProviderNetwork\u3002
\u200b\u4ee5\u200b Pod \u200b\u4e8b\u4ef6\u200b\u4e3a\u4f8b\u200b\uff0c kube-ovn-controller \u200b\u76d1\u542c\u200b\u5230\u200b Pod \u200b\u521b\u5efa\u200b\u4e8b\u4ef6\u200b\u540e\u200b\uff0c\u200b\u901a\u8fc7\u200b\u5185\u7f6e\u200b\u7684\u200b\u5185\u5b58\u200b IPAM \u200b\u529f\u80fd\u200b\u5206\u914d\u200b\u5730\u5740\u200b\uff0c\u200b\u5e76\u200b\u8c03\u7528\u200b ovn-central \u200b\u521b\u5efa\u200b \u200b\u903b\u8f91\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u548c\u200b\u53ef\u80fd\u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u3002\u200b\u63a5\u4e0b\u6765\u200b kube-ovn-controller \u200b\u5c06\u200b\u5206\u914d\u200b\u5230\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u548c\u200b\u5b50\u7f51\u200b\u4fe1\u606f\u200b\u4f8b\u5982\u200b CIDR\uff0c\u200b\u7f51\u5173\u200b\uff0c\u200b\u8def\u7531\u200b\u7b49\u200b\u4fe1\u606f\u200b\u5199\u4f1a\u200b\u5230\u200b Pod \u200b\u7684\u200b annotation \u200b\u4e2d\u200b\u3002\u200b\u8be5\u200b annotation \u200b\u540e\u7eed\u200b\u4f1a\u200b\u88ab\u200b kube-ovn-cni \u200b\u8bfb\u53d6\u200b\u7528\u6765\u200b\u914d\u7f6e\u200b\u672c\u5730\u7f51\u7edc\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-cni","title":"kube-ovn-cni","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b DaemonSet \u200b\u8fd0\u884c\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\uff0c\u200b\u5b9e\u73b0\u200b CNI \u200b\u63a5\u53e3\u200b\uff0c\u200b\u5e76\u200b\u64cd\u4f5c\u200b\u672c\u5730\u200b\u7684\u200b OVS \u200b\u914d\u7f6e\u200b\u5355\u673a\u200b\u7f51\u7edc\u200b\u3002
\u200b\u8be5\u200b DaemonSet \u200b\u4f1a\u200b\u590d\u5236\u200b kube-ovn \u200b\u4e8c\u8fdb\u5236\u200b\u6587\u4ef6\u200b\u5230\u200b\u6bcf\u53f0\u200b\u673a\u5668\u200b\uff0c\u200b\u4f5c\u4e3a\u200b kubelet \u200b\u548c\u200b kube-ovn-cni \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4ea4\u4e92\u200b\u5de5\u5177\u200b\uff0c\u200b\u5c06\u200b\u76f8\u5e94\u200b CNI \u200b\u8bf7\u6c42\u200b \u200b\u53d1\u9001\u7ed9\u200b kube-ovn-cni \u200b\u6267\u884c\u200b\u3002\u200b\u8be5\u200b\u4e8c\u8fdb\u5236\u200b\u6587\u4ef6\u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u88ab\u200b\u590d\u5236\u5230\u200b /opt/cni/bin \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u3002
kube-ovn-cni \u200b\u4f1a\u200b\u914d\u7f6e\u200b\u5177\u4f53\u200b\u7684\u200b\u7f51\u7edc\u200b\u6765\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u6d41\u91cf\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u4e3b\u8981\u200b\u5de5\u4f5c\u200b\u5305\u62ec\u200b\uff1a
- \u200b\u914d\u7f6e\u200b
ovn-controller \u200b\u548c\u200b vswitchd\u3002 - \u200b\u5904\u7406\u200b CNI add/del \u200b\u8bf7\u6c42\u200b\uff1a
- \u200b\u521b\u5efa\u200b\u5220\u9664\u200b veth \u200b\u5e76\u200b\u548c\u200b OVS \u200b\u7aef\u53e3\u200b\u7ed1\u5b9a\u200b\u3002
- \u200b\u914d\u7f6e\u200b OVS \u200b\u7aef\u53e3\u200b\u4fe1\u606f\u200b\u3002
- \u200b\u66f4\u65b0\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b iptables/ipset/route \u200b\u7b49\u200b\u89c4\u5219\u200b\u3002
- \u200b\u52a8\u6001\u200b\u66f4\u65b0\u200b\u5bb9\u5668\u200b QoS.
- \u200b\u521b\u5efa\u200b\u5e76\u200b\u914d\u7f6e\u200b
ovn0 \u200b\u7f51\u5361\u200b\u8054\u901a\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u3002 - \u200b\u914d\u7f6e\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b\u6765\u200b\u5b9e\u73b0\u200b Vlan/Underlay/EIP \u200b\u7b49\u200b\u529f\u80fd\u200b\u3002
- \u200b\u52a8\u6001\u200b\u914d\u7f6e\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u7f51\u200b\u5173\u200b\u3002
"},{"location":"reference/architecture/#_3","title":"\u76d1\u63a7\u200b\uff0c\u200b\u8fd0\u7ef4\u200b\u5de5\u5177\u200b\u548c\u200b\u6269\u5c55\u200b\u7ec4\u4ef6","text":"\u200b\u8be5\u200b\u90e8\u5206\u200b\u7ec4\u4ef6\u200b\u4e3b\u8981\u200b\u63d0\u4f9b\u200b\u76d1\u63a7\u200b\uff0c\u200b\u8bca\u65ad\u200b\uff0c\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u4ee5\u53ca\u200b\u548c\u200b\u5916\u90e8\u200b\u8fdb\u884c\u200b\u5bf9\u63a5\u200b\uff0c\u200b\u5bf9\u200b Kube-OVN \u200b\u7684\u200b\u6838\u5fc3\u200b\u7f51\u7edc\u200b\u80fd\u529b\u200b\u8fdb\u884c\u200b\u6269\u5c55\u200b\uff0c\u200b\u5e76\u200b\u7b80\u5316\u200b\u65e5\u5e38\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-speaker","title":"kube-ovn-speaker","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b DaemonSet \u200b\u8fd0\u884c\u200b\u5728\u200b\u7279\u5b9a\u200b\u6807\u7b7e\u200b\u7684\u200b\u8282\u70b9\u200b\u4e0a\u200b\uff0c\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u8def\u7531\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u5916\u90e8\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b Pod IP \u200b\u8bbf\u95ee\u200b\u5bb9\u5668\u200b\u3002
\u200b\u66f4\u200b\u591a\u200b\u76f8\u5173\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u8bf7\u200b\u53c2\u8003\u200b BGP \u200b\u652f\u6301\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-pinger","title":"kube-ovn-pinger","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b DaemonSet \u200b\u8fd0\u884c\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u6536\u96c6\u200b OVS \u200b\u8fd0\u884c\u200b\u4fe1\u606f\u200b\uff0c\u200b\u8282\u70b9\u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\uff0c\u200b\u7f51\u7edc\u200b\u5ef6\u8fdf\u200b\u7b49\u200b\u4fe1\u606f\u200b\uff0c\u200b\u6536\u96c6\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u53ef\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-monitor","title":"kube-ovn-monitor","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b Deployment \u200b\u6536\u96c6\u200b OVN \u200b\u7684\u200b\u8fd0\u884c\u200b\u4fe1\u606f\u200b\uff0c\u200b\u6536\u96c6\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u53ef\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
"},{"location":"reference/architecture/#kubectl-ko","title":"kubectl-ko","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b kubectl \u200b\u63d2\u4ef6\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5feb\u901f\u200b\u8fd0\u884c\u200b\u5e38\u89c1\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b kubectl \u200b\u63d2\u4ef6\u200b\u4f7f\u7528\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/dev-env/","title":"\u5f00\u53d1\u200b\u73af\u5883\u200b\u6784\u5efa","text":""},{"location":"reference/dev-env/#_2","title":"\u73af\u5883\u200b\u51c6\u5907","text":"Kube-OVN \u200b\u4f7f\u7528\u200b Go 1.20 \u200b\u5f00\u53d1\u200b\u5e76\u200b\u4f7f\u7528\u200b Go Modules \u200b\u7ba1\u7406\u200b\u4f9d\u8d56\u200b\uff0c \u200b\u8bf7\u200b\u786e\u8ba4\u200b\u73af\u5883\u53d8\u91cf\u200b GO111MODULE=\"on\"\u3002
gosec \u200b\u88ab\u200b\u7528\u6765\u200b\u626b\u63cf\u200b\u4ee3\u7801\u200b\u5b89\u5168\u200b\u76f8\u5173\u200b\u95ee\u9898\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u5f00\u53d1\u200b\u73af\u5883\u200b\u5b89\u88c5\u200b\uff1a
go install github.com/securego/gosec/v2/cmd/gosec@latest\n
\u200b\u4e3a\u4e86\u200b\u964d\u4f4e\u200b\u6700\u7ec8\u200b\u751f\u6210\u200b\u955c\u50cf\u200b\u5927\u5c0f\u200b\uff0cKube-OVN \u200b\u4f7f\u7528\u200b\u4e86\u200b\u90e8\u5206\u200b Docker buildx \u200b\u8bd5\u9a8c\u200b\u7279\u6027\u200b\uff0c\u200b\u8bf7\u200b\u66f4\u65b0\u200b Docker \u200b\u81f3\u200b\u6700\u65b0\u200b\u7248\u672c\u200b \u200b\u5e76\u200b\u5f00\u542f\u200b buildx:
docker buildx create --use\n
"},{"location":"reference/dev-env/#_3","title":"\u6784\u5efa\u200b\u955c\u50cf","text":"\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u200b\u4ee3\u7801\u200b\uff0c\u200b\u5e76\u200b\u751f\u6210\u200b\u8fd0\u884c\u200b Kube-OVN \u200b\u6240\u200b\u9700\u200b\u955c\u50cf\u200b\uff1a
git clone https://github.com/kubeovn/kube-ovn.git\ncd kube-ovn\nmake release\n
\u200b\u5982\u9700\u200b\u6784\u5efa\u200b\u5728\u200b ARM \u200b\u73af\u5883\u200b\u4e0b\u200b\u8fd0\u884c\u200b\u7684\u200b\u955c\u50cf\u200b\uff0c\u200b\u8bf7\u200b\u6267\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
make release-arm\n
"},{"location":"reference/dev-env/#base","title":"\u6784\u5efa\u200b base \u200b\u955c\u50cf","text":"\u200b\u5982\u200b\u9700\u8981\u200b\u66f4\u6539\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u7248\u672c\u200b\uff0c\u200b\u4f9d\u8d56\u200b\u5e93\u200b\uff0cOVS/OVN \u200b\u4ee3\u7801\u200b\u7b49\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u200b base \u200b\u955c\u50cf\u200b\u8fdb\u884c\u200b\u91cd\u65b0\u200b\u6784\u5efa\u200b\u3002
base \u200b\u955c\u50cf\u200b\u4f7f\u7528\u200b\u7684\u200b Dockerfile \u200b\u4e3a\u200b dist/images/Dockerfile.base\u3002
\u200b\u6784\u5efa\u200b\u65b9\u6cd5\u200b\uff1a
# build x86 base image\nmake base-amd64\n\n# build arm base image\nmake base-arm64\n
"},{"location":"reference/dev-env/#e2e","title":"\u8fd0\u884c\u200b E2E","text":"Kube-OVN \u200b\u4f7f\u7528\u200b KIND \u200b\u6784\u5efa\u200b\u672c\u5730\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\uff0cj2cli \u200b\u6e32\u67d3\u200b\u6a21\u677f\u200b\uff0c Ginkgo \u200b\u6765\u200b\u8fd0\u884c\u200b\u6d4b\u8bd5\u4ee3\u7801\u200b\u3002\u200b\u8bf7\u200b\u53c2\u8003\u200b\u76f8\u5173\u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u4f9d\u8d56\u200b\u5b89\u88c5\u200b\u3002
\u200b\u672c\u5730\u200b\u6267\u884c\u200b E2E \u200b\u6d4b\u8bd5\u200b\uff1a
make kind-init\nmake kind-install\nmake e2e\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b Underlay E2E \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install-underlay\nmake e2e-underlay-single-nic\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b ovn vpc nat gw eip, fip, snat, dnat \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install\nmake ovn-vpc-nat-gw-conformance-e2e\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b iptables vpc nat gw eip, fip, snat, dnat \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install\nmake kind-install-vpc-nat-gw\nmake iptables-vpc-nat-gw-conformance-e2e\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b loadbalancer service \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install\nmake kind-install-lb-svc\nmake kube-ovn-lb-svc-conformance-e2e\n
\u200b\u5982\u9700\u200b\u6e05\u7406\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-clean\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/document-convention/","title":"\u6587\u6863\u200b\u89c4\u8303","text":"\u200b\u4e3a\u4e86\u200b\u4fdd\u8bc1\u200b\u6587\u6863\u200b\u98ce\u683c\u200b\u4e00\u81f4\u200b\uff0c\u200b\u8bf7\u200b\u5728\u200b\u63d0\u4ea4\u200b\u6587\u6863\u200b\u65f6\u200b\u9075\u5faa\u200b\u4e0b\u5217\u200b\u7684\u200b\u98ce\u683c\u200b\u89c4\u8303\u200b\u3002
"},{"location":"reference/document-convention/#_2","title":"\u6807\u70b9","text":"\u200b\u4e2d\u6587\u200b\u6587\u6863\u200b\u4e2d\u200b\u6587\u672c\u200b\u5185\u5bb9\u200b\u6240\u6709\u200b\u6807\u70b9\u200b\u5e94\u200b\u4f7f\u7528\u200b\u4e2d\u6587\u200b\u683c\u5f0f\u200b\u6807\u70b9\u200b\uff0c\u200b\u82f1\u6587\u200b\u6587\u6863\u200b\u4e2d\u200b\u6240\u6709\u200b\u6587\u672c\u200b\u5185\u5bb9\u200b\u4e2d\u5e94\u200b\u4f7f\u7528\u200b\u82f1\u6587\u200b\u6807\u70b9\u200b\u3002
BadGood \u200b\u8fd9\u91cc\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b,\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u5feb\u901f\u200b\u5b89\u88c5\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b,\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b. \u200b\u8fd9\u91cc\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u5feb\u901f\u200b\u5b89\u88c5\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b\uff0c\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u3002 \u200b\u82f1\u6587\u200b\u6570\u5b57\u200b\u548c\u200b\u4e2d\u6587\u200b\u5e94\u8be5\u200b\u7528\u200b\u7a7a\u683c\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002
BadGood Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u6765\u200b\u5b89\u88c5\u200b 1.10 \u200b\u7248\u672c\u200b Kube-OVN\u3002 Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u6765\u200b\u5b89\u88c5\u200b 1.10 \u200b\u7248\u672c\u200b Kube-OVN\u3002 \u200b\u793a\u4f8b\u200b\u5185\u5bb9\u200b\u5e94\u8be5\u200b\u4ee5\u200b \uff1a \u200b\u5f00\u542f\u200b\uff0c\u200b\u5176\u4ed6\u200b\u53e5\u200b\u5c3e\u200b\u9700\u8981\u200b\u7528\u200b \u3002 \u200b\u7ed3\u675f\u200b\u3002
BadGood \u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b \u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\u3002 wget 127.0.0.1\n
\u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b\u3002 \u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a wget 127.0.0.1\n
"},{"location":"reference/document-convention/#_3","title":"\u4ee3\u7801\u200b\u5757","text":"yaml \u200b\u4ee3\u7801\u200b\u5757\u200b\u9700\u8981\u200b\u6807\u8bc6\u200b\u4e3a\u200b yaml\u3002
BadGood ````\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\n````\n
````yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\n````\n
\u200b\u547d\u4ee4\u884c\u200b\u64cd\u4f5c\u200b\u793a\u4f8b\u200b\u4ee3\u7801\u200b\u5757\u200b\u9700\u8981\u200b\u6807\u8bc6\u200b\u4e3a\u200b bash\u3002
BadGood ````\nwget 127.0.0.1\n````\n
````bash\nwget 127.0.0.1\n````\n
\u200b\u5982\u679c\u200b\u547d\u4ee4\u884c\u200b\u64cd\u4f5c\u200b\u793a\u4f8b\u200b\u4e2d\u200b\u5305\u542b\u200b\u8f93\u51fa\u200b\u5185\u5bb9\u200b\uff0c\u200b\u5219\u200b\u6240\u200b\u6267\u884c\u547d\u4ee4\u200b\u9700\u8981\u200b\u4ee5\u200b # \u200b\u5f00\u59cb\u200b\uff0c\u200b\u4ee5\u200b\u533a\u5206\u200b\u8f93\u5165\u200b\u4e0e\u200b\u8f93\u51fa\u200b\u3002
BadGood oilbeater@macdeMac-3 ~ ping 114.114.114.114 -c 3\nPING 114.114.114.114 (114.114.114.114): 56 data bytes\n64 bytes from 114.114.114.114: icmp_seq=0 ttl=83 time=10.429 ms\n64 bytes from 114.114.114.114: icmp_seq=1 ttl=79 time=11.360 ms\n64 bytes from 114.114.114.114: icmp_seq=2 ttl=76 time=10.794 ms\n\n--- 114.114.114.114 ping statistics ---\n3 packets transmitted, 3 packets received, 0.0% packet loss\nround-trip min/avg/max/stddev = 10.429/10.861/11.360/0.383 ms\n
# ping 114.114.114.114 -c 3\nPING 114.114.114.114 (114.114.114.114): 56 data bytes\n64 bytes from 114.114.114.114: icmp_seq=0 ttl=83 time=10.429 ms\n64 bytes from 114.114.114.114: icmp_seq=1 ttl=79 time=11.360 ms\n64 bytes from 114.114.114.114: icmp_seq=2 ttl=76 time=10.794 ms\n\n--- 114.114.114.114 ping statistics ---\n3 packets transmitted, 3 packets received, 0.0% packet loss\nround-trip min/avg/max/stddev = 10.429/10.861/11.360/0.383 ms\n
\u200b\u5982\u679c\u200b\u547d\u4ee4\u884c\u200b\u64cd\u4f5c\u200b\u793a\u4f8b\u200b\u4e2d\u200b\u53ea\u200b\u5305\u542b\u200b\u6267\u884c\u547d\u4ee4\u200b\uff0c\u200b\u6ca1\u6709\u200b\u8f93\u51fa\u200b\u7ed3\u679c\u200b\uff0c\u200b\u5219\u200b\u591a\u6761\u200b\u547d\u4ee4\u200b\u65e0\u9700\u200b # \u200b\u5f00\u59cb\u200b\u3002
BadGood # mv /etc/origin/ovn/ovnnb_db.db /tmp\n# mv /etc/origin/ovn/ovnsb_db.db /tmp\n
mv /etc/origin/ovn/ovnnb_db.db /tmp\nmv /etc/origin/ovn/ovnsb_db.db /tmp\n
"},{"location":"reference/document-convention/#_4","title":"\u94fe\u63a5","text":"\u200b\u7ad9\u200b\u5185\u200b\u94fe\u63a5\u200b\u4f7f\u7528\u200b\u5bf9\u5e94\u200b md \u200b\u6587\u4ef6\u200b\u8def\u5f84\u200b\u3002
BadGood \u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u53c2\u8003\u200b[\u200b\u51c6\u5907\u200b\u5de5\u4f5c\u200b](http://kubeovn.github.io/prepare)\u3002\n
\u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u53c2\u8003\u200b[\u200b\u51c6\u5907\u200b\u5de5\u4f5c\u200b](./prepare.md)\u3002\n
BadGood \u200b\u5982\u200b\u6709\u200b\u95ee\u9898\u200b\u8bf7\u200b\u53c2\u8003\u200b [Kubernetes \u200b\u6587\u6863\u200b](http://kubernetes.io)\u3002\n
\u200b\u5982\u200b\u6709\u200b\u95ee\u9898\u200b\u8bf7\u200b\u53c2\u8003\u200b [Kubernetes \u200b\u6587\u6863\u200b](http://kubernetes.io){: target=\"_blank\" }\u3002\n
"},{"location":"reference/document-convention/#_5","title":"\u7a7a\u884c","text":"\u200b\u4e0d\u540c\u200b\u903b\u8f91\u200b\u5757\u200b\uff0c\u200b\u4f8b\u5982\u200b\u6807\u9898\u200b\u548c\u200b\u6587\u672c\u200b\uff0c\u200b\u6587\u672c\u200b\u548c\u200b\u4ee3\u7801\u200b\uff0c\u200b\u6587\u672c\u200b\u548c\u200b\u7f16\u53f7\u200b\u4e4b\u95f4\u200b\u9700\u8981\u200b\u7528\u200b\u7a7a\u884c\u200b\u5206\u9694\u200b\u3002
BadGood \u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n```bash\nwget 127.0.0.1\n```\n
\u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n\n```bash\nwget 127.0.0.1\n```\n
\u200b\u4e0d\u540c\u200b\u903b\u8f91\u200b\u5757\u200b\u4e4b\u95f4\u200b\u53ea\u200b\u4f7f\u7528\u200b\u4e00\u4e2a\u200b\u7a7a\u884c\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002
BadGood \u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n\n\n\n```bash\nwget 127.0.0.1\n```\n
\u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n\n```bash\nwget 127.0.0.1\n```\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/feature-stage/","title":"\u529f\u80fd\u200b\u6210\u719f\u5ea6","text":"\u200b\u5728\u200b Kube-OVN \u200b\u4e2d\u200b\u6839\u636e\u200b\u529f\u80fd\u200b\u4f7f\u7528\u200b\u5ea6\u200b\uff0c\u200b\u6587\u6863\u200b\u5b8c\u5584\u200b\u7a0b\u5ea6\u200b\u548c\u200b\u6d4b\u8bd5\u200b\u8986\u76d6\u200b\u7a0b\u5ea6\u200b\u5c06\u200b\u529f\u80fd\u200b\u6210\u719f\u5ea6\u200b\u5206\u4e3a\u200b Alpha\uff0cBeta \u200b\u548c\u200b GA \u200b\u4e09\u4e2a\u200b\u9636\u6bb5\u200b\u3002
"},{"location":"reference/feature-stage/#_2","title":"\u6210\u719f\u5ea6\u200b\u5b9a\u4e49","text":"\u200b\u5bf9\u4e8e\u200b Alpha \u200b\u529f\u80fd\u200b\uff1a
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u6ca1\u6709\u200b\u5b8c\u6574\u200b\u7684\u200b\u6587\u6863\u200b\u548c\u200b\u5b8c\u5584\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u8986\u76d6\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u672a\u6765\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u53d1\u751f\u53d8\u5316\u200b\u751a\u81f3\u200b\u6574\u4f53\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b API \u200b\u4e0d\u200b\u4fdd\u8bc1\u200b\u7a33\u5b9a\u200b\uff0c\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u88ab\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u793e\u533a\u200b\u652f\u6301\u200b\u4f18\u5148\u7ea7\u200b\u8f83\u200b\u4f4e\u200b\uff0c\u200b\u4e14\u200b\u65e0\u6cd5\u200b\u4fdd\u8bc1\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u529f\u80fd\u200b\u7a33\u5b9a\u6027\u200b\u548c\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u65e0\u6cd5\u200b\u4fdd\u8bc1\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b\u9a8c\u8bc1\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u200b\u63a8\u8350\u200b\u751f\u4ea7\u200b\u4f7f\u7528\u200b\u3002
\u200b\u5bf9\u4e8e\u200b Beta \u200b\u529f\u80fd\u200b\uff1a
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u6709\u200b\u90e8\u5206\u200b\u6587\u6863\u200b\u548c\u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u4f46\u662f\u200b\u4e0d\u200b\u4fdd\u8bc1\u200b\u5b8c\u6574\u200b\u7684\u200b\u8986\u76d6\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u672a\u6765\u200b\u53ef\u80fd\u200b\u53d1\u751f\u53d8\u5316\u200b\uff0c\u200b\u5347\u7ea7\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u5f71\u54cd\u200b\u7f51\u7edc\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u4f1a\u200b\u88ab\u200b\u6574\u4f53\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b API \u200b\u672a\u6765\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u53d1\u751f\u53d8\u5316\u200b\uff0c\u200b\u5b57\u200b\u6bb5\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u4f1a\u200b\u6574\u4f53\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5f97\u5230\u200b\u793e\u533a\u200b\u7684\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5f97\u5230\u200b\u957f\u671f\u200b\u652f\u6301\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u975e\u5173\u952e\u200b\u4e1a\u52a1\u200b\u4e0a\u200b\u8fdb\u884c\u200b\u4f7f\u7528\u200b\uff0c\u200b\u4f46\u662f\u200b\u7531\u4e8e\u200b\u529f\u80fd\u200b\u548c\u200b API \u200b\u5b58\u5728\u200b\u53d8\u5316\u200b\u7684\u200b\u53ef\u80fd\u200b\uff0c\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u5728\u200b\u5347\u7ea7\u200b\u4e2d\u200b\u51fa\u73b0\u200b\u4e2d\u65ad\u200b\uff0c\u200b\u4e0d\u200b\u63a8\u8350\u200b\u5728\u200b\u5173\u952e\u200b\u751f\u4ea7\u200b\u4e1a\u52a1\u200b\u4e0a\u200b\u4f7f\u7528\u200b\u3002
\u200b\u5bf9\u4e8e\u200b GA \u200b\u529f\u80fd\u200b\uff1a
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u6709\u200b\u5b8c\u6574\u200b\u7684\u200b\u6587\u6863\u200b\u548c\u200b\u6d4b\u8bd5\u200b\u8986\u76d6\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u4fdd\u6301\u7a33\u5b9a\u200b\uff0c\u200b\u5347\u7ea7\u200b\u4f1a\u200b\u4fdd\u8bc1\u200b\u5e73\u6ed1\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b API \u200b\u4e0d\u4f1a\u200b\u53d1\u751f\u200b\u7834\u574f\u6027\u200b\u53d8\u5316\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5f97\u5230\u200b\u793e\u533a\u200b\u9ad8\u200b\u4f18\u5148\u7ea7\u200b\u652f\u6301\u200b\uff0c\u200b\u5e76\u4f1a\u200b\u4fdd\u8bc1\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u3002
"},{"location":"reference/feature-stage/#_3","title":"\u6210\u719f\u5ea6\u200b\u5217\u8868","text":"\u200b\u672c\u200b\u5217\u8868\u200b\u7edf\u8ba1\u200b\u4ece\u200b v1.8 \u200b\u7248\u672c\u200b\u4e2d\u200b\u5305\u542b\u200b\u7684\u200b\u529f\u80fd\u200b\u5bf9\u5e94\u200b\u6210\u719f\u5ea6\u200b\u3002
\u200b\u529f\u80fd\u200b \u200b\u9ed8\u8ba4\u200b\u5f00\u542f\u200b \u200b\u72b6\u6001\u200b \u200b\u5f00\u59cb\u200b\uff08Since\uff09 \u200b\u7ed3\u675f\u200b\uff08Until\uff09 Namespaced Subnet true GA 1.8 \u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b true GA 1.8 \u200b\u4e3b\u4ece\u200b\u6a21\u5f0f\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b true GA 1.8 ECMP \u200b\u6a21\u5f0f\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b false Beta 1.8 \u200b\u5b50\u7f51\u200b ACL true Alpha 1.9 \u200b\u5b50\u7f51\u200b\u9694\u79bb\u200b (\u200b\u672a\u6765\u200b\u4f1a\u200b\u548c\u200b\u5b50\u7f51\u200b ACL \u200b\u5408\u5e76\u200b) true Beta 1.8 Underlay \u200b\u5b50\u7f51\u200b true GA 1.8 \u200b\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406\u200b true Beta 1.8 \u200b\u5b50\u7f51\u200b DHCP false Alpha 1.10 \u200b\u5b50\u7f51\u200b\u8bbe\u7f6e\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b false Alpha 1.8 \u200b\u4f7f\u7528\u200b OVN-IC \u200b\u8fdb\u884c\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b false Beta 1.8 \u200b\u4f7f\u7528\u200b Submariner \u200b\u8fdb\u884c\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b false Alpha 1.9 \u200b\u5b50\u7f51\u200b VIP \u200b\u9884\u7559\u200b true Alpha 1.10 \u200b\u521b\u5efa\u200b\u81ea\u5b9a\u4e49\u200b VPC true Beta 1.8 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u6d6e\u52a8\u200b IP/SNAT/DNAT true Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u9759\u6001\u200b\u8def\u7531\u200b true Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u7b56\u7565\u200b\u8def\u7531\u200b true Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5b89\u5168\u200b\u7ec4\u200b true Alpha 1.10 \u200b\u5bb9\u5668\u200b\u6700\u5927\u200b\u5e26\u5bbd\u200b QoS true GA 1.8 linux-netem QoS true Alpha 1.9 Prometheus \u200b\u96c6\u6210\u200b false GA 1.8 Grafana \u200b\u96c6\u6210\u200b false GA 1.8 \u200b\u53cc\u6808\u200b\u7f51\u7edc\u200b false GA 1.8 \u200b\u9ed8\u8ba4\u200b VPC EIP/SNAT false Beta 1.8 \u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b false GA 1.8 NetworkPolicy true Beta 1.8 Webhook false Alpha 1.10 \u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b false Beta 1.8 Overlay \u200b\u5b50\u7f51\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b false Alpha 1.8 Overlay \u200b\u5b50\u7f51\u200b BGP \u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b false Alpha 1.9 Cilium \u200b\u96c6\u6210\u200b false Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e92\u8054\u200b false Alpha 1.10 Mellanox Offload false Alpha 1.8 \u200b\u82af\u542f\u6e90\u200b Offload false Alpha 1.10 Windows \u200b\u652f\u6301\u200b false Alpha 1.10 DPDK \u200b\u652f\u6301\u200b false Alpha 1.10 OpenStack \u200b\u96c6\u6210\u200b false Alpha 1.9 \u200b\u5355\u4e2a\u200b Pod \u200b\u56fa\u5b9a\u200b IP/Mac true GA 1.8 Workload \u200b\u56fa\u5b9a\u200b IP true GA 1.8 StatefulSet \u200b\u56fa\u5b9a\u200b IP true GA 1.8 VM \u200b\u56fa\u5b9a\u200b IP false Beta 1.9 \u200b\u9ed8\u8ba4\u200b VPC Load Balancer \u200b\u7c7b\u578b\u200b Service false Alpha 1.11 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b false Alpha 1.11 \u200b\u81ea\u5b9a\u4e49\u200b VPC DNS false Alpha 1.11 Underlay \u200b\u548c\u200b Overlay \u200b\u4e92\u901a\u200b false Alpha 1.11 \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/iptables-rules/","title":"Iptables \u200b\u89c4\u5219","text":"Kube-OVN \u200b\u4f7f\u7528\u200b ipset \u200b\u53ca\u200b iptables \u200b\u8f85\u52a9\u200b\u5b9e\u73b0\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\uff08Overlay\uff09\u200b\u7f51\u5173\u200b NAT \u200b\u7684\u200b\u529f\u80fd\u200b\u3002
\u200b\u4f7f\u7528\u200b\u7684\u200b ipset \u200b\u5982\u4e0b\u200b\u8868\u200b\u6240\u793a\u200b\uff1a
\u200b\u540d\u79f0\u200b\uff08IPv4/IPv6\uff09 \u200b\u7c7b\u578b\u200b \u200b\u5b58\u50a8\u200b\u5bf9\u8c61\u200b ovn40services/ovn60services hash:net Service \u200b\u7f51\u6bb5\u200b ovn40subnets/ovn60subnets hash:net Overlay \u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\u4ee5\u53ca\u200b NodeLocal DNS IP \u200b\u5730\u5740\u200b ovn40subnets-nat/ovn60subnets-nat hash:net \u200b\u5f00\u542f\u200b NatOutgoing \u200b\u7684\u200b Overlay \u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b ovn40subnets-distributed-gw/ovn60subnets-distributed-gw hash:net \u200b\u5f00\u542f\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u7684\u200b Overlay \u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b ovn40other-node/ovn60other-node hash:net \u200b\u5176\u5b83\u200b\u8282\u70b9\u200b\u7684\u200b\u5185\u90e8\u200b IP \u200b\u5730\u5740\u200b ovn40local-pod-ip-nat/ovn60local-pod-ip-nat hash:ip \u200b\u5df2\u5f03\u200b\u7528\u200b ovn40subnets-nat-policy hash:net \u200b\u914d\u7f6e\u200b\u4e86\u200b natOutgoingPolicyRules \u200b\u7684\u200b\u6240\u6709\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b ovn40natpr-418e79269dc5-dst hash:net natOutgoingPolicyRules \u200b\u4e2d\u200b rule \u200b\u5bf9\u5e94\u200b\u7684\u200b dstIPs ovn40natpr-418e79269dc5-src hash:net natOutgoingPolicyRules \u200b\u4e2d\u200b rule \u200b\u5bf9\u5e94\u200b\u7684\u200b srcIPs \u200b\u4f7f\u7528\u200b\u7684\u200b iptables \u200b\u89c4\u5219\u200b\uff08IPv4\uff09\u200b\u5982\u4e0b\u200b\u8868\u200b\u6240\u793a\u200b\uff1a
\u200b\u8868\u200b \u200b\u94fe\u200b \u200b\u89c4\u5219\u200b \u200b\u7528\u9014\u200b \u200b\u5907\u6ce8\u200b filter INPUT -m set --match-set ovn40services src -j ACCEPT \u200b\u5141\u8bb8\u200b k8s Service \u200b\u548c\u200b Pod \u200b\u76f8\u5173\u200b\u6d41\u91cf\u200b\u901a\u8fc7\u200b -- filter INPUT -m set --match-set ovn40services dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter INPUT -m set --match-set ovn40subnets src -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter INPUT -m set --match-set ovn40subnets dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40services src -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40services dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40subnets src -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40subnets dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -s 10.16.0.0/16 -m comment --comment \"ovn-subnet-gateway,ovn-default\" \u200b\u7528\u4e8e\u200b\u8ba1\u6570\u200b\u4ece\u200b subnet \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u7684\u200b\u62a5\u6587\u200b 10.16.0.0/16 \u200b\u4e3a\u200b subnet \u200b\u7684\u200b cidr \uff0ccomment \u200b\u4e2d\u200b\u9017\u53f7\u200b\u524d\u9762\u200b\u7684\u200b ovn-subnet-gateway \u200b\u7528\u4e8e\u200b\u6807\u8bc6\u200b\u8be5\u200b iptables \u200b\u89c4\u5219\u200b\u7528\u4e8e\u200b subnet \u200b\u51fa\u5165\u200b\u7f51\u5173\u200b\u62a5\u6587\u200b\u8ba1\u6570\u200b\uff0c\u200b\u9017\u53f7\u200b\u540e\u9762\u200b ovn-default \u200b\u662f\u200b\u8be5\u200b subnet \u200b\u7684\u200b\u540d\u5b57\u200b filter FORWARD -d 10.16.0.0/16 -m comment --comment \"ovn-subnet-gateway,ovn-default\" \u200b\u7528\u4e8e\u200b\u8ba1\u6570\u200b\u4ece\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u8bbf\u95ee\u200b subnet \u200b\u7684\u200b\u62a5\u6587\u200b \u200b\u540c\u200b\u4e0a\u200b filter OUTPUT -p udp -m udp --dport 6081 -j MARK --set-xmark 0x0 \u200b\u6e05\u9664\u200b\u6d41\u91cf\u200b\u6807\u8bb0\u200b\uff0c\u200b\u907f\u514d\u200b\u6267\u884c\u200b SNAT UDP: bad checksum on VXLAN interface nat PREROUTING -m comment --comment \"kube-ovn prerouting rules\" -j OVN-PREROUTING \u200b\u8fdb\u5165\u200b OVN-PREROUTING \u200b\u94fe\u200b\u5904\u7406\u200b -- nat POSTROUTING -m comment --comment \"kube-ovn postrouting rules\" -j OVN-POSTROUTING \u200b\u8fdb\u5165\u200b OVN-POSTROUTING \u200b\u94fe\u200b\u5904\u7406\u200b -- nat OVN-PREROUTING -i ovn0 -m set --match-set ovn40subnets src -m set --match-set ovn40services dst -j MARK --set-xmark 0x4000/0x4000 \u200b\u4e3a\u200b Pod \u200b\u8bbf\u95ee\u200b Service \u200b\u6d41\u91cf\u200b\u6dfb\u52a0\u200b masquerade \u200b\u6807\u8bb0\u200b \u200b\u4f5c\u7528\u200b\u4e8e\u200b\u5173\u95ed\u200b\u5185\u7f6e\u200b LB \u200b\u7684\u200b\u573a\u666f\u200b nat OVN-PREROUTING -p tcp -m addrtype --dst-type LOCAL -m set --match-set KUBE-NODE-PORT-LOCAL-TCP dst -j MARK --set-xmark 0x80000/0x80000 \u200b\u4e3a\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff08TCP\uff09\u200b\u6dfb\u52a0\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b \u200b\u4ec5\u200b kube-proxy \u200b\u4f7f\u7528\u200b ipvs \u200b\u6a21\u5f0f\u200b\u65f6\u200b\u5b58\u5728\u200b nat OVN-PREROUTING -p udp -m addrtype --dst-type LOCAL -m set --match-set KUBE-NODE-PORT-LOCAL-UDP dst -j MARK --set-xmark 0x80000/0x80000 \u200b\u4e3a\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff08UDP\uff09\u200b\u6dfb\u52a0\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b \u200b\u540c\u200b\u4e0a\u200b nat OVN-POSTROUTING -m set --match-set ovn40services src -m set --match-set ovn40subnets dst -m mark --mark 0x4000/0x4000 -j SNAT --to-source \u200b\u5f53\u200b\u8282\u70b9\u200b\u901a\u8fc7\u200b Service IP \u200b\u8bbf\u95ee\u200b Overlay Pod \u200b\u65f6\u200b\uff0c\u200b\u4fdd\u6301\u200b\u6e90\u200b IP \u200b\u4e3a\u200b\u8282\u70b9\u200b IP\u3002 \u200b\u4ec5\u200b kube-proxy \u200b\u4f7f\u7528\u200b ipvs \u200b\u6a21\u5f0f\u200b\u65f6\u200b\u751f\u6548\u200b nat OVN-POSTROUTING -m mark --mark 0x4000/0x4000 -j MASQUERADE \u200b\u4e3a\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b\u7684\u200b\u6d41\u91cf\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m set --match-set ovn40subnets src -m set --match-set ovn40subnets dst -j MASQUERADE \u200b\u4e3a\u200b\u901a\u8fc7\u200b\u8282\u70b9\u200b\u7684\u200b Pod \u200b\u4e4b\u95f4\u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m mark --mark 0x80000/0x80000 -m set --match-set ovn40subnets-distributed-gw dst -j RETURN \u200b\u5bf9\u4e8e\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff0c\u200b\u82e5\u200b Endpoint \u200b\u4f7f\u7528\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u65e0\u9700\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m mark --mark 0x80000/0x80000 -j MASQUERADE \u200b\u5bf9\u4e8e\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff0c\u200b\u82e5\u200b Endpoint \u200b\u4f7f\u7528\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -p tcp -m tcp --tcp-flags SYN NONE -m conntrack --ctstate NEW -j RETURN Pod IP \u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\u65f6\u200b\uff0c\u200b\u4e0d\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -s 10.16.0.0/16 -m set ! --match-set ovn40subnets dst -j SNAT --to-source 192.168.0.101 Pod \u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0c\u200b\u82e5\u200b\u5b50\u7f51\u200b\u5f00\u542f\u200b NatOutgoing \u200b\u4e14\u200b\u4f7f\u7528\u200b\u6307\u5b9a\u200b IP \u200b\u7684\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u6267\u884c\u200b SNAT 10.16.0.0/16 \u200b\u4e3a\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\uff0c192.168.0.101 \u200b\u4e3a\u200b\u6307\u5b9a\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b IP nat OVN-POSTROUTING -m set --match-set ovn40subnets-nat src -m set ! --match-set ovn40subnets dst -j MASQUERADE Pod \u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0c\u200b\u82e5\u200b\u5b50\u7f51\u200b\u5f00\u542f\u200b NatOutgoing\uff0c\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m set --match-set ovn40subnets-nat-policy src -m set ! --match-set ovn40subnets dst -j OVN-NAT-POLICY Pod \u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0c\u200b\u82e5\u200b\u5b50\u7f51\u200b\u5f00\u542f\u200b natOutgoingPolicyRules\uff0c\u200b\u6307\u5b9a\u200b\u7b56\u7565\u200b\u7684\u200b\u62a5\u6587\u200b\u6267\u884c\u200b SNAT \u200b\u914d\u7f6e\u200b\u4e86\u200b natOutgoingPolicyRules \u200b\u5b50\u7f51\u200b\u7684\u200b\u51fa\u5916\u200b\u7f51\u200b\u62a5\u6587\u200b\u7684\u200b\u8fdb\u5165\u200b\u94fe\u200b OVN-NAT-POLICY nat OVN-POSTROUTING -m mark --mark 0x90001/0x90001 -j MASQUERADE --random-fully \u200b\u540c\u200b\u4e0a\u200b \u200b\u4ece\u200b OVN-NAT-POLICY \u200b\u51fa\u6765\u200b\u540e\u200b\uff0c\u200b\u5982\u679c\u200b\u88ab\u200b\u6253\u200b\u4e0a\u200b tag 0x90001/0x90001 \u200b\u5c31\u200b\u4f1a\u200b\u505a\u200b SNAT nat OVN-POSTROUTING -m mark --mark 0x90002/0x90002 -j RETURN \u200b\u540c\u200b\u4e0a\u200b \u200b\u4ece\u200b OVN-NAT-POLICY \u200b\u51fa\u6765\u200b\u540e\u200b, \u200b\u5982\u679c\u200b\u88ab\u200b\u6253\u200b\u4e0a\u200b tag 0x90002/0x90002 \u200b\u4e0d\u4f1a\u200b\u505a\u200b SNAT nat OVN-NAT-POLICY -s 10.0.11.0/24 -m comment --comment natPolicySubnet-net1 -j OVN-NAT-PSUBNET-aa98851157c5 \u200b\u540c\u200b\u4e0a\u200b 10.0.11.0/24 \u200b\u8868\u793a\u200b\u5b50\u7f51\u200b net1 \u200b\u7684\u200b CIDR\uff0c OVN-NAT-PSUBNET-aa98851157c5 \u200b\u8fd9\u6761\u200b\u94fe\u4e0b\u200b\u7684\u200b\u89c4\u5219\u200b\u5c31\u200b\u5bf9\u5e94\u200b\u8fd9\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b natOutgoingPolicyRules \u200b\u914d\u7f6e\u200b nat OVN-NAT-PSUBNET-xxxxxxxxxxxx -m set --match-set ovn40natpr-418e79269dc5-src src -m set --match-set ovn40natpr-418e79269dc5-dst dst -j MARK --set-xmark 0x90002/0x90002 \u200b\u540c\u200b\u4e0a\u200b 418e79269dc5 \u200b\u8868\u793a\u200b natOutgoingPolicyRules \u200b\u4e2d\u200b\u7684\u200b\u4e00\u6761\u200b\u89c4\u5219\u200b\u7684\u200b ID\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b status.natOutgoingPolicyRules[index].RuleID \u200b\u67e5\u770b\u200b\u5230\u200b\uff0c \u200b\u8868\u793a\u200b srcIPs \u200b\u6ee1\u8db3\u200b ovn40natpr-418e79269dc5-src\uff0c dstIPS \u200b\u6ee1\u8db3\u200b ovn40natpr-418e79269dc5-dst \u200b\u4f1a\u200b\u6253\u200b\u4e0a\u200b tag 0x90002 mangle OVN-OUTPUT -d 10.241.39.2/32 -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x90003/0x90003 \u200b\u5c06\u200b kubelet \u200b\u7684\u200b\u63a2\u6d4b\u200b\u6d41\u91cf\u200b\u52a0\u4e0a\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b\u4ece\u800c\u200b\u5f15\u5165\u200b\u5230\u200b tproxy mangle OVN-PREROUTING -d 10.241.39.2/32 -p tcp -m tcp --dport 80 -j TPROXY --on-port 8102 --on-ip 172.18.0.3 --tproxy-mark 0x90004/0x90004 \u200b\u5c06\u200b kubelet \u200b\u7684\u200b\u63a2\u6d4b\u200b\u6d41\u91cf\u200b\u52a0\u4e0a\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b\u4ece\u800c\u200b\u5f15\u5165\u200b\u5230\u200b tproxy \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/kube-ovn-api/","title":"Kube-OVN \u200b\u63a5\u53e3\u200b\u89c4\u8303","text":"\u200b\u57fa\u4e8e\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\uff0c\u200b\u6574\u7406\u200b\u4e86\u200b Kube-OVN \u200b\u652f\u6301\u200b\u7684\u200b CRD \u200b\u8d44\u6e90\u200b\u5217\u8868\u200b\uff0c\u200b\u5217\u51fa\u200b CRD \u200b\u5b9a\u4e49\u200b\u5404\u5b57\u200b\u6bb5\u200b\u7684\u200b\u53d6\u503c\u200b\u7c7b\u578b\u200b\u548c\u200b\u542b\u4e49\u200b\uff0c\u200b\u4ee5\u200b\u4f9b\u53c2\u8003\u200b\u3002
"},{"location":"reference/kube-ovn-api/#condition","title":"\u901a\u7528\u200b\u7684\u200b Condition \u200b\u5b9a\u4e49","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b type String \u200b\u72b6\u6001\u200b\u7c7b\u578b\u200b status String \u200b\u72b6\u6001\u503c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b True\uff0cFalse \u200b\u6216\u200b Unknown reason String \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u7684\u200b\u539f\u56e0\u200b message String \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u7684\u200b\u5177\u4f53\u200b\u4fe1\u606f\u200b lastUpdateTime Time \u200b\u4e0a\u6b21\u200b\u72b6\u6001\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b lastTransitionTime Time \u200b\u4e0a\u6b21\u200b\u72b6\u6001\u200b\u7c7b\u578b\u200b\u53d1\u751f\u53d8\u5316\u200b\u7684\u200b\u65f6\u95f4\u200b \u200b\u5728\u200b\u5404\u200b CRD \u200b\u7684\u200b\u5b9a\u4e49\u200b\u4e2d\u200b\uff0cStatus \u200b\u4e2d\u200b\u7684\u200b Condition \u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u90fd\u200b\u9075\u5faa\u200b\u4e0a\u8ff0\u200b\u683c\u5f0f\u200b\uff0c\u200b\u56e0\u6b64\u200b\u63d0\u524d\u200b\u8fdb\u884c\u200b\u8bf4\u660e\u200b\u3002
"},{"location":"reference/kube-ovn-api/#subnet","title":"Subnet \u200b\u5b9a\u4e49","text":""},{"location":"reference/kube-ovn-api/#subnet_1","title":"Subnet","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Subnet metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec SubnetSpec Subnet \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status SubnetStatus Subnet \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#subnetspec","title":"SubnetSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b default Bool \u200b\u8be5\u200b\u5b50\u7f51\u200b\u662f\u5426\u200b\u4e3a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b vpc String \u200b\u5b50\u7f51\u200b\u6240\u5c5e\u200b Vpc\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b ovn-cluster protocol String IP \u200b\u534f\u8bae\u200b\uff0c\u200b\u53d6\u503c\u200b\u53ef\u4ee5\u200b\u4e3a\u200b IPv4\uff0cIPv6 \u200b\u6216\u200b Dual namespaces []String \u200b\u8be5\u200b\u5b50\u7f51\u200b\u6240\u200b\u7ed1\u5b9a\u200b\u7684\u200b namespace \u200b\u5217\u8868\u200b cidrBlock String \u200b\u5b50\u7f51\u200b\u7684\u200b\u7f51\u6bb5\u200b\u8303\u56f4\u200b\uff0c\u200b\u5982\u200b 10.16.0.0/16 gateway String \u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u8be5\u200b\u5b50\u7f51\u200b CIDRBlock \u200b\u4e0b\u200b\u7684\u200b\u7b2c\u4e00\u4e2a\u200b\u53ef\u7528\u200b\u5730\u5740\u200b excludeIps []String \u200b\u8be5\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u4e0d\u4f1a\u200b\u88ab\u200b\u81ea\u52a8\u200b\u5206\u914d\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b provider String \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b ovn\u3002\u200b\u591a\u200b\u7f51\u5361\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u914d\u7f6e\u200b\u53d6\u503c\u200b\u4e3a\u200b NetworkAttachmentDefinition \u200b\u7684\u200b .\uff0cKube-OVN \u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u8fd9\u4e9b\u200b\u4fe1\u606f\u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u8d44\u6e90\u200b gatewayType String Overlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u7684\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b\uff0c\u200b\u53d6\u503c\u200b\u53ef\u4ee5\u200b\u4e3a\u200b distributed \u200b\u6216\u200b centralized gatewayNode String \u200b\u5f53\u200b\u7f51\u5173\u200b\u6a21\u5f0f\u200b\u4e3a\u200b centralized \u200b\u65f6\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4e3a\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u7684\u200b\u591a\u4e2a\u200b\u8282\u70b9\u200b natOutgoing Bool \u200b\u51fa\u7f51\u200b\u6d41\u91cf\u200b\u662f\u5426\u200b\u8fdb\u884c\u200b NAT\u3002\u200b\u8be5\u200b\u53c2\u6570\u200b\u548c\u200b externalEgressGateway \u200b\u53c2\u6570\u200b\u4e0d\u80fd\u200b\u540c\u65f6\u200b\u8bbe\u7f6e\u200b\u3002 externalEgressGateway String \u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\u3002\u200b\u9700\u8981\u200b\u548c\u5b50\u200b\u7f51\u7f51\u200b\u5173\u8282\u70b9\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u53ef\u8fbe\u57df\u200b\uff0c\u200b\u8be5\u200b\u53c2\u6570\u200b\u548c\u200b natOutgoing \u200b\u53c2\u6570\u200b\u4e0d\u80fd\u200b\u540c\u65f6\u200b\u8bbe\u7f6e\u200b policyRoutingPriority Uint32 \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b\u3002\u200b\u6dfb\u52a0\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4f7f\u7528\u200b\u53c2\u6570\u200b\uff0c\u200b\u63a7\u5236\u200b\u6d41\u91cf\u200b\u7ecf\u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u4e4b\u540e\u200b\uff0c\u200b\u8f6c\u53d1\u200b\u5230\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u5730\u5740\u200b policyRoutingTableID Uint32 \u200b\u4f7f\u7528\u200b\u7684\u200b\u672c\u5730\u200b\u7b56\u7565\u200b\u8def\u7531\u8868\u200b\u7684\u200b TableID\uff0c\u200b\u6bcf\u4e2a\u200b\u5b50\u7f51\u200b\u5747\u200b\u9700\u200b\u4e0d\u540c\u200b\u4ee5\u200b\u907f\u514d\u200b\u51b2\u7a81\u200b private Bool \u200b\u6807\u8bc6\u200b\u8be5\u200b\u5b50\u7f51\u200b\u662f\u5426\u200b\u4e3a\u200b\u79c1\u6709\u200b\u5b50\u7f51\u200b\uff0c\u200b\u79c1\u6709\u200b\u5b50\u7f51\u200b\u9ed8\u8ba4\u200b\u62d2\u7edd\u200b\u5b50\u7f51\u200b\u5916\u200b\u7684\u200b\u5730\u5740\u200b\u8bbf\u95ee\u200b allowSubnets []String \u200b\u5b50\u7f51\u200b\u4e3a\u200b\u79c1\u6709\u200b\u5b50\u7f51\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u5141\u8bb8\u200b\u8bbf\u95ee\u200b\u8be5\u200b\u5b50\u7f51\u200b\u5730\u5740\u200b\u7684\u200b\u96c6\u5408\u200b vlan String \u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\u7684\u200b Vlan \u200b\u540d\u79f0\u200b vips []String \u200b\u5b50\u7f51\u200b\u4e0b\u200b virtual \u200b\u7c7b\u578b\u200b lsp \u200b\u7684\u200b virtual-ip \u200b\u53c2\u6570\u4fe1\u606f\u200b logicalGateway Bool \u200b\u662f\u5426\u200b\u542f\u7528\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b disableGatewayCheck Bool \u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u662f\u5426\u200b\u8df3\u8fc7\u200b\u7f51\u5173\u200b\u8054\u901a\u200b\u6027\u200b\u68c0\u67e5\u200b disableInterConnection Bool \u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u5b50\u7f51\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b enableDHCP Bool \u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp \u200b\u7684\u200b dhcp \u200b\u914d\u7f6e\u200b\u9009\u9879\u200b dhcpV4Options String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv4_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b dhcpV6Options String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv6_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b enableIPv6RA Bool \u200b\u63a7\u5236\u200b\u5b50\u7f51\u200b\u8fde\u63a5\u200b\u8def\u7531\u5668\u200b\u7684\u200b lrp \u200b\u7aef\u53e3\u200b\uff0c\u200b\u662f\u5426\u200b\u914d\u7f6e\u200b ipv6_ra_configs \u200b\u53c2\u6570\u200b ipv6RAConfigs String \u200b\u5b50\u7f51\u200b\u8fde\u63a5\u200b\u8def\u7531\u5668\u200b\u7684\u200b lrp \u200b\u7aef\u53e3\u200b\uff0cipv6_ra_configs \u200b\u53c2\u6570\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b acls []Acl \u200b\u5b50\u7f51\u200b\u5bf9\u5e94\u200b logical-switch \u200b\u5173\u8054\u200b\u7684\u200b acls \u200b\u8bb0\u5f55\u200b u2oInterconnection Bool \u200b\u662f\u5426\u200b\u5f00\u542f\u200b Overlay/Underlay \u200b\u7684\u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b enableLb *Bool \u200b\u63a7\u5236\u200b\u5b50\u7f51\u200b\u5bf9\u5e94\u200b\u7684\u200b logical-switch \u200b\u662f\u5426\u200b\u5173\u8054\u200b load-balancer \u200b\u8bb0\u5f55\u200b enableEcmp Bool \u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u662f\u5426\u200b\u5f00\u542f\u200b ECMP \u200b\u8def\u7531"},{"location":"reference/kube-ovn-api/#acl","title":"Acl","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b direction String Acl \u200b\u9650\u5236\u200b\u65b9\u5411\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b from-lport \u200b\u6216\u8005\u200b to-lport priority Int Acl \u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u53d6\u503c\u200b\u8303\u56f4\u200b 0 \u200b\u5230\u200b 32767 match String Acl \u200b\u89c4\u5219\u200b\u5339\u914d\u200b\u8868\u8fbe\u5f0f\u200b action String Acl \u200b\u89c4\u5219\u200b\u52a8\u4f5c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b allow-related, allow-stateless, allow, drop, reject \u200b\u5176\u4e2d\u200b\u4e00\u4e2a"},{"location":"reference/kube-ovn-api/#subnetstatus","title":"SubnetStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []SubnetCondition \u200b\u5b50\u7f51\u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b v4AvailableIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv4 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v4availableIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv4 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b v4UsingIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv4 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v4usingIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv4 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b v6AvailableIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv6 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v6availableIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv6 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b v6UsingIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv6 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v6usingIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv6 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b sctivateGateway String \u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b\uff0c\u200b\u4e3b\u5907\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u5f53\u524d\u200b\u6b63\u5728\u200b\u5de5\u4f5c\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b dhcpV4OptionsUUID String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv4_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b\u6807\u8bc6\u200b dhcpV6OptionsUUID String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv6_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b\u6807\u8bc6\u200b u2oInterconnectionIP String \u200b\u5f00\u542f\u200b Overlay/Underlay \u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b\u540e\u200b\uff0c\u200b\u6240\u200b\u5360\u7528\u200b\u7684\u200b\u7528\u4e8e\u200b\u4e92\u8054\u200b\u7684\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#ip","title":"IP \u200b\u5b9a\u4e49","text":""},{"location":"reference/kube-ovn-api/#ip_1","title":"IP","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IP metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IPSpec IP \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#ipsepc","title":"IPSepc","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b podName String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u540d\u79f0\u200b namespace String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u6240\u5728\u200b Namespace \u200b\u540d\u79f0\u200b subnet String IP \u200b\u6240\u5c5e\u200b Subnet attachSubnets []String \u200b\u8be5\u4e3b\u200b IP \u200b\u4e0b\u200b\u5176\u4ed6\u200b\u9644\u5c5e\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b\uff08\u200b\u5b57\u200b\u6bb5\u200b\u5e9f\u5f03\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\uff09 nodeName String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u6240\u5728\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b ipAddress String IP \u200b\u5730\u5740\u200b\uff0c\u200b\u53cc\u6808\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u4e3a\u200b v4IP,v6IP \u200b\u683c\u5f0f\u200b v4IPAddress String IPv4 IP \u200b\u5730\u5740\u200b v6IPAddress String IPv6 IP \u200b\u5730\u5740\u200b attachIPs []String \u200b\u8be5\u4e3b\u200b IP \u200b\u4e0b\u200b\u5176\u4ed6\u200b\u9644\u5c5e\u200b IP \u200b\u5730\u5740\u200b\uff08\u200b\u5b57\u200b\u6bb5\u200b\u5e9f\u5f03\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\uff09 macAddress String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u7684\u200b Mac \u200b\u5730\u5740\u200b attachMacs []String \u200b\u8be5\u4e3b\u200b IP \u200b\u4e0b\u200b\u5176\u4ed6\u200b\u9644\u5c5e\u200b Mac \u200b\u5730\u5740\u200b\uff08\u200b\u5b57\u200b\u6bb5\u200b\u5e9f\u5f03\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\uff09 containerID String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u5bf9\u5e94\u200b\u7684\u200b Container ID podType String \u200b\u7279\u6b8a\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b Pod\uff0c\u200b\u53ef\u200b\u4e3a\u200b StatefulSet\uff0cVirtualMachine \u200b\u6216\u7a7a"},{"location":"reference/kube-ovn-api/#underlay","title":"Underlay \u200b\u914d\u7f6e","text":""},{"location":"reference/kube-ovn-api/#vlan","title":"Vlan","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Vlan metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VlanSpec Vlan \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VlanStatus Vlan \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#vlanspec","title":"VlanSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b id Int Vlan tag \u200b\u53f7\u200b\uff0c\u200b\u53d6\u503c\u200b\u8303\u56f4\u200b\u4e3a\u200b 0~4096 provider String Vlan \u200b\u7ed1\u5b9a\u200b\u7684\u200b ProviderNetwork \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#vlanstatus","title":"VlanStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b subnets []String Vlan \u200b\u7ed1\u5b9a\u200b\u7684\u200b\u5b50\u7f51\u200b\u5217\u8868\u200b conditions []VlanCondition Vlan \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#providernetwork","title":"ProviderNetwork","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b ProviderNetwork metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec ProviderNetworkSpec ProviderNetwork \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status ProviderNetworkStatus ProviderNetwork \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#providernetworkspec","title":"ProviderNetworkSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b defaultInterface String \u200b\u8be5\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u63a5\u53e3\u200b\u540d\u79f0\u200b customInterfaces []CustomInterface \u200b\u8be5\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u7279\u6b8a\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b excludeNodes []String \u200b\u8be5\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u4e0d\u4f1a\u200b\u7ed1\u5b9a\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b exchangeLinkName Bool \u200b\u662f\u5426\u200b\u4ea4\u6362\u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u548c\u200b\u5bf9\u5e94\u200b OVS \u200b\u7f51\u6865\u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#custominterface","title":"CustomInterface","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b interface String Underlay \u200b\u4f7f\u7528\u200b\u7f51\u5361\u200b\u63a5\u53e3\u200b\u540d\u79f0\u200b nodes []String \u200b\u4f7f\u7528\u200b\u81ea\u5b9a\u4e49\u200b\u7f51\u5361\u200b\u63a5\u53e3\u200b\u7684\u200b\u8282\u70b9\u200b\u5217\u8868"},{"location":"reference/kube-ovn-api/#providernetworkstatus","title":"ProviderNetworkStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool \u200b\u5f53\u524d\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u662f\u5426\u200b\u8fdb\u5165\u200b\u5c31\u7eea\u200b\u72b6\u6001\u200b readyNodes []String \u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u8fdb\u5165\u200b\u5c31\u7eea\u200b\u72b6\u6001\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b notReadyNodes []String \u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u672a\u200b\u8fdb\u5165\u200b\u5c31\u7eea\u200b\u72b6\u6001\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b vlans []String \u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u7ed1\u5b9a\u200b\u7684\u200b Vlan \u200b\u540d\u79f0\u200b conditions []ProviderNetworkCondition ProviderNetwork \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#vpc","title":"Vpc \u200b\u5b9a\u4e49","text":""},{"location":"reference/kube-ovn-api/#vpc_1","title":"Vpc","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Vpc metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VpcSpec Vpc \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VpcStatus Vpc \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#vpcspec","title":"VpcSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b namespaces []String Vpc \u200b\u7ed1\u5b9a\u200b\u7684\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u5217\u8868\u200b staticRoutes []*StaticRoute Vpc \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u4fe1\u606f\u200b policyRoutes []*PolicyRoute Vpc \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u7684\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4fe1\u606f\u200b vpcPeerings []*VpcPeering Vpc \u200b\u4e92\u8054\u200b\u4fe1\u606f\u200b enableExternal Bool Vpc \u200b\u662f\u5426\u200b\u8fde\u63a5\u200b\u5230\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a"},{"location":"reference/kube-ovn-api/#staticroute","title":"StaticRoute","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b policy String \u200b\u8def\u7531\u200b\u7b56\u7565\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b policySrc \u200b\u6216\u8005\u200b policyDst cidr String \u200b\u8def\u7531\u200b Cidr \u200b\u7f51\u6bb5\u200b nextHopIP String \u200b\u8def\u7531\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#policyroute","title":"PolicyRoute","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b priority Int32 \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b match String \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u5339\u914d\u200b\u6761\u4ef6\u200b action String \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u52a8\u4f5c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b allow\u3001drop \u200b\u6216\u8005\u200b reroute nextHopIP String \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u4fe1\u606f\u200b\uff0cECMP \u200b\u8def\u7531\u200b\u60c5\u51b5\u200b\u4e0b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u5730\u5740\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u9694\u5f00"},{"location":"reference/kube-ovn-api/#vpcpeering","title":"VpcPeering","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b remoteVpc String Vpc \u200b\u4e92\u8054\u200b\u5bf9\u7aef\u200b Vpc \u200b\u540d\u79f0\u200b localConnectIP String Vpc \u200b\u4e92\u8054\u200b\u672c\u7aef\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#vpcstatus","title":"VpcStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []VpcCondition Vpc \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b standby Bool \u200b\u6807\u8bc6\u200b Vpc \u200b\u662f\u5426\u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\uff0cVpc \u200b\u4e0b\u200b\u7684\u200b Subnet \u200b\u9700\u8981\u200b\u7b49\u200b Vpc \u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\u8f6c\u6362\u200b\u518d\u200b\u7ee7\u7eed\u200b\u5904\u7406\u200b default Bool \u200b\u662f\u5426\u662f\u200b\u9ed8\u8ba4\u200b Vpc defaultLogicalSwitch String Vpc \u200b\u4e0b\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b router String Vpc \u200b\u5bf9\u5e94\u200b\u7684\u200b logical-router \u200b\u540d\u79f0\u200b tcpLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b TCP LB \u200b\u4fe1\u606f\u200b udpLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b UDP LB \u200b\u4fe1\u606f\u200b tcpSessionLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b TCP \u200b\u4f1a\u8bdd\u200b\u4fdd\u6301\u200b LB \u200b\u4fe1\u606f\u200b udpSessionLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b UDP \u200b\u4f1a\u8bdd\u200b\u4fdd\u6301\u200b LB \u200b\u4fe1\u606f\u200b subnets []String Vpc \u200b\u4e0b\u200b\u7684\u200b\u5b50\u7f51\u200b\u5217\u8868\u200b vpcPeerings []String Vpc \u200b\u4e92\u8054\u200b\u7684\u200b\u5bf9\u200b\u7aef\u200b Vpc \u200b\u5217\u8868\u200b enableExternal Bool Vpc \u200b\u662f\u5426\u200b\u8fde\u63a5\u200b\u5230\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a"},{"location":"reference/kube-ovn-api/#vpcnatgateway","title":"VpcNatGateway","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b VpcNatGateway metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VpcNatSpec Vpc \u200b\u7f51\u5173\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#vpcnatspec","title":"VpcNatSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b vpc String Vpc \u200b\u7f51\u5173\u200b Pod \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b subnet String Vpc \u200b\u7f51\u5173\u200b Pod \u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b lanIp String Vpc \u200b\u7f51\u5173\u200b Pod \u200b\u6307\u5b9a\u200b\u5206\u914d\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b selector []String \u200b\u6807\u51c6\u200b Kubernetes Selector \u200b\u5339\u914d\u200b\u4fe1\u606f\u200b tolerations []VpcNatToleration \u200b\u6807\u51c6\u200b Kubernetes \u200b\u5bb9\u5fcd\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#vpcnattoleration","title":"VpcNatToleration","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b key String \u200b\u5bb9\u5fcd\u200b\u6c61\u70b9\u200b\u7684\u200b key \u200b\u4fe1\u606f\u200b operator String \u200b\u53d6\u503c\u200b\u4e3a\u200b Exists \u200b\u6216\u8005\u200b Equal value String \u200b\u5bb9\u5fcd\u200b\u6c61\u70b9\u200b\u7684\u200b value \u200b\u4fe1\u606f\u200b effect String \u200b\u5bb9\u5fcd\u200b\u6c61\u70b9\u200b\u7684\u200b\u4f5c\u7528\u200b\u6548\u679c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b NoExecute \u3001NoSchedule \u200b\u6216\u8005\u200b PreferNoSchedule tolerationSeconds Int64 \u200b\u6dfb\u52a0\u200b\u6c61\u70b9\u200b\u540e\u200b\uff0cPod \u200b\u8fd8\u200b\u80fd\u200b\u7ee7\u7eed\u200b\u5728\u200b\u8282\u70b9\u200b\u4e0a\u200b\u8fd0\u884c\u200b\u7684\u200b\u65f6\u95f4\u200b \u200b\u4ee5\u4e0a\u200b\u5bb9\u5fcd\u200b\u5b57\u6bb5\u200b\u7684\u200b\u542b\u4e49\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Kubernetes \u200b\u5b98\u65b9\u200b\u6587\u6863\u200b \u200b\u6c61\u70b9\u200b\u548c\u200b\u5bb9\u5fcd\u5ea6\u200b\u3002
"},{"location":"reference/kube-ovn-api/#iptableseip","title":"IptablesEIP","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesEIP metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesEipSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesEipStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptableseipspec","title":"IptablesEipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b v4ip String IptablesEIP v4 \u200b\u5730\u5740\u200b v6ip String IptablesEIP v6 \u200b\u5730\u5740\u200b macAddress String IptablesEIP crd \u200b\u8bb0\u5f55\u200b\u5206\u914d\u200b\u7684\u200b mac \u200b\u5730\u5740\u200b\uff0c\u200b\u6ca1\u6709\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#iptableseipstatus","title":"IptablesEipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesEIP \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b ip String IptablesEIP \u200b\u4f7f\u7528\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b\u4e86\u200b IPv4 \u200b\u5730\u5740\u200b redo String IptablesEIP crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b nat String IptablesEIP \u200b\u7684\u200b\u4f7f\u7528\u200b\u7c7b\u578b\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b fip\u3001snat \u200b\u6216\u8005\u200b dnat conditions []IptablesEIPCondition IptablesEIP \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#iptablesfiprule","title":"IptablesFIPRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesFIPRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesFIPRuleSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesFIPRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesFIPRuleStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesFIPRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptablesfiprulespec","title":"IptablesFIPRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b eip String IptablesFIPRule \u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u540d\u79f0\u200b internalIp String IptablesFIPRule \u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u90e8\u200b\u7684\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#iptablesfiprulestatus","title":"IptablesFIPRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesFIPRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4ip String IptablesEIP \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b v6ip String IptablesEIP \u200b\u4f7f\u7528\u200b\u7684\u200b v6 IP \u200b\u5730\u5740\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0\u200b redo String IptablesFIPRule crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b conditions []IptablesFIPRuleCondition IptablesFIPRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#iptablessnatrule","title":"IptablesSnatRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesSnatRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesSnatRuleSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesSnatRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesSnatRuleStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesSnatRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptablessnatrulespec","title":"IptablesSnatRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b eip String IptablesSnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u540d\u79f0\u200b internalIp String IptablesSnatRule \u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u90e8\u200b\u7684\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#iptablessnatrulestatus","title":"IptablesSnatRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesSnatRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4ip String IptablesSnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b v6ip String IptablesSnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v6 IP \u200b\u5730\u5740\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0\u200b redo String IptablesSnatRule crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b conditions []IptablesSnatRuleCondition IptablesSnatRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#iptablesdnatrule","title":"IptablesDnatRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesDnatRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesDnatRuleSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesDnatRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesDnatRuleStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesDnatRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptablesdnatrulespec","title":"IptablesDnatRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b eip Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u540d\u79f0\u200b externalPort Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b\u5916\u90e8\u200b\u7aef\u53e3\u200b protocol Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u7684\u200b\u534f\u8bae\u200b\u7c7b\u578b\u200b internalIp Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b\u5185\u90e8\u200b IP \u200b\u5730\u5740\u200b internalPort Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b\u5185\u90e8\u200b\u7aef\u53e3"},{"location":"reference/kube-ovn-api/#iptablesdnatrulestatus","title":"IptablesDnatRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesDnatRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4ip String IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b v6ip String IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v6 IP \u200b\u5730\u5740\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0\u200b redo String IptablesDnatRule crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b conditions []IptablesDnatRuleCondition IptablesDnatRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#vpcdns","title":"VpcDns","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b VpcDns metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VpcDnsSpec VpcDns \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VpcDnsStatus VpcDns \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#vpcdnsspec","title":"VpcDnsSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b vpc String VpcDns \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b subnet String VpcDns Pod \u200b\u5206\u914d\u200b\u5730\u5740\u200b\u7684\u200b Subnet \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#vpcdnsstatus","title":"VpcDnsStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []VpcDnsCondition VpcDns \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b active Bool VpcDns \u200b\u662f\u5426\u200b\u6b63\u5728\u200b\u4f7f\u7528\u200b VpcDns \u200b\u7684\u200b\u8be6\u7ec6\u200b\u4f7f\u7528\u200b\u6587\u6863\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b \u200b\u81ea\u5b9a\u4e49\u200b VPC DNS\u3002
"},{"location":"reference/kube-ovn-api/#switchlbrule","title":"SwitchLBRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b SwitchLBRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec SwitchLBRuleSpec SwitchLBRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status SwitchLBRuleStatus SwitchLBRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#switchlbrulespec","title":"SwitchLBRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b vip String SwitchLBRule \u200b\u914d\u7f6e\u200b\u7684\u200b vip \u200b\u5730\u5740\u200b namespace String SwitchLBRule \u200b\u7684\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b selector []String \u200b\u6807\u51c6\u200b Kubernetes Selector \u200b\u5339\u914d\u200b\u4fe1\u606f\u200b sessionAffinity String \u200b\u6807\u51c6\u200b Kubernetes Service \u200b\u4e2d\u200b sessionAffinity \u200b\u53d6\u503c\u200b ports []SlrPort SwitchLBRule \u200b\u7aef\u53e3\u200b\u5217\u8868\u200b SwitchLBRule \u200b\u7684\u200b\u8be6\u7ec6\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u3002
"},{"location":"reference/kube-ovn-api/#slrport","title":"SlrPort","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b name String \u200b\u7aef\u53e3\u200b\u540d\u79f0\u200b port Int32 \u200b\u7aef\u53e3\u53f7\u200b targetPort Int32 \u200b\u76ee\u6807\u200b\u7aef\u53e3\u53f7\u200b protocol String \u200b\u534f\u8bae\u200b\u7c7b\u578b"},{"location":"reference/kube-ovn-api/#switchlbrulestatus","title":"SwitchLBRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []SwitchLBRuleCondition SwitchLBRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b ports String SwitchLBRule \u200b\u7aef\u53e3\u200b\u4fe1\u606f\u200b service String SwitchLBRule \u200b\u63d0\u4f9b\u200b\u670d\u52a1\u200b\u7684\u200b service \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#vip","title":"\u5b89\u5168\u200b\u7ec4\u4e0e\u200b Vip","text":""},{"location":"reference/kube-ovn-api/#securitygroup","title":"SecurityGroup","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b SecurityGroup metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec SecurityGroupSpec \u200b\u5b89\u5168\u200b\u7ec4\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status SecurityGroupStatus \u200b\u5b89\u5168\u200b\u7ec4\u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#securitygroupspec","title":"SecurityGroupSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ingressRules []*SgRule \u200b\u5165\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b egressRules []*SgRule \u200b\u51fa\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b allowSameGroupTraffic Bool \u200b\u540c\u4e00\u200b\u5b89\u5168\u200b\u7ec4\u5185\u200b\u7684\u200b lsp \u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u4e92\u901a\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u6d41\u91cf\u200b\u89c4\u5219\u200b\u662f\u5426\u200b\u9700\u8981\u200b\u66f4\u65b0"},{"location":"reference/kube-ovn-api/#sgrule","title":"SgRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ipVersion String IP \u200b\u7248\u672c\u53f7\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b ipv4 \u200b\u6216\u8005\u200b ipv6 protocol String \u200b\u53d6\u503c\u200b\u4e3a\u200b all\u3001icmp\u3001tcp \u200b\u6216\u8005\u200b udp priority Int Acl \u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u53d6\u503c\u200b\u8303\u56f4\u200b\u4e3a\u200b 1-200\uff0c\u200b\u6570\u503c\u200b\u8d8a\u5c0f\u200b\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u8d8a\u9ad8\u200b remoteType String \u200b\u53d6\u503c\u200b\u4e3a\u200b address \u200b\u6216\u8005\u200b securityGroup remoteAddress String \u200b\u5bf9\u7aef\u200b\u5730\u5740\u200b remoteSecurityGroup String \u200b\u5bf9\u7aef\u200b\u5b89\u5168\u200b\u7ec4\u200b portRangeMin Int \u200b\u7aef\u53e3\u200b\u8303\u56f4\u200b\u8d77\u59cb\u503c\u200b\uff0c\u200b\u6700\u5c0f\u200b\u53d6\u503c\u200b\u4e3a\u200b 1 portRangeMax Int \u200b\u7aef\u53e3\u200b\u8303\u56f4\u200b\u6700\u5927\u503c\u200b\uff0c\u200b\u6700\u5927\u200b\u53d6\u503c\u200b\u4e3a\u200b 65535 policy String \u200b\u53d6\u503c\u200b\u4e3a\u200b allow \u200b\u6216\u8005\u200b drop"},{"location":"reference/kube-ovn-api/#securitygroupstatus","title":"SecurityGroupStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b portGroup String \u200b\u5b89\u5168\u200b\u7ec4\u200b\u5bf9\u5e94\u200b\u7684\u200b port-group \u200b\u540d\u79f0\u200b allowSameGroupTraffic Bool \u200b\u540c\u4e00\u200b\u5b89\u5168\u200b\u7ec4\u5185\u200b\u7684\u200b lsp \u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u4e92\u901a\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u6d41\u91cf\u200b\u89c4\u5219\u200b\u662f\u5426\u200b\u9700\u8981\u200b\u66f4\u65b0\u200b ingressMd5 String \u200b\u5165\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b MD5 \u200b\u53d6\u503c\u200b egressMd5 String \u200b\u51fa\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b MD5 \u200b\u53d6\u503c\u200b ingressLastSyncSuccess Bool \u200b\u5165\u200b\u65b9\u5411\u200b\u89c4\u5219\u200b\u4e0a\u200b\u4e00\u6b21\u200b\u540c\u6b65\u200b\u662f\u5426\u200b\u6210\u529f\u200b egressLastSyncSuccess Bool \u200b\u51fa\u200b\u65b9\u5411\u200b\u89c4\u5219\u200b\u4e0a\u200b\u4e00\u6b21\u200b\u540c\u6b65\u200b\u662f\u5426\u200b\u6210\u529f"},{"location":"reference/kube-ovn-api/#vip_1","title":"Vip","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Vip metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VipSpec Vip \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VipStatus Vip \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#vipspec","title":"VipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b namespace String Vip \u200b\u6240\u5728\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b subnet String Vip \u200b\u6240\u5c5e\u200b\u5b50\u7f51\u200b v4ip String Vip v4 IP \u200b\u5730\u5740\u200b v6ip String Vip v6 IP \u200b\u5730\u5740\u200b macAddress String Vip mac \u200b\u5730\u5740\u200b parentV4ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b parentV6ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b parentMac String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b attachSubnets []String \u200b\u8be5\u5b57\u6bb5\u200b\u5e9f\u5f03\u200b\uff0c\u200b\u4e0d\u518d\u200b\u4f7f\u7528"},{"location":"reference/kube-ovn-api/#vipstatus","title":"VipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []VipCondition Vip \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b ready Bool Vip \u200b\u662f\u5426\u200b\u51c6\u5907\u200b\u597d\u200b v4ip String Vip v4 IP \u200b\u5730\u5740\u200b\uff0c\u200b\u5e94\u8be5\u200b\u548c\u200b spec \u200b\u5b57\u200b\u6bb5\u200b\u53d6\u503c\u200b\u4e00\u81f4\u200b v6ip String Vip v6 IP \u200b\u5730\u5740\u200b\uff0c\u200b\u5e94\u8be5\u200b\u548c\u200b spec \u200b\u5b57\u200b\u6bb5\u200b\u53d6\u503c\u200b\u4e00\u81f4\u200b mac String Vip mac \u200b\u5730\u5740\u200b\uff0c\u200b\u5e94\u8be5\u200b\u548c\u200b spec \u200b\u5b57\u200b\u6bb5\u200b\u53d6\u503c\u200b\u4e00\u81f4\u200b pv4ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b pv6ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b pmac String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528"},{"location":"reference/kube-ovn-api/#ovneip","title":"OvnEip","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b OvnEip metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec OvnEipSpec \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnEip \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status OvnEipStatus \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnEip \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#ovneipspec","title":"OvnEipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b externalSubnet String OvnEip \u200b\u6240\u5728\u200b\u7684\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b v4ip String OvnEip IP \u200b\u5730\u5740\u200b macAddress String OvnEip Mac \u200b\u5730\u5740\u200b type String OvnEip \u200b\u4f7f\u7528\u200b\u7c7b\u578b\u200b\uff0c\u200b\u53d6\u503c\u200b\u6709\u200b fip\u3001snat \u200b\u6216\u8005\u200b lrp"},{"location":"reference/kube-ovn-api/#ovneipstatus","title":"OvnEipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []OvnEipCondition \u200b\u9ed8\u8ba4\u200b Vpc OvnEip \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b v4ip String OvnEip \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b macAddress String OvnEip \u200b\u4f7f\u7528\u200b\u7684\u200b Mac \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#ovnfip","title":"OvnFip","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b OvnFip metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec OvnFipSpec \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnFip \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status OvnFipStatus \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnFip \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#ovnfipspec","title":"OvnFipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ovnEip String OvnFip \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u540d\u79f0\u200b ipName String OvnFip \u200b\u7ed1\u5b9a\u200b Pod \u200b\u5bf9\u5e94\u200b\u7684\u200b IP crd \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#ovnfipstatus","title":"OvnFipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool OvnFip \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4Eip String OvnFip \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u540d\u79f0\u200b v4Ip String OvnFip \u200b\u5f53\u524d\u200b\u4f7f\u7528\u200b\u7684\u200b OvnEip \u200b\u5730\u5740\u200b macAddress String OvnFip \u200b\u914d\u7f6e\u200b\u7684\u200b Mac \u200b\u5730\u5740\u200b vpc String OvnFip \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b conditions []OvnFipCondition OvnFip \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#ovnsnatrule","title":"OvnSnatRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b OvnSnatRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec OvnSnatRuleSpec \u200b\u9ed8\u8ba4\u200b Vpc OvnSnatRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status OvnSnatRuleStatus \u200b\u9ed8\u8ba4\u200b Vpc OvnSnatRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#ovnsnatrulespec","title":"OvnSnatRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ovnEip String OvnSnatRule \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u540d\u79f0\u200b vpcSubnet String OvnSnatRule \u200b\u914d\u7f6e\u200b\u7684\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b ipName String OvnSnatRule \u200b\u7ed1\u5b9a\u200b Pod \u200b\u5bf9\u5e94\u200b\u7684\u200b IP crd \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#ovnsnatrulestatus","title":"OvnSnatRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool OvnSnatRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4Eip String OvnSnatRule \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u5730\u5740\u200b v4IpCidr String \u200b\u5728\u200b logical-router \u200b\u4e2d\u200b\u914d\u7f6e\u200b snat \u200b\u8f6c\u6362\u200b\u4f7f\u7528\u200b\u7684\u200b cidr \u200b\u5730\u5740\u200b vpc String OvnSnatRule \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b conditions []OvnSnatRuleCondition OvnSnatRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/kube-ovn-pinger-args/","title":"Kube-OVN-Pinger \u200b\u53c2\u6570\u200b\u53c2\u8003","text":"\u200b\u57fa\u4e8e\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\uff0c\u200b\u6574\u7406\u200b\u4e86\u200b Kube-ovn-pinger \u200b\u652f\u6301\u200b\u7684\u200b\u53c2\u6570\u200b\uff0c\u200b\u5217\u51fa\u200b\u53c2\u6570\u200b\u5b9a\u4e49\u200b\u5404\u5b57\u200b\u6bb5\u200b\u7684\u200b\u53d6\u503c\u200b\u7c7b\u578b\u200b\uff0c\u200b\u542b\u4e49\u200b\u548c\u200b\u9ed8\u8ba4\u503c\u200b\uff0c\u200b\u4ee5\u200b\u4f9b\u53c2\u8003\u200b
"},{"location":"reference/kube-ovn-pinger-args/#_1","title":"\u53c2\u6570\u200b\u63cf\u8ff0","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b \u200b\u9ed8\u8ba4\u503c\u200b port Int metrics \u200b\u7aef\u53e3\u200b 8080 kubeconfig String \u200b\u5177\u6709\u200b\u8ba4\u8bc1\u200b\u4fe1\u606f\u200b\u7684\u200b kubeconfig \u200b\u6587\u4ef6\u200b\u8def\u5f84\u200b\uff0c \u200b\u5982\u679c\u200b\u672a\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u4f7f\u7528\u200b inCluster \u200b\u4ee4\u724c\u200b\u3002 \"\" ds-namespace String kube-ovn-pinger \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b \"kube-system\" ds-name String kube-ovn-pinger \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u540d\u5b57\u200b \"kube-ovn-pinger\" interval Int \u200b\u8fde\u7eed\u200b ping \u200b\u4e4b\u95f4\u200b\u7684\u200b\u95f4\u9694\u200b\u79d2\u6570\u200b 5 mode String \u200b\u670d\u52a1\u5668\u200b\u6216\u200b\u5de5\u4f5c\u200b\u6a21\u5f0f\u200b \"server\" exit-code Int \u200b\u5931\u8d25\u200b\u65f6\u200b\u9000\u51fa\u200b\u4ee3\u7801\u200b 0 internal-dns String \u200b\u4ece\u200b pod \u200b\u5185\u200b\u89e3\u6790\u200b\u5185\u90e8\u200b dns \"kubernetes.default\" external-dns String \u200b\u4ece\u200b pod \u200b\u5185\u200b\u89e3\u6790\u200b\u5916\u90e8\u200b dns \"\" external-address String \u200b\u68c0\u67e5\u200b\u4e0e\u200b\u5916\u90e8\u200b\u5730\u5740\u200b\u7684\u200b ping \u200b\u8fde\u901a\u200b \"114.114.114.114\" network-mode String \u200b\u5f53\u524d\u200b\u96c6\u7fa4\u200b\u4f7f\u7528\u200b\u7684\u200b cni \u200b\u63d2\u4ef6\u200b \"kube-ovn\" enable-metrics Bool \u200b\u662f\u5426\u200b\u652f\u6301\u200b metrics \u200b\u67e5\u8be2\u200b true ovs.timeout Int \u200b\u5bf9\u200b OVS \u200b\u7684\u200b JSON-RPC \u200b\u8bf7\u6c42\u200b\u8d85\u65f6\u200b\u3002 2 system.run.dir String OVS \u200b\u9ed8\u8ba4\u200b\u8fd0\u884c\u200b\u76ee\u5f55\u200b\u3002 \"/var/run/openvswitch\" database.vswitch.name String OVS \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u540d\u79f0\u200b\u3002 \"Open_vSwitch\" database.vswitch.socket.remote String JSON-RPC unix \u200b\u5957\u200b\u63a5\u5b57\u200b\u5230\u200b OVS \u200b\u6570\u636e\u5e93\u200b\u3002 \"unix:/var/run/openvswitch/db.sock\" database.vswitch.file.data.path String OVS \u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u3002 \"/etc/openvswitch/conf.db\" database.vswitch.file.log.path String OVS \u200b\u6570\u636e\u5e93\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u200b\u3002 \"/var/log/openvswitch/ovsdb-server.log\" database.vswitch.file.pid.path String OVS \u200b\u6570\u636e\u5e93\u200b\u8fdb\u7a0b\u200b ID \u200b\u6587\u4ef6\u200b\u3002 \"/var/run/openvswitch/ovsdb-server.pid\" database.vswitch.file.system.id.path String OVS \u200b\u7cfb\u7edf\u200b\u6807\u8bc6\u200b\u6587\u4ef6\u200b\u3002 \"/etc/openvswitch/system-id.conf\" service.vswitchd.file.log.path String OVS vswitchd \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u200b\u3002 \"/var/log/openvswitch/ovs-vswitchd.log\" service.vswitchd.file.pid.path String OVS vswitchd \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u8fdb\u7a0b\u200b ID \u200b\u6587\u4ef6\u200b\u3002 \"/var/run/openvswitch/ovs-vswitchd.pid\" service.ovncontroller.file.log.path String OVN \u200b\u63a7\u5236\u5668\u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u200b\u3002 \"/var/log/ovn/ovn-controller.log\" service.ovncontroller.file.pid.path String OVN \u200b\u63a7\u5236\u5668\u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u8fdb\u7a0b\u200b ID \u200b\u6587\u4ef6\u200b\u3002 \"/var/run/ovn/ovn-controller.pid\" \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/metrics/","title":"Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u5217\u4e3e\u200b Kube-OVN \u200b\u6240\u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
"},{"location":"reference/metrics/#ovn-monitor","title":"ovn-monitor","text":"OVN \u200b\u81ea\u8eab\u200b\u72b6\u6001\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Gauge kube_ovn_ovn_status OVN \u200b\u89d2\u8272\u200b\u72b6\u6001\u200b\uff0c (2) \u200b\u4e3a\u200b follower\uff1b (1) \u200b\u4e3a\u200b leader, (0) \u200b\u4e3a\u200b\u5f02\u5e38\u200b\u72b6\u6001\u200b\u3002 Gauge kube_ovn_failed_req_count OVN \u200b\u5931\u8d25\u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_log_file_size_bytes OVN \u200b\u7ec4\u4ef6\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge kube_ovn_db_file_size_bytes OVN \u200b\u7ec4\u4ef6\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge kube_ovn_chassis_info OVN chassis \u200b\u72b6\u6001\u200b (1) \u200b\u8fd0\u884c\u200b\u4e2d\u200b\uff0c(0) \u200b\u505c\u6b62\u200b\u3002 Gauge kube_ovn_db_status OVN \u200b\u6570\u636e\u5e93\u200b\u72b6\u6001\u200b, (1) \u200b\u4e3a\u200b\u6b63\u5e38\u200b\uff1b (0) \u200b\u4e3a\u200b\u5f02\u5e38\u200b\u3002 Gauge kube_ovn_logical_switch_info OVN logical switch \u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b logical switch \u200b\u540d\u5b57\u200b\u3002 Gauge kube_ovn_logical_switch_external_id OVN logical switch external_id \u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b external-id \u200b\u5185\u5bb9\u200b\u3002 Gauge kube_ovn_logical_switch_port_binding OVN logical switch \u200b\u548c\u200b logical switch port \u200b\u5173\u8054\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u901a\u8fc7\u200b\u6807\u7b7e\u200b\u8fdb\u884c\u200b\u5173\u8054\u200b\u3002 Gauge kube_ovn_logical_switch_tunnel_key \u200b\u548c\u200b OVN logical switch \u200b\u5173\u8054\u200b\u7684\u200b tunnel key \u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_logical_switch_ports_num OVN logical switch \u200b\u4e0a\u200b logical port \u200b\u7684\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_logical_switch_port_info OVN logical switch port \u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5177\u4f53\u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_logical_switch_port_tunnel_key \u200b\u548c\u200b OVN logical switch port \u200b\u5173\u8054\u200b\u7684\u200b tunnel key \u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_enabled (1) OVN \u200b\u6570\u636e\u5e93\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u6a21\u5f0f\u200b\uff1b (0) OVN \u200b\u6570\u636e\u5e93\u200b\u4e3a\u200b\u975e\u200b\u96c6\u7fa4\u200b\u6a21\u5f0f\u200b\u3002 Gauge kube_ovn_cluster_role \u200b\u6bcf\u4e2a\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u89d2\u8272\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u89d2\u8272\u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_status \u200b\u6bcf\u4e2a\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u72b6\u6001\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u72b6\u6001\u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_term RAFT term \u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_leader_self \u200b\u5f53\u524d\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u662f\u5426\u200b\u4e3a\u200b leader (1) \u200b\u662f\u200b\uff0c (0) \u200b\u4e0d\u662f\u200b\u3002 Gauge kube_ovn_cluster_vote_self \u200b\u5f53\u524d\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u662f\u5426\u200b\u9009\u4e3e\u200b\u81ea\u5df1\u200b\u4e3a\u200b leader (1) \u200b\u662f\u200b\uff0c (0) \u200b\u4e0d\u662f\u200b\u3002 Gauge kube_ovn_cluster_election_timer \u200b\u5f53\u524d\u200b election timer \u200b\u503c\u200b\u3002 Gauge kube_ovn_cluster_log_not_committed \u200b\u672a\u200b commit \u200b\u7684\u200b RAFT \u200b\u65e5\u5fd7\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_log_not_applied \u200b\u672a\u200b apply \u200b\u7684\u200b RAFT \u200b\u65e5\u5fd7\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_log_index_start \u200b\u5f53\u524d\u200b RAFT \u200b\u65e5\u5fd7\u200b\u6761\u200b\u76ee\u7684\u200b\u8d77\u59cb\u503c\u200b\u3002 Gauge kube_ovn_cluster_log_index_next RAFT \u200b\u65e5\u5fd7\u200b\u6761\u200b\u76ee\u7684\u200b\u4e0b\u200b\u4e00\u4e2a\u200b\u503c\u200b\u3002 Gauge kube_ovn_cluster_inbound_connections_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u5165\u200b\u5411\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_outbound_connections_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u51fa\u200b\u5411\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_inbound_connections_error_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u5165\u200b\u5411\u200b\u9519\u8bef\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_outbound_connections_error_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u51fa\u200b\u5411\u200b\u9519\u8bef\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#ovs-monitor","title":"ovs-monitor","text":"ovsdb \u200b\u548c\u200b vswitchd \u200b\u81ea\u8eab\u200b\u72b6\u6001\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Gauge ovs_status OVS \u200b\u5065\u5eb7\u200b\u72b6\u6001\u200b\uff0c (1) \u200b\u4e3a\u200b\u6b63\u5e38\u200b\uff0c(0) \u200b\u4e3a\u200b\u5f02\u5e38\u200b\u3002 Gauge ovs_info OVS \u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge failed_req_count OVS \u200b\u5931\u8d25\u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Gauge log_file_size OVS \u200b\u7ec4\u4ef6\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge db_file_size OVS \u200b\u7ec4\u4ef6\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge datapath Datapath \u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge dp_total \u200b\u5f53\u524d\u200b OVS \u200b\u4e2d\u200b datapath \u200b\u6570\u91cf\u200b\u3002 Gauge dp_if Datapath \u200b\u63a5\u53e3\u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge dp_if_total \u200b\u5f53\u524d\u200b datapath \u200b\u4e2d\u200b port \u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_total Datapath \u200b\u4e2d\u200b flow \u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_lookup_hit Datapath \u200b\u4e2d\u200b\u547d\u4e2d\u200b\u5f53\u524d\u200b flow \u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_lookup_missed Datapath \u200b\u4e2d\u672a\u200b\u547d\u4e2d\u200b\u5f53\u524d\u200b flow \u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_lookup_lost Datapath \u200b\u4e2d\u200b\u9700\u8981\u200b\u53d1\u9001\u7ed9\u200b userspace \u200b\u5904\u7406\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_masks_hit Datapath \u200b\u4e2d\u200b\u547d\u4e2d\u200b\u5f53\u524d\u200b mask \u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_masks_total Datapath \u200b\u4e2d\u200b mask \u200b\u7684\u200b\u6570\u91cf\u200b\u3002 Gauge dp_masks_hit_ratio Datapath \u200b\u4e2d\u200b \u200b\u6570\u636e\u5305\u200b\u547d\u4e2d\u200b mask \u200b\u7684\u200b\u6bd4\u7387\u200b\u3002 Gauge interface OVS \u200b\u63a5\u53e3\u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge interface_admin_state \u200b\u63a5\u53e3\u200b\u7ba1\u7406\u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b (0) \u200b\u4e3a\u200b down, (1) \u200b\u4e3a\u200b up, (2) \u200b\u4e3a\u200b\u5176\u4ed6\u200b\u72b6\u6001\u200b\u3002 Gauge interface_link_state \u200b\u63a5\u53e3\u200b\u94fe\u8def\u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b (0) \u200b\u4e3a\u200b down, (1) \u200b\u4e3a\u200b up, (2) \u200b\u4e3a\u200b\u5176\u4ed6\u200b\u72b6\u6001\u200b\u3002 Gauge interface_mac_in_use OVS Interface \u200b\u4f7f\u7528\u200b\u7684\u200b MAC \u200b\u5730\u5740\u200b Gauge interface_mtu OVS Interface \u200b\u4f7f\u7528\u200b\u7684\u200b MTU\u3002 Gauge interface_of_port OVS Interface \u200b\u5173\u8054\u200b\u7684\u200b OpenFlow Port ID\u3002 Gauge interface_if_index OVS Interface \u200b\u5173\u8054\u200b\u7684\u200b Index\u3002 Gauge interface_tx_packets OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge interface_tx_bytes OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u5927\u5c0f\u200b\u3002 Gauge interface_rx_packets OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_bytes OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u5927\u5c0f\u200b\u3002 Gauge interface_rx_crc_err OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u6821\u9a8c\u200b\u548c\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_dropped OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u4e22\u5f03\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_errors OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_frame_err OVS Interface \u200b\u63a5\u6536\u200b\u5e27\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_missed_err OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b miss \u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_over_err OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b overrun \u200b\u6570\u91cf\u200b\u3002 Gauge interface_tx_dropped OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u4e22\u5f03\u200b\u6570\u91cf\u200b\u3002 Gauge interface_tx_errors OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_collisions OVS interface \u200b\u51b2\u7a81\u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#kube-ovn-pinger","title":"kube-ovn-pinger","text":"\u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Gauge pinger_ovs_up \u200b\u8282\u70b9\u200b OVS \u200b\u8fd0\u884c\u200b\u3002 Gauge pinger_ovs_down \u200b\u8282\u70b9\u200b OVS \u200b\u505c\u6b62\u200b\u3002 Gauge pinger_ovn_controller_up \u200b\u8282\u70b9\u200b ovn-controller \u200b\u8fd0\u884c\u200b\u3002 Gauge pinger_ovn_controller_down \u200b\u8282\u70b9\u200b ovn-controller \u200b\u505c\u6b62\u200b\u3002 Gauge pinger_inconsistent_port_binding OVN-SB \u200b\u91cc\u200b portbinding \u200b\u6570\u91cf\u200b\u548c\u200b\u4e3b\u673a\u200b OVS interface \u200b\u4e0d\u200b\u4e00\u81f4\u200b\u7684\u200b\u6570\u91cf\u200b\u3002 Gauge pinger_apiserver_healthy kube-ovn-pinger \u200b\u53ef\u4ee5\u200b\u8054\u901a\u200b apiserver\u3002 Gauge pinger_apiserver_unhealthy kube-ovn-pinger \u200b\u65e0\u6cd5\u200b\u8054\u901a\u200b apiserver\u3002 Histogram pinger_apiserver_latency_ms kube-ovn-pinger \u200b\u8bbf\u95ee\u200b apiserver \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_internal_dns_healthy kube-ovn-pinger \u200b\u53ef\u4ee5\u200b\u89e3\u6790\u200b\u5185\u90e8\u200b\u57df\u540d\u200b\u3002 Gauge pinger_internal_dns_unhealthy kube-ovn-pinger \u200b\u65e0\u6cd5\u200b\u89e3\u6790\u200b\u5185\u90e8\u200b\u57df\u540d\u200b\u3002 Histogram pinger_internal_dns_latency_ms kube-ovn-pinger \u200b\u89e3\u6790\u200b\u5185\u90e8\u200b\u57df\u540d\u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_external_dns_health kube-ovn-pinger \u200b\u53ef\u4ee5\u200b\u89e3\u6790\u200b\u5916\u90e8\u200b\u57df\u540d\u200b\u3002 Gauge pinger_external_dns_unhealthy kube-ovn-pinger \u200b\u65e0\u6cd5\u200b\u89e3\u6790\u200b\u5916\u90e8\u200b\u57df\u540d\u200b\u3002 Histogram pinger_external_dns_latency_ms kube-ovn-pinger \u200b\u89e3\u6790\u200b\u5916\u90e8\u200b\u57df\u540d\u200b\u5ef6\u8fdf\u200b\u3002 Histogram pinger_pod_ping_latency_ms kube-ovn-pinger ping Pod \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_pod_ping_lost_total kube-ovn-pinger ping Pod \u200b\u4e22\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge pinger_pod_ping_count_total kube-ovn-pinger ping Pod \u200b\u6570\u91cf\u200b\u3002 Histogram pinger_node_ping_latency_ms kube-ovn-pinger ping Node \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_node_ping_lost_total kube-ovn-pinger ping Node \u200b\u4e22\u5305\u200b\u3002 Gauge pinger_node_ping_count_total kube-ovn-pinger ping Node \u200b\u6570\u91cf\u200b\u3002 Histogram pinger_external_ping_latency_ms kube-ovn-pinger ping \u200b\u5916\u90e8\u200b\u5730\u5740\u200b \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_external_lost_total kube-ovn-pinger ping \u200b\u5916\u90e8\u200b\u4e22\u5305\u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#kube-ovn-controller","title":"kube-ovn-controller","text":"kube-ovn-controller \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Histogram rest_client_request_latency_seconds \u200b\u8bf7\u6c42\u200b apiserver \u200b\u5ef6\u8fdf\u200b\u3002 Counter rest_client_requests_total \u200b\u8bf7\u6c42\u200b apiserver \u200b\u6570\u91cf\u200b\u3002 Counter lists_total API list \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary list_duration_seconds API list \u200b\u8bf7\u6c42\u200b\u5ef6\u8fdf\u200b\u3002 Summary items_per_list API list \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Counter watches_total API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Counter short_watches_total \u200b\u77ed\u65f6\u95f4\u200b API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary watch_duration_seconds API watch \u200b\u6301\u7eed\u65f6\u95f4\u200b\u3002 Summary items_per_watch API watch \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Gauge last_resource_version \u200b\u6700\u65b0\u200b\u7684\u200b resource version\u3002 Histogram ovs_client_request_latency_milliseconds \u200b\u8bf7\u6c42\u200b OVN \u200b\u7ec4\u4ef6\u200b\u5ef6\u8fdf\u200b\u3002 Gauge subnet_available_ip_count \u200b\u5b50\u7f51\u200b\u53ef\u7528\u200b IP \u200b\u6570\u91cf\u200b\u3002 Gauge subnet_used_ip_count \u200b\u5b50\u7f51\u200b\u5df2\u200b\u7528\u200b IP \u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#kube-ovn-cni","title":"kube-ovn-cni","text":"kube-ovn-cni \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Histogram cni_op_latency_seconds CNI \u200b\u64cd\u4f5c\u200b\u5ef6\u8fdf\u200b\u3002 Counter cni_wait_address_seconds_total CNI \u200b\u7b49\u5f85\u200b\u5730\u5740\u200b\u5c31\u7eea\u200b\u65f6\u95f4\u200b\u3002 Counter cni_wait_connectivity_seconds_total CNI \u200b\u7b49\u5f85\u200b\u8fde\u63a5\u200b\u5c31\u7eea\u200b\u65f6\u95f4\u200b\u3002 Counter cni_wait_route_seconds_total CNI \u200b\u7b49\u5f85\u200b\u8def\u7531\u200b\u5c31\u7eea\u200b\u65f6\u95f4\u200b\u3002 Histogram rest_client_request_latency_seconds \u200b\u8bf7\u6c42\u200b apiserver \u200b\u5ef6\u8fdf\u200b\u3002 Counter rest_client_requests_total \u200b\u8bf7\u6c42\u200b apiserver \u200b\u6570\u91cf\u200b\u3002 Counter lists_total API list \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary list_duration_seconds API list \u200b\u8bf7\u6c42\u200b\u5ef6\u8fdf\u200b\u3002 Summary items_per_list API list \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Counter watches_total API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Counter short_watches_total \u200b\u77ed\u65f6\u95f4\u200b API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary watch_duration_seconds API watch \u200b\u6301\u7eed\u65f6\u95f4\u200b\u3002 Summary items_per_watch API watch \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Gauge last_resource_version \u200b\u6700\u65b0\u200b\u7684\u200b resource version\u3002 Histogram ovs_client_request_latency_milliseconds \u200b\u8bf7\u6c42\u200b OVN \u200b\u7ec4\u4ef6\u200b\u5ef6\u8fdf\u200b\u3002 \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/ovs-ovn-customized/","title":"\u5bf9\u200b\u4e0a\u6e38\u200b OVS/OVN \u200b\u4fee\u6539","text":"\u200b\u4e0a\u6e38\u200b OVN/OVS \u200b\u6700\u521d\u200b\u8bbe\u8ba1\u200b\u76ee\u6807\u200b\u4e3a\u200b\u901a\u7528\u200b SDN \u200b\u63a7\u5236\u5668\u200b\u548c\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u3002\u200b\u7531\u4e8e\u200b Kubernetes \u200b\u7f51\u7edc\u200b\u5b58\u5728\u200b\u4e00\u4e9b\u200b\u7279\u6b8a\u200b\u7684\u200b\u7528\u6cd5\u200b\uff0c \u200b\u5e76\u4e14\u200b Kube-OVN \u200b\u53ea\u200b\u91cd\u70b9\u200b\u4f7f\u7528\u200b\u4e86\u200b\u90e8\u5206\u200b\u529f\u80fd\u200b\uff0c\u200b\u4e3a\u4e86\u200b \u200b\u8fbe\u5230\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u3001\u200b\u7a33\u5b9a\u6027\u200b\u548c\u200b\u7279\u5b9a\u200b\u7684\u200b\u529f\u80fd\u200b\uff0cKube-OVN \u200b\u5bf9\u200b\u4e0a\u6e38\u200b OVN/OVS \u200b\u505a\u200b\u4e86\u200b\u90e8\u5206\u200b\u4fee\u6539\u200b\u3002\u200b\u7528\u6237\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b\u81ea\u5df1\u200b\u7684\u200b OVN/OVS \u200b\u914d\u5408\u200b Kube-OVN \u200b\u7684\u200b\u63a7\u5236\u5668\u200b\u8fdb\u884c\u200b\u5de5\u4f5c\u200b\u65f6\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b \u200b\u4e0b\u8ff0\u200b\u7684\u200b\u6539\u52a8\u200b\u53ef\u80fd\u200b\u9020\u6210\u200b\u7684\u200b\u5f71\u54cd\u200b\u3002
\u200b\u672a\u5408\u5165\u200b\u4e0a\u6e38\u200b\u4fee\u6539\u200b\uff1a
- 38df6fa3f7 \u200b\u8c03\u6574\u200b\u9009\u4e3e\u200b timer\uff0c\u200b\u907f\u514d\u200b\u5927\u89c4\u6a21\u200b\u96c6\u7fa4\u200b\u9009\u4e3e\u200b\u6296\u52a8\u200b\u3002
- d4888c4e75 \u200b\u6dfb\u52a0\u200b fdb \u200b\u66f4\u65b0\u200b\u65e5\u5fd7\u200b\u3002
- d4888c4e75 \u200b\u4fee\u590d\u200b hairpin \u200b\u73af\u5883\u200b\u4e0b\u200b fdb \u200b\u5b66\u4e60\u200b\u9519\u8bef\u200b\u7684\u200b\u95ee\u9898\u200b\u3002
- 9a81b91368 \u200b\u4e3a\u200b ovsdb-tool \u200b\u7684\u200b join-cluster \u200b\u5b50\u200b\u547d\u4ee4\u200b\u6dfb\u52a0\u200b Server ID \u200b\u53c2\u6570\u200b\u3002
- 62d4969877 \u200b\u4fee\u590d\u200b\u5f00\u542f\u200b SSL \u200b\u540e\u200b OVSDB \u200b\u76d1\u542c\u200b\u5730\u5740\u200b\u9519\u8bef\u200b\u7684\u200b\u95ee\u9898\u200b\u3002
- 0700cb90f9 \u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u975e\u200b Service \u200b\u6d41\u91cf\u200b\u7ed5\u8fc7\u200b conntrack \u200b\u4ee5\u200b\u63d0\u9ad8\u200b\u7279\u5b9a\u200b\u6570\u636e\u94fe\u200b\u8def\u200b\u6027\u80fd\u200b\u3002
- c48049a64f ECMP \u200b\u7b97\u6cd5\u200b\u7531\u200b dp_hash \u200b\u8c03\u6574\u200b\u4e3a\u200b hash\uff0c\u200b\u907f\u514d\u200b\u90e8\u5206\u200b\u5185\u6838\u200b\u51fa\u73b0\u200b\u7684\u200b\u54c8\u5e0c\u200b\u9519\u8bef\u200b\u95ee\u9898\u200b\u3002
- 64383c14a9 \u200b\u4fee\u590d\u200b Windows \u200b\u4e0b\u200b\u5185\u6838\u200b Crash \u200b\u95ee\u9898\u200b\u3002
- 08a95db2ca \u200b\u652f\u6301\u200b Windows \u200b\u4e0b\u200b\u7684\u200b github action \u200b\u6784\u5efa\u200b\u3002
- 680e77a190 Windows \u200b\u4e0b\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b tcp \u200b\u76d1\u542c\u200b\u3002
- 05e57b3227 \u200b\u652f\u6301\u200b Windows \u200b\u7f16\u8bd1\u200b\u3002
- b3801ecb73 \u200b\u4fee\u6539\u200b\u6e90\u200b\u8def\u7531\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\u3002
- 977e569539 \u200b\u4fee\u590d\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b Pod \u200b\u6570\u91cf\u200b\u8fc7\u591a\u200b\u5bfc\u81f4\u200b OVS \u200b\u6d41\u8868\u200b resubmit \u200b\u6b21\u6570\u200b\u8d85\u8fc7\u200b\u4e0a\u9650\u200b\u7684\u200b\u95ee\u9898\u200b\u3002
- 45a4a22161 ovn-nbctl\uff1avips \u200b\u4e3a\u200b\u7a7a\u65f6\u200b\u4e0d\u200b\u5220\u9664\u200b Load Balancer\u3002
- 540592b9ff DNAT \u200b\u540e\u200b\u66ff\u6362\u200b Mac \u200b\u5730\u5740\u200b\u4e3a\u200b\u76ee\u6807\u200b\u5730\u5740\u200b\uff0c\u200b\u51cf\u5c11\u200b\u989d\u5916\u200b\u6027\u80fd\u200b\u5f00\u9500\u200b\u3002
- 10972d9632 \u200b\u4fee\u590d\u200b vswitchd ofport_usage \u200b\u5185\u5b58\u200b\u6cc4\u9732\u200b\u3002
\u200b\u5df2\u5408\u5165\u200b\u4e0a\u6e38\u200b\u4fee\u6539\u200b\uff1a
- 20626ea909 \u200b\u7ec4\u64ad\u200b\u6d41\u91cf\u200b\u7ed5\u8fc7\u200b LB \u200b\u548c\u200b ACL \u200b\u5904\u7406\u200b\u9636\u6bb5\u200b\uff0c\u200b\u4ee5\u200b\u63d0\u9ad8\u200b\u7279\u5b9a\u200b\u6570\u636e\u94fe\u200b\u8def\u200b\u6027\u80fd\u200b\u3002
- a2d9ff3ccd Deb \u200b\u6784\u5efa\u200b\u589e\u52a0\u200b\u7f16\u8bd1\u200b\u4f18\u5316\u200b\u9009\u9879\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/tunnel-protocol/","title":"\u96a7\u9053\u200b\u534f\u8bae\u200b\u8bf4\u660e","text":"Kube-OVN \u200b\u4f7f\u7528\u200b OVN/OVS \u200b\u4f5c\u4e3a\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u5b9e\u73b0\u200b\uff0c\u200b\u76ee\u524d\u200b\u652f\u6301\u200b Geneve\uff0cVxlan \u200b\u548c\u200b STT \u200b\u4e09\u79cd\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\u3002 \u200b\u8fd9\u200b\u4e09\u79cd\u200b\u534f\u8bae\u200b\u5728\u200b\u529f\u80fd\u200b\uff0c\u200b\u6027\u80fd\u200b\u548c\u200b\u6613\u7528\u6027\u200b\u4e0a\u200b\u5b58\u5728\u200b\u7740\u200b\u533a\u522b\u200b\uff0c\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u200b\u4ecb\u7ecd\u200b\u4e09\u79cd\u200b\u534f\u8bae\u200b\u5728\u200b\u4f7f\u7528\u200b\u4e2d\u200b\u7684\u200b\u5dee\u5f02\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u200b\u6839\u636e\u200b\u81ea\u5df1\u200b\u7684\u200b\u60c5\u51b5\u200b\u8fdb\u884c\u200b\u9009\u62e9\u200b\u3002
"},{"location":"reference/tunnel-protocol/#geneve","title":"Geneve","text":"Geneve \u200b\u534f\u8bae\u200b\u4e3a\u200b Kube-OVN \u200b\u90e8\u7f72\u200b\u65f6\u200b\u9009\u62e9\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\uff0c\u200b\u4e5f\u200b\u662f\u200b OVN \u200b\u9ed8\u8ba4\u200b\u63a8\u8350\u200b\u7684\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\u3002\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u200b\u5f97\u5230\u200b\u4e86\u200b\u5e7f\u6cdb\u200b\u7684\u200b\u652f\u6301\u200b\uff0c \u200b\u5e76\u200b\u53ef\u4ee5\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b\u901a\u7528\u200b Offload \u200b\u80fd\u529b\u200b\u8fdb\u884c\u200b\u52a0\u901f\u200b\u3002\u200b\u7531\u4e8e\u200b Geneve \u200b\u6709\u7740\u200b\u53ef\u53d8\u200b\u957f\u200b\u7684\u200b\u5934\u90e8\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b 24bit \u200b\u7a7a\u95f4\u200b\u6765\u200b\u6807\u5fd7\u200b\u4e0d\u540c\u200b\u7684\u200b datapath \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u521b\u5efa\u200b\u66f4\u200b\u591a\u200b\u6570\u91cf\u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b Mellanox \u200b\u6216\u200b\u82af\u542f\u6e90\u200b\u7684\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b OVS \u200b\u5378\u8f7d\u200b\uff0cGeneve \u200b\u9700\u8981\u200b\u8f83\u200b\u9ad8\u200b\u7248\u672c\u200b\u7684\u200b\u5185\u6838\u200b\u652f\u6301\u200b\uff0c\u200b\u9700\u8981\u200b\u9009\u62e9\u200b 5.4 \u200b\u4ee5\u4e0a\u200b\u7684\u200b\u4e0a\u6e38\u200b\u5185\u6838\u200b\uff0c \u200b\u6216\u200b backport \u200b\u4e86\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u5176\u4ed6\u200b\u517c\u5bb9\u200b\u5185\u6838\u200b\u3002
\u200b\u7531\u4e8e\u200b\u4f7f\u7528\u200b UDP \u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5904\u7406\u200b TCP over UDP \u200b\u65f6\u200b\u4e0d\u80fd\u200b\u5f88\u200b\u597d\u200b\u7684\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b TCP \u200b\u76f8\u5173\u200b\u5378\u8f7d\u200b\uff0c\u200b\u5728\u200b\u5904\u7406\u200b\u5927\u5305\u200b\u65f6\u4f1a\u200b\u6d88\u8017\u200b\u8f83\u200b\u591a\u200b CPU \u200b\u8d44\u6e90\u200b\u3002
"},{"location":"reference/tunnel-protocol/#vxlan","title":"Vxlan","text":"Vxlan \u200b\u4e3a\u200b\u4e0a\u6e38\u200b OVN \u200b\u8fd1\u671f\u200b\u652f\u6301\u200b\u7684\u200b\u534f\u8bae\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u200b\u5f97\u5230\u200b\u4e86\u200b\u5e7f\u6cdb\u200b\u7684\u200b\u652f\u6301\u200b\uff0c \u200b\u5e76\u200b\u53ef\u4ee5\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b\u901a\u7528\u200b Offload \u200b\u80fd\u529b\u200b\u8fdb\u884c\u200b\u52a0\u901f\u200b\u3002 \u200b\u7531\u4e8e\u200b\u8be5\u200b\u534f\u8bae\u200b\u5934\u90e8\u200b\u957f\u5ea6\u200b\u6709\u9650\u200b\uff0c\u200b\u5e76\u4e14\u200b OVN \u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u989d\u5916\u200b\u7684\u200b\u7a7a\u95f4\u200b\u8fdb\u884c\u200b\u7f16\u6392\u200b\uff0cdatapath \u200b\u7684\u200b\u6570\u91cf\u200b\u5b58\u5728\u200b\u9650\u5236\u200b\uff0c\u200b\u6700\u200b\u591a\u200b\u53ea\u80fd\u200b\u521b\u5efa\u200b 4096 \u200b\u4e2a\u200b datapath\uff0c \u200b\u6bcf\u4e2a\u200b datapath \u200b\u4e0b\u200b\u6700\u200b\u591a\u200b 4096 \u200b\u4e2a\u200b\u7aef\u53e3\u200b\u3002\u200b\u540c\u65f6\u200b\u7531\u4e8e\u200b\u7a7a\u95f4\u200b\u6709\u9650\u200b\uff0c\u200b\u57fa\u4e8e\u200b inport \u200b\u7684\u200b ACL \u200b\u6ca1\u6709\u200b\u8fdb\u884c\u200b\u652f\u6301\u200b\u3002
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b Mellanox \u200b\u6216\u200b\u82af\u542f\u6e90\u200b\u7684\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b OVS \u200b\u5378\u8f7d\u200b\uff0cVxlan \u200b\u7684\u200b\u5378\u8f7d\u200b\u5728\u200b\u5e38\u89c1\u200b\u5185\u6838\u200b\u4e2d\u200b\u5df2\u200b\u83b7\u5f97\u200b\u652f\u6301\u200b\u3002
\u200b\u7531\u4e8e\u200b\u4f7f\u7528\u200b UDP \u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5904\u7406\u200b TCP over UDP \u200b\u65f6\u200b\u4e0d\u80fd\u200b\u5f88\u200b\u597d\u200b\u7684\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b TCP \u200b\u76f8\u5173\u200b\u5378\u8f7d\u200b\uff0c\u200b\u5728\u200b\u5904\u7406\u200b\u5927\u5305\u200b\u65f6\u4f1a\u200b\u6d88\u8017\u200b\u8f83\u200b\u591a\u200b CPU \u200b\u8d44\u6e90\u200b\u3002
"},{"location":"reference/tunnel-protocol/#stt","title":"STT","text":"STT \u200b\u534f\u8bae\u200b\u4e3a\u200b OVN \u200b\u8f83\u200b\u65e9\u200b\u652f\u6301\u200b\u7684\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u4f7f\u7528\u200b\u7c7b\u200b TCP \u200b\u7684\u200b\u5934\u90e8\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5145\u5206\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u901a\u7528\u200b\u7684\u200b TCP \u200b\u5378\u8f7d\u200b\u80fd\u529b\u200b\uff0c\u200b\u5927\u5e45\u200b\u63d0\u5347\u200b TCP \u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u3002\u200b\u540c\u65f6\u200b\u8be5\u200b\u534f\u8bae\u200b\u5934\u90e8\u200b\u8f83\u957f\u200b\u53ef\u200b\u652f\u6301\u200b\u5b8c\u6574\u200b\u7684\u200b OVN \u200b\u80fd\u529b\u200b\u548c\u200b\u5927\u89c4\u6a21\u200b\u7684\u200b datapath\u3002
\u200b\u8be5\u200b\u534f\u8bae\u200b\u672a\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u200b\u652f\u6301\u200b\uff0c\u200b\u82e5\u200b\u8981\u200b\u4f7f\u7528\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\uff0c\u200b\u5e76\u200b\u5728\u200b\u5347\u7ea7\u200b\u5185\u6838\u200b\u65f6\u200b\u5bf9\u5e94\u200b\u518d\u6b21\u200b\u7f16\u8bd1\u200b\u65b0\u200b\u7248\u672c\u200b\u5185\u6838\u6a21\u5757\u200b\u3002
\u200b\u8be5\u200b\u534f\u8bae\u200b\u76ee\u524d\u200b\u672a\u200b\u88ab\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b\u652f\u6301\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b OVS \u200b\u7684\u200b\u5378\u8f7d\u200b\u80fd\u529b\u200b\u3002
"},{"location":"reference/tunnel-protocol/#_2","title":"\u53c2\u8003\u8d44\u6599","text":" - https://ipwithease.com/vxlan-vs-geneve-understand-the-difference/
- OVN FAQ
- What is Geneve
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/underlay-topology/","title":"Underlay \u200b\u6d41\u91cf\u200b\u62d3\u6251","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u6d41\u91cf\u200b\u5728\u200b\u4e0d\u540c\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u7684\u200b\u8f6c\u53d1\u200b\u8def\u5f84\u200b\u3002
"},{"location":"reference/underlay-topology/#_1","title":"\u540c\u200b\u8282\u70b9\u200b\u540c\u200b\u5b50\u7f51","text":"\u200b\u5185\u90e8\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u76f4\u63a5\u200b\u4ea4\u6362\u200b\u6570\u636e\u5305\u200b\uff0c\u200b\u4e0d\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
"},{"location":"reference/underlay-topology/#_2","title":"\u8de8\u200b\u8282\u70b9\u200b\u540c\u200b\u5b50\u7f51","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u3002
"},{"location":"reference/underlay-topology/#_3","title":"\u540c\u200b\u8282\u70b9\u200b\u4e0d\u540c\u200b\u5b50\u7f51","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u53ca\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u548c\u200b\u8def\u7531\u200b\u8f6c\u53d1\u200b\u3002
\u200b\u6b64\u5904\u200b br-provider-1 \u200b\u548c\u200b br-provider-2 \u200b\u53ef\u4ee5\u200b\u662f\u200b\u540c\u4e00\u4e2a\u200b OVS \u200b\u7f51\u6865\u200b\uff0c\u200b\u5373\u200b\u591a\u4e2a\u200b\u4e0d\u540c\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b Provider Network\u3002
"},{"location":"reference/underlay-topology/#_4","title":"\u8de8\u200b\u8282\u70b9\u200b\u4e0d\u540c\u200b\u5b50\u7f51","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u53ca\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u548c\u200b\u8def\u7531\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"reference/underlay-topology/#_5","title":"\u8bbf\u95ee\u200b\u5916\u90e8","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u53ca\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u548c\u200b\u8def\u7531\u200b\u8f6c\u53d1\u200b\u3002
\u200b\u8282\u70b9\u200b\u4e0e\u200b Pod \u200b\u4e4b\u95f4\u200b\u7684\u200b\u901a\u4fe1\u200b\u5927\u4f53\u4e0a\u200b\u4e5f\u200b\u9075\u5faa\u200b\u6b64\u200b\u903b\u8f91\u200b\u3002
"},{"location":"reference/underlay-topology/#vlan-tag","title":"\u65e0\u200b Vlan Tag \u200b\u4e0b\u200b\u603b\u89c8","text":""},{"location":"reference/underlay-topology/#vlan","title":"\u591a\u200b VLAN \u200b\u603b\u89c8","text":""},{"location":"reference/underlay-topology/#pod-service-ip","title":"Pod \u200b\u8bbf\u95ee\u200b Service IP","text":"Kube-OVN \u200b\u4e3a\u200b\u6bcf\u4e2a\u200b Kubernetes Service \u200b\u5728\u200b\u6bcf\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u4e0a\u200b\u914d\u7f6e\u200b\u4e86\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u3002 \u200b\u5f53\u200b Pod \u200b\u901a\u8fc7\u200b\u8bbf\u95ee\u200b Service IP \u200b\u8bbf\u95ee\u200b\u5176\u5b83\u200b Pod \u200b\u65f6\u200b\uff0c\u200b\u4f1a\u200b\u6784\u9020\u200b\u4e00\u4e2a\u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u4e3a\u200b Service IP\u3001\u200b\u76ee\u7684\u200b MAC \u200b\u5730\u5740\u200b\u4e3a\u200b\u7f51\u5173\u200b MAC \u200b\u5730\u5740\u200b\u7684\u200b\u7f51\u7edc\u200b\u5305\u200b\u3002 \u200b\u7f51\u7edc\u200b\u5305\u200b\u8fdb\u5165\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u540e\u200b\uff0c\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u4f1a\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u5305\u200b\u8fdb\u884c\u200b\u62e6\u622a\u200b\u548c\u200b DNAT \u200b\u5904\u7406\u200b\uff0c\u200b\u5c06\u200b\u76ee\u7684\u200b IP \u200b\u548c\u200b\u7aef\u53e3\u200b\u4fee\u6539\u200b\u4e3a\u200b Service \u200b\u5bf9\u5e94\u200b\u7684\u200b\u67d0\u4e2a\u200b Endpoint \u200b\u7684\u200b IP \u200b\u548c\u200b\u7aef\u53e3\u200b\u3002 \u200b\u7531\u4e8e\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u5e76\u672a\u200b\u4fee\u6539\u200b\u7f51\u7edc\u200b\u5305\u200b\u7684\u200b\u4e8c\u5c42\u200b\u76ee\u7684\u200b MAC \u200b\u5730\u5740\u200b\uff0c\u200b\u7f51\u7edc\u200b\u5305\u200b\u5728\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u540e\u200b\u4ecd\u7136\u200b\u4f1a\u200b\u9001\u5230\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\uff0c\u200b\u6b64\u65f6\u200b\u9700\u8981\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u5305\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"reference/underlay-topology/#service-pod","title":"Service \u200b\u540e\u7aef\u200b\u4e3a\u200b\u540c\u200b\u8282\u70b9\u200b\u540c\u200b\u5b50\u7f51\u200b Pod","text":""},{"location":"reference/underlay-topology/#service-pod_1","title":"Service \u200b\u540e\u7aef\u200b\u4e3a\u200b\u540c\u200b\u8282\u70b9\u200b\u4e0d\u540c\u200b\u5b50\u7f51\u200b Pod","text":" \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/one-step-install/","title":"\u4e00\u952e\u200b\u5b89\u88c5","text":"Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u5feb\u901f\u200b\u5b89\u88c5\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b\uff0c\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b Kube-OVN \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u90e8\u7f72\u200b\u4e3a\u200b Overlay \u200b\u7c7b\u578b\u200b\u7f51\u7edc\u200b\u3002
\u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u652f\u6301\u200b Helm Chart \u200b\u5b89\u88c5\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u90e8\u7f72\u200b\u4e3a\u200b Overlay \u200b\u7c7b\u578b\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5982\u679c\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u642d\u5efa\u200b Underlay/Vlan \u200b\u7f51\u7edc\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b Underlay \u200b\u7f51\u7edc\u200b\u652f\u6301\u200b\u3002
\u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u53c2\u8003\u200b\u51c6\u5907\u200b\u5de5\u4f5c\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b\u3002
"},{"location":"start/one-step-install/#_2","title":"\u811a\u672c\u200b\u5b89\u88c5","text":""},{"location":"start/one-step-install/#_3","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c","text":"\u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u5728\u200b\u751f\u4ea7\u200b\u73af\u5883\u200b\u4f7f\u7528\u200b\u7a33\u5b9a\u200b\u7684\u200b release \u200b\u7248\u672c\u200b\uff0c\u200b\u8bf7\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u200b\u7a33\u5b9a\u200b\u7248\u672c\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u5982\u679c\u200b\u5bf9\u200b master \u200b\u5206\u652f\u200b\u7684\u200b\u6700\u65b0\u200b\u529f\u80fd\u200b\u611f\u5174\u8da3\u200b\uff0c\u200b\u60f3\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u200b\u5f00\u53d1\u200b\u7248\u672c\u200b\u90e8\u7f72\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/images/install.sh\n
"},{"location":"start/one-step-install/#_4","title":"\u4fee\u6539\u200b\u914d\u7f6e\u200b\u53c2\u6570","text":"\u200b\u4f7f\u7528\u200b\u7f16\u8f91\u5668\u200b\u6253\u5f00\u200b\u811a\u672c\u200b\uff0c\u200b\u5e76\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53d8\u91cf\u200b\u4e3a\u200b\u9884\u671f\u200b\u503c\u200b\uff1a
REGISTRY=\"kubeovn\" # \u200b\u955c\u50cf\u200b\u4ed3\u5e93\u200b\u5730\u5740\u200b\nVERSION=\"v1.12.13\" # \u200b\u955c\u50cf\u200b\u7248\u672c\u200b/Tag\nPOD_CIDR=\"10.16.0.0/16\" # \u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/JOIN CIDR \u200b\u91cd\u53e0\u200b\nSVC_CIDR=\"10.96.0.0/12\" # \u200b\u9700\u8981\u200b\u548c\u200b apiserver \u200b\u7684\u200b service-cluster-ip-range \u200b\u4fdd\u6301\u4e00\u81f4\u200b\nJOIN_CIDR=\"100.64.0.0/16\" # Pod \u200b\u548c\u200b\u4e3b\u673a\u200b\u901a\u4fe1\u200b\u7f51\u7edc\u200b CIDR\uff0c\u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/POD CIDR \u200b\u91cd\u53e0\u200b \nLABEL=\"node-role.kubernetes.io/master\" # \u200b\u90e8\u7f72\u200b OVN DB \u200b\u8282\u70b9\u200b\u7684\u200b\u6807\u7b7e\u200b\nIFACE=\"\" # \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b\u7684\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u5982\u679c\u200b\u4e3a\u200b\u7a7a\u5219\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b Node IP \u200b\u6240\u5728\u200b\u7f51\u5361\u200b\nTUNNEL_TYPE=\"geneve\" # \u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\uff0c\u200b\u53ef\u200b\u9009\u200b geneve, vxlan \u200b\u6216\u200b stt\uff0cstt \u200b\u9700\u8981\u200b\u5355\u72ec\u200b\u7f16\u8bd1\u200b ovs \u200b\u5185\u6838\u6a21\u5757\u200b\n
\u200b\u53ef\u200b\u4f7f\u7528\u200b\u6b63\u5219\u8868\u8fbe\u5f0f\u200b\u6765\u200b\u5339\u914d\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u4f8b\u5982\u200b IFACE=enp6s0f0,eth.*\u3002
"},{"location":"start/one-step-install/#_5","title":"\u6267\u884c\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"bash install.sh
\u200b\u7b49\u5f85\u200b\u5b89\u88c5\u200b\u5b8c\u6210\u200b\u3002
"},{"location":"start/one-step-install/#helm-chart","title":"Helm Chart \u200b\u5b89\u88c5","text":"\u200b\u7531\u4e8e\u200b Kube-OVN \u200b\u7684\u200b\u5b89\u88c5\u200b\uff0c\u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e00\u4e9b\u200b\u53c2\u6570\u200b\uff0c\u200b\u56e0\u6b64\u200b\u4f7f\u7528\u200b Helm \u200b\u5b89\u88c5\u200b Kube-OVN\uff0c\u200b\u9700\u8981\u200b\u6309\u7167\u200b\u4ee5\u4e0b\u200b\u6b65\u9aa4\u200b\u6267\u884c\u200b\u3002
"},{"location":"start/one-step-install/#ip","title":"\u67e5\u770b\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740","text":"$ kubectl get node -o wide\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\nkube-ovn-control-plane NotReady control-plane 20h v1.26.0 172.18.0.3 <none> Ubuntu 22.04.1 LTS 5.10.104-linuxkit containerd://1.6.9\nkube-ovn-worker NotReady <none> 20h v1.26.0 172.18.0.2 <none> Ubuntu 22.04.1 LTS 5.10.104-linuxkit containerd://1.6.9\n
"},{"location":"start/one-step-install/#master","title":"\u53bb\u6389\u200b\u96c6\u7fa4\u200b master \u200b\u8282\u70b9\u200b\u6c61\u70b9","text":"$ kubectl taint node kube-ovn-control-plane node-role.kubernetes.io/control-plane:NoSchedule-\nnode/kube-ovn-control-plane untainted\n
\u200b\u5982\u679c\u200b\u786e\u5b9a\u200b\u4e0d\u200b\u9700\u8981\u200b\u5728\u200b master \u200b\u8282\u70b9\u200b\u8c03\u5ea6\u200b\u4e1a\u52a1\u200b Pod\uff0c\u200b\u8fd9\u200b\u4e00\u6b65\u200b\u53ef\u4ee5\u200b\u8df3\u8fc7\u200b\u3002
"},{"location":"start/one-step-install/#label","title":"\u7ed9\u200b\u8282\u70b9\u200b\u6dfb\u52a0\u200b label","text":"$ kubectl label node -lbeta.kubernetes.io/os=linux kubernetes.io/os=linux --overwrite\nnode/kube-ovn-control-plane not labeled\nnode/kube-ovn-worker not labeled\n\n$ kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=master --overwrite\nnode/kube-ovn-control-plane labeled\n\n# \u200b\u4ee5\u4e0b\u200b label \u200b\u7528\u4e8e\u200b dpdk \u200b\u955c\u50cf\u200b\u7684\u200b\u5b89\u88c5\u200b\uff0c\u200b\u975e\u200b dpdk \u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5ffd\u7565\u200b\n$ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel --overwrite\nnode/kube-ovn-control-plane labeled\nnode/kube-ovn-worker labeled\n
"},{"location":"start/one-step-install/#helm-repo","title":"\u6dfb\u52a0\u200b Helm Repo \u200b\u4fe1\u606f","text":"$ helm repo add kubeovn https://kubeovn.github.io/kube-ovn/\n\"kubeovn\" has been added to your repositories\n\n$ helm repo list\nNAME URL\nkubeovn https://kubeovn.github.io/kube-ovn/\n\n$ helm search repo kubeovn\nNAME CHART VERSION APP VERSION DESCRIPTION\nkubeovn/kube-ovn 0.1.0 1.12.0 Helm chart for Kube-OVN\n
"},{"location":"start/one-step-install/#helm-install-kube-ovn","title":"\u6267\u884c\u200b helm install \u200b\u5b89\u88c5\u200b Kube-OVN","text":"Node0IP\u3001Node1IP\u3001Node2IP \u200b\u53c2\u6570\u200b\u5206\u522b\u200b\u4e3a\u200b\u96c6\u7fa4\u200b master \u200b\u8282\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002\u200b\u5176\u4ed6\u200b\u53c2\u6570\u200b\u7684\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b values.yaml \u200b\u6587\u4ef6\u200b\u4e2d\u200b\u53d8\u91cf\u200b\u5b9a\u4e49\u200b\u3002
# \u200b\u5355\u200b master \u200b\u8282\u70b9\u200b\u73af\u5883\u200b\u5b89\u88c5\u200b\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=${Node0IP}\n\n# \u200b\u4ee5\u4e0a\u200b\u8fb9\u200b\u7684\u200b node \u200b\u4fe1\u606f\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u6267\u884c\u200b\u5b89\u88c5\u200b\u547d\u4ee4\u200b\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=172.18.0.3\nNAME: kube-ovn\nLAST DEPLOYED: Fri Mar 31 12:43:43 2023\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\n\n# \u200b\u9ad8\u200b\u53ef\u7528\u200b\u96c6\u7fa4\u200b\u5b89\u88c5\u200b\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=${Node0IP}\\,${Node1IP}\\,${Node2IP} --set replicaCount=3\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/prepare/","title":"\u51c6\u5907\u200b\u5de5\u4f5c","text":"Kube-OVN \u200b\u662f\u200b\u4e00\u4e2a\u200b\u7b26\u5408\u200b CNI \u200b\u89c4\u8303\u200b\u7684\u200b\u7f51\u7edc\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u5176\u200b\u8fd0\u884c\u200b\u9700\u8981\u200b\u4f9d\u8d56\u200b Kubernetes \u200b\u73af\u5883\u200b\u53ca\u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u6838\u200b\u7f51\u7edc\u200b\u6a21\u5757\u200b\u3002 \u200b\u4ee5\u4e0b\u200b\u662f\u200b\u901a\u8fc7\u200b\u6d4b\u8bd5\u200b\u7684\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u548c\u200b\u8f6f\u4ef6\u200b\u7248\u672c\u200b\uff0c\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u548c\u200b\u6240\u200b\u9700\u8981\u200b\u5f00\u653e\u200b\u7684\u200b\u7aef\u53e3\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"start/prepare/#_2","title":"\u8f6f\u4ef6\u200b\u7248\u672c","text":" - Kubernetes >= 1.23\u3002
- Docker >= 1.12.6, Containerd >= 1.3.4\u3002
- \u200b\u64cd\u4f5c\u7cfb\u7edf\u200b: CentOS 7/8, Ubuntu 16.04/18.04/20.04\u3002
- \u200b\u5176\u4ed6\u200b Linux \u200b\u53d1\u884c\u7248\u200b\uff0c\u200b\u9700\u8981\u200b\u68c0\u67e5\u4e00\u4e0b\u200b\u5185\u6838\u6a21\u5757\u200b\u662f\u5426\u200b\u5b58\u5728\u200b
geneve, openvswitch, ip_tables \u200b\u548c\u200b iptable_nat\uff0cKube-OVN \u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\u4f9d\u8d56\u200b\u4e0a\u8ff0\u200b\u6a21\u5757\u200b\u3002
\u200b\u6ce8\u610f\u4e8b\u9879\u200b\uff1a
- \u200b\u5982\u679c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e3a\u200b 3.10.0-862 \u200b\u5185\u6838\u200b
netfilter \u200b\u6a21\u5757\u200b\u5b58\u5728\u200b bug \u200b\u4f1a\u200b\u5bfc\u81f4\u200b Kube-OVN \u200b\u5185\u7f6e\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u5668\u200b\u65e0\u6cd5\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u200b\u5185\u6838\u200b\u5347\u7ea7\u200b\uff0c\u200b\u5efa\u8bae\u200b\u4f7f\u7528\u200b CentOS \u200b\u5b98\u65b9\u200b\u5bf9\u5e94\u200b\u7248\u672c\u200b\u6700\u65b0\u200b\u5185\u6838\u200b\u4fdd\u8bc1\u7cfb\u7edf\u200b\u7684\u200b\u5b89\u5168\u200b\u3002\u200b\u76f8\u5173\u200b\u5185\u6838\u200b bug \u200b\u53c2\u8003\u200b Floating IPs broken after kernel upgrade to Centos/RHEL 7.5 - DNAT not working\u3002 - Rocky Linux 8.6 \u200b\u7684\u200b\u5185\u6838\u200b 4.18.0-372.9.1.el8.x86_64 \u200b\u5b58\u5728\u200b TCP \u200b\u901a\u4fe1\u200b\u95ee\u9898\u200b TCP connection failed in Rocky Linux 8.6\uff0c\u200b\u8bf7\u200b\u5347\u7ea7\u200b\u5185\u6838\u200b\u81f3\u200b 4.18.0-372.13.1.el8_6.x86_64 \u200b\u6216\u200b\u66f4\u200b\u9ad8\u200b\u7248\u672c\u200b\u3002
- \u200b\u5982\u679c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e3a\u200b 4.4 \u200b\u5219\u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u6838\u200b
openvswitch \u200b\u6a21\u5757\u200b\u5b58\u5728\u200b\u95ee\u9898\u200b\uff0c\u200b\u5efa\u8bae\u200b\u5347\u7ea7\u200b\u6216\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b openvswitch \u200b\u65b0\u200b\u7248\u672c\u200b\u6a21\u5757\u200b\u8fdb\u884c\u200b\u66f4\u65b0\u200b - Geneve \u200b\u96a7\u9053\u200b\u5efa\u7acb\u200b\u9700\u8981\u200b\u68c0\u67e5\u200b IPv6\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b
cat /proc/cmdline \u200b\u68c0\u67e5\u200b\u5185\u6838\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff0c \u200b\u76f8\u5173\u200b\u5185\u6838\u200b bug \u200b\u8bf7\u200b\u53c2\u8003\u200b Geneve tunnels don't work when ipv6 is disabled\u3002
"},{"location":"start/prepare/#_3","title":"\u73af\u5883\u200b\u914d\u7f6e","text":" - Kernel \u200b\u542f\u52a8\u200b\u9700\u8981\u200b\u5f00\u542f\u200b IPv6, \u200b\u5982\u679c\u200b kernel \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u5305\u542b\u200b
ipv6.disable=1 \u200b\u9700\u8981\u200b\u5c06\u200b\u5176\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b 0\u3002 kube-proxy \u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\uff0cKube-OVN \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Service ClusterIP \u200b\u8bbf\u95ee\u200b\u5230\u200b kube-apiserver\u3002- \u200b\u786e\u8ba4\u200b kubelet \u200b\u914d\u7f6e\u200b\u53c2\u6570\u200b\u5f00\u542f\u200b\u4e86\u200b CNI\uff0c\u200b\u5e76\u4e14\u200b\u914d\u7f6e\u200b\u5728\u200b\u6807\u51c6\u200b\u8def\u5f84\u200b\u4e0b\u200b, kubelet \u200b\u542f\u52a8\u200b\u65f6\u5e94\u200b\u5305\u542b\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b
--network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-conf-dir=/etc/cni/net.d\u3002 - \u200b\u786e\u8ba4\u200b\u672a\u200b\u5b89\u88c5\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u6216\u8005\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u5df2\u7ecf\u200b\u88ab\u200b\u6e05\u9664\u200b\uff0c\u200b\u68c0\u67e5\u200b
/etc/cni/net.d/ \u200b\u8def\u5f84\u200b\u4e0b\u200b\u65e0\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u914d\u7f6e\u6587\u4ef6\u200b\u3002\u200b\u5982\u679c\u200b\u4e4b\u524d\u200b\u5b89\u88c5\u200b\u8fc7\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u5efa\u8bae\u200b\u5220\u9664\u200b\u540e\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u6e05\u7406\u200b\u6b8b\u7559\u200b\u7f51\u7edc\u8d44\u6e90\u200b\u3002
"},{"location":"start/prepare/#_4","title":"\u7aef\u53e3\u200b\u4fe1\u606f","text":"\u7ec4\u4ef6\u200b \u200b\u7aef\u53e3\u200b \u200b\u7528\u9014\u200b ovn-central 6641/tcp, 6642/tcp, 6643/tcp, 6644/tcp ovn-db \u200b\u548c\u200b raft server \u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b ovs-ovn Geneve 6081/udp, STT 7471/tcp, Vxlan 4789/udp \u200b\u96a7\u9053\u200b\u7aef\u53e3\u200b kube-ovn-controller 10660/tcp \u200b\u76d1\u63a7\u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b kube-ovn-daemon 10665/tcp \u200b\u76d1\u63a7\u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b kube-ovn-monitor 10661/tcp \u200b\u76d1\u63a7\u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/sealos-install/","title":"\u4f7f\u7528\u200b sealos \u200b\u4e00\u952e\u200b\u90e8\u7f72\u200b Kubernetes \u200b\u548c\u200b Kube-OVN","text":"sealos \u200b\u4f5c\u4e3a\u200b Kubernetes \u200b\u7684\u200b\u4e00\u4e2a\u200b\u53d1\u884c\u7248\u200b\uff0c\u200b\u901a\u8fc7\u200b\u6781\u7b80\u200b\u7684\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u548c\u200b\u56fd\u5185\u200b\u7684\u200b\u955c\u50cf\u200b\u4ed3\u5e93\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u7528\u6237\u200b\u5feb\u901f\u200b\u4ece\u200b\u96f6\u200b\u521d\u59cb\u5316\u200b\u4e00\u4e2a\u200b\u5bb9\u5668\u200b\u96c6\u7fa4\u200b\u3002 \u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b sealos \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e00\u6761\u200b\u547d\u4ee4\u200b\u5728\u200b\u51e0\u5206\u949f\u200b\u5185\u200b\u90e8\u7f72\u200b\u51fa\u200b\u4e00\u4e2a\u200b\u5b89\u88c5\u200b\u597d\u200b Kube-OVN \u200b\u7684\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u3002
"},{"location":"start/sealos-install/#sealos","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b sealos","text":"AMD64 ARM64 wget https://github.com/labring/sealos/releases/download/v4.1.4/sealos_4.1.4_linux_amd64.tar.gz && \\\ntar -zxvf sealos_4.1.4_linux_amd64.tar.gz sealos && chmod +x sealos && mv sealos /usr/bin\n
wget https://github.com/labring/sealos/releases/download/v4.1.4/sealos_4.1.4_linux_arm64.tar.gz && \\\ntar -zxvf sealos_4.1.4_linux_arm64.tar.gz sealos && chmod +x sealos && mv sealos /usr/bin\n
"},{"location":"start/sealos-install/#kubernetes-kube-ovn","title":"\u90e8\u7f72\u200b Kubernetes \u200b\u548c\u200b Kube-OVN","text":"```bash\nsealos run labring/kubernetes:v1.24.3 labring/kube-ovn:v1.10.5 \\\n --masters [masters ips seperated by comma] \\\n --nodes [nodes ips seperated by comma] -p [your-ssh-passwd]\n```\n
"},{"location":"start/sealos-install/#_1","title":"\u7b49\u5f85\u200b\u90e8\u7f72\u200b\u5b8c\u6210","text":"```bash\n[Step 6/6] Finish\n\n ,,,,\n ,::,\n ,,::,,,,\n ,,,,,::::::::::::,,,,,\n ,,,::::::::::::::::::::::,,,\n ,,::::::::::::::::::::::::::::,,\n ,,::::::::::::::::::::::::::::::::,,\n ,::::::::::::::::::::::::::::::::::::,\n ,:::::::::::::,, ,,:::::,,,::::::::::,\n ,,:::::::::::::, ,::, ,:::::::::,\n ,:::::::::::::, :x, ,:: :, ,:::::::::,\n,:::::::::::::::, ,,, ,::, ,, ,::::::::::,\n,:::::::::::::::::,,,,,,:::::,,,,::::::::::::, ,:, ,:, ,xx, ,:::::, ,:, ,:: :::, ,x\n,::::::::::::::::::::::::::::::::::::::::::::, :x: ,:xx: , :xx, :xxxxxxxxx, :xx, ,xx:,xxxx, :x\n,::::::::::::::::::::::::::::::::::::::::::::, :xxxxx:, ,xx, :x: :xxx:x::, ::xxxx: :xx:, ,:xxx :xx, ,xx: ,xxxxx:, :x\n,::::::::::::::::::::::::::::::::::::::::::::, :xxxxx, :xx, :x: :xxx,,:xx,:xx:,:xx, ,,,,,,,,,xxx, ,xx: :xx:xx: ,xxx,:xx::x\n,::::::,,::::::::,,::::::::,,:::::::,,,::::::, :x:,xxx: ,xx, :xx :xx: ,xx,xxxxxx:, ,xxxxxxx:,xxx:, ,xxx, :xxx: ,xxx, :xxxx\n,::::, ,::::, ,:::::, ,,::::, ,::::, :x: ,:xx,,:xx::xxxx,,xxx::xx: :xx::::x: ,,,,,, ,xxxxxxxxx, ,xx: ,xxx, :xxx\n,::::, ,::::, ,::::, ,::::, ,::::, ,:, ,:, ,,::,,:, ,::::,, ,:::::, ,,:::::, ,, :x: ,::\n,::::, ,::::, ,::::, ,::::, ,::::,\n ,,,,, ,::::, ,::::, ,::::, ,:::, ,,,,,,,,,,,,,\n ,::::, ,::::, ,::::, ,:::, ,,,:::::::::::::::,\n ,::::, ,::::, ,::::, ,::::, ,,,,:::::::::,,,,,,,:::,\n ,::::, ,::::, ,::::, ,::::::::::::,,,,,\n ,,,, ,::::, ,,,, ,,,::::,,,,\n ,::::,\n ,,::,\n\nThanks for choosing Kube-OVN!\nFor more advanced features, please read https://github.com/kubeovn/kube-ovn#documents\nIf you have any question, please file an issue https://github.com/kubeovn/kube-ovn/issues/new/choose\n2022-08-10T16:31:34 info succeeded in creating a new cluster, enjoy it!\n2022-08-10T16:31:34 info\n ___ ___ ___ ___ ___ ___\n /\\ \\ /\\ \\ /\\ \\ /\\__\\ /\\ \\ /\\ \\\n /::\\ \\ /::\\ \\ /::\\ \\ /:/ / /::\\ \\ /::\\ \\\n /:/\\ \\ \\ /:/\\:\\ \\ /:/\\:\\ \\ /:/ / /:/\\:\\ \\ /:/\\ \\ \\\n _\\:\\~\\ \\ \\ /::\\~\\:\\ \\ /::\\~\\:\\ \\ /:/ / /:/ \\:\\ \\ _\\:\\~\\ \\ \\\n /\\ \\:\\ \\ \\__\\ /:/\\:\\ \\:\\__\\ /:/\\:\\ \\:\\__\\ /:/__/ /:/__/ \\:\\__\\ /\\ \\:\\ \\ \\__\\\n \\:\\ \\:\\ \\/__/ \\:\\~\\:\\ \\/__/ \\/__\\:\\/:/ / \\:\\ \\ \\:\\ \\ /:/ / \\:\\ \\:\\ \\/__/\n \\:\\ \\:\\__\\ \\:\\ \\:\\__\\ \\::/ / \\:\\ \\ \\:\\ /:/ / \\:\\ \\:\\__\\\n \\:\\/:/ / \\:\\ \\/__/ /:/ / \\:\\ \\ \\:\\/:/ / \\:\\/:/ /\n \\::/ / \\:\\__\\ /:/ / \\:\\__\\ \\::/ / \\::/ /\n \\/__/ \\/__/ \\/__/ \\/__/ \\/__/ \\/__/\n\n Website :https://www.sealos.io/\n Address :github.com/labring/sealos\n```\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/underlay/","title":"Underlay \u200b\u7f51\u7edc\u200b\u5b89\u88c5","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Kube-OVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b Geneve \u200b\u5bf9\u200b\u8de8\u200b\u4e3b\u673a\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u5728\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u4e4b\u4e0a\u200b\u62bd\u8c61\u200b\u51fa\u200b\u4e00\u5c42\u200b\u865a\u62df\u200b\u7684\u200b Overlay \u200b\u7f51\u7edc\u200b\u3002
\u200b\u5bf9\u4e8e\u200b\u5e0c\u671b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u7269\u7406\u200b\u7f51\u7edc\u5730\u5740\u200b\u6bb5\u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5c06\u200b Kube-OVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u5de5\u4f5c\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u7ed9\u200b\u5bb9\u5668\u200b\u5206\u914d\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e2d\u200b\u7684\u200b\u5730\u5740\u200b\u8d44\u6e90\u200b\uff0c\u200b\u8fbe\u5230\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u4ee5\u53ca\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u3002
"},{"location":"start/underlay/#_1","title":"\u529f\u80fd\u200b\u9650\u5236","text":"\u200b\u7531\u4e8e\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u8fdb\u884c\u200b\u4e8c\u5c42\u200b\u5305\u8f6c\u53d1\u200b\uff0cOverlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u7684\u200b SNAT/EIP\uff0c \u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b/\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u7b49\u200b L3 \u200b\u529f\u80fd\u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\uff0cVPC \u200b\u7ea7\u522b\u200b\u7684\u200b\u9694\u79bb\u200b\u4e5f\u200b\u65e0\u6cd5\u200b\u5bf9\u200b Underlay \u200b\u5b50\u7f51\u200b\u751f\u6548\u200b\u3002
"},{"location":"start/underlay/#macvlan","title":"\u548c\u200b Macvlan \u200b\u6bd4\u8f83","text":"Kube-OVN \u200b\u7684\u200b Underlay \u200b\u6a21\u5f0f\u200b\u548c\u200b Macvlan \u200b\u5de5\u4f5c\u200b\u6a21\u5f0f\u200b\u5341\u5206\u200b\u7c7b\u4f3c\u200b\uff0c\u200b\u5728\u200b\u529f\u80fd\u200b\u548c\u200b\u6027\u80fd\u200b\u4e0a\u200b\u4e3b\u8981\u200b\u6709\u200b\u4ee5\u4e0b\u200b\u51e0\u4e2a\u200b\u533a\u522b\u200b\uff1a
- \u200b\u7531\u4e8e\u200b Macvlan \u200b\u7684\u200b\u5185\u6838\u200b\u8def\u5f84\u200b\u66f4\u200b\u77ed\u200b\uff0c\u200b\u5e76\u4e14\u200b\u4e0d\u200b\u9700\u8981\u200b OVS \u200b\u5bf9\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u5904\u7406\u200b\uff0cMacvlan \u200b\u5728\u200b\u541e\u5410\u91cf\u200b\u548c\u200b\u5ef6\u8fdf\u200b\u6027\u80fd\u6307\u6807\u200b\u4e0a\u200b\u8868\u73b0\u200b\u4f1a\u200b\u66f4\u597d\u200b\u3002
- Kube-OVN \u200b\u901a\u8fc7\u200b\u6d41\u8868\u200b\u63d0\u4f9b\u200b\u4e86\u200b arp-proxy \u200b\u529f\u80fd\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u7f13\u89e3\u200b\u5927\u89c4\u6a21\u200b\u7f51\u7edc\u200b\u4e0b\u200b\u7684\u200b arp \u200b\u5e7f\u64ad\u200b\u98ce\u66b4\u200b\u98ce\u9669\u200b\u3002
- \u200b\u7531\u4e8e\u200b Macvlan \u200b\u5de5\u4f5c\u200b\u5728\u200b\u5185\u6838\u200b\u5e95\u5c42\u200b\uff0c\u200b\u4f1a\u200b\u7ed5\u8fc7\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b netfilter\uff0cService \u200b\u548c\u200b NetworkPolicy \u200b\u529f\u80fd\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u5f00\u53d1\u200b\u3002Kube-OVN \u200b\u901a\u8fc7\u200b OVS \u200b\u6d41\u8868\u200b\u63d0\u4f9b\u200b\u4e86\u200b Service \u200b\u548c\u200b NetworkPolicy \u200b\u7684\u200b\u80fd\u529b\u200b\u3002
- Kube-OVN \u200b\u7684\u200b Underlay \u200b\u6a21\u5f0f\u200b\u76f8\u6bd4\u200b Macvlan \u200b\u989d\u5916\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u5730\u5740\u200b\u7ba1\u7406\u200b\uff0c\u200b\u56fa\u5b9a\u200b IP \u200b\u548c\u200b QoS \u200b\u7b49\u200b\u529f\u80fd\u200b\u3002
"},{"location":"start/underlay/#_2","title":"\u73af\u5883\u200b\u8981\u6c42","text":"\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0cOVS \u200b\u5c06\u4f1a\u200b\u6865\u63a5\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u5230\u200b OVS \u200b\u7f51\u6865\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u6570\u636e\u5305\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b\u8be5\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u5bf9\u5916\u200b\u53d1\u9001\u200b\uff0cL2/L3 \u200b\u5c42\u9762\u200b\u7684\u200b\u8f6c\u53d1\u200b\u80fd\u529b\u200b\u9700\u8981\u200b\u4f9d\u8d56\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u3002 \u200b\u9700\u8981\u200b\u9884\u5148\u200b\u5728\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u914d\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5173\u200b\u3001Vlan \u200b\u548c\u200b\u5b89\u5168\u7b56\u7565\u200b\u7b49\u200b\u914d\u7f6e\u200b\u3002
- \u200b\u5bf9\u4e8e\u200b OpenStack \u200b\u7684\u200b VM \u200b\u73af\u5883\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u5bf9\u5e94\u200b\u7f51\u7edc\u200b\u7aef\u53e3\u200b\u7684\u200b
PortSecurity \u200b\u5173\u95ed\u200b\u3002 - \u200b\u5bf9\u4e8e\u200b VMware \u200b\u7684\u200b vSwitch \u200b\u7f51\u7edc\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b
MAC Address Changes, Forged Transmits \u200b\u548c\u200b Promiscuous Mode Operation \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b allow\u3002 - \u200b\u5bf9\u4e8e\u200b Hyper-V \u200b\u865a\u62df\u5316\u200b\uff0c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u865a\u62df\u673a\u200b\u7f51\u5361\u200b\u9ad8\u7ea7\u200b\u529f\u80fd\u200b\u4e2d\u200b\u7684\u200b
MAC Address Spoofing\u3002 - \u200b\u516c\u6709\u200b\u4e91\u200b\uff0c\u200b\u4f8b\u5982\u200b AWS\u3001GCE\u3001\u200b\u963f\u91cc\u200b\u4e91\u200b\u7b49\u200b\u7531\u4e8e\u200b\u4e0d\u200b\u652f\u6301\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b Mac \u200b\u65e0\u6cd5\u200b\u652f\u6301\u200b Underlay \u200b\u6a21\u5f0f\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5728\u200b\u8fd9\u79cd\u200b\u573a\u666f\u200b\u4e0b\u200b\u5982\u679c\u200b\u60f3\u200b\u4f7f\u7528\u200b Underlay \u200b\u63a8\u8350\u200b\u4f7f\u7528\u200b\u5bf9\u5e94\u200b\u516c\u6709\u200b\u4e91\u200b\u5382\u5546\u200b\u63d0\u4f9b\u200b\u7684\u200b VPC-CNI\u3002
- \u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u4e0d\u80fd\u200b\u4e3a\u200b Linux Bridge\u3002
\u200b\u5bf9\u4e8e\u200b\u7ba1\u7406\u200b\u7f51\u200b\u548c\u200b\u5bb9\u5668\u200b\u7f51\u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b\u7f51\u5361\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u5c06\u200b\u7f51\u5361\u200b\u7684\u200b Mac \u200b\u5730\u5740\u200b\u3001IP \u200b\u5730\u5740\u200b\u3001\u200b\u8def\u7531\u200b\u4ee5\u53ca\u200b MTU \u200b\u5c06\u200b\u8f6c\u79fb\u200b\u6216\u200b\u590d\u5236\u200b\u81f3\u200b\u5bf9\u5e94\u200b\u7684\u200b OVS Bridge\uff0c \u200b\u4ee5\u200b\u652f\u6301\u200b\u5355\u200b\u7f51\u5361\u200b\u90e8\u7f72\u200b Underlay \u200b\u7f51\u7edc\u200b\u3002OVS Bridge \u200b\u540d\u79f0\u200b\u683c\u5f0f\u200b\u4e3a\u200b br-PROVIDER_NAME\uff0cPROVIDER_NAME \u200b\u4e3a\u200b Provider \u200b\u7f51\u7edc\u200b\u540d\u79f0\u200b\uff08\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b provider\uff09\u3002
"},{"location":"start/underlay/#_3","title":"\u90e8\u7f72\u200b\u65f6\u200b\u6307\u5b9a\u200b\u7f51\u7edc\u200b\u6a21\u5f0f","text":"\u200b\u8be5\u200b\u90e8\u7f72\u200b\u6a21\u5f0f\u200b\u5c06\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b Underlay \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u6240\u6709\u200b\u672a\u6307\u5b9a\u200b\u5b50\u7f51\u200b\u7684\u200b Pod \u200b\u5747\u4f1a\u200b\u9ed8\u8ba4\u200b\u8fd0\u884c\u200b\u5728\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e2d\u200b\u3002
"},{"location":"start/underlay/#_4","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c","text":"wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
"},{"location":"start/underlay/#_5","title":"\u4fee\u6539\u200b\u811a\u672c\u200b\u4e2d\u200b\u76f8\u5e94\u200b\u914d\u7f6e","text":"ENABLE_ARP_DETECT_IP_CONFLICT # \u200b\u5982\u200b\u6709\u200b\u9700\u8981\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u5173\u95ed\u200b vlan \u200b\u7f51\u7edc\u200b arp \u200b\u51b2\u7a81\u68c0\u6d4b\u200b\nNETWORK_TYPE # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b vlan\nVLAN_INTERFACE_NAME # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bbf\u4e3b\u673a\u200b\u4e0a\u200b\u627f\u62c5\u200b\u5bb9\u5668\u200b\u6d41\u91cf\u200b\u7684\u200b\u7f51\u5361\u200b\uff0c\u200b\u4f8b\u5982\u200b eth1\nVLAN_ID # \u200b\u4ea4\u6362\u673a\u200b\u6240\u200b\u63a5\u53d7\u200b\u7684\u200b VLAN Tag\uff0c\u200b\u82e5\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b 0 \u200b\u5219\u200b\u4e0d\u200b\u505a\u200b VLAN \u200b\u5c01\u88c5\u200b\nPOD_CIDR # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b CIDR\uff0c \u200b\u4f8b\u5982\u200b 192.168.1.0/24\nPOD_GATEWAY # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7f51\u5173\u200b\uff0c\u200b\u4f8b\u5982\u200b 192.168.1.1\nEXCLUDE_IPS # \u200b\u6392\u9664\u200b\u8303\u56f4\u200b\uff0c\u200b\u907f\u514d\u200b\u5bb9\u5668\u200b\u7f51\u6bb5\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u5df2\u200b\u7528\u200b IP \u200b\u51b2\u7a81\u200b\uff0c\u200b\u4f8b\u5982\u200b 192.168.1.1..192.168.1.100\nENABLE_LB # \u200b\u5982\u679c\u200b Underlay \u200b\u5b50\u7f51\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b Service \u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true \nEXCHANGE_LINK_NAME # \u200b\u662f\u5426\u200b\u4ea4\u6362\u200b\u9ed8\u8ba4\u200b provider-network \u200b\u4e0b\u200b OVS \u200b\u7f51\u6865\u200b\u548c\u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u7684\u200b\u540d\u5b57\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b false\nLS_DNAT_MOD_DL_DST # DNAT \u200b\u65f6\u200b\u662f\u5426\u200b\u5bf9\u200b MAC \u200b\u5730\u5740\u200b\u8fdb\u884c\u200b\u8f6c\u6362\u200b\uff0c\u200b\u53ef\u200b\u52a0\u901f\u200b Service \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b true\n
"},{"location":"start/underlay/#_6","title":"\u8fd0\u884c\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"bash install.sh\n
"},{"location":"start/underlay/#crd-underlay","title":"\u901a\u8fc7\u200b CRD \u200b\u52a8\u6001\u521b\u5efa\u200b Underlay \u200b\u7f51\u7edc","text":"\u200b\u8be5\u200b\u65b9\u5f0f\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u52a8\u6001\u200b\u7684\u200b\u521b\u5efa\u200b\u67d0\u4e2a\u200b Underlay \u200b\u5b50\u7f51\u200b\u4f9b\u200b Pod \u200b\u4f7f\u7528\u200b\u3002\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b ProviderNetwork\uff0cVlan \u200b\u548c\u200b Subnet \u200b\u4e09\u79cd\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u3002
"},{"location":"start/underlay/#providernetwork","title":"\u521b\u5efa\u200b ProviderNetwork","text":"ProviderNetwork \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b\u5230\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u6620\u5c04\u200b\u7684\u200b\u62bd\u8c61\u200b\uff0c\u200b\u5c06\u200b\u540c\u5c5e\u200b\u4e00\u4e2a\u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u5361\u200b\u8fdb\u884c\u200b\u7edf\u4e00\u200b\u7ba1\u7406\u200b\uff0c \u200b\u5e76\u200b\u89e3\u51b3\u200b\u5728\u200b\u590d\u6742\u200b\u73af\u5883\u200b\u4e0b\u540c\u200b\u673a\u5668\u200b\u591a\u200b\u7f51\u5361\u200b\u3001\u200b\u7f51\u5361\u200b\u540d\u200b\u4e0d\u200b\u4e00\u81f4\u200b\u3001\u200b\u5bf9\u5e94\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e0d\u200b\u4e00\u81f4\u200b\u7b49\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u7684\u200b\u914d\u7f6e\u200b\u95ee\u9898\u200b\u3002
\u200b\u521b\u5efa\u200b\u5982\u4e0b\u200b ProviderNetwork \u200b\u5e76\u200b\u5e94\u7528\u200b:
apiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: net1\nspec:\n defaultInterface: eth1\n customInterfaces:\n - interface: eth2\n nodes:\n - node1\n excludeNodes:\n - node2\n
\u200b\u6ce8\u610f\u200b\uff1aProviderNetwork \u200b\u8d44\u6e90\u200b\u540d\u79f0\u200b\u7684\u200b\u957f\u5ea6\u200b\u4e0d\u5f97\u200b\u8d85\u8fc7\u200b 12\u3002
defaultInterface: \u200b\u4e3a\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b\u7684\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u540d\u79f0\u200b\u3002 ProviderNetwork \u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\uff0c\u200b\u5404\u200b\u8282\u70b9\u200b\uff08\u200b\u9664\u200b excludeNodes \u200b\u5916\u200b\uff09\u200b\u4e2d\u200b\u4f1a\u200b\u521b\u5efa\u200b\u540d\u4e3a\u200b br-net1\uff08\u200b\u683c\u5f0f\u200b\u4e3a\u200b br-NAME\uff09\u200b\u7684\u200b OVS \u200b\u7f51\u6865\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u6307\u5b9a\u200b\u7684\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u6865\u63a5\u200b\u81f3\u6b64\u200b\u7f51\u6865\u200b\u3002customInterfaces: \u200b\u4e3a\u200b\u53ef\u9009\u9879\u200b\uff0c\u200b\u53ef\u200b\u9488\u5bf9\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u6307\u5b9a\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u3002excludeNodes: \u200b\u53ef\u9009\u9879\u200b\uff0c\u200b\u7528\u4e8e\u200b\u6307\u5b9a\u200b\u4e0d\u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u7684\u200b\u8282\u70b9\u200b\u3002\u200b\u8be5\u200b\u5217\u8868\u200b\u4e2d\u200b\u7684\u200b\u8282\u70b9\u200b\u4f1a\u200b\u88ab\u200b\u6dfb\u52a0\u200b net1.provider-network.ovn.kubernetes.io/exclude=true \u200b\u6807\u7b7e\u200b\u3002
\u200b\u5176\u5b83\u200b\u8282\u70b9\u200b\u4f1a\u200b\u88ab\u200b\u6dfb\u52a0\u200b\u5982\u4e0b\u200b\u6807\u7b7e\u200b\uff1a
Key Value \u200b\u63cf\u8ff0\u200b net1.provider-network.ovn.kubernetes.io/ready true \u200b\u8282\u70b9\u200b\u4e2d\u200b\u7684\u200b\u6865\u63a5\u200b\u5de5\u4f5c\u200b\u5df2\u200b\u5b8c\u6210\u200b\uff0cProviderNetwork \u200b\u5728\u200b\u8282\u70b9\u200b\u4e2d\u200b\u53ef\u7528\u200b net1.provider-network.ovn.kubernetes.io/interface eth1 \u200b\u8282\u70b9\u200b\u4e2d\u200b\u88ab\u200b\u6865\u63a5\u200b\u7684\u200b\u7f51\u5361\u200b\u7684\u200b\u540d\u79f0\u200b net1.provider-network.ovn.kubernetes.io/mtu 1500 \u200b\u8282\u70b9\u200b\u4e2d\u200b\u88ab\u200b\u6865\u63a5\u200b\u7684\u200b\u7f51\u5361\u200b\u7684\u200b MTU \u200b\u5982\u679c\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u4e0a\u200b\u5df2\u7ecf\u200b\u914d\u7f6e\u200b\u4e86\u200b IP\uff0c\u200b\u5219\u200b IP \u200b\u5730\u5740\u200b\u548c\u200b\u7f51\u5361\u200b\u4e0a\u200b\u7684\u200b\u8def\u7531\u200b\u4f1a\u200b\u88ab\u200b\u8f6c\u79fb\u200b\u81f3\u200b\u5bf9\u5e94\u200b\u7684\u200b OVS \u200b\u7f51\u6865\u200b\u3002
"},{"location":"start/underlay/#vlan","title":"\u521b\u5efa\u200b VLAN","text":"Vlan \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u5c06\u200b Vlan Tag \u200b\u548c\u200b ProviderNetwork \u200b\u8fdb\u884c\u200b\u7ed1\u5b9a\u200b\u7684\u200b\u80fd\u529b\u200b\u3002
\u200b\u521b\u5efa\u200b\u5982\u4e0b\u200b VLAN \u200b\u5e76\u200b\u5e94\u7528\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan1\nspec:\n id: 0\n provider: net1\n
id: \u200b\u4e3a\u200b VLAN ID/Tag\uff0cKube-OVN \u200b\u4f1a\u200b\u5bf9\u200b\u5bf9\u200b\u8be5\u200b Vlan \u200b\u4e0b\u200b\u7684\u200b\u6d41\u91cf\u200b\u589e\u52a0\u200b Vlan \u200b\u6807\u7b7e\u200b\uff0c\u200b\u4e3a\u200b 0 \u200b\u65f6\u200b\u4e0d\u200b\u589e\u52a0\u200b\u4efb\u4f55\u200b\u6807\u7b7e\u200b\u3002provider: \u200b\u4e3a\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u7684\u200b ProviderNetwork \u200b\u8d44\u6e90\u200b\u7684\u200b\u540d\u79f0\u200b\u3002\u200b\u591a\u4e2a\u200b VLAN \u200b\u53ef\u4ee5\u200b\u5f15\u7528\u200b\u540c\u4e00\u4e2a\u200b ProviderNetwork\u3002
"},{"location":"start/underlay/#subnet","title":"\u521b\u5efa\u200b Subnet","text":"\u200b\u5c06\u200b Vlan \u200b\u548c\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n vlan: vlan1\n
\u200b\u5c06\u200b vlan \u200b\u7684\u200b\u503c\u200b\u6307\u5b9a\u200b\u4e3a\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u7684\u200b VLAN \u200b\u540d\u79f0\u200b\u5373\u53ef\u200b\u3002\u200b\u591a\u4e2a\u200b Subnet \u200b\u53ef\u4ee5\u200b\u5f15\u7528\u200b\u540c\u4e00\u4e2a\u200b VLAN\u3002
"},{"location":"start/underlay/#_7","title":"\u5bb9\u5668\u200b\u521b\u5efa","text":"\u200b\u53ef\u200b\u6309\u200b\u6b63\u5e38\u200b\u5bb9\u5668\u200b\u521b\u5efa\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b\u521b\u5efa\u200b\uff0c\u200b\u67e5\u770b\u200b\u5bb9\u5668\u200b IP \u200b\u662f\u5426\u200b\u5728\u200b\u89c4\u5b9a\u200b\u8303\u56f4\u200b\u5185\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5bb9\u5668\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u3002
\u200b\u5982\u200b\u6709\u200b\u56fa\u5b9a\u200b IP \u200b\u9700\u6c42\u200b\uff0c\u200b\u53ef\u200b\u53c2\u8003\u200b Pod \u200b\u56fa\u5b9a\u200b IP \u200b\u548c\u200b Mac
"},{"location":"start/underlay/#_8","title":"\u4f7f\u7528\u200b\u903b\u8f91\u200b\u7f51\u5173","text":"\u200b\u5bf9\u4e8e\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e0d\u200b\u5b58\u5728\u200b\u7f51\u5173\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0cKube-OVN \u200b\u652f\u6301\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u914d\u7f6e\u200b\u4f7f\u7528\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u3002 \u200b\u82e5\u200b\u8981\u200b\u4f7f\u7528\u200b\u6b64\u200b\u529f\u80fd\u200b\uff0c\u200b\u8bbe\u7f6e\u200b\u5b50\u7f51\u200b\u7684\u200b spec.logicalGateway \u200b\u4e3a\u200b true \u200b\u5373\u53ef\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n vlan: vlan1\n logicalGateway: true\n
\u200b\u5f00\u542f\u200b\u6b64\u200b\u529f\u80fd\u200b\u540e\u200b\uff0cPod \u200b\u4e0d\u200b\u4f7f\u7528\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\uff0c\u200b\u800c\u662f\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u521b\u5efa\u200b\u7684\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff08Logical Router\uff09\u200b\u5bf9\u4e8e\u200b\u8de8\u200b\u7f51\u6bb5\u200b\u901a\u4fe1\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"start/underlay/#underlay-overlay","title":"Underlay \u200b\u548c\u200b Overlay \u200b\u7f51\u7edc\u200b\u4e92\u901a","text":"\u200b\u5982\u679c\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u540c\u65f6\u200b\u5b58\u5728\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u5b50\u7f51\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u7f51\u5173\u200b\u4ee5\u200b NAT \u200b\u7684\u200b\u65b9\u5f0f\u200b\u8bbf\u95ee\u200b Underlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod IP\u3002 \u200b\u5728\u200b Underlay \u200b\u5b50\u7f51\u200b\u7684\u200b Pod \u200b\u770b\u6765\u200b Overlay \u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u662f\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u8bbe\u5907\u200b\u53bb\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u4f46\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u8bbe\u5907\u200b\u5e76\u200b\u4e0d\u200b\u6e05\u695a\u200b Overlay \u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u65e0\u6cd5\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002 \u200b\u56e0\u6b64\u200b Underlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u65e0\u6cd5\u200b\u901a\u8fc7\u200b Pod IP \u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b Overlay \u200b\u5b50\u7f51\u200b\u7684\u200b Pod\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u4e92\u901a\u200b\u9700\u8981\u200b\u5c06\u200b\u5b50\u7f51\u200b\u7684\u200b u2oInterconnection \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true\uff0c\u200b\u5728\u200b\u8fd9\u4e2a\u200b\u60c5\u51b5\u200b\u4e0b\u200b Kube-OVN \u200b\u4f1a\u200b\u989d\u5916\u200b\u4f7f\u7528\u200b\u4e00\u4e2a\u200b Underlay IP \u200b\u5c06\u200b Underlay \u200b\u5b50\u7f51\u200b \u200b\u548c\u200b ovn-cluster \u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\u8fde\u63a5\u200b\uff0c\u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u5b9e\u73b0\u200b\u4e92\u901a\u200b\u3002 \u200b\u548c\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u4e0d\u540c\u200b\uff0c\u200b\u8be5\u200b\u65b9\u6848\u200b\u53ea\u4f1a\u200b\u8fde\u63a5\u200b Kube-OVN \u200b\u5185\u90e8\u200b\u7684\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u5b50\u7f51\u200b\uff0c\u200b\u5176\u4ed6\u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u7684\u200b\u6d41\u91cf\u200b\u8fd8\u662f\u200b\u4f1a\u200b\u901a\u8fc7\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"start/underlay/#ip","title":"\u6307\u5b9a\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b IP","text":"\u200b\u5f00\u542f\u200b\u4e92\u901a\u200b\u529f\u80fd\u200b\u540e\u200b\uff0c\u200b\u4f1a\u200b\u968f\u673a\u200b\u4ece\u200b subnet \u200b\u5185\u200b\u7684\u200b\u53d6\u200b\u4e00\u4e2a\u200b IP \u200b\u4f5c\u4e3a\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b Underlay Subnet \u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u53ef\u4ee5\u200b\u6307\u5b9a\u200b\u5b57\u200b\u6bb5\u200b u2oInterconnectionIP\u3002
"},{"location":"start/underlay/#underlay-subnet-vpc","title":"\u6307\u5b9a\u200b Underlay Subnet \u200b\u8fde\u63a5\u200b\u7684\u200b\u81ea\u5b9a\u4e49\u200b VPC","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Underlay Subnet \u200b\u4f1a\u200b\u548c\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0a\u200b\u7684\u200b Overlay Subnet \u200b\u4e92\u901a\u200b\uff0c\u200b\u5982\u679c\u200b\u8981\u200b\u6307\u5b9a\u200b\u548c\u200b\u67d0\u4e2a\u200b VPC \u200b\u4e92\u901a\u200b\uff0c\u200b\u5728\u200b u2oInterconnection \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true \u200b\u540e\u200b\uff0c\u200b\u6307\u5b9a\u200b subnet.spec.vpc \u200b\u5b57\u6bb5\u200b\u4e3a\u200b\u8be5\u200b VPC \u200b\u540d\u5b57\u200b\u5373\u53ef\u200b\u3002
"},{"location":"start/underlay/#_9","title":"\u6ce8\u610f\u4e8b\u9879","text":"\u200b\u5982\u679c\u200b\u60a8\u200b\u4f7f\u7528\u200b\u7684\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u4e0a\u200b\u914d\u7f6e\u200b\u6709\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4e14\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u901a\u8fc7\u200b Netplan \u200b\u914d\u7f6e\u200b\u7f51\u7edc\u200b\uff08\u200b\u5982\u200b Ubuntu\uff09\uff0c\u200b\u5efa\u8bae\u60a8\u200b\u5c06\u200b Netplan \u200b\u7684\u200b renderer \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b NetworkManager\uff0c\u200b\u5e76\u200b\u4e3a\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b\u9759\u6001\u200b IP \u200b\u5730\u5740\u200b\uff08\u200b\u5173\u95ed\u200b DHCP\uff09\uff1a
network:\n renderer: NetworkManager\n ethernets:\n eth0:\n dhcp4: no\n addresses:\n - 172.16.143.129/24\n version: 2\n
\u200b\u5982\u679c\u200b\u60a8\u200b\u8981\u200b\u4fee\u6539\u200b\u7f51\u5361\u200b\u7684\u200b IP \u200b\u6216\u200b\u8def\u7531\u200b\u914d\u7f6e\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u4fee\u6539\u200b netplan \u200b\u914d\u7f6e\u200b\u540e\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff1a
netplan generate\n\nnmcli connection reload netplan-eth0\nnmcli device set eth0 managed yes\n
\u200b\u6267\u884c\u200b\u4ee5\u4e0a\u200b\u547d\u4ee4\u200b\u540e\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u5c06\u200b\u7f51\u5361\u200b\u4e0a\u200b\u7684\u200b IP \u200b\u53ca\u200b\u8def\u7531\u200b\u91cd\u65b0\u200b\u8f6c\u79fb\u200b\u81f3\u200b OVS \u200b\u7f51\u6865\u200b\u3002
\u200b\u5982\u679c\u200b\u60a8\u200b\u4f7f\u7528\u200b\u7684\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u901a\u8fc7\u200b NetworkManager \u200b\u7ba1\u7406\u7f51\u7edc\u200b\uff08\u200b\u5982\u200b CentOS\uff09\uff0c\u200b\u5728\u200b\u4fee\u6539\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b\u540e\u200b\u9700\u8981\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff1a
nmcli connection reload eth0\nnmcli device set eth0 managed yes\nnmcli -t -f GENERAL.STATE device show eth0 | grep -qw unmanaged || nmcli device reapply eth0\n
\u200b\u6ce8\u610f\u200b\uff1a\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b\u7684\u200b\u52a8\u6001\u200b\u4fee\u6539\u200b\u4ec5\u200b\u652f\u6301\u200b IP \u200b\u548c\u200b\u8def\u7531\u200b\uff0c\u200b\u4e0d\u200b\u652f\u6301\u200b MAC \u200b\u5730\u5740\u200b\u7684\u200b\u4fee\u6539\u200b\u3002
"},{"location":"start/underlay/#_10","title":"\u5df2\u77e5\u200b\u95ee\u9898","text":""},{"location":"start/underlay/#hairpin-pod","title":"\u7269\u7406\u200b\u7f51\u7edc\u200b\u5f00\u542f\u200b hairpin \u200b\u65f6\u200b Pod \u200b\u7f51\u7edc\u200b\u5f02\u5e38","text":"\u200b\u5f53\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u5f00\u542f\u200b hairpin \u200b\u6216\u200b\u7c7b\u4f3c\u200b\u884c\u4e3a\u200b\u65f6\u200b\uff0c\u200b\u53ef\u80fd\u200b\u51fa\u73b0\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u7f51\u5173\u200b\u68c0\u67e5\u200b\u5931\u8d25\u200b\u3001Pod \u200b\u7f51\u7edc\u901a\u4fe1\u200b\u5f02\u5e38\u200b\u7b49\u200b\u95ee\u9898\u200b\u3002\u200b\u8fd9\u200b\u662f\u56e0\u4e3a\u200b OVS \u200b\u7f51\u6865\u200b\u9ed8\u8ba4\u200b\u7684\u200b MAC \u200b\u5b66\u4e60\u200b\u529f\u80fd\u200b\u4e0d\u200b\u652f\u6301\u200b\u8fd9\u79cd\u200b\u7f51\u7edc\u200b\u73af\u5883\u200b\u3002
\u200b\u8981\u200b\u89e3\u51b3\u200b\u6b64\u200b\u95ee\u9898\u200b\uff0c\u200b\u9700\u8981\u200b\u5173\u95ed\u200b hairpin\uff08\u200b\u6216\u200b\u4fee\u6539\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7684\u200b\u76f8\u5173\u200b\u914d\u7f6e\u200b\uff09\uff0c\u200b\u6216\u200b\u66f4\u65b0\u200b Kube-OVN \u200b\u7248\u672c\u200b\u3002
"},{"location":"start/underlay/#pod-pod","title":"Pod \u200b\u6570\u91cf\u200b\u8f83\u591a\u65f6\u200b\u65b0\u5efa\u200b Pod \u200b\u7f51\u5173\u200b\u68c0\u67e5\u200b\u5931\u8d25","text":"\u200b\u82e5\u200b\u540c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u8fd0\u884c\u200b\u7684\u200b Pod \u200b\u6570\u91cf\u200b\u8f83\u200b\u591a\u200b\uff08\u200b\u5927\u4e8e\u200b 300\uff09\uff0c\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u51fa\u73b0\u200b ARP \u200b\u5e7f\u64ad\u200b\u5305\u200b\u7684\u200b OVS \u200b\u6d41\u8868\u200b resubmit \u200b\u6b21\u6570\u200b\u8d85\u8fc7\u200b\u4e0a\u9650\u200b\u5bfc\u81f4\u200b\u4e22\u5305\u200b\u7684\u200b\u73b0\u8c61\u200b\uff1a
2022-11-13T08:43:46.782Z|00222|ofproto_dpif_upcall(handler5)|WARN|Flow: arp,in_port=331,vlan_tci=0x0000,dl_src=00:00:00:25:eb:39,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.213.131.240,arp_tpa=10.213.159.254,arp_op=1,arp_sha=00:00:00:25:eb:39,arp_tha=ff:ff:ff:ff:ff:ff\n\nbridge(\"br-int\")\n----------------\n 0. No match.\n >>>> received packet on unknown port 331 <<<<\n drop\n\nFinal flow: unchanged\nMegaflow: recirc_id=0,eth,arp,in_port=331,dl_src=00:00:00:25:eb:39\nDatapath actions: drop\n2022-11-13T08:44:34.077Z|00224|ofproto_dpif_xlate(handler5)|WARN|over 4096 resubmit actions on bridge br-int while processing arp,in_port=13483,vlan_tci=0x0000,dl_src=00:00:00:59:ef:13,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.213.152.3,arp_tpa=10.213.159.254,arp_op=1,arp_sha=00:00:00:59:ef:13,arp_tha=ff:ff:ff:ff:ff:ff\n
\u200b\u8981\u200b\u89e3\u51b3\u200b\u6b64\u200b\u95ee\u9898\u200b\uff0c\u200b\u53ef\u200b\u4fee\u6539\u200b OVN NB \u200b\u9009\u9879\u200b bcast_arp_req_flood \u200b\u4e3a\u200b false\uff1a
kubectl ko nbctl set NB_Global . options:bcast_arp_req_flood=false\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/uninstall/","title":"\u5378\u8f7d","text":"\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5220\u9664\u200b Kube-OVN \u200b\u5e76\u200b\u66f4\u6362\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u8bf7\u200b\u6309\u7167\u200b\u4e0b\u5217\u200b\u7684\u200b\u6b65\u9aa4\u200b\u5220\u9664\u200b\u5bf9\u5e94\u200b\u7684\u200b Kube-OVN \u200b\u7ec4\u4ef6\u200b\u4ee5\u53ca\u200b OVS \u200b\u914d\u7f6e\u200b\uff0c\u200b\u4ee5\u200b\u907f\u514d\u200b\u5bf9\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u4ea7\u751f\u200b\u5e72\u6270\u200b\u3002 \u200b\u4e5f\u200b\u6b22\u8fce\u200b\u63d0\u200b issue \u200b\u8054\u7cfb\u200b\u6211\u4eec\u200b\u53cd\u9988\u200b\u4e0d\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u7684\u200b\u539f\u56e0\u200b\u5e2e\u52a9\u200b\u6211\u4eec\u200b\u6539\u8fdb\u200b\u3002
"},{"location":"start/uninstall/#kubernetes","title":"\u5220\u9664\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u521b\u5efa\u200b\u7684\u200b\u8d44\u6e90","text":"\u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u6267\u884c\u200b\u811a\u672c\u200b\u5220\u9664\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u521b\u5efa\u200b\u7684\u200b\u8d44\u6e90\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/cleanup.sh\nbash cleanup.sh\n
"},{"location":"start/uninstall/#_2","title":"\u6e05\u7406\u200b\u4e3b\u673a\u200b\u4e0a\u200b\u7684\u200b\u65e5\u5fd7\u200b\u548c\u200b\u914d\u7f6e\u6587\u4ef6","text":"\u200b\u5728\u200b\u6bcf\u53f0\u200b\u673a\u5668\u200b\u4e0a\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u6e05\u7406\u200b ovsdb \u200b\u4ee5\u53ca\u200b openvswitch \u200b\u4fdd\u5b58\u200b\u7684\u200b\u914d\u7f6e\u200b\uff1a
rm -rf /var/run/openvswitch\nrm -rf /var/run/ovn\nrm -rf /etc/origin/openvswitch/\nrm -rf /etc/origin/ovn/\nrm -rf /etc/cni/net.d/00-kube-ovn.conflist\nrm -rf /etc/cni/net.d/01-kube-ovn.conflist\nrm -rf /var/log/openvswitch\nrm -rf /var/log/ovn\nrm -fr /var/log/kube-ovn\n
"},{"location":"start/uninstall/#_3","title":"\u91cd\u542f\u200b\u8282\u70b9","text":"\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u786e\u4fdd\u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5361\u200b\u4fe1\u606f\u200b\uff0ciptable/ipset \u200b\u89c4\u5219\u200b\u5f97\u4ee5\u200b\u6e05\u9664\u200b\uff0c\u200b\u907f\u514d\u200b\u5bf9\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u7684\u200b\u5f71\u54cd\u200b\uff1a
reboot\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/","title":"Kube-OVN","text":"Kube-OVN, a CNCF Sandbox Project, bridges the SDN into Cloud Native. It offers an advanced Container Network Fabric for Enterprises with the most functions, extreme performance and the easiest operation.
Most Functions:
If you miss the rich networking capabilities of the SDN age but are struggling to find them in the cloud-native age, Kube-OVN should be your best choice.
Leveraging the proven capabilities of OVS/OVN in the SDN, Kube-OVN brings the rich capabilities of network virtualization to the cloud-native space. It currently supports Subnet Management, Static IP Allocation, Distributed/Centralized Gateways, Underlay/Overlay Hybrid Networks, VPC Multi-Tenant Networks, Cross-Cluster Interconnect, QoS Management, Multi-NIC Management, ACL, Traffic Mirroring, ARM Support, Windows Support, and many more.
Extreme Performance:
If you're concerned about the additional performance loss associated with container networks, then take a look at How Kube-OVN is doing everything it can to optimize performance.
In the data plane, through a series of carefully optimized flow and kernel optimizations, and with emerging technologies such as eBPF, DPDK and SmartNIC Offload, Kube-OVN can approximate or exceed host network performance in terms of latency and throughput.
In the control plane, Kube-OVN can support large-scale clusters of thousands of nodes and tens of thousands of Pods through the tailoring of OVN upstream flow tables and the use and tuning of various caching techniques.
In addition, Kube-OVN is continuously optimizing the usage of resources such as CPU and memory to accommodate resource-limited scenarios such as the edge.
Easiest Operation:
If you're worried about container network operations, Kube-OVN has a number of built-in tools to help you simplify your operations.
Kube-OVN provides one-click installation scripts to help users quickly build production-ready container networks. Also built-in rich monitoring metrics and Grafana dashboard help users to quickly set up monitoring system.
Powerful command line tools simplify daily operations and maintenance for users. By combining with Cilium, users can enhance the observability of their networks with eBPF capabilities. In addition, the ability to mirror traffic makes it easy to customize traffic monitoring and interface with traditional NPM systems.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/contact/","title":"Contact US","text":" \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/accelerate-intra-node-tcp-with-ebpf/","title":"Accelerate TCP Communication in Node with eBPF","text":"At some edge and 5G scenarios, there will be a lot of TCP communication between Pods on the same node. By using the open source istio-tcpip-bypass project from Intel, Pods can use the ability of eBPF to bypass the host's TCP/IP protocol stack and communicate directly through sockets, thereby greatly reducing latency and improving throughput.
"},{"location":"en/advance/accelerate-intra-node-tcp-with-ebpf/#basic-principle","title":"Basic Principle","text":"At present, two Pods on the same host need to go through a lot of network stacks, including TCP/IP, netfilter, OVS, etc., as shown in the following figure:
istio-tcpip-bypass plugin can automatically analyze and identify TCP communication within the same host, and bypass the complex kernel stack so that socket data transmission can be performed directly to reduce network stack processing overhead, as shown in the following figure:
Due to the fact that this component can automatically identify TCP communication within the same host and optimize it. In the Service Mesh environment based on the proxy mode, this component can also enhance the performance of Service Mesh.
For more technical implementation details, please refer to Tanzu Service Mesh Acceleration using eBPF.
"},{"location":"en/advance/accelerate-intra-node-tcp-with-ebpf/#prerequisites","title":"Prerequisites","text":"eBPF requires a kernel version of at least 5.4.0-74-generic. It is recommended to use Ubuntu 20.04 and Linux 5.4.0-74-generic kernel version for testing.
"},{"location":"en/advance/accelerate-intra-node-tcp-with-ebpf/#experimental-steps","title":"Experimental Steps","text":"Deploy two performance test Pods on the same node. If there are multiple machines in the cluster, you need to specify nodeSelector:
# kubectl create deployment perf --image=kubeovn/perf:dev --replicas=2\ndeployment.apps/perf created\n# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nperf-7697bc6ddf-b2cpv 1/1 Running 0 28s 100.64.0.3 sealos <none> <none>\nperf-7697bc6ddf-p2xpt 1/1 Running 0 28s 100.64.0.2 sealos <none> <none>\n
Enter one of the Pods to start the qperf server, and start the qperf client in another Pod for performance testing:
# kubectl exec -it perf-7697bc6ddf-b2cpv sh\n/ # qperf\n\n# kubectl exec -it perf-7697bc6ddf-p2xpt sh\n/ # qperf -t 60 100.64.0.3 -ub -oo msg_size:1:16K:*4 -vu tcp_lat tcp_bw\n
Deploy the istio-tcpip-bypass plugin:
kubectl apply -f https://raw.githubusercontent.com/intel/istio-tcpip-bypass/main/bypass-tcpip-daemonset.yaml\n
Enter the perf client container again for performance testing:
# kubectl exec -it perf-7697bc6ddf-p2xpt sh\n/ # qperf -t 60 100.64.0.3 -ub -oo msg_size:1:16K:*4 -vu tcp_lat tcp_bw\n
"},{"location":"en/advance/accelerate-intra-node-tcp-with-ebpf/#test-results","title":"Test Results","text":"According to the test results, the TCP latency will decrease by 40% ~ 60% under different packet sizes, and the throughput will increase by 40% ~ 80% when the packet size is greater than 1024 bytes.
Packet Size (byte) eBPF tcp_lat (us) Default tcp_lat (us) eBPF tcp_bw (Mb/s) Default tcp_bw(Mb/s) 1 20.2 44.5 1.36 4.27 4 20.2 48.7 5.48 16.7 16 19.6 41.6 21.7 63.5 64 18.8 41.3 96.8 201 256 19.2 36 395 539 1024 18.3 42.4 1360 846 4096 16.5 62.6 4460 2430 16384 20.2 58.8 9600 6900 In the hardware environment under test, when the packet size is less than 512 bytes, the throughput indicator optimized by eBPF is lower than the throughput under the default configuration. This situation may be related to the TCP aggregation optimization of the network card under the default configuration. If the application scenario is sensitive to small packet throughput, you need to test in the corresponding environment Determine whether to enable eBPF optimization. We will also optimize the throughput of eBPF TCP small packet scenarios in the future.
"},{"location":"en/advance/accelerate-intra-node-tcp-with-ebpf/#references","title":"References","text":" - istio-tcpip-bypass
- Deep Dive TCP/IP Bypass with eBPF in Service Mesh
- Tanzu Service Mesh Acceleration using eBPF
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/cilium-hubble-observe/","title":"Cilium Network Traffic Observation","text":"Kube-OVN supports Cilium integration, please refer to Cilium integration for details.
Cilium provides rich network traffic observation capabilities, and the flow observability is provided by Hubble. Hubble can observe the traffic across nodes, clusters, and even multi-cluster scenarios.
"},{"location":"en/advance/cilium-hubble-observe/#install-hubble","title":"Install Hubble","text":"In the default Cilium integration installation, the Hubble related components are not installed, so to support traffic observation, you need to supplement the installation of Hubble on the environment.
Execute the following command to install Hubble using helm:
helm upgrade cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --reuse-values \\\n --set hubble.relay.enabled=true \\\n --set hubble.ui.enabled=true\n
After installing Hubble, execute cilium status to check the status of the component and confirm that the installation is successful.
# cilium status\n /\u00af\u00af\\\n /\u00af\u00af\\__/\u00af\u00af\\ Cilium: OK\n \\__/\u00af\u00af\\__/ Operator: OK\n /\u00af\u00af\\__/\u00af\u00af\\ Hubble: OK\n \\__/\u00af\u00af\\__/ ClusterMesh: disabled\n \\__/\n\nDeployment hubble-relay Desired: 1, Ready: 1/1, Available: 1/1\nDeployment cilium-operator Desired: 2, Ready: 2/2, Available: 2/2\nDaemonSet cilium Desired: 2, Ready: 2/2, Available: 2/2\nDeployment hubble-ui Desired: 1, Ready: 1/1, Available: 1/1\nContainers: cilium Running: 2\n hubble-ui Running: 1\n hubble-relay Running: 1\n cilium-operator Running: 2\nCluster Pods: 16/17 managed by Cilium\nImage versions hubble-relay quay.io/cilium/hubble-relay:v1.11.6@sha256:fd9034a2d04d5b973f1e8ed44f230ea195b89c37955ff32e34e5aa68f3ed675a: 1\n cilium-operator quay.io/cilium/operator-generic:v1.11.6@sha256:9f6063c7bcaede801a39315ec7c166309f6a6783e98665f6693939cf1701bc17: 2\n cilium quay.io/cilium/cilium:v1.11.6@sha256:f7f93c26739b6641a3fa3d76b1e1605b15989f25d06625260099e01c8243f54c: 2\n hubble-ui quay.io/cilium/hubble-ui:v0.9.0@sha256:0ef04e9a29212925da6bdfd0ba5b581765e41a01f1cc30563cef9b30b457fea0: 1\n hubble-ui quay.io/cilium/hubble-ui-backend:v0.9.0@sha256:000df6b76719f607a9edefb9af94dfd1811a6f1b6a8a9c537cba90bf12df474b: 1\napple@bogon cilium %\n
After installing the Hubble component, you need to install the command line to view the traffic information in the environment. Execute the following command to install Hubble CLI:
curl -L --fail --remote-name-all https://github.com/cilium/hubble/releases/download/v0.10.0/hubble-linux-amd64.tar.gz\nsudo tar xzvfC hubble-linux-amd64.tar.gz /usr/local/bin\n
"},{"location":"en/advance/cilium-hubble-observe/#deploy-and-test","title":"Deploy and test","text":"Cilium offers a traffic test deployment solution, you can directly use the official deployment solution to deploy the test.
Execute the command cilium connectivity test, Cilium will automatically create the cilium-test namespace, and deploy the test under cilium-test.
After the normal deployment, you can view the resource information under the cilium-test namespace, as follows:
# kubectl get all -n cilium-test\nNAME READY STATUS RESTARTS AGE\npod/client-7df6cfbf7b-z5t2j 1/1 Running 0 21s\npod/client2-547996d7d8-nvgxg 1/1 Running 0 21s\npod/echo-other-node-d79544ccf-hl4gg 2/2 Running 0 21s\npod/echo-same-node-5d466d5444-ml7tc 2/2 Running 0 21s\n\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nservice/echo-other-node NodePort 10.109.58.126 <none> 8080:32269/TCP 21s\nservice/echo-same-node NodePort 10.108.70.32 <none> 8080:32490/TCP 21s\n\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps/client 1/1 1 1 21s\ndeployment.apps/client2 1/1 1 1 21s\ndeployment.apps/echo-other-node 1/1 1 1 21s\ndeployment.apps/echo-same-node 1/1 1 1 21s\n\nNAME DESIRED CURRENT READY AGE\nreplicaset.apps/client-7df6cfbf7b 1 1 1 21s\nreplicaset.apps/client2-547996d7d8 1 1 1 21s\nreplicaset.apps/echo-other-node-d79544ccf 1 1 1 21s\nreplicaset.apps/echo-same-node-5d466d5444 1 1 1 21s\n
"},{"location":"en/advance/cilium-hubble-observe/#use-the-command-line-to-observe-traffic","title":"Use the command line to observe traffic","text":"By default, the network traffic observation only provides the traffic observed by the Cilium agent on each node.
Execute the hubble observe command in the Cilium agent pod under the kube-system namespace to view the traffic information on the node.
# kubectl get pod -n kube-system -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\ncilium-d6h56 1/1 Running 0 2d20h 172.18.0.2 kube-ovn-worker <none> <none>\ncilium-operator-5887f78bbb-c7sb2 1/1 Running 0 2d20h 172.18.0.2 kube-ovn-worker <none> <none>\ncilium-operator-5887f78bbb-wj8gt 1/1 Running 0 2d20h 172.18.0.3 kube-ovn-control-plane <none> <none>\ncilium-tq5xb 1/1 Running 0 2d20h 172.18.0.3 kube-ovn-control-plane <none> <none>\nkube-ovn-pinger-7lgk8 1/1 Running 0 21h 10.16.0.19 kube-ovn-control-plane <none> <none>\nkube-ovn-pinger-msvcn 1/1 Running 0 21h 10.16.0.18 kube-ovn-worker <none> <none>\n\n# kubectl exec -it -n kube-system cilium-d6h56 -- bash\nroot@kube-ovn-worker:/home/cilium# hubble observe --from-namespace kube-system\nJul 29 03:24:25.551: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.561: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: RST)\nJul 29 03:24:25.561: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, RST)\nJul 29 03:24:25.572: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: SYN)\nJul 29 03:24:25.572: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.651: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.661: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: RST)\nJul 29 03:24:25.661: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, RST)\nJul 29 03:24:25.761: kube-system/kube-ovn-pinger-msvcn:52004 -> 172.18.0.3:6443 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.779: kube-system/kube-ovn-pinger-msvcn -> kube-system/kube-ovn-pinger-7lgk8 to-stack FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:25.779: kube-system/kube-ovn-pinger-msvcn <- kube-system/kube-ovn-pinger-7lgk8 to-endpoint FORWARDED (ICMPv4 EchoReply)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 <- kube-system/hubble-relay-959988db5-zc5vv:4245 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 <- kube-system/hubble-relay-959988db5-zc5vv:80 to-endpoint FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 -> kube-system/hubble-relay-959988db5-zc5vv:4245 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 -> kube-system/hubble-relay-959988db5-zc5vv:4245 to-endpoint FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.975: kube-system/kube-ovn-pinger-7lgk8 -> kube-system/kube-ovn-pinger-msvcn to-endpoint FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:25.975: kube-system/kube-ovn-pinger-7lgk8 <- kube-system/kube-ovn-pinger-msvcn to-stack FORWARDED (ICMPv4 EchoReply)\nJul 29 03:24:25.979: kube-system/kube-ovn-pinger-msvcn -> 172.18.0.3 to-stack FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:26.037: kube-system/coredns-6d4b75cb6d-lbgjg:36430 -> 172.18.0.3:6443 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:26.282: kube-system/kube-ovn-pinger-msvcn -> 172.18.0.2 to-stack FORWARDED (ICMPv4 EchoRequest)\n
After deploying Hubble Relay, Hubble can provide complete cluster-wide network traffic observation.
"},{"location":"en/advance/cilium-hubble-observe/#configure-port-forwarding","title":"Configure port forwarding","text":"In order to access the Hubble API normally, you need to create a port forwarding to forward the local request to the Hubble Service. You can execute the kubectl port-forward deployment/hubble-relay -n kube-system 4245:4245 command to open the port forwarding in the current terminal.
The port forwarding configuration can refer to Port Forwarding.
kubectl port-forward is a blocking command, you can open a new terminal to execute the following command to observe the traffic information.
After configuring the port forwarding, execute the hubble status command in the terminal. If there is an output similar to the following, the port forwarding configuration is correct, and you can use the command line to observe the traffic.
# hubble status\nHealthcheck (via localhost:4245): Ok\nCurrent/Max Flows: 8,190/8,190 (100.00%)\nFlows/s: 22.86\nConnected Nodes: 2/2\n
"},{"location":"en/advance/cilium-hubble-observe/#use-the-command-line-to-observe-traffic_1","title":"Use the command line to observe traffic","text":"Execute the hubble observe command in the terminal to view the traffic information of the cluster.
The traffic observed by the cilium-test namespace is as follows:
Pay attention to the hubble observe command display result, which is the traffic information queried when the current command line is executed. Executing the command line multiple times can view different traffic information. For more detailed observation information, you can execute the hubble help observe command to view the detailed usage of Hubble CLI.
"},{"location":"en/advance/cilium-hubble-observe/#use-ui-to-observe-traffic","title":"Use UI to observe traffic","text":"Execute the cilium status command to confirm that the Hubble UI has been successfully installed. In the second step of the Hubble installation, the installation of the UI has been supplemented.
Execute the command cilium hubble ui to automatically create port forwarding and map the hubble-ui service to the local port.
When the command is executed normally, the local browser will be automatically opened and jump to the Hubble UI interface. If it does not jump automatically, enter http://localhost:12000 in the browser to open the UI observation interface.
On the top left of the UI, select the cilium-test namespace to view the test traffic information provided by Cilium.
"},{"location":"en/advance/cilium-hubble-observe/#hubble-traffic-monitoring","title":"Hubble Traffic Monitoring","text":"Hubble component provides monitoring of Pod network behavior in the cluster. In order to support viewing the monitoring data provided by Hubble, you need to enable monitoring statistics.
Refer to the following command to supplement the hubble.metrics.enabled configuration item:
helm upgrade cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --reuse-values \\\n --set hubble.relay.enabled=true \\\n --set hubble.ui.enabled=true \\\n --set hubble.metrics.enabled=\"{dns,drop,tcp,flow,icmp,http}\"\n
After the deployment is completed, you can view the monitoring data provided by Hubble through the hubble-metrics service. Execute the following command to view the monitoring data:
# curl 172.18.0.2:9091/metrics\n# HELP hubble_drop_total Number of drops\n# TYPE hubble_drop_total counter\nhubble_drop_total{protocol=\"ICMPv6\",reason=\"Unsupported L3 protocol\"} 2\n# HELP hubble_flows_processed_total Total number of flows processed\n# TYPE hubble_flows_processed_total counter\nhubble_flows_processed_total{protocol=\"ICMPv4\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 335\nhubble_flows_processed_total{protocol=\"ICMPv4\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 335\nhubble_flows_processed_total{protocol=\"ICMPv6\",subtype=\"\",type=\"Drop\",verdict=\"DROPPED\"} 2\nhubble_flows_processed_total{protocol=\"TCP\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 8282\nhubble_flows_processed_total{protocol=\"TCP\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 6767\nhubble_flows_processed_total{protocol=\"UDP\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 1642\nhubble_flows_processed_total{protocol=\"UDP\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 1642\n# HELP hubble_icmp_total Number of ICMP messages\n# TYPE hubble_icmp_total counter\nhubble_icmp_total{family=\"IPv4\",type=\"EchoReply\"} 335\nhubble_icmp_total{family=\"IPv4\",type=\"EchoRequest\"} 335\nhubble_icmp_total{family=\"IPv4\",type=\"RouterSolicitation\"} 2\n# HELP hubble_tcp_flags_total TCP flag occurrences\n# TYPE hubble_tcp_flags_total counter\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"FIN\"} 2043\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"RST\"} 301\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"SYN\"} 1169\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"SYN-ACK\"} 1169\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/cilium-networkpolicy/","title":"Cilium NetworkPolicy Support","text":"Kube-OVN currently supports integration with Cilium, and the specific operation can refer to Cilium integration.
After integrating Cilium, you can use Cilium's excellent network policy capabilities to control the access of Pods in the cluster.The following documents provide integration verification of Cilium L3 and L4 network policy capabilities.
"},{"location":"en/advance/cilium-networkpolicy/#verification-steps","title":"Verification Steps","text":""},{"location":"en/advance/cilium-networkpolicy/#create-test-pod","title":"Create test Pod","text":"Create namespace test. Refer to the following yaml, create Pod with label app=test in namespace test as the destination Pod for testing access.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: test\n name: test\n namespace: test\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: test\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n labels:\n app: test\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n
Similarly, refer to the following yaml, create Pod with label app=dynamic in namespace default as the Pod for testing access.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: dynamic\n name: dynamic\n namespace: default\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: dynamic\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: dynamic\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n
View the test Pod and Label information:
# kubectl get pod -o wide --show-labels\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS\ndynamic-7d8d7874f5-9v5c4 1/1 Running 0 28h 10.16.0.35 kube-ovn-worker <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\ndynamic-7d8d7874f5-s8z2n 1/1 Running 0 28h 10.16.0.36 kube-ovn-control-plane <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\n# kubectl get pod -o wide -n test --show-labels\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS\ndynamic-7d8d7874f5-6dsg6 1/1 Running 0 7h20m 10.16.0.2 kube-ovn-control-plane <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\ndynamic-7d8d7874f5-tjgtp 1/1 Running 0 7h46m 10.16.0.42 kube-ovn-worker <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\nlabel-test1-77b6764857-swq4k 1/1 Running 0 3h43m 10.16.0.12 kube-ovn-worker <none> <none> app=test1,pod-template-hash=77b6764857\n\n// As the destination Pod for testing access.\ntest-54c98bc466-mft5s 1/1 Running 0 8h 10.16.0.41 kube-ovn-worker <none> <none> app=test,pod-template-hash=54c98bc466\n
"},{"location":"en/advance/cilium-networkpolicy/#l3-network-policy-test","title":"L3 Network Policy Test","text":"Refer to the following yaml, create CiliumNetworkPolicy resource:
apiVersion: \"cilium.io/v2\"\nkind: CiliumNetworkPolicy\nmetadata:\n name: \"l3-rule\"\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n
At this point, the test Pod in the default namespace cannot access the destination Pod, but the test Pod to the destination Pod in the test namespace is accessible.
Test results in the default namespace:
# kubectl exec -it dynamic-7d8d7874f5-9v5c4 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\n
Test results in the test namespace:
# kubectl exec -it -n test dynamic-7d8d7874f5-6dsg6 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n64 bytes from 10.16.0.41: seq=0 ttl=64 time=2.558 ms\n64 bytes from 10.16.0.41: seq=1 ttl=64 time=0.223 ms\n64 bytes from 10.16.0.41: seq=2 ttl=64 time=0.304 ms\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.223/1.028/2.558 ms\n
Look at the Cilium official document explanation, the CiliumNetworkPolicy resource limits the control at the namespace level. For more information, please refer to Cilium Limitations.
If there is a network policy rule match, only the Pod in the same namespace can access according to the rule, and the Pod in the other namespace is denied access by default.
If you want to implement cross-namespace access, you need to specify the namespace information in the rule.
Refer to the document, modify the CiliumNetworkPolicy resource, and add namespace information:
ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n k8s:io.kubernetes.pod.namespace: default // control the Pod access in other namespace\n
Look at the modified CiliumNetworkPolicy resource information:
# kubectl get cnp -n test -o yaml l3-rule\napiVersion: cilium.io/v2\nkind: CiliumNetworkPolicy\nmetadata:\n name: l3-rule\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n - matchLabels:\n app: dynamic\n k8s:io.kubernetes.pod.namespace: default\n
Test the Pod access in the default namespace again, and the destination Pod access is normal:
# kubectl exec -it dynamic-7d8d7874f5-9v5c4 -n test -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n64 bytes from 10.16.0.41: seq=0 ttl=64 time=2.383 ms\n64 bytes from 10.16.0.41: seq=1 ttl=64 time=0.115 ms\n64 bytes from 10.16.0.41: seq=2 ttl=64 time=0.142 ms\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.115/0.880/2.383 ms\n
Using the standard Kubernetes network policy networkpolicy, the test results show that Cilium also restricts access within the same namespace, and cross-namespace access is prohibited.
It is different from Kube-OVN implementation. Kube-OVN supports standard k8s network policy, which restricts the destination Pod in a specific namespace, but there is no namespace restriction on the source Pod. Any Pod that meets the restriction rules in any namespace can access the destination Pod.
"},{"location":"en/advance/cilium-networkpolicy/#l4-network-policy-test","title":"L4 Network Policy Test","text":"Refer to the following yaml, create CiliumNetworkPolicy resource:
apiVersion: \"cilium.io/v2\"\nkind: CiliumNetworkPolicy\nmetadata:\n name: \"l4-rule\"\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n toPorts:\n - ports:\n - port: \"80\"\n protocol: TCP\n
Test the access of the Pod that meets the network policy rules in the same namespace
# kubectl exec -it -n test dynamic-7d8d7874f5-6dsg6 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\nbash-5.0#\nbash-5.0# curl 10.16.0.41:80\n<html>\n<head>\n <title>Hello World!</title>\n <link href='//fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>\n <style>\n body {\n background-color: white;\n text-align: center;\n padding: 50px;\n font-family: \"Open Sans\",\"Helvetica Neue\",Helvetica,Arial,sans-serif;\n }\n #logo {\n margin-bottom: 40px;\n }\n </style>\n</head>\n<body>\n <h1>Hello World!</h1>\n <h3>Links found</h3>\n <h3>I am on test-54c98bc466-mft5s</h3>\n <h3>Cookie =</h3>\n <b>KUBERNETES</b> listening in 443 available at tcp://10.96.0.1:443<br />\n <h3>my name is hanhouchao!</h3>\n <h3> RequestURI='/'</h3>\n</body>\n</html>\n
The Pod that does not meet the network policy rules in the same namespace cannot access
# kubectl exec -it -n test label-test1-77b6764857-swq4k -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\nbash-5.0#\nbash-5.0# curl -v 10.16.0.41:80 --connect-timeout 10\n* Trying 10.16.0.41:80...\n* After 10000ms connect time, move on!\n* connect to 10.16.0.41 port 80 failed: Operation timed out\n* Connection timeout after 10001 ms\n* Closing connection 0\ncurl: (28) Connection timeout after 10001 ms\n
After the network policy takes effect, cross-namespace access is still prohibited, which is consistent with the L3 network policy test results.
After the L4 network policy takes effect, ping cannot be used, but TCP access that meets the policy rules can be executed normally.
About the restriction of ICMP, please refer to the official description L4 Limitation Description.
"},{"location":"en/advance/cilium-networkpolicy/#l7-network-policy-test","title":"L7 Network Policy Test","text":"chaining mode, L7 network policy currently has problems. In the Cilium official document, there is an explanation for this situation, please refer to Generic Veth Chaining.
This problem is tracked using issue 12454, and it has not been resolved yet.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/dhcp/","title":"DHCP","text":"When using SR-IOV or DPDK type networks, KubeVirt's built-in DHCP does not work in this network mode. Kube-OVN can use the DHCP capabilities of OVN to set DHCP options at the subnet level to help KubeVirt VMs of these network types to properly use DHCP to obtain assigned IP addresses. Kube-OVN supports both DHCPv4 and DHCPv6.
The subnet DHCP is configured as follows:
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sn-dual\nspec:\n cidrBlock: \"10.0.0.0/24,240e::a00/120\"\n default: false\n disableGatewayCheck: true\n disableInterConnection: false\n excludeIps:\n - 10.0.0.1\n - 240e::a01\n gateway: 10.0.0.1,240e::a01\n gatewayNode: ''\n gatewayType: distributed\n natOutgoing: false\n private: false\n protocol: Dual\n provider: ovn\n vpc: vpc-test\n enableDHCP: true\n dhcpV4Options: \"lease_time=3600,router=10.0.0.1,server_id=169.254.0.254,server_mac=00:00:00:2E:2F:B8\"\n dhcpV6Options: \"server_id=00:00:00:2E:2F:C5\"\n enableIPv6RA: true\n ipv6RAConfigs: \"address_mode=dhcpv6_stateful,max_interval=30,min_interval=5,send_periodic=true\"\n
enableDHCP: Whether to enable the DHCP function for the subnet.dhcpV4Options,dhcpV6Options: This field directly exposes DHCP-related options within ovn-nb, please reade DHCP Options for more detail. The default value is \"lease_time=3600, router=$ipv4_gateway, server_id=169.254.0.254, server_mac=$random_mac\" and server_id=$random_mac\u3002enableIPv6RA: Whether to enable the route broadcast function of DHCPv6.ipv6RAConfigs\uff1aThis field directly exposes DHCP-related options within ovn-nb Logical_Router_Port, please read Logical Router Port for more detail. The default value is address_mode=dhcpv6_stateful, max_interval=30, min_interval=5, send_periodic=true\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/dpdk/","title":"DPDK Support","text":"This document describes how Kube-OVN combines with OVS-DPDK to provide a DPDK-type network interface to KubeVirt's virtual machines.
Upstream KubeVirt does not currently support OVS-DPDK, users need to use the downstream patch Vhostuser implementation to build KubeVirt by themselves or KVM Device Plugin to use OVS-DPDK.
"},{"location":"en/advance/dpdk/#prerequisites","title":"Prerequisites","text":" - The node needs to provide a dedicated NIC for the DPDK driver to run.
- The node needs to have Hugepages enabled.
"},{"location":"en/advance/dpdk/#set-dpdk-driver","title":"Set DPDK driver","text":"Here we use driverctl for example, please refer to the DPDK documentation for specific parameters and other driver usage:
driverctl set-override 0000:00:0b.0 uio_pci_generic\n
"},{"location":"en/advance/dpdk/#configure-nodes","title":"Configure Nodes","text":"Labeling OVS-DPDK-enabled nodes for Kube-OVN to recognize:
kubectl label nodes <node> ovn.kubernetes.io/ovs_dp_type=\"userspace\"\n
Create the configuration file ovs-dpdk-config in the /opt/ovs-config directory on nodes that support DPDK.
ENCAP_IP=192.168.122.193/24\nDPDK_DEV=0000:00:0b.0\n
ENCAP_IP: The tunnel endpoint address.DPDK_DEV: The PCI ID of the device.
"},{"location":"en/advance/dpdk/#install-kube-ovn","title":"Install Kube-OVN","text":"Download scripts:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
Enable the DPDK installation option:
bash install.sh --with-hybrid-dpdk\n
"},{"location":"en/advance/dpdk/#usage","title":"Usage","text":"Here we verify the OVS-DPDK functionality by creating a virtual machine with a vhostuser type NIC.
Here we use the KVM Device Plugin to create virtual machines. For more information on how to use it, please refer to [KVM Device Plugin].(https://github.com/kubevirt/kubernetes-device-plugins/blob/master/docs/README.kvm.md).
kubectl apply -f https://raw.githubusercontent.com/kubevirt/kubernetes-device-plugins/master/manifests/kvm-ds.yml\n
Create NetworkAttachmentDefinition:
apiVersion: k8s.cni.cncf.io/v1\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-dpdk\n namespace: default\nspec:\n config: >-\n {\n \"cniVersion\": \"0.3.0\", \n \"type\": \"kube-ovn\", \n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\", \n \"provider\": \"ovn-dpdk.default.ovn\",\n \"vhost_user_socket_volume_name\": \"vhostuser-sockets\",\n \"vhost_user_socket_name\": \"sock\"\n }\n
Create a VM image using the following Dockerfile:
FROM quay.io/kubevirt/virt-launcher:v0.46.1\n\n# wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2\nCOPY CentOS-7-x86_64-GenericCloud.qcow2 /var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2\n
Create a virtual machine:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vm-config\ndata:\n start.sh: |\n chmod u+w /etc/libvirt/qemu.conf\n echo \"hugetlbfs_mount = \\\"/dev/hugepages\\\"\" >> /etc/libvirt/qemu.conf\n virtlogd &\n libvirtd &\n\n mkdir /var/lock\n\n sleep 5\n\n virsh define /root/vm/vm.xml\n virsh start vm\n\n tail -f /dev/null\n vm.xml: |\n <domain type='kvm'>\n <name>vm</name>\n <uuid>4a9b3f53-fa2a-47f3-a757-dd87720d9d1d</uuid>\n <memory unit='KiB'>2097152</memory>\n <currentMemory unit='KiB'>2097152</currentMemory>\n <memoryBacking>\n <hugepages>\n <page size='2' unit='M' nodeset='0'/>\n </hugepages>\n </memoryBacking>\n <vcpu placement='static'>2</vcpu>\n <cputune>\n <shares>4096</shares>\n <vcpupin vcpu='0' cpuset='4'/>\n <vcpupin vcpu='1' cpuset='5'/>\n <emulatorpin cpuset='1,3'/>\n </cputune>\n <os>\n <type arch='x86_64' machine='pc'>hvm</type>\n <boot dev='hd'/>\n </os>\n <features>\n <acpi/>\n <apic/>\n </features>\n <cpu mode='host-model'>\n <model fallback='allow'/>\n <topology sockets='1' cores='2' threads='1'/>\n <numa>\n <cell id='0' cpus='0-1' memory='2097152' unit='KiB' memAccess='shared'/>\n </numa>\n </cpu>\n <on_reboot>restart</on_reboot>\n <devices>\n <emulator>/usr/libexec/qemu-kvm</emulator>\n <disk type='file' device='disk'>\n <driver name='qemu' type='qcow2' cache='none'/>\n <source file='/var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2'/>\n <target dev='vda' bus='virtio'/>\n </disk>\n\n <interface type='vhostuser'>\n <mac address='00:00:00:0A:30:89'/>\n <source type='unix' path='/var/run/vm/sock' mode='server'/>\n <model type='virtio'/>\n <driver queues='2'>\n <host mrg_rxbuf='off'/>\n </driver>\n </interface>\n <serial type='pty'>\n <target type='isa-serial' port='0'>\n <model name='isa-serial'/>\n </target>\n </serial>\n <console type='pty'>\n <target type='serial' port='0'/>\n </console>\n <channel type='unix'>\n <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-1-vm/org.qemu.guest_agent.0'/>\n <target type='virtio' name='org.qemu.guest_agent.0' state='connected'/>\n <alias name='channel0'/>\n <address type='virtio-serial' controller='0' bus='0' port='1'/>\n </channel>\n\n </devices>\n </domain>\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: vm-deployment\n labels:\n app: vm\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: vm\n template:\n metadata:\n labels:\n app: vm\n annotations:\n k8s.v1.cni.cncf.io/networks: default/ovn-dpdk\n ovn-dpdk.default.ovn.kubernetes.io/ip_address: 10.16.0.96\n ovn-dpdk.default.ovn.kubernetes.io/mac_address: 00:00:00:0A:30:89\n spec:\n nodeSelector:\n ovn.kubernetes.io/ovs_dp_type: userspace\n securityContext:\n runAsUser: 0\n volumes:\n - name: vhostuser-sockets\n emptyDir: {}\n - name: xml\n configMap:\n name: vm-config\n - name: hugepage\n emptyDir:\n medium: HugePages-2Mi\n - name: libvirt-runtime\n emptyDir: {}\n containers:\n - name: vm\n image: vm-vhostuser:latest\n command: [\"bash\", \"/root/vm/start.sh\"]\n securityContext:\n capabilities:\n add:\n - NET_BIND_SERVICE\n - SYS_NICE\n - NET_RAW\n - NET_ADMIN\n privileged: false\n runAsUser: 0\n resources:\n limits:\n cpu: '2'\n devices.kubevirt.io/kvm: '1'\n memory: '8784969729'\n hugepages-2Mi: 2Gi\n requests:\n cpu: 666m\n devices.kubevirt.io/kvm: '1'\n ephemeral-storage: 50M\n memory: '4490002433'\n volumeMounts:\n - name: vhostuser-sockets\n mountPath: /var/run/vm\n - name: xml\n mountPath: /root/vm/\n - mountPath: /dev/hugepages\n name: hugepage\n - name: libvirt-runtime\n mountPath: /var/run/libvirt\n
Wait for the virtual machine to be created successfully and then go to the Pod to configure the virtual machine:
# virsh set-user-password vm root 12345\nPassword set successfully for root in vm\n\n# virsh console vm\nConnected to domain 'vm'\nEscape character is ^] (Ctrl + ])\n\nCentOS Linux 7 (Core)\nKernel 3.10.0-1127.el7.x86_64 on an x86_64\n\nlocalhost login: root\nPassword:\nLast login: Fri Feb 25 09:52:54 on ttyS0\n
Next, you can log into the virtual machine for network configuration and test:
ip link set eth0 mtu 1400\nip addr add 10.16.0.96/16 dev eth0\nip ro add default via 10.16.0.1\nping 114.114.114.114\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/external-gateway/","title":"External Gateway","text":"In some scenarios, all container traffic access to the outside needs to be managed and audited through an external gateway. Kube-OVN can forward outbound traffic to the corresponding external gateway by configuring the appropriate routes in the subnet.
"},{"location":"en/advance/external-gateway/#usage","title":"Usage","text":"kind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: external\nspec:\n cidrBlock: 172.31.0.0/16\n gatewayType: centralized\n natOutgoing: false\n externalEgressGateway: 192.168.0.1\n policyRoutingTableID: 1000\n policyRoutingPriority: 1500\n
natOutgoing: needs to be set to false.externalEgressGateway: Set to the address of the external gateway, which needs to be in the same Layer 2 reachable domain as the gateway node.policyRoutingTableID: The TableID of the local policy routing table used needs to be different for each subnet to avoid conflicts.policyRoutingPriority: Route priority, in order to avoid subsequent user customization of other routing operations conflict, here you can specify the route priority. If no special needs, you can fill in any value.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/fastpath/","title":"Compile FastPath Module","text":"After a data plane performance profile, netfilter consumes about 20% of CPU resources for related processing within the container and on the host. The FastPath module can bypass netfilter to reduce CPU consumption and latency, and increase throughput. This document will describe how to compile the FastPath module manually.
"},{"location":"en/advance/fastpath/#download-related-code","title":"Download Related Code","text":"git clone --depth=1 https://github.com/kubeovn/kube-ovn.git\n
"},{"location":"en/advance/fastpath/#install-dependencies","title":"Install Dependencies","text":"Here is an example of CentOS dependencies to download:
yum install -y kernel-devel-$(uname -r) gcc elfutils-libelf-devel\n
"},{"location":"en/advance/fastpath/#compile-the-module","title":"Compile the Module","text":"For the 3.x kernel:
cd kube-ovn/fastpath\nmake all\n
For the 4.x kernel:
cd kube-ovn/fastpath/4.18\ncp ../Makefile .\nmake all\n
"},{"location":"en/advance/fastpath/#instal-the-kernel-module","title":"Instal the Kernel Module","text":"Copy kube_ovn_fastpath.ko to each node that needs performance optimization, and run the following command:
insmod kube_ovn_fastpath.ko\n
Use dmesg to confirm successful installation:
# dmesg\n[619631.323788] init_module,kube_ovn_fastpath_local_out\n[619631.323798] init_module,kube_ovn_fastpath_post_routing\n[619631.323800] init_module,kube_ovn_fastpath_pre_routing\n[619631.323801] init_module,kube_ovn_fastpath_local_in\n
To uninstall a module, use the following command.
rmmod kube_ovn_fastpath.ko\n
This module will not be loaded automatically after machine reboot. If you want to load it automatically, please write the corresponding autostart script according to the system configuration.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/multi-nic/","title":"Manage Multiple Interface","text":"Kube-OVN can provide cluster-level IPAM capabilities for other CNI network plugins such as macvlan, vlan, host-device, etc. Other network plugins can then use the subnet and fixed IP capabilities in Kube-OVN.
Kube-OVN also supports address management when multiple NICs are all of Kube-OVN type.
"},{"location":"en/advance/multi-nic/#working-principle","title":"Working Principle","text":"By using Multus CNI, we can add multiple NICs of different networks to a Pod. However, we still lack the ability to manage the IP addresses of different networks within a cluster. In Kube-OVN, we have been able to perform advanced IP management such as subnet management, IP reservation, random assignment, fixed assignment, etc. through CRD of Subnet and IP. Now Kube-OVN extend the subnet to integrate with other different network plugins, so that other network plugins can also use the IPAM functionality of Kube-OVN.
"},{"location":"en/advance/multi-nic/#workflow","title":"Workflow","text":"The above diagram shows how to manage the IP addresses of other network plugins via Kube-OVN. The eth0 NIC of the container is connected to the OVN network and the net1 NIC is connected to other CNI networks. The network definition for the net1 network is taken from the NetworkAttachmentDefinition resource definition in multus-cni.
When a Pod is created, kube-ovn-controller will get the Pod add event, find the corresponding Subnet according to the annotation in the Pod, then manage the address from it, and write the address information assigned to the Pod back to the Pod annotation.
The CNI on the container machine can configure kube-ovn-cni as the ipam plugin. kube-ovn-cni will read the Pod annotation and return the address information to the corresponding CNI plugin using the standard format of the CNI protocol.
"},{"location":"en/advance/multi-nic/#usage","title":"Usage","text":""},{"location":"en/advance/multi-nic/#install-kube-ovn-and-multus","title":"Install Kube-OVN and Multus","text":"Please refer One-Click Installation and Multus how to use to install Kube-OVN and Multus-CNI.
"},{"location":"en/advance/multi-nic/#provide-ipam-for-other-types-of-cni","title":"Provide IPAM for other types of CNI","text":""},{"location":"en/advance/multi-nic/#create-networkattachmentdefinition","title":"Create NetworkAttachmentDefinition","text":"Here we use macvlan as the second network of the container network and set its ipam to kube-ovn:
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: macvlan\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth0\",\n \"mode\": \"bridge\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"macvlan.default\"\n }\n }'\n
spec.config.ipam.type: Need to be set to kube-ovn to call the kube-ovn plugin to get the address information.server_socket: The socket file used for communication to Kube-OVN. The default location is /run/openvswitch/kube-ovn-daemon.sock.provider: The current NetworkAttachmentDefinition's <name>. <namespace> , Kube-OVN will use this information to find the corresponding Subnet resource.
"},{"location":"en/advance/multi-nic/#the-attached-nic-is-a-kube-ovn-type-nic","title":"The attached NIC is a Kube-OVN type NIC","text":"At this point, the multiple NICs are all Kube-OVN type NICs.
"},{"location":"en/advance/multi-nic/#create-networkattachmentdefinition_1","title":"Create NetworkAttachmentDefinition","text":"Set the provider suffix to ovn:
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: attachnet\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"attachnet.default.ovn\"\n }'\n
spec.config.ipam.type: Need to be set to kube-ovn to call the kube-ovn plugin to get the address information.server_socket: The socket file used for communication to Kube-OVN. The default location is /run/openvswitch/kube-ovn-daemon.sock.provider: The current NetworkAttachmentDefinition's <name>. <namespace> , Kube-OVN will use this information to find the corresponding Subnet resource. It should have the suffix ovn here.
"},{"location":"en/advance/multi-nic/#create-a-kube-ovn-subnet","title":"Create a Kube-OVN Subnet","text":"Create a Kube-OVN Subnet, set the corresponding cidrBlock and exclude_ips, the provider should be set to the <name>. <namespace> of corresponding NetworkAttachmentDefinition. For example, to provide additional NICs with macvlan, create a Subnet as follows:
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: macvlan\nspec:\n protocol: IPv4\n provider: macvlan.default\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n excludeIps:\n - 172.17.0.0..172.17.0.10\n
gateway, private, nat are only valid for networks with provider type ovn, not for attachment networks.
If you are using Kube-OVN as an attached NIC, provider should be set to the <name>. <namespace>.ovn of the corresponding NetworkAttachmentDefinition, and should end with ovn as a suffix.
An example of creating a Subnet with an additional NIC provided by Kube-OVN is as follows:
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attachnet\nspec:\n protocol: IPv4\n provider: attachnet.default.ovn\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n excludeIps:\n - 172.17.0.0..172.17.0.10\n
"},{"location":"en/advance/multi-nic/#create-a-pod-with-multiple-nic","title":"Create a Pod with Multiple NIC","text":"For Pods with randomly assigned addresses, simply add the following annotation k8s.v1.cni.cncf.io/networks, taking the value <namespace>/<name> of the corresponding NetworkAttachmentDefinition.\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: samplepod\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\nspec:\n containers:\n - name: samplepod\n command: [\"/bin/ash\", \"-c\", \"trap : TERM INT; sleep infinity & wait\"]\n image: docker.io/library/alpine:edge\n
"},{"location":"en/advance/multi-nic/#create-pod-with-a-fixed-ip","title":"Create Pod with a Fixed IP","text":"For Pods with fixed IPs, add <networkAttachmentName>.<networkAttachmentNamespace>.kubernetes.io/ip_address annotation\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: static-ip\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\n macvlan.default.kubernetes.io/ip_address: 172.17.0.100\n macvlan.default.kubernetes.io/mac_address: 00:00:00:53:6B:BB\nspec:\n containers:\n - name: static-ip\n image: docker.io/library/nginx:alpine\n
"},{"location":"en/advance/multi-nic/#create-workloads-with-fixed-ips","title":"Create Workloads with Fixed IPs","text":"For workloads that use ippool, add <networkAttachmentName>.<networkAttachmentNamespace>.kubernetes.io/ip_pool annotations:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n namespace: default\n name: static-workload\n labels:\n app: static-workload\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: static-workload\n template:\n metadata:\n labels:\n app: static-workload\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\n ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17\n macvlan.default.kubernetes.io/ip_pool: 172.17.0.200,172.17.0.201,172.17.0.202\n spec:\n containers:\n - name: static-workload\n image: docker.io/library/nginx:alpine\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/nat-policy-rule/","title":"Default VPC NAT Policy Rule","text":""},{"location":"en/advance/nat-policy-rule/#purpose","title":"Purpose","text":"In the Overlay Subnet under the default VPC, when the natOutgoing switch is turned on, all Pods in the subnet need to do SNAT to access the external network, but in some scenarios we do not want all Pods in the subnet to access the external network by SNAT.
So the NAT Policy Rule is to provide a way for users to decide which CIDRs or IPs in the subnet to access the external network need SNAT.
"},{"location":"en/advance/nat-policy-rule/#how-to-use-nat-policy-rules","title":"How to use NAT Policy Rules","text":"Enable the natOutgoing switch in subnet.Spec, and add the field natOutgoingPolicyRules as follows:
spec:\n natOutgoing: true\n natOutgoingPolicyRules:\n - action: forward\n match:\n srcIPs: 10.0.11.0/30,10.0.11.254\n - action: nat\n match:\n srcIPs: 10.0.11.128/26\n dstIPs: 114.114.114.114,8.8.8.8\n
The above case shows that there are two NAT policy rules:
- Packets with source IP 10.0.11.0/30 or 10.0.11.254 will not perform SNAT when accessing the external network.
- When a packet with source IP 10.0.11.128/26 and destination IP 114.114.114.114 or 8.8.8.8 accesses the external network, SNAT will be performed.
Field description:
action: The action that will be executed for packets that meets the corresponding conditions of the match. The action is divided into two types: forward and nat. When natOutgoingPolicyRules is not configured, packets are still SNAT by default.
match: Indicates the matching segment of the message, the matching segment includes srcIPs and dstIPs, here indicates the source IP and destination IP of the message from the subnet to the external network. match.srcIPs and match.dstIPs support multiple cidr and ip, separated by commas. If multiple match rules overlap, the action that is matched first will be executed according to the order of the natOutgoingPolicyRules array.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/node-local-dns/","title":"NodeLocal DNSCache and Kube-OVN adaptation","text":"NodeLocal DNSCache improves cluster DNS performance by running DNS cache as a DaemonSet on cluster nodes. This function can also be adapted to Kube-OVN.
"},{"location":"en/advance/node-local-dns/#nodelocal-dnscache-deployment","title":"Nodelocal DNSCache deployment","text":""},{"location":"en/advance/node-local-dns/#deploy-kubernetes-nodelocal-dnscache","title":"Deploy Kubernetes NodeLocal DNScache","text":"This step refers to Kubernetes official website configuration nodelocaldnscache.
Deploy with the following script:
#!bin/bash\n\nlocaldns=169.254.20.10\ndomain=cluster.local\nkubedns=10.96.0.10\n\nwget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml\nsed -i \"s/__PILLAR__LOCAL__DNS__/$localdns/g; s/__PILLAR__DNS__DOMAIN__/$domain/g; s/,__PILLAR__DNS__SERVER__//g; s/__PILLAR__CLUSTER__DNS__/$kubedns/g\" nodelocaldns.yaml\n\nkubectl apply -f nodelocaldns.yaml\n
Modify the kubelet configuration file on each node, modify the clusterDNS field in /var/lib/kubelet/config.yaml to the local DNS IP 169.254.20.10, and then restart the kubelet service.
"},{"location":"en/advance/node-local-dns/#kube-ovn-corresponding-dns-configuration","title":"Kube-OVN corresponding DNS configuration","text":"After deploying the Nodelocal DNScache component of Kubernetes, Kube-OVN needs to make the following modifications:
"},{"location":"en/advance/node-local-dns/#underlay-subnet-enable-u2o-switch","title":"Underlay subnet enable U2O switch","text":"If the underlay subnet needs to use the local DNS function, you need to enable the U2O function, that is, configure spec.u2oInterconnection = true in kubectl edit subnet {your subnet}. If it is an overlay subnet, this step is not required.
"},{"location":"en/advance/node-local-dns/#specify-the-corresponding-local-dns-ip-for-kube-ovn-controller","title":"Specify the corresponding local DNS IP for kube-ovn-controller","text":"kubectl edit deployment kube-ovn-controller -n kube-system\n
Add field to spec.template.spec.containers.args --node-local-dns-ip=169.254.20.10
"},{"location":"en/advance/node-local-dns/#rebuild-the-created-pods","title":"Rebuild the created Pods","text":"The reason for this step is to let the Pod regenerate /etc/resolv.conf so that the nameserver points to the local DNS IP. If the nameserver of the Pod is not rebuilt, it will still use the DNS ClusterIP of the cluster. At the same time, if the u2o switch is turned on, the Pod needs to be rebuilt to regenerate the Pod gateway.
"},{"location":"en/advance/node-local-dns/#validator-local-dns-cache-function","title":"Validator local DNS cache function","text":"After the above configuration is completed, you can find the Pod verification as follows. You can see that the Pod's DNS server points to the local 169.254.20.10 and successfully resolves the domain name:
# kubectl exec -it pod1 -- nslookup github.com\nServer: 169.254.20.10\nAddress: 169.254.20.10:53\n\n\nName: github.com\nAddress: 20.205.243.166\n
You can also capture packets at the node and verify as follows. You can see that the DNS query message reaches the local DNS service through the ovn0 network card, and the DNS response message returns in the same way:
# tcpdump -i any port 53\n\n06:20:00.441889 659246098c56_h P ifindex 17 00:00:00:73:f1:06 ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1291+ A? baidu.com. (27)\n06:20:00.441889 ovn0 In ifindex 7 00:00:00:50:32:cd ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1291+ A? baidu.com. (27)\n06:20:00.441950 659246098c56_h P ifindex 17 00:00:00:73:f1:06 ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1611+ AAAA? baidu.com. (27)\n06:20:00.441950 ovn0 In ifindex 7 00:00:00:50:32:cd ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1611+ AAAA? baidu.com. (27)\n06:20:00.442203 ovn0 Out ifindex 7 00:00:00:52:99:d8 ethertype IPv4 (0x0800), length 145: 169.254.20.10.53 > 10.16.0.2.40230: 1611* 0/1/0 (97)\n06:20:00.442219 659246098c56_h Out ifindex 17 00:00:00:ea:b3:5e ethertype IPv4 (0x0800), length 145: 169.254.20.10.53 > 10.16.0.2.40230: 1611* 0/1/0 (97)\n06:20:00.442273 ovn0 Out ifindex 7 00:00:00:52:99:d8 ethertype IPv4 (0x0800), length 125: 169.254.20.10.53 > 10.16.0.2.40230: 1291* 2/0/0 A 39.156.66.10, A 110.242.68.66 (77)\n06:20:00.442278 659246098c56_h Out ifindex 17 00:00:00:ea:b3:5e ethertype IPv4 (0x0800), length 125: 169.254.20.10.53 > 10.16.0.2.40230: 1291* 2/0/0 A 39.156.66.10, A 110.242.68.66 (77)\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/offload-corigine/","title":"Offload with Corigine","text":"Kube-OVN uses OVS for traffic forwarding in the final data plane, and the associated flow table matching, tunnel encapsulation and other functions are CPU-intensive, which consumes a lot of CPU resources and leads to higher latency and lower throughput under heavy traffic. Corigine Agilio CX series SmartNIC can offload OVS-related operations to the hardware. This technology can shorten the data path without modifying the OVS control plane, avoiding the use of host CPU resources, which dramatically reduce latency and significantly increase the throughput.
"},{"location":"en/advance/offload-corigine/#prerequisites","title":"Prerequisites","text":" - Corigine Agilio CX series SmartNIC.
- CentOS 8 Stream or Linux 5.7 above.
- Since the current NIC does not support
dp_hash and hash operation offload, OVN LB function should be disabled.
"},{"location":"en/advance/offload-corigine/#setup-sr-iov","title":"Setup SR-IOV","text":"Please read Agilio Open vSwitch TC User Guide for the detail usage of this SmartNIC.
The following scripts are saved for subsequent execution of firmware-related operations:
#!/bin/bash\nDEVICE=${1}\nDEFAULT_ASSY=scan\nASSY=${2:-${DEFAULT_ASSY}}\nAPP=${3:-flower}\n\nif [ \"x${DEVICE}\" = \"x\" -o ! -e /sys/class/net/${DEVICE} ]; then\n echo Syntax: ${0} device [ASSY] [APP]\n echo\n echo This script associates the TC Offload firmware\n echo with a Netronome SmartNIC.\n echo\n echo device: is the network device associated with the SmartNIC\n echo ASSY: defaults to ${DEFAULT_ASSY}\n echo APP: defaults to flower. flower-next is supported if updated\n echo firmware has been installed.\n exit 1\nfi\n\n# It is recommended that the assembly be determined by inspection\n# The following code determines the value via the debug interface\nif [ \"${ASSY}x\" = \"scanx\" ]; then\n ethtool -W ${DEVICE} 0\n DEBUG=$(ethtool -w ${DEVICE} data /dev/stdout | strings)\n SERIAL=$(echo \"${DEBUG}\" | grep \"^SN:\")\n ASSY=$(echo ${SERIAL} | grep -oE AMDA[0-9]{4})\nfi\n\nPCIADDR=$(basename $(readlink -e /sys/class/net/${DEVICE}/device))\nFWDIR=\"/lib/firmware/netronome\"\n\n# AMDA0081 and AMDA0097 uses the same firmware\nif [ \"${ASSY}\" = \"AMDA0081\" ]; then\n if [ ! -e ${FWDIR}/${APP}/nic_AMDA0081.nffw ]; then\n ln -sf nic_AMDA0097.nffw ${FWDIR}/${APP}/nic_AMDA0081.nffw\n fi\nfi\n\nFW=\"${FWDIR}/pci-${PCIADDR}.nffw\"\nln -sf \"${APP}/nic_${ASSY}.nffw\" \"${FW}\"\n\n# insert distro-specific initramfs section here...\n
Switching firmware options and reloading the driver:
./agilio-tc-fw-select.sh ens47np0 scan\nrmmod nfp\nmodprobe nfp\n
Check the number of available VFs and create VFs.
# cat /sys/class/net/ens3/device/sriov_totalvfs\n65\n\n# echo 4 > /sys/class/net/ens47/device/sriov_numvfs\n
"},{"location":"en/advance/offload-corigine/#install-sr-iov-device-plugin","title":"Install SR-IOV Device Plugin","text":"Since each machine has a limited number of VFs and each Pod that uses acceleration will take up VF resources, we need to use the SR-IOV Device Plugin to manage the corresponding resources so that the scheduler knows how to schedule.
Create SR-IOV Configmap:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sriovdp-config\n namespace: kube-system\ndata:\n config.json: |\n {\n \"resourceList\": [{\n \"resourcePrefix\": \"corigine.com\",\n \"resourceName\": \"agilio_sriov\",\n \"selectors\": {\n \"vendors\": [\"19ee\"],\n \"devices\": [\"6003\"],\n \"drivers\": [\"nfp_netvf\"]\n }\n }\n ]\n }\n
Please read the SR-IOV device plugin to deploy:
kubectl apply -f https://raw.githubusercontent.com/intel/sriov-network-device-plugin/master/deployments/k8s-v1.16/sriovdp-daemonset.yaml\n
Check if SR-IOV resources have been registered to Kubernetes Node:
kubectl describe no containerserver | grep corigine\n\ncorigine.com/agilio_sriov: 4\ncorigine.com/agilio_sriov: 4\ncorigine.com/agilio_sriov 0 0\n
"},{"location":"en/advance/offload-corigine/#install-multus-cni","title":"Install Multus-CNI","text":"The device IDs obtained during SR-IOV Device Plugin scheduling need to be passed to Kube-OVN via Multus-CNI, so Multus-CNI needs to be configured to perform the related tasks.
Please read Multus-CNI Document to deploy\uff1a
kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset.yml\n
Create NetworkAttachmentDefinition\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: default\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/resourceName: corigine.com/agilio_sriov\nspec:\n config: '{\n \"cniVersion\": \"0.3.1\",\n \"name\": \"kube-ovn\",\n \"plugins\":[\n {\n \"type\":\"kube-ovn\",\n \"server_socket\":\"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"default.default.ovn\"\n },\n {\n \"type\":\"portmap\",\n \"capabilities\":{\n \"portMappings\":true\n }\n }\n ]\n}'\n
provider: the format should be {name}.{namespace}.ovn of related NetworkAttachmentDefinition.
"},{"location":"en/advance/offload-corigine/#enable-offload-in-kube-ovn","title":"Enable Offload in Kube-OVN","text":"Download the scripts:
wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.12/dist/images/install.sh\n
Change the related options\uff0cIFACE should be the physic NIC and has an IP:
ENABLE_MIRROR=${ENABLE_MIRROR:-false}\nHW_OFFLOAD=${HW_OFFLOAD:-true}\nENABLE_LB=${ENABLE_LB:-false}\nIFACE=\"ensp01\"\n
Install Kube-OVN\uff1a
bash install.sh\n
"},{"location":"en/advance/offload-corigine/#create-pods-with-vf-nics","title":"Create Pods with VF NICs","text":"Pods that use VF for network offload acceleration can be created using the following yaml:
apiVersion: v1\nkind: Pod\nmetadata:\n name: nginx\n namespace: default\n annotations:\n v1.multus-cni.io/default-network: default/default\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n resources:\n requests:\n corigine.com/agilio_sriov: '1'\n limits:\n corigine.com/agilio_sriov: '1'\n
v1.multus-cni.io/default-network: should be the {namespace}/{name} of related NetworkAttachmentDefinition.
Running the following command in the ovs-ovn container of the Pod run node to observe if offload success.
# ovs-appctl dpctl/dump-flows -m type=offloaded\nufid:91cc45de-e7e9-4935-8f82-1890430b0f66, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(5b45c61b307e_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:c5:6d:4e,dst=00:00:00:e7:16:ce),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:941539, bytes:62142230, used:0.260s, offloaded:yes, dp:tc, actions:54235e5753b8_h\nufid:e00768d7-e652-4d79-8182-3291d852b791, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(54235e5753b8_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:e7:16:ce,dst=00:00:00:c5:6d:4e),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:82386659, bytes:115944854173, used:0.260s, offloaded:yes, dp:tc, actions:5b45c61b307e_h\n
If there is offloaded:yes, dp:tc content, the offloading is successful.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/offload-mellanox/","title":"Offload with Mellanox","text":"Kube-OVN uses OVS for traffic forwarding in the final data plane, and the associated flow table matching, tunnel encapsulation and other functions are CPU-intensive, which consumes a lot of CPU resources and leads to higher latency and lower throughput under heavy traffic. Mellanox Accelerated Switching And Packet Processing (ASAP\u00b2) technology offloads OVS-related operations to an eSwitch within the eSwitch in the hardware. This technology can shorten the data path without modifying the OVS control plane, avoiding the use of host CPU resources, which dramatically reduce latency and significantly increase the throughput.
"},{"location":"en/advance/offload-mellanox/#prerequisites","title":"Prerequisites","text":" - Mellanox CX5/CX6/BlueField that support ASAP\u00b2.
- CentOS 8 Stream or Linux 5.7 above.
- Since the current NIC does not support
dp_hash and hash operation offload, OVN LB function should be disabled. - In order to support offload mode, the NIC cannot do bond.
"},{"location":"en/advance/offload-mellanox/#setup-sr-iov","title":"Setup SR-IOV","text":"Check the device ID of the NIC, in the following example it is 42:00.0:
# lspci -nn | grep ConnectX-5\n42:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n
Find the corresponding NIC by its device ID:
# ls -l /sys/class/net/ | grep 42:00.0\nlrwxrwxrwx. 1 root root 0 Jul 22 23:16 p4p1 -> ../../devices/pci0000:40/0000:40:02.0/0000:42:00.0/net/p4p1\n
Check the number of available VFs:
# cat /sys/class/net/p4p1/device/sriov_totalvfs\n8\n
Create VFs and do not exceeding the number found above:
# echo '4' > /sys/class/net/p4p1/device/sriov_numvfs\n# ip link show p4p1\n10: p4p1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000\n link/ether b8:59:9f:c1:ec:12 brd ff:ff:ff:ff:ff:ff\n vf 0 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 1 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 2 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 3 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n# ip link set p4p1 up\n
Find the device IDs corresponding to the above VFs:
# lspci -nn | grep ConnectX-5\n42:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n42:00.1 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n42:00.2 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.3 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.4 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.5 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n
Unbound the VFs from the driver:
echo 0000:42:00.2 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.3 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.4 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.5 > /sys/bus/pci/drivers/mlx5_core/unbind\n
Enable eSwitch mode and set up hardware offload:
devlink dev eswitch set pci/0000:42:00.0 mode switchdev\nethtool -K enp66s0f0 hw-tc-offload on\n
Rebind the driver and complete the VF setup:
echo 0000:42:00.2 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.3 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.4 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.5 > /sys/bus/pci/drivers/mlx5_core/bind\n
Some behaviors of NetworkManager may cause driver exceptions, if offloading problems occur we recommended to close NetworkManager and try again.
systemctl stop NetworkManager\nsystemctl disable NetworkManager\n
"},{"location":"en/advance/offload-mellanox/#install-sr-iov-device-plugin","title":"Install SR-IOV Device Plugin","text":"Since each machine has a limited number of VFs and each Pod that uses acceleration will take up VF resources, we need to use the SR-IOV Device Plugin to manage the corresponding resources so that the scheduler knows how to schedule.
Create SR-IOV Configmap:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sriovdp-config\n namespace: kube-system\ndata:\n config.json: |\n {\n \"resourceList\": [{\n \"resourcePrefix\": \"mellanox.com\",\n \"resourceName\": \"cx5_sriov_switchdev\",\n \"selectors\": {\n \"vendors\": [\"15b3\"],\n \"devices\": [\"1018\"],\n \"drivers\": [\"mlx5_core\"]\n }\n }\n ]\n }\n
Please read the SR-IOV device plugin to deploy:
kubectl apply -f https://raw.githubusercontent.com/intel/sriov-network-device-plugin/master/deployments/k8s-v1.16/sriovdp-daemonset.yaml\n
Check if SR-IOV resources have been registered to Kubernetes Node:
kubectl describe node kube-ovn-01 | grep mellanox\n\nmellanox.com/cx5_sriov_switchdev: 4\nmellanox.com/cx5_sriov_switchdev: 4\nmellanox.com/cx5_sriov_switchdev 0 0\n
"},{"location":"en/advance/offload-mellanox/#install-multus-cni","title":"Install Multus-CNI","text":"The device IDs obtained during SR-IOV Device Plugin scheduling need to be passed to Kube-OVN via Multus-CNI, so Multus-CNI needs to be configured to perform the related tasks.
Please read Multus-CNI Document to deploy\uff1a
kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset.yml\n
Create NetworkAttachmentDefinition\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: default\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/resourceName: mellanox.com/cx5_sriov_switchdev\nspec:\n config: '{\n \"cniVersion\": \"0.3.1\",\n \"name\": \"kube-ovn\",\n \"plugins\":[\n {\n \"type\":\"kube-ovn\",\n \"server_socket\":\"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"default.default.ovn\"\n },\n {\n \"type\":\"portmap\",\n \"capabilities\":{\n \"portMappings\":true\n }\n }\n ]\n}'\n
provider: the format should be {name}.{namespace}.ovn of related NetworkAttachmentDefinition.
"},{"location":"en/advance/offload-mellanox/#enable-offload-in-kube-ovn","title":"Enable Offload in Kube-OVN","text":"Download the scripts:
wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.12/dist/images/install.sh\n
Change the related options\uff0cIFACE should be the physic NIC and has an IP:
ENABLE_MIRROR=${ENABLE_MIRROR:-false}\nHW_OFFLOAD=${HW_OFFLOAD:-true}\nENABLE_LB=${ENABLE_LB:-false}\nIFACE=\"ensp01\"\n
Install Kube-OVN\uff1a
bash install.sh\n
"},{"location":"en/advance/offload-mellanox/#create-pods-with-vf-nics","title":"Create Pods with VF NICs","text":"Pods that use VF for network offload acceleration can be created using the following yaml:
apiVersion: v1\nkind: Pod\nmetadata:\n name: nginx\n annotations:\n v1.multus-cni.io/default-network: default/default\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n resources:\n requests:\n mellanox.com/cx5_sriov_switchdev: '1'\n limits:\n mellanox.com/cx5_sriov_switchdev: '1'\n
v1.multus-cni.io/default-network: should be the {namespace}/{name} of related NetworkAttachmentDefinition.
Running the following command in the ovs-ovn container of the Pod run node to observe if offload success.
# ovs-appctl dpctl/dump-flows -m type=offloaded\nufid:91cc45de-e7e9-4935-8f82-1890430b0f66, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(5b45c61b307e_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:c5:6d:4e,dst=00:00:00:e7:16:ce),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:941539, bytes:62142230, used:0.260s, offloaded:yes, dp:tc, actions:54235e5753b8_h\nufid:e00768d7-e652-4d79-8182-3291d852b791, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(54235e5753b8_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:e7:16:ce,dst=00:00:00:c5:6d:4e),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:82386659, bytes:115944854173, used:0.260s, offloaded:yes, dp:tc, actions:5b45c61b307e_h\n
If there is offloaded:yes, dp:tc content, the offloading is successful.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/overlay-with-route/","title":"Interconnection with Routes in Overlay Mode","text":"In some scenarios, the network environment does not support Underlay mode, but still need Pods and external devices directly access through IP, then you can use the routing method to connect the container network and the external.
Only Overlay Subnets in default VPC support this method. In this case, the Pod IP goes directly to the underlying network, which needs to disable IP checks for source and destination addresses.
"},{"location":"en/advance/overlay-with-route/#prerequisites","title":"Prerequisites","text":" - In this mode, the host needs to open the
ip_forward. - Check if there is a
Drop rule in the forward chain in the host iptables that should be modified for container-related traffic. - Due to the possibility of asymmetric routing, the host needs to allow packets with a ct status of
INVALID.
"},{"location":"en/advance/overlay-with-route/#steps","title":"Steps","text":"For subnets that require direct external routing, you need to set natOutgoing of the subnet to false to turn off nat mapping and make the Pod IP directly accessible to the external network.
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: routed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: distributed\n natOutgoing: false\n
At this point, the Pod's packets can reach the peer node via the host route, but the peer node does not yet know where the return packets should be sent to and needs to add a return route.
If the peer host and the container host are on the same Layer 2 network, we can add a static route directly to the peer host to point the next hop of the container network to any machine in the Kubernetes cluster.
ip route add 10.166.0.0/16 via 192.168.2.10 dev eth0\n
10.166.0.0/16 is the container subnet CIDR, and 192.168.2.10 is one node in the Kubernetes cluster.
If the peer host and the container host are not in the same layer 2 network, you need to configure the corresponding rules on the router.
Note: Specifying an IP for a single node may lead to single point of failure. To achieve fast failover, Keepalived can be used to set up a VIP for multiple nodes, and the next hop of the route can be directed to the VIP.
In some virtualized environments, the virtual network identifies asymmetric traffic as illegal traffic and drops it. In this case, you need to adjust the gatewayType of the Subnet to centralized and set the next hop to the IP of the gatewayNode node during route setup.
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: routed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: centralized\n gatewayNode: \"node1\"\n natOutgoing: false\n
If you still want to perform NAT processing for some traffic, such as traffic accessing the Internet, please refer to the Default VPC NAT Policy Rule.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/ovn-eip-fip-snat/","title":"Support OVN EIP,FIP and SNAT","text":"Note: Due to api changes, the OVN EIP FIP DNAT function cannot be continued in the '1.12' branch, if necessary, please refer to the branch after 1.12 or the master branch. Due to the evolution of the master branch quickly, now provides a special 1.12-mc branch, used to guarantee stability.
graph LR\n\n\npod-->vpc1-subnet-->vpc1-->snat-->lrp-->external-subnet-->gw-node-external-nic
The pod access the public network based on the snat
graph LR\n\n\npod-->vpc1-subnet-->vpc1-->fip-->lrp-->external-subnet-->local-node-external-nic
The pod access the public network based on the fip
The CRD supported by this function is basically the same as the iptable nat gw public network solution.
- ovn eip: occupies a public ip address and is allocated from the underlay provider network vlan subnet
- ovn fip: one-to-one dnat snat, which provides direct public network access for ip addresses and vip in a vpc
- ovn snat: a subnet cidr or a single vpc ip or vip can access public networks based on snat
- ovn dnat: based router lb, which enables direct access to a group of endpoints in a vpc based on a public endpoint
"},{"location":"en/advance/ovn-eip-fip-snat/#1-deployment","title":"1. Deployment","text":"Currently allows all vpcs to share the same provider vlan subnet resources, similar to neutron ovn mode. Compatible with previous scenarios default VPC EIP/SNAT.
During the deployment phase, you may need to specify a default public network logical switch based on actual conditions. If no vlan is in use (vlan 0 is used), the following startup parameters do not need to be configured.
# When deploying you need to refer to the above scenario and specify the following parameters as needed according to the actual situation\n# 1. kube-ovn-controller Startup parameters to be configured\uff1a\n - --external-gateway-vlanid=204\n - --external-gateway-switch=external204\n\n# 2. kube-ovn-cni Startup parameters to be configured:\n - --external-gateway-switch=external204 \n\n# The above configuration is consistent with the following public network configuration vlan id and resource name, \n# currently only support to specify one underlay public network as the default external public network.\n
The design and use of this configuration item takes into account the following factors\uff1a
- Based on this configuration item can be docked to the provider network, vlan, subnet resources.
- Based on this configuration item, the default vpc enable_eip_snat function can be docked to the existing vlan, subnet resources, while supporting the ipam
- If only the default vpc's enable_eip_snat mode is used with the old pod annotaion based eip fip snat, then the following configuration is not required.
- Based on this configuration you can not use the default vpc enable_eip_snat process, only by corresponding to vlan, subnet process, can be compatible with only custom vpc use eip snat usage scenarios.
The neutron ovn mode also has a certain static file configuration designation that is, for now, generally consistent.
"},{"location":"en/advance/ovn-eip-fip-snat/#11-create-the-underlay-public-network","title":"1.1 Create the underlay public network","text":"# provider-network\uff0c vlan\uff0c subnet\n# cat 01-provider-network.yaml\napiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: external204\nspec:\n defaultInterface: vlan\n\n# cat 02-vlan.yaml\napiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan204\nspec:\n id: 204\n provider: external204\n\n# cat 03-vlan-subnet.yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: external204\nspec:\n protocol: IPv4\n cidrBlock: 10.5.204.0/24\n gateway: 10.5.204.254\n vlan: vlan204\n excludeIps:\n - 10.5.204.1..10.5.204.100\n
"},{"location":"en/advance/ovn-eip-fip-snat/#12-default-vpc-enable-eip_snat","title":"1.2 Default vpc enable eip_snat","text":"# Enable the default vpc and the above underlay public provider subnet interconnection\ncat 00-centralized-external-gw-no-ip.yaml\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-external-gw-config\n namespace: kube-system\ndata:\n enable-external-gw: \"true\"\n external-gw-nodes: \"pc-node-1,pc-node-2,pc-node-3\" \n type: \"centralized\" \n external-gw-nic: \"vlan\"\n external-gw-addr: \"10.5.204.254/24\"\n
This feature currently supports the ability to create lrp type ovn eip resources without specifying the lrp ip and mac, which is already supported for automatic acquisition. If specified, it is equivalent to specifying the ip to create an ovn-eip of type lrp. Of course, you can also manually create the lrp type ovn eip in advance.
"},{"location":"en/advance/ovn-eip-fip-snat/#13-custom-vpc-enable-eip-snat-fip-function","title":"1.3 Custom vpc enable eip snat fip function","text":"# cat 00-ns.yml\napiVersion: v1\nkind: Namespace\nmetadata:\n name: vpc1\n\n# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc1\nspec:\n namespaces:\n - vpc1\n enableExternal: true\n# vpc enableExternal will automatically create an lrp association to the public network specified above\n\n# cat 02-subnet.yml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: vpc1-subnet1\nspec:\n cidrBlock: 192.168.0.0/24\n default: false\n disableGatewayCheck: false\n disableInterConnection: true\n enableEcmp: true\n gatewayNode: \"\"\n gatewayType: distributed\n #gatewayType: centralized\n natOutgoing: false\n private: false\n protocol: IPv4\n provider: ovn\n vpc: vpc1\n namespaces:\n - vpc1\n
After the above template is applied, you should see the following resources exist
# k ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 21d853b0-f7b4-40bd-9a53-31d2e2745739\n external ip: \"10.5.204.115\"\n logical ip: \"192.168.0.0/24\"\n type: \"snat\"\n
# k ko nbctl lr-route-list vpc1\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 10.5.204.254 dst-ip\n# The route currently supports automatic maintenance\n
"},{"location":"en/advance/ovn-eip-fip-snat/#2-ovn-eip","title":"2. ovn-eip","text":"This function is designed and used in the same way as iptables-eip, ovn-eip currently has three types
- nat: indicates ovn dnat, fip, and snat. These nat types are recorded in status
- lrp: indicates the resource used to connect a vpc to the public network
- lsp: In the ovn BFD-based ecmp static route scenario, an ovs internal port is provided on the gateway node as the next hop of the ecmp route
---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: external204\n type: nat\n\n# Dynamically allocate an eip resource that is reserved for fip dnat_and_snat scenarios\n
"},{"location":"en/advance/ovn-eip-fip-snat/#21-create-an-fip-for-pod","title":"2.1 Create an fip for pod","text":"# k get po -o wide -n vpc1 vpc-1-busybox01\nNAME READY STATUS RESTARTS AGE IP NODE\nvpc-1-busybox01 1/1 Running 0 3d15h 192.168.0.2 pc-node-2\n\n# k get ip vpc-1-busybox01.vpc1\nNAME V4IP V6IP MAC NODE SUBNET\nvpc-1-busybox01.vpc1 192.168.0.2 00:00:00:0A:DD:27 pc-node-2 vpc1-subnet1\n\n---\n\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnFip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n ovnEip: eip-static\n ipName: vpc-1-busybox01.vpc1 # the name of the ip crd, which is unique\n
# k get ofip\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-for-vip vpc1 10.5.204.106 192.168.0.3 true vip test-fip-vip\neip-static vpc1 10.5.204.101 192.168.0.2 true vpc-1-busybox01.vpc1\n# k get ofip eip-static\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-static vpc1 10.5.204.101 192.168.0.2 true vpc-1-busybox01.vpc1\n\n[root@pc-node-1 03-cust-vpc]# ping 10.5.204.101\nPING 10.5.204.101 (10.5.204.101) 56(84) bytes of data.\n64 bytes from 10.5.204.101: icmp_seq=2 ttl=62 time=1.21 ms\n64 bytes from 10.5.204.101: icmp_seq=3 ttl=62 time=0.624 ms\n64 bytes from 10.5.204.101: icmp_seq=4 ttl=62 time=0.368 ms\n^C\n--- 10.5.204.101 ping statistics ---\n4 packets transmitted, 3 received, 25% packet loss, time 3049ms\nrtt min/avg/max/mdev = 0.368/0.734/1.210/0.352 ms\n[root@pc-node-1 03-cust-vpc]#\n\n# pod <--> node ping is working\n
# The key resources that this public ip can pass include the following ovn nb resources\n\n# k ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 813523e7-c68c-408f-bd8c-cba30cb2e4f4\n external ip: \"10.5.204.101\"\n logical ip: \"192.168.0.2\"\n type: \"dnat_and_snat\"\n
"},{"location":"en/advance/ovn-eip-fip-snat/#22-create-an-fip-for-vip","title":"2.2 Create an fip for vip","text":"In order to facilitate the use of some vip scenarios, such as inside kubevirt VM, keepalived use vip, kube-vip use vip, etc. the vip need public network access.
# First create vip, eip, then bind eip to vip\n# cat vip.yaml\napiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: test-fip-vip\nspec:\n subnet: vpc1-subnet1\n\n# cat 04-fip.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-for-vip\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnFip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-for-vip\nspec:\n ovnEip: eip-for-vip\n ipType: vip # By default fip is for pod ip, here you need to specify the docking to vip resources\n ipName: test-fip-vip\n
# k get ofip\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-for-vip vpc1 10.5.204.106 192.168.0.3 true vip test-fip-vip\n\n\n[root@pc-node-1 fip-vip]# ping 10.5.204.106\nPING 10.5.204.106 (10.5.204.106) 56(84) bytes of data.\n64 bytes from 10.5.204.106: icmp_seq=1 ttl=62 time=0.694 ms\n64 bytes from 10.5.204.106: icmp_seq=2 ttl=62 time=0.436 ms\n\n# node <--> pod fip is working\n\n# The way ip is used inside the pod is roughly as follows\n\n[root@pc-node-1 fip-vip]# k -n vpc1 exec -it vpc-1-busybox03 -- bash\n[root@vpc-1-busybox03 /]#\n[root@vpc-1-busybox03 /]#\n[root@vpc-1-busybox03 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1568: eth0@if1569: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:56:40:e5 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.5/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet 192.168.0.3/24 scope global secondary eth0 # vip here\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe56:40e5/64 scope link\n valid_lft forever preferred_lft forever\n\n[root@vpc-1-busybox03 /]# tcpdump -i eth0 host 192.168.0.3 -netvv\ntcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes\n00:00:00:ed:8e:c7 > 00:00:00:56:40:e5, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 44830, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.32.51 > 192.168.0.3: ICMP echo request, id 177, seq 1, length 64\n00:00:00:56:40:e5 > 00:00:00:ed:8e:c7, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 43962, offset 0, flags [none], proto ICMP (1), length 84)\n 192.168.0.3 > 10.5.32.51: ICMP echo reply, id 177, seq 1, length 64\n\n# pod internal can catch fip related icmp packets\n
"},{"location":"en/advance/ovn-eip-fip-snat/#31-ovn-snat-corresponds-to-the-cidr-of-a-subnet","title":"3.1 ovn-snat corresponds to the CIDR of a subnet","text":"This feature is designed and used in much the same way as iptables-snat
# cat 03-subnet-snat.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-subnet-in-vpc\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-subnet-in-vpc\nspec:\n ovnEip: snat-for-subnet-in-vpc\n vpcSubnet: vpc1-subnet1 # eip corresponds to the entire network segment\n
"},{"location":"en/advance/ovn-eip-fip-snat/#32-ovn-snat-corresponds-to-a-pod-ip","title":"3.2 ovn-snat corresponds to a pod IP","text":"This feature is designed and used in much the same way as iptables-snat
# cat 03-pod-snat.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-pod-vpc-ip\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat01\nspec:\n ovnEip: snat-for-pod-vpc-ip\n ipName: vpc-1-busybox02.vpc1 # eip corresponds to a single pod ip\n
After the above resources are created, you can see the following resources that the snat public network feature depends on.
# kubectl ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 21d853b0-f7b4-40bd-9a53-31d2e2745739\n external ip: \"10.5.204.115\"\n logical ip: \"192.168.0.0/24\"\n type: \"snat\"\n nat da77a11f-c523-439c-b1d1-72c664196a0f\n external ip: \"10.5.204.116\"\n logical ip: \"192.168.0.4\"\n type: \"snat\"\n
[root@pc-node-1 03-cust-vpc]# k get po -A -o wide | grep busy\nvpc1 vpc-1-busybox01 1/1 Running 0 3d15h 192.168.0.2 pc-node-2 <none> <none>\nvpc1 vpc-1-busybox02 1/1 Running 0 17h 192.168.0.4 pc-node-1 <none> <none>\nvpc1 vpc-1-busybox03 1/1 Running 0 17h 192.168.0.5 pc-node-1 <none> <none>\nvpc1 vpc-1-busybox04 1/1 Running 0 17h 192.168.0.6 pc-node-3 <none> <none>\nvpc1 vpc-1-busybox05 1/1 Running 0 17h 192.168.0.7 pc-node-1 <none> <none>\n\n# k exec -it -n vpc1 vpc-1-busybox04 bash\nkubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.\n[root@vpc-1-busybox04 /]#\n[root@vpc-1-busybox04 /]#\n[root@vpc-1-busybox04 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n17095: eth0@if17096: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:76:94:55 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.6/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe76:9455/64 scope link\n valid_lft forever preferred_lft forever\n[root@vpc-1-busybox04 /]# ping 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=1 ttl=114 time=22.2 ms\n64 bytes from 223.5.5.5: icmp_seq=2 ttl=114 time=21.8 ms\n\n[root@pc-node-1 03-cust-vpc]# k exec -it -n vpc1 vpc-1-busybox02 bash\nkubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1566: eth0@if1567: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:0b:e9:d0 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.4/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe0b:e9d0/64 scope link\n valid_lft forever preferred_lft forever\n[root@vpc-1-busybox02 /]# ping 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=2 ttl=114 time=22.7 ms\n64 bytes from 223.5.5.5: icmp_seq=3 ttl=114 time=22.6 ms\n64 bytes from 223.5.5.5: icmp_seq=4 ttl=114 time=22.1 ms\n^C\n--- 223.5.5.5 ping statistics ---\n4 packets transmitted, 3 received, 25% packet loss, time 3064ms\nrtt min/avg/max/mdev = 22.126/22.518/22.741/0.278 ms\n\n# the two pods can access the external network based on these two type snat resources respectively\n
"},{"location":"en/advance/ovn-eip-fip-snat/#41-ovn-dnat-binds-a-dnat-to-a-pod","title":"4.1 ovn-dnat binds a DNAT to a pod","text":"kind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: underlay\n type: nat\n---\nkind: OvnDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-dnat\nspec:\n ovnEip: eip-dnat\n ipName: vpc-1-busybox01.vpc1 # Note that this is the name of the pod IP CRD and it is unique\n protocol: tcp\n internalPort: \"22\"\n externalPort: \"22\"\n
The configuration of OvnDnatRule is similar to that of IptablesDnatRule.
# kubectl get oeip eip-dnat\nNAME V4IP V6IP MAC TYPE READY\neip-dnat 10.5.49.4 00:00:00:4D:CE:49 dnat true\n\n# kubectl get odnat\nNAME EIP PROTOCOL V4EIP V4IP INTERNALPORT EXTERNALPORT IPNAME READY\neip-dnat eip-dnat tcp 10.5.49.4 192.168.0.3 22 22 vpc-1-busybox01.vpc1 true\n
"},{"location":"en/advance/ovn-eip-fip-snat/#42-ovn-dnat-binds-a-dnat-to-a-vip","title":"4.2 ovn-dnat binds a DNAT to a VIP","text":"kind: OvnDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-dnat\nspec:\n ipType: vip # By default, Dnat is oriented towards pod IPs. Here, it is necessary to specify that it is connected to VIP resources\n ovnEip: eip-dnat\n ipName: test-dnat-vip\n protocol: tcp\n internalPort: \"22\"\n externalPort: \"22\"\n
The configuration of OvnDnatRule is similar to that of IptablesDnatRule.
# kubectl get vip test-dnat-vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\ntest-dnat-vip 192.168.0.4 00:00:00:D0:C0:B5 vpc1-subnet1 true\n\n# kubectl get oeip eip-dnat\nNAME V4IP V6IP MAC TYPE READY\neip-dnat 10.5.49.4 00:00:00:4D:CE:49 dnat true\n\n# kubectl get odnat eip-dnat \nNAME EIP PROTOCOL V4EIP V4IP INTERNALPORT EXTERNALPORT IPNAME READY\neip-dnat eip-dnat tcp 10.5.49.4 192.168.0.4 22 22 test-dnat-vip true\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/ovn-ipsec/","title":"Encrypt inter-node communication using IPsec","text":"This function is supported after v1.10.11 and v1.11.4, the kernel version is at least 3.10.0 or above, and UDP ports 500 and 4500 are available.
"},{"location":"en/advance/ovn-ipsec/#start-ipsec","title":"Start IPsec","text":"Copy the script from the Kube-OVN source code ipsec.sh, execute the command as follows, the script will call ovs-pki to generate and distribute the certificate required for encryption:
bash ipsec.sh init\n
After the execution is completed, the nodes will negotiate for a period of time to establish an IPsec tunnel. The experience value is between ten seconds and one minute.You can check the IPsec status with the following command:
# bash ipsec.sh status\n Pod {ovs-ovn-d7hdt} ipsec status...\nInterface name: ovn-a4718e-0 v1 (CONFIGURED)\n Tunnel Type: geneve\n Local IP: 172.18.0.2\n Remote IP: 172.18.0.4\n Address Family: IPv4\n SKB mark: None\n Local cert: /etc/ipsec.d/certs/8aebd9df-46ef-47b9-85e3-73e9a765296d-cert.pem\n Local name: 8aebd9df-46ef-47b9-85e3-73e9a765296d\n Local key: /etc/ipsec.d/private/8aebd9df-46ef-47b9-85e3-73e9a765296d-privkey.pem\n Remote cert: None\n Remote name: a4718e55-5b85-4f46-90e6-63527d080590\n CA cert: /etc/ipsec.d/cacerts/cacert.pem\n PSK: None\n Custom Options: {}\n Ofport: 2\n CFM state: Disabled\nKernel policies installed:\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\nKernel security associations installed:\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\nIPsec connections that are active:\n\n Pod {ovs-ovn-fvbbj} ipsec status...\nInterface name: ovn-8aebd9-0 v1 (CONFIGURED)\n Tunnel Type: geneve\n Local IP: 172.18.0.4\n Remote IP: 172.18.0.2\n Address Family: IPv4\n SKB mark: None\n Local cert: /etc/ipsec.d/certs/a4718e55-5b85-4f46-90e6-63527d080590-cert.pem\n Local name: a4718e55-5b85-4f46-90e6-63527d080590\n Local key: /etc/ipsec.d/private/a4718e55-5b85-4f46-90e6-63527d080590-privkey.pem\n Remote cert: None\n Remote name: 8aebd9df-46ef-47b9-85e3-73e9a765296d\n CA cert: /etc/ipsec.d/cacerts/cacert.pem\n PSK: None\n Custom Options: {}\n Ofport: 1\n CFM state: Disabled\nKernel policies installed:\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\nKernel security associations installed:\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\nIPsec connections that are active:\n
After the establishment is complete, you can capture packets and observe that the packets have been encrypted:
# tcpdump -i eth0 -nel esp\n10:01:40.349896 IP kube-ovn-worker > kube-ovn-control-plane.kind: ESP(spi=0xcc91322a,seq=0x13d0), length 156\n10:01:40.350015 IP kube-ovn-control-plane.kind > kube-ovn-worker: ESP(spi=0xc8df4221,seq=0x1d37), length 156\n
After executing the script, you can turn off IPsec by executing the command:
# bash ipsec.sh stop\n
Or execute the command to open it again:
# bash ipsec.sh start\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/ovn-l3-ha-based-ecmp-with-bfd/","title":"Support OVN SNAT L3 HA Based ECMP and BFD Static Route","text":"Custom vpc based on ovn snat after ecmp based static route hash to multiple gw node ovnext0 NICs out of the public network
- Supports bfd-based high availability
- Only supports hash load balancing
graph LR\n\npod-->vpc-subnet-->vpc-->snat-->ecmp-->external-subnet-->gw-node1-ovnext0--> node1-external-switch\nexternal-subnet-->gw-node2-ovnext0--> node2-external-switch\nexternal-subnet-->gw-node3-ovnext0--> node3-external-switch
This functions basically the same as ovn-eip-fip-snat.md .
As for the different parts, which will be specified in the following sections, mainly including the creation of ovn-eip of lsp type and the automatic maintenance of bfd as well as ecmp static routes based on vpc enable_bfd.
"},{"location":"en/advance/ovn-l3-ha-based-ecmp-with-bfd/#1-deployment","title":"1. Deployment","text":""},{"location":"en/advance/ovn-l3-ha-based-ecmp-with-bfd/#11-create-the-underlay-public-network","title":"1.1 Create the underlay public network","text":""},{"location":"en/advance/ovn-l3-ha-based-ecmp-with-bfd/#12-default-vpc-enable-eip_snat","title":"1.2 Default vpc enable eip_snat","text":""},{"location":"en/advance/ovn-l3-ha-based-ecmp-with-bfd/#13-custom-vpc-enable-eip-snat-fip-function","title":"1.3 Custom vpc enable eip snat fip function","text":"The above section is exactly the same with ovn-eip-fip-snat.md.
After these functions are verified, the vpc can be switched directly to the ecmp-based bfd static route based on the following way, or of course, switched directly back.
Before customizing vpc to use this feature, you need to provide some gateway nodes, at least 2. Note that the name of the current implementation of ovn-eip must be consistent with the gateway node name, no automated maintenance is currently done for this resource.
# cat gw-node-eip.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-1\nspec:\n externalSubnet: external204\n type: lsp\n\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-2\nspec:\n externalSubnet: external204\n type: lsp\n\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-3\nspec:\n externalSubnet: external204\n type: lsp\n
Since this scenario is currently designed for vpc ecmp out of the public network, the gateway node above will not trigger the creation of a gateway NIC when there is no vpc enabled bfd, i.e. when there is no ovn eip (lrp) with enable bfd labeled, and will not be able to successfully start listening to the bfd session on the other side.
"},{"location":"en/advance/ovn-l3-ha-based-ecmp-with-bfd/#2-custom-vpc-enable-ecmp-bfd-l3-ha-public-network-function","title":"2. Custom vpc enable ecmp bfd L3 HA public network function","text":"# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc1\nspec:\n namespaces:\n - vpc1\n enableExternal: true\n enableBfd: true # bfd switch can be switched at will\n #enableBfd: false \n\n\n# cat 02-subnet.yml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: vpc1-subnet1\nspec:\n cidrBlock: 192.168.0.0/24\n default: false\n disableGatewayCheck: false\n disableInterConnection: true\n enableEcmp: true # enable ecmp\n gatewayNode: \"\"\n gatewayType: distributed\n #gatewayType: centralized\n natOutgoing: false\n private: false\n protocol: IPv4\n provider: ovn\n vpc: vpc1\n namespaces:\n - vpc1\n
note:
- Customize ecmp under vpc to use only static ecmp bfd routes. vpc enableBfd and subnet enableEcmp will only take effect if they are enabled at the same time, before static ecmp bfd routes are automatically managed.
- If the above configuration is turned off, it will automatically switch back to the regular default static route.
- This feature is not available for the default vpc, only custom vpc is supported, the default vpc has more complex policy routing.
- The enableEcmp of the subnet of the custom vpc uses only static routes, the gateway type gatewayType has no effect.
- When EnableExternal is turned off in vpc, the external network cannot be passed inside vpc.
- When EnableExternal is enabled on vpc, when EnableBfd is turned off, it will be based on the normal default route to the external network and will not have high availability.
# After the above template is applied the ovn logic layer should see the following resources\n# k get vpc\nNAME ENABLEEXTERNAL ENABLEBFD STANDBY SUBNETS NAMESPACES\novn-cluster true true [\"external204\",\"join\",\"ovn-default\"]\nvpc1 true true true [\"vpc1-subnet1\"] [\"vpc1\"]\n\n# Default vpc does not support ENABLEBFD\n# Custom vpc is supported and enabled\n\n# 1. bfd table created\n# k ko nbctl list bfd\n_uuid : be7df545-2c4c-4751-878f-b3507987f050\ndetect_mult : 3\ndst_ip : \"10.5.204.121\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n_uuid : 684c4489-5b59-4693-8d8c-3beab93f8093\ndetect_mult : 3\ndst_ip : \"10.5.204.109\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n_uuid : f0f62077-2ae9-4e79-b4f8-a446ec6e784c\ndetect_mult : 3\ndst_ip : \"10.5.204.108\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n### Note that all statuses should normally be up\n\n# 2. bfd ecmp static routes table created\n# k ko nbctl lr-route-list vpc1\nIPv4 Routes\nRoute Table <main>:\n 192.168.0.0/24 10.5.204.108 src-ip ecmp ecmp-symmetric-reply bfd\n 192.168.0.0/24 10.5.204.109 src-ip ecmp ecmp-symmetric-reply bfd\n 192.168.0.0/24 10.5.204.121 src-ip ecmp ecmp-symmetric-reply bfd\n\n# 3. Static Route Details\n# k ko nbctl find Logical_Router_Static_Route policy=src-ip options=ecmp_symmetric_reply=\"true\"\n_uuid : 3aacb384-d5ee-4b14-aebf-59e8c11717ba\nbfd : 684c4489-5b59-4693-8d8c-3beab93f8093\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.109\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n\n_uuid : 18bcc585-bc05-430b-925b-ef673c8e1aef\nbfd : f0f62077-2ae9-4e79-b4f8-a446ec6e784c\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.108\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n\n_uuid : 7d0a4e6b-cde0-4110-8176-fbaf19738498\nbfd : be7df545-2c4c-4751-878f-b3507987f050\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.121\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n
# Also, the following resources should be available at all gateway nodes\n\n[root@pc-node-1 ~]# ip netns exec ovnext bash ip a\n/usr/sbin/ip: /usr/sbin/ip: cannot execute binary file\n[root@pc-node-1 ~]#\n[root@pc-node-1 ~]# ip netns exec ovnext ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1541: ovnext0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UNKNOWN group default qlen 1000\n link/ether 00:00:00:ab:bd:87 brd ff:ff:ff:ff:ff:ff\n inet 10.5.204.108/24 brd 10.5.204.255 scope global ovnext0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:feab:bd87/64 scope link\n valid_lft forever preferred_lft forever\n[root@pc-node-1 ~]#\n[root@pc-node-1 ~]# ip netns exec ovnext route -n\nKernel IP routing table\nDestination Gateway Genmask Flags Metric Ref Use Iface\n0.0.0.0 10.5.204.254 0.0.0.0 UG 0 0 0 ovnext0\n10.5.204.0 0.0.0.0 255.255.255.0 U 0 0 0 ovnext0\n\n\n[root@pc-node-1 ~]# ip netns exec ovnext bfdd-control status\nThere are 1 sessions:\nSession 1\n id=1 local=10.5.204.108 (p) remote=10.5.204.122 state=Up\n\n## This is the other end of the lrp bfd session and one of the next hops of the lrp ecmp\n\n\n[root@pc-node-1 ~]# ip netns exec ovnext ping -c1 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=1 ttl=115 time=21.6 ms\n\n# No problem to the public network\n
catch outgoing packets within the ovnext ns of a gateway node
# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n^C\n0 packets captured\n0 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-1 ~]# exit\n[root@pc-node-1 ~]# ssh pc-node-2\nLast login: Thu Feb 23 09:21:08 2023 from 10.5.32.51\n[root@pc-node-2 ~]# ip netns exec ovnext bash\n[root@pc-node-2 ~]# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n^C\n0 packets captured\n0 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-2 ~]# exit\n[root@pc-node-2 ~]# logout\nConnection to pc-node-2 closed.\n[root@pc-node-1 ~]# ssh pc-node-3\nLast login: Thu Feb 23 08:32:41 2023 from 10.5.32.51\n[root@pc-node-3 ~]# ip netns exec ovnext bash\n[root@pc-node-3 ~]# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n00:00:00:2d:f8:ce > 00:00:00:fd:b2:a4, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 57978, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.204.102 > 223.5.5.5: ICMP echo request, id 22, seq 71, length 64\n00:00:00:fd:b2:a4 > dc:ef:80:5a:44:1a, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 57978, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.204.102 > 223.5.5.5: ICMP echo request, id 22, seq 71, length 64\n^C\n2 packets captured\n2 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-3 ~]#\n
"},{"location":"en/advance/ovn-l3-ha-based-ecmp-with-bfd/#3-turn-off-bfd-mode","title":"3. Turn off bfd mode","text":"In some scenarios, you may want to use a (centralized) single gateway directly out of the public network, which is the same as the default vpc enable_eip_snat usage pattern
# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc2\nspec:\n namespaces:\n - vpc2\n enableExternal: true\n #enableBfd: true\n enableBfd: false\n\n## set it false add apply\n\n# k ko nbctl lr-route-list vpc2\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 10.5.204.254 dst-ip\n\n# After application the route will switch back to the normal default static route\n# nbctl list bfd, the bfd session associated with lrp has been removed\n# And the opposite side of the bfd session in ovnext ns is automatically removed\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/ovn-remote-port-mirroring/","title":"OVN Remote Port Mirroring","text":"This feature provides ability to mirror the traffic of the specified Pod and direction, and to send the mirrored traffic to a remote destination.
This feature requires Kube-OVN version not lower than v1.12.
"},{"location":"en/advance/ovn-remote-port-mirroring/#install-multus-cni","title":"Install Multus-CNI","text":"Install Multus-CNI by referring the Multus-CNI Document.
"},{"location":"en/advance/ovn-remote-port-mirroring/#create-networkattachmentdefinition","title":"Create NetworkAttachmentDefinition","text":"Create the following NetworkAttachmentDefinition:
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: attachnet\n namespace: default\nspec:\n config: |\n {\n \"cniVersion\": \"0.3.1\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"attachnet.default.ovn\"\n }\n
Format of the provider field is <NAME>.<NAMESPACE>.ovn.
"},{"location":"en/advance/ovn-remote-port-mirroring/#create-underlay-network","title":"Create Underlay Network","text":"The mirrored traffic is encapsulated before transmition, so MTU of the network used to transmit the traffic should be greater than the mirrored LSP/Pod. Here we are using an underlay network.
Create the following underlay network:
apiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: net1\nspec:\n defaultInterface: eth1\n---\napiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan1\nspec:\n id: 0\n provider: net1\n---\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.19.0.0/16\n excludeIps:\n - 172.19.0.2..172.19.0.20\n gateway: 172.19.0.1\n vlan: vlan1\n provider: attachnet.default.ovn\n
The subnet's provider MUST be the same as the provider of the NetworkAttachmentDefinition created above.
"},{"location":"en/advance/ovn-remote-port-mirroring/#create-receiving-pod","title":"Create Receiving Pod","text":"Create the following Pod\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: pod1\n annotations:\n k8s.v1.cni.cncf.io/networks: default/attachnet\nspec:\n containers:\n - name: bash\n image: docker.io/kubeovn/kube-ovn:v1.12.13\n args:\n - bash\n - -c\n - sleep infinity\n securityContext:\n privileged: true\n
After the Pod has been created, checkout the IP addresses:
$ kubectl get ips | grep pod1\npod1.default 10.16.0.12 00:00:00:FF:34:24 kube-ovn-worker ovn-default\npod1.default.attachnet.default.ovn 172.19.0.21 00:00:00:A0:30:68 kube-ovn-worker subnet1\n
The IP address 172.19.0.21 will be used later.
"},{"location":"en/advance/ovn-remote-port-mirroring/#create-ovn-remote-port-mirroring","title":"Create OVN Remote Port Mirroring","text":"Create the following OVN remote port mirroring\uff1a
kubectl ko nbctl mirror-add mirror1 gre 99 from-lport 172.19.0.21\nkubectl ko nbctl lsp-attach-mirror coredns-787d4945fb-gpnkb.kube-system mirror1\n
coredns-787d4945fb-gpnkb.kube-system is the OVN LSP name with a format <POD_NAME>.<POD_NAMESPACE>.
Here is the OVN command usage:
ovn-nbctl mirror-add <NAME> <TYPE> <INDEX> <FILTER> <IP>\n\nNAME - add a mirror with given name\nTYPE - specify TYPE 'gre' or 'erspan'\nINDEX - specify the tunnel INDEX value\n (indicates key if GRE, erpsan_idx if ERSPAN)\nFILTER - specify FILTER for mirroring selection\n ('to-lport' / 'from-lport')\nIP - specify Sink / Destination i.e. Remote IP\n\novn-nbctl mirror-del [NAME] remove mirrors\novn-nbctl mirror-list print mirrors\n\novn-nbctl lsp-attach-mirror PORT MIRROR attach source PORT to MIRROR\novn-nbctl lsp-detach-mirror PORT MIRROR detach source PORT from MIRROR\n
"},{"location":"en/advance/ovn-remote-port-mirroring/#configure-receiving-pod","title":"Configure Receiving Pod","text":"Execute the following commands in the Pod:
root@pod1:/kube-ovn# ip link add mirror1 type gretap local 172.19.0.21 key 99 dev net1\nroot@pod1:/kube-ovn# ip link set mirror1 up\n
Now you can capture the mirrored packets:
root@pod1:/kube-ovn# tcpdump -i mirror1 -nnve\ntcpdump: listening on mirror1, link-type EN10MB (Ethernet), snapshot length 262144 bytes\n05:13:30.328808 00:00:00:a3:f5:e2 > 00:00:00:97:0f:6e, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.16.0.7 tell 10.16.0.4, length 28\n05:13:30.559167 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 212: (tos 0x0, ttl 64, id 57364, offset 0, flags [DF], proto UDP (17), length 198)\n 10.16.0.4.53 > 10.16.0.6.50472: 34511 NXDomain*- 0/1/1 (170)\n05:13:30.559343 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 212: (tos 0x0, ttl 64, id 57365, offset 0, flags [DF], proto UDP (17), length 198)\n 10.16.0.4.53 > 10.16.0.6.45177: 1659 NXDomain*- 0/1/1 (170)\n05:13:30.560625 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 200: (tos 0x0, ttl 64, id 57367, offset 0, flags [DF], proto UDP (17), length 186)\n 10.16.0.4.53 > 10.16.0.6.43848: 2636*- 0/1/1 (158)\n05:13:30.562774 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 191: (tos 0x0, ttl 64, id 57368, offset 0, flags [DF], proto UDP (17), length 177)\n 10.16.0.4.53 > 10.16.0.6.37755: 48737 NXDomain*- 0/1/1 (149)\n05:13:30.563523 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 187: (tos 0x0, ttl 64, id 57369, offset 0, flags [DF], proto UDP (17), length 173)\n 10.16.0.4.53 > 10.16.0.6.53887: 45519 NXDomain*- 0/1/1 (145)\n05:13:30.564940 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 201: (tos 0x0, ttl 64, id 57370, offset 0, flags [DF], proto UDP (17), length 187)\n 10.16.0.4.53 > 10.16.0.6.40846: 25745 NXDomain*- 0/1/1 (159)\n05:13:30.565140 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 201: (tos 0x0, ttl 64, id 57371, offset 0, flags [DF], proto UDP (17), length 187)\n 10.16.0.4.53 > 10.16.0.6.45214: 61875 NXDomain*- 0/1/1 (159)\n05:13:30.566023 00:00:00:a3:f5:e2 > 00:00:00:55:e4:4e, ethertype IPv4 (0x0800), length 80: (tos 0x0, ttl 64, id 45937, offset 0, flags [DF], proto UDP (17), length 66)\n 10.16.0.4.44116 > 172.18.0.1.53: 16025+ [1au] AAAA? alauda.cn. (38)\n
"},{"location":"en/advance/ovn-remote-port-mirroring/#notice","title":"Notice","text":" - If you are using ERSPAN as the encapsulation protocol, the Linux kernel version of the OVN nodes and remote devices must not be lower than 4.14. If you are using ERSPAN as the encapsulation protocol and using IPv6 as the transport network, the Linux kernel version must not be lower than 4.16.
- The transmission of mirrored traffic is unidirectional, so you only need to ensure that the OVN node can access the remote device.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/performance-tuning/","title":"Performance Tuning","text":"To keep the installation simple and feature-complete, the default installation script for Kube-OVN does not have performance-specific optimizations. If the applications are sensitive to latency and throughput, administrators can use this document to make specific performance optimizations.
The community will continue to iterate on the performance. Some general performance optimizations have been integrated into the latest version, so it is recommended to use the latest version to get better default performance.
For more on the process and methodology of performance optimization, please watch the video Kube-OVN \u200b\u5bb9\u5668\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u4e4b\u65c5\u200b\u3002
"},{"location":"en/advance/performance-tuning/#benchmarking","title":"Benchmarking","text":"Because the hardware and software environments vary greatly, the performance test data provided here can only be used as a reference, and the actual test results may differ significantly from the results in this document. It is recommended to compare the performance test results before and after optimization, and the performance comparison between the host network and the container network.
"},{"location":"en/advance/performance-tuning/#overlay-performance-comparison-before-and-after-optimization","title":"Overlay Performance Comparison before and after Optimization","text":"Environment:
- Kubernetes: 1.22.0
- OS: CentOS 7
- Kube-OVN: 1.8.0 Overlay Mode
- CPU: Intel(R) Xeon(R) E-2278G
- Network: 2*10Gbps, xmit_hash_policy=layer3+4
We use qperf -t 60 <server ip> -ub -oo msg_size:1 -vu tcp_lat tcp_bw udp_lat udp_bw to test bandwidth and latency of tcp/udp in 1-byte packets and the host network, respectively.
Type tcp_lat (us) udp_lat (us) tcp_bw (Mb/s) udp_bw(Mb/s) Kube-OVN Default 25.7 22.9 27.1 1.59 Kube-OVN Optimized 13.9 12.9 27.6 5.57 HOST Network 13.1 12.4 28.2 6.02"},{"location":"en/advance/performance-tuning/#overlay-underlay-and-calico-comparison","title":"Overlay\uff0c Underlay and Calico Comparison","text":"Next, we compare the overlay and underlay performance of the optimized Kube-OVN at different packet sizes with Calico's IPIP Always, IPIP never and the host network.
Environment:
- Kubernetes: 1.22.0
- OS: CentOS 7
- Kube-OVN: 1.8.0
- CPU: AMD EPYC 7402P 24-Core Processor
- Network: Intel Corporation Ethernet Controller XXV710 for 25GbE SFP28
qperf -t 60 <server ip> -ub -oo msg_size:1 -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Mb/s) udp_bw(Mb/s) Kube-OVN Overlay 15.2 14.6 23.6 2.65 Kube-OVN Underlay 14.3 13.8 24.2 3.46 Calico IPIP 21.4 20.2 23.6 1.18 Calico NoEncap 19.3 16.9 23.6 1.76 HOST Network 16.6 15.4 24.8 2.64 qperf -t 60 <server ip> -ub -oo msg_size:1K -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Gb/s) udp_bw(Gb/s) Kube-OVN Overlay 16.5 15.8 10.2 2.77 Kube-OVN Underlay 15.9 14.5 9.6 3.22 Calico IPIP 22.5 21.5 1.45 1.14 Calico NoEncap 19.4 18.3 3.76 1.63 HOST Network 18.1 16.6 9.32 2.66 qperf -t 60 <server ip> -ub -oo msg_size:4K -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Gb/s) udp_bw(Gb/s) Kube-OVN Overlay 34.7 41.6 16.0 9.23 Kube-OVN Underlay 32.6 44 15.1 6.71 Calico IPIP 44.8 52.9 2.94 3.26 Calico NoEncap 40 49.6 6.56 4.19 HOST Network 35.9 45.9 14.6 5.59 In some cases the container network outperforms the host network, this is because the container network path is optimized to completely bypass netfilter. Due to the existence of kube-proxy, all packets in host network have to go through netfilter, which will lead to more CPU consumption, so that container network in some environments has better performance.
"},{"location":"en/advance/performance-tuning/#dataplane-performance-optimization-methods","title":"Dataplane performance optimization methods","text":"The optimization methods described here are related to the hardware and software environment and the desired functionality, so please carefully understand the prerequisites for optimization before attempting it.
"},{"location":"en/advance/performance-tuning/#cpu-performance-mode-tuning","title":"CPU Performance Mode Tuning","text":"In some environments the CPU is running in power saving mode, performance in this mode will be unstable and latency will increase significantly, it is recommended to use the CPU's performance mode for more stable performance.
cpupower frequency-set -g performance\n
"},{"location":"en/advance/performance-tuning/#nic-hardware-queue-adjustment","title":"NIC Hardware Queue Adjustment","text":"In the case of increased traffic, a small buffer queue may lead to significant performance degradation due to a high packet loss rate and needs to be tuned.
Check the current NIC queue length:
# ethtool -g eno1\n Ring parameters for eno1:\n Pre-set maximums:\n RX: 4096\n RX Mini: 0\n RX Jumbo: 0\n TX: 4096\n Current hardware settings:\n RX: 255\n RX Mini: 0\n RX Jumbo: 0\n TX: 255\n
Increase the queue length to the maximum:
ethtool -G eno1 rx 4096\nethtool -G eno1 tx 4096\n
"},{"location":"en/advance/performance-tuning/#optimize-with-tuned","title":"Optimize with tuned","text":"tuned can use a series of preconfigured profile files to perform system optimizations for a specific scenario.
For latency-first scenarios:
tuned-adm profile network-latency\n
For throughput-first scenarios:
tuned-adm profile network-throughput\n
"},{"location":"en/advance/performance-tuning/#interrupt-binding","title":"Interrupt Binding","text":"We recommend disabling irqbalance and binding NIC interrupts to specific CPUs to avoid performance fluctuations caused by switching between multiple CPUs.
"},{"location":"en/advance/performance-tuning/#disable-ovn-lb","title":"Disable OVN LB","text":"The L2 LB implementation of OVN requires calling the kernel's conntrack module and recirculate, resulting in a significant CPU overhead, which is tested to be around 20%. For Overlay networks you can use kube-proxy to complete the service forwarding function for better Pod-to-Pod performance. This can be turned off in kube-ovn-controller args:
command:\n- /kube-ovn/start-controller.sh\nargs:\n...\n- --enable-lb=false\n...\n
In Underlay mode kube-proxy cannot use iptables or ipvs to control container network traffic, if you want to disable the LB function, you need to confirm whether you do not need the Service function.
"},{"location":"en/advance/performance-tuning/#fastpath-kernel-module","title":"FastPath Kernel Module","text":"Since the container network and the host network are on different network ns, the packets will pass through the netfilter module several times when they are transmitted across the host, which results in a CPU overhead of nearly 20%. The FastPath module can reduce CPU overhead by bypassing netfilter, since in most cases applications within a container network do not need to use the functionality of the netfilter module.
If you need to use the functions provided by netfilter such as iptables, ipvs, nftables, etc. in the container network, this module will disable the related functions.
Since kernel modules are kernel version dependent, it is not possible to provide a single kernel module artifact that adapts to all kernels. We pre-compiled the FastPath module for part of the kernels, which can be accessed by tunning-package.
You can also compile it manually, see Compiling FastPath Module
After obtaining the kernel module, you can load the FastPath module on each node using insmod kube_ovn_fastpath.ko and verify that the module was loaded successfully using dmesg:
# dmesg\n...\n[619631.323788] init_module,kube_ovn_fastpath_local_out\n[619631.323798] init_module,kube_ovn_fastpath_post_routing\n[619631.323800] init_module,kube_ovn_fastpath_pre_routing\n[619631.323801] init_module,kube_ovn_fastpath_local_in\n...\n
"},{"location":"en/advance/performance-tuning/#ovs-kernel-module-optimization","title":"OVS Kernel Module Optimization","text":"OVS flow processing including hashing, matching, etc. consumes about 10% of the CPU resources. Some instruction sets on modern x86 CPUs such as popcnt and sse4.2 can speed up the computation process, but the kernel is not compiled with these options enabled. It has been tested that the CPU consumption of flow-related operations is reduced to about 5% when the corresponding instruction set optimizations are enabled.
Similar to the compilation of the FastPath module, it is not possible to provide a single kernel module artifact for all kernels. Users need to compile manually or go to tunning-package to see if a compiled package is available for download.
Before using this kernel module, please check if the CPU supports the following instruction set:
cat /proc/cpuinfo | grep popcnt\ncat /proc/cpuinfo | grep sse4_2\n
"},{"location":"en/advance/performance-tuning/#compile-and-install-in-centos","title":"Compile and Install in CentOS","text":"Install the relevant compilation dependencies and kernel headers:
yum install -y gcc kernel-devel-$(uname -r) python3 autoconf automake libtool rpm-build openssl-devel\n
Compile the OVS kernel module and generate the corresponding RPM:
git clone -b branch-2.17 --depth=1 https://github.com/openvswitch/ovs.git\ncd ovs\ncurl -s https://github.com/kubeovn/ovs/commit/2d2c83c26d4217446918f39d5cd5838e9ac27b32.patch | git apply\n./boot.sh\n./configure --with-linux=/lib/modules/$(uname -r)/build CFLAGS=\"-g -O2 -mpopcnt -msse4.2\"\nmake rpm-fedora-kmod\ncd rpm/rpmbuild/RPMS/x86_64/\n
Copy the RPM to each node and install:
rpm -i openvswitch-kmod-2.15.2-1.el7.x86_64.rpm\n
If you have previously started Kube-OVN and the older version of the OVS module has been loaded into the kernel. It is recommended to reboot the machine to reload the new version of the kernel module.
"},{"location":"en/advance/performance-tuning/#compile-and-install-in-ubuntu","title":"Compile and Install in Ubuntu","text":"Install the relevant compilation dependencies and kernel headers:
apt install -y autoconf automake libtool gcc build-essential libssl-dev\n
Compile the OVS kernel module and install:
apt install -y autoconf automake libtool gcc build-essential libssl-dev\n\ngit clone -b branch-2.17 --depth=1 https://github.com/openvswitch/ovs.git\ncd ovs\ncurl -s https://github.com/kubeovn/ovs/commit/2d2c83c26d4217446918f39d5cd5838e9ac27b32.patch | git apply\n./boot.sh\n./configure --prefix=/usr/ --localstatedir=/var --enable-ssl --with-linux=/lib/modules/$(uname -r)/build\nmake -j `nproc`\nmake install\nmake modules_install\n\ncat > /etc/depmod.d/openvswitch.conf << EOF\noverride openvswitch * extra\noverride vport-* * extra\nEOF\n\ndepmod -a\ncp debian/openvswitch-switch.init /etc/init.d/openvswitch-switch\n/etc/init.d/openvswitch-switch force-reload-kmod\n
If you have previously started Kube-OVN and the older version of the OVS module has been loaded into the kernel. It is recommended to reboot the machine to reload the new version of the kernel module.
"},{"location":"en/advance/performance-tuning/#using-stt-type-tunnel","title":"Using STT Type Tunnel","text":"Common tunnel encapsulation protocols such as Geneve and Vxlan use the UDP protocol to encapsulate packets and are well supported in the kernel. However, when TCP packets are encapsulated using UDP, the optimization and offload features of modern operating systems and network cards for the TCP protocol do not work well, resulting in a significant drop in TCP throughput. In some virtualization scenarios, due to CPU limitations, TCP packet throughput may even be a tenth of that of the host network.
STT provides an innovative tunneling protocol that uses TCP formatted header for encapsulation. This encapsulation only emulates the TCP protocol header format without actually establishing a TCP connection, but can take full advantage of the TCP optimization capabilities of modern operating systems and network cards. In our tests TCP packet throughput can be improved several times, reaching performance levels close to those of the host network.
The STT tunnel is not pre-installed in the kernel and needs to be installed by compiling the OVS kernel module, which can be found in the previous section.
Enable STT tunnel:
kubectl set env daemonset/ovs-ovn -n kube-system TUNNEL_TYPE=stt\n\nkubectl delete pod -n kube-system -lapp=ovs\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/security-group/","title":"SecurityGroup Usage","text":"Kube-OVN has supported the configuration of security-groups, and the CRD used to configure security-groups is SecurityGroup.
"},{"location":"en/advance/security-group/#securitygroup-example","title":"SecurityGroup Example","text":"apiVersion: kubeovn.io/v1\nkind: SecurityGroup\nmetadata:\n name: sg-example\nspec:\n allowSameGroupTraffic: true\n egressRules:\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: all\n remoteAddress: 10.16.0.13 # 10.16.0.0/16 Configure network segment\n remoteType: address\n ingressRules:\n - ipVersion: ipv4\n policy: deny\n priority: 1\n protocol: icmp\n remoteAddress: 10.16.0.14\n remoteType: address\n
The specific meaning of each field of the SecurityGroup can be found in the Kube-OVN API Reference.
Pods bind security-groups by adding annotations, two annotations are used.
- port_security: source address verification. If this function is enabled, only packets with ip addresses assigned by kube-ovn ipam can be exported from the pod network adapter. After this function is disabled, any ip address can be exported
- security_groups: indicates a security group that contains a series of ACL rules
These two annotations are responsible for functions that are independent of each other.
ovn.kubernetes.io/port_security: \"true\"\n ovn.kubernetes.io/security_groups: sg-example\n
"},{"location":"en/advance/security-group/#caution","title":"Caution","text":" -
Security-groups are finally restricted by setting ACL rules, and as mentioned in the OVN documentation, if two ACL rules match with the same priority, it is uncertain which ACL will actually work. Therefore, when setting up security-group rules, you need to be careful to differentiate the priority.
-
When adding a security-group, it is important to know what restrictions are being added. As a CNI, Kube-OVN will perform a Pod-to-Gateway connectivity test after creating a Pod.
"},{"location":"en/advance/security-group/#actual-test","title":"Actual test","text":"Create a Pod using the following yaml, and specify the security-group in the annotation for the pod.
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n app: static\n annotations:\n ovn.kubernetes.io/port_security: 'true'\n ovn.kubernetes.io/security_groups: 'sg-example'\n name: sg-test-pod\n namespace: default\nspec:\n nodeName: kube-ovn-worker\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
The actual test results show as follows:
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nsg-test-pod 0/1 ContainerCreating 0 5h32m <none> kube-ovn-worker <none> <none>\ntest-99fff7f86-52h9r 1/1 Running 0 5h41m 10.16.0.14 kube-ovn-control-plane <none> <none>\ntest-99fff7f86-qcgjw 1/1 Running 0 5h43m 10.16.0.13 kube-ovn-worker <none> <none>\n
Execute kubectl describe pod to see information about the pod, and you can see the error message:
# kubectl describe pod sg-test-pod\nName: sg-test-pod\nNamespace: default\nPriority: 0\nNode: kube-ovn-worker/172.18.0.2\nStart Time: Tue, 28 Feb 2023 10:29:36 +0800\nLabels: app=static\nAnnotations: ovn.kubernetes.io/allocated: true\n ovn.kubernetes.io/cidr: 10.16.0.0/16\n ovn.kubernetes.io/gateway: 10.16.0.1\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/logical_router: ovn-cluster\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:FA:17:97\n ovn.kubernetes.io/pod_nic_type: veth-pair\n ovn.kubernetes.io/port_security: true\n ovn.kubernetes.io/routed: true\n ovn.kubernetes.io/security_groups: sg-allow-reject\nStatus: Pending\nIP:\nIPs: <none>\n-\n- -\n- -\nEvents:\n Type Reason Age From Message\n ---- ------ ---- ---- -------\n Warning FailedCreatePodSandBox 5m3s (x70 over 4h59m) kubelet (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox \"40636e0c7f1ade5500fa958486163d74f2e2300051a71522a9afd7ba0538afb6\": plugin type=\"kube-ovn\" failed ( add): RPC failed; request ip return 500 configure nic failed 10.16.0.15 network not ready after 200 ping 10.16.0.1\n
Modify the rules for the security group to add access rules to the gateway, refer to the following:
apiVersion: kubeovn.io/v1\nkind: SecurityGroup\nmetadata:\n name: sg-gw-both\nspec:\n allowSameGroupTraffic: true\n egressRules:\n - ipVersion: ipv4\n policy: allow\n priority: 2\n protocol: all\n remoteAddress: 10.16.0.13\n remoteType: address\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: all\n remoteAddress: 10.16.0.1\n remoteType: address\n ingressRules:\n - ipVersion: ipv4\n policy: deny\n priority: 2\n protocol: icmp\n remoteAddress: 10.16.0.14\n remoteType: address\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: icmp\n remoteAddress: 10.16.0.1\n remoteType: address\n
In the inbound and outbound rules respectively, add a rule to allow access to the gateway, and set the rule to have the highest priority.
Deploying with the following yaml to bind security group, confirm that the Pod is operational:
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n app: static\n annotations:\n ovn.kubernetes.io/port_security: 'true'\n ovn.kubernetes.io/security_groups: 'sg-gw-both'\n name: sg-gw-both\n namespace: default\nspec:\n nodeName: kube-ovn-worker\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
To view Pod information after deployment:
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nsg-test-pod 0/1 ContainerCreating 0 5h41m <none> kube-ovn-worker <none> <none>\nsg-gw-both 1/1 Running 0 5h37m 10.16.0.19 kube-ovn-worker <none> <none>\n
So for the use of security groups, be particularly clear about the effect of the added restriction rules. If it is simply to restrict traffic access, consider using a network policy instead.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/vip/","title":"VIP Reservation","text":"In some scenarios we want to dynamically reserve part of the IP but not assign it to Pods but to other infrastructure e.g:
- Kubernetes nested Kubernetes scenarios where the upper Kubernetes uses the Underlay network take up the available addresses of the underlying Subnet.
- LB or other network infrastructure requires the use of an IP within a Subnet.
"},{"location":"en/advance/vip/#create-random-address-vip","title":"Create Random Address VIP","text":"If you just want to set aside a number of IPs and have no requirement for the IP addresses themselves, you can use the following yaml to create them:
apiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: vip-dynamic-01\nspec:\n subnet: ovn-default\n type: \"\"\n
subnet: reserve the IP from this Subnet.type: Currently, two types are supported. If the value is empty, it indicates that it is only used for occupying ip addresses of ipam. switch_lb_vip The front-end vip address and back-end ip address of the switch lb must be on the same subnet.
Query the VIP after creation.
# kubectl get vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\nvip-dynamic-01 10.16.0.12 00:00:00:F0:DB:25 ovn-default true\n
It can be seen that the VIP is assigned the IP address 10.16.0.12, which can later be used by other network infrastructures.
"},{"location":"en/advance/vip/#create-a-fixed-address-vip","title":"Create a fixed address VIP","text":"The IP address of the reserved VIP can be fixed using the following yaml:
apiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: static-vip01\nspec:\n subnet: ovn-default \n V4ip: \"10.16.0.121\"\n
subnet: reserve the IP from this Subnet.V4ip: A fixed-assigned IP address that should within the CIDR range of subnet.
Query the VIP after creation:
# kubectl get vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\nstatic-vip01 10.16.0.121 00:00:00:F0:DB:26 ovn-default true\n
It can be seen that the VIP has been assigned the expected IP address.
"},{"location":"en/advance/vip/#statefulset-kubevirt-vm-keep-vip","title":"StatefulSet & Kubevirt VM keep VIP","text":"Specify for StatefulSet and VM resources, these Pods their owned will reuse the VIP when these Pods recreating.
VM keep VIP must be enable the keep-vm-ip param in kube-ovn-controller. Refer Kubevirt VM Fixed Address Settings
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/vpc-dns/","title":"Custom VPC DNS","text":"Due to the isolation of the user-defined VPC and the default VPC network, the coredns deployed in the default VPC cannot be accessed from within the custom VPC. If you wish to use the intra-cluster domain name resolution capability provided by Kubernetes within your custom VPC, you can refer to this document and utilize the vpc-dns CRD to do so.
This CRD eventually deploys a coredns that has two NICs, one in the user-defined VPC and the other in the default VPC to enable network interoperability and provide an internal load balancing within the custom VPC through the custom VPC internal load balancing.
"},{"location":"en/advance/vpc-dns/#deployment-of-vpc-dns-dependent-resources","title":"Deployment of vpc-dns dependent resources","text":"apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:vpc-dns\nrules:\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - namespaces\n verbs:\n - list\n - watch\n - apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n annotations:\n rbac.authorization.kubernetes.io/autoupdate: \"true\"\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: vpc-dns\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:vpc-dns\nsubjects:\n- kind: ServiceAccount\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-corefile\n namespace: kube-system\ndata:\n Corefile: |\n .:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n forward . /etc/resolv.conf {\n prefer_udp\n }\n cache 30\n loop\n reload\n loadbalance\n }\n
In addition to the above resources, the feature relies on the nat-gw-pod image for routing configuration.
"},{"location":"en/advance/vpc-dns/#configuring-additional-network","title":"Configuring Additional Network","text":"apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-nad\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-nad.default.ovn\"\n }'\n
"},{"location":"en/advance/vpc-dns/#configuring-configmap-for-vpc-dns","title":"Configuring Configmap for vpc-dns","text":"Create a configmap under the kube-system namespace to configure the vpc-dns usage parameters that will be used later to start the vpc-dns function:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-config\n namespace: kube-system\ndata:\n coredns-vip: 10.96.0.3\n enable-vpc-dns: \"true\"\n nad-name: ovn-nad\n nad-provider: ovn-nad.default.ovn\n
enable-vpc-dns\uff1aenable vpc dns feature, true as defaultcoredns-image\uff1adns deployment image. Defaults to the clustered coredns deployment versioncoredns-vip\uff1aThe vip that provides lb services for coredns.coredns-template\uff1aThe URL where the coredns deployment template is located. defaults to the current version of the ovn directory. coredns-template.yaml default is https://raw.githubusercontent.com/kubeovn/kube-ovn/<kube-ovn version>/yamls/coredns-template.yaml.nad-name\uff1aConfigured network-attachment-definitions Resource name.nad-provider\uff1aThe name of the provider to use.k8s-service-host\uff1aThe ip used for coredns to access the k8s apiserver service, defaults to the apiserver address within the cluster.k8s-service-port\uff1aThe port used for coredns to access the k8s apiserver service, defaults to the apiserver port within the cluster.
"},{"location":"en/advance/vpc-dns/#deploying-vpc-dns","title":"Deploying vpc-dns","text":"configure vpc-dns yaml\uff1a
kind: VpcDns\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-cjh1\nspec:\n vpc: cjh-vpc-1\n subnet: cjh-subnet-1\n replicas: 2\n
vpc \uff1a The name of the vpc used to deploy the dns component.subnet\uff1aSub-name for deploying dns components.replicas: vpc dns deployment replicas
View information about deployed resources:
# kubectl get vpc-dns\nNAME ACTIVE VPC SUBNET \ntest-cjh1 false cjh-vpc-1 cjh-subnet-1 \ntest-cjh2 true cjh-vpc-1 cjh-subnet-2 \n
ACTIVE : true Customized dns component deployed, false No deployment.
Restrictions: only one custom dns component will be deployed under a VPC
- When multiple vpc-dns resources are configured under a VPC (i.e., different subnets for the same VPC), only one vpc-dns resource is in the state
true``, and the others arefasle`. - When the
true vpc-dns is removed, the other false vpc-dns will be obtained for deployment.
"},{"location":"en/advance/vpc-dns/#validate-deployment-results","title":"Validate deployment results","text":"To view vpc-dns Pod status, use label app=vpc-dns to view all vpc-dns pod status:
# kubectl -n kube-system get pods -l app=vpc-dns\nNAME READY STATUS RESTARTS AGE\nvpc-dns-test-cjh1-7b878d96b4-g5979 1/1 Running 0 28s\nvpc-dns-test-cjh1-7b878d96b4-ltmf9 1/1 Running 0 28s\n
View switch lb rule status information:
# kubectl -n kube-system get slr\nNAME VIP PORT(S) SERVICE AGE\nvpc-dns-test-cjh1 10.96.0.3 53/UDP,53/TCP,9153/TCP kube-system/slr-vpc-dns-test-cjh1 113s\n
Go to the Pod under this VPC and test the dns resolution:
nslookup kubernetes.default.svc.cluster.local 10.96.0.3\n
The subnet where the switch lb rule under this VPC is located and the pods under other subnets under the same VPC can be resolved.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/vpc-internal-lb/","title":"Customize VPC Internal Load Balancing","text":"The Service provided by Kubernetes can be used for load balancing within the cluster. However, there are several issues with using Service as internal load balancing in customize VPC mode:
- The Service IP range is a cluster resource, shared by all customize VPCs, and cannot overlap.
- Users cannot set internal load balancing IP addresses according to their own preferences.
To address the above issues, Kube OVN introduced the SwitchLBRule CRD in 1.11, allowing users to set internal load balancing rules within customize VPCs.
SwitchLBRule support the following two ways to set internal load balancing rules within a customize VPC.
"},{"location":"en/advance/vpc-internal-lb/#automatically-generate-load-balancing-rules-by-selector","title":"Automatically Generate Load Balancing Rules by Selector","text":"Load balancing rules can be generated by selector automatic association with pod configuration through label.
example of SwitchLBRule is as follows:
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n selector:\n - app:nginx\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
-
usage of selector, sessionAffinity, and port is the same as Kubernetes Service.
-
vip\uff1acustomize load balancing IP address.
-
namespace\uff1anamespace of the pod selected by selector.
Kube OVN will determine the VPC of the selected pod based on the SwitchLBRule definition and set the corresponding L2 LB.
"},{"location":"en/advance/vpc-internal-lb/#manually-defined-load-balancing-rules-by-endpoints","title":"Manually Defined Load Balancing Rules by Endpoints","text":"Load balancing rules can be customized configured by endpoints, to support scenarios where load balancing rules cannot be automatically generated through selector. For example, the load balancing backend is vm created by kubevirt.
example of SwitchLBRule is as follows:
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n endpoints:\n - 192.168.0.101\n - 192.168.0.102\n - 192.168.0.103\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
-
usage of sessionAffinity, and port is the same as Kubernetes Service.
-
vip\uff1acustomize load balancing IP address.
-
namespace\uff1anamespace of the pod selected by selector.
-
endpoints\uff1aload balancing backend IP list.
attention\uff1aIf both selector and endpoints are configured, the selector configuration will be automatically ignored.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/vpc-peering/","title":"VPC Peering","text":"VPC peering provides a mechanism for bridging two VPC networks through logical routes so that workloads within two VPCs can access each other through private addresses as if they were on the same private network, without the need for NAT forwarding through a gateway.
"},{"location":"en/advance/vpc-peering/#prerequisites","title":"Prerequisites","text":" - This feature is only available for customized VPCs.
- To avoid route overlap the subnet CIDRs within the two VPCs cannot overlap.
- Currently, only interconnection of two VPCs is supported.
"},{"location":"en/advance/vpc-peering/#usage","title":"Usage","text":"First create two non-interconnected VPCs with one Subnet under each VPC, and the CIDRs of the Subnets do not overlap with each other.
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-1\nspec: {}\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net1\nspec:\n vpc: vpc-1\n cidrBlock: 10.0.0.0/16\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-2\nspec: {}\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: vpc-2\n cidrBlock: 172.31.0.0/16\n
Add vpcPeerings and the corresponding static routes within each VPC:
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-1\nspec: \n vpcPeerings:\n - remoteVpc: vpc-2\n localConnectIP: 169.254.0.1/30\n staticRoutes:\n - cidr: 172.31.0.0/16\n nextHopIP: 169.254.0.2\n policy: policyDst\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-2\nspec:\n vpcPeerings:\n - remoteVpc: vpc-1\n localConnectIP: 169.254.0.2/30\n staticRoutes:\n - cidr: 10.0.0.0/16\n nextHopIP: 169.254.0.1\n policy: policyDst\n
remoteVpc: The name of another peering VPC.localConnectIP: As the IP address and CIDR of the interconnection endpoint. Note that both IPs should belong to the same CIDR and should not conflict with existing subnets.cidr\uff1aCIDR of the peering Subnet.nextHopIP\uff1aThe localConnectIP on the other end of the peering VPC.
Create Pods under the two Subnets
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net1\n name: vpc-1-pod\nspec:\n containers:\n - name: vpc-1-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net2\n name: vpc-2-pod\nspec:\n containers:\n - name: vpc-2-pod\n image: docker.io/library/nginx:alpine\n
Test the network connectivity
# kubectl exec -it vpc-1-pod -- ping $(kubectl get pod vpc-2-pod -o jsonpath='{.status.podIP}')\nPING 172.31.0.2 (172.31.0.2): 56 data bytes\n64 bytes from 172.31.0.2: seq=0 ttl=62 time=0.655 ms\n64 bytes from 172.31.0.2: seq=1 ttl=62 time=0.086 ms\n64 bytes from 172.31.0.2: seq=2 ttl=62 time=0.098 ms\n^C\n--- 172.31.0.2 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.086/0.279/0.655 ms\n# kubectl exec -it vpc-2-pod -- ping $(kubectl get pod vpc-1-pod -o jsonpath='{.status.podIP}')\nPING 10.0.0.2 (10.0.0.2): 56 data bytes\n64 bytes from 10.0.0.2: seq=0 ttl=62 time=0.594 ms\n64 bytes from 10.0.0.2: seq=1 ttl=62 time=0.093 ms\n64 bytes from 10.0.0.2: seq=2 ttl=62 time=0.088 ms\n^C\n--- 10.0.0.2 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.088/0.258/0.594 ms\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/windows/","title":"Windows Support","text":"Kube-OVN supports Kubernetes cluster networks that include Windows system nodes, allowing unified containers network management.
"},{"location":"en/advance/windows/#prerequisites","title":"Prerequisites","text":" - Read Adding Windows nodes to add Windows nodes.
- Windows nodes must have the KB4489899 patch installed for Overlay/VXLAN networks to work properly, and it is recommended to update your system to the latest version.
- Hyper-V and management tools must be installed on the Windows node.
- Due to Windows restrictions tunnel encapsulation can only be used in Vxlan mode.
- SSL, IPv6, dual-stack, QoS features are not supported at this time.
- Dynamic subnet and dynamic tunnel interface are not supported at this time. You need to create the subnet and select the network interface before installing the Windows node.
- Multiple
ProviderNetworks are not supported, and the bridge interface configuration cannot be dynamically adjusted.
"},{"location":"en/advance/windows/#install-ovs-on-windows","title":"Install OVS on Windows","text":"Due to some issues with upstream OVN and OVS support for Windows containers, a modified installation package provided by Kube-OVN is required.
Use the following command to enable the TESTSIGNING startup item on the Windows node, which requires a system reboot to take effect.
bcdedit /set LOADOPTIONS DISABLE_INTEGRITY_CHECKS\nbcdedit /set TESTSIGNING ON\nbcdedit /set nointegritychecks ON\n
Download Windows package on Windows node and install.
Confirm that the service is running properly after installation:
PS > Get-Service | findstr ovs\nRunning ovsdb-server Open vSwitch DB Service\nRunning ovs-vswitchd Open vSwitch Service\n
"},{"location":"en/advance/windows/#install-kube-ovn","title":"Install Kube-OVN","text":"Download the installation script in the Windows node install.ps1.
Add relevant parameters and run:
.\\install.ps1 -KubeConfig C:\\k\\admin.conf -ApiServer https://192.168.140.180:6443 -ServiceCIDR 10.96.0.0/12\n
By default, Kube-OVN uses the NIC where the node IP is located as the tunnel interface. If you need to use another NIC, you need to add the specified annotation to the Node before installation, e.g. ovn.kubernetes.io/tunnel_interface=Ethernet1.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/with-bgp/","title":"BGP Support","text":"Kube-OVN supports broadcasting the IP address of the Pod or Subnet to the outside world via BGP protocol, so that the outside world can access the Pod directly through the Pod IP. To use this feature, you need to install kube-ovn-speaker on specific nodes and add the corresponding annotation to the Pod or Subnet that needs to be exposed to the outside world.
"},{"location":"en/advance/with-bgp/#install-kube-ovn-speaker","title":"Install kube-ovn-speaker","text":"kube-ovn-speaker use GoBGP to publish routing information to the outside world and set the next-hop route to itself.
Since the node where kube-ovn-speaker is deployed needs to carry return traffic, specific labeled nodes need to be selected for deployment:
kubectl label nodes speaker-node-1 ovn.kubernetes.io/bgp=true\nkubectl label nodes speaker-node-2 ovn.kubernetes.io/bgp=true\n
When there are multiple instances of kube-ovn-speaker, each of them will publish routes to the outside world, the upstream router needs to support multi-path ECMP.
Download the corresponding yaml:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/yamls/speaker.yaml\n
Modify the corresponding configuration in yaml:
--neighbor-address=10.32.32.1\n--neighbor-as=65030\n--cluster-as=65000\n
neighbor-address: The address of the BGP Peer, usually the router gateway address.neighbor-as: The AS number of the BGP Peer.cluster-as: The AS number of the container network.
Deploy yaml:
kubectl apply -f speaker.yaml\n
"},{"location":"en/advance/with-bgp/#publish-podsubnet-routes","title":"Publish Pod/Subnet Routes","text":"To use BGP for external routing, first set natOutgoing to false for the corresponding Subnet to allow the Pod IP to enter the underlying network directly.
Add annotation to publish routes:
kubectl annotate pod sample ovn.kubernetes.io/bgp=true\nkubectl annotate subnet ovn-default ovn.kubernetes.io/bgp=true\n
Delete annotation to disable the publishing:
kubectl annotate pod perf-ovn-xzvd4 ovn.kubernetes.io/bgp-\nkubectl annotate subnet ovn-default ovn.kubernetes.io/bgp-\n
"},{"location":"en/advance/with-bgp/#bgp-advance-options","title":"BGP Advance Options","text":"kube-ovn-speaker supports more BGP parameters for advanced configuration, which can be adjusted by users according to their network environment:
announce-cluster-ip: Whether to publish Service routes to the public, default is false.auth-password: The access password for the BGP peer.holdtime: The heartbeat detection time between BGP neighbors. Neighbors with no messages after the change time will be removed, the default is 90 seconds.graceful-restart: Whether to enable BGP Graceful Restart.graceful-restart-time: BGP Graceful restart time refer to RFC4724 3.graceful-restart-deferral-time: BGP Graceful restart deferral time refer to RFC4724 4.1.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/with-cilium/","title":"Integration with Cilium","text":"Cilium is an eBPF-based networking and security component. Kube-OVN uses the CNI Chaining mode to enhance existing features. Users can use both the rich network abstraction capabilities of Kube-OVN and the monitoring and security capabilities that come with eBPF.
By integrating Cilium, Kube-OVN users can have the following gains:
- Richer and more efficient security policies.
- Hubble-based monitoring and UI.
"},{"location":"en/advance/with-cilium/#prerequisites","title":"Prerequisites","text":" - Linux kernel version above 4.19 or other compatible kernel for full eBPF capability support.
- Install Helm in advance to prepare for the installation of Cilium, please refer to Installing Helm to deploy Helm.
"},{"location":"en/advance/with-cilium/#configure-kube-ovn","title":"Configure Kube-OVN","text":"In order to fully utilize the security capabilities of Cilium, you need to disable the networkpolicy feature within Kube-OVN and adjust the CNI configuration priority.
Change the following variables in the install.sh script:
ENABLE_NP=false\nCNI_CONFIG_PRIORITY=10\n
If the deployment is complete, you can adjust the args of kube-ovn-controller:
args:\n- --enable-np=false\n
Modify the kube-ovn-cni args to adjust the CNI configuration priority:
args:\n- --cni-conf-name=10-kube-ovn.conflist\n
Adjust the Kube-OVN cni configuration name on each node:
mv /etc/cni/net.d/01-kube-ovn.conflist /etc/cni/net.d/10-kube-ovn.conflist\n
"},{"location":"en/advance/with-cilium/#deploy-cilium","title":"Deploy Cilium","text":"Create the chaining.yaml configuration file to use Cilium's generic-veth mode:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: cni-configuration\n namespace: kube-system\ndata:\n cni-config: |-\n {\n \"name\": \"generic-veth\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n },\n {\n \"type\": \"cilium-cni\"\n }\n ]\n }\n
Installation the chaining config:
kubectl apply -f chaining.yaml\n
Deploying Cilium with Helm:
helm repo add cilium https://helm.cilium.io/\nhelm install cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --set cni.chainingMode=generic-veth \\\n --set cni.customConf=true \\\n --set cni.configMap=cni-configuration \\\n --set tunnel=disabled \\\n --set enableIPv4Masquerade=false \\\n --set enableIdentityMark=false \n
Confirm that the Cilium installation was successful:
# cilium status\n /\u00af\u00af\\\n /\u00af\u00af\\__/\u00af\u00af\\ Cilium: OK\n \\__/\u00af\u00af\\__/ Operator: OK\n /\u00af\u00af\\__/\u00af\u00af\\ Hubble: disabled\n \\__/\u00af\u00af\\__/ ClusterMesh: disabled\n \\__/\n\nDaemonSet cilium Desired: 2, Ready: 2/2, Available: 2/2\nDeployment cilium-operator Desired: 2, Ready: 2/2, Available: 2/2\nContainers: cilium Running: 2\n cilium-operator Running: 2\nCluster Pods: 8/11 managed by Cilium\nImage versions cilium quay.io/cilium/cilium:v1.10.5@sha256:0612218e28288db360c63677c09fafa2d17edda4f13867bcabf87056046b33bb: 2\n cilium-operator quay.io/cilium/operator-generic:v1.10.5@sha256:2d2f730f219d489ff0702923bf24c0002cd93eb4b47ba344375566202f56d972: 2\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/with-openstack/","title":"Integration with OpenStack","text":"In some cases, users need to run virtual machines with OpenStack and containers with Kubernetes, and need the network to interoperate between containers and virtual machines and be under a unified control plane. If the OpenStack Neutron side also uses OVN as the underlying network, then Kube-OVN can use either cluster interconnection or shared underlying OVN to connect the OpenStack and Kubernetes networks.
"},{"location":"en/advance/with-openstack/#cluster-interconnection","title":"Cluster Interconnection","text":"This pattern is similar to Cluster Inter-Connection with OVN-IC to connect two Kubernetes cluster networks, except that the two ends of the cluster are replaced with OpenStack and Kubernetes\u3002
"},{"location":"en/advance/with-openstack/#prerequisites","title":"Prerequisites","text":" - The subnet CIDRs within OpenStack and Kubernetes cannot overlap with each other in auto-route mode.
- A set of machines needs to exist that can be accessed by each cluster over the network and used to deploy controllers that interconnect across clusters.
- Each cluster needs to have a set of machines that can access each other across clusters via IP as the gateway nodes.
- This solution only connects to the Kubernetes default subnet with selected VPC in OpenStack.
"},{"location":"en/advance/with-openstack/#deploy-ovn-ic-db","title":"Deploy OVN-IC DB","text":"Start the OVN-IC DB with the following command:
docker run --name=ovn-ic-db -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh\n
"},{"location":"en/advance/with-openstack/#kubernetes-side-operations","title":"Kubernetes Side Operations","text":"Create ovn-ic-config ConfigMap in kube-system Namespace \uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
enable-ic: Whether to enable cluster interconnection.az-name: Distinguish the cluster names of different clusters, each interconnected cluster needs to be different.ic-db-host: Address of the node where the OVN-IC DB is deployed.ic-nb-port: OVN-IC Northbound Database port, default 6645.ic-sb-port: OVN-IC Southbound Database port, default 6645.gw-nodes: The name of the nodes in the cluster interconnection that takes on the work of the gateways, separated by commas.auto-route: Whether to automatically publish and learn routes.
"},{"location":"en/advance/with-openstack/#openstack-side-operations","title":"OpenStack Side Operations","text":"Create logical routers that interconnect with Kubernetes:
# openstack router create router0\n# openstack router list\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| ID | Name | Status | State | Project |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| d5b38655-249a-4192-8046-71aa4d2b4af1 | router0 | ACTIVE | UP | 98a29ab7388347e7b5ff8bdd181ba4f9 |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n
Set the availability zone name in the OVN northbound database within OpenStack, which needs to be different from the other interconnected clusters:
ovn-nbctl set NB_Global . name=op-az\n
Start the OVN-IC controller at a node that has access to the OVN-IC DB:
/usr/share/ovn/scripts/ovn-ctl --ovn-ic-nb-db=tcp:192.168.65.3:6645 \\\n --ovn-ic-sb-db=tcp:192.168.65.3:6646 \\\n --ovn-northd-nb-db=unix:/run/ovn/ovnnb_db.sock \\\n --ovn-northd-sb-db=unix:/run/ovn/ovnsb_db.sock \\\n start_ic\n
ovn-ic-nb-db\uff0covn-ic-sb-db: OVN-IC Northbound database and southbound database addresses.ovn-northd-nb-db\uff0c ovn-northd-sb-db: Current cluster OVN northbound database and southbound data address.
Configuration gateway nodes:
ovs-vsctl set open_vswitch . external_ids:ovn-is-interconn=true\n
The next step is to create a logical topology by operating the OVN in OpenStack.
Connect the ts interconnect switch and the router0 logical router, and set the relevant rules:
ovn-nbctl lrp-add router0 lrp-router0-ts 00:02:ef:11:39:4f 169.254.100.73/24\novn-nbctl lsp-add ts lsp-ts-router0 -- lsp-set-addresses lsp-ts-router0 router \\\n -- lsp-set-type lsp-ts-router0 router \\\n -- lsp-set-options lsp-ts-router0 router-port=lrp-router0-ts\novn-nbctl lrp-set-gateway-chassis lrp-router0-ts {gateway chassis} 1000\novn-nbctl set NB_Global . options:ic-route-adv=true options:ic-route-learn=true\n
Verify that OpenStack has learned the Kubernetes routing rules:
# ovn-nbctl lr-route-list router0\nIPv4 Routes\n 10.0.0.22 169.254.100.34 dst-ip (learned)\n 10.16.0.0/16 169.254.100.34 dst-ip (learned)\n
Next, you can create a virtual machine under the router0 network to verify that it can interconnect with Pods under Kubernetes.
"},{"location":"en/advance/with-openstack/#shared-underlay-ovn","title":"Shared Underlay OVN","text":"In this scenario, OpenStack and Kubernetes share the same OVN, so concepts such as VPC and Subnet can be pulled together for better control and interconnection.
In this mode we deploy the OVN normally using Kube-OVN, and OpenStack modifies the Neutron configuration to connect to the same OVN DB. OpenStack requires networking-ovn as a Neutron backend implementation.
"},{"location":"en/advance/with-openstack/#neutron-modification","title":"Neutron Modification","text":"Modify the Neutron configuration file /etc/neutron/plugins/ml2/ml2_conf.ini\uff1a
[ovn]\n...\novn_nb_connection = tcp:[192.168.137.176]:6641,tcp:[192.168.137.177]:6641,tcp:[192.168.137.178]:6641\novn_sb_connection = tcp:[192.168.137.176]:6642,tcp:[192.168.137.177]:6642,tcp:[192.168.137.178]:6642\novn_l3_scheduler = OVN_L3_SCHEDULER\n
ovn_nb_connection\uff0c ovn_sb_connection: The address needs to be changed to the address of the ovn-central nodes deployed by Kube-OVN.
Modify the OVS configuration for each node:
ovs-vsctl set open . external-ids:ovn-remote=tcp:[192.168.137.176]:6642,tcp:[192.168.137.177]:6642,tcp:[192.168.137.178]:6642\novs-vsctl set open . external-ids:ovn-encap-type=geneve\novs-vsctl set open . external-ids:ovn-encap-ip=192.168.137.200\n
external-ids:ovn-remote: The address needs to be changed to the address of the ovn-central nodes deployed by Kube-OVN.ovn-encap-ip: Change to the IP address of the current node.
"},{"location":"en/advance/with-openstack/#using-openstack-internal-resources-in-kubernetes","title":"Using OpenStack Internal Resources in Kubernetes","text":"The next section describes how to query OpenStack's network resources in Kubernetes and create Pods in the subnet from OpenStack.
Query the existing network resources in OpenStack for the following resources that have been pre-created.
# openstack router list\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| ID | Name | Status | State | Project |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| 22040ed5-0598-4f77-bffd-e7fd4db47e93 | router0 | ACTIVE | UP | 62381a21d569404aa236a5dd8712449c |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n# openstack network list\n+--------------------------------------+----------+--------------------------------------+\n| ID | Name | Subnets |\n+--------------------------------------+----------+--------------------------------------+\n| cd59e36a-37db-4c27-b709-d35379a7920f | provider | 01d73d9f-fdaa-426c-9b60-aa34abbfacae |\n+--------------------------------------+----------+--------------------------------------+\n# openstack subnet list\n+--------------------------------------+-------------+--------------------------------------+----------------+\n| ID | Name | Network | Subnet |\n+--------------------------------------+-------------+--------------------------------------+----------------+\n| 01d73d9f-fdaa-426c-9b60-aa34abbfacae | provider-v4 | cd59e36a-37db-4c27-b709-d35379a7920f | 192.168.1.0/24 |\n+--------------------------------------+-------------+--------------------------------------+----------------+\n# openstack server list\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n| ID | Name | Status | Networks | Image | Flavor |\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n| 8433d622-a8d6-41a7-8b31-49abfd64f639 | provider-instance | ACTIVE | provider=192.168.1.61 | ubuntu | m1 |\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n
On the Kubernetes side, query the VPC resources from OpenStack:
# kubectl get vpc\nNAME STANDBY SUBNETS\nneutron-22040ed5-0598-4f77-bffd-e7fd4db47e93 true [\"neutron-cd59e36a-37db-4c27-b709-d35379a7920f\"]\novn-cluster true [\"join\",\"ovn-default\"]\n
neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93 is the VPC resources synchronized from OpenStack.
Next, you can create Pods and run them according to Kube-OVN's native VPC and Subnet operations.
Bind VPC, Subnet to Namespace net2 and create Pod:
apiVersion: v1\nkind: Namespace\nmetadata:\n name: net2\n---\napiVersion: kubeovn.io/v1\nkind: Vpc\nmetadata:\n creationTimestamp: \"2021-06-20T13:34:11Z\"\n generation: 2\n labels:\n ovn.kubernetes.io/vpc_external: \"true\"\n name: neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93\n resourceVersion: \"583728\"\n uid: 18d4c654-f511-4def-a3a0-a6434d237c1e\nspec:\n namespaces:\n - net2\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93\n namespaces:\n - net2\n cidrBlock: 12.0.1.0/24\n natOutgoing: false\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: ubuntu\n namespace: net2\nspec:\n containers:\n - image: docker.io/kubeovn/kube-ovn:v1.8.0\n command:\n - \"sleep\"\n - \"604800\"\n imagePullPolicy: IfNotPresent\n name: ubuntu\n restartPolicy: Always\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/with-ovn-ic/","title":"Cluster Inter-Connection with OVN-IC","text":"Kube-OVN supports interconnecting two Kubernetes cluster Pod networks via OVN-IC, and the Pods in the two clusters can communicate directly via Pod IPs . Kube-OVN uses tunnels to encapsulate cross-cluster traffic, allowing container networks to interconnect between two clusters as long as there is a set of IP reachable machines.
This mode of multi-cluster interconnection is for Overlay network. For Underlay network, it needs the underlying infrastructure to do the inter-connection work.
"},{"location":"en/advance/with-ovn-ic/#prerequisites","title":"Prerequisites","text":" -
Clusters configured in versions after 1.11.16 have the cluster interconnection switch turned off by default. You need to mark the following in the configuration script install.sh:
ENABLE_IC=true\n
After opening the switch and deploying the cluster, the component deployment ovn-ic-controller will appear. 2. The subnet CIDRs within OpenStack and Kubernetes cannot overlap with each other in auto-interconnect mode. If there is overlap, you need to refer to the subsequent manual interconnection process, which can only connect non-overlapping Subnets. 3. A set of machines needs to exist that can be accessed by each cluster over the network and used to deploy controllers that interconnect across clusters. 4. Each cluster needs to have a set of machines that can access each other across clusters via IP as the gateway nodes. 5. This solution only connects to the Kubernetes default VPCs.
"},{"location":"en/advance/with-ovn-ic/#deploy-a-single-node-ovn-ic-db","title":"Deploy a single-node OVN-IC DB","text":"Deploy the OVN-IC DB on a machine accessible by kube-ovn-controller, This DB will hold the network configuration information synchronized up from each cluster.
An environment deploying docker can start the OVN-IC DB with the following command.
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh\n
For deploying a containerd environment instead of docker you can use the following command:
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh\n
"},{"location":"en/advance/with-ovn-ic/#automatic-routing-mode","title":"Automatic Routing Mode","text":"In auto-routing mode, each cluster synchronizes the CIDR information of the Subnet under its own default VPC to OVN-IC, so make sure there is no overlap between the Subnet CIDRs of the two clusters.
Create ovn-ic-config ConfigMap in kube-system Namespace:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
enable-ic: Whether to enable cluster interconnection.az-name: Distinguish the cluster names of different clusters, each interconnected cluster needs to be different.ic-db-host: Address of the node where the OVN-IC DB is deployed.ic-nb-port: OVN-IC Northbound Database port, default 6645.ic-sb-port: OVN-IC Southbound Database port, default 6645.gw-nodes: The name of the nodes in the cluster interconnection that takes on the work of the gateways, separated by commas.auto-route: Whether to automatically publish and learn routes.
Note: To ensure the correct operation, the ConfigMap ovn-ic-config is not allowed to be modified. If any parameter needs to be changed, please delete this ConfigMap, modify it and then apply it again.
Check if the interconnected logical switch ts has been established in the ovn-ic container with the following command\uff1a
# ovn-ic-sbctl show\navailability-zone az1\n gateway deee03e0-af16-4f45-91e9-b50c3960f809\n hostname: az1-gw\n type: geneve\n ip: 192.168.42.145\n port ts-az1\n transit switch: ts\n address: [\"00:00:00:50:AC:8C 169.254.100.45/24\"]\navailability-zone az2\n gateway e94cc831-8143-40e3-a478-90352773327b\n hostname: az2-gw\n type: geneve\n ip: 192.168.42.149\n port ts-az2\n transit switch: ts\n address: [\"00:00:00:07:4A:59 169.254.100.63/24\"]\n
At each cluster observe if logical routes have learned peer routes:
# kubectl ko nbctl lr-route-list ovn-cluster\nIPv4 Routes\n 10.42.1.1 169.254.100.45 dst-ip (learned)\n 10.42.1.3 100.64.0.2 dst-ip\n 10.16.0.2 100.64.0.2 src-ip\n 10.16.0.3 100.64.0.2 src-ip\n 10.16.0.4 100.64.0.2 src-ip\n 10.16.0.6 100.64.0.2 src-ip\n 10.17.0.0/16 169.254.100.45 dst-ip (learned)\n 100.65.0.0/16 169.254.100.45 dst-ip (learned)\n
Next, you can try ping a Pod IP in Cluster 1 directly from a Pod in Cluster 2 to see if you can work.
For a subnet that does not want to automatically publish routes to the other end, you can disable route broadcasting by modifying disableInterConnection in the Subnet spec.
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: no-advertise\nspec:\n cidrBlock: 10.199.0.0/16\n disableInterConnection: true\n
"},{"location":"en/advance/with-ovn-ic/#manual-routing-mode","title":"Manual Routing Mode","text":"For cases where there are overlapping CIDRs between clusters, and you only want to do partial subnet interconnection, you can manually publish subnet routing by following the steps below.
Create ovn-ic-config ConfigMap in kube-system Namespace, and set auto-route to false:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"false\"\n
Find the address of the remote logical ports in each cluster separately, for later manual configuration of the route:
[root@az1 ~]# kubectl ko nbctl show\nswitch a391d3a1-14a0-4841-9836-4bd930c447fb (ts)\n port ts-az1\n type: router\n router-port: az1-ts\n port ts-az2\n type: remote\n addresses: [\"00:00:00:4B:E2:9F 169.254.100.31/24\"]\n\n[root@az2 ~]# kubectl ko nbctl show\nswitch da6138b8-de81-4908-abf9-b2224ec4edf3 (ts)\n port ts-az2\n type: router\n router-port: az2-ts\n port ts-az1\n type: remote\n addresses: [\"00:00:00:FB:2A:F7 169.254.100.79/24\"] \n
The output above shows that the remote address from cluster az1 to cluster az2 is 169.254.100.31 and the remote address from az2 to az1 is 169.254.100.79.
In this example, the subnet CIDR within cluster az1 is 10.16.0.0/24 and the subnet CIDR within cluster az2 is 10.17.0.0/24.
Set up a route from cluster az1 to cluster az2 in cluster az1:
kubectl ko nbctl lr-route-add ovn-cluster 10.17.0.0/24 169.254.100.31\n
Set up a route to cluster az1 in cluster az2:
kubectl ko nbctl lr-route-add ovn-cluster 10.16.0.0/24 169.254.100.79\n
"},{"location":"en/advance/with-ovn-ic/#highly-available-ovn-ic-db-installation","title":"Highly Available OVN-IC DB Installation","text":"A highly available cluster can be formed between OVN-IC DB via the Raft protocol, which requires a minimum of 3 nodes for this deployment model.
First start the leader of the OVN-IC DB on the first node.
Users deploying a docker environment can use the following command:
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP=\"192.168.65.3\" -e NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\" kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh\n
If you are using containerd you can use the following command:
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" --env=\"NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\"\" --env=\"LOCAL_IP=\"192.168.65.3\"\" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh\n
LOCAL_IP\uff1a The IP address of the node where the current container is located.NODE_IPS\uff1a The IP addresses of the three nodes running the OVN-IC database, separated by commas.
Next, deploy the follower of the OVN-IC DB on the other two nodes.
docker environment can use the following command.
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP=\"192.168.65.2\" -e NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\" -e LEADER_IP=\"192.168.65.3\" kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh\n
If using containerd you can use the following command:
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" --env=\"NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\"\" --env=\"LOCAL_IP=\"192.168.65.2\"\" --env=\"LEADER_IP=\"192.168.65.3\"\" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh\n
LOCAL_IP\uff1a The IP address of the node where the current container is located.NODE_IPS\uff1a The IP addresses of the three nodes running the OVN-IC database, separated by commas.LEADER_IP: The IP address of the OVN-IC DB leader node.
Specify multiple OVN-IC database node addresses when creating ovn-ic-config for each cluster:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3,192.168.65.2,192.168.65.1\"\n ic-nb-port: \"6645\"\n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
"},{"location":"en/advance/with-ovn-ic/#manual-reset","title":"Manual Reset","text":"In some cases, the entire interconnection configuration needs to be cleaned up due to configuration errors, you can refer to the following steps to clean up your environment.
Delete the current ovn-ic-config Configmap:
kubectl -n kube-system delete cm ovn-ic-config\n
Delete ts logical switch:
kubectl ko nbctl ls-del ts\n
Repeat the same steps at the peer cluster.
"},{"location":"en/advance/with-ovn-ic/#clean-ovn-ic","title":"Clean OVN-IC","text":"Delete the ovn-ic-config Configmap for all clusters:
kubectl -n kube-system delete cm ovn-ic-config\n
Delete all clusters' ts logical switches:
kubectl ko nbctl ls-del ts\n
Delete the cluster interconnect controller. If it is a high-availability OVN-IC database deployment, all need to be cleaned up.
If the controller is docker deploy execute command:
docker stop ovn-ic-db \ndocker rm ovn-ic-db\n
If the controller is containerd deploy the command:
ctr -n k8s.io task kill ovn-ic-db\nctr -n k8s.io containers rm ovn-ic-db\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/advance/with-submariner/","title":"Cluster Inter-Connection with Submariner","text":"Submariner is an open source networking component that connects multiple Kubernetes cluster Pod and Service networks which can help Kube-OVN interconnect multiple clusters.
Compared to OVN-IC, Submariner can connect Kube-OVN and non-Kube-OVN cluster networks, and Submariner can provide cross-cluster capability for services. However, Submariner currently only enables the default subnets to be connected, and cannot selectively connect multiple subnets.
"},{"location":"en/advance/with-submariner/#prerequisites","title":"Prerequisites","text":" - The Service CIDRs of the two clusters and the CIDR of the default Subnet cannot overlap.
"},{"location":"en/advance/with-submariner/#install-submariner","title":"Install Submariner","text":"Download the subctl binary and deploy it to the appropriate path:
curl -Ls https://get.submariner.io | bash\nexport PATH=$PATH:~/.local/bin\necho export PATH=\\$PATH:~/.local/bin >> ~/.profile\n
Change kubeconfig context to the cluster that need to deploy submariner-broker:
subctl deploy-broker\n
In this document the default subnet CIDR for cluster0 is 10.16.0.0/16 and the join subnet CIDR for cluster0 is 100.64.0.0/16, the default subnet CIDR for cluster1 is 11.16.0.0/16 and the join subnet CIDR for cluster1 is 100.68.0.0/16.
Switch kubeconfig to cluster0 to register the cluster to the broker, and register the gateway node:
subctl join broker-info.subm --clusterid cluster0 --clustercidr 100.64.0.0/16,10.16.0.0/16 --natt=false --cable-driver vxlan --health-check=false\nkubectl label nodes cluster0 submariner.io/gateway=true\n
Switch kubeconfig to cluster1 to register the cluster to the broker, and register the gateway node:
subctl join broker-info.subm --clusterid cluster1 --clustercidr 100.68.0.0/16,11.16.0.0/16 --natt=false --cable-driver vxlan --health-check=false\nkubectl label nodes cluster1 submariner.io/gateway=true\n
Next, you can start Pods in each of the two clusters and try to access each other using IPs.
Network communication problems can be diagnosed by using the subctl command:
subctl show all\nsubctl diagnose all\n
For more Submariner operations please read Submariner Usage.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/custom-routes/","title":"Custom Routes","text":"Custom routes can be configured via Pod's annotations. Here is an example:
apiVersion: v1\nkind: Pod\nmetadata:\n name: custom-routes\n annotations:\n ovn.kubernetes.io/routes: |\n [{\n \"dst\": \"192.168.0.101/24\",\n \"gw\": \"10.16.0.254\"\n }, {\n \"gw\": \"10.16.0.254\"\n }]\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n
Do not set the dst field if you want to configure the default route.
For workloads such as Deployment, DaemonSet and StatefulSet, custom routes must be configured via .spec.template.metadata.annotations:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: custom-routes\n labels:\n app: nginx\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n annotations:\n ovn.kubernetes.io/routes: |\n [{\n \"dst\": \"192.168.0.101/24\",\n \"gw\": \"10.16.0.254\"\n }, {\n \"gw\": \"10.16.0.254\"\n }]\n spec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/dual-stack/","title":"DualStack","text":"Different subnets in Kube-OVN can support different IP protocols. IPv4, IPv6 and dual-stack types of subnets can exist within one cluster. However, it is recommended to use a uniform protocol type within a cluster to simplify usage and maintenance.
In order to support dual-stack, the host network needs to meet the dual-stack requirements, and the Kubernetes-related parameters need to be adjusted, please refer to official guide to dual-stack.
"},{"location":"en/guide/dual-stack/#create-dual-stack-subnet","title":"Create dual-stack Subnet","text":"When configuring a dual stack Subnet, you only need to set the corresponding subnet CIDR format as cidr=<IPv4 CIDR>,<IPv6 CIDR>.
The CIDR order requires IPv4 to come first and IPv6 to come second, as follows.
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata: \n name: ovn-test\nspec:\n cidrBlock: 10.16.0.0/16,fd00:10:16::/64\n excludeIps:\n - 10.16.0.1\n - fd00:10:16::1\n gateway: 10.16.0.1,fd00:10:16::1\n
If you need to use a dual stack for the default subnet during installation, you need to change the following parameters in the installation script:
POD_CIDR=\"10.16.0.0/16,fd00:10:16::/64\"\nJOIN_CIDR=\"100.64.0.0/16,fd00:100:64::/64\"\n
"},{"location":"en/guide/dual-stack/#check-pod-address","title":"Check Pod Address","text":"Pods configured for dual-stack networks will be assigned both IPv4 and IPv6 addresses from that subnet, and the results will be displayed in the annotation of the Pod:
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/allocated: \"true\"\n ovn.kubernetes.io/cidr: 10.16.0.0/16,fd00:10:16::/64\n ovn.kubernetes.io/gateway: 10.16.0.1,fd00:10:16::1\n ovn.kubernetes.io/ip_address: 10.16.0.9,fd00:10:16::9\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:14:88:09\n ovn.kubernetes.io/network_types: geneve\n ovn.kubernetes.io/routed: \"true\"\n...\npodIP: 10.16.0.9\n podIPs:\n - ip: 10.16.0.9\n - ip: fd00:10:16::9\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/eip-snat/","title":"EIP and SNAT","text":"This configuration is for the network under default VPC, for custom VPC please refer to VPC Gateway
Kube-OVN supports SNAT and EIP functionality at the Pod level using the L3 Gateway feature in OVN. By using SNAT, a group of Pods can share an IP address for external access. With the EIP feature, a Pod can be directly associated with an external IP. External services can access the Pod directly through the EIP, and the Pod will also access external services through this EIP.
"},{"location":"en/guide/eip-snat/#preparation","title":"Preparation","text":" - In order to use the OVN's L3 Gateway capability, a separate NIC must be bridged into the OVS bridge for overlay and underlay network communication. The host must have other NICs for management.
- Since packets passing through NAT will go directly to the Underlay network, it is important to confirm that such packets can pass safely on the current network architecture.
- Currently, there is no conflict detection for EIP and SNAT addresses, and an administrator needs to manually assign them to avoid address conflicts.
"},{"location":"en/guide/eip-snat/#create-config","title":"Create Config","text":"Create ConfigMap ovn-external-gw-config in kube-system Namespace:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-external-gw-config\n namespace: kube-system\ndata:\n enable-external-gw: \"true\"\n external-gw-nodes: \"kube-ovn-worker\"\n external-gw-nic: \"eth1\"\n external-gw-addr: \"172.56.0.1/16\"\n nic-ip: \"172.56.0.254/16\"\n nic-mac: \"16:52:f3:13:6a:25\"\n
enable-external-gw: Whether to enable SNAT and EIP functions.type: centrailized or distributed\uff0c Default is centralized If distributed is used, all nodes of the cluster need to have the same name NIC to perform the gateway function.external-gw-nodes: In centralized mode\uff0cThe names of the node performing the gateway role, comma separated.external-gw-nic: The name of the NIC that performs the role of a gateway on the node.external-gw-addr: The IP and mask of the physical network gateway.nic-ip,nic-mac: The IP and Mac assigned to the logical gateway port needs to be an unoccupied IP and Mac for the physical subnet.
"},{"location":"en/guide/eip-snat/#confirm-the-configuration-take-effect","title":"Confirm the Configuration Take Effect","text":"Check the OVN-NB status to confirm that the ovn-external logical switch exists and that the correct address and chassis are bound to the ovn-cluster-ovn-external logical router port.
# kubectl ko nbctl show\nswitch 3de4cea7-1a71-43f3-8b62-435a57ef16a6 (ovn-external)\n port ln-ovn-external\n type: localnet\n addresses: [\"unknown\"]\n port ovn-external-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-external\nrouter e1eb83ad-34be-4ed5-9a02-fcc8b1d357c4 (ovn-cluster)\n port ovn-cluster-ovn-external\n mac: \"ac:1f:6b:2d:33:f1\"\n networks: [\"172.56.0.100/16\"]\n gateway chassis: [a5682814-2e2c-46dd-9c1c-6803ef0dab66]\n
Check the OVS status to confirm that the corresponding NIC is bridged into the br-external bridge:
# kubectl ko vsctl ${gateway node name} show\ne7d81150-7743-4d6e-9e6f-5c688232e130\n Bridge br-external\n Port br-external\n Interface br-external\n type: internal\n Port eno2\n Interface eno2\n Port patch-ln-ovn-external-to-br-int\n Interface patch-ln-ovn-external-to-br-int\n type: patch\n options: {peer=patch-br-int-to-ln-ovn-external}\n
"},{"location":"en/guide/eip-snat/#config-eip-amd-snat-on-pod","title":"Config EIP amd SNAT on Pod","text":"SNAT and EIP can be configured by adding the ovn.kubernetes.io/snat or ovn.kubernetes.io/eip annotation to the Pod, respectively:
apiVersion: v1\nkind: Pod\nmetadata:\n name: pod-gw\n annotations:\n ovn.kubernetes.io/snat: 172.56.0.200\nspec:\n containers:\n - name: snat-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: pod-gw\n annotations:\n ovn.kubernetes.io/eip: 172.56.0.233\nspec:\n containers:\n - name: eip-pod\n image: docker.io/library/nginx:alpine\n
The EIP or SNAT rules configured by the Pod can be dynamically adjusted via kubectl or other tools, remember to remove the ovn.kubernetes.io/routed annotation to trigger the routing change.
kubectl annotate pod pod-gw ovn.kubernetes.io/eip=172.56.0.221 --overwrite\nkubectl annotate pod pod-gw ovn.kubernetes.io/routed-\n
When the EIP or SNAT takes into effect, the ovn.kubernetes.io/routed annotation will be added back.
"},{"location":"en/guide/eip-snat/#advanced-configuration","title":"Advanced Configuration","text":"Some args of kube-ovn-controller allow for advanced configuration of SNAT and EIP:
--external-gateway-config-ns: The Namespace of Configmap ovn-external-gw-config, default is kube-system\u3002--external-gateway-net: The name of the bridge to which the physical NIC is bridged, default is external.--external-gateway-vlanid: Physical network Vlan Tag number, default is 0, i.e. no Vlan is used.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/ippool/","title":"Configure IPPool","text":"IPPool is a more granular IPAM management unit than Subnet. You can subdivide the subnet segment into multiple units through IPPool, and each unit is bound to one or more namespaces.
"},{"location":"en/guide/ippool/#instructions","title":"Instructions","text":"Below is an example\uff1a
apiVersion: kubeovn.io/v1\nkind: IPPool\nmetadata:\n name: pool-1\nspec:\n subnet: ovn-default\n ips:\n - \"10.16.0.201\"\n - \"10.16.0.210/30\"\n - \"10.16.0.220..10.16.0.230\"\n namespaces:\n - ns-1\n
Field description:
Field Usage Comment subnet Specify the subnet to which it belongs Required ips Specify IP ranges Support three formats: , and ... Support IPv6. namespaces Specifies the bound namespaces Optional"},{"location":"en/guide/ippool/#precautions","title":"Precautions","text":" - To ensure compatibility with Workload Universal IP Pool Fixed Address, the name of the IP pool cannot be an IP address;
- The
.spec.ips of the IP pool can specify an IP address beyond the scope of the subnet, but the actual effective IP address is the intersection of .spec.ips and the CIDR of the subnet; - Different IP pools of the same subnet cannot contain the same (effective) IP address;
- The
.spec.ips of the IP pool can be modified dynamically; - The IP pool will inherit the reserved IP of the subnet. When randomly assigning an IP address from the IP pool, the reserved IP included in the IP pool will be skipped;
- When randomly assigning an IP address from a subnet, it will only be assigned from a range other than all IP pools in the subnet.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/loadbalancer-service/","title":"LoadBalancer Type Service","text":"Kube-OVN supports the implementation of VPC and VPC gateway. For specific configurations, please refer to the VPC configuration.
Due to the complexity of using VPC gateways, the implementation based on VPC gateways has been simplified. It supports creating LoadBalancer type Services in the default VPC, allowing access to Services in the default VPC through LoadBalancerIP.
First, make sure the following conditions are met in the environment:
- Install
multus-cni and macvlan cni\u3002 - LoadBalancer Service support relies on simplified implementation of VPC gateway code, still utilizing the vpc-nat-gw image and depending on macvlan for multi-interface functionality support.
- Currently, it only supports configuration in the default VPC. Support for LoadBalancers in custom VPCs can be referred to in the VPC configuration.
"},{"location":"en/guide/loadbalancer-service/#steps-to-configure-default-vpc-loadbalancer-service","title":"Steps to Configure Default VPC LoadBalancer Service","text":""},{"location":"en/guide/loadbalancer-service/#enable-feature-flag","title":"Enable Feature Flag","text":"Modify the deployment kube-ovn-controller under the kube-system namespace and add the parameter --enable-lb-svc=true to the args section to enable the feature (by default it's set to false).
containers:\n- args:\n - /kube-ovn/start-controller.sh\n - --default-cidr=10.16.0.0/16\n - --default-gateway=10.16.0.1\n - --default-gateway-check=true\n - --enable-lb-svc=true // parameter is set to true\n
"},{"location":"en/guide/loadbalancer-service/#create-networkattachmentdefinition-crd-resource","title":"Create NetworkAttachmentDefinition CRD Resource","text":"Refer to the following YAML and create the net-attach-def resource:
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: lb-svc-attachment\n namespace: kube-system\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth0\", //Physical network card, configure according to the actual situation\n \"mode\": \"bridge\"\n }'\n
By default, the physical NIC eth0 is used to implement the multi-interface functionality. If another physical NIC is needed, modify the master value to specify the name of the desired physical NIC.
"},{"location":"en/guide/loadbalancer-service/#create-subnet","title":"Create Subnet","text":"The created Subnet is used to allocate LoadBalancerIP for the LoadBalancer Service, which should normally be accessible from outside the cluster. An Underlay Subnet can be configured for address allocation.
Refer to the following YAML to create a new subnet:
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\nspec:\n protocol: IPv4\n provider: lb-svc-attachment.kube-system //The provider format is fixed and consists of the Name.Namespace of the net-attach-def resource created in the previous step\n cidrBlock: 172.18.0.0/16\n gateway: 172.18.0.1\n excludeIps:\n - 172.18.0.0..172.18.0.10\n
In the provider parameter of the Subnet, ovn or .ovn suffix is used to indicate that the subnet is managed by Kube-OVN and requires corresponding logical switch records to be created.
If provider is neither ovn nor ends with .ovn, Kube-OVN only provides the IPAM functionality to record IP address allocation without handling business logic for the subnet.
"},{"location":"en/guide/loadbalancer-service/#create-loadbalancer-service","title":"Create LoadBalancer Service","text":"Refer to the following YAML to create a LoadBalancer Service:
apiVersion: v1\nkind: Service\nmetadata:\n annotations:\n lb-svc-attachment.kube-system.kubernetes.io/logical_switch: attach-subnet #Optional\n ovn.kubernetes.io/attachmentprovider: lb-svc-attachment.kube-system #Required\n labels:\n app: dynamic\n name: test-service\n namespace: default\nspec:\n loadBalancerIP: 172.18.0.18 #Optional\n ports:\n - name: test\n protocol: TCP\n port: 80\n targetPort: 80\n selector:\n app: dynamic\n sessionAffinity: None\n type: LoadBalancer\n
In the yaml, the annotation ovn.kubernetes.io/attachmentprovider is required, and its value is composed of the Name.Namespace of the net-attach-def resource created in the first step. This annotation is used to find the net-attach-def resources when creating Pods.
The subnet used for multi-interface address allocation can be specified through an annotation. The annotation key format is net-attach-def resource's Name.Namespace.kubernetes.io/logical_switch. This configuration is optional and if LoadBalancerIP address is not specified, addresses will be dynamically allocated from this subnet and filled into the LoadBalancerIP field.
If a static LoadBalancerIP address is required, the spec.loadBalancerIP field can be configured. The address must be within the specified subnet's address range.
After creating the Service using the YAML, you can see the Pod startup information in the same namespace as the Service:
# kubectl get pod\nNAME READY STATUS RESTARTS AGE\nlb-svc-test-service-6869d98dd8-cjvll 1/1 Running 0 107m\n# kubectl get svc\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\ntest-service LoadBalancer 10.109.201.193 172.18.0.18 80:30056/TCP 107m\n
When specifying the service.spec.loadBalancerIP parameter, it will be assigned to the service's external IP field. If not specified, the parameter will be assigned a random value.
View the YAML output of the test Pod to see the assigned multi-interface addresses:
# kubectl get pod -o yaml lb-svc-test-service-6869d98dd8-cjvll\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n k8s.v1.cni.cncf.io/network-status: |-\n [{\n \"name\": \"kube-ovn\",\n \"ips\": [\n \"10.16.0.2\"\n ],\n \"default\": true,\n \"dns\": {}\n },{\n \"name\": \"default/test-service\",\n \"interface\": \"net1\",\n \"mac\": \"ba:85:f7:02:9f:42\",\n \"dns\": {}\n }]\n k8s.v1.cni.cncf.io/networks: default/test-service\n k8s.v1.cni.cncf.io/networks-status: |-\n [{\n \"name\": \"kube-ovn\",\n \"ips\": [\n \"10.16.0.2\"\n ],\n \"default\": true,\n \"dns\": {}\n },{\n \"name\": \"default/test-service\",\n \"interface\": \"net1\",\n \"mac\": \"ba:85:f7:02:9f:42\",\n \"dns\": {}\n }]\n ovn.kubernetes.io/allocated: \"true\"\n ovn.kubernetes.io/cidr: 10.16.0.0/16\n ovn.kubernetes.io/gateway: 10.16.0.1\n ovn.kubernetes.io/ip_address: 10.16.0.2\n ovn.kubernetes.io/logical_router: ovn-cluster\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:45:F4:29\n ovn.kubernetes.io/pod_nic_type: veth-pair\n ovn.kubernetes.io/routed: \"true\"\n test-service.default.kubernetes.io/allocated: \"true\"\n test-service.default.kubernetes.io/cidr: 172.18.0.0/16\n test-service.default.kubernetes.io/gateway: 172.18.0.1\n test-service.default.kubernetes.io/ip_address: 172.18.0.18\n test-service.default.kubernetes.io/logical_switch: attach-subnet\n test-service.default.kubernetes.io/mac_address: 00:00:00:AF:AA:BF\n test-service.default.kubernetes.io/pod_nic_type: veth-pair\n
Check the service information:
# kubectl get svc -o yaml test-service\napiVersion: v1\nkind: Service\nmetadata:\n annotations:\n kubectl.kubernetes.io/last-applied-configuration: |\n {\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"annotations\":{\"test-service.default.kubernetes.io/logical_switch\":\"attach-subnet\"},\"labels \":{\"app\":\"dynamic\"},\"name\":\"test-service\",\"namespace\":\"default\"},\"spec\":{\"ports\":[{\"name\":\"test\", \"port\":80,\"protocol\":\"TCP\",\"targetPort\":80}],\"selector\":{\"app\":\"dynamic\"},\"sessionAffinity\":\"None\",\"type\":\"LoadBalancer \"}}\n ovn.kubernetes.io/vpc:ovn-cluster\n test-service.default.kubernetes.io/logical_switch: attach-subnet\n creationTimestamp: \"2022-06-15T09:01:58Z\"\n labels:\n app: dynamic\n name: test-service\n namespace: default\n resourceVersion: \"38485\"\n uid: 161edee1-7f6e-40f5-9e09-5a52c44267d0\nspec:\n allocateLoadBalancerNodePorts: true\n clusterIP: 10.109.201.193\n clusterIPs:\n - 10.109.201.193\n externalTrafficPolicy: Cluster\n internalTrafficPolicy: Cluster\n ipFamilies:\n - IPv4\n ipFamilyPolicy: SingleStack\n ports:\n - name: test\n nodePort: 30056\n port: 80\n protocol: TCP\n targetPort: 80\n selector:\n app: dynamic\n sessionAffinity: None\n type: LoadBalancer\nstatus:\n loadBalancer:\n ingress:\n - ip: 172.18.0.18\n
"},{"location":"en/guide/loadbalancer-service/#testing-loadbalancerip-access","title":"Testing LoadBalancerIP access","text":"Refer to the following YAML to create a test Pod that serves as the Endpoints for the Service:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: dynamic\n name: dynamic\n namespace: default\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: dynamic\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: dynamic\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n dnsPolicy: ClusterFirst\n restartPolicy: Always\n
Under normal circumstances, the provided subnet addresses should be accessible from outside the cluster. To verify, access the Service's LoadBalancerIP:Port from within the cluster and check if the access is successful.
# curl 172.18.0.11:80\n<html>\n<head>\n <title>Hello World!</title>\n <link href='//fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>\n <style>\n body {\n background-color: white;\n text-align: center;\n padding: 50px;\n font-family: \"Open Sans\",\"Helvetica Neue\",Helvetica,Arial,sans-serif;\n }\n #logo {\n margin-bottom: 40px;\n }\n </style>\n</head>\n<body>\n <h1>Hello World!</h1>\n <h3>Links found</h3>\n <h3>I am on dynamic-7d8d7874f5-hsgc4</h3>\n <h3>Cookie =</h3>\n <b>KUBERNETES</b> listening in 443 available at tcp://10.96.0.1:443<br />\n <h3>my name is hanhouchao!</h3>\n <h3> RequestURI='/'</h3>\n</body>\n</html>\n
Enter the Pod created by the Service and check the network information:
# ip a\n4: net1@if62: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether ba:85:f7:02:9f:42 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 172.18.0.18/16 scope global net1\n valid_lft forever preferred_lft forever\n inet6 fe80::b885:f7ff:fe02:9f42/64 scope link\n valid_lft forever preferred_lft forever\n36: eth0@if37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default\n link/ether 00:00:00:45:f4:29 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 10.16.0.2/16 brd 10.16.255.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe45:f429/64 scope link\n valid_lft forever preferred_lft forever\n\n# ip rule\n0: from all lookup local\n32764: from all iif eth0 lookup 100\n32765: from all iif net1 lookup 100\n32766: from all lookup main\n32767: from all lookup default\n\n# ip route show table 100\ndefault via 172.18.0.1 dev net1\n10.109.201.193 via 10.16.0.1 dev eth0\n172.18.0.0/16 dev net1 scope link\n\n# iptables -t nat -L -n -v\nChain PREROUTING (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n 0 0 DNAT tcp -- * * 0.0.0.0/0 172.18.0.18 tcp dpt:80 to:10.109.201.193:80\n\nChain INPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n\nChain OUTPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n\nChain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n 0 0 MASQUERADE all -- * * 0.0.0.0/0 10.109.201.193\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/mirror/","title":"Traffic Mirror","text":"The traffic mirroring feature allows packets to and from the container network to be copied to a specific NIC of the host. Administrators or developers can listen to this NIC to get the complete container network traffic for further analysis, monitoring, security auditing and other operations. It can also be integrated with traditional NPM for more fine-grained traffic visibility.
The traffic mirroring feature introduces some performance loss, with an additional CPU consumption of 5% to 10% depending on CPU performance and traffic characteristics.
"},{"location":"en/guide/mirror/#global-traffic-mirroring-settings","title":"Global Traffic Mirroring Settings","text":"The traffic mirroring is disabled by default, please modify the args of kube-ovn-cni DaemonSet to enable it:
--enable-mirror=true: Whether to enable traffic mirroring.--mirror-iface=mirror0: The name of the NIC that the traffic mirror is copied to. This NIC can be a physical NIC that already exists on the host machine. At this point the NIC will be bridged into the br-int bridge and the mirrored traffic will go directly to the underlying switch. If the NIC name does not exist, Kube-OVN will automatically create a virtual NIC with the same name, through which the administrator or developer can access all traffic on the current node on the host. The default is mirror0.
Next, you can listen to the traffic on mirror0 with tcpdump or other traffic analysis tools.
tcpdump -ni mirror0\n
"},{"location":"en/guide/mirror/#pod-level-mirroring-settings","title":"Pod Level Mirroring Settings","text":"If you only need to mirror some Pod traffic, you need to disable the global traffic mirroring and then add the ovn.kubernetes.io/mirror annotation on a specific Pod to enable Pod-level traffic mirroring.
apiVersion: v1\nkind: Pod\nmetadata:\n name: mirror-pod\n namespace: ls1\n annotations:\n ovn.kubernetes.io/mirror: \"true\"\nspec:\n containers:\n - name: mirror-pod\n image: docker.io/library/nginx:alpine\n
"},{"location":"en/guide/mirror/#performance-test","title":"Performance Test","text":"Test on the same environment with the traffic mirroring switch on and off, respectively
"},{"location":"en/guide/mirror/#enable-traffic-mirroring","title":"Enable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 12.7 us 289 Mbits/sec 12.6 us (1.8%) 77.9 Mbits/sec 128 15.5 us 517 Mbits/sec 12.7 us (0%) 155 Mbits/sec 512 12.2 us 1.64 Gbits/sec 12.4 us (0%) 624 Mbits/sec 1k 13 us 2.96 Gbits/sec 11.4 us (0.53%) 1.22 Gbits/sec 4k 18 us 7.67 Gbits/sec 25.7 us (0.41%) 1.50 Gbits/sec"},{"location":"en/guide/mirror/#disable-traffic-mirroring","title":"Disable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 11.9 us 324 Mbits/sec 12.2 us (0.22%) 102 Mbits/sec 128 10.5 us 582 Mbits/sec 9.5 us (0.21%) 198 Mbits/sec 512 11.6 us 1.84 Gbits/sec 9.32 us (0.091%) 827 Mbits/sec 1k 10.5 us 3.44 Gbits/sec 10 us (1.2%) 1.52 Gbits/sec 4k 16.7 us 8.52 Gbits/sec 18.2 us (1.3%) 2.42 Gbits/sec"},{"location":"en/guide/mirror/#enable-traffic-mirroring_1","title":"Enable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 258 us 143 Mbits/sec 237 us (61%) 28.5 Mbits/sec 128 240 us 252 Mbits/sec 231 us (64%) 54.9 Mbits/sec 512 236 us 763 Mbits/sec 256 us (68%) 194 Mbits/sec 1k 242 us 969 Mbits/sec 225 us (62%) 449 Mbits/sec 4k 352 us 1.12 Gbits/sec 382 us (0.71%) 21.4 Mbits/sec"},{"location":"en/guide/mirror/#disable-traffic-mirroring_1","title":"Disable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 278 us 140 Mbits/sec 227 us (24%) 59.6 Mbits/sec 128 249 us 265 Mbits/sec 265 us (23%) 114 Mbits/sec 512 233 us 914 Mbits/sec 235 us (21%) 468 Mbits/sec 1k 238 us 1.14 Gbits/sec 240 us (15%) 891 Mbits/sec 4k 370 us 1.25 Gbits/sec 361 us (0.43%) 7.54 Mbits/sec"},{"location":"en/guide/mirror/#enable-traffic-mirroring_2","title":"Enable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 205 us 162 Mbits/sec 183 us (11%) 74.2 Mbits/sec 128 222 us 280 Mbits/sec 206 us (6.3%) 155 Mbits/sec 512 220 us 1.04 Gbits/sec 177 us (20%) 503 Mbits/sec 1k 213 us 2.06 Gbits/sec 201 us (8.6%) 1.14 Gbits/sec 4k 280 us 5.01 Gbits/sec 315 us (37%) 1.20 Gbits/sec"},{"location":"en/guide/mirror/#disable-traffic-mirroring_2","title":"Disable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 204 us 157 Mbits/sec 204 us (8.8%) 81.9 Mbits/sec 128 213 us 262 Mbits/sec 225 us (19%) 136 Mbits/sec 512 220 us 1.02 Gbits/sec 227 us (21%) 486 Mbits/sec 1k 217 us 1.79 Gbits/sec 218 us (29%) 845 Mbits/sec 4k 275 us 5.27 Gbits/sec 336 us (34%) 1.21 Gbits/sec"},{"location":"en/guide/mirror/#enable-traffic-mirroring_3","title":"Enable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 12.2 us 295 Mbits/sec 12.7 us (0.27%) 74.1 Mbits/sec 128 14.1 us 549 Mbits/sec 10.6 us (0.41%) 153 Mbits/sec 512 13.5 us 1.83 Gbits/sec 12.7 us (0.23%) 586 Mbits/sec 1k 12 us 2.69 Gbits/sec 13 us (1%) 1.16 Gbits/sec 4k 18.9 us 4.51 Gbits/sec 21.8 us (0.42%) 1.81 Gbits/sec"},{"location":"en/guide/mirror/#disable-traffic-mirroring_3","title":"Disable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 10.4 us 335 Mbits/sec 12.2 us (0.75%) 95.4 Mbits/sec 128 12.1 us 561 Mbits/sec 11.3 us (0.25%) 194 Mbits/sec 512 11.6 us 1.87 Gbits/sec 10.7 us (0.66%) 745 Mbits/sec 1k 12.7 us 3.12 Gbits/sec 10.9 us (1.2%) 1.46 Gbits/sec 4k 16.5 us 8.23 Gbits/sec 17.9 us (1.5%) 2.51 Gbits/sec"},{"location":"en/guide/mirror/#enable-traffic-mirroring_4","title":"Enable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 234 us 153 Mbits/sec 232 us (63%) 29.4 Mbits/sec 128 237 us 261 Mbits/sec 238 us (49%) 76.1 Mbits/sec 512 231 us 701 Mbits/sec 238 us (57%) 279 Mbits/sec 1k 256 us 1.05 Gbits/sec 228 us (56%) 524 Mbits/sec 4k 330 us 1.08 Gbits/sec 359 us (1.5%) 35.7 Mbits/sec"},{"location":"en/guide/mirror/#disable-traffic-mirroring_4","title":"Disable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 283 us 141 Mbits/sec 230 us (26%) 55.8 Mbits/sec 128 234 us 255 Mbits/sec 234 us (25%) 113 Mbits/sec 512 246 us 760 Mbits/sec 234 us (22%) 458 Mbits/sec 1k 268 us 1.23 Gbits/sec 242 us (20%) 879 Mbits/sec 4k 326 us 1.20 Gbits/sec 369 us (0.5%) 7.87 Mbits/sec"},{"location":"en/guide/mirror/#enable-traffic-mirroring_5","title":"Enable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 237 us 133 Mbits/sec 213 us (65%) 25.5 Mbits/sec 128 232 us 271 Mbits/sec 222 us (62%) 54.8 Mbits/sec 512 266 us 800 Mbits/sec 234 us (60%) 232 Mbits/sec 1k 248 us 986 Mbits/sec 239 us (50%) 511 Mbits/sec 4k 314 us 1.03 Gbits/sec 367 us (0.6%) 13.2 Mbits/sec TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14305.17 0.87ms 1.48ms 24.46ms 100 29082.07 3.87ms 4.35ms 102.85ms"},{"location":"en/guide/mirror/#disable-traffic-mirroring_5","title":"Disable traffic mirroring","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 241 us 145 Mbits/sec 225 us (19%) 60.2 Mbits/sec 128 245 us 261 Mbits/sec 212 us (15%) 123 Mbits/sec 512 252 us 821 Mbits/sec 219 us (14%) 499 Mbits/sec 1k 253 us 1.08 Gbits/sec 242 us (16%) 852 Mbits/sec 4k 320 us 1.32 Gbits/sec 360 us (0.47%) 6.70 Mbits/sec TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 13634.07 0.96ms 1.72ms 30.07ms 100 30215.23 3.59ms 3.20ms 77.56ms"},{"location":"en/guide/mirror/#enable-traffic-mirroring_6","title":"Enable traffic mirroring","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14802.73 0.88ms 1.66ms 31.49ms 100 29809.58 3.78ms 4.12ms 105.34ms"},{"location":"en/guide/mirror/#disable-traffic-mirroring_6","title":"Disable traffic mirroring","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14273.33 0.90ms 1.60ms 37.16ms 100 30757.81 3.62ms 3.41ms 59.78ms"},{"location":"en/guide/mirror/#enable-traffic-mirroring_7","title":"Enable traffic mirroring","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 15402.39 802.50us 1.42ms 30.91ms 100 29424.66 4.05ms 4.31ms 90.60ms"},{"location":"en/guide/mirror/#disable-traffic-mirroring_7","title":"Disable traffic mirroring","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14649.21 0.91ms 1.72ms 43.92ms 100 32143.61 3.66ms 3.76ms 67.02ms \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/networkpolicy-log/","title":"NetworkPolicy Logging","text":"NetworkPolicy is a interface provided by Kubernetes and implemented by Kube-OVN through OVN's ACLs. With NetworkPolicy, if the networks are down, it is difficult to determine whether it is caused by a network failure or a NetworkPolicy rule problem. Kube-OVN provides NetworkPolicy logging to help administrators quickly locate whether a NetworkPolicy drop rule has been hit, and to record the illegal accesses.
Once NetworkPolicy logging is turned on, logs need to be printed for every packet that hits a Drop rule, which introduces additional performance overhead. Under a malicious attack, a large number of logs in a short period of time may exhaust the CPU. We recommend turning off logging by default in production environments and dynamically turning it on when you need to troubleshoot problems.
"},{"location":"en/guide/networkpolicy-log/#enable-networkpolicy-logging","title":"Enable NetworkPolicy Logging","text":"Add the annotation ovn.kubernetes.io/enable_log to the NetworkPolicy where logging needs to be enabled, as follows:
apiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: default-deny-ingress\n namespace: kube-system\n annotations:\n ovn.kubernetes.io/enable_log: \"true\"\nspec:\n podSelector: {}\n policyTypes:\n - Ingress\n
Next, you can observe the log of dropped packets in /var/log/ovn/ovn-controller.log on the host of the corresponding Pod:
# tail -f /var/log/ovn/ovn-controller.log\n2022-07-20T05:55:03.229Z|00394|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=54343,tp_dst=53\n2022-07-20T05:55:06.229Z|00395|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=44187,tp_dst=53\n2022-07-20T05:55:08.230Z|00396|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=54274,tp_dst=53\n2022-07-20T05:55:11.231Z|00397|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=32778,tp_dst=53\n2022-07-20T05:55:11.231Z|00398|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=34188,tp_dst=53\n2022-07-20T05:55:13.231Z|00399|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=43290,tp_dst=53\n2022-07-20T05:55:22.096Z|00400|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n2022-07-20T05:55:22.097Z|00401|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n2022-07-20T05:55:22.098Z|00402|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n
"},{"location":"en/guide/networkpolicy-log/#disable-networkpolicy-logging","title":"Disable NetworkPolicy Logging","text":"Set annotation ovn.kubernetes.io/enable_log in the corresponding NetworkPolicy to false to disable NetworkPolicy logging:
kubectl annotate networkpolicy -n kube-system default-deny-ingress ovn.kubernetes.io/enable_log=false --overwrite\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/prometheus-grafana/","title":"Monitor and Dashboard","text":"Kube-OVN can export network control plane information and network data plane quality information metrics to the external in formats supported by Prometheus.
We use the CRD provided by kube-prometheus to define the corresponding Prometheus monitoring rules. For all monitoring metrics supported by Kube-OVN, please refer to Kube-OVN Monitoring Metrics.
If you are using native Prometheus, please refer to Configuring Native Prometheus for configuration.
"},{"location":"en/guide/prometheus-grafana/#install-prometheus-monitor","title":"Install Prometheus Monitor","text":"Kube-OVN uses Prometheus Monitor CRD to manage the monitoring output.
# network quality related monitoring metrics\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/pinger-monitor.yaml\n# kube-ovn-controller metrics\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/controller-monitor.yaml\n# kube-ovn-cni metrics\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/cni-monitor.yaml\n# ovn metrics\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovn-monitor.yaml\n
The default interval for Prometheus pull is 15s, if you need to adjust it, modify the interval value in yaml.
"},{"location":"en/guide/prometheus-grafana/#import-grafana-dashboard","title":"Import Grafana Dashboard","text":"Kube-OVN provides a predefined Grafana Dashboard to display control plane and data plane related metrics.
Download the corresponding Dashboard template:
# network quality related monitoring dashboard\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/pinger-grafana.json\n# kube-ovn-controller dashboard\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/controller-grafana.json\n# kube-ovn-cni dashboard\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/cni-grafana.json\n# ovn dashboard\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovn-grafana.json\n# ovs dashboard\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovs-grafana.json\n
Import these templates into Grafana and set the data source to the corresponding Prometheus to see the following Dashboards.
kube-ovn-controller dashboard:
kube-ovn-pinger dashboard:
kube-ovn-cni dashboard:
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/prometheus/","title":"Config Native Prometheus","text":"Kube-OVN provides rich monitoring data for OVN/OVS health status checks and connectivity checks of container and host networks, and Kube-OVN is configured with ServiceMonitor for Prometheus to dynamically obtain monitoring metrics.
In some cases, where only Prometheus Server is installed and no other components are installed, you can dynamically obtain monitoring data for the cluster environment by modifying the configuration of Prometheus.
"},{"location":"en/guide/prometheus/#config-prometheus","title":"Config Prometheus","text":"The following configuration documentation, referenced from Prometheus Service Discovery.
"},{"location":"en/guide/prometheus/#permission-configuration","title":"Permission Configuration","text":"Prometheus is deployed in the cluster and needs to access the k8s apiserver to query the monitoring data of the containers.
Refer to the following yaml to configure the permissions required by Prometheus:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: prometheus\nrules:\n- apiGroups: [\"\"]\n resources:\n - nodes\n - nodes/proxy\n - services\n - endpoints\n - pods\n verbs: [\"get\", \"list\", \"watch\"]\n- apiGroups:\n - extensions\n resources:\n - ingresses\n verbs: [\"get\", \"list\", \"watch\"]\n- nonResourceURLs: [\"/metrics\"]\n verbs: [\"get\"]\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: prometheus\n namespace: default\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: prometheus\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: prometheus\nsubjects:\n- kind: ServiceAccount\n name: prometheus\n namespace: default\n
"},{"location":"en/guide/prometheus/#prometheus-configmap","title":"Prometheus ConfigMap","text":"The startup of Prometheus relies on the configuration file prometheus.yml, the contents of which can be configured in ConfigMap and dynamically mounted to the Pod.
Create the ConfigMap file used by Prometheus by referring to the following yaml:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: prometheus-config\ndata:\n prometheus.yml: |-\n global:\n scrape_interval: 15s \n evaluation_interval: 15s\n scrape_configs:\n - job_name: 'prometheus'\n static_configs:\n - targets: ['localhost:9090']\n\n - job_name: 'kubernetes-nodes'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: node\n\n - job_name: 'kubernetes-service'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: service\n\n - job_name: 'kubernetes-endpoints'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: endpoints\n\n - job_name: 'kubernetes-ingress'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: ingress\n\n - job_name: 'kubernetes-pods'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: pod\n
Prometheus provides role-based querying of Kubernetes resource monitoring operations, which can be configured in the official documentation kubernetes_sd_config\u3002
"},{"location":"en/guide/prometheus/#deploy-prometheus","title":"Deploy Prometheus","text":"Deploy Prometheus Server by referring to the following yaml:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: prometheus\n name: prometheus\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: prometheus\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n labels:\n app: prometheus\n spec:\n serviceAccountName: prometheus\n serviceAccount: prometheus\n containers:\n - image: docker.io/prom/prometheus:latest\n imagePullPolicy: IfNotPresent\n name: prometheus\n command:\n - \"/bin/prometheus\"\n args:\n - \"--config.file=/etc/prometheus/prometheus.yml\"\n ports:\n - containerPort: 9090\n protocol: TCP\n volumeMounts:\n - mountPath: \"/etc/prometheus\"\n name: prometheus-config\n volumes:\n - name: prometheus-config\n configMap:\n name: prometheus-config\n
Deploy Prometheus Service by referring to the following yaml:
kind: Service\napiVersion: v1\nmetadata:\n name: prometheus\n namespace: default\n labels:\n name: prometheus\nspec:\n ports:\n - name: test\n protocol: TCP\n port: 9090\n targetPort: 9090\n type: NodePort\n selector:\n app: prometheus\n sessionAffinity: None\n
After exposing Prometheus through NodePort, Prometheus can be accessed through the node address.
"},{"location":"en/guide/prometheus/#prometheus-metrics-config","title":"Prometheus Metrics Config","text":"View information about Prometheus on the environment:
# kubectl get svc \nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkubernetes ClusterIP 10.4.0.1 <none> 443/TCP 8d\nprometheus NodePort 10.4.102.222 <none> 9090:32611/TCP 8d\n# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nprometheus-7544b6b84d-v9m8s 1/1 Running 0 3d5h 10.3.0.7 192.168.137.219 <none> <none>\n# kubectl get endpoints -o wide\nNAME ENDPOINTS AGE\nkubernetes 192.168.136.228:6443,192.168.136.232:6443,192.168.137.219:6443 8d\nprometheus 10.3.0.7:9090 8d\n
Access Prometheus via NodePort to see the data dynamically queried by Status/Service Discovery:
You can see that you can currently query all the service data information on the cluster.
"},{"location":"en/guide/prometheus/#configure-to-query-specified-resource","title":"Configure to Query Specified Resource","text":"The ConfigMap configuration above queries all resource data. If you only need resource data for a certain role, you can add filter conditions.
Take Service as an example, modify the ConfigMap content to query only the service monitoring data:
- job_name: 'kubernetes-service'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: service\n relabel_configs:\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]\n action: \"keep\"\n regex: \"true\"\n - action: labelmap\n regex: __meta_kubernetes_service_label_(.+)\n - source_labels: [__meta_kubernetes_namespace]\n target_label: kubernetes_namespace\n - source_labels: [__meta_kubernetes_service_name]\n target_label: kubernetes_service_name\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]\n action: replace\n target_label: __metrics_path__\n regex: \"(.+)\"\n
Check the Kube-OVN Service in kube-system Namespace:
# kubectl get svc -n kube-system\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkube-dns ClusterIP 10.4.0.10 <none> 53/UDP,53/TCP,9153/TCP 13d\nkube-ovn-cni ClusterIP 10.4.228.60 <none> 10665/TCP 13d\nkube-ovn-controller ClusterIP 10.4.172.213 <none> 10660/TCP 13d\nkube-ovn-monitor ClusterIP 10.4.242.9 <none> 10661/TCP 13d\nkube-ovn-pinger ClusterIP 10.4.122.52 <none> 8080/TCP 13d\novn-nb ClusterIP 10.4.80.213 <none> 6641/TCP 13d\novn-northd ClusterIP 10.4.126.234 <none> 6643/TCP 13d\novn-sb ClusterIP 10.4.216.249 <none> 6642/TCP 13d\n
Add annotation prometheus.io/scrape=\"true\" to Service\uff1a
# kubectl annotate svc -n kube-system kube-ovn-cni prometheus.io/scrape=true\nservice/kube-ovn-cni annotated\n# kubectl annotate svc -n kube-system kube-ovn-controller prometheus.io/scrape=true\nservice/kube-ovn-controller annotated\n# kubectl annotate svc -n kube-system kube-ovn-monitor prometheus.io/scrape=true\nservice/kube-ovn-monitor annotated\n# kubectl annotate svc -n kube-system kube-ovn-pinger prometheus.io/scrape=true\nservice/kube-ovn-pinger annotated\n
Check the configured Service information:
# kubectl get svc -o yaml -n kube-system kube-ovn-controller\napiVersion: v1\nkind: Service\nmetadata:\n annotations:\n helm.sh/chart-version: v3.10.0-alpha.55\n helm.sh/original-name: kube-ovn-controller\n ovn.kubernetes.io/vpc: ovn-cluster\n prometheus.io/scrape: \"true\" // added annotation\n labels:\n app: kube-ovn-controller\n name: kube-ovn-controller\n namespace: kube-system\nspec:\n clusterIP: 10.4.172.213\n clusterIPs:\n - 10.4.172.213\n internalTrafficPolicy: Cluster\n ipFamilies:\n - IPv4\n ipFamilyPolicy: SingleStack\n ports:\n - name: metrics\n port: 10660\n protocol: TCP\n targetPort: 10660\n selector:\n app: kube-ovn-controller\n sessionAffinity: None\n type: ClusterIP\nstatus:\n loadBalancer: {}\n
Looking at the Prometheus Status Targets information, you can only see the Services with annotation:
For more information about adding filter parameters to relabel, please check Prometheus-Relabel\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/qos/","title":"Manage QoS","text":"Kube-OVN supports two types of Pod level QoS:
- Maximum bandwidth limit QoS.
linux-netem, QoS for simulating latency and packet loss that can be used for simulation testing.
Currently, only Pod level QoS is supported, and QoS restrictions at the Namespace or Subnet level are not supported.
"},{"location":"en/guide/qos/#maximum-bandwidth-limit-qos","title":"Maximum Bandwidth Limit QoS","text":"This type of QoS can be dynamically configured via Pod annotation and can be adjusted without restarting running Pod. Bandwidth speed limit unit is Mbit/s.
apiVersion: v1\nkind: Pod\nmetadata:\n name: qos\n namespace: ls1\n annotations:\n ovn.kubernetes.io/ingress_rate: \"3\"\n ovn.kubernetes.io/egress_rate: \"1\"\nspec:\n containers:\n - name: qos\n image: docker.io/library/nginx:alpine\n
Use annotation to dynamically adjust QoS:
kubectl annotate --overwrite pod nginx-74d5899f46-d7qkn ovn.kubernetes.io/ingress_rate=3\n
"},{"location":"en/guide/qos/#test-qos","title":"Test QoS","text":"Deploy the containers needed for performance testing:
kind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: perf\n namespace: ls1\n labels:\n app: perf\nspec:\n selector:\n matchLabels:\n app: perf\n template:\n metadata:\n labels:\n app: perf\n spec:\n containers:\n - name: nginx\n image: docker.io/kubeovn/perf\n
Exec into one Pod and run iperf3 server:
# kubectl exec -it perf-4n4gt -n ls1 sh\n# iperf3 -s\n-----------------------------------------------------------\nServer listening on 5201\n-----------------------------------------------------------\n
Exec into the other Pod and run iperf3 client to connect above server address:
# kubectl exec -it perf-d4mqc -n ls1 sh\n# iperf3 -c 10.66.0.12\nConnecting to host 10.66.0.12, port 5201\n[ 4] local 10.66.0.14 port 51544 connected to 10.66.0.12 port 5201\n[ ID] Interval Transfer Bandwidth Retr Cwnd\n[ 4] 0.00-1.00 sec 86.4 MBytes 725 Mbits/sec 3 350 KBytes\n[ 4] 1.00-2.00 sec 89.9 MBytes 754 Mbits/sec 118 473 KBytes\n[ 4] 2.00-3.00 sec 101 MBytes 848 Mbits/sec 184 586 KBytes\n[ 4] 3.00-4.00 sec 104 MBytes 875 Mbits/sec 217 671 KBytes\n[ 4] 4.00-5.00 sec 111 MBytes 935 Mbits/sec 175 772 KBytes\n[ 4] 5.00-6.00 sec 100 MBytes 840 Mbits/sec 658 598 KBytes\n[ 4] 6.00-7.00 sec 106 MBytes 890 Mbits/sec 742 668 KBytes\n[ 4] 7.00-8.00 sec 102 MBytes 857 Mbits/sec 764 724 KBytes\n[ 4] 8.00-9.00 sec 97.4 MBytes 817 Mbits/sec 1175 764 KBytes\n[ 4] 9.00-10.00 sec 111 MBytes 934 Mbits/sec 1083 838 KBytes\n- - - - - - - - - - - - - - - - - - - - - - - - -\n[ ID] Interval Transfer Bandwidth Retr\n[ 4] 0.00-10.00 sec 1010 MBytes 848 Mbits/sec 5119 sender\n[ 4] 0.00-10.00 sec 1008 MBytes 846 Mbits/sec receiver\n\niperf Done.\n
Modify the ingress bandwidth QoS for the first Pod:
kubectl annotate --overwrite pod perf-4n4gt -n ls1 ovn.kubernetes.io/ingress_rate=30\n
Test the Pod bandwidth again from the second Pod:
# iperf3 -c 10.66.0.12\nConnecting to host 10.66.0.12, port 5201\n[ 4] local 10.66.0.14 port 52372 connected to 10.66.0.12 port 5201\n[ ID] Interval Transfer Bandwidth Retr Cwnd\n[ 4] 0.00-1.00 sec 3.66 MBytes 30.7 Mbits/sec 2 76.1 KBytes\n[ 4] 1.00-2.00 sec 3.43 MBytes 28.8 Mbits/sec 0 104 KBytes\n[ 4] 2.00-3.00 sec 3.50 MBytes 29.4 Mbits/sec 0 126 KBytes\n[ 4] 3.00-4.00 sec 3.50 MBytes 29.3 Mbits/sec 0 144 KBytes\n[ 4] 4.00-5.00 sec 3.43 MBytes 28.8 Mbits/sec 0 160 KBytes\n[ 4] 5.00-6.00 sec 3.43 MBytes 28.8 Mbits/sec 0 175 KBytes\n[ 4] 6.00-7.00 sec 3.50 MBytes 29.3 Mbits/sec 0 212 KBytes\n[ 4] 7.00-8.00 sec 3.68 MBytes 30.9 Mbits/sec 0 294 KBytes\n[ 4] 8.00-9.00 sec 3.74 MBytes 31.4 Mbits/sec 0 398 KBytes\n[ 4] 9.00-10.00 sec 3.80 MBytes 31.9 Mbits/sec 0 526 KBytes\n- - - - - - - - - - - - - - - - - - - - - - - - -\n[ ID] Interval Transfer Bandwidth Retr\n[ 4] 0.00-10.00 sec 35.7 MBytes 29.9 Mbits/sec 2 sender\n[ 4] 0.00-10.00 sec 34.5 MBytes 29.0 Mbits/sec receiver\n\niperf Done.\n
"},{"location":"en/guide/qos/#linux-netem-qos","title":"linux-netem QoS","text":"Pod can use annotation below to config linux-netem type QoS\uff1a ovn.kubernetes.io/latency\u3001ovn.kubernetes.io/limit and ovn.kubernetes.io/loss\u3002
To install netem related modules on RHEL series operating systems, follow these instructions: yum install -y kernel-modules-extra && modprobe sch_netem
ovn.kubernetes.io/latency: Set the Pod traffic delay to an integer value in ms.ovn.kubernetes.io/limit\uff1a Set the maximum number of packets that the qdisc queue can hold, and takes an integer value, such as 1000.ovn.kubernetes.io/loss\uff1a Set packet loss probability, the value is float type, for example, the value is 20, then it is set 20% packet loss probability.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/setup-options/","title":"Installation and Configuration Options","text":"In One-Click Installation we use the default configuration for installation. Kube-OVN also supports more custom configurations, which can be configured in the installation script, or later by changing the parameters of individual components. This document will describe what these customization options do, and how to configure them.
"},{"location":"en/guide/setup-options/#built-in-network-settings","title":"Built-in Network Settings","text":"Kube-OVN will configure two built-in Subnets during installation:
default Subnet, as the default subnet used by the Pod to assign IPs, with a default CIDR of 10.16.0.0/16 and a gateway of 10.16.0.1.- The
join subnet, as a special subnet for network communication between the Node and Pod, has a default CIDR of 100.64.0.0/16 and a gateway of 100.64.0.1.
The configuration of these two subnets can be changed during installation via the installation scripts variables:
POD_CIDR=\"10.16.0.0/16\"\nPOD_GATEWAY=\"10.16.0.1\"\nJOIN_CIDR=\"100.64.0.0/16\"\nEXCLUDE_IPS=\"\"\n
EXCLUDE_IP sets the address range for which kube-ovn-controller will not automatically assign from it, the format is: 192.168.10.20..192.168.10.30.
Note that in the Overlay case these two Subnets CIDRs cannot conflict with existing host networks and Service CIDRs.
You can change the address range of both Subnets after installation by referring to Change Subnet CIDR and Change Join Subnet CIDR.
"},{"location":"en/guide/setup-options/#config-service-cidr","title":"Config Service CIDR","text":"Since some of the iptables and routing rules set by kube-proxy will conflict with the rules set by Kube-OVN, Kube-OVN needs to know the CIDR of the service to set the corresponding rules correctly.
This can be done by modifying the installation script:
SVC_CIDR=\"10.96.0.0/12\" \n
You can also modify the args of the kube-ovn-controller Deployment after installation:
args:\n- --service-cluster-ip-range=10.96.0.0/12\n
"},{"location":"en/guide/setup-options/#overlay-nic-selection","title":"Overlay NIC Selection","text":"In the case of multiple NICs on a node, Kube-OVN will select the NIC corresponding to the Kubernetes Node IP as the NIC for cross-node communication between containers and establish the corresponding tunnel.
If you need to select another NIC to create a container tunnel, you can change it in the installation script:
IFACE=eth1\n
This option supports regular expressions separated by commas, e.g. 'ens[a-z0-9],eth[a-z0-9]'.
It can also be adjusted after installation by modifying the args of the kube-ovn-cni DaemonSet:
args:\n- --iface=eth1\n
If each machine has a different NIC name and there is no fixed pattern, you can use the node annotation ovn.kubernetes.io/tunnel_interface to configure each node one by one. This annotation will override the configuration of iface.
kubectl annotate node no1 ovn.kubernetes.io/tunnel_interface=ethx\n
"},{"location":"en/guide/setup-options/#config-mtu","title":"Config MTU","text":"Since Overlay encapsulation requires additional space, Kube-OVN will adjust the MTU of the container NIC based on the MTU of the selected NIC when creating the container NIC. By default, the Pod NIC MTU is the host NIC MTU - 100 on the Overlay Subnet, and the Pod NIC and host NIC have the same MTU on the Underlay Subnet.
If you need to adjust the size of the MTU under the Overlay subnet, you can modify the parameters of the kube-ovn-cni DaemonSet:
args:\n- --mtu=1333\n
"},{"location":"en/guide/setup-options/#global-traffic-mirroring-setting","title":"Global Traffic Mirroring Setting","text":"When global traffic mirroring is enabled, Kube-OVN will create a mirror0 virtual NIC on each node and copy all container network traffic from the current machine to that NIC\uff0c Users can perform traffic analysis with tcpdump and other tools. This function can be enabled in the installation script:
ENABLE_MIRROR=true\n
It can also be adjusted after installation by modifying the args of the kube-ovn-cni DaemonSet:
args:\n- --enable-mirror=true\n
The ability to mirror traffic is disabled in the default installation, if you need fine-grained traffic mirroring or need to mirror traffic to additional NICs please refer to Traffic Mirror.
"},{"location":"en/guide/setup-options/#lb-settings","title":"LB Settings","text":"Kube-OVN uses L2 LB in OVN to implement service forwarding. In Overlay scenarios, users can choose to use kube-proxy for service traffic forwarding, in which case the LB function of Kube-OVN can be disabled to achieve better performance on the control plane and data plane.
This feature can be configured in the installation script:
ENABLE_LB=false\n
It can also be configured after installation by changing the args of the kube-ovn-controller Deployment:
args:\n- --enable-lb=false\n
The LB feature is enabled in the default installation.
The spec field enableLb has been added to the subnet crd definition since Kube-OVN v1.12.0 to migrate the LB function of Kube-OVN to the subnet level. You can set whether to enable the LB function based on different subnets. The enable-lb parameter in the kube-ovn-controller deployment is used as a global switch to control whether to create a load-balancer record. The enableLb parameter added in the subnet is used to control whether the subnet is associated with a load-balancer record. After the previous version is upgraded to v1.12.0, the enableLb parameter of the subnet will automatically inherit the value of the original global switch parameter.
"},{"location":"en/guide/setup-options/#networkpolicy-settings","title":"NetworkPolicy Settings","text":"Kube-OVN uses ACLs in OVN to implement NetworkPolicy. Users can choose to disable the NetworkPolicy feature or use the Cilium Chain approach to implement NetworkPolicy using eBPF. In this case, the NetworkPolicy feature of Kube-OVN can be disabled to achieve better performance on the control plane and data plane.
This feature can be configured in the installation script:
ENABLE_NP=false\n
It can also be configured after installation by changing the args of the kube-ovn-controller Deployment:
args:\n- --enable-np=false\n
NetworkPolicy is enabled by default.
"},{"location":"en/guide/setup-options/#eip-and-snat-settings","title":"EIP and SNAT Settings","text":"If the EIP and SNAT capabilities are not required on the default VPC, users can choose to disable them to reduce the performance overhead of kube-ovn-controller in large scale cluster environments and improve processing speed.
This feature can be configured in the installation script:
ENABLE_EIP_SNAT=false\n
It can also be configured after installation by changing the args of the kube-ovn-controller Deployment:
args:\n- --enable-eip-snat=false\n
EIP and SNAT is enabled by default. More information can refer to EIP and SNAT\u3002
"},{"location":"en/guide/setup-options/#centralized-gateway-ecmp-settings","title":"Centralized Gateway ECMP Settings","text":"The centralized gateway supports two mode of high availability, primary-backup and ECMP. If you want to enable ECMP mode, you need to change the args of kube-ovn-controller Deployment:
args:\n- --enable-ecmp=true \n
Centralized gateway default installation under the primary-backup mode, more gateway-related content please refer to Config Subnet.
The spec field enableEcmp has been added to the subnet crd definition since Kube-OVN v1.12.0 to migrate the ECMP switch to the subnet level. You can set whether to enable ECMP mode based on different subnets. The enable-ecmp parameter in the kube-ovn-controller deployment is no longer used. After the previous version is upgraded to v1.12.0, the subnet switch will automatically inherit the value of the original global switch parameter.
"},{"location":"en/guide/setup-options/#kubevirt-vm-fixed-address-settings","title":"Kubevirt VM Fixed Address Settings","text":"For VM instances created by Kubevirt, kube-ovn-controller can assign and manage IP addresses in a similar way to the StatefulSet Pod. This allows VM instances address fixed during start-up, shutdown, upgrade, migration, and other operations throughout their lifecycle, making them more compatible with the actual virtualization user experience.
This feature is enabled by default after v1.10.6. To disable this feature, you need to change the following args in the kube-ovn-controller Deployment:
args:\n- --keep-vm-ip=false\n
"},{"location":"en/guide/setup-options/#cni-settings","title":"CNI Settings","text":"By default, Kube-OVN installs the CNI binary in the /opt/cni/bin directory and the CNI configuration file 01-kube-ovn.conflist in the /etc/cni/net.d directory. If you need to change the installation location and the priority of the CNI configuration file, you can modify the following parameters of the installation script.
CNI_CONF_DIR=\"/etc/cni/net.d\"\nCNI_BIN_DIR=\"/opt/cni/bin\"\nCNI_CONFIG_PRIORITY=\"01\"\n
Or change the Volume mount and args of the kube-ovn-cni DaemonSet after installation:
volumes:\n- name: cni-conf\n hostPath:\n path: \"/etc/cni/net.d\"\n- name: cni-bin\n hostPath:\n path:\"/opt/cni/bin\"\n...\nargs:\n- --cni-conf-name=01-kube-ovn.conflist\n
"},{"location":"en/guide/setup-options/#tunnel-type-settings","title":"Tunnel Type Settings","text":"The default encapsulation mode of Kube-OVN Overlay is Geneve, if you want to change it to Vxlan or STT, please adjust the following parameters in the installation script:
TUNNEL_TYPE=\"vxlan\"\n
Or change the environment variables of ovs-ovn DaemonSet after installation:
env:\n- name: TUNNEL_TYPE\n value: \"vxlan\"\n
If you need to use the STT tunnel and need to compile additional kernel modules for ovs, please refer to Performance Tunning\u3002
Please refer to Tunneling Protocol Selection for the differences between the different protocols in practice.
"},{"location":"en/guide/setup-options/#ssl-settings","title":"SSL Settings","text":"The OVN DB API interface supports SSL encryption to secure the connection. To enable it, adjust the following parameters in the installation script:
ENABLE_SSL=true\n
The SSL is disabled by default.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/static-ip-mac/","title":"Fixed Addresses","text":"By default, Kube-OVN randomly assigns IPs and Macs based on the Subnet to which the Pod's Namespace belongs. For workloads that require fixed addresses, Kube-OVN provides multiple methods of fixing addresses depending on the scenario.
- Single Pod fixed IP/Mac.
- Workload IP Pool to specify fixed addresses.
- StatefulSet fixed address.
- KubeVirt VM fixed address.
"},{"location":"en/guide/static-ip-mac/#single-pod-fixed-ipmac","title":"Single Pod Fixed IP/Mac","text":"You can specify the IP/Mac required for the Pod by annotation when creating the Pod. The kube-ovn-controller will skip the address random assignment phase and use the specified address directly after conflict detection, as follows:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: ippool\n labels:\n app: ippool\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: ippool\n template:\n metadata:\n labels:\n app: ippool\n annotations:\n ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17 // for dualstack ippool use semicolon to separate addresses 10.16.0.15,fd00:10:16::000E;10.16.0.16,fd00:10:16::0\n spec:\n containers:\n - name: ippool\n image: docker.io/library/nginx:alpine\n
The following points need to be noted when using annotation.
- The IP/Mac used cannot conflict with an existing IP/Mac.
- The IP must be in the CIDR range of the Subnet it belongs to.
- You can specify only IP or Mac. When you specify only one, the other one will be assigned randomly.
"},{"location":"en/guide/static-ip-mac/#workload-ip-pool","title":"Workload IP Pool","text":"Kube-OVN supports setting fixed IPs for Workloads (Deployment/StatefulSet/DaemonSet/Job/CronJob) via annotation ovn.kubernetes.io/ip_pool. kube-ovn-controller will automatically select the IP specified in ovn.kubernetes.io/ip_pool and perform conflict detection.
The Annotation of the IP Pool needs to be added to the annotation field in the template. In addition to Kubernetes built-in workload types, other user-defined workloads can also be assigned fixed addresses using the same approach.
"},{"location":"en/guide/static-ip-mac/#deployment-with-fixed-ips","title":"Deployment With Fixed IPs","text":"apiVersion: apps/v1\nkind: Deployment\nmetadata:\n namespace: ls1\n name: starter-backend\n labels:\n app: starter-backend\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: starter-backend\n template:\n metadata:\n labels:\n app: starter-backend\n annotations:\n ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17 // for dualstack ippool use semicolon to separate addresses 10.16.0.15,fd00:10:16::000E;10.16.0.16,fd00:10:16::000F;10.16.0.17,fd00:10:16::0010\n spec:\n containers:\n - name: backend\n image: docker.io/library/nginx:alpine\n
Using a fixed IP for Workload requires the following:
- The IP in
ovn.kubernetes.io/ip_pool should belong to the CIDR of the Subnet. - The IP in
ovn.kubernetes.io/ip_pool cannot conflict with an IP already in use. - When the number of IPs in
ovn.kubernetes.io/ip_pool is less than the number of replicas, the extra Pods will not be created. You need to adjust the number of IPs in ovn.kubernetes.io/ip_pool according to the update policy of the workload and the scaling plan.
"},{"location":"en/guide/static-ip-mac/#statefulset-fixed-address","title":"StatefulSet Fixed Address","text":"StatefulSet supports fixed IP by default, and like other Workload, you can use ovn.kubernetes.io/ip_pool to specify the range of IP used by a Pod.
Since StatefulSet is mostly used for stateful services, which have higher requirements for fixed addresses, Kube-OVN has made special enhancements:
- Pods are assigned IPs in
ovn.kubernetes.io/ip_pool in order. For example, if the name of the StatefulSet is web, web-0 will use the first IP in ovn.kubernetes.io/ip_pool, web-1 will use the second IP, and so on. - The logical_switch_port in the OVN is not deleted during update or deletion of the StatefulSet Pod, and the newly generated Pod directly reuses the old logical port information. Pods can therefore reuse IP/Mac and other network information to achieve similar state retention as StatefulSet Volumes.
- Based on the capabilities of 2, for StatefulSet without the
ovn.kubernetes.io/ip_pool annotation, a Pod is randomly assigned an IP/Mac when it is first generated, and then the network information remains fixed for the lifetime of the StatefulSet.
"},{"location":"en/guide/static-ip-mac/#statefulset-example","title":"StatefulSet Example","text":"apiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n name: web\nspec:\n serviceName: \"nginx\"\n replicas: 2\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n ports:\n - containerPort: 80\n name: web\n
You can try to delete the Pod under StatefulSet to observe if the Pod IP changes.
"},{"location":"en/guide/static-ip-mac/#kubevirt-vm-fixed-address","title":"KubeVirt VM Fixed Address","text":"For VM instances created by KubeVirt, kube-ovn-controller can assign and manage IP addresses in a similar way to the StatefulSet Pod. This allows VM instances address fixed during start-up, shutdown, upgrade, migration, and other operations throughout their lifecycle, making them more compatible with the actual virtualization user experience.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/subnet/","title":"Config Subnet","text":"Subnet is a core concept and basic unit of use in Kube-OVN, and Kube-OVN organizes IP and network configuration in terms of Subnet. Each Namespace can belong to a specific Subnet, and Pods under the Namespace automatically obtain IPs from the Subnet they belong to and share the network configuration (CIDR, gateway type, access control, NAT control, etc.).
Unlike other CNI implementations where each node is bound to a subnet, in Kube-OVN the Subnet is a global level virtual network configuration, and the addresses of one Subnet can be distributed on any node.
There are some differences in the usage and configuration of Overlay and Underlay Subnets, and this document will describe the common configurations and differentiated features of the different types of Subnets.
"},{"location":"en/guide/subnet/#default-subnet","title":"Default Subnet","text":"To make it easier for users to get started quickly, Kube-OVN has a built-in default Subnet, all Namespaces that do not explicitly declare subnet affiliation are automatically assigned IPs from the default subnet and the network information. The configuration of this Subnet is specified at installation time, you can refer to Built-in Network Settings for more details. To change the CIDR of the default Subnet after installation please refer to Change Subnet CIDR.
In Overlay mode, the default Subnet uses a distributed gateway and NAT translation for outbound traffic, which behaves much the same as the Flannel's default behavior, allowing users to use most of the network features without additional configuration.
In Underlay mode, the default Subnet uses the physical gateway as the outgoing gateway and enables arping to check network connectivity.
"},{"location":"en/guide/subnet/#check-the-default-subnet","title":"Check the Default Subnet","text":"The default field in the default Subnet spec is set to true, and there is only one default Subnet in a cluster, named ovn-default.
# kubectl get subnet ovn-default -o yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n creationTimestamp: \"2019-08-06T09:33:43Z\"\n generation: 1\n name: ovn-default\n resourceVersion: \"1571334\"\n selfLink: /apis/kubeovn.io/v1/subnets/ovn-default\n uid: 7e2451f8-fb44-4f7f-b3e0-cfd27f6fd5d6\nspec:\n cidrBlock: 10.16.0.0/16\n default: true\n excludeIps:\n - 10.16.0.1\n gateway: 10.16.0.1\n gatewayType: distributed\n natOutgoing: true\n private: false\n protocol: IPv4\n
"},{"location":"en/guide/subnet/#join-subnet","title":"Join Subnet","text":"In the Kubernetes network specification, it is required that Nodes can communicate directly with all Pods. To achieve this in Overlay network mode, Kube-OVN creates a join Subnet and creates a virtual NIC ovn0 at each node that connect to the join subnet, through which the nodes and Pods can communicate with each other.
The configuration of this Subnet is specified at installation time, you can refer to Built-in Network Settings for more details. To change the CIDR of the Join Subnet after installation please refer to Change Join CIDR.
"},{"location":"en/guide/subnet/#check-the-join-subnet","title":"Check the Join Subnet","text":"The default name of this subnet is join. There is generally no need to make changes to the network configuration except the CIDR.
# kubectl get subnet join -o yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n creationTimestamp: \"2019-08-06T09:33:43Z\"\n generation: 1\n name: join\n resourceVersion: \"1571333\"\n selfLink: /apis/kubeovn.io/v1/subnets/join\n uid: 9c744810-c678-4d50-8a7d-b8ec12ef91b8\nspec:\n cidrBlock: 100.64.0.0/16\n default: false\n excludeIps:\n - 100.64.0.1\n gateway: 100.64.0.1\n gatewayNode: \"\"\n gatewayType: \"\"\n natOutgoing: false\n private: false\n protocol: IPv4\n
Check the ovn0 NIC at the node:
# ifconfig ovn0\novn0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1420\n inet 100.64.0.4 netmask 255.255.0.0 broadcast 100.64.255.255\n inet6 fe80::800:ff:fe40:5 prefixlen 64 scopeid 0x20<link>\n ether 0a:00:00:40:00:05 txqueuelen 1000 (Ethernet)\n RX packets 18 bytes 1428 (1.3 KiB)\n RX errors 0 dropped 0 overruns 0 frame 0\n TX packets 19 bytes 1810 (1.7 KiB)\n TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0\n
"},{"location":"en/guide/subnet/#create-custom-subnets","title":"Create Custom Subnets","text":"Here we describe the basic operation of how to create a Subnet and associate it with a Namespace, for more advanced configuration, please refer to the subsequent content.
"},{"location":"en/guide/subnet/#create-subnet","title":"Create Subnet","text":"cat <<EOF | kubectl create -f -\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 10.66.0.0/16\n excludeIps:\n - 10.66.0.1..10.66.0.10\n - 10.66.0.101..10.66.0.151\n gateway: 10.66.0.1\n gatewayType: distributed\n natOutgoing: true\n routeTable: \"\"\n namespaces:\n - ns1\n - ns2\nEOF\n
cidrBlock: Subnet CIDR range, different Subnet CIDRs under the same VPC cannot overlap.excludeIps: The address list is reserved so that the container network will not automatically assign addresses in the list, which can be used as a fixed IP address assignment segment or to avoid conflicts with existing devices in the physical network in Underlay mode.gateway\uff1aFor this subnet gateway address, Kube-OVN will automatically assign the corresponding logical gateway in Overlay mode, and the address should be the underlying physical gateway address in Underlay mode.namespaces: Bind the list of Namespace for this Subnet. Pods under the Namespace will be assigned addresses from the current Subnet after binding.routeTable: Associate the route table, default is main table, route table definition please defer to Static Routes
"},{"location":"en/guide/subnet/#create-pod-in-the-subnet","title":"Create Pod in the Subnet","text":"# kubectl create ns ns1\nnamespace/ns1 created\n\n# kubectl run nginx --image=docker.io/library/nginx:alpine -n ns1\ndeployment.apps/nginx created\n\n# kubectl get pod -n ns1 -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nnginx-74d5899f46-n8wtg 1/1 Running 0 10s 10.66.0.11 node1 <none> <none>\n
"},{"location":"en/guide/subnet/#workload-subnet-binding","title":"Workload Subnet Binding","text":"By default, Pods will be assigned IP addresses from the subnet belonging to the Namespace. If a specific subnet needs to be specified for a Workload, it can be achieved by setting the Pod's annotation ovn.kubernetes.io/logical_switch:
apiVersion: v1\nkind: Pod\nmetadata:\n name: another-subnet\n annotations:\n ovn.kubernetes.io/logical_switch: subnet1\nspec:\n containers:\n - name: another-subnet\n image: docker.io/library/nginx:alpine\n
If you need to bind a subnet to a Workload type resource such as Deployment or StatefulSet, you need to set the ovn.kubernetes.io/logical_switch Annotation in spec.template.metadata.annotations.
"},{"location":"en/guide/subnet/#overlay-subnet-gateway-settings","title":"Overlay Subnet Gateway Settings","text":"This feature only works for Overlay mode Subnets, Underlay type Subnets need to use the underlying physical gateway to access the external network.
Pods under the Overlay Subnet need to access the external network through a gateway, and Kube-OVN currently supports two types of gateways: distributed gateway and centralized gateway which can be changed in the Subnet spec.
Both types of gateways support the natOutgoing setting, which allows the user to choose whether snat is required when the Pod accesses the external network.
"},{"location":"en/guide/subnet/#distributed-gateway","title":"Distributed Gateway","text":"The default type of gateway for the Subnet, each node will act as a gateway for the pod on the current node to access the external network. The packets from container will flow into the host network stack from the local ovn0 NIC, and then forwarding the network according to the host's routing rules. When natOutgoing is true, the Pod will use the IP of the current host when accessing the external network.
Example of a Subnet, where the gatewayType field is distributed:
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: distributed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: distributed\n natOutgoing: true\n
"},{"location":"en/guide/subnet/#centralized-gateway","title":"Centralized Gateway","text":"Note: Pods under a centralized subnet cannot be accessed through hostport or a NodePort type Service with externalTrafficPolicy: Local.
If you want traffic within the Subnet to access the external network using a fixed IP for security operations such as auditing and whitelisting, you can set the gateway type in the Subnet to centralized. In centralized gateway mode, packets from Pods accessing the external network are first routed to the ovn0 NIC of a specific nodes, and then outbound through the host's routing rules. When natOutgoing is true, the Pod will use the IP of a specific nodes when accessing the external network.
The centralized gateway example is as follows, where the gatewayType field is centralized and gatewayNode is the NodeName of the particular machine in Kubernetes.
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: centralized\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: centralized\n gatewayNode: \"node1,node2\"\n natOutgoing: true\n
- If a centralized gateway wants to specify a specific NIC of a machine for outbound networking,
gatewayNode format can be changed to kube-ovn-worker:172.18.0.2, kube-ovn-control-plane:172.18.0.3. - The centralized gateway defaults to primary-backup mode, with only the primary node performing traffic forwarding. If you need to switch to ECMP mode, please refer to ECMP Settings.
- The spec field
enableEcmp has been added to the subnet crd definition since Kube-OVN v1.12.0 to migrate the ECMP switch to the subnet level. You can set whether to enable ECMP mode based on different subnets. The enable-ecmp parameter in the kube-ovn-controller deployment is no longer used. After the previous version is upgraded to v1.12.0, the subnet switch will automatically inherit the value of the original global switch parameter.
"},{"location":"en/guide/subnet/#subnet-acl","title":"Subnet ACL","text":"For scenarios with fine-grained ACL control, Subnet of Kube-OVN provides ACL to enable fine-grained rules.
The ACL rules in Subnet are the same as the ACL rules in OVN, and you can refer to ovn-nb ACL Table for more details. The supported filed in match can refer to ovn-sb Logical Flow Table.
Example of an ACL rule that allows Pods with IP address 10.10.0.2 to access all addresses, but does not allow other addresses to access itself, is as follows:
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: acl\nspec:\n acls:\n - action: drop\n direction: to-lport\n match: ip4.dst == 10.10.0.2 && ip\n priority: 1002\n - action: allow-related\n direction: from-lport\n match: ip4.src == 10.10.0.2 && ip\n priority: 1002\n cidrBlock: 10.10.0.0/24\n
"},{"location":"en/guide/subnet/#subnet-isolation","title":"Subnet Isolation","text":"The function of Subnet ACL can cover the function of Subnet isolation with better flexibility, we recommend using Subnet ACL to do the corresponding configuration.
By default the Subnets created by Kube-OVN can communicate with each other, and Pods can also access external networks through the gateway.
To control access between Subnets, set private to true in the subnet spec, and the Subnet will be isolated from other Subnets and external networks and can only communicate within the Subnet. If you want to open a whitelist, you can set it by allowSubnets. The CIDRs in allowSubnets can access the Subnet bidirectionally.
"},{"location":"en/guide/subnet/#enable-subnet-isolation-examples","title":"Enable Subnet Isolation Examples","text":"apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: private\nspec:\n protocol: IPv4\n default: false\n namespaces:\n - ns1\n - ns2\n cidrBlock: 10.69.0.0/16\n private: true\n allowSubnets:\n - 10.16.0.0/16\n - 10.18.0.0/16\n
"},{"location":"en/guide/subnet/#underlay-settings","title":"Underlay Settings","text":"This part of the feature is only available for Underlay type Subnets.
vlan: If an Underlay network is used, this field is used to control which Vlan CR the Subnet is bound to. This option defaults to the empty string, meaning that the Underlay network is not used.logicalGateway: Some Underlay environments are pure Layer 2 networks, with no physical Layer 3 gateway. In this case a virtual gateway can be set up with the OVN to connect the Underlay and Overlay networks. The default value is: false.
"},{"location":"en/guide/subnet/#gateway-check-settings","title":"Gateway Check Settings","text":"By default kube-ovn-cni will request the gateway using ICMP or ARP protocol after starting the Pod and wait for the return to verify that the network is working properly. Some Underlay environment gateways cannot respond to ICMP requests, or scenarios that do not require external connectivity, the checking can be disabled .
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: disable-gw-check\nspec:\n disableGatewayCheck: true\n
"},{"location":"en/guide/subnet/#multicast-snoop-setting","title":"Multicast-Snoop Setting","text":"By default, if a Pod in a subnet sends a multicast packet, OVN's default behavior is to broadcast the multicast packet to all Pods in the subnet. If turned on the subnet's multicast snoop switch, OVN will forward based on the multicast table Multicast_Group in the South Database instead of broadcasting.
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sample1\nspec:\n enableMulticastSnoop: true\n
"},{"location":"en/guide/subnet/#subnet-mtu-setting","title":"Subnet MTU Setting","text":"Configure the MTU of the Pod under Subnet. After configuration, you need to restart the Pod under Subnet to take effect.
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sample1\nspec:\n mtu: 1300\n
"},{"location":"en/guide/subnet/#other-advanced-settings","title":"Other Advanced Settings","text":" - Configure IPPool
- Default VPC NAT Policy Rule
- Manage QoS
- Manage Multiple Interface
- DHCP
- External Gateway
- Cluster Inter-Connection with OVN-IC
- VIP Reservation
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/vpc-qos/","title":"VPC QoS","text":"Kube-OVN supports using QoSPolicy CRD to limit the traffic rate of custom VPC.
"},{"location":"en/guide/vpc-qos/#eip-qos","title":"EIP QoS","text":"Limit the speed of EIP to 1Mbps and the priority to 1, and shared=false here means that this QoSPolicy can only be used for this EIP and support dynamically modifying QoSPolicy to change QoS rules.
The QoSPolicy configuration is as follows:
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-eip-example\nspec:\n shared: false\n bindingType: EIP\n bandwidthLimitRules:\n - name: eip-ingress\n rateMax: \"1\" # Mbps\n burstMax: \"1\" # Mbps\n priority: 1\n direction: ingress\n - name: eip-egress\n rateMax: \"1\" # Mbps\n burstMax: \"1\" # Mbps\n priority: 1\n direction: egress\n
The IptablesEIP configuration is as follows:
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-1\nspec:\n natGwDp: gw1\n qosPolicy: qos-eip-example\n
The value of .spec.qosPolicy supports being specified during creation and also supports modification after creation.
"},{"location":"en/guide/vpc-qos/#view-eips-with-qos-enabled","title":"View EIPs with QoS enabled","text":"View the corresponding EIPs that have been set up using label:
# kubectl get eip -l ovn.kubernetes.io/qos=qos-eip-example\nNAME IP MAC NAT NATGWDP READY\neip-1 172.18.11.24 00:00:00:34:41:0B fip gw1 true\n
"},{"location":"en/guide/vpc-qos/#qos-for-vpc-natgw-net1-nic","title":"QoS for VPC NATGW net1 NIC","text":"Limit the speed of the net1 NIC on VPC NATGW to 10Mbps and set the priority to 3. Here shared=true, which means that this QoSPolicy can be used by multiple resources at the same time, and does not allow the modification of the contents of the QoSPolicy in this scenario.
The QoSPolicy configuration is as follows:
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-natgw-example\nspec:\n shared: true\n bindingType: NATGW\n bandwidthLimitRules:\n - name: net1-ingress\n interface: net1\n rateMax: \"10\" # Mbps\n burstMax: \"10\" # Mbps\n priority: 3\n direction: ingress\n - name: net1-egress\n interface: net1\n rateMax: \"10\" # Mbps\n burstMax: \"10\" # Mbps\n priority: 3\n direction: egress\n
The VpcNatGateway configuration is as follows:
kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n qosPolicy: qos-natgw-example\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n
The value of .spec.qosPolicy supports both creation and subsequent modification.
"},{"location":"en/guide/vpc-qos/#qos-for-specific-traffic-on-net1-nic","title":"QoS for specific traffic on net1 NIC","text":"Limit the specific traffic on net1 NIC to 5Mbps and set the priority to 2. Here shared=true, which means that this QoSPolicy can be used by multiple resources at the same time, and does not allow the modification of the contents of the QoSPolicy in this scenario.
The QoSPolicy configuration is as follows:
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-natgw-example\nspec:\n shared: true\n bindingType: NATGW\n bandwidthLimitRules:\n - name: net1-extip-ingress\n interface: net1\n rateMax: \"5\" # Mbps\n burstMax: \"5\" # Mbps\n priority: 2\n direction: ingress\n matchType: ip\n matchValue: src 172.18.11.22/32\n - name: net1-extip-egress\n interface: net1\n rateMax: \"5\" # Mbps\n burstMax: \"5\" # Mbps\n priority: 2\n direction: egress\n matchType: ip\n matchValue: dst 172.18.11.23/32\n
The VpcNatGateway configuration is as follows:
kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n qosPolicy: qos-natgw-example\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n
"},{"location":"en/guide/vpc-qos/#view-natgws-with-qos-enabled","title":"View NATGWs with QoS enabled","text":"View the corresponding NATGWs that have been set up using label:
# kubectl get vpc-nat-gw -l ovn.kubernetes.io/qos=qos-natgw-example\nNAME VPC SUBNET LANIP\ngw1 test-vpc-1 net1 10.0.1.254\n
"},{"location":"en/guide/vpc-qos/#view-qos-rules","title":"View QoS rules","text":"# kubectl get qos -A\nNAME SHARED BINDINGTYPE\nqos-eip-example false EIP\nqos-natgw-example true NATGW\n
"},{"location":"en/guide/vpc-qos/#limitations","title":"Limitations","text":" - QoSPolicy can only be deleted when it is not in use. Therefore, before deleting the QoSPolicy, please check the EIP and NATGW that have enabled QoS, and remove their
spec.qosPolicy configuration.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/vpc/","title":"Config VPC","text":"Kube-OVN supports multi-tenant isolation level VPC networks. Different VPC networks are independent of each other and can be configured separately with Subnet CIDRs, routing policies, security policies, outbound gateways, EIP, etc.
VPC is mainly used in scenarios where there requires strong isolation of multi-tenant networks and some Kubernetes networking features conflict under multi-tenant networks. For example, node and pod access, NodePort functionality, network access-based health checks, and DNS capabilities are not supported in multi-tenant network scenarios at this time. In order to facilitate common Kubernetes usage scenarios, Kube-OVN has a special design for the default VPC where the Subnet under the VPC can meet the Kubernetes specification. The custom VPC supports static routing, EIP and NAT gateways as described in this document. Common isolation requirements can be achieved through network policies and Subnet ACLs under the default VPC, so before using a custom VPC, please make sure whether you need VPC-level isolation and understand the limitations under the custom VPC. For Underlay subnets, physical switches are responsible for data-plane forwarding, so VPCs cannot isolate Underlay subnets.
"},{"location":"en/guide/vpc/#creating-custom-vpcs","title":"Creating Custom VPCs","text":"Create two VPCs:
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n namespaces:\n - ns1\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-2\nspec:\n namespaces:\n - ns2\n
namespaces: Limit which namespaces can use this VPC. If empty, all namespaces can use this VPC.
Create two Subnets, belonging to two different VPCs and having the same CIDR:
kind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net1\nspec:\n vpc: test-vpc-1\n cidrBlock: 10.0.1.0/24\n protocol: IPv4\n namespaces:\n - ns1\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: test-vpc-2\n cidrBlock: 10.0.1.0/24\n protocol: IPv4\n namespaces:\n - ns2\n
Create Pods under two separate Namespaces:
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net1\n namespace: ns1\n name: vpc1-pod\nspec:\n containers:\n - name: vpc1-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net2\n namespace: ns2\n name: vpc2-pod\nspec:\n containers:\n - name: vpc2-pod\n image: docker.io/library/nginx:alpine\n
After running successfully, you can observe that the two Pod addresses belong to the same CIDR, but the two Pods cannot access each other because they are running on different tenant VPCs.
"},{"location":"en/guide/vpc/#custom-vpc-pod-supports-livenessprobe-and-readinessprobe","title":"Custom VPC Pod supports livenessProbe and readinessProbe","text":"Since the Pods under the custom VPC do not communicate with the network of the node, the probe packets sent by the kubelet cannot reach the Pods in the custom VPC. Kube-OVN uses TProxy to redirect the detection packets sent by kubelet to Pods in the custom VPC to achieve this function.
The configuration method is as follows, add the parameter --enable-tproxy=true in Daemonset kube-ovn-cni:
spec:\n template:\n spec:\n containers:\n - args:\n - --enable-tproxy=true\n
Restrictions for this feature:
- When Pods under different VPCs have the same IP under the same node, the detection function fails.
- Currently, only
tcpSocket and httpGet are supported.
"},{"location":"en/guide/vpc/#create-vpc-nat-gateway","title":"Create VPC NAT Gateway","text":"Subnets under custom VPCs do not support distributed gateways and centralized gateways under default VPCs.
Pod access to the external network within the VPC requires a VPC gateway, which bridges the physical and tenant networks and provides floating IP, SNAT and DNAT capabilities.
The VPC gateway function relies on Multus-CNI function, please refer to multus-cni.
"},{"location":"en/guide/vpc/#configuring-the-external-network","title":"Configuring the External Network","text":"apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: ovn-vpc-external-network\nspec:\n protocol: IPv4\n provider: ovn-vpc-external-network.kube-system\n cidrBlock: 192.168.0.0/24\n gateway: 192.168.0.1 # IP address of the physical gateway\n excludeIps:\n - 192.168.0.1..192.168.0.10\n---\napiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-vpc-external-network\n namespace: kube-system\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth1\",\n \"mode\": \"bridge\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-vpc-external-network.kube-system\"\n }\n }'\n
- This Subnet is used to manage the available external addresses and the address will be allocated to VPC NAT Gateway through Macvlan, so please communicate with your network management to give you the available physical segment IPs.
- The VPC gateway uses Macvlan for physical network configuration, and
master of NetworkAttachmentDefinition should be the NIC name of the corresponding physical network NIC. name: External network name.
For macvlan mode, the nic will send packets directly through that node NIC, relying on the underlying network devices for L2/L3 level forwarding capabilities. You need to configure the corresponding gateway, Vlan and security policy in the underlying network device in advance.
- For OpenStack VM environments, you need to turn off
PortSecurity on the corresponding network port. - For VMware vSwitch networks,
MAC Address Changes, Forged Transmits and Promiscuous Mode Operation should be set to allow. - For Hyper-V virtualization,
MAC Address Spoofing should be enabled in VM nic advanced features. - Public clouds, such as AWS, GCE, AliCloud, etc., do not support user-defined Mac, so they cannot support Macvlan mode network.
- Due to the limitations of Macvlan, the Macvlan sub-interface cannot access the parent interface address.
- If the physical network card corresponds to a switch interface in Trunk mode, a sub-interface needs to be created on the network card and provided to Macvlan for use.
"},{"location":"en/guide/vpc/#enabling-the-vpc-gateway","title":"Enabling the VPC Gateway","text":"VPC gateway functionality needs to be enabled via ovn-vpc-nat-gw-config under kube-system:
---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: ovn-vpc-nat-config\n namespace: kube-system\ndata:\n image: docker.io/kubeovn/vpc-nat-gateway:v1.12.13\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: ovn-vpc-nat-gw-config\n namespace: kube-system\ndata:\n enable-vpc-nat-gw: 'true'\n
image: The image used by the Gateway Pod.enable-vpc-nat-gw: Controls whether the VPC Gateway feature is enabled.
"},{"location":"en/guide/vpc/#create-vpc-gateway-and-set-the-default-route","title":"Create VPC Gateway and Set the Default Route","text":"kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n externalSubnets:\n - ovn-vpc-external-network\n
vpc: The VPC to which this VpcNatGateway belongs.subnet: A Subnet within the VPC, the VPC Gateway Pod will use lanIp to connect to the tenant network under that subnet.lanIp: An unused IP within the subnet that the VPC Gateway Pod will eventually use for the Pod. When configuring routing for a VPC, the nextHopIP needs to be set to the lanIp of the current VpcNatGateway.selector: The node selector for VpcNatGateway Pod has the same format as NodeSelector in Kubernetes.externalSubnets: External network used by the VPC gateway, if not configured, ovn-vpc-external-network is used by default, and only one external network is supported in the current version.
Other configurable parameters:
tolerations: Configure tolerance for the VPC gateway. For details, see Taints and Tolerationsaffinity: Configure affinity for the Pod or node of the VPC gateway. For details, see Assigning Pods to Nodes
"},{"location":"en/guide/vpc/#create-eip","title":"Create EIP","text":"EIP allows for floating IP, SNAT, and DNAT operations after assigning an IP from an external network segment to a VPC gateway.
Randomly assign an address to the EIP:
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-random\nspec:\n natGwDp: gw1\n
Fixed EIP address assignment:
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n natGwDp: gw1\n v4ip: 10.0.1.111\n
Specify the external network on which the EIP is located:
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-random\nspec:\n natGwDp: gw1\n externalSubnet: ovn-vpc-external-network\n
externalSubnet: The name of the external network on which the EIP is located. If not specified, it defaults to ovn-vpc-external-network. If specified, it must be one of the externalSubnets of the VPC gateway.
"},{"location":"en/guide/vpc/#create-dnat-rules","title":"Create DNAT Rules","text":"Through the DNAT rules, external can access to an IP and port within a VPC through an EIP and port.
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eipd01\nspec:\n natGwDp: gw1\n\n---\nkind: IptablesDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: dnat01\nspec:\n eip: eipd01 \n externalPort: '8888'\n internalIp: 10.0.1.10\n internalPort: '80'\n protocol: tcp\n
"},{"location":"en/guide/vpc/#create-snat-rules","title":"Create SNAT Rules","text":"Through SNAT rules, when a Pod in the VPC accesses an external address, it will go through the corresponding EIP for SNAT.
---\nkind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eips01\nspec:\n natGwDp: gw1\n---\nkind: IptablesSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat01\nspec:\n eip: eips01\n internalCIDR: 10.0.1.0/24\n
"},{"location":"en/guide/vpc/#create-floating-ip","title":"Create Floating IP","text":"Through floating IP rules, one IP in the VPC will be completely mapped to the EIP, and the external can access the IP in the VPC through this EIP. When the IP in the VPC accesses the external address, it will be SNAT to this EIP
---\nkind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eipf01\nspec:\n natGwDp: gw1\n\n---\nkind: IptablesFIPRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: fip01\nspec:\n eip: eipf01\n internalIp: 10.0.1.5\n
"},{"location":"en/guide/vpc/#custom-routing","title":"Custom Routing","text":"Within the custom VPC, users can customize the routing rules within the VPC and combine it with the gateway for more flexible forwarding. Kube-OVN supports static routes and more flexible policy routes.
"},{"location":"en/guide/vpc/#static-routes","title":"Static Routes","text":"kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n staticRoutes:\n - cidr: 0.0.0.0/0\n nextHopIP: 10.0.1.254\n policy: policyDst\n - cidr: 172.31.0.0/24\n nextHopIP: 10.0.1.253\n policy: policySrc\n routeTable: \"rtb1\"\n
policy: Supports destination routing policyDst and source routing policySrc.- When there are overlapping routing rules, the rule with the longer CIDR mask has higher priority, and if the mask length is the same, the destination route has a higher priority over the source route.
routeTable: You can store the route in specific table, default is main table. Associate with subnet please defer to Create Custom Subnets
"},{"location":"en/guide/vpc/#policy-routes","title":"Policy Routes","text":"Traffic matched by static routes can be controlled at a finer granularity by policy routing. Policy routing provides more precise matching rules, priority control and more forwarding actions. This feature brings the OVN internal logical router policy function directly to the outside world, for more information on its use, please refer to Logical Router Policy.
An example of policy routes:
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n policyRoutes:\n - action: drop\n match: ip4.src==10.0.1.0/24 && ip4.dst==10.0.1.250\n priority: 11\n - action: reroute\n match: ip4.src==10.0.1.0/24\n nextHopIP: 10.0.1.252\n priority: 10\n
"},{"location":"en/guide/vpc/#custom-vpc-dns","title":"Custom vpc-dns","text":"Due to the isolation between custom VPCs and default VPC networks, Pods in VPCs cannot use the default coredns service for domain name resolution. If you want to use coredns to resolve Service domain names within the custom VPC, you can use the vpc-dns resource provided by Kube-OVN.
"},{"location":"en/guide/vpc/#create-an-additional-network","title":"Create an Additional Network","text":"apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-nad\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-nad.default.ovn\"\n }'\n
"},{"location":"en/guide/vpc/#modify-the-provider-of-the-ovn-default-logical-switch","title":"Modify the Provider of the ovn-default Logical Switch","text":"Modify the provider of ovn-default to the provider ovn-nad.default.ovn configured above in nad\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: ovn-default\nspec:\n cidrBlock: 10.16.0.0/16\n default: true\n disableGatewayCheck: false\n disableInterConnection: false\n enableDHCP: false\n enableIPv6RA: false\n excludeIps:\n - 10.16.0.1\n gateway: 10.16.0.1\n gatewayType: distributed\n logicalGateway: false\n natOutgoing: true\n private: false\n protocol: IPv4\n provider: ovn-nad.default.ovn\n vpc: ovn-cluster\n
"},{"location":"en/guide/vpc/#modify-the-vpc-dns-configmap","title":"Modify the vpc-dns ConfigMap","text":"Create a ConfigMap in the kube-system namespace, configure the vpc-dns parameters to be used for the subsequent vpc-dns feature activation:
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-config\n namespace: kube-system\ndata:\n coredns-vip: 10.96.0.3\n enable-vpc-dns: \"true\"\n nad-name: ovn-nad\n nad-provider: ovn-nad.default.ovn\n
enable-vpc-dns: (optional) true to enable the feature, false to disable the feature. Default true.coredns-image: (optional): DNS deployment image. Default is the cluster coredns deployment version.coredns-template: (optional): URL of the DNS deployment template. Default: yamls/coredns-template.yaml in the current version repository.coredns-vip: VIP providing LB service for coredns.nad-name: Name of the configured network-attachment-definitions resource.nad-provider: Name of the used provider.k8s-service-host: (optional) IP used by coredns to access the k8s apiserver service.k8s-service-port: (optional) Port used by coredns to access the k8s apiserver service.
"},{"location":"en/guide/vpc/#deploying-vpc-dns-dependent-resources","title":"Deploying VPC-DNS Dependent Resources","text":"apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:vpc-dns\nrules:\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - namespaces\n verbs:\n - list\n - watch\n - apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n annotations:\n rbac.authorization.kubernetes.io/autoupdate: \"true\"\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: vpc-dns\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:vpc-dns\nsubjects:\n- kind: ServiceAccount\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-corefile\n namespace: kube-system\ndata:\n Corefile: |\n .:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n forward . /etc/resolv.conf {\n prefer_udp\n }\n cache 30\n loop\n reload\n loadbalance\n }\n
"},{"location":"en/guide/vpc/#deploy-vpc-dns","title":"Deploy vpc-dns","text":"kind: VpcDns\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-cjh1\nspec:\n vpc: cjh-vpc-1\n subnet: cjh-subnet-1\n
vpc: The VPC name used to deploy the DNS component.subnet: The subnet name used to deploy the DNS component.
View resource information:
[root@hci-dev-mst-1 kubeovn]# kubectl get vpc-dns\nNAME ACTIVE VPC SUBNET \ntest-cjh1 false cjh-vpc-1 cjh-subnet-1 \ntest-cjh2 true cjh-vpc-1 cjh-subnet-2 \n
ACTIVE: if the custom vpc-dns is ready.
"},{"location":"en/guide/vpc/#restrictions","title":"Restrictions","text":" - Only one custom DNS component will be deployed in one VPC;
- When multiple VPC-DNS resources (i.e. different subnets in the same VPC) are configured in one VPC, only one VPC-DNS resource with status
true will be active, while the others will be false; - When the
true VPC-DNS is deleted, another false VPC-DNS will be deployed.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/guide/webhook/","title":"Webhook","text":"Using Webhook, you can verify CRD resources within Kube-OVN. Currently, Webhook mainly performs fixed IP address conflict detection and Subnet CIDR conflict detection, and prompts errors when such conflicts happen.
Since Webhook intercepts all Subnet and Pod creation requests, you need to deploy Kube-OVN first and Webhook later.
"},{"location":"en/guide/webhook/#install-cert-manager","title":"Install Cert-Manager","text":"Webhook deployment requires certificate, we use cert-manager to generate the associated certificate, we need to deploy cert-manager before deploying Webhook.
You can use the following command to deploy cert-manager:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml\n
More cert-manager usage please refer to cert-manager document\u3002
"},{"location":"en/guide/webhook/#install-webhook","title":"Install Webhook","text":"Download Webhook yaml and install:
# kubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/yamls/webhook.yaml\ndeployment.apps/kube-ovn-webhook created\nservice/kube-ovn-webhook created\nvalidatingwebhookconfiguration.admissionregistration.k8s.io/kube-ovn-webhook created\ncertificate.cert-manager.io/kube-ovn-webhook-serving-cert created\nissuer.cert-manager.io/kube-ovn-webhook-selfsigned-issuer created\n
"},{"location":"en/guide/webhook/#verify-webhook-take-effect","title":"Verify Webhook Take Effect","text":"Check the running Pod and get the Pod IP 10.16.0.15:
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nstatic-7584848b74-fw9dm 1/1 Running 0 2d13h 10.16.0.15 kube-ovn-worker <none> \n
Write yaml to create a Pod with the same IP:
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\n labels:\n app: static\n managedFields:\n name: staticip-pod\n namespace: default\nspec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
When using the above yaml to create a fixed address Pod, it prompts an IP address conflict:
# kubectl apply -f pod-static.yaml\nError from server (annotation ip address 10.16.0.15 is conflict with ip crd static-7584848b74-fw9dm.default 10.16.0.15): error when creating \"pod-static.yaml\": admission webhook \"pod-ip-validaing.kube-ovn.io\" denied the request: annotation ip address 10.16.0.15 is conflict with ip crd static-7584848b74-fw9dm.default 10.16.0.15\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/change-default-subnet/","title":"Change Subnet CIDR","text":"If a subnet CIDR is created that conflicts or does not meet expectations, it can be modified by following the steps in this document.
After modifying the subnet CIDR, the previously created Pods will not be able to access the network properly and need to be rebuilt. Careful consideration is recommended before operating\u3002This document is only for business subnet CIDR changes, if you need to Change the Join subnet CIDR, please refer to Change Join CIDR.
"},{"location":"en/ops/change-default-subnet/#edit-subnet","title":"Edit Subnet","text":"Use kubectl edit to modify cidrBlock\uff0cgateway and excludeIps.
kubectl edit subnet test-subnet\n
"},{"location":"en/ops/change-default-subnet/#rebuild-all-pods-under-this-subnet","title":"Rebuild all Pods under this Subnet","text":"Take the subnet binding test Namespace as example:
for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n test --ignore-not-found\ndone\n
If only the default subnet is used, you can delete all Pods that are not in host network mode using the following command:
for ns in $(kubectl get ns --no-headers -o custom-columns=NAME:.metadata.name); do\n for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n \"$ns\" --ignore-not-found\n done\ndone\n
"},{"location":"en/ops/change-default-subnet/#change-default-subnet-settings","title":"Change Default Subnet Settings","text":"If you are modifying the CIDR for the default Subnet, you also need to change the args of the kube-ovn-controller Deployment:
args:\n- --default-cidr=10.17.0.0/16\n- --default-gateway=10.17.0.1\n- --default-exclude-ips=10.17.0.1\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/change-join-subnet/","title":"Change Join Subnet CIDR","text":"If the Join subnet CIDR created conflicts or does not meet expectations, you can use this document to modify.
After modifying the Join Subnet CIDR, the previously created Pods will not be able to access the external network normally and need to wait for the rebuild completed.
"},{"location":"en/ops/change-join-subnet/#delete-join-subnet","title":"Delete Join Subnet","text":"kubectl patch subnet join --type='json' -p '[{\"op\": \"replace\", \"path\": \"/metadata/finalizers\", \"value\": []}]'\nkubectl delete subnet join\n
"},{"location":"en/ops/change-join-subnet/#cleanup-allocated-config","title":"Cleanup Allocated Config","text":"kubectl annotate node ovn.kubernetes.io/allocated=false --all --overwrite\n
"},{"location":"en/ops/change-join-subnet/#modify-join-subnet","title":"Modify Join Subnet","text":"Change Join Subnet args in kube-ovn-controller:
kubectl edit deployment -n kube-system kube-ovn-controller\n
Change the CIDR below:
args:\n- --node-switch-cidr=100.51.0.0/16\n
Reboot the kube-ovn-controller and rebuild join Subnet:
kubectl delete pod -n kube-system -lapp=kube-ovn-controller\n
Check the new Join Subnet information:
# kubectl get subnet\nNAME PROVIDER VPC PROTOCOL CIDR PRIVATE NAT DEFAULT GATEWAYTYPE V4USED V4AVAILABLE V6USED V6AVAILABLE EXCLUDEIPS\njoin ovn ovn-cluster IPv4 100.51.0.0/16 false false false distributed 2 65531 0 0 [\"100.51.0.1\"]\novn-default ovn ovn-cluster IPv4 10.17.0.0/16 false true true distributed 5 65528 0 0 [\"10.17.0.1\"]\n
"},{"location":"en/ops/change-join-subnet/#reconfigure-ovn0-nic-address","title":"Reconfigure ovn0 NIC Address","text":"The ovn0 NIC information for each node needs to be re-updated, which can be done by restarting kube-ovn-cni:
kubectl delete pod -n kube-system -l app=kube-ovn-cni\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/change-log-level/","title":"Change Log Level","text":"Open kube-ovn.yaml and set the log level in the parameter list of the service startup script, such as:
vi kube-ovn.yaml\n# ...\n - name: kube-ovn-controller\n image: \"docker.io/kubeovn/kube-ovn:v1.12.13\"\n imagePullPolicy: IfNotPresent\n args:\n - /kube-ovn/start-controller.sh\n - --v=3\n# ...\n# The higher the log level, the more detailed the log\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/change-ovn-central-node/","title":"Replace ovn-central Node","text":"Since ovn-nb and ovn-sb within ovn-central create separate etcd-like raft clusters, replacing the ovn-central node requires additional operations to ensure correct cluster state and consistent data. It is recommended that only one node be up and down at a time to avoid the cluster going into an unavailable state and affecting the overall cluster network.
"},{"location":"en/ops/change-ovn-central-node/#ovn-central-nodes-offline","title":"ovn-central Nodes Offline","text":"This document use the cluster below to describes how to remove the kube-ovn-control-plane2 node from the ovn-central as an example.
# kubectl -n kube-system get pod -o wide | grep central\novn-central-6bf58cbc97-2cdhg 1/1 Running 0 21m 172.18.0.3 kube-ovn-control-plane <none> <none>\novn-central-6bf58cbc97-crmfp 1/1 Running 0 21m 172.18.0.5 kube-ovn-control-plane2 <none> <none>\novn-central-6bf58cbc97-lxmpl 1/1 Running 0 21m 172.18.0.4 kube-ovn-control-plane3 <none> <none>\n
"},{"location":"en/ops/change-ovn-central-node/#kick-node-in-ovn-nb","title":"Kick Node in ovn-nb","text":"First check the ID of the node within the cluster for subsequent operations.
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2135194 ms ago, reason: timeout\nLast Election won: 2135188 ms ago\nElection timer: 5000\nLog: [135, 135]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-d64b ->d64b <-4984 ->4984\nDisconnections: 0\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=135 match_index=134 last msg 1084 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=2 match_index=134\n d64b (d64b at tcp:[172.18.0.5]:6643) next_index=135 match_index=134 last msg 1084 ms ago\nstatus: ok\n
kube-ovn-control-plane2 corresponds to a node IP of 172.18.0.5 and the corresponding ID within the cluster is d64b. Next, kick the node out of the ovn-nb cluster.
# kubectl ko nb kick d64b\nstarted removal\n
Check if the node has been kicked:
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2297649 ms ago, reason: timeout\nLast Election won: 2297643 ms ago\nElection timer: 5000\nLog: [136, 136]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-4984 ->4984\nDisconnections: 2\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=136 match_index=135 last msg 1270 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=2 match_index=135\nstatus: ok\n
"},{"location":"en/ops/change-ovn-central-node/#kick-node-in-ovn-sb","title":"Kick Node in ovn-sb","text":"Next, for the ovn-sb cluster, you need to first check the ID of the node within the cluster for subsequent operations.
kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2395317 ms ago, reason: timeout\nLast Election won: 2395316 ms ago\nElection timer: 5000\nLog: [130, 130]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-e9f7 ->e9f7 <-6e84 ->6e84\nDisconnections: 0\nServers:\n e9f7 (e9f7 at tcp:[172.18.0.5]:6644) next_index=130 match_index=129 last msg 1006 ms ago\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=130 match_index=129 last msg 1004 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=2 match_index=129\nstatus: ok\n
kube-ovn-control-plane2 corresponds to node IP 172.18.0.5 and the corresponding ID within the cluster is e9f7. Next, kick the node out of the ovn-sb cluster.
# kubectl ko sb kick e9f7\nstarted removal\n
Check if the node has been kicked:
# kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2481636 ms ago, reason: timeout\nLast Election won: 2481635 ms ago\nElection timer: 5000\nLog: [131, 131]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-6e84 ->6e84\nDisconnections: 2\nServers:\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=131 match_index=130 last msg 642 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=2 match_index=130\nstatus: ok\n
"},{"location":"en/ops/change-ovn-central-node/#delete-node-label-and-downscale-ovn-central","title":"Delete Node Label and Downscale ovn-central","text":"Note that you need to remove the offline node from the node address of the ovn-central environment variable NODE_IPS.
kubectl label node kube-ovn-control-plane2 kube-ovn/role-\nkubectl scale deployment -n kube-system ovn-central --replicas=2\nkubectl set env deployment/ovn-central -n kube-system NODE_IPS=\"172.18.0.3,172.18.0.4\"\nkubectl rollout status deployment/ovn-central -n kube-system \n
"},{"location":"en/ops/change-ovn-central-node/#modify-components-address-to-ovn-central","title":"Modify Components Address to ovn-central","text":"Modify ovs-ovn to remove the offline Node address:
# kubectl set env daemonset/ovs-ovn -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4\"\ndaemonset.apps/ovs-ovn env updated\n# kubectl delete pod -n kube-system -lapp=ovs\npod \"ovs-ovn-4f6jc\" deleted\npod \"ovs-ovn-csn2w\" deleted\npod \"ovs-ovn-mpbmb\" deleted\n
Modify kube-ovn-controller to remove the offline Node address:
# kubectl set env deployment/kube-ovn-controller -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4\"\ndeployment.apps/kube-ovn-controller env updated\n\n# kubectl rollout status deployment/kube-ovn-controller -n kube-system\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 1 of 3 updated replicas are available...\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 2 of 3 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\n
"},{"location":"en/ops/change-ovn-central-node/#clean-node","title":"Clean Node","text":"Delete the database files in the kube-ovn-control-plane2 node to avoid errors when adding the node again:
rm -rf /etc/origin/ovn\n
To take a node offline from a Kubernetes cluster entirely, please continue with Delete Work Node.
"},{"location":"en/ops/change-ovn-central-node/#ovn-central-online","title":"ovn-central Online","text":"The following steps will add a new Kubernetes node to the ovn-central cluster.
"},{"location":"en/ops/change-ovn-central-node/#directory-check","title":"Directory Check","text":"Check if the ovnnb_db.db or ovnsb_db.db file exists in the /etc/origin/ovn directory of the new node, and if so, delete it:
rm -rf /etc/origin/ovn\n
"},{"location":"en/ops/change-ovn-central-node/#check-current-ovn-central-status","title":"Check Current ovn-central Status","text":"If the current ovn-central cluster state is already abnormal, adding new nodes may cause the voting election to fail to pass the majority, affecting subsequent operations.
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 44\nLeader: self\nVote: self\n\nLast Election started 1855739 ms ago, reason: timeout\nLast Election won: 1855729 ms ago\nElection timer: 5000\nLog: [147, 147]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: ->4984 <-4984\nDisconnections: 0\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=147 match_index=146 last msg 367 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=140 match_index=146\nstatus: ok\n\n# kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 33\nLeader: self\nVote: self\n\nLast Election started 1868589 ms ago, reason: timeout\nLast Election won: 1868579 ms ago\nElection timer: 5000\nLog: [142, 142]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: ->6e84 <-6e84\nDisconnections: 0\nServers:\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=142 match_index=141 last msg 728 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=134 match_index=141\nstatus: ok\n
"},{"location":"en/ops/change-ovn-central-node/#label-node-and-scale-ovn-central","title":"Label Node and Scale ovn-central","text":"Note that you need to add the online node address to the node address of the ovn-central environment variable NODE_IPS.
kubectl label node kube-ovn-control-plane2 kube-ovn/role=master\nkubectl scale deployment -n kube-system ovn-central --replicas=3\nkubectl set env deployment/ovn-central -n kube-system NODE_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\nkubectl rollout status deployment/ovn-central -n kube-system\n
"},{"location":"en/ops/change-ovn-central-node/#modify-components-address-to-ovn-central_1","title":"Modify Components Address to ovn-central","text":"Modify ovs-ovn to add the online Node address:
# kubectl set env daemonset/ovs-ovn -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\ndaemonset.apps/ovs-ovn env updated\n# kubectl delete pod -n kube-system -lapp=ovs\npod \"ovs-ovn-4f6jc\" deleted\npod \"ovs-ovn-csn2w\" deleted\npod \"ovs-ovn-mpbmb\" deleted\n
Modify kube-ovn-controller to add the online Node address:
# kubectl set env deployment/kube-ovn-controller -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\ndeployment.apps/kube-ovn-controller env updated\n\n# kubectl rollout status deployment/kube-ovn-controller -n kube-system\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 1 of 3 updated replicas are available...\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 2 of 3 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/delete-worker-node/","title":"Delete Work Node","text":"If the node is simply removed from Kubernetes, the ovn-controller process running in ovs-ovn on the node will periodically connect to ovn-central to register relevant network information. This leads to additional resource waste and potential rule conflict risk\u3002 Therefore, when removing nodes from within Kubernetes, follow the steps below to ensure that related resources are cleaned up properly.
This document describes the steps to delete a worker node, if you want to change the node where ovn-central is located, please refer to Replace ovn-central Node.
"},{"location":"en/ops/delete-worker-node/#evict-pods-on-the-node","title":"Evict Pods on the Node","text":" # kubectl drain kube-ovn-worker --ignore-daemonsets --force\n node/kube-ovn-worker cordoned\n WARNING: ignoring DaemonSet-managed Pods: kube-system/kube-ovn-cni-zt74b, kube-system/kube-ovn-pinger-5rxfs, kube-system/kube-proxy-jpmnm, kube-system/ovs-ovn-v2kll\n evicting pod kube-system/coredns-64897985d-qsgpt\n evicting pod local-path-storage/local-path-provisioner-5ddd94ff66-llss6\n evicting pod kube-system/kube-ovn-controller-8459db5ff4-94lxb\n pod/kube-ovn-controller-8459db5ff4-94lxb evicted\n pod/coredns-64897985d-qsgpt evicted\n pod/local-path-provisioner-5ddd94ff66-llss6 evicted\n node/kube-ovn-worker drained\n
"},{"location":"en/ops/delete-worker-node/#stop-kubelet-and-docker","title":"Stop kubelet and docker","text":"This step stops the ovs-ovn container to avoid registering information to ovn-central. Log into to the corresponding node and ruu the following commands:
systemctl stop kubelet\nsystemctl stop docker\n
If using containerd as the CRI, the following command needs to be executed to stop the ovs-ovn container:
crictl rm -f $(crictl ps | grep openvswitch | awk '{print $1}')\n
"},{"location":"en/ops/delete-worker-node/#cleanup-files-on-node","title":"Cleanup Files on Node","text":"rm -rf /var/run/openvswitch\nrm -rf /var/run/ovn\nrm -rf /etc/origin/openvswitch/\nrm -rf /etc/origin/ovn/\nrm -rf /etc/cni/net.d/00-kube-ovn.conflist\nrm -rf /etc/cni/net.d/01-kube-ovn.conflist\nrm -rf /var/log/openvswitch\nrm -rf /var/log/ovn\n
"},{"location":"en/ops/delete-worker-node/#delete-the-node","title":"Delete the Node","text":"kubectl delete no kube-ovn-01\n
"},{"location":"en/ops/delete-worker-node/#check-if-node-removed-from-ovn-sb","title":"Check If Node Removed from OVN-SB","text":"In the example below, the node kube-ovn-worker is not removed:
# kubectl ko sbctl show\nChassis \"b0564934-5a0d-4804-a4c0-476c93596a17\"\n hostname: kube-ovn-worker\n Encap geneve\n ip: \"172.18.0.2\"\n options: {csum=\"true\"}\n Port_Binding kube-ovn-pinger-5rxfs.kube-system\nChassis \"6a29de7e-d731-4eaf-bacd-2f239ee52b28\"\n hostname: kube-ovn-control-plane\n Encap geneve\n ip: \"172.18.0.3\"\n options: {csum=\"true\"}\n Port_Binding coredns-64897985d-nbfln.kube-system\n Port_Binding node-kube-ovn-control-plane\n Port_Binding local-path-provisioner-5ddd94ff66-h4tn9.local-path-storage\n Port_Binding kube-ovn-pinger-hf2p6.kube-system\n Port_Binding coredns-64897985d-fhwlw.kube-system\n
"},{"location":"en/ops/delete-worker-node/#delete-the-chassis-manually","title":"Delete the Chassis Manually","text":"Use the uuid find above to delete the chassis:
# kubectl ko sbctl chassis-del b0564934-5a0d-4804-a4c0-476c93596a17\n# kubectl ko sbctl show\nChassis \"6a29de7e-d731-4eaf-bacd-2f239ee52b28\"\n hostname: kube-ovn-control-plane\n Encap geneve\n ip: \"172.18.0.3\"\n options: {csum=\"true\"}\n Port_Binding coredns-64897985d-nbfln.kube-system\n Port_Binding node-kube-ovn-control-plane\n Port_Binding local-path-provisioner-5ddd94ff66-h4tn9.local-path-storage\n Port_Binding kube-ovn-pinger-hf2p6.kube-system\n Port_Binding coredns-64897985d-fhwlw.kube-system\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/faq/","title":"FAQ","text":""},{"location":"en/ops/faq/#kylin-arm-system-cross-host-container-access-intermittently-fails","title":"Kylin ARM system cross-host container access intermittently fails","text":""},{"location":"en/ops/faq/#behavior","title":"Behavior","text":"There is a problem with Kylin ARM system and some NIC offload, which can cause intermittent container network failure.
Use netstat to identify the problem:
# netstat -us\nIcmpMsg:\n InType0: 22\n InType3: 24\n InType8: 117852\n OutType0: 117852\n OutType3: 29\n OutType8: 22\nUdp:\n 3040636 packets received\n 0 packets to unknown port received.\n 4 packet receive errors\n 602 packets sent\n 0 receive buffer errors\n 0 send buffer errors\n InCsumErrors: 4\nUdpLite:\nIpExt:\n InBcastPkts: 10244\n InOctets: 4446320361\n OutOctets: 1496815600\n InBcastOctets: 3095950\n InNoECTPkts: 7683903\n
If InCsumErrors is present and increases with netwoork failures, you can confirm that this is the problem.
"},{"location":"en/ops/faq/#solution","title":"Solution","text":"The fundamental solution requires communication with Kylin and the corresponding network card manufacturer to update the system and drivers. A temporary solution would be to turn off tx offload on the physical NIC, but this would cause a significant degradation in tcp performance.
ethtool -K eth0 tx off\n
From the community feedback, the problem can be solved by the 4.19.90-25.16.v2101 kernel.
"},{"location":"en/ops/faq/#pod-can-not-access-service","title":"Pod can not Access Service","text":""},{"location":"en/ops/faq/#behavior_1","title":"Behavior","text":"Pod can not access Service, and dmesg show errors:
netlink\uff1aUnknown conntrack attr (type=6, max=5)\nopenvswitch: netlink: Flow actions may not be safe on all matching packets.\n
This log indicates that the in-kernel OVS version is too low to support the corresponding NAT operation.
"},{"location":"en/ops/faq/#solution_1","title":"Solution","text":" - Upgrade the kernel module or compile the OVS kernel module manually.
- If you are using an Overlay network you can change the
kube-ovn-controller args, setting --enable-lb=false to disable the OVN LB to use kube-proxy for service forwarding.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/from-calico/","title":"Install Kube-OVN From Calico","text":"If a Kubernetes cluster already has Calico installed and needs to change to Kube-OVN you can refer to this document.
Since the installation of Calico may vary from version to version and the existing Pod network may be disrupted during the replacement process, it is recommended that you plan ahead and compare the differences in Calico installation from version to version.
"},{"location":"en/ops/from-calico/#uninstall-calico","title":"Uninstall Calico","text":"For Calico installed from an Operator:
kubectl delete -f https://projectcalico.docs.tigera.io/manifests/tigera-operator.yaml\nkubectl delete -f https://projectcalico.docs.tigera.io/manifests/custom-resources.yaml\n
For Calico installed from manifests:
kubectl delete -f https://projectcalico.docs.tigera.io/manifests/calico.yaml \n
"},{"location":"en/ops/from-calico/#cleanup-config-files","title":"Cleanup Config Files","text":"Delete the CNI-related configuration files on each machine, depending on the environment:
rm -f /etc/cni/net.d/10-calico.conflist\nrm -f /etc/cni/net.d/calico-kubeconfig\n
Calico still leaves routing rules, iptables rules, veth network interfaces and other configuration information on the node, so it is recommended to reboot the node to clean up the relevant configuration to avoid problems that are difficult to troubleshoot.
"},{"location":"en/ops/from-calico/#install-kube-ovn","title":"Install Kube-OVN","text":"You can refer to One Click Installation to install Kube-OVN as usual.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/kubectl-ko/","title":"Kubectl Plugin","text":"To facilitate daily operations and maintenance, Kube-OVN provides the kubectl plug-in tool, which allows administrators to perform daily operations through this command. For examples: Check OVN database information and status, OVN database backup and restore, OVS related information, tcpdump specific containers, specific link logical topology, network problem diagnosis and performance optimization.
"},{"location":"en/ops/kubectl-ko/#plugin-installation","title":"Plugin Installation","text":"Kube-OVN installation will deploy the plugin to each node by default. If the machine that runs kubectl is not in the cluster, or if you need to reinstall the plugin, please refer to the following steps:
Download kubectl-ko file:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/kubectl-ko\n
Move file to $PATH:
mv kubectl-ko /usr/local/bin/kubectl-ko\n
Add executable permissions:
chmod +x /usr/local/bin/kubectl-ko\n
Check if the plugin works properly:
# kubectl plugin list\nThe following compatible plugins are available:\n\n/usr/local/bin/kubectl-ko\n
"},{"location":"en/ops/kubectl-ko/#plugin-usage","title":"Plugin Usage","text":"Running kubectl ko will show all the available commands and usage descriptions, as follows:
# kubectl ko\nkubectl ko {subcommand} [option...]\nAvailable Subcommands:\n [nb|sb] [status|kick|backup|dbstatus|restore] ovn-db operations show cluster status, kick stale server, backup database, get db consistency status or restore ovn nb db when met 'inconsistent data' error\n nbctl [ovn-nbctl options ...] invoke ovn-nbctl\n sbctl [ovn-sbctl options ...] invoke ovn-sbctl\n vsctl {nodeName} [ovs-vsctl options ...] invoke ovs-vsctl on the specified node\n ofctl {nodeName} [ovs-ofctl options ...] invoke ovs-ofctl on the specified node\n dpctl {nodeName} [ovs-dpctl options ...] invoke ovs-dpctl on the specified node\n appctl {nodeName} [ovs-appctl options ...] invoke ovs-appctl on the specified node\n tcpdump {namespace/podname} [tcpdump options ...] capture pod traffic\n {trace|ovn-trace} ... trace ovn microflow of specific packet\"\n {trace|ovn-trace} {namespace/podname} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port] trace ICMP/TCP/UDP\n {trace|ovn-trace} {namespace/podname} {target ip address} [target mac address] arp {request|reply} trace ARP request/reply\n {trace|ovn-trace} {node//nodename} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port] trace ICMP/TCP/UDP\n {trace|ovn-trace} {node//nodename} {target ip address} [target mac address] arp {request|reply} trace ARP request/reply\n echo \" diagnose {all|node|subnet|IPPorts} [nodename|subnetName|{proto1}-{IP1}-{Port1},{proto2}-{IP2}-{Port2}] diagnose connectivity of all nodes or a specific node or specify subnet's ds pod or IPPorts like 'tcp-172.18.0.2-53,udp-172.18.0.3-53'\"\n tuning {install-fastpath|local-install-fastpath|remove-fastpath|install-stt|local-install-stt|remove-stt} {centos7|centos8}} [kernel-devel-version] deploy kernel optimisation components to the system\n reload restart all kube-ovn components\n log {kube-ovn|ovn|ovs|linux|all} save log to ./kubectl-ko-log/\n perf [image] performance test default image is kubeovn/test:v1.12.0 \n
The specific functions and usage of each command are described below.
"},{"location":"en/ops/kubectl-ko/#nb-sb-status-kick-backup-dbstatus-restore","title":"[nb | sb] [status | kick | backup | dbstatus | restore]","text":"This subcommand mainly operates on OVN northbound or southbound databases, including database cluster status check, database node offline, database backup, database storage status check and database repair.
"},{"location":"en/ops/kubectl-ko/#db-cluster-status-check","title":"DB Cluster Status Check","text":"This command executes ovs-appctl cluster/status on the leader node of the corresponding OVN database to show the cluster status:
# kubectl ko nb status\n306b\nName: OVN_Northbound\nCluster ID: 9a87 (9a872522-3e7d-47ca-83a3-d74333e1a7ca)\nServer ID: 306b (306b256b-b5e1-4eb0-be91-4ca96adf6bad)\nAddress: tcp:[172.18.0.2]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 280309 ms ago, reason: timeout\nLast Election won: 280309 ms ago\nElection timer: 5000\nLog: [139, 139]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-8723 ->8723 <-85d6 ->85d6\nDisconnections: 0\nServers:\n 85d6 (85d6 at tcp:[172.18.0.4]:6643) next_index=139 match_index=138 last msg 763 ms ago\n 8723 (8723 at tcp:[172.18.0.3]:6643) next_index=139 match_index=138 last msg 763 ms ago\n 306b (306b at tcp:[172.18.0.2]:6643) (self) next_index=2 match_index=138\nstatus: ok\n
If the match_index under Server has a large difference and the last msg time is long, the corresponding Server may not respond for a long time and needs to be checked further.
"},{"location":"en/ops/kubectl-ko/#db-nodes-offline","title":"DB Nodes Offline","text":"This command removes a node from the OVN database and is required when a node is taken offline or replaced. The following is an example of the cluster status from the previous command, to offline the 172.18.0.3 node:
# kubectl ko nb kick 8723\nstarted removal\n
Check the database cluster status again to confirm that the node has been removed:
# kubectl ko nb status\n306b\nName: OVN_Northbound\nCluster ID: 9a87 (9a872522-3e7d-47ca-83a3-d74333e1a7ca)\nServer ID: 306b (306b256b-b5e1-4eb0-be91-4ca96adf6bad)\nAddress: tcp:[172.18.0.2]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 324356 ms ago, reason: timeout\nLast Election won: 324356 ms ago\nElection timer: 5000\nLog: [140, 140]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-85d6 ->85d6\nDisconnections: 2\nServers:\n 85d6 (85d6 at tcp:[172.18.0.4]:6643) next_index=140 match_index=139 last msg 848 ms ago\n 306b (306b at tcp:[172.18.0.2]:6643) (self) next_index=2 match_index=139\nstatus: ok\n
"},{"location":"en/ops/kubectl-ko/#db-backup","title":"DB Backup","text":"This subcommand backs up the current OVN database locally and can be used for disaster recovery:
# kubectl ko nb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnnb_db.060223191654183154.backup\n
"},{"location":"en/ops/kubectl-ko/#database-storage-status-check","title":"Database Storage Status Check","text":"This command is used to check if the database file is corrupt:
# kubectl ko nb dbstatus\nstatus: ok\n
If error happens, inconsistent data is displayed and needs to be fixed with the following command.
"},{"location":"en/ops/kubectl-ko/#database-repair","title":"Database Repair","text":"If the database status goes to inconsistent data, this command can be used to repair:
# kubectl ko nb restore\ndeployment.apps/ovn-central scaled\novn-central original replicas is 3\nfirst nodeIP is 172.18.0.5\novs-ovn pod on node 172.18.0.5 is ovs-ovn-8jxv9\novs-ovn pod on node 172.18.0.3 is ovs-ovn-sjzb6\novs-ovn pod on node 172.18.0.4 is ovs-ovn-t87zk\nbackup nb db file\nrestore nb db file, operate in pod ovs-ovn-8jxv9\ndeployment.apps/ovn-central scaled\nfinish restore nb db file and ovn-central replicas\nrecreate ovs-ovn pods\npod \"ovs-ovn-8jxv9\" deleted\npod \"ovs-ovn-sjzb6\" deleted\npod \"ovs-ovn-t87zk\" deleted\n
"},{"location":"en/ops/kubectl-ko/#nbctl-sbctl-options","title":"[nbctl | sbctl] [options ...]","text":"This subcommand executes the ovn-nbctl and ovn-sbctl commands directly into the leader node of the OVN northbound or southbound database. For more detailed usage of this command, please refer to the official documentation of the upstream OVN ovn-nbctl(8) \u200b\u548c\u200b ovn-sbctl(8)\u3002
# kubectl ko nbctl show\nswitch c7cd17e8-ceee-4a91-9bb3-e5a313fe1ece (snat)\n port snat-ovn-cluster\n type: router\n router-port: ovn-cluster-snat\nswitch 20e0c6d0-023a-4756-aec5-200e0c60f95d (join)\n port node-liumengxin-ovn3-192.168.137.178\n addresses: [\"00:00:00:64:FF:A8 100.64.0.4\"]\n port node-liumengxin-ovn1-192.168.137.176\n addresses: [\"00:00:00:AF:98:62 100.64.0.2\"]\n port node-liumengxin-ovn2-192.168.137.177\n addresses: [\"00:00:00:D9:58:B8 100.64.0.3\"]\n port join-ovn-cluster\n type: router\n router-port: ovn-cluster-join\nswitch 0191705c-f827-427b-9de3-3c3b7d971ba5 (central)\n port central-ovn-cluster\n type: router\n router-port: ovn-cluster-central\nswitch 2a45ff05-388d-4f85-9daf-e6fccd5833dc (ovn-default)\n port alertmanager-main-0.monitoring\n addresses: [\"00:00:00:6C:DF:A3 10.16.0.19\"]\n port kube-state-metrics-5d6885d89-4nf8h.monitoring\n addresses: [\"00:00:00:6F:02:1C 10.16.0.15\"]\n port fake-kubelet-67c55dfd89-pv86k.kube-system\n addresses: [\"00:00:00:5C:12:E8 10.16.19.177\"]\n port ovn-default-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-default\nrouter 212f73dd-d63d-4d72-864b-a537e9afbee1 (ovn-cluster)\n port ovn-cluster-snat\n mac: \"00:00:00:7A:82:8F\"\n networks: [\"172.22.0.1/16\"]\n port ovn-cluster-join\n mac: \"00:00:00:F8:18:5A\"\n networks: [\"100.64.0.1/16\"]\n port ovn-cluster-central\n mac: \"00:00:00:4D:8C:F5\"\n networks: [\"192.101.0.1/16\"]\n port ovn-cluster-ovn-default\n mac: \"00:00:00:A3:F8:18\"\n networks: [\"10.16.0.1/16\"]\n
"},{"location":"en/ops/kubectl-ko/#vsctl-nodename-options","title":"vsctl {nodeName} [options ...]","text":"This command will go to the ovs-ovn container on the corresponding nodeName and execute the corresponding ovs-vsctl command to query and configure vswitchd. For more detailed usage of this command, please refer to the official documentation of the upstream OVS ovs-vsctl(8)\u3002
# kubectl ko vsctl kube-ovn-01 show\n0d4c4675-c9cc-440a-8c1a-878e17f81b88\n Bridge br-int\n fail_mode: secure\n datapath_type: system\n Port a2c1a8a8b83a_h\n Interface a2c1a8a8b83a_h\n Port \"4fa5c4cbb1a5_h\"\n Interface \"4fa5c4cbb1a5_h\"\n Port ovn-eef07d-0\n Interface ovn-eef07d-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.178\"}\n Port ovn0\n Interface ovn0\n type: internal\n Port mirror0\n Interface mirror0\n type: internal\n Port ovn-efa253-0\n Interface ovn-efa253-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.177\"}\n Port br-int\n Interface br-int\n type: internal\n ovs_version: \"2.17.2\"\n
"},{"location":"en/ops/kubectl-ko/#ofctl-nodename-options","title":"ofctl {nodeName} [options ...]","text":"This command will go to the ovs-ovn container on the corresponding nodeName and execute the corresponding ovs-ofctl command to query or manage OpenFlow. For more detailed usage of this command, please refer to the official documentation of the upstream OVS ovs-ofctl(8)\u3002
# kubectl ko ofctl kube-ovn-01 dump-flows br-int\nNXST_FLOW reply (xid=0x4): flags=[more]\n cookie=0xcf3429e6, duration=671791.432s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=100,in_port=2 actions=load:0x4->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x1->NXM_NX_REG14[],resubmit(,8)\n cookie=0xc91413c6, duration=671791.431s, table=0, n_packets=907489, n_bytes=99978275, idle_age=0, hard_age=65534, priority=100,in_port=7 actions=load:0x1->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x4->NXM_NX_REG14[],resubmit(,8)\n cookie=0xf180459, duration=671791.431s, table=0, n_packets=17348582, n_bytes=2667811214, idle_age=0, hard_age=65534, priority=100,in_port=6317 actions=load:0xa->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x9->NXM_NX_REG14[],resubmit(,8)\n cookie=0x7806dd90, duration=671791.431s, table=0, n_packets=3235428, n_bytes=833821312, idle_age=0, hard_age=65534, priority=100,in_port=1 actions=load:0xd->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x3->NXM_NX_REG14[],resubmit(,8)\n...\n
"},{"location":"en/ops/kubectl-ko/#dpctl-nodename-options","title":"dpctl {nodeName} [options ...]","text":"This command will go to the ovs-ovn container on the corresponding nodeName and execute the corresponding ovs-dpctl command to query or manage the OVS datapath. For more detailed usage of this command, please refer to the official documentation of the upstream OVS ovs-dpctl(8)\u3002
# kubectl ko dpctl kube-ovn-01 show\nsystem@ovs-system:\n lookups: hit:350805055 missed:21983648 lost:73\n flows: 105\n masks: hit:1970748791 total:22 hit/pkt:5.29\n port 0: ovs-system (internal)\n port 1: ovn0 (internal)\n port 2: mirror0 (internal)\n port 3: br-int (internal)\n port 4: stt_sys_7471 (stt: packet_type=ptap)\n port 5: eeb4d9e51b5d_h\n port 6: a2c1a8a8b83a_h\n port 7: 4fa5c4cbb1a5_h\n
"},{"location":"en/ops/kubectl-ko/#appctl-nodename-options","title":"appctl {nodeName} [options ...]","text":"This command will enter the ovs-ovn container on the corresponding nodeName and execute the corresponding ovs-appctl command to operate the associated daemon process. For more detailed usage of this command, please refer to the official documentation of the upstream OVS ovs-appctl(8)\u3002
# kubectl ko appctl kube-ovn-01 vlog/list\n console syslog file\n ------- ------ ------\nbacktrace OFF ERR INFO\nbfd OFF ERR INFO\nbond OFF ERR INFO\nbridge OFF ERR INFO\nbundle OFF ERR INFO\nbundles OFF ERR INFO\n...\n
"},{"location":"en/ops/kubectl-ko/#tcpdump-namespacepodname-tcpdump-options","title":"tcpdump {namespace/podname} [tcpdump options ...]","text":"This command will enter the kube-ovn-cni container on the machine where namespace/podname is located, and run tcpdump to capture the traffic on the veth NIC of the corresponding container, which can be used to troubleshoot network-related problems.
# kubectl ko tcpdump default/ds1-l6n7p icmp\n+ kubectl exec -it kube-ovn-cni-wlg4s -n kube-ovn -- tcpdump -nn -i d7176fe7b4e0_h icmp\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\nlistening on d7176fe7b4e0_h, link-type EN10MB (Ethernet), capture size 262144 bytes\n06:52:36.619688 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 1, length 64\n06:52:36.619746 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 1, length 64\n06:52:37.619588 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 2, length 64\n06:52:37.619630 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 2, length 64\n06:52:38.619933 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 3, length 64\n06:52:38.619973 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 3, length 64\n
"},{"location":"en/ops/kubectl-ko/#trace-arguments","title":"trace [arguments ...]","text":"This command will print the OVN logical flow table and the final Openflow flow table when the Pod/node accesses an address through a specific protocol, so that it make locate flow table related problems during development or troubleshooting much easy.
Supported commands:
kubectl ko trace {namespace/podname} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]\nkubectl ko trace {namespace/podname} {target ip address} [target mac address] arp {request|reply}\nkubectl ko trace {node//nodename} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]\nkubectl ko trace {node//nodename} {target ip address} [target mac address] arp {request|reply}\n
Example:
# kubectl ko trace default/ds1-l6n7p 8.8.8.8 icmp\n+ kubectl exec ovn-central-5bc494cb5-np9hm -n kube-ovn -- ovn-trace --ct=new ovn-default 'inport == \"ds1-l6n7p.default\" && ip.ttl == 64 && icmp && eth.src == 0a:00:00:10:00:05 && ip4.src == 10.16.0.4 && eth.dst == 00:00:00:B8:CA:43 && ip4.dst == 8.8.8.8'\n# icmp,reg14=0xf,vlan_tci=0x0000,dl_src=0a:00:00:10:00:05,dl_dst=00:00:00:b8:ca:43,nw_src=10.16.0.4,nw_dst=8.8.8.8,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=0,icmp_code=0\n\ningress(dp=\"ovn-default\", inport=\"ds1-l6n7p.default\")\n-----------------------------------------------------\n 0. ls_in_port_sec_l2 (ovn-northd.c:4143): inport == \"ds1-l6n7p.default\" && eth.src == {0a:00:00:10:00:05}, priority 50, uuid 39453393\n next;\n 1. ls_in_port_sec_ip (ovn-northd.c:2898): inport == \"ds1-l6n7p.default\" && eth.src == 0a:00:00:10:00:05 && ip4.src == {10.16.0.4}, priority 90, uuid 81bcd485\n next;\n 3. ls_in_pre_acl (ovn-northd.c:3269): ip, priority 100, uuid 7b4f4971\n reg0[0] = 1;\n next;\n 5. ls_in_pre_stateful (ovn-northd.c:3396): reg0[0] == 1, priority 100, uuid 36cdd577\n ct_next;\n\nct_next(ct_state=new|trk)\n-------------------------\n 6. ls_in_acl (ovn-northd.c:3759): ip && (!ct.est || (ct.est && ct_label.blocked == 1)), priority 1, uuid 7608af5b\n reg0[1] = 1;\n next;\n10. ls_in_stateful (ovn-northd.c:3995): reg0[1] == 1, priority 100, uuid 2aba1b90\n ct_commit(ct_label=0/0x1);\n next;\n16. ls_in_l2_lkup (ovn-northd.c:4470): eth.dst == 00:00:00:b8:ca:43, priority 50, uuid 5c9c3c9f\n outport = \"ovn-default-ovn-cluster\";\n output;\n\n...\n
If the trace object is a virtual machine running in Underlay network, additional parameters is needed to specify the destination Mac address.
kubectl ko trace default/virt-handler-7lvml 8.8.8.8 82:7c:9f:83:8c:01 icmp\n
"},{"location":"en/ops/kubectl-ko/#diagnose-allnodesubnetipports-nodenamesubnetnameproto1-ip1-port1proto2-ip2-port2","title":"diagnose {all|node|subnet|IPPorts} [nodename|subnetName|{proto1}-{IP1}-{Port1},{proto2}-{IP2}-{Port2}]","text":"Diagnose the status of cluster network components and go to the corresponding node's kube-ovn-pinger to detect connectivity and network latency from the current node to other nodes and critical services.
# kubectl ko diagnose all\nswitch c7cd17e8-ceee-4a91-9bb3-e5a313fe1ece (snat)\n port snat-ovn-cluster\n type: router\n router-port: ovn-cluster-snat\nswitch 20e0c6d0-023a-4756-aec5-200e0c60f95d (join)\n port node-liumengxin-ovn3-192.168.137.178\n addresses: [\"00:00:00:64:FF:A8 100.64.0.4\"]\n port node-liumengxin-ovn1-192.168.137.176\n addresses: [\"00:00:00:AF:98:62 100.64.0.2\"]\n port join-ovn-cluster\n type: router\n router-port: ovn-cluster-join\nswitch 0191705c-f827-427b-9de3-3c3b7d971ba5 (central)\n port central-ovn-cluster\n type: router\n router-port: ovn-cluster-central\nswitch 2a45ff05-388d-4f85-9daf-e6fccd5833dc (ovn-default)\n port ovn-default-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-default\n port prometheus-k8s-1.monitoring\n addresses: [\"00:00:00:AA:37:DF 10.16.0.23\"]\nrouter 212f73dd-d63d-4d72-864b-a537e9afbee1 (ovn-cluster)\n port ovn-cluster-snat\n mac: \"00:00:00:7A:82:8F\"\n networks: [\"172.22.0.1/16\"]\n port ovn-cluster-join\n mac: \"00:00:00:F8:18:5A\"\n networks: [\"100.64.0.1/16\"]\n port ovn-cluster-central\n mac: \"00:00:00:4D:8C:F5\"\n networks: [\"192.101.0.1/16\"]\n port ovn-cluster-ovn-default\n mac: \"00:00:00:A3:F8:18\"\n networks: [\"10.16.0.1/16\"]\nRouting Policies\n 31000 ip4.dst == 10.16.0.0/16 allow\n 31000 ip4.dst == 100.64.0.0/16 allow\n 30000 ip4.dst == 192.168.137.177 reroute 100.64.0.3\n 30000 ip4.dst == 192.168.137.178 reroute 100.64.0.4\n 29000 ip4.src == $ovn.default.fake.6_ip4 reroute 100.64.0.22\n 29000 ip4.src == $ovn.default.fake.7_ip4 reroute 100.64.0.21\n 29000 ip4.src == $ovn.default.fake.8_ip4 reroute 100.64.0.23\n 29000 ip4.src == $ovn.default.liumengxin.ovn3.192.168.137.178_ip4 reroute 100.64.0.4\n 20000 ip4.src == $ovn.default.liumengxin.ovn1.192.168.137.176_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.2\n 20000 ip4.src == $ovn.default.liumengxin.ovn2.192.168.137.177_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.3\n 20000 ip4.src == $ovn.default.liumengxin.ovn3.192.168.137.178_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.4\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 100.64.0.1 dst-ip\nUUID LB PROTO VIP IPs\ne9bcfd9d-793e-4431-9073-6dec96b75d71 cluster-tcp-load tcp 10.100.209.132:10660 192.168.137.176:10660\n tcp 10.101.239.192:6641 192.168.137.177:6641\n tcp 10.101.240.101:3000 10.16.0.7:3000\n tcp 10.103.184.186:6642 192.168.137.177:6642\n35d2b7a5-e3a7-485a-a4b7-b4970eb0e63b cluster-tcp-sess tcp 10.100.158.128:8080 10.16.0.10:8080,10.16.0.5:8080,10.16.63.30:8080\n tcp 10.107.26.215:8080 10.16.0.19:8080,10.16.0.20:8080,10.16.0.21:8080\n tcp 10.107.26.215:9093 10.16.0.19:9093,10.16.0.20:9093,10.16.0.21:9093\n tcp 10.98.187.99:8080 10.16.0.22:8080,10.16.0.23:8080\n tcp 10.98.187.99:9090 10.16.0.22:9090,10.16.0.23:9090\nf43303e4-89aa-4d3e-a3dc-278a552fe27b cluster-udp-load udp 10.96.0.10:53 10.16.0.4:53,10.16.0.9:53\n_uuid : 06776304-5a96-43ed-90c4-c4854c251699\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn2_192.168.137.177_underlay_v6\n\n_uuid : 62690625-87d5-491c-8675-9fd83b1f433c\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn1_192.168.137.176_underlay_v6\n\n_uuid : b03a9bae-94d5-4562-b34c-b5f6198e180b\naddresses : [\"10.16.0.0/16\", \"100.64.0.0/16\", \"172.22.0.0/16\", \"192.101.0.0/16\"]\nexternal_ids : {vendor=kube-ovn}\nname : ovn.cluster.overlay.subnets.IPv4\n\n_uuid : e1056f3a-24cc-4666-8a91-75ee6c3c2426\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : ovn.cluster.overlay.subnets.IPv6\n\n_uuid : 3e5d5fff-e670-47b2-a2f5-a39f4698a8c5\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn3_192.168.137.178_underlay_v6\n_uuid : 2d85dbdc-d0db-4abe-b19e-cc806d32b492\naction : drop\ndirection : from-lport\nexternal_ids : {}\nlabel : 0\nlog : false\nmatch : \"inport==@ovn.sg.kubeovn_deny_all && ip\"\nmeter : []\nname : []\noptions : {}\npriority : 2003\nseverity : []\n\n_uuid : de790cc8-f155-405f-bb32-5a51f30c545f\naction : drop\ndirection : to-lport\nexternal_ids : {}\nlabel : 0\nlog : false\nmatch : \"outport==@ovn.sg.kubeovn_deny_all && ip\"\nmeter : []\nname : []\noptions : {}\npriority : 2003\nseverity : []\nChassis \"e15ed4d4-1780-4d50-b09e-ea8372ed48b8\"\n hostname: liumengxin-ovn1-192.168.137.176\n Encap stt\n ip: \"192.168.137.176\"\n options: {csum=\"true\"}\n Port_Binding node-liumengxin-ovn1-192.168.137.176\n Port_Binding perf-6vxkn.default\n Port_Binding kube-state-metrics-5d6885d89-4nf8h.monitoring\n Port_Binding alertmanager-main-0.monitoring\n Port_Binding kube-ovn-pinger-6ftdf.kube-system\n Port_Binding fake-kubelet-67c55dfd89-pv86k.kube-system\n Port_Binding prometheus-k8s-0.monitoring\nChassis \"eef07da1-f8ad-4775-b14d-bd6a3b4eb0d5\"\n hostname: liumengxin-ovn3-192.168.137.178\n Encap stt\n ip: \"192.168.137.178\"\n options: {csum=\"true\"}\n Port_Binding kube-ovn-pinger-7twb4.kube-system\n Port_Binding prometheus-adapter-86df476d87-rl88g.monitoring\n Port_Binding prometheus-k8s-1.monitoring\n Port_Binding node-liumengxin-ovn3-192.168.137.178\n Port_Binding perf-ff475.default\n Port_Binding alertmanager-main-1.monitoring\n Port_Binding blackbox-exporter-676d976865-tvsjd.monitoring\nChassis \"efa253c9-494d-4719-83ae-b48ab0f11c03\"\n hostname: liumengxin-ovn2-192.168.137.177\n Encap stt\n ip: \"192.168.137.177\"\n options: {csum=\"true\"}\n Port_Binding grafana-6c4c6b8fb7-pzd2c.monitoring\n Port_Binding node-liumengxin-ovn2-192.168.137.177\n Port_Binding alertmanager-main-2.monitoring\n Port_Binding coredns-6789c94dd8-9jqsz.kube-system\n Port_Binding coredns-6789c94dd8-25d4r.kube-system\n Port_Binding prometheus-operator-7bbc99fc8b-wgjm4.monitoring\n Port_Binding prometheus-adapter-86df476d87-gdxmc.monitoring\n Port_Binding perf-fjnws.default\n Port_Binding kube-ovn-pinger-vh2xg.kube-system\nds kube-proxy ready\nkube-proxy ready\ndeployment ovn-central ready\ndeployment kube-ovn-controller ready\nds kube-ovn-cni ready\nds ovs-ovn ready\ndeployment coredns ready\novn-nb leader check ok\novn-sb leader check ok\novn-northd leader check ok\n### kube-ovn-controller recent log\n\n### start to diagnose node liumengxin-ovn1-192.168.137.176\n#### ovn-controller log:\n2022-06-03T00:56:44.897Z|16722|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:06:44.912Z|16723|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:16:44.925Z|16724|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:26:44.936Z|16725|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:36:44.959Z|16726|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:46:44.974Z|16727|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:56:44.988Z|16728|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:06:45.001Z|16729|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:16:45.025Z|16730|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:26:45.040Z|16731|inc_proc_eng|INFO|User triggered force recompute.\n\n#### ovs-vswitchd log:\n2022-06-02T23:03:00.137Z|00079|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:f9d1\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-02T23:23:31.840Z|00080|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:15b2\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T00:09:15.659Z|00081|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:dc:e3:63,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.63.30,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:e5a5\n with metadata skb_priority(0),tunnel(tun_id=0x150017000004,src=192.168.137.178,dst=192.168.137.176,ttl=64,tp_src=9239,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.63.30,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T00:30:13.409Z|00064|dpif(handler2)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:6b4a\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T02:02:33.832Z|00082|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:a819\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n\n#### ovs-vsctl show results:\n0d4c4675-c9cc-440a-8c1a-878e17f81b88\n Bridge br-int\n fail_mode: secure\n datapath_type: system\n Port a2c1a8a8b83a_h\n Interface a2c1a8a8b83a_h\n Port \"4fa5c4cbb1a5_h\"\n Interface \"4fa5c4cbb1a5_h\"\n Port ovn-eef07d-0\n Interface ovn-eef07d-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.178\"}\n Port ovn0\n Interface ovn0\n type: internal\n Port \"04d03360e9a0_h\"\n Interface \"04d03360e9a0_h\"\n Port eeb4d9e51b5d_h\n Interface eeb4d9e51b5d_h\n Port mirror0\n Interface mirror0\n type: internal\n Port \"8e5d887ccd80_h\"\n Interface \"8e5d887ccd80_h\"\n Port ovn-efa253-0\n Interface ovn-efa253-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.177\"}\n Port \"17512d5be1f1_h\"\n Interface \"17512d5be1f1_h\"\n Port br-int\n Interface br-int\n type: internal\n ovs_version: \"2.17.2\"\n\n#### pinger diagnose results:\nI0603 10:35:04.349404 17619 pinger.go:19]\n-------------------------------------------------------------------------------\nKube-OVN:\n Version: v1.12.13\n Build: 2022-04-24_08:02:50\n Commit: git-73f9d15\n Go Version: go1.17.8\n Arch: amd64\n-------------------------------------------------------------------------------\nI0603 10:35:04.376797 17619 config.go:166] pinger config is &{KubeConfigFile: KubeClient:0xc000493380 Port:8080 DaemonSetNamespace:kube-system DaemonSetName:kube-ovn-pinger Interval:5 Mode:job ExitCode:0 InternalDNS:kubernetes.default ExternalDNS: NodeName:liumengxin-ovn1-192.168.137.176 HostIP:192.168.137.176 PodName:kube-ovn-pinger-6ftdf PodIP:10.16.0.10 PodProtocols:[IPv4] ExternalAddress: NetworkMode:kube-ovn PollTimeout:2 PollInterval:15 SystemRunDir:/var/run/openvswitch DatabaseVswitchName:Open_vSwitch DatabaseVswitchSocketRemote:unix:/var/run/openvswitch/db.sock DatabaseVswitchFileDataPath:/etc/openvswitch/conf.db DatabaseVswitchFileLogPath:/var/log/openvswitch/ovsdb-server.log DatabaseVswitchFilePidPath:/var/run/openvswitch/ovsdb-server.pid DatabaseVswitchFileSystemIDPath:/etc/openvswitch/system-id.conf ServiceVswitchdFileLogPath:/var/log/openvswitch/ovs-vswitchd.log ServiceVswitchdFilePidPath:/var/run/openvswitch/ovs-vswitchd.pid ServiceOvnControllerFileLogPath:/var/log/ovn/ovn-controller.log ServiceOvnControllerFilePidPath:/var/run/ovn/ovn-controller.pid}\nI0603 10:35:04.449166 17619 exporter.go:75] liumengxin-ovn1-192.168.137.176: exporter connect successfully\nI0603 10:35:04.554011 17619 ovn.go:21] ovs-vswitchd and ovsdb are up\nI0603 10:35:04.651293 17619 ovn.go:33] ovn_controller is up\nI0603 10:35:04.651342 17619 ovn.go:39] start to check port binding\nI0603 10:35:04.749613 17619 ovn.go:135] chassis id is 1d7f3d6c-eec5-4b3c-adca-2969d9cdfd80\nI0603 10:35:04.763487 17619 ovn.go:49] port in sb is [node-liumengxin-ovn1-192.168.137.176 perf-6vxkn.default kube-state-metrics-5d6885d89-4nf8h.monitoring alertmanager-main-0.monitoring kube-ovn-pinger-6ftdf.kube-system fake-kubelet-67c55dfd89-pv86k.kube-system prometheus-k8s-0.monitoring]\nI0603 10:35:04.763583 17619 ovn.go:61] ovs and ovn-sb binding check passed\nI0603 10:35:05.049309 17619 ping.go:259] start to check apiserver connectivity\nI0603 10:35:05.053666 17619 ping.go:268] connect to apiserver success in 4.27ms\nI0603 10:35:05.053786 17619 ping.go:129] start to check pod connectivity\nI0603 10:35:05.249590 17619 ping.go:159] ping pod: kube-ovn-pinger-6ftdf 10.16.0.10, count: 3, loss count 0, average rtt 16.30ms\nI0603 10:35:05.354135 17619 ping.go:159] ping pod: kube-ovn-pinger-7twb4 10.16.63.30, count: 3, loss count 0, average rtt 1.81ms\nI0603 10:35:05.458460 17619 ping.go:159] ping pod: kube-ovn-pinger-vh2xg 10.16.0.5, count: 3, loss count 0, average rtt 1.92ms\nI0603 10:35:05.458523 17619 ping.go:83] start to check node connectivity\n
If the target of diagnose is specified as subnet, the script will create a daemonset on the subnet, and kube-ovn-pinger will detect the connectivity and network delay of all pods in this daemonset, and automatically destroy the daemonset after the test.
If the target of diagnose is specified as IPPorts, the script will let each kube-ovn-pinger pod detect whether the target protocol, IP, and Port are reachable.
"},{"location":"en/ops/kubectl-ko/#tuning-install-fastpathlocal-install-fastpathremove-fastpathinstall-sttlocal-install-sttremove-stt-centos7centos8-kernel-devel-version","title":"tuning {install-fastpath|local-install-fastpath|remove-fastpath|install-stt|local-install-stt|remove-stt} {centos7|centos8}} [kernel-devel-version]","text":"This command performs performance tuning related operations, please refer to Performance Tunning.
"},{"location":"en/ops/kubectl-ko/#reload","title":"reload","text":"This command restarts all Kube-OVN related components:
# kubectl ko reload\npod \"ovn-central-8684dd94bd-vzgcr\" deleted\nWaiting for deployment \"ovn-central\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"ovn-central\" successfully rolled out\npod \"ovs-ovn-bsnvz\" deleted\npod \"ovs-ovn-m9b98\" deleted\npod \"kube-ovn-controller-8459db5ff4-64c62\" deleted\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\npod \"kube-ovn-cni-2klnh\" deleted\npod \"kube-ovn-cni-t2jz4\" deleted\nWaiting for daemon set \"kube-ovn-cni\" rollout to finish: 0 of 2 updated pods are available...\nWaiting for daemon set \"kube-ovn-cni\" rollout to finish: 1 of 2 updated pods are available...\ndaemon set \"kube-ovn-cni\" successfully rolled out\npod \"kube-ovn-pinger-ln72z\" deleted\npod \"kube-ovn-pinger-w8lrk\" deleted\nWaiting for daemon set \"kube-ovn-pinger\" rollout to finish: 0 of 2 updated pods are available...\nWaiting for daemon set \"kube-ovn-pinger\" rollout to finish: 1 of 2 updated pods are available...\ndaemon set \"kube-ovn-pinger\" successfully rolled out\npod \"kube-ovn-monitor-7fb67d5488-7q6zb\" deleted\nWaiting for deployment \"kube-ovn-monitor\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"kube-ovn-monitor\" successfully rolled out\n
"},{"location":"en/ops/kubectl-ko/#log","title":"log","text":"Using this command will capture the logs of Kube-OVN, OVN, Openvswitch on all nodes of kube-ovn and some debug information commonly used in linux.
# kubectl ko log all\nCollecting kube-ovn logging files\nCollecting ovn logging files\nCollecting openvswitch logging files\nCollecting linux dmesg files\nCollecting linux iptables-legacy files\nCollecting linux iptables-nft files\nCollecting linux route files\nCollecting linux link files\nCollecting linux neigh files\nCollecting linux memory files\nCollecting linux top files\nCollecting linux sysctl files\nCollecting linux netstat files\nCollecting linux addr files\nCollecting linux ipset files\nCollecting linux tcp files\nCollected files have been saved in the directory /root/kubectl-ko-log\n
The directory is as follows:
# tree kubectl-ko-log/\nkubectl-ko-log/\n|-- kube-ovn-control-plane\n| |-- kube-ovn\n| | |-- kube-ovn-cni.log\n| | |-- kube-ovn-monitor.log\n| | `-- kube-ovn-pinger.log\n| |-- linux\n| | |-- addr.log\n| | |-- dmesg.log\n| | |-- ipset.log\n| | |-- iptables-legacy.log\n| | |-- iptables-nft.log\n| | |-- link.log\n| | |-- memory.log\n| | |-- neigh.log\n| | |-- netstat.log\n| | |-- route.log\n| | |-- sysctl.log\n| | |-- tcp.log\n| | `-- top.log\n| |-- openvswitch\n| | |-- ovs-vswitchd.log\n| | `-- ovsdb-server.log\n| `-- ovn\n| |-- ovn-controller.log\n| |-- ovn-northd.log\n| |-- ovsdb-server-nb.log\n| `-- ovsdb-server-sb.log\n
"},{"location":"en/ops/kubectl-ko/#perf-image","title":"perf [image]","text":"This command will test some performance indicators of Kube-OVN as follows:
- The performance indicators of the container network;
- Hostnetwork network performance indicators;
- Container network multicast packet performance indicators;
- Time required for OVN-NB, OVN-SB, and OVN-Northd leader deletion recovery. The parameter image is used to specify the image used by the performance test pod. By default, it is
kubeovn/test:v1.12.0. This parameter is mainly set for offline scenarios, and the image name may change when the image is pulled to the intranet environment.
# kubectl ko perf\n============================== Prepareing Performance Test Resources ===============================\npod/test-client created\npod/test-host-client created\npod/test-server created\npod/test-host-server created\nservice/test-server created\npod/test-client condition met\npod/test-host-client condition met\npod/test-host-server condition met\npod/test-server condition met\n====================================================================================================\n============================ Start Pod Network Unicast Performance Test ============================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 82.8 us 97.7 Mbits/sec 67.6 us (0%) 8.42 Mbits/sec\n128 85.4 us 167 Mbits/sec 67.2 us (0%) 17.2 Mbits/sec\n512 85.8 us 440 Mbits/sec 68.7 us (0%) 68.4 Mbits/sec\n1k 85.1 us 567 Mbits/sec 68.7 us (0%) 134 Mbits/sec\n4k 138 us 826 Mbits/sec 78.1 us (1.4%) 503 Mbits/sec\n====================================================================================================\n=============================== Start Host Network Performance Test ================================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 49.7 us 120 Mbits/sec 37.9 us (0%) 18.6 Mbits/sec\n128 49.7 us 200 Mbits/sec 38.1 us (0%) 35.5 Mbits/sec\n512 51.9 us 588 Mbits/sec 38.9 us (0%) 142 Mbits/sec\n1k 51.7 us 944 Mbits/sec 37.2 us (0%) 279 Mbits/sec\n4k 74.9 us 1.66 Gbits/sec 39.9 us (0%) 1.20 Gbits/sec\n====================================================================================================\n============================== Start Service Network Performance Test ==============================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 111 us 96.3 Mbits/sec 88.4 us (0%) 7.59 Mbits/sec\n128 83.7 us 150 Mbits/sec 69.2 us (0%) 16.9 Mbits/sec\n512 87.4 us 374 Mbits/sec 75.8 us (0%) 60.9 Mbits/sec\n1k 88.2 us 521 Mbits/sec 73.1 us (0%) 123 Mbits/sec\n4k 148 us 813 Mbits/sec 77.6 us (0.0044%) 451 Mbits/sec\n====================================================================================================\n=========================== Start Pod Multicast Network Performance Test ===========================\nSize UDP Latency UDP Lost Rate UDP Bandwidth\n64 0.014 ms (0.17%) 5.80 Mbits/sec\n128 0.012 ms (0%) 11.4 Mbits/sec\n512 0.016 ms (0%) 46.1 Mbits/sec\n1k 0.023 ms (0.073%) 89.8 Mbits/sec\n4k 0.035 ms (1.3%) 126 Mbits/sec\n====================================================================================================\n============================= Start Host Multicast Network Performance =============================\nSize UDP Latency UDP Lost Rate UDP Bandwidth\n64 0.007 ms (0%) 9.95 Mbits/sec\n128 0.005 ms (0%) 21.8 Mbits/sec\n512 0.008 ms (0%) 86.8 Mbits/sec\n1k 0.013 ms (0.045%) 168 Mbits/sec\n4k 0.010 ms (0.31%) 242 Mbits/sec\n====================================================================================================\n================================== Start Leader Recover Time Test ==================================\nDelete ovn central nb pod\npod \"ovn-central-5cb9c67d75-tlz9w\" deleted\nWaiting for ovn central nb pod running\n=============================== OVN nb Recovery takes 3.305236803 s ================================\nDelete ovn central sb pod\npod \"ovn-central-5cb9c67d75-szx4c\" deleted\nWaiting for ovn central sb pod running\n=============================== OVN sb Recovery takes 3.462698535 s ================================\nDelete ovn central northd pod\npod \"ovn-central-5cb9c67d75-zqmqv\" deleted\nWaiting for ovn central northd pod running\n============================= OVN northd Recovery takes 2.691291403 s ==============================\n====================================================================================================\n================================= Remove Performance Test Resource =================================\nrm -f unicast-test-client.log\nrm -f unicast-test-host-client.log\nrm -f unicast-test-client.log\nkubectl ko nbctl lb-del test-server\nrm -f multicast-test-server.log\nkubectl exec ovs-ovn-gxdrf -n kube-system -- ip maddr del 01:00:5e:00:00:64 dev eth0\nkubectl exec ovs-ovn-h57bf -n kube-system -- ip maddr del 01:00:5e:00:00:64 dev eth0\nrm -f multicast-test-host-server.log\npod \"test-client\" deleted\npod \"test-host-client\" deleted\npod \"test-host-server\" deleted\npod \"test-server\" deleted\nservice \"test-server\" deleted\n====================================================================================================\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/ops/recover-db/","title":"OVN DB Backup and Recovery","text":"This document describes how to perform database backups and how to perform cluster recovery from existing database files in different situations.
"},{"location":"en/ops/recover-db/#database-backup","title":"Database Backup","text":"The database files can be backed up for recovery in case of failure. Use the backup command of the kubectl plugin:
# kubectl ko nb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnnb_db.060223191654183154.backup\n\n# kubectl ko sb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnsb_db.060223191654183154.backup\n
"},{"location":"en/ops/recover-db/#cluster-partial-nodes-failure-recovery","title":"Cluster Partial Nodes Failure Recovery","text":"If some nodes in the cluster are working abnormally due to power failure, file system failure or lack of disk space, but the cluster is still working normally, you can recover it by following the steps below.
"},{"location":"en/ops/recover-db/#check-the-logs-to-confirm-status","title":"Check the Logs to Confirm Status","text":"Check the log in /var/log/ovn/ovn-northd.log, if it shows similar error as follows, you can make sue that there is an exception in the database:
* ovn-northd is not running\novsdb-server: ovsdb error: error reading record 2739 from OVN_Northbound log: record 2739 advances commit index to 6308 but last log index is 6307\n * Starting ovsdb-nb\n
"},{"location":"en/ops/recover-db/#kick-node-from-cluster","title":"Kick Node from Cluster","text":"Select the corresponding database for the operation based on whether the log prompt is OVN_Northbound or OVN_Southbound. The above log prompt is OVN_Northbound then for ovn-nb do the following:
# kubectl ko nb status\n9182\nName: OVN_Northbound\nCluster ID: e75f (e75fa340-49ed-45ab-990e-26cb865ebc85)\nServer ID: 9182 (9182e8dd-b5b0-4dd8-8518-598cc1e374f3)\nAddress: tcp:[10.0.128.61]:6643\nStatus: cluster member\nRole: leader\nTerm: 1454\nLeader: self\nVote: self\n\nLast Election started 1732603 ms ago, reason: timeout\nLast Election won: 1732587 ms ago\nElection timer: 1000\nLog: [7332, 12512]\nEntries not yet committed: 1\nEntries not yet applied: 1\nConnections: ->f080 <-f080 <-e631 ->e631\nDisconnections: 1\nServers:\n f080 (f080 at tcp:[10.0.129.139]:6643) next_index=12512 match_index=12510 last msg 63 ms ago\n 9182 (9182 at tcp:[10.0.128.61]:6643) (self) next_index=10394 match_index=12510\n e631 (e631 at tcp:[10.0.131.173]:6643) next_index=12512 match_index=0\n
Kick abnormal nodes from the cluster:
kubectl ko nb kick e631\n
Log in to the abnormal node and delete the database file:
mv /etc/origin/ovn/ovnnb_db.db /tmp\n
Delete the ovn-central pod of the corresponding node and wait for the cluster to recover\uff1a
kubectl delete pod -n kube-system ovn-central-xxxx\n
"},{"location":"en/ops/recover-db/#recover-when-total-cluster-failed","title":"Recover when Total Cluster Failed","text":"If the majority of the cluster nodes are broken and the leader cannot be elected, please refer to the following steps to recover.
"},{"location":"en/ops/recover-db/#stop-ovn-central","title":"Stop ovn-central","text":"Record the current replicas of ovn-central and stop ovn-central to avoid new database changes that affect recovery:
kubectl scale deployment -n kube-system ovn-central --replicas=0\n
"},{"location":"en/ops/recover-db/#select-a-backup","title":"Select a Backup","text":"As most of the nodes are damaged, the cluster needs to be rebuilt by recovering from one of the database files. If you have previously backed up the database you can use the previous backup file to restore it. If not you can use the following steps to generate a backup from an existing file.
Since the database file in the default folder is a cluster format database file containing information about the current cluster, you can't rebuild the database directly with this file, you need to use ovsdb-tool cluster-to-standalone to convert the format.
Select the first node in the ovn-central environment variable NODE_IPS to restore the database files. If the database file of the first node is corrupted, copy the file from the other machine /etc/origin/ovn to the first machine. Run the following command to generate a database file backup.
docker run -it -v /etc/origin/ovn:/etc/ovn kubeovn/kube-ovn:v1.12.13 bash\ncd /etc/ovn/\novsdb-tool cluster-to-standalone ovnnb_db_standalone.db ovnnb_db.db\novsdb-tool cluster-to-standalone ovnsb_db_standalone.db ovnsb_db.db\n
"},{"location":"en/ops/recover-db/#delete-the-database-files-on-all-ovn-central-nodes","title":"Delete the Database Files on All ovn-central Nodes","text":"In order to avoid rebuilding the cluster with the wrong data, the existing database files need to be cleaned up:
mv /etc/origin/ovn/ovnnb_db.db /tmp\nmv /etc/origin/ovn/ovnsb_db.db /tmp\n
"},{"location":"en/ops/recover-db/#recovering-database-cluster","title":"Recovering Database Cluster","text":"Rename the backup databases to ovnnb_db.db and ovnsb_db.db respectively, and copy them to the /etc/origin/ovn/ directory of the first machine in the ovn-central environment variable NODE_IPS\uff1a
mv /etc/origin/ovn/ovnnb_db_standalone.db /etc/origin/ovn/ovnnb_db.db\nmv /etc/origin/ovn/ovnsb_db_standalone.db /etc/origin/ovn/ovnsb_db.db\n
Restore the number of replicas of ovn-central\uff1a
kubectl scale deployment -n kube-system ovn-central --replicas=3\nkubectl rollout status deployment/ovn-central -n kube-system\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/architecture/","title":"Architecture","text":"This document describes the general architecture of Kube-OVN, the functionality of each component and how they interact with each other.
Overall, Kube-OVN serves as a bridge between Kubernetes and OVN, combining proven SDN with Cloud Native. This means that Kube-OVN not only implements network specifications under Kubernetes, such as CNI, Service and Networkpolicy, but also brings a large number of SDN domain capabilities to cloud-native, such as logical switches, logical routers, VPCs, gateways, QoS, ACLs and traffic mirroring.
Kube-OVN also maintains a good openness to integrate with many technology solutions, such as Cilium, Submariner, Prometheus, KubeVirt, etc.
"},{"location":"en/reference/architecture/#component-introduction","title":"Component Introduction","text":"The components of Kube-OVN can be broadly divided into three categories.
- Upstream OVN/OVS components.
- Core Controller and Agent.
- Monitoring, operation and maintenance tools and extension components.
"},{"location":"en/reference/architecture/#upstream-ovnovs-components","title":"Upstream OVN/OVS Components","text":"This type of component comes from the OVN/OVS community with specific modifications for Kube-OVN usage scenarios. OVN/OVS itself is a mature SDN system for managing virtual machines and containers, and we strongly recommend that users interested in the Kube-OVN implementation read ovn-architecture(7) first to understand what OVN is and how to integrate with it. Kube-OVN uses the northbound interface of OVN to create and coordinate virtual networks and map the network concepts into Kubernetes.
All OVN/OVS-related components have been packaged into images and are ready to run in Kubernetes.
"},{"location":"en/reference/architecture/#ovn-central","title":"ovn-central","text":"The ovn-central Deployment runs the control plane components of OVN, including ovn-nb, ovn-sb, and ovn-northd.
ovn-nb: Saves the virtual network configuration and provides an API for virtual network management. kube-ovn-controller will mainly interact with ovn-nb to configure the virtual network.ovn-sb: Holds the logical flow table generated from the logical network of ovn-nb, as well as the actual physical network state of each node.ovn-northd: translates the virtual network of ovn-nb into a logical flow table in ovn-sb.
Multiple instances of ovn-central will synchronize data via the Raft protocol to ensure high availability.
"},{"location":"en/reference/architecture/#ovs-ovn","title":"ovs-ovn","text":"ovs-ovn runs as a DaemonSet on each node, with openvswitch, ovsdb, and ovn-controller running inside the Pod. These components act as agents for ovn-central to translate logical flow tables into real network configurations.
"},{"location":"en/reference/architecture/#core-controller-and-agent","title":"Core Controller and Agent","text":"This part is the core component of Kube-OVN, serving as a bridge between OVN and Kubernetes, bridging the two systems and translating network concepts between them. Most of the core functions are implemented in these components.
"},{"location":"en/reference/architecture/#kube-ovn-controller","title":"kube-ovn-controller","text":"This component performs the translation of all resources within Kubernetes to OVN resources and acts as the control plane for the entire Kube-OVN system. The kube-ovn-controller listens for events on all resources related to network functionality and updates the logical network within the OVN based on resource changes. The main resources listened including:
Pod\uff0cService\uff0cEndpoint\uff0cNode\uff0cNetworkPolicy\uff0cVPC\uff0cSubnet\uff0cVlan\uff0cProviderNetwork\u3002
Taking the Pod event as an example, kube-ovn-controller listens to the Pod creation event, allocates the address via the built-in in-memory IPAM function, and calls ovn-central to create logical ports, static routes and possible ACL rules. Next, kube-ovn-controller writes the assigned address and subnet information such as CIDR, gateway, route, etc. to the annotation of the Pod. This annotation is then read by kube-ovn-cni and used to configure the local network.
"},{"location":"en/reference/architecture/#kube-ovn-cni","title":"kube-ovn-cni","text":"This component runs on each node as a DaemonSet, implements the CNI interface, and operates the local OVS to configure the local network.
This DaemonSet copies the kube-ovn binary to each machine as a tool for interaction between kubelet and kube-ovn-cni. This binary sends the corresponding CNI request to kube-ovn-cni for further operation. The binary will be copied to the /opt/cni/bin directory by default.
kube-ovn-cni will configure the specific network to perform the appropriate traffic operations, and the main tasks including:
- Config
ovn-controller and vswitchd. - Handle CNI Add/Del requests:
- Create or delete veth pair and bind or unbind to OVS ports.
- Configure OVS ports
- Update host iptables/ipset/route rules.
- Dynamically update the network QoS.
- Create and configure the
ovn0 NIC to connect the container network and the host network. - Configure the host NIC to implement Vlan/Underlay/EIP.
- Dynamically config inter-cluster gateways.
"},{"location":"en/reference/architecture/#monitoring-operation-and-maintenance-tools-and-extension-components","title":"Monitoring, Operation and Maintenance Tools and Extension Components","text":"These components provide monitoring, diagnostics, operations tools, and external interface to extend the core network capabilities of Kube-OVN and simplify daily operations and maintenance.
"},{"location":"en/reference/architecture/#kube-ovn-speaker","title":"kube-ovn-speaker","text":"This component is a DaemonSet running on a specific labeled nodes that publish routes to the external, allowing external access to the container directly through the Pod IP.
For more information on how to use it, please refer to BGP Support.
"},{"location":"en/reference/architecture/#kube-ovn-pinger","title":"kube-ovn-pinger","text":"This component is a DaemonSet running on each node to collect OVS status information, node network quality, network latency, etc. The monitoring metrics collected can be found in Metrics.
"},{"location":"en/reference/architecture/#kube-ovn-monitor","title":"kube-ovn-monitor","text":"This component collects OVN status information and the monitoring metrics, all metrics can be found in Metrics.
"},{"location":"en/reference/architecture/#kubectl-ko","title":"kubectl-ko","text":"This component is a kubectl plugin, which can quickly run common operations, for more usage, please refer to [kubectl plugin].(../ops/kubectl-ko.en.md)\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/dev-env/","title":"Development Setup","text":""},{"location":"en/reference/dev-env/#environmental-preparation","title":"Environmental Preparation","text":"Kube-OVN uses Golang 1.20 to develop and Go Modules to manage dependency, please check env GO111MODULE=\"on\"\u3002
gosec is used to scan for code security related issues and requires to be installed in the development environment:
go install github.com/securego/gosec/v2/cmd/gosec@latest\n
To reduce the size of the final generated image, Kube-OVN uses some of the Docker buildx experimental features, please update Docker to the latest version and enable buildx:
docker buildx create --use\n
"},{"location":"en/reference/dev-env/#build-image","title":"Build Image","text":"Use the following command to download the code and generate the image required to run Kube-OVN:
git clone https://github.com/kubeovn/kube-ovn.git\ncd kube-ovn\nmake release\n
To build an image to run in an ARM environment, run the following command:
make release-arm\n
"},{"location":"en/reference/dev-env/#building-the-base-image","title":"Building the Base Image","text":"If you need to change the operating system version, dependencies, OVS/OVN code, etc., you need to rebuild the base image.
The Dockerfile used for the base image is dist/images/Dockerfile.base.
Build instructions:
# build x86 base image\nmake base-amd64\n\n# build arm base image\nmake base-arm64\n
"},{"location":"en/reference/dev-env/#run-e2e","title":"Run E2E","text":"Kube-OVN uses KIND to build local Kubernetes cluster, j2cli to render templates, and Ginkgo to run test cases. Please refer to the relevant documentation for dependency installation.
Run E2E locally:
make kind-init\nmake kind-install\nmake e2e\n
To run the Underlay E2E test, run the following commands:
make kind-init\nmake kind-install-underlay\nmake e2e-underlay-single-nic\n
To run the ovn vpc nat gw eip, fip, snat, dnat E2E test, run the following commands:
make kind-init\nmake kind-install\nmake ovn-vpc-nat-gw-conformance-e2e\n
To run the iptables vpc nat gw eip, fip, snat, dnat E2E test, run the following commands:
make kind-init\nmake kind-install\nmake kind-install-vpc-nat-gw\nmake iptables-vpc-nat-gw-conformance-e2e\n
To run the loadbalancer service E2E test, run the following commands:
make kind-init\nmake kind-install\nmake kind-install-lb-svc\nmake kube-ovn-lb-svc-conformance-e2e\n
To clean, run the following commands:
make kind-clean\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/document-convention/","title":"Document Specification","text":"In order to ensure a consistent document style, please follow the following style guidelines when submitting documents.
"},{"location":"en/reference/document-convention/#punctuation","title":"Punctuation","text":"All punctuation in the text content in Chinese documents should use Chinese format punctuation, and all text content in English documents should use English punctuation.
BadGood Here is a one-click installation script that can help you quickly install a highly available, production-ready container network. Here is a one-click installation script that can help you quickly install a highly available, production-ready container network. English numbers and Chinese characters should be separated by spaces.
BadGood Kube-OVN provides a one-click installation script to install version 1.10 of Kube-OVN. Kube-OVN provides a one-click installation script to install version 1.10 of Kube-OVN. Example content should start with :, other sentences should end with . End.
BadGood Please confirm that the environment configuration is correct before installation Download the installation script using the command below. wget 127.0.0.1\n
Please confirm that the environment configuration is correct before installation. Download the installation script using the following command: wget 127.0.0.1\n
"},{"location":"en/reference/document-convention/#code-block","title":"Code Block","text":"yaml code blocks need to be identified as yaml.
BadGood ````\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\n````\n
````yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\n````\n
Command-line manipulation example code blocks need to be identified as bash.
BadGood ````\nwget 127.0.0.1\n````\n
````bash\nwget 127.0.0.1\n````\n
If the command line operation example contains output content, the executed command needs to start with # to distinguish input from output.
BadGood oilbeater@macdeMac-3 ~ ping 114.114.114.114 -c 3\nPING 114.114.114.114 (114.114.114.114): 56 data bytes\n64 bytes from 114.114.114.114: icmp_seq=0 ttl=83 time=10.429 ms\n64 bytes from 114.114.114.114: icmp_seq=1 ttl=79 time=11.360 ms\n64 bytes from 114.114.114.114: icmp_seq=2 ttl=76 time=10.794 ms\n\n--- 114.114.114.114 ping statistics ---\n3 packets transmitted, 3 packets received, 0.0% packet loss\nround-trip min/avg/max/stddev = 10.429/10.861/11.360/0.383 ms\n
# ping 114.114.114.114 -c 3\nPING 114.114.114.114 (114.114.114.114): 56 data bytes\n64 bytes from 114.114.114.114: icmp_seq=0 ttl=83 time=10.429 ms\n64 bytes from 114.114.114.114: icmp_seq=1 ttl=79 time=11.360 ms\n64 bytes from 114.114.114.114: icmp_seq=2 ttl=76 time=10.794 ms\n\n--- 114.114.114.114 ping statistics ---\n3 packets transmitted, 3 packets received, 0.0% packet loss\nround-trip min/avg/max/stddev = 10.429/10.861/11.360/0.383 ms\n
If the command line operation example only contains execution commands and no output results, multiple commands do not need to start with #.
BadGood # mv /etc/origin/ovn/ovnnb_db.db /tmp\n# mv /etc/origin/ovn/ovnsb_db.db /tmp\n
mv /etc/origin/ovn/ovnnb_db.db /tmp\nmv /etc/origin/ovn/ovnsb_db.db /tmp\n
"},{"location":"en/reference/document-convention/#link","title":"Link","text":"Links in the site use the corresponding md file path.
BadGood Please refer to [Preparation](http://kubeovn.github.io/prepare) before installation.\n
Please refer to [Preparation](./prepare.md) before installation.\n
BadGood If you have any questions, please refer to [Kubernetes Documentation](http://kubernetes.io).\n
If you have any questions, please refer to [Kubernetes Documentation](http://kubernetes.io){: target=\"_blank\" }.\n
"},{"location":"en/reference/document-convention/#empty-line","title":"Empty Line","text":"Different logical blocks, such as title and text, text and code, text and number need to be separated by blank lines.
BadGood Download the script below to install it:\n```bash\nwget 127.0.0.1\n```\n
Download the script below to install it:\n\n```bash\nwget 127.0.0.1\n```\n
Separate logical blocks with only one blank line.
BadGood Download the script below to install it:\n\n\n\n```bash\nwget 127.0.0.1\n```\n
Download the script below to install it:\n\n```bash\nwget 127.0.0.1\n```\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/feature-stage/","title":"Feature Stage","text":"In Kube-OVN, feature stage is classified into Alpha, Beta and GA, based on the degree of feature usage, documentation and test coverage.
"},{"location":"en/reference/feature-stage/#definition-of-stage","title":"Definition of Stage","text":"For Alpha stage functions:
- The feature is not fully documented and well tested.
- This feature may change or even be removed in the future.
- This feature API is not guaranteed to be stable and may be removed.
- Community provides low priority support for this feature and long-term support cannot be guaranteed.
- Since feature stability and long-term support cannot be guaranteed, it can be tested and verified, but is not recommended for production use.
For Beta stage functions:
- This feature is partially documented and tested, but complete coverage is not guaranteed.
- This feature may change in the future and the upgrade may affect the network, but it will not be removed as a whole.
- This feature API may change in the future and the fields may be adjusted, but not removed as a whole.
- This feature will be supported by the community in the long term.
- It can be used on non-critical services as the functionality will be supported for a long time, but it is not recommended for critical production service as there is a possibility of changes in functionality and APIs that may break the network.
For GA stage functions:
- The feature has full documentation and test coverage.
- The feature will remain stable and upgrades will be guaranteed to be smooth.
- This feature API is not subject to disruptive changes.
- This feature will be supported with high priority by the community and long-term support will be guaranteed.
"},{"location":"en/reference/feature-stage/#feature-stage-list","title":"Feature Stage List","text":"This list records the feature stages from the 1.8 release.
Feature Default Stage Since Until Namespaced Subnet true GA 1.8 Distributed Gateway true GA 1.8 Active-backup Centralized Gateway true GA 1.8 ECMP Centralized Gateway false Beta 1.8 Subnet ACL true Alpha 1.9 Subnet Isolation (Will be replaced by ACL later) true Beta 1.8 Underlay Subnet true GA 1.8 Multiple Pod Interface true Beta 1.8 Subnet DHCP false Alpha 1.10 Subnet with External Gateway false Alpha 1.8 Cluster Inter-Connection with OVN-IC false Beta 1.8 Cluster Inter-Connection with Submariner false Alpha 1.9 VIP Reservation true Alpha 1.10 Create Custom VPC true Beta 1.8 Custom VPC Floating IP/SNAT/DNAT true Alpha 1.10 Custom VPC Static Route true Alpha 1.10 Custom VPC Policy Route true Alpha 1.10 Custom VPC Security Group true Alpha 1.10 Container Bandwidth QoS true GA 1.8 linux-netem QoS true Alpha 1.9 Prometheus Integration false GA 1.8 Grafana Integration false GA 1.8 IPv4/v6 DualStack false GA 1.8 Default VPC EIP/SNAT false Beta 1.8 Traffic Mirroring false GA 1.8 NetworkPolicy true Beta 1.8 Webhook false Alpha 1.10 Performance Tunning false Beta 1.8 Interconnection with Routes in Overlay Mode false Alpha 1.8 BGP Support false Alpha 1.9 Cilium Integration false Alpha 1.10 Custom VPC Peering false Alpha 1.10 Mellanox Offload false Alpha 1.8 Corigine Offload false Alpha 1.10 Windows Support false Alpha 1.10 DPDK Support false Alpha 1.10 OpenStack Integration false Alpha 1.9 Single Pod Fixed IP/Mac true GA 1.8 Workload with Fixed IP true GA 1.8 StatefulSet with Fixed IP true GA 1.8 VM with Fixed IP false Beta 1.9 Load Balancer Type Service in Default VPC false Alpha 1.11 Load Balance in Custom VPC false Alpha 1.11 DNS in Custom VPC false Alpha 1.11 Underlay and Overlay Interconnection false Alpha 1.11 \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/iptables-rules/","title":"Iptables Rules","text":"Kube-OVN uses ipset and iptables to implement gateway NAT functionality in the default VPC overlay Subnets.
The ipset used is shown in the following table:
Name\uff08IPv4/IPv6\uff09 Type Usage ovn40services/ovn60services hash:net Service CIDR ovn40subnets/ovn60subnets hash:net Overlay Subnet CIDR and NodeLocal DNS IP address ovn40subnets-nat/ovn60subnets-nat hash:net Overlay Subnet CIDRs that enable NatOutgoing ovn40subnets-distributed-gw/ovn60subnets-distributed-gw hash:net Overlay Subnet CIDRs that use distributed gateway ovn40other-node/ovn60other-node hash:net Internal IP addresses for other Nodes ovn40local-pod-ip-nat/ovn60local-pod-ip-nat hash:ip Deprecated ovn40subnets-nat-policy hash:net All subnet cidrs configured with natOutgoingPolicyRules ovn40natpr-418e79269dc5-dst hash:net The dstIPs corresponding to the rule in natOutgoingPolicyRules ovn40natpr-418e79269dc5-src hash:net The srcIPs corresponding to the rule in natOutgoingPolicyRules The iptables rules (IPv4) used are shown in the following table:
Table Chain Rule Usage Note filter INPUT -m set --match-set ovn40services src -j ACCEPT Allow k8s service and pod traffic to pass through -- filter INPUT -m set --match-set ovn40services dst -j ACCEPT Allow k8s service and pod traffic to pass through -- filter INPUT -m set --match-set ovn40subnets src -j ACCEPT Allow k8s service and pod traffic to pass through -- filter INPUT -m set --match-set ovn40subnets dst -j ACCEPT Allow k8s service and pod traffic to pass through -- filter FORWARD -m set --match-set ovn40services src -j ACCEPT Allow k8s service and pod traffic to pass through -- filter FORWARD -m set --match-set ovn40services dst -j ACCEPT Allow k8s service and pod traffic to pass through -- filter FORWARD -m set --match-set ovn40subnets src -j ACCEPT Allow k8s service and pod traffic to pass through -- filter FORWARD -m set --match-set ovn40subnets dst -j ACCEPT Allow k8s service and pod traffic to pass through -- filter FORWARD -s 10.16.0.0/16 -m comment --comment \"ovn-subnet-gateway,ovn-default\" Used to count packets from the subnet to the external network \"10.16.0.0/16\" is the cidr of the subnet, the \"ovn-subnet-gateway\" before the \",\" in comment is used to identify the iptables rule used to count the subnet inbound and outbound gateway packets, and the \"ovn-default\" after the \",\" is the name of the subnet filter FORWARD -d 10.16.0.0/16 -m comment --comment \"ovn-subnet-gateway,ovn-default\" Used to count packets from the external network accessing the subnet \"10.16.0.0/16\" is the cidr of the subnet, the \"ovn-subnet-gateway\" before the \",\" in comment is used to identify the iptables rule used to count the subnet inbound and outbound gateway packets, and the \"ovn-default\" after the \",\" is the name of the subnet filter OUTPUT -p udp -m udp --dport 6081 -j MARK --set-xmark 0x0 Clear traffic tag to prevent SNAT UDP: bad checksum on VXLAN interface nat PREROUTING -m comment --comment \"kube-ovn prerouting rules\" -j OVN-PREROUTING Enter OVN-PREROUTING chain processing -- nat POSTROUTING -m comment --comment \"kube-ovn postrouting rules\" -j OVN-POSTROUTING Enter OVN-POSTROUTING chain processing -- nat OVN-PREROUTING -i ovn0 -m set --match-set ovn40subnets src -m set --match-set ovn40services dst -j MARK --set-xmark 0x4000/0x4000 Adding masquerade tags to Pod access service traffic Used when the built-in LB is turned off nat OVN-PREROUTING -p tcp -m addrtype --dst-type LOCAL -m set --match-set KUBE-NODE-PORT-LOCAL-TCP dst -j MARK --set-xmark 0x80000/0x80000 Add specific tags to ExternalTrafficPolicy for Local's Service traffic (TCP) Only used when kube-proxy is using ipvs mode nat OVN-PREROUTING -p udp -m addrtype --dst-type LOCAL -m set --match-set KUBE-NODE-PORT-LOCAL-UDP dst -j MARK --set-xmark 0x80000/0x80000 Add specific tags to ExternalTrafficPolicy for Local's Service traffic (UDP) Only used when kube-proxy is using ipvs mode nat OVN-POSTROUTING -m set --match-set ovn40services src -m set --match-set ovn40subnets dst -m mark --mark 0x4000/0x4000 -j SNAT --to-source Use node IP as the source address for access from node to overlay Pods via service IP\u3002 Works only when kube-proxy is using ipvs mode nat OVN-POSTROUTING -m mark --mark 0x4000/0x4000 -j MASQUERADE Perform SNAT for specific tagged traffic -- nat OVN-POSTROUTING -m set --match-set ovn40subnets src -m set --match-set ovn40subnets dst -j MASQUERADE Perform SNAT for Service traffic between Pods passing through the node -- nat OVN-POSTROUTING -m mark --mark 0x80000/0x80000 -m set --match-set ovn40subnets-distributed-gw dst -j RETURN For Service traffic where ExternalTrafficPolicy is Local, if the Endpoint uses a distributed gateway, SNAT is not required. -- nat OVN-POSTROUTING -m mark --mark 0x80000/0x80000 -j MASQUERADE For Service traffic where ExternalTrafficPolicy is Local, if the Endpoint uses a centralized gateway, SNAT is required. -- nat OVN-POSTROUTING -p tcp -m tcp --tcp-flags SYN NONE -m conntrack --ctstate NEW -j RETURN No SNAT is performed when the Pod IP is exposed to the outside world -- nat OVN-POSTROUTING -s 10.16.0.0/16 -m set ! --match-set ovn40subnets dst -j SNAT --to-source 192.168.0.101 When the Pod accesses the network outside the cluster, if the subnet is NatOutgoing and a centralized gateway with the specified IP is used, perform SNAT 10.16.0.0/16 is the Subnet CIDR\uff0c192.168.0.101 is the specified IP of gateway node nat OVN-POSTROUTING -m set --match-set ovn40subnets-nat src -m set ! --match-set ovn40subnets dst -j MASQUERADE When the Pod accesses the network outside the cluster, if NatOutgoing is enabled on the subnet, perform SNAT -- nat OVN-POSTROUTING -m set --match-set ovn40subnets-nat-policy src -m set ! --match-set ovn40subnets dst -j OVN-NAT-POLICY When Pod accesses the network outside the cluster, if natOutgoingPolicyRules is enabled on the subnet, the packet with the specified policy will perform SNAT ovn40subnets-nat-policy is all subnet segments configured with natOutgoingPolicyRules nat OVN-POSTROUTING -m mark --mark 0x90001/0x90001 -j MASQUERADE --random-fully When Pod accesses the network outside the cluster, if natOutgoingPolicyRules is enabled on the subnet, the packet with the specified policy will perform SNAT After coming out of OVN-NAT-POLICY, if it is tagged with 0x90001/0x90001, it will do SNAT nat OVN-POSTROUTING -m mark --mark 0x90002/0x90002 -j RETURN When Pod accesses the network outside the cluster, if natOutgoingPolicyRules is enabled on the subnet, the packet with the specified policy will perform SNAT After coming out of OVN-NAT-POLICY, if it is tagged with 0x90002/0x90002, it will not do SNAT nat OVN-NAT-POLICY -s 10.0.11.0/24 -m comment --comment natPolicySubnet-net1 -j OVN-NAT-PSUBNET-aa98851157c5 When Pod accesses the network outside the cluster, if natOutgoingPolicyRules is enabled on the subnet, the packet with the specified policy will perform SNAT 10.0.11.0/24 represents the CIDR of the subnet net1, and the rules under the OVN-NAT-PSUBNET-aa98851157c5 chain correspond to the natOutgoingPolicyRules configuration of this subnet nat OVN-NAT-PSUBNET-xxxxxxxxxxxx -m set --match-set ovn40natpr-418e79269dc5-src src -m set --match-set ovn40natpr-418e79269dc5-dst dst -j MARK --set-xmark 0x90002/0x90002 When Pod accesses the network outside the cluster, if natOutgoingPolicyRules is enabled on the subnet, the packet with the specified policy will perform SNAT 418e79269dc5 indicates the ID of a rule in natOutgoingPolicyRules, which can be viewed through status.natOutgoingPolicyRules[index].RuleID, indicating that srcIPs meets ovn40natpr-418e79269dc5-src, and dstIPS meets ovn40natpr-418e79269dc5- dst will be marked with tag 0x90002 mangle OVN-OUTPUT -d 10.241.39.2/32 -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x90003/0x90003 Introduce kubelet's detection traffic to tproxy with a specific mark mangle OVN-PREROUTING -d 10.241.39.2/32 -p tcp -m tcp --dport 80 -j TPROXY --on-port 8102 --on-ip 172.18.0.3 --tproxy-mark 0x90004/0x90004 Introduce kubelet's detection traffic to tproxy with a specific mark \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/kube-ovn-api/","title":"Kube-OVN API Reference","text":"Based on Kube-OVN v1.12.0, we have compiled a list of CRD resources supported by Kube-OVN, listing the types and meanings of each field of CRD definition for reference.
"},{"location":"en/reference/kube-ovn-api/#generic-condition-definition","title":"Generic Condition Definition","text":"Property Name Type Description type String Type of status status String The value of status, in the range of True, False or Unknown reason String The reason for the status change message String The specific message of the status change lastUpdateTime Time The last time the status was updated lastTransitionTime Time Time of last status type change In each CRD definition, the Condition field in Status follows the above format, so we explain it in advance.
"},{"location":"en/reference/kube-ovn-api/#subnet-definition","title":"Subnet Definition","text":""},{"location":"en/reference/kube-ovn-api/#subnet","title":"Subnet","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have this value as kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value Subnet metadata ObjectMeta Standard Kubernetes resource metadata information spec SubnetSpec Subnet specific configuration information status SubnetStatus Subnet status information"},{"location":"en/reference/kube-ovn-api/#subnetspec","title":"SubnetSpec","text":"Property Name Type Description default Bool Whether this subnet is the default subnet vpc String The vpc which the subnet belongs to, default is ovn-cluster protocol String IP protocol, the value is in the range of IPv4, IPv6 or Dual namespaces []String The list of namespaces bound to this subnet cidrBlock String The range of the subnet, e.g. 10.16.0.0/16 gateway String The gateway address of the subnet, the default value is the first available address under the CIDRBlock of the subnet excludeIps []String The range of addresses under this subnet that will not be automatically assigned provider String Default value is ovn. In the case of multiple NICs, the value is <name>.<namespace> of the NetworkAttachmentDefinition, Kube-OVN will use this information to find the corresponding subnet resource gatewayType String The gateway type in overlay mode, either distributed or centralized gatewayNode String The gateway node when the gateway mode is centralized, node names can be comma-separated natOutgoing Bool Whether the outgoing traffic is NAT externalEgressGateway String The address of the external gateway. This parameter and the natOutgoing parameter cannot be set at the same time policyRoutingPriority Uint32 Policy route priority. Used to control the forwarding of traffic to the external gateway address after the subnet gateway policyRoutingTableID Uint32 The TableID of the local policy routing table, should be different for each subnet to avoid conflicts private Bool Whether the subnet is a private subnet, which denies access to addresses inside the subnet if the subnet is private allowSubnets []String If the subnet is a private subnet, the set of addresses that are allowed to access the subnet vlan String The name of vlan to which the subnet is bound vips []String The virtual-ip parameter information for virtual type lsp on the subnet logicalGateway Bool Whether to enable logical gateway disableGatewayCheck Bool Whether to skip the gateway connectivity check when creating a pod disableInterConnection Bool Whether to enable subnet interconnection across clusters enableDHCP Bool Whether to configure dhcp configuration options for lsps belong this subnet dhcpV4Options String The DHCP_Options record associated with lsp dhcpv4_options on the subnet dhcpV6Options String The DHCP_Options record associated with lsp dhcpv6_options on the subnet enableIPv6RA Bool Whether to configure the ipv6_ra_configs parameter for the lrp port of the router connected to the subnet ipv6RAConfigs String The ipv6_ra_configs parameter configuration for the lrp port of the router connected to the subnet acls []Acl The acls record associated with the logical-switch of the subnet u2oInterconnection Bool Whether to enable interconnection mode for Overlay/Underlay enableLb *Bool Whether the logical-switch of the subnet is associated with load-balancer records enableEcmp Bool Centralized subnet, whether to enable ECMP routing"},{"location":"en/reference/kube-ovn-api/#acl","title":"Acl","text":"Property Name Type Description direction String Restrict the direction of acl, which value is from-lport or to-lport priority Int Acl priority, in the range 0 to 32767 match String Acl rule match expression action String The action of the rule, which value is in the range of allow-related, allow-stateless, allow, drop, reject"},{"location":"en/reference/kube-ovn-api/#subnetstatus","title":"SubnetStatus","text":"Property Name Type Description conditions []SubnetCondition Subnet status change information, refer to the beginning of the document for the definition of Condition v4AvailableIPs Float64 Number of available IPv4 IPs v4availableIPrange String The available range of IPv4 addresses on the subnet v4UsingIPs Float64 Number of used IPv4 IPs v4usingIPrange String Used IPv4 address ranges on the subnet v6AvailableIPs Float64 Number of available IPv6 IPs v6availableIPrange String The available range of IPv6 addresses on the subnet v6UsingIPs Float64 Number of used IPv6 IPs v6usingIPrange String Used IPv6 address ranges on the subnet sctivateGateway String The currently working gateway node in centralized subnet of master-backup mode dhcpV4OptionsUUID String The DHCP_Options record identifier associated with the lsp dhcpv4_options on the subnet dhcpV6OptionsUUID String The DHCP_Options record identifier associated with the lsp dhcpv6_options on the subnet u2oInterconnectionIP String The IP address used for interconnection when Overlay/Underlay interconnection mode is enabled"},{"location":"en/reference/kube-ovn-api/#ip-definition","title":"IP Definition","text":""},{"location":"en/reference/kube-ovn-api/#ip","title":"IP","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources are kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource have the value IP metadata ObjectMeta Standard Kubernetes resource metadata information spec IPSpec IP specific configuration information"},{"location":"en/reference/kube-ovn-api/#ipsepc","title":"IPSepc","text":"Property Name Type Description podName String Pod name which assigned with this IP namespace String The name of the namespace where the pod is bound subnet String The subnet which the ip belongs to attachSubnets []String The name of the other subnets attached to this primary IP (field deprecated) nodeName String The name of the node where the pod is bound ipAddress String IP address, in v4IP,v6IP format for dual-stack cases v4IPAddress String IPv4 IP address v6IPAddress String IPv6 IP address attachIPs []String Other IP addresses attached to this primary IP (field is deprecated) macAddress String The Mac address of the bound pod attachMacs []String Other Mac addresses attached to this primary IP (field deprecated) containerID String The Container ID corresponding to the bound pod podType String Special workload pod, can be StatefulSet, VirtualMachine or empty"},{"location":"en/reference/kube-ovn-api/#underlay-configuration","title":"Underlay configuration","text":""},{"location":"en/reference/kube-ovn-api/#vlan","title":"Vlan","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all instances of this resource will be kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value Vlan metadata ObjectMeta Standard Kubernetes resource metadata information spec VlanSpec Vlan specific configuration information status VlanStatus Vlan status information"},{"location":"en/reference/kube-ovn-api/#vlanspec","title":"VlanSpec","text":"Property Name Type Description id Int Vlan tag number, in the range of 0~4096 provider String The name of the ProviderNetwork to which the vlan is bound"},{"location":"en/reference/kube-ovn-api/#vlanstatus","title":"VlanStatus","text":"Property Name Type Description subnets []String The list of subnets to which the vlan is bound conditions []VlanCondition Vlan status change information, refer to the beginning of the document for the definition of Condition"},{"location":"en/reference/kube-ovn-api/#providernetwork","title":"ProviderNetwork","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources are kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value ProviderNetwork metadata ObjectMeta Standard Kubernetes resource metadata information spec ProviderNetworkSpec ProviderNetwork specific configuration information status ProviderNetworkStatus ProviderNetwork status information"},{"location":"en/reference/kube-ovn-api/#providernetworkspec","title":"ProviderNetworkSpec","text":"Property Name Type Description defaultInterface String The name of the NIC interface used by default for this bridge network customInterfaces []CustomInterface The special NIC configuration used by this bridge network excludeNodes []String The names of the nodes that will not be bound to this bridge network exchangeLinkName Bool Whether to exchange the bridge NIC and the corresponding OVS bridge name"},{"location":"en/reference/kube-ovn-api/#custominterface","title":"CustomInterface","text":"Property Name Type Description interface String NIC interface name used for underlay nodes []String List of nodes using the custom NIC interface"},{"location":"en/reference/kube-ovn-api/#providernetworkstatus","title":"ProviderNetworkStatus","text":"Property Name Type Description ready Bool Whether the current bridge network is in the ready state readyNodes []String The name of the node whose bridge network is ready notReadyNodes []String The name of the node whose bridge network is not ready vlans []String The name of the vlan to which the bridge network is bound conditions []ProviderNetworkCondition ProviderNetwork status change information, refer to the beginning of the document for the definition of Condition"},{"location":"en/reference/kube-ovn-api/#vpc-definition","title":"Vpc Definition","text":""},{"location":"en/reference/kube-ovn-api/#vpc","title":"Vpc","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have this value as kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value Vpc metadata ObjectMeta Standard Kubernetes resource metadata information spec VpcSpec Vpc specific configuration information status VpcStatus Vpc status information"},{"location":"en/reference/kube-ovn-api/#vpcspec","title":"VpcSpec","text":"Property Name Type Description namespaces []String List of namespaces bound by Vpc staticRoutes []*StaticRoute The static route information configured under Vpc policyRoutes []*PolicyRoute The policy route information configured under Vpc vpcPeerings []*VpcPeering Vpc interconnection information enableExternal Bool Whether vpc is connected to an external switch"},{"location":"en/reference/kube-ovn-api/#staticroute","title":"StaticRoute","text":"Property Name Type Description policy String Routing policy, takes the value of policySrc or policyDst cidr String Routing cidr value nextHopIP String The next hop information of the route"},{"location":"en/reference/kube-ovn-api/#policyroute","title":"PolicyRoute","text":"Property Name Type Description priority Int32 Priority for policy route match String Match expression for policy route action String Action for policy route, the value is in the range of allow, drop, reroute nextHopIP String The next hop of the policy route, separated by commas in the case of ECMP routing"},{"location":"en/reference/kube-ovn-api/#vpcpeering","title":"VpcPeering","text":"Property Name Type Description remoteVpc String Name of the interconnected peering vpc localConnectIP String The local ip for vpc used to connect to peer vpc"},{"location":"en/reference/kube-ovn-api/#vpcstatus","title":"VpcStatus","text":"Property Name Type Description conditions []VpcCondition Vpc status change information, refer to the beginning of the documentation for the definition of Condition standby Bool Whether the vpc creation is complete, the subnet under the vpc needs to wait for the vpc creation to complete other proceeding default Bool Whether it is the default vpc defaultLogicalSwitch String The default subnet under vpc router String The logical-router name for the vpc tcpLoadBalancer String TCP LB information for vpc udpLoadBalancer String UDP LB information for vpc tcpSessionLoadBalancer String TCP Session Hold LB Information for Vpc udpSessionLoadBalancer String UDP session hold LB information for Vpc subnets []String List of subnets for vpc vpcPeerings []String List of peer vpcs for vpc interconnection enableExternal Bool Whether the vpc is connected to an external switch"},{"location":"en/reference/kube-ovn-api/#vpcnatgateway","title":"VpcNatGateway","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources are kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value VpcNatGateway metadata ObjectMeta Standard Kubernetes resource metadata information spec VpcNatSpec Vpc gateway specific configuration information"},{"location":"en/reference/kube-ovn-api/#vpcnatspec","title":"VpcNatSpec","text":"Property Name Type Description vpc String Vpc name which the vpc gateway belongs to subnet String The name of the subnet to which the gateway pod belongs lanIp String The IP address assigned to the gateway pod selector []String Standard Kubernetes selector match information tolerations []VpcNatToleration Standard Kubernetes tolerance information"},{"location":"en/reference/kube-ovn-api/#vpcnattoleration","title":"VpcNatToleration","text":"Property Name Type Description key String The key information of the taint tolerance operator String Takes the value of Exists or Equal value String The value information of the taint tolerance effect String The effect of the taint tolerance, takes the value of NoExecute, NoSchedule, or PreferNoSchedule tolerationSeconds Int64 The amount of time the pod can continue to run on the node after the taint is added The meaning of the above tolerance fields can be found in the official Kubernetes documentation Taint and Tolerance.
"},{"location":"en/reference/kube-ovn-api/#iptableseip","title":"IptablesEIP","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have this value as kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource have the value IptablesEIP metadata ObjectMeta Standard Kubernetes resource metadata information spec IptablesEipSpec IptablesEIP specific configuration information used by vpc gateway status IptablesEipStatus IptablesEIP status information used by vpc gateway"},{"location":"en/reference/kube-ovn-api/#iptableseipspec","title":"IptablesEipSpec","text":"Property Name Type Description v4ip String IptablesEIP v4 address v6ip String IptablesEIP v6 address macAddress String The assigned mac address, not actually used natGwDp String Vpc gateway name"},{"location":"en/reference/kube-ovn-api/#iptableseipstatus","title":"IptablesEipStatus","text":"Property Name Type Description ready Bool Whether IptablesEIP is configured complete ip String The IP address used by IptablesEIP, currently only IPv4 addresses are supported redo String IptablesEIP crd creation or update time nat String The type of IptablesEIP, either fip, snat, or dnat conditions []IptablesEIPCondition IptablesEIP status change information, refer to the beginning of the documentation for the definition of Condition"},{"location":"en/reference/kube-ovn-api/#iptablesfiprule","title":"IptablesFIPRule","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have this value as kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource have the value IptablesFIPRule metadata ObjectMeta Standard Kubernetes resource metadata information spec IptablesFIPRuleSpec The IptablesFIPRule specific configuration information used by vpc gateway status IptablesFIPRuleStatus IptablesFIPRule status information used by vpc gateway"},{"location":"en/reference/kube-ovn-api/#iptablesfiprulespec","title":"IptablesFIPRuleSpec","text":"Property Name Type Description eip String Name of the IptablesEIP used for IptablesFIPRule internalIp String The corresponding internal IP address"},{"location":"en/reference/kube-ovn-api/#iptablesfiprulestatus","title":"IptablesFIPRuleStatus","text":"Property Name Type Description ready Bool Whether IptablesFIPRule is configured or not v4ip String The v4 IP address used by IptablesEIP v6ip String The v6 IP address used by IptablesEIP natGwDp String Vpc gateway name redo String IptablesFIPRule crd creation or update time conditions []IptablesFIPRuleCondition IptablesFIPRule status change information, refer to the beginning of the documentation for the definition of Condition"},{"location":"en/reference/kube-ovn-api/#iptablessnatrule","title":"IptablesSnatRule","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have this value as kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource have the value IptablesSnatRule metadata ObjectMeta Standard Kubernetes resource metadata information spec IptablesSnatRuleSpec The IptablesSnatRule specific configuration information used by the vpc gateway status IptablesSnatRuleStatus IptablesSnatRule status information used by vpc gateway"},{"location":"en/reference/kube-ovn-api/#iptablessnatrulespec","title":"IptablesSnatRuleSpec","text":"Property Name Type Description eip String Name of the IptablesEIP used by IptablesSnatRule internalIp String IptablesSnatRule's corresponding internal IP address"},{"location":"en/reference/kube-ovn-api/#iptablessnatrulestatus","title":"IptablesSnatRuleStatus","text":"Property Name Type Description ready Bool Whether the configuration is complete v4ip String The v4 IP address used by IptablesSnatRule v6ip String The v6 IP address used by IptablesSnatRule natGwDp String Vpc gateway name redo String IptablesSnatRule crd creation or update time conditions []IptablesSnatRuleCondition IptablesSnatRule status change information, refer to the beginning of the documentation for the definition of Condition"},{"location":"en/reference/kube-ovn-api/#iptablesdnatrule","title":"IptablesDnatRule","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have this value as kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource have the value IptablesDnatRule metadata ObjectMeta Standard Kubernetes resource metadata information spec IptablesDnatRuleSpec The IptablesDnatRule specific configuration information used by vpc gateway status IptablesDnatRuleStatus IptablesDnatRule status information used by vpc gateway"},{"location":"en/reference/kube-ovn-api/#iptablesdnatrulespec","title":"IptablesDnatRuleSpec","text":"Property Name Type Description eip Sting Name of IptablesEIP used by IptablesDnatRule externalPort Sting External port used by IptablesDnatRule protocol Sting Vpc gateway dnat protocol type internalIp Sting Internal IP address used by IptablesDnatRule internalPort Sting Internal port used by IptablesDnatRule"},{"location":"en/reference/kube-ovn-api/#iptablesdnatrulestatus","title":"IptablesDnatRuleStatus","text":"Property Name Type Description ready Bool Whether the configuration is complete v4ip String The v4 IP address used by IptablesDnatRule v6ip String The v6 IP address used by IptablesDnatRule natGwDp String Vpc gateway name redo String IptablesDnatRule crd creation or update time conditions []IptablesDnatRuleCondition IptablesDnatRule Status change information, refer to the beginning of the documentation for the definition of Condition"},{"location":"en/reference/kube-ovn-api/#vpcdns","title":"VpcDns","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value VpcDns metadata ObjectMeta Standard Kubernetes resource metadata information spec VpcDnsSpec VpcDns specific configuration information status VpcDnsStatus VpcDns status information"},{"location":"en/reference/kube-ovn-api/#vpcdnsspec","title":"VpcDnsSpec","text":"Property Name Type Description vpc String Name of the vpc where VpcDns is located subnet String The subnet name of the address assigned to the VpcDns pod"},{"location":"en/reference/kube-ovn-api/#vpcdnsstatus","title":"VpcDnsStatus","text":"Property Name Type Description conditions []VpcDnsCondition VpcDns status change information, refer to the beginning of the document for the definition of Condition active Bool Whether VpcDns is in use For detailed documentation on the use of VpcDns, see Customizing VPC DNS.
"},{"location":"en/reference/kube-ovn-api/#switchlbrule","title":"SwitchLBRule","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have this value as kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value SwitchLBRule metadata ObjectMeta Standard Kubernetes resource metadata information spec SwitchLBRuleSpec SwitchLBRule specific configuration information status SwitchLBRuleStatus SwitchLBRule status information"},{"location":"en/reference/kube-ovn-api/#switchlbrulespec","title":"SwitchLBRuleSpec","text":"Property Name Type Description vip String Vip address of SwitchLBRule namespace String SwitchLBRule's namespace selector []String Standard Kubernetes selector match information sessionAffinity String Standard Kubernetes service sessionAffinity value ports []SlrPort List of SwitchLBRule ports For detailed configuration information of SwitchLBRule, you can refer to Customizing VPC Internal Load Balancing.
"},{"location":"en/reference/kube-ovn-api/#slrport","title":"SlrPort","text":"Property Name Type Description name String Port name port Int32 Port number targetPort Int32 Target port of SwitchLBRule protocol String Protocol type"},{"location":"en/reference/kube-ovn-api/#switchlbrulestatus","title":"SwitchLBRuleStatus","text":"Property Name Type Description conditions []SwitchLBRuleCondition SwitchLBRule status change information, refer to the beginning of the document for the definition of Condition ports String Port information service String Name of the service"},{"location":"en/reference/kube-ovn-api/#security-group-and-vip","title":"Security Group and Vip","text":""},{"location":"en/reference/kube-ovn-api/#securitygroup","title":"SecurityGroup","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources are kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have a value of SecurityGroup metadata ObjectMeta Standard Kubernetes resource metadata information spec SecurityGroupSpec Security Group specific configuration information status SecurityGroupStatus Security group status information"},{"location":"en/reference/kube-ovn-api/#securitygroupspec","title":"SecurityGroupSpec","text":"Property Name Type Description ingressRules []*SgRule Inbound security group rules egressRules []*SgRule Outbound security group rules allowSameGroupTraffic Bool Whether lsps in the same security group can interoperate and whether traffic rules need to be updated"},{"location":"en/reference/kube-ovn-api/#sgrule","title":"SgRule","text":"Property Name Type Description ipVersion String IP version number, ipv4 or ipv6 protocol String The value of icmp, tcp, or udp priority Int Acl priority. The value range is 1-200, the smaller the value, the higher the priority. remoteType String The value is either address or securityGroup remoteAddress String The address of the other side remoteSecurityGroup String The name of security group on the other side portRangeMin Int The starting value of the port range, the minimum value is 1. portRangeMax Int The ending value of the port range, the maximum value is 65535. policy String The value is allow or drop"},{"location":"en/reference/kube-ovn-api/#securitygroupstatus","title":"SecurityGroupStatus","text":"Property Name Type Description portGroup String The name of the port-group for the security group allowSameGroupTraffic Bool Whether lsps in the same security group can interoperate, and whether the security group traffic rules need to be updated ingressMd5 String The MD5 value of the inbound security group rule egressMd5 String The MD5 value of the outbound security group rule ingressLastSyncSuccess Bool Whether the last synchronization of the inbound rule was successful egressLastSyncSuccess Bool Whether the last synchronization of the outbound rule was successful"},{"location":"en/reference/kube-ovn-api/#vip","title":"Vip","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources are kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value Vip metadata ObjectMeta Standard Kubernetes resource metadata information spec VipSpec Vip specific configuration information status VipStatus Vip status information"},{"location":"en/reference/kube-ovn-api/#vipspec","title":"VipSpec","text":"Property Name Type Description namespace String Vip's namespace subnet String Vip's subnet v4ip String Vip IPv4 ip address v6ip String Vip IPv6 ip address macAddress String Vip mac address parentV4ip String Not currently in use parentV6ip String Not currently in use parentMac String Not currently in use attachSubnets []String This field is deprecated and no longer used"},{"location":"en/reference/kube-ovn-api/#vipstatus","title":"VipStatus","text":"Property Name Type Description conditions []VipCondition Vip status change information, refer to the beginning of the documentation for the definition of Condition ready Bool Vip is ready or not v4ip String Vip IPv4 ip address, should be the same as the spec field v6ip String Vip IPv6 ip address, should be the same as the spec field mac String The vip mac address, which should be the same as the spec field pv4ip String Not currently used pv6ip String Not currently used pmac String Not currently used"},{"location":"en/reference/kube-ovn-api/#ovneip","title":"OvnEip","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources are kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value OvnEip metadata ObjectMeta Standard Kubernetes resource metadata information spec OvnEipSpec OvnEip specific configuration information for default vpc status OvnEipStatus OvnEip status information for default vpc"},{"location":"en/reference/kube-ovn-api/#ovneipspec","title":"OvnEipSpec","text":"Property Name Type Description externalSubnet String OvnEip's subnet name v4ip String OvnEip IP address macAddress String OvnEip Mac address type String OvnEip use type, the value can be fip, snat or lrp"},{"location":"en/reference/kube-ovn-api/#ovneipstatus","title":"OvnEipStatus","text":"Property Name Type Description conditions []OvnEipCondition OvnEip status change information, refer to the beginning of the documentation for the definition of Condition v4ip String The IPv4 ip address used by ovnEip macAddress String Mac address used by ovnEip"},{"location":"en/reference/kube-ovn-api/#ovnfip","title":"OvnFip","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources are kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value OvnFip metadata ObjectMeta Standard Kubernetes resource metadata information spec OvnFipSpec OvnFip specific configuration information in default vpc status OvnFipStatus OvnFip status information in default vpc"},{"location":"en/reference/kube-ovn-api/#ovnfipspec","title":"OvnFipSpec","text":"Property Name Type Description ovnEip String Name of the bound ovnEip ipName String The IP crd name corresponding to the bound Pod"},{"location":"en/reference/kube-ovn-api/#ovnfipstatus","title":"OvnFipStatus","text":"Property Name Type Description ready Bool OvnFip is ready or not v4Eip String Name of the ovnEip to which ovnFip is bound v4Ip String The ovnEip address currently in use macAddress String OvnFip's configured mac address vpc String The name of the vpc where ovnFip is located conditions []OvnFipCondition OvnFip status change information, refer to the beginning of the document for the definition of Condition"},{"location":"en/reference/kube-ovn-api/#ovnsnatrule","title":"OvnSnatRule","text":"Property Name Type Description apiVersion String Standard Kubernetes version information field, all custom resources have kubeovn.io/v1 kind String Standard Kubernetes resource type field, all instances of this resource will have the value OvnSnatRule metadata ObjectMeta Standard Kubernetes resource metadata information spec OvnSnatRuleSpec OvnSnatRule specific configuration information in default vpc status OvnSnatRuleStatus OvnSnatRule status information in default vpc"},{"location":"en/reference/kube-ovn-api/#ovnsnatrulespec","title":"OvnSnatRuleSpec","text":"Property Name Type Description ovnEip String Name of the ovnEip to which ovnSnatRule is bound vpcSubnet String The name of the subnet configured by ovnSnatRule ipName String The IP crd name corresponding to the ovnSnatRule bound Pod"},{"location":"en/reference/kube-ovn-api/#ovnsnatrulestatus","title":"OvnSnatRuleStatus","text":"Property Name Type Description ready Bool OvnSnatRule is ready or not v4Eip String The ovnEip address to which ovnSnatRule is bound v4IpCidr String The cidr address used to configure snat in the logical-router vpc String The name of the vpc where ovnSnatRule is located conditions []OvnSnatRuleCondition OvnSnatRule status change information, refer to the beginning of the document for the definition of Condition \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/kube-ovn-pinger-args/","title":"Kube-OVN-Pinger args Reference","text":"Based on the Kube-OVN v1.12.0 version, We have compiled the parameters supported by Kube-ovn-pinger, and listed the value types, meanings, and default values of each field defined by the parameters for reference
"},{"location":"en/reference/kube-ovn-pinger-args/#args-describeption","title":"Args Describeption","text":"Arg Name Type Description Default Value port Int metrics port 8080 kubeconfig String Path to kubeconfig file with authorization and master location information. If not set use the inCluster token. \"\" ds-namespace String kube-ovn-pinger daemonset namespace \"kube-system\" ds-name String kube-ovn-pinger daemonset name \"kube-ovn-pinger\" interval Int interval seconds between consecutive pings 5 mode String server or job Mode \"server\" exit-code Int exit code when failure happens 0 internal-dns String check dns from pod \"kubernetes.default\" external-dns String check external dns resolve from pod \"\" external-address String check ping connection to an external address \"114.114.114.114\" network-mode String The cni plugin current cluster used \"kube-ovn\" enable-metrics Bool Whether to support metrics query true ovs.timeout Int Timeout on JSON-RPC requests to OVS. 2 system.run.dir String OVS default run directory. \"/var/run/openvswitch\" database.vswitch.name String The name of OVS db. \"Open_vSwitch\" database.vswitch.socket.remote String JSON-RPC unix socket to OVS db. \"unix:/var/run/openvswitch/db.sock\" database.vswitch.file.data.path String OVS db file. \"/etc/openvswitch/conf.db\" database.vswitch.file.log.path String OVS db log file. \"/var/log/openvswitch/ovsdb-server.log\" database.vswitch.file.pid.path String OVS db process id file. \"/var/run/openvswitch/ovsdb-server.pid\" database.vswitch.file.system.id.path String OVS system id file. \"/etc/openvswitch/system-id.conf\" service.vswitchd.file.log.path String OVS vswitchd daemon log file. \"/var/log/openvswitch/ovs-vswitchd.log\" service.vswitchd.file.pid.path String OVS vswitchd daemon process id file. \"/var/run/openvswitch/ovs-vswitchd.pid\" service.ovncontroller.file.log.path String OVN controller daemon log file. \"/var/log/ovn/ovn-controller.log\" service.ovncontroller.file.pid.path String OVN controller daemon process id file. \"/var/run/ovn/ovn-controller.pid\" \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/metrics/","title":"Metrics","text":"This document lists all the monitoring metrics provided by Kube-OVN.
"},{"location":"en/reference/metrics/#ovn-monitor","title":"ovn-monitor","text":"OVN status metrics:
Type Metric Description Gauge kube_ovn_ovn_status OVN Health Status. The values are: (2) for standby or follower, (1) for active or leader, (0) for unhealthy. Gauge kube_ovn_failed_req_count The number of failed requests to OVN stack. Gauge kube_ovn_log_file_size The size of a log file associated with an OVN component. Gauge kube_ovn_db_file_size The size of a database file associated with an OVN component. Gauge kube_ovn_chassis_info Whether the OVN chassis is up (1) or down (0), together with additional information about the chassis. Gauge kube_ovn_db_status The status of OVN NB/SB DB, (1) for healthy, (0) for unhealthy. Gauge kube_ovn_logical_switch_info The information about OVN logical switch. This metric is always up (1). Gauge kube_ovn_logical_switch_external_id Provides the external IDs and values associated with OVN logical switches. This metric is always up (1). Gauge kube_ovn_logical_switch_port_binding Provides the association between a logical switch and a logical switch port. This metric is always up (1). Gauge kube_ovn_logical_switch_tunnel_key The value of the tunnel key associated with the logical switch. Gauge kube_ovn_logical_switch_ports_num The number of logical switch ports connected to the OVN logical switch. Gauge kube_ovn_logical_switch_port_info The information about OVN logical switch port. This metric is always up (1). Gauge kube_ovn_logical_switch_port_tunnel_key The value of the tunnel key associated with the logical switch port. Gauge kube_ovn_cluster_enabled Is OVN clustering enabled (1) or not (0). Gauge kube_ovn_cluster_role A metric with a constant '1' value labeled by server role. Gauge kube_ovn_cluster_status A metric with a constant '1' value labeled by server status. Gauge kube_ovn_cluster_term The current raft term known by this server. Gauge kube_ovn_cluster_leader_self Is this server consider itself a leader (1) or not (0). Gauge kube_ovn_cluster_vote_self Is this server voted itself as a leader (1) or not (0). Gauge kube_ovn_cluster_election_timer The current election timer value. Gauge kube_ovn_cluster_log_not_committed The number of log entries not yet committed by this server. Gauge kube_ovn_cluster_log_not_applied The number of log entries not yet applied by this server. Gauge kube_ovn_cluster_log_index_start The log entry index start value associated with this server. Gauge kube_ovn_cluster_log_index_next The log entry index next value associated with this server. Gauge kube_ovn_cluster_inbound_connections_total The total number of inbound connections to the server. Gauge kube_ovn_cluster_outbound_connections_total The total number of outbound connections from the server. Gauge kube_ovn_cluster_inbound_connections_error_total The total number of failed inbound connections to the server. Gauge kube_ovn_cluster_outbound_connections_error_total The total number of failed outbound connections from the server."},{"location":"en/reference/metrics/#ovs-monitor","title":"ovs-monitor","text":"ovsdb and vswitchd status metrics:
Type Metric Description Gauge ovs_status OVS Health Status. The values are: health(1), unhealthy(0). Gauge ovs_info This metric provides basic information about OVS. It is always set to 1. Gauge failed_req_count The number of failed requests to OVS stack. Gauge log_file_size The size of a log file associated with an OVS component. Gauge db_file_size The size of a database file associated with an OVS component. Gauge datapath Represents an existing datapath. This metrics is always 1. Gauge dp_total Represents total number of datapaths on the system. Gauge dp_if Represents an existing datapath interface. This metrics is always 1. Gauge dp_if_total Represents the number of ports connected to the datapath. Gauge dp_flows_total The number of flows in a datapath. Gauge dp_flows_lookup_hit The number of incoming packets in a datapath matching existing flows in the datapath. Gauge dp_flows_lookup_missed The number of incoming packets in a datapath not matching any existing flow in the datapath. Gauge dp_flows_lookup_lost The number of incoming packets in a datapath destined for userspace process but subsequently dropped before reaching userspace. Gauge dp_masks_hit The total number of masks visited for matching incoming packets. Gauge dp_masks_total The number of masks in a datapath. Gauge dp_masks_hit_ratio The average number of masks visited per packet. It is the ration between hit and total number of packets processed by a datapath. Gauge interface Represents OVS interface. This is the primary metric for all other interface metrics. This metrics is always 1. Gauge interface_admin_state The administrative state of the physical network link of OVS interface. The values are: down(0), up(1), other(2). Gauge interface_link_state The state of the physical network link of OVS interface. The values are: down(0), up(1), other(2). Gauge interface_mac_in_use The MAC address in use by OVS interface. Gauge interface_mtu The currently configured MTU for OVS interface. Gauge interface_of_port Represents the OpenFlow port ID associated with OVS interface. Gauge interface_if_index Represents the interface index associated with OVS interface. Gauge interface_tx_packets Represents the number of transmitted packets by OVS interface. Gauge interface_tx_bytes Represents the number of transmitted bytes by OVS interface. Gauge interface_rx_packets Represents the number of received packets by OVS interface. Gauge interface_rx_bytes Represents the number of received bytes by OVS interface. Gauge interface_rx_crc_err Represents the number of CRC errors for the packets received by OVS interface. Gauge interface_rx_dropped Represents the number of input packets dropped by OVS interface. Gauge interface_rx_errors Represents the total number of packets with errors received by OVS interface. Gauge interface_rx_frame_err Represents the number of frame alignment errors on the packets received by OVS interface. Gauge interface_rx_missed_err Represents the number of packets with RX missed received by OVS interface. Gauge interface_rx_over_err Represents the number of packets with RX overrun received by OVS interface. Gauge interface_tx_dropped Represents the number of output packets dropped by OVS interface. Gauge interface_tx_errors Represents the total number of transmit errors by OVS interface. Gauge interface_collisions Represents the number of collisions on OVS interface."},{"location":"en/reference/metrics/#kube-ovn-pinger","title":"kube-ovn-pinger","text":"Network quality related metrics:
Type Metric Description Gauge pinger_ovs_up If the ovs on the node is up Gauge pinger_ovs_down If the ovs on the node is down Gauge pinger_ovn_controller_up If the ovn_controller on the node is up Gauge pinger_ovn_controller_down If the ovn_controller on the node is down Gauge pinger_inconsistent_port_binding The number of mismatch port bindings between ovs and ovn-sb Gauge pinger_apiserver_healthy If the apiserver request is healthy on this node Gauge pinger_apiserver_unhealthy If the apiserver request is unhealthy on this node Histogram pinger_apiserver_latency_ms The latency ms histogram the node request apiserver Gauge pinger_internal_dns_healthy If the internal dns request is unhealthy on this node Gauge pinger_internal_dns_unhealthy If the internal dns request is unhealthy on this node Histogram pinger_internal_dns_latency_ms The latency ms histogram the node request internal dns Gauge pinger_external_dns_health If the external dns request is healthy on this node Gauge pinger_external_dns_unhealthy If the external dns request is unhealthy on this node Histogram pinger_external_dns_latency_ms The latency ms histogram the node request external dns Histogram pinger_pod_ping_latency_ms The latency ms histogram for pod peer ping Gauge pinger_pod_ping_lost_total The lost count for pod peer ping Gauge pinger_pod_ping_count_total The total count for pod peer ping Histogram pinger_node_ping_latency_ms The latency ms histogram for pod ping node Gauge pinger_node_ping_lost_total The lost count for pod ping node Gauge pinger_node_ping_count_total The total count for pod ping node Histogram pinger_external_ping_latency_ms The latency ms histogram for pod ping external address Gauge pinger_external_lost_total The lost count for pod ping external address"},{"location":"en/reference/metrics/#kube-ovn-controller","title":"kube-ovn-controller","text":"kube-ovn-controller status metrics\uff1a
Type Metric Description Histogram rest_client_request_latency_seconds Request latency in seconds. Broken down by verb and URL Counter rest_client_requests_total Number of HTTP requests, partitioned by status code, method, and host Counter lists_total Total number of API lists done by the reflectors Summary list_duration_seconds How long an API list takes to return and decode for the reflectors Summary items_per_list How many items an API list returns to the reflectors Counter watches_total Total number of API watches done by the reflectors Counter short_watches_total Total number of short API watches done by the reflectors Summary watch_duration_seconds How long an API watch takes to return and decode for the reflectors Summary items_per_watch How many items an API watch returns to the reflectors Gauge last_resource_version Last resource version seen for the reflectors Histogram ovs_client_request_latency_milliseconds The latency histogram for ovs request Gauge subnet_available_ip_count The available num of ip address in subnet Gauge subnet_used_ip_count The used num of ip address in subnet"},{"location":"en/reference/metrics/#kube-ovn-cni","title":"kube-ovn-cni","text":"kube-ovn-cni status metrics:
Type Metric Description Histogram cni_op_latency_seconds The latency seconds for cni operations Counter cni_wait_address_seconds_total Latency that cni wait controller to assign an address Counter cni_wait_connectivity_seconds_total Latency that cni wait address ready in overlay network Counter cni_wait_route_seconds_total Latency that cni wait controller to add routed annotation to pod Histogram rest_client_request_latency_seconds Request latency in seconds. Broken down by verb and URL Counter rest_client_requests_total Number of HTTP requests, partitioned by status code, method, and host Counter lists_total Total number of API lists done by the reflectors Summary list_duration_seconds How long an API list takes to return and decode for the reflectors Summary items_per_list How many items an API list returns to the reflectors Counter watches_total Total number of API watches done by the reflectors Counter short_watches_total Total number of short API watches done by the reflectors Summary watch_duration_seconds How long an API watch takes to return and decode for the reflectors Summary items_per_watch How many items an API watch returns to the reflectors Gauge last_resource_version Last resource version seen for the reflectors Histogram ovs_client_request_latency_milliseconds The latency histogram for ovs request \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/ovs-ovn-customized/","title":"OVS/OVN Customization","text":"Upstream OVN/OVS was originally designed with the goal of a general purpose SDN controller and data plane. Due to some specific usage of the Kubernetes network,Kube-OVN only focused on part of the features. In order to achieve better performance, stability and specific features, Kube-OVN has made some modifications to the upstream OVN/OVS. Users using their own OVN/OVS with Kube-OVN controllers need to be aware of the possible impact of the following changes:
Did not merge into the upstream modification.
- 38df6fa3f7 Adjust the election timer to avoid large-scale cluster election jitter.
- d4888c4e75 add fdb update logging.
- d4888c4e75 fdb: fix mac learning in environments with hairpin enabled.
- 9a81b91368 ovsdb-tool: add optional server id parameter for \"join-cluster\" command.
- 0700cb90f9 Destination non-service traffic bypasses conntrack to improve performance on a particular data path.
- c48049a64f ECMP algorithm is adjusted from
dp_hash to hash to avoid the hash error problem in some kernels. - 64383c14a9 Fix kernel Crash issue under Windows.
- 08a95db2ca Support for github action builds on Windows.
- 680e77a190 Windows uses tcp listening by default.
- 05e57b3227 add support for windows.
- 0181b68be1 br-int controller: listen on 127.0.0.1:6653 by default.
- b3801ecb73 modify src route priority.
- 977e569539 fix reaching resubmit limit in underlay.
- 45a4a22161 ovn-nbctl: do not remove LB if vips is empty.
- 540592b9ff Replaces the Mac address as the destination address after DNAT to reduce additional performance overhead.
- 10972d9632 Fix vswitchd ofport_usage memory leak.
Merged into upstream modification:
- 20626ea909 Multicast traffic bypasses LB and ACL processing stages to improve specific data path performance.
- a2d9ff3ccd Deb build adds compile optimization options.
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/tunnel-protocol/","title":"Tunnel Protocol Selection","text":"Kube-OVN uses OVN/OVS as the data plane implementation and currently supports Geneve, Vxlan and STT tunnel encapsulation protocols. These three protocols differ in terms of functionality, performance and ease of use. This document will describe the differences in the use of the three protocols so that users can choose according to their situation.
"},{"location":"en/reference/tunnel-protocol/#geneve","title":"Geneve","text":"The Geneve protocol is the default tunneling protocol selected during Kube-OVN deployment and is also the default recommended tunneling protocol for OVN. This protocol is widely supported in the kernel and can be accelerated using the generic offload capability of modern NICs. Since Geneve has a variable header, it is possible to use 24bit space to mark different datapaths users can create a larger number of virtual networks.
If you are using Mellanox or Corigine SmartNIC OVS offload, Geneve requires a higher kernel version. Upstream kernel of 5.4 or higher, or other compatible kernels that backports this feature.
Due to the use of UDP encapsulation, this protocol does not make good use of the TCP-related offloads of modern NICs when handling TCP over UDP, and consumes more CPU resources when handling large packets.
"},{"location":"en/reference/tunnel-protocol/#vxlan","title":"Vxlan","text":"Vxlan is a recently supported protocol in the upstream OVN, which is widely supported in the kernel and can be accelerated using the common offload capabilities of modern NICs. Due to the limited length of the protocol header and the additional space required for OVN orchestration, there is a limit to the number of datapaths that can be created, with a maximum of 4096 datapaths and a maximum of 4096 ports under each datapath. Also, inport-based ACLs are not supported due to header length limitations.
Vxlan offloading is supported in common kernels if using Mellanox or Corigine SmartNIC.
Due to the use of UDP encapsulation, this protocol does not make good use of the TCP-related offloads of modern NICs when handling TCP over UDP, and consumes more CPU resources when handling large packets.
"},{"location":"en/reference/tunnel-protocol/#stt","title":"STT","text":"The STT protocol is an early tunneling protocol supported by the OVN that uses TCP-like headers to take advantage of the TCP offload capabilities common to modern NICs and significantly increase TCP throughput. The protocol also has a long header to support full OVN capabilities and large-scale datapaths.
This protocol is not supported in the kernel. To use it, you need to compile an additional OVS kernel module and recompile the new version of the kernel module when upgrading the kernel.
This protocol is not currently supported by the SmartNic and cannot use the offloading capability of OVS offloading.
"},{"location":"en/reference/tunnel-protocol/#references","title":"References","text":" - https://ipwithease.com/vxlan-vs-geneve-understand-the-difference/
- OVN FAQ
- What is Geneve
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/reference/underlay-topology/","title":"Underlay Traffic Topology","text":"This document describes the forwarding path of traffic in Underlay mode under different scenarios.
"},{"location":"en/reference/underlay-topology/#pods-in-same-node-and-same-subnet","title":"Pods in Same Node and Same Subnet","text":"Internal logical switches exchange packets directly, without access to the external network.
"},{"location":"en/reference/underlay-topology/#pods-in-different-nodes-and-same-subnet","title":"Pods in Different Nodes and Same Subnet","text":"Packets enter the physic switch via the node NIC and are exchanged by the physic switch.
"},{"location":"en/reference/underlay-topology/#pods-in-same-node-and-different-subnets","title":"Pods in Same Node and Different Subnets","text":"Packets enter the physic network via the node NIC and are exchanged and routed and forwarded by physic switches and routers.
Here br-provider-1 and br-provider-2 can be the same OVS bridge\uff0cmultiple subnet can share a Provider Network\u3002
"},{"location":"en/reference/underlay-topology/#pods-in-different-nodes-and-different-subnets","title":"Pods in Different Nodes and Different Subnets","text":"Packets enter the physic network via the node NIC and are exchanged and routed and forwarded by physic switches and routers.
"},{"location":"en/reference/underlay-topology/#access-to-external","title":"Access to External","text":"Packets enter the physic network via the node NIC and are exchanged and routed and forwarded by physic switches and routers.
The communication between nodes and Pods follows the same logic.
"},{"location":"en/reference/underlay-topology/#overview-without-vlan-tag","title":"Overview without Vlan Tag","text":""},{"location":"en/reference/underlay-topology/#overview-with-vlan-tag","title":"Overview with Vlan Tag","text":""},{"location":"en/reference/underlay-topology/#pod-visit-service-ip","title":"Pod visit Service IP","text":"Kube-OVN configures load balancing for each Kubernetes Service on a logical switch on each subnet. When a Pod accesses other Pods by accessing the Service IP, a network packet is constructed with the Service IP as the destination address and the MAC address of the gateway as the destination MAC address. After the network packet enters the logical switch, load balancing will intercept and DNAT the network packet to modify the destination IP and port to the IP and port of one of the Endpoint corresponding to the Service. Since the logical switch does not modify the Layer 2 destination MAC address of the network packet, the network packet will still be delivered to the physic gateway after entering the physic switch, and the physic gateway will be required to forward the network packet.
"},{"location":"en/reference/underlay-topology/#service-backend-is-the-same-node-and-same-subnet-pod","title":"Service Backend is the Same Node and Same Subnet Pod","text":""},{"location":"en/reference/underlay-topology/#service-backend-is-the-same-node-and-different-subnets-pod","title":"Service Backend is the Same Node and Different Subnets Pod","text":" \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/start/one-step-install/","title":"One-Click Installation","text":"Kube-OVN provides a one-click installation script to help you quickly install a highly available, production-ready Kube-OVN container network with Overlay networking by default.
Helm Chart installation is supported since Kube-OVN v1.12.0, and the default deployment is Overlay networking.
If you need Underlay/Vlan networking as the default container network\uff0cplease read Underlay Installation
Before installation please read Prerequisites first to make sure the environment is ready.
"},{"location":"en/start/one-step-install/#script-installation","title":"Script Installation","text":""},{"location":"en/start/one-step-install/#download-the-installation-script","title":"Download the installation script","text":"We recommend using the stable release version for production environments, please use the following command to download:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
If you are interested in the latest features of the master branch, please use the following command to download:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/images/install.sh\n
"},{"location":"en/start/one-step-install/#modify-configuration-options","title":"Modify Configuration Options","text":"Open the script using the editor and change the following variables to the expected:
REGISTRY=\"kubeovn\" # Image Repo \nVERSION=\"v1.12.13\" # Image Tag\nPOD_CIDR=\"10.16.0.0/16\" # Default subnet CIDR don't overlay with SVC/NODE/JOIN CIDR\nSVC_CIDR=\"10.96.0.0/12\" # Be consistent with apiserver's service-cluster-ip-range\nJOIN_CIDR=\"100.64.0.0/16\" # Pod/Host communication Subnet CIDR, don't overlay with SVC/NODE/POD CIDR\nLABEL=\"node-role.kubernetes.io/master\" # The node label to deploy OVN DB\nIFACE=\"\" # The name of the host NIC used by the container network, or if empty use the NIC that host Node IP in Kubernetes\nTUNNEL_TYPE=\"geneve\" # Tunnel protocol\uff0cavailable options: geneve, vxlan or stt. stt requires compilation of ovs kernel module\n
You can also use regular expression to math NIC names\uff0csuch as IFACE=enp6s0f0,eth.*.
"},{"location":"en/start/one-step-install/#run-the-script","title":"Run the Script","text":"bash install.sh
Wait Kube-OVN ready.
"},{"location":"en/start/one-step-install/#helm-chart-installation","title":"Helm Chart Installation","text":"Since the installation of Kube-OVN requires setting some parameters, to install Kube-OVN using Helm, you need to follow the steps below.
"},{"location":"en/start/one-step-install/#view-the-node-ip-address","title":"View the node IP address","text":"$ kubectl get node -o wide\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\nkube-ovn-control-plane NotReady control-plane 20h v1.26.0 172.18.0.3 <none> Ubuntu 22.04.1 LTS 5.10.104-linuxkit containerd://1.6.9\nkube-ovn-worker NotReady <none> 20h v1.26.0 172.18.0.2 <none> Ubuntu 22.04.1 LTS 5.10.104-linuxkit containerd://1.6.9\n
"},{"location":"en/start/one-step-install/#remove-cluster-master-node-taint","title":"Remove cluster master node taint","text":"$ kubectl taint node kube-ovn-control-plane node-role.kubernetes.io/control-plane:NoSchedule-\nnode/kube-ovn-control-plane untainted\n
This step can be skipped if you are sure that you do not need to schedule the pod at the master node.
"},{"location":"en/start/one-step-install/#add-label-to-node","title":"Add label to node","text":"$ kubectl label node -lbeta.kubernetes.io/os=linux kubernetes.io/os=linux --overwrite\nnode/kube-ovn-control-plane not labeled\nnode/kube-ovn-worker not labeled\n\n$ kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=master --overwrite\nnode/kube-ovn-control-plane labeled\n\n# The following labels are used for the installation of dpdk images and can be ignored in non-dpdk cases\n$ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel --overwrite\nnode/kube-ovn-control-plane labeled\nnode/kube-ovn-worker labeled\n
"},{"location":"en/start/one-step-install/#add-helm-repo-information","title":"Add Helm Repo information","text":"$ helm repo add kubeovn https://kubeovn.github.io/kube-ovn/\n\"kubeovn\" has been added to your repositories\n\n$ helm repo list\nNAME URL\nkubeovn https://kubeovn.github.io/kube-ovn/\n\n$ helm search repo kubeovn\nNAME CHART VERSION APP VERSION DESCRIPTION\nkubeovn/kube-ovn 0.1.0 1.12.0 Helm chart for Kube-OVN\n
"},{"location":"en/start/one-step-install/#run-helm-install-to-install-kube-ovn","title":"Run helm install to install Kube-OVN","text":"The Node0IP, Node1IP, and Node2IP parameters are the IP addresses of the cluster master nodes, respectively. For other parameters, you can refer to the variable definitions in the values.yaml file.
# Single master node environment install\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=${Node0IP}\n\n# Using the node information above as an example, execute the install command\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=172.18.0.3\nNAME: kube-ovn\nLAST DEPLOYED: Fri Mar 31 12:43:43 2023\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\n\n# Highly Available Cluster Installation\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=${Node0IP}\\,${Node1IP}\\,${Node2IP} --set replicaCount=3\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/start/prepare/","title":"Prerequisites","text":"Kube-OVN is a CNI-compliant network system that depends on the Kubernetes environment and the corresponding kernel network module for its operation. Below are the operating system and software versions tested, the environment configuration and the ports that need to be opened.
"},{"location":"en/start/prepare/#software-version","title":"Software Version","text":" - Kubernetes >= 1.23.
- Docker >= 1.12.6, Containerd >= 1.3.4.
- OS: CentOS 7/8, Ubuntu 16.04/18.04/20.04.
- For other Linux distributions, please make sure
geneve, openvswitch, ip_tables and iptable_nat kernel modules exist.
Attention\uff1a
- For CentOS kernel version 3.10.0-862 bug exists in
netfilter modules that lead Kube-OVN embed nat and lb failure.Please update kernel and check Floating IPs broken after kernel upgrade to Centos/RHEL 7.5 - DNAT not working. - Kernel version 4.18.0-372.9.1.el8.x86_64 in Rocky Linux 8.6 has a TCP connection problem TCP connection failed in Rocky Linux 8.6\uff0cplease update kernel to 4.18.0-372.13.1.el8_6.x86_64 or later\u3002
- For kernel version 4.4, the related
openvswitch module has some issues for ct\uff0cplease update kernel version or manually compile openvswitch kernel module. - When building Geneve tunnel IPv6 in kernel should be enabled\uff0ccheck the kernel bootstrap options with
cat /proc/cmdline.Check Geneve tunnels don't work when ipv6 is disabled for the detail bug info.
"},{"location":"en/start/prepare/#environment-setup","title":"Environment Setup","text":" - Kernel should enable IPv6, if kernel bootstrap options contain
ipv6.disable=1, it should be set to 0. kube-proxy works, Kube-OVN can visit kube-apiserver from Service ClusterIP.- Make sure kubelet enabled
CNI and find cni-bin and cni-conf in default directories, kubelet bootstrap options should contain --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-conf-dir=/etc/cni/net.d. - Make sure no other CNI installed or has been removed\uff0ccheck if any config files still exist in
/etc/cni/net.d/.
"},{"location":"en/start/prepare/#ports-need-open","title":"Ports Need Open","text":"Component Port Usage ovn-central 6641/tcp, 6642/tcp, 6643/tcp, 6644/tcp ovn-db and raft server listen ports ovs-ovn Geneve 6081/udp, STT 7471/tcp, Vxlan 4789/udp tunnel ports kube-ovn-controller 10660/tcp metrics port kube-ovn-daemon 10665/tcp metrics port kube-ovn-monitor 10661/tcp metrics port \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/start/sealos-install/","title":"One-Click Deployment of Kubernetes and Kube-OVN with sealos","text":"sealos, a distribution of Kubernetes, helps users quickly initialize a container cluster from scratch. By using sealos, users can deploy a Kubernetes cluster with Kube-OVN installed in minutes with a single command.
"},{"location":"en/start/sealos-install/#download-sealos","title":"Download sealos","text":"AMD64 ARM64 wget https://github.com/labring/sealos/releases/download/v4.0.0/sealos_4.0.0_linux_amd64.tar.gz \\\n && tar zxvf sealos_4.0.0_linux_amd64.tar.gz sealos && chmod +x sealos && mv sealos /usr/bin\n
wget https://github.com/labring/sealos/releases/download/v4.0.0/sealos_4.0.0_linux_arm64.tar.gz \\\n && tar zxvf sealos_4.0.0_linux_arm64.tar.gz sealos && chmod +x sealos && mv sealos /usr/bin\n
"},{"location":"en/start/sealos-install/#deploy-kubernetes-and-kube-ovn","title":"Deploy Kubernetes and Kube-OVN","text":"```bash\nsealos run labring/kubernetes:v1.24.3 labring/kube-ovn:v1.10.5 \\\n --masters [masters ips seperated by comma] \\\n --nodes [nodes ips seperated by comma] -p [your-ssh-passwd]\n```\n
"},{"location":"en/start/sealos-install/#wait-to-finish","title":"Wait to finish","text":"```bash\n[Step 6/6] Finish\n\n ,,,,\n ,::,\n ,,::,,,,\n ,,,,,::::::::::::,,,,,\n ,,,::::::::::::::::::::::,,,\n ,,::::::::::::::::::::::::::::,,\n ,,::::::::::::::::::::::::::::::::,,\n ,::::::::::::::::::::::::::::::::::::,\n ,:::::::::::::,, ,,:::::,,,::::::::::,\n ,,:::::::::::::, ,::, ,:::::::::,\n ,:::::::::::::, :x, ,:: :, ,:::::::::,\n,:::::::::::::::, ,,, ,::, ,, ,::::::::::,\n,:::::::::::::::::,,,,,,:::::,,,,::::::::::::, ,:, ,:, ,xx, ,:::::, ,:, ,:: :::, ,x\n,::::::::::::::::::::::::::::::::::::::::::::, :x: ,:xx: , :xx, :xxxxxxxxx, :xx, ,xx:,xxxx, :x\n,::::::::::::::::::::::::::::::::::::::::::::, :xxxxx:, ,xx, :x: :xxx:x::, ::xxxx: :xx:, ,:xxx :xx, ,xx: ,xxxxx:, :x\n,::::::::::::::::::::::::::::::::::::::::::::, :xxxxx, :xx, :x: :xxx,,:xx,:xx:,:xx, ,,,,,,,,,xxx, ,xx: :xx:xx: ,xxx,:xx::x\n,::::::,,::::::::,,::::::::,,:::::::,,,::::::, :x:,xxx: ,xx, :xx :xx: ,xx,xxxxxx:, ,xxxxxxx:,xxx:, ,xxx, :xxx: ,xxx, :xxxx\n,::::, ,::::, ,:::::, ,,::::, ,::::, :x: ,:xx,,:xx::xxxx,,xxx::xx: :xx::::x: ,,,,,, ,xxxxxxxxx, ,xx: ,xxx, :xxx\n,::::, ,::::, ,::::, ,::::, ,::::, ,:, ,:, ,,::,,:, ,::::,, ,:::::, ,,:::::, ,, :x: ,::\n,::::, ,::::, ,::::, ,::::, ,::::,\n ,,,,, ,::::, ,::::, ,::::, ,:::, ,,,,,,,,,,,,,\n ,::::, ,::::, ,::::, ,:::, ,,,:::::::::::::::,\n ,::::, ,::::, ,::::, ,::::, ,,,,:::::::::,,,,,,,:::,\n ,::::, ,::::, ,::::, ,::::::::::::,,,,,\n ,,,, ,::::, ,,,, ,,,::::,,,,\n ,::::,\n ,,::,\n\nThanks for choosing Kube-OVN!\nFor more advanced features, please read https://github.com/kubeovn/kube-ovn#documents\nIf you have any question, please file an issue https://github.com/kubeovn/kube-ovn/issues/new/choose\n2022-08-10T16:31:34 info succeeded in creating a new cluster, enjoy it!\n2022-08-10T16:31:34 info\n ___ ___ ___ ___ ___ ___\n /\\ \\ /\\ \\ /\\ \\ /\\__\\ /\\ \\ /\\ \\\n /::\\ \\ /::\\ \\ /::\\ \\ /:/ / /::\\ \\ /::\\ \\\n /:/\\ \\ \\ /:/\\:\\ \\ /:/\\:\\ \\ /:/ / /:/\\:\\ \\ /:/\\ \\ \\\n _\\:\\~\\ \\ \\ /::\\~\\:\\ \\ /::\\~\\:\\ \\ /:/ / /:/ \\:\\ \\ _\\:\\~\\ \\ \\\n /\\ \\:\\ \\ \\__\\ /:/\\:\\ \\:\\__\\ /:/\\:\\ \\:\\__\\ /:/__/ /:/__/ \\:\\__\\ /\\ \\:\\ \\ \\__\\\n \\:\\ \\:\\ \\/__/ \\:\\~\\:\\ \\/__/ \\/__\\:\\/:/ / \\:\\ \\ \\:\\ \\ /:/ / \\:\\ \\:\\ \\/__/\n \\:\\ \\:\\__\\ \\:\\ \\:\\__\\ \\::/ / \\:\\ \\ \\:\\ /:/ / \\:\\ \\:\\__\\\n \\:\\/:/ / \\:\\ \\/__/ /:/ / \\:\\ \\ \\:\\/:/ / \\:\\/:/ /\n \\::/ / \\:\\__\\ /:/ / \\:\\__\\ \\::/ / \\::/ /\n \\/__/ \\/__/ \\/__/ \\/__/ \\/__/ \\/__/\n\n Website :https://www.sealos.io/\n Address :github.com/labring/sealos\n```\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/start/underlay/","title":"Underlay Installation","text":"By default, the default subnet uses Geneve to encapsulate cross-host traffic, and build an overlay network on top of the infrastructure.
For the case that you want the container network to use the physical network address directly, you can set the default subnet of Kube-OVN to work in Underlay mode, which can directly assign the address resources in the physical network to the containers, achieving better performance and connectivity with the physical network.
"},{"location":"en/start/underlay/#limitation","title":"Limitation","text":"Since the container network in this mode uses physical network directly for L2 packet forwarding, L3 functions such as SNAT/EIP, distributed gateway/centralized gateway in Overlay mode cannot be used. VPC level isolation is also not available for underlay subnet.
"},{"location":"en/start/underlay/#comparison-with-macvlan","title":"Comparison with Macvlan","text":"The Underlay mode of Kube-OVN is very similar to the Macvlan, with the following major differences in functionality and performance:
- Macvlan performs better in terms of throughput and latency performance metrics due to its shorter kernel path and the fact that it does not require OVS for packet processing.
- Kube-OVN provides arp-proxy functionality through flow tables to mitigate the risk of arp broadcast storms on large-scale networks.
- Since Macvlan works at the bottom of the kernel and bypasses the host netfilter, Service and NetworkPolicy functionality requires additional development. Kube-OVN provides Service and NetworkPolicy capabilities through the OVS flow table.
- Kube-OVN Underlay mode provides additional features such as address management, fixed IP and QoS compared to Macvlan.
"},{"location":"en/start/underlay/#environment-requirements","title":"Environment Requirements","text":"In Underlay mode, the OVS will bridge a node NIC to the OVS bridge and send packets directly through that node NIC, relying on the underlying network devices for L2/L3 level forwarding capabilities. You need to configure the corresponding gateway, Vlan and security policy in the underlying network device in advance.
- For OpenStack VM environments, you need to turn off
PortSecurity on the corresponding network port. - For VMware vSwitch networks,
MAC Address Changes, Forged Transmits and Promiscuous Mode Operation should be set to allow. - For Hyper-V virtualization,
MAC Address Spoofing should be enabled in VM nic advanced features. - Public clouds, such as AWS, GCE, AliCloud, etc., do not support user-defined Mac, so they cannot support Underlay mode network. In this scenario, if you want to use Underlay, it is recommended to use the VPC-CNI provided by the corresponding public cloud vendor..
- The network interface that is bridged into ovs can not be type of Linux Bridge.
For management and container networks using the same NIC, Kube-OVN will transfer the NIC's Mac address, IP address, route, and MTU to the corresponding OVS Bridge to support single NIC deployment of Underlay networks. OVS Bridge name format is br-PROVIDER_NAME\uff0cPROVIDER_NAME is the name of ProviderNetwork (Default: provider).
"},{"location":"en/start/underlay/#specify-network-mode-when-deploying","title":"Specify Network Mode When Deploying","text":"This deployment mode sets the default subnet to Underlay mode, and all Pods with no subnet specified will run in the Underlay network by default.
"},{"location":"en/start/underlay/#download-script","title":"Download Script","text":"wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
"},{"location":"en/start/underlay/#modify-configuration-options","title":"Modify Configuration Options","text":"ENABLE_ARP_DETECT_IP_CONFLICT # disable vlan arp conflict detection if necessary\nNETWORK_TYPE # set to vlan\nVLAN_INTERFACE_NAME # set to the NIC that carries the Underlay traffic, e.g. eth1\nVLAN_ID # The VLAN Tag need to be added\uff0cif set 0 no vlan tag will be added\nPOD_CIDR # The Underlay network CIDR\uff0c e.g. 192.168.1.0/24\nPOD_GATEWAY # Underlay physic gateway address, e.g. 192.168.1.1\nEXCLUDE_IPS # Exclude ranges to avoid conflicts between container network and IPs already in use on the physical network, e.g. 192.168.1.1..192.168.1.100\nENABLE_LB # If Underlay Subnet needs to visit Service set it to true\nEXCHANGE_LINK_NAME # If swap the names of the OVS bridge and the bridge interface under the default provider-network. Default to false.\nLS_DNAT_MOD_DL_DST # If DNAT translate MAC addresses to accelerate service access. Default to true.\n
"},{"location":"en/start/underlay/#run-the-script","title":"Run the Script","text":"bash install.sh\n
"},{"location":"en/start/underlay/#dynamically-create-underlay-networks-via-crd","title":"Dynamically Create Underlay Networks via CRD","text":"This approach dynamically creates an Underlay subnet that Pod can use after installation.
"},{"location":"en/start/underlay/#create-providernetwork","title":"Create ProviderNetwork","text":"ProviderNetwork provides the abstraction of host NIC to physical network mapping, unifies the management of NICs belonging to the same network, and solves the configuration problems in complex environments with multiple NICs on the same machine, inconsistent NIC names and inconsistent corresponding Underlay networks.
Create ProviderNetwork as below:
apiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: net1\nspec:\n defaultInterface: eth1\n customInterfaces:\n - interface: eth2\n nodes:\n - node1\n excludeNodes:\n - node2\n
Note: The length of the ProviderNetwork resource name must not exceed 12.
defaultInterface: The default node NIC name. When the ProviderNetwork is successfully created, an OVS bridge named br-net1 (in the format br-NAME) is created in each node (except excludeNodes) and the specified node NIC is bridged to this bridge.customInterfaces: Optionally, you can specify the NIC to be used for a specific node.excludeNodes: Optional, to specify nodes that do not bridge the NIC. Nodes in this list will be added with the net1.provider-network.ovn.kubernetes.io/exclude=true tag.
Other nodes will be added with the following tags:
Key Value Description net1.provider-network.ovn.kubernetes.io/ready true bridge work finished, ProviderNetwork is ready on this node net1.provider-network.ovn.kubernetes.io/interface eth1 The name of the bridged NIC in the node. net1.provider-network.ovn.kubernetes.io/mtu 1500 MTU of bridged NIC in node If an IP has been configured on the node NIC, the IP address and the route on the NIC are transferred to the corresponding OVS bridge.
"},{"location":"en/start/underlay/#create-vlan","title":"Create VLAN","text":"Vlan provides an abstraction to bind Vlan Tag and ProviderNetwork.
Create a VLAN as below:
apiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan1\nspec:\n id: 0\n provider: net1\n
id: VLAN ID/Tag\uff0cKube-OVN will add this Vlan tag to traffic, if set 0, no tag is added.provider: The name of ProviderNetwork. Multiple VLAN can use a same ProviderNetwork.
"},{"location":"en/start/underlay/#create-subnet","title":"Create Subnet","text":"Bind Vlan to a Subnet as below\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n vlan: vlan1\n
Simply specify the value of vlan as the name of the VLAN to be used. Multiple subnets can refer to the same VLAN.
"},{"location":"en/start/underlay/#create-pod","title":"Create Pod","text":"You can create containers in the normal way, check whether the container IP is in the specified range and whether the container can interoperate with the physical network.
For fixed IP requirements, please refer to Fixed Addresses
"},{"location":"en/start/underlay/#logical-gateway","title":"Logical Gateway","text":"For cases where no gateway exists in the physical network, Kube-OVN supports the use of logical gateways configured in the subnet in Underlay mode. To use this feature, set spec.logicalGateway to true for the subnet:
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n vlan: vlan1\n logicalGateway: true\n
When this feature is turned on, the Pod does not use an external gateway, but a Logical Router created by Kube-OVN to forward cross-subnet communication.
"},{"location":"en/start/underlay/#interconnection-of-underlay-and-overlay-networks","title":"Interconnection of Underlay and Overlay Networks","text":"If a cluster has both Underlay and Overlay subnets, by default, Pods in the Overlay subnet can access the Pod IPs in the Underlay subnet via a gateway using NAT. From the perspective of Pods in the Underlay subnet, the addresses in the Overlay subnet are external, and require the underlying physical device to forward, but the underlying physical device does not know the addresses in the Overlay subnet and cannot forward. Therefore, Pods in the Underlay subnet cannot access Pods in the Overlay subnet directly via Pod IPs.
If you need to enable communication between Underlay and Overlay networks, you need to set the u2oInterconnection of the subnet to true. In this case, Kube-OVN will use an additional Underlay IP to connect the Underlay subnet and the ovn-cluster logical router, and set the corresponding routing rules to enable communication. Unlike the logical gateway, this solution only connects the Underlay and Overlay subnets within Kube-OVN, and other traffic accessing the Internet will still be forwarded through the physical gateway.
"},{"location":"en/start/underlay/#specify-logical-gateway-ip","title":"Specify logical gateway IP","text":"After the interworking function is enabled, an IP from the subnet will be randomly selected as the logical gateway. If you need to specify the logical gateway of the Underlay Subnet, you can specify the field u2oInterconnectionIP.
"},{"location":"en/start/underlay/#specify-custom-vpc-for-underlay-subnet-connection","title":"Specify custom VPC for Underlay Subnet connection","text":"By default, the Underlay Subnet will communicate with the Overlay Subnet on the default VPC. If you want to specify to communicate with a certain VPC, after setting u2oInterconnection to true, specify the subnet.spec.vpc field as the name of the VPC.
"},{"location":"en/start/underlay/#notice","title":"Notice","text":"If you have an IP address configured on the network card of the node you are using, and the operating system configures the network using Netplan (such as Ubuntu), it is recommended that you set the renderer of Netplan to NetworkManager and configure a static IP address for the node's network card (disable DHCP).
network:\n renderer: NetworkManager\n ethernets:\n eth0:\n dhcp4: no\n addresses:\n - 172.16.143.129/24\n version: 2\n
If you want to modify the IP or routing configuration of the network card, you need to execute the following commands after modifying the Netplan configuration:
netplan generate\n\nnmcli connection reload netplan-eth0\nnmcli device set eth0 managed yes\n
After executing the above commands, Kube-OVN will transfer the IP and routing from the network card to the OVS bridge.
If your operating system manages the network using NetworkManager (such as CentOS), you need to execute the following command after modifying the network card configuration:
nmcli connection reload eth0\nnmcli device set eth0 managed yes\nnmcli -t -f GENERAL.STATE device show eth0 | grep -qw unmanaged || nmcli device reapply eth0\n
Notice\uff1aIf the host nic's MAC is changed, Kube-OVN will not change the OVS bridge's MAC unless kube-ovn-cni is restarted.
"},{"location":"en/start/underlay/#known-issues","title":"Known Issues","text":""},{"location":"en/start/underlay/#when-the-physical-network-is-enabled-with-hairpin-pod-network-is-abnormal","title":"When the physical network is enabled with hairpin, Pod network is abnormal","text":"When physical networks enable hairpin or similar behaviors, problems such as gateway check failure when creating Pods and abnormal network communication of Pods may occur. This is because the default MAC learning function of OVS bridge does not support this kind of network environment.
To solve this problem, it is necessary to turn off hairpin (or modify the relevant configuration of physical network), or update the Kube-OVN version.
"},{"location":"en/start/underlay/#when-there-are-a-large-number-of-pods-gateway-check-for-new-pods-fails","title":"When there are a large number of Pods, gateway check for new Pods fails","text":"If there are a large number of Pods running on the same node (more than 300), it may cause packet loss due to the OVS flow table resubmit times exceeding the upper limit of ARP broadcast packets.
2022-11-13T08:43:46.782Z|00222|ofproto_dpif_upcall(handler5)|WARN|Flow: arp,in_port=331,vlan_tci=0x0000,dl_src=00:00:00:25:eb:39,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.213.131.240,arp_tpa=10.213.159.254,arp_op=1,arp_sha=00:00:00:25:eb:39,arp_tha=ff:ff:ff:ff:ff:ff\n\nbridge(\"br-int\")\n----------------\n 0. No match.\n >>>> received packet on unknown port 331 <<<<\n drop\n\nFinal flow: unchanged\nMegaflow: recirc_id=0,eth,arp,in_port=331,dl_src=00:00:00:25:eb:39\nDatapath actions: drop\n2022-11-13T08:44:34.077Z|00224|ofproto_dpif_xlate(handler5)|WARN|over 4096 resubmit actions on bridge br-int while processing arp,in_port=13483,vlan_tci=0x0000,dl_src=00:00:00:59:ef:13,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.213.152.3,arp_tpa=10.213.159.254,arp_op=1,arp_sha=00:00:00:59:ef:13,arp_tha=ff:ff:ff:ff:ff:ff\n
To solve this issue, modify the OVN NB option bcast_arp_req_flood to false:
kubectl ko nbctl set NB_Global . options:bcast_arp_req_flood=false\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"en/start/uninstall/","title":"Uninstall","text":"If you need to remove the Kube-OVN and replace it with another network plugin, please follow the steps below to remove all the corresponding Kube-OVN component and OVS configuration to avoid interference with other network plugins.
Feel free to contact us with an Issue to give us feedback on why you don't use Kube-OVN to help us improve it.
"},{"location":"en/start/uninstall/#delete-resource-in-kubernetes","title":"Delete Resource in Kubernetes","text":"Download and run the script below to delete resource created in Kubernetes:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/cleanup.sh\nbash cleanup.sh\n
"},{"location":"en/start/uninstall/#cleanup-config-and-logs-on-every-node","title":"Cleanup Config and Logs on Every Node","text":"Run the following commands on each node to clean up the configuration retained by ovsdb and openvswitch:
rm -rf /var/run/openvswitch\nrm -rf /var/run/ovn\nrm -rf /etc/origin/openvswitch/\nrm -rf /etc/origin/ovn/\nrm -rf /etc/cni/net.d/00-kube-ovn.conflist\nrm -rf /etc/cni/net.d/01-kube-ovn.conflist\nrm -rf /var/log/openvswitch\nrm -rf /var/log/ovn\nrm -fr /var/log/kube-ovn\n
"},{"location":"en/start/uninstall/#reboot-node","title":"Reboot Node","text":"Reboot the machine to ensure that the corresponding NIC information and iptable/ipset rules are cleared to avoid the interference with other network plugins:
reboot\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"","title":"Kube-OVN","text":"Kube-OVN \u200b\u662f\u200b\u4e00\u6b3e\u200b CNCF \u200b\u65d7\u4e0b\u200b\u7684\u200b\u4f01\u4e1a\u7ea7\u200b\u4e91\u200b\u539f\u751f\u200b\u7f51\u7edc\u200b\u7f16\u6392\u200b\u7cfb\u7edf\u200b\uff0c\u200b\u5c06\u200b SDN \u200b\u7684\u200b\u80fd\u529b\u200b\u548c\u200b\u4e91\u200b\u539f\u751f\u200b\u7ed3\u5408\u200b\uff0c \u200b\u63d0\u4f9b\u200b\u4e30\u5bcc\u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u6781\u81f4\u200b\u7684\u200b\u6027\u80fd\u200b\u4ee5\u53ca\u200b\u826f\u597d\u200b\u7684\u200b\u53ef\u200b\u8fd0\u7ef4\u6027\u200b\u3002
\u200b\u4e30\u5bcc\u200b\u7684\u200b\u529f\u80fd\u200b\uff1a
\u200b\u5982\u679c\u200b\u4f60\u200b\u6000\u5ff5\u200b SDN \u200b\u9886\u57df\u200b\u4e30\u5bcc\u200b\u7684\u200b\u7f51\u7edc\u200b\u80fd\u529b\u200b\u5374\u200b\u5728\u200b\u4e91\u200b\u539f\u751f\u200b\u9886\u57df\u200b\u82e6\u82e6\u200b\u8ffd\u5bfb\u200b\u800c\u200b\u4e0d\u5f97\u200b\uff0c\u200b\u90a3\u4e48\u200b Kube-OVN \u200b\u5c06\u200b\u662f\u200b\u4f60\u200b\u7684\u200b\u6700\u4f73\u200b\u9009\u62e9\u200b\u3002
\u200b\u501f\u52a9\u200b OVS/OVN \u200b\u5728\u200b SDN \u200b\u9886\u57df\u200b\u6210\u719f\u200b\u7684\u200b\u80fd\u529b\u200b\uff0cKube-OVN \u200b\u5c06\u200b\u7f51\u7edc\u200b\u865a\u62df\u5316\u200b\u7684\u200b\u4e30\u5bcc\u200b\u529f\u80fd\u200b\u5e26\u5165\u200b\u4e91\u200b\u539f\u751f\u200b\u9886\u57df\u200b\u3002\u200b\u76ee\u524d\u200b\u5df2\u200b\u652f\u6301\u200b\u5b50\u7f51\u200b\u7ba1\u7406\u200b\uff0c \u200b\u9759\u6001\u200b IP \u200b\u5206\u914d\u200b\uff0c\u200b\u5206\u5e03\u5f0f\u200b/\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0cUnderlay/Overlay \u200b\u6df7\u5408\u200b\u7f51\u7edc\u200b\uff0c VPC \u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\uff0c\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u7f51\u7edc\u200b\uff0cQoS \u200b\u7ba1\u7406\u200b\uff0c \u200b\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406\u200b\uff0cACL \u200b\u7f51\u7edc\u200b\u63a7\u5236\u200b\uff0c\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\uff0cARM \u200b\u652f\u6301\u200b\uff0c Windows \u200b\u652f\u6301\u200b\u7b49\u200b\u8bf8\u591a\u200b\u529f\u80fd\u200b\u3002
\u200b\u6781\u81f4\u200b\u7684\u200b\u6027\u80fd\u200b\uff1a
\u200b\u5982\u679c\u200b\u4f60\u200b\u62c5\u5fc3\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u4f1a\u200b\u5e26\u6765\u200b\u989d\u5916\u200b\u7684\u200b\u6027\u80fd\u200b\u635f\u8017\u200b\uff0c\u200b\u90a3\u4e48\u200b\u6765\u770b\u200b\u4e00\u4e0b\u200b Kube-OVN \u200b\u662f\u200b\u5982\u4f55\u200b\u6781\u81f4\u200b\u7684\u200b\u4f18\u5316\u200b\u6027\u80fd\u200b\u3002
\u200b\u5728\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\uff0c\u200b\u901a\u8fc7\u200b\u4e00\u7cfb\u5217\u200b\u5bf9\u6d41\u200b\u8868\u200b\u548c\u200b\u5185\u6838\u200b\u7684\u200b\u7cbe\u5fc3\u200b\u4f18\u5316\u200b\uff0c\u200b\u5e76\u200b\u501f\u52a9\u200b eBPF\u3001DPDK\u3001\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b\u5378\u8f7d\u200b\u7b49\u200b\u65b0\u5174\u200b\u6280\u672f\u200b\uff0c Kube-OVN \u200b\u53ef\u4ee5\u200b\u5728\u200b\u5ef6\u8fdf\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u7b49\u200b\u65b9\u9762\u200b\u7684\u200b\u6307\u6807\u200b\u8fbe\u5230\u200b\u8fd1\u4f3c\u200b\u6216\u200b\u8d85\u51fa\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u6027\u80fd\u200b\u7684\u200b\u6c34\u5e73\u200b\u3002\u200b\u5728\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\uff0c\u200b\u901a\u8fc7\u200b\u5bf9\u200b OVN \u200b\u4e0a\u6e38\u200b\u6d41\u8868\u200b\u7684\u200b\u88c1\u526a\u200b\uff0c \u200b\u5404\u79cd\u200b\u7f13\u5b58\u200b\u6280\u672f\u200b\u7684\u200b\u4f7f\u7528\u200b\u548c\u200b\u8c03\u4f18\u200b\uff0cKube-OVN \u200b\u53ef\u4ee5\u200b\u652f\u6301\u200b\u5927\u89c4\u6a21\u200b\u4e0a\u5343\u200b\u8282\u70b9\u200b\u548c\u200b\u4e0a\u4e07\u200b Pod \u200b\u7684\u200b\u96c6\u7fa4\u200b\u3002
\u200b\u6b64\u5916\u200b Kube-OVN \u200b\u8fd8\u200b\u5728\u200b\u4e0d\u65ad\u200b\u4f18\u5316\u200b CPU \u200b\u548c\u200b\u5185\u5b58\u200b\u7b49\u200b\u8d44\u6e90\u200b\u7684\u200b\u4f7f\u7528\u91cf\u200b\uff0c\u200b\u4ee5\u200b\u9002\u5e94\u200b\u8fb9\u7f18\u200b\u7b49\u200b\u8d44\u6e90\u200b\u6709\u9650\u200b\u573a\u666f\u200b\u3002
\u200b\u826f\u597d\u200b\u7684\u200b\u53ef\u200b\u8fd0\u7ef4\u6027\u200b\uff1a
\u200b\u5982\u679c\u200b\u4f60\u200b\u5bf9\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u8fd0\u7ef4\u200b\u5fc3\u5b58\u200b\u5fe7\u8651\u200b\uff0cKube-OVN \u200b\u5185\u7f6e\u200b\u4e86\u200b\u5927\u91cf\u200b\u7684\u200b\u5de5\u5177\u200b\u6765\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u7b80\u5316\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u3002
Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff0c\u200b\u5e2e\u52a9\u200b\u7528\u6237\u200b\u8fc5\u901f\u200b\u642d\u5efa\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u3002\u200b\u540c\u65f6\u200b\u5185\u7f6e\u200b\u7684\u200b\u4e30\u5bcc\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u548c\u200b Grafana \u200b\u9762\u677f\u200b\uff0c \u200b\u53ef\u200b\u5e2e\u52a9\u200b\u7528\u6237\u200b\u5efa\u7acb\u200b\u5b8c\u5584\u200b\u7684\u200b\u76d1\u63a7\u200b\u4f53\u7cfb\u200b\u3002\u200b\u5f3a\u5927\u200b\u7684\u200b\u547d\u4ee4\u884c\u200b\u5de5\u5177\u200b\u53ef\u4ee5\u200b\u7b80\u5316\u200b\u7528\u6237\u200b\u7684\u200b\u65e5\u5e38\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u3002\u200b\u901a\u8fc7\u200b\u548c\u200b Cilium \u200b\u7ed3\u5408\u200b\uff0c\u200b\u5229\u7528\u200b eBPF \u200b\u80fd\u529b\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b \u200b\u589e\u5f3a\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u7684\u200b\u53ef\u200b\u89c2\u6d4b\u200b\u6027\u200b\u3002 \u200b\u6b64\u5916\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u7684\u200b\u80fd\u529b\u200b\u53ef\u4ee5\u200b\u65b9\u4fbf\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b\u6d41\u91cf\u200b\u76d1\u63a7\u200b\uff0c\u200b\u5e76\u200b\u548c\u200b\u4f20\u7edf\u200b\u7684\u200b NPM \u200b\u7cfb\u7edf\u200b\u5bf9\u63a5\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"contact/","title":"\u8054\u7cfb\u65b9\u5f0f","text":"\u200b\u5173\u6ce8\u200b\u516c\u4f17\u200b\u53f7\u200b\u83b7\u5f97\u200b\u66f4\u200b\u591a\u200b\u6700\u65b0\u200b\u4fe1\u606f\u200b\uff0c\u200b\u8bf7\u200b\u626b\u63cf\u200b\u4e0b\u65b9\u200b\u4e8c\u7ef4\u7801\u200b:
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/","title":"\u4f7f\u7528\u200b eBPF \u200b\u52a0\u901f\u200b\u8282\u70b9\u200b\u5185\u200b TCP \u200b\u901a\u4fe1","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u8fb9\u7f18\u200b\u548c\u200b 5G \u200b\u7684\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u540c\u200b\u8282\u70b9\u200b\u5185\u200b\u7684\u200b Pod \u200b\u4e4b\u95f4\u200b\u4f1a\u200b\u8fdb\u884c\u200b\u5927\u91cf\u200b\u7684\u200b TCP \u200b\u901a\u4fe1\u200b\uff0c\u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b Intel \u200b\u5f00\u6e90\u200b\u7684\u200b istio-tcpip-bypass \u200b\u9879\u76ee\u200b\uff0cPod \u200b\u53ef\u4ee5\u200b\u501f\u52a9\u200b eBPF \u200b\u7684\u200b\u80fd\u529b\u200b\u7ed5\u8fc7\u200b\u4e3b\u673a\u200b\u7684\u200b TCP/IP \u200b\u534f\u8bae\u200b\u6808\u200b\uff0c\u200b\u76f4\u63a5\u200b\u8fdb\u884c\u200b socket \u200b\u901a\u4fe1\u200b\uff0c\u200b\u4ece\u800c\u200b\u5927\u5e45\u200b\u964d\u4f4e\u200b\u5ef6\u8fdf\u200b\u5e76\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_1","title":"\u57fa\u672c\u539f\u7406","text":"\u200b\u5728\u200b\u5f53\u524d\u200b\u7684\u200b\u5b9e\u73b0\u200b\u4e0b\u200b\uff0c\u200b\u540c\u200b\u4e3b\u673a\u200b\u7684\u200b\u4e24\u4e2a\u200b Pod \u200b\u8fdb\u884c\u200b TCP \u200b\u8fdb\u884c\u200b\u901a\u4fe1\u200b\u9700\u8981\u200b\u7ecf\u8fc7\u200b\u5927\u91cf\u200b\u7684\u200b\u7f51\u7edc\u200b\u6808\u200b\uff0c\u200b\u5305\u62ec\u200b TCP/IP, netfilter\uff0cOVS \u200b\u7b49\u200b\u5982\u4e0b\u200b\u56fe\u200b\u6240\u793a\u200b\uff1a
istio-tcpip-bypass \u200b\u63d2\u4ef6\u200b\u53ef\u4ee5\u200b\u81ea\u52a8\u200b\u5206\u6790\u200b\u5e76\u200b\u8bc6\u522b\u200b\u51fa\u540c\u200b\u4e3b\u673a\u200b\u5185\u200b\u7684\u200b TCP \u200b\u901a\u4fe1\u200b\uff0c\u200b\u5e76\u200b\u7ed5\u8fc7\u200b\u590d\u6742\u200b\u7684\u200b\u5185\u6838\u200b\u6808\u200b\u4ece\u800c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u8fdb\u884c\u200b socket \u200b\u95f4\u200b\u7684\u200b\u6570\u636e\u4f20\u8f93\u200b\uff0c \u200b\u6765\u200b\u964d\u4f4e\u200b\u7f51\u7edc\u200b\u6808\u200b\u5904\u7406\u200b\u5f00\u9500\u200b\uff0c\u200b\u5982\u4e0b\u200b\u56fe\u200b\u6240\u793a\u200b\uff1a
\u200b\u7531\u4e8e\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u53ef\u4ee5\u200b\u81ea\u52a8\u8bc6\u522b\u200b\u540c\u200b\u4e3b\u673a\u200b\u5185\u200b\u7684\u200b TCP \u200b\u901a\u4fe1\u200b\uff0c\u200b\u5e76\u200b\u8fdb\u884c\u200b\u4f18\u5316\u200b\u3002\u200b\u5728\u200b\u57fa\u4e8e\u200b\u4ee3\u7406\u200b\u6a21\u5f0f\u200b\u7684\u200b Service Mesh \u200b\u73af\u5883\u200b\u4e0b\u200b\uff0c\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u589e\u5f3a\u200b Service Mesh \u200b\u7684\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\u3002
\u200b\u66f4\u200b\u591a\u200b\u6280\u672f\u200b\u5b9e\u73b0\u200b\u7ec6\u8282\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Tanzu Service Mesh Acceleration using eBPF\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_2","title":"\u73af\u5883\u200b\u51c6\u5907","text":"eBPF \u200b\u5bf9\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u6709\u200b\u4e00\u5b9a\u200b\u8981\u6c42\u200b\uff0c\u200b\u63a8\u8350\u200b\u4f7f\u7528\u200b Ubuntu 20.04 \u200b\u548c\u200b Linux 5.4.0-74-generic \u200b\u7248\u672c\u200b\u5185\u6838\u200b\u8fdb\u884c\u200b\u5b9e\u9a8c\u200b\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_3","title":"\u5b9e\u9a8c\u200b\u6b65\u9aa4","text":"\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u90e8\u7f72\u200b\u4e24\u4e2a\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b Pod\uff0c\u200b\u82e5\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5b58\u5728\u200b\u591a\u53f0\u200b\u673a\u5668\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b nodeSelector\uff1a
# kubectl create deployment perf --image=kubeovn/perf:dev --replicas=2\ndeployment.apps/perf created\n# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nperf-7697bc6ddf-b2cpv 1/1 Running 0 28s 100.64.0.3 sealos <none> <none>\nperf-7697bc6ddf-p2xpt 1/1 Running 0 28s 100.64.0.2 sealos <none> <none>\n
\u200b\u8fdb\u5165\u200b\u5176\u4e2d\u200b\u4e00\u4e2a\u200b Pod \u200b\u5f00\u542f\u200b qperf server\uff0c\u200b\u5728\u200b\u53e6\u200b\u4e00\u4e2a\u200b Pod \u200b\u4e2d\u200b\u542f\u52a8\u200b qperf client \u200b\u8fdb\u884c\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\uff1a
# kubectl exec -it perf-7697bc6ddf-b2cpv sh\n/ # qperf\n\n# kubectl exec -it perf-7697bc6ddf-p2xpt sh\n/ # qperf -t 60 100.64.0.3 -ub -oo msg_size:1:16K:*4 -vu tcp_lat tcp_bw\n
\u200b\u90e8\u7f72\u200b istio-tcpip-bypass \u200b\u63d2\u4ef6\u200b\uff1a
kubectl apply -f https://raw.githubusercontent.com/intel/istio-tcpip-bypass/main/bypass-tcpip-daemonset.yaml\n
\u200b\u518d\u6b21\u200b\u8fdb\u5165\u200b perf client \u200b\u5bb9\u5668\u200b\u8fdb\u884c\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\uff1a
# kubectl exec -it perf-7697bc6ddf-p2xpt sh\n/ # qperf -t 60 100.64.0.3 -ub -oo msg_size:1:16K:*4 -vu tcp_lat tcp_bw\n
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_4","title":"\u6d4b\u8bd5\u200b\u7ed3\u679c","text":"\u200b\u6839\u636e\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b TCP \u200b\u5ef6\u8fdf\u200b\u5728\u200b\u4e0d\u540c\u200b\u6570\u636e\u5305\u200b\u5927\u5c0f\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u4f1a\u200b\u6709\u200b 40% ~ 60% \u200b\u7684\u200b\u5ef6\u8fdf\u200b\u4e0b\u964d\u200b\uff0c\u200b\u5728\u200b\u6570\u636e\u5305\u200b\u5927\u4e8e\u200b 1024 \u200b\u5b57\u8282\u200b\u65f6\u200b\u541e\u5410\u91cf\u200b\u4f1a\u200b\u6709\u200b 40% ~ 80% \u200b\u63d0\u5347\u200b\u3002
Packet Size (byte) eBPF tcp_lat (us) Default tcp_lat (us) eBPF tcp_bw (Mb/s) Default tcp_bw(Mb/s) 1 20.2 44.5 1.36 4.27 4 20.2 48.7 5.48 16.7 16 19.6 41.6 21.7 63.5 64 18.8 41.3 96.8 201 256 19.2 36 395 539 1024 18.3 42.4 1360 846 4096 16.5 62.6 4460 2430 16384 20.2 58.8 9600 6900 \u200b\u5728\u200b\u6d4b\u8bd5\u200b\u7684\u200b\u786c\u4ef6\u200b\u73af\u5883\u200b\u4e0b\u200b\uff0c\u200b\u6570\u636e\u5305\u200b\u5c0f\u4e8e\u200b 512 \u200b\u5b57\u8282\u200b\u65f6\u200b\uff0c\u200b\u4f7f\u7528\u200b eBPF \u200b\u4f18\u5316\u200b\u541e\u5410\u91cf\u200b\u6307\u6807\u200b\u4f1a\u200b\u4f4e\u4e8e\u200b\u9ed8\u8ba4\u200b\u914d\u7f6e\u200b\u4e0b\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u3002 \u200b\u8be5\u200b\u60c5\u51b5\u200b\u53ef\u80fd\u200b\u548c\u200b\u9ed8\u8ba4\u200b\u914d\u7f6e\u200b\u4e0b\u200b\u7f51\u5361\u200b\u5f00\u542f\u200b TCP \u200b\u805a\u5408\u200b\u4f18\u5316\u200b\u76f8\u5173\u200b\u3002\u200b\u5982\u679c\u200b\u5e94\u7528\u200b\u573a\u666f\u200b\u5bf9\u200b\u5c0f\u5305\u200b\u541e\u5410\u91cf\u200b\u654f\u611f\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u76f8\u5e94\u200b\u73af\u5883\u200b\u4e0b\u200b \u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b\u5224\u65ad\u200b\u662f\u5426\u200b\u5f00\u542f\u200b eBPF \u200b\u4f18\u5316\u200b\u3002\u200b\u6211\u4eec\u200b\u4e5f\u200b\u4f1a\u200b\u540e\u7eed\u200b\u5bf9\u200b eBPF TCP \u200b\u5c0f\u5305\u200b\u573a\u666f\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u8fdb\u884c\u200b\u4f18\u5316\u200b\u3002
"},{"location":"advance/accelerate-intra-node-tcp-with-ebpf/#_5","title":"\u53c2\u8003\u8d44\u6599","text":" - istio-tcpip-bypass
- Deep Dive TCP/IP Bypass with eBPF in Service Mesh
- Tanzu Service Mesh Acceleration using eBPF
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/cilium-hubble-observe/","title":"Cilium \u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b","text":"Kube-OVN \u200b\u5f53\u524d\u200b\u5df2\u7ecf\u200b\u652f\u6301\u200b\u4e0e\u200b Cilium \u200b\u96c6\u6210\u200b\uff0c\u200b\u5177\u4f53\u64cd\u4f5c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Cilium \u200b\u96c6\u6210\u200b\u3002
Cilium \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e30\u5bcc\u200b\u7684\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u80fd\u529b\u200b\uff0c\u200b\u6d41\u91cf\u200b\u53ef\u200b\u89c2\u6d4b\u200b\u6027\u662f\u200b\u7531\u200b Hubble \u200b\u63d0\u4f9b\u200b\u7684\u200b\u3002Hubble \u200b\u53ef\u4ee5\u200b\u89c2\u5bdf\u200b\u8282\u70b9\u200b\u3001\u200b\u96c6\u7fa4\u200b\u751a\u81f3\u200b\u591a\u200b\u96c6\u7fa4\u200b\u573a\u666f\u200b\u4e0b\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u7684\u200b\u6d41\u91cf\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#hubble","title":"\u5b89\u88c5\u200b Hubble","text":"\u200b\u9ed8\u8ba4\u200b\u7684\u200b Cilium \u200b\u96c6\u6210\u200b\u5b89\u88c5\u200b\u4e2d\u200b\uff0c\u200b\u5e76\u200b\u6ca1\u6709\u200b\u5b89\u88c5\u200b Hubble \u200b\u76f8\u5173\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u56e0\u6b64\u200b\u8981\u200b\u652f\u6301\u200b\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\uff0c\u200b\u9700\u8981\u200b\u5148\u200b\u5728\u200b\u73af\u5883\u200b\u4e0a\u200b\u8865\u5145\u200b\u5b89\u88c5\u200b Hubble\u3002
\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u4f7f\u7528\u200b helm \u200b\u5b89\u88c5\u200b Hubble\uff1a
helm upgrade cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --reuse-values \\\n --set hubble.relay.enabled=true \\\n --set hubble.ui.enabled=true\n
\u200b\u8865\u5145\u200b\u5b89\u88c5\u200b Hubble \u200b\u4e4b\u540e\u200b\uff0c\u200b\u6267\u884c\u200b cilium status \u200b\u67e5\u770b\u200b\u7ec4\u4ef6\u200b\u72b6\u6001\u200b\uff0c\u200b\u786e\u8ba4\u200b Hubble \u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\u3002
# cilium status\n /\u00af\u00af\\\n /\u00af\u00af\\__/\u00af\u00af\\ Cilium: OK\n \\__/\u00af\u00af\\__/ Operator: OK\n /\u00af\u00af\\__/\u00af\u00af\\ Hubble: OK\n \\__/\u00af\u00af\\__/ ClusterMesh: disabled\n \\__/\n\nDeployment hubble-relay Desired: 1, Ready: 1/1, Available: 1/1\nDeployment cilium-operator Desired: 2, Ready: 2/2, Available: 2/2\nDaemonSet cilium Desired: 2, Ready: 2/2, Available: 2/2\nDeployment hubble-ui Desired: 1, Ready: 1/1, Available: 1/1\nContainers: cilium Running: 2\n hubble-ui Running: 1\n hubble-relay Running: 1\n cilium-operator Running: 2\nCluster Pods: 16/17 managed by Cilium\nImage versions hubble-relay quay.io/cilium/hubble-relay:v1.11.6@sha256:fd9034a2d04d5b973f1e8ed44f230ea195b89c37955ff32e34e5aa68f3ed675a: 1\n cilium-operator quay.io/cilium/operator-generic:v1.11.6@sha256:9f6063c7bcaede801a39315ec7c166309f6a6783e98665f6693939cf1701bc17: 2\n cilium quay.io/cilium/cilium:v1.11.6@sha256:f7f93c26739b6641a3fa3d76b1e1605b15989f25d06625260099e01c8243f54c: 2\n hubble-ui quay.io/cilium/hubble-ui:v0.9.0@sha256:0ef04e9a29212925da6bdfd0ba5b581765e41a01f1cc30563cef9b30b457fea0: 1\n hubble-ui quay.io/cilium/hubble-ui-backend:v0.9.0@sha256:000df6b76719f607a9edefb9af94dfd1811a6f1b6a8a9c537cba90bf12df474b: 1\napple@bogon cilium %\n
\u200b\u5b89\u88c5\u200b Hubble \u200b\u7ec4\u4ef6\u200b\u4e4b\u540e\u200b\uff0c\u200b\u9700\u8981\u200b\u5b89\u88c5\u200b\u547d\u4ee4\u884c\u200b\uff0c\u200b\u7528\u4e8e\u200b\u5728\u200b\u73af\u5883\u200b\u4e0a\u200b\u67e5\u770b\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002 \u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u5b89\u88c5\u200b Hubble CLI :
curl -L --fail --remote-name-all https://github.com/cilium/hubble/releases/download/v0.10.0/hubble-linux-amd64.tar.gz\nsudo tar xzvfC hubble-linux-amd64.tar.gz /usr/local/bin\n
"},{"location":"advance/cilium-hubble-observe/#_1","title":"\u90e8\u7f72\u200b\u6d4b\u8bd5\u200b\u4e1a\u52a1","text":"Cilium \u200b\u5b98\u65b9\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u4e2a\u200b\u6d41\u91cf\u200b\u6d4b\u8bd5\u200b\u7684\u200b\u90e8\u7f72\u200b\u65b9\u6848\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u5b98\u65b9\u200b\u90e8\u7f72\u200b\u7684\u200b\u4e1a\u52a1\u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b\u3002
\u200b\u6267\u884c\u547d\u4ee4\u200b cilium connectivity test\uff0cCilium \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u521b\u5efa\u200b cilium-test \u200b\u7684\u200b Namespace\uff0c\u200b\u540c\u65f6\u200b\u5728\u200b cilium-test \u200b\u4e0b\u200b\u90e8\u7f72\u200b\u6d4b\u8bd5\u200b\u4e1a\u52a1\u200b\u3002
\u200b\u6b63\u5e38\u200b\u90e8\u7f72\u200b\u5b8c\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b cilium-test namespace \u200b\u4e0b\u200b\u7684\u200b\u8d44\u6e90\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b\uff1a
# kubectl get all -n cilium-test\nNAME READY STATUS RESTARTS AGE\npod/client-7df6cfbf7b-z5t2j 1/1 Running 0 21s\npod/client2-547996d7d8-nvgxg 1/1 Running 0 21s\npod/echo-other-node-d79544ccf-hl4gg 2/2 Running 0 21s\npod/echo-same-node-5d466d5444-ml7tc 2/2 Running 0 21s\n\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nservice/echo-other-node NodePort 10.109.58.126 <none> 8080:32269/TCP 21s\nservice/echo-same-node NodePort 10.108.70.32 <none> 8080:32490/TCP 21s\n\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps/client 1/1 1 1 21s\ndeployment.apps/client2 1/1 1 1 21s\ndeployment.apps/echo-other-node 1/1 1 1 21s\ndeployment.apps/echo-same-node 1/1 1 1 21s\n\nNAME DESIRED CURRENT READY AGE\nreplicaset.apps/client-7df6cfbf7b 1 1 1 21s\nreplicaset.apps/client2-547996d7d8 1 1 1 21s\nreplicaset.apps/echo-other-node-d79544ccf 1 1 1 21s\nreplicaset.apps/echo-same-node-5d466d5444 1 1 1 21s\n
"},{"location":"advance/cilium-hubble-observe/#_2","title":"\u4f7f\u7528\u200b\u547d\u4ee4\u884c\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u89c2\u6d4b","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u4ec5\u200b\u63d0\u4f9b\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b Cilium \u200b\u4ee3\u7406\u200b\u89c2\u5bdf\u200b\u5230\u200b\u7684\u200b\u6d41\u91cf\u200b\u3002 \u200b\u53ef\u4ee5\u200b\u5728\u200b kube-system namespace \u200b\u4e0b\u200b\u7684\u200b Cilium \u200b\u4ee3\u7406\u200b pod \u200b\u4e2d\u200b\u6267\u884c\u200b hubble observe \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u770b\u200b\u8be5\u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002
# kubectl get pod -n kube-system -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\ncilium-d6h56 1/1 Running 0 2d20h 172.18.0.2 kube-ovn-worker <none> <none>\ncilium-operator-5887f78bbb-c7sb2 1/1 Running 0 2d20h 172.18.0.2 kube-ovn-worker <none> <none>\ncilium-operator-5887f78bbb-wj8gt 1/1 Running 0 2d20h 172.18.0.3 kube-ovn-control-plane <none> <none>\ncilium-tq5xb 1/1 Running 0 2d20h 172.18.0.3 kube-ovn-control-plane <none> <none>\nkube-ovn-pinger-7lgk8 1/1 Running 0 21h 10.16.0.19 kube-ovn-control-plane <none> <none>\nkube-ovn-pinger-msvcn 1/1 Running 0 21h 10.16.0.18 kube-ovn-worker <none> <none>\n\n# kubectl exec -it -n kube-system cilium-d6h56 -- bash\nroot@kube-ovn-worker:/home/cilium# hubble observe --from-namespace kube-system\nJul 29 03:24:25.551: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.561: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: RST)\nJul 29 03:24:25.561: kube-system/kube-ovn-pinger-msvcn:35576 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, RST)\nJul 29 03:24:25.572: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: SYN)\nJul 29 03:24:25.572: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.651: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.661: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: RST)\nJul 29 03:24:25.661: kube-system/kube-ovn-pinger-msvcn:35578 -> 172.18.0.3:6642 to-stack FORWARDED (TCP Flags: ACK, RST)\nJul 29 03:24:25.761: kube-system/kube-ovn-pinger-msvcn:52004 -> 172.18.0.3:6443 to-stack FORWARDED (TCP Flags: ACK, PSH)\nJul 29 03:24:25.779: kube-system/kube-ovn-pinger-msvcn -> kube-system/kube-ovn-pinger-7lgk8 to-stack FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:25.779: kube-system/kube-ovn-pinger-msvcn <- kube-system/kube-ovn-pinger-7lgk8 to-endpoint FORWARDED (ICMPv4 EchoReply)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 <- kube-system/hubble-relay-959988db5-zc5vv:4245 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 <- kube-system/hubble-relay-959988db5-zc5vv:80 to-endpoint FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 -> kube-system/hubble-relay-959988db5-zc5vv:4245 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.866: kube-system/hubble-ui-7596f7ff6f-7j6f2:55836 -> kube-system/hubble-relay-959988db5-zc5vv:4245 to-endpoint FORWARDED (TCP Flags: ACK)\nJul 29 03:24:25.975: kube-system/kube-ovn-pinger-7lgk8 -> kube-system/kube-ovn-pinger-msvcn to-endpoint FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:25.975: kube-system/kube-ovn-pinger-7lgk8 <- kube-system/kube-ovn-pinger-msvcn to-stack FORWARDED (ICMPv4 EchoReply)\nJul 29 03:24:25.979: kube-system/kube-ovn-pinger-msvcn -> 172.18.0.3 to-stack FORWARDED (ICMPv4 EchoRequest)\nJul 29 03:24:26.037: kube-system/coredns-6d4b75cb6d-lbgjg:36430 -> 172.18.0.3:6443 to-stack FORWARDED (TCP Flags: ACK)\nJul 29 03:24:26.282: kube-system/kube-ovn-pinger-msvcn -> 172.18.0.2 to-stack FORWARDED (ICMPv4 EchoRequest)\n
\u200b\u90e8\u7f72\u200b Hubble Relay \u200b\u540e\u200b\uff0cHubble \u200b\u53ef\u4ee5\u200b\u63d0\u4f9b\u200b\u5b8c\u6574\u200b\u7684\u200b\u96c6\u7fa4\u200b\u8303\u56f4\u200b\u7684\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#_3","title":"\u914d\u7f6e\u200b\u7aef\u53e3\u200b\u8f6c\u53d1","text":"\u200b\u4e3a\u4e86\u200b\u80fd\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b Hubble API\uff0c\u200b\u9700\u8981\u200b\u521b\u5efa\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u5c06\u200b\u672c\u5730\u200b\u8bf7\u6c42\u200b\u8f6c\u53d1\u200b\u5230\u200b Hubble Service\u3002\u200b\u53ef\u4ee5\u200b\u6267\u884c\u200b kubectl port-forward deployment/hubble-relay -n kube-system 4245:4245 \u200b\u547d\u4ee4\u200b\uff0c\u200b\u5728\u200b\u5f53\u524d\u200b\u7ec8\u7aef\u200b\u5f00\u542f\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u3002
\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b \u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u3002
kubectl port-forward \u200b\u547d\u4ee4\u200b\u4e0d\u4f1a\u200b\u8fd4\u56de\u200b\uff0c\u200b\u9700\u8981\u200b\u6253\u5f00\u200b\u53e6\u200b\u4e00\u4e2a\u200b\u7ec8\u7aef\u200b\u6765\u200b\u7ee7\u7eed\u200b\u6d4b\u8bd5\u200b\u3002
\u200b\u914d\u7f6e\u200b\u5b8c\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u4e4b\u540e\u200b\uff0c\u200b\u5728\u200b\u7ec8\u7aef\u200b\u6267\u884c\u200b hubble status \u200b\u547d\u4ee4\u200b\uff0c\u200b\u5982\u679c\u200b\u6709\u200b\u7c7b\u4f3c\u200b\u5982\u4e0b\u200b\u8f93\u51fa\u200b\uff0c\u200b\u5219\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u547d\u4ee4\u884c\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u89c2\u6d4b\u200b\u3002
# hubble status\nHealthcheck (via localhost:4245): Ok\nCurrent/Max Flows: 8,190/8,190 (100.00%)\nFlows/s: 22.86\nConnected Nodes: 2/2\n
"},{"location":"advance/cilium-hubble-observe/#_4","title":"\u547d\u4ee4\u884c\u200b\u89c2\u6d4b","text":"\u200b\u5728\u200b\u7ec8\u7aef\u200b\u4e0a\u200b\u6267\u884c\u200b hubble observe \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u770b\u200b\u96c6\u7fa4\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002 \u200b\u89c2\u6d4b\u200b\u5230\u200b\u7684\u200b cilium-test \u200b\u76f8\u5173\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u6d41\u91cf\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b\uff1a
\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u7684\u200b\u662f\u200b\uff0c hubble observe \u200b\u547d\u4ee4\u200b\u7684\u200b\u663e\u793a\u200b\u7ed3\u679c\u200b\uff0c\u200b\u662f\u200b\u5f53\u524d\u200b\u547d\u4ee4\u884c\u200b\u6267\u884c\u200b\u65f6\u200b\u67e5\u8be2\u200b\u5230\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002\u200b\u591a\u6b21\u200b\u6267\u884c\u547d\u4ee4\u200b\u884c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b\u5230\u200b\u4e0d\u540c\u200b\u7684\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002 \u200b\u66f4\u200b\u591a\u200b\u8be6\u7ec6\u200b\u7684\u200b\u89c2\u6d4b\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u6267\u884c\u200b hubble help observe \u200b\u547d\u4ee4\u200b\u67e5\u770b\u200b Hubble CLI \u200b\u7684\u200b\u8be6\u7ec6\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#ui","title":"\u4f7f\u7528\u200b UI \u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u89c2\u6d4b","text":"\u200b\u6267\u884c\u200b cilium status \u200b\u547d\u4ee4\u200b\uff0c\u200b\u786e\u8ba4\u200b Hubble UI \u200b\u5df2\u7ecf\u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\u3002\u200b\u5728\u200b\u7b2c\u4e8c\u6b65\u200b\u7684\u200b Hubble \u200b\u5b89\u88c5\u200b\u4e2d\u200b\uff0c\u200b\u5df2\u7ecf\u200b\u8865\u5145\u200b\u4e86\u200b UI \u200b\u7684\u200b\u5b89\u88c5\u200b\u3002
\u200b\u6267\u884c\u547d\u4ee4\u200b cilium hubble ui \u200b\u53ef\u4ee5\u200b\u81ea\u52a8\u200b\u521b\u5efa\u200b\u7aef\u53e3\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u5c06\u200b hubble-ui service \u200b\u6620\u5c04\u200b\u5230\u200b\u672c\u5730\u200b\u7aef\u53e3\u200b\u3002 \u200b\u6b63\u5e38\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u6267\u884c\u200b\u5b8c\u200b\u547d\u4ee4\u200b\u540e\u200b\uff0c\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u6253\u5f00\u200b\u672c\u5730\u200b\u7684\u200b\u6d4f\u89c8\u5668\u200b\uff0c\u200b\u8df3\u8f6c\u200b\u5230\u200b Hubble UI \u200b\u754c\u9762\u200b\u3002\u200b\u5982\u679c\u200b\u6ca1\u6709\u200b\u81ea\u52a8\u200b\u8df3\u8f6c\u200b\uff0c\u200b\u5728\u200b\u6d4f\u89c8\u5668\u200b\u4e2d\u200b\u8f93\u5165\u200b http://localhost:12000 \u200b\u6253\u5f00\u200b UI \u200b\u89c2\u5bdf\u200b\u754c\u9762\u200b\u3002
\u200b\u5728\u200b\u754c\u9762\u200b\u5de6\u4e0a\u89d2\u200b\uff0c\u200b\u9009\u62e9\u200b cilium-test namespace\uff0c\u200b\u67e5\u770b\u200b Cilium \u200b\u63d0\u4f9b\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u6d41\u91cf\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"advance/cilium-hubble-observe/#hubble_1","title":"Hubble \u200b\u6d41\u91cf\u200b\u76d1\u63a7","text":"Hubble \u200b\u7ec4\u4ef6\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u96c6\u7fa4\u200b\u4e2d\u200b Pod \u200b\u7f51\u7edc\u200b\u884c\u4e3a\u200b\u7684\u200b\u76d1\u63a7\u200b\uff0c\u200b\u4e3a\u4e86\u200b\u652f\u6301\u200b\u67e5\u770b\u200b Hubble \u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\uff0c\u200b\u9700\u8981\u200b\u4f7f\u80fd\u200b\u76d1\u63a7\u200b\u7edf\u8ba1\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u8865\u5145\u200b hubble.metrics.enabled \u200b\u914d\u7f6e\u200b\u9879\u200b:
helm upgrade cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --reuse-values \\\n --set hubble.relay.enabled=true \\\n --set hubble.ui.enabled=true \\\n --set hubble.metrics.enabled=\"{dns,drop,tcp,flow,icmp,http}\"\n
\u200b\u90e8\u7f72\u200b\u4e4b\u540e\u200b\uff0c\u200b\u4f1a\u200b\u5728\u200b kube-system namespace \u200b\u751f\u6210\u200b\u540d\u79f0\u200b\u4e3a\u200b hubble-metrics \u200b\u7684\u200b\u670d\u52a1\u200b\u3002\u200b\u901a\u8fc7\u200b\u8bbf\u95ee\u200b Endpoints \u200b\u67e5\u8be2\u200b Hubble \u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff0c\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b:
# curl 172.18.0.2:9091/metrics\n# HELP hubble_drop_total Number of drops\n# TYPE hubble_drop_total counter\nhubble_drop_total{protocol=\"ICMPv6\",reason=\"Unsupported L3 protocol\"} 2\n# HELP hubble_flows_processed_total Total number of flows processed\n# TYPE hubble_flows_processed_total counter\nhubble_flows_processed_total{protocol=\"ICMPv4\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 335\nhubble_flows_processed_total{protocol=\"ICMPv4\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 335\nhubble_flows_processed_total{protocol=\"ICMPv6\",subtype=\"\",type=\"Drop\",verdict=\"DROPPED\"} 2\nhubble_flows_processed_total{protocol=\"TCP\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 8282\nhubble_flows_processed_total{protocol=\"TCP\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 6767\nhubble_flows_processed_total{protocol=\"UDP\",subtype=\"to-endpoint\",type=\"Trace\",verdict=\"FORWARDED\"} 1642\nhubble_flows_processed_total{protocol=\"UDP\",subtype=\"to-stack\",type=\"Trace\",verdict=\"FORWARDED\"} 1642\n# HELP hubble_icmp_total Number of ICMP messages\n# TYPE hubble_icmp_total counter\nhubble_icmp_total{family=\"IPv4\",type=\"EchoReply\"} 335\nhubble_icmp_total{family=\"IPv4\",type=\"EchoRequest\"} 335\nhubble_icmp_total{family=\"IPv4\",type=\"RouterSolicitation\"} 2\n# HELP hubble_tcp_flags_total TCP flag occurrences\n# TYPE hubble_tcp_flags_total counter\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"FIN\"} 2043\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"RST\"} 301\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"SYN\"} 1169\nhubble_tcp_flags_total{family=\"IPv4\",flag=\"SYN-ACK\"} 1169\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/cilium-networkpolicy/","title":"Cilium NetworkPolicy \u200b\u652f\u6301","text":"Kube-OVN \u200b\u5f53\u524d\u200b\u5df2\u7ecf\u200b\u652f\u6301\u200b\u4e0e\u200b Cilium \u200b\u96c6\u6210\u200b\uff0c\u200b\u5177\u4f53\u64cd\u4f5c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Cilium \u200b\u96c6\u6210\u200b\u3002
\u200b\u5728\u200b\u96c6\u6210\u200b Cilium \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5c31\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b Cilium \u200b\u4f18\u79c0\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u80fd\u529b\u200b\uff0c\u200b\u5b9e\u73b0\u200b\u5bf9\u200b\u6d41\u91cf\u200b\u8bbf\u95ee\u200b\u7684\u200b\u63a7\u5236\u200b\u3002\u200b\u4ee5\u4e0b\u200b\u6587\u6863\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u5bf9\u200b Cilium L3 \u200b\u548c\u200b L4 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u80fd\u529b\u200b\u7684\u200b\u96c6\u6210\u200b\u9a8c\u8bc1\u200b\u3002
"},{"location":"advance/cilium-networkpolicy/#_1","title":"\u9a8c\u8bc1\u200b\u6b65\u9aa4","text":""},{"location":"advance/cilium-networkpolicy/#pod","title":"\u521b\u5efa\u200b\u6d4b\u8bd5\u200b Pod","text":"\u200b\u521b\u5efa\u200b namespace test\u3002\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u5728\u200b test namespace \u200b\u4e2d\u200b\u521b\u5efa\u200b\u6307\u5b9a\u200b label app=test \u200b\u7684\u200b Pod\uff0c\u200b\u4f5c\u4e3a\u200b\u6d4b\u8bd5\u200b\u8bbf\u95ee\u200b\u7684\u200b\u76ee\u7684\u200b Pod\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: test\n name: test\n namespace: test\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: test\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n labels:\n app: test\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n
\u200b\u540c\u6837\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u5728\u200b default namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b\u6307\u5b9a\u200b label app=dynamic \u200b\u7684\u200b Pod \u200b\u4e3a\u200b\u53d1\u8d77\u200b\u8bbf\u95ee\u200b\u6d4b\u8bd5\u200b\u7684\u200b Pod\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: dynamic\n name: dynamic\n namespace: default\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: dynamic\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: dynamic\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n
\u200b\u67e5\u770b\u200b\u6d4b\u8bd5\u200b Pod \u200b\u4ee5\u53ca\u200b Label \u200b\u4fe1\u606f\u200b:
# kubectl get pod -o wide --show-labels\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS\ndynamic-7d8d7874f5-9v5c4 1/1 Running 0 28h 10.16.0.35 kube-ovn-worker <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\ndynamic-7d8d7874f5-s8z2n 1/1 Running 0 28h 10.16.0.36 kube-ovn-control-plane <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\n# kubectl get pod -o wide -n test --show-labels\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS\ndynamic-7d8d7874f5-6dsg6 1/1 Running 0 7h20m 10.16.0.2 kube-ovn-control-plane <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\ndynamic-7d8d7874f5-tjgtp 1/1 Running 0 7h46m 10.16.0.42 kube-ovn-worker <none> <none> app=dynamic,pod-template-hash=7d8d7874f5\nlabel-test1-77b6764857-swq4k 1/1 Running 0 3h43m 10.16.0.12 kube-ovn-worker <none> <none> app=test1,pod-template-hash=77b6764857\n\n// \u200b\u4ee5\u4e0b\u200b\u4e3a\u200b\u6d4b\u8bd5\u200b\u8bbf\u95ee\u200b\u76ee\u7684\u200b Pod\ntest-54c98bc466-mft5s 1/1 Running 0 8h 10.16.0.41 kube-ovn-worker <none> <none> app=test,pod-template-hash=54c98bc466\n
"},{"location":"advance/cilium-networkpolicy/#l3","title":"L3 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b CiliumNetworkPolicy \u200b\u8d44\u6e90\u200b:
apiVersion: \"cilium.io/v2\"\nkind: CiliumNetworkPolicy\nmetadata:\n name: \"l3-rule\"\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n
\u200b\u5728\u200b default namespace \u200b\u4e0b\u200b\u7684\u200b\u6d4b\u8bd5\u200b Pod \u200b\u4e2d\u200b\uff0c\u200b\u53d1\u8d77\u200b\u5bf9\u200b\u76ee\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u7ed3\u679c\u200b\u8bbf\u95ee\u200b\u4e0d\u901a\u200b\u3002 \u200b\u4f46\u662f\u200b\u5728\u200b test namespace \u200b\u4e0b\u200b\uff0c\u200b\u6d4b\u8bd5\u200b\u5230\u200b\u76ee\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u6d4b\u8bd5\u200b\u6b63\u5e38\u200b\u3002
default namespace \u200b\u4e0b\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b:
# kubectl exec -it dynamic-7d8d7874f5-9v5c4 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\n
test namepsace \u200b\u4e0b\u200b Pod \u200b\u7684\u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u8bbf\u95ee\u200b\u6b63\u5e38\u200b:
# kubectl exec -it -n test dynamic-7d8d7874f5-6dsg6 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n64 bytes from 10.16.0.41: seq=0 ttl=64 time=2.558 ms\n64 bytes from 10.16.0.41: seq=1 ttl=64 time=0.223 ms\n64 bytes from 10.16.0.41: seq=2 ttl=64 time=0.304 ms\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.223/1.028/2.558 ms\n
\u200b\u67e5\u770b\u200b Cilium \u200b\u5b98\u65b9\u200b\u6587\u6863\u200b\u89e3\u91ca\u200b\uff0cCiliumNetworkPolicy \u200b\u8d44\u6e90\u200b\u5c06\u200b\u9650\u5236\u200b\u63a7\u5236\u200b\u5728\u200b\u4e86\u200b Namespace \u200b\u7ea7\u522b\u200b\u3002\u200b\u8be6\u7ec6\u4fe1\u606f\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b Cilium \u200b\u9650\u5236\u200b\u3002
\u200b\u5728\u200b\u6709\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u5339\u914d\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u53ea\u6709\u200b\u540c\u4e00\u4e2a\u200b Namespace \u200b\u7684\u200b Pod \uff0c\u200b\u624d\u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b\u89c4\u5219\u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u62d2\u7edd\u200b\u5176\u4ed6\u200b Namespace \u200b\u7684\u200b Pod \u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\u3002
\u200b\u5982\u679c\u200b\u60f3\u200b\u5b9e\u73b0\u200b\u8de8\u200b Namespace \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u89c4\u5219\u200b\u4e2d\u200b\u660e\u786e\u200b\u6307\u5b9a\u200b Namespace \u200b\u4fe1\u606f\u200b\u3002
\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\uff0c\u200b\u4fee\u6539\u200b CiliumNetworkPolicy \u200b\u8d44\u6e90\u200b\uff0c\u200b\u589e\u52a0\u200b namespace \u200b\u4fe1\u606f\u200b:
ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n k8s:io.kubernetes.pod.namespace: default // \u200b\u63a7\u5236\u200b\u5176\u4ed6\u200b Namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\n
\u200b\u67e5\u770b\u200b\u4fee\u6539\u200b\u540e\u200b\u7684\u200b CiliumNetworkPolicy \u200b\u8d44\u6e90\u200b\u4fe1\u606f\u200b:
# kubectl get cnp -n test -o yaml l3-rule\napiVersion: cilium.io/v2\nkind: CiliumNetworkPolicy\nmetadata:\n name: l3-rule\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n - matchLabels:\n app: dynamic\n k8s:io.kubernetes.pod.namespace: default\n
\u200b\u518d\u6b21\u200b\u6d4b\u8bd5\u200b default namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\uff0c\u200b\u76ee\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u6b63\u5e38\u200b:
# kubectl exec -it dynamic-7d8d7874f5-9v5c4 -n test -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n64 bytes from 10.16.0.41: seq=0 ttl=64 time=2.383 ms\n64 bytes from 10.16.0.41: seq=1 ttl=64 time=0.115 ms\n64 bytes from 10.16.0.41: seq=2 ttl=64 time=0.142 ms\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.115/0.880/2.383 ms\n
\u200b\u4f7f\u7528\u200b\u6807\u51c6\u200b\u7684\u200b Kubernetes \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b networkpolicy\uff0c\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u663e\u793a\u200b Cilium \u200b\u540c\u6837\u200b\u5c06\u200b\u8bbf\u95ee\u200b\u9650\u5236\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b Namespace \u200b\u5185\u200b\uff0c\u200b\u8de8\u200b Namespace \u200b\u7684\u200b\u8bbf\u95ee\u200b\u662f\u200b\u7981\u6b62\u200b\u7684\u200b\u3002
\u200b\u8fd9\u70b9\u200b\u4e0e\u200b Kube-OVN \u200b\u5b9e\u73b0\u200b\u662f\u200b\u4e0d\u540c\u200b\u7684\u200b\u3002Kube-OVN \u200b\u652f\u6301\u200b\u6807\u51c6\u200b\u7684\u200b k8s \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\uff0c\u200b\u9650\u5236\u200b\u4e86\u200b\u5177\u4f53\u200b Namespace \u200b\u4e0b\u200b\u7684\u200b\u76ee\u7684\u200b Pod\uff0c\u200b\u4f46\u662f\u200b\u5bf9\u200b\u6e90\u5730\u5740\u200b Pod\uff0c\u200b\u662f\u200b\u6ca1\u6709\u200b Namespace \u200b\u9650\u5236\u200b\u7684\u200b\uff0c\u200b\u4efb\u4f55\u200b Namespace \u200b\u4e0b\u200b\u7b26\u5408\u200b\u9650\u5236\u200b\u89c4\u5219\u200b\u7684\u200b Pod\uff0c\u200b\u90fd\u200b\u53ef\u4ee5\u200b\u5b9e\u73b0\u200b\u5bf9\u200b\u76ee\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b\u3002
"},{"location":"advance/cilium-networkpolicy/#l4","title":"L4 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b L4 \u200b\u5c42\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u8d44\u6e90\u200b:
apiVersion: \"cilium.io/v2\"\nkind: CiliumNetworkPolicy\nmetadata:\n name: \"l4-rule\"\n namespace: test\nspec:\n endpointSelector:\n matchLabels:\n app: test\n ingress:\n - fromEndpoints:\n - matchLabels:\n app: dynamic\n toPorts:\n - ports:\n - port: \"80\"\n protocol: TCP\n
\u200b\u6d4b\u8bd5\u200b\u76f8\u540c\u200b Namespace \u200b\u4e0b\u200b\uff0c\u200b\u7b26\u5408\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u7684\u200b Pod \u200b\u7684\u200b\u8bbf\u95ee\u200b
# kubectl exec -it -n test dynamic-7d8d7874f5-6dsg6 -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\nbash-5.0#\nbash-5.0# curl 10.16.0.41:80\n<html>\n<head>\n <title>Hello World!</title>\n <link href='//fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>\n <style>\n body {\n background-color: white;\n text-align: center;\n padding: 50px;\n font-family: \"Open Sans\",\"Helvetica Neue\",Helvetica,Arial,sans-serif;\n }\n #logo {\n margin-bottom: 40px;\n }\n </style>\n</head>\n<body>\n <h1>Hello World!</h1>\n <h3>Links found</h3>\n <h3>I am on test-54c98bc466-mft5s</h3>\n <h3>Cookie =</h3>\n <b>KUBERNETES</b> listening in 443 available at tcp://10.96.0.1:443<br />\n <h3>my name is hanhouchao!</h3>\n <h3> RequestURI='/'</h3>\n</body>\n</html>\n
\u200b\u76f8\u540c\u200b Namespace \u200b\u4e0b\u200b\uff0c\u200b\u4e0d\u200b\u7b26\u5408\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u6d4b\u8bd5\u200b
# kubectl exec -it -n test label-test1-77b6764857-swq4k -- bash\nbash-5.0# ping -c 3 10.16.0.41\nPING 10.16.0.41 (10.16.0.41): 56 data bytes\n\n--- 10.16.0.41 ping statistics ---\n3 packets transmitted, 0 packets received, 100% packet loss\nbash-5.0#\nbash-5.0# curl -v 10.16.0.41:80 --connect-timeout 10\n* Trying 10.16.0.41:80...\n* After 10000ms connect time, move on!\n* connect to 10.16.0.41 port 80 failed: Operation timed out\n* Connection timeout after 10001 ms\n* Closing connection 0\ncurl: (28) Connection timeout after 10001 ms\n
\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u751f\u6548\u200b\u540e\u200b\uff0c\u200b\u8de8\u200b Namespace \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u4f9d\u7136\u200b\u662f\u200b\u88ab\u200b\u7981\u6b62\u200b\u7684\u200b\uff0c\u200b\u8ddf\u200b L3 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b\u4e00\u81f4\u200b\u3002
\u200b\u5728\u200b L4 \u200b\u7f51\u7edc\u200b\u89c4\u5219\u200b\u751f\u6548\u200b\u540e\u200b\uff0cping \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\uff0c\u200b\u4f46\u662f\u200b\u7b26\u5408\u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u7684\u200b TCP \u200b\u8bbf\u95ee\u200b\uff0c\u200b\u662f\u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u6267\u884c\u200b\u7684\u200b\u3002
\u200b\u5173\u4e8e\u200b ICMP \u200b\u7684\u200b\u9650\u5236\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u5b98\u65b9\u200b\u8bf4\u660e\u200b L4 \u200b\u9650\u5236\u200b\u8bf4\u660e\u200b\u3002
"},{"location":"advance/cilium-networkpolicy/#l7","title":"L7 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u6d4b\u8bd5","text":"chaining \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0cL7 \u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u76ee\u524d\u200b\u662f\u200b\u5b58\u5728\u200b\u95ee\u9898\u200b\u7684\u200b\u3002\u200b\u5728\u200b Cilium \u200b\u5b98\u65b9\u200b\u6587\u6863\u200b\u4e2d\u200b\uff0c\u200b\u5bf9\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u7ed9\u51fa\u200b\u4e86\u200b\u8bf4\u660e\u200b\uff0c\u200b\u53c2\u8003\u200b Generic Veth Chaining\u3002
\u200b\u8fd9\u4e2a\u200b\u95ee\u9898\u200b\u4f7f\u7528\u200b issue 12454 \u200b\u8ddf\u8e2a\u200b\uff0c\u200b\u76ee\u524d\u200b\u8fd8\u200b\u6ca1\u6709\u200b\u89e3\u51b3\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/dhcp/","title":"DHCP \u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u4f7f\u7528\u200b SR-IOV \u200b\u6216\u200b DPDK \u200b\u7c7b\u578b\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0cKubeVirt \u200b\u5185\u7f6e\u200b\u7684\u200b DHCP \u200b\u65e0\u6cd5\u200b\u5728\u200b\u8be5\u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u5de5\u4f5c\u200b\u3002Kube-OVN \u200b\u53ef\u4ee5\u200b\u5229\u7528\u200b OVN \u200b\u7684\u200b DHCP \u200b\u80fd\u529b\u200b\u5728\u200b\u5b50\u7f51\u200b\u7ea7\u522b\u200b\u8bbe\u7f6e\u200b DHCP \u200b\u9009\u9879\u200b\uff0c\u200b\u4ece\u800c\u200b\u5e2e\u52a9\u200b\u8be5\u200b\u7f51\u7edc\u200b\u7c7b\u578b\u200b\u7684\u200b KubeVirt \u200b\u865a\u673a\u200b\u6b63\u5e38\u200b\u4f7f\u7528\u200b DHCP \u200b\u83b7\u5f97\u200b\u5206\u914d\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002Kube-OVN \u200b\u540c\u65f6\u200b\u652f\u6301\u200b DHCPv4 \u200b\u548c\u200b DHCPv6\u3002
\u200b\u5b50\u7f51\u200b DHCP \u200b\u7684\u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sn-dual\nspec:\n cidrBlock: \"10.0.0.0/24,240e::a00/120\"\n default: false\n disableGatewayCheck: true\n disableInterConnection: false\n excludeIps:\n - 10.0.0.1\n - 240e::a01\n gateway: 10.0.0.1,240e::a01\n gatewayNode: ''\n gatewayType: distributed\n natOutgoing: false\n private: false\n protocol: Dual\n provider: ovn\n vpc: vpc-test\n enableDHCP: true\n dhcpV4Options: \"lease_time=3600,router=10.0.0.1,server_id=169.254.0.254,server_mac=00:00:00:2E:2F:B8\"\n dhcpV6Options: \"server_id=00:00:00:2E:2F:C5\"\n enableIPv6RA: true\n ipv6RAConfigs: \"address_mode=dhcpv6_stateful,max_interval=30,min_interval=5,send_periodic=true\"\n
enableDHCP: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u5b50\u7f51\u200b\u7684\u200b DHCP \u200b\u529f\u80fd\u200b\u3002dhcpV4Options,dhcpV6Options: \u200b\u8be5\u5b57\u6bb5\u200b\u76f4\u63a5\u200b\u66b4\u9732\u200b ovn-nb \u200b\u5185\u200b DHCP \u200b\u76f8\u5173\u200b\u9009\u9879\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b DHCP Options\u3002 \u200b\u9ed8\u8ba4\u503c\u200b\u5206\u522b\u200b\u4e3a\u200b \"lease_time=3600, router=$ipv4_gateway, server_id=169.254.0.254, server_mac=$random_mac\" \u200b\u548c\u200b server_id=$random_mac\u3002enableIPv6RA: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b DHCPv6 \u200b\u7684\u200b\u8def\u7531\u200b\u5e7f\u64ad\u200b\u529f\u80fd\u200b\u3002ipv6RAConfigs\uff1a\u200b\u8be5\u5b57\u6bb5\u200b\u76f4\u63a5\u200b\u66b4\u9732\u200b ovn-nb \u200b\u5185\u200b Logical_Router_Port \u200b\u76f8\u5173\u200b\u9009\u9879\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b Logical Router Port \u200b\u9ed8\u8ba4\u503c\u200b\u4e3a\u200b address_mode=dhcpv6_stateful, max_interval=30, min_interval=5, send_periodic=true\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/dpdk/","title":"DPDK \u200b\u652f\u6301","text":"\u200b\u8be5\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b Kube-OVN \u200b\u5982\u4f55\u200b\u548c\u200b OVS-DPDK \u200b\u7ed3\u5408\u200b\uff0c\u200b\u7ed9\u200b KubeVirt \u200b\u7684\u200b\u865a\u673a\u200b\u63d0\u4f9b\u200b DPDK \u200b\u7c7b\u578b\u200b\u7684\u200b\u7f51\u7edc\u63a5\u53e3\u200b\u3002
\u200b\u4e0a\u6e38\u200b\u7684\u200b KubeVirt \u200b\u76ee\u524d\u200b\u8fd8\u200b\u672a\u200b\u652f\u6301\u200b OVS-DPDK\uff0c\u200b\u7528\u6237\u200b\u9700\u8981\u200b\u81ea\u5df1\u200b\u901a\u8fc7\u200b\u76f8\u5173\u200b patch Vhostuser implementation \u200b\u6784\u5efa\u200b KubeVirt \u200b\u6216\u200b KVM Device Plugin \u200b\u6765\u200b\u4f7f\u7528\u200b OVS-DPDK\u3002
"},{"location":"advance/dpdk/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u8282\u70b9\u200b\u9700\u200b\u63d0\u4f9b\u200b\u4e13\u95e8\u200b\u7ed9\u200b DPDK \u200b\u9a71\u52a8\u200b\u8fd0\u884c\u200b\u7684\u200b\u7f51\u5361\u200b\u3002
- \u200b\u8282\u70b9\u200b\u9700\u200b\u5f00\u542f\u200b Hugepages\u3002
"},{"location":"advance/dpdk/#dpdk_1","title":"\u7f51\u5361\u200b\u8bbe\u7f6e\u200b DPDK \u200b\u9a71\u52a8","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b driverctl \u200b\u4e3a\u4f8b\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5177\u4f53\u200b\u53c2\u6570\u200b\u548c\u200b\u5176\u4ed6\u200b\u9a71\u52a8\u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b DPDK \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u3002
driverctl set-override 0000:00:0b.0 uio_pci_generic\n
"},{"location":"advance/dpdk/#_2","title":"\u8282\u70b9\u200b\u914d\u7f6e","text":"\u200b\u5bf9\u200b\u652f\u6301\u200b OVS-DPDK \u200b\u7684\u200b\u8282\u70b9\u200b\u6253\u200b\u6807\u7b7e\u200b\uff0c\u200b\u4ee5\u4fbf\u200b Kube-OVN \u200b\u8fdb\u884c\u200b\u8bc6\u522b\u200b\u5904\u7406\u200b\uff1a
kubectl label nodes <node> ovn.kubernetes.io/ovs_dp_type=\"userspace\"\n
\u200b\u5728\u200b\u652f\u6301\u200b OVS-DPDK \u200b\u8282\u70b9\u200b\u7684\u200b /opt/ovs-config \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u521b\u5efa\u200b\u914d\u7f6e\u6587\u4ef6\u200b ovs-dpdk-config\uff1a
ENCAP_IP=192.168.122.193/24\nDPDK_DEV=0000:00:0b.0\n
ENCAP_IP: \u200b\u96a7\u9053\u200b\u7aef\u70b9\u200b\u5730\u5740\u200b\u3002DPDK_DEV: \u200b\u8bbe\u5907\u200b\u7684\u200b PCI ID\u3002
"},{"location":"advance/dpdk/#kube-ovn","title":"\u5b89\u88c5\u200b Kube-OVN","text":"\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u542f\u7528\u200b DPDK \u200b\u5b89\u88c5\u200b\u9009\u9879\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a
bash install.sh --with-hybrid-dpdk\n
"},{"location":"advance/dpdk/#_3","title":"\u4f7f\u7528\u200b\u65b9\u5f0f","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u901a\u8fc7\u200b\u521b\u5efa\u200b\u4e00\u4e2a\u200b\u4f7f\u7528\u200b vhostuser \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\u7684\u200b\u865a\u200b\u673a\u6765\u200b\u9a8c\u8bc1\u200b OVS-DPDK \u200b\u529f\u80fd\u200b\u3002
\u200b\u5b89\u88c5\u200b KVM Device Plugin \u200b\u6765\u200b\u521b\u5efa\u200b\u865a\u673a\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u8bf7\u200b\u53c2\u8003\u200b KVM Device Plugin\u3002
kubectl apply -f https://raw.githubusercontent.com/kubevirt/kubernetes-device-plugins/master/manifests/kvm-ds.yml\n
\u200b\u521b\u5efa\u200b NetworkAttachmentDefinition\uff1a
apiVersion: k8s.cni.cncf.io/v1\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-dpdk\n namespace: default\nspec:\n config: >-\n {\n \"cniVersion\": \"0.3.0\", \n \"type\": \"kube-ovn\", \n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\", \n \"provider\": \"ovn-dpdk.default.ovn\",\n \"vhost_user_socket_volume_name\": \"vhostuser-sockets\",\n \"vhost_user_socket_name\": \"sock\"\n }\n
\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b Dockerfile \u200b\u521b\u5efa\u200b VM \u200b\u955c\u50cf\u200b\uff1a
FROM quay.io/kubevirt/virt-launcher:v0.46.1\n\n# wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2\nCOPY CentOS-7-x86_64-GenericCloud.qcow2 /var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2\n
\u200b\u521b\u5efa\u200b\u865a\u62df\u673a\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vm-config\ndata:\n start.sh: |\n chmod u+w /etc/libvirt/qemu.conf\n echo \"hugetlbfs_mount = \\\"/dev/hugepages\\\"\" >> /etc/libvirt/qemu.conf\n virtlogd &\n libvirtd &\n\n mkdir /var/lock\n\n sleep 5\n\n virsh define /root/vm/vm.xml\n virsh start vm\n\n tail -f /dev/null\n vm.xml: |\n <domain type='kvm'>\n <name>vm</name>\n <uuid>4a9b3f53-fa2a-47f3-a757-dd87720d9d1d</uuid>\n <memory unit='KiB'>2097152</memory>\n <currentMemory unit='KiB'>2097152</currentMemory>\n <memoryBacking>\n <hugepages>\n <page size='2' unit='M' nodeset='0'/>\n </hugepages>\n </memoryBacking>\n <vcpu placement='static'>2</vcpu>\n <cputune>\n <shares>4096</shares>\n <vcpupin vcpu='0' cpuset='4'/>\n <vcpupin vcpu='1' cpuset='5'/>\n <emulatorpin cpuset='1,3'/>\n </cputune>\n <os>\n <type arch='x86_64' machine='pc'>hvm</type>\n <boot dev='hd'/>\n </os>\n <features>\n <acpi/>\n <apic/>\n </features>\n <cpu mode='host-model'>\n <model fallback='allow'/>\n <topology sockets='1' cores='2' threads='1'/>\n <numa>\n <cell id='0' cpus='0-1' memory='2097152' unit='KiB' memAccess='shared'/>\n </numa>\n </cpu>\n <on_reboot>restart</on_reboot>\n <devices>\n <emulator>/usr/libexec/qemu-kvm</emulator>\n <disk type='file' device='disk'>\n <driver name='qemu' type='qcow2' cache='none'/>\n <source file='/var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2'/>\n <target dev='vda' bus='virtio'/>\n </disk>\n\n <interface type='vhostuser'>\n <mac address='00:00:00:0A:30:89'/>\n <source type='unix' path='/var/run/vm/sock' mode='server'/>\n <model type='virtio'/>\n <driver queues='2'>\n <host mrg_rxbuf='off'/>\n </driver>\n </interface>\n <serial type='pty'>\n <target type='isa-serial' port='0'>\n <model name='isa-serial'/>\n </target>\n </serial>\n <console type='pty'>\n <target type='serial' port='0'/>\n </console>\n <channel type='unix'>\n <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-1-vm/org.qemu.guest_agent.0'/>\n <target type='virtio' name='org.qemu.guest_agent.0' state='connected'/>\n <alias name='channel0'/>\n <address type='virtio-serial' controller='0' bus='0' port='1'/>\n </channel>\n\n </devices>\n </domain>\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: vm-deployment\n labels:\n app: vm\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: vm\n template:\n metadata:\n labels:\n app: vm\n annotations:\n k8s.v1.cni.cncf.io/networks: default/ovn-dpdk\n ovn-dpdk.default.ovn.kubernetes.io/ip_address: 10.16.0.96\n ovn-dpdk.default.ovn.kubernetes.io/mac_address: 00:00:00:0A:30:89\n spec:\n nodeSelector:\n ovn.kubernetes.io/ovs_dp_type: userspace\n securityContext:\n runAsUser: 0\n volumes:\n - name: vhostuser-sockets\n emptyDir: {}\n - name: xml\n configMap:\n name: vm-config\n - name: hugepage\n emptyDir:\n medium: HugePages-2Mi\n - name: libvirt-runtime\n emptyDir: {}\n containers:\n - name: vm\n image: vm-vhostuser:latest\n command: [\"bash\", \"/root/vm/start.sh\"]\n securityContext:\n capabilities:\n add:\n - NET_BIND_SERVICE\n - SYS_NICE\n - NET_RAW\n - NET_ADMIN\n privileged: false\n runAsUser: 0\n resources:\n limits:\n cpu: '2'\n devices.kubevirt.io/kvm: '1'\n memory: '8784969729'\n hugepages-2Mi: 2Gi\n requests:\n cpu: 666m\n devices.kubevirt.io/kvm: '1'\n ephemeral-storage: 50M\n memory: '4490002433'\n volumeMounts:\n - name: vhostuser-sockets\n mountPath: /var/run/vm\n - name: xml\n mountPath: /root/vm/\n - mountPath: /dev/hugepages\n name: hugepage\n - name: libvirt-runtime\n mountPath: /var/run/libvirt\n
\u200b\u7b49\u5f85\u200b\u865a\u62df\u673a\u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\u8fdb\u5165\u200b Pod \u200b\u8fdb\u884c\u200b\u865a\u673a\u200b\u914d\u7f6e\u200b\uff1a
# virsh set-user-password vm root 12345\nPassword set successfully for root in vm\n\n# virsh console vm\nConnected to domain 'vm'\nEscape character is ^] (Ctrl + ])\n\nCentOS Linux 7 (Core)\nKernel 3.10.0-1127.el7.x86_64 on an x86_64\n\nlocalhost login: root\nPassword:\nLast login: Fri Feb 25 09:52:54 on ttyS0\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u767b\u5f55\u200b\u865a\u673a\u200b\u8fdb\u884c\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u5e76\u200b\u6d4b\u8bd5\u200b\uff1a
ip link set eth0 mtu 1400\nip addr add 10.16.0.96/16 dev eth0\nip ro add default via 10.16.0.1\nping 114.114.114.114\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/external-gateway/","title":"\u5916\u90e8\u200b\u7f51\u5173\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u5bf9\u200b\u6240\u6709\u200b\u5bb9\u5668\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7684\u200b\u6d41\u91cf\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b\u7684\u200b\u7f51\u5173\u200b\u8fdb\u884c\u200b\u7edf\u4e00\u200b\u7684\u200b\u7ba1\u7406\u200b\u548c\u200b\u5ba1\u8ba1\u200b\u3002 Kube-OVN \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5728\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b\u8def\u7531\u200b\u914d\u7f6e\u200b\uff0c\u200b\u5c06\u200b\u51fa\u7f51\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\u81f3\u200b\u5bf9\u5e94\u200b\u7684\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u3002
"},{"location":"advance/external-gateway/#_2","title":"\u4f7f\u7528\u200b\u65b9\u5f0f","text":"kind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: external\nspec:\n cidrBlock: 172.31.0.0/16\n gatewayType: centralized\n natOutgoing: false\n externalEgressGateway: 192.168.0.1\n policyRoutingTableID: 1000\n policyRoutingPriority: 1500\n
natOutgoing: \u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\u3002externalEgressGateway\uff1a\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u9700\u8981\u200b\u548c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u53ef\u8fbe\u57df\u200b\u3002policyRoutingTableID\uff1a\u200b\u4f7f\u7528\u200b\u7684\u200b\u672c\u5730\u200b\u7b56\u7565\u200b\u8def\u7531\u8868\u200b\u7684\u200b TableID \u200b\u6bcf\u4e2a\u200b\u5b50\u7f51\u200b\u5747\u200b\u9700\u200b\u4e0d\u540c\u200b\u4ee5\u200b\u907f\u514d\u200b\u51b2\u7a81\u200b\u3002policyRoutingPriority\uff1a\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u4e3a\u200b\u907f\u514d\u200b\u540e\u7eed\u200b\u7528\u6237\u200b\u5b9a\u5236\u200b\u5316\u200b\u7684\u200b\u5176\u4ed6\u200b\u8def\u7531\u200b\u64cd\u4f5c\u200b\u51b2\u7a81\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u53ef\u4ee5\u200b\u6307\u5b9a\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u82e5\u200b\u65e0\u200b\u7279\u6b8a\u200b\u9700\u6c42\u200b\u586b\u5165\u200b\u4efb\u610f\u200b\u503c\u200b\u5373\u53ef\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/fastpath/","title":"\u624b\u52a8\u200b\u7f16\u8bd1\u200b FastPath \u200b\u6a21\u5757","text":"\u200b\u7ecf\u8fc7\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u7684\u200b\u6027\u80fd\u200b Profile\uff0cNetfilter \u200b\u5728\u200b\u5bb9\u5668\u200b\u5185\u200b\u548c\u200b\u5bbf\u4e3b\u673a\u200b\u4e0a\u200b\u7684\u200b\u76f8\u5173\u200b\u5904\u7406\u200b\u6d88\u8017\u200b\u4e86\u200b 20% \u200b\u5de6\u53f3\u200b\u7684\u200b CPU \u200b\u8d44\u6e90\u200b\uff0cFastPath \u200b\u6a21\u5757\u200b\u53ef\u4ee5\u200b\u7ed5\u8fc7\u200b Netfilter \u200b\u4ece\u800c\u200b \u200b\u964d\u4f4e\u200b CPU \u200b\u7684\u200b\u6d88\u8017\u200b\u548c\u200b\u5ef6\u8fdf\u200b\uff0c\u200b\u5e76\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b FastPath \u200b\u6a21\u5757\u200b\u3002
"},{"location":"advance/fastpath/#_1","title":"\u4e0b\u8f7d\u200b\u76f8\u5173\u200b\u5185\u6838\u6a21\u5757\u200b\u4ee3\u7801","text":"git clone --depth=1 https://github.com/kubeovn/kube-ovn.git\n
"},{"location":"advance/fastpath/#_2","title":"\u5b89\u88c5\u200b\u4f9d\u8d56","text":"\u200b\u8fd9\u91cc\u200b\u4ee5\u200b CentOS \u200b\u4e3a\u4f8b\u200b\u4e0b\u8f7d\u200b\u76f8\u5173\u200b\u4f9d\u8d56\u200b\uff1a
yum install -y kernel-devel-$(uname -r) gcc elfutils-libelf-devel\n
"},{"location":"advance/fastpath/#_3","title":"\u7f16\u8bd1\u200b\u76f8\u5173\u200b\u6a21\u5757","text":"\u200b\u9488\u5bf9\u200b 3.x \u200b\u7684\u200b\u5185\u6838\u200b\uff1a
cd kube-ovn/fastpath\nmake all\n
\u200b\u9488\u5bf9\u200b 4.x \u200b\u7684\u200b\u5185\u6838\u200b\uff1a
cd kube-ovn/fastpath/4.18\ncp ../Makefile .\nmake all\n
"},{"location":"advance/fastpath/#_4","title":"\u5b89\u88c5\u200b\u5185\u6838\u6a21\u5757","text":"\u200b\u5c06\u200b kube_ovn_fastpath.ko \u200b\u590d\u5236\u5230\u200b\u6bcf\u4e2a\u200b\u9700\u8981\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u7684\u200b\u8282\u70b9\u200b /tmp \u200b\u76ee\u5f55\u200b\u4e0b\u200b\uff0ckube-ovn-cni \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u52a0\u8f7d\u200b\u8be5\u200b\u6a21\u5757\u200b\u3002
\u200b\u4f7f\u7528\u200b dmesg \u200b\u786e\u8ba4\u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\uff1a
# dmesg\n[619631.323788] init_module,kube_ovn_fastpath_local_out\n[619631.323798] init_module,kube_ovn_fastpath_post_routing\n[619631.323800] init_module,kube_ovn_fastpath_pre_routing\n[619631.323801] init_module,kube_ovn_fastpath_local_in\n
\u200b\u5982\u9700\u200b\u5378\u8f7d\u200b\u6a21\u5757\u200b\uff0c\u200b\u53ef\u200b\u5c06\u200b\u8be5\u200b\u6a21\u5757\u200b\u4ece\u200b /tmp \u200b\u76ee\u5f55\u200b\u4e0b\u79fb\u200b\u9664\u200b\uff0ckube-ovn-cni \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5378\u8f7d\u200b\u8be5\u200b\u6a21\u5757\u200b\u3002
\u200b\u8be5\u200b\u6a21\u5757\u200b\u5728\u200b\u673a\u5668\u200b\u91cd\u542f\u200b\u540e\u200b\u4e0d\u4f1a\u200b\u81ea\u52a8\u200b\u52a0\u8f7d\u200b\uff0c\u200b\u5982\u9700\u200b\u81ea\u52a8\u200b\u52a0\u8f7d\u200b\u8bf7\u200b\u6839\u636e\u200b\u7cfb\u7edf\u200b\u5f04\u200b\u914d\u7f6e\u200b\u7f16\u5199\u200b\u76f8\u5e94\u200b\u81ea\u542f\u52a8\u200b\u811a\u672c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/multi-nic/","title":"\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406","text":"Kube-OVN \u200b\u53ef\u4ee5\u200b\u4e3a\u200b\u5176\u4ed6\u200b CNI \u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u4f8b\u5982\u200b macvlan\u3001vlan\u3001host-device \u200b\u7b49\u200b\u63d2\u4ef6\u200b\u63d0\u4f9b\u200b\u96c6\u7fa4\u200b\u7ea7\u522b\u200b\u7684\u200b IPAM \u200b\u80fd\u529b\u200b\uff0c \u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5230\u200b Kube-OVN \u200b\u4e2d\u5b50\u200b\u7f51\u200b\u4ee5\u53ca\u200b\u56fa\u5b9a\u200b IP \u200b\u529f\u80fd\u200b\u3002
\u200b\u540c\u65f6\u200b Kube-OVN \u200b\u4e5f\u200b\u652f\u6301\u200b\u591a\u5757\u200b\u7f51\u5361\u200b\u5747\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u7684\u200b\u5730\u5740\u200b\u7ba1\u7406\u200b\u3002
"},{"location":"advance/multi-nic/#_2","title":"\u5de5\u4f5c\u200b\u539f\u7406","text":"\u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b Multus CNI, \u200b\u6211\u4eec\u200b\u53ef\u4ee5\u200b\u7ed9\u200b\u4e00\u4e2a\u200b Pod \u200b\u6dfb\u52a0\u200b\u591a\u5757\u200b\u4e0d\u540c\u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u5361\u200b\u3002 \u200b\u7136\u800c\u200b\u6211\u4eec\u200b\u4ecd\u7136\u200b\u7f3a\u4e4f\u200b\u5bf9\u200b\u96c6\u7fa4\u200b\u8303\u56f4\u200b\u5185\u200b\u4e0d\u540c\u200b\u7f51\u7edc\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u8fdb\u884c\u200b\u7ba1\u7406\u200b\u7684\u200b\u80fd\u529b\u200b\u3002\u200b\u5728\u200b Kube-OVN \u200b\u4e2d\u200b\uff0c\u200b\u6211\u4eec\u200b\u5df2\u7ecf\u200b\u80fd\u591f\u200b\u901a\u8fc7\u200b Subnet \u200b\u548c\u200b IP \u200b\u7684\u200b CRD \u200b\u6765\u200b\u8fdb\u884c\u200b IP \u200b\u7684\u200b\u9ad8\u7ea7\u200b\u7ba1\u7406\u200b\uff0c \u200b\u4f8b\u5982\u200b\u5b50\u7f51\u200b\u7ba1\u7406\u200b\uff0cIP \u200b\u9884\u7559\u200b\uff0c\u200b\u968f\u673a\u200b\u5206\u914d\u200b\uff0c\u200b\u56fa\u5b9a\u200b\u5206\u914d\u200b\u7b49\u200b\u3002\u200b\u73b0\u5728\u200b\u6211\u4eec\u200b\u5bf9\u200b\u5b50\u7f51\u200b\u8fdb\u884c\u200b\u6269\u5c55\u200b\uff0c\u200b\u6765\u200b\u63a5\u5165\u200b\u5176\u4ed6\u200b\u4e0d\u540c\u200b\u7684\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u7684\u200b IPAM \u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/multi-nic/#_3","title":"\u5de5\u4f5c\u200b\u6d41\u7a0b","text":"\u200b\u4e0a\u200b\u56fe\u200b\u5c55\u793a\u200b\u4e86\u200b\u5982\u4f55\u200b\u901a\u8fc7\u200b Kube-OVN \u200b\u6765\u200b\u7ba1\u7406\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002\u200b\u5176\u4e2d\u200b\u5bb9\u5668\u200b\u7684\u200b eth0 \u200b\u7f51\u5361\u200b\u63a5\u5165\u200b OVN \u200b\u7f51\u7edc\u200b\uff0cnet1 \u200b\u7f51\u5361\u200b\u63a5\u5165\u200b\u5176\u4ed6\u200b CNI \u200b\u7f51\u7edc\u200b\u3002 net1 \u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u7edc\u200b\u5b9a\u4e49\u200b\u6765\u81ea\u200b\u4e8e\u200b multus-cni \u200b\u4e2d\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u8d44\u6e90\u200b\u5b9a\u4e49\u200b\u3002
\u200b\u5f53\u200b Pod \u200b\u521b\u5efa\u200b\u65f6\u200b\uff0ckube-ovn-controller \u200b\u4f1a\u200b\u76d1\u542c\u200b\u5230\u200b Pod \u200b\u6dfb\u52a0\u200b\u4e8b\u4ef6\u200b\uff0c\u200b\u5e76\u200b\u6839\u636e\u200b Pod \u200b\u4e2d\u200b\u7684\u200b annotation \u200b\u53bb\u200b\u5bfb\u627e\u200b\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u5e76\u200b\u4ece\u4e2d\u200b\u8fdb\u884c\u200b IP \u200b\u7684\u200b\u5206\u914d\u200b\u548c\u200b\u7ba1\u7406\u200b\uff0c \u200b\u5e76\u200b\u5c06\u200b Pod \u200b\u6240\u200b\u5206\u914d\u200b\u5230\u200b\u7684\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\u5199\u200b\u56de\u5230\u200b Pod annotation \u200b\u4e2d\u200b\u3002
\u200b\u5728\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u673a\u5668\u200b\u7684\u200b CNI \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5728\u200b\u914d\u7f6e\u200b\u4e2d\u200b\u914d\u7f6e\u200b kube-ovn-cni \u200b\u4f5c\u4e3a\u200b ipam \u200b\u63d2\u4ef6\u200b, kube-ovn-cni \u200b\u5c06\u4f1a\u200b\u8bfb\u53d6\u200b Pod annotation \u200b\u5e76\u200b\u5c06\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\u901a\u8fc7\u200b CNI \u200b\u534f\u8bae\u200b\u7684\u200b\u6807\u51c6\u200b\u683c\u5f0f\u200b\u8fd4\u56de\u200b\u7ed9\u200b\u76f8\u5e94\u200b\u7684\u200b CNI \u200b\u63d2\u4ef6\u200b\u3002
"},{"location":"advance/multi-nic/#_4","title":"\u4f7f\u7528\u200b\u65b9\u6cd5","text":""},{"location":"advance/multi-nic/#kube-ovn-multus","title":"\u5b89\u88c5\u200b Kube-OVN \u200b\u548c\u200b Multus","text":"\u200b\u8bf7\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b \u200b\u548c\u200b Multus how to use \u200b\u6765\u200b\u5b89\u88c5\u200b Kube-OVN \u200b\u548c\u200b Multus-CNI\u3002
"},{"location":"advance/multi-nic/#cni-ipam","title":"\u4e3a\u200b\u5176\u4ed6\u200b CNI \u200b\u63d0\u4f9b\u200b IPAM","text":"\u200b\u6b64\u65f6\u200b\u4e3b\u200b\u7f51\u5361\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\uff0c\u200b\u9644\u5c5e\u200b\u7f51\u5361\u200b\u4e3a\u200b\u5176\u4ed6\u200b\u7c7b\u578b\u200b CNI\u3002
"},{"location":"advance/multi-nic/#networkattachmentdefinition","title":"\u521b\u5efa\u200b NetworkAttachmentDefinition","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b macvlan \u200b\u4f5c\u4e3a\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u7b2c\u4e8c\u4e2a\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u5176\u200b ipam \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b kube-ovn\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: macvlan\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth0\",\n \"mode\": \"bridge\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"macvlan.default\"\n }\n }'\n
spec.config.ipam.type: \u200b\u9700\u8981\u200b\u4e3a\u200b kube-ovn \u200b\u6765\u200b\u8c03\u7528\u200b kube-ovn \u200b\u7684\u200b\u63d2\u4ef6\u200b\u6765\u200b\u83b7\u53d6\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\u3002server_socket: Kube-OVN \u200b\u901a\u4fe1\u200b\u4f7f\u7528\u200b\u7684\u200b socket \u200b\u6587\u4ef6\u200b\u3002 \u200b\u9ed8\u8ba4\u200b\u4f4d\u7f6e\u200b\u4e3a\u200b /run/openvswitch/kube-ovn-daemon.sock\u3002provider: \u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace> , Kube-OVN \u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u8fd9\u4e9b\u200b\u4fe1\u606f\u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u8d44\u6e90\u200b\u3002
"},{"location":"advance/multi-nic/#kube-ovn","title":"\u9644\u5c5e\u200b\u7f51\u5361\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361","text":"\u200b\u6b64\u65f6\u200b\u591a\u5757\u200b\u7f51\u5361\u200b\u5747\u200b\u4e3a\u200b Kube-OVN \u200b\u7c7b\u578b\u200b\u7f51\u5361\u200b\u3002
"},{"location":"advance/multi-nic/#networkattachmentdefinition_1","title":"\u521b\u5efa\u200b NetworkAttachmentDefinition","text":"\u200b\u5c06\u200b provider \u200b\u7684\u200b\u540e\u7f00\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b ovn\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: attachnet\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"attachnet.default.ovn\"\n }'\n
spec.config.type: \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b kube-ovn \u200b\u6765\u200b\u89e6\u53d1\u200b CNI \u200b\u63d2\u4ef6\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u5b50\u7f51\u200b\u3002server_socket: Kube-OVN \u200b\u901a\u4fe1\u200b\u4f7f\u7528\u200b\u7684\u200b socket \u200b\u6587\u4ef6\u200b\u3002 \u200b\u9ed8\u8ba4\u200b\u4f4d\u7f6e\u200b\u4e3a\u200b /run/openvswitch/kube-ovn-daemon.sock\u3002provider: \u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace>.ovn , Kube-OVN \u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u8fd9\u4e9b\u200b\u4fe1\u606f\u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u8d44\u6e90\u200b\uff0c\u200b\u6ce8\u610f\u200b\u540e\u7f00\u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b ovn\u3002
"},{"location":"advance/multi-nic/#kube-ovn-subnet","title":"\u521b\u5efa\u200b\u4e00\u4e2a\u200b Kube-OVN Subnet","text":"\u200b\u521b\u5efa\u200b\u4e00\u4e2a\u200b Kube-OVN Subnet,\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b cidrBlock \u200b\u548c\u200b exclude_ips, provider \u200b\u5e94\u8be5\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace>, \u200b\u4f8b\u5982\u200b\u7528\u200b macvlan \u200b\u63d0\u4f9b\u200b\u9644\u52a0\u200b\u7f51\u5361\u200b\uff0c\u200b\u521b\u5efa\u200b Subnet \u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: macvlan\nspec:\n protocol: IPv4\n provider: macvlan.default\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n excludeIps:\n - 172.17.0.0..172.17.0.10\n
gateway, private, nat \u200b\u53ea\u200b\u5bf9\u200b provider \u200b\u7c7b\u578b\u200b\u4e3a\u200b ovn \u200b\u7684\u200b\u7f51\u7edc\u200b\u751f\u6548\u200b\uff0c\u200b\u4e0d\u9002\u200b\u7528\u4e8e\u200b attachment network\u3002
\u200b\u5982\u679c\u200b\u4ee5\u200b Kube-OVN \u200b\u4f5c\u4e3a\u200b\u9644\u52a0\u200b\u7f51\u5361\u200b\uff0c\u200b\u5219\u200b provider \u200b\u5e94\u8be5\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <name>.<namespace>.ovn\uff0c\u200b\u5e76\u200b\u8981\u200b\u4ee5\u200b ovn \u200b\u4f5c\u4e3a\u200b\u540e\u7f00\u200b\u7ed3\u675f\u200b\u3002 \u200b\u7528\u200b Kube-OVN \u200b\u63d0\u4f9b\u200b\u9644\u52a0\u200b\u7f51\u5361\u200b\uff0c\u200b\u521b\u5efa\u200b Subnet \u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attachnet\nspec:\n protocol: IPv4\n provider: attachnet.default.ovn\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n excludeIps:\n - 172.17.0.0..172.17.0.10\n
"},{"location":"advance/multi-nic/#pod","title":"\u521b\u5efa\u200b\u4e00\u4e2a\u591a\u200b\u7f51\u7edc\u200b\u7684\u200b Pod","text":"\u200b\u5bf9\u4e8e\u200b\u5730\u5740\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u7684\u200b Pod\uff0c\u200b\u53ea\u200b\u9700\u8981\u200b\u6dfb\u52a0\u200b\u5982\u4e0b\u200b annotation k8s.v1.cni.cncf.io/networks,\u200b\u53d6\u503c\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b NetworkAttachmentDefinition \u200b\u7684\u200b <namespace>/<name>\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: samplepod\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\nspec:\n containers:\n - name: samplepod\n command: [\"/bin/ash\", \"-c\", \"trap : TERM INT; sleep infinity & wait\"]\n image: docker.io/library/alpine:edge\n
"},{"location":"advance/multi-nic/#ip-pod","title":"\u521b\u5efa\u200b\u56fa\u5b9a\u200b IP \u200b\u7684\u200b Pod","text":"\u200b\u5bf9\u4e8e\u200b\u56fa\u5b9a\u200b IP \u200b\u7684\u200b Pod\uff0c\u200b\u6dfb\u52a0\u200b <networkAttachmentName>.<networkAttachmentNamespace>.kubernetes.io/ip_address annotation\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: static-ip\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\n macvlan.default.kubernetes.io/ip_address: 172.17.0.100\n macvlan.default.kubernetes.io/mac_address: 00:00:00:53:6B:BB\nspec:\n containers:\n - name: static-ip\n image: docker.io/library/nginx:alpine\n
"},{"location":"advance/multi-nic/#ip","title":"\u521b\u5efa\u200b\u4f7f\u7528\u200b\u56fa\u5b9a\u200b IP \u200b\u7684\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d","text":"\u200b\u5bf9\u4e8e\u200b\u4f7f\u7528\u200b ippool \u200b\u7684\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b, \u200b\u6dfb\u52a0\u200b <networkAttachmentName>.<networkAttachmentNamespace>.kubernetes.io/ip_pool annotations:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n namespace: default\n name: static-workload\n labels:\n app: static-workload\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: static-workload\n template:\n metadata:\n labels:\n app: static-workload\n annotations:\n k8s.v1.cni.cncf.io/networks: default/macvlan\n ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17\n macvlan.default.kubernetes.io/ip_pool: 172.17.0.200,172.17.0.201,172.17.0.202\n spec:\n containers:\n - name: static-workload\n image: docker.io/library/nginx:alpine\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/nat-policy-rule/","title":"\u9ed8\u8ba4\u200b VPC NAT \u200b\u7b56\u7565\u200b\u89c4\u5219","text":""},{"location":"advance/nat-policy-rule/#_1","title":"\u7528\u9014","text":"\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Overlay \u200b\u5b50\u7f51\u200b\uff0c\u200b\u6253\u5f00\u200b natOutgoing \u200b\u5f00\u5173\u200b\u65f6\u200b\uff0cSubnet \u200b\u4e0b\u200b\u7684\u200b\u6240\u6709\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u90fd\u200b\u9700\u8981\u200b\u505a\u200b SNAT \u200b\u6210\u200b\u8282\u70b9\u200b\u7684\u200b IP\uff0c\u200b\u4f46\u662f\u200b\u6709\u4e9b\u200b\u573a\u666f\u200b\u6211\u4eec\u200b\u5e76\u200b\u4e0d\u200b\u5e0c\u671b\u200b\u5b50\u7f51\u200b\u5185\u200b\u6240\u6709\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u90fd\u200b\u505a\u200b SNAT\u3002
\u200b\u56e0\u6b64\u200b NAT \u200b\u7b56\u7565\u200b\u5c31\u662f\u200b\u4e3a\u4e86\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b\u63a5\u53e3\u200b\u8ba9\u200b\u7528\u6237\u200b\u51b3\u5b9a\u200b\u5b50\u7f51\u200b\u5185\u200b\u7684\u200b\u54ea\u4e9b\u200b CIDR \u200b\u6216\u8005\u200b IP \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u505a\u200b SNAT\u3002
"},{"location":"advance/nat-policy-rule/#_2","title":"\u4f7f\u7528\u200b\u65b9\u6cd5","text":"\u200b\u5728\u200b subnet.Spec \u200b\u4e2d\u200b\u5f00\u542f\u200b natOutgoing \u200b\u5f00\u5173\u200b\uff0c \u200b\u5e76\u4e14\u200b\u6dfb\u52a0\u200b\u5b57\u200b\u6bb5\u200b natOutgoingPolicyRules \u200b\u5982\u4e0b\u200b\uff1a
spec:\n natOutgoing: true\n natOutgoingPolicyRules:\n - action: forward\n match:\n srcIPs: 10.0.11.0/30,10.0.11.254\n - action: nat\n match:\n srcIPs: 10.0.11.128/26\n dstIPs: 114.114.114.114,8.8.8.8\n
\u200b\u4ee5\u4e0a\u200b\u6848\u4f8b\u200b\u8868\u793a\u200b\u6709\u200b\u4e24\u6761\u200b NAT \u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\uff1a
- \u200b\u6e90\u200b IP \u200b\u662f\u200b 10.0.11.0/30 \u200b\u6216\u8005\u200b 10.0.11.254 \u200b\u7684\u200b\u62a5\u6587\u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u65f6\u200b\u4e0d\u4f1a\u200b\u505a\u200b SNAT\u3002
- \u200b\u6e90\u200b IP \u200b\u662f\u200b 10.0.11.128/26 \u200b\u5e76\u4e14\u200b\u76ee\u7684\u200b IP \u200b\u662f\u200b 114.114.114.114 \u200b\u6216\u8005\u200b 8.8.8.8 \u200b\u7684\u200b\u62a5\u6587\u200b\u8bbf\u95ee\u200b\u5916\u200b\u7f51\u200b\u65f6\u4f1a\u200b\u505a\u200b SNAT\u3002
\u200b\u5b57\u200b\u6bb5\u200b\u63cf\u8ff0\u200b\uff1a
action\uff1a\u200b\u6ee1\u8db3\u200b match \u200b\u5bf9\u5e94\u200b\u6761\u4ef6\u200b\u7684\u200b\u62a5\u6587\u200b\uff0c\u200b\u4f1a\u200b\u6267\u884c\u200b\u7684\u200b action, action \u200b\u5206\u4e3a\u200b\u4e24\u79cd\u200b forward \u200b\u548c\u200b nat \uff0cforward \u200b\u8868\u793a\u200b\u62a5\u6587\u200b\u51fa\u5916\u200b\u7f51\u4e0d\u505a\u200b SNAT, nat \u200b\u8868\u793a\u200b\u62a5\u6587\u200b\u51fa\u5916\u200b\u7f51\u505a\u200b SNAT\u3002 \u200b\u6ca1\u6709\u200b\u914d\u7f6e\u200b natOutgoingPolicyRules \u200b\u65f6\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u62a5\u6587\u200b\u4ecd\u7136\u200b\u662f\u200b\u505a\u200b SNAT\u3002
match\uff1a\u200b\u8868\u793a\u200b\u62a5\u6587\u200b\u7684\u200b\u5339\u914d\u6bb5\u200b\uff0c\u200b\u5339\u914d\u6bb5\u200b\u6709\u200b srcIPs \u200b\u548c\u200b dstIPs\uff0c \u200b\u8fd9\u91cc\u200b\u8868\u793a\u200b\u4ece\u200b\u5b50\u7f51\u200b\u5185\u5230\u200b\u5916\u7f51\u200b\u65b9\u5411\u200b\u4e0a\u200b\u7684\u200b\u62a5\u6587\u200b\u7684\u200b\u6e90\u200b IP \u200b\u548c\u200b \u200b\u76ee\u7684\u200b IP\u3002match.srcIPs \u200b\u548c\u200b match.dstIPs \u200b\u652f\u6301\u200b\u591a\u4e2a\u200b CIDR \u200b\u548c\u200b IP\uff0c\u200b\u4e4b\u95f4\u200b\u7528\u200b\u9017\u53f7\u200b\u95f4\u9694\u200b\u3002
\u200b\u5982\u679c\u200b\u51fa\u73b0\u200b\u591a\u4e2a\u200b match \u200b\u89c4\u5219\u200b\u91cd\u53e0\u200b\uff0c\u200b\u5219\u200b\u6309\u7167\u200b natOutgoingPolicyRules \u200b\u6570\u7ec4\u200b\u987a\u5e8f\u200b\u8fdb\u884c\u200b\u5339\u914d\u200b\uff0c\u200b\u6700\u5148\u200b\u88ab\u200b\u5339\u914d\u200b\u7684\u200b action \u200b\u4f1a\u200b\u88ab\u200b\u6267\u884c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/node-local-dns/","title":"\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58\u200b\u548c\u200b Kube-OVN \u200b\u9002\u914d","text":"NodeLocal DNSCache \u200b\u662f\u200b\u901a\u8fc7\u200b\u96c6\u7fa4\u200b\u8282\u70b9\u200b\u4e0a\u200b\u4f5c\u4e3a\u200b DaemonSet \u200b\u8fd0\u884c\u200b DNS \u200b\u7f13\u5b58\u200b\u6765\u200b\u63d0\u9ad8\u200b\u96c6\u7fa4\u200b DNS \u200b\u6027\u80fd\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u548c\u200b Kube-OVN \u200b\u9002\u914d\u200b\u3002
"},{"location":"advance/node-local-dns/#dns","title":"\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58\u200b\u90e8\u7f72","text":""},{"location":"advance/node-local-dns/#kubernetes-dns","title":"\u90e8\u7f72\u200b Kubernetes \u200b\u7684\u200b\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58","text":"\u200b\u8be5\u200b\u6b65\u9aa4\u200b\u53c2\u8003\u200b Kubernetes \u200b\u5b98\u7f51\u200b\u914d\u7f6e\u200b Nodelocaldnscache\u3002
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u200b\u811a\u672c\u200b\u90e8\u7f72\u200b\uff1a
#!bin/bash\n\nlocaldns=169.254.20.10\ndomain=cluster.local\nkubedns=10.96.0.10\n\nwget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml\nsed -i \"s/__PILLAR__LOCAL__DNS__/$localdns/g; s/__PILLAR__DNS__DOMAIN__/$domain/g; s/,__PILLAR__DNS__SERVER__//g; s/__PILLAR__CLUSTER__DNS__/$kubedns/g\" nodelocaldns.yaml\n\nkubectl apply -f nodelocaldns.yaml\n
\u200b\u4fee\u6539\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b kubelet \u200b\u914d\u7f6e\u6587\u4ef6\u200b\uff0c\u200b\u5c06\u200b /var/lib/kubelet/config.yaml \u200b\u4e2d\u200b\u7684\u200b clusterDNS \u200b\u5b57\u200b\u6bb5\u200b\u4fee\u6539\u200b\u4e3a\u200b\u672c\u5730\u200b DNS IP 169.254.20.10\uff0c\u200b\u7136\u540e\u200b\u91cd\u542f\u200b kubelet \u200b\u670d\u52a1\u200b\u3002
"},{"location":"advance/node-local-dns/#kube-ovn-dns","title":"Kube-OVN \u200b\u76f8\u5e94\u200b DNS \u200b\u914d\u7f6e","text":"\u200b\u90e8\u7f72\u200b\u597d\u200b Kubernetes \u200b\u7684\u200b Nodelocal DNScache \u200b\u7ec4\u4ef6\u200b\u540e\u200b\uff0c Kube-OVN \u200b\u9700\u8981\u200b\u505a\u51fa\u200b\u4e0b\u9762\u200b\u4fee\u6539\u200b\uff1a
"},{"location":"advance/node-local-dns/#underlay-subnet-u2o","title":"Underlay Subnet \u200b\u5f00\u542f\u200b U2O \u200b\u5f00\u5173","text":"\u200b\u5982\u679c\u200b\u662f\u200b Underlay Subnet \u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u672c\u5730\u200b DNS \u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b U2O \u200b\u529f\u80fd\u200b\uff0c\u200b\u5373\u200b\u5728\u200b kubectl edit subnet {your subnet} \u200b\u4e2d\u200b\u914d\u7f6e\u200b spec.u2oInterconnection = true , \u200b\u5982\u679c\u200b\u662f\u200b Overlay Subnet \u200b\u5219\u200b\u4e0d\u200b\u9700\u8981\u200b\u8fd9\u6b65\u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"advance/node-local-dns/#kube-ovn-controller-dns-ip","title":"\u7ed9\u200b Kube-ovn-controller \u200b\u6307\u5b9a\u200b\u5bf9\u5e94\u200b\u7684\u200b\u672c\u5730\u200b DNS IP","text":"kubectl edit deployment kube-ovn-controller -n kube-system\n
\u200b\u7ed9\u200b spec.template.spec.containers.args \u200b\u589e\u52a0\u200b\u5b57\u200b\u6bb5\u200b --node-local-dns-ip=169.254.20.10
"},{"location":"advance/node-local-dns/#pod","title":"\u91cd\u5efa\u200b\u5df2\u7ecf\u200b\u521b\u5efa\u200b\u7684\u200b Pod","text":"\u200b\u8fd9\u6b65\u200b\u539f\u56e0\u200b\u662f\u200b\u8ba9\u200b Pod \u200b\u91cd\u65b0\u200b\u751f\u6210\u200b /etc/resolv.conf \u200b\u8ba9\u200b nameserver \u200b\u6307\u5411\u200b\u672c\u5730\u200b DNS IP\uff0c\u200b\u5982\u679c\u200b\u6ca1\u6709\u200b\u91cd\u5efa\u200b Pod \u200b\u7684\u200b nameserver \u200b\u5c06\u200b\u4ecd\u7136\u200b\u4f7f\u7528\u200b\u96c6\u7fa4\u200b\u7684\u200b DNS ClusterIP\u3002\u200b\u540c\u65f6\u200b u2o \u200b\u5f00\u5173\u200b\u5982\u679c\u200b\u5f00\u542f\u200b\u4e5f\u200b\u9700\u8981\u200b\u91cd\u5efa\u200b Pod \u200b\u6765\u200b\u91cd\u65b0\u200b\u751f\u6210\u200b Pod \u200b\u7f51\u5173\u200b\u3002
"},{"location":"advance/node-local-dns/#dns_1","title":"\u9a8c\u8bc1\u200b\u8282\u70b9\u200b\u672c\u5730\u200b DNS \u200b\u7f13\u5b58\u200b\u529f\u80fd","text":"\u200b\u4ee5\u4e0a\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b\u540e\u200b\u53ef\u4ee5\u200b\u627e\u5230\u200b Pod \u200b\u9a8c\u8bc1\u200b\u5982\u4e0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b Pod \u200b\u7684\u200b DNS \u200b\u670d\u52a1\u5668\u200b\u662f\u200b\u6307\u5411\u200b\u672c\u5730\u200b 169.254.20.10 \uff0c\u200b\u5e76\u200b\u6210\u529f\u200b\u89e3\u6790\u200b\u57df\u540d\u200b\uff1a
# kubectl exec -it pod1 -- nslookup github.com\nServer: 169.254.20.10\nAddress: 169.254.20.10:53\n\n\nName: github.com\nAddress: 20.205.243.166\n
\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u8282\u70b9\u200b\u6293\u5305\u200b\u9a8c\u8bc1\u200b\u5982\u4e0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b DNS \u200b\u67e5\u8be2\u200b\u62a5\u6587\u200b\u901a\u8fc7\u200b ovn0 \u200b\u7f51\u5361\u200b\u5230\u8fbe\u200b\u672c\u5730\u200b\u7684\u200b DNS \u200b\u670d\u52a1\u200b\uff0cDNS \u200b\u54cd\u5e94\u200b\u62a5\u6587\u200b\u539f\u200b\u8def\u200b\u8fd4\u56de\u200b:
# tcpdump -i any port 53\n\n06:20:00.441889 659246098c56_h P ifindex 17 00:00:00:73:f1:06 ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1291+ A? baidu.com. (27)\n06:20:00.441889 ovn0 In ifindex 7 00:00:00:50:32:cd ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1291+ A? baidu.com. (27)\n06:20:00.441950 659246098c56_h P ifindex 17 00:00:00:73:f1:06 ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1611+ AAAA? baidu.com. (27)\n06:20:00.441950 ovn0 In ifindex 7 00:00:00:50:32:cd ethertype IPv4 (0x0800), length 75: 10.16.0.2.40230 > 169.254.20.10.53: 1611+ AAAA? baidu.com. (27)\n06:20:00.442203 ovn0 Out ifindex 7 00:00:00:52:99:d8 ethertype IPv4 (0x0800), length 145: 169.254.20.10.53 > 10.16.0.2.40230: 1611* 0/1/0 (97)\n06:20:00.442219 659246098c56_h Out ifindex 17 00:00:00:ea:b3:5e ethertype IPv4 (0x0800), length 145: 169.254.20.10.53 > 10.16.0.2.40230: 1611* 0/1/0 (97)\n06:20:00.442273 ovn0 Out ifindex 7 00:00:00:52:99:d8 ethertype IPv4 (0x0800), length 125: 169.254.20.10.53 > 10.16.0.2.40230: 1291* 2/0/0 A 39.156.66.10, A 110.242.68.66 (77)\n06:20:00.442278 659246098c56_h Out ifindex 17 00:00:00:ea:b3:5e ethertype IPv4 (0x0800), length 125: 169.254.20.10.53 > 10.16.0.2.40230: 1291* 2/0/0 A 39.156.66.10, A 110.242.68.66 (77)\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/offload-corigine/","title":"\u82af\u542f\u6e90\u200b\u7f51\u5361\u200b Offload \u200b\u652f\u6301","text":"Kube-OVN \u200b\u5728\u200b\u6700\u7ec8\u200b\u7684\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u4f7f\u7528\u200b OVS \u200b\u6765\u200b\u5b8c\u6210\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u76f8\u5173\u200b\u7684\u200b\u6d41\u8868\u200b\u5339\u914d\u200b\uff0c\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u7b49\u200b\u529f\u80fd\u200b\u4e3a\u200b CPU \u200b\u5bc6\u96c6\u578b\u200b\uff0c\u200b\u5728\u200b\u5927\u200b\u6d41\u91cf\u200b\u4e0b\u4f1a\u200b\u6d88\u8017\u200b\u5927\u91cf\u200b CPU \u200b\u8d44\u6e90\u200b\u5e76\u200b\u5bfc\u81f4\u200b \u200b\u5ef6\u8fdf\u200b\u4e0a\u5347\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u4e0b\u964d\u200b\u3002\u200b\u82af\u542f\u6e90\u200b\u7684\u200b Agilio CX \u200b\u7cfb\u5217\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b\u53ef\u4ee5\u200b\u5c06\u200b OVS \u200b\u76f8\u5173\u200b\u7684\u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\u5230\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u4e2d\u200b\u6267\u884c\u200b\u3002 \u200b\u8be5\u200b\u6280\u672f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u65e0\u9700\u200b\u5bf9\u200b OVS \u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f29\u77ed\u200b\u6570\u636e\u200b\u8def\u5f84\u200b\uff0c\u200b\u907f\u514d\u200b\u5bf9\u200b\u4e3b\u673a\u200b CPU \u200b\u8d44\u6e90\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u5927\u5e45\u200b\u964d\u4f4e\u200b\u5ef6\u8fdf\u200b\u5e76\u200b\u663e\u8457\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002
"},{"location":"advance/offload-corigine/#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":" - \u200b\u82af\u542f\u6e90\u200b Agilio CX \u200b\u7cfb\u5217\u200b\u7684\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u3002
- CentOS 8 Stream \u200b\u6216\u200b\u4e0a\u6e38\u200b Linux 5.7 \u200b\u4ee5\u4e0a\u200b\u5185\u6838\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u5f53\u524d\u200b\u7f51\u5361\u200b\u4e0d\u200b\u652f\u6301\u200b
dp_hash \u200b\u548c\u200b hash \u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\uff0c\u200b\u9700\u200b\u5173\u95ed\u200b OVN LB \u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/offload-corigine/#sr-iov","title":"\u8bbe\u7f6e\u200b\u7f51\u5361\u200b SR-IOV \u200b\u6a21\u5f0f","text":"\u200b\u7528\u6237\u200b\u53ef\u200b\u53c2\u8003\u200b Agilio Open vSwitch TC User Guide \u200b\u83b7\u5f97\u200b\u8be5\u200b\u7f51\u5361\u200b\u4f7f\u7528\u200b\u7684\u200b\u66f4\u200b\u591a\u200b\u8be6\u7ec6\u4fe1\u606f\u200b\u3002
\u200b\u4fdd\u5b58\u200b\u4e0b\u5217\u200b\u811a\u672c\u200b\u7528\u4e8e\u200b\u540e\u7eed\u200b\u6267\u884c\u200b\u56fa\u4ef6\u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b\uff1a
#!/bin/bash\nDEVICE=${1}\nDEFAULT_ASSY=scan\nASSY=${2:-${DEFAULT_ASSY}}\nAPP=${3:-flower}\n\nif [ \"x${DEVICE}\" = \"x\" -o ! -e /sys/class/net/${DEVICE} ]; then\n echo Syntax: ${0} device [ASSY] [APP]\n echo\n echo This script associates the TC Offload firmware\n echo with a Netronome SmartNIC.\n echo\n echo device: is the network device associated with the SmartNIC\n echo ASSY: defaults to ${DEFAULT_ASSY}\n echo APP: defaults to flower. flower-next is supported if updated\n echo firmware has been installed.\n exit 1\nfi\n\n# It is recommended that the assembly be determined by inspection\n# The following code determines the value via the debug interface\nif [ \"${ASSY}x\" = \"scanx\" ]; then\n ethtool -W ${DEVICE} 0\n DEBUG=$(ethtool -w ${DEVICE} data /dev/stdout | strings)\n SERIAL=$(echo \"${DEBUG}\" | grep \"^SN:\")\n ASSY=$(echo ${SERIAL} | grep -oE AMDA[0-9]{4})\nfi\n\nPCIADDR=$(basename $(readlink -e /sys/class/net/${DEVICE}/device))\nFWDIR=\"/lib/firmware/netronome\"\n\n# AMDA0081 and AMDA0097 uses the same firmware\nif [ \"${ASSY}\" = \"AMDA0081\" ]; then\n if [ ! -e ${FWDIR}/${APP}/nic_AMDA0081.nffw ]; then\n ln -sf nic_AMDA0097.nffw ${FWDIR}/${APP}/nic_AMDA0081.nffw\n fi\nfi\n\nFW=\"${FWDIR}/pci-${PCIADDR}.nffw\"\nln -sf \"${APP}/nic_${ASSY}.nffw\" \"${FW}\"\n\n# insert distro-specific initramfs section here...\n
\u200b\u5207\u6362\u200b\u56fa\u4ef6\u200b\u9009\u9879\u200b\u5e76\u200b\u91cd\u8f7d\u200b\u9a71\u52a8\u200b\uff1a
./agilio-tc-fw-select.sh ens47np0 scan\nrmmod nfp\nmodprobe nfp\n
\u200b\u68c0\u67e5\u200b\u53ef\u7528\u200b VF \u200b\u6570\u91cf\u200b\uff0c\u200b\u5e76\u200b\u521b\u5efa\u200b VF\uff1a
# cat /sys/class/net/ens3/device/sriov_totalvfs\n65\n\n# echo 4 > /sys/class/net/ens47/device/sriov_numvfs\n
"},{"location":"advance/offload-corigine/#sr-iov-device-plugin","title":"\u5b89\u88c5\u200b SR-IOV Device Plugin","text":"\u200b\u7531\u4e8e\u200b\u6bcf\u4e2a\u200b\u673a\u5668\u200b\u7684\u200b VF \u200b\u6570\u91cf\u200b\u6709\u9650\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4f7f\u7528\u200b\u52a0\u901f\u200b\u7684\u200b Pod \u200b\u4f1a\u200b\u5360\u7528\u200b VF \u200b\u8d44\u6e90\u200b\uff0c\u200b\u6211\u4eec\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b SR-IOV Device Plugin \u200b\u7ba1\u7406\u200b\u76f8\u5e94\u200b\u8d44\u6e90\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u8c03\u5ea6\u200b\u5668\u200b\u77e5\u9053\u200b\u5982\u4f55\u200b\u6839\u636e\u200b \u200b\u8d44\u6e90\u200b\u8fdb\u884c\u200b\u8c03\u5ea6\u200b\u3002
\u200b\u521b\u5efa\u200b SR-IOV \u200b\u76f8\u5173\u200b Configmap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sriovdp-config\n namespace: kube-system\ndata:\n config.json: |\n {\n \"resourceList\": [{\n \"resourcePrefix\": \"corigine.com\",\n \"resourceName\": \"agilio_sriov\",\n \"selectors\": {\n \"vendors\": [\"19ee\"],\n \"devices\": [\"6003\"],\n \"drivers\": [\"nfp_netvf\"]\n }\n }\n ]\n }\n
\u200b\u53c2\u8003\u200b SR-IOV \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b:
kubectl apply -f https://raw.githubusercontent.com/intel/sriov-network-device-plugin/master/deployments/k8s-v1.16/sriovdp-daemonset.yaml\n
\u200b\u68c0\u67e5\u200b SR-IOV \u200b\u8d44\u6e90\u200b\u662f\u5426\u200b\u5df2\u7ecf\u200b\u6ce8\u518c\u200b\u5230\u200b Kubernetes Node \u200b\u4e2d\u200b\uff1a
kubectl describe no containerserver | grep corigine\n\ncorigine.com/agilio_sriov: 4\ncorigine.com/agilio_sriov: 4\ncorigine.com/agilio_sriov 0 0\n
"},{"location":"advance/offload-corigine/#multus-cni","title":"\u5b89\u88c5\u200b Multus-CNI","text":"SR-IOV Device Plugin \u200b\u8c03\u5ea6\u200b\u65f6\u200b\u83b7\u5f97\u200b\u7684\u200b\u8bbe\u5907\u200b ID \u200b\u9700\u8981\u200b\u901a\u8fc7\u200b Multus-CNI \u200b\u4f20\u9012\u200b\u7ed9\u200b Kube-OVN\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b Multus-CNI \u200b\u914d\u5408\u200b\u5b8c\u6210\u200b\u76f8\u5173\u200b\u4efb\u52a1\u200b\u3002
\u200b\u53c2\u8003\u200b Multus-CNI \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset.yml\n
\u200b\u521b\u5efa\u200b NetworkAttachmentDefinition\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: default\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/resourceName: corigine.com/agilio_sriov\nspec:\n config: '{\n \"cniVersion\": \"0.3.1\",\n \"name\": \"kube-ovn\",\n \"plugins\":[\n {\n \"type\":\"kube-ovn\",\n \"server_socket\":\"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"default.default.ovn\"\n },\n {\n \"type\":\"portmap\",\n \"capabilities\":{\n \"portMappings\":true\n }\n }\n ]\n}'\n
provider: \u200b\u683c\u5f0f\u200b\u4e3a\u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {name}.{namespace}.ovn\u3002
"},{"location":"advance/offload-corigine/#kube-ovn","title":"Kube-OVN \u200b\u4e2d\u200b\u5f00\u542f\u200b\u5378\u8f7d\u200b\u6a21\u5f0f","text":"\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u4fee\u6539\u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\uff0cIFACE \u200b\u9700\u8981\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u8be5\u200b\u7f51\u5361\u200b\u9700\u8981\u200b\u6709\u200b\u53ef\u200b\u8def\u7531\u200b IP\uff1a
ENABLE_MIRROR=${ENABLE_MIRROR:-false}\nHW_OFFLOAD=${HW_OFFLOAD:-true}\nENABLE_LB=${ENABLE_LB:-false}\nIFACE=\"ensp01\"\n
\u200b\u5b89\u88c5\u200b Kube-OVN\uff1a
bash install.sh\n
"},{"location":"advance/offload-corigine/#vf-pod","title":"\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u7f51\u5361\u200b\u7684\u200b Pod","text":"\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5982\u4e0b\u200b yaml \u200b\u683c\u5f0f\u200b\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u8fdb\u884c\u200b\u7f51\u7edc\u200b\u5378\u8f7d\u200b\u52a0\u901f\u200b\u7684\u200b Pod:
apiVersion: v1\nkind: Pod\nmetadata:\n name: nginx\n namespace: default\n annotations:\n v1.multus-cni.io/default-network: default/default\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n resources:\n requests:\n corigine.com/agilio_sriov: '1'\n limits:\n corigine.com/agilio_sriov: '1'\n
v1.multus-cni.io/default-network: \u200b\u4e3a\u200b\u4e0a\u200b\u4e00\u200b\u6b65\u9aa4\u200b\u4e2d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {namespace}/{name}\u3002
\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5728\u200b Pod \u200b\u8fd0\u884c\u200b\u8282\u70b9\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\u4e2d\u200b\u8fd0\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u89c2\u5bdf\u200b\u5378\u8f7d\u200b\u662f\u5426\u200b\u6210\u529f\u200b\uff1a
# ovs-appctl dpctl/dump-flows -m type=offloaded\nufid:91cc45de-e7e9-4935-8f82-1890430b0f66, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(5b45c61b307e_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:c5:6d:4e,dst=00:00:00:e7:16:ce),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:941539, bytes:62142230, used:0.260s, offloaded:yes, dp:tc, actions:54235e5753b8_h\nufid:e00768d7-e652-4d79-8182-3291d852b791, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(54235e5753b8_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:e7:16:ce,dst=00:00:00:c5:6d:4e),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:82386659, bytes:115944854173, used:0.260s, offloaded:yes, dp:tc, actions:5b45c61b307e_h\n
\u200b\u5982\u679c\u200b\u6709\u200b offloaded:yes, dp:tc \u200b\u5185\u5bb9\u200b\u8bc1\u660e\u200b\u5378\u8f7d\u200b\u6210\u529f\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/offload-mellanox/","title":"Mellanox \u200b\u7f51\u5361\u200b Offload \u200b\u652f\u6301","text":"Kube-OVN \u200b\u5728\u200b\u6700\u7ec8\u200b\u7684\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u4f7f\u7528\u200b OVS \u200b\u6765\u200b\u5b8c\u6210\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u76f8\u5173\u200b\u7684\u200b\u6d41\u8868\u200b\u5339\u914d\u200b\uff0c\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u7b49\u200b\u529f\u80fd\u200b\u4e3a\u200b CPU \u200b\u5bc6\u96c6\u578b\u200b\uff0c\u200b\u5728\u200b\u5927\u200b\u6d41\u91cf\u200b\u4e0b\u4f1a\u200b\u6d88\u8017\u200b\u5927\u91cf\u200b CPU \u200b\u8d44\u6e90\u200b\u5e76\u200b\u5bfc\u81f4\u200b \u200b\u5ef6\u8fdf\u200b\u4e0a\u5347\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u4e0b\u964d\u200b\u3002Mellanox \u200b\u7684\u200b Accelerated Switching And Packet Processing (ASAP\u00b2) \u200b\u6280\u672f\u200b\u53ef\u4ee5\u200b\u5c06\u200b OVS \u200b\u76f8\u5173\u200b\u7684\u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\u5230\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u5185\u200b\u7684\u200b eSwitch \u200b\u4e0a\u200b\u6267\u884c\u200b\u3002\u200b\u8be5\u200b\u6280\u672f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u65e0\u9700\u200b\u5bf9\u200b OVS \u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f29\u77ed\u200b\u6570\u636e\u200b\u8def\u5f84\u200b\uff0c\u200b\u907f\u514d\u200b\u5bf9\u200b\u4e3b\u673a\u200b CPU \u200b\u8d44\u6e90\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u5927\u5e45\u200b\u964d\u4f4e\u200b\u5ef6\u8fdf\u200b\u5e76\u200b\u663e\u8457\u200b\u63d0\u5347\u200b\u541e\u5410\u91cf\u200b\u3002
"},{"location":"advance/offload-mellanox/#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":" - Mellanox CX5/CX6/CX7/BlueField \u200b\u7b49\u200b\u652f\u6301\u200b ASAP\u00b2 \u200b\u7684\u200b\u786c\u4ef6\u200b\u7f51\u5361\u200b\u3002
- CentOS 8 Stream \u200b\u6216\u200b\u4e0a\u6e38\u200b Linux 5.7 \u200b\u4ee5\u4e0a\u200b\u5185\u6838\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u5f53\u524d\u200b\u7f51\u5361\u200b\u4e0d\u200b\u652f\u6301\u200b
dp_hash \u200b\u548c\u200b hash \u200b\u64cd\u4f5c\u200b\u5378\u8f7d\u200b\uff0c\u200b\u9700\u200b\u5173\u95ed\u200b OVN LB \u200b\u529f\u80fd\u200b\u3002 - \u200b\u4e3a\u4e86\u200b\u652f\u6301\u200b\u5378\u8f7d\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u7f51\u5361\u200b\u4e0d\u80fd\u200b\u505a\u200b bond\u3002
"},{"location":"advance/offload-mellanox/#sr-iov-device-plugin","title":"\u914d\u7f6e\u200b SR-IOV \u200b\u548c\u200b Device Plugin","text":"Mellanox \u200b\u7f51\u5361\u200b\u652f\u6301\u200b\u4e24\u79cd\u200b\u914d\u7f6e\u200b offload \u200b\u7684\u200b\u65b9\u5f0f\u200b\uff0c\u200b\u4e00\u79cd\u200b\u624b\u52a8\u200b\u914d\u7f6e\u200b\u7f51\u5361\u200b SR-IOV \u200b\u548c\u200b Device Plugin\uff0c\u200b\u53e6\u200b\u4e00\u79cd\u200b\u901a\u8fc7\u200b sriov-network-operator \u200b\u8fdb\u884c\u200b\u81ea\u52a8\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"advance/offload-mellanox/#sr-iov-device-plugin_1","title":"\u624b\u52a8\u200b\u914d\u7f6e\u200b SR-IOV \u200b\u548c\u200b Device Plugin","text":"\u200b\u67e5\u8be2\u200b\u7f51\u5361\u200b\u7684\u200b\u8bbe\u5907\u200b ID\uff0c\u200b\u4e0b\u9762\u200b\u7684\u200b\u4f8b\u5b50\u200b\u4e2d\u4e3a\u200b 42:00.0\uff1a
# lspci -nn | grep ConnectX-5\n42:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n
\u200b\u6839\u636e\u200b\u8bbe\u5907\u200b ID \u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7f51\u5361\u200b\uff1a
# ls -l /sys/class/net/ | grep 42:00.0\nlrwxrwxrwx. 1 root root 0 Jul 22 23:16 p4p1 -> ../../devices/pci0000:40/0000:40:02.0/0000:42:00.0/net/p4p1\n
\u200b\u68c0\u67e5\u200b\u53ef\u7528\u200b VF \u200b\u6570\u91cf\u200b\uff1a
# cat /sys/class/net/p4p1/device/sriov_totalvfs\n8\n
\u200b\u521b\u5efa\u200b VF\uff0c\u200b\u603b\u6570\u200b\u4e0d\u8981\u200b\u8d85\u8fc7\u200b\u4e0a\u9762\u200b\u67e5\u8be2\u200b\u51fa\u200b\u7684\u200b\u6570\u91cf\u200b\uff1a
# echo '4' > /sys/class/net/p4p1/device/sriov_numvfs\n# ip link show p4p1\n10: p4p1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000\n link/ether b8:59:9f:c1:ec:12 brd ff:ff:ff:ff:ff:ff\n vf 0 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 1 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 2 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n vf 3 MAC 00:00:00:00:00:00, spoof checking off, link-state auto, trust off, query_rss off\n# ip link set p4p1 up\n
\u200b\u627e\u5230\u200b\u4e0a\u8ff0\u200b VF \u200b\u5bf9\u5e94\u200b\u7684\u200b\u8bbe\u5907\u200b ID\uff1a
# lspci -nn | grep ConnectX-5\n42:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n42:00.1 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n42:00.2 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.3 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.4 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n42:00.5 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n
\u200b\u5c06\u200b VF \u200b\u4ece\u200b\u9a71\u52a8\u200b\u4e2d\u89e3\u200b\u7ed1\u200b\uff1a
echo 0000:42:00.2 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.3 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.4 > /sys/bus/pci/drivers/mlx5_core/unbind\necho 0000:42:00.5 > /sys/bus/pci/drivers/mlx5_core/unbind\n
\u200b\u5f00\u542f\u200b eSwitch \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u786c\u4ef6\u200b\u5378\u8f7d\u200b\uff1a
devlink dev eswitch set pci/0000:42:00.0 mode switchdev\nethtool -K enp66s0f0 hw-tc-offload on\n
\u200b\u91cd\u65b0\u200b\u7ed1\u5b9a\u200b\u9a71\u52a8\u200b\uff0c\u200b\u5b8c\u6210\u200b VF \u200b\u8bbe\u7f6e\u200b\uff1a
echo 0000:42:00.2 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.3 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.4 > /sys/bus/pci/drivers/mlx5_core/bind\necho 0000:42:00.5 > /sys/bus/pci/drivers/mlx5_core/bind\n
NetworkManager \u200b\u7684\u200b\u4e00\u4e9b\u200b\u884c\u4e3a\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u9a71\u52a8\u200b\u5f02\u5e38\u200b\uff0c\u200b\u5982\u679c\u200b\u5378\u8f7d\u200b\u51fa\u73b0\u200b\u95ee\u9898\u200b\u5efa\u8bae\u200b\u5173\u95ed\u200b NetworkManager \u200b\u518d\u200b\u8fdb\u884c\u200b\u5c1d\u8bd5\u200b\uff1a
systemctl stop NetworkManager\nsystemctl disable NetworkManager\n
\u200b\u7531\u4e8e\u200b\u6bcf\u4e2a\u200b\u673a\u5668\u200b\u7684\u200b VF \u200b\u6570\u91cf\u200b\u4f18\u5148\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4f7f\u7528\u200b\u52a0\u901f\u200b\u7684\u200b Pod \u200b\u4f1a\u200b\u5360\u7528\u200b VF \u200b\u8d44\u6e90\u200b\uff0c\u200b\u6211\u4eec\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b SR-IOV Device Plugin \u200b\u7ba1\u7406\u200b\u76f8\u5e94\u200b\u8d44\u6e90\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u8c03\u5ea6\u200b\u5668\u200b\u77e5\u9053\u200b\u5982\u4f55\u200b\u6839\u636e\u200b \u200b\u8d44\u6e90\u200b\u8fdb\u884c\u200b\u8c03\u5ea6\u200b\u3002
\u200b\u521b\u5efa\u200b SR-IOV \u200b\u76f8\u5173\u200b Configmap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sriovdp-config\n namespace: kube-system\ndata:\n config.json: |\n {\n \"resourceList\": [{\n \"resourcePrefix\": \"mellanox.com\",\n \"resourceName\": \"cx5_sriov_switchdev\",\n \"selectors\": {\n \"vendors\": [\"15b3\"],\n \"devices\": [\"1018\"],\n \"drivers\": [\"mlx5_core\"]\n }\n }\n ]\n }\n
\u200b\u53c2\u8003\u200b SR-IOV \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b:
kubectl apply -f https://raw.githubusercontent.com/intel/sriov-network-device-plugin/master/deployments/k8s-v1.16/sriovdp-daemonset.yaml\n
\u200b\u68c0\u67e5\u200b SR-IOV \u200b\u8d44\u6e90\u200b\u662f\u5426\u200b\u5df2\u7ecf\u200b\u6ce8\u518c\u200b\u5230\u200b Kubernetes Node \u200b\u4e2d\u200b\uff1a
kubectl describe node kube-ovn-01 | grep mellanox\n\nmellanox.com/cx5_sriov_switchdev: 4\nmellanox.com/cx5_sriov_switchdev: 4\nmellanox.com/cx5_sriov_switchdev 0 0\n
"},{"location":"advance/offload-mellanox/#sriov-network-operator-sr-iov-device-plugin","title":"\u4f7f\u7528\u200b sriov-network-operator \u200b\u914d\u7f6e\u200b SR-IOV \u200b\u548c\u200b Device Plugin","text":"\u200b\u5b89\u88c5\u200b node-feature-discovery \u200b\u81ea\u52a8\u68c0\u6d4b\u200b\u786c\u4ef6\u200b\u7684\u200b\u529f\u80fd\u200b\u548c\u200b\u7cfb\u7edf\u914d\u7f6e\u200b:
kubectl apply -k https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.11.3\n
\u200b\u6216\u8005\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff0c\u200b\u624b\u52a8\u200b\u7ed9\u200b\u6709\u200b offload \u200b\u80fd\u529b\u200b\u7684\u200b\u7f51\u5361\u200b\u589e\u52a0\u200b annotation:
kubectl label nodes [offloadNicNode] feature.node.kubernetes.io/network-sriov.capable=true\n
\u200b\u514b\u9686\u200b\u4ee3\u7801\u200b\u4ed3\u5e93\u200b\u5e76\u200b\u5b89\u88c5\u200b Operator\uff1a
git clone --depth=1 https://github.com/kubeovn/sriov-network-operator.git\nkubectl apply -k sriov-network-operator/deploy\n
\u200b\u68c0\u67e5\u200b Operator \u200b\u7ec4\u4ef6\u200b\u662f\u5426\u200b\u5de5\u4f5c\u200b\u6b63\u5e38\u200b\uff1a
# kubectl get -n kube-system all | grep sriov\nNAME READY STATUS RESTARTS AGE\npod/sriov-network-config-daemon-bf9nt 1/1 Running 0 8s\npod/sriov-network-operator-54d7545f65-296gb 1/1 Running 0 10s\n\nNAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE\ndaemonset.apps/sriov-network-config-daemon 1 1 1 1 1 beta.kubernetes.io/os=linux,feature.node.kubernetes.io/network-sriov.capable=true 8s\n\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps/sriov-network-operator 1/1 1 1 10s\n\nNAME DESIRED CURRENT READY AGE\nreplicaset.apps/sriov-network-operator-54d7545f65 1 1 1 10s\n
\u200b\u68c0\u67e5\u200b SriovNetworkNodeState\uff0c\u200b\u4e0b\u9762\u200b\u4ee5\u200b node1 \u200b\u8282\u70b9\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u8be5\u200b\u8282\u70b9\u200b\u4e0a\u200b\u6709\u200b\u4e24\u4e2a\u200b Mellanox \u200b\u7f51\u5361\u200b\uff1a
# kubectl get sriovnetworknodestates.sriovnetwork.openshift.io -n kube-system node1 -o yaml\napiVersion: sriovnetwork.openshift.io/v1\nkind: SriovNetworkNodeState\nspec: ...\nstatus:\n interfaces:\n - deviceID: \"1017\"\n driver: mlx5_core\n mtu: 1500\n pciAddress: \"0000:5f:00.0\"\n totalvfs: 8\n vendor: \"15b3\"\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:bb\n name: ens41f0np0\n - deviceID: \"1017\"\n driver: mlx5_core\n mtu: 1500\n pciAddress: \"0000:5f:00.1\"\n totalvfs: 8\n vendor: \"15b3\"\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:bb\n name: ens41f1np1\n
\u200b\u521b\u5efa\u200b SriovNetworkNodePolicy \u200b\u8d44\u6e90\u200b\uff0c\u200b\u5e76\u200b\u901a\u8fc7\u200b nicSelector \u200b\u9009\u62e9\u200b\u8981\u200b\u7ba1\u7406\u200b\u7684\u200b\u7f51\u5361\u200b\uff1a
apiVersion: sriovnetwork.openshift.io/v1\nkind: SriovNetworkNodePolicy\nmetadata:\n name: policy\n namespace: kube-system\nspec:\n nodeSelector:\n feature.node.kubernetes.io/network-sriov.capable: \"true\"\n eSwitchMode: switchdev\n numVfs: 3\n nicSelector:\n pfNames:\n - ens41f0np0\n - ens41f1np1\n resourceName: cx_sriov_switchdev\n
\u200b\u518d\u6b21\u200b\u68c0\u67e5\u200b SriovNetworkNodeState \u200b\u7684\u200b status \u200b\u5b57\u200b\u6bb5\u200b\uff1a
# kubectl get sriovnetworknodestates.sriovnetwork.openshift.io -n kube-system node1 -o yaml\n\n...\nspec:\n interfaces:\n - eSwitchMode: switchdev\n name: ens41f0np0\n numVfs: 3\n pciAddress: 0000:5f:00.0\n vfGroups:\n - policyName: policy\n vfRange: 0-2\n resourceName: cx_sriov_switchdev\n - eSwitchMode: switchdev\n name: ens41f1np1\n numVfs: 3\n pciAddress: 0000:5f:00.1\n vfGroups:\n - policyName: policy\n vfRange: 0-2\n resourceName: cx_sriov_switchdev\nstatus:\n interfaces\n - Vfs:\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.2\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.3\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.4\n vendor: \"15b3\"\n deviceID: \"1017\"\n driver: mlx5_core\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:ab\n mtu: 1500\n name: ens41f0np0\n numVfs: 3\n pciAddress: 0000:5f:00.0\n totalvfs: 3\n vendor: \"15b3\"\n - Vfs:\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.5\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.6\n vendor: \"15b3\"\n - deviceID: 1018\n driver: mlx5_core\n pciAddress: 0000:5f:00.7\n vendor: \"15b3\"\n deviceID: \"1017\"\n driver: mlx5_core\n linkSeed: 25000Mb/s\n linkType: ETH\n mac: 08:c0:eb:f4:85:bb\n mtu: 1500\n name: ens41f1np1\n numVfs: 3\n pciAddress: 0000:5f:00.1\n totalvfs: 3\n vendor: \"15b3\"\n
\u200b\u68c0\u67e5\u200b VF \u200b\u7684\u200b\u72b6\u6001\u200b\uff1a
# lspci -nn | grep ConnectX\n5f:00.0 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n5f:00.1 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5] [15b3:1017]\n5f:00.2 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.3 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.4 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.5 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.6 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n5f:00.7 Ethernet controller [0200]: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] [15b3:1018]\n
\u200b\u68c0\u67e5\u200b PF \u200b\u5de5\u4f5c\u200b\u6a21\u5f0f\u200b\uff1a
# cat /sys/class/net/ens41f0np0/compat/devlink/mode\nswitchdev\n
"},{"location":"advance/offload-mellanox/#multus-cni","title":"\u5b89\u88c5\u200b Multus-CNI","text":"SR-IOV Device Plugin \u200b\u8c03\u5ea6\u200b\u65f6\u200b\u83b7\u5f97\u200b\u7684\u200b\u8bbe\u5907\u200b ID \u200b\u9700\u8981\u200b\u901a\u8fc7\u200b Multus-CNI \u200b\u4f20\u9012\u200b\u7ed9\u200b Kube-OVN\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b Multus-CNI \u200b\u914d\u5408\u200b\u5b8c\u6210\u200b\u76f8\u5173\u200b\u4efb\u52a1\u200b\u3002
\u200b\u53c2\u8003\u200b Multus-CNI \u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset.yml\n
\u200b\u521b\u5efa\u200b NetworkAttachmentDefinition\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: default\n namespace: default\n annotations:\n k8s.v1.cni.cncf.io/resourceName: mellanox.com/cx5_sriov_switchdev\nspec:\n config: '{\n \"cniVersion\": \"0.3.1\",\n \"name\": \"kube-ovn\",\n \"plugins\":[\n {\n \"type\":\"kube-ovn\",\n \"server_socket\":\"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"default.default.ovn\"\n },\n {\n \"type\":\"portmap\",\n \"capabilities\":{\n \"portMappings\":true\n }\n }\n ]\n}'\n
provider: \u200b\u683c\u5f0f\u200b\u4e3a\u200b\u5f53\u524d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {name}.{namespace}.ovn\u3002
"},{"location":"advance/offload-mellanox/#kube-ovn","title":"Kube-OVN \u200b\u4e2d\u200b\u5f00\u542f\u200b\u5378\u8f7d\u200b\u6a21\u5f0f","text":"\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u4fee\u6539\u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\uff0cIFACE \u200b\u9700\u8981\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u8be5\u200b\u7f51\u5361\u200b\u9700\u8981\u200b\u6709\u200b\u53ef\u200b\u8def\u7531\u200b IP\uff1a
ENABLE_MIRROR=${ENABLE_MIRROR:-false}\nHW_OFFLOAD=${HW_OFFLOAD:-true}\nENABLE_LB=${ENABLE_LB:-false}\nIFACE=\"ensp01\"\n
\u200b\u5b89\u88c5\u200b Kube-OVN\uff1a
bash install.sh\n
"},{"location":"advance/offload-mellanox/#vf-pod","title":"\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u7f51\u5361\u200b\u7684\u200b Pod","text":"\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5982\u4e0b\u200b yaml \u200b\u683c\u5f0f\u200b\u521b\u5efa\u200b\u4f7f\u7528\u200b VF \u200b\u8fdb\u884c\u200b\u7f51\u7edc\u200b\u5378\u8f7d\u200b\u52a0\u901f\u200b\u7684\u200b Pod:
apiVersion: v1\nkind: Pod\nmetadata:\n name: nginx\n annotations:\n v1.multus-cni.io/default-network: default/default\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n resources:\n requests:\n mellanox.com/cx5_sriov_switchdev: '1'\n limits:\n mellanox.com/cx5_sriov_switchdev: '1'\n
v1.multus-cni.io/default-network: \u200b\u4e3a\u200b\u4e0a\u200b\u4e00\u200b\u6b65\u9aa4\u200b\u4e2d\u200b NetworkAttachmentDefinition \u200b\u7684\u200b {namespace}/{name}\u3002
\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5728\u200b Pod \u200b\u8fd0\u884c\u200b\u8282\u70b9\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\u4e2d\u200b\u8fd0\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u89c2\u5bdf\u200b\u5378\u8f7d\u200b\u662f\u5426\u200b\u6210\u529f\u200b\uff1a
# ovs-appctl dpctl/dump-flows -m type=offloaded\nufid:91cc45de-e7e9-4935-8f82-1890430b0f66, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(5b45c61b307e_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:c5:6d:4e,dst=00:00:00:e7:16:ce),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:941539, bytes:62142230, used:0.260s, offloaded:yes, dp:tc, actions:54235e5753b8_h\nufid:e00768d7-e652-4d79-8182-3291d852b791, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(54235e5753b8_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:e7:16:ce,dst=00:00:00:c5:6d:4e),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:82386659, bytes:115944854173, used:0.260s, offloaded:yes, dp:tc, actions:5b45c61b307e_h\n
\u200b\u5982\u679c\u200b\u6709\u200b offloaded:yes, dp:tc \u200b\u5185\u5bb9\u200b\u8bc1\u660e\u200b\u5378\u8f7d\u200b\u6210\u529f\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/overlay-with-route/","title":"Overlay \u200b\u4e0b\u200b\u8def\u7531\u200b\u65b9\u5f0f\u200b\u7f51\u7edc\u200b\u6253\u901a","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u7f51\u7edc\u200b\u73af\u5883\u200b\u4e0d\u200b\u652f\u6301\u200b Underlay \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u4f46\u662f\u200b\u4f9d\u7136\u200b\u9700\u8981\u200b Pod \u200b\u80fd\u200b\u548c\u200b\u5916\u90e8\u200b\u8bbe\u65bd\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b IP \u200b\u8fdb\u884c\u200b\u4e92\u8bbf\u200b\uff0c \u200b\u8fd9\u65f6\u5019\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u8def\u7531\u200b\u65b9\u5f0f\u200b\u5c06\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u5916\u90e8\u200b\u8054\u901a\u200b\u3002
\u200b\u8def\u7531\u200b\u6a21\u5f0f\u200b\u53ea\u200b\u652f\u6301\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Overlay \u200b\u7f51\u7edc\u200b\u548c\u200b\u5916\u90e8\u200b\u6253\u901a\u200b\uff0c\u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cPod IP \u200b\u4f1a\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u653e\u5f00\u200b\u5173\u4e8e\u200b\u6e90\u5730\u5740\u200b\u548c\u200b\u76ee\u200b\u5730\u5740\u200b\u7684\u200b IP \u200b\u68c0\u67e5\u200b\u3002
"},{"location":"advance/overlay-with-route/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u6b64\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u4e3b\u673a\u200b\u9700\u8981\u200b\u5f00\u653e\u200b
ip_forward\u3002 - \u200b\u68c0\u67e5\u200b\u4e3b\u673a\u200b iptables \u200b\u89c4\u5219\u200b\u4e2d\u200b\u662f\u5426\u200b\u5728\u200b forward \u200b\u94fe\u4e2d\u200b\u662f\u5426\u200b\u6709\u200b Drop \u200b\u89c4\u5219\u200b\uff0c\u200b\u9700\u8981\u200b\u653e\u884c\u200b\u5bb9\u5668\u200b\u76f8\u5173\u200b\u6d41\u91cf\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u53ef\u80fd\u200b\u5b58\u5728\u200b\u975e\u5bf9\u79f0\u200b\u8def\u7531\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0c\u200b\u4e3b\u673a\u200b\u9700\u200b\u653e\u884c\u200b ct \u200b\u72b6\u6001\u200b\u4e3a\u200b
INVALID \u200b\u7684\u200b\u6570\u636e\u5305\u200b\u3002
"},{"location":"advance/overlay-with-route/#_2","title":"\u8bbe\u7f6e\u200b\u6b65\u9aa4","text":"\u200b\u5bf9\u4e8e\u200b\u9700\u8981\u200b\u5bf9\u5916\u200b\u76f4\u63a5\u200b\u8def\u7531\u200b\u7684\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u5b50\u7f51\u200b\u7684\u200b natOutgoing \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\uff0c\u200b\u5173\u95ed\u200b nat \u200b\u6620\u5c04\u200b\uff0c\u200b\u4f7f\u5f97\u200b Pod IP \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: routed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: distributed\n natOutgoing: false\n
\u200b\u6b64\u65f6\u200b\uff0cPod \u200b\u7684\u200b\u6570\u636e\u5305\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e3b\u673a\u200b\u8def\u7531\u200b\u5230\u8fbe\u200b\u5bf9\u7aef\u200b\u8282\u70b9\u200b\uff0c\u200b\u4f46\u662f\u200b\u5bf9\u7aef\u200b\u8282\u70b9\u200b\u8fd8\u200b\u4e0d\u200b\u77e5\u9053\u200b\u56de\u7a0b\u200b\u6570\u636e\u5305\u200b\u5e94\u8be5\u200b\u53d1\u9001\u5230\u200b\u54ea\u91cc\u200b\uff0c\u200b\u9700\u8981\u200b\u6dfb\u52a0\u200b\u56de\u7a0b\u200b\u8def\u7531\u200b\u3002
\u200b\u5982\u679c\u200b\u5bf9\u7aef\u200b\u4e3b\u673a\u200b\u548c\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u6211\u4eec\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u5728\u200b\u5bf9\u200b\u7aef\u200b\u4e3b\u673a\u200b\u6dfb\u52a0\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u5c06\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u6307\u5411\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b\u4efb\u610f\u200b\u4e00\u53f0\u200b\u673a\u5668\u200b\u3002
ip route add 10.166.0.0/16 via 192.168.2.10 dev eth0\n
10.166.0.0/16 \u200b\u4e3a\u200b\u5bb9\u5668\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\uff0c192.168.2.10 \u200b\u4e3a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u5185\u200b\u4efb\u610f\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u3002
\u200b\u82e5\u200b\u5bf9\u200b\u7aef\u200b\u4e3b\u673a\u200b\u548c\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u4e0d\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5219\u200b\u9700\u8981\u200b\u5728\u200b\u8def\u7531\u5668\u200b\u4e0a\u200b\u914d\u7f6e\u200b\u76f8\u5e94\u200b\u7684\u200b\u89c4\u5219\u200b\uff0c\u200b\u901a\u8fc7\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u6253\u901a\u200b\u3002
\u200b\u6ce8\u610f\u200b\uff1a \u200b\u6307\u5b9a\u200b\u67d0\u4e2a\u200b\u8282\u70b9\u200b IP \u200b\u5b58\u5728\u200b\u5355\u70b9\u6545\u969c\u200b\u7684\u200b\u53ef\u80fd\u200b\uff0c\u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u505a\u5230\u200b\u5feb\u901f\u200b\u7684\u200b\u6545\u969c\u200b\u5207\u6362\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Keepalived \u200b\u7ed9\u200b\u591a\u4e2a\u200b\u8282\u70b9\u200b\u8bbe\u7f6e\u200b VIP\uff0c\u200b\u540c\u65f6\u200b\u5c06\u200b\u8def\u7531\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u6307\u5411\u200b VIP\u3002
\u200b\u5728\u200b\u4e00\u4e9b\u200b\u865a\u62df\u5316\u200b\u73af\u5883\u200b\u4e2d\u200b\uff0c\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u4f1a\u200b\u5c06\u200b\u975e\u5bf9\u79f0\u200b\u6d41\u91cf\u200b\u8bc6\u522b\u200b\u4e3a\u200b\u975e\u6cd5\u200b\u6d41\u91cf\u200b\u5e76\u200b\u4e22\u5f03\u200b\u3002 \u200b\u6b64\u65f6\u200b\u9700\u8981\u200b\u5c06\u200b Subnet \u200b\u7684\u200b gatewayType \u200b\u8c03\u6574\u200b\u4e3a\u200b centralized\uff0c\u200b\u5e76\u200b\u5728\u200b\u8def\u7531\u200b\u8bbe\u7f6e\u200b\u65f6\u200b\u5c06\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b gatewayNode \u200b\u8282\u70b9\u200b\u7684\u200b IP\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: routed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: centralized\n gatewayNode: \"node1\"\n natOutgoing: false\n
\u200b\u5982\u679c\u200b\u5bf9\u4e8e\u200b\u90e8\u5206\u200b\u6d41\u91cf\u200b\uff08\u200b\u5982\u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u7684\u200b\u6d41\u91cf\u200b\uff09\u200b\u4ecd\u7136\u200b\u5e0c\u671b\u200b\u8fdb\u884c\u200b nat \u200b\u5904\u7406\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u9ed8\u8ba4\u200b VPC NAT \u200b\u7b56\u7565\u200b\u89c4\u5219\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-eip-fip-snat/","title":"OVN EIP FIP SNAT DNAT \u200b\u652f\u6301","text":"\u200b\u6ce8\u610f\u200b\uff1a\u200b\u7531\u4e8e\u200b\u5b58\u5728\u200b api \u200b\u53d8\u52a8\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u5728\u200b 1.12 \u200b\u5206\u652f\u200b\u7ee7\u7eed\u200b\u6f14\u8fdb\u200b\u8be5\u200b OVN EIP FIP DNAT \u200b\u529f\u80fd\u200b\uff0c\u200b\u5982\u200b\u6709\u200b\u9700\u8981\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b 1.12 \u200b\u4e4b\u540e\u200b\u7684\u200b\u5206\u652f\u200b \u200b\u6216\u8005\u200b master \u200b\u5206\u652f\u200b\u3002 \u200b\u7531\u4e8e\u200b master \u200b\u5206\u652f\u200b\u6f14\u8fdb\u200b\u8f83\u200b\u5feb\u200b\uff0c\u200b\u76ee\u524d\u200b\u4e13\u95e8\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u4e2a\u200b 1.12-mc \u200b\u5206\u652f\u200b\uff0c\u200b\u7528\u4e8e\u200b\u4fdd\u8bc1\u200b\u7a33\u5b9a\u6027\u200b\u3002
graph LR\n\n\npod-->vpc1-subnet-->vpc1-->snat-->lrp-->external-subnet-->gw-node-external-nic
Pod \u200b\u57fa\u4e8e\u200b SNAT \u200b\u51fa\u200b\u516c\u7f51\u200b\u7684\u200b\u5927\u81f4\u200b\u6d41\u7a0b\u200b\uff0c\u200b\u6700\u540e\u200b\u662f\u200b\u7ecf\u8fc7\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u7684\u200b\u516c\u7f51\u200b\u7f51\u5361\u200b\u3002
graph LR\n\n\npod-->vpc1-subnet-->vpc1-->fip-->lrp-->external-subnet-->local-node-external-nic
Pod \u200b\u57fa\u4e8e\u200b FIP \u200b\u51fa\u200b\u516c\u7f51\u200b\u7684\u200b\u5927\u81f4\u200b\u6d41\u7a0b\u200b\uff0c\u200b\u6700\u540e\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u672c\u5730\u200b\u8282\u70b9\u200b\u7684\u200b\u516c\u7f51\u200b\u7f51\u5361\u200b\u51fa\u200b\u516c\u7f51\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u6240\u200b\u652f\u6301\u200b\u7684\u200b CRD \u200b\u5728\u200b\u4f7f\u7528\u200b\u4e0a\u5c06\u200b\u548c\u200b iptable nat gw \u200b\u516c\u7f51\u200b\u65b9\u6848\u200b\u4fdd\u6301\u200b\u57fa\u672c\u4e00\u81f4\u200b\u3002
- ovn eip: \u200b\u7528\u4e8e\u200b\u516c\u7f51\u200b ip \u200b\u5360\u4f4d\u200b\uff0c\u200b\u4ece\u200b underlay provider network vlan subnet \u200b\u4e2d\u200b\u5206\u914d\u200b
- ovn fip\uff1a \u200b\u4e00\u5bf9\u4e00\u200b dnat snat\uff0c\u200b\u4e3a\u200b vpc \u200b\u5185\u200b\u7684\u200b ip \u200b\u6216\u8005\u200b vip \u200b\u63d0\u4f9b\u200b\u516c\u7f51\u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b\u80fd\u529b\u200b
- ovn snat\uff1a\u200b\u6574\u4e2a\u200b\u5b50\u7f51\u200b\u6216\u8005\u200b\u5355\u4e2a\u200b vpc \u200b\u5185\u200b ip \u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b snat \u200b\u8bbf\u95ee\u200b\u516c\u7f51\u200b
- ovn dnat\uff1a\u200b\u57fa\u4e8e\u200b router lb \u200b\u5b9e\u73b0\u200b, \u200b\u57fa\u4e8e\u200b\u516c\u7f51\u200b ip + \u200b\u7aef\u53e3\u200b \u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b vpc \u200b\u5185\u200b\u7684\u200b \u200b\u4e00\u7ec4\u200b endpoints
"},{"location":"advance/ovn-eip-fip-snat/#1","title":"1. \u200b\u90e8\u7f72","text":"\u200b\u76ee\u524d\u200b\u5141\u8bb8\u200b\u6240\u6709\u200b\uff08\u200b\u9ed8\u8ba4\u200b\u4ee5\u53ca\u200b\u81ea\u5b9a\u4e49\u200b\uff09vpc \u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b provider vlan subnet \u200b\u8d44\u6e90\u200b\uff0c\u200b\u540c\u65f6\u200b\u517c\u5bb9\u200b\u9ed8\u8ba4\u200b VPC EIP/SNAT\u200b\u7684\u200b\u573a\u666f\u200b\u3002
\u200b\u7c7b\u4f3c\u200b neutron ovn\uff0c\u200b\u670d\u52a1\u200b\u542f\u52a8\u200b\u914d\u7f6e\u200b\u4e2d\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b provider network \u200b\u76f8\u5173\u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u4e0b\u8ff0\u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u4e5f\u200b\u662f\u200b\u4e3a\u4e86\u200b\u517c\u5bb9\u200b VPC EIP/SNAT \u200b\u7684\u200b\u5b9e\u73b0\u200b\u3002
\u200b\u90e8\u7f72\u200b\u9636\u6bb5\u200b\uff0c\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u80fd\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b\u9ed8\u8ba4\u200b\u516c\u7f51\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u3002 \u200b\u5982\u679c\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4e2d\u200b\u6ca1\u6709\u200b vlan\uff08\u200b\u4f7f\u7528\u200b vlan 0\uff09\uff0c\u200b\u90a3\u4e48\u200b\u4e0b\u8ff0\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u65e0\u9700\u200b\u914d\u7f6e\u200b\u3002
# \u200b\u90e8\u7f72\u200b\u7684\u200b\u65f6\u5019\u200b\u4f60\u200b\u9700\u8981\u200b\u53c2\u8003\u200b\u4ee5\u4e0a\u200b\u573a\u666f\u200b\uff0c\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\uff0c\u200b\u6309\u200b\u9700\u200b\u6307\u5b9a\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\n# 1. kube-ovn-controller \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b\uff1a\n - --external-gateway-vlanid=204\n - --external-gateway-switch=external204\n\n# 2. kube-ovn-cni \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b:\n - --external-gateway-switch=external204 \n\n### \u200b\u4ee5\u4e0a\u200b\u914d\u7f6e\u200b\u90fd\u200b\u548c\u200b\u4e0b\u9762\u200b\u7684\u200b\u516c\u7f51\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b vlan id \u200b\u548c\u200b\u8d44\u6e90\u200b\u540d\u200b\u4fdd\u6301\u4e00\u81f4\u200b\uff0c\u200b\u76ee\u524d\u200b\u4ec5\u200b\u652f\u6301\u200b\u6307\u5b9a\u200b\u4e00\u4e2a\u200b underlay \u200b\u516c\u7f51\u200b\u4f5c\u4e3a\u200b\u9ed8\u8ba4\u200b\u5916\u90e8\u200b\u516c\u7f51\u200b\u3002\n
\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9879\u200b\u7684\u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u4e3b\u8981\u200b\u8003\u8651\u200b\u4e86\u200b\u5982\u4e0b\u200b\u56e0\u7d20\u200b\uff1a
- \u200b\u57fa\u4e8e\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9879\u200b\u53ef\u4ee5\u200b\u5bf9\u200b\u63a5\u5230\u200b provider network\uff0cvlan\uff0csubnet \u200b\u7684\u200b\u8d44\u6e90\u200b\u3002
- \u200b\u57fa\u4e8e\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9879\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u9ed8\u8ba4\u200b vpc enable_eip_snat \u200b\u529f\u80fd\u200b\u5bf9\u200b\u63a5\u5230\u200b\u5df2\u6709\u200b\u7684\u200b vlan\uff0csubnet \u200b\u8d44\u6e90\u200b\uff0c\u200b\u540c\u65f6\u200b\u652f\u6301\u200b\u516c\u7f51\u200b ip \u200b\u7684\u200b ipam\u3002
- \u200b\u5982\u679c\u200b\u4ec5\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b vpc \u200b\u7684\u200b enable_eip_snat \u200b\u6a21\u5f0f\u200b, \u200b\u4e14\u200b\u4ec5\u200b\u4f7f\u7528\u200b\u65e7\u200b\u7684\u200b\u57fa\u4e8e\u200b pod annotaion \u200b\u7684\u200b fip snat\uff0c\u200b\u90a3\u4e48\u200b\u8fd9\u4e2a\u200b\u914d\u7f6e\u200b\u65e0\u9700\u200b\u914d\u7f6e\u200b\u3002
- \u200b\u57fa\u4e8e\u200b\u8be5\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u4e0d\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b vpc enable_eip_snat \u200b\u6d41\u7a0b\u200b\uff0c\u200b\u4ec5\u200b\u901a\u8fc7\u200b\u5bf9\u5e94\u200b\u5230\u200b vlan\uff0csubnet \u200b\u6d41\u7a0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u517c\u5bb9\u200b\u4ec5\u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u4f7f\u7528\u200b eip snat \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\u3002
"},{"location":"advance/ovn-eip-fip-snat/#11-underlay","title":"1.1 \u200b\u51c6\u5907\u200b underlay \u200b\u516c\u7f51\u200b\u7f51\u7edc","text":"# \u200b\u51c6\u5907\u200b provider-network\uff0c vlan\uff0c subnet\n# cat 01-provider-network.yaml\napiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: external204\nspec:\n defaultInterface: vlan\n# cat 02-vlan.yaml\napiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan204\nspec:\n id: 204\n provider: external204\n# cat 03-vlan-subnet.yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: external204\nspec:\n protocol: IPv4\n cidrBlock: 10.5.204.0/24\n gateway: 10.5.204.254\n vlan: vlan204\n excludeIps:\n - 10.5.204.1..10.5.204.100\n
"},{"location":"advance/ovn-eip-fip-snat/#12-vpc-eip_snat","title":"1.2 \u200b\u9ed8\u8ba4\u200b vpc \u200b\u542f\u7528\u200b eip_snat","text":"# \u200b\u542f\u7528\u200b\u9ed8\u8ba4\u200b vpc \u200b\u548c\u200b\u4e0a\u8ff0\u200b underlay \u200b\u516c\u7f51\u200b provider subnet \u200b\u4e92\u8054\u200b\ncat 00-centralized-external-gw-no-ip.yaml\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-external-gw-config\n namespace: kube-system\ndata:\n enable-external-gw: \"true\"\n external-gw-nodes: \"pc-node-1,pc-node-2,pc-node-3\"\n type: \"centralized\" \n external-gw-nic: \"vlan\" # \u200b\u7528\u4e8e\u200b\u63a5\u5165\u200b ovs \u200b\u516c\u7f51\u200b\u7f51\u6865\u200b\u7684\u200b\u7f51\u5361\u200b\n external-gw-addr: \"10.5.204.254/24\" # underlay \u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u7684\u200b ip\n
\u200b\u76ee\u524d\u200b\u8be5\u200b\u529f\u80fd\u200b\u5df2\u200b\u652f\u6301\u200b\u53ef\u4ee5\u200b\u4e0d\u200b\u6307\u5b9a\u200b lrp ip \u200b\u548c\u200b mac\uff0c\u200b\u5df2\u200b\u652f\u6301\u200b\u81ea\u52a8\u200b\u83b7\u53d6\u200b\uff0c\u200b\u521b\u5efa\u200b lrp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn eip \u200b\u8d44\u6e90\u200b\u3002
\u200b\u5982\u679c\u200b\u6307\u5b9a\u200b\u4e86\u200b\uff0c\u200b\u5219\u200b\u76f8\u5f53\u4e8e\u200b\u6307\u5b9a\u200b ip \u200b\u521b\u5efa\u200b lrp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn-eip\u3002 \u200b\u5f53\u7136\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u63d0\u524d\u200b\u624b\u52a8\u200b\u521b\u5efa\u200b lrp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn eip\u3002
"},{"location":"advance/ovn-eip-fip-snat/#13-vpc-eip-snat-fip","title":"1.3 \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u542f\u7528\u200b eip snat fip \u200b\u529f\u80fd","text":"# cat 00-ns.yml\napiVersion: v1\nkind: Namespace\nmetadata:\n name: vpc1\n\n# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc1\nspec:\n namespaces:\n - vpc1\n enableExternal: true\n# vpc \u200b\u542f\u7528\u200b enableExternal \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u521b\u5efa\u200b lrp \u200b\u5173\u8054\u200b\u5230\u200b\u4e0a\u8ff0\u200b\u6307\u5b9a\u200b\u7684\u200b\u516c\u7f51\u200b\n\n# cat 02-subnet.yml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: vpc1-subnet1\nspec:\n cidrBlock: 192.168.0.0/24\n default: false\n disableGatewayCheck: false\n disableInterConnection: true\n enableEcmp: true\n gatewayNode: \"\"\n gatewayType: distributed\n #gatewayType: centralized\n natOutgoing: false\n private: false\n protocol: IPv4\n provider: ovn\n vpc: vpc1\n namespaces:\n - vpc1\n\n# \u200b\u8fd9\u91cc\u200b\u5b50\u7f51\u200b\u548c\u200b\u4e4b\u524d\u200b\u4f7f\u7528\u200b\u5b50\u7f51\u200b\u4e00\u6837\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u5728\u200b subnet \u200b\u4e0a\u200b\u6ca1\u6709\u200b\u65b0\u589e\u200b\u5c5e\u6027\u200b\uff0c\u200b\u6ca1\u6709\u200b\u4efb\u4f55\u200b\u53d8\u66f4\u200b\n
\u200b\u4ee5\u4e0a\u200b\u6a21\u677f\u200b\u5e94\u7528\u200b\u540e\u200b\uff0c\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\u5b58\u5728\u200b
# k ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 21d853b0-f7b4-40bd-9a53-31d2e2745739\n external ip: \"10.5.204.115\"\n logical ip: \"192.168.0.0/24\"\n type: \"snat\"\n
# k ko nbctl lr-route-list vpc1\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 10.5.204.254 dst-ip\n# \u200b\u76ee\u524d\u200b\u8be5\u200b\u8def\u7531\u200b\u5df2\u200b\u81ea\u52a8\u200b\u7ef4\u62a4\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#2-ovn-eip","title":"2. ovn-eip","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u548c\u200b iptables-eip \u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u57fa\u672c\u4e00\u81f4\u200b\uff0covn-eip \u200b\u76ee\u524d\u200b\u6709\u200b\u4e09\u79cd\u200b type
- nat: \u200b\u7528\u4e8e\u200b ovn dnat\uff0cfip, snat, \u200b\u8fd9\u4e9b\u200b nat \u200b\u7c7b\u578b\u200b\u4f1a\u200b\u8bb0\u5f55\u200b\u5728\u200b status \u200b\u4e2d\u200b
- lrp: Resources connected to the public network from a vpc can be used by nat
- lsp: \u200b\u7528\u4e8e\u200b ovn \u200b\u57fa\u4e8e\u200b bfd \u200b\u7684\u200b ecmp \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u573a\u666f\u200b\uff0c\u200b\u5728\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u4e0a\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b ovs internal port \u200b\u4f5c\u4e3a\u200b ecmp \u200b\u8def\u7531\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b
---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: external204\n type: nat\n\n# \u200b\u52a8\u6001\u5206\u914d\u200b\u4e00\u4e2a\u200b eip \u200b\u8d44\u6e90\u200b\uff0c\u200b\u8be5\u200b\u8d44\u6e90\u200b\u9884\u7559\u200b\u7528\u4e8e\u200b fip \u200b\u573a\u666f\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#21-ovn-fip-pod-fip","title":"2.1 ovn-fip \u200b\u4e3a\u200b pod \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b fip","text":"# k get po -o wide -n vpc1 vpc-1-busybox01\nNAME READY STATUS RESTARTS AGE IP NODE\nvpc-1-busybox01 1/1 Running 0 3d15h 192.168.0.2 pc-node-2\n\n# k get ip vpc-1-busybox01.vpc1\nNAME V4IP V6IP MAC NODE SUBNET\nvpc-1-busybox01.vpc1 192.168.0.2 00:00:00:0A:DD:27 pc-node-2 vpc1-subnet1\n\n---\n\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnFip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n ovnEip: eip-static\n ipName: vpc-1-busybox01.vpc1 # \u200b\u6ce8\u610f\u200b\u8fd9\u91cc\u200b\u662f\u200b ip crd \u200b\u7684\u200b\u540d\u5b57\u200b\uff0c\u200b\u5177\u6709\u200b\u552f\u4e00\u6027\u200b\n
# k get ofip\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-for-vip vpc1 10.5.204.106 192.168.0.3 true vip test-fip-vip\neip-static vpc1 10.5.204.101 192.168.0.2 true vpc-1-busybox01.vpc1\n# k get ofip eip-static\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-static vpc1 10.5.204.101 192.168.0.2 true vpc-1-busybox01.vpc1\n\n[root@pc-node-1 03-cust-vpc]# ping 10.5.204.101\nPING 10.5.204.101 (10.5.204.101) 56(84) bytes of data.\n64 bytes from 10.5.204.101: icmp_seq=2 ttl=62 time=1.21 ms\n64 bytes from 10.5.204.101: icmp_seq=3 ttl=62 time=0.624 ms\n64 bytes from 10.5.204.101: icmp_seq=4 ttl=62 time=0.368 ms\n^C\n--- 10.5.204.101 ping statistics ---\n4 packets transmitted, 3 received, 25% packet loss, time 3049ms\nrtt min/avg/max/mdev = 0.368/0.734/1.210/0.352 ms\n[root@pc-node-1 03-cust-vpc]#\n\n# \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5728\u200b node ping \u200b\u9ed8\u8ba4\u200b vpc \u200b\u4e0b\u200b\u7684\u200b pod \u200b\u7684\u200b\u516c\u7f51\u200b ip \u200b\u662f\u200b\u80fd\u901a\u200b\u7684\u200b\n
# \u200b\u8be5\u200b\u516c\u7f51\u200b ip \u200b\u80fd\u901a\u200b\u7684\u200b\u5173\u952e\u200b\u8d44\u6e90\u200b\u4e3b\u8981\u200b\u5305\u62ec\u200b\u4ee5\u4e0b\u200b\u90e8\u5206\u200b\n# k ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 813523e7-c68c-408f-bd8c-cba30cb2e4f4\n external ip: \"10.5.204.101\"\n logical ip: \"192.168.0.2\"\n type: \"dnat_and_snat\"\n
"},{"location":"advance/ovn-eip-fip-snat/#22-ovn-fip-vip-fip","title":"2.2 ovn-fip \u200b\u4e3a\u200b vip \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b fip","text":"\u200b\u4e3a\u4e86\u200b\u4fbf\u4e8e\u200b\u4e00\u4e9b\u200b vip \u200b\u573a\u666f\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u6bd4\u5982\u200b kubevirt \u200b\u865a\u62df\u673a\u200b\u5185\u90e8\u200b\u6211\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u4f7f\u7528\u200b\u4e00\u4e9b\u200b vip \u200b\u63d0\u4f9b\u200b\u7ed9\u200b keepalived\uff0ckube-vip \u200b\u7b49\u200b\u573a\u666f\u200b\u6765\u200b\u4f7f\u7528\u200b\uff0c\u200b\u540c\u65f6\u200b\u652f\u6301\u200b\u516c\u7f51\u200b\u8bbf\u95ee\u200b\u3002
\u200b\u90a3\u4e48\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b fip \u200b\u7ed1\u5b9a\u200b vpc \u200b\u5185\u90e8\u200b\u7684\u200b vip \u200b\u7684\u200b\u65b9\u5f0f\u200b\u6765\u200b\u63d0\u4f9b\u200b vip \u200b\u7684\u200b\u516c\u7f51\u200b\u80fd\u529b\u200b\u3002
# \u200b\u5148\u200b\u521b\u5efa\u200b vip\uff0ceip\uff0c\u200b\u518d\u200b\u5c06\u200b eip \u200b\u7ed1\u5b9a\u200b\u5230\u200b vip\n# cat vip.yaml\napiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: test-fip-vip\nspec:\n subnet: vpc1-subnet1\n\n# cat 04-fip.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-for-vip\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnFip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-for-vip\nspec:\n ovnEip: eip-for-vip\n ipType: vip # \u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b fip \u200b\u662f\u200b\u9762\u5411\u200b pod ip \u200b\u7684\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u9700\u8981\u200b\u6807\u6ce8\u200b\u6307\u5b9a\u200b\u5bf9\u200b\u63a5\u5230\u200b vip \u200b\u8d44\u6e90\u200b\n ipName: test-fip-vip\n
# k get ofip\nNAME VPC V4EIP V4IP READY IPTYPE IPNAME\neip-for-vip vpc1 10.5.204.106 192.168.0.3 true vip test-fip-vip\n\n\n[root@pc-node-1 fip-vip]# ping 10.5.204.106\nPING 10.5.204.106 (10.5.204.106) 56(84) bytes of data.\n64 bytes from 10.5.204.106: icmp_seq=1 ttl=62 time=0.694 ms\n64 bytes from 10.5.204.106: icmp_seq=2 ttl=62 time=0.436 ms\n\n# \u200b\u5728\u200b node \u200b\u4e0a\u200b\u662f\u200b ping \u200b\u5f97\u901a\u200b\u7684\u200b\n\n\n# pod \u200b\u5185\u90e8\u200b\u7684\u200b ip \u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u5927\u81f4\u200b\u5c31\u662f\u200b\u5982\u4e0b\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\n\n[root@pc-node-1 fip-vip]# k -n vpc1 exec -it vpc-1-busybox03 -- bash\n[root@vpc-1-busybox03 /]#\n[root@vpc-1-busybox03 /]#\n[root@vpc-1-busybox03 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1568: eth0@if1569: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:56:40:e5 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.5/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet 192.168.0.3/24 scope global secondary eth0 # \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b vip \u200b\u7684\u200b\u914d\u7f6e\u200b\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe56:40e5/64 scope link\n valid_lft forever preferred_lft forever\n\n[root@vpc-1-busybox03 /]# tcpdump -i eth0 host 192.168.0.3 -netvv\ntcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes\n00:00:00:ed:8e:c7 > 00:00:00:56:40:e5, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 44830, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.32.51 > 192.168.0.3: ICMP echo request, id 177, seq 1, length 64\n00:00:00:56:40:e5 > 00:00:00:ed:8e:c7, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 43962, offset 0, flags [none], proto ICMP (1), length 84)\n 192.168.0.3 > 10.5.32.51: ICMP echo reply, id 177, seq 1, length 64\n\n# pod \u200b\u5185\u90e8\u200b\u53ef\u4ee5\u200b\u6293\u200b\u5230\u200b fip \u200b\u76f8\u5173\u200b\u7684\u200b icmp \u200b\u5305\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#3-ovn-snat","title":"3. ovn-snat","text":""},{"location":"advance/ovn-eip-fip-snat/#31-ovn-snat-subnet-cidr","title":"3.1 ovn-snat \u200b\u5bf9\u5e94\u200b\u4e00\u4e2a\u200b subnet \u200b\u7684\u200b cidr","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u548c\u200b iptables-snat \u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u57fa\u672c\u4e00\u81f4\u200b
# cat 03-subnet-snat.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-subnet-in-vpc\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-subnet-in-vpc\nspec:\n ovnEip: snat-for-subnet-in-vpc\n vpcSubnet: vpc1-subnet1 # eip \u200b\u5bf9\u5e94\u200b\u6574\u4e2a\u200b\u7f51\u6bb5\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#32-ovn-snat-pod-ip","title":"3.2 ovn-snat \u200b\u5bf9\u5e94\u200b\u5230\u200b\u4e00\u4e2a\u200b pod ip","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u548c\u200b iptables-snat \u200b\u8bbe\u8ba1\u200b\u548c\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u57fa\u672c\u4e00\u81f4\u200b
# cat 03-pod-snat.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat-for-pod-vpc-ip\nspec:\n externalSubnet: external204\n type: nat\n\n---\nkind: OvnSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat01\nspec:\n ovnEip: snat-for-pod-vpc-ip\n ipName: vpc-1-busybox02.vpc1 # eip \u200b\u5bf9\u5e94\u200b\u5355\u4e2a\u200b pod ip\n
\u200b\u4ee5\u4e0a\u200b\u8d44\u6e90\u200b\u521b\u5efa\u200b\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b snat \u200b\u516c\u7f51\u200b\u529f\u80fd\u200b\u4f9d\u8d56\u200b\u7684\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\u3002
# kubectl ko nbctl show vpc1\nrouter 87ad06fd-71d5-4ff8-a1f0-54fa3bba1a7f (vpc1)\n port vpc1-vpc1-subnet1\n mac: \"00:00:00:ED:8E:C7\"\n networks: [\"192.168.0.1/24\"]\n port vpc1-external204\n mac: \"00:00:00:EF:05:C7\"\n networks: [\"10.5.204.105/24\"]\n gateway chassis: [7cedd14f-265b-42e5-ac17-e03e7a1f2342 276baccb-fe9c-4476-b41d-05872a94976d fd9f140c-c45d-43db-a6c0-0d4f8ea298dd]\n nat 21d853b0-f7b4-40bd-9a53-31d2e2745739\n external ip: \"10.5.204.115\"\n logical ip: \"192.168.0.0/24\"\n type: \"snat\"\n nat da77a11f-c523-439c-b1d1-72c664196a0f\n external ip: \"10.5.204.116\"\n logical ip: \"192.168.0.4\"\n type: \"snat\"\n
[root@pc-node-1 03-cust-vpc]# k get po -A -o wide | grep busy\nvpc1 vpc-1-busybox01 1/1 Running 0 3d15h 192.168.0.2 pc-node-2 <none> <none>\nvpc1 vpc-1-busybox02 1/1 Running 0 17h 192.168.0.4 pc-node-1 <none> <none>\nvpc1 vpc-1-busybox03 1/1 Running 0 17h 192.168.0.5 pc-node-1 <none> <none>\nvpc1 vpc-1-busybox04 1/1 Running 0 17h 192.168.0.6 pc-node-3 <none> <none>\nvpc1 vpc-1-busybox05 1/1 Running 0 17h 192.168.0.7 pc-node-1 <none> <none>\n\n# k exec -it -n vpc1 vpc-1-busybox04 bash\nkubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.\n[root@vpc-1-busybox04 /]#\n[root@vpc-1-busybox04 /]#\n[root@vpc-1-busybox04 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n17095: eth0@if17096: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:76:94:55 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.6/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe76:9455/64 scope link\n valid_lft forever preferred_lft forever\n[root@vpc-1-busybox04 /]# ping 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=1 ttl=114 time=22.2 ms\n64 bytes from 223.5.5.5: icmp_seq=2 ttl=114 time=21.8 ms\n\n[root@pc-node-1 03-cust-vpc]# k exec -it -n vpc1 vpc-1-busybox02 bash\nkubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]#\n[root@vpc-1-busybox02 /]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1566: eth0@if1567: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether 00:00:00:0b:e9:d0 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 192.168.0.4/24 brd 192.168.0.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe0b:e9d0/64 scope link\n valid_lft forever preferred_lft forever\n[root@vpc-1-busybox02 /]# ping 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=2 ttl=114 time=22.7 ms\n64 bytes from 223.5.5.5: icmp_seq=3 ttl=114 time=22.6 ms\n64 bytes from 223.5.5.5: icmp_seq=4 ttl=114 time=22.1 ms\n^C\n--- 223.5.5.5 ping statistics ---\n4 packets transmitted, 3 received, 25% packet loss, time 3064ms\nrtt min/avg/max/mdev = 22.126/22.518/22.741/0.278 ms\n\n# \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u4e24\u4e2a\u200b pod \u200b\u53ef\u4ee5\u200b\u5206\u522b\u200b\u57fa\u4e8e\u200b\u8fd9\u200b\u4e24\u79cd\u200b snat \u200b\u8d44\u6e90\u200b\u4e0a\u200b\u5916\u7f51\u200b\n
"},{"location":"advance/ovn-eip-fip-snat/#4-ovn-dnat","title":"4. ovn-dnat","text":""},{"location":"advance/ovn-eip-fip-snat/#41-ovn-dnat-pod-dnat","title":"4.1 ovn-dnat \u200b\u4e3a\u200b pod \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b dnat","text":"kind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n externalSubnet: underlay\n---\nkind: OvnDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-dnat\nspec:\n ovnEip: eip-dnat\n ipName: vpc-1-busybox01.vpc1 # \u200b\u6ce8\u610f\u200b\u8fd9\u91cc\u200b\u662f\u200b pod ip crd \u200b\u7684\u200b\u540d\u5b57\u200b\uff0c\u200b\u5177\u6709\u200b\u552f\u4e00\u6027\u200b\n protocol: tcp\n internalPort: \"22\"\n externalPort: \"22\"\n
OvnDnatRule \u200b\u7684\u200b\u914d\u7f6e\u200b\u4e0e\u200b IptablesDnatRule \u200b\u7c7b\u4f3c\u200b
# kubectl get oeip eip-dnat\nNAME V4IP V6IP MAC TYPE READY\neip-dnat 10.5.49.4 00:00:00:4D:CE:49 dnat true\n\n# kubectl get odnat\nNAME EIP PROTOCOL V4EIP V4IP INTERNALPORT EXTERNALPORT IPNAME READY\neip-dnat eip-dnat tcp 10.5.49.4 192.168.0.3 22 22 vpc-1-busybox01.vpc1 true\n
"},{"location":"advance/ovn-eip-fip-snat/#42-ovn-dnat-vip-dnat","title":"4.2 ovn-dnat \u200b\u4e3a\u200b vip \u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b dnat","text":"kind: OvnDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-dnat\nspec:\n ipType: vip # \u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b dnat \u200b\u662f\u200b\u9762\u5411\u200b pod ip \u200b\u7684\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u9700\u8981\u200b\u6807\u6ce8\u200b\u6307\u5b9a\u200b\u5bf9\u200b\u63a5\u5230\u200b vip \u200b\u8d44\u6e90\u200b\n ovnEip: eip-dnat\n ipName: test-dnat-vip\n protocol: tcp\n internalPort: \"22\"\n externalPort: \"22\"\n
OvnDnatRule \u200b\u7684\u200b\u914d\u7f6e\u200b\u4e0e\u200b IptablesDnatRule \u200b\u7c7b\u4f3c\u200b
# kubectl get vip test-dnat-vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\ntest-dnat-vip 192.168.0.4 00:00:00:D0:C0:B5 vpc1-subnet1 true\n\n# kubectl get oeip eip-dnat\nNAME V4IP V6IP MAC TYPE READY\neip-dnat 10.5.49.4 00:00:00:4D:CE:49 dnat true\n\n# kubectl get odnat eip-dnat \nNAME EIP PROTOCOL V4EIP V4IP INTERNALPORT EXTERNALPORT IPNAME READY\neip-dnat eip-dnat tcp 10.5.49.4 192.168.0.4 22 22 test-dnat-vip true\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-ipsec/","title":"\u4f7f\u7528\u200b IPsec \u200b\u52a0\u5bc6\u200b\u8282\u70b9\u200b\u95f4\u901a\u4fe1","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u4ece\u200b v1.10.11 \u200b\u548c\u200b v1.11.4 \u200b\u540e\u200b\u5f00\u59cb\u200b\u652f\u6301\u200b\uff0ckernel \u200b\u7248\u672c\u200b\u81f3\u5c11\u200b\u662f\u200b 3.10.0 \u200b\u4ee5\u4e0a\u200b\uff0c\u200b\u540c\u65f6\u200b\u9700\u8981\u200b\u4fdd\u8bc1\u200b\u4e3b\u673a\u200b UDP 500 \u200b\u548c\u200b 4500 \u200b\u7aef\u53e3\u200b\u53ef\u7528\u200b\u3002
"},{"location":"advance/ovn-ipsec/#ipsec_1","title":"\u542f\u52a8\u200b IPsec","text":"\u200b\u4ece\u200b Kube-OVN \u200b\u6e90\u7801\u200b\u62f7\u8d1d\u200b\u811a\u672c\u200b ipsec.sh\uff0c\u200b\u6267\u884c\u547d\u4ee4\u200b\u5982\u4e0b\u200b\uff0c\u200b\u8be5\u200b\u811a\u672c\u200b\u4f1a\u200b\u8c03\u7528\u200b ovs-pki \u200b\u751f\u6210\u200b\u548c\u200b\u5206\u914d\u200b\u52a0\u5bc6\u200b\u9700\u8981\u200b\u7684\u200b\u8bc1\u4e66\u200b\uff1a
bash ipsec.sh init\n
\u200b\u6267\u884c\u200b\u5b8c\u6bd5\u200b\u540e\u200b\uff0c\u200b\u8282\u70b9\u200b\u4e4b\u95f4\u200b\u4f1a\u200b\u534f\u5546\u200b\u4e00\u6bb5\u65f6\u95f4\u200b\u5efa\u7acb\u200b IPsec \u200b\u96a7\u9053\u200b\uff0c\u200b\u7ecf\u9a8c\u503c\u200b\u662f\u200b\u5341\u51e0\u79d2\u200b\u5230\u200b\u4e00\u5206\u949f\u200b\u4e4b\u95f4\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5982\u4e0b\u200b\u547d\u4ee4\u200b\u6765\u200b\u67e5\u770b\u200b IPsec \u200b\u72b6\u6001\u200b\uff1a
# bash ipsec.sh status\n Pod {ovs-ovn-d7hdt} ipsec status...\nInterface name: ovn-a4718e-0 v1 (CONFIGURED)\n Tunnel Type: geneve\n Local IP: 172.18.0.2\n Remote IP: 172.18.0.4\n Address Family: IPv4\n SKB mark: None\n Local cert: /etc/ipsec.d/certs/8aebd9df-46ef-47b9-85e3-73e9a765296d-cert.pem\n Local name: 8aebd9df-46ef-47b9-85e3-73e9a765296d\n Local key: /etc/ipsec.d/private/8aebd9df-46ef-47b9-85e3-73e9a765296d-privkey.pem\n Remote cert: None\n Remote name: a4718e55-5b85-4f46-90e6-63527d080590\n CA cert: /etc/ipsec.d/cacerts/cacert.pem\n PSK: None\n Custom Options: {}\n Ofport: 2\n CFM state: Disabled\nKernel policies installed:\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\n src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\nKernel security associations installed:\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\nIPsec connections that are active:\n\n Pod {ovs-ovn-fvbbj} ipsec status...\nInterface name: ovn-8aebd9-0 v1 (CONFIGURED)\n Tunnel Type: geneve\n Local IP: 172.18.0.4\n Remote IP: 172.18.0.2\n Address Family: IPv4\n SKB mark: None\n Local cert: /etc/ipsec.d/certs/a4718e55-5b85-4f46-90e6-63527d080590-cert.pem\n Local name: a4718e55-5b85-4f46-90e6-63527d080590\n Local key: /etc/ipsec.d/private/a4718e55-5b85-4f46-90e6-63527d080590-privkey.pem\n Remote cert: None\n Remote name: 8aebd9df-46ef-47b9-85e3-73e9a765296d\n CA cert: /etc/ipsec.d/cacerts/cacert.pem\n PSK: None\n Custom Options: {}\n Ofport: 1\n CFM state: Disabled\nKernel policies installed:\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\n src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\nKernel security associations installed:\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp dport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp sport 6081\n sel src 172.18.0.4/32 dst 172.18.0.2/32 proto udp sport 6081\n sel src 172.18.0.2/32 dst 172.18.0.4/32 proto udp dport 6081\nIPsec connections that are active:\n
\u200b\u5efa\u7acb\u200b\u5b8c\u6210\u200b\u540e\u200b\u53ef\u4ee5\u200b\u6293\u5305\u200b\u89c2\u5bdf\u200b\u62a5\u6587\u200b\u5df2\u7ecf\u200b\u88ab\u200b\u52a0\u5bc6\u200b\uff1a
# tcpdump -i eth0 -nel esp\n10:01:40.349896 IP kube-ovn-worker > kube-ovn-control-plane.kind: ESP(spi=0xcc91322a,seq=0x13d0), length 156\n10:01:40.350015 IP kube-ovn-control-plane.kind > kube-ovn-worker: ESP(spi=0xc8df4221,seq=0x1d37), length 156\n
\u200b\u5f53\u200b\u6267\u884c\u200b\u5b8c\u200b\u811a\u672c\u200b\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u6267\u884c\u547d\u4ee4\u200b\u5173\u95ed\u200b IPsec\uff1a
# bash ipsec.sh stop\n
\u200b\u6216\u8005\u200b\u6267\u884c\u547d\u4ee4\u200b\u518d\u6b21\u200b\u6253\u5f00\u200b\uff1a
# bash ipsec.sh start\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/","title":"OVN SNAT \u200b\u57fa\u4e8e\u200b ECMP BFD \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u7684\u200b L3 HA \u200b\u652f\u6301","text":"\u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u57fa\u4e8e\u200b ovn snat \u200b\u540e\u200b\u57fa\u4e8e\u200b ecmp \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u54c8\u5e0c\u200b\u5230\u200b\u591a\u4e2a\u200b gw node ovnext0 \u200b\u7f51\u5361\u200b\u51fa\u200b\u516c\u7f51\u200b
- \u200b\u652f\u6301\u200b\u57fa\u4e8e\u200b bfd \u200b\u7684\u200b\u9ad8\u200b\u53ef\u7528\u200b
- \u200b\u4ec5\u200b\u652f\u6301\u200b hash \u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b
graph LR\n\npod-->vpc-subnet-->vpc-->snat-->ecmp-->external-subnet-->gw-node1-ovnext0--> node1-external-switch\nexternal-subnet-->gw-node2-ovnext0--> node2-external-switch\nexternal-subnet-->gw-node3-ovnext0--> node3-external-switch
\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u548c\u200bovn-eip-fip-snat.md \u200b\u57fa\u672c\u4e00\u81f4\u200b\uff0c\u200b\u4e00\u81f4\u200b\u7684\u200b\u90e8\u5206\u200b\u5305\u62ec\u200b install.sh \u200b\u7684\u200b\u90e8\u7f72\u200b\u90e8\u5206\u200b\uff0cprovider-network\uff0cvlan\uff0csubnet \u200b\u7684\u200b\u51c6\u5907\u200b\u90e8\u5206\u200b\u3002
\u200b\u81f3\u4e8e\u200b\u4e0d\u200b\u76f8\u540c\u200b\u7684\u200b\u90e8\u5206\u200b\uff0c\u200b\u4f1a\u200b\u5728\u200b\u4ee5\u4e0b\u200b\u90e8\u5206\u200b\u5177\u4f53\u200b\u9610\u8ff0\u200b\uff0c\u200b\u4e3b\u8981\u200b\u5305\u62ec\u200b lsp \u200b\u7c7b\u578b\u200b\u7684\u200b ovn-eip \u200b\u7684\u200b\u521b\u5efa\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u57fa\u4e8e\u200b vpc enable_bfd \u200b\u81ea\u52a8\u200b\u7ef4\u62a4\u200b bfd \u200b\u4ee5\u53ca\u200b ecmp \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u3002
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#1","title":"1. \u200b\u90e8\u7f72","text":""},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#11-underlay","title":"1.1 \u200b\u51c6\u5907\u200b underlay \u200b\u516c\u7f51\u200b\u7f51\u7edc","text":""},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#12-vpc-eip_snat","title":"1.2 \u200b\u9ed8\u8ba4\u200b vpc \u200b\u542f\u7528\u200b eip_snat","text":""},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#13-vpc-eip-snat-fip","title":"1.3 \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u542f\u7528\u200b eip snat fip \u200b\u529f\u80fd","text":"\u200b\u4ee5\u4e0a\u200b\u90e8\u5206\u200b\u548c\u200b ovn-eip-fip-snat.md \u200b\u5b8c\u5168\u4e00\u81f4\u200b\uff0c\u200b\u8fd9\u4e9b\u200b\u529f\u80fd\u200b\u9a8c\u8bc1\u200b\u901a\u8fc7\u200b\u540e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u57fa\u4e8e\u200b\u5982\u4e0b\u200b\u65b9\u5f0f\u200b\uff0c\u200b\u5c06\u200b vpc \u200b\u5207\u6362\u200b\u5230\u200b\u57fa\u4e8e\u200b ecmp \u200b\u7684\u200b bfd \u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff0c\u200b\u5f53\u7136\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u5207\u56de\u200b\u3002
\u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u4f7f\u7528\u200b\u8be5\u200b\u529f\u80fd\u200b\u4e4b\u524d\u200b\uff0c\u200b\u9700\u8981\u200b\u5148\u200b\u63d0\u4f9b\u200b\u597d\u7f51\u200b\u5173\u8282\u70b9\u200b\uff0c\u200b\u81f3\u5c11\u200b\u9700\u8981\u200b\u63d0\u4f9b\u200b 2 \u200b\u4e2a\u200b\u4ee5\u4e0a\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\uff0c\u200b\u6ce8\u610f\u200b\u5f53\u524d\u200b\u5b9e\u73b0\u200b ovn-eip \u200b\u7684\u200b\u540d\u5b57\u200b\u5fc5\u987b\u200b\u548c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u540d\u200b\u4fdd\u6301\u4e00\u81f4\u200b\uff0c\u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u505a\u200b\u8be5\u200b\u8d44\u6e90\u200b\u7684\u200b\u81ea\u52a8\u5316\u200b\u7ef4\u62a4\u200b\u3002
# cat gw-node-eip.yaml\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-1\nspec:\n externalSubnet: external204\n type: lsp\n\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-2\nspec:\n externalSubnet: external204\n type: lsp\n\n---\nkind: OvnEip\napiVersion: kubeovn.io/v1\nmetadata:\n name: pc-node-3\nspec:\n externalSubnet: external204\n type: lsp\n
\u200b\u7531\u4e8e\u200b\u8fd9\u4e2a\u200b\u573a\u666f\u200b\u76ee\u524d\u200b\u8bbe\u8ba1\u200b\u4e0a\u200b\u662f\u200b\u4f9b\u200b vpc ecmp \u200b\u51fa\u200b\u516c\u7f51\u200b\u4f7f\u7528\u200b\uff0c\u200b\u6240\u4ee5\u200b\u4ee5\u4e0a\u200b\u5728\u200b\u6ca1\u6709\u200b vpc \u200b\u542f\u7528\u200b bfd \u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u5373\u200b\u4e0d\u200b\u5b58\u5728\u200b\u5e26\u6709\u200b enable bfd \u200b\u6807\u7b7e\u200b\u7684\u200b lrp \u200b\u7684\u200b ovn eip \u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u4e0d\u4f1a\u200b\u89e6\u53d1\u200b\u521b\u5efa\u200b\u7f51\u5173\u200b\u7f51\u5361\u200b\uff0c\u200b\u4e5f\u200b\u65e0\u6cd5\u200b\u6210\u529f\u200b\u542f\u52a8\u200b\u5bf9\u7aef\u200b bfd \u200b\u4f1a\u8bdd\u200b\u7684\u200b\u76d1\u542c\u200b\u3002
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#2-vpc-ecmp-bfd-l3-ha","title":"2. \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u542f\u7528\u200b ecmp bfd L3 HA \u200b\u516c\u7f51\u200b\u529f\u80fd","text":"# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc1\nspec:\n namespaces:\n - vpc1\n enableExternal: true\n enableBfd: true # bfd \u200b\u5f00\u5173\u200b\u53ef\u4ee5\u200b\u968f\u610f\u200b\u5207\u6362\u200b\uff0c\u200b\u5f00\u200b\u8868\u793a\u200b\u542f\u7528\u200b bfd ecmp \u200b\u8def\u7531\u200b\n #enableBfd: false \n\n\n# cat 02-subnet.yml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: vpc1-subnet1\nspec:\n cidrBlock: 192.168.0.0/24\n default: false\n disableGatewayCheck: false\n disableInterConnection: true\n enableEcmp: true # \u200b\u53ea\u200b\u9700\u200b\u5f00\u542f\u200b ecmp\n gatewayNode: \"\"\n gatewayType: distributed\n #gatewayType: centralized\n natOutgoing: false\n private: false\n protocol: IPv4\n provider: ovn\n vpc: vpc1\n namespaces:\n - vpc1\n
\u200b\u4f7f\u7528\u200b\u4e0a\u200b\u7684\u200b\u6ce8\u610f\u200b\u70b9\u200b:
- \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u4e0b\u200b\u7684\u200b ecmp \u200b\u53ea\u7528\u200b\u9759\u6001\u200b ecmp bfd \u200b\u8def\u7531\u200b\uff0cvpc enableBfd \u200b\u548c\u200b subnet enableEcmp \u200b\u540c\u65f6\u200b\u5f00\u542f\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u624d\u200b\u4f1a\u200b\u751f\u6548\u200b\uff0c\u200b\u624d\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ba1\u7406\u200b\u9759\u6001\u200b ecmp bfd \u200b\u8def\u7531\u200b\u3002
- \u200b\u4e0a\u8ff0\u200b\u914d\u7f6e\u200b\u5173\u95ed\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5207\u56de\u200b\u5e38\u89c4\u200b\u9ed8\u8ba4\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u3002
- \u200b\u9ed8\u8ba4\u200b vpc \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\u8be5\u200b\u529f\u80fd\u200b\uff0c\u200b\u4ec5\u200b\u652f\u6301\u200b\u81ea\u5b9a\u4e49\u200b vpc\uff0c\u200b\u9ed8\u8ba4\u200b vpc \u200b\u6709\u200b\u66f4\u200b\u590d\u6742\u200b\u7684\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4ee5\u53ca\u200b snat \u200b\u8bbe\u8ba1\u200b\u3002
- \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u7684\u200b subnet \u200b\u7684\u200b enableEcmp \u200b\u4ec5\u200b\u4f7f\u7528\u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff0c\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b gatewayType \u200b\u6ca1\u6709\u200b\u4f5c\u7528\u200b\u3002
- \u200b\u5f53\u200b\u5173\u95ed\u200b EnableExternal \u200b\u65f6\u200b\uff0cvpc \u200b\u5185\u200b\u65e0\u6cd5\u200b\u901a\u5916\u200b\u7f51\u200b\u3002
- \u200b\u5f53\u200b\u5f00\u542f\u200b EnableExternal \u200b\u65f6\u200b\uff0c\u200b\u5173\u95ed\u200b EnableBfd \u200b\u65f6\u200b\uff0c\u200b\u4f1a\u200b\u57fa\u4e8e\u200b\u666e\u901a\u200b\u9ed8\u8ba4\u200b\u8def\u7531\u200b\u4e0a\u200b\u5916\u7f51\u200b\uff0c\u200b\u4e0d\u200b\u5177\u5907\u200b\u9ad8\u200b\u53ef\u7528\u200b\u3002
# \u200b\u4e0a\u8ff0\u200b\u6a21\u677f\u200b\u5e94\u7528\u200b\u540e\u200b ovn \u200b\u903b\u8f91\u200b\u5c42\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\n# \u200b\u67e5\u770b\u200b vpc\n# k get vpc\nNAME ENABLEEXTERNAL ENABLEBFD STANDBY SUBNETS NAMESPACES\novn-cluster true true [\"external204\",\"join\",\"ovn-default\"]\nvpc1 true true true [\"vpc1-subnet1\"] [\"vpc1\"]\n\n# \u200b\u9ed8\u8ba4\u200b vpc \u200b\u672a\u200b\u652f\u6301\u200b ENABLEBFD\n# \u200b\u81ea\u5b9a\u4e49\u200b vpc \u200b\u5df2\u200b\u652f\u6301\u200b\u4e14\u200b\u5df2\u200b\u542f\u7528\u200b\n\n\n# 1. \u200b\u521b\u5efa\u200b\u4e86\u200b bfd \u200b\u4f1a\u8bdd\u200b\n# k ko nbctl list bfd\n_uuid : be7df545-2c4c-4751-878f-b3507987f050\ndetect_mult : 3\ndst_ip : \"10.5.204.121\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n_uuid : 684c4489-5b59-4693-8d8c-3beab93f8093\ndetect_mult : 3\ndst_ip : \"10.5.204.109\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n_uuid : f0f62077-2ae9-4e79-b4f8-a446ec6e784c\ndetect_mult : 3\ndst_ip : \"10.5.204.108\"\nexternal_ids : {}\nlogical_port : vpc1-external204\nmin_rx : 100\nmin_tx : 100\noptions : {}\nstatus : up\n\n### \u200b\u6ce8\u610f\u200b\u6240\u6709\u200b status \u200b\u6b63\u5e38\u200b\u90fd\u200b\u5e94\u8be5\u200b\u662f\u200b up \u200b\u7684\u200b\n\n# 2. \u200b\u521b\u5efa\u200b\u4e86\u200b\u57fa\u4e8e\u200b bfd \u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\n# k ko nbctl lr-route-list vpc1\nIPv4 Routes\nRoute Table <main>:\n 192.168.0.0/24 10.5.204.108 src-ip ecmp ecmp-symmetric-reply bfd\n 192.168.0.0/24 10.5.204.109 src-ip ecmp ecmp-symmetric-reply bfd\n 192.168.0.0/24 10.5.204.121 src-ip ecmp ecmp-symmetric-reply bfd\n\n# 3. \u200b\u9759\u6001\u200b\u8def\u7531\u200b\u8be6\u60c5\u200b\n# k ko nbctl find Logical_Router_Static_Route policy=src-ip options=ecmp_symmetric_reply=\"true\"\n_uuid : 3aacb384-d5ee-4b14-aebf-59e8c11717ba\nbfd : 684c4489-5b59-4693-8d8c-3beab93f8093\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.109\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n\n_uuid : 18bcc585-bc05-430b-925b-ef673c8e1aef\nbfd : f0f62077-2ae9-4e79-b4f8-a446ec6e784c\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.108\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n\n_uuid : 7d0a4e6b-cde0-4110-8176-fbaf19738498\nbfd : be7df545-2c4c-4751-878f-b3507987f050\nexternal_ids : {}\nip_prefix : \"192.168.0.0/24\"\nnexthop : \"10.5.204.121\"\noptions : {ecmp_symmetric_reply=\"true\"}\noutput_port : []\npolicy : src-ip\nroute_table : \"\"\n
# \u200b\u540c\u65f6\u200b\u5728\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u90fd\u200b\u5e94\u8be5\u200b\u5177\u5907\u200b\u4ee5\u4e0b\u200b\u8d44\u6e90\u200b\n\n[root@pc-node-1 ~]# ip netns exec ovnext bash ip a\n/usr/sbin/ip: /usr/sbin/ip: cannot execute binary file\n[root@pc-node-1 ~]#\n[root@pc-node-1 ~]# ip netns exec ovnext ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n inet 127.0.0.1/8 scope host lo\n valid_lft forever preferred_lft forever\n inet6 ::1/128 scope host\n valid_lft forever preferred_lft forever\n1541: ovnext0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UNKNOWN group default qlen 1000\n link/ether 00:00:00:ab:bd:87 brd ff:ff:ff:ff:ff:ff\n inet 10.5.204.108/24 brd 10.5.204.255 scope global ovnext0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:feab:bd87/64 scope link\n valid_lft forever preferred_lft forever\n[root@pc-node-1 ~]#\n[root@pc-node-1 ~]# ip netns exec ovnext route -n\nKernel IP routing table\nDestination Gateway Genmask Flags Metric Ref Use Iface\n0.0.0.0 10.5.204.254 0.0.0.0 UG 0 0 0 ovnext0\n10.5.204.0 0.0.0.0 255.255.255.0 U 0 0 0 ovnext0\n\n## \u200b\u6ce8\u610f\u200b\u4ee5\u4e0a\u200b\u5185\u5bb9\u200b\u548c\u200b\u4e00\u4e2a\u200b internal port unerlay \u200b\u516c\u7f51\u200b pod \u200b\u5185\u90e8\u200b\u7684\u200b ns \u200b\u5927\u81f4\u200b\u662f\u200b\u4e00\u81f4\u200b\u7684\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u53ea\u662f\u200b\u5728\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u4e0a\u200b\u5355\u72ec\u200b\u7ef4\u62a4\u200b\u4e86\u200b\u4e00\u4e2a\u200b ns\n\n[root@pc-node-1 ~]# ip netns exec ovnext bfdd-control status\nThere are 1 sessions:\nSession 1\n id=1 local=10.5.204.108 (p) remote=10.5.204.122 state=Up\n\n## \u200b\u8fd9\u91cc\u200b\u5373\u200b\u662f\u200b lrp bfd \u200b\u4f1a\u8bdd\u200b\u7684\u200b\u53e6\u4e00\u7aef\u200b\uff0c\u200b\u4e5f\u200b\u662f\u200b lrp ecmp \u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u7684\u200b\u5176\u4e2d\u200b\u4e00\u4e2a\u200b\n\n\n[root@pc-node-1 ~]# ip netns exec ovnext ping -c1 223.5.5.5\nPING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.\n64 bytes from 223.5.5.5: icmp_seq=1 ttl=115 time=21.6 ms\n\n# \u200b\u5230\u200b\u516c\u7f51\u200b\u6ca1\u200b\u95ee\u9898\u200b\n
\u200b\u53ef\u4ee5\u200b\u5728\u200b\u67d0\u200b\u4e00\u4e2a\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u7684\u200b ovnext ns \u200b\u5185\u200b\u6293\u200b\u5230\u200b\u51fa\u53bb\u200b\u7684\u200b\u5305\u200b
# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n^C\n0 packets captured\n0 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-1 ~]# exit\n[root@pc-node-1 ~]# ssh pc-node-2\nLast login: Thu Feb 23 09:21:08 2023 from 10.5.32.51\n[root@pc-node-2 ~]# ip netns exec ovnext bash\n[root@pc-node-2 ~]# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n^C\n0 packets captured\n0 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-2 ~]# exit\n[root@pc-node-2 ~]# logout\nConnection to pc-node-2 closed.\n[root@pc-node-1 ~]# ssh pc-node-3\nLast login: Thu Feb 23 08:32:41 2023 from 10.5.32.51\n[root@pc-node-3 ~]# ip netns exec ovnext bash\n[root@pc-node-3 ~]# tcpdump -i ovnext0 host 223.5.5.5 -netvv\ndropped privs to tcpdump\ntcpdump: listening on ovnext0, link-type EN10MB (Ethernet), capture size 262144 bytes\n00:00:00:2d:f8:ce > 00:00:00:fd:b2:a4, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 57978, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.204.102 > 223.5.5.5: ICMP echo request, id 22, seq 71, length 64\n00:00:00:fd:b2:a4 > dc:ef:80:5a:44:1a, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 57978, offset 0, flags [DF], proto ICMP (1), length 84)\n 10.5.204.102 > 223.5.5.5: ICMP echo request, id 22, seq 71, length 64\n^C\n2 packets captured\n2 packets received by filter\n0 packets dropped by kernel\n[root@pc-node-3 ~]#\n\n# \u200b\u53ef\u4ee5\u200b\u5728\u200b\u8be5\u200b\u8282\u70b9\u200b down \u200b\u6389\u200b\u51fa\u53bb\u200b\u7684\u200b\u7f51\u5361\u200b\uff0c\u200b\u7136\u540e\u200b\u770b\u200b pod \u200b\u51fa\u53bb\u200b\u7684\u200b\u5305\u200b\u5728\u200b\u7f51\u7edc\u200b\u4e2d\u65ad\u200b\u4e2d\u200b\u4f1a\u200b\u51fa\u73b0\u200b\u51e0\u4e2a\u200b\u5305\u200b\n# \u200b\u4e00\u822c\u200b\u90fd\u200b\u4f1a\u200b\u770b\u5230\u200b\u4e22\u200b 3 \u200b\u4e2a\u200b\u5305\u200b\n
"},{"location":"advance/ovn-l3-ha-based-ecmp-with-bfd/#3-bfd","title":"3. \u200b\u5173\u95ed\u200b bfd \u200b\u6a21\u5f0f","text":"\u200b\u5728\u200b\u67d0\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\uff0c\u200b\u53ef\u80fd\u200b\u60f3\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\uff08\u200b\u96c6\u4e2d\u5f0f\u200b\uff09\u200b\u5355\u4e2a\u200b\u7f51\u5173\u200b\u76f4\u63a5\u200b\u51fa\u200b\u516c\u7f51\u200b\uff0c\u200b\u8fd9\u4e2a\u200b\u65f6\u5019\u200b\u548c\u200b\u9ed8\u8ba4\u200b vpc enable_eip_snat \u200b\u7684\u200b\u4f7f\u7528\u200b\u6a21\u5f0f\u200b\u662f\u200b\u4e00\u81f4\u200b\u7684\u200b
# cat 01-vpc-ecmp-enable-external-bfd.yml\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc2\nspec:\n namespaces:\n - vpc2\n enableExternal: true\n #enableBfd: true\n enableBfd: false\n\n## \u200b\u5c06\u200b bfd \u200b\u529f\u80fd\u200b\u76f4\u63a5\u200b\u7981\u7528\u200b\u5373\u53ef\u200b\n\n# k ko nbctl lr-route-list vpc2\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 10.5.204.254 dst-ip\n\n# \u200b\u5e94\u7528\u200b\u540e\u200b\u8def\u7531\u200b\u4f1a\u200b\u5207\u6362\u200b\u56de\u200b\u6b63\u5e38\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u9759\u6001\u200b\u8def\u7531\u200b\n# \u200b\u540c\u65f6\u200b nbctl list bfd \u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b lrp \u200b\u5173\u8054\u200b\u7684\u200b bfd \u200b\u4f1a\u8bdd\u200b\u5df2\u7ecf\u200b\u79fb\u9664\u200b\n# \u200b\u800c\u4e14\u200b ovnext ns \u200b\u4e2d\u200b\u7684\u200b\u5bf9\u200b\u7aef\u200b bfd \u200b\u4f1a\u8bdd\u200b\u4e5f\u200b\u81ea\u52a8\u200b\u79fb\u9664\u200b\n# \u200b\u8be5\u200b\u5207\u6362\u200b\u8fc7\u7a0b\u200b\u4fdd\u6301\u200b vpc subnet \u200b\u5185\u200b\u4fdd\u6301\u200b ping \u200b\u672a\u200b\u770b\u5230\u200b(\u200b\u79d2\u7ea7\u200b)\u200b\u4e22\u5305\u200b\n# \u200b\u518d\u200b\u5207\u6362\u200b\u56de\u53bb\u200b \u200b\u4e5f\u200b\u672a\u200b\u770b\u5230\u200b(\u200b\u79d2\u7ea7\u200b)\u200b\u4e22\u5305\u200b\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/ovn-remote-port-mirroring/","title":"OVN \u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"\u200b\u6b64\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u6307\u5b9a\u200b Pod\u3001\u200b\u6307\u5b9a\u200b\u65b9\u5411\u200b\u7684\u200b\u6d41\u91cf\u200b\uff0c\u200b\u901a\u8fc7\u200b GRE/ERSPAN \u200b\u5c01\u88c5\u200b\u540e\u200b\uff0c\u200b\u4f20\u8f93\u200b\u5230\u200b\u8fdc\u7aef\u200b\u3002
\u200b\u6b64\u200b\u529f\u80fd\u200b\u8981\u6c42\u200b Kube-OVN \u200b\u7248\u672c\u200b\u4e0d\u200b\u4f4e\u4e8e\u200b v1.12\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#multus-cni","title":"\u90e8\u7f72\u200b Multus-CNI","text":"\u200b\u53c2\u8003\u200b Multus-CNI \u200b\u6587\u6863\u200b \u200b\u90e8\u7f72\u200b Multus\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#_1","title":"\u521b\u5efa\u200b\u9644\u5c5e\u200b\u7f51\u7edc","text":"\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u5185\u5bb9\u200b\u521b\u5efa\u200b\u9644\u5c5e\u200b\u7f51\u7edc\u200b\uff1a
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: attachnet\n namespace: default\nspec:\n config: |\n {\n \"cniVersion\": \"0.3.1\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"attachnet.default.ovn\"\n }\n
\u200b\u5176\u4e2d\u200b provider \u200b\u5b57\u200b\u6bb5\u200b\u683c\u5f0f\u200b\u4e3a\u200b <NAME>.<NAMESPACE>.ovn\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#underlay","title":"\u521b\u5efa\u200b Underlay \u200b\u7f51\u7edc","text":"\u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u662f\u200b\u5c01\u88c5\u200b\u540e\u200b\u8fdb\u884c\u200b\u4f20\u8f93\u200b\u7684\u200b\uff0c\u200b\u56e0\u6b64\u200b\u7528\u4e8e\u200b\u4f20\u8f93\u200b\u7684\u200b\u7f51\u7edc\u200b\uff0cMTU \u200b\u9700\u8981\u200b\u5927\u4e8e\u200b\u88ab\u200b\u955c\u50cf\u200b\u7684\u200b LSP/Pod\u3002\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b Underlay \u200b\u4f5c\u4e3a\u200b\u4f20\u8f93\u200b\u7f51\u7edc\u200b\u3002
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u5185\u5bb9\u200b\u521b\u5efa\u200b Underlay \u200b\u7f51\u7edc\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: net1\nspec:\n defaultInterface: eth1\n---\napiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan1\nspec:\n id: 0\n provider: net1\n---\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.19.0.0/16\n excludeIps:\n - 172.19.0.2..172.19.0.20\n gateway: 172.19.0.1\n vlan: vlan1\n provider: attachnet.default.ovn\n
\u200b\u5176\u4e2d\u200b\uff0c\u200b\u5b50\u7f51\u200b\u7684\u200b provider \u200b\u5fc5\u987b\u200b\u4e0e\u200b\u9644\u5c5e\u200b\u7f51\u7edc\u200b\u7684\u200b provider \u200b\u76f8\u540c\u200b\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#pod","title":"\u521b\u5efa\u200b\u6d41\u91cf\u200b\u63a5\u6536\u200b Pod","text":"\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u5185\u5bb9\u200b\u521b\u5efa\u200b\u7528\u4e8e\u200b\u63a5\u6536\u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u7684\u200b Pod\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: pod1\n annotations:\n k8s.v1.cni.cncf.io/networks: default/attachnet\nspec:\n containers:\n - name: bash\n image: docker.io/kubeovn/kube-ovn:v1.12.13\n args:\n - bash\n - -c\n - sleep infinity\n securityContext:\n privileged: true\n
\u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\u540e\u200b\uff0c\u200b\u67e5\u770b\u200b Pod \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff1a
$ kubectl get ips | grep pod1\npod1.default 10.16.0.12 00:00:00:FF:34:24 kube-ovn-worker ovn-default\npod1.default.attachnet.default.ovn 172.19.0.21 00:00:00:A0:30:68 kube-ovn-worker subnet1\n
\u200b\u8bb0\u4f4f\u200b\u7b2c\u4e8c\u200b\u7f51\u5361\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b 172.19.0.21\u3002
"},{"location":"advance/ovn-remote-port-mirroring/#ovn_1","title":"\u521b\u5efa\u200b OVN \u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\u521b\u5efa\u200b OVN \u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\uff1a
kubectl ko nbctl mirror-add mirror1 gre 99 from-lport 172.19.0.21\nkubectl ko nbctl lsp-attach-mirror coredns-787d4945fb-gpnkb.kube-system mirror1\n
\u200b\u5176\u4e2d\u200b coredns-787d4945fb-gpnkb.kube-system \u200b\u662f\u200b OVN LSP \u200b\u7684\u200b\u540d\u79f0\u200b\uff0c\u200b\u683c\u5f0f\u200b\u901a\u5e38\u200b\u4e3a\u200b <POD_NAME>.<POD_NAMESPACE>\u3002
\u200b\u76f8\u5173\u200b\u7684\u200b OVN \u200b\u547d\u4ee4\u200b\u4f7f\u7528\u200b\u65b9\u6cd5\u200b\u5982\u4e0b\u200b\uff1a
ovn-nbctl mirror-add <NAME> <TYPE> <INDEX> <FILTER> <IP>\n\nNAME - add a mirror with given name\nTYPE - specify TYPE 'gre' or 'erspan'\nINDEX - specify the tunnel INDEX value\n (indicates key if GRE, erpsan_idx if ERSPAN)\nFILTER - specify FILTER for mirroring selection\n ('to-lport' / 'from-lport')\nIP - specify Sink / Destination i.e. Remote IP\n\novn-nbctl mirror-del [NAME] remove mirrors\novn-nbctl mirror-list print mirrors\n\novn-nbctl lsp-attach-mirror PORT MIRROR attach source PORT to MIRROR\novn-nbctl lsp-detach-mirror PORT MIRROR detach source PORT from MIRROR\n
"},{"location":"advance/ovn-remote-port-mirroring/#pod_1","title":"\u914d\u7f6e\u200b\u6d41\u91cf\u200b\u63a5\u6536\u200b Pod","text":"\u200b\u5728\u200b\u524d\u9762\u200b\u521b\u5efa\u200b\u7684\u200b Pod \u200b\u4e2d\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff1a
root@pod1:/kube-ovn# ip link add mirror1 type gretap local 172.19.0.21 key 99 dev net1\nroot@pod1:/kube-ovn# ip link set mirror1 up\n
\u200b\u63a5\u4e0b\u6765\u200b\u5c31\u200b\u53ef\u4ee5\u200b\u5728\u200b\u63a5\u6536\u200b\u6d41\u91cf\u200b\u7684\u200b Pod \u200b\u4e2d\u200b\u8fdb\u884c\u200b\u6293\u5305\u200b\u9a8c\u8bc1\u200b\uff1a
root@pod1:/kube-ovn# tcpdump -i mirror1 -nnve\ntcpdump: listening on mirror1, link-type EN10MB (Ethernet), snapshot length 262144 bytes\n05:13:30.328808 00:00:00:a3:f5:e2 > 00:00:00:97:0f:6e, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.16.0.7 tell 10.16.0.4, length 28\n05:13:30.559167 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 212: (tos 0x0, ttl 64, id 57364, offset 0, flags [DF], proto UDP (17), length 198)\n 10.16.0.4.53 > 10.16.0.6.50472: 34511 NXDomain*- 0/1/1 (170)\n05:13:30.559343 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 212: (tos 0x0, ttl 64, id 57365, offset 0, flags [DF], proto UDP (17), length 198)\n 10.16.0.4.53 > 10.16.0.6.45177: 1659 NXDomain*- 0/1/1 (170)\n05:13:30.560625 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 200: (tos 0x0, ttl 64, id 57367, offset 0, flags [DF], proto UDP (17), length 186)\n 10.16.0.4.53 > 10.16.0.6.43848: 2636*- 0/1/1 (158)\n05:13:30.562774 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 191: (tos 0x0, ttl 64, id 57368, offset 0, flags [DF], proto UDP (17), length 177)\n 10.16.0.4.53 > 10.16.0.6.37755: 48737 NXDomain*- 0/1/1 (149)\n05:13:30.563523 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 187: (tos 0x0, ttl 64, id 57369, offset 0, flags [DF], proto UDP (17), length 173)\n 10.16.0.4.53 > 10.16.0.6.53887: 45519 NXDomain*- 0/1/1 (145)\n05:13:30.564940 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 201: (tos 0x0, ttl 64, id 57370, offset 0, flags [DF], proto UDP (17), length 187)\n 10.16.0.4.53 > 10.16.0.6.40846: 25745 NXDomain*- 0/1/1 (159)\n05:13:30.565140 00:00:00:a3:f5:e2 > 00:00:00:89:d5:cc, ethertype IPv4 (0x0800), length 201: (tos 0x0, ttl 64, id 57371, offset 0, flags [DF], proto UDP (17), length 187)\n 10.16.0.4.53 > 10.16.0.6.45214: 61875 NXDomain*- 0/1/1 (159)\n05:13:30.566023 00:00:00:a3:f5:e2 > 00:00:00:55:e4:4e, ethertype IPv4 (0x0800), length 80: (tos 0x0, ttl 64, id 45937, offset 0, flags [DF], proto UDP (17), length 66)\n 10.16.0.4.44116 > 172.18.0.1.53: 16025+ [1au] AAAA? alauda.cn. (38)\n
"},{"location":"advance/ovn-remote-port-mirroring/#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":" - \u200b\u5982\u679c\u200b\u4f7f\u7528\u200b ERSPAN \u200b\u4f5c\u4e3a\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\uff0cOVN \u200b\u8282\u70b9\u200b\u53ca\u200b\u8fdc\u7aef\u200b\u8bbe\u5907\u200b\u7684\u200b Linux \u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e0d\u5f97\u200b\u4f4e\u4e8e\u200b 4.14\u3002\u200b\u82e5\u200b\u4f7f\u7528\u200b ERSPAN \u200b\u4f5c\u4e3a\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\u4e14\u200b\u4f7f\u7528\u200b IPv6 \u200b\u4f5c\u4e3a\u200b\u4f20\u8f93\u200b\u7f51\u7edc\u200b\uff0cLinux \u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e0d\u5f97\u200b\u4f4e\u4e8e\u200b 4.16\u3002
- \u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u7684\u200b\u4f20\u8f93\u200b\u662f\u200b\u5355\u5411\u200b\u7684\u200b\uff0c\u200b\u53ea\u200b\u9700\u200b\u4fdd\u8bc1\u200b OVN \u200b\u8282\u70b9\u200b\u80fd\u591f\u200b\u8bbf\u95ee\u200b\u8fdc\u7aef\u200b\u8bbe\u5907\u200b\u5373\u53ef\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/performance-tuning/","title":"\u6027\u80fd\u200b\u8c03\u4f18","text":"\u200b\u4e3a\u4e86\u200b\u4fdd\u6301\u200b\u5b89\u88c5\u200b\u7684\u200b\u7b80\u5355\u200b\u548c\u200b\u529f\u80fd\u200b\u7684\u200b\u5b8c\u5907\u200b\uff0cKube-OVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u5e76\u200b\u6ca1\u6709\u200b\u5bf9\u200b\u6027\u80fd\u200b\u9488\u5bf9\u6027\u200b\u7684\u200b\u4f18\u5316\u200b\u3002\u200b\u5982\u679c\u200b\u5e94\u7528\u200b\u5bf9\u200b\u5ef6\u8fdf\u200b\u548c\u200b\u541e\u5410\u91cf\u200b\u654f\u611f\u200b\uff0c \u200b\u7ba1\u7406\u5458\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u672c\u200b\u6587\u6863\u200b\u5bf9\u200b\u6027\u80fd\u200b\u8fdb\u884c\u200b\u9488\u5bf9\u6027\u200b\u4f18\u5316\u200b\u3002
\u200b\u793e\u533a\u200b\u4f1a\u200b\u4e0d\u65ad\u200b\u8fed\u4ee3\u200b\u63a7\u5236\u9762\u677f\u200b\u548c\u200b\u4f18\u5316\u200b\u9762\u200b\u7684\u200b\u6027\u80fd\u200b\uff0c\u200b\u90e8\u5206\u200b\u901a\u7528\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u5df2\u7ecf\u200b\u96c6\u6210\u200b\u5230\u200b\u6700\u65b0\u200b\u7248\u672c\u200b\uff0c\u200b\u5efa\u8bae\u200b\u4f7f\u7528\u200b\u6700\u65b0\u200b\u7248\u672c\u200b\u83b7\u5f97\u200b\u66f4\u597d\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u6027\u80fd\u200b\u3002
\u200b\u66f4\u200b\u591a\u200b\u5173\u4e8e\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u7684\u200b\u8fc7\u7a0b\u200b\u548c\u200b\u65b9\u6cd5\u8bba\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u89c2\u770b\u200b\u89c6\u9891\u200b\u5206\u4eab\u200b\uff1aKube-OVN \u200b\u5bb9\u5668\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u4e4b\u65c5\u200b\u3002
"},{"location":"advance/performance-tuning/#_2","title":"\u57fa\u51c6\u200b\u6d4b\u8bd5","text":"\u200b\u7531\u4e8e\u200b\u8f6f\u786c\u4ef6\u200b\u73af\u5883\u200b\u7684\u200b\u5dee\u5f02\u200b\u6781\u5927\u200b\uff0c\u200b\u8fd9\u91cc\u200b\u63d0\u4f9b\u200b\u7684\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u6570\u636e\u200b\u53ea\u80fd\u200b\u4f5c\u4e3a\u200b\u53c2\u8003\u200b\uff0c\u200b\u5b9e\u9645\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b\u4f1a\u200b\u548c\u200b\u672c\u200b\u6587\u6863\u200b\u4e2d\u200b\u7684\u200b\u7ed3\u679c\u200b\u5b58\u5728\u200b\u8f83\u5927\u200b\u5dee\u5f02\u200b\u3002 \u200b\u5efa\u8bae\u200b\u6bd4\u8f83\u200b\u4f18\u5316\u200b\u524d\u540e\u200b\u7684\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u200b\uff0c\u200b\u548c\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u548c\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\u6bd4\u8f83\u200b\u3002
"},{"location":"advance/performance-tuning/#overlay","title":"Overlay \u200b\u4f18\u5316\u200b\u524d\u540e\u200b\u6027\u80fd\u200b\u5bf9\u6bd4","text":"\u200b\u73af\u5883\u200b\u4fe1\u606f\u200b\uff1a
- Kubernetes: 1.22.0
- OS: CentOS 7
- Kube-OVN: 1.8.0 Overlay \u200b\u6a21\u5f0f\u200b
- CPU: Intel(R) Xeon(R) E-2278G
- Network: 2*10Gbps, xmit_hash_policy=layer3+4
\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b qperf -t 60 <server ip> -ub -oo msg_size:1 -vu tcp_lat tcp_bw udp_lat udp_bw \u200b\u6d4b\u8bd5\u200b 1 \u200b\u5b57\u8282\u200b\u5c0f\u5305\u200b\u4e0b\u200b tcp/udp \u200b\u7684\u200b\u5e26\u5bbd\u200b\u548c\u200b\u5ef6\u8fdf\u200b\uff0c\u200b\u5206\u522b\u200b\u6d4b\u8bd5\u200b\u4f18\u5316\u200b\u524d\u200b\uff0c\u200b\u4f18\u5316\u200b\u540e\u200b\u4ee5\u53ca\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\uff1a
Type tcp_lat (us) udp_lat (us) tcp_bw (Mb/s) udp_bw(Mb/s) Kube-OVN Default 25.7 22.9 27.1 1.59 Kube-OVN Optimized 13.9 12.9 27.6 5.57 HOST Network 13.1 12.4 28.2 6.02"},{"location":"advance/performance-tuning/#overlay-underlay-calico","title":"Overlay\uff0c Underlay \u200b\u4ee5\u53ca\u200b Calico \u200b\u4e0d\u540c\u200b\u6a21\u5f0f\u200b\u6027\u80fd\u200b\u5bf9\u6bd4","text":"\u200b\u4e0b\u9762\u200b\u6211\u4eec\u200b\u4f1a\u200b\u6bd4\u8f83\u200b\u4f18\u5316\u200b\u540e\u200b Kube-OVN \u200b\u5728\u200b\u4e0d\u540c\u200b\u5305\u200b\u5927\u5c0f\u200b\u4e0b\u200b\u7684\u200b Overlay \u200b\u548c\u200b Underlay \u200b\u6027\u80fd\u200b\uff0c\u200b\u5e76\u200b\u548c\u200b Calico \u200b\u7684\u200b IPIP Always, IPIP never \u200b\u4ee5\u53ca\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u505a\u200b\u6bd4\u8f83\u200b\u3002
Environment:
- Kubernetes: 1.22.0
- OS: CentOS 7
- Kube-OVN: 1.8.0
- CPU: AMD EPYC 7402P 24-Core Processor
- Network: Intel Corporation Ethernet Controller XXV710 for 25GbE SFP28
qperf -t 60 <server ip> -ub -oo msg_size:1 -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Mb/s) udp_bw(Mb/s) Kube-OVN Overlay 15.2 14.6 23.6 2.65 Kube-OVN Underlay 14.3 13.8 24.2 3.46 Calico IPIP 21.4 20.2 23.6 1.18 Calico NoEncap 19.3 16.9 23.6 1.76 HOST Network 16.6 15.4 24.8 2.64 qperf -t 60 <server ip> -ub -oo msg_size:1K -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Gb/s) udp_bw(Gb/s) Kube-OVN Overlay 16.5 15.8 10.2 2.77 Kube-OVN Underlay 15.9 14.5 9.6 3.22 Calico IPIP 22.5 21.5 1.45 1.14 Calico NoEncap 19.4 18.3 3.76 1.63 HOST Network 18.1 16.6 9.32 2.66 qperf -t 60 <server ip> -ub -oo msg_size:4K -vu tcp_lat tcp_bw udp_lat udp_bw
Type tcp_lat (us) udp_lat (us) tcp_bw (Gb/s) udp_bw(Gb/s) Kube-OVN Overlay 34.7 41.6 16.0 9.23 Kube-OVN Underlay 32.6 44 15.1 6.71 Calico IPIP 44.8 52.9 2.94 3.26 Calico NoEncap 40 49.6 6.56 4.19 HOST Network 35.9 45.9 14.6 5.59 \u200b\u5728\u200b\u90e8\u5206\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\u4f1a\u200b\u4f18\u4e8e\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\uff0c\u200b\u8fd9\u662f\u200b\u4f18\u4e8e\u200b\u7ecf\u8fc7\u200b\u4f18\u5316\u200b\u540e\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u8def\u5f84\u200b\u5b8c\u5168\u200b\u7ed5\u8fc7\u200b\u4e86\u200b netfilter\uff0c \u200b\u800c\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7531\u4e8e\u200b kube-proxy \u200b\u7684\u200b\u5b58\u5728\u200b\u6240\u6709\u200b\u6570\u636e\u5305\u200b\u5747\u200b\u9700\u200b\u7ecf\u8fc7\u200b netfilter\uff0c\u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u5728\u200b\u4e00\u4e9b\u200b\u73af\u5883\u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b \u200b\u7684\u200b\u6d88\u8017\u200b\u76f8\u5bf9\u200b\u66f4\u200b\u5c0f\u200b\uff0c\u200b\u56e0\u6b64\u200b\u4f1a\u200b\u6709\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\u3002
"},{"location":"advance/performance-tuning/#_3","title":"\u6570\u636e\u200b\u5e73\u9762\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u65b9\u6cd5","text":"\u200b\u8fd9\u91cc\u200b\u4ecb\u7ecd\u200b\u7684\u200b\u4f18\u5316\u200b\u65b9\u6cd5\u200b\u548c\u200b\u8f6f\u786c\u4ef6\u200b\u73af\u5883\u200b\u4ee5\u53ca\u200b\u6240\u200b\u9700\u8981\u200b\u7684\u200b\u529f\u80fd\u200b\u76f8\u5173\u200b\uff0c\u200b\u8bf7\u200b\u4ed4\u7ec6\u200b\u4e86\u89e3\u200b\u4f18\u5316\u200b\u7684\u200b\u524d\u63d0\u6761\u4ef6\u200b\u518d\u200b\u8fdb\u884c\u200b\u5c1d\u8bd5\u200b\u3002
"},{"location":"advance/performance-tuning/#cpu","title":"CPU \u200b\u6027\u80fd\u200b\u6a21\u5f0f\u200b\u8c03\u6574","text":"\u200b\u90e8\u5206\u200b\u73af\u5883\u200b\u4e0b\u200b CPU \u200b\u8fd0\u884c\u200b\u5728\u200b\u8282\u80fd\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\u5c06\u4f1a\u200b\u4e0d\u200b\u7a33\u5b9a\u200b\uff0c\u200b\u5ef6\u8fdf\u200b\u4f1a\u200b\u51fa\u73b0\u200b\u660e\u663e\u589e\u52a0\u200b\uff0c\u200b\u5efa\u8bae\u200b\u4f7f\u7528\u200b CPU \u200b\u7684\u200b\u6027\u80fd\u200b\u6a21\u5f0f\u200b\u83b7\u5f97\u200b\u66f4\u200b\u7a33\u5b9a\u200b\u7684\u200b\u6027\u80fd\u200b\u8868\u73b0\u200b\uff1a
cpupower frequency-set -g performance\n
"},{"location":"advance/performance-tuning/#_4","title":"\u7f51\u5361\u200b\u786c\u4ef6\u200b\u961f\u5217\u200b\u8c03\u6574","text":"\u200b\u5728\u200b\u6d41\u91cf\u200b\u589e\u5927\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7f13\u51b2\u200b\u961f\u5217\u200b\u8fc7\u200b\u77ed\u200b\u53ef\u80fd\u200b\u5bfc\u81f4\u200b\u8f83\u200b\u9ad8\u200b\u7684\u200b\u4e22\u200b\u5305\u7387\u200b\u5bfc\u81f4\u200b\u6027\u80fd\u200b\u663e\u8457\u200b\u4e0b\u964d\u200b\uff0c\u200b\u9700\u8981\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b
\u200b\u68c0\u67e5\u200b\u5f53\u524d\u200b\u7f51\u5361\u200b\u961f\u5217\u200b\u957f\u5ea6\u200b\uff1a
# ethtool -g eno1\n Ring parameters for eno1:\n Pre-set maximums:\n RX: 4096\n RX Mini: 0\n RX Jumbo: 0\n TX: 4096\n Current hardware settings:\n RX: 255\n RX Mini: 0\n RX Jumbo: 0\n TX: 255\n
\u200b\u589e\u52a0\u200b\u961f\u5217\u200b\u957f\u5ea6\u200b\u81f3\u200b\u6700\u5927\u503c\u200b\uff1a
ethtool -G eno1 rx 4096\nethtool -G eno1 tx 4096\n
"},{"location":"advance/performance-tuning/#tuned","title":"\u4f7f\u7528\u200b tuned \u200b\u4f18\u5316\u200b\u7cfb\u7edf\u200b\u53c2\u6570","text":"tuned \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e00\u7cfb\u5217\u200b\u9884\u7f6e\u200b\u7684\u200b profile \u200b\u6587\u4ef6\u200b\u4fdd\u5b58\u200b\u4e86\u200b\u9488\u5bf9\u200b\u7279\u5b9a\u200b\u573a\u666f\u200b\u7684\u200b\u4e00\u7cfb\u5217\u200b\u7cfb\u7edf\u4f18\u5316\u200b\u914d\u7f6e\u200b\u3002
\u200b\u9488\u5bf9\u200b\u5ef6\u8fdf\u200b\u4f18\u5148\u200b\u573a\u666f\u200b\uff1a
tuned-adm profile network-latency\n
\u200b\u9488\u5bf9\u200b\u541e\u5410\u91cf\u200b\u4f18\u5148\u200b\u573a\u666f\u200b\uff1a
tuned-adm profile network-throughput\n
"},{"location":"advance/performance-tuning/#_5","title":"\u4e2d\u65ad\u200b\u7ed1\u5b9a","text":"\u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u7981\u7528\u200b irqbalance \u200b\u5e76\u200b\u5c06\u200b\u7f51\u5361\u200b\u4e2d\u65ad\u200b\u548c\u200b\u7279\u5b9a\u200b CPU \u200b\u8fdb\u884c\u200b\u7ed1\u5b9a\u200b\uff0c\u200b\u6765\u200b\u907f\u514d\u200b\u5728\u200b\u591a\u4e2a\u200b CPU \u200b\u4e4b\u95f4\u200b\u5207\u6362\u200b\u5bfc\u81f4\u200b\u7684\u200b\u6027\u80fd\u200b\u6ce2\u52a8\u200b\u3002
"},{"location":"advance/performance-tuning/#ovn-lb","title":"\u5173\u95ed\u200b OVN LB","text":"OVN \u200b\u7684\u200b L2 LB \u200b\u5b9e\u73b0\u200b\u8fc7\u7a0b\u200b\u4e2d\u200b\u9700\u8981\u200b\u8c03\u7528\u200b\u5185\u6838\u200b\u7684\u200b conntrack \u200b\u6a21\u5757\u200b\u5e76\u200b\u8fdb\u884c\u200b recirculate \u200b\u5bfc\u81f4\u200b\u5927\u91cf\u200b\u7684\u200b CPU \u200b\u5f00\u9500\u200b\uff0c\u200b\u7ecf\u200b\u6d4b\u8bd5\u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5e26\u6765\u200b 20% \u200b\u5de6\u53f3\u200b\u7684\u200b CPU \u200b\u5f00\u9500\u200b\uff0c \u200b\u5728\u200b Overlay \u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b kube-proxy \u200b\u5b8c\u6210\u200b Service \u200b\u8f6c\u53d1\u200b\u529f\u80fd\u200b\uff0c\u200b\u83b7\u5f97\u200b\u66f4\u597d\u200b\u7684\u200b Pod-to-Pod \u200b\u6027\u80fd\u200b\u3002\u200b\u53ef\u4ee5\u200b\u5728\u200b kube-ovn-controller \u200b\u4e2d\u200b\u5173\u95ed\u200b\u8be5\u200b\u529f\u80fd\u200b\uff1a
command:\n- /kube-ovn/start-controller.sh\nargs:\n...\n- --enable-lb=false\n...\n
Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b kube-proxy \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b iptables \u200b\u6216\u200b ipvs \u200b\u63a7\u5236\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\uff0c\u200b\u5982\u9700\u200b\u5173\u95ed\u200b LB \u200b\u529f\u80fd\u200b\u9700\u8981\u200b\u786e\u8ba4\u200b\u662f\u5426\u200b\u4e0d\u200b\u9700\u8981\u200b Service \u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/performance-tuning/#fastpath","title":"\u5185\u6838\u200b FastPath \u200b\u6a21\u5757","text":"\u200b\u7531\u4e8e\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u5728\u200b\u4e0d\u540c\u200b\u7684\u200b network ns\uff0c\u200b\u6570\u636e\u5305\u200b\u5728\u200b\u8de8\u200b\u5bbf\u4e3b\u673a\u200b\u4f20\u8f93\u200b\u65f6\u4f1a\u200b\u591a\u6b21\u200b\u7ecf\u8fc7\u200b netfilter \u200b\u6a21\u5757\u200b\uff0c\u200b\u4f1a\u200b\u5e26\u6765\u200b\u8fd1\u200b 20% \u200b\u7684\u200b CPU \u200b\u5f00\u9500\u200b\u3002\u200b\u7531\u4e8e\u200b\u5927\u90e8\u5206\u200b\u60c5\u51b5\u200b\u4e0b\u200b \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u5185\u200b\u5e94\u7528\u200b\u65e0\u987b\u200b\u4f7f\u7528\u200b netfilter \u200b\u6a21\u5757\u200b\u7684\u200b\u529f\u80fd\u200b\uff0cFastPath \u200b\u6a21\u5757\u200b\u53ef\u4ee5\u200b\u7ed5\u8fc7\u200b netfilter \u200b\u964d\u4f4e\u200b CPU \u200b\u5f00\u9500\u200b\u3002
\u200b\u5982\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u5185\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b netfilter \u200b\u63d0\u4f9b\u200b\u7684\u200b\u529f\u80fd\u200b\u5982\u200b iptables\uff0cipvs\uff0cnftables \u200b\u7b49\u200b\uff0c\u200b\u8be5\u200b\u6a21\u5757\u200b\u4f1a\u200b\u4f7f\u200b\u76f8\u5173\u200b\u529f\u80fd\u200b\u5931\u6548\u200b\u3002
\u200b\u7531\u4e8e\u200b\u5185\u6838\u6a21\u5757\u200b\u548c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u76f8\u5173\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b\u5355\u4e00\u200b\u9002\u5e94\u200b\u6240\u6709\u200b\u5185\u6838\u200b\u7684\u200b\u5185\u6838\u6a21\u5757\u200b\u5236\u54c1\u200b\u3002\u200b\u6211\u4eec\u200b\u9884\u5148\u200b\u7f16\u8bd1\u200b\u4e86\u200b\u90e8\u5206\u200b\u5185\u6838\u200b\u7684\u200b FastPath \u200b\u6a21\u5757\u200b\uff0c \u200b\u53ef\u4ee5\u200b\u524d\u5f80\u200b tunning-package \u200b\u8fdb\u884c\u200b\u4e0b\u8f7d\u200b\u3002
\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u624b\u52a8\u200b\u8fdb\u884c\u200b\u7f16\u8bd1\u200b\uff0c\u200b\u65b9\u6cd5\u200b\u53c2\u8003\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b FastPath \u200b\u6a21\u5757\u200b
\u200b\u83b7\u5f97\u200b\u5185\u6838\u6a21\u5757\u200b\u540e\u200b\u53ef\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4f7f\u7528\u200b insmod kube_ovn_fastpath.ko \u200b\u52a0\u8f7d\u200b FastPath \u200b\u6a21\u5757\u200b\uff0c\u200b\u5e76\u200b\u4f7f\u7528\u200b dmesg \u200b\u9a8c\u8bc1\u200b\u6a21\u5757\u200b\u52a0\u8f7d\u200b\u6210\u529f\u200b\uff1a
# dmesg\n...\n[619631.323788] init_module,kube_ovn_fastpath_local_out\n[619631.323798] init_module,kube_ovn_fastpath_post_routing\n[619631.323800] init_module,kube_ovn_fastpath_pre_routing\n[619631.323801] init_module,kube_ovn_fastpath_local_in\n...\n
"},{"location":"advance/performance-tuning/#ovs","title":"OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u4f18\u5316","text":"OVS \u200b\u7684\u200b flow \u200b\u5904\u7406\u200b\u5305\u62ec\u200b\u54c8\u5e0c\u200b\u8ba1\u7b97\u200b\uff0c\u200b\u5339\u914d\u200b\u7b49\u200b\u64cd\u4f5c\u200b\u4f1a\u200b\u6d88\u8017\u200b\u5927\u7ea6\u200b 10% \u200b\u5de6\u53f3\u200b\u7684\u200b CPU \u200b\u8d44\u6e90\u200b\u3002\u200b\u73b0\u4ee3\u200b x86 CPU \u200b\u4e0a\u200b\u7684\u200b\u4e00\u4e9b\u200b\u6307\u4ee4\u96c6\u200b\u4f8b\u5982\u200b popcnt \u200b\u548c\u200b sse4.2 \u200b\u53ef\u4ee5\u200b \u200b\u52a0\u901f\u200b\u76f8\u5173\u200b\u8ba1\u7b97\u200b\u8fc7\u7a0b\u200b\uff0c\u200b\u4f46\u200b\u5185\u6838\u200b\u9ed8\u8ba4\u200b\u7f16\u8bd1\u200b\u672a\u200b\u5f00\u542f\u200b\u76f8\u5173\u200b\u9009\u9879\u200b\u3002\u200b\u7ecf\u200b\u6d4b\u8bd5\u200b\u5728\u200b\u5f00\u542f\u200b\u76f8\u5e94\u200b\u6307\u4ee4\u96c6\u200b\u4f18\u5316\u200b\u540e\u200b\uff0cflow \u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b CPU \u200b\u6d88\u8017\u200b\u5c06\u4f1a\u200b\u964d\u81f3\u200b 5% \u200b\u5de6\u53f3\u200b\u3002
\u200b\u548c\u200b FastPath \u200b\u6a21\u5757\u200b\u7684\u200b\u7f16\u8bd1\u200b\u7c7b\u4f3c\u200b\uff0c\u200b\u7531\u4e8e\u200b\u5185\u6838\u6a21\u5757\u200b\u548c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u76f8\u5173\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u63d0\u4f9b\u200b\u4e00\u4e2a\u200b\u5355\u4e00\u200b\u9002\u5e94\u200b\u6240\u6709\u200b\u5185\u6838\u200b\u7684\u200b\u5185\u6838\u6a21\u5757\u200b\u5236\u54c1\u200b\u3002\u200b\u7528\u6237\u200b\u9700\u8981\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b\u6216\u8005\u200b \u200b\u524d\u5f80\u200b tunning-package \u200b\u67e5\u770b\u200b\u662f\u5426\u200b\u6709\u200b\u5df2\u200b\u7f16\u8bd1\u200b\u597d\u200b\u7684\u200b\u5236\u54c1\u200b\u8fdb\u884c\u200b\u4e0b\u8f7d\u200b\u3002
\u200b\u4f7f\u7528\u200b\u8be5\u200b\u5185\u6838\u6a21\u5757\u200b\u524d\u200b\u8bf7\u200b\u5148\u200b\u786e\u8ba4\u200b CPU \u200b\u662f\u5426\u200b\u652f\u6301\u200b\u76f8\u5173\u200b\u6307\u4ee4\u96c6\u200b\uff1a
cat /proc/cpuinfo | grep popcnt\ncat /proc/cpuinfo | grep sse4_2\n
"},{"location":"advance/performance-tuning/#centos","title":"CentOS \u200b\u4e0b\u200b\u7f16\u8bd1\u200b\u5b89\u88c5","text":"\u200b\u5b89\u88c5\u200b\u76f8\u5173\u200b\u7f16\u8bd1\u200b\u4f9d\u8d56\u200b\u548c\u200b\u5185\u6838\u200b\u5934\u6587\u4ef6\u200b\uff1a
yum install -y gcc kernel-devel-$(uname -r) python3 autoconf automake libtool rpm-build openssl-devel\n
\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u5e76\u200b\u751f\u6210\u200b\u5bf9\u5e94\u200b RPM \u200b\u6587\u4ef6\u200b:
git clone -b branch-2.17 --depth=1 https://github.com/openvswitch/ovs.git\ncd ovs\ncurl -s https://github.com/kubeovn/ovs/commit/2d2c83c26d4217446918f39d5cd5838e9ac27b32.patch | git apply\n./boot.sh\n./configure --with-linux=/lib/modules/$(uname -r)/build CFLAGS=\"-g -O2 -mpopcnt -msse4.2\"\nmake rpm-fedora-kmod\ncd rpm/rpmbuild/RPMS/x86_64/\n
\u200b\u590d\u5236\u200b RPM \u200b\u5230\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u5e76\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a
rpm -i openvswitch-kmod-2.15.2-1.el7.x86_64.rpm\n
\u200b\u82e5\u200b\u4e4b\u524d\u200b\u5df2\u7ecf\u200b\u542f\u52a8\u200b\u8fc7\u200b Kube-OVN\uff0c\u200b\u65e7\u7248\u672c\u200b OVS \u200b\u6a21\u5757\u200b\u5df2\u200b\u52a0\u8f7d\u200b\u81f3\u200b\u5185\u6838\u200b\uff0c\u200b\u5efa\u8bae\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u91cd\u65b0\u200b\u52a0\u8f7d\u200b\u65b0\u7248\u200b\u5185\u6838\u6a21\u5757\u200b\u3002
"},{"location":"advance/performance-tuning/#ubuntu","title":"Ubuntu \u200b\u4e0b\u200b\u7f16\u8bd1\u200b\u5b89\u88c5","text":"\u200b\u5b89\u88c5\u200b\u76f8\u5173\u200b\u7f16\u8bd1\u200b\u4f9d\u8d56\u200b\u548c\u200b\u5185\u6838\u200b\u5934\u6587\u4ef6\u200b\uff1a
apt install -y autoconf automake libtool gcc build-essential libssl-dev\n
\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u5e76\u200b\u5b89\u88c5\u200b\uff1a
apt install -y autoconf automake libtool gcc build-essential libssl-dev\n\ngit clone -b branch-2.17 --depth=1 https://github.com/openvswitch/ovs.git\ncd ovs\ncurl -s https://github.com/kubeovn/ovs/commit/2d2c83c26d4217446918f39d5cd5838e9ac27b32.patch | git apply\n./boot.sh\n./configure --prefix=/usr/ --localstatedir=/var --enable-ssl --with-linux=/lib/modules/$(uname -r)/build\nmake -j `nproc`\nmake install\nmake modules_install\n\ncat > /etc/depmod.d/openvswitch.conf << EOF\noverride openvswitch * extra\noverride vport-* * extra\nEOF\n\ndepmod -a\ncp debian/openvswitch-switch.init /etc/init.d/openvswitch-switch\n/etc/init.d/openvswitch-switch force-reload-kmod\n
\u200b\u82e5\u200b\u4e4b\u524d\u200b\u5df2\u7ecf\u200b\u542f\u52a8\u200b\u8fc7\u200b Kube-OVN\uff0c\u200b\u65e7\u7248\u672c\u200b OVS \u200b\u6a21\u5757\u200b\u5df2\u200b\u52a0\u8f7d\u200b\u81f3\u200b\u5185\u6838\u200b\uff0c\u200b\u5efa\u8bae\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u91cd\u65b0\u200b\u52a0\u8f7d\u200b\u65b0\u7248\u200b\u5185\u6838\u6a21\u5757\u200b\u3002
"},{"location":"advance/performance-tuning/#stt","title":"\u4f7f\u7528\u200b STT \u200b\u7c7b\u578b\u200b\u96a7\u9053","text":"\u200b\u5e38\u89c1\u200b\u7684\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\u4f8b\u5982\u200b Geneve \u200b\u548c\u200b Vxlan \u200b\u4f7f\u7528\u200b UDP \u200b\u534f\u8bae\u200b\u5bf9\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u6709\u200b\u826f\u597d\u200b\u7684\u200b\u652f\u6301\u200b\u3002\u200b\u4f46\u662f\u200b\u5f53\u200b\u4f7f\u7528\u200b UDP \u200b\u5c01\u88c5\u200b TCP \u200b\u6570\u636e\u5305\u200b\u65f6\u200b\uff0c \u200b\u73b0\u4ee3\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u548c\u200b\u7f51\u5361\u200b\u9488\u5bf9\u200b TCP \u200b\u534f\u8bae\u200b\u7684\u200b\u4f18\u5316\u200b\u548c\u200b offload \u200b\u529f\u80fd\u200b\u5c06\u200b\u65e0\u6cd5\u200b\u987a\u5229\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u5bfc\u81f4\u200b TCP \u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u51fa\u73b0\u200b\u663e\u8457\u200b\u4e0b\u964d\u200b\u3002\u200b\u5728\u200b\u865a\u62df\u5316\u200b\u573a\u666f\u200b\u4e0b\u200b\u7531\u4e8e\u200b CPU \u200b\u7684\u200b\u9650\u5236\u200b\uff0c TCP \u200b\u5927\u5305\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u751a\u81f3\u200b\u53ef\u80fd\u200b\u53ea\u6709\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u5341\u5206\u4e4b\u4e00\u200b\u3002
STT \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u79cd\u200b\u521b\u65b0\u200b\u5f0f\u200b\u7684\u200b\u4f7f\u7528\u200b TCP \u200b\u683c\u5f0f\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\u7684\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\uff0c\u200b\u8be5\u200b\u5c01\u88c5\u200b\u53ea\u662f\u200b\u6a21\u62df\u200b\u4e86\u200b TCP \u200b\u534f\u8bae\u200b\u7684\u200b\u5934\u90e8\u200b\u683c\u5f0f\u200b\uff0c\u200b\u5e76\u200b\u6ca1\u6709\u200b\u771f\u6b63\u200b\u5efa\u7acb\u200b TCP \u200b\u8fde\u63a5\u200b\uff0c\u200b\u4f46\u662f\u200b\u53ef\u4ee5\u200b \u200b\u5145\u5206\u5229\u7528\u200b\u73b0\u4ee3\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u548c\u200b\u7f51\u5361\u200b\u7684\u200b TCP \u200b\u4f18\u5316\u200b\u80fd\u529b\u200b\u3002\u200b\u5728\u200b\u6211\u4eec\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u4e2d\u200b TCP \u200b\u5927\u5305\u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u80fd\u200b\u6709\u200b\u6570\u500d\u200b\u7684\u200b\u63d0\u5347\u200b\uff0c\u200b\u8fbe\u5230\u200b\u63a5\u8fd1\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u200b\u6c34\u5e73\u200b\u3002
STT \u200b\u96a7\u9053\u200b\u5e76\u200b\u6ca1\u6709\u200b\u9884\u200b\u5b89\u88c5\u200b\u5728\u200b\u5185\u6838\u200b\u5185\u200b\uff0c\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u6765\u200b\u5b89\u88c5\u200b\uff0cOVS \u200b\u5185\u6838\u6a21\u5757\u200b\u7684\u200b\u7f16\u8bd1\u200b\u65b9\u6cd5\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u4e0a\u200b\u4e00\u8282\u200b\u3002
STT \u200b\u96a7\u9053\u200b\u5f00\u542f\u200b\uff1a
kubectl set env daemonset/ovs-ovn -n kube-system TUNNEL_TYPE=stt\n\nkubectl delete pod -n kube-system -lapp=ovs\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/security-group/","title":"SecurityGroup \u200b\u4f7f\u7528","text":"Kube-OVN \u200b\u652f\u6301\u200b\u4e86\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u914d\u7f6e\u200b\u5b89\u5168\u200b\u7ec4\u200b\u4f7f\u7528\u200b\u7684\u200b CRD \u200b\u4e3a\u200b SecurityGroup\u3002
"},{"location":"advance/security-group/#_1","title":"\u5b89\u5168\u200b\u7ec4\u200b\u793a\u4f8b","text":"apiVersion: kubeovn.io/v1\nkind: SecurityGroup\nmetadata:\n name: sg-example\nspec:\n allowSameGroupTraffic: true\n egressRules:\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: all\n remoteAddress: 10.16.0.13 # 10.16.0.0/16 \u200b\u914d\u7f6e\u200b\u7f51\u6bb5\u200b\n remoteType: address\n ingressRules:\n - ipVersion: ipv4\n policy: deny\n priority: 1\n protocol: icmp\n remoteAddress: 10.16.0.14\n remoteType: address\n
\u200b\u5b89\u5168\u200b\u7ec4\u5404\u5b57\u200b\u6bb5\u200b\u7684\u200b\u5177\u4f53\u200b\u542b\u4e49\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u63a5\u53e3\u200b\u89c4\u8303\u200b\u3002
Pod \u200b\u901a\u8fc7\u200b\u6dfb\u52a0\u200b annotation \u200b\u6765\u200b\u7ed1\u5b9a\u200b\u5b89\u5168\u200b\u7ec4\u200b\uff0c\u200b\u4f7f\u7528\u200b\u7684\u200b annotation \u200b\u6709\u200b\u4e24\u4e2a\u200b\uff1a
- port_security: \u200b\u6e90\u5730\u5740\u200b\u6821\u9a8c\u200b\uff0c\u200b\u5982\u679c\u200b\u5f00\u542f\u200b\uff0c\u200b\u53ea\u6709\u200b kube-ovn ipam \u200b\u5206\u914d\u200b\u5230\u200b\u7684\u200b ip \u200b\u6e90\u5730\u5740\u200b\u7684\u200b\u5305\u200b\u53ef\u4ee5\u200b\u4ece\u200b pod \u200b\u7f51\u5361\u200b\u51fa\u53bb\u200b\uff0c\u200b\u5173\u95ed\u200b\u540e\u200b, \u200b\u4efb\u610f\u200b ip \u200b\u90fd\u200b\u53ef\u4ee5\u200b\u3002
- security_groups\uff1a \u200b\u5b89\u5168\u200b\u7ec4\u200b\u5217\u8868\u200b\uff0c\u200b\u5305\u542b\u200b\u4e00\u7cfb\u5217\u200b ACL \u200b\u89c4\u5219\u200b\u3002
\u200b\u8fd9\u200b\u4e24\u4e2a\u200b annotation \u200b\u8d1f\u8d23\u200b\u7684\u200b\u529f\u80fd\u200b\u662f\u200b\u4e92\u76f8\u200b\u72ec\u7acb\u200b\u7684\u200b\u3002
ovn.kubernetes.io/port_security: \"true\"\n ovn.kubernetes.io/security_groups: sg-example\n
"},{"location":"advance/security-group/#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":" -
\u200b\u5b89\u5168\u200b\u7ec4\u200b\u6700\u540e\u200b\u662f\u200b\u901a\u8fc7\u200b\u8bbe\u7f6e\u200b ACL \u200b\u89c4\u5219\u200b\u6765\u200b\u9650\u5236\u200b\u8bbf\u95ee\u200b\u7684\u200b\uff0cOVN \u200b\u6587\u6863\u200b\u4e2d\u200b\u63d0\u5230\u200b\uff0c\u200b\u5982\u679c\u200b\u5339\u914d\u200b\u5230\u200b\u7684\u200b\u4e24\u4e2a\u200b ACL \u200b\u89c4\u5219\u200b\u62e5\u6709\u200b\u76f8\u540c\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u5b9e\u9645\u200b\u8d77\u200b\u4f5c\u7528\u200b\u7684\u200b\u662f\u200b\u54ea\u4e2a\u200b ACL \u200b\u662f\u200b\u4e0d\u200b\u786e\u5b9a\u200b\u7684\u200b\u3002\u200b\u56e0\u6b64\u200b\u8bbe\u7f6e\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u533a\u5206\u200b\u4f18\u5148\u7ea7\u200b\u3002
-
\u200b\u5f53\u200b\u6dfb\u52a0\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u8981\u200b\u6e05\u695a\u200b\u7684\u200b\u77e5\u9053\u200b\u662f\u200b\u5728\u200b\u6dfb\u52a0\u200b\u4ec0\u4e48\u200b\u9650\u5236\u200b\u3002Kube-OVN \u200b\u4f5c\u4e3a\u200b CNI\uff0c\u200b\u521b\u5efa\u200b Pod \u200b\u540e\u200b\u4f1a\u200b\u8fdb\u884c\u200b Pod \u200b\u5230\u200b\u7f51\u5173\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u5982\u679c\u200b\u8bbf\u95ee\u200b\u4e0d\u901a\u200b\u7f51\u5173\u200b\uff0c\u200b\u5c31\u200b\u4f1a\u200b\u5bfc\u81f4\u200b Pod \u200b\u4e00\u76f4\u200b\u5904\u4e8e\u200b ContainerCreating \u200b\u72b6\u6001\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u987a\u5229\u200b\u5207\u6362\u200b\u5230\u200b Running \u200b\u72b6\u6001\u200b\u3002
"},{"location":"advance/security-group/#_3","title":"\u5b9e\u9645\u200b\u6d4b\u8bd5","text":"\u200b\u5229\u7528\u200b\u4ee5\u4e0b\u200b yaml \u200b\u521b\u5efa\u200b Pod\uff0c\u200b\u5728\u200b annotation \u200b\u4e2d\u200b\u6307\u5b9a\u200b\u7ed1\u5b9a\u200b\u793a\u4f8b\u200b\u4e2d\u200b\u7684\u200b\u5b89\u5168\u200b\u7ec4\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n app: static\n annotations:\n ovn.kubernetes.io/port_security: 'true'\n ovn.kubernetes.io/security_groups: 'sg-example'\n name: sg-test-pod\n namespace: default\nspec:\n nodeName: kube-ovn-worker\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
\u200b\u5b9e\u9645\u200b\u6d4b\u8bd5\u200b\u7ed3\u679c\u663e\u793a\u200b\u5982\u4e0b\u200b\uff1a
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nsg-test-pod 0/1 ContainerCreating 0 5h32m <none> kube-ovn-worker <none> <none>\ntest-99fff7f86-52h9r 1/1 Running 0 5h41m 10.16.0.14 kube-ovn-control-plane <none> <none>\ntest-99fff7f86-qcgjw 1/1 Running 0 5h43m 10.16.0.13 kube-ovn-worker <none> <none>\n
\u200b\u6267\u884c\u200b kubectl describe pod \u200b\u67e5\u770b\u200b Pod \u200b\u7684\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u62a5\u9519\u200b\u63d0\u793a\u200b\uff1a
# kubectl describe pod sg-test-pod\nName: sg-test-pod\nNamespace: default\nPriority: 0\nNode: kube-ovn-worker/172.18.0.2\nStart Time: Tue, 28 Feb 2023 10:29:36 +0800\nLabels: app=static\nAnnotations: ovn.kubernetes.io/allocated: true\n ovn.kubernetes.io/cidr: 10.16.0.0/16\n ovn.kubernetes.io/gateway: 10.16.0.1\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/logical_router: ovn-cluster\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:FA:17:97\n ovn.kubernetes.io/pod_nic_type: veth-pair\n ovn.kubernetes.io/port_security: true\n ovn.kubernetes.io/routed: true\n ovn.kubernetes.io/security_groups: sg-allow-reject\nStatus: Pending\nIP:\nIPs: <none>\n\u00b7\n\u00b7\n\u00b7\nEvents:\n Type Reason Age From Message\n ---- ------ ---- ---- -------\n Warning FailedCreatePodSandBox 5m3s (x70 over 4h59m) kubelet (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox \"40636e0c7f1ade5500fa958486163d74f2e2300051a71522a9afd7ba0538afb6\": plugin type=\"kube-ovn\" failed (add): RPC failed; request ip return 500 configure nic failed 10.16.0.15 network not ready after 200 ping 10.16.0.1\n
\u200b\u4fee\u6539\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u89c4\u5219\u200b\uff0c\u200b\u6dfb\u52a0\u200b\u5230\u200b\u7f51\u5173\u200b\u7684\u200b\u8bbf\u95ee\u200b\u89c4\u5219\u200b\uff0c\u200b\u53c2\u8003\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SecurityGroup\nmetadata:\n name: sg-gw-both\nspec:\n allowSameGroupTraffic: true\n egressRules:\n - ipVersion: ipv4\n policy: allow\n priority: 2\n protocol: all\n remoteAddress: 10.16.0.13\n remoteType: address\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: all\n remoteAddress: 10.16.0.1\n remoteType: address\n ingressRules:\n - ipVersion: ipv4\n policy: deny\n priority: 2\n protocol: icmp\n remoteAddress: 10.16.0.14\n remoteType: address\n - ipVersion: ipv4\n policy: allow\n priority: 1\n protocol: icmp\n remoteAddress: 10.16.0.1\n remoteType: address\n
\u200b\u5206\u522b\u200b\u5728\u200b\u5165\u200b\u65b9\u5411\u200b\u548c\u200b\u51fa\u200b\u65b9\u5411\u200b\u89c4\u5219\u200b\u4e2d\u200b\uff0c\u200b\u6dfb\u52a0\u200b\u5141\u8bb8\u200b\u5230\u200b\u7f51\u5173\u200b\u7684\u200b\u8bbf\u95ee\u200b\u89c4\u5219\u200b\uff0c\u200b\u5e76\u4e14\u200b\u8bbe\u7f6e\u200b\u8be5\u200b\u89c4\u5219\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\u6700\u9ad8\u200b\u3002
\u200b\u5229\u7528\u200b\u4ee5\u4e0b\u200b yaml \u200b\u7ed1\u5b9a\u200b\u5b89\u5168\u200b\u7ec4\u200b\uff0c\u200b\u90e8\u7f72\u200b Pod \u200b\u540e\u200b\uff0c\u200b\u786e\u8ba4\u200b Pod \u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u8fd0\u884c\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n app: static\n annotations:\n ovn.kubernetes.io/port_security: 'true'\n ovn.kubernetes.io/security_groups: 'sg-gw-both'\n name: sg-gw-both\n namespace: default\nspec:\n nodeName: kube-ovn-worker\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
\u200b\u90e8\u7f72\u200b\u540e\u200b\u67e5\u770b\u200b Pod \u200b\u4fe1\u606f\u200b\uff1a
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nsg-test-pod 0/1 ContainerCreating 0 5h41m <none> kube-ovn-worker <none> <none>\nsg-gw-both 1/1 Running 0 5h37m 10.16.0.19 kube-ovn-worker <none> <none>\n
\u200b\u56e0\u6b64\u200b\u5bf9\u4e8e\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u4f7f\u7528\u200b\uff0c\u200b\u8981\u200b\u7279\u522b\u200b\u660e\u786e\u200b\u6dfb\u52a0\u200b\u7684\u200b\u9650\u5236\u200b\u89c4\u5219\u200b\u7684\u200b\u4f5c\u7528\u200b\u3002\u200b\u5982\u679c\u200b\u5355\u7eaf\u200b\u662f\u200b\u9650\u5236\u200b\u6d41\u91cf\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u8003\u8651\u200b\u4f7f\u7528\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u5b9e\u73b0\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vip/","title":"VIP \u200b\u9884\u7559\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\u6211\u4eec\u200b\u5e0c\u671b\u200b\u52a8\u6001\u200b\u7684\u200b\u9884\u7559\u200b\u4e00\u90e8\u5206\u200b IP \u200b\u4f46\u662f\u200b\u5e76\u200b\u4e0d\u200b\u5206\u914d\u200b\u7ed9\u200b Pod \u200b\u800c\u662f\u200b\u5206\u914d\u200b\u7ed9\u200b\u5176\u4ed6\u200b\u7684\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u542f\u7528\u200b\uff0c\u200b\u4f8b\u5982\u200b\uff1a
- Kubernetes \u200b\u5d4c\u5957\u200b Kubernetes \u200b\u7684\u200b\u573a\u666f\u200b\u4e2d\u4e0a\u5c42\u200b Kubernetes \u200b\u4f7f\u7528\u200b Underlay \u200b\u7f51\u7edc\u200b\u4f1a\u200b\u5360\u7528\u200b\u5e95\u5c42\u200b Subnet \u200b\u53ef\u7528\u200b\u5730\u5740\u200b\u3002
- LB \u200b\u6216\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u4e00\u4e2a\u200b Subnet \u200b\u5185\u200b\u7684\u200b IP\uff0c\u200b\u4f46\u200b\u4e0d\u4f1a\u200b\u5355\u72ec\u200b\u8d77\u200b Pod\u3002
"},{"location":"advance/vip/#vip_1","title":"\u521b\u5efa\u200b\u968f\u673a\u200b\u5730\u5740\u200b VIP","text":"\u200b\u5982\u679c\u200b\u53ea\u662f\u200b\u4e3a\u4e86\u200b\u9884\u7559\u200b\u82e5\u5e72\u200b IP \u200b\u800c\u200b\u5bf9\u200b IP \u200b\u5730\u5740\u200b\u672c\u8eab\u200b\u6ca1\u6709\u200b\u8981\u6c42\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b yaml \u200b\u8fdb\u884c\u200b\u521b\u5efa\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: vip-dynamic-01\nspec:\n subnet: ovn-default\n type: \"\"\n
subnet: \u200b\u5c06\u200b\u4ece\u200b\u8be5\u200b Subnet \u200b\u4e2d\u200b\u9884\u7559\u200b IP\u3002type: \u200b\u76ee\u524d\u200b\u652f\u6301\u200b\u4e24\u79cd\u200b\u7c7b\u578b\u200b\uff0c\u200b\u4e3a\u7a7a\u200b\u8868\u793a\u200b\u4ec5\u200b\u7528\u4e8e\u200b ipam ip \u200b\u5360\u4f4d\u200b\uff0cswitch_lb_vip \u200b\u8868\u793a\u200b\u8be5\u200b vip \u200b\u4ec5\u200b\u7528\u4e8e\u200b switch lb \u200b\u524d\u7aef\u200b vip \u200b\u548c\u200b\u540e\u200b\u7aef\u200b ip \u200b\u9700\u200b\u5904\u4e8e\u200b\u540c\u4e00\u200b\u5b50\u7f51\u200b\u3002
\u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\u67e5\u8be2\u200b\u8be5\u200b VIP\uff1a
# kubectl get vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\nvip-dynamic-01 10.16.0.12 00:00:00:F0:DB:25 ovn-default true\n
\u200b\u53ef\u89c1\u200b\u8be5\u200b VIP \u200b\u88ab\u200b\u5206\u914d\u200b\u4e86\u200b 10.16.0.12 \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u53ef\u4ee5\u200b\u4e4b\u540e\u200b\u4f9b\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u4f7f\u7528\u200b\u3002
"},{"location":"advance/vip/#vip_2","title":"\u521b\u5efa\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b VIP","text":"\u200b\u5982\u5bf9\u200b\u9884\u7559\u200b\u7684\u200b VIP \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u6709\u200b\u9700\u6c42\u200b\u53ef\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b yaml \u200b\u8fdb\u884c\u200b\u56fa\u5b9a\u200b\u5206\u914d\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Vip\nmetadata:\n name: static-vip01\nspec:\n subnet: ovn-default \n v4ip: \"10.16.0.121\"\n
subnet: \u200b\u5c06\u200b\u4ece\u200b\u8be5\u200b Subnet \u200b\u4e2d\u200b\u9884\u7559\u200b IP\u3002v4ip: \u200b\u56fa\u5b9a\u200b\u5206\u914d\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u9700\u5728\u200b subnet \u200b\u7684\u200b CIDR \u200b\u8303\u56f4\u200b\u5185\u200b\u3002
\u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\u67e5\u8be2\u200b\u8be5\u200b VIP\uff1a
# kubectl get vip\nNAME V4IP PV4IP MAC PMAC V6IP PV6IP SUBNET READY\nstatic-vip01 10.16.0.121 00:00:00:F0:DB:26 ovn-default true\n
\u200b\u53ef\u89c1\u200b\u8be5\u200b VIP \u200b\u88ab\u200b\u5206\u914d\u200b\u4e86\u200b\u6240\u200b\u9884\u671f\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
"},{"location":"advance/vip/#pod-vip-ip","title":"Pod \u200b\u4f7f\u7528\u200b VIP \u200b\u6765\u200b\u56fa\u5b9a\u200b IP","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u4ece\u200b v1.12 \u200b\u5f00\u59cb\u200b\u652f\u6301\u200b\u3002
\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b annotation \u200b\u5c06\u200b\u67d0\u4e2a\u200b VIP \u200b\u5206\u914d\u200b\u7ed9\u200b\u4e00\u4e2a\u200b Pod\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: static-ip\n annotations:\n ovn.kubernetes.io/vip: vip-dynamic-01 # \u200b\u6307\u5b9a\u200b vip\n namespace: default\nspec:\n containers:\n - name: static-ip\n image: docker.io/library/nginx:alpine\n
"},{"location":"advance/vip/#statefulset-kubevirt-vm-vip","title":"StatefulSet \u200b\u548c\u200b Kubevirt VM \u200b\u4fdd\u7559\u200b VIP","text":"\u200b\u9488\u5bf9\u200b StatefulSet \u200b\u548c\u200b VM \u200b\u7684\u200b\u7279\u6b8a\u6027\u200b\uff0c\u200b\u5728\u200b\u4ed6\u4eec\u200b\u7684\u200b Pod \u200b\u9500\u6bc1\u200b\u518d\u62c9\u8d77\u200b\u8d77\u540e\u200b\u4f1a\u200b\u91cd\u65b0\u200b\u4f7f\u7528\u200b\u4e4b\u524d\u200b\u8bbe\u7f6e\u200b\u7684\u200b VIP\u3002
VM \u200b\u4fdd\u7559\u200b VIP \u200b\u9700\u8981\u200b\u786e\u4fdd\u200b kube-ovn-controller \u200b\u7684\u200b keep-vm-ip \u200b\u53c2\u6570\u200b\u4e3a\u200b true\u3002\u200b\u8bf7\u200b\u53c2\u8003\u200b Kubevirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u5f00\u542f\u200b\u8bbe\u7f6e\u200b
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vpc-dns/","title":"\u81ea\u5b9a\u4e49\u200b VPC DNS","text":"\u200b\u7531\u4e8e\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u548c\u200b \u200b\u9ed8\u8ba4\u200b VPC \u200b\u7f51\u7edc\u200b\u76f8\u4e92\u200b\u9694\u79bb\u200b\uff0c\u200b\u81ea\u200b\u5b9a\u200b VPC \u200b\u5185\u200b\u65e0\u6cd5\u8bbf\u95ee\u200b\u5230\u200b\u90e8\u7f72\u200b\u5728\u200b\u9ed8\u8ba4\u200b VPC \u200b\u5185\u200b\u7684\u200b coredns\u3002 \u200b\u5982\u679c\u200b\u7528\u6237\u200b\u5e0c\u671b\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u63d0\u4f9b\u200b\u7684\u200b\u96c6\u7fa4\u200b\u5185\u200b\u57df\u540d\u89e3\u6790\u200b\u80fd\u529b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u672c\u200b\u6587\u6863\u200b\uff0c\u200b\u5229\u7528\u200b vpc-dns CRD \u200b\u6765\u200b\u5b9e\u73b0\u200b\u3002
\u200b\u8be5\u200b CRD \u200b\u6700\u7ec8\u200b\u4f1a\u200b\u90e8\u7f72\u200b\u4e00\u4e2a\u200b coredns\uff0c\u200b\u8be5\u200b Pod \u200b\u6709\u200b\u4e24\u4e2a\u200b\u7f51\u5361\u200b\uff0c\u200b\u4e00\u4e2a\u200b\u7f51\u5361\u200b\u5728\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC\uff0c\u200b\u53e6\u200b\u4e00\u4e2a\u200b\u7f51\u5361\u200b\u5728\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4ece\u800c\u200b\u5b9e\u73b0\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\uff0c\u200b\u540c\u65f6\u200b\u901a\u8fc7\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u63d0\u4f9b\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u3002
"},{"location":"advance/vpc-dns/#vpc-dns_1","title":"\u90e8\u7f72\u200b vpc-dns \u200b\u6240\u200b\u4f9d\u8d56\u200b\u7684\u200b\u8d44\u6e90","text":"apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:vpc-dns\nrules:\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - namespaces\n verbs:\n - list\n - watch\n - apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n annotations:\n rbac.authorization.kubernetes.io/autoupdate: \"true\"\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: vpc-dns\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:vpc-dns\nsubjects:\n- kind: ServiceAccount\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-corefile\n namespace: kube-system\ndata:\n Corefile: |\n .:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n forward . /etc/resolv.conf {\n prefer_udp\n }\n cache 30\n loop\n reload\n loadbalance\n }\n
\u200b\u9664\u4e86\u200b\u4ee5\u4e0a\u200b\u8d44\u6e90\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u8fd8\u200b\u4f9d\u8d56\u200b nat-gw-pod \u200b\u955c\u50cf\u200b\u8fdb\u884c\u200b\u8def\u7531\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"advance/vpc-dns/#_1","title":"\u914d\u7f6e\u200b\u9644\u52a0\u200b\u7f51\u5361","text":"apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-nad\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-nad.default.ovn\"\n }'\n
"},{"location":"advance/vpc-dns/#vpc-dns-configmap","title":"\u914d\u7f6e\u200b vpc-dns \u200b\u7684\u200b Configmap","text":"\u200b\u5728\u200b kube-system \u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u4e0b\u200b\u521b\u5efa\u200b configmap\uff0c\u200b\u914d\u7f6e\u200b vpc-dns \u200b\u4f7f\u7528\u200b\u53c2\u6570\u200b\uff0c\u200b\u7528\u4e8e\u200b\u540e\u9762\u200b\u542f\u52a8\u200b vpc-dns \u200b\u529f\u80fd\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-config\n namespace: kube-system\ndata:\n coredns-vip: 10.96.0.3\n enable-vpc-dns: \"true\"\n nad-name: ovn-nad\n nad-provider: ovn-nad.default.ovn\n
enable-vpc-dns\uff1a\u200b\u662f\u5426\u200b\u542f\u7528\u200b\u529f\u80fd\u200b\uff0c\u200b\u9ed8\u8ba4\u200b true\u3002coredns-image\uff1adns \u200b\u90e8\u7f72\u200b\u955c\u50cf\u200b\u3002\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b coredns \u200b\u90e8\u7f72\u200b\u7248\u672c\u200b\u3002coredns-vip\uff1a\u200b\u4e3a\u200b coredns \u200b\u63d0\u4f9b\u200b lb \u200b\u670d\u52a1\u200b\u7684\u200b vip\u3002coredns-template\uff1acoredns \u200b\u90e8\u7f72\u200b\u6a21\u677f\u200b\u6240\u5728\u200b\u7684\u200b URL\u3002\u200b\u9ed8\u8ba4\u200b\u83b7\u53d6\u200b\u5f53\u524d\u200b\u7248\u672c\u200b ovn \u200b\u76ee\u5f55\u200b\u4e0b\u200b coredns-template.yaml \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b https://raw.githubusercontent.com/kubeovn/kube-ovn/\u200b\u5f53\u524d\u200b\u7248\u672c\u200b/yamls/coredns-template.yaml \u3002nad-name\uff1a\u200b\u914d\u7f6e\u200b\u7684\u200b network-attachment-definitions \u200b\u8d44\u6e90\u200b\u540d\u79f0\u200b\u3002nad-provider\uff1a\u200b\u4f7f\u7528\u200b\u7684\u200b provider \u200b\u540d\u79f0\u200b\u3002k8s-service-host\uff1a\u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b ip\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u5185\u200b apiserver \u200b\u5730\u5740\u200b\u3002k8s-service-port\uff1a\u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b port\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u5185\u200b apiserver \u200b\u7aef\u53e3\u200b\u3002
"},{"location":"advance/vpc-dns/#vpc-dns_2","title":"\u90e8\u7f72\u200b vpc-dns","text":"\u200b\u914d\u7f6e\u200b vpc-dns yaml\uff1a
kind: VpcDns\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-cjh1\nspec:\n vpc: cjh-vpc-1\n subnet: cjh-subnet-1\n replicas: 2\n
vpc \uff1a \u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b vpc \u200b\u540d\u79f0\u200b\u3002subnet\uff1a\u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b\u5b50\u200b\u540d\u79f0\u200b\u3002replicas: vpc dns deployment replicas
\u200b\u67e5\u770b\u200b\u90e8\u7f72\u200b\u8d44\u6e90\u200b\u7684\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get vpc-dns\nNAME ACTIVE VPC SUBNET \ntest-cjh1 false cjh-vpc-1 cjh-subnet-1 \ntest-cjh2 true cjh-vpc-1 cjh-subnet-2 \n
ACTIVE : true \u200b\u90e8\u7f72\u200b\u4e86\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b\uff0cfalse \u200b\u65e0\u200b\u90e8\u7f72\u200b\u3002
\u200b\u9650\u5236\u200b\uff1a\u200b\u4e00\u4e2a\u200b VPC \u200b\u4e0b\u200b\u53ea\u4f1a\u200b\u90e8\u7f72\u200b\u4e00\u4e2a\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b;
- \u200b\u5f53\u200b\u4e00\u4e2a\u200b VPC \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u591a\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\uff08\u200b\u5373\u200b\u540c\u4e00\u4e2a\u200b VPC \u200b\u4e0d\u540c\u200b\u7684\u200b subnet\uff09\uff0c\u200b\u53ea\u6709\u200b\u4e00\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\u72b6\u6001\u200b
true\uff0c\u200b\u5176\u4ed6\u200b\u4e3a\u200b fasle; - \u200b\u5f53\u200b
true \u200b\u7684\u200b vpc-dns \u200b\u88ab\u200b\u5220\u9664\u200b\u6389\u200b\uff0c\u200b\u4f1a\u200b\u83b7\u53d6\u200b\u5176\u4ed6\u200b false \u200b\u7684\u200b vpc-dns \u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\u3002
"},{"location":"advance/vpc-dns/#_2","title":"\u9a8c\u8bc1\u200b\u90e8\u7f72\u200b\u7ed3\u679c","text":"\u200b\u67e5\u770b\u200b vpc-dns Pod \u200b\u72b6\u6001\u200b\uff0c\u200b\u4f7f\u7528\u200b label app=vpc-dns\uff0c\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b\u6240\u6709\u200b vpc-dns pod \u200b\u72b6\u6001\u200b\uff1a
# kubectl -n kube-system get pods -l app=vpc-dns\nNAME READY STATUS RESTARTS AGE\nvpc-dns-test-cjh1-7b878d96b4-g5979 1/1 Running 0 28s\nvpc-dns-test-cjh1-7b878d96b4-ltmf9 1/1 Running 0 28s\n
\u200b\u67e5\u770b\u200b slr \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\uff1a
# kubectl -n kube-system get slr\nNAME VIP PORT(S) SERVICE AGE\nvpc-dns-test-cjh1 10.96.0.3 53/UDP,53/TCP,9153/TCP kube-system/slr-vpc-dns-test-cjh1 113s\n
\u200b\u8fdb\u5165\u200b\u8be5\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Pod\uff0c\u200b\u6d4b\u8bd5\u200b dns \u200b\u89e3\u6790\u200b:
nslookup kubernetes.default.svc.cluster.local 10.96.0.3\n
\u200b\u8be5\u200b VPC \u200b\u4e0b\u200b\u7684\u200b switch lb rule \u200b\u6240\u5728\u200b\u7684\u200b\u5b50\u7f51\u200b\u4ee5\u53ca\u200b\u540c\u4e00\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u5176\u4ed6\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b pod \u200b\u90fd\u200b\u53ef\u4ee5\u200b\u89e3\u6790\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vpc-internal-lb/","title":"\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861","text":"Kubernetes \u200b\u63d0\u4f9b\u200b\u7684\u200b Service \u200b\u53ef\u4ee5\u200b\u7528\u4f5c\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\uff0c \u200b\u4f46\u662f\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c \u200b\u4f7f\u7528\u200b Service \u200b\u4f5c\u4e3a\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u5b58\u5728\u200b\u5982\u4e0b\u200b\u51e0\u4e2a\u200b\u95ee\u9898\u200b\uff1a
- Service IP \u200b\u8303\u56f4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u8d44\u6e90\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5171\u4eab\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u91cd\u53e0\u200b\u3002
- \u200b\u7528\u6237\u200b\u65e0\u6cd5\u200b\u6309\u7167\u200b\u81ea\u5df1\u200b\u610f\u613f\u200b\u8bbe\u7f6e\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
\u200b\u4e3a\u4e86\u200b\u89e3\u51b3\u200b\u4e0a\u8ff0\u200b\u95ee\u9898\u200b\uff0cKube-OVN \u200b\u5728\u200b 1.11 \u200b\u5f15\u5165\u200b SwitchLBRule CRD\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u8bbe\u7f6e\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u3002
SwitchLBRule \u200b\u652f\u6301\u200b\u4ee5\u4e0b\u200b\u4e24\u79cd\u200b\u65b9\u5f0f\u200b\u8bbe\u7f6e\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u3002
"},{"location":"advance/vpc-internal-lb/#selector","title":"Selector \u200b\u81ea\u52a8\u200b\u751f\u6210\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b selector \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b label \u200b\u81ea\u52a8\u200b\u5173\u8054\u200b pod \u200b\u914d\u7f6e\u200b\u751f\u6210\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u3002
SwitchLBRule \u200b\u6837\u200b\u4f8b\u5982\u200b\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n selector:\n - app:nginx\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
-
selector, sessionAffinity \u200b\u548c\u200b port \u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u540c\u200b Kubernetes Service\u3002
-
vip\uff1a\u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
-
namespace\uff1aselector \u200b\u6240\u200b\u9009\u62e9\u200b Pod \u200b\u6240\u5728\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u3002
Kube-OVN \u200b\u4f1a\u200b\u6839\u636e\u200b SwitchLBRule \u200b\u5b9a\u4e49\u200b\u9009\u62e9\u200b\u7684\u200b Pod \u200b\u5f97\u51fa\u200b Pod \u200b\u6240\u5728\u200b VPC \u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b L2 LB\u3002
"},{"location":"advance/vpc-internal-lb/#endpoints","title":"Endpoints \u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b endpoints \u200b\u53ef\u4ee5\u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\uff0c\u200b\u7528\u4ee5\u200b\u652f\u6301\u200b\u65e0\u6cd5\u200b\u901a\u8fc7\u200b selector \u200b\u81ea\u52a8\u200b\u751f\u6210\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219\u200b\u7684\u200b\u573a\u666f\u200b\uff0c\u200b\u6bd4\u5982\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u540e\u7aef\u200b\u662f\u200b kubevirt \u200b\u521b\u5efa\u200b\u7684\u200b vm \u3002
SwitchLBRule \u200b\u6837\u200b\u4f8b\u5982\u200b\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n endpoints:\n - 192.168.0.101\n - 192.168.0.102\n - 192.168.0.103\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
-
sessionAffinity \u200b\u548c\u200b port \u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u540c\u200b Kubernetes Service\u3002
-
vip\uff1a\u200b\u81ea\u5b9a\u4e49\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
-
namespace\uff1aselector \u200b\u6240\u200b\u9009\u62e9\u200b Pod \u200b\u6240\u5728\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u3002
-
endpoints\uff1a\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u540e\u200b\u7aef\u200b IP \u200b\u5217\u8868\u200b\u3002
\u200b\u6ce8\u200b\uff1a\u200b\u5982\u679c\u200b\u540c\u65f6\u200b\u914d\u7f6e\u200b\u4e86\u200b selector \u200b\u548c\u200b endpoints,\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5ffd\u7565\u200b selector \u200b\u914d\u7f6e\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/vpc-peering/","title":"VPC \u200b\u4e92\u8054","text":"VPC \u200b\u4e92\u8054\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u79cd\u200b\u5c06\u200b\u4e24\u4e2a\u200b VPC \u200b\u7f51\u7edc\u200b\u901a\u8fc7\u200b\u903b\u8f91\u200b\u8def\u7531\u200b\u6253\u901a\u200b\u7684\u200b\u673a\u5236\u200b\uff0c\u200b\u4ece\u800c\u200b\u4f7f\u200b\u4e24\u4e2a\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b\u53ef\u4ee5\u200b\u50cf\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u79c1\u6709\u200b\u7f51\u7edc\u200b\u4e00\u6837\u200b\uff0c \u200b\u901a\u8fc7\u200b\u79c1\u6709\u200b\u5730\u5740\u200b\u76f8\u4e92\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u65e0\u9700\u200b\u901a\u8fc7\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u8fdb\u884c\u200b NAT \u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"advance/vpc-peering/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u8be5\u200b\u529f\u80fd\u200b\u53ea\u200b\u9002\u7528\u200b\u4e8e\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC\u3002
- \u200b\u4e3a\u4e86\u200b\u907f\u514d\u200b\u8def\u7531\u200b\u91cd\u53e0\u200b\u4e24\u4e2a\u200b VPC \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u80fd\u200b\u91cd\u53e0\u200b\u3002
- \u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b\u4e24\u4e2a\u200b VPC \u200b\u7684\u200b\u4e92\u8054\u200b\uff0c\u200b\u66f4\u200b\u591a\u7ec4\u200b VPC \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4e92\u8054\u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b\u3002
"},{"location":"advance/vpc-peering/#_2","title":"\u4f7f\u7528\u200b\u65b9\u5f0f","text":"\u200b\u9996\u5148\u200b\u521b\u5efa\u200b\u4e24\u4e2a\u200b\u4e0d\u200b\u4e92\u8054\u200b\u7684\u200b VPC\uff0c\u200b\u6bcf\u4e2a\u200b VPC \u200b\u4e0b\u200b\u5404\u6709\u200b\u4e00\u4e2a\u200b Subnet\uff0cSubnet \u200b\u7684\u200b CIDR \u200b\u4e92\u4e0d\u200b\u91cd\u53e0\u200b\u3002
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-1\nspec: {}\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net1\nspec:\n vpc: vpc-1\n cidrBlock: 10.0.0.0/16\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-2\nspec: {}\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: vpc-2\n cidrBlock: 172.31.0.0/16\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b VPC \u200b\u5185\u200b\u5206\u522b\u200b\u589e\u52a0\u200b vpcPeerings \u200b\u548c\u200b\u5bf9\u5e94\u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff1a
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-1\nspec: \n vpcPeerings:\n - remoteVpc: vpc-2\n localConnectIP: 169.254.0.1/30\n staticRoutes:\n - cidr: 172.31.0.0/16\n nextHopIP: 169.254.0.2\n policy: policyDst\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: vpc-2\nspec:\n vpcPeerings:\n - remoteVpc: vpc-1\n localConnectIP: 169.254.0.2/30\n staticRoutes:\n - cidr: 10.0.0.0/16\n nextHopIP: 169.254.0.1\n policy: policyDst\n
remoteVpc: \u200b\u4e92\u8054\u200b\u7684\u200b\u53e6\u200b\u4e00\u4e2a\u200b VPC \u200b\u7684\u200b\u540d\u5b57\u200b\u3002localConnectIP: \u200b\u4f5c\u4e3a\u200b\u4e92\u8054\u200b\u7aef\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u548c\u200b CIDR\uff0c\u200b\u6ce8\u610f\u200b\u4e24\u7aef\u200b IP \u200b\u5e94\u200b\u5c5e\u4e8e\u200b\u540c\u4e00\u200b CIDR\uff0c\u200b\u4e14\u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u6709\u200b\u5b50\u7f51\u200b\u51b2\u7a81\u200b\u3002cidr\uff1a\u200b\u53e6\u4e00\u7aef\u200b Subnet \u200b\u7684\u200b CIDR\u3002nextHopIP\uff1a\u200b\u4e92\u8054\u200b VPC \u200b\u53e6\u4e00\u7aef\u200b\u7684\u200b localConnectIP\u3002
\u200b\u5206\u522b\u200b\u5728\u200b\u4e24\u4e2a\u200b Subnet \u200b\u4e0b\u200b\u521b\u5efa\u200b Pod
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net1\n name: vpc-1-pod\nspec:\n containers:\n - name: vpc-1-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net2\n name: vpc-2-pod\nspec:\n containers:\n - name: vpc-2-pod\n image: docker.io/library/nginx:alpine\n
\u200b\u6d4b\u8bd5\u200b\u7f51\u7edc\u200b\u8fde\u901a\u6027\u200b
# kubectl exec -it vpc-1-pod -- ping $(kubectl get pod vpc-2-pod -o jsonpath='{.status.podIP}')\nPING 172.31.0.2 (172.31.0.2): 56 data bytes\n64 bytes from 172.31.0.2: seq=0 ttl=62 time=0.655 ms\n64 bytes from 172.31.0.2: seq=1 ttl=62 time=0.086 ms\n64 bytes from 172.31.0.2: seq=2 ttl=62 time=0.098 ms\n^C\n--- 172.31.0.2 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.086/0.279/0.655 ms\n# kubectl exec -it vpc-2-pod -- ping $(kubectl get pod vpc-1-pod -o jsonpath='{.status.podIP}')\nPING 10.0.0.2 (10.0.0.2): 56 data bytes\n64 bytes from 10.0.0.2: seq=0 ttl=62 time=0.594 ms\n64 bytes from 10.0.0.2: seq=1 ttl=62 time=0.093 ms\n64 bytes from 10.0.0.2: seq=2 ttl=62 time=0.088 ms\n^C\n--- 10.0.0.2 ping statistics ---\n3 packets transmitted, 3 packets received, 0% packet loss\nround-trip min/avg/max = 0.088/0.258/0.594 ms\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/windows/","title":"Windows \u200b\u652f\u6301","text":"Kube-OVN \u200b\u652f\u6301\u200b\u5305\u542b\u200b Windows \u200b\u7cfb\u7edf\u200b\u8282\u70b9\u200b\u7684\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5c06\u200b Windows \u200b\u5bb9\u5668\u200b\u7684\u200b\u7f51\u7edc\u200b\u7edf\u4e00\u200b\u63a5\u5165\u200b\u8fdb\u884c\u200b\u7ba1\u7406\u200b\u3002
"},{"location":"advance/windows/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u53c2\u8003\u200b Adding Windows nodes \u200b\u589e\u52a0\u200b Windows \u200b\u8282\u70b9\u200b\u3002
- Windows \u200b\u8282\u70b9\u200b\u5fc5\u987b\u200b\u5b89\u88c5\u200b KB4489899 \u200b\u8865\u4e01\u200b\u4ee5\u200b\u4f7f\u200b Overlay/VXLAN \u200b\u7f51\u7edc\u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u5efa\u8bae\u200b\u66f4\u65b0\u200b\u7cfb\u7edf\u200b\u81f3\u200b\u6700\u65b0\u200b\u7248\u672c\u200b\u3002
- Windows \u200b\u8282\u70b9\u200b\u5fc5\u987b\u200b\u5b89\u88c5\u200b Hyper-V \u200b\u53ca\u200b\u7ba1\u7406\u5de5\u5177\u200b\u3002
- \u200b\u7531\u4e8e\u200b Windows \u200b\u9650\u5236\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u53ea\u80fd\u200b\u4f7f\u7528\u200b Vxlan \u200b\u6a21\u5f0f\u200b\u3002
- \u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b SSL\uff0cIPv6\uff0c\u200b\u53cc\u6808\u200b\uff0cQoS \u200b\u529f\u80fd\u200b\u3002
- \u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b\u52a8\u6001\u200b\u5b50\u7f51\u200b\uff0c\u200b\u52a8\u6001\u200b\u96a7\u9053\u200b\u63a5\u53e3\u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u5728\u200b\u5b89\u88c5\u200b Windows \u200b\u8282\u70b9\u200b\u524d\u200b\u5b8c\u6210\u200b\u5b50\u7f51\u200b\u521b\u5efa\u200b\uff0c\u200b\u5e76\u200b\u56fa\u5b9a\u200b\u7f51\u7edc\u63a5\u53e3\u200b\u3002
- \u200b\u4e0d\u200b\u652f\u6301\u200b\u591a\u4e2a\u200b
ProviderNetwork\uff0c\u200b\u4e14\u200b\u65e0\u6cd5\u200b\u52a8\u6001\u200b\u8c03\u6574\u200b\u6865\u63a5\u200b\u63a5\u53e3\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"advance/windows/#ovs","title":"\u5b89\u88c5\u200b OVS","text":"\u200b\u7531\u4e8e\u200b\u4e0a\u6e38\u200b OVN \u200b\u548c\u200b OVS \u200b\u5bf9\u200b Windows \u200b\u5bb9\u5668\u200b\u652f\u6301\u200b\u5b58\u5728\u200b\u4e00\u4e9b\u200b\u95ee\u9898\u200b\uff0c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u63d0\u4f9b\u200b\u7684\u200b\u7ecf\u8fc7\u200b\u4fee\u6539\u200b\u7684\u200b\u5b89\u88c5\u5305\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\u3002
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\u6253\u5f00\u200b Windows \u200b\u8282\u70b9\u200b\u7684\u200b TESTSIGNING \u200b\u542f\u52a8\u9879\u200b\uff0c\u200b\u6267\u884c\u200b\u6210\u529f\u200b\u540e\u200b\u9700\u8981\u200b\u91cd\u542f\u200b\u7cfb\u7edf\u200b\u751f\u6548\u200b\uff1a
bcdedit /set LOADOPTIONS DISABLE_INTEGRITY_CHECKS\nbcdedit /set TESTSIGNING ON\nbcdedit /set nointegritychecks ON\n
\u200b\u5728\u200b Windows \u200b\u8282\u70b9\u200b\u4e0b\u8f7d\u200b Windows \u200b\u5b89\u88c5\u5305\u200b\u5e76\u200b\u89e3\u538b\u200b\u5b89\u88c5\u200b\u3002
\u200b\u5b89\u88c5\u200b\u5b8c\u6210\u200b\u540e\u200b\u786e\u8ba4\u200b\u670d\u52a1\u200b\u6b63\u5e38\u200b\u8fd0\u884c\u200b\uff1a
PS > Get-Service | findstr ovs\nRunning ovsdb-server Open vSwitch DB Service\nRunning ovs-vswitchd Open vSwitch Service\n
"},{"location":"advance/windows/#kube-ovn","title":"\u5b89\u88c5\u200b Kube-OVN","text":"\u200b\u5728\u200b Windows \u200b\u8282\u70b9\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b install.ps1\u3002
\u200b\u8865\u5145\u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\u5e76\u200b\u6267\u884c\u200b\uff1a
.\\install.ps1 -KubeConfig C:\\k\\admin.conf -ApiServer https://192.168.140.180:6443 -ServiceCIDR 10.96.0.0/12\n
\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b, Kube-OVN \u200b\u4f7f\u7528\u200b\u8282\u70b9\u200b IP \u200b\u6240\u5728\u200b\u7684\u200b\u7f51\u5361\u200b\u4f5c\u4e3a\u200b\u96a7\u9053\u200b\u63a5\u53e3\u200b\u3002 \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u5176\u5b83\u200b\u7f51\u5361\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u524d\u200b\u7ed9\u200b\u8282\u70b9\u200b\u6dfb\u52a0\u200b\u6307\u5b9a\u200b\u7684\u200b Annotation\uff0c\u200b\u5982\u200b ovn.kubernetes.io/tunnel_interface=Ethernet1\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-bgp/","title":"BGP \u200b\u652f\u6301","text":"Kube-OVN \u200b\u652f\u6301\u200b\u5c06\u200b Pod \u200b\u6216\u200b Subnet \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u901a\u8fc7\u200b BGP \u200b\u534f\u8bae\u200b\u5411\u200b\u5916\u90e8\u200b\u8fdb\u884c\u200b\u8def\u7531\u200b\u5e7f\u64ad\u200b\uff0c\u200b\u4ece\u800c\u200b\u4f7f\u5f97\u200b Pod IP \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\u3002 \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u8be5\u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u5b89\u88c5\u200b kube-ovn-speaker \u200b\u5e76\u200b\u5bf9\u200b\u9700\u8981\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\u7684\u200b Pod \u200b\u6216\u200b Subnet \u200b\u589e\u52a0\u200b\u5bf9\u5e94\u200b\u7684\u200b annotation\u3002
"},{"location":"advance/with-bgp/#kube-ovn-speaker","title":"\u5b89\u88c5\u200b kube-ovn-speaker","text":"kube-ovn-speaker \u200b\u5185\u200b\u4f7f\u7528\u200b GoBGP \u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u8bbf\u95ee\u200b\u66b4\u9732\u200b\u5730\u5740\u200b\u7684\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u8def\u7531\u200b\u6307\u5411\u200b\u81ea\u8eab\u200b\u3002
\u200b\u7531\u4e8e\u200b\u90e8\u7f72\u200b kube-ovn-speaker \u200b\u7684\u200b\u8282\u70b9\u200b\u9700\u8981\u200b\u627f\u62c5\u200b\u56de\u7a0b\u200b\u6d41\u91cf\u200b\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u9009\u62e9\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
kubectl label nodes speaker-node-1 ovn.kubernetes.io/bgp=true\nkubectl label nodes speaker-node-2 ovn.kubernetes.io/bgp=true\n
\u200b\u5f53\u200b\u5b58\u5728\u200b\u591a\u4e2a\u200b kube-ovn-speaker \u200b\u5b9e\u4f8b\u200b\u65f6\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u5b9e\u4f8b\u200b\u90fd\u200b\u4f1a\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\uff0c\u200b\u4e0a\u6e38\u200b\u8def\u7531\u5668\u200b\u9700\u8981\u200b\u652f\u6301\u200b\u591a\u8def\u5f84\u200b ECMP\u3002
\u200b\u4e0b\u8f7d\u200b\u5bf9\u5e94\u200b yaml:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/yamls/speaker.yaml\n
\u200b\u4fee\u6539\u200b yaml \u200b\u5185\u200b\u76f8\u5e94\u200b\u914d\u7f6e\u200b\uff1a
--neighbor-address=10.32.32.1\n--neighbor-as=65030\n--cluster-as=65000\n
neighbor-address: BGP Peer \u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u901a\u5e38\u200b\u4e3a\u200b\u8def\u7531\u5668\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\u3002neighbor-as: BGP Peer \u200b\u7684\u200b AS \u200b\u53f7\u200b\u3002cluster-as: \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b AS \u200b\u53f7\u200b\u3002
\u200b\u90e8\u7f72\u200b yaml:
kubectl apply -f speaker.yaml\n
"},{"location":"advance/with-bgp/#podsubnet","title":"\u53d1\u5e03\u200b Pod/Subnet \u200b\u8def\u7531","text":"\u200b\u5982\u9700\u200b\u4f7f\u7528\u200b BGP \u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\uff0c\u200b\u9996\u5148\u200b\u9700\u8981\u200b\u5c06\u200b\u5bf9\u5e94\u200b Subnet \u200b\u7684\u200b natOutgoing \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\uff0c\u200b\u4f7f\u5f97\u200b Pod IP \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\u3002
\u200b\u589e\u52a0\u200b annotation \u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\uff1a
kubectl annotate pod sample ovn.kubernetes.io/bgp=true\nkubectl annotate subnet ovn-default ovn.kubernetes.io/bgp=true\n
\u200b\u5220\u9664\u200b annotation \u200b\u53d6\u6d88\u200b\u53d1\u5e03\u200b\uff1a
kubectl annotate pod perf-ovn-xzvd4 ovn.kubernetes.io/bgp-\nkubectl annotate subnet ovn-default ovn.kubernetes.io/bgp-\n
"},{"location":"advance/with-bgp/#bgp_1","title":"BGP \u200b\u9ad8\u7ea7\u200b\u9009\u9879","text":"kube-ovn-speaker \u200b\u652f\u6301\u200b\u66f4\u200b\u591a\u200b BGP \u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u9ad8\u7ea7\u200b\u914d\u7f6e\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u200b\u6839\u636e\u200b\u81ea\u5df1\u200b\u7f51\u7edc\u200b\u73af\u5883\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
announce-cluster-ip: \u200b\u662f\u5426\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b Service \u200b\u8def\u7531\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b false\u3002auth-password: BGP peer \u200b\u7684\u200b\u8bbf\u95ee\u200b\u5bc6\u7801\u200b\u3002holdtime: BGP \u200b\u90bb\u5c45\u200b\u95f4\u200b\u7684\u200b\u5fc3\u8df3\u200b\u63a2\u6d4b\u200b\u65f6\u95f4\u200b\uff0c\u200b\u8d85\u8fc7\u200b\u6539\u200b\u65f6\u95f4\u200b\u6ca1\u6709\u200b\u6d88\u606f\u200b\u7684\u200b\u90bb\u5c45\u200b\u5c06\u4f1a\u200b\u88ab\u200b\u79fb\u9664\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 90 \u200b\u79d2\u200b\u3002graceful-restart: \u200b\u662f\u5426\u200b\u542f\u7528\u200b BGP Graceful Restart\u3002graceful-restart-time: BGP Graceful restart time \u200b\u53ef\u200b\u53c2\u8003\u200b RFC4724 3\u3002graceful-restart-deferral-time: BGP Graceful restart deferral time \u200b\u53ef\u200b\u53c2\u8003\u200b RFC4724 4.1\u3002passivemode: Speaker \u200b\u8fd0\u884c\u200b\u5728\u200b passive \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u4e0d\u200b\u4e3b\u52a8\u200b\u8fde\u63a5\u200b peer\u3002ebgp-multihop: ebgp ttl \u200b\u9ed8\u8ba4\u503c\u200b\u4e3a\u200b 1\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-cilium/","title":"Cilium \u200b\u96c6\u6210","text":"Cilium \u200b\u662f\u200b\u4e00\u6b3e\u200b\u57fa\u4e8e\u200b eBPF \u200b\u7684\u200b\u7f51\u7edc\u200b\u548c\u200b\u5b89\u5168\u200b\u7ec4\u4ef6\u200b\uff0cKube-OVN \u200b\u5229\u7528\u200b\u5176\u4e2d\u200b\u7684\u200b CNI Chaining \u200b\u6a21\u5f0f\u200b\u6765\u200b\u5bf9\u200b\u5df2\u6709\u200b\u529f\u80fd\u200b\u8fdb\u884c\u200b\u589e\u5f3a\u200b\u3002 \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u4e30\u5bcc\u200b\u7684\u200b\u7f51\u7edc\u200b\u62bd\u8c61\u200b\u80fd\u529b\u200b\u548c\u200b eBPF \u200b\u5e26\u6765\u200b\u7684\u200b\u76d1\u63a7\u200b\u548c\u200b\u5b89\u5168\u200b\u80fd\u529b\u200b\u3002
\u200b\u901a\u8fc7\u200b\u96c6\u6210\u200b Cilium\uff0cKube-OVN \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u83b7\u5f97\u200b\u5982\u4e0b\u200b\u589e\u76ca\u200b\uff1a
- \u200b\u66f4\u200b\u4e30\u5bcc\u200b\u9ad8\u6548\u200b\u7684\u200b\u5b89\u5168\u7b56\u7565\u200b\u3002
- \u200b\u57fa\u4e8e\u200b Hubble \u200b\u7684\u200b\u76d1\u63a7\u200b\u89c6\u56fe\u200b\u3002
"},{"location":"advance/with-cilium/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - Linux \u200b\u5185\u6838\u200b\u7248\u672c\u200b\u9ad8\u4e8e\u200b 4.19 \u200b\u6216\u200b\u5176\u4ed6\u200b\u517c\u5bb9\u200b\u5185\u6838\u200b\u4ee5\u200b\u83b7\u5f97\u200b\u5b8c\u6574\u200b eBPF \u200b\u80fd\u529b\u200b\u652f\u6301\u200b\u3002
- \u200b\u63d0\u524d\u200b\u90e8\u7f72\u200b Helm \u200b\u4e3a\u200b\u5b89\u88c5\u200b Cilium \u200b\u505a\u200b\u51c6\u5907\u200b\uff0c\u200b\u90e8\u7f72\u200b Helm \u200b\u8bf7\u200b\u53c2\u8003\u200b Installing Helm\u3002
"},{"location":"advance/with-cilium/#kube-ovn","title":"\u914d\u7f6e\u200b Kube-OVN","text":"\u200b\u4e3a\u4e86\u200b\u5145\u5206\u200b\u4f7f\u7528\u200b Cilium \u200b\u7684\u200b\u5b89\u5168\u200b\u80fd\u529b\u200b\uff0c\u200b\u9700\u8981\u200b\u5173\u95ed\u200b Kube-OVN \u200b\u5185\u200b\u7684\u200b networkpolicy \u200b\u529f\u80fd\u200b\uff0c\u200b\u5e76\u200b\u8c03\u6574\u200b CNI \u200b\u914d\u7f6e\u200b\u4f18\u5148\u7ea7\u200b\u3002
\u200b\u5728\u200b install.sh \u200b\u811a\u672c\u200b\u91cc\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53d8\u91cf\u200b\uff1a
ENABLE_NP=false\nCNI_CONFIG_PRIORITY=10\n
\u200b\u82e5\u200b\u5df2\u200b\u90e8\u7f72\u200b\u5b8c\u6210\u200b\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b networkpolicy\uff1a
args:\n- --enable-np=false\n
\u200b\u4fee\u6539\u200b kube-ovn-cni \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u8c03\u6574\u200b CNI \u200b\u914d\u7f6e\u200b\u4f18\u5148\u7ea7\u200b\uff1a
args:\n- --cni-conf-name=10-kube-ovn.conflist\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u8c03\u6574\u200b Kube-OVN \u200b\u914d\u7f6e\u6587\u4ef6\u200b\u540d\u79f0\u200b\uff0c\u200b\u4ee5\u4fbf\u200b\u4f18\u5148\u200b\u4f7f\u7528\u200b Cilium \u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff1a
mv /etc/cni/net.d/01-kube-ovn.conflist /etc/cni/net.d/10-kube-ovn.conflist\n
"},{"location":"advance/with-cilium/#cilium_1","title":"\u90e8\u7f72\u200b Cilium","text":"\u200b\u521b\u5efa\u200b chaining.yaml \u200b\u914d\u7f6e\u6587\u4ef6\u200b\uff0c\u200b\u4f7f\u7528\u200b Cilium \u200b\u7684\u200b generic-veth \u200b\u6a21\u5f0f\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: cni-configuration\n namespace: kube-system\ndata:\n cni-config: |-\n {\n \"name\": \"generic-veth\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n },\n {\n \"type\": \"cilium-cni\"\n }\n ]\n }\n
\u200b\u5b89\u88c5\u200b\u914d\u7f6e\u6587\u4ef6\u200b\uff1a
kubectl apply -f chaining.yaml\n
\u200b\u4f7f\u7528\u200b Helm \u200b\u90e8\u7f72\u200b Cilium\uff1a
helm repo add cilium https://helm.cilium.io/\nhelm install cilium cilium/cilium --version 1.11.6 \\\n --namespace kube-system \\\n --set cni.chainingMode=generic-veth \\\n --set cni.customConf=true \\\n --set cni.configMap=cni-configuration \\\n --set tunnel=disabled \\\n --set enableIPv4Masquerade=false \\\n --set enableIdentityMark=false \n
\u200b\u786e\u8ba4\u200b Cilium \u200b\u5b89\u88c5\u200b\u6210\u529f\u200b\uff1a
# cilium status\n /\u00af\u00af\\\n /\u00af\u00af\\__/\u00af\u00af\\ Cilium: OK\n \\__/\u00af\u00af\\__/ Operator: OK\n /\u00af\u00af\\__/\u00af\u00af\\ Hubble: disabled\n \\__/\u00af\u00af\\__/ ClusterMesh: disabled\n \\__/\n\nDaemonSet cilium Desired: 2, Ready: 2/2, Available: 2/2\nDeployment cilium-operator Desired: 2, Ready: 2/2, Available: 2/2\nContainers: cilium Running: 2\n cilium-operator Running: 2\nCluster Pods: 8/11 managed by Cilium\nImage versions cilium quay.io/cilium/cilium:v1.10.5@sha256:0612218e28288db360c63677c09fafa2d17edda4f13867bcabf87056046b33bb: 2\n cilium-operator quay.io/cilium/operator-generic:v1.10.5@sha256:2d2f730f219d489ff0702923bf24c0002cd93eb4b47ba344375566202f56d972: 2\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-openstack/","title":"OpenStack \u200b\u96c6\u6210","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7528\u6237\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b OpenStack \u200b\u8fd0\u884c\u200b\u865a\u62df\u673a\u200b\uff0c\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u8fd0\u884c\u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u9700\u8981\u200b\u5bb9\u5668\u200b\u548c\u200b\u865a\u673a\u200b\u4e4b\u95f4\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u5e76\u200b\u5904\u4e8e\u200b\u7edf\u4e00\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u4e0b\u200b\u3002\u200b\u5982\u679c\u200b OpenStack Neutron \u200b\u4fa7\u200b\u540c\u6837\u200b\u4f7f\u7528\u200b OVN \u200b\u4f5c\u4e3a\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u200b\u63a7\u5236\u200b\uff0c\u200b\u90a3\u4e48\u200b Kube-OVN \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u548c\u200b\u5171\u4eab\u200b\u5e95\u5c42\u200b OVN \u200b\u4e24\u79cd\u200b\u65b9\u5f0f\u200b\u6253\u901a\u200b OpenStack \u200b\u548c\u200b Kubernetes \u200b\u7684\u200b\u7f51\u7edc\u200b\u3002
"},{"location":"advance/with-openstack/#_1","title":"\u96c6\u7fa4\u200b\u4e92\u8054","text":"\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u548c\u200b\u4f7f\u7528\u200b OVN-IC \u200b\u8fdb\u884c\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u6253\u901a\u200b\u4e24\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u65b9\u5f0f\u200b\u7c7b\u4f3c\u200b\uff0c\u200b\u53ea\u4e0d\u8fc7\u200b\u5c06\u200b\u96c6\u7fa4\u200b\u4e24\u7aef\u200b\u6362\u6210\u200b OpenStack \u200b\u548c\u200b Kubernetes\u3002
"},{"location":"advance/with-openstack/#_2","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u81ea\u52a8\u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b\u4e0b\u200b OpenStack \u200b\u548c\u200b Kubernetes \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u80fd\u200b\u76f8\u4e92\u200b\u91cd\u53e0\u200b\u3002
- \u200b\u9700\u8981\u200b\u5b58\u5728\u200b\u4e00\u7ec4\u200b\u673a\u5668\u200b\u53ef\u4ee5\u200b\u88ab\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u901a\u8fc7\u200b\u7f51\u7edc\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u7528\u6765\u200b\u90e8\u7f72\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u7684\u200b\u63a7\u5236\u5668\u200b\u3002
- \u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u9700\u8981\u200b\u6709\u200b\u4e00\u7ec4\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b IP \u200b\u8fdb\u884c\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8bbf\u200b\u7684\u200b\u673a\u5668\u200b\u4f5c\u4e3a\u200b\u4e4b\u540e\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u3002
- \u200b\u8be5\u200b\u65b9\u6848\u200b\u53ea\u200b\u6253\u901a\u200b Kubernetes \u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u548c\u200b OpenStack \u200b\u7684\u200b\u9009\u5b9a\u200b VPC\u3002
"},{"location":"advance/with-openstack/#ovn-ic","title":"\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93","text":"\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u542f\u52a8\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh\n
"},{"location":"advance/with-openstack/#kubernetes","title":"Kubernetes \u200b\u4fa7\u200b\u64cd\u4f5c","text":"\u200b\u5728\u200b kube-system Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b ovn-ic-config ConfigMap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
enable-ic: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u3002az-name: \u200b\u533a\u5206\u200b\u4e0d\u540c\u200b\u96c6\u7fa4\u200b\u7684\u200b\u96c6\u7fa4\u200b\u540d\u79f0\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4e92\u8054\u200b\u96c6\u7fa4\u200b\u9700\u200b\u4e0d\u540c\u200b\u3002ic-db-host: \u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002ic-nb-port: OVN-IC \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6645\u3002ic-sb-port: OVN-IC \u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6646\u3002gw-nodes: \u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u4e2d\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u5de5\u4f5c\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u200b\uff0c\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u3002auto-route: \u200b\u662f\u5426\u200b\u81ea\u52a8\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u548c\u200b\u5b66\u4e60\u200b\u8def\u7531\u200b\u3002
"},{"location":"advance/with-openstack/#openstack_1","title":"OpenStack \u200b\u4fa7\u200b\u64cd\u4f5c","text":"\u200b\u521b\u5efa\u200b\u548c\u200b Kubernetes \u200b\u4e92\u8054\u200b\u7684\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff1a
# openstack router create router0\n# openstack router list\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| ID | Name | Status | State | Project |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| d5b38655-249a-4192-8046-71aa4d2b4af1 | router0 | ACTIVE | UP | 98a29ab7388347e7b5ff8bdd181ba4f9 |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n
\u200b\u5728\u200b OpenStack \u200b\u5185\u200b\u7684\u200b OVN \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b\u53ef\u7528\u200b\u533a\u200b\u540d\u5b57\u200b\uff0c\u200b\u8be5\u200b\u540d\u79f0\u200b\u9700\u200b\u548c\u200b\u5176\u4ed6\u200b\u4e92\u8054\u200b\u96c6\u7fa4\u200b\u4e0d\u540c\u200b\uff1a
ovn-nbctl set NB_Global . name=op-az\n
\u200b\u5728\u200b\u53ef\u200b\u8bbf\u95ee\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u8282\u70b9\u200b\u542f\u52a8\u200b OVN-IC \u200b\u63a7\u5236\u5668\u200b\uff1a
/usr/share/ovn/scripts/ovn-ctl --ovn-ic-nb-db=tcp:192.168.65.3:6645 \\\n --ovn-ic-sb-db=tcp:192.168.65.3:6646 \\\n --ovn-northd-nb-db=unix:/run/ovn/ovnnb_db.sock \\\n --ovn-northd-sb-db=unix:/run/ovn/ovnsb_db.sock \\\n start_ic\n
ovn-ic-nb-db\uff0covn-ic-sb-db: OVN-IC \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u548c\u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u5730\u5740\u200b\u3002ovn-northd-nb-db\uff0c ovn-northd-sb-db: \u200b\u5f53\u524d\u200b\u96c6\u7fa4\u200b OVN \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u548c\u200b\u5357\u5411\u200b\u6570\u636e\u200b\u5730\u5740\u200b\u3002
\u200b\u914d\u7f6e\u200b\u4e92\u8054\u7f51\u200b\u5173\u8282\u70b9\u200b\uff1a
ovs-vsctl set open_vswitch . external_ids:ovn-is-interconn=true\n
\u200b\u63a5\u4e0b\u6765\u200b\u9700\u8981\u200b\u5728\u200b OpenStack \u200b\u7684\u200b OVN \u200b\u5185\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u521b\u5efa\u200b\u903b\u8f91\u200b\u62d3\u6251\u200b\u3002
\u200b\u8fde\u63a5\u200b ts \u200b\u4e92\u8054\u200b\u4ea4\u6362\u673a\u200b\u548c\u200b router0 \u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff0c\u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u76f8\u5173\u200b\u89c4\u5219\u200b\uff1a
ovn-nbctl lrp-add router0 lrp-router0-ts 00:02:ef:11:39:4f 169.254.100.73/24\novn-nbctl lsp-add ts lsp-ts-router0 -- lsp-set-addresses lsp-ts-router0 router \\\n -- lsp-set-type lsp-ts-router0 router \\\n -- lsp-set-options lsp-ts-router0 router-port=lrp-router0-ts\novn-nbctl lrp-set-gateway-chassis lrp-router0-ts {gateway chassis} 1000\novn-nbctl set NB_Global . options:ic-route-adv=true options:ic-route-learn=true\n
\u200b\u9a8c\u8bc1\u200b\u5df2\u200b\u5b66\u4e60\u200b\u5230\u200b Kubernetes \u200b\u8def\u7531\u200b\u89c4\u5219\u200b\uff1a
# ovn-nbctl lr-route-list router0\nIPv4 Routes\n 10.0.0.22 169.254.100.34 dst-ip (learned)\n 10.16.0.0/16 169.254.100.34 dst-ip (learned)\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5728\u200b router0 \u200b\u7f51\u7edc\u200b\u4e0b\u200b\u521b\u5efa\u200b\u865a\u673a\u200b\u9a8c\u8bc1\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u548c\u200b Kubernetes \u200b\u4e0b\u200b Pod \u200b\u4e92\u901a\u200b\u3002
"},{"location":"advance/with-openstack/#ovn","title":"\u5171\u4eab\u200b\u5e95\u5c42\u200b OVN","text":"\u200b\u5728\u200b\u8be5\u200b\u65b9\u6848\u200b\u4e0b\u200b\uff0cOpenStack \u200b\u548c\u200b Kubernetes \u200b\u5171\u4eab\u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b OVN\uff0c\u200b\u56e0\u6b64\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u4e24\u8005\u200b\u7684\u200b VPC \u200b\u548c\u200b Subnet \u200b\u7b49\u200b\u6982\u5ff5\u200b\u62c9\u9f50\u200b\uff0c\u200b\u5b9e\u73b0\u200b\u66f4\u597d\u200b\u7684\u200b\u63a7\u5236\u200b\u548c\u200b\u4e92\u8054\u200b\u3002
\u200b\u5728\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u6211\u4eec\u200b\u6b63\u5e38\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u90e8\u7f72\u200b OVN\uff0cOpenStack \u200b\u4fee\u6539\u200b Neutron \u200b\u914d\u7f6e\u200b\u5b9e\u73b0\u200b\u8fde\u63a5\u200b\u540c\u4e00\u4e2a\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u3002OpenStack \u200b\u9700\u200b\u4f7f\u7528\u200b networking-ovn \u200b\u4f5c\u4e3a\u200b Neutron \u200b\u540e\u200b\u7aef\u200b\u5b9e\u73b0\u200b\u3002
"},{"location":"advance/with-openstack/#neutron","title":"Neutron \u200b\u914d\u7f6e\u200b\u4fee\u6539","text":"\u200b\u4fee\u6539\u200b Neutron \u200b\u914d\u7f6e\u6587\u4ef6\u200b /etc/neutron/plugins/ml2/ml2_conf.ini\uff1a
[ovn]\n...\novn_nb_connection = tcp:[192.168.137.176]:6641,tcp:[192.168.137.177]:6641,tcp:[192.168.137.178]:6641\novn_sb_connection = tcp:[192.168.137.176]:6642,tcp:[192.168.137.177]:6642,tcp:[192.168.137.178]:6642\novn_l3_scheduler = OVN_L3_SCHEDULER\n
ovn_nb_connection\uff0c ovn_sb_connection: \u200b\u5730\u5740\u200b\u9700\u200b\u4fee\u6539\u200b\u4e3a\u200b Kube-OVN \u200b\u90e8\u7f72\u200b ovn-central \u200b\u8282\u70b9\u200b\u7684\u200b\u5730\u5740\u200b\u3002
\u200b\u4fee\u6539\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b OVS \u200b\u914d\u7f6e\u200b\uff1a
ovs-vsctl set open . external-ids:ovn-remote=tcp:[192.168.137.176]:6642,tcp:[192.168.137.177]:6642,tcp:[192.168.137.178]:6642\novs-vsctl set open . external-ids:ovn-encap-type=geneve\novs-vsctl set open . external-ids:ovn-encap-ip=192.168.137.200\n
external-ids:ovn-remote: \u200b\u5730\u5740\u200b\u9700\u200b\u4fee\u6539\u200b\u4e3a\u200b Kube-OVN \u200b\u90e8\u7f72\u200b ovn-central \u200b\u8282\u70b9\u200b\u7684\u200b\u5730\u5740\u200b\u3002ovn-encap-ip: \u200b\u4fee\u6539\u200b\u4e3a\u200b\u5f53\u524d\u200b\u8282\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
"},{"location":"advance/with-openstack/#kubernetes-openstack","title":"\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u4f7f\u7528\u200b OpenStack \u200b\u5185\u200b\u8d44\u6e90","text":"\u200b\u63a5\u4e0b\u6765\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u67e5\u8be2\u200b OpenStack \u200b\u7684\u200b\u7f51\u7edc\u8d44\u6e90\u200b\u5e76\u200b\u5728\u200b OpenStack \u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u521b\u5efa\u200b Pod\u3002
\u200b\u67e5\u8be2\u200b OpenStack \u200b\u4e2d\u200b\u5df2\u6709\u200b\u7684\u200b\u7f51\u7edc\u8d44\u6e90\u200b\uff0c\u200b\u5982\u4e0b\u200b\u8d44\u6e90\u200b\u5df2\u7ecf\u200b\u9884\u5148\u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\uff1a
# openstack router list\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| ID | Name | Status | State | Project |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n| 22040ed5-0598-4f77-bffd-e7fd4db47e93 | router0 | ACTIVE | UP | 62381a21d569404aa236a5dd8712449c |\n+--------------------------------------+---------+--------+-------+----------------------------------+\n# openstack network list\n+--------------------------------------+----------+--------------------------------------+\n| ID | Name | Subnets |\n+--------------------------------------+----------+--------------------------------------+\n| cd59e36a-37db-4c27-b709-d35379a7920f | provider | 01d73d9f-fdaa-426c-9b60-aa34abbfacae |\n+--------------------------------------+----------+--------------------------------------+\n# openstack subnet list\n+--------------------------------------+-------------+--------------------------------------+----------------+\n| ID | Name | Network | Subnet |\n+--------------------------------------+-------------+--------------------------------------+----------------+\n| 01d73d9f-fdaa-426c-9b60-aa34abbfacae | provider-v4 | cd59e36a-37db-4c27-b709-d35379a7920f | 192.168.1.0/24 |\n+--------------------------------------+-------------+--------------------------------------+----------------+\n# openstack server list\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n| ID | Name | Status | Networks | Image | Flavor |\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n| 8433d622-a8d6-41a7-8b31-49abfd64f639 | provider-instance | ACTIVE | provider=192.168.1.61 | ubuntu | m1 |\n+--------------------------------------+-------------------+--------+-----------------------+--------+--------+\n
\u200b\u5728\u200b Kubernetes \u200b\u4fa7\u200b\uff0c\u200b\u67e5\u8be2\u200b VPC \u200b\u8d44\u6e90\u200b\uff1a
# kubectl get vpc\nNAME STANDBY SUBNETS\nneutron-22040ed5-0598-4f77-bffd-e7fd4db47e93 true [\"neutron-cd59e36a-37db-4c27-b709-d35379a7920f\"]\novn-cluster true [\"join\",\"ovn-default\"]\n
neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93 \u200b\u4e3a\u200b\u4ece\u200b OpenStack \u200b\u540c\u6b65\u200b\u8fc7\u6765\u200b\u7684\u200b VPC \u200b\u8d44\u6e90\u200b\u3002
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b Kube-OVN \u200b\u539f\u751f\u200b\u7684\u200b VPC \u200b\u548c\u200b Subnet \u200b\u64cd\u4f5c\u200b\u521b\u5efa\u200b Pod \u200b\u5e76\u200b\u8fd0\u884c\u200b\u3002
VPC, Subnet \u200b\u7ed1\u5b9a\u200b Namespace net2\uff0c\u200b\u5e76\u200b\u521b\u5efa\u200b Pod:
apiVersion: v1\nkind: Namespace\nmetadata:\n name: net2\n---\napiVersion: kubeovn.io/v1\nkind: Vpc\nmetadata:\n creationTimestamp: \"2021-06-20T13:34:11Z\"\n generation: 2\n labels:\n ovn.kubernetes.io/vpc_external: \"true\"\n name: neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93\n resourceVersion: \"583728\"\n uid: 18d4c654-f511-4def-a3a0-a6434d237c1e\nspec:\n namespaces:\n - net2\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: neutron-22040ed5-0598-4f77-bffd-e7fd4db47e93\n namespaces:\n - net2\n cidrBlock: 12.0.1.0/24\n natOutgoing: false\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: ubuntu\n namespace: net2\nspec:\n containers:\n - image: docker.io/kubeovn/kube-ovn:v1.8.0\n command:\n - \"sleep\"\n - \"604800\"\n imagePullPolicy: IfNotPresent\n name: ubuntu\n restartPolicy: Always\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-ovn-ic/","title":"\u4f7f\u7528\u200b OVN-IC \u200b\u8fdb\u884c\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054","text":"Kube-OVN \u200b\u652f\u6301\u200b\u901a\u8fc7\u200b OVN-IC \u200b\u5c06\u200b\u4e24\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b Pod \u200b\u7f51\u7edc\u200b\u6253\u901a\u200b\uff0c\u200b\u6253\u901a\u200b\u540e\u200b\u7684\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b Pod \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Pod IP \u200b\u8fdb\u884c\u200b\u76f4\u63a5\u200b\u901a\u4fe1\u200b\u3002 Kube-OVN \u200b\u4f7f\u7528\u200b\u96a7\u9053\u200b\u5bf9\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u4e4b\u95f4\u200b\u53ea\u8981\u200b\u5b58\u5728\u200b\u4e00\u7ec4\u200b IP \u200b\u53ef\u8fbe\u200b\u7684\u200b\u673a\u5668\u200b\u5373\u53ef\u200b\u5b8c\u6210\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u4e92\u901a\u200b\u3002
\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u7684\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u4e3a\u200b Overlay \u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\uff0cUnderlay \u200b\u7f51\u7edc\u200b\u5982\u679c\u200b\u60f3\u8981\u200b\u5b9e\u73b0\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u9700\u8981\u200b\u5e95\u5c42\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u505a\u200b\u7f51\u7edc\u200b\u6253\u901a\u200b\u3002
"},{"location":"advance/with-ovn-ic/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" -
1.11.16 \u200b\u4e4b\u540e\u200b\u7248\u672c\u200b\u90e8\u7f72\u200b\u7684\u200b\u96c6\u7fa4\u200b\u9ed8\u8ba4\u200b\u5173\u95ed\u200b\u4e86\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u7684\u200b\u5f00\u5173\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u90e8\u7f72\u200b\u811a\u672c\u200b install.sh \u200b\u91cc\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53d8\u91cf\u200b\uff1a
ENABLE_IC=true\n
\u200b\u6253\u5f00\u200b\u5f00\u5173\u200b\u540e\u200b\u90e8\u7f72\u200b\u96c6\u7fa4\u200b\uff0c\u200b\u4f1a\u200b\u51fa\u73b0\u200b\u7ec4\u4ef6\u200b deployment ovn-ic-controller\u3002 2. \u200b\u81ea\u52a8\u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u4e0d\u540c\u200b\u96c6\u7fa4\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u80fd\u200b\u76f8\u4e92\u200b\u91cd\u53e0\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u9700\u5728\u200b\u5b89\u88c5\u200b\u65f6\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u4e0d\u200b\u91cd\u53e0\u200b\u7684\u200b\u7f51\u6bb5\u200b\u3002\u200b\u82e5\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b\u9700\u200b\u53c2\u8003\u200b\u540e\u7eed\u200b\u624b\u52a8\u200b\u4e92\u8054\u200b\u8fc7\u7a0b\u200b\uff0c\u200b\u53ea\u80fd\u200b\u5c06\u200b\u4e0d\u200b\u91cd\u53e0\u200b\u7f51\u6bb5\u200b\u6253\u901a\u200b\u3002 3. \u200b\u9700\u8981\u200b\u5b58\u5728\u200b\u4e00\u7ec4\u200b\u673a\u5668\u200b\u53ef\u4ee5\u200b\u88ab\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u7684\u200b kube-ovn-controller \u200b\u901a\u8fc7\u200b IP \u200b\u8bbf\u95ee\u200b\uff0c\u200b\u7528\u6765\u200b\u90e8\u7f72\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u7684\u200b\u63a7\u5236\u5668\u200b\u3002 4. \u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u9700\u8981\u200b\u6709\u200b\u4e00\u7ec4\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b IP \u200b\u8fdb\u884c\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8bbf\u200b\u7684\u200b\u673a\u5668\u200b\u4f5c\u4e3a\u200b\u4e4b\u540e\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\u3002 5. \u200b\u8be5\u200b\u529f\u80fd\u200b\u53ea\u200b\u5bf9\u200b\u9ed8\u8ba4\u200b VPC \u200b\u751f\u6548\u200b\uff0c\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\u4e92\u8054\u200b\u529f\u80fd\u200b\u3002
"},{"location":"advance/with-ovn-ic/#ovn-ic_1","title":"\u90e8\u7f72\u200b\u5355\u200b\u8282\u70b9\u200b OVN-IC \u200b\u6570\u636e\u5e93","text":"\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b kube-ovn-controller \u200b\u53ef\u200b\u901a\u8fc7\u200b IP \u200b\u8bbf\u95ee\u200b\u7684\u200b\u673a\u5668\u200b\u4e0a\u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\uff0c\u200b\u8be5\u200b\u8282\u70b9\u200b\u5c06\u200b\u4fdd\u5b58\u200b\u5404\u4e2a\u200b\u96c6\u7fa4\u200b\u540c\u6b65\u200b\u4e0a\u6765\u200b\u7684\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u3002
\u200b\u90e8\u7f72\u200b docker \u200b\u7684\u200b\u73af\u5883\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u542f\u52a8\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh\n
\u200b\u5bf9\u4e8e\u200b\u90e8\u7f72\u200b containerd \u200b\u53d6\u4ee3\u200b docker \u200b\u7684\u200b\u73af\u5883\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh\n
"},{"location":"advance/with-ovn-ic/#_2","title":"\u81ea\u52a8\u200b\u8def\u7531\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u81ea\u52a8\u200b\u8def\u7531\u200b\u8bbe\u7f6e\u200b\u4e0b\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u4f1a\u200b\u5c06\u200b\u81ea\u5df1\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b Subnet \u200b\u7684\u200b CIDR \u200b\u4fe1\u606f\u200b\u540c\u6b65\u200b\u7ed9\u200b OVN-IC\uff0c\u200b\u56e0\u6b64\u200b\u8981\u200b\u786e\u4fdd\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u7684\u200b Subnet CIDR \u200b\u4e0d\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b\u3002
\u200b\u5728\u200b kube-system Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b ovn-ic-config ConfigMap\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
enable-ic: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u3002az-name: \u200b\u533a\u5206\u200b\u4e0d\u540c\u200b\u96c6\u7fa4\u200b\u7684\u200b\u96c6\u7fa4\u200b\u540d\u79f0\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u4e92\u8054\u200b\u96c6\u7fa4\u200b\u9700\u200b\u4e0d\u540c\u200b\u3002ic-db-host: \u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002ic-nb-port: OVN-IC \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6645\u3002ic-sb-port: OVN-IC \u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 6646\u3002gw-nodes: \u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u4e2d\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u5de5\u4f5c\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u200b\uff0c\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u3002auto-route: \u200b\u662f\u5426\u200b\u81ea\u52a8\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u548c\u200b\u5b66\u4e60\u200b\u8def\u7531\u200b\u3002
\u200b\u6ce8\u610f\u200b\uff1a \u200b\u4e3a\u4e86\u200b\u4fdd\u8bc1\u200b\u64cd\u4f5c\u200b\u7684\u200b\u6b63\u786e\u6027\u200b\uff0covn-ic-config \u200b\u8fd9\u4e2a\u200b ConfigMap \u200b\u4e0d\u200b\u5141\u8bb8\u200b\u4fee\u6539\u200b\u3002\u200b\u5982\u200b\u6709\u200b\u53c2\u6570\u200b\u9700\u8981\u200b\u53d8\u66f4\u200b\uff0c\u200b\u8bf7\u200b\u5220\u9664\u200b\u8be5\u200b ConfigMap\uff0c\u200b\u4fee\u6539\u200b\u540e\u200b\u518d\u200b\u5e94\u7528\u200b\u6b64\u200b ConfigMap\u3002
\u200b\u5728\u200b ovn-ic \u200b\u5bb9\u5668\u200b\u5185\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u67e5\u770b\u200b\u662f\u5426\u200b\u5df2\u200b\u5efa\u7acb\u200b\u4e92\u8054\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b ts\uff1a
# ovn-ic-sbctl show\navailability-zone az1\n gateway deee03e0-af16-4f45-91e9-b50c3960f809\n hostname: az1-gw\n type: geneve\n ip: 192.168.42.145\n port ts-az1\n transit switch: ts\n address: [\"00:00:00:50:AC:8C 169.254.100.45/24\"]\navailability-zone az2\n gateway e94cc831-8143-40e3-a478-90352773327b\n hostname: az2-gw\n type: geneve\n ip: 192.168.42.149\n port ts-az2\n transit switch: ts\n address: [\"00:00:00:07:4A:59 169.254.100.63/24\"]\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u89c2\u5bdf\u200b\u903b\u8f91\u200b\u8def\u7531\u200b\u662f\u5426\u200b\u6709\u200b\u5b66\u4e60\u200b\u5230\u200b\u7684\u200b\u5bf9\u200b\u7aef\u200b\u8def\u7531\u200b\uff1a
# kubectl ko nbctl lr-route-list ovn-cluster\nIPv4 Routes\n 10.42.1.1 169.254.100.45 dst-ip (learned)\n 10.42.1.3 100.64.0.2 dst-ip\n 10.16.0.2 100.64.0.2 src-ip\n 10.16.0.3 100.64.0.2 src-ip\n 10.16.0.4 100.64.0.2 src-ip\n 10.16.0.6 100.64.0.2 src-ip\n 10.17.0.0/16 169.254.100.45 dst-ip (learned)\n 100.65.0.0/16 169.254.100.45 dst-ip (learned)\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5c1d\u8bd5\u200b\u5728\u200b\u96c6\u7fa4\u200b 1 \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b Pod \u200b\u5185\u200b\u76f4\u63a5\u200b ping \u200b\u96c6\u7fa4\u200b 2 \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b Pod IP \u200b\u89c2\u5bdf\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u8054\u901a\u200b\u3002
\u200b\u5bf9\u4e8e\u200b\u67d0\u4e2a\u200b\u4e0d\u60f3\u200b\u5bf9\u5916\u200b\u81ea\u52a8\u200b\u53d1\u5e03\u200b\u8def\u7531\u200b\u7684\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b Subnet \u200b\u91cc\u200b\u7684\u200b disableInterConnection \u200b\u6765\u200b\u7981\u6b62\u200b\u8def\u7531\u200b\u5e7f\u64ad\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: no-advertise\nspec:\n cidrBlock: 10.199.0.0/16\n disableInterConnection: true\n
"},{"location":"advance/with-ovn-ic/#_3","title":"\u624b\u52a8\u200b\u8def\u7531\u200b\u8bbe\u7f6e","text":"\u200b\u5bf9\u4e8e\u200b\u96c6\u7fa4\u200b\u95f4\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b CIDR \u200b\u53ea\u200b\u5e0c\u671b\u200b\u505a\u200b\u90e8\u5206\u200b\u5b50\u7f51\u200b\u6253\u901a\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u624b\u52a8\u200b\u53d1\u5e03\u200b\u5b50\u200b\u7f51\u8def\u200b\u7531\u200b\u3002
\u200b\u5728\u200b kube-system Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b ovn-ic-config ConfigMap\uff0c\u200b\u5e76\u200b\u5c06\u200b auto-route \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3\"\n ic-nb-port: \"6645\" \n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"false\"\n
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u5206\u522b\u200b\u67e5\u770b\u200b\u8fdc\u7aef\u200b\u903b\u8f91\u200b\u7aef\u53e3\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u7528\u4e8e\u200b\u4e4b\u540e\u200b\u624b\u52a8\u200b\u914d\u7f6e\u200b\u8def\u7531\u200b\uff1a
[root@az1 ~]# kubectl ko nbctl show\nswitch a391d3a1-14a0-4841-9836-4bd930c447fb (ts)\n port ts-az1\n type: router\n router-port: az1-ts\n port ts-az2\n type: remote\n addresses: [\"00:00:00:4B:E2:9F 169.254.100.31/24\"]\n\n[root@az2 ~]# kubectl ko nbctl show\nswitch da6138b8-de81-4908-abf9-b2224ec4edf3 (ts)\n port ts-az2\n type: router\n router-port: az2-ts\n port ts-az1\n type: remote\n addresses: [\"00:00:00:FB:2A:F7 169.254.100.79/24\"] \n
\u200b\u7531\u200b\u4e0a\u200b\u8f93\u51fa\u200b\u53ef\u77e5\u200b\uff0c\u200b\u96c6\u7fa4\u200b az1 \u200b\u5230\u200b \u200b\u96c6\u7fa4\u200b az2 \u200b\u7684\u200b\u8fdc\u7aef\u200b\u5730\u5740\u200b\u4e3a\u200b 169.254.100.31\uff0caz2 \u200b\u5230\u200b az1 \u200b\u7684\u200b\u8fdc\u7aef\u200b\u5730\u5740\u200b\u4e3a\u200b 169.254.100.79\u3002
\u200b\u4e0b\u9762\u200b\u624b\u52a8\u200b\u8bbe\u7f6e\u200b\u8def\u7531\u200b\uff0c\u200b\u5728\u200b\u8be5\u200b\u4f8b\u5b50\u200b\u4e2d\u200b\uff0c\u200b\u96c6\u7fa4\u200b az1 \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 10.16.0.0/24\uff0c\u200b\u96c6\u7fa4\u200b az2 \u200b\u5185\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 10.17.0.0/24\u3002
\u200b\u5728\u200b\u96c6\u7fa4\u200b az1 \u200b\u8bbe\u7f6e\u200b\u5230\u200b\u96c6\u7fa4\u200b az2 \u200b\u7684\u200b\u8def\u7531\u200b:
kubectl ko nbctl lr-route-add ovn-cluster 10.17.0.0/24 169.254.100.31\n
\u200b\u5728\u200b\u96c6\u7fa4\u200b az2 \u200b\u8bbe\u7f6e\u200b\u5230\u200b\u96c6\u7fa4\u200b az1 \u200b\u7684\u200b\u8def\u7531\u200b:
kubectl ko nbctl lr-route-add ovn-cluster 10.16.0.0/24 169.254.100.79\n
"},{"location":"advance/with-ovn-ic/#ovn-ic_2","title":"\u9ad8\u200b\u53ef\u7528\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u90e8\u7f72","text":"OVN-IC \u200b\u6570\u636e\u5e93\u200b\u4e4b\u95f4\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Raft \u200b\u534f\u8bae\u200b\u7ec4\u6210\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b\u96c6\u7fa4\u200b\uff0c\u200b\u8be5\u200b\u90e8\u7f72\u200b\u6a21\u5f0f\u200b\u9700\u8981\u200b\u81f3\u5c11\u200b 3 \u200b\u4e2a\u200b\u8282\u70b9\u200b\u3002
\u200b\u9996\u5148\u200b\u5728\u200b\u7b2c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u542f\u52a8\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b leader\u3002
\u200b\u90e8\u7f72\u200b docker \u200b\u73af\u5883\u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP=\"192.168.65.3\" -e NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\" kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh\n
\u200b\u5982\u679c\u200b\u662f\u200b\u90e8\u7f72\u200b containerd \u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" --env=\"NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\"\" --env=\"LOCAL_IP=\"192.168.65.3\"\" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh\n
LOCAL_IP\uff1a \u200b\u5f53\u524d\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\u3002NODE_IPS\uff1a \u200b\u8fd0\u884c\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u4e09\u4e2a\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002
\u200b\u63a5\u4e0b\u6765\u200b\uff0c\u200b\u5728\u200b\u53e6\u5916\u200b\u4e24\u4e2a\u200b\u8282\u70b9\u200b\u90e8\u7f72\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b follower\u3002
\u200b\u90e8\u7f72\u200b docker \u200b\u73af\u5883\u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
docker run --name=ovn-ic-db -d --network=host --privileged -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn -e LOCAL_IP=\"192.168.65.2\" -e NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\" -e LEADER_IP=\"192.168.65.3\" kubeovn/kube-ovn:v1.12.13 bash start-ic-db.sh\n
\u200b\u5982\u679c\u200b\u662f\u200b\u90e8\u7f72\u200b containerd \u200b\u7684\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io run -d --net-host --privileged --mount=\"type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw\" --mount=\"type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw\" --env=\"NODE_IPS=\"192.168.65.3,192.168.65.2,192.168.65.1\"\" --env=\"LOCAL_IP=\"192.168.65.2\"\" --env=\"LEADER_IP=\"192.168.65.3\"\" docker.io/kubeovn/kube-ovn:v1.12.13 ovn-ic-db bash start-ic-db.sh\n
LOCAL_IP\uff1a \u200b\u5f53\u524d\u200b\u5bb9\u5668\u200b\u6240\u5728\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\u3002NODE_IPS\uff1a \u200b\u8fd0\u884c\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u4e09\u4e2a\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002LEADER_IP: \u200b\u8fd0\u884c\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b leader \u200b\u8282\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002
\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u96c6\u7fa4\u200b\u521b\u5efa\u200b ovn-ic-config \u200b\u65f6\u200b\u6307\u5b9a\u200b\u591a\u4e2a\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-ic-config\n namespace: kube-system\ndata:\n enable-ic: \"true\"\n az-name: \"az1\" \n ic-db-host: \"192.168.65.3,192.168.65.2,192.168.65.1\"\n ic-nb-port: \"6645\"\n ic-sb-port: \"6646\"\n gw-nodes: \"az1-gw\"\n auto-route: \"true\"\n
"},{"location":"advance/with-ovn-ic/#_4","title":"\u624b\u52a8\u200b\u91cd\u7f6e","text":"\u200b\u5728\u200b\u4e00\u4e9b\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u7531\u4e8e\u200b\u914d\u7f6e\u200b\u9519\u8bef\u200b\u9700\u8981\u200b\u5bf9\u200b\u6574\u4e2a\u200b\u4e92\u8054\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u6e05\u7406\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u6e05\u7406\u200b\u73af\u5883\u200b\u3002
\u200b\u5220\u9664\u200b\u5f53\u524d\u200b\u7684\u200b ovn-ic-config Configmap\uff1a
kubectl -n kube-system delete cm ovn-ic-config\n
\u200b\u5220\u9664\u200b ts \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\uff1a
kubectl ko nbctl ls-del ts\n
\u200b\u5728\u200b\u5bf9\u200b\u7aef\u200b\u96c6\u7fa4\u200b\u91cd\u590d\u200b\u540c\u6837\u200b\u7684\u200b\u6b65\u9aa4\u200b\u3002
"},{"location":"advance/with-ovn-ic/#az-name","title":"\u4fee\u6539\u200b az-name","text":"\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b kubectl edit \u200b\u7684\u200b\u65b9\u5f0f\u200b\u5bf9\u200b ovn-ic-config \u200b\u8fd9\u4e2a\u200b configmap \u200b\u4e2d\u200b\u7684\u200b az-name \u200b\u5b57\u200b\u6bb5\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002 \u200b\u4f46\u662f\u200b\u9700\u8981\u200b\u5728\u200b\u6bcf\u4e2a\u200b ovn-cni pod \u200b\u4e0a\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff0c\u200b\u5426\u5219\u200b\u53ef\u80fd\u200b\u51fa\u73b0\u200b\u6700\u957f\u200b 10 \u200b\u5206\u949f\u200b\u7684\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u4e2d\u65ad\u200b\u3002
ovn-appctl -t ovn-controller inc-engine/recompute\n
"},{"location":"advance/with-ovn-ic/#_5","title":"\u6e05\u7406\u200b\u96c6\u7fa4\u200b\u4e92\u8054","text":"\u200b\u5220\u9664\u200b\u6240\u6709\u200b\u96c6\u7fa4\u200b\u7684\u200b ovn-ic-config Configmap\uff1a
kubectl -n kube-system delete cm ovn-ic-config\n
\u200b\u5220\u9664\u200b\u6240\u6709\u200b\u96c6\u7fa4\u200b\u7684\u200b ts \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\uff1a
kubectl ko nbctl ls-del ts\n
\u200b\u5220\u9664\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u63a7\u5236\u5668\u200b\uff0c\u200b\u5982\u679c\u200b\u662f\u200b\u9ad8\u200b\u53ef\u7528\u200b OVN-IC \u200b\u6570\u636e\u5e93\u200b\u90e8\u7f72\u200b\uff0c\u200b\u9700\u8981\u200b\u90fd\u200b\u6e05\u7406\u200b\u6389\u200b\u3002
\u200b\u5982\u679c\u200b\u63a7\u5236\u5668\u200b\u662f\u200b docker \u200b\u90e8\u7f72\u200b\u6267\u884c\u547d\u4ee4\u200b\uff1a
docker stop ovn-ic-db \ndocker rm ovn-ic-db\n
\u200b\u5982\u679c\u200b\u63a7\u5236\u5668\u200b\u662f\u200b containerd \u200b\u90e8\u7f72\u200b\u6267\u884c\u547d\u4ee4\u200b\uff1a
ctr -n k8s.io task kill ovn-ic-db\nctr -n k8s.io containers rm ovn-ic-db\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"advance/with-submariner/","title":"\u4f7f\u7528\u200b Submariner \u200b\u8fdb\u884c\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054","text":"Submariner \u200b\u4f5c\u4e3a\u200b\u53ef\u4ee5\u200b\u6253\u901a\u200b\u591a\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b Pod \u200b\u548c\u200b Service \u200b\u7f51\u7edc\u200b\u7684\u200b\u5f00\u6e90\u200b\u7f51\u7edc\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u80fd\u591f\u200b\u5e2e\u52a9\u200b Kube-OVN \u200b\u5b9e\u73b0\u200b\u591a\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u3002
\u200b\u76f8\u6bd4\u200b\u901a\u8fc7\u200b OVN-IC \u200b\u6253\u901a\u200b\u591a\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u7684\u200b\u65b9\u5f0f\u200b\uff0cSubmariner \u200b\u53ef\u4ee5\u200b\u6253\u901a\u200b Kube-OVN \u200b\u548c\u200b\u975e\u200b Kube-OVN \u200b\u7684\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b \u200b\u80fd\u200b\u63d0\u4f9b\u200b Service \u200b\u7684\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u80fd\u529b\u200b\u3002\u200b\u4f46\u662f\u200b Submariner \u200b\u76ee\u524d\u200b\u53ea\u80fd\u200b\u5b9e\u73b0\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b\u6253\u901a\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u5b9e\u73b0\u200b\u591a\u5b50\u200b\u7f51\u200b\u9009\u62e9\u6027\u200b\u6253\u901a\u200b\u3002
"},{"location":"advance/with-submariner/#_1","title":"\u524d\u63d0\u6761\u4ef6","text":" - \u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u7684\u200b Service CIDR \u200b\u548c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u4e0d\u80fd\u200b\u91cd\u53e0\u200b\u3002
"},{"location":"advance/with-submariner/#submariner_1","title":"\u90e8\u7f72\u200b Submariner","text":"\u200b\u4e0b\u8f7d\u200b subctl \u200b\u4e8c\u8fdb\u5236\u200b\u6587\u4ef6\u200b\uff0c\u200b\u5e76\u200b\u90e8\u7f72\u200b\u5230\u200b\u76f8\u5e94\u200b\u8def\u5f84\u200b\uff1a
curl -Ls https://get.submariner.io | bash\nexport PATH=$PATH:~/.local/bin\necho export PATH=\\$PATH:~/.local/bin >> ~/.profile\n
\u200b\u5207\u6362\u200b kubeconfig \u200b\u81f3\u200b\u5e0c\u671b\u200b\u90e8\u7f72\u200b submariner-broker \u200b\u7684\u200b\u96c6\u7fa4\u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\uff1a
subctl deploy-broker\n
\u200b\u5728\u200b\u672c\u200b\u6587\u6863\u200b\u4e2d\u200b cluster0 \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 10.16.0.0/16\uff0cjoin \u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 100.64.0.0/16\uff0ccluster1 \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b 11.16.0.0/16\uff0cjoin \u200b\u5b50\u7f51\u200b CIDR \u200b\u4e3a\u200b '100.68.0.0/16'\u3002
\u200b\u5207\u6362\u200b kubeconfig \u200b\u81f3\u200b cluster0 \u200b\u6ce8\u518c\u200b\u96c6\u7fa4\u200b\u81f3\u200b broker\uff0c\u200b\u5e76\u200b\u6ce8\u518c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b:
subctl join broker-info.subm --clusterid cluster0 --clustercidr 100.64.0.0/16,10.16.0.0/16 --natt=false --cable-driver vxlan --health-check=false\nkubectl label nodes cluster0 submariner.io/gateway=true\n
\u200b\u5207\u6362\u200b kubeconfig \u200b\u81f3\u200b cluster1 \u200b\u6ce8\u518c\u200b\u96c6\u7fa4\u200b\u81f3\u200b broker\uff0c\u200b\u5e76\u200b\u6ce8\u518c\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b:
subctl join broker-info.subm --clusterid cluster1 --clustercidr 100.68.0.0/16,11.16.0.0/16 --natt=false --cable-driver vxlan --health-check=false\nkubectl label nodes cluster1 submariner.io/gateway=true\n
\u200b\u5982\u679c\u200b\u6267\u884c\u200b join \u200b\u547d\u4ee4\u200b\u4e4b\u540e\u200b\u6ca1\u6709\u200b\u65b0\u200b\u7684\u200b gateway, routeagentpod \u200b\u51fa\u73b0\u200b\u7684\u8bdd\u200b, \u200b\u8bf7\u200b\u4e3a\u200b submariner-operator \u200b\u8fd9\u4e2a\u200b clusterrole \u200b\u589e\u52a0\u200b\u4ee5\u4e0b\u200b\u6743\u9650\u200b:
- apiGroups:\n - \"apps\"\n resources:\n - daemonsets\n verbs:\n - create\n - get\n - list\n - watch\n - update\n
\u200b\u5bf9\u4e8e\u200b\u591a\u200b\u8282\u70b9\u200b\u7684\u200b\u96c6\u7fa4\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u9ed8\u8ba4\u200b\u7684\u200b subnet ovn-default \u200b\u7684\u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b\u6539\u4e3a\u200b centralized\u3002\u200b\u4e3a\u200b submariner \u200b\u914d\u7f6e\u200b\u7684\u200b gateway \u200b\u8282\u70b9\u200b\u9700\u8981\u200b\u548c\u200b subnet \u200b\u8282\u70b9\u200b\u5b8c\u5168\u76f8\u540c\u200b\u3002
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5728\u200b\u4e24\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5206\u522b\u200b\u542f\u52a8\u200b Pod \u200b\u5e76\u200b\u5c1d\u8bd5\u200b\u4f7f\u7528\u200b IP \u200b\u8fdb\u884c\u200b\u76f8\u4e92\u200b\u8bbf\u95ee\u200b\u3002
\u200b\u5982\u679c\u200b\u51fa\u73b0\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u95ee\u9898\u200b\u53ef\u200b\u901a\u8fc7\u200b subctl \u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u8bca\u65ad\u200b\uff1a
subctl show all\nsubctl diagnose all\n
\u200b\u66f4\u200b\u591a\u200b Submariner \u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b\u8bf7\u200b\u67e5\u770b\u200b Submariner \u200b\u7528\u6237\u624b\u518c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/custom-routes/","title":"\u81ea\u5b9a\u4e49\u200b\u8def\u7531","text":"\u200b\u53ef\u4ee5\u200b\u5728\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u901a\u8fc7\u200b Annotations \u200b\u6765\u200b\u6307\u5b9a\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b\u7684\u200b\u8def\u7531\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: custom-routes\n annotations:\n ovn.kubernetes.io/routes: |\n [{\n \"dst\": \"192.168.0.101/24\",\n \"gw\": \"10.16.0.254\"\n }, {\n \"gw\": \"10.16.0.254\"\n }]\nspec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n
dst \u200b\u5b57\u6bb5\u200b\u4e3a\u200b\u7a7a\u200b\u8868\u793a\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u8def\u7531\u200b\u3002
\u200b\u5982\u679c\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b\u4e3a\u200b Deployment\u3001DaemonSet \u200b\u6216\u200b StatefulSet\uff0c\u200b\u5bf9\u5e94\u200b\u7684\u200b Annotation \u200b\u9700\u8981\u200b\u914d\u7f6e\u200b\u5728\u200b\u8d44\u6e90\u200b\u7684\u200b .spec.template.metadata.annotations \u200b\u4e2d\u200b\uff0c\u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: custom-routes\n labels:\n app: nginx\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n annotations:\n ovn.kubernetes.io/routes: |\n [{\n \"dst\": \"192.168.0.101/24\",\n \"gw\": \"10.16.0.254\"\n }, {\n \"gw\": \"10.16.0.254\"\n }]\n spec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/dual-stack/","title":"\u53cc\u6808\u200b\u4f7f\u7528","text":"Kube-OVN \u200b\u4e2d\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u652f\u6301\u200b\u4e0d\u540c\u200b\u7684\u200b\u534f\u8bae\u200b\uff0c\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u5b58\u5728\u200b IPv4\uff0cIPv6 \u200b\u548c\u200b\u53cc\u6808\u200b\u7c7b\u578b\u200b\u7684\u200b\u5b50\u7f51\u200b\u3002 \u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u5185\u200b\u4f7f\u7528\u200b\u7edf\u4e00\u200b\u7684\u200b\u534f\u8bae\u200b\u7c7b\u578b\u200b\u4ee5\u200b\u7b80\u5316\u200b\u4f7f\u7528\u200b\u548c\u200b\u7ef4\u62a4\u200b\u3002
\u200b\u4e3a\u4e86\u200b\u652f\u6301\u200b\u53cc\u6808\u200b\uff0c\u200b\u9700\u8981\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u6ee1\u8db3\u200b\u53cc\u6808\u200b\u8981\u6c42\u200b\uff0c\u200b\u540c\u65f6\u200b\u9700\u8981\u200b\u5bf9\u200b Kubernetes \u200b\u76f8\u5173\u200b\u53c2\u6570\u200b\u505a\u200b\u8c03\u6574\u200b\uff0c \u200b\u8bf7\u200b\u53c2\u8003\u200b Kubernetes \u200b\u7684\u200b\u53cc\u6808\u200b\u5b98\u65b9\u200b\u6307\u5bfc\u200b\u3002
"},{"location":"guide/dual-stack/#_2","title":"\u521b\u5efa\u200b\u53cc\u6808\u200b\u5b50\u7f51","text":"\u200b\u5728\u200b\u914d\u7f6e\u200b\u53cc\u6808\u200b\u65f6\u200b\uff0c\u200b\u53ea\u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u5b50\u7f51\u200b CIDR \u200b\u683c\u5f0f\u200b\u4e3a\u200b cidr=<IPv4 CIDR>,<IPv6 CIDR> \u200b\u5373\u53ef\u200b\u3002 CIDR \u200b\u987a\u5e8f\u200b\u8981\u6c42\u200b IPv4 \u200b\u5728\u200b\u524d\u200b\uff0cIPv6 \u200b\u5728\u200b\u540e\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata: \n name: ovn-test\nspec:\n cidrBlock: 10.16.0.0/16,fd00:10:16::/64\n excludeIps:\n - 10.16.0.1\n - fd00:10:16::1\n gateway: 10.16.0.1,fd00:10:16::1\n
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u65f6\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u53cc\u6808\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u4fee\u6539\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\uff1a
POD_CIDR=\"10.16.0.0/16,fd00:10:16::/64\"\nJOIN_CIDR=\"100.64.0.0/16,fd00:100:64::/64\"\n
"},{"location":"guide/dual-stack/#pod","title":"\u67e5\u770b\u200b Pod \u200b\u5730\u5740","text":"\u200b\u914d\u7f6e\u200b\u53cc\u6808\u200b\u7f51\u7edc\u200b\u7684\u200b Pod \u200b\u5c06\u4f1a\u200b\u4ece\u200b\u8be5\u200b\u5b50\u7f51\u200b\u540c\u65f6\u200b\u5206\u914d\u200b IPv4 \u200b\u548c\u200b IPv6 \u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u5206\u914d\u200b\u7ed3\u679c\u200b\u4f1a\u200b\u663e\u793a\u200b\u5728\u200b Pod \u200b\u7684\u200b annotation \u200b\u4e2d\u200b:
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/allocated: \"true\"\n ovn.kubernetes.io/cidr: 10.16.0.0/16,fd00:10:16::/64\n ovn.kubernetes.io/gateway: 10.16.0.1,fd00:10:16::1\n ovn.kubernetes.io/ip_address: 10.16.0.9,fd00:10:16::9\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:14:88:09\n ovn.kubernetes.io/network_types: geneve\n ovn.kubernetes.io/routed: \"true\"\n...\npodIP: 10.16.0.9\n podIPs:\n - ip: 10.16.0.9\n - ip: fd00:10:16::9\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/eip-snat/","title":"EIP \u200b\u548c\u200b SNAT \u200b\u914d\u7f6e","text":"\u200b\u8be5\u200b\u914d\u7f6e\u200b\u9488\u5bf9\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u8bf7\u200b\u53c2\u8003\u200b VPC \u200b\u7f51\u5173\u200b
Kube-OVN \u200b\u652f\u6301\u200b\u5229\u7528\u200b OVN \u200b\u4e2d\u200b\u7684\u200b L3 Gateway \u200b\u529f\u80fd\u200b\u6765\u200b\u5b9e\u73b0\u200b Pod \u200b\u7ea7\u522b\u200b\u7684\u200b SNAT \u200b\u548c\u200b EIP \u200b\u529f\u80fd\u200b\u3002 \u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b SNAT\uff0c\u200b\u4e00\u7ec4\u200b Pod \u200b\u53ef\u4ee5\u200b\u5171\u4eab\u200b\u4e00\u4e2a\u200b IP \u200b\u5730\u5740\u200b\u5bf9\u5916\u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\u3002 \u200b\u901a\u8fc7\u200b EIP \u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u4e00\u4e2a\u200b Pod \u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u548c\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b IP \u200b\u5173\u8054\u200b\uff0c \u200b\u5916\u90e8\u200b\u670d\u52a1\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b EIP \u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b Pod\uff0cPod \u200b\u4e5f\u200b\u5c06\u200b\u901a\u8fc7\u200b\u8fd9\u4e2a\u200b EIP \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u670d\u52a1\u200b\u3002
"},{"location":"guide/eip-snat/#_1","title":"\u51c6\u5907\u200b\u5de5\u4f5c","text":" - \u200b\u4e3a\u4e86\u200b\u4f7f\u7528\u200b OVN \u200b\u7684\u200b L3 Gateway \u200b\u80fd\u529b\u200b\uff0c\u200b\u5fc5\u987b\u200b\u5c06\u200b\u4e00\u4e2a\u200b\u5355\u72ec\u200b\u7684\u200b\u7f51\u5361\u200b\u63a5\u5165\u200b OVS \u200b\u7f51\u6865\u200b\u4e2d\u200b\u8fdb\u884c\u200b Overlay \u200b\u548c\u200b Underlay \u200b\u7f51\u7edc\u200b\u7684\u200b\u6253\u901a\u200b\uff0c \u200b\u4e3b\u673a\u200b\u5fc5\u987b\u200b\u6709\u200b\u5176\u4ed6\u200b\u7684\u200b\u7f51\u5361\u200b\u7528\u4e8e\u200b\u8fd0\u7ef4\u200b\u7ba1\u7406\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u7ecf\u8fc7\u200b NAT \u200b\u540e\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u4f1a\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b Underlay \u200b\u7f51\u7edc\u200b\uff0c\u200b\u5fc5\u987b\u200b\u786e\u8ba4\u200b\u5f53\u524d\u200b\u7684\u200b\u7f51\u7edc\u200b\u67b6\u6784\u200b\u4e0b\u200b\u6b64\u7c7b\u200b\u6570\u636e\u5305\u200b\u53ef\u4ee5\u200b\u5b89\u5168\u200b\u901a\u8fc7\u200b\u3002
- \u200b\u76ee\u524d\u200b EIP \u200b\u548c\u200b SNAT \u200b\u5730\u5740\u200b\u6ca1\u6709\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\uff0c\u200b\u9700\u8981\u200b\u7ba1\u7406\u5458\u200b\u624b\u52a8\u200b\u5206\u914d\u200b\u907f\u514d\u200b\u5730\u5740\u200b\u51b2\u7a81\u200b\u3002
"},{"location":"guide/eip-snat/#_2","title":"\u521b\u5efa\u200b\u914d\u7f6e\u6587\u4ef6","text":"\u200b\u5728\u200b kube-system \u200b\u4e0b\u200b\u521b\u5efa\u200b ConfigMap ovn-external-gw-config\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ovn-external-gw-config\n namespace: kube-system\ndata:\n enable-external-gw: \"true\"\n external-gw-nodes: \"kube-ovn-worker\"\n external-gw-nic: \"eth1\"\n external-gw-addr: \"172.56.0.1/16\"\n nic-ip: \"172.56.0.254/16\"\n nic-mac: \"16:52:f3:13:6a:25\"\n
enable-external-gw: \u200b\u662f\u5426\u200b\u5f00\u542f\u200b SNAT \u200b\u548c\u200b EIP \u200b\u529f\u80fd\u200b\u3002type: centrailized \u200b\u6216\u200b distributed\uff0c \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b centralized \u200b\u5982\u679c\u200b\u4f7f\u7528\u200b distributed\uff0c\u200b\u5219\u200b\u96c6\u7fa4\u200b\u6240\u6709\u200b\u8282\u70b9\u200b\u90fd\u200b\u9700\u8981\u200b\u6709\u200b\u540c\u540d\u200b\u7f51\u5361\u200b\u6765\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u3002external-gw-nodes: centralized \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u4f5c\u7528\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u200b\uff0c\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u3002external-gw-nic: \u200b\u8282\u70b9\u200b\u4e0a\u200b\u627f\u62c5\u200b\u7f51\u5173\u200b\u4f5c\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u200b\u3002external-gw-addr: \u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7f51\u5173\u200b\u7684\u200b IP \u200b\u548c\u200b\u63a9\u7801\u200b\u3002nic-ip,nic-mac: \u200b\u5206\u914d\u200b\u7ed9\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u7aef\u53e3\u200b\u7684\u200b IP \u200b\u548c\u200b Mac\uff0c\u200b\u9700\u4e3a\u200b\u7269\u7406\u200b\u6bb5\u200b\u672a\u200b\u88ab\u200b\u5360\u7528\u200b\u7684\u200b IP \u200b\u548c\u200b Mac\u3002
"},{"location":"guide/eip-snat/#ovn-ovs","title":"\u89c2\u5bdf\u200b OVN \u200b\u548c\u200b OVS \u200b\u72b6\u6001\u200b\u786e\u8ba4\u200b\u914d\u7f6e\u200b\u751f\u6548","text":"\u200b\u68c0\u67e5\u200b OVN-NB \u200b\u72b6\u6001\u200b, \u200b\u786e\u8ba4\u200b ovn-external \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u5b58\u5728\u200b\uff0c\u200b\u5e76\u4e14\u200b ovn-cluster-ovn-external \u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\u7aef\u53e3\u200b\u4e0a\u200b \u200b\u7ed1\u5b9a\u200b\u4e86\u200b\u6b63\u786e\u200b\u7684\u200b\u5730\u5740\u200b\u548c\u200b chassis\u3002
# kubectl ko nbctl show\nswitch 3de4cea7-1a71-43f3-8b62-435a57ef16a6 (ovn-external)\n port ln-ovn-external\n type: localnet\n addresses: [\"unknown\"]\n port ovn-external-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-external\nrouter e1eb83ad-34be-4ed5-9a02-fcc8b1d357c4 (ovn-cluster)\n port ovn-cluster-ovn-external\n mac: \"ac:1f:6b:2d:33:f1\"\n networks: [\"172.56.0.100/16\"]\n gateway chassis: [a5682814-2e2c-46dd-9c1c-6803ef0dab66]\n
\u200b\u68c0\u67e5\u200b OVS \u200b\u72b6\u6001\u200b\uff0c\u200b\u786e\u8ba4\u200b\u76f8\u5e94\u200b\u7684\u200b\u7f51\u5361\u200b\u5df2\u7ecf\u200b\u6865\u63a5\u200b\u8fdb\u200b br-external \u200b\u7f51\u6865\u200b\uff1a
# kubectl ko vsctl ${gateway node name} show\ne7d81150-7743-4d6e-9e6f-5c688232e130\n Bridge br-external\n Port br-external\n Interface br-external\n type: internal\n Port eno2\n Interface eno2\n Port patch-ln-ovn-external-to-br-int\n Interface patch-ln-ovn-external-to-br-int\n type: patch\n options: {peer=patch-br-int-to-ln-ovn-external}\n
"},{"location":"guide/eip-snat/#pod-eip-snat","title":"Pod \u200b\u914d\u7f6e\u200b EIP \u200b\u548c\u200b SNAT","text":"\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5728\u200b Pod \u200b\u4e0a\u200b\u589e\u52a0\u200b ovn.kubernetes.io/snat \u200b\u6216\u200b ovn.kubernetes.io/eip annotation \u200b\u6765\u200b\u5206\u522b\u200b\u914d\u7f6e\u200b SNAT \u200b\u548c\u200b EIP\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: pod-gw\n annotations:\n ovn.kubernetes.io/snat: 172.56.0.200\nspec:\n containers:\n - name: snat-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: pod-gw\n annotations:\n ovn.kubernetes.io/eip: 172.56.0.233\nspec:\n containers:\n - name: eip-pod\n image: docker.io/library/nginx:alpine\n
\u200b\u53ef\u200b\u901a\u8fc7\u200b kubectl \u200b\u6216\u200b\u5176\u4ed6\u200b\u5de5\u5177\u200b\u52a8\u6001\u200b\u8c03\u6574\u200b Pod \u200b\u6240\u200b\u914d\u7f6e\u200b\u7684\u200b EIP \u200b\u6216\u200b SNAT \u200b\u89c4\u5219\u200b\uff0c\u200b\u66f4\u6539\u200b\u65f6\u8bf7\u200b\u6ce8\u610f\u200b\u8981\u200b\u540c\u65f6\u200b\u5220\u9664\u200b ovn.kubernetes.io/routed annotation \u200b\u89e6\u53d1\u200b\u8def\u7531\u200b\u7684\u200b\u53d8\u66f4\u200b\uff1a
kubectl annotate pod pod-gw ovn.kubernetes.io/eip=172.56.0.221 --overwrite\nkubectl annotate pod pod-gw ovn.kubernetes.io/routed-\n
\u200b\u5f53\u200b EIP \u200b\u6216\u200b SNAT \u200b\u89c4\u5219\u200b\u751f\u6548\u200b\u540e\u200b\uff0covn.kubernetes.io/routed annotation \u200b\u4f1a\u200b\u88ab\u200b\u91cd\u65b0\u200b\u6dfb\u52a0\u200b\u3002
"},{"location":"guide/eip-snat/#_3","title":"\u9ad8\u7ea7\u200b\u914d\u7f6e","text":"kube-ovn-controller \u200b\u7684\u200b\u90e8\u5206\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u53ef\u200b\u5bf9\u200b SNAT \u200b\u548c\u200b EIP \u200b\u529f\u80fd\u200b\u8fdb\u884c\u200b\u9ad8\u9636\u200b\u914d\u7f6e\u200b\uff1a
--external-gateway-config-ns: Configmap ovn-external-gw-config \u200b\u6240\u5c5e\u200b Namespace\uff0c \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b kube-system\u3002--external-gateway-net: \u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u6240\u200b\u6865\u63a5\u200b\u7684\u200b\u7f51\u6865\u200b\u540d\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b external\u3002--external-gateway-vlanid: \u200b\u7269\u7406\u200b\u7f51\u7edc\u200b Vlan Tag \u200b\u53f7\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 0\uff0c \u200b\u5373\u200b\u4e0d\u200b\u4f7f\u7528\u200b Vlan\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/ippool/","title":"IP \u200b\u6c60\u200b\u4f7f\u7528","text":"IP \u200b\u6c60\u200b\uff08IPPool\uff09\u200b\u662f\u200b\u6bd4\u200b\u5b50\u7f51\u200b\uff08Subnet\uff09\u200b\u66f4\u7ec6\u200b\u529b\u5ea6\u200b\u7684\u200b IPAM \u200b\u7ba1\u7406\u200b\u5355\u5143\u200b\u3002\u200b\u4f60\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b IP \u200b\u6c60\u5c06\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\u7ec6\u5206\u200b\u4e3a\u200b\u591a\u4e2a\u200b\u5355\u5143\u200b\uff0c\u200b\u6bcf\u4e2a\u200b\u5355\u5143\u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b\u6216\u200b\u591a\u4e2a\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\uff08Namespace\uff09\u3002
"},{"location":"guide/ippool/#_1","title":"\u4f7f\u7528\u200b\u65b9\u6cd5","text":"\u200b\u4f7f\u7528\u200b\u793a\u4f8b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: IPPool\nmetadata:\n name: pool-1\nspec:\n subnet: ovn-default\n ips:\n - \"10.16.0.201\"\n - \"10.16.0.210/30\"\n - \"10.16.0.220..10.16.0.230\"\n namespaces:\n - ns-1\n
\u200b\u5b57\u200b\u6bb5\u200b\u8bf4\u660e\u200b\uff1a
\u200b\u540d\u79f0\u200b \u200b\u7528\u9014\u200b \u200b\u5907\u6ce8\u200b subnet \u200b\u6307\u5b9a\u200b\u6240\u5c5e\u200b\u5b50\u7f51\u200b \u200b\u5fc5\u586b\u200b ips \u200b\u6307\u5b9a\u200b\u5305\u542b\u200b\u7684\u200b IP \u200b\u8303\u56f4\u200b \u200b\u652f\u6301\u200b \u3001 \u200b\u4ee5\u53ca\u200b .. \u200b\u4e09\u79cd\u200b\u683c\u5f0f\u200b\uff0c\u200b\u652f\u6301\u200b IPv6\u3002 namespaces \u200b\u7ed1\u5b9a\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b \u200b\u53ef\u200b\u9009"},{"location":"guide/ippool/#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":" - \u200b\u4e3a\u200b\u4fdd\u8bc1\u200b\u4e0e\u200b Workload \u200b\u901a\u7528\u200b IP Pool \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b \u200b\u7684\u200b\u517c\u5bb9\u6027\u200b\uff0cIP \u200b\u6c60\u200b\u7684\u200b\u540d\u79f0\u200b\u4e0d\u80fd\u200b\u662f\u200b\u4e00\u4e2a\u200b IP \u200b\u5730\u5740\u200b\uff1b
- IP \u200b\u6c60\u200b\u7684\u200b
.spec.ips \u200b\u53ef\u200b\u6307\u5b9a\u200b\u8d85\u51fa\u200b\u5b50\u7f51\u200b\u8303\u56f4\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4f46\u200b\u5b9e\u9645\u200b\u6709\u6548\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u662f\u200b .spec.ips \u200b\u4e0e\u200b\u5b50\u7f51\u200b CIDR \u200b\u7684\u200b\u4ea4\u96c6\u200b\uff1b - \u200b\u540c\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u4e0d\u540c\u200b IP \u200b\u6c60\u200b\uff0c\u200b\u4e0d\u80fd\u200b\u5305\u542b\u200b\u76f8\u540c\u200b\u7684\u200b\uff08\u200b\u6709\u6548\u200b\uff09IP \u200b\u5730\u5740\u200b\uff1b
- IP \u200b\u6c60\u200b\u7684\u200b
.spec.ips \u200b\u53ef\u200b\u52a8\u6001\u200b\u4fee\u6539\u200b\uff1b - IP \u200b\u6c60\u4f1a\u200b\u7ee7\u627f\u200b\u5b50\u7f51\u200b\u7684\u200b\u4fdd\u7559\u200b IP\uff0c\u200b\u4ece\u200b IP \u200b\u6c60\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP \u200b\u5730\u5740\u200b\u65f6\u200b\uff0c\u200b\u4f1a\u200b\u8df3\u200b\u8fc7\u200b\u5305\u542b\u200b\u5728\u200b IP \u200b\u6c60\u4e2d\u200b\u7684\u200b\u4fdd\u7559\u200b IP\uff1b
- \u200b\u4ece\u200b\u5b50\u7f51\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP \u200b\u5730\u5740\u200b\u65f6\u200b\uff0c\u200b\u53ea\u4f1a\u200b\u4ece\u200b\u5b50\u7f51\u200b\u6240\u6709\u200b IP \u200b\u6c60\u200b\u4ee5\u5916\u200b\u7684\u200b\u8303\u56f4\u200b\u5206\u914d\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/loadbalancer-service/","title":"LoadBalancer \u200b\u7c7b\u578b\u200b Service","text":"Kube-OVN \u200b\u5df2\u7ecf\u200b\u652f\u6301\u200b\u4e86\u200b VPC \u200b\u548c\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b\u5b9e\u73b0\u200b\uff0c\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b VPC \u200b\u914d\u7f6e\u200b\u3002
\u200b\u7531\u4e8e\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b\u4f7f\u7528\u200b\u6bd4\u8f83\u590d\u6742\u200b\uff0c\u200b\u57fa\u4e8e\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b\u5b9e\u73b0\u200b\u505a\u200b\u4e86\u200b\u7b80\u5316\u200b\uff0c\u200b\u652f\u6301\u200b\u5728\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u521b\u5efa\u200b LoadBalancer \u200b\u7c7b\u578b\u200b\u7684\u200b Service\uff0c\u200b\u5b9e\u73b0\u200b\u901a\u8fc7\u200b LoadBalancerIP \u200b\u6765\u200b\u8bbf\u95ee\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Service\u3002
\u200b\u9996\u5148\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u4e0a\u200b\u6ee1\u8db3\u200b\u4ee5\u4e0b\u200b\u6761\u4ef6\u200b\uff1a
- \u200b\u5b89\u88c5\u200b\u4e86\u200b
multus-cni \u200b\u548c\u200b macvlan cni\u3002 - LoadBalancer Service \u200b\u7684\u200b\u652f\u6301\u200b\uff0c\u200b\u662f\u200b\u5bf9\u200b VPC \u200b\u7f51\u5173\u200b\u4ee3\u7801\u200b\u8fdb\u884c\u200b\u7b80\u5316\u200b\u5b9e\u73b0\u200b\u7684\u200b\uff0c\u200b\u4ecd\u7136\u200b\u4f7f\u7528\u200b
vpc-nat-gw \u200b\u7684\u200b\u955c\u50cf\u200b\uff0c\u200b\u4f9d\u8d56\u200b macvlan \u200b\u63d0\u4f9b\u200b\u591a\u200b\u7f51\u5361\u200b\u529f\u80fd\u200b\u652f\u6301\u200b\u3002 - \u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b\u5728\u200b
\u200b\u9ed8\u8ba4\u200b VPC \u200b\u914d\u7f6e\u200b\uff0c\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b LoadBalancer \u200b\u652f\u6301\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b VPC \u200b\u7684\u200b\u6587\u6863\u200b VPC \u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/loadbalancer-service/#vpc-loadbalancer-service","title":"\u9ed8\u8ba4\u200b VPC LoadBalancer Service \u200b\u914d\u7f6e\u200b\u6b65\u9aa4","text":""},{"location":"guide/loadbalancer-service/#_1","title":"\u5f00\u542f\u200b\u7279\u6027\u200b\u5f00\u5173","text":"\u200b\u4fee\u6539\u200b kube-system namespace \u200b\u4e0b\u200b\u7684\u200b deployment kube-ovn-controller\uff0c\u200b\u5728\u200b args \u200b\u4e2d\u200b\u589e\u52a0\u200b\u53c2\u6570\u200b --enable-lb-svc=true\uff0c\u200b\u5f00\u542f\u200b\u529f\u80fd\u200b\u5f00\u5173\u200b\uff0c\u200b\u8be5\u200b\u53c2\u6570\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b false\u3002
containers:\n- args:\n - /kube-ovn/start-controller.sh\n - --default-cidr=10.16.0.0/16\n - --default-gateway=10.16.0.1\n - --default-gateway-check=true\n - --enable-lb-svc=true // \u200b\u53c2\u6570\u8bbe\u7f6e\u200b\u4e3a\u200b true\n
"},{"location":"guide/loadbalancer-service/#networkattachmentdefinition-crd","title":"\u521b\u5efa\u200b NetworkAttachmentDefinition CRD \u200b\u8d44\u6e90","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b net-attach-def \u200b\u8d44\u6e90\u200b:
apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: lb-svc-attachment\n namespace: kube-system\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth0\", //\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\uff0c\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\u914d\u7f6e\u200b\n \"mode\": \"bridge\"\n }'\n
\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u901a\u8fc7\u200b\u7269\u7406\u200b\u7f51\u5361\u200b eth0 \u200b\u6765\u200b\u5b9e\u73b0\u200b\u591a\u200b\u7f51\u5361\u200b\u529f\u80fd\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u5176\u4ed6\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b master \u200b\u53d6\u503c\u200b\uff0c\u200b\u6307\u5b9a\u200b\u4f7f\u7528\u200b\u7684\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u540d\u79f0\u200b\u3002
"},{"location":"guide/loadbalancer-service/#subnet","title":"\u521b\u5efa\u200b Subnet","text":"\u200b\u521b\u5efa\u200b\u7684\u200b Subnet\uff0c\u200b\u7528\u4e8e\u200b\u7ed9\u200b LoadBalancer Service \u200b\u5206\u914d\u200b LoadBalancerIP\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u6b63\u5e38\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5916\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u8bbf\u95ee\u200b\u5230\u200b\u3002\u200b\u53ef\u4ee5\u200b\u914d\u7f6e\u200b Underlay Subnet \u200b\u7528\u4e8e\u200b\u5730\u5740\u200b\u5206\u914d\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b\u65b0\u200b\u5b50\u7f51\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\nspec:\n protocol: IPv4\n provider: lb-svc-attachment.kube-system # provider \u200b\u683c\u5f0f\u200b\u56fa\u5b9a\u200b\uff0c\u200b\u7531\u200b\u4e0a\u200b\u4e00\u6b65\u200b\u521b\u5efa\u200b\u7684\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u7684\u200b Name.Namespace \u200b\u7ec4\u6210\u200b\n cidrBlock: 172.18.0.0/16\n gateway: 172.18.0.1\n excludeIps:\n - 172.18.0.0..172.18.0.10\n
Subnet \u200b\u4e2d\u200b provider \u200b\u53c2\u6570\u200b\u4ee5\u200b ovn \u200b\u6216\u8005\u200b\u4ee5\u200b .ovn \u200b\u4e3a\u200b\u540e\u7f00\u200b\u7ed3\u675f\u200b\uff0c\u200b\u8868\u793a\u200b\u8be5\u200b\u5b50\u7f51\u200b\u662f\u200b\u7531\u200b Kube-OVN \u200b\u7ba1\u7406\u200b\u4f7f\u7528\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u5e94\u200b\u521b\u5efa\u200b logical switch \u200b\u8bb0\u5f55\u200b\u3002
provider \u200b\u975e\u200b ovn \u200b\u6216\u8005\u200b\u975e\u200b .ovn \u200b\u4e3a\u200b\u540e\u7f00\u200b\u7ed3\u675f\u200b\uff0c\u200b\u5219\u200b Kube-OVN \u200b\u53ea\u200b\u63d0\u4f9b\u200b IPAM \u200b\u529f\u80fd\u200b\uff0c\u200b\u8bb0\u5f55\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u60c5\u51b5\u200b\uff0c\u200b\u4e0d\u200b\u5bf9\u200b\u5b50\u7f51\u200b\u505a\u200b\u4e1a\u52a1\u200b\u903b\u8f91\u200b\u5904\u7406\u200b\u3002
"},{"location":"guide/loadbalancer-service/#loadbalancer-service_1","title":"\u521b\u5efa\u200b LoadBalancer Service","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b LoadBalancer Service\uff1a
apiVersion: v1\nkind: Service\nmetadata:\n annotations:\n lb-svc-attachment.kube-system.kubernetes.io/logical_switch: attach-subnet #\u200b\u53ef\u200b\u9009\u200b\n ovn.kubernetes.io/attachmentprovider: lb-svc-attachment.kube-system #\u200b\u5fc5\u987b\u200b\n labels:\n app: dynamic\n name: test-service\n namespace: default\nspec:\n loadBalancerIP: 172.18.0.18 #\u200b\u53ef\u200b\u9009\u200b\n ports:\n - name: test\n protocol: TCP\n port: 80\n targetPort: 80\n selector:\n app: dynamic\n sessionAffinity: None\n type: LoadBalancer\n
\u200b\u5728\u200b yaml \u200b\u4e2d\u200b\uff0cannotation ovn.kubernetes.io/attachmentprovider \u200b\u4e3a\u200b\u5fc5\u586b\u200b\u9879\u200b\uff0c\u200b\u53d6\u503c\u200b\u7531\u200b\u7b2c\u4e00\u6b65\u200b\u521b\u5efa\u200b\u7684\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u7684\u200b Name.Namespace \u200b\u7ec4\u6210\u200b\u3002\u200b\u8be5\u200b annotation \u200b\u7528\u4e8e\u200b\u5728\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\uff0c\u200b\u67e5\u627e\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u3002
\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b annotation \u200b\u6307\u5b9a\u200b\u591a\u200b\u7f51\u5361\u200b\u5730\u5740\u200b\u5206\u914d\u200b\u4f7f\u7528\u200b\u7684\u200b\u5b50\u7f51\u200b\u3002annotation key \u200b\u683c\u5f0f\u200b\u4e3a\u200b net-attach-def \u200b\u8d44\u6e90\u200b\u7684\u200b Name.Namespace.kubernetes.io/logical_switch\u3002\u200b\u8be5\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u200b\u53ef\u200b\u9009\u200b\u200b\u9009\u9879\u200b\uff0c\u200b\u5728\u200b\u6ca1\u6709\u200b\u6307\u5b9a\u200b LoadBalancerIP \u200b\u5730\u5740\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u5c06\u200b\u4ece\u200b\u8be5\u200b\u5b50\u7f51\u200b\u52a8\u6001\u5206\u914d\u200b\u5730\u5740\u200b\uff0c\u200b\u586b\u5145\u200b\u5230\u200b LoadBalancerIP \u200b\u5b57\u200b\u6bb5\u200b\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u9759\u6001\u200b\u914d\u7f6e\u200b LoadBalancerIP \u200b\u5730\u5740\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u914d\u7f6e\u200b spec.loadBalancerIP \u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u8be5\u200b\u5730\u5740\u200b\u9700\u8981\u200b\u5728\u200b\u6307\u5b9a\u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u5185\u200b\u3002
\u200b\u5728\u200b\u6267\u884c\u200b yaml \u200b\u521b\u5efa\u200b Service \u200b\u540e\u200b\uff0c\u200b\u5728\u200b Service \u200b\u540c\u200b Namespace \u200b\u4e0b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b Pod \u200b\u542f\u52a8\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get pod\nNAME READY STATUS RESTARTS AGE\nlb-svc-test-service-6869d98dd8-cjvll 1/1 Running 0 107m\n# kubectl get svc\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\ntest-service LoadBalancer 10.109.201.193 172.18.0.18 80:30056/TCP 107m\n
\u200b\u6307\u5b9a\u200b service.spec.loadBalancerIP \u200b\u53c2\u6570\u200b\u65f6\u200b\uff0c\u200b\u6700\u7ec8\u200b\u5c06\u200b\u8be5\u200b\u53c2\u6570\u200b\u8d4b\u503c\u200b\u7ed9\u200b service external-ip \u200b\u5b57\u200b\u6bb5\u200b\u3002\u200b\u4e0d\u200b\u6307\u5b9a\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u8be5\u200b\u53c2\u6570\u200b\u4e3a\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u503c\u200b\u3002
\u200b\u67e5\u770b\u200b\u6d4b\u8bd5\u200b Pod \u200b\u7684\u200b yaml \u200b\u8f93\u51fa\u200b\uff0c\u200b\u5b58\u5728\u200b\u591a\u200b\u7f51\u5361\u200b\u5206\u914d\u200b\u7684\u200b\u5730\u5740\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get pod -o yaml lb-svc-test-service-6869d98dd8-cjvll\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n k8s.v1.cni.cncf.io/network-status: |-\n [{\n \"name\": \"kube-ovn\",\n \"ips\": [\n \"10.16.0.2\"\n ],\n \"default\": true,\n \"dns\": {}\n },{\n \"name\": \"default/test-service\",\n \"interface\": \"net1\",\n \"mac\": \"ba:85:f7:02:9f:42\",\n \"dns\": {}\n }]\n k8s.v1.cni.cncf.io/networks: default/test-service\n k8s.v1.cni.cncf.io/networks-status: |-\n [{\n \"name\": \"kube-ovn\",\n \"ips\": [\n \"10.16.0.2\"\n ],\n \"default\": true,\n \"dns\": {}\n },{\n \"name\": \"default/test-service\",\n \"interface\": \"net1\",\n \"mac\": \"ba:85:f7:02:9f:42\",\n \"dns\": {}\n }]\n ovn.kubernetes.io/allocated: \"true\"\n ovn.kubernetes.io/cidr: 10.16.0.0/16\n ovn.kubernetes.io/gateway: 10.16.0.1\n ovn.kubernetes.io/ip_address: 10.16.0.2\n ovn.kubernetes.io/logical_router: ovn-cluster\n ovn.kubernetes.io/logical_switch: ovn-default\n ovn.kubernetes.io/mac_address: 00:00:00:45:F4:29\n ovn.kubernetes.io/pod_nic_type: veth-pair\n ovn.kubernetes.io/routed: \"true\"\n test-service.default.kubernetes.io/allocated: \"true\"\n test-service.default.kubernetes.io/cidr: 172.18.0.0/16\n test-service.default.kubernetes.io/gateway: 172.18.0.1\n test-service.default.kubernetes.io/ip_address: 172.18.0.18\n test-service.default.kubernetes.io/logical_switch: attach-subnet\n test-service.default.kubernetes.io/mac_address: 00:00:00:AF:AA:BF\n test-service.default.kubernetes.io/pod_nic_type: veth-pair\n
\u200b\u67e5\u770b\u200b Service \u200b\u7684\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc -o yaml test-service\napiVersion: v1\nkind: Service\nmetadata:\n annotations:\n kubectl.kubernetes.io/last-applied-configuration: |\n {\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"annotations\":{\"test-service.default.kubernetes.io/logical_switch\":\"attach-subnet\"},\"labels\":{\"app\":\"dynamic\"},\"name\":\"test-service\",\"namespace\":\"default\"},\"spec\":{\"ports\":[{\"name\":\"test\",\"port\":80,\"protocol\":\"TCP\",\"targetPort\":80}],\"selector\":{\"app\":\"dynamic\"},\"sessionAffinity\":\"None\",\"type\":\"LoadBalancer\"}}\n ovn.kubernetes.io/vpc: ovn-cluster\n test-service.default.kubernetes.io/logical_switch: attach-subnet\n creationTimestamp: \"2022-06-15T09:01:58Z\"\n labels:\n app: dynamic\n name: test-service\n namespace: default\n resourceVersion: \"38485\"\n uid: 161edee1-7f6e-40f5-9e09-5a52c44267d0\nspec:\n allocateLoadBalancerNodePorts: true\n clusterIP: 10.109.201.193\n clusterIPs:\n - 10.109.201.193\n externalTrafficPolicy: Cluster\n internalTrafficPolicy: Cluster\n ipFamilies:\n - IPv4\n ipFamilyPolicy: SingleStack\n ports:\n - name: test\n nodePort: 30056\n port: 80\n protocol: TCP\n targetPort: 80\n selector:\n app: dynamic\n sessionAffinity: None\n type: LoadBalancer\nstatus:\n loadBalancer:\n ingress:\n - ip: 172.18.0.18\n
"},{"location":"guide/loadbalancer-service/#loadbalancerip","title":"\u6d4b\u8bd5\u200b LoadBalancerIP \u200b\u8bbf\u95ee","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml, \u200b\u521b\u5efa\u200b\u6d4b\u8bd5\u200b Pod\uff0c\u200b\u4f5c\u4e3a\u200b Service \u200b\u7684\u200b Endpoints \u200b\u63d0\u4f9b\u200b\u670d\u52a1\u200b:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: dynamic\n name: dynamic\n namespace: default\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: dynamic\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: dynamic\n spec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: nginx\n dnsPolicy: ClusterFirst\n restartPolicy: Always\n
\u200b\u6b63\u5e38\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u63d0\u4f9b\u200b\u7684\u200b\u5b50\u7f51\u200b\u5730\u5740\u200b\uff0c\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5916\u200b\u5e94\u8be5\u200b\u53ef\u4ee5\u200b\u8bbf\u95ee\u200b\u5230\u200b\u3002\u200b\u4e3a\u4e86\u200b\u7b80\u5355\u200b\u9a8c\u8bc1\u200b\uff0c\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\u8bbf\u95ee\u200b Service \u200b\u7684\u200b LoadBalancerIP:Port\uff0c\u200b\u67e5\u770b\u200b\u662f\u5426\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b\u6210\u529f\u200b\u3002
# curl 172.18.0.11:80\n<html>\n<head>\n <title>Hello World!</title>\n <link href='//fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>\n <style>\n body {\n background-color: white;\n text-align: center;\n padding: 50px;\n font-family: \"Open Sans\",\"Helvetica Neue\",Helvetica,Arial,sans-serif;\n }\n #logo {\n margin-bottom: 40px;\n }\n </style>\n</head>\n<body>\n <h1>Hello World!</h1>\n <h3>Links found</h3>\n <h3>I am on dynamic-7d8d7874f5-hsgc4</h3>\n <h3>Cookie =</h3>\n <b>KUBERNETES</b> listening in 443 available at tcp://10.96.0.1:443<br />\n <h3>my name is hanhouchao!</h3>\n <h3> RequestURI='/'</h3>\n</body>\n</html>\n
\u200b\u8fdb\u5165\u200b Service \u200b\u521b\u5efa\u200b\u7684\u200b Pod\uff0c\u200b\u67e5\u770b\u200b\u7f51\u7edc\u200b\u7684\u200b\u4fe1\u606f\u200b
# ip a\n4: net1@if62: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default\n link/ether ba:85:f7:02:9f:42 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 172.18.0.18/16 scope global net1\n valid_lft forever preferred_lft forever\n inet6 fe80::b885:f7ff:fe02:9f42/64 scope link\n valid_lft forever preferred_lft forever\n36: eth0@if37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default\n link/ether 00:00:00:45:f4:29 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 10.16.0.2/16 brd 10.16.255.255 scope global eth0\n valid_lft forever preferred_lft forever\n inet6 fe80::200:ff:fe45:f429/64 scope link\n valid_lft forever preferred_lft forever\n\n# ip rule\n0: from all lookup local\n32764: from all iif eth0 lookup 100\n32765: from all iif net1 lookup 100\n32766: from all lookup main\n32767: from all lookup default\n\n# ip route show table 100\ndefault via 172.18.0.1 dev net1\n10.109.201.193 via 10.16.0.1 dev eth0\n172.18.0.0/16 dev net1 scope link\n\n# iptables -t nat -L -n -v\nChain PREROUTING (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n 0 0 DNAT tcp -- * * 0.0.0.0/0 172.18.0.18 tcp dpt:80 to:10.109.201.193:80\n\nChain INPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n\nChain OUTPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n\nChain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n 0 0 MASQUERADE all -- * * 0.0.0.0/0 10.109.201.193\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/mirror/","title":"\u6d41\u91cf\u200b\u955c\u50cf","text":"\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u8fdb\u51fa\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u590d\u5236\u5230\u200b\u4e3b\u673a\u200b\u7684\u200b\u7279\u5b9a\u200b\u7f51\u5361\u200b\u3002\u200b\u7ba1\u7406\u5458\u200b\u6216\u200b\u5f00\u53d1\u8005\u200b \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u76d1\u542c\u200b\u8fd9\u5757\u200b\u7f51\u5361\u200b\u83b7\u5f97\u200b\u5b8c\u6574\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u6765\u200b\u8fdb\u4e00\u6b65\u200b\u8fdb\u884c\u200b\u5206\u6790\u200b\uff0c\u200b\u76d1\u63a7\u200b\uff0c\u200b\u5b89\u5168\u200b\u5ba1\u8ba1\u200b\u7b49\u200b\u64cd\u4f5c\u200b\u3002 \u200b\u4e5f\u200b\u53ef\u200b\u548c\u200b\u4f20\u7edf\u200b\u7684\u200b NPM \u200b\u5bf9\u63a5\u200b\u83b7\u53d6\u200b\u66f4\u200b\u7ec6\u7c92\u5ea6\u200b\u7684\u200b\u6d41\u91cf\u200b\u76d1\u63a7\u200b\u3002
\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5e26\u6765\u200b\u4e00\u5b9a\u200b\u7684\u200b\u6027\u80fd\u200b\u635f\u5931\u200b\uff0c\u200b\u6839\u636e\u200b CPU \u200b\u6027\u80fd\u200b\u4ee5\u53ca\u200b\u6d41\u91cf\u200b\u7684\u200b\u7279\u5f81\u200b\uff0c\u200b\u4f1a\u200b\u6709\u200b 5%~10% \u200b\u7684\u200b \u200b\u989d\u5916\u200b CPU \u200b\u6d88\u8017\u200b\u3002
"},{"location":"guide/mirror/#_2","title":"\u5168\u5c40\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u914d\u7f6e","text":"\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u5173\u95ed\u200b\u72b6\u6001\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u8bf7\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff1a
--enable-mirror=true\uff1a \u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002--mirror-iface=mirror0: \u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u6240\u200b\u590d\u5236\u5230\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u200b\u3002\u200b\u8be5\u200b\u7f51\u5361\u200b\u53ef\u200b\u4e3a\u4e3b\u200b\u673a\u4e0a\u200b\u5df2\u200b\u5b58\u5728\u200b\u7684\u200b\u4e00\u5757\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\uff0c \u200b\u6b64\u65f6\u200b\u8be5\u200b\u7f51\u5361\u200b\u4f1a\u200b\u88ab\u200b\u6865\u63a5\u200b\u8fdb\u200b br-int \u200b\u7f51\u6865\u200b\uff0c\u200b\u955c\u50cf\u200b\u6d41\u91cf\u200b\u4f1a\u200b\u76f4\u63a5\u200b\u63a5\u5165\u200b\u5e95\u5c42\u200b\u4ea4\u6362\u673a\u200b\u3002\u200b\u82e5\u200b\u7f51\u5361\u200b\u540d\u200b\u4e0d\u200b\u5b58\u5728\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u81ea\u52a8\u200b \u200b\u521b\u5efa\u200b\u4e00\u5757\u200b\u540c\u540d\u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u5361\u200b\uff0c\u200b\u7ba1\u7406\u5458\u200b\u6216\u200b\u5f00\u53d1\u8005\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u4e0a\u200b\u901a\u8fc7\u200b\u8be5\u200b\u7f51\u5361\u200b\u83b7\u53d6\u200b\u5f53\u524d\u200b\u8282\u70b9\u200b\u6240\u6709\u200b\u6d41\u91cf\u200b\u3002\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b mirror0\u3002
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u7528\u200b tcpdump \u200b\u6216\u200b\u5176\u4ed6\u200b\u6d41\u91cf\u200b\u5206\u6790\u200b\u5de5\u5177\u200b\u76d1\u542c\u200b mirror0 \u200b\u4e0a\u200b\u7684\u200b\u6d41\u91cf\u200b\uff1a
tcpdump -ni mirror0\n
"},{"location":"guide/mirror/#pod","title":"Pod \u200b\u7ea7\u522b\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u914d\u7f6e","text":"\u200b\u5982\u679c\u200b\u53ea\u200b\u9700\u200b\u5bf9\u200b\u90e8\u5206\u200b Pod \u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u955c\u50cf\u200b\uff0c\u200b\u5219\u200b\u9700\u8981\u200b\u5173\u95ed\u200b\u5168\u5c40\u200b\u7684\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u529f\u80fd\u200b\uff0c\u200b\u7136\u540e\u200b\u5728\u200b\u7279\u5b9a\u200b Pod \u200b\u4e0a\u200b\u589e\u52a0\u200b ovn.kubernetes.io/mirror annotation \u200b\u6765\u200b\u5f00\u542f\u200b Pod \u200b\u7ea7\u522b\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: mirror-pod\n namespace: ls1\n annotations:\n ovn.kubernetes.io/mirror: \"true\"\nspec:\n containers:\n - name: mirror-pod\n image: docker.io/library/nginx:alpine\n
"},{"location":"guide/mirror/#_3","title":"\u6027\u80fd\u200b\u6d4b\u8bd5","text":"\u200b\u5728\u200b\u76f8\u540c\u200b\u73af\u5883\u200b\u4e0a\u200b\uff0c\u200b\u5206\u522b\u200b\u5f00\u542f\u200b\u548c\u200b\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u5f00\u5173\u200b\uff0c\u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b
"},{"location":"guide/mirror/#1-pod-to-pod-in-the-same-nodes","title":"1. Pod to Pod in the same Nodes","text":""},{"location":"guide/mirror/#_4","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 12.7 us 289 Mbits/sec 12.6 us (1.8%) 77.9 Mbits/sec 128 15.5 us 517 Mbits/sec 12.7 us (0%) 155 Mbits/sec 512 12.2 us 1.64 Gbits/sec 12.4 us (0%) 624 Mbits/sec 1k 13 us 2.96 Gbits/sec 11.4 us (0.53%) 1.22 Gbits/sec 4k 18 us 7.67 Gbits/sec 25.7 us (0.41%) 1.50 Gbits/sec"},{"location":"guide/mirror/#_5","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 11.9 us 324 Mbits/sec 12.2 us (0.22%) 102 Mbits/sec 128 10.5 us 582 Mbits/sec 9.5 us (0.21%) 198 Mbits/sec 512 11.6 us 1.84 Gbits/sec 9.32 us (0.091%) 827 Mbits/sec 1k 10.5 us 3.44 Gbits/sec 10 us (1.2%) 1.52 Gbits/sec 4k 16.7 us 8.52 Gbits/sec 18.2 us (1.3%) 2.42 Gbits/sec"},{"location":"guide/mirror/#2-pod-to-pod-in-the-different-nodes","title":"2. Pod to Pod in the different Nodes","text":""},{"location":"guide/mirror/#_6","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 258 us 143 Mbits/sec 237 us (61%) 28.5 Mbits/sec 128 240 us 252 Mbits/sec 231 us (64%) 54.9 Mbits/sec 512 236 us 763 Mbits/sec 256 us (68%) 194 Mbits/sec 1k 242 us 969 Mbits/sec 225 us (62%) 449 Mbits/sec 4k 352 us 1.12 Gbits/sec 382 us (0.71%) 21.4 Mbits/sec"},{"location":"guide/mirror/#_7","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 278 us 140 Mbits/sec 227 us (24%) 59.6 Mbits/sec 128 249 us 265 Mbits/sec 265 us (23%) 114 Mbits/sec 512 233 us 914 Mbits/sec 235 us (21%) 468 Mbits/sec 1k 238 us 1.14 Gbits/sec 240 us (15%) 891 Mbits/sec 4k 370 us 1.25 Gbits/sec 361 us (0.43%) 7.54 Mbits/sec"},{"location":"guide/mirror/#3-node-to-node","title":"3. Node to Node","text":""},{"location":"guide/mirror/#_8","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 205 us 162 Mbits/sec 183 us (11%) 74.2 Mbits/sec 128 222 us 280 Mbits/sec 206 us (6.3%) 155 Mbits/sec 512 220 us 1.04 Gbits/sec 177 us (20%) 503 Mbits/sec 1k 213 us 2.06 Gbits/sec 201 us (8.6%) 1.14 Gbits/sec 4k 280 us 5.01 Gbits/sec 315 us (37%) 1.20 Gbits/sec"},{"location":"guide/mirror/#_9","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 204 us 157 Mbits/sec 204 us (8.8%) 81.9 Mbits/sec 128 213 us 262 Mbits/sec 225 us (19%) 136 Mbits/sec 512 220 us 1.02 Gbits/sec 227 us (21%) 486 Mbits/sec 1k 217 us 1.79 Gbits/sec 218 us (29%) 845 Mbits/sec 4k 275 us 5.27 Gbits/sec 336 us (34%) 1.21 Gbits/sec"},{"location":"guide/mirror/#4-pod-to-the-node-where-the-pod-is-located","title":"4. Pod to the Node where the Pod is located","text":""},{"location":"guide/mirror/#_10","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 12.2 us 295 Mbits/sec 12.7 us (0.27%) 74.1 Mbits/sec 128 14.1 us 549 Mbits/sec 10.6 us (0.41%) 153 Mbits/sec 512 13.5 us 1.83 Gbits/sec 12.7 us (0.23%) 586 Mbits/sec 1k 12 us 2.69 Gbits/sec 13 us (1%) 1.16 Gbits/sec 4k 18.9 us 4.51 Gbits/sec 21.8 us (0.42%) 1.81 Gbits/sec"},{"location":"guide/mirror/#_11","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 10.4 us 335 Mbits/sec 12.2 us (0.75%) 95.4 Mbits/sec 128 12.1 us 561 Mbits/sec 11.3 us (0.25%) 194 Mbits/sec 512 11.6 us 1.87 Gbits/sec 10.7 us (0.66%) 745 Mbits/sec 1k 12.7 us 3.12 Gbits/sec 10.9 us (1.2%) 1.46 Gbits/sec 4k 16.5 us 8.23 Gbits/sec 17.9 us (1.5%) 2.51 Gbits/sec"},{"location":"guide/mirror/#5-pod-to-the-node-where-the-pod-is-not-located","title":"5. Pod to the Node where the Pod is not located","text":""},{"location":"guide/mirror/#_12","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 234 us 153 Mbits/sec 232 us (63%) 29.4 Mbits/sec 128 237 us 261 Mbits/sec 238 us (49%) 76.1 Mbits/sec 512 231 us 701 Mbits/sec 238 us (57%) 279 Mbits/sec 1k 256 us 1.05 Gbits/sec 228 us (56%) 524 Mbits/sec 4k 330 us 1.08 Gbits/sec 359 us (1.5%) 35.7 Mbits/sec"},{"location":"guide/mirror/#_13","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 283 us 141 Mbits/sec 230 us (26%) 55.8 Mbits/sec 128 234 us 255 Mbits/sec 234 us (25%) 113 Mbits/sec 512 246 us 760 Mbits/sec 234 us (22%) 458 Mbits/sec 1k 268 us 1.23 Gbits/sec 242 us (20%) 879 Mbits/sec 4k 326 us 1.20 Gbits/sec 369 us (0.5%) 7.87 Mbits/sec"},{"location":"guide/mirror/#6-pod-to-the-cluster-ip-service","title":"6. Pod to the cluster ip service","text":""},{"location":"guide/mirror/#_14","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 237 us 133 Mbits/sec 213 us (65%) 25.5 Mbits/sec 128 232 us 271 Mbits/sec 222 us (62%) 54.8 Mbits/sec 512 266 us 800 Mbits/sec 234 us (60%) 232 Mbits/sec 1k 248 us 986 Mbits/sec 239 us (50%) 511 Mbits/sec 4k 314 us 1.03 Gbits/sec 367 us (0.6%) 13.2 Mbits/sec TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14305.17 0.87ms 1.48ms 24.46ms 100 29082.07 3.87ms 4.35ms 102.85ms"},{"location":"guide/mirror/#_15","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"Size TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth 64 241 us 145 Mbits/sec 225 us (19%) 60.2 Mbits/sec 128 245 us 261 Mbits/sec 212 us (15%) 123 Mbits/sec 512 252 us 821 Mbits/sec 219 us (14%) 499 Mbits/sec 1k 253 us 1.08 Gbits/sec 242 us (16%) 852 Mbits/sec 4k 320 us 1.32 Gbits/sec 360 us (0.47%) 6.70 Mbits/sec TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 13634.07 0.96ms 1.72ms 30.07ms 100 30215.23 3.59ms 3.20ms 77.56ms"},{"location":"guide/mirror/#7-host-to-the-node-port-service-where-the-pod-is-not-located-on-the-target-node","title":"7. Host to the Node port service where the Pod is not located on the target Node","text":""},{"location":"guide/mirror/#_16","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14802.73 0.88ms 1.66ms 31.49ms 100 29809.58 3.78ms 4.12ms 105.34ms"},{"location":"guide/mirror/#_17","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14273.33 0.90ms 1.60ms 37.16ms 100 30757.81 3.62ms 3.41ms 59.78ms"},{"location":"guide/mirror/#8-host-to-the-node-port-service-where-the-pod-is-located-on-the-target-node","title":"8. Host to the Node port service where the Pod is located on the target Node","text":""},{"location":"guide/mirror/#_18","title":"\u5f00\u542f\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 15402.39 802.50us 1.42ms 30.91ms 100 29424.66 4.05ms 4.31ms 90.60ms"},{"location":"guide/mirror/#_19","title":"\u5173\u95ed\u200b\u6d41\u91cf\u200b\u955c\u50cf","text":"TCP-Conn-Number QPS Avg-Resp-Time Stdev-Resp-Time Max-Resp-Time 10 14649.21 0.91ms 1.72ms 43.92ms 100 32143.61 3.66ms 3.76ms 67.02ms \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/networkpolicy-log/","title":"NetworkPolicy \u200b\u65e5\u5fd7","text":"NetworkPolicy \u200b\u4e3a\u200b Kubernetes \u200b\u63d0\u4f9b\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u63a5\u53e3\u200b\uff0cKube-OVN \u200b\u901a\u8fc7\u200b OVN \u200b\u7684\u200b ACL \u200b\u8fdb\u884c\u200b\u4e86\u200b\u5b9e\u73b0\u200b\u3002 \u200b\u4f7f\u7528\u200b\u4e86\u200b NetworkPolicy \u200b\u540e\u200b\u5982\u679c\u200b\u51fa\u73b0\u200b\u7f51\u7edc\u200b\u4e0d\u901a\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0c\u200b\u96be\u4ee5\u200b\u5224\u65ad\u200b\u662f\u200b\u7f51\u7edc\u6545\u969c\u200b\u95ee\u9898\u200b\u8fd8\u662f\u200b NetworkPolicy \u200b\u89c4\u5219\u200b\u8bbe\u7f6e\u200b\u95ee\u9898\u200b\u5bfc\u81f4\u200b\u7684\u200b\u7f51\u7edc\u200b\u4e2d\u65ad\u200b\u3002 Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b NetworkPolicy \u200b\u65e5\u5fd7\u200b\u529f\u80fd\u200b\uff0c\u200b\u5e2e\u52a9\u200b\u7ba1\u7406\u5458\u200b\u5feb\u901f\u200b\u5b9a\u4f4d\u200b NetworkPolicy Drop \u200b\u89c4\u5219\u200b\u662f\u5426\u200b\u547d\u4e2d\u200b\uff0c\u200b\u5e76\u200b\u8bb0\u5f55\u200b\u6709\u200b\u54ea\u4e9b\u200b\u975e\u6cd5\u200b\u8bbf\u95ee\u200b\u3002
NetworkPolicy \u200b\u65e5\u5fd7\u200b\u529f\u80fd\u200b\u4e00\u65e6\u200b\u5f00\u542f\u200b\uff0c\u200b\u5bf9\u200b\u6bcf\u4e2a\u200b\u547d\u4e2d\u200b Drop \u200b\u89c4\u5219\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u90fd\u200b\u9700\u8981\u200b\u6253\u5370\u200b\u65e5\u5fd7\u200b\uff0c\u200b\u4f1a\u200b\u5e26\u6765\u200b\u989d\u5916\u200b\u6027\u80fd\u200b\u5f00\u9500\u200b\u3002 \u200b\u5728\u200b\u6076\u610f\u200b\u653b\u51fb\u200b\u4e0b\u200b\uff0c\u200b\u77ed\u65f6\u95f4\u200b\u5927\u91cf\u200b\u65e5\u5fd7\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u8017\u5c3d\u200b CPU\u3002\u200b\u6211\u4eec\u200b\u5efa\u8bae\u200b\u5728\u200b\u751f\u4ea7\u200b\u73af\u5883\u200b\u9ed8\u8ba4\u200b\u5173\u95ed\u200b\u65e5\u5fd7\u200b\u529f\u80fd\u200b\uff0c\u200b\u5728\u200b\u9700\u8981\u200b\u6392\u67e5\u200b\u95ee\u9898\u200b\u65f6\u200b\uff0c\u200b\u52a8\u6001\u200b\u5f00\u542f\u200b\u65e5\u5fd7\u200b\u3002
"},{"location":"guide/networkpolicy-log/#networkpolicy_1","title":"\u5f00\u542f\u200b NetworkPolicy \u200b\u65e5\u5fd7","text":"\u200b\u5728\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u65e5\u5fd7\u200b\u8bb0\u5f55\u200b\u7684\u200b NetworkPolicy \u200b\u4e2d\u200b\u589e\u52a0\u200b annotation ovn.kubernetes.io/enable_log\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: default-deny-ingress\n namespace: kube-system\n annotations:\n ovn.kubernetes.io/enable_log: \"true\"\nspec:\n podSelector: {}\n policyTypes:\n - Ingress\n
\u200b\u63a5\u4e0b\u6765\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5bf9\u5e94\u200b Pod \u200b\u6240\u5728\u200b\u4e3b\u673a\u200b\u7684\u200b /var/log/ovn/ovn-controller.log \u200b\u4e2d\u200b\u89c2\u5bdf\u200b\u5230\u200b\u88ab\u200b\u4e22\u5f03\u200b\u6570\u636e\u5305\u200b\u7684\u200b\u65e5\u5fd7\u200b\uff1a
# tail -f /var/log/ovn/ovn-controller.log\n2022-07-20T05:55:03.229Z|00394|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=54343,tp_dst=53\n2022-07-20T05:55:06.229Z|00395|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=44187,tp_dst=53\n2022-07-20T05:55:08.230Z|00396|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=54274,tp_dst=53\n2022-07-20T05:55:11.231Z|00397|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=32778,tp_dst=53\n2022-07-20T05:55:11.231Z|00398|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.9,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=34188,tp_dst=53\n2022-07-20T05:55:13.231Z|00399|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: udp,vlan_tci=0x0000,dl_src=00:00:00:21:b7:d1,dl_dst=00:00:00:8d:0b:86,nw_src=10.16.0.10,nw_dst=10.16.0.7,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=43290,tp_dst=53\n2022-07-20T05:55:22.096Z|00400|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n2022-07-20T05:55:22.097Z|00401|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n2022-07-20T05:55:22.098Z|00402|acl_log(ovn_pinctrl0)|INFO|name=\"<unnamed>\", verdict=drop, severity=warning, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=00:00:00:6c:42:91,dl_dst=00:00:00:a5:d7:63,nw_src=10.16.0.9,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0\n
"},{"location":"guide/networkpolicy-log/#networkpolicy_2","title":"\u5173\u95ed\u200b NetworkPolicy \u200b\u65e5\u5fd7","text":"\u200b\u5c06\u200b\u5bf9\u5e94\u200b NetworkPolicy \u200b\u4e2d\u200b\u7684\u200b annotation ovn.kubernetes.io/enable_log \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b false \u200b\u5373\u53ef\u200b\u5173\u95ed\u200b NetworkPolicy \u200b\u65e5\u5fd7\u200b\uff1a
kubectl annotate networkpolicy -n kube-system default-deny-ingress ovn.kubernetes.io/enable_log=false --overwrite\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/prometheus-grafana/","title":"\u914d\u7f6e\u200b\u76d1\u63a7\u200b\u548c\u200b\u9762\u677f","text":"Kube-OVN \u200b\u53ef\u4ee5\u200b\u5c06\u200b\u7f51\u7edc\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u4fe1\u606f\u200b\u4ee5\u53ca\u200b\u7f51\u7edc\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u8d28\u91cf\u200b\u4fe1\u606f\u200b\u6307\u6807\u200b\u4ee5\u200b Prometheus \u200b\u6240\u200b\u652f\u6301\u200b\u7684\u200b\u683c\u5f0f\u200b\u5bf9\u5916\u200b\u8f93\u51fa\u200b\u3002
\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b kube-prometheus \u200b\u6240\u200b\u63d0\u4f9b\u200b\u7684\u200b CRD \u200b\u6765\u200b\u5b9a\u4e49\u200b\u76f8\u5e94\u200b\u7684\u200b Prometheus \u200b\u76d1\u63a7\u200b\u89c4\u5219\u200b\u3002 \u200b\u7528\u6237\u200b\u9700\u8981\u200b\u9884\u5148\u200b\u5b89\u88c5\u200b kube-prometheus \u200b\u6765\u200b\u542f\u7528\u200b\u76f8\u5173\u200b\u7684\u200b CRD\u3002Kube-OVN \u200b\u6240\u200b\u652f\u6301\u200b\u7684\u200b\u5168\u90e8\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u8bf7\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b\u539f\u751f\u200b Prometheus \u200b\u8bf7\u200b\u53c2\u8003\u200b\u914d\u7f6e\u200b\u539f\u751f\u200b Prometheus \u200b\u83b7\u53d6\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b \u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/prometheus-grafana/#prometheus-monitor","title":"\u5b89\u88c5\u200b Prometheus Monitor","text":"Kube-OVN \u200b\u4f7f\u7528\u200b Prometheus Monitor CRD \u200b\u6765\u200b\u7ba1\u7406\u200b\u76d1\u63a7\u200b\u8f93\u51fa\u200b\uff1a
# \u200b\u7f51\u54af\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/pinger-monitor.yaml\n# kube-ovn-controller \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/controller-monitor.yaml\n# kube-ovn-cni \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/cni-monitor.yaml\n# ovn \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\nkubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovn-monitor.yaml\n
Prometheus \u200b\u62c9\u53d6\u200b\u76d1\u63a7\u200b\u65f6\u95f4\u200b\u95f4\u9694\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b 15s\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u8c03\u6574\u200b\u9700\u8981\u200b\u4fee\u6539\u200b yaml \u200b\u4e2d\u200b\u7684\u200b interval \u200b\u5b57\u200b\u6bb5\u200b\u3002
"},{"location":"guide/prometheus-grafana/#grafana","title":"\u52a0\u8f7d\u200b Grafana \u200b\u9762\u677f","text":"Kube-OVN \u200b\u8fd8\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u9884\u5148\u200b\u5b9a\u4e49\u200b\u597d\u200b\u7684\u200b Grafana Dashboard \u200b\u5c55\u793a\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u548c\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u76f8\u5173\u200b\u4fe1\u606f\u200b\u3002
\u200b\u4e0b\u8f7d\u200b\u5bf9\u5e94\u200b Dashboard \u200b\u6a21\u677f\u200b\uff1a
# \u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/pinger-grafana.json\n# kube-ovn-controller \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/controller-grafana.json\n# kube-ovn-cni \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/cni-grafana.json\n# ovn \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovn-grafana.json\n# ovs \u200b\u76f8\u5173\u200b\u9762\u677f\u200b\nwget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/monitoring/ovs-grafana.json\n
\u200b\u5728\u200b Grafana \u200b\u4e2d\u200b\u5bfc\u5165\u200b\u6a21\u677f\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u6570\u636e\u6e90\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bf9\u5e94\u200b\u7684\u200b Prometheus \u200b\u5373\u53ef\u200b\u770b\u5230\u200b\u5982\u4e0b\u200b Dashboard\uff1a
kube-ovn-controller \u200b\u8fd0\u884c\u72b6\u51b5\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\uff1a
kube-ovn-pinger \u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\uff1a
kube-ovn-cni \u200b\u8fd0\u884c\u72b6\u51b5\u200b\u76f8\u5173\u200b\u9762\u677f\u200b\uff1a
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/prometheus/","title":"\u914d\u7f6e\u200b\u539f\u751f\u200b Prometheus \u200b\u83b7\u53d6\u200b\u76d1\u63a7\u200b\u6570\u636e","text":"Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e30\u5bcc\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\uff0c\u200b\u7528\u4e8e\u200b OVN/OVS \u200b\u5065\u5eb7\u200b\u72b6\u6001\u200b\u68c0\u67e5\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u68c0\u67e5\u200b\u3002Kube-OVN \u200b\u914d\u7f6e\u200b\u4e86\u200b ServiceMonitor\uff0c\u200b\u53ef\u4ee5\u200b\u7528\u4e8e\u200b Prometheus \u200b\u52a8\u6001\u200b\u83b7\u53d6\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
\u200b\u5728\u200b\u67d0\u4e9b\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u53ea\u200b\u5b89\u88c5\u200b\u4e86\u200b Prometheus Server\uff0c\u200b\u6ca1\u6709\u200b\u5b89\u88c5\u200b\u5176\u4ed6\u200b\u7684\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b Prometheus \u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u52a8\u6001\u200b\u83b7\u53d6\u200b\u96c6\u7fa4\u200b\u73af\u5883\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u3002
"},{"location":"guide/prometheus/#prometheus_1","title":"Prometheus \u200b\u914d\u7f6e","text":"\u200b\u4ee5\u4e0b\u200b\u7684\u200b\u914d\u7f6e\u200b\u6587\u6863\u200b\uff0c\u200b\u53c2\u8003\u200b\u81ea\u200b Prometheus \u200b\u670d\u52a1\u200b\u53d1\u73b0\u200b\u3002
"},{"location":"guide/prometheus/#_1","title":"\u6743\u9650\u200b\u914d\u7f6e","text":"Prometheus \u200b\u90e8\u7f72\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\uff0c\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b k8s apiserver \u200b\u6765\u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b\u8d44\u6e90\u200b\uff0c\u200b\u4ece\u800c\u200b\u5b9e\u73b0\u200b\u67e5\u8be2\u200b\u4e1a\u52a1\u200b\u7684\u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u914d\u7f6e\u200b Prometheus \u200b\u9700\u8981\u200b\u7684\u200b\u6743\u9650\u200b\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: prometheus\nrules:\n- apiGroups: [\"\"]\n resources:\n - nodes\n - nodes/proxy\n - services\n - endpoints\n - pods\n verbs: [\"get\", \"list\", \"watch\"]\n- apiGroups:\n - extensions\n resources:\n - ingresses\n verbs: [\"get\", \"list\", \"watch\"]\n- nonResourceURLs: [\"/metrics\"]\n verbs: [\"get\"]\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: prometheus\n namespace: default\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: prometheus\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: prometheus\nsubjects:\n- kind: ServiceAccount\n name: prometheus\n namespace: default\n
"},{"location":"guide/prometheus/#prometheus_2","title":"Prometheus \u200b\u914d\u7f6e\u6587\u4ef6","text":"Prometheus \u200b\u7684\u200b\u542f\u52a8\u200b\uff0c\u200b\u4f9d\u8d56\u4e8e\u200b\u914d\u7f6e\u6587\u4ef6\u200b prometheus.yml\uff0c\u200b\u53ef\u4ee5\u200b\u5c06\u200b\u8be5\u200b\u6587\u4ef6\u200b\u5185\u5bb9\u200b\u914d\u7f6e\u200b\u5728\u200b ConfigMap \u200b\u5185\u200b\uff0c\u200b\u52a8\u6001\u200b\u6302\u8f7d\u200b\u5230\u200b Pod \u200b\u4e2d\u200b\u3002
\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml\uff0c\u200b\u521b\u5efa\u200b Prometheus \u200b\u4f7f\u7528\u200b\u7684\u200b ConfigMap \u200b\u6587\u4ef6\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: prometheus-config\ndata:\n prometheus.yml: |-\n global:\n scrape_interval: 15s \n evaluation_interval: 15s\n scrape_configs:\n - job_name: 'prometheus'\n static_configs:\n - targets: ['localhost:9090']\n\n - job_name: 'kubernetes-nodes'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: node\n\n - job_name: 'kubernetes-service'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: service\n\n - job_name: 'kubernetes-endpoints'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: endpoints\n\n - job_name: 'kubernetes-ingress'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: ingress\n\n - job_name: 'kubernetes-pods'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: pod\n
Prometheus \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u57fa\u4e8e\u200b\u89d2\u8272\u200b\u67e5\u8be2\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u76d1\u63a7\u200b\u7684\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u53ef\u4ee5\u200b\u67e5\u770b\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b kubernetes_sd_config\u3002
\u200b\u5728\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\uff0cPrometheus \u200b\u652f\u6301\u200b\u67e5\u8be2\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u7684\u200b\u89d2\u8272\u200b\u5305\u542b\u200b node\u3001service\u3001pod\u3001endpoints \u200b\u548c\u200b ingress\u3002\u200b\u5728\u200b ConfigMap \u200b\u914d\u7f6e\u6587\u4ef6\u200b\u4e2d\u200b\u7ed9\u51fa\u200b\u4e86\u200b\u4ee5\u4e0a\u200b\u5168\u90e8\u200b\u8d44\u6e90\u200b\u7684\u200b\u76d1\u63a7\u200b\u67e5\u8be2\u200b\u914d\u7f6e\u200b\u793a\u4f8b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u6839\u636e\u200b\u9700\u8981\u200b\u9009\u62e9\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/prometheus/#prometheus_3","title":"Prometheus \u200b\u90e8\u7f72","text":"\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml \u200b\u6587\u4ef6\u200b\uff0c\u200b\u90e8\u7f72\u200b Prometheus Server\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: prometheus\n name: prometheus\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: prometheus\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n labels:\n app: prometheus\n spec:\n serviceAccountName: prometheus\n serviceAccount: prometheus\n containers:\n - image: docker.io/prom/prometheus:latest\n imagePullPolicy: IfNotPresent\n name: prometheus\n command:\n - \"/bin/prometheus\"\n args:\n - \"--config.file=/etc/prometheus/prometheus.yml\"\n ports:\n - containerPort: 9090\n protocol: TCP\n volumeMounts:\n - mountPath: \"/etc/prometheus\"\n name: prometheus-config\n volumes:\n - name: prometheus-config\n configMap:\n name: prometheus-config\n
\u200b\u5728\u200b\u90e8\u7f72\u200b\u5b8c\u200b Prometheus \u200b\u4e4b\u540e\u200b\uff0c\u200b\u53c2\u8003\u200b\u4ee5\u4e0b\u200b yaml \u200b\u6587\u4ef6\u200b\uff0c\u200b\u90e8\u7f72\u200b Prometheus Service\uff1a
kind: Service\napiVersion: v1\nmetadata:\n name: prometheus\n namespace: default\n labels:\n name: prometheus\nspec:\n ports:\n - name: test\n protocol: TCP\n port: 9090\n targetPort: 9090\n type: NodePort\n selector:\n app: prometheus\n sessionAffinity: None\n
\u200b\u5c06\u200b Prometheus \u200b\u901a\u8fc7\u200b NodePort \u200b\u66b4\u9732\u200b\u540e\u200b\uff0c\u200b\u5373\u53ef\u200b\u901a\u8fc7\u200b\u8282\u70b9\u200b\u6765\u200b\u8bbf\u95ee\u200b Prometheus\u3002
"},{"location":"guide/prometheus/#prometheus_4","title":"Prometheus \u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u9a8c\u8bc1","text":"\u200b\u67e5\u770b\u200b\u73af\u5883\u200b\u4e0a\u200b Prometheus \u200b\u76f8\u5173\u200b\u7684\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc \nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkubernetes ClusterIP 10.4.0.1 <none> 443/TCP 8d\nprometheus NodePort 10.4.102.222 <none> 9090:32611/TCP 8d\n# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nprometheus-7544b6b84d-v9m8s 1/1 Running 0 3d5h 10.3.0.7 192.168.137.219 <none> <none>\n# kubectl get endpoints -o wide\nNAME ENDPOINTS AGE\nkubernetes 192.168.136.228:6443,192.168.136.232:6443,192.168.137.219:6443 8d\nprometheus 10.3.0.7:9090 8d\n
\u200b\u901a\u8fc7\u200b NodePort \u200b\u8bbf\u95ee\u200b Prometheus\uff0c\u200b\u67e5\u770b\u200b Status/Service Discovery \u200b\u52a8\u6001\u200b\u67e5\u8be2\u200b\u5230\u200b\u7684\u200b\u6570\u636e\u200b\uff1a
\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u5f53\u524d\u200b\u53ef\u4ee5\u200b\u67e5\u8be2\u200b\u5230\u200b\u96c6\u7fa4\u200b\u4e0a\u200b\u5168\u90e8\u200b\u7684\u200b Service \u200b\u6570\u636e\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"guide/prometheus/#_2","title":"\u914d\u7f6e\u200b\u67e5\u8be2\u200b\u6307\u5b9a\u200b\u7684\u200b\u8d44\u6e90","text":"\u200b\u4ee5\u4e0a\u200b\u7684\u200b ConfigMap \u200b\u914d\u7f6e\u200b\u4e2d\u200b\uff0c\u200b\u6ca1\u6709\u200b\u6dfb\u52a0\u200b\u8fc7\u6ee4\u200b\u6761\u4ef6\u200b\uff0c\u200b\u67e5\u8be2\u200b\u4e86\u200b\u6240\u6709\u200b\u7684\u200b\u8d44\u6e90\u200b\u6570\u636e\u200b\u3002\u200b\u5982\u679c\u200b\u53ea\u200b\u9700\u8981\u200b\u67d0\u4e2a\u200b\u89d2\u8272\u200b\u7684\u200b\u8d44\u6e90\u200b\u6570\u636e\u200b\uff0c\u200b\u5219\u200b\u53ef\u4ee5\u200b\u6dfb\u52a0\u200b\u8fc7\u6ee4\u200b\u6761\u4ef6\u200b\u3002
\u200b\u4ee5\u200b Service \u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u4fee\u6539\u200b ConfigMap \u200b\u5185\u5bb9\u200b\uff0c\u200b\u53ea\u200b\u67e5\u8be2\u200b\u5173\u5fc3\u200b\u7684\u200b Service \u200b\u76d1\u63a7\u200b\u6570\u636e\u200b\u3002
- job_name: 'kubernetes-service'\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: service\n relabel_configs:\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]\n action: \"keep\"\n regex: \"true\"\n - action: labelmap\n regex: __meta_kubernetes_service_label_(.+)\n - source_labels: [__meta_kubernetes_namespace]\n target_label: kubernetes_namespace\n - source_labels: [__meta_kubernetes_service_name]\n target_label: kubernetes_service_name\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]\n action: replace\n target_label: __metrics_path__\n regex: \"(.+)\"\n
Service \u200b\u9ed8\u8ba4\u200b\u76d1\u63a7\u200b\u8def\u5f84\u200b\u4e3a\u200b /metrics\u3002\u200b\u5982\u679c\u200b Service \u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u662f\u200b\u5176\u4ed6\u200b\u7684\u200b\u8def\u5f84\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u7ed9\u200b Service \u200b\u6dfb\u52a0\u200b annotation prometheus.io/path \u200b\u6765\u200b\u6307\u5b9a\u200b\u91c7\u96c6\u200b\u8def\u5f84\u200b\u3002
\u200b\u5e94\u7528\u200b\u4ee5\u4e0a\u200b yaml\uff0c\u200b\u66f4\u65b0\u200b ConfigMap \u200b\u4fe1\u606f\u200b\uff0c\u200b\u91cd\u5efa\u200b Prometheus Pod\uff0c\u200b\u4f7f\u200b\u914d\u7f6e\u200b\u751f\u6548\u200b\u3002
\u200b\u67e5\u770b\u200b kube-system Namespace \u200b\u4e0b\u200b\u7684\u200b Service \u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc -n kube-system\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkube-dns ClusterIP 10.4.0.10 <none> 53/UDP,53/TCP,9153/TCP 13d\nkube-ovn-cni ClusterIP 10.4.228.60 <none> 10665/TCP 13d\nkube-ovn-controller ClusterIP 10.4.172.213 <none> 10660/TCP 13d\nkube-ovn-monitor ClusterIP 10.4.242.9 <none> 10661/TCP 13d\nkube-ovn-pinger ClusterIP 10.4.122.52 <none> 8080/TCP 13d\novn-nb ClusterIP 10.4.80.213 <none> 6641/TCP 13d\novn-northd ClusterIP 10.4.126.234 <none> 6643/TCP 13d\novn-sb ClusterIP 10.4.216.249 <none> 6642/TCP 13d\n
\u200b\u7ed9\u200b Service \u200b\u6dfb\u52a0\u200b annotation prometheus.io/scrape=\"true\"\uff1a
# kubectl annotate svc -n kube-system kube-ovn-cni prometheus.io/scrape=true\nservice/kube-ovn-cni annotated\n# kubectl annotate svc -n kube-system kube-ovn-controller prometheus.io/scrape=true\nservice/kube-ovn-controller annotated\n# kubectl annotate svc -n kube-system kube-ovn-monitor prometheus.io/scrape=true\nservice/kube-ovn-monitor annotated\n# kubectl annotate svc -n kube-system kube-ovn-pinger prometheus.io/scrape=true\nservice/kube-ovn-pinger annotated\n
\u200b\u67e5\u770b\u200b\u914d\u7f6e\u200b\u540e\u200b\u7684\u200b Service \u200b\u4fe1\u606f\u200b\uff1a
# kubectl get svc -o yaml -n kube-system kube-ovn-controller\napiVersion: v1\nkind: Service\nmetadata:\n annotations:\n helm.sh/chart-version: v3.10.0-alpha.55\n helm.sh/original-name: kube-ovn-controller\n ovn.kubernetes.io/vpc: ovn-cluster\n prometheus.io/scrape: \"true\" // \u200b\u6dfb\u52a0\u200b\u7684\u200b annotation\n labels:\n app: kube-ovn-controller\n name: kube-ovn-controller\n namespace: kube-system\nspec:\n clusterIP: 10.4.172.213\n clusterIPs:\n - 10.4.172.213\n internalTrafficPolicy: Cluster\n ipFamilies:\n - IPv4\n ipFamilyPolicy: SingleStack\n ports:\n - name: metrics\n port: 10660\n protocol: TCP\n targetPort: 10660\n selector:\n app: kube-ovn-controller\n sessionAffinity: None\n type: ClusterIP\nstatus:\n loadBalancer: {}\n
\u200b\u67e5\u770b\u200b Prometheus Status Targets \u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u770b\u5230\u200b\u53ea\u6709\u200b\u6dfb\u52a0\u200b\u4e86\u200b annotation \u200b\u7684\u200b Service \u200b\u88ab\u200b\u8fc7\u6ee4\u51fa\u6765\u200b\uff1a
\u200b\u66f4\u200b\u591a\u200b\u5173\u4e8e\u200b relabel \u200b\u6dfb\u52a0\u200b\u8fc7\u6ee4\u200b\u53c2\u6570\u200b\u7684\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Prometheus-Relabel\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/qos/","title":"\u5bb9\u5668\u200b\u7f51\u7edc\u200b QoS \u200b\u914d\u7f6e","text":"Kube-OVN \u200b\u652f\u6301\u200b\u57fa\u4e8e\u200b\u5355\u4e2a\u200b Pod \u200b\u7684\u200b\u4e24\u79cd\u200b\u4e0d\u540c\u200b\u7c7b\u578b\u200b\u7684\u200b QoS\uff1a
- \u200b\u6700\u5927\u200b\u5e26\u5bbd\u200b\u9650\u5236\u200b QoS\u3002
linux-netem\uff0c\u200b\u6a21\u62df\u200b\u8bbe\u5907\u200b\u5e72\u6270\u200b\u4e22\u5305\u200b\u7b49\u200b\u7684\u200b QoS\uff0c\u200b\u53ef\u200b\u7528\u4e8e\u200b\u6a21\u62df\u200b\u6d4b\u8bd5\u200b\u3002
\u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b Pod \u200b\u7ea7\u522b\u200b QoS \u200b\u4e0d\u200b\u652f\u6301\u200b Namespace \u200b\u6216\u200b Subnet \u200b\u7ea7\u522b\u200b\u7684\u200b QoS \u200b\u9650\u5236\u200b\u3002
"},{"location":"guide/qos/#qos_1","title":"\u57fa\u4e8e\u200b\u6700\u5927\u200b\u5e26\u5bbd\u200b\u9650\u5236\u200b\u7684\u200b QoS","text":"\u200b\u8be5\u200b\u7c7b\u578b\u200b\u7684\u200b QoS \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Pod annotation \u200b\u52a8\u6001\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u4e0d\u200b\u4e2d\u65ad\u200b Pod \u200b\u8fd0\u884c\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\u3002 \u200b\u5e26\u5bbd\u200b\u9650\u901f\u200b\u7684\u200b\u5355\u4f4d\u200b\u4e3a\u200b Mbit/s\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: qos\n namespace: ls1\n annotations:\n ovn.kubernetes.io/ingress_rate: \"3\"\n ovn.kubernetes.io/egress_rate: \"1\"\nspec:\n containers:\n - name: qos\n image: docker.io/library/nginx:alpine\n
\u200b\u4f7f\u7528\u200b annotation \u200b\u52a8\u6001\u200b\u8c03\u6574\u200b QoS\uff1a
kubectl annotate --overwrite pod nginx-74d5899f46-d7qkn ovn.kubernetes.io/ingress_rate=3\n
"},{"location":"guide/qos/#qos_2","title":"\u6d4b\u8bd5\u200b QoS \u200b\u8c03\u6574","text":"\u200b\u90e8\u7f72\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b\u9700\u8981\u200b\u7684\u200b\u5bb9\u5668\u200b\uff1a
kind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: perf\n namespace: ls1\n labels:\n app: perf\nspec:\n selector:\n matchLabels:\n app: perf\n template:\n metadata:\n labels:\n app: perf\n spec:\n containers:\n - name: nginx\n image: docker.io/kubeovn/perf\n
\u200b\u8fdb\u5165\u200b\u5176\u4e2d\u200b\u4e00\u4e2a\u200b Pod \u200b\u5e76\u200b\u5f00\u542f\u200b iperf3 server\uff1a
# kubectl exec -it perf-4n4gt -n ls1 sh\n# iperf3 -s\n-----------------------------------------------------------\nServer listening on 5201\n-----------------------------------------------------------\n
\u200b\u8fdb\u5165\u200b\u53e6\u200b\u4e00\u4e2a\u200b Pod \u200b\u8bf7\u6c42\u200b\u4e4b\u524d\u200b\u7684\u200b Pod\uff1a
# kubectl exec -it perf-d4mqc -n ls1 sh\n# iperf3 -c 10.66.0.12\nConnecting to host 10.66.0.12, port 5201\n[ 4] local 10.66.0.14 port 51544 connected to 10.66.0.12 port 5201\n[ ID] Interval Transfer Bandwidth Retr Cwnd\n[ 4] 0.00-1.00 sec 86.4 MBytes 725 Mbits/sec 3 350 KBytes\n[ 4] 1.00-2.00 sec 89.9 MBytes 754 Mbits/sec 118 473 KBytes\n[ 4] 2.00-3.00 sec 101 MBytes 848 Mbits/sec 184 586 KBytes\n[ 4] 3.00-4.00 sec 104 MBytes 875 Mbits/sec 217 671 KBytes\n[ 4] 4.00-5.00 sec 111 MBytes 935 Mbits/sec 175 772 KBytes\n[ 4] 5.00-6.00 sec 100 MBytes 840 Mbits/sec 658 598 KBytes\n[ 4] 6.00-7.00 sec 106 MBytes 890 Mbits/sec 742 668 KBytes\n[ 4] 7.00-8.00 sec 102 MBytes 857 Mbits/sec 764 724 KBytes\n[ 4] 8.00-9.00 sec 97.4 MBytes 817 Mbits/sec 1175 764 KBytes\n[ 4] 9.00-10.00 sec 111 MBytes 934 Mbits/sec 1083 838 KBytes\n- - - - - - - - - - - - - - - - - - - - - - - - -\n[ ID] Interval Transfer Bandwidth Retr\n[ 4] 0.00-10.00 sec 1010 MBytes 848 Mbits/sec 5119 sender\n[ 4] 0.00-10.00 sec 1008 MBytes 846 Mbits/sec receiver\n\niperf Done.\n
\u200b\u4fee\u6539\u200b\u7b2c\u4e00\u4e2a\u200b Pod \u200b\u7684\u200b\u5165\u53e3\u200b\u5e26\u5bbd\u200b QoS\uff1a
kubectl annotate --overwrite pod perf-4n4gt -n ls1 ovn.kubernetes.io/ingress_rate=30\n
\u200b\u518d\u6b21\u200b\u4ece\u200b\u7b2c\u4e8c\u4e2a\u200b Pod \u200b\u6d4b\u8bd5\u200b\u7b2c\u4e00\u4e2a\u200b Pod \u200b\u5e26\u5bbd\u200b\uff1a
# iperf3 -c 10.66.0.12\nConnecting to host 10.66.0.12, port 5201\n[ 4] local 10.66.0.14 port 52372 connected to 10.66.0.12 port 5201\n[ ID] Interval Transfer Bandwidth Retr Cwnd\n[ 4] 0.00-1.00 sec 3.66 MBytes 30.7 Mbits/sec 2 76.1 KBytes\n[ 4] 1.00-2.00 sec 3.43 MBytes 28.8 Mbits/sec 0 104 KBytes\n[ 4] 2.00-3.00 sec 3.50 MBytes 29.4 Mbits/sec 0 126 KBytes\n[ 4] 3.00-4.00 sec 3.50 MBytes 29.3 Mbits/sec 0 144 KBytes\n[ 4] 4.00-5.00 sec 3.43 MBytes 28.8 Mbits/sec 0 160 KBytes\n[ 4] 5.00-6.00 sec 3.43 MBytes 28.8 Mbits/sec 0 175 KBytes\n[ 4] 6.00-7.00 sec 3.50 MBytes 29.3 Mbits/sec 0 212 KBytes\n[ 4] 7.00-8.00 sec 3.68 MBytes 30.9 Mbits/sec 0 294 KBytes\n[ 4] 8.00-9.00 sec 3.74 MBytes 31.4 Mbits/sec 0 398 KBytes\n[ 4] 9.00-10.00 sec 3.80 MBytes 31.9 Mbits/sec 0 526 KBytes\n- - - - - - - - - - - - - - - - - - - - - - - - -\n[ ID] Interval Transfer Bandwidth Retr\n[ 4] 0.00-10.00 sec 35.7 MBytes 29.9 Mbits/sec 2 sender\n[ 4] 0.00-10.00 sec 34.5 MBytes 29.0 Mbits/sec receiver\n\niperf Done.\n
"},{"location":"guide/qos/#linux-netem-qos","title":"linux-netem QoS","text":"RHEL \u200b\u7cfb\u5217\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u9700\u8981\u200b\u5b89\u88c5\u200b netem \u200b\u76f8\u5173\u200b\u6a21\u5757\u200b\uff1a yum install -y kernel-modules-extra && modprobe sch_netem
Pod \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5982\u4e0b\u200b annotation \u200b\u914d\u7f6e\u200b linux-netem \u200b\u7c7b\u578b\u200b QoS\uff1a ovn.kubernetes.io/latency\u3001ovn.kubernetes.io/limit \u200b\u548c\u200b ovn.kubernetes.io/loss\u3002
ovn.kubernetes.io/latency\uff1a\u200b\u8bbe\u7f6e\u200b Pod \u200b\u6d41\u91cf\u200b\u5ef6\u8fdf\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b\u6574\u6570\u200b\uff0c\u200b\u5355\u4f4d\u200b\u4e3a\u200b ms\u3002ovn.kubernetes.io/limit\uff1a \u200b\u4e3a\u200b qdisc \u200b\u961f\u5217\u200b\u53ef\u200b\u5bb9\u7eb3\u200b\u7684\u200b\u6700\u5927\u200b\u6570\u636e\u5305\u200b\u6570\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b\u6574\u5f62\u200b\u6570\u503c\u200b\uff0c\u200b\u4f8b\u5982\u200b 1000\u3002ovn.kubernetes.io/loss\uff1a \u200b\u4e3a\u200b\u8bbe\u7f6e\u200b\u7684\u200b\u62a5\u6587\u200b\u4e22\u5305\u200b\u6982\u7387\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b float \u200b\u7c7b\u578b\u200b\uff0c\u200b\u4f8b\u5982\u200b\u53d6\u503c\u200b\u4e3a\u200b 20\uff0c\u200b\u5219\u200b\u4e3a\u200b\u8bbe\u7f6e\u200b 20% \u200b\u7684\u200b\u4e22\u200b\u5305\u200b\u6982\u7387\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/setup-options/","title":"\u5b89\u88c5\u200b\u548c\u200b\u914d\u7f6e\u200b\u9009\u9879","text":"\u200b\u5728\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u4e2d\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff0cKube-OVN \u200b\u8fd8\u200b\u652f\u6301\u200b\u66f4\u200b\u591a\u200b \u200b\u81ea\u5b9a\u4e49\u200b\u914d\u7f6e\u200b\uff0c\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff0c\u200b\u6216\u8005\u200b\u4e4b\u540e\u200b\u66f4\u6539\u200b\u5404\u4e2a\u200b\u7ec4\u4ef6\u200b\u7684\u200b\u53c2\u6570\u200b\u6765\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u4f1a\u200b\u4ecb\u7ecd\u200b\u8fd9\u4e9b\u200b\u81ea\u5b9a\u4e49\u200b\u9009\u9879\u200b \u200b\u7684\u200b\u4f5c\u7528\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5982\u4f55\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/setup-options/#_2","title":"\u5185\u7f6e\u200b\u7f51\u7edc\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u5728\u200b\u5b89\u88c5\u200b\u65f6\u4f1a\u200b\u914d\u7f6e\u200b\u4e24\u4e2a\u200b\u5185\u7f6e\u200b\u5b50\u7f51\u200b\uff1a
default \u200b\u5b50\u7f51\u200b\uff0c\u200b\u4f5c\u4e3a\u200b Pod \u200b\u5206\u914d\u200b IP \u200b\u4f7f\u7528\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9ed8\u8ba4\u200b CIDR \u200b\u4e3a\u200b 10.16.0.0/16\uff0c\u200b\u7f51\u5173\u200b\u4e3a\u200b 10.16.0.1\u3002join \u200b\u5b50\u7f51\u200b\uff0c\u200b\u4f5c\u4e3a\u200b Node \u200b\u548c\u200b Pod \u200b\u4e4b\u95f4\u200b\u8fdb\u884c\u200b\u7f51\u7edc\u901a\u4fe1\u200b\u7684\u200b\u7279\u6b8a\u200b\u5b50\u7f51\u200b, \u200b\u9ed8\u8ba4\u200b CIDR \u200b\u4e3a\u200b 100.64.0.0/16\uff0c\u200b\u7f51\u5173\u200b\u4e3a\u200b 100.64.0.1\u3002
\u200b\u5728\u200b\u5b89\u88c5\u200b\u65f6\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u5185\u200b\u7684\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u66f4\u6539\u200b\uff1a
POD_CIDR=\"10.16.0.0/16\"\nPOD_GATEWAY=\"10.16.0.1\"\nJOIN_CIDR=\"100.64.0.0/16\"\nEXCLUDE_IPS=\"\"\n
EXCLUDE_IP \u200b\u53ef\u200b\u8bbe\u7f6e\u200b POD_CIDR \u200b\u4e0d\u200b\u8fdb\u884c\u200b\u5206\u914d\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\uff0c\u200b\u683c\u5f0f\u200b\u4e3a\u200b\uff1a192.168.10.20..192.168.10.30\u3002
\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b Overlay \u200b\u60c5\u51b5\u200b\u4e0b\u200b\u8fd9\u200b\u4e24\u4e2a\u200b\u7f51\u7edc\u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u6709\u200b\u7684\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u548c\u200b Service CIDR \u200b\u51b2\u7a81\u200b\u3002
\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u53ef\u4ee5\u200b\u5bf9\u200b\u8fd9\u200b\u4e24\u4e2a\u200b\u7f51\u7edc\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u8bf7\u200b\u53c2\u8003\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u548c\u200b\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b\u3002
"},{"location":"guide/setup-options/#service","title":"Service \u200b\u7f51\u6bb5\u200b\u914d\u7f6e","text":"\u200b\u7531\u4e8e\u200b\u90e8\u5206\u200b kube-proxy \u200b\u8bbe\u7f6e\u200b\u7684\u200b iptables \u200b\u548c\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u4f1a\u200b\u548c\u200b Kube-OVN \u200b\u8bbe\u7f6e\u200b\u7684\u200b\u89c4\u5219\u200b\u4ea7\u751f\u200b\u4ea4\u96c6\u200b\uff0c\u200b\u56e0\u6b64\u200b Kube-OVN \u200b\u9700\u8981\u200b\u77e5\u9053\u200b Service \u200b\u7684\u200b CIDR \u200b\u6765\u200b\u6b63\u786e\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u89c4\u5219\u200b\u3002
\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b\uff1a
SVC_CIDR=\"10.96.0.0/12\" \n
\u200b\u6765\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\u3002
\u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\uff1a
args:\n- --service-cluster-ip-range=10.96.0.0/12\n
\u200b\u6765\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
"},{"location":"guide/setup-options/#overlay","title":"Overlay \u200b\u7f51\u5361\u200b\u9009\u62e9","text":"\u200b\u5728\u200b\u8282\u70b9\u200b\u5b58\u5728\u200b\u591a\u5757\u200b\u7f51\u5361\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cKube-OVN \u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u9009\u62e9\u200b Kubernetes Node IP \u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5361\u200b\u4f5c\u4e3a\u200b\u5bb9\u5668\u200b\u95f4\u200b\u8de8\u200b\u8282\u70b9\u200b\u901a\u4fe1\u200b\u7684\u200b\u7f51\u5361\u200b\u5e76\u200b\u5efa\u7acb\u200b\u5bf9\u5e94\u200b\u7684\u200b\u96a7\u9053\u200b\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u9009\u62e9\u200b\u5176\u4ed6\u200b\u7684\u200b\u7f51\u5361\u200b\u5efa\u7acb\u200b\u5bb9\u5668\u200b\u96a7\u9053\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u4fee\u6539\u200b\uff1a
IFACE=eth1\n
\u200b\u8be5\u200b\u9009\u9879\u200b\u652f\u6301\u200b\u4ee5\u200b\u9017\u53f7\u200b\u6240\u200b\u5206\u9694\u200b\u6b63\u5219\u8868\u8fbe\u5f0f\u200b,\u200b\u4f8b\u5982\u200b ens[a-z0-9]*,eth[a-z0-9]*\u3002
\u200b\u5b89\u88c5\u200b\u540e\u200b\u4e5f\u200b\u53ef\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
args:\n- --iface=eth1\n
\u200b\u5982\u679c\u200b\u6bcf\u53f0\u200b\u673a\u5668\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u5747\u200b\u4e0d\u540c\u200b\uff0c\u200b\u4e14\u200b\u6ca1\u6709\u200b\u56fa\u5b9a\u200b\u89c4\u5f8b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u8282\u70b9\u200b annotation ovn.kubernetes.io/tunnel_interface \u200b\u8fdb\u884c\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b\u9010\u4e00\u200b\u914d\u7f6e\u200b\uff0c\u200b\u62e5\u6709\u200b\u8be5\u200b annotation \u200b\u8282\u70b9\u200b\u4f1a\u200b\u8986\u76d6\u200b iface \u200b\u7684\u200b\u914d\u7f6e\u200b\uff0c\u200b\u4f18\u5148\u200b\u4f7f\u7528\u200b annotation\u3002
kubectl annotate node no1 ovn.kubernetes.io/tunnel_interface=ethx\n
"},{"location":"guide/setup-options/#mtu","title":"MTU \u200b\u8bbe\u7f6e","text":"\u200b\u7531\u4e8e\u200b Overlay \u200b\u5c01\u88c5\u200b\u9700\u8981\u200b\u5360\u636e\u200b\u989d\u5916\u200b\u7684\u200b\u7a7a\u95f4\u200b\uff0cKube-OVN \u200b\u5728\u200b\u521b\u5efa\u200b\u5bb9\u5668\u200b\u7f51\u5361\u200b\u65f6\u4f1a\u200b\u6839\u636e\u200b\u9009\u62e9\u200b\u7f51\u5361\u200b\u7684\u200b MTU \u200b\u8fdb\u884c\u200b\u5bb9\u5668\u200b\u7f51\u5361\u200b\u7684\u200b MTU \u200b\u8c03\u6574\u200b\uff0c \u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b Pod \u200b\u7f51\u5361\u200b MTU \u200b\u4e3a\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b MTU - 100\uff0cUnderlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\uff0cPod \u200b\u7f51\u5361\u200b\u548c\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b\u6709\u200b\u76f8\u540c\u200b MTU\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u8c03\u6574\u200b Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b MTU \u200b\u7684\u200b\u5927\u5c0f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u53c2\u6570\u200b\uff1a
args:\n- --mtu=1333\n
"},{"location":"guide/setup-options/#_3","title":"\u5168\u5c40\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u5728\u200b\u5f00\u542f\u200b\u5168\u5c40\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u521b\u5efa\u200b\u4e00\u5757\u200b mirror0 \u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u5361\u200b\uff0c\u200b\u590d\u5236\u200b\u5f53\u524d\u200b\u673a\u5668\u200b\u6240\u6709\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u5230\u200b\u8be5\u200b\u7f51\u5361\u200b\u4e0a\u200b\uff0c \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b tcpdump \u200b\u53ca\u5176\u200b\u4ed6\u200b\u5de5\u5177\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u5206\u6790\u200b\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u901a\u8fc7\u200b\u4e0b\u9762\u200b\u7684\u200b\u914d\u7f6e\u200b\u5f00\u542f\u200b\uff1a
ENABLE_MIRROR=true\n
\u200b\u4e5f\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b\u53c2\u6570\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b:
args:\n- --enable-mirror=true\n
\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u7684\u200b\u80fd\u529b\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5173\u95ed\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u7ec6\u7c92\u5ea6\u200b\u7684\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u6216\u200b\u9700\u8981\u200b\u5c06\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u5230\u200b\u989d\u5916\u200b\u7684\u200b\u7f51\u5361\u200b\u8bf7\u200b\u53c2\u8003\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002
"},{"location":"guide/setup-options/#lb","title":"LB \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u4f7f\u7528\u200b OVN \u200b\u4e2d\u200b\u7684\u200b L2 LB \u200b\u6765\u200b\u5b9e\u73b0\u200b Service \u200b\u8f6c\u53d1\u200b\uff0c\u200b\u5728\u200b Overlay \u200b\u573a\u666f\u200b\u4e2d\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u4f7f\u7528\u200b kube-proxy \u200b\u6765\u200b\u5b8c\u6210\u200b Service \u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b, \u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u5173\u95ed\u200b Kube-OVN \u200b\u7684\u200b LB \u200b\u529f\u80fd\u200b\u4ee5\u200b\u8fbe\u5230\u200b\u63a7\u5236\u200b\u9762\u200b\u548c\u200b\u6570\u636e\u200b\u9762\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_LB=false\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-lb=false\n
LB \u200b\u7684\u200b\u529f\u80fd\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5f00\u542f\u200b\u3002
\u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u5728\u200b subnet crd \u200b\u5b9a\u4e49\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e86\u200b spec \u200b\u5b57\u200b\u6bb5\u200b enableLb\uff0c\u200b\u5c06\u200b Kube-OVN \u200b\u7684\u200b LB \u200b\u529f\u80fd\u200b\u8fc1\u79fb\u200b\u5230\u200b\u5b50\u7f51\u200b\u5c42\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u5206\u522b\u200b\u8bbe\u7f6e\u200b\u662f\u5426\u200b\u5f00\u542f\u200b LB \u200b\u529f\u80fd\u200b\u3002kube-ovn-controller Deployment \u200b\u4e2d\u200b\u7684\u200b enable-lb \u200b\u53c2\u6570\u200b\u4f5c\u4e3a\u200b\u5168\u5c40\u200b\u53c2\u6570\u200b\uff0c\u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u521b\u5efa\u200b load-balancer \u200b\u8bb0\u5f55\u200b\uff0c\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u65b0\u589e\u200b\u7684\u200b enableLb \u200b\u53c2\u6570\u200b\u7528\u4e8e\u200b\u63a7\u5236\u200b\u5b50\u7f51\u200b\u662f\u5426\u200b\u5173\u8054\u200b load-balancer \u200b\u8bb0\u5f55\u200b\u3002\u200b\u4e4b\u524d\u200b\u7248\u672c\u5347\u7ea7\u200b\u5230\u200b v1.12.0 \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5b50\u7f51\u200b enableLb \u200b\u53c2\u6570\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ee7\u627f\u200b\u539f\u6709\u200b\u7684\u200b\u5168\u5c40\u200b\u5f00\u5173\u200b\u53c2\u6570\u200b\u53d6\u503c\u200b\u3002
"},{"location":"guide/setup-options/#networkpolicy","title":"NetworkPolicy \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u4f7f\u7528\u200b OVN \u200b\u4e2d\u200b\u7684\u200b ACL \u200b\u6765\u200b\u5b9e\u73b0\u200b NetworkPolicy\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u5173\u95ed\u200b NetworkPolicy \u200b\u529f\u80fd\u200b \u200b\u6216\u8005\u200b\u4f7f\u7528\u200b Cilium Chain \u200b\u7684\u200b\u65b9\u5f0f\u200b\u5229\u7528\u200b eBPF \u200b\u5b9e\u73b0\u200b NetworkPolicy\uff0c \u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u5173\u95ed\u200b Kube-OVN \u200b\u7684\u200b NetworkPolicy \u200b\u529f\u80fd\u200b\u4ee5\u200b\u8fbe\u5230\u200b\u63a7\u5236\u200b\u9762\u200b\u548c\u200b\u6570\u636e\u200b\u9762\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_NP=false\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-np=false\n
NetworkPolicy \u200b\u7684\u200b\u80fd\u529b\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5f00\u542f\u200b\u3002
"},{"location":"guide/setup-options/#eip-snat","title":"EIP \u200b\u548c\u200b SNAT \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u4e0b\u200b\u5982\u679c\u200b\u65e0\u9700\u200b\u4f7f\u7528\u200b EIP \u200b\u548c\u200b SNAT \u200b\u7684\u200b\u80fd\u529b\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u5173\u95ed\u200b\u76f8\u5173\u200b\u529f\u80fd\u200b\uff0c\u200b\u4ee5\u200b\u51cf\u5c11\u200b kube-ovn-controller \u200b\u5728\u200b\u521b\u5efa\u200b\u548c\u200b\u66f4\u65b0\u200b \u200b\u7f51\u7edc\u200b\u65f6\u200b\u7684\u200b\u68c0\u67e5\u200b\u6d88\u8017\u200b\uff0c\u200b\u5728\u200b\u5927\u89c4\u6a21\u200b\u96c6\u7fa4\u200b\u73af\u5883\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u63d0\u5347\u200b\u5904\u7406\u901f\u5ea6\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_EIP_SNAT=false\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-eip-snat=false\n
EIP \u200b\u548c\u200b SNAT \u200b\u7684\u200b\u80fd\u529b\u200b\u5728\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e2d\u4e3a\u200b\u5f00\u542f\u200b\u3002\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u76f8\u5173\u200b\u4f7f\u7528\u200b\u548c\u200b\u5176\u4ed6\u200b\u53ef\u200b\u914d\u200b\u53c2\u6570\u200b\u8bf7\u200b\u53c2\u8003\u200b EIP \u200b\u548c\u200b SNAT \u200b\u914d\u7f6e\u200b\u3002
"},{"location":"guide/setup-options/#load-balancer-service","title":"Load Balancer \u200b\u7c7b\u578b\u200b Service \u200b\u652f\u6301\u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u53ef\u200b\u901a\u8fc7\u200b\u5f00\u542f\u200b\u8be5\u200b\u9009\u9879\u200b\u6765\u200b\u652f\u6301\u200b Load Balancer \u200b\u7c7b\u578b\u200b Service\u3002\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u76f8\u5173\u200b\u4f7f\u7528\u200b\u548c\u200b\u5176\u4ed6\u200b\u53ef\u200b\u914d\u200b\u53c2\u6570\u200b\u8bf7\u200b\u53c2\u8003\u200b LoadBalancer \u200b\u7c7b\u578b\u200b Service\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u5173\u95ed\u200b\uff0c\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
ENABLE_LB_SVC=true\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u901a\u8fc7\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b\uff1a
args:\n- --enable-lb-svc=true\n
"},{"location":"guide/setup-options/#ecmp","title":"\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b ECMP \u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u652f\u6301\u200b\u4e3b\u5907\u200b\u548c\u200b ECMP \u200b\u4e24\u79cd\u200b\u9ad8\u200b\u53ef\u7528\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u542f\u7528\u200b ECMP \u200b\u6a21\u5f0f\u200b\uff0c \u200b\u9700\u8981\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u914d\u7f6e\u200b:
args:\n- --enable-ecmp=true \n
\u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u5728\u200b subnet crd \u200b\u5b9a\u4e49\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e86\u200b spec \u200b\u5b57\u200b\u6bb5\u200b enableEcmp\uff0c\u200b\u5c06\u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b ECMP \u200b\u5f00\u5173\u200b\u63a7\u5236\u200b\u8fc1\u79fb\u200b\u5230\u200b\u5b50\u7f51\u200b\u5c42\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u5206\u522b\u200b\u8bbe\u7f6e\u200b\u662f\u5426\u200b\u5f00\u542f\u200b ECMP \u200b\u6a21\u5f0f\u200b\u3002\u200b\u539f\u6709\u200b\u7684\u200b kube-ovn-controller Deployment \u200b\u4e2d\u200b\u7684\u200b enable-ecmp \u200b\u53c2\u6570\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\u3002\u200b\u4e4b\u524d\u200b\u7248\u672c\u5347\u7ea7\u200b\u5230\u200b v1.12.0 \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5b50\u7f51\u200b\u5f00\u5173\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ee7\u627f\u200b\u539f\u6709\u200b\u7684\u200b\u5168\u5c40\u200b\u5f00\u5173\u200b\u53c2\u6570\u200b\u53d6\u503c\u200b\u3002
\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e0b\u200b\u4e3a\u4e3b\u200b\u5907\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u7f51\u5173\u200b\u76f8\u5173\u200b\u5185\u5bb9\u200b\u8bf7\u200b\u53c2\u8003\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u3002
"},{"location":"guide/setup-options/#kubevirt-vm","title":"Kubevirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u5f00\u542f\u200b\u8bbe\u7f6e","text":"\u200b\u9488\u5bf9\u200b Kubevirt \u200b\u521b\u5efa\u200b\u7684\u200b VM \u200b\u5b9e\u4f8b\u200b\uff0ckube-ovn-controller \u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b\u7c7b\u4f3c\u200b StatefulSet Pod \u200b\u7684\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\u548c\u200b\u7ba1\u7406\u200b\u3002 \u200b\u4ee5\u200b\u8fbe\u5230\u200b VM \u200b\u5b9e\u4f8b\u200b\u5728\u200b\u751f\u547d\u5468\u671f\u200b\u5185\u542f\u505c\u200b\uff0c\u200b\u5347\u7ea7\u200b\uff0c\u200b\u8fc1\u79fb\u200b\u7b49\u200b\u64cd\u4f5c\u8fc7\u7a0b\u200b\u4e2d\u200b\u5730\u5740\u200b\u56fa\u5b9a\u200b\u4e0d\u53d8\u200b\uff0c\u200b\u66f4\u7b26\u200b\u865a\u62df\u5316\u200b\u5408\u200b\u7528\u6237\u200b\u7684\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4f53\u9a8c\u200b\u3002
\u200b\u8be5\u200b\u529f\u80fd\u200b\u5728\u200b 1.10.6 \u200b\u540e\u200b\u9ed8\u8ba4\u200b\u5f00\u542f\u200b\uff0c\u200b\u82e5\u200b\u8981\u200b\u5173\u95ed\u200b\u6b64\u200b\u529f\u80fd\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u542f\u52a8\u200b\u547d\u4ee4\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\uff1a
args:\n- --keep-vm-ip=false\n
"},{"location":"guide/setup-options/#cni","title":"CNI \u200b\u914d\u7f6e\u200b\u76f8\u5173\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u5728\u200b /opt/cni/bin \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u5b89\u88c5\u200b CNI \u200b\u6267\u884c\u200b\u6587\u4ef6\u200b\uff0c\u200b\u5728\u200b /etc/cni/net.d \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u5b89\u88c5\u200b CNI \u200b\u914d\u7f6e\u6587\u4ef6\u200b 01-kube-ovn.conflist\u3002 \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u66f4\u6539\u200b\u5b89\u88c5\u200b\u4f4d\u7f6e\u200b\u548c\u200b CNI \u200b\u914d\u7f6e\u6587\u4ef6\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u7684\u200b\u4e0b\u5217\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
CNI_CONF_DIR=\"/etc/cni/net.d\"\nCNI_BIN_DIR=\"/opt/cni/bin\"\nCNI_CONFIG_PRIORITY=\"01\"\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u66f4\u6539\u200b kube-ovn-cni DaemonSet \u200b\u7684\u200b Volume \u200b\u6302\u8f7d\u200b\u548c\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff1a
volumes:\n- name: cni-conf\n hostPath:\n path: \"/etc/cni/net.d\"\n- name: cni-bin\n hostPath:\n path:\"/opt/cni/bin\"\n...\nargs:\n- --cni-conf-name=01-kube-ovn.conflist\n
"},{"location":"guide/setup-options/#_4","title":"\u96a7\u9053\u200b\u7c7b\u578b\u200b\u8bbe\u7f6e","text":"Kube-OVN \u200b\u9ed8\u8ba4\u200b Overlay \u200b\u7684\u200b\u5c01\u88c5\u200b\u6a21\u5f0f\u200b\u4e3a\u200b Geneve\uff0c\u200b\u5982\u679c\u200b\u60f3\u200b\u66f4\u6362\u200b\u4e3a\u200b Vxlan \u200b\u6216\u200b STT\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u7684\u200b\u4e0b\u5217\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
TUNNEL_TYPE=\"vxlan\"\n
\u200b\u6216\u8005\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u66f4\u6539\u200b ovs-ovn DaemonSet \u200b\u7684\u200b\u73af\u5883\u53d8\u91cf\u200b\uff1a
env:\n- name: TUNNEL_TYPE\n value: \"vxlan\"\n
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b STT \u200b\u96a7\u9053\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u7f16\u8bd1\u200b ovs \u200b\u7684\u200b\u5185\u6838\u6a21\u5757\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b\u3002
\u200b\u4e0d\u540c\u200b\u534f\u8bae\u200b\u5728\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4e2d\u200b\u7684\u200b\u533a\u522b\u200b\u8bf7\u200b\u53c2\u8003\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\u8bf4\u660e\u200b\u3002
"},{"location":"guide/setup-options/#ssl","title":"SSL \u200b\u8bbe\u7f6e","text":"OVN DB \u200b\u7684\u200b API \u200b\u63a5\u53e3\u200b\u652f\u6301\u200b SSL \u200b\u52a0\u5bc6\u200b\u6765\u200b\u4fdd\u8bc1\u200b\u8fde\u63a5\u200b\u5b89\u5168\u200b\uff0c\u200b\u5982\u200b\u8981\u200b\u5f00\u542f\u200b\u53ef\u200b\u8c03\u6574\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u7684\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b:
ENABLE_SSL=true\n
SSL \u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u5b89\u88c5\u200b\u4e0b\u200b\u4e3a\u200b\u5173\u95ed\u200b\u6a21\u5f0f\u200b\u3002
"},{"location":"guide/setup-options/#ip","title":"\u7ed1\u5b9a\u200b\u672c\u5730\u200b ip","text":"kube-ovn-controller/kube-ovn-cni/kube-ovn-monitor \u200b\u8fd9\u4e9b\u200b\u670d\u52a1\u200b\u652f\u6301\u200b\u7ed1\u5b9a\u200b\u672c\u5730\u200b ip\uff0c\u200b\u8be5\u200b\u529f\u80fd\u8bbe\u8ba1\u200b\u539f\u56e0\u200b\u4e3b\u8981\u200b\u662f\u56e0\u4e3a\u200b\u67d0\u4e9b\u200b\u573a\u666f\u200b\u4e0b\u200b\u51fa\u4e8e\u200b\u5b89\u5168\u200b\u8003\u8651\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u670d\u52a1\u200b\u7ed1\u5b9a\u200b 0.0.0.0 \uff08\u200b\u6bd4\u5982\u200b\u8be5\u200b\u670d\u52a1\u200b\u90e8\u7f72\u200b\u5728\u200b\u67d0\u4e2a\u200b\u5bf9\u5916\u200b\u7f51\u5173\u200b\u4e0a\u200b\uff0c\u200b\u5916\u90e8\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b\u516c\u7f51\u200b ip \u200b\u5e76\u200b\u6307\u5b9a\u200b\u7aef\u53e3\u200b\u53bb\u200b\u8bbf\u95ee\u200b\u5230\u200b\u8be5\u200b\u670d\u52a1\u200b\uff09\uff0c\u200b\u8be5\u200b\u529f\u80fd\u200b\u9ed8\u8ba4\u200b\u662f\u200b\u6253\u5f00\u200b\u7684\u200b\uff0c\u200b\u7531\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b\u63a7\u5236\u200b\uff1a
ENABLE_BIND_LOCAL_IP=true\n
\u200b\u4ee5\u200b kube-ovn-monitor \u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u5f00\u542f\u200b\u529f\u80fd\u200b\u540e\u4f1a\u200b\u628a\u200b\u670d\u52a1\u200b\u7ed1\u5b9a\u200b\u672c\u5730\u200b\u7684\u200b pod ip \u200b\u5982\u4e0b\u200b\uff1a
# netstat -tunlp |grep kube-ovn\ntcp 0 0 172.18.0.5:10661 0.0.0.0:* LISTEN 2612/./kube-ovn-mon\n
\u200b\u5b89\u88c5\u200b\u540e\u200b\u4e5f\u200b\u53ef\u200b\u901a\u8fc7\u200b\u4fee\u6539\u200b\u670d\u52a1\u200b\u7684\u200b deployment \u200b\u6216\u8005\u200b daemonSet \u200b\u7684\u200b\u73af\u5883\u53d8\u91cf\u200b\u53c2\u6570\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff1a
env:\n- name: ENABLE_BIND_LOCAL_IP\n value: \"false\"\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/static-ip-mac/","title":"\u56fa\u5b9a\u200b\u5730\u5740","text":"Kube-OVN \u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u6839\u636e\u200b Pod \u200b\u6240\u5728\u200b Namespace \u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP \u200b\u548c\u200b Mac\u3002 \u200b\u9488\u5bf9\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b\u9700\u8981\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0cKube-OVN \u200b\u6839\u636e\u200b\u4e0d\u540c\u200b\u7684\u200b\u573a\u666f\u200b\uff0c\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u591a\u79cd\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u7684\u200b\u65b9\u6cd5\u200b\uff1a
- \u200b\u5355\u4e2a\u200b Pod \u200b\u56fa\u5b9a\u200b IP/Mac\u3002
- Workload \u200b\u901a\u7528\u200b IP Pool \u200b\u65b9\u5f0f\u200b\u6307\u5b9a\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u3002
- StatefulSet \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u3002
- KubeVirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u3002
"},{"location":"guide/static-ip-mac/#pod-ip-mac","title":"\u5355\u4e2a\u200b Pod \u200b\u56fa\u5b9a\u200b IP \u200b\u548c\u200b Mac","text":"\u200b\u53ef\u4ee5\u200b\u5728\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u901a\u8fc7\u200b annotation \u200b\u6765\u200b\u6307\u5b9a\u200b Pod \u200b\u8fd0\u884c\u200b\u65f6\u200b\u6240\u200b\u9700\u200b\u7684\u200b IP/Mac, kube-ovn-controller \u200b\u8fd0\u884c\u200b\u65f6\u200b\u5c06\u200b\u4f1a\u200b\u8df3\u200b\u8fc7\u200b\u5730\u5740\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u9636\u6bb5\u200b\uff0c\u200b\u7ecf\u8fc7\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\u540e\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u6307\u5b9a\u200b\u5730\u5740\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: static-ip\n annotations:\n ovn.kubernetes.io/ip_address: 10.16.0.15 // \u200b\u53cc\u6808\u200b\u5730\u5740\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u5206\u9694\u200b 10.16.0.15,fd00:10:16::15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\nspec:\n containers:\n - name: static-ip\n image: docker.io/library/nginx:alpine\n
\u200b\u5728\u200b\u4f7f\u7528\u200b annotation \u200b\u5b9a\u4e49\u200b\u5355\u4e2a\u200b Pod IP/Mac \u200b\u65f6\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u4ee5\u4e0b\u51e0\u70b9\u200b\uff1a
- \u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b IP/Mac \u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u6709\u200b\u7684\u200b IP/Mac \u200b\u51b2\u7a81\u200b\u3002
- IP \u200b\u5fc5\u987b\u200b\u5728\u200b\u6240\u5c5e\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u5185\u200b\u3002
- \u200b\u53ef\u4ee5\u200b\u53ea\u200b\u6307\u5b9a\u200b IP \u200b\u6216\u200b Mac\uff0c\u200b\u53ea\u200b\u6307\u5b9a\u200b\u4e00\u4e2a\u200b\u65f6\u200b\uff0c\u200b\u53e6\u200b\u4e00\u4e2a\u200b\u4f1a\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u3002
"},{"location":"guide/static-ip-mac/#workload-ip-pool","title":"Workload \u200b\u901a\u7528\u200b IP Pool \u200b\u56fa\u5b9a\u200b\u5730\u5740","text":"Kube-OVN \u200b\u652f\u6301\u200b\u901a\u8fc7\u200b annotation ovn.kubernetes.io/ip_pool \u200b\u7ed9\u200b Workload\uff08Deployment/StatefulSet/DaemonSet/Job/CronJob\uff09\u200b\u8bbe\u7f6e\u200b\u56fa\u5b9a\u200b IP\u3002 kube-ovn-controller \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u9009\u62e9\u200b ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u6307\u5b9a\u200b\u7684\u200b IP \u200b\u5e76\u200b\u8fdb\u884c\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\u3002
IP Pool \u200b\u7684\u200b Annotation \u200b\u9700\u8981\u200b\u52a0\u200b\u5728\u200b template \u200b\u5185\u200b\u7684\u200b annotation \u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u9664\u4e86\u200b Kubernetes \u200b\u5185\u7f6e\u200b\u7684\u200b Workload \u200b\u7c7b\u578b\u200b\uff0c \u200b\u5176\u4ed6\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b\u7684\u200b Workload \u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u540c\u6837\u200b\u7684\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b\u56fa\u5b9a\u200b\u5730\u5740\u200b\u5206\u914d\u200b\u3002
"},{"location":"guide/static-ip-mac/#deployment-ip","title":"Deployment \u200b\u56fa\u5b9a\u200b IP \u200b\u793a\u4f8b","text":"apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: ippool\n labels:\n app: ippool\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: ippool\n template:\n metadata:\n labels:\n app: ippool\n annotations:\n ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17 // \u200b\u53cc\u6808\u200b\u5730\u5740\u200b\u4f7f\u7528\u200b\u5206\u200b\u53f7\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b 10.16.0.15,fd00:10:16::000E;10.16.0.16,fd00:10:16::000F;10.16.0.17,fd00:10:16::0010\n spec:\n containers:\n - name: ippool\n image: docker.io/library/nginx:alpine\n
\u200b\u5bf9\u200b Workload \u200b\u4f7f\u7528\u200b\u56fa\u5b9a\u200b IP \u200b\u9700\u8981\u200b\u6ce8\u610f\u200b\u4ee5\u4e0b\u51e0\u70b9\u200b\uff1a
ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP \u200b\u5e94\u8be5\u200b\u5c5e\u4e8e\u200b\u6240\u5728\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u5185\u200b\u3002ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP \u200b\u4e0d\u80fd\u200b\u548c\u200b\u5df2\u200b\u4f7f\u7528\u200b\u7684\u200b IP \u200b\u51b2\u7a81\u200b\u3002- \u200b\u5f53\u200b
ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP \u200b\u6570\u91cf\u200b\u5c0f\u4e8e\u200b replicas \u200b\u6570\u91cf\u200b\u65f6\u200b\uff0c\u200b\u591a\u51fa\u200b\u7684\u200b Pod \u200b\u5c06\u200b\u65e0\u6cd5\u200b\u521b\u5efa\u200b\u3002\u200b\u4f60\u200b\u9700\u8981\u200b\u6839\u636e\u200b Workload \u200b\u7684\u200b\u66f4\u65b0\u200b\u7b56\u7565\u200b\u4ee5\u53ca\u200b\u6269\u5bb9\u200b\u89c4\u5212\u200b\u8c03\u6574\u200b ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b IP \u200b\u7684\u200b\u6570\u91cf\u200b\u3002
"},{"location":"guide/static-ip-mac/#statefulset","title":"StatefulSet \u200b\u56fa\u5b9a\u200b\u5730\u5740","text":"StatefulSet \u200b\u9ed8\u8ba4\u200b\u652f\u6301\u200b\u56fa\u5b9a\u200b IP\uff0c\u200b\u800c\u4e14\u200b\u548c\u200b\u5176\u4ed6\u200b Workload \u200b\u76f8\u540c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b ovn.kubernetes.io/ip_pool \u200b\u6765\u200b\u6307\u5b9a\u200b Pod \u200b\u4f7f\u7528\u200b\u7684\u200b IP \u200b\u8303\u56f4\u200b\u3002
\u200b\u7531\u4e8e\u200b StatefulSet \u200b\u591a\u200b\u7528\u4e8e\u200b\u6709\u200b\u72b6\u6001\u200b\u670d\u52a1\u200b\uff0c\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u6807\u793a\u200b\u7684\u200b\u56fa\u5b9a\u200b\u6709\u200b\u66f4\u200b\u9ad8\u200b\u7684\u200b\u8981\u6c42\u200b\uff0cKube-OVN \u200b\u505a\u200b\u4e86\u200b\u7279\u6b8a\u200b\u7684\u200b\u5f3a\u5316\u200b\uff1a
- Pod \u200b\u4f1a\u200b\u6309\u200b\u987a\u5e8f\u200b\u5206\u914d\u200b
ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b IP\u3002\u200b\u4f8b\u5982\u200b StatefulSet \u200b\u7684\u200b\u540d\u5b57\u200b\u4e3a\u200b web\uff0c\u200b\u5219\u200b web-0 \u200b\u4f1a\u200b\u4f7f\u7528\u200b ovn.kubernetes.io/ip_pool \u200b\u4e2d\u200b\u7684\u200b\u7b2c\u4e00\u4e2a\u200b IP\uff0c web-1 \u200b\u4f1a\u200b\u4f7f\u7528\u200b\u7b2c\u4e8c\u4e2a\u200b IP\uff0c\u200b\u4ee5\u6b64\u7c7b\u63a8\u200b\u3002 - StatefulSet Pod \u200b\u5728\u200b\u66f4\u65b0\u200b\u6216\u200b\u5220\u9664\u200b\u7684\u200b\u8fc7\u7a0b\u200b\u4e2d\u200b OVN \u200b\u4e2d\u200b\u7684\u200b logical_switch_port \u200b\u4e0d\u4f1a\u200b\u5220\u9664\u200b\uff0c\u200b\u65b0\u200b\u751f\u6210\u200b\u7684\u200b Pod \u200b\u76f4\u63a5\u200b\u590d\u7528\u200b\u65e7\u200b\u7684\u200b interface \u200b\u4fe1\u606f\u200b\u3002\u200b\u56e0\u6b64\u200b Pod \u200b\u53ef\u4ee5\u200b\u590d\u7528\u200b IP/Mac \u200b\u53ca\u5176\u200b\u4ed6\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\uff0c\u200b\u8fbe\u5230\u200b\u548c\u200b StatefulSet Volume \u200b\u7c7b\u4f3c\u200b\u7684\u200b\u72b6\u6001\u200b\u4fdd\u7559\u200b\u529f\u80fd\u200b\u3002
- \u200b\u57fa\u4e8e\u200b 2 \u200b\u7684\u200b\u80fd\u529b\u200b\uff0c\u200b\u5bf9\u4e8e\u200b\u6ca1\u6709\u200b
ovn.kubernetes.io/ip_pool \u200b\u6ce8\u89e3\u200b\u7684\u200b StatefulSet\uff0cPod \u200b\u7b2c\u4e00\u6b21\u200b\u751f\u6210\u200b\u65f6\u4f1a\u200b\u968f\u673a\u200b\u5206\u914d\u200b IP/Mac\uff0c\u200b\u4e4b\u540e\u200b\u5728\u200b\u6574\u4e2a\u200b StatefulSet \u200b\u7684\u200b\u751f\u547d\u5468\u671f\u200b\u5185\u200b\uff0c\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\u90fd\u200b\u4f1a\u200b\u4fdd\u6301\u200b\u56fa\u5b9a\u200b\u3002
"},{"location":"guide/static-ip-mac/#statefulset_1","title":"StatefulSet \u200b\u793a\u4f8b","text":"apiVersion: apps/v1\nkind: StatefulSet\nmetadata:\n name: web\nspec:\n serviceName: \"nginx\"\n replicas: 2\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: docker.io/library/nginx:alpine\n ports:\n - containerPort: 80\n name: web\n
\u200b\u53ef\u4ee5\u200b\u5c1d\u8bd5\u200b\u5220\u9664\u200b StatefulSet \u200b\u4e0b\u200b Pod \u200b\u89c2\u5bdf\u200b Pod IP \u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"guide/static-ip-mac/#kubevirt-vm","title":"KubeVirt VM \u200b\u56fa\u5b9a\u200b\u5730\u5740","text":"\u200b\u9488\u5bf9\u200b KubeVirt \u200b\u521b\u5efa\u200b\u7684\u200b VM \u200b\u5b9e\u4f8b\u200b\uff0ckube-ovn-controller \u200b\u53ef\u4ee5\u200b\u6309\u7167\u200b\u7c7b\u4f3c\u200b StatefulSet Pod \u200b\u7684\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\u548c\u200b\u7ba1\u7406\u200b\u3002 \u200b\u4ee5\u200b\u8fbe\u5230\u200b VM \u200b\u5b9e\u4f8b\u200b\u5728\u200b\u751f\u547d\u5468\u671f\u200b\u5185\u542f\u505c\u200b\uff0c\u200b\u5347\u7ea7\u200b\uff0c\u200b\u8fc1\u79fb\u200b\u7b49\u200b\u64cd\u4f5c\u8fc7\u7a0b\u200b\u4e2d\u200b\u5730\u5740\u200b\u56fa\u5b9a\u200b\u4e0d\u53d8\u200b\uff0c\u200b\u66f4\u7b26\u200b\u865a\u62df\u5316\u200b\u5408\u200b\u7528\u6237\u200b\u7684\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u4f53\u9a8c\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/subnet/","title":"\u5b50\u7f51\u200b\u4f7f\u7528","text":"\u200b\u5b50\u7f51\u200b\u662f\u200b Kube-OVN \u200b\u4e2d\u200b\u7684\u200b\u4e00\u4e2a\u200b\u6838\u5fc3\u200b\u6982\u5ff5\u200b\u548c\u200b\u57fa\u672c\u200b\u4f7f\u7528\u200b\u5355\u5143\u200b\uff0cKube-OVN \u200b\u4f1a\u4ee5\u200b\u5b50\u7f51\u200b\u6765\u200b\u7ec4\u7ec7\u200b IP \u200b\u548c\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c\u200b\u6bcf\u4e2a\u200b Namespace \u200b\u53ef\u4ee5\u200b\u5f52\u5c5e\u4e8e\u200b\u7279\u5b9a\u200b\u7684\u200b\u5b50\u7f51\u200b\uff0c Namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u4ece\u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u83b7\u53d6\u200b IP \u200b\u5e76\u200b\u5171\u4eab\u200b\u5b50\u7f51\u200b\u7684\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff08CIDR\uff0c\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b\uff0c\u200b\u8bbf\u95ee\u63a7\u5236\u200b\uff0cNAT \u200b\u63a7\u5236\u200b\u7b49\u200b\uff09\u3002
\u200b\u548c\u200b\u5176\u4ed6\u200b CNI \u200b\u7684\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7ed1\u5b9a\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u5b9e\u73b0\u200b\u4e0d\u540c\u200b\uff0c\u200b\u5728\u200b Kube-OVN \u200b\u4e2d\u5b50\u200b\u7f51\u4e3a\u200b\u4e00\u4e2a\u200b\u5168\u5c40\u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c\u200b\u540c\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u53ef\u4ee5\u200b\u5206\u5e03\u200b\u5728\u200b\u4efb\u610f\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u3002
Overlay \u200b\u548c\u200b Underlay \u200b\u7684\u200b\u5b50\u7f51\u200b\u5728\u200b\u4f7f\u7528\u200b\u548c\u200b\u914d\u7f6e\u200b\u4e0a\u200b\u5b58\u5728\u200b\u4e00\u4e9b\u200b\u5dee\u5f02\u200b\uff0c\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u4f1a\u200b\u4ecb\u7ecd\u200b\u4e0d\u540c\u200b\u7c7b\u578b\u200b\u5b50\u7f51\u200b\u7684\u200b\u4e00\u4e9b\u200b\u5171\u540c\u200b\u914d\u7f6e\u200b\u548c\u200b\u5dee\u5f02\u5316\u200b\u529f\u80fd\u200b\u3002
"},{"location":"guide/subnet/#_2","title":"\u9ed8\u8ba4\u200b\u5b50\u7f51","text":"\u200b\u4e3a\u4e86\u200b\u65b9\u4fbf\u200b\u7528\u6237\u200b\u7684\u200b\u5feb\u901f\u200b\u4e0a\u200b\u624b\u200b\u4f7f\u7528\u200b\uff0cKube-OVN \u200b\u5185\u7f6e\u200b\u4e86\u200b\u4e00\u4e2a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u6240\u6709\u200b\u672a\u200b\u663e\u5f0f\u200b\u58f0\u660e\u200b\u5b50\u7f51\u200b\u5f52\u5c5e\u200b\u7684\u200b Namespace \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u4ece\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u5206\u914d\u200b IP\uff0c \u200b\u5e76\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\u3002\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7684\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u5b89\u88c5\u200b\u65f6\u200b\u6307\u5b9a\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u5185\u7f6e\u200b\u7f51\u7edc\u200b\u8bbe\u7f6e\u200b\uff0c \u200b\u5982\u679c\u200b\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u7684\u200b CIDR \u200b\u8bf7\u200b\u53c2\u8003\u200b\u4fee\u6539\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5728\u200b Overlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u4e86\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u5e76\u200b\u5bf9\u200b\u51fa\u7f51\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b NAT \u200b\u8f6c\u6362\u200b\uff0c\u200b\u5176\u200b\u884c\u4e3a\u200b\u548c\u200b Flannel \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u884c\u4e3a\u200b\u57fa\u672c\u4e00\u81f4\u200b\uff0c \u200b\u7528\u6237\u200b\u65e0\u9700\u200b\u989d\u5916\u200b\u7684\u200b\u914d\u7f6e\u200b\u5373\u53ef\u200b\u4f7f\u7528\u200b\u5230\u200b\u5927\u90e8\u5206\u200b\u7684\u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\u3002
\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u4f5c\u4e3a\u200b\u51fa\u7f51\u200b\u7f51\u5173\u200b\uff0c\u200b\u5e76\u200b\u5f00\u542f\u200b arping \u200b\u68c0\u67e5\u200b\u7f51\u7edc\u200b\u8fde\u901a\u6027\u200b\u3002
"},{"location":"guide/subnet/#_3","title":"\u67e5\u770b\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51","text":"\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b spec \u200b\u4e2d\u200b\u7684\u200b default \u200b\u5b57\u6bb5\u200b\u4e3a\u200b true\uff0c\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u4e0b\u200b\u53ea\u6709\u200b\u4e00\u4e2a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u540d\u4e3a\u200b ovn-default\u3002
\u200b\u67e5\u770b\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff1a
# kubectl get subnet ovn-default -o yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n creationTimestamp: \"2019-08-06T09:33:43Z\"\n generation: 1\n name: ovn-default\n resourceVersion: \"1571334\"\n selfLink: /apis/kubeovn.io/v1/subnets/ovn-default\n uid: 7e2451f8-fb44-4f7f-b3e0-cfd27f6fd5d6\nspec:\n cidrBlock: 10.16.0.0/16\n default: true\n excludeIps:\n - 10.16.0.1\n gateway: 10.16.0.1\n gatewayType: distributed\n natOutgoing: true\n private: false\n protocol: IPv4\n
"},{"location":"guide/subnet/#join","title":"Join \u200b\u5b50\u7f51","text":"\u200b\u5728\u200b Kubernetes \u200b\u7684\u200b\u7f51\u7edc\u200b\u89c4\u8303\u200b\u4e2d\u200b\uff0c\u200b\u8981\u6c42\u200b Node \u200b\u53ef\u4ee5\u200b\u548c\u200b\u6240\u6709\u200b\u7684\u200b Pod \u200b\u76f4\u63a5\u200b\u901a\u4fe1\u200b\u3002 \u200b\u4e3a\u4e86\u200b\u5728\u200b Overlay \u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u8fbe\u5230\u200b\u8fd9\u4e2a\u200b\u76ee\u7684\u200b\uff0c Kube-OVN \u200b\u521b\u5efa\u200b\u4e86\u200b\u4e00\u4e2a\u200b join \u200b\u5b50\u7f51\u200b\uff0c \u200b\u5e76\u200b\u5728\u200b\u6bcf\u4e2a\u200b Node \u200b\u8282\u70b9\u200b\u521b\u5efa\u200b\u4e86\u200b\u4e00\u5757\u200b\u865a\u62df\u200b\u7f51\u5361\u200b ovn0 \u200b\u63a5\u5165\u200b join \u200b\u5b50\u7f51\u200b\uff0c\u200b\u901a\u8fc7\u200b\u8be5\u200b\u7f51\u7edc\u200b\u5b8c\u6210\u200b\u8282\u70b9\u200b\u548c\u200b Pod \u200b\u4e4b\u95f4\u200b\u7684\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u3002
\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7684\u200b\u914d\u7f6e\u200b\u4e3a\u200b\u5b89\u88c5\u200b\u65f6\u200b\u6307\u5b9a\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u5185\u7f6e\u200b\u7f51\u7edc\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u5982\u679c\u200b\u8981\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u4fee\u6539\u200b\u3002 join \u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u8bf7\u200b\u53c2\u8003\u200b\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b
"},{"location":"guide/subnet/#join_1","title":"\u67e5\u770b\u200b Join \u200b\u5b50\u7f51","text":"\u200b\u6ce8\u610f\u200b\uff1a\u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u65e0\u6cd5\u200b\u901a\u8fc7\u200b hostport, \u200b\u4ee5\u53ca\u200b\u8bbe\u7f6e\u200b\u4e86\u200b externalTrafficPolicy: Local \u200b\u7684\u200b NodePort \u200b\u7c7b\u578b\u200b Service \u200b\u8fdb\u884c\u200b\u8bbf\u95ee\u200b\uff0c
\u200b\u8be5\u200b\u5b50\u7f51\u200b\u9ed8\u8ba4\u200b\u540d\u4e3a\u200b join \u200b\u4e00\u822c\u200b\u65e0\u9700\u200b\u5bf9\u200b\u8be5\u200b\u5b50\u7f51\u200b CIDR \u200b\u5916\u200b\u7684\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
# kubectl get subnet join -o yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n creationTimestamp: \"2019-08-06T09:33:43Z\"\n generation: 1\n name: join\n resourceVersion: \"1571333\"\n selfLink: /apis/kubeovn.io/v1/subnets/join\n uid: 9c744810-c678-4d50-8a7d-b8ec12ef91b8\nspec:\n cidrBlock: 100.64.0.0/16\n default: false\n excludeIps:\n - 100.64.0.1\n gateway: 100.64.0.1\n gatewayNode: \"\"\n gatewayType: \"\"\n natOutgoing: false\n private: false\n protocol: IPv4\n
\u200b\u5728\u200b node \u200b\u8282\u70b9\u200b\u67e5\u770b\u200b ovn0 \u200b\u7f51\u5361\u200b\uff1a
# ifconfig ovn0\novn0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1420\n inet 100.64.0.4 netmask 255.255.0.0 broadcast 100.64.255.255\n inet6 fe80::800:ff:fe40:5 prefixlen 64 scopeid 0x20<link>\n ether 0a:00:00:40:00:05 txqueuelen 1000 (Ethernet)\n RX packets 18 bytes 1428 (1.3 KiB)\n RX errors 0 dropped 0 overruns 0 frame 0\n TX packets 19 bytes 1810 (1.7 KiB)\n TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0\n
"},{"location":"guide/subnet/#_4","title":"\u521b\u5efa\u200b\u81ea\u5b9a\u4e49\u200b\u5b50\u7f51","text":"\u200b\u8fd9\u91cc\u200b\u6211\u4eec\u200b\u4ecb\u7ecd\u200b\u521b\u5efa\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u5176\u200b\u548c\u200b\u67d0\u4e2a\u200b Namespace \u200b\u505a\u200b\u5173\u8054\u200b\u7684\u200b\u57fa\u672c\u64cd\u4f5c\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u9ad8\u7ea7\u200b\u914d\u7f6e\u200b\u8bf7\u200b\u53c2\u8003\u200b\u540e\u7eed\u200b\u5185\u5bb9\u200b\u3002
"},{"location":"guide/subnet/#_5","title":"\u521b\u5efa\u200b\u5b50\u7f51","text":"cat <<EOF | kubectl create -f -\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 10.66.0.0/16\n excludeIps:\n - 10.66.0.1..10.66.0.10\n - 10.66.0.101..10.66.0.151\n gateway: 10.66.0.1\n gatewayType: distributed\n natOutgoing: true\n routeTable: \"\"\n namespaces:\n - ns1\n - ns2\nEOF\n
cidrBlock: \u200b\u5b50\u7f51\u200b CIDR \u200b\u8303\u56f4\u200b\uff0c\u200b\u540c\u4e00\u4e2a\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u4e0d\u540c\u200b Subnet CIDR \u200b\u4e0d\u80fd\u200b\u91cd\u53e0\u200b\u3002excludeIps: \u200b\u4fdd\u7559\u200b\u5730\u5740\u200b\u5217\u8868\u200b\uff0c\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u5c06\u200b\u4e0d\u4f1a\u200b\u81ea\u52a8\u200b\u5206\u914d\u200b\u5217\u8868\u200b\u5185\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u53ef\u7528\u200b\u505a\u200b\u56fa\u5b9a\u200b IP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\u6bb5\u200b\uff0c\u200b\u4e5f\u200b\u53ef\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u907f\u514d\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e2d\u200b\u5df2\u6709\u200b\u8bbe\u5907\u200b\u51b2\u7a81\u200b\u3002gateway\uff1a\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\uff0cOverlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b Kube-OVN \u200b\u4f1a\u200b\u81ea\u52a8\u200b\u5206\u914d\u200b\u5bf9\u5e94\u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\uff0cUnderlay \u200b\u6a21\u5f0f\u200b\u4e0b\u8be5\u200b\u5730\u5740\u200b\u9700\u4e3a\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\u3002namespaces: \u200b\u7ed1\u5b9a\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7684\u200b Namespace \u200b\u5217\u8868\u200b\uff0c\u200b\u7ed1\u5b9a\u200b\u540e\u200b Namespace \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u5c06\u4f1a\u200b\u4ece\u200b\u5f53\u524d\u200b\u5b50\u7f51\u200b\u5206\u914d\u200b\u5730\u5740\u200b\u3002routeTable: \u200b\u5173\u8054\u200b\u7684\u200b\u8def\u7531\u8868\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5173\u8054\u200b\u4e3b\u200b\u8def\u7531\u8868\u200b\uff0c\u200b\u8def\u7531\u8868\u200b\u5b9a\u4e49\u200b\u8bf7\u200b\u53c2\u8003\u200b\u9759\u6001\u200b\u8def\u7531\u200b
"},{"location":"guide/subnet/#_6","title":"\u9a8c\u8bc1\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\u751f\u6548","text":"# kubectl create ns ns1\nnamespace/ns1 created\n\n# kubectl run nginx --image=docker.io/library/nginx:alpine -n ns1\ndeployment.apps/nginx created\n\n# kubectl get pod -n ns1 -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nnginx-74d5899f46-n8wtg 1/1 Running 0 10s 10.66.0.11 node1 <none> <none>\n
"},{"location":"guide/subnet/#workload","title":"Workload \u200b\u7ed1\u5b9a\u200b\u5b50\u7f51","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Pod \u200b\u4f1a\u200b\u4ece\u200b Namespace \u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u5185\u200b\u5206\u914d\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u5982\u679c\u200b Namespace \u200b\u4e0b\u200b\u67d0\u4e2a\u200b Workload \u200b\u9700\u8981\u200b\u7279\u6b8a\u200b\u6307\u5b9a\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u8bbe\u7f6e\u200b Pod \u200b\u7684\u200b Annotation ovn.kubernetes.io/logical_switch \u200b\u6765\u200b\u5b9e\u73b0\u200b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: another-subnet\n annotations:\n ovn.kubernetes.io/logical_switch: subnet1\nspec:\n containers:\n - name: another-subnet\n image: docker.io/library/nginx:alpine\n
\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u7ed9\u200b Workload \u200b\u7c7b\u578b\u200b\u8d44\u6e90\u200b\u5982\u200b Deployment\uff0cStatefulSet \u200b\u7ed1\u5b9a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b ovn.kubernetes.io/logical_switch Annotation \u200b\u8bbe\u7f6e\u200b\u5728\u200b spec.template.metadata.annotations\u3002
"},{"location":"guide/subnet/#overlay","title":"Overlay \u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u914d\u7f6e","text":"\u200b\u8be5\u200b\u529f\u80fd\u200b\u53ea\u200b\u5bf9\u200b Overlay \u200b\u6a21\u5f0f\u200b\u5b50\u7f51\u200b\u751f\u6548\u200b\uff0cUnderlay \u200b\u7c7b\u578b\u200b\u5b50\u7f51\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u501f\u52a9\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u3002
Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u7f51\u5173\u200b\u6765\u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0cKube-OVN \u200b\u76ee\u524d\u200b\u652f\u6301\u200b\u4e24\u79cd\u200b\u7c7b\u578b\u200b\u7684\u200b\u7f51\u5173\u200b\uff1a \u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u548c\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u5bf9\u200b\u7f51\u5173\u200b\u7684\u200b\u7c7b\u578b\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\u3002
\u200b\u4e24\u79cd\u200b\u7c7b\u578b\u200b\u7f51\u5173\u200b\u5747\u200b\u652f\u6301\u200b natOutgoing \u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u65f6\u200b\u662f\u5426\u200b\u9700\u8981\u200b\u8fdb\u884c\u200b snat\u3002
"},{"location":"guide/subnet/#_7","title":"\u5206\u5e03\u5f0f\u200b\u7f51\u5173","text":"\u200b\u5b50\u7f51\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u7c7b\u578b\u200b\u7f51\u5173\u200b\uff0c\u200b\u6bcf\u4e2a\u200b node \u200b\u4f1a\u200b\u4f5c\u4e3a\u200b\u5f53\u524d\u200b node \u200b\u4e0a\u200b pod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u5173\u200b\u3002 \u200b\u6570\u636e\u5305\u200b\u4f1a\u200b\u901a\u8fc7\u200b\u672c\u673a\u200b\u7684\u200b ovn0 \u200b\u7f51\u5361\u200b\u6d41\u5165\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u6808\u200b\uff0c\u200b\u518d\u200b\u6839\u636e\u200b\u4e3b\u673a\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u8fdb\u884c\u200b\u51fa\u7f51\u200b\u3002 \u200b\u5f53\u200b natOutgoing \u200b\u4e3a\u200b true \u200b\u65f6\u200b\uff0cPod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u5f53\u524d\u200b\u6240\u5728\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b IP\u3002
\u200b\u5b50\u7f51\u200b\u793a\u4f8b\u200b\uff0c\u200b\u5176\u4e2d\u200b gatewayType \u200b\u5b57\u6bb5\u200b\u4e3a\u200b distributed\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: distributed\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: distributed\n natOutgoing: true\n
"},{"location":"guide/subnet/#_8","title":"\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173","text":"\u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u5b50\u7f51\u200b\u5185\u200b\u6d41\u91cf\u200b\u8bbf\u95ee\u200b\u5916\u200b\u7f51\u200b\u4f7f\u7528\u200b\u56fa\u5b9a\u200b\u7684\u200b IP\uff0c\u200b\u4ee5\u4fbf\u200b\u5ba1\u8ba1\u200b\u548c\u200b\u767d\u540d\u5355\u200b\u7b49\u200b\u5b89\u5168\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b\u4e3a\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u3002 \u200b\u5728\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0cPod \u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u4f1a\u200b\u9996\u5148\u200b\u88ab\u200b\u8def\u7531\u200b\u5230\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u7684\u200b ovn0 \u200b\u7f51\u5361\u200b\uff0c\u200b\u518d\u200b\u901a\u8fc7\u200b\u4e3b\u673a\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u8fdb\u884c\u200b\u51fa\u7f51\u200b\u3002 \u200b\u5f53\u200b natOutgoing \u200b\u4e3a\u200b true \u200b\u65f6\u200b\uff0cPod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u7279\u5b9a\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b IP\u3002
\u200b\u5b50\u7f51\u200b\u793a\u4f8b\u200b\uff0c\u200b\u5176\u4e2d\u200b gatewayType \u200b\u5b57\u6bb5\u200b\u4e3a\u200b centralized\uff0cgatewayNode \u200b\u4e3a\u200b\u7279\u5b9a\u200b\u673a\u5668\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b NodeName\u3002 \u200b\u5176\u4e2d\u200b gatewayNode \u200b\u5b57\u200b\u6bb5\u200b\u53ef\u4ee5\u200b\u4e3a\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u7684\u200b\u591a\u53f0\u200b\u4e3b\u673a\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: centralized\nspec:\n protocol: IPv4\n cidrBlock: 10.166.0.0/16\n default: false\n excludeIps:\n - 10.166.0.1\n gateway: 10.166.0.1\n gatewayType: centralized\n gatewayNode: \"node1,node2\"\n natOutgoing: true\n
- \u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u6307\u5b9a\u200b\u673a\u5668\u200b\u7684\u200b\u7279\u5b9a\u200b\u7f51\u5361\u200b\u8fdb\u884c\u200b\u51fa\u7f51\u200b\uff0c
gatewayNode \u200b\u53ef\u66f4\u6539\u200b\u4e3a\u200b kube-ovn-worker:172.18.0.2, kube-ovn-control-plane:172.18.0.3 \u200b\u683c\u5f0f\u200b\u3002 - \u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u9ed8\u8ba4\u200b\u4e3a\u4e3b\u200b\u5907\u200b\u6a21\u5f0f\u200b\uff0c\u200b\u53ea\u6709\u200b\u4e3b\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u6d41\u91cf\u200b\u8f6c\u53d1\u200b\uff0c \u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5207\u6362\u200b\u4e3a\u200b ECMP \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b ECMP \u200b\u5f00\u542f\u200b\u8bbe\u7f6e\u200b\u3002
- \u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u5728\u200b subnet crd \u200b\u5b9a\u4e49\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e86\u200b spec \u200b\u5b57\u200b\u6bb5\u200b
enableEcmp\uff0c\u200b\u5c06\u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b ECMP \u200b\u5f00\u5173\u200b\u63a7\u5236\u200b\u8fc1\u79fb\u200b\u5230\u200b\u5b50\u7f51\u200b\u5c42\u7ea7\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u57fa\u4e8e\u200b\u4e0d\u540c\u200b\u7684\u200b\u5b50\u7f51\u200b\u5206\u522b\u200b\u8bbe\u7f6e\u200b\u662f\u5426\u200b\u5f00\u542f\u200b ECMP \u200b\u6a21\u5f0f\u200b\u3002\u200b\u539f\u6709\u200b\u7684\u200b kube-ovn-controller Deployment \u200b\u4e2d\u200b\u7684\u200b enable-ecmp \u200b\u53c2\u6570\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\u3002\u200b\u4e4b\u524d\u200b\u7248\u672c\u5347\u7ea7\u200b\u5230\u200b v1.12.0 \u200b\u4e4b\u540e\u200b\uff0c\u200b\u5b50\u7f51\u200b\u5f00\u5173\u200b\u4f1a\u200b\u81ea\u52a8\u200b\u7ee7\u627f\u200b\u539f\u6709\u200b\u7684\u200b\u5168\u5c40\u200b\u5f00\u5173\u200b\u53c2\u6570\u200b\u53d6\u503c\u200b\u3002
"},{"location":"guide/subnet/#acl","title":"\u5b50\u7f51\u200b ACL \u200b\u8bbe\u7f6e","text":"\u200b\u5bf9\u4e8e\u200b\u6709\u200b\u7ec6\u7c92\u5ea6\u200b ACL \u200b\u63a7\u5236\u200b\u7684\u200b\u573a\u666f\u200b\uff0cKube-OVN \u200b\u7684\u200b Subnet \u200b\u63d0\u4f9b\u200b\u4e86\u200b ACL \u200b\u89c4\u5219\u200b\u7684\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5b9e\u73b0\u200b\u7f51\u7edc\u200b\u89c4\u5219\u200b\u7684\u200b\u7cbe\u7ec6\u200b\u63a7\u5236\u200b\u3002
Subnet \u200b\u4e2d\u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u548c\u200b OVN \u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u4e00\u81f4\u200b\uff0c\u200b\u76f8\u5173\u200b\u5b57\u200b\u6bb5\u200b\u5185\u5bb9\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b ovn-nb ACL Table\uff0c match \u200b\u5b57\u200b\u6bb5\u200b\u652f\u6301\u200b\u7684\u200b\u5b57\u200b\u6bb5\u200b\u53ef\u200b\u53c2\u8003\u200b ovn-sb Logical Flow Table\u3002
\u200b\u5141\u8bb8\u200b IP \u200b\u5730\u5740\u200b\u4e3a\u200b 10.10.0.2 \u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u6240\u6709\u200b\u5730\u5740\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u5176\u4ed6\u200b\u5730\u5740\u200b\u4e3b\u52a8\u200b\u8bbf\u95ee\u200b\u81ea\u5df1\u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: acl\nspec:\n acls:\n - action: drop\n direction: to-lport\n match: ip4.dst == 10.10.0.2 && ip\n priority: 1002\n - action: allow-related\n direction: from-lport\n match: ip4.src == 10.10.0.2 && ip\n priority: 1002\n cidrBlock: 10.10.0.0/24\n
"},{"location":"guide/subnet/#_9","title":"\u5b50\u7f51\u200b\u9694\u79bb\u200b\u8bbe\u7f6e","text":"\u200b\u5b50\u7f51\u200b ACL \u200b\u7684\u200b\u529f\u80fd\u200b\u53ef\u4ee5\u200b\u8986\u76d6\u200b\u5b50\u7f51\u200b\u9694\u79bb\u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u5e76\u200b\u6709\u200b\u66f4\u597d\u200b\u7684\u200b\u7075\u6d3b\u6027\u200b\uff0c\u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u4f7f\u7528\u200b\u5b50\u7f51\u200b ACL \u200b\u6765\u200b\u505a\u200b\u76f8\u5e94\u200b\u7684\u200b\u914d\u7f6e\u200b\u3002
\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Kube-OVN \u200b\u521b\u5efa\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e4b\u95f4\u200b\u53ef\u4ee5\u200b\u76f8\u4e92\u200b\u901a\u4fe1\u200b\uff0cPod \u200b\u4e5f\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u7f51\u5173\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5982\u9700\u200b\u5bf9\u200b\u5b50\u7f51\u200b\u95f4\u200b\u7684\u200b\u8bbf\u95ee\u200b\u8fdb\u884c\u200b\u63a7\u5236\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u5b50\u7f51\u200b CRD \u200b\u4e2d\u5c06\u200b private \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true\uff0c\u200b\u5219\u200b\u8be5\u200b\u5b50\u7f51\u200b\u5c06\u200b\u548c\u200b\u5176\u4ed6\u200b\u5b50\u7f51\u200b\u4ee5\u53ca\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u9694\u79bb\u200b\uff0c \u200b\u53ea\u80fd\u200b\u8fdb\u884c\u200b\u5b50\u7f51\u200b\u5185\u90e8\u200b\u7684\u200b\u901a\u4fe1\u200b\u3002\u200b\u5982\u200b\u9700\u5f00\u200b\u767d\u540d\u5355\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b allowSubnets \u200b\u8fdb\u884c\u200b\u8bbe\u7f6e\u200b\u3002allowSubnets \u200b\u5185\u200b\u7684\u200b\u7f51\u6bb5\u200b\u548c\u200b\u8be5\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u53cc\u5411\u200b\u4e92\u8bbf\u200b\u3002
"},{"location":"guide/subnet/#_10","title":"\u5f00\u542f\u200b\u8bbf\u95ee\u63a7\u5236\u200b\u7684\u200b\u5b50\u7f51\u200b\u793a\u4f8b","text":"apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: private\nspec:\n protocol: IPv4\n default: false\n namespaces:\n - ns1\n - ns2\n cidrBlock: 10.69.0.0/16\n private: true\n allowSubnets:\n - 10.16.0.0/16\n - 10.18.0.0/16\n
"},{"location":"guide/subnet/#underlay","title":"Underlay \u200b\u76f8\u5173\u200b\u9009\u9879","text":"\u200b\u8be5\u200b\u90e8\u5206\u200b\u529f\u80fd\u200b\u53ea\u200b\u5bf9\u200b Underlay \u200b\u7c7b\u578b\u200b\u5b50\u7f51\u200b\u751f\u6548\u200b\u3002
vlan: \u200b\u5982\u679c\u200b\u4f7f\u7528\u200b Underlay \u200b\u7f51\u7edc\u200b\uff0c\u200b\u8be5\u5b57\u6bb5\u200b\u7528\u6765\u200b\u63a7\u5236\u200b\u8be5\u200b Subnet \u200b\u548c\u200b\u54ea\u4e2a\u200b Vlan CR \u200b\u8fdb\u884c\u200b\u7ed1\u5b9a\u200b\u3002\u200b\u8be5\u200b\u9009\u9879\u200b\u9ed8\u8ba4\u200b\u4e3a\u7a7a\u200b\u5b57\u7b26\u4e32\u200b\uff0c\u200b\u5373\u200b\u4e0d\u200b\u4f7f\u7528\u200b Underlay \u200b\u7f51\u7edc\u200b\u3002logicalGateway: \u200b\u4e00\u4e9b\u200b Underlay \u200b\u73af\u5883\u200b\u4e3a\u200b\u7eaf\u200b\u4e8c\u5c42\u200b\u7f51\u7edc\u200b\uff0c\u200b\u4e0d\u200b\u5b58\u5728\u200b\u7269\u7406\u200b\u7684\u200b\u4e09\u5c42\u200b\u7f51\u5173\u200b\u3002\u200b\u5728\u200b\u8fd9\u79cd\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u501f\u52a9\u200b OVN \u200b\u672c\u8eab\u200b\u7684\u200b\u80fd\u529b\u200b\u8bbe\u7f6e\u200b\u4e00\u4e2a\u200b\u865a\u62df\u200b\u7f51\u5173\u200b\uff0c\u200b\u5c06\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u7f51\u7edc\u200b\u6253\u901a\u200b\u3002\u200b\u9ed8\u8ba4\u503c\u200b\u4e3a\u200b\uff1afalse\u3002
"},{"location":"guide/subnet/#_11","title":"\u7f51\u5173\u200b\u68c0\u67e5\u200b\u8bbe\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b kube-ovn-cni \u200b\u5728\u200b\u542f\u52a8\u200b Pod \u200b\u540e\u200b\u4f1a\u200b\u4f7f\u7528\u200b ICMP \u200b\u6216\u200b ARP \u200b\u534f\u8bae\u200b\u8bf7\u6c42\u200b\u7f51\u5173\u200b\u5e76\u200b\u7b49\u5f85\u200b\u8fd4\u56de\u200b\uff0c \u200b\u4ee5\u200b\u9a8c\u8bc1\u200b\u7f51\u7edc\u200b\u5de5\u4f5c\u200b\u6b63\u5e38\u200b\uff0c\u200b\u5728\u200b\u90e8\u5206\u200b Underlay \u200b\u73af\u5883\u200b\u7f51\u5173\u200b\u65e0\u6cd5\u200b\u54cd\u5e94\u200b ICMP \u200b\u8bf7\u6c42\u200b\uff0c\u200b\u6216\u200b\u65e0\u9700\u200b\u7f51\u7edc\u200b\u5916\u90e8\u200b\u8054\u901a\u200b\u7684\u200b\u573a\u666f\u200b \u200b\u53ef\u4ee5\u200b\u5173\u95ed\u200b\u7f51\u5173\u200b\u68c0\u67e5\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: disable-gw-check\nspec:\n disableGatewayCheck: true\n
"},{"location":"guide/subnet/#multicast-snoop","title":"Multicast-Snoop \u200b\u914d\u7f6e","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b subnet \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u5982\u679c\u200b\u53d1\u9001\u200b\u7ec4\u200b\u64ad\u62a5\u200b\u6587\u200b\uff0cOVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u884c\u4e3a\u200b\u662f\u200b\u4f1a\u200b\u5e7f\u64ad\u200b\u7ec4\u200b\u64ad\u62a5\u200b\u6587\u5230\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u6240\u6709\u200b\u7684\u200b Pod\u3002\u200b\u5982\u679c\u200b\u5f00\u542f\u200b subnet \u200b\u7684\u200b multicast snoop \u200b\u5f00\u5173\u200b\uff0cOVN \u200b\u4f1a\u200b\u6839\u636e\u200b South Database \u200b\u4e2d\u200b\u7684\u200b\u7ec4\u64ad\u8868\u200b Multicast_Group \u200b\u6765\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u800c\u200b\u4e0d\u200b\u5728\u200b\u8fdb\u884c\u200b\u5e7f\u64ad\u200b\u3002
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sample1\nspec:\n enableMulticastSnoop: true\n
"},{"location":"guide/subnet/#subnet-mtu","title":"Subnet MTU \u200b\u914d\u7f6e","text":"\u200b\u914d\u7f6e\u200b Subnet \u200b\u4e0b\u200b Pod \u200b\u7684\u200b MTU\uff0c\u200b\u914d\u7f6e\u200b\u540e\u200b\u9700\u8981\u200b\u91cd\u542f\u200b Subnet \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u624d\u200b\u751f\u6548\u200b
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: sample1\nspec:\n mtu: 1300\n
"},{"location":"guide/subnet/#_12","title":"\u5176\u4ed6\u200b\u9ad8\u7ea7\u200b\u8bbe\u7f6e","text":" - IP \u200b\u6c60\u200b\u4f7f\u7528\u200b
- \u200b\u9ed8\u8ba4\u200b VPC NAT \u200b\u7b56\u7565\u200b\u89c4\u5219\u200b
- QoS \u200b\u8bbe\u7f6e\u200b
- \u200b\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406\u200b
- DHCP \u200b\u9009\u9879\u200b
- \u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u8bbe\u7f6e\u200b
- \u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b\u8bbe\u7f6e\u200b
- \u200b\u865a\u62df\u200b IP \u200b\u8bbe\u7f6e\u200b
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/vpc-qos/","title":"VPC QoS","text":"Kube-OVN \u200b\u652f\u6301\u200b\u4f7f\u7528\u200b QoSPolicy CRD \u200b\u5bf9\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u7684\u200b\u6d41\u91cf\u200b\u901f\u7387\u200b\u8fdb\u884c\u200b\u9650\u5236\u200b\u3002
"},{"location":"guide/vpc-qos/#eip-qos","title":"EIP QoS","text":"\u200b\u5bf9\u200b EIP \u200b\u8fdb\u884c\u200b\u9650\u901f\u200b\uff0c\u200b\u9650\u901f\u200b\u503c\u4e3a\u200b 1Mbps\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u4e3a\u200b 1\uff0c\u200b\u8fd9\u91cc\u200b shared=false\uff0c\u200b\u8868\u793a\u200b\u8fd9\u4e2a\u200b QoSPolicy \u200b\u53ea\u80fd\u200b\u7ed9\u200b\u8fd9\u4e2a\u200b EIP \u200b\u4f7f\u7528\u200b\u4e14\u200b\u652f\u6301\u200b\u52a8\u6001\u200b\u4fee\u6539\u200b QoSPolicy \u200b\u53bb\u200b\u53d8\u66f4\u200b QoS \u200b\u89c4\u5219\u200b\u3002
QoSPolicy \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-eip-example\nspec:\n shared: false\n bindingType: EIP\n bandwidthLimitRules:\n - name: eip-ingress\n rateMax: \"1\" # Mbps\n burstMax: \"1\" # Mbps\n priority: 1\n direction: ingress\n - name: eip-egress\n rateMax: \"1\" # Mbps\n burstMax: \"1\" # Mbps\n priority: 1\n direction: egress\n
IptablesEIP \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-1\nspec:\n natGwDp: gw1\n qosPolicy: qos-eip-example\n
.spec.qosPolicy \u200b\u7684\u200b\u503c\u200b\u652f\u6301\u200b\u521b\u5efa\u200b\u65f6\u200b\u4f20\u5165\u200b\uff0c\u200b\u4e5f\u200b\u652f\u6301\u200b\u521b\u5efa\u200b\u540e\u200b\u4fee\u6539\u200b\u3002
"},{"location":"guide/vpc-qos/#qos-eip","title":"\u67e5\u770b\u200b\u5df2\u200b\u542f\u7528\u200b QoS \u200b\u7684\u200b EIP","text":"\u200b\u901a\u8fc7\u200b label \u200b\u67e5\u770b\u200b\u5df2\u7ecf\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b qos \u200b\u7684\u200b eip\uff1a
# kubectl get eip -l ovn.kubernetes.io/qos=qos-eip-example\nNAME IP MAC NAT NATGWDP READY\neip-1 172.18.11.24 00:00:00:34:41:0B fip gw1 true\n
"},{"location":"guide/vpc-qos/#vpc-natgw-net1-qos","title":"VPC NATGW net1 \u200b\u7f51\u5361\u200b QoS","text":"\u200b\u5bf9\u200b VPC NATGW \u200b\u7684\u200b net1 \u200b\u7f51\u5361\u200b\u901f\u7387\u200b\u8fdb\u884c\u200b\u9650\u5236\u200b\uff0c\u200b\u9650\u901f\u200b\u503c\u4e3a\u200b 10Mbps\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u4e3a\u200b 3\uff0c\u200b\u8fd9\u91cc\u200b shared=true\uff0c\u200b\u8868\u793a\u200b\u8fd9\u4e2a\u200b QoSPolicy \u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u7ed9\u200b\u591a\u4e2a\u200b\u8d44\u6e90\u200b\u4f7f\u7528\u200b\uff0c\u200b\u8fd9\u79cd\u200b\u573a\u666f\u200b\u4e0b\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u4fee\u6539\u200b QoSPolicy \u200b\u7684\u200b\u5185\u5bb9\u200b\u3002
QoSPolicy \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-natgw-example\nspec:\n shared: true\n bindingType: NATGW\n bandwidthLimitRules:\n - name: net1-ingress\n interface: net1\n rateMax: \"10\" # Mbps\n burstMax: \"10\" # Mbps\n priority: 3\n direction: ingress\n - name: net1-egress\n interface: net1\n rateMax: \"10\" # Mbps\n burstMax: \"10\" # Mbps\n priority: 3\n direction: egress\n
VpcNatGateway \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n qosPolicy: qos-natgw-example\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n
.spec.qosPolicy \u200b\u7684\u200b\u503c\u200b\u652f\u6301\u200b\u521b\u5efa\u200b\u4f20\u5165\u200b\uff0c\u200b\u4e5f\u200b\u652f\u6301\u200b\u540e\u7eed\u200b\u4fee\u6539\u200b\u3002
"},{"location":"guide/vpc-qos/#net1-qos","title":"net1 \u200b\u7f51\u5361\u200b\u7279\u5b9a\u200b\u6d41\u91cf\u200b QoS","text":"\u200b\u5bf9\u200b net1 \u200b\u7f51\u5361\u200b\u4e0a\u200b\u7279\u5b9a\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u9650\u901f\u200b\uff0c\u200b\u9650\u901f\u200b\u503c\u4e3a\u200b 5Mbps\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u4e3a\u200b 2\uff0c\u200b\u8fd9\u91cc\u200b shared=true\uff0c\u200b\u8868\u793a\u200b\u8fd9\u4e2a\u200b QoSPolicy \u200b\u53ef\u4ee5\u200b\u540c\u65f6\u200b\u7ed9\u200b\u591a\u4e2a\u200b\u8d44\u6e90\u200b\u4f7f\u7528\u200b\uff0c\u200b\u6b64\u65f6\u200b\u4e0d\u200b\u5141\u8bb8\u200b\u4fee\u6539\u200b QoSPolicy \u200b\u7684\u200b\u5185\u5bb9\u200b\u3002
QoSPolicy \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: QoSPolicy\nmetadata:\n name: qos-natgw-example\nspec:\n shared: true\n bindingType: NATGW\n bandwidthLimitRules:\n - name: net1-extip-ingress\n interface: net1\n rateMax: \"5\" # Mbps\n burstMax: \"5\" # Mbps\n priority: 2\n direction: ingress\n matchType: ip\n matchValue: src 172.18.11.22/32\n - name: net1-extip-egress\n interface: net1\n rateMax: \"5\" # Mbps\n burstMax: \"5\" # Mbps\n priority: 2\n direction: egress\n matchType: ip\n matchValue: dst 172.18.11.23/32\n
VpcNatGateway \u200b\u914d\u7f6e\u200b\u5982\u4e0b\u200b\uff1a
kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n qosPolicy: qos-natgw-example\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n
"},{"location":"guide/vpc-qos/#qos-natgw","title":"\u67e5\u770b\u200b\u5df2\u200b\u542f\u7528\u200b QoS \u200b\u7684\u200b NATGW","text":"\u200b\u901a\u8fc7\u200b label \u200b\u67e5\u770b\u200b\u5df2\u7ecf\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b qos \u200b\u7684\u200b eip\uff1a
# kubectl get vpc-nat-gw -l ovn.kubernetes.io/qos=qos-natgw-example\nNAME VPC SUBNET LANIP\ngw1 test-vpc-1 net1 10.0.1.254\n
"},{"location":"guide/vpc-qos/#qos","title":"\u67e5\u770b\u200b qos \u200b\u89c4\u5219","text":"# kubectl get qos -A\nNAME SHARED BINDINGTYPE\nqos-eip-example false EIP\nqos-natgw-example true NATGW\n
"},{"location":"guide/vpc-qos/#_1","title":"\u9650\u5236","text":" - \u200b\u53ea\u6709\u200b\u5728\u200b\u672a\u200b\u4f7f\u7528\u200b\u65f6\u200b\u624d\u80fd\u200b\u5220\u9664\u200b QoS \u200b\u7b56\u7565\u200b\u3002\u200b\u56e0\u6b64\u200b\uff0c\u200b\u5728\u200b\u5220\u9664\u200b QoS \u200b\u7b56\u7565\u200b\u4e4b\u524d\u200b\uff0c\u200b\u8bf7\u200b\u5148\u200b\u67e5\u770b\u200b\u5df2\u200b\u542f\u7528\u200b QoS \u200b\u7684\u200b EIP \u200b\u548c\u200b NATGW\uff0c\u200b\u53bb\u6389\u200b\u5b83\u4eec\u200b\u7684\u200b
spec.qosPolicy \u200b\u914d\u7f6e\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/vpc/","title":"VPC \u200b\u4f7f\u7528","text":"Kube-OVN \u200b\u652f\u6301\u200b\u591a\u200b\u79df\u6237\u200b\u9694\u79bb\u200b\u7ea7\u522b\u200b\u7684\u200b VPC \u200b\u7f51\u7edc\u200b\u3002\u200b\u4e0d\u540c\u200b VPC \u200b\u7f51\u7edc\u200b\u76f8\u4e92\u200b\u72ec\u7acb\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5206\u522b\u200b\u914d\u7f6e\u200b Subnet \u200b\u7f51\u6bb5\u200b\uff0c \u200b\u8def\u7531\u200b\u7b56\u7565\u200b\uff0c\u200b\u5b89\u5168\u7b56\u7565\u200b\uff0c\u200b\u51fa\u7f51\u200b\u7f51\u5173\u200b\uff0cEIP \u200b\u7b49\u200b\u914d\u7f6e\u200b\u3002
VPC \u200b\u4e3b\u8981\u200b\u7528\u4e8e\u200b\u6709\u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u5f3a\u200b\u9694\u79bb\u200b\u7684\u200b\u573a\u666f\u200b\uff0c\u200b\u90e8\u5206\u200b Kubernetes \u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\u5728\u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u4e0b\u200b\u5b58\u5728\u200b\u51b2\u7a81\u200b\u3002 \u200b\u4f8b\u5982\u200b\u8282\u70b9\u200b\u548c\u200b Pod \u200b\u4e92\u8bbf\u200b\uff0cNodePort \u200b\u529f\u80fd\u200b\uff0c\u200b\u57fa\u4e8e\u200b\u7f51\u7edc\u200b\u8bbf\u95ee\u200b\u7684\u200b\u5065\u5eb7\u68c0\u67e5\u200b\u548c\u200b DNS \u200b\u80fd\u529b\u200b\u5728\u200b\u591a\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u573a\u666f\u200b\u6682\u200b\u4e0d\u200b\u652f\u6301\u200b\u3002 \u200b\u4e3a\u4e86\u200b\u65b9\u4fbf\u200b\u5e38\u89c1\u200b Kubernetes \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\uff0cKube-OVN \u200b\u9ed8\u8ba4\u200b VPC \u200b\u505a\u200b\u4e86\u200b\u7279\u6b8a\u200b\u8bbe\u8ba1\u200b\uff0c\u200b\u8be5\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Subnet \u200b\u53ef\u4ee5\u200b\u6ee1\u8db3\u200b Kubernetes \u200b\u89c4\u8303\u200b\u3002\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u652f\u6301\u200b\u672c\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\uff0cEIP \u200b\u548c\u200b NAT \u200b\u7f51\u5173\u200b\u7b49\u200b\u529f\u80fd\u200b\u3002 \u200b\u5e38\u89c1\u200b\u9694\u79bb\u200b\u9700\u6c42\u200b\u53ef\u200b\u901a\u8fc7\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u7f51\u7edc\u200b\u7b56\u7565\u200b\u548c\u200b\u5b50\u7f51\u200b ACL \u200b\u5b9e\u73b0\u200b\uff0c\u200b\u5728\u200b\u4f7f\u7528\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u524d\u200b\u8bf7\u200b\u660e\u786e\u200b\u662f\u5426\u200b\u9700\u8981\u200b VPC \u200b\u7ea7\u522b\u200b\u7684\u200b\u9694\u79bb\u200b\uff0c\u200b\u5e76\u200b\u4e86\u89e3\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u9650\u5236\u200b\u3002 \u200b\u5728\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e0b\u200b\uff0c\u200b\u7269\u7406\u200b\u4ea4\u6362\u673a\u200b\u8d1f\u8d23\u200b\u6570\u636e\u200b\u9762\u200b\u8f6c\u53d1\u200b\uff0cVPC \u200b\u65e0\u6cd5\u200b\u5bf9\u200b Underlay \u200b\u5b50\u7f51\u200b\u8fdb\u884c\u200b\u9694\u79bb\u200b\u3002
"},{"location":"guide/vpc/#vpc_1","title":"\u521b\u5efa\u200b\u81ea\u5b9a\u4e49\u200b VPC","text":"\u200b\u521b\u5efa\u200b\u4e24\u4e2a\u200b VPC\uff1a
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n namespaces:\n - ns1\n---\nkind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-2\nspec:\n namespaces:\n - ns2\n
namespaces \u200b\u53ef\u4ee5\u200b\u9650\u5b9a\u200b\u53ea\u6709\u200b\u54ea\u4e9b\u200b Namespace \u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u5f53\u524d\u200b VPC\uff0c\u200b\u82e5\u4e3a\u200b\u7a7a\u5219\u200b\u4e0d\u200b\u9650\u5b9a\u200b\u3002
\u200b\u521b\u5efa\u200b\u4e24\u4e2a\u200b\u5b50\u7f51\u200b\uff0c\u200b\u5206\u5c5e\u200b\u4e24\u4e2a\u200b\u4e0d\u540c\u200b\u7684\u200b VPC \u200b\u5e76\u200b\u6709\u200b\u76f8\u540c\u200b\u7684\u200b CIDR:
kind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net1\nspec:\n vpc: test-vpc-1\n cidrBlock: 10.0.1.0/24\n protocol: IPv4\n namespaces:\n - ns1\n---\nkind: Subnet\napiVersion: kubeovn.io/v1\nmetadata:\n name: net2\nspec:\n vpc: test-vpc-2\n cidrBlock: 10.0.1.0/24\n protocol: IPv4\n namespaces:\n - ns2\n
\u200b\u5206\u522b\u200b\u5728\u200b\u4e24\u4e2a\u200b Namespace \u200b\u4e0b\u200b\u521b\u5efa\u200b Pod:
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net1\n namespace: ns1\n name: vpc1-pod\nspec:\n containers:\n - name: vpc1-pod\n image: docker.io/library/nginx:alpine\n---\napiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/logical_switch: net2\n namespace: ns2\n name: vpc2-pod\nspec:\n containers:\n - name: vpc2-pod\n image: docker.io/library/nginx:alpine\n
\u200b\u8fd0\u884c\u200b\u6210\u529f\u200b\u540e\u200b\u53ef\u200b\u89c2\u5bdf\u200b\u4e24\u4e2a\u200b Pod \u200b\u5730\u5740\u200b\u5c5e\u4e8e\u200b\u540c\u4e00\u4e2a\u200b CIDR\uff0c\u200b\u4f46\u200b\u7531\u4e8e\u200b\u8fd0\u884c\u200b\u5728\u200b\u4e0d\u540c\u200b\u7684\u200b\u79df\u6237\u200b VPC\uff0c\u200b\u4e24\u4e2a\u200b Pod \u200b\u65e0\u6cd5\u200b\u76f8\u4e92\u200b\u8bbf\u95ee\u200b\u3002
"},{"location":"guide/vpc/#vpc-pod-livenessprobe-readinessprobe","title":"\u81ea\u5b9a\u4e49\u200b VPC Pod \u200b\u652f\u6301\u200b livenessProbe \u200b\u548c\u200b readinessProbe","text":"\u200b\u7531\u4e8e\u200b\u5e38\u89c4\u200b\u914d\u7f6e\u200b\u4e0b\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u548c\u200b\u8282\u70b9\u200b\u7684\u200b\u7f51\u7edc\u200b\u4e4b\u95f4\u200b\u5e76\u200b\u4e0d\u200b\u4e92\u901a\u200b\uff0c\u200b\u6240\u4ee5\u200b kubelet \u200b\u53d1\u9001\u200b\u7684\u200b\u63a2\u6d4b\u200b\u62a5\u6587\u200b\u65e0\u6cd5\u200b\u5230\u8fbe\u200b\u81ea\u200b\u5b9a\u200b VPC \u200b\u5185\u200b\u7684\u200b Pod\u3002Kube-OVN \u200b\u901a\u8fc7\u200b TProxy \u200b\u5c06\u200b kubelet \u200b\u53d1\u9001\u200b\u7684\u200b\u63a2\u6d4b\u200b\u62a5\u6587\u200b\u91cd\u5b9a\u5411\u200b\u5230\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u7684\u200b Pod\uff0c\u200b\u4ece\u800c\u200b\u5b9e\u73b0\u200b\u8fd9\u4e00\u200b\u529f\u80fd\u200b\u3002
\u200b\u914d\u7f6e\u200b\u65b9\u6cd5\u200b\u5982\u4e0b\u200b\uff0c\u200b\u5728\u200b Daemonset kube-ovn-cni \u200b\u4e2d\u200b\u589e\u52a0\u200b\u53c2\u6570\u200b --enable-tproxy=true\uff1a
spec:\n template:\n spec:\n containers:\n - args:\n - --enable-tproxy=true\n
\u200b\u8be5\u200b\u529f\u80fd\u200b\u9650\u5236\u200b\u6761\u4ef6\u200b\uff1a
- \u200b\u5f53\u200b\u540c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0b\u200b\u51fa\u73b0\u200b\u4e0d\u540c\u200b VPC \u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u5177\u6709\u200b\u76f8\u540c\u200b\u7684\u200b IP\uff0c\u200b\u63a2\u6d4b\u200b\u529f\u80fd\u200b\u5931\u6548\u200b\u3002
- \u200b\u76ee\u524d\u200b\u6682\u65f6\u200b\u53ea\u200b\u652f\u6301\u200b
tcpSocket \u200b\u548c\u200b httpGet \u200b\u4e24\u79cd\u200b\u63a2\u6d4b\u200b\u65b9\u5f0f\u200b\u3002
"},{"location":"guide/vpc/#vpc_2","title":"\u521b\u5efa\u200b VPC \u200b\u7f51\u5173","text":"\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e0d\u200b\u652f\u6301\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u548c\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u3002
VPC \u200b\u5185\u5bb9\u200b\u5668\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b VPC \u200b\u7f51\u5173\u200b\uff0cVPC \u200b\u7f51\u5173\u200b\u53ef\u4ee5\u200b\u6253\u901a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u548c\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b\u63d0\u4f9b\u200b \u200b\u6d6e\u52a8\u200b IP\uff0cSNAT \u200b\u548c\u200b DNAT \u200b\u529f\u80fd\u200b\u3002
VPC \u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u4f9d\u8d56\u200b Multus-CNI \u200b\u7684\u200b\u591a\u200b\u7f51\u5361\u200b\u529f\u80fd\u200b\uff0c\u200b\u5b89\u88c5\u200b\u8bf7\u200b\u53c2\u8003\u200b multus-cni\u3002
"},{"location":"guide/vpc/#_1","title":"\u914d\u7f6e\u200b\u5916\u90e8\u200b\u7f51\u7edc","text":"apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: ovn-vpc-external-network\nspec:\n protocol: IPv4\n provider: ovn-vpc-external-network.kube-system\n cidrBlock: 192.168.0.0/24\n gateway: 192.168.0.1 # IP address of the physical gateway\n excludeIps:\n - 192.168.0.1..192.168.0.10\n---\napiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-vpc-external-network\n namespace: kube-system\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"macvlan\",\n \"master\": \"eth1\",\n \"mode\": \"bridge\",\n \"ipam\": {\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-vpc-external-network.kube-system\"\n }\n }'\n
- \u200b\u8be5\u200b Subnet \u200b\u7528\u6765\u200b\u7ba1\u7406\u200b\u53ef\u7528\u200b\u7684\u200b\u5916\u90e8\u200b\u5730\u5740\u200b\uff0c\u200b\u7f51\u6bb5\u200b\u5185\u200b\u7684\u200b\u5730\u5740\u200b\u5c06\u4f1a\u200b\u901a\u8fc7\u200b Macvlan \u200b\u5206\u914d\u200b\u7ed9\u200b VPC \u200b\u7f51\u5173\u200b\uff0c\u200b\u8bf7\u200b\u548c\u200b\u7f51\u7edc\u7ba1\u7406\u200b\u6c9f\u901a\u200b\u7ed9\u51fa\u200b\u53ef\u7528\u200b\u7684\u200b\u7269\u7406\u200b\u6bb5\u200b IP\u3002
- VPC \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b Macvlan \u200b\u505a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c
NetworkAttachmentDefinition \u200b\u7684\u200b master \u200b\u9700\u4e3a\u200b\u5bf9\u5e94\u200b\u7269\u7406\u200b\u7f51\u8def\u200b\u7f51\u5361\u200b\u7684\u200b\u7f51\u5361\u200b\u540d\u200b\u3002 name \u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u540d\u79f0\u200b\u3002
\u200b\u5728\u200b Macvlan \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0c\u200b\u9644\u5c5e\u200b\u7f51\u5361\u200b\u4f1a\u200b\u5c06\u200b\u6570\u636e\u5305\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b\u8be5\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u5bf9\u5916\u200b\u53d1\u9001\u200b\uff0cL2/L3 \u200b\u5c42\u9762\u200b\u7684\u200b\u8f6c\u53d1\u200b\u80fd\u529b\u200b\u9700\u8981\u200b\u4f9d\u8d56\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u3002 \u200b\u9700\u8981\u200b\u9884\u5148\u200b\u5728\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u914d\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5173\u200b\u3001Vlan \u200b\u548c\u200b\u5b89\u5168\u7b56\u7565\u200b\u7b49\u200b\u914d\u7f6e\u200b\u3002
- \u200b\u5bf9\u4e8e\u200b OpenStack \u200b\u7684\u200b VM \u200b\u73af\u5883\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u5bf9\u5e94\u200b\u7f51\u7edc\u200b\u7aef\u53e3\u200b\u7684\u200b
PortSecurity \u200b\u5173\u95ed\u200b\u3002 - \u200b\u5bf9\u4e8e\u200b VMware \u200b\u7684\u200b vSwitch \u200b\u7f51\u7edc\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b
MAC Address Changes, Forged Transmits \u200b\u548c\u200b Promiscuous Mode Operation \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b allow\u3002 - \u200b\u5bf9\u4e8e\u200b Hyper-V \u200b\u865a\u62df\u5316\u200b\uff0c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u865a\u62df\u673a\u200b\u7f51\u5361\u200b\u9ad8\u7ea7\u200b\u529f\u80fd\u200b\u4e2d\u200b\u7684\u200b
MAC Address Spoofing\u3002 - \u200b\u516c\u6709\u200b\u4e91\u200b\uff0c\u200b\u4f8b\u5982\u200b AWS\u3001GCE\u3001\u200b\u963f\u91cc\u200b\u4e91\u200b\u7b49\u200b\u7531\u4e8e\u200b\u4e0d\u200b\u652f\u6301\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b Mac \u200b\u65e0\u6cd5\u200b\u652f\u6301\u200b Macvlan \u200b\u6a21\u5f0f\u200b\u7f51\u7edc\u200b\u3002
- \u200b\u7531\u4e8e\u200b Macvlan \u200b\u672c\u8eab\u200b\u7684\u200b\u9650\u5236\u200b\uff0cMacvlan \u200b\u5b50\u200b\u63a5\u53e3\u200b\u65e0\u6cd5\u8bbf\u95ee\u200b\u7236\u200b\u63a5\u53e3\u200b\u5730\u5740\u200b\u3002
- \u200b\u5982\u679c\u200b\u7269\u7406\u200b\u7f51\u5361\u200b\u5bf9\u5e94\u200b\u4ea4\u6362\u673a\u200b\u63a5\u53e3\u200b\u4e3a\u200b Trunk \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u8be5\u200b\u7f51\u5361\u200b\u4e0a\u200b\u521b\u5efa\u200b\u5b50\u200b\u63a5\u53e3\u200b\u518d\u200b\u63d0\u4f9b\u200b\u7ed9\u200b Macvlan \u200b\u4f7f\u7528\u200b\u3002
"},{"location":"guide/vpc/#vpc_3","title":"\u5f00\u542f\u200b VPC \u200b\u7f51\u5173\u200b\u529f\u80fd","text":"VPC \u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b kube-system \u200b\u4e0b\u200b\u7684\u200b ovn-vpc-nat-gw-config \u200b\u5f00\u542f\u200b\uff1a
---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: ovn-vpc-nat-config\n namespace: kube-system\ndata:\n image: 'docker.io/kubeovn/vpc-nat-gateway:v1.12.13' \n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: ovn-vpc-nat-gw-config\n namespace: kube-system\ndata:\n enable-vpc-nat-gw: 'true'\n
image: \u200b\u7f51\u5173\u200b Pod \u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b\u955c\u50cf\u200b\u3002enable-vpc-nat-gw\uff1a \u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u542f\u7528\u200b VPC \u200b\u7f51\u5173\u200b\u529f\u80fd\u200b\u3002
"},{"location":"guide/vpc/#vpc_4","title":"\u521b\u5efa\u200b VPC \u200b\u7f51\u5173\u200b\u5e76\u200b\u914d\u7f6e\u200b\u9ed8\u8ba4\u200b\u8def\u7531","text":"kind: VpcNatGateway\napiVersion: kubeovn.io/v1\nmetadata:\n name: gw1\nspec:\n vpc: test-vpc-1\n subnet: net1\n lanIp: 10.0.1.254\n selector:\n - \"kubernetes.io/hostname: kube-ovn-worker\"\n - \"kubernetes.io/os: linux\"\n externalSubnets:\n - ovn-vpc-external-network\n
vpc\uff1a\u200b\u8be5\u200b VpcNatGateway \u200b\u6240\u5c5e\u200b\u7684\u200b VPC\u3002subnet\uff1a\u200b\u4e3a\u200b VPC \u200b\u5185\u200b\u67d0\u4e2a\u200b Subnet \u200b\u540d\u200b\uff0cVPC \u200b\u7f51\u5173\u200b Pod \u200b\u4f1a\u200b\u5728\u200b\u8be5\u200b\u5b50\u7f51\u200b\u4e0b\u7528\u200b lanIp \u200b\u6765\u200b\u8fde\u63a5\u200b\u79df\u6237\u200b\u7f51\u7edc\u200b\u3002lanIp\uff1asubnet \u200b\u5185\u200b\u67d0\u4e2a\u200b\u672a\u200b\u88ab\u200b\u4f7f\u7528\u200b\u7684\u200b IP\uff0cVPC \u200b\u7f51\u5173\u200b Pod \u200b\u6700\u7ec8\u200b\u4f1a\u200b\u4f7f\u7528\u200b\u8be5\u200b Pod\u3002\u200b\u5f53\u200b VPC \u200b\u914d\u7f6e\u200b\u8def\u7531\u200b\u9700\u8981\u200b\u6307\u5411\u200b\u5f53\u524d\u200b VpcNatGateway \u200b\u65f6\u200b nextHopIP \u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u8fd9\u4e2a\u200b lanIp\u3002selector\uff1aVpcNatGateway Pod \u200b\u7684\u200b\u8282\u70b9\u200b\u9009\u62e9\u5668\u200b\uff0c\u200b\u683c\u5f0f\u200b\u548c\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b NodeSelector \u200b\u683c\u5f0f\u200b\u76f8\u540c\u200b\u3002externalSubnets\uff1a VPC \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5982\u679c\u200b\u4e0d\u200b\u914d\u7f6e\u200b\u5219\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b ovn-vpc-external-network\uff0c\u200b\u5f53\u524d\u200b\u7248\u672c\u200b\u53ea\u200b\u652f\u6301\u200b\u914d\u7f6e\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5176\u4ed6\u200b\u53ef\u200b\u914d\u200b\u53c2\u6570\u200b\uff1a
tolerations : \u200b\u4e3a\u200b VPC \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b\u5bb9\u5fcd\u5ea6\u200b\uff0c\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u53c2\u8003\u200b \u200b\u6c61\u70b9\u200b\u548c\u200b\u5bb9\u5fcd\u5ea6\u200b\u3002affinity : \u200b\u4e3a\u200b VPC \u200b\u7f51\u5173\u200b Pod \u200b\u6216\u200b\u8282\u70b9\u200b\u914d\u7f6e\u200b\u4eb2\u548c\u6027\u200b\uff0c\u200b\u5177\u4f53\u200b\u8bbe\u7f6e\u200b\u53c2\u8003\u200b \u200b\u4eb2\u548c\u6027\u200b\u4e0e\u200b\u53cd\u200b\u4eb2\u548c\u6027\u200b\u3002
"},{"location":"guide/vpc/#eip","title":"\u521b\u5efa\u200b EIP","text":"EIP \u200b\u4e3a\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u6bb5\u200b\u7684\u200b\u67d0\u4e2a\u200b IP \u200b\u5206\u914d\u200b\u7ed9\u200b VPC \u200b\u7f51\u5173\u200b\u540e\u200b\u53ef\u200b\u8fdb\u884c\u200b DNAT\uff0cSNAT \u200b\u548c\u200b\u6d6e\u52a8\u200b IP \u200b\u64cd\u4f5c\u200b\u3002
\u200b\u968f\u673a\u200b\u5206\u914d\u200b\u4e00\u4e2a\u200b\u5730\u5740\u200b\u7ed9\u200b EIP\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-random\nspec:\n natGwDp: gw1\n
\u200b\u56fa\u5b9a\u200b EIP \u200b\u5730\u5740\u200b\u5206\u914d\u200b\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-static\nspec:\n natGwDp: gw1\n v4ip: 10.0.1.111\n
\u200b\u6307\u5b9a\u200b EIP \u200b\u6240\u5728\u200b\u7684\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff1a
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eip-random\nspec:\n natGwDp: gw1\n externalSubnet: ovn-vpc-external-network\n
externalSubnet\uff1a EIP \u200b\u6240\u5728\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u540d\u79f0\u200b\uff0c\u200b\u5982\u679c\u200b\u4e0d\u200b\u6307\u5b9a\u200b\u5219\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b ovn-vpc-external-network\uff0c\u200b\u5982\u679c\u200b\u6307\u5b9a\u200b\u5219\u200b\u5fc5\u987b\u200b\u4e3a\u200b\u6240\u5728\u200b VPC \u200b\u7f51\u5173\u200b\u7684\u200b externalSubnets \u200b\u4e2d\u200b\u7684\u200b\u4e00\u4e2a\u200b\u3002
"},{"location":"guide/vpc/#dnat","title":"\u521b\u5efa\u200b DNAT \u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b DNAT \u200b\u89c4\u5219\u200b\uff0c\u200b\u5916\u90e8\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e00\u4e2a\u200b EIP \u200b\u52a0\u200b\u7aef\u53e3\u200b\u7684\u200b\u65b9\u5f0f\u200b\u6765\u200b\u8bbf\u95ee\u200b VPC \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b IP \u200b\u548c\u200b\u7aef\u53e3\u200b\u3002
kind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eipd01\nspec:\n natGwDp: gw1\n\n---\nkind: IptablesDnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: dnat01\nspec:\n eip: eipd01 \n externalPort: '8888'\n internalIp: 10.0.1.10\n internalPort: '80'\n protocol: tcp\n
"},{"location":"guide/vpc/#snat","title":"\u521b\u5efa\u200b SNAT \u200b\u89c4\u5219","text":"\u200b\u901a\u8fc7\u200b SNAT \u200b\u89c4\u5219\u200b\uff0cVPC \u200b\u5185\u200b\u7684\u200b Pod \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7684\u200b\u5730\u5740\u200b\u65f6\u200b\u5c06\u200b\u4f1a\u200b\u901a\u8fc7\u200b\u5bf9\u5e94\u200b EIP \u200b\u8fdb\u884c\u200b SNAT\u3002
---\nkind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eips01\nspec:\n natGwDp: gw1\n---\nkind: IptablesSnatRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: snat01\nspec:\n eip: eips01\n internalCIDR: 10.0.1.0/24\n
"},{"location":"guide/vpc/#ip","title":"\u521b\u5efa\u200b\u6d6e\u52a8\u200b IP","text":"\u200b\u901a\u8fc7\u200b\u6d6e\u52a8\u200b IP \u200b\u89c4\u5219\u200b\uff0cVPC \u200b\u5185\u200b\u7684\u200b\u4e00\u4e2a\u200b IP \u200b\u4f1a\u200b\u548c\u200b EIP \u200b\u8fdb\u884c\u200b\u5b8c\u5168\u200b\u6620\u5c04\u200b\uff0c\u200b\u5916\u90e8\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u8fd9\u4e2a\u200b EIP \u200b\u8bbf\u95ee\u200b VPC \u200b\u5185\u200b\u7684\u200b IP\uff0cVPC \u200b\u5185\u200b\u7684\u200b\u8fd9\u4e2a\u200b IP \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u5730\u5740\u200b\u65f6\u200b\u4e5f\u200b\u4f1a\u200b SNAT \u200b\u6210\u200b\u8fd9\u4e2a\u200b EIP\u3002
---\nkind: IptablesEIP\napiVersion: kubeovn.io/v1\nmetadata:\n name: eipf01\nspec:\n natGwDp: gw1\n\n---\nkind: IptablesFIPRule\napiVersion: kubeovn.io/v1\nmetadata:\n name: fip01\nspec:\n eip: eipf01\n internalIp: 10.0.1.5\n
"},{"location":"guide/vpc/#_2","title":"\u81ea\u5b9a\u4e49\u200b\u8def\u7531","text":"\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u81ea\u5b9a\u4e49\u200b\u7f51\u7edc\u200b\u5185\u90e8\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\uff0c\u200b\u7ed3\u5408\u200b\u7f51\u5173\u200b\u5b9e\u73b0\u200b\u66f4\u200b\u7075\u6d3b\u200b\u7684\u200b\u8f6c\u53d1\u200b\u3002 Kube-OVN \u200b\u652f\u6301\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u548c\u200b\u66f4\u4e3a\u200b\u7075\u6d3b\u200b\u7684\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u3002
"},{"location":"guide/vpc/#_3","title":"\u9759\u6001\u200b\u8def\u7531","text":"kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n staticRoutes:\n - cidr: 0.0.0.0/0\n nextHopIP: 10.0.1.254\n policy: policyDst\n - cidr: 172.31.0.0/24\n nextHopIP: 10.0.1.253\n policy: policySrc\n routeTable: \"rtb1\"\n
policy: \u200b\u652f\u6301\u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u8def\u7531\u200b policyDst \u200b\u548c\u200b\u6e90\u5730\u5740\u200b\u8def\u7531\u200b policySrc\u3002- \u200b\u5f53\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u5b58\u5728\u200b\u91cd\u53e0\u200b\u65f6\u200b\uff0cCIDR \u200b\u63a9\u7801\u200b\u8f83\u957f\u200b\u7684\u200b\u89c4\u5219\u200b\u4f18\u5148\u7ea7\u200b\u66f4\u9ad8\u200b\uff0c\u200b\u82e5\u200b\u63a9\u7801\u200b\u957f\u5ea6\u200b\u76f8\u540c\u200b\u5219\u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u8def\u7531\u200b\u4f18\u5148\u200b\u4e8e\u200b\u6e90\u5730\u5740\u200b\u8def\u7531\u200b\u3002
routeTable: \u200b\u53ef\u200b\u6307\u5b9a\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u6240\u5728\u200b\u7684\u200b\u8def\u7531\u8868\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u5728\u200b\u4e3b\u200b\u8def\u7531\u8868\u200b\u3002\u200b\u5b50\u7f51\u200b\u5173\u8054\u200b\u8def\u7531\u8868\u200b\u8bf7\u200b\u53c2\u8003\u200b\u521b\u5efa\u200b\u5b50\u7f51\u200b
"},{"location":"guide/vpc/#_4","title":"\u7b56\u7565\u200b\u8def\u7531","text":"\u200b\u9488\u5bf9\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u5339\u914d\u200b\u7684\u200b\u6d41\u91cf\u200b\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u8fdb\u884c\u200b\u66f4\u200b\u7ec6\u7c92\u5ea6\u200b\u7684\u200b\u63a7\u5236\u200b\u3002\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u66f4\u200b\u7cbe\u786e\u200b\u7684\u200b\u5339\u914d\u200b\u89c4\u5219\u200b\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u63a7\u5236\u200b \u200b\u548c\u200b\u66f4\u200b\u591a\u200b\u7684\u200b\u8f6c\u53d1\u200b\u52a8\u4f5c\u200b\u3002\u200b\u8be5\u200b\u529f\u80fd\u200b\u4e3a\u200b OVN \u200b\u5185\u90e8\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\u7b56\u7565\u200b\u529f\u80fd\u200b\u7684\u200b\u4e00\u4e2a\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u4f7f\u7528\u200b\u4fe1\u606f\u200b\u8bf7\u200b\u53c2\u8003\u200b Logical Router Policy\u3002
\u200b\u7b80\u5355\u200b\u793a\u4f8b\u200b\u5982\u4e0b\u200b\uff1a
kind: Vpc\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-vpc-1\nspec:\n policyRoutes:\n - action: drop\n match: ip4.src==10.0.1.0/24 && ip4.dst==10.0.1.250\n priority: 11\n - action: reroute\n match: ip4.src==10.0.1.0/24\n nextHopIP: 10.0.1.252\n priority: 10\n
"},{"location":"guide/vpc/#_5","title":"\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u89c4\u5219","text":"Kubernetes \u200b\u672c\u8eab\u200b\u63d0\u4f9b\u200b\u7684\u200b Service \u200b\u80fd\u529b\u200b\u53ef\u4ee5\u200b\u5b8c\u6210\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u529f\u80fd\u200b\uff0c\u200b\u4f46\u662f\u200b\u53d7\u9650\u4e8e\u200b Kubernetes \u200b\u5b9e\u73b0\u200b\uff0c Service \u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u662f\u200b\u5168\u5c40\u200b\u5206\u914d\u200b\u4e14\u200b\u4e0d\u80fd\u200b\u91cd\u590d\u200b\u3002\u200b\u5bf9\u4e8e\u200b VPC \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\uff0c\u200b\u7528\u6237\u200b\u5e0c\u671b\u200b\u80fd\u200b\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u5730\u5740\u200b \u200b\u8303\u56f4\u200b\uff0c\u200b\u4e0d\u540c\u200b VPC \u200b\u4e0b\u200b\u7684\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u5730\u5740\u200b\u53ef\u80fd\u200b\u91cd\u53e0\u200b\uff0cKubernetes \u200b\u5185\u7f6e\u200b\u7684\u200b Service \u200b\u529f\u80fd\u200b\u65e0\u6cd5\u200b\u5b8c\u5168\u200b\u6ee1\u8db3\u200b\u3002
\u200b\u9488\u5bf9\u200b\u8fd9\u200b\u7c7b\u200b\u573a\u666f\u200b\uff0cKube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b SwitchLBRule \u200b\u8d44\u6e90\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b\u3002
\u200b\u4e00\u4e2a\u200b `SwitchLBRule`` \u200b\u4f8b\u5b50\u200b\u5982\u4e0b\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: SwitchLBRule\nmetadata:\n name: cjh-slr-nginx\nspec:\n vip: 1.1.1.1\n sessionAffinity: ClientIP\n namespace: default\n selector:\n - app:nginx\n ports:\n - name: dns\n port: 8888\n targetPort: 80\n protocol: TCP\n
vip\uff1a\u200b\u81ea\u5b9a\u4e49\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u7684\u200b\u5730\u5740\u200b\u3002namespace\uff1a\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u5668\u200b\u540e\u200b\u7aef\u200b Pod \u200b\u6240\u5728\u200b\u7684\u200b Namespace\u3002sessionAffinity\uff1a\u200b\u548c\u200b Service \u200b\u7684\u200b sessionAffinity \u200b\u529f\u80fd\u200b\u76f8\u540c\u200b\u3002selector\uff1a\u200b\u548c\u200b Service \u200b\u7684\u200b selector \u200b\u529f\u80fd\u200b\u76f8\u540c\u200b\u3002ports\uff1a\u200b\u548c\u200b Service \u200b\u7684\u200b port \u200b\u529f\u80fd\u200b\u76f8\u540c\u200b\u3002
\u200b\u67e5\u770b\u200b\u90e8\u7f72\u200b\u7684\u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u5668\u200b\u89c4\u5219\u200b\uff1a
# kubectl get slr\nNAME VIP PORT(S) SERVICE AGE\nvpc-dns-test-cjh2 10.96.0.3 53/UDP,53/TCP,9153/TCP kube-system/slr-vpc-dns-test-cjh2 88m\n
"},{"location":"guide/vpc/#vpc-dns","title":"\u81ea\u5b9a\u4e49\u200b vpc-dns","text":"\u200b\u7531\u4e8e\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u548c\u200b\u9ed8\u8ba4\u200b VPC \u200b\u7f51\u7edc\u200b\u76f8\u4e92\u200b\u9694\u79bb\u200b\uff0cVPC \u200b\u5185\u200b Pod \u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\u9ed8\u8ba4\u200b\u7684\u200b coredns \u200b\u670d\u52a1\u200b\u8fdb\u884c\u200b\u57df\u540d\u89e3\u6790\u200b\u3002 \u200b\u5982\u679c\u200b\u5e0c\u671b\u200b\u5728\u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u200b\u4f7f\u7528\u200b coredns \u200b\u89e3\u6790\u200b\u96c6\u7fa4\u200b\u5185\u200b Service \u200b\u57df\u540d\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Kube-OVN \u200b\u63d0\u4f9b\u200b\u7684\u200b vpc-dns \u200b\u8d44\u6e90\u200b\u6765\u200b\u5b9e\u73b0\u200b\u3002
"},{"location":"guide/vpc/#_6","title":"\u521b\u5efa\u200b\u9644\u52a0\u200b\u7f51\u5361","text":"apiVersion: \"k8s.cni.cncf.io/v1\"\nkind: NetworkAttachmentDefinition\nmetadata:\n name: ovn-nad\n namespace: default\nspec:\n config: '{\n \"cniVersion\": \"0.3.0\",\n \"type\": \"kube-ovn\",\n \"server_socket\": \"/run/openvswitch/kube-ovn-daemon.sock\",\n \"provider\": \"ovn-nad.default.ovn\"\n }'\n
"},{"location":"guide/vpc/#ovn-default-provider","title":"\u4fee\u6539\u200b ovn-default \u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u7684\u200b provider","text":"\u200b\u4fee\u6539\u200b ovn-default \u200b\u7684\u200b provider\uff0c\u200b\u4e3a\u200b\u4e0a\u9762\u200b nad \u200b\u914d\u7f6e\u200b\u7684\u200b provider ovn-nad.default.ovn\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: ovn-default\nspec:\n cidrBlock: 10.16.0.0/16\n default: true\n disableGatewayCheck: false\n disableInterConnection: false\n enableDHCP: false\n enableIPv6RA: false\n excludeIps:\n - 10.16.0.1\n gateway: 10.16.0.1\n gatewayType: distributed\n logicalGateway: false\n natOutgoing: true\n private: false\n protocol: IPv4\n provider: ovn-nad.default.ovn\n vpc: ovn-cluster\n
"},{"location":"guide/vpc/#vpc-dns-configmap","title":"\u914d\u7f6e\u200b vpc-dns \u200b\u7684\u200b ConfigMap","text":"\u200b\u5728\u200b kube-system \u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u4e0b\u200b\u521b\u5efa\u200b configmap\uff0c\u200b\u914d\u7f6e\u200b vpc-dns \u200b\u4f7f\u7528\u200b\u53c2\u6570\u200b\uff0c\u200b\u7528\u4e8e\u200b\u540e\u9762\u200b\u542f\u52a8\u200b vpc-dns \u200b\u529f\u80fd\u200b\uff1a
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-config\n namespace: kube-system\ndata:\n coredns-vip: 10.96.0.3\n enable-vpc-dns: \"true\"\n nad-name: ovn-nad\n nad-provider: ovn-nad.default.ovn\n
enable-vpc-dns\uff1a\uff08\u200b\u53ef\u200b\u7f3a\u7701\u200b\uff09true \u200b\u542f\u7528\u200b\u529f\u80fd\u200b\uff0cfalse \u200b\u5173\u95ed\u200b\u529f\u80fd\u200b\u3002\u200b\u9ed8\u8ba4\u200b true\u3002coredns-image\uff1a\uff08\u200b\u53ef\u200b\u7701\u7565\u200b\uff09\uff1adns \u200b\u90e8\u7f72\u200b\u955c\u50cf\u200b\u3002\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u96c6\u7fa4\u200b coredns \u200b\u90e8\u7f72\u200b\u7248\u672c\u200b\u3002coredns-template\uff1a\uff08\u200b\u53ef\u200b\u7701\u7565\u200b\uff09\uff1adns \u200b\u90e8\u7f72\u200b\u6a21\u677f\u200b\u6240\u5728\u200b\u7684\u200b URL\u3002\u200b\u9ed8\u8ba4\u200b\uff1a\u200b\u5f53\u524d\u200b\u7248\u672c\u200b\u4ed3\u5e93\u200b\u91cc\u200b\u7684\u200b yamls/coredns-template.yaml\u3002coredns-vip\uff1a\u200b\u4e3a\u200b coredns \u200b\u63d0\u4f9b\u200b lb \u200b\u670d\u52a1\u200b\u7684\u200b vip\u3002nad-name\uff1a\u200b\u914d\u7f6e\u200b\u7684\u200b network-attachment-definitions \u200b\u8d44\u6e90\u200b\u540d\u79f0\u200b\u3002nad-provider\uff1a\u200b\u4f7f\u7528\u200b\u7684\u200b provider \u200b\u540d\u79f0\u200b\u3002k8s-service-host\uff1a\uff08\u200b\u53ef\u200b\u7f3a\u7701\u200b\uff09 \u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b ip\u3002k8s-service-port\uff1a\uff08\u200b\u53ef\u200b\u7f3a\u7701\u200b\uff09\u200b\u7528\u4e8e\u200b coredns \u200b\u8bbf\u95ee\u200b k8s apiserver \u200b\u670d\u52a1\u200b\u7684\u200b port\u3002
"},{"location":"guide/vpc/#vpc-dns_1","title":"\u90e8\u7f72\u200b vpc-dns \u200b\u4f9d\u8d56\u200b\u8d44\u6e90","text":"apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:vpc-dns\nrules:\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - namespaces\n verbs:\n - list\n - watch\n - apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n annotations:\n rbac.authorization.kubernetes.io/autoupdate: \"true\"\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: vpc-dns\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:vpc-dns\nsubjects:\n- kind: ServiceAccount\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: vpc-dns\n namespace: kube-system\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: vpc-dns-corefile\n namespace: kube-system\ndata:\n Corefile: |\n .:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n forward . /etc/resolv.conf {\n prefer_udp\n }\n cache 30\n loop\n reload\n loadbalance\n }\n
"},{"location":"guide/vpc/#vpc-dns_2","title":"\u90e8\u7f72\u200b vpc-dns","text":"kind: VpcDns\napiVersion: kubeovn.io/v1\nmetadata:\n name: test-cjh1\nspec:\n vpc: cjh-vpc-1\n subnet: cjh-subnet-1\n
vpc\uff1a \u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b vpc \u200b\u540d\u79f0\u200b\u3002subnet\uff1a\u200b\u7528\u4e8e\u200b\u90e8\u7f72\u200b dns \u200b\u7ec4\u4ef6\u200b\u7684\u200b\u5b50\u200b\u540d\u79f0\u200b\u3002
\u200b\u67e5\u770b\u200b\u8d44\u6e90\u200b\u4fe1\u606f\u200b\uff1a
[root@hci-dev-mst-1 kubeovn]# kubectl get vpc-dns\nNAME ACTIVE VPC SUBNET \ntest-cjh1 false cjh-vpc-1 cjh-subnet-1 \ntest-cjh2 true cjh-vpc-1 cjh-subnet-2 \n
ACTIVE: true \u200b\u6210\u529f\u200b\u90e8\u7f72\u200b\u4e86\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b\uff0cfalse \u200b\u65e0\u200b\u90e8\u7f72\u200b
"},{"location":"guide/vpc/#_7","title":"\u9650\u5236","text":" - \u200b\u4e00\u4e2a\u200b vpc \u200b\u4e0b\u200b\u53ea\u4f1a\u200b\u90e8\u7f72\u200b\u4e00\u4e2a\u200b\u81ea\u5b9a\u4e49\u200b dns \u200b\u7ec4\u4ef6\u200b;
- \u200b\u5f53\u200b\u4e00\u4e2a\u200b vpc \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u591a\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\uff08\u200b\u5373\u200b\u540c\u4e00\u4e2a\u200b vpc \u200b\u4e0d\u540c\u200b\u7684\u200b subnet\uff09\uff0c\u200b\u53ea\u6709\u200b\u4e00\u4e2a\u200b vpc-dns \u200b\u8d44\u6e90\u200b\u72b6\u6001\u200b
true\uff0c\u200b\u5176\u4ed6\u200b\u4e3a\u200b fasle; - \u200b\u5f53\u200b
true \u200b\u7684\u200b vpc-dns \u200b\u88ab\u200b\u5220\u9664\u200b\u6389\u200b\uff0c\u200b\u4f1a\u200b\u83b7\u53d6\u200b\u5176\u4ed6\u200b false \u200b\u7684\u200b vpc-dns \u200b\u8fdb\u884c\u200b\u90e8\u7f72\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"guide/webhook/","title":"Webhook \u200b\u4f7f\u7528","text":"\u200b\u4f7f\u7528\u200b Webhook \u200b\u53ef\u4ee5\u200b\u5bf9\u200b Kube-OVN \u200b\u5185\u200b\u7684\u200b CRD \u200b\u8d44\u6e90\u200b\u8fdb\u884c\u200b\u6821\u9a8c\u200b\uff0c\u200b\u76ee\u524d\u200b Webhook \u200b\u4e3b\u8981\u200b\u5b8c\u6210\u200b \u200b\u56fa\u5b9a\u200b IP \u200b\u5730\u5740\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\u548c\u200b Subnet CIDR \u200b\u7684\u200b\u51b2\u7a81\u68c0\u6d4b\u200b\uff0c\u200b\u5e76\u200b\u5728\u200b\u8fd9\u7c7b\u200b\u8d44\u6e90\u200b\u521b\u5efa\u200b\u51b2\u7a81\u200b\u65f6\u200b\u63d0\u793a\u200b\u9519\u8bef\u200b\u3002
\u200b\u7531\u4e8e\u200b Webhook \u200b\u4f1a\u200b\u62e6\u622a\u200b\u6240\u6709\u200b\u7684\u200b Subnet \u200b\u548c\u200b Pod \u200b\u521b\u5efa\u200b\u7684\u200b\u8bf7\u6c42\u200b\uff0c\u200b\u56e0\u6b64\u200b\u9700\u8981\u200b\u5148\u200b\u90e8\u7f72\u200b Kube-OVN \u200b\u540e\u200b\u90e8\u7f72\u200b Webhook \u200b\u907f\u514d\u200b\u65e0\u6cd5\u200b\u521b\u5efa\u200b Pod\u3002
"},{"location":"guide/webhook/#cert-manager","title":"Cert-Manager \u200b\u5b89\u88c5","text":"Webhook \u200b\u90e8\u7f72\u200b\u9700\u8981\u200b\u76f8\u5173\u200b\u8bc1\u4e66\u200b\u52a0\u5bc6\u200b\uff0c\u200b\u6211\u4eec\u200b\u4f7f\u7528\u200b cert-manager \u200b\u751f\u6210\u200b\u76f8\u5173\u200b\u8bc1\u4e66\u200b\uff0c\u200b\u6211\u4eec\u200b\u9700\u8981\u200b\u5728\u200b\u90e8\u7f72\u200b Webhook \u200b\u524d\u5148\u200b\u90e8\u7f72\u200b cert-manager\u3002
\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u6765\u200b\u90e8\u7f72\u200b cert-manager:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml\n
\u200b\u66f4\u200b\u591a\u200b cert-manager \u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b cert-manager \u200b\u6587\u6863\u200b\u3002
"},{"location":"guide/webhook/#webhook_1","title":"\u5b89\u88c5\u200b Webhook","text":"\u200b\u4e0b\u8f7d\u200b Webhook \u200b\u5bf9\u5e94\u200b\u7684\u200b yaml \u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b:
# kubectl apply -f https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/yamls/webhook.yaml\ndeployment.apps/kube-ovn-webhook created\nservice/kube-ovn-webhook created\nvalidatingwebhookconfiguration.admissionregistration.k8s.io/kube-ovn-webhook created\ncertificate.cert-manager.io/kube-ovn-webhook-serving-cert created\nissuer.cert-manager.io/kube-ovn-webhook-selfsigned-issuer created\n
"},{"location":"guide/webhook/#webhook_2","title":"\u9a8c\u8bc1\u200b Webhook \u200b\u751f\u6548","text":"\u200b\u67e5\u770b\u200b\u5df2\u200b\u8fd0\u884c\u200b Pod\uff0c\u200b\u5f97\u5230\u200b Pod IP 10.16.0.15\uff1a
# kubectl get pod -o wide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nstatic-7584848b74-fw9dm 1/1 Running 0 2d13h 10.16.0.15 kube-ovn-worker <none> \n
\u200b\u7f16\u5199\u200b yaml \u200b\u521b\u5efa\u200b\u76f8\u540c\u200b IP \u200b\u7684\u200b Pod\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n annotations:\n ovn.kubernetes.io/ip_address: 10.16.0.15\n ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6\n labels:\n app: static\n managedFields:\n name: staticip-pod\n namespace: default\nspec:\n containers:\n - image: docker.io/library/nginx:alpine\n imagePullPolicy: IfNotPresent\n name: qatest\n
\u200b\u4f7f\u7528\u200b\u4ee5\u4e0a\u200b yaml \u200b\u521b\u5efa\u200b\u9759\u6001\u200b\u5730\u5740\u200b Pod \u200b\u7684\u200b\u65f6\u5019\u200b\uff0c\u200b\u63d0\u793a\u200b IP \u200b\u5730\u5740\u200b\u51b2\u7a81\u200b\uff1a
# kubectl apply -f pod-static.yaml\nError from server (annotation ip address 10.16.0.15 is conflict with ip crd static-7584848b74-fw9dm.default 10.16.0.15): error when creating \"pod-static.yaml\": admission webhook \"pod-ip-validaing.kube-ovn.io\" denied the request: annotation ip address 10.16.0.15 is conflict with ip crd static-7584848b74-fw9dm.default 10.16.0.15\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-default-subnet/","title":"\u4fee\u6539\u200b\u5b50\u7f51\u200b CIDR","text":"\u200b\u5982\u679c\u200b\u521b\u5efa\u200b\u7684\u200b\u5b50\u7f51\u200b CIDR \u200b\u51b2\u7a81\u200b\u6216\u200b\u4e0d\u200b\u7b26\u5408\u200b\u9884\u671f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u672c\u200b\u6587\u6863\u200b\u7684\u200b\u6b65\u9aa4\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
\u200b\u4fee\u6539\u200b\u5b50\u7f51\u200b CIDR \u200b\u540e\u200b\u4e4b\u524d\u200b\u521b\u5efa\u200b\u7684\u200b Pod \u200b\u5c06\u200b\u65e0\u6cd5\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u8fdb\u884c\u200b\u91cd\u5efa\u200b\u3002 \u200b\u5efa\u8bae\u200b\u64cd\u4f5c\u524d\u200b\u614e\u91cd\u8003\u8651\u200b\u3002\u200b\u672c\u6587\u200b\u53ea\u200b\u9488\u5bf9\u200b\u4e1a\u52a1\u200b\u5b50\u7f51\u200b CIDR \u200b\u66f4\u6539\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5982\u9700\u200b \u200b\u66f4\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR \u200b\u8bf7\u200b\u53c2\u8003\u200b\u66f4\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR\u3002
"},{"location":"ops/change-default-subnet/#_1","title":"\u7f16\u8f91\u200b\u5b50\u7f51","text":"\u200b\u4f7f\u7528\u200b kubectl edit \u200b\u4fee\u6539\u200b\u5b50\u7f51\u200b cidrBlock\uff0cgateway \u200b\u548c\u200b excludeIps\u3002
kubectl edit subnet test-subnet\n
"},{"location":"ops/change-default-subnet/#namespace-pod","title":"\u91cd\u5efa\u200b\u8be5\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\u7684\u200b Namespace \u200b\u4e0b\u200b\u6240\u6709\u200b Pod","text":"\u200b\u4ee5\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b test Namespace \u200b\u4e3a\u4f8b\u200b\uff1a
for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n test --ignore-not-found\ndone\n
\u200b\u82e5\u200b\u53ea\u200b\u4f7f\u7528\u200b\u4e86\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\u5220\u9664\u200b\u6240\u6709\u200b\u975e\u200b host \u200b\u7f51\u7edc\u200b\u6a21\u5f0f\u200b\u7684\u200b Pod\uff1a
for ns in $(kubectl get ns --no-headers -o custom-columns=NAME:.metadata.name); do\n for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n \"$ns\" --ignore-not-found\n done\ndone\n
"},{"location":"ops/change-default-subnet/#_2","title":"\u66f4\u6539\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u914d\u7f6e","text":"\u200b\u82e5\u200b\u4fee\u6539\u200b\u7684\u200b\u4e3a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u7684\u200b CIDR \u200b\u8fd8\u200b\u9700\u8981\u200b\u66f4\u6539\u200b kube-ovn-controller Deployment \u200b\u7684\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff1a
args:\n- --default-cidr=10.17.0.0/16\n- --default-gateway=10.17.0.1\n- --default-exclude-ips=10.17.0.1\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-join-subnet/","title":"\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR","text":"\u200b\u82e5\u200b\u53d1\u73b0\u200b\u521b\u5efa\u200b\u7684\u200b Join \u200b\u5b50\u7f51\u200b CIDR \u200b\u51b2\u7a81\u200b\u6216\u200b\u4e0d\u200b\u7b26\u5408\u200b\u9884\u671f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u672c\u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u4fee\u6539\u200b\u3002
\u200b\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b CIDR \u200b\u540e\u200b\u4e4b\u524d\u200b\u521b\u5efa\u200b\u7684\u200b Pod \u200b\u5c06\u200b\u65e0\u6cd5\u200b\u6b63\u5e38\u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u9700\u8981\u200b\u7b49\u200b\u91cd\u5efa\u200b\u5b8c\u6210\u200b, \u200b\u5efa\u8bae\u200b\u524d\u200b\u64cd\u4f5c\u200b\u65f6\u200b\u614e\u91cd\u8003\u8651\u200b\u3002
"},{"location":"ops/change-join-subnet/#join","title":"\u5220\u9664\u200b Join \u200b\u5b50\u7f51","text":"kubectl patch subnet join --type='json' -p '[{\"op\": \"replace\", \"path\": \"/metadata/finalizers\", \"value\": []}]'\nkubectl delete subnet join\n
"},{"location":"ops/change-join-subnet/#_1","title":"\u6e05\u7406\u200b\u76f8\u5173\u200b\u5206\u914d\u200b\u4fe1\u606f","text":"kubectl annotate node ovn.kubernetes.io/allocated=false --all --overwrite\n
"},{"location":"ops/change-join-subnet/#join_1","title":"\u4fee\u6539\u200b Join \u200b\u5b50\u7f51\u200b\u76f8\u5173\u200b\u4fe1\u606f","text":"\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u5185\u200b Join \u200b\u5b50\u7f51\u200b\u76f8\u5173\u200b\u4fe1\u606f\u200b\uff1a
kubectl edit deployment -n kube-system kube-ovn-controller\n
\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53c2\u6570\u200b\uff1a
args:\n- --node-switch-cidr=100.51.0.0/16\n
\u200b\u91cd\u542f\u200b kube-ovn-controller \u200b\u91cd\u5efa\u200b join \u200b\u5b50\u7f51\u200b\uff1a
kubectl delete pod -n kube-system -lapp=kube-ovn-controller\n
\u200b\u67e5\u770b\u200b\u65b0\u200b\u7684\u200b Join \u200b\u5b50\u7f51\u200b\u4fe1\u606f\u200b\uff1a
# kubectl get subnet\nNAME PROVIDER VPC PROTOCOL CIDR PRIVATE NAT DEFAULT GATEWAYTYPE V4USED V4AVAILABLE V6USED V6AVAILABLE EXCLUDEIPS\njoin ovn ovn-cluster IPv4 100.51.0.0/16 false false false distributed 2 65531 0 0 [\"100.51.0.1\"]\novn-default ovn ovn-cluster IPv4 10.17.0.0/16 false true true distributed 5 65528 0 0 [\"10.17.0.1\"]\n
"},{"location":"ops/change-join-subnet/#ovn0","title":"\u91cd\u65b0\u914d\u7f6e\u200b ovn0 \u200b\u7f51\u5361\u200b\u5730\u5740","text":"\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b ovn0 \u200b\u7f51\u5361\u200b\u4fe1\u606f\u200b\u9700\u8981\u200b\u91cd\u65b0\u200b\u66f4\u65b0\u200b\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b\u91cd\u542f\u200b kube-ovn-cni \u200b\u6765\u200b\u5b8c\u6210\u200b\uff1a
kubectl delete pod -n kube-system -l app=kube-ovn-cni\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-log-level/","title":"\u8c03\u6574\u200b\u65e5\u5fd7\u200b\u7b49\u7ea7","text":"\u200b\u6253\u5f00\u200b kube-ovn.yaml\uff0c\u200b\u5728\u200b\u670d\u52a1\u200b\u542f\u52a8\u200b\u811a\u672c\u200b\u7684\u200b\u53c2\u6570\u200b\u5217\u8868\u200b\u4e2d\u200b\u8bbe\u7f6e\u200b log \u200b\u7b49\u7ea7\u200b\uff0c\u200b\u6bd4\u5982\u200b\uff1a
vi kube-ovn.yaml\n# ...\n - name: kube-ovn-controller\n image: \"docker.io/kubeovn/kube-ovn:v1.12.13\"\n imagePullPolicy: IfNotPresent\n args:\n - /kube-ovn/start-controller.sh\n - --v=3\n# ...\n# log \u200b\u7b49\u7ea7\u200b\u8d8a\u9ad8\u200b\uff0clog \u200b\u5c31\u200b\u8d8a\u200b\u8be6\u7ec6\u200b\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/change-ovn-central-node/","title":"\u66f4\u6362\u200b ovn-central \u200b\u8282\u70b9","text":"\u200b\u7531\u4e8e\u200b ovn-central \u200b\u5185\u200b\u7684\u200b ovn-nb \u200b\u548c\u200b ovn-sb \u200b\u5206\u522b\u200b\u5efa\u7acb\u200b\u4e86\u200b\u7c7b\u4f3c\u200b etcd \u200b\u7684\u200b raft \u200b\u96c6\u7fa4\u200b\uff0c\u200b\u56e0\u6b64\u200b\u66f4\u6362\u200b ovn-central \u200b\u8282\u70b9\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u7684\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u4fdd\u8bc1\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u7684\u200b\u6b63\u786e\u200b\u548c\u200b\u6570\u636e\u200b\u7684\u200b\u4e00\u81f4\u200b\u3002\u200b\u5efa\u8bae\u200b\u6bcf\u6b21\u200b\u53ea\u200b\u5bf9\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u4e0a\u4e0b\u200b\u7ebf\u200b\u5904\u7406\u200b\uff0c\u200b\u4ee5\u200b\u907f\u514d\u200b\u96c6\u7fa4\u200b\u8fdb\u5165\u200b\u4e0d\u53ef\u200b\u7528\u200b \u200b\u72b6\u6001\u200b\uff0c\u200b\u5f71\u54cd\u200b\u96c6\u7fa4\u200b\u6574\u4f53\u200b\u7f51\u7edc\u200b\u3002
"},{"location":"ops/change-ovn-central-node/#ovn-central_1","title":"ovn-central \u200b\u8282\u70b9\u200b\u4e0b\u7ebf","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u9488\u5bf9\u200b\u5982\u4e0b\u200b\u7684\u200b\u96c6\u7fa4\u200b\u60c5\u51b5\u200b\uff0c\u200b\u4ee5\u4e0b\u200b\u7ebf\u200b kube-ovn-control-plane2 \u200b\u8282\u70b9\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u5c06\u200b\u5176\u200b\u4ece\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u79fb\u9664\u200b\u3002
# kubectl -n kube-system get pod -o wide | grep central\novn-central-6bf58cbc97-2cdhg 1/1 Running 0 21m 172.18.0.3 kube-ovn-control-plane <none> <none>\novn-central-6bf58cbc97-crmfp 1/1 Running 0 21m 172.18.0.5 kube-ovn-control-plane2 <none> <none>\novn-central-6bf58cbc97-lxmpl 1/1 Running 0 21m 172.18.0.4 kube-ovn-control-plane3 <none> <none>\n
"},{"location":"ops/change-ovn-central-node/#ovn-nb","title":"\u4e0b\u7ebf\u200b ovn-nb \u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u8282\u70b9","text":"\u200b\u9996\u5148\u200b\u67e5\u770b\u200b\u8282\u70b9\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b ID\uff0c\u200b\u4ee5\u4fbf\u200b\u540e\u7eed\u200b\u64cd\u4f5c\u200b\u3002
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2135194 ms ago, reason: timeout\nLast Election won: 2135188 ms ago\nElection timer: 5000\nLog: [135, 135]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-d64b ->d64b <-4984 ->4984\nDisconnections: 0\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=135 match_index=134 last msg 1084 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=2 match_index=134\n d64b (d64b at tcp:[172.18.0.5]:6643) next_index=135 match_index=134 last msg 1084 ms ago\nstatus: ok\n
kube-ovn-control-plane2 \u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b IP \u200b\u4e3a\u200b 172.18.0.5\uff0c\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u7684\u200b ID \u200b\u4e3a\u200b d64b\u3002\u200b\u63a5\u4e0b\u6765\u200b\u4ece\u200b ovn-nb \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u8be5\u200b\u8282\u70b9\u200b\uff1a
# kubectl ko nb kick d64b\nstarted removal\n
\u200b\u786e\u8ba4\u200b\u8282\u70b9\u200b\u8e22\u200b\u51fa\u200b\u6210\u529f\u200b\uff1a
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2297649 ms ago, reason: timeout\nLast Election won: 2297643 ms ago\nElection timer: 5000\nLog: [136, 136]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-4984 ->4984\nDisconnections: 2\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=136 match_index=135 last msg 1270 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=2 match_index=135\nstatus: ok\n
"},{"location":"ops/change-ovn-central-node/#ovn-sb","title":"\u4e0b\u7ebf\u200b ovn-sb \u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u8282\u70b9","text":"\u200b\u63a5\u4e0b\u6765\u200b\u9700\u8981\u200b\u64cd\u4f5c\u200b ovn-sb \u200b\u96c6\u7fa4\u200b\uff0c\u200b\u9996\u5148\u200b\u67e5\u770b\u200b\u8282\u70b9\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\u7684\u200b ID\uff0c\u200b\u4ee5\u4fbf\u200b\u540e\u7eed\u200b\u64cd\u4f5c\u200b\uff1a
kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2395317 ms ago, reason: timeout\nLast Election won: 2395316 ms ago\nElection timer: 5000\nLog: [130, 130]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-e9f7 ->e9f7 <-6e84 ->6e84\nDisconnections: 0\nServers:\n e9f7 (e9f7 at tcp:[172.18.0.5]:6644) next_index=130 match_index=129 last msg 1006 ms ago\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=130 match_index=129 last msg 1004 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=2 match_index=129\nstatus: ok\n
kube-ovn-control-plane2 \u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b IP \u200b\u4e3a\u200b 172.18.0.5\uff0c\u200b\u96c6\u7fa4\u200b\u5185\u200b\u5bf9\u5e94\u200b\u7684\u200b ID \u200b\u4e3a\u200b e9f7\u3002\u200b\u63a5\u4e0b\u6765\u200b\u4ece\u200b ovn-sb \u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u8be5\u200b\u8282\u70b9\u200b\uff1a
# kubectl ko sb kick e9f7\nstarted removal\n
\u200b\u786e\u8ba4\u200b\u8282\u70b9\u200b\u8e22\u200b\u51fa\u200b\u6210\u529f\u200b\uff1a
# kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 2481636 ms ago, reason: timeout\nLast Election won: 2481635 ms ago\nElection timer: 5000\nLog: [131, 131]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-6e84 ->6e84\nDisconnections: 2\nServers:\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=131 match_index=130 last msg 642 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=2 match_index=130\nstatus: ok\n
"},{"location":"ops/change-ovn-central-node/#ovn-central_2","title":"\u5220\u9664\u200b\u8282\u70b9\u200b\u6807\u7b7e\u200b\uff0c\u200b\u5e76\u200b\u7f29\u5bb9\u200b ovn-central","text":"\u200b\u6ce8\u610f\u200b\u9700\u5728\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u4e2d\u200b\u5220\u9664\u200b\u4e0b\u7ebf\u200b\u8282\u70b9\u200b\u3002
kubectl label node kube-ovn-control-plane2 kube-ovn/role-\nkubectl scale deployment -n kube-system ovn-central --replicas=2\nkubectl set env deployment/ovn-central -n kube-system NODE_IPS=\"172.18.0.3,172.18.0.4\"\nkubectl rollout status deployment/ovn-central -n kube-system \n
"},{"location":"ops/change-ovn-central-node/#ovn-central_3","title":"\u4fee\u6539\u200b\u5176\u4ed6\u200b\u7ec4\u4ef6\u200b\u8fde\u63a5\u200b ovn-central \u200b\u5730\u5740","text":"\u200b\u4fee\u6539\u200b ovs-ovn \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5220\u9664\u200b\u4e0b\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002
# kubectl set env daemonset/ovs-ovn -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4\"\ndaemonset.apps/ovs-ovn env updated\n# kubectl delete pod -n kube-system -lapp=ovs\npod \"ovs-ovn-4f6jc\" deleted\npod \"ovs-ovn-csn2w\" deleted\npod \"ovs-ovn-mpbmb\" deleted\n
\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5220\u9664\u200b\u4e0b\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002
# kubectl set env deployment/kube-ovn-controller -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4\"\ndeployment.apps/kube-ovn-controller env updated\n\n# kubectl rollout status deployment/kube-ovn-controller -n kube-system\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 1 of 3 updated replicas are available...\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 2 of 3 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\n
"},{"location":"ops/change-ovn-central-node/#_1","title":"\u6e05\u7406\u200b\u8282\u70b9","text":"\u200b\u5220\u9664\u200b kube-ovn-control-plane2 \u200b\u8282\u70b9\u200b\u5185\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff0c\u200b\u907f\u514d\u200b\u91cd\u590d\u200b\u6dfb\u52a0\u200b\u8282\u70b9\u200b\u65f6\u200b\u53d1\u751f\u200b\u5f02\u5e38\u200b\uff1a
rm -rf /etc/origin/ovn\n
\u200b\u5982\u9700\u200b\u5c06\u200b\u8282\u70b9\u200b\u4ece\u200b\u6574\u4e2a\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u4e0b\u7ebf\u200b\uff0c\u200b\u8fd8\u200b\u9700\u200b\u7ee7\u7eed\u200b\u53c2\u8003\u200b\u5220\u9664\u200b\u5de5\u4f5c\u200b\u8282\u70b9\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"ops/change-ovn-central-node/#ovn-central_4","title":"ovn-central \u200b\u8282\u70b9\u200b\u4e0a\u7ebf","text":"\u200b\u4e0b\u5217\u200b\u6b65\u9aa4\u200b\u4f1a\u200b\u5c06\u200b\u4e00\u4e2a\u200b\u65b0\u200b\u7684\u200b Kubernetes \u200b\u8282\u70b9\u200b\u52a0\u5165\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u3002
"},{"location":"ops/change-ovn-central-node/#_2","title":"\u76ee\u5f55\u200b\u68c0\u67e5","text":"\u200b\u68c0\u67e5\u200b\u65b0\u589e\u200b\u8282\u70b9\u200b\u7684\u200b /etc/origin/ovn \u200b\u76ee\u5f55\u200b\u4e2d\u200b\u662f\u5426\u200b\u5b58\u5728\u200b ovnnb_db.db \u200b\u6216\u200b ovnsb_db.db \u200b\u6587\u4ef6\u200b\uff0c\u200b\u82e5\u200b\u5b58\u5728\u200b\u9700\u200b\u63d0\u524d\u200b\u5220\u9664\u200b\uff1a
rm -rf /etc/origin/ovn\n
"},{"location":"ops/change-ovn-central-node/#ovn-central_5","title":"\u786e\u8ba4\u200b\u5f53\u524d\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u6b63\u5e38","text":"\u200b\u82e5\u200b\u5f53\u524d\u200b ovn-central \u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u5df2\u7ecf\u200b\u5f02\u5e38\u200b\uff0c\u200b\u65b0\u589e\u200b\u8282\u70b9\u200b\u53ef\u80fd\u200b\u5bfc\u81f4\u200b\u6295\u7968\u9009\u4e3e\u200b\u65e0\u6cd5\u200b\u8fc7\u534a\u6570\u200b\uff0c\u200b\u5f71\u54cd\u200b\u540e\u7eed\u200b\u64cd\u4f5c\u200b\u3002
# kubectl ko nb status\n1b9a\nName: OVN_Northbound\nCluster ID: 32ca (32ca07fb-739b-4257-b510-12fa18e7cce8)\nServer ID: 1b9a (1b9a5d76-e69b-410c-8085-39943d0cd38c)\nAddress: tcp:[172.18.0.3]:6643\nStatus: cluster member\nRole: leader\nTerm: 44\nLeader: self\nVote: self\n\nLast Election started 1855739 ms ago, reason: timeout\nLast Election won: 1855729 ms ago\nElection timer: 5000\nLog: [147, 147]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: ->4984 <-4984\nDisconnections: 0\nServers:\n 4984 (4984 at tcp:[172.18.0.4]:6643) next_index=147 match_index=146 last msg 367 ms ago\n 1b9a (1b9a at tcp:[172.18.0.3]:6643) (self) next_index=140 match_index=146\nstatus: ok\n\n# kubectl ko sb status\n3722\nName: OVN_Southbound\nCluster ID: d4bd (d4bd37a4-0400-499f-b4df-b4fd389780f0)\nServer ID: 3722 (3722d5ae-2ced-4820-a6b2-8b744d11fb3e)\nAddress: tcp:[172.18.0.3]:6644\nStatus: cluster member\nRole: leader\nTerm: 33\nLeader: self\nVote: self\n\nLast Election started 1868589 ms ago, reason: timeout\nLast Election won: 1868579 ms ago\nElection timer: 5000\nLog: [142, 142]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: ->6e84 <-6e84\nDisconnections: 0\nServers:\n 6e84 (6e84 at tcp:[172.18.0.4]:6644) next_index=142 match_index=141 last msg 728 ms ago\n 3722 (3722 at tcp:[172.18.0.3]:6644) (self) next_index=134 match_index=141\nstatus: ok\n
"},{"location":"ops/change-ovn-central-node/#_3","title":"\u7ed9\u200b\u8282\u70b9\u200b\u589e\u52a0\u200b\u6807\u7b7e\u200b\u5e76\u200b\u6269\u5bb9","text":"\u200b\u6ce8\u610f\u200b\u9700\u5728\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u7684\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u4e2d\u200b\u589e\u52a0\u200b\u4e0a\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\u3002
kubectl label node kube-ovn-control-plane2 kube-ovn/role=master\nkubectl scale deployment -n kube-system ovn-central --replicas=3\nkubectl set env deployment/ovn-central -n kube-system NODE_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\nkubectl rollout status deployment/ovn-central -n kube-system\n
"},{"location":"ops/change-ovn-central-node/#ovn-central_6","title":"\u4fee\u6539\u200b\u5176\u4ed6\u200b\u7ec4\u4ef6\u200b\u8fde\u63a5\u200b ovn-central \u200b\u5730\u5740","text":"\u200b\u4fee\u6539\u200b ovs-ovn \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u589e\u52a0\u200b\u4e0a\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\uff1a
# kubectl set env daemonset/ovs-ovn -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\ndaemonset.apps/ovs-ovn env updated\n# kubectl delete pod -n kube-system -lapp=ovs\npod \"ovs-ovn-4f6jc\" deleted\npod \"ovs-ovn-csn2w\" deleted\npod \"ovs-ovn-mpbmb\" deleted\n
\u200b\u4fee\u6539\u200b kube-ovn-controller \u200b\u5185\u200b\u8fde\u63a5\u200b\u4fe1\u606f\u200b\uff0c\u200b\u589e\u52a0\u200b\u4e0a\u7ebf\u200b\u8282\u70b9\u200b\u5730\u5740\u200b\uff1a
# kubectl set env deployment/kube-ovn-controller -n kube-system OVN_DB_IPS=\"172.18.0.3,172.18.0.4,172.18.0.5\"\ndeployment.apps/kube-ovn-controller env updated\n\n# kubectl rollout status deployment/kube-ovn-controller -n kube-system\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 1 of 3 updated replicas are available...\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 2 of 3 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/delete-worker-node/","title":"\u5220\u9664\u200b\u5de5\u4f5c\u200b\u8282\u70b9","text":"\u200b\u5982\u679c\u200b\u53ea\u662f\u200b\u7b80\u5355\u200b\u4ece\u200b Kubernetes \u200b\u4e2d\u200b\u5220\u9664\u200b\u8282\u70b9\u200b\uff0c\u200b\u7531\u4e8e\u200b\u8282\u70b9\u200b\u4e0a\u200b ovs-ovn \u200b\u4e2d\u200b\u8fd0\u884c\u200b\u7684\u200b ovn-controller \u200b\u8fdb\u7a0b\u200b\u4ecd\u200b\u5728\u200b\u8fd0\u884c\u200b\u4f1a\u200b\u5b9a\u671f\u200b\u8fde\u63a5\u200b ovn-central \u200b\u6ce8\u518c\u200b\u76f8\u5173\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\uff0c \u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u989d\u5916\u200b\u8d44\u6e90\u200b\u6d6a\u8d39\u200b\u5e76\u200b\u6709\u200b\u6f5c\u5728\u200b\u7684\u200b\u89c4\u5219\u200b\u51b2\u7a81\u200b\u98ce\u9669\u200b\u3002 \u200b\u56e0\u6b64\u200b\u5728\u200b\u4ece\u200b Kubernetes \u200b\u5185\u200b\u5220\u9664\u200b\u8282\u70b9\u200b\u65f6\u200b\uff0c\u200b\u8bf7\u200b\u6309\u7167\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u6765\u200b\u4fdd\u8bc1\u200b\u7f51\u7edc\u200b\u4fe1\u606f\u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u88ab\u200b\u6e05\u7406\u200b\u3002
\u200b\u8be5\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b\u5220\u9664\u200b\u5de5\u4f5c\u200b\u8282\u70b9\u200b\u7684\u200b\u6b65\u9aa4\u200b\uff0c\u200b\u5982\u9700\u200b\u66f4\u6362\u200b ovn-central \u200b\u6240\u5728\u200b\u8282\u70b9\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b\u66f4\u6362\u200b ovn-central \u200b\u8282\u70b9\u200b\u3002
"},{"location":"ops/delete-worker-node/#_2","title":"\u9a71\u9010\u200b\u8282\u70b9\u200b\u4e0a\u200b\u6240\u6709\u200b\u5bb9\u5668","text":" # kubectl drain kube-ovn-worker --ignore-daemonsets --force\n node/kube-ovn-worker cordoned\n WARNING: ignoring DaemonSet-managed Pods: kube-system/kube-ovn-cni-zt74b, kube-system/kube-ovn-pinger-5rxfs, kube-system/kube-proxy-jpmnm, kube-system/ovs-ovn-v2kll\n evicting pod kube-system/coredns-64897985d-qsgpt\n evicting pod local-path-storage/local-path-provisioner-5ddd94ff66-llss6\n evicting pod kube-system/kube-ovn-controller-8459db5ff4-94lxb\n pod/kube-ovn-controller-8459db5ff4-94lxb evicted\n pod/coredns-64897985d-qsgpt evicted\n pod/local-path-provisioner-5ddd94ff66-llss6 evicted\n node/kube-ovn-worker drained\n
"},{"location":"ops/delete-worker-node/#kubelet-docker","title":"\u505c\u6b62\u200b kubelet \u200b\u548c\u200b docker","text":"\u200b\u8be5\u200b\u6b65\u9aa4\u200b\u4f1a\u200b\u505c\u6b62\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u4ee5\u200b\u907f\u514d\u200b\u5411\u200b ovn-central \u200b\u8fdb\u884c\u200b\u4fe1\u606f\u200b\u6ce8\u518c\u200b\uff0c\u200b\u767b\u5f55\u200b\u5230\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
systemctl stop kubelet\nsystemctl stop docker\n
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b\u7684\u200b CRI \u200b\u4e3a\u200b containerd\uff0c\u200b\u9700\u8981\u200b\u6267\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u6765\u200b\u505c\u6b62\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff1a
crictl rm -f $(crictl ps | grep openvswitch | awk '{print $1}')\n
"},{"location":"ops/delete-worker-node/#node","title":"\u6e05\u7406\u200b Node \u200b\u4e0a\u200b\u7684\u200b\u6b8b\u7559\u200b\u6570\u636e","text":"rm -rf /var/run/openvswitch\nrm -rf /var/run/ovn\nrm -rf /etc/origin/openvswitch/\nrm -rf /etc/origin/ovn/\nrm -rf /etc/cni/net.d/00-kube-ovn.conflist\nrm -rf /etc/cni/net.d/01-kube-ovn.conflist\nrm -rf /var/log/openvswitch\nrm -rf /var/log/ovn\n
"},{"location":"ops/delete-worker-node/#kubectl","title":"\u4f7f\u7528\u200b kubectl \u200b\u5220\u9664\u200b\u8282\u70b9","text":"kubectl delete no kube-ovn-01\n
"},{"location":"ops/delete-worker-node/#ovn-sb","title":"\u68c0\u67e5\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u662f\u5426\u200b\u4ece\u200b ovn-sb \u200b\u4e2d\u200b\u5220\u9664","text":"\u200b\u4e0b\u9762\u200b\u7684\u200b\u793a\u4f8b\u200b\u4e3a\u200b kube-ovn-worker \u200b\u4f9d\u7136\u200b\u672a\u200b\u88ab\u200b\u5220\u9664\u200b\uff1a
# kubectl ko sbctl show\nChassis \"b0564934-5a0d-4804-a4c0-476c93596a17\"\n hostname: kube-ovn-worker\n Encap geneve\n ip: \"172.18.0.2\"\n options: {csum=\"true\"}\n Port_Binding kube-ovn-pinger-5rxfs.kube-system\nChassis \"6a29de7e-d731-4eaf-bacd-2f239ee52b28\"\n hostname: kube-ovn-control-plane\n Encap geneve\n ip: \"172.18.0.3\"\n options: {csum=\"true\"}\n Port_Binding coredns-64897985d-nbfln.kube-system\n Port_Binding node-kube-ovn-control-plane\n Port_Binding local-path-provisioner-5ddd94ff66-h4tn9.local-path-storage\n Port_Binding kube-ovn-pinger-hf2p6.kube-system\n Port_Binding coredns-64897985d-fhwlw.kube-system\n
"},{"location":"ops/delete-worker-node/#chassis","title":"\u82e5\u200b\u8282\u70b9\u200b\u5bf9\u5e94\u200b\u7684\u200b chassis \u200b\u4f9d\u7136\u200b\u5b58\u5728\u200b\uff0c\u200b\u624b\u52a8\u200b\u8fdb\u884c\u200b\u5220\u9664","text":"uuid \u200b\u4e3a\u200b\u4e4b\u524d\u200b\u547d\u4ee4\u200b\u6240\u200b\u67e5\u51fa\u200b\u7684\u200b Chassis \u200b\u5bf9\u5e94\u200b id\uff1a
# kubectl ko sbctl chassis-del b0564934-5a0d-4804-a4c0-476c93596a17\n# kubectl ko sbctl show\nChassis \"6a29de7e-d731-4eaf-bacd-2f239ee52b28\"\n hostname: kube-ovn-control-plane\n Encap geneve\n ip: \"172.18.0.3\"\n options: {csum=\"true\"}\n Port_Binding coredns-64897985d-nbfln.kube-system\n Port_Binding node-kube-ovn-control-plane\n Port_Binding local-path-provisioner-5ddd94ff66-h4tn9.local-path-storage\n Port_Binding kube-ovn-pinger-hf2p6.kube-system\n Port_Binding coredns-64897985d-fhwlw.kube-system\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/faq/","title":"\u5176\u4ed6\u200b\u5e38\u89c1\u95ee\u9898","text":""},{"location":"ops/faq/#arm","title":"\u9e92\u9e9f\u200b ARM \u200b\u7cfb\u7edf\u200b\u8de8\u200b\u4e3b\u673a\u200b\u5bb9\u5668\u200b\u8bbf\u95ee\u200b\u95f4\u6b47\u200b\u5931\u8d25","text":""},{"location":"ops/faq/#_2","title":"\u73b0\u8c61","text":"\u200b\u9e92\u9e9f\u200b ARM \u200b\u7cfb\u7edf\u200b\u548c\u200b\u90e8\u5206\u200b\u56fd\u4ea7\u5316\u200b\u7f51\u5361\u200b offload \u200b\u914d\u5408\u200b\u5b58\u5728\u200b\u95ee\u9898\u200b\uff0c\u200b\u4f1a\u200b\u5bfc\u81f4\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u95f4\u6b47\u200b\u6545\u969c\u200b\u3002
\u200b\u4f7f\u7528\u200b netstat \u200b\u786e\u8ba4\u200b\u95ee\u9898\u200b\uff1a
# netstat -us\nIcmpMsg:\n InType0: 22\n InType3: 24\n InType8: 117852\n OutType0: 117852\n OutType3: 29\n OutType8: 22\nUdp:\n 3040636 packets received\n 0 packets to unknown port received.\n 4 packet receive errors\n 602 packets sent\n 0 receive buffer errors\n 0 send buffer errors\n InCsumErrors: 4\nUdpLite:\nIpExt:\n InBcastPkts: 10244\n InOctets: 4446320361\n OutOctets: 1496815600\n InBcastOctets: 3095950\n InNoECTPkts: 7683903\n
\u200b\u82e5\u200b\u5b58\u5728\u200b InCsumErrors\uff0c\u200b\u4e14\u200b\u968f\u7740\u200b\u8bbf\u95ee\u200b\u5931\u8d25\u200b\u589e\u52a0\u200b\uff0c\u200b\u53ef\u200b\u786e\u8ba4\u200b\u662f\u200b\u8be5\u200b\u95ee\u9898\u200b\u3002
"},{"location":"ops/faq/#_3","title":"\u89e3\u51b3\u200b\u65b9\u6cd5","text":"\u200b\u6839\u672c\u200b\u89e3\u51b3\u200b\u9700\u8981\u200b\u548c\u200b\u9e92\u9e9f\u200b\u4ee5\u53ca\u200b\u5bf9\u5e94\u200b\u7f51\u5361\u200b\u5382\u5546\u200b\u6c9f\u901a\u200b\uff0c\u200b\u66f4\u65b0\u200b\u7cfb\u7edf\u200b\u548c\u200b\u9a71\u52a8\u200b\u3002\u200b\u4e34\u65f6\u200b\u89e3\u51b3\u200b\u53ef\u200b\u5148\u200b\u5173\u95ed\u200b\u7269\u7406\u200b \u200b\u7f51\u5361\u200b\u7684\u200b tx offload \u200b\u4f46\u662f\u200b\u4f1a\u200b\u5bfc\u81f4\u200b tcp \u200b\u6027\u80fd\u200b\u6709\u200b\u8f83\u200b\u660e\u663e\u200b\u4e0b\u964d\u200b\u3002
ethtool -K eth0 tx off\n
\u200b\u7ecf\u200b\u793e\u533a\u200b\u53cd\u9988\u200b\u4f7f\u7528\u200b 4.19.90-25.16.v2101 \u200b\u5185\u6838\u200b\u540e\u200b\u53ef\u4ee5\u200b\u89e3\u51b3\u200b\u8be5\u200b\u95ee\u9898\u200b\u3002
"},{"location":"ops/faq/#pod-service","title":"Pod \u200b\u8bbf\u95ee\u200b Service \u200b\u4e0d\u901a","text":""},{"location":"ops/faq/#_4","title":"\u73b0\u8c61","text":"Pod \u200b\u5185\u200b\u65e0\u6cd5\u8bbf\u95ee\u200b Service \u200b\u5bf9\u5e94\u200b\u7684\u200b\u670d\u52a1\u200b\uff0cdmesg \u200b\u663e\u793a\u200b\u5f02\u5e38\u200b\uff1a
netlink: Unknown conntrack attr (type=6, max=5)\nopenvswitch: netlink: Flow actions may not be safe on all matching packets.\n
\u200b\u8be5\u200b\u65e5\u5fd7\u200b\u8bf4\u660e\u200b\u5185\u6838\u200b\u5185\u200b OVS \u200b\u7248\u672c\u200b\u8fc7\u4f4e\u200b\u4e0d\u200b\u652f\u6301\u200b\u5bf9\u5e94\u200b NAT \u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"ops/faq/#_5","title":"\u89e3\u51b3\u200b\u65b9\u6cd5","text":" - \u200b\u5347\u7ea7\u200b\u5185\u6838\u6a21\u5757\u200b\u6216\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\u3002
- \u200b\u82e5\u200b\u53ea\u200b\u4f7f\u7528\u200b Overlay \u200b\u7f51\u7edc\u200b\u53ef\u4ee5\u200b\u66f4\u6539\u200b
kube-ovn-controller \u200b\u542f\u52a8\u200b\u53c2\u6570\u8bbe\u7f6e\u200b --enable-lb=false \u200b\u5173\u95ed\u200b OVN LB \u200b\u4f7f\u7528\u200b kube-proxy \u200b\u8fdb\u884c\u200b Service \u200b\u8f6c\u53d1\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/from-calico/","title":"\u5378\u8f7d\u200b Calico \u200b\u5b89\u88c5\u200b Kube-OVN","text":"\u200b\u82e5\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u5df2\u200b\u5b89\u88c5\u200b Calico \u200b\u9700\u8981\u200b\u53d8\u66f4\u200b\u4e3a\u200b Kube-OVN \u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b\u672c\u200b\u6587\u6863\u200b\u3002
\u200b\u672c\u6587\u200b\u4ee5\u200b Calico v3.24.1 \u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u5176\u5b83\u200b Calico \u200b\u7248\u672c\u200b\u9700\u8981\u200b\u6839\u636e\u200b\u5b9e\u9645\u200b\u60c5\u51b5\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\u3002
"},{"location":"ops/from-calico/#_1","title":"\u51c6\u5907\u200b\u5de5\u4f5c","text":"\u200b\u4e3a\u4e86\u200b\u4fdd\u8bc1\u200b\u5207\u6362\u200b CNI \u200b\u8fc7\u7a0b\u200b\u4e2d\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u4fdd\u6301\u200b\u7545\u901a\u200b\uff0cCalico ippool \u200b\u9700\u8981\u200b\u5f00\u542f\u200b nat outgoing\uff0c\u200b\u6216\u200b\u5728\u200b\u6240\u6709\u200b\u8282\u70b9\u200b\u4e0a\u200b\u5173\u95ed\u200b rp_filter\uff1a
sysctl net.ipv4.conf.all.rp_filter=0\nsysctl net.ipv4.conf.default.rp_filter=0\n# IPIP \u200b\u6a21\u5f0f\u200b\nsysctl net.ipv4.conf.tunl0.rp_filter=0\n# VXLAN \u200b\u6a21\u5f0f\u200b\nsysctl net.ipv4.conf.vxlan/calico.rp_filter=0\n# \u200b\u8def\u7531\u200b\u6a21\u5f0f\u200b\uff0ceth0 \u200b\u9700\u8981\u200b\u4fee\u6539\u200b\u4e3a\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\nsysctl net.ipv4.conf.eth0.rp_filter=0\n
"},{"location":"ops/from-calico/#kube-ovn","title":"\u90e8\u7f72\u200b Kube-OVN","text":""},{"location":"ops/from-calico/#_2","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c","text":"wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
"},{"location":"ops/from-calico/#_3","title":"\u4fee\u6539\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"\u200b\u5c06\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u4e2d\u200b\u91cd\u5efa\u200b Pod \u200b\u7684\u200b\u90e8\u5206\u200b\u5220\u9664\u200b\uff1a
echo \"[Step 4/6] Delete pod that not in host network mode\"\nfor ns in $(kubectl get ns --no-headers -o custom-columns=NAME:.metadata.name); do\n for pod in $(kubectl get pod --no-headers -n \"$ns\" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!=\"true\") print $1}'); do\n kubectl delete pod \"$pod\" -n \"$ns\" --ignore-not-found\n done\ndone\n
\u200b\u6309\u200b\u9700\u200b\u4fee\u6539\u200b\u4ee5\u4e0b\u200b\u914d\u7f6e\u200b\uff1a
REGISTRY=\"kubeovn\" # \u200b\u955c\u50cf\u200b\u4ed3\u5e93\u200b\u5730\u5740\u200b\nVERSION=\"v1.12.13\" # \u200b\u955c\u50cf\u200b\u7248\u672c\u200b/Tag\nPOD_CIDR=\"10.16.0.0/16\" # \u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/JOIN CIDR \u200b\u91cd\u53e0\u200b\nSVC_CIDR=\"10.96.0.0/12\" # \u200b\u9700\u8981\u200b\u548c\u200b apiserver \u200b\u7684\u200b service-cluster-ip-range \u200b\u4fdd\u6301\u4e00\u81f4\u200b\nJOIN_CIDR=\"100.64.0.0/16\" # Pod \u200b\u548c\u200b\u4e3b\u673a\u200b\u901a\u4fe1\u200b\u7f51\u7edc\u200b CIDR\uff0c\u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/POD CIDR \u200b\u91cd\u53e0\u200b \nLABEL=\"node-role.kubernetes.io/master\" # \u200b\u90e8\u7f72\u200b OVN DB \u200b\u8282\u70b9\u200b\u7684\u200b\u6807\u7b7e\u200b\nIFACE=\"\" # \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b\u7684\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u5982\u679c\u200b\u4e3a\u200b\u7a7a\u5219\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b Node IP \u200b\u6240\u5728\u200b\u7f51\u5361\u200b\nTUNNEL_TYPE=\"geneve\" # \u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\uff0c\u200b\u53ef\u200b\u9009\u200b geneve, vxlan \u200b\u6216\u200b stt\uff0cstt \u200b\u9700\u8981\u200b\u5355\u72ec\u200b\u7f16\u8bd1\u200b ovs \u200b\u5185\u6838\u6a21\u5757\u200b\n
\u200b\u6ce8\u610f\u200b\uff1aPOD_CIDR \u200b\u53ca\u200b JOIN_CIDR \u200b\u4e0d\u53ef\u200b\u4e0e\u200b Calico ippool \u200b\u7684\u200b CIDR \u200b\u51b2\u7a81\u200b\uff0c\u200b\u4e14\u200b POD_CIDR \u200b\u9700\u8981\u200b\u5305\u542b\u200b\u8db3\u591f\u200b\u591a\u200b\u7684\u200b IP \u200b\u6765\u200b\u5bb9\u7eb3\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u5df2\u6709\u200b\u7684\u200b Pod\u3002
"},{"location":"ops/from-calico/#_4","title":"\u6267\u884c\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"bash install.sh\n
"},{"location":"ops/from-calico/#_5","title":"\u9010\u4e2a\u200b\u8282\u70b9\u200b\u8fc1\u79fb","text":"\u200b\u6309\u7167\u200b\u4ee5\u4e0b\u200b\u65b9\u6cd5\u200b\u4e3a\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u9010\u4e2a\u200b\u8fdb\u884c\u200b\u8fc1\u79fb\u200b\u3002 \u200b\u6ce8\u610f\u200b\uff1a\u200b\u547d\u4ee4\u200b\u4e2d\u200b\u7684\u200b \\<NODE> \u200b\u9700\u8981\u200b\u66ff\u6362\u200b\u4e3a\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b\u3002
"},{"location":"ops/from-calico/#_6","title":"\u9a71\u9010\u200b\u8282\u70b9","text":"kubectl drain --ignore-daemonsets <NODE>\n
\u200b\u82e5\u6b64\u200b\u547d\u4ee4\u200b\u4e00\u76f4\u200b\u7b49\u5f85\u200b Pod \u200b\u88ab\u200b\u9a71\u9010\u200b\uff0c\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\u5f3a\u5236\u200b\u5220\u9664\u200b\u88ab\u200b\u9a71\u9010\u200b\u7684\u200b Pod\uff1a
kubectl get pod -A --field-selector=spec.nodeName=<NODE> --no-headers | \\\n awk '$4==\"Terminating\" {print $1\" \"$2}' | \\\n while read s; do kubectl delete pod --force -n $s; done\n
"},{"location":"ops/from-calico/#_7","title":"\u91cd\u542f\u200b\u8282\u70b9","text":"\u200b\u5728\u200b\u8282\u70b9\u200b\u4e2d\u200b\u6267\u884c\u200b\uff1a
shutdown -r 0\n
"},{"location":"ops/from-calico/#_8","title":"\u6062\u590d\u200b\u8282\u70b9","text":"kubectl uncordon <NODE>\n
"},{"location":"ops/from-calico/#calico","title":"\u5378\u8f7d\u200b Calico","text":""},{"location":"ops/from-calico/#k8s","title":"\u5220\u9664\u200b k8s \u200b\u8d44\u6e90","text":"kubectl -n kube-system delete deploy calico-kube-controllers\nkubectl -n kube-system delete ds calico-node\nkubectl -n kube-system delete cm calico-config\n# \u200b\u5220\u9664\u200b CRD \u200b\u53ca\u200b\u76f8\u5173\u200b\u8d44\u6e90\u200b\nkubectl get crd -o jsonpath='{range .items[*]}{.metadata.name}{\"\\n\"}{end}' | while read crd; do\n if ! echo $crd | grep '.crd.projectcalico.org$' >/dev/null; then\n continue\n fi\n\n for name in $(kubectl get $crd -o jsonpath='{.items[*].metadata.name}'); do\n kubectl delete $crd $name\n done\n kubectl delete crd $crd\ndone\n# \u200b\u5176\u5b83\u200b\u8d44\u6e90\u200b\nkubectl delete --ignore-not-found clusterrolebinding calico-node calico-kube-controllers\nkubectl delete --ignore-not-found clusterrole calico-node calico-kube-controllers\nkubectl delete --ignore-not-found sa -n kube-system calico-kube-controllers calico-node\nkubectl delete --ignore-not-found pdb -n kube-system calico-kube-controllers\n
"},{"location":"ops/from-calico/#_9","title":"\u6e05\u7406\u200b\u8282\u70b9\u200b\u6587\u4ef6","text":"\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e2d\u200b\u6267\u884c\u200b\uff1a
rm -f /etc/cni/net.d/10-calico.conflist /etc/cni/net.d/calico-kubeconfig\nrm -f /opt/cni/bin/calico /opt/cni/bin/calico-ipam\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/kubectl-ko/","title":"kubectl \u200b\u63d2\u4ef6\u200b\u4f7f\u7528","text":"\u200b\u4e3a\u4e86\u200b\u65b9\u4fbf\u200b\u65e5\u5e38\u200b\u7684\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\uff0cKube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b kubectl \u200b\u63d2\u4ef6\u200b\u5de5\u5177\u200b\uff0c\u200b\u7f51\u7edc\u7ba1\u7406\u5458\u200b \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u8be5\u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u65e5\u5e38\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u4f8b\u5982\u200b\uff1a\u200b\u67e5\u770b\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u4fe1\u606f\u200b\u548c\u200b\u72b6\u6001\u200b\uff0cOVN \u200b\u6570\u636e\u5e93\u200b \u200b\u5907\u4efd\u200b\u548c\u200b\u6062\u590d\u200b\uff0cOVS \u200b\u76f8\u5173\u200b\u4fe1\u606f\u200b\u67e5\u770b\u200b\uff0ctcpdump \u200b\u7279\u5b9a\u200b\u5bb9\u5668\u200b\uff0c\u200b\u7279\u5b9a\u200b\u94fe\u8def\u200b\u903b\u8f91\u200b\u62d3\u6251\u200b\u5c55\u793a\u200b\uff0c \u200b\u7f51\u7edc\u200b\u95ee\u9898\u200b\u8bca\u65ad\u200b\u548c\u200b\u6027\u80fd\u200b\u4f18\u5316\u200b\u3002
"},{"location":"ops/kubectl-ko/#_1","title":"\u63d2\u4ef6\u200b\u5b89\u88c5","text":"Kube-OVN \u200b\u5b89\u88c5\u200b\u65f6\u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u90e8\u7f72\u200b\u63d2\u4ef6\u200b\u5230\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\uff0c\u200b\u82e5\u200b\u6267\u884c\u200b kubectl \u200b\u7684\u200b\u673a\u5668\u200b\u4e0d\u200b\u5728\u200b\u96c6\u7fa4\u200b\u5185\u200b\uff0c \u200b\u6216\u200b\u9700\u8981\u200b\u91cd\u88c5\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u53ef\u200b\u53c2\u8003\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\uff1a
\u200b\u4e0b\u8f7d\u200b kubectl-ko \u200b\u6587\u4ef6\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/kubectl-ko\n
\u200b\u5c06\u200b\u8be5\u200b\u6587\u4ef6\u200b\u79fb\u52a8\u200b\u81f3\u200b $PATH \u200b\u76ee\u5f55\u200b\u4e0b\u200b\uff1a
mv kubectl-ko /usr/local/bin/kubectl-ko\n
\u200b\u589e\u52a0\u200b\u53ef\u200b\u6267\u884c\u200b\u6743\u9650\u200b\uff1a
chmod +x /usr/local/bin/kubectl-ko\n
\u200b\u68c0\u67e5\u200b\u63d2\u4ef6\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u6b63\u5e38\u200b\u4f7f\u7528\u200b\uff1a
# kubectl plugin list\nThe following compatible plugins are available:\n\n/usr/local/bin/kubectl-ko\n
"},{"location":"ops/kubectl-ko/#_2","title":"\u63d2\u4ef6\u200b\u4f7f\u7528","text":"\u200b\u8fd0\u884c\u200b kubectl ko \u200b\u4f1a\u200b\u5c55\u793a\u200b\u8be5\u200b\u63d2\u4ef6\u200b\u6240\u6709\u200b\u53ef\u7528\u200b\u7684\u200b\u547d\u4ee4\u200b\u548c\u200b\u7528\u6cd5\u200b\u63cf\u8ff0\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
# kubectl ko\nkubectl ko {subcommand} [option...]\nAvailable Subcommands:\n [nb|sb] [status|kick|backup|dbstatus|restore] ovn-db operations show cluster status, kick stale server, backup database, get db consistency status or restore ovn nb db when met 'inconsistent data' error\n nbctl [ovn-nbctl options ...] invoke ovn-nbctl\n sbctl [ovn-sbctl options ...] invoke ovn-sbctl\n vsctl {nodeName} [ovs-vsctl options ...] invoke ovs-vsctl on the specified node\n ofctl {nodeName} [ovs-ofctl options ...] invoke ovs-ofctl on the specified node\n dpctl {nodeName} [ovs-dpctl options ...] invoke ovs-dpctl on the specified node\n appctl {nodeName} [ovs-appctl options ...] invoke ovs-appctl on the specified node\n tcpdump {namespace/podname} [tcpdump options ...] capture pod traffic\n {trace|ovn-trace} ... trace ovn microflow of specific packet\"\n {trace|ovn-trace} {namespace/podname} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port] trace ICMP/TCP/UDP\n {trace|ovn-trace} {namespace/podname} {target ip address} [target mac address] arp {request|reply} trace ARP request/reply\n {trace|ovn-trace} {node//nodename} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port] trace ICMP/TCP/UDP\n {trace|ovn-trace} {node//nodename} {target ip address} [target mac address] arp {request|reply} trace ARP request/reply\n echo \" diagnose {all|node|subnet|IPPorts} [nodename|subnetName|{proto1}-{IP1}-{Port1},{proto2}-{IP2}-{Port2}] diagnose connectivity of all nodes or a specific node or specify subnet's ds pod or IPPorts like 'tcp-172.18.0.2-53,udp-172.18.0.3-53'\"\n tuning {install-fastpath|local-install-fastpath|remove-fastpath|install-stt|local-install-stt|remove-stt} {centos7|centos8}} [kernel-devel-version] deploy kernel optimisation components to the system\n reload restart all kube-ovn components\n log {kube-ovn|ovn|ovs|linux|all} save log to ./kubectl-ko-log/\n perf [image] performance test default image is kubeovn/test:v1.12.0 \n
\u200b\u4e0b\u9762\u200b\u5c06\u200b\u4ecb\u7ecd\u200b\u6bcf\u4e2a\u200b\u547d\u4ee4\u200b\u7684\u200b\u5177\u4f53\u200b\u529f\u80fd\u200b\u548c\u200b\u4f7f\u7528\u200b\u3002
"},{"location":"ops/kubectl-ko/#nb-sb-status-kick-backup-dbstatus-restore","title":"[nb | sb] [status | kick | backup | dbstatus | restore]","text":"\u200b\u8be5\u5b50\u200b\u547d\u4ee4\u200b\u4e3b\u8981\u200b\u5bf9\u200b OVN \u200b\u5317\u5411\u200b\u6216\u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5305\u62ec\u200b\u6570\u636e\u5e93\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u67e5\u770b\u200b\uff0c\u200b\u6570\u636e\u5e93\u200b\u8282\u70b9\u200b\u4e0b\u7ebf\u200b\uff0c \u200b\u6570\u636e\u5e93\u200b\u5907\u4efd\u200b\uff0c\u200b\u6570\u636e\u5e93\u200b\u5b58\u50a8\u72b6\u6001\u200b\u67e5\u770b\u200b\u548c\u200b\u6570\u636e\u5e93\u200b\u4fee\u590d\u200b\u3002
"},{"location":"ops/kubectl-ko/#_3","title":"\u6570\u636e\u5e93\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u67e5\u770b","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u5728\u200b\u5bf9\u5e94\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u7684\u200b leader \u200b\u8282\u70b9\u200b\u6267\u884c\u200b ovs-appctl cluster/status \u200b\u5c55\u793a\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b:
# kubectl ko nb status\n306b\nName: OVN_Northbound\nCluster ID: 9a87 (9a872522-3e7d-47ca-83a3-d74333e1a7ca)\nServer ID: 306b (306b256b-b5e1-4eb0-be91-4ca96adf6bad)\nAddress: tcp:[172.18.0.2]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 280309 ms ago, reason: timeout\nLast Election won: 280309 ms ago\nElection timer: 5000\nLog: [139, 139]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-8723 ->8723 <-85d6 ->85d6\nDisconnections: 0\nServers:\n 85d6 (85d6 at tcp:[172.18.0.4]:6643) next_index=139 match_index=138 last msg 763 ms ago\n 8723 (8723 at tcp:[172.18.0.3]:6643) next_index=139 match_index=138 last msg 763 ms ago\n 306b (306b at tcp:[172.18.0.2]:6643) (self) next_index=2 match_index=138\nstatus: ok\n
\u200b\u82e5\u200b Server \u200b\u4e0b\u200b\u7684\u200b match_index \u200b\u51fa\u73b0\u200b\u8f83\u5927\u200b\u5dee\u522b\u200b\uff0c\u200b\u4e14\u200b last msg \u200b\u65f6\u95f4\u200b\u8f83\u957f\u200b\u5219\u200b\u5bf9\u5e94\u200b Server \u200b\u53ef\u80fd\u200b\u957f\u65f6\u95f4\u200b\u6ca1\u6709\u54cd\u5e94\u200b\uff0c \u200b\u9700\u8981\u200b\u8fdb\u4e00\u6b65\u200b\u67e5\u770b\u200b\u3002
"},{"location":"ops/kubectl-ko/#_4","title":"\u6570\u636e\u5e93\u200b\u8282\u70b9\u200b\u4e0b\u7ebf","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u5c06\u200b\u67d0\u4e2a\u200b\u8282\u70b9\u200b\u4ece\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u4e2d\u200b\u79fb\u9664\u200b\uff0c\u200b\u5728\u200b\u8282\u70b9\u200b\u4e0b\u7ebf\u200b\u6216\u200b\u66f4\u6362\u200b\u8282\u70b9\u200b\u65f6\u200b\u9700\u8981\u200b\u7528\u5230\u200b\u3002 \u200b\u4e0b\u9762\u200b\u5c06\u200b\u4ee5\u4e0a\u200b\u4e00\u6761\u200b\u547d\u4ee4\u200b\u6240\u200b\u67e5\u770b\u200b\u5230\u200b\u7684\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u4e0b\u7ebf\u200b 172.18.0.3 \u200b\u8282\u70b9\u200b:
# kubectl ko nb kick 8723\nstarted removal\n
\u200b\u518d\u6b21\u200b\u67e5\u770b\u200b\u6570\u636e\u5e93\u200b\u96c6\u7fa4\u200b\u72b6\u6001\u200b\u786e\u8ba4\u200b\u8282\u70b9\u200b\u5df2\u200b\u79fb\u9664\u200b\uff1a
# kubectl ko nb status\n306b\nName: OVN_Northbound\nCluster ID: 9a87 (9a872522-3e7d-47ca-83a3-d74333e1a7ca)\nServer ID: 306b (306b256b-b5e1-4eb0-be91-4ca96adf6bad)\nAddress: tcp:[172.18.0.2]:6643\nStatus: cluster member\nRole: leader\nTerm: 1\nLeader: self\nVote: self\n\nLast Election started 324356 ms ago, reason: timeout\nLast Election won: 324356 ms ago\nElection timer: 5000\nLog: [140, 140]\nEntries not yet committed: 0\nEntries not yet applied: 0\nConnections: <-85d6 ->85d6\nDisconnections: 2\nServers:\n 85d6 (85d6 at tcp:[172.18.0.4]:6643) next_index=140 match_index=139 last msg 848 ms ago\n 306b (306b at tcp:[172.18.0.2]:6643) (self) next_index=2 match_index=139\nstatus: ok\n
"},{"location":"ops/kubectl-ko/#_5","title":"\u6570\u636e\u5e93\u200b\u5907\u4efd","text":"\u200b\u8be5\u5b50\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u5907\u4efd\u200b\u5f53\u524d\u200b OVN \u200b\u6570\u636e\u5e93\u200b\u81f3\u200b\u672c\u5730\u200b\uff0c\u200b\u53ef\u200b\u7528\u4e8e\u200b\u707e\u5907\u200b\u548c\u200b\u6062\u590d\u200b\uff1a
# kubectl ko nb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnnb_db.060223191654183154.backup\n
"},{"location":"ops/kubectl-ko/#_6","title":"\u6570\u636e\u5e93\u200b\u5b58\u50a8\u72b6\u6001\u200b\u67e5\u770b","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u7528\u6765\u200b\u67e5\u770b\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u662f\u5426\u200b\u5b58\u5728\u200b\u635f\u574f\u200b\uff1a
# kubectl ko nb dbstatus\nstatus: ok\n
\u200b\u82e5\u200b\u5f02\u5e38\u200b\u5219\u200b\u663e\u793a\u200b inconsistent data \u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u4fee\u590d\u200b\u3002
"},{"location":"ops/kubectl-ko/#_7","title":"\u6570\u636e\u5e93\u200b\u4fee\u590d","text":"\u200b\u82e5\u200b\u6570\u636e\u5e93\u200b\u72b6\u6001\u200b\u8fdb\u5165\u200b inconsistent data \u200b\u53ef\u200b\u4f7f\u7528\u200b\u8be5\u200b\u547d\u4ee4\u200b\u8fdb\u884c\u200b\u4fee\u590d\u200b\uff1a
# kubectl ko nb restore\ndeployment.apps/ovn-central scaled\novn-central original replicas is 3\nfirst nodeIP is 172.18.0.5\novs-ovn pod on node 172.18.0.5 is ovs-ovn-8jxv9\novs-ovn pod on node 172.18.0.3 is ovs-ovn-sjzb6\novs-ovn pod on node 172.18.0.4 is ovs-ovn-t87zk\nbackup nb db file\nrestore nb db file, operate in pod ovs-ovn-8jxv9\ndeployment.apps/ovn-central scaled\nfinish restore nb db file and ovn-central replicas\nrecreate ovs-ovn pods\npod \"ovs-ovn-8jxv9\" deleted\npod \"ovs-ovn-sjzb6\" deleted\npod \"ovs-ovn-t87zk\" deleted\n
"},{"location":"ops/kubectl-ko/#nbctl-sbctl-options","title":"[nbctl | sbctl] [options ...]","text":"\u200b\u8be5\u5b50\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u76f4\u63a5\u200b\u8fdb\u5165\u200b OVN \u200b\u5317\u5411\u200b\u6570\u636e\u5e93\u200b\u6216\u200b\u5357\u5411\u200b\u6570\u636e\u5e93\u200b \u200b\u7684\u200b leader \u200b\u8282\u70b9\u200b\u5206\u522b\u200b\u6267\u884c\u200b ovn-nbctl \u200b\u548c\u200b ovn-sbctl \u200b\u547d\u4ee4\u200b\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVN \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovn-nbctl(8) \u200b\u548c\u200b ovn-sbctl(8)\u3002
# kubectl ko nbctl show\nswitch c7cd17e8-ceee-4a91-9bb3-e5a313fe1ece (snat)\n port snat-ovn-cluster\n type: router\n router-port: ovn-cluster-snat\nswitch 20e0c6d0-023a-4756-aec5-200e0c60f95d (join)\n port node-liumengxin-ovn3-192.168.137.178\n addresses: [\"00:00:00:64:FF:A8 100.64.0.4\"]\n port node-liumengxin-ovn1-192.168.137.176\n addresses: [\"00:00:00:AF:98:62 100.64.0.2\"]\n port node-liumengxin-ovn2-192.168.137.177\n addresses: [\"00:00:00:D9:58:B8 100.64.0.3\"]\n port join-ovn-cluster\n type: router\n router-port: ovn-cluster-join\nswitch 0191705c-f827-427b-9de3-3c3b7d971ba5 (central)\n port central-ovn-cluster\n type: router\n router-port: ovn-cluster-central\nswitch 2a45ff05-388d-4f85-9daf-e6fccd5833dc (ovn-default)\n port alertmanager-main-0.monitoring\n addresses: [\"00:00:00:6C:DF:A3 10.16.0.19\"]\n port kube-state-metrics-5d6885d89-4nf8h.monitoring\n addresses: [\"00:00:00:6F:02:1C 10.16.0.15\"]\n port fake-kubelet-67c55dfd89-pv86k.kube-system\n addresses: [\"00:00:00:5C:12:E8 10.16.19.177\"]\n port ovn-default-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-default\nrouter 212f73dd-d63d-4d72-864b-a537e9afbee1 (ovn-cluster)\n port ovn-cluster-snat\n mac: \"00:00:00:7A:82:8F\"\n networks: [\"172.22.0.1/16\"]\n port ovn-cluster-join\n mac: \"00:00:00:F8:18:5A\"\n networks: [\"100.64.0.1/16\"]\n port ovn-cluster-central\n mac: \"00:00:00:4D:8C:F5\"\n networks: [\"192.101.0.1/16\"]\n port ovn-cluster-ovn-default\n mac: \"00:00:00:A3:F8:18\"\n networks: [\"10.16.0.1/16\"]\n
"},{"location":"ops/kubectl-ko/#vsctl-nodename-options","title":"vsctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-vsctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u8be2\u200b\u5e76\u200b\u914d\u7f6e\u200b vswitchd\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-vsctl(8)\u3002
# kubectl ko vsctl kube-ovn-01 show\n0d4c4675-c9cc-440a-8c1a-878e17f81b88\n Bridge br-int\n fail_mode: secure\n datapath_type: system\n Port a2c1a8a8b83a_h\n Interface a2c1a8a8b83a_h\n Port \"4fa5c4cbb1a5_h\"\n Interface \"4fa5c4cbb1a5_h\"\n Port ovn-eef07d-0\n Interface ovn-eef07d-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.178\"}\n Port ovn0\n Interface ovn0\n type: internal\n Port mirror0\n Interface mirror0\n type: internal\n Port ovn-efa253-0\n Interface ovn-efa253-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.177\"}\n Port br-int\n Interface br-int\n type: internal\n ovs_version: \"2.17.2\"\n
"},{"location":"ops/kubectl-ko/#ofctl-nodename-options","title":"ofctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-ofctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u8be2\u200b\u6216\u200b\u7ba1\u7406\u200b OpenFlow\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-ofctl(8)\u3002
# kubectl ko ofctl kube-ovn-01 dump-flows br-int\nNXST_FLOW reply (xid=0x4): flags=[more]\n cookie=0xcf3429e6, duration=671791.432s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=100,in_port=2 actions=load:0x4->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x1->NXM_NX_REG14[],resubmit(,8)\n cookie=0xc91413c6, duration=671791.431s, table=0, n_packets=907489, n_bytes=99978275, idle_age=0, hard_age=65534, priority=100,in_port=7 actions=load:0x1->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x4->NXM_NX_REG14[],resubmit(,8)\n cookie=0xf180459, duration=671791.431s, table=0, n_packets=17348582, n_bytes=2667811214, idle_age=0, hard_age=65534, priority=100,in_port=6317 actions=load:0xa->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x9->NXM_NX_REG14[],resubmit(,8)\n cookie=0x7806dd90, duration=671791.431s, table=0, n_packets=3235428, n_bytes=833821312, idle_age=0, hard_age=65534, priority=100,in_port=1 actions=load:0xd->NXM_NX_REG13[],load:0x9->NXM_NX_REG11[],load:0xb->NXM_NX_REG12[],load:0x4->OXM_OF_METADATA[],load:0x3->NXM_NX_REG14[],resubmit(,8)\n...\n
"},{"location":"ops/kubectl-ko/#dpctl-nodename-options","title":"dpctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-dpctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u67e5\u8be2\u200b\u6216\u200b\u7ba1\u7406\u200b OVS datapath\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-dpctl(8)\u3002
# kubectl ko dpctl kube-ovn-01 show\nsystem@ovs-system:\n lookups: hit:350805055 missed:21983648 lost:73\n flows: 105\n masks: hit:1970748791 total:22 hit/pkt:5.29\n port 0: ovs-system (internal)\n port 1: ovn0 (internal)\n port 2: mirror0 (internal)\n port 3: br-int (internal)\n port 4: stt_sys_7471 (stt: packet_type=ptap)\n port 5: eeb4d9e51b5d_h\n port 6: a2c1a8a8b83a_h\n port 7: 4fa5c4cbb1a5_h\n
"},{"location":"ops/kubectl-ko/#appctl-nodename-options","title":"appctl {nodeName} [options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b\u5bf9\u5e94\u200b nodeName \u200b\u4e0a\u200b\u7684\u200b ovs-ovn \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u7684\u200b ovs-appctl \u200b\u547d\u4ee4\u200b\uff0c\u200b\u6765\u200b\u64cd\u4f5c\u200b\u76f8\u5173\u200b daemon \u200b\u8fdb\u7a0b\u200b\u3002 \u200b\u66f4\u591a\u8be5\u200b\u547d\u4ee4\u200b\u7684\u200b\u8be6\u7ec6\u200b\u7528\u6cd5\u200b\u8bf7\u200b\u67e5\u8be2\u200b\u4e0a\u6e38\u200b OVS \u200b\u7684\u200b\u5b98\u65b9\u200b\u6587\u6863\u200b ovs-appctl(8)\u3002
# kubectl ko appctl kube-ovn-01 vlog/list\n console syslog file\n ------- ------ ------\nbacktrace OFF ERR INFO\nbfd OFF ERR INFO\nbond OFF ERR INFO\nbridge OFF ERR INFO\nbundle OFF ERR INFO\nbundles OFF ERR INFO\n...\n
"},{"location":"ops/kubectl-ko/#tcpdump-namespacepodname-tcpdump-options","title":"tcpdump {namespace/podname} [tcpdump options ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u8fdb\u5165\u200b namespace/podname \u200b\u6240\u5728\u200b\u673a\u5668\u200b\u7684\u200b kube-ovn-cni \u200b\u5bb9\u5668\u200b\uff0c\u200b\u5e76\u200b\u6267\u884c\u200b tcpdump \u200b\u6293\u53d6\u200b\u5bf9\u5e94\u200b\u5bb9\u5668\u200b veth \u200b\u7f51\u5361\u200b \u200b\u7aef\u7684\u200b\u6d41\u91cf\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u65b9\u4fbf\u200b\u6392\u67e5\u200b\u7f51\u7edc\u200b\u76f8\u5173\u200b\u95ee\u9898\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
# kubectl ko tcpdump default/ds1-l6n7p icmp\n+ kubectl exec -it kube-ovn-cni-wlg4s -n kube-ovn -- tcpdump -nn -i d7176fe7b4e0_h icmp\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\nlistening on d7176fe7b4e0_h, link-type EN10MB (Ethernet), capture size 262144 bytes\n06:52:36.619688 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 1, length 64\n06:52:36.619746 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 1, length 64\n06:52:37.619588 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 2, length 64\n06:52:37.619630 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 2, length 64\n06:52:38.619933 IP 100.64.0.3 > 10.16.0.4: ICMP echo request, id 2, seq 3, length 64\n06:52:38.619973 IP 10.16.0.4 > 100.64.0.3: ICMP echo reply, id 2, seq 3, length 64\n
"},{"location":"ops/kubectl-ko/#trace-arguments","title":"trace [arguments ...]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u5c06\u4f1a\u200b\u6253\u5370\u200b Pod \u200b\u6216\u200b\u8282\u70b9\u200b\u901a\u8fc7\u200b\u7279\u5b9a\u200b\u534f\u8bae\u200b\u8bbf\u95ee\u200b\u67d0\u200b\u5730\u5740\u200b\u65f6\u200b\u5bf9\u5e94\u200b\u7684\u200b OVN \u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\u548c\u200b\u6700\u7ec8\u200b\u7684\u200b Openflow \u200b\u6d41\u8868\u200b\uff0c \u200b\u65b9\u4fbf\u200b\u5f00\u53d1\u200b\u6216\u200b\u8fd0\u7ef4\u65f6\u200b\u5b9a\u4f4d\u200b\u6d41\u8868\u200b\u76f8\u5173\u200b\u95ee\u9898\u200b\u3002
\u200b\u652f\u6301\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
kubectl ko trace {namespace/podname} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]\nkubectl ko trace {namespace/podname} {target ip address} [target mac address] arp {request|reply}\nkubectl ko trace {node//nodename} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]\nkubectl ko trace {node//nodename} {target ip address} [target mac address] arp {request|reply}\n
\u200b\u793a\u4f8b\u200b\uff1a
# kubectl ko trace default/ds1-l6n7p 8.8.8.8 icmp\n+ kubectl exec ovn-central-5bc494cb5-np9hm -n kube-ovn -- ovn-trace --ct=new ovn-default 'inport == \"ds1-l6n7p.default\" && ip.ttl == 64 && icmp && eth.src == 0a:00:00:10:00:05 && ip4.src == 10.16.0.4 && eth.dst == 00:00:00:B8:CA:43 && ip4.dst == 8.8.8.8'\n# icmp,reg14=0xf,vlan_tci=0x0000,dl_src=0a:00:00:10:00:05,dl_dst=00:00:00:b8:ca:43,nw_src=10.16.0.4,nw_dst=8.8.8.8,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=0,icmp_code=0\n\ningress(dp=\"ovn-default\", inport=\"ds1-l6n7p.default\")\n-----------------------------------------------------\n 0. ls_in_port_sec_l2 (ovn-northd.c:4143): inport == \"ds1-l6n7p.default\" && eth.src == {0a:00:00:10:00:05}, priority 50, uuid 39453393\n next;\n 1. ls_in_port_sec_ip (ovn-northd.c:2898): inport == \"ds1-l6n7p.default\" && eth.src == 0a:00:00:10:00:05 && ip4.src == {10.16.0.4}, priority 90, uuid 81bcd485\n next;\n 3. ls_in_pre_acl (ovn-northd.c:3269): ip, priority 100, uuid 7b4f4971\n reg0[0] = 1;\n next;\n 5. ls_in_pre_stateful (ovn-northd.c:3396): reg0[0] == 1, priority 100, uuid 36cdd577\n ct_next;\n\nct_next(ct_state=new|trk)\n-------------------------\n 6. ls_in_acl (ovn-northd.c:3759): ip && (!ct.est || (ct.est && ct_label.blocked == 1)), priority 1, uuid 7608af5b\n reg0[1] = 1;\n next;\n10. ls_in_stateful (ovn-northd.c:3995): reg0[1] == 1, priority 100, uuid 2aba1b90\n ct_commit(ct_label=0/0x1);\n next;\n16. ls_in_l2_lkup (ovn-northd.c:4470): eth.dst == 00:00:00:b8:ca:43, priority 50, uuid 5c9c3c9f\n outport = \"ovn-default-ovn-cluster\";\n output;\n\n...\n
\u200b\u82e5\u200b trace \u200b\u5bf9\u8c61\u200b\u4e3a\u200b\u8fd0\u884c\u200b\u4e8e\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e0b\u200b\u7684\u200b\u865a\u62df\u673a\u200b\uff0c\u200b\u9700\u8981\u200b\u6dfb\u52a0\u200b\u989d\u5916\u200b\u53c2\u6570\u200b\u6765\u200b\u6307\u5b9a\u200b\u76ee\u7684\u200b Mac \u200b\u5730\u5740\u200b\uff1a
kubectl ko trace default/virt-handler-7lvml 8.8.8.8 82:7c:9f:83:8c:01 icmp\n
"},{"location":"ops/kubectl-ko/#diagnose-allnodesubnetipports-nodenamesubnetnameproto1-ip1-port1proto2-ip2-port2","title":"diagnose {all|node|subnet|IPPorts} [nodename|subnetName|{proto1}-{IP1}-{Port1},{proto2}-{IP2}-{Port2}]","text":"\u200b\u8bca\u65ad\u200b\u96c6\u7fa4\u200b\u7f51\u7edc\u200b\u7ec4\u4ef6\u200b\u72b6\u6001\u200b\uff0c\u200b\u5e76\u200b\u53bb\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u7684\u200b kube-ovn-pinger \u200b\u68c0\u6d4b\u200b\u5f53\u524d\u200b\u8282\u70b9\u200b\u5230\u200b\u5176\u4ed6\u200b\u8282\u70b9\u200b\u548c\u200b\u5173\u952e\u200b\u670d\u52a1\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u548c\u200b\u7f51\u7edc\u200b\u5ef6\u8fdf\u200b\uff1a
# kubectl ko diagnose all\nswitch c7cd17e8-ceee-4a91-9bb3-e5a313fe1ece (snat)\n port snat-ovn-cluster\n type: router\n router-port: ovn-cluster-snat\nswitch 20e0c6d0-023a-4756-aec5-200e0c60f95d (join)\n port node-liumengxin-ovn3-192.168.137.178\n addresses: [\"00:00:00:64:FF:A8 100.64.0.4\"]\n port node-liumengxin-ovn1-192.168.137.176\n addresses: [\"00:00:00:AF:98:62 100.64.0.2\"]\n port join-ovn-cluster\n type: router\n router-port: ovn-cluster-join\nswitch 0191705c-f827-427b-9de3-3c3b7d971ba5 (central)\n port central-ovn-cluster\n type: router\n router-port: ovn-cluster-central\nswitch 2a45ff05-388d-4f85-9daf-e6fccd5833dc (ovn-default)\n port ovn-default-ovn-cluster\n type: router\n router-port: ovn-cluster-ovn-default\n port prometheus-k8s-1.monitoring\n addresses: [\"00:00:00:AA:37:DF 10.16.0.23\"]\nrouter 212f73dd-d63d-4d72-864b-a537e9afbee1 (ovn-cluster)\n port ovn-cluster-snat\n mac: \"00:00:00:7A:82:8F\"\n networks: [\"172.22.0.1/16\"]\n port ovn-cluster-join\n mac: \"00:00:00:F8:18:5A\"\n networks: [\"100.64.0.1/16\"]\n port ovn-cluster-central\n mac: \"00:00:00:4D:8C:F5\"\n networks: [\"192.101.0.1/16\"]\n port ovn-cluster-ovn-default\n mac: \"00:00:00:A3:F8:18\"\n networks: [\"10.16.0.1/16\"]\nRouting Policies\n 31000 ip4.dst == 10.16.0.0/16 allow\n 31000 ip4.dst == 100.64.0.0/16 allow\n 30000 ip4.dst == 192.168.137.177 reroute 100.64.0.3\n 30000 ip4.dst == 192.168.137.178 reroute 100.64.0.4\n 29000 ip4.src == $ovn.default.fake.6_ip4 reroute 100.64.0.22\n 29000 ip4.src == $ovn.default.fake.7_ip4 reroute 100.64.0.21\n 29000 ip4.src == $ovn.default.fake.8_ip4 reroute 100.64.0.23\n 29000 ip4.src == $ovn.default.liumengxin.ovn3.192.168.137.178_ip4 reroute 100.64.0.4\n 20000 ip4.src == $ovn.default.liumengxin.ovn1.192.168.137.176_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.2\n 20000 ip4.src == $ovn.default.liumengxin.ovn2.192.168.137.177_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.3\n 20000 ip4.src == $ovn.default.liumengxin.ovn3.192.168.137.178_ip4 && ip4.dst != $ovn.cluster.overlay.subnets.IPv4 reroute 100.64.0.4\nIPv4 Routes\nRoute Table <main>:\n 0.0.0.0/0 100.64.0.1 dst-ip\nUUID LB PROTO VIP IPs\ne9bcfd9d-793e-4431-9073-6dec96b75d71 cluster-tcp-load tcp 10.100.209.132:10660 192.168.137.176:10660\n tcp 10.101.239.192:6641 192.168.137.177:6641\n tcp 10.101.240.101:3000 10.16.0.7:3000\n tcp 10.103.184.186:6642 192.168.137.177:6642\n35d2b7a5-e3a7-485a-a4b7-b4970eb0e63b cluster-tcp-sess tcp 10.100.158.128:8080 10.16.0.10:8080,10.16.0.5:8080,10.16.63.30:8080\n tcp 10.107.26.215:8080 10.16.0.19:8080,10.16.0.20:8080,10.16.0.21:8080\n tcp 10.107.26.215:9093 10.16.0.19:9093,10.16.0.20:9093,10.16.0.21:9093\n tcp 10.98.187.99:8080 10.16.0.22:8080,10.16.0.23:8080\n tcp 10.98.187.99:9090 10.16.0.22:9090,10.16.0.23:9090\nf43303e4-89aa-4d3e-a3dc-278a552fe27b cluster-udp-load udp 10.96.0.10:53 10.16.0.4:53,10.16.0.9:53\n_uuid : 06776304-5a96-43ed-90c4-c4854c251699\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn2_192.168.137.177_underlay_v6\n\n_uuid : 62690625-87d5-491c-8675-9fd83b1f433c\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn1_192.168.137.176_underlay_v6\n\n_uuid : b03a9bae-94d5-4562-b34c-b5f6198e180b\naddresses : [\"10.16.0.0/16\", \"100.64.0.0/16\", \"172.22.0.0/16\", \"192.101.0.0/16\"]\nexternal_ids : {vendor=kube-ovn}\nname : ovn.cluster.overlay.subnets.IPv4\n\n_uuid : e1056f3a-24cc-4666-8a91-75ee6c3c2426\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : ovn.cluster.overlay.subnets.IPv6\n\n_uuid : 3e5d5fff-e670-47b2-a2f5-a39f4698a8c5\naddresses : []\nexternal_ids : {vendor=kube-ovn}\nname : node_liumengxin_ovn3_192.168.137.178_underlay_v6\n_uuid : 2d85dbdc-d0db-4abe-b19e-cc806d32b492\naction : drop\ndirection : from-lport\nexternal_ids : {}\nlabel : 0\nlog : false\nmatch : \"inport==@ovn.sg.kubeovn_deny_all && ip\"\nmeter : []\nname : []\noptions : {}\npriority : 2003\nseverity : []\n\n_uuid : de790cc8-f155-405f-bb32-5a51f30c545f\naction : drop\ndirection : to-lport\nexternal_ids : {}\nlabel : 0\nlog : false\nmatch : \"outport==@ovn.sg.kubeovn_deny_all && ip\"\nmeter : []\nname : []\noptions : {}\npriority : 2003\nseverity : []\nChassis \"e15ed4d4-1780-4d50-b09e-ea8372ed48b8\"\n hostname: liumengxin-ovn1-192.168.137.176\n Encap stt\n ip: \"192.168.137.176\"\n options: {csum=\"true\"}\n Port_Binding node-liumengxin-ovn1-192.168.137.176\n Port_Binding perf-6vxkn.default\n Port_Binding kube-state-metrics-5d6885d89-4nf8h.monitoring\n Port_Binding alertmanager-main-0.monitoring\n Port_Binding kube-ovn-pinger-6ftdf.kube-system\n Port_Binding fake-kubelet-67c55dfd89-pv86k.kube-system\n Port_Binding prometheus-k8s-0.monitoring\nChassis \"eef07da1-f8ad-4775-b14d-bd6a3b4eb0d5\"\n hostname: liumengxin-ovn3-192.168.137.178\n Encap stt\n ip: \"192.168.137.178\"\n options: {csum=\"true\"}\n Port_Binding kube-ovn-pinger-7twb4.kube-system\n Port_Binding prometheus-adapter-86df476d87-rl88g.monitoring\n Port_Binding prometheus-k8s-1.monitoring\n Port_Binding node-liumengxin-ovn3-192.168.137.178\n Port_Binding perf-ff475.default\n Port_Binding alertmanager-main-1.monitoring\n Port_Binding blackbox-exporter-676d976865-tvsjd.monitoring\nChassis \"efa253c9-494d-4719-83ae-b48ab0f11c03\"\n hostname: liumengxin-ovn2-192.168.137.177\n Encap stt\n ip: \"192.168.137.177\"\n options: {csum=\"true\"}\n Port_Binding grafana-6c4c6b8fb7-pzd2c.monitoring\n Port_Binding node-liumengxin-ovn2-192.168.137.177\n Port_Binding alertmanager-main-2.monitoring\n Port_Binding coredns-6789c94dd8-9jqsz.kube-system\n Port_Binding coredns-6789c94dd8-25d4r.kube-system\n Port_Binding prometheus-operator-7bbc99fc8b-wgjm4.monitoring\n Port_Binding prometheus-adapter-86df476d87-gdxmc.monitoring\n Port_Binding perf-fjnws.default\n Port_Binding kube-ovn-pinger-vh2xg.kube-system\nds kube-proxy ready\nkube-proxy ready\ndeployment ovn-central ready\ndeployment kube-ovn-controller ready\nds kube-ovn-cni ready\nds ovs-ovn ready\ndeployment coredns ready\novn-nb leader check ok\novn-sb leader check ok\novn-northd leader check ok\n### kube-ovn-controller recent log\n\n### start to diagnose node liumengxin-ovn1-192.168.137.176\n#### ovn-controller log:\n2022-06-03T00:56:44.897Z|16722|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:06:44.912Z|16723|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:16:44.925Z|16724|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:26:44.936Z|16725|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:36:44.959Z|16726|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:46:44.974Z|16727|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T01:56:44.988Z|16728|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:06:45.001Z|16729|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:16:45.025Z|16730|inc_proc_eng|INFO|User triggered force recompute.\n2022-06-03T02:26:45.040Z|16731|inc_proc_eng|INFO|User triggered force recompute.\n\n#### ovs-vswitchd log:\n2022-06-02T23:03:00.137Z|00079|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:f9d1\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-02T23:23:31.840Z|00080|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:15b2\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T00:09:15.659Z|00081|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:dc:e3:63,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.63.30,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:e5a5\n with metadata skb_priority(0),tunnel(tun_id=0x150017000004,src=192.168.137.178,dst=192.168.137.176,ttl=64,tp_src=9239,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.63.30,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T00:30:13.409Z|00064|dpif(handler2)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:6b4a\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n2022-06-03T02:02:33.832Z|00082|dpif(handler1)|WARN|system@ovs-system: execute ct(commit,zone=14,label=0/0x1,nat(src)),8 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=00:00:00:f8:07:c8,dl_dst=00:00:00:fa:1e:50,nw_src=10.16.0.5,nw_dst=10.16.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0 icmp_csum:a819\n with metadata skb_priority(0),tunnel(tun_id=0x160017000004,src=192.168.137.177,dst=192.168.137.176,ttl=64,tp_src=38881,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0xe),ct_tuple4(src=10.16.0.5,dst=10.16.0.10,proto=1,tp_src=8,tp_dst=0),in_port(4) mtu 0\n\n#### ovs-vsctl show results:\n0d4c4675-c9cc-440a-8c1a-878e17f81b88\n Bridge br-int\n fail_mode: secure\n datapath_type: system\n Port a2c1a8a8b83a_h\n Interface a2c1a8a8b83a_h\n Port \"4fa5c4cbb1a5_h\"\n Interface \"4fa5c4cbb1a5_h\"\n Port ovn-eef07d-0\n Interface ovn-eef07d-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.178\"}\n Port ovn0\n Interface ovn0\n type: internal\n Port \"04d03360e9a0_h\"\n Interface \"04d03360e9a0_h\"\n Port eeb4d9e51b5d_h\n Interface eeb4d9e51b5d_h\n Port mirror0\n Interface mirror0\n type: internal\n Port \"8e5d887ccd80_h\"\n Interface \"8e5d887ccd80_h\"\n Port ovn-efa253-0\n Interface ovn-efa253-0\n type: stt\n options: {csum=\"true\", key=flow, remote_ip=\"192.168.137.177\"}\n Port \"17512d5be1f1_h\"\n Interface \"17512d5be1f1_h\"\n Port br-int\n Interface br-int\n type: internal\n ovs_version: \"2.17.2\"\n\n#### pinger diagnose results:\nI0603 10:35:04.349404 17619 pinger.go:19]\n-------------------------------------------------------------------------------\nKube-OVN:\n Version: v1.12.13\n Build: 2022-04-24_08:02:50\n Commit: git-73f9d15\n Go Version: go1.17.8\n Arch: amd64\n-------------------------------------------------------------------------------\nI0603 10:35:04.376797 17619 config.go:166] pinger config is &{KubeConfigFile: KubeClient:0xc000493380 Port:8080 DaemonSetNamespace:kube-system DaemonSetName:kube-ovn-pinger Interval:5 Mode:job ExitCode:0 InternalDNS:kubernetes.default ExternalDNS: NodeName:liumengxin-ovn1-192.168.137.176 HostIP:192.168.137.176 PodName:kube-ovn-pinger-6ftdf PodIP:10.16.0.10 PodProtocols:[IPv4] ExternalAddress: NetworkMode:kube-ovn PollTimeout:2 PollInterval:15 SystemRunDir:/var/run/openvswitch DatabaseVswitchName:Open_vSwitch DatabaseVswitchSocketRemote:unix:/var/run/openvswitch/db.sock DatabaseVswitchFileDataPath:/etc/openvswitch/conf.db DatabaseVswitchFileLogPath:/var/log/openvswitch/ovsdb-server.log DatabaseVswitchFilePidPath:/var/run/openvswitch/ovsdb-server.pid DatabaseVswitchFileSystemIDPath:/etc/openvswitch/system-id.conf ServiceVswitchdFileLogPath:/var/log/openvswitch/ovs-vswitchd.log ServiceVswitchdFilePidPath:/var/run/openvswitch/ovs-vswitchd.pid ServiceOvnControllerFileLogPath:/var/log/ovn/ovn-controller.log ServiceOvnControllerFilePidPath:/var/run/ovn/ovn-controller.pid}\nI0603 10:35:04.449166 17619 exporter.go:75] liumengxin-ovn1-192.168.137.176: exporter connect successfully\nI0603 10:35:04.554011 17619 ovn.go:21] ovs-vswitchd and ovsdb are up\nI0603 10:35:04.651293 17619 ovn.go:33] ovn_controller is up\nI0603 10:35:04.651342 17619 ovn.go:39] start to check port binding\nI0603 10:35:04.749613 17619 ovn.go:135] chassis id is 1d7f3d6c-eec5-4b3c-adca-2969d9cdfd80\nI0603 10:35:04.763487 17619 ovn.go:49] port in sb is [node-liumengxin-ovn1-192.168.137.176 perf-6vxkn.default kube-state-metrics-5d6885d89-4nf8h.monitoring alertmanager-main-0.monitoring kube-ovn-pinger-6ftdf.kube-system fake-kubelet-67c55dfd89-pv86k.kube-system prometheus-k8s-0.monitoring]\nI0603 10:35:04.763583 17619 ovn.go:61] ovs and ovn-sb binding check passed\nI0603 10:35:05.049309 17619 ping.go:259] start to check apiserver connectivity\nI0603 10:35:05.053666 17619 ping.go:268] connect to apiserver success in 4.27ms\nI0603 10:35:05.053786 17619 ping.go:129] start to check pod connectivity\nI0603 10:35:05.249590 17619 ping.go:159] ping pod: kube-ovn-pinger-6ftdf 10.16.0.10, count: 3, loss count 0, average rtt 16.30ms\nI0603 10:35:05.354135 17619 ping.go:159] ping pod: kube-ovn-pinger-7twb4 10.16.63.30, count: 3, loss count 0, average rtt 1.81ms\nI0603 10:35:05.458460 17619 ping.go:159] ping pod: kube-ovn-pinger-vh2xg 10.16.0.5, count: 3, loss count 0, average rtt 1.92ms\nI0603 10:35:05.458523 17619 ping.go:83] start to check node connectivity\n
\u200b\u5982\u679c\u200b diagnose \u200b\u7684\u200b\u76ee\u6807\u200b\u6307\u5b9a\u200b\u4e3a\u200b subnet \u200b\u8be5\u200b\u811a\u672c\u200b\u4f1a\u200b\u5728\u200b subnet \u200b\u4e0a\u200b\u5efa\u7acb\u200b daemonset\uff0c\u200b\u7531\u200b kube-ovn-pinger \u200b\u53bb\u200b\u63a2\u6d4b\u200b\u8fd9\u4e2a\u200b daemonset \u200b\u7684\u200b\u6240\u6709\u200b pod \u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u548c\u200b\u7f51\u7edc\u5ef6\u65f6\u200b\uff0c\u200b\u6d4b\u8bd5\u200b\u5b8c\u540e\u200b\u81ea\u52a8\u200b\u9500\u6bc1\u200b\u8be5\u200b daemonset\u3002
\u200b\u5982\u679c\u200b diagnose \u200b\u7684\u200b\u76ee\u6807\u200b\u6307\u5b9a\u200b\u4e3a\u200b IPPorts \u200b\u8be5\u200b\u811a\u672c\u200b\u4f1a\u200b\u8ba9\u200b\u6bcf\u4e2a\u200b kube-ovn-pinger pod \u200b\u53bb\u200b\u63a2\u6d4b\u200b\u76ee\u6807\u200b\u534f\u8bae\u200b\uff0cIP\uff0cPort \u200b\u662f\u5426\u200b\u53ef\u200b\u8fbe\u200b\u3002
"},{"location":"ops/kubectl-ko/#tuning-install-fastpathlocal-install-fastpathremove-fastpathinstall-sttlocal-install-sttremove-stt-centos7centos8-kernel-devel-version","title":"tuning {install-fastpath|local-install-fastpath|remove-fastpath|install-stt|local-install-stt|remove-stt} {centos7|centos8}} [kernel-devel-version]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u6267\u884c\u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b\u76f8\u5173\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u5177\u4f53\u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b\u3002
"},{"location":"ops/kubectl-ko/#reload","title":"reload","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u91cd\u542f\u200b\u6240\u6709\u200b Kube-OVN \u200b\u76f8\u5173\u200b\u7ec4\u4ef6\u200b\uff1a
# kubectl ko reload\npod \"ovn-central-8684dd94bd-vzgcr\" deleted\nWaiting for deployment \"ovn-central\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"ovn-central\" successfully rolled out\npod \"ovs-ovn-bsnvz\" deleted\npod \"ovs-ovn-m9b98\" deleted\npod \"kube-ovn-controller-8459db5ff4-64c62\" deleted\nWaiting for deployment \"kube-ovn-controller\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"kube-ovn-controller\" successfully rolled out\npod \"kube-ovn-cni-2klnh\" deleted\npod \"kube-ovn-cni-t2jz4\" deleted\nWaiting for daemon set \"kube-ovn-cni\" rollout to finish: 0 of 2 updated pods are available...\nWaiting for daemon set \"kube-ovn-cni\" rollout to finish: 1 of 2 updated pods are available...\ndaemon set \"kube-ovn-cni\" successfully rolled out\npod \"kube-ovn-pinger-ln72z\" deleted\npod \"kube-ovn-pinger-w8lrk\" deleted\nWaiting for daemon set \"kube-ovn-pinger\" rollout to finish: 0 of 2 updated pods are available...\nWaiting for daemon set \"kube-ovn-pinger\" rollout to finish: 1 of 2 updated pods are available...\ndaemon set \"kube-ovn-pinger\" successfully rolled out\npod \"kube-ovn-monitor-7fb67d5488-7q6zb\" deleted\nWaiting for deployment \"kube-ovn-monitor\" rollout to finish: 0 of 1 updated replicas are available...\ndeployment \"kube-ovn-monitor\" successfully rolled out\n
"},{"location":"ops/kubectl-ko/#log","title":"log","text":"\u200b\u4f7f\u7528\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u6293\u53d6\u200b kube-ovn \u200b\u6240\u6709\u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b Kube-OVN\uff0cOVN\uff0cOpenvswitch \u200b\u7684\u200b log \u200b\u4ee5\u53ca\u200b linux \u200b\u5e38\u7528\u200b\u7684\u200b\u4e00\u4e9b\u200b debug \u200b\u4fe1\u606f\u200b\u3002
# kubectl ko log all\nCollecting kube-ovn logging files\nCollecting ovn logging files\nCollecting openvswitch logging files\nCollecting linux dmesg files\nCollecting linux iptables-legacy files\nCollecting linux iptables-nft files\nCollecting linux route files\nCollecting linux link files\nCollecting linux neigh files\nCollecting linux memory files\nCollecting linux top files\nCollecting linux sysctl files\nCollecting linux netstat files\nCollecting linux addr files\nCollecting linux ipset files\nCollecting linux tcp files\nCollected files have been saved in the directory /root/kubectl-ko-log\n
\u200b\u76ee\u5f55\u200b\u5982\u4e0b\u200b\uff1a
# tree kubectl-ko-log/\nkubectl-ko-log/\n|-- kube-ovn-control-plane\n| |-- kube-ovn\n| | |-- kube-ovn-cni.log\n| | |-- kube-ovn-monitor.log\n| | `-- kube-ovn-pinger.log\n| |-- linux\n| | |-- addr.log\n| | |-- dmesg.log\n| | |-- ipset.log\n| | |-- iptables-legacy.log\n| | |-- iptables-nft.log\n| | |-- link.log\n| | |-- memory.log\n| | |-- neigh.log\n| | |-- netstat.log\n| | |-- route.log\n| | |-- sysctl.log\n| | |-- tcp.log\n| | `-- top.log\n| |-- openvswitch\n| | |-- ovs-vswitchd.log\n| | `-- ovsdb-server.log\n| `-- ovn\n| |-- ovn-controller.log\n| |-- ovn-northd.log\n| |-- ovsdb-server-nb.log\n| `-- ovsdb-server-sb.log\n
"},{"location":"ops/kubectl-ko/#perf-image","title":"perf [image]","text":"\u200b\u8be5\u200b\u547d\u4ee4\u200b\u4f1a\u200b\u53bb\u200b\u6d4b\u8bd5\u200b Kube-OVN \u200b\u7684\u200b\u4e00\u4e9b\u200b\u6027\u80fd\u6307\u6807\u200b\u5982\u4e0b\u200b\uff1a
- \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u6027\u80fd\u6307\u6807\u200b\uff1b
- Hostnetwork \u200b\u7f51\u7edc\u200b\u6027\u80fd\u6307\u6807\u200b\uff1b
- \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7ec4\u200b\u64ad\u62a5\u200b\u6587\u200b\u6027\u80fd\u6307\u6807\u200b\uff1b
- OVN-NB, OVN-SB, OVN-Northd leader \u200b\u5220\u9664\u200b\u6062\u590d\u200b\u6240\u200b\u9700\u200b\u65f6\u95f4\u200b\u3002
\u200b\u53c2\u6570\u200b image \u200b\u7528\u4e8e\u200b\u6307\u5b9a\u200b\u6027\u80fd\u200b\u6d4b\u8bd5\u200b pod \u200b\u6240\u7528\u200b\u7684\u200b\u955c\u50cf\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u662f\u200b kubeovn/test:v1.12.0, \u200b\u8bbe\u7f6e\u200b\u8be5\u200b\u53c2\u6570\u200b\u4e3b\u8981\u200b\u662f\u200b\u4e3a\u4e86\u200b\u79bb\u7ebf\u200b\u573a\u666f\u200b\uff0c\u200b\u5c06\u200b\u955c\u50cf\u200b\u62c9\u5230\u200b\u5185\u7f51\u200b\u73af\u5883\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u6709\u200b\u955c\u50cf\u200b\u540d\u200b\u53d8\u5316\u200b\u3002
# kubectl ko perf\n============================== Prepareing Performance Test Resources ===============================\npod/test-client created\npod/test-host-client created\npod/test-server created\npod/test-host-server created\nservice/test-server created\npod/test-client condition met\npod/test-host-client condition met\npod/test-host-server condition met\npod/test-server condition met\n====================================================================================================\n============================ Start Pod Network Unicast Performance Test ============================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 82.8 us 97.7 Mbits/sec 67.6 us (0%) 8.42 Mbits/sec\n128 85.4 us 167 Mbits/sec 67.2 us (0%) 17.2 Mbits/sec\n512 85.8 us 440 Mbits/sec 68.7 us (0%) 68.4 Mbits/sec\n1k 85.1 us 567 Mbits/sec 68.7 us (0%) 134 Mbits/sec\n4k 138 us 826 Mbits/sec 78.1 us (1.4%) 503 Mbits/sec\n====================================================================================================\n=============================== Start Host Network Performance Test ================================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 49.7 us 120 Mbits/sec 37.9 us (0%) 18.6 Mbits/sec\n128 49.7 us 200 Mbits/sec 38.1 us (0%) 35.5 Mbits/sec\n512 51.9 us 588 Mbits/sec 38.9 us (0%) 142 Mbits/sec\n1k 51.7 us 944 Mbits/sec 37.2 us (0%) 279 Mbits/sec\n4k 74.9 us 1.66 Gbits/sec 39.9 us (0%) 1.20 Gbits/sec\n====================================================================================================\n============================== Start Service Network Performance Test ==============================\nSize TCP Latency TCP Bandwidth UDP Latency UDP Lost Rate UDP Bandwidth\n64 111 us 96.3 Mbits/sec 88.4 us (0%) 7.59 Mbits/sec\n128 83.7 us 150 Mbits/sec 69.2 us (0%) 16.9 Mbits/sec\n512 87.4 us 374 Mbits/sec 75.8 us (0%) 60.9 Mbits/sec\n1k 88.2 us 521 Mbits/sec 73.1 us (0%) 123 Mbits/sec\n4k 148 us 813 Mbits/sec 77.6 us (0.0044%) 451 Mbits/sec\n====================================================================================================\n=========================== Start Pod Multicast Network Performance Test ===========================\nSize UDP Latency UDP Lost Rate UDP Bandwidth\n64 0.014 ms (0.17%) 5.80 Mbits/sec\n128 0.012 ms (0%) 11.4 Mbits/sec\n512 0.016 ms (0%) 46.1 Mbits/sec\n1k 0.023 ms (0.073%) 89.8 Mbits/sec\n4k 0.035 ms (1.3%) 126 Mbits/sec\n====================================================================================================\n============================= Start Host Multicast Network Performance =============================\nSize UDP Latency UDP Lost Rate UDP Bandwidth\n64 0.007 ms (0%) 9.95 Mbits/sec\n128 0.005 ms (0%) 21.8 Mbits/sec\n512 0.008 ms (0%) 86.8 Mbits/sec\n1k 0.013 ms (0.045%) 168 Mbits/sec\n4k 0.010 ms (0.31%) 242 Mbits/sec\n====================================================================================================\n================================== Start Leader Recover Time Test ==================================\nDelete ovn central nb pod\npod \"ovn-central-5cb9c67d75-tlz9w\" deleted\nWaiting for ovn central nb pod running\n=============================== OVN nb Recovery takes 3.305236803 s ================================\nDelete ovn central sb pod\npod \"ovn-central-5cb9c67d75-szx4c\" deleted\nWaiting for ovn central sb pod running\n=============================== OVN sb Recovery takes 3.462698535 s ================================\nDelete ovn central northd pod\npod \"ovn-central-5cb9c67d75-zqmqv\" deleted\nWaiting for ovn central northd pod running\n============================= OVN northd Recovery takes 2.691291403 s ==============================\n====================================================================================================\n================================= Remove Performance Test Resource =================================\nrm -f unicast-test-client.log\nrm -f unicast-test-host-client.log\nrm -f unicast-test-client.log\nkubectl ko nbctl lb-del test-server\nrm -f multicast-test-server.log\nkubectl exec ovs-ovn-gxdrf -n kube-system -- ip maddr del 01:00:5e:00:00:64 dev eth0\nkubectl exec ovs-ovn-h57bf -n kube-system -- ip maddr del 01:00:5e:00:00:64 dev eth0\nrm -f multicast-test-host-server.log\npod \"test-client\" deleted\npod \"test-host-client\" deleted\npod \"test-host-server\" deleted\npod \"test-server\" deleted\nservice \"test-server\" deleted\n====================================================================================================\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"ops/recover-db/","title":"OVN \u200b\u6570\u636e\u5e93\u200b\u5907\u4efd\u200b\u548c\u200b\u6062\u590d","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b\u5982\u4f55\u200b\u8fdb\u884c\u200b\u6570\u636e\u5e93\u200b\u5907\u4efd\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5728\u200b\u4e0d\u540c\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u5982\u4f55\u200b\u901a\u8fc7\u200b\u5df2\u6709\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u96c6\u7fa4\u200b\u6062\u590d\u200b\u3002
"},{"location":"ops/recover-db/#_1","title":"\u6570\u636e\u5e93\u200b\u5907\u4efd","text":"\u200b\u5229\u7528\u200b kubectl \u200b\u63d2\u4ef6\u200b\u7684\u200b backup \u200b\u547d\u4ee4\u200b\u53ef\u4ee5\u200b\u5bf9\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u5907\u4efd\u200b\uff0c\u200b\u4ee5\u200b\u7528\u4e8e\u200b\u6545\u969c\u200b\u65f6\u200b\u6062\u590d\u200b\uff1a
# kubectl ko nb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnnb_db.060223191654183154.backup\n\n# kubectl ko sb backup\ntar: Removing leading `/' from member names\nbackup ovn-nb db to /root/ovnsb_db.060223191654183154.backup\n
"},{"location":"ops/recover-db/#_2","title":"\u96c6\u7fa4\u200b\u90e8\u5206\u200b\u6545\u969c\u200b\u6062\u590d","text":"\u200b\u82e5\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u5b58\u5728\u200b\u90e8\u5206\u200b\u8282\u70b9\u200b\u56e0\u4e3a\u200b\u65ad\u7535\u200b\uff0c\u200b\u6587\u4ef6\u7cfb\u7edf\u200b\u6545\u969c\u200b\u6216\u200b\u78c1\u76d8\u7a7a\u95f4\u200b\u4e0d\u8db3\u200b\u5bfc\u81f4\u200b\u5de5\u4f5c\u200b\u5f02\u5e38\u200b\uff0c \u200b\u4f46\u662f\u200b\u96c6\u7fa4\u200b\u4ecd\u200b\u53ef\u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u5982\u4e0b\u200b\u6b65\u9aa4\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u3002
"},{"location":"ops/recover-db/#_3","title":"\u67e5\u770b\u200b\u65e5\u5fd7\u200b\u786e\u8ba4\u200b\u72b6\u6001\u200b\u5f02\u5e38","text":"\u200b\u67e5\u770b\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b /var/log/ovn/ovn-northd.log\uff0c\u200b\u82e5\u200b\u63d0\u793a\u200b\u7c7b\u4f3c\u200b\u9519\u8bef\u200b\u5219\u200b\u53ef\u200b\u5224\u65ad\u200b\u6570\u636e\u5e93\u200b\u5b58\u5728\u200b\u5f02\u5e38\u200b
* ovn-northd is not running\novsdb-server: ovsdb error: error reading record 2739 from OVN_Northbound log: record 2739 advances commit index to 6308 but last log index is 6307\n * Starting ovsdb-nb\n
"},{"location":"ops/recover-db/#_4","title":"\u4ece\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u200b\u5bf9\u5e94\u200b\u8282\u70b9","text":"\u200b\u6839\u636e\u200b\u65e5\u5fd7\u200b\u63d0\u793a\u200b\u662f\u200b OVN_Northbound \u200b\u8fd8\u662f\u200b OVN_Southbound \u200b\u9009\u62e9\u200b\u5bf9\u5e94\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\u3002 \u200b\u4e0a\u8ff0\u200b\u65e5\u5fd7\u200b\u63d0\u793a\u200b\u4e3a\u200b OVN_Northbound \u200b\u5219\u200b\u5bf9\u200b ovn-nb \u200b\u8fdb\u884c\u200b\u64cd\u4f5c\u200b\uff1a
# kubectl ko nb status\n9182\nName: OVN_Northbound\nCluster ID: e75f (e75fa340-49ed-45ab-990e-26cb865ebc85)\nServer ID: 9182 (9182e8dd-b5b0-4dd8-8518-598cc1e374f3)\nAddress: tcp:[10.0.128.61]:6643\nStatus: cluster member\nRole: leader\nTerm: 1454\nLeader: self\nVote: self\n\nLast Election started 1732603 ms ago, reason: timeout\nLast Election won: 1732587 ms ago\nElection timer: 1000\nLog: [7332, 12512]\nEntries not yet committed: 1\nEntries not yet applied: 1\nConnections: ->f080 <-f080 <-e631 ->e631\nDisconnections: 1\nServers:\n f080 (f080 at tcp:[10.0.129.139]:6643) next_index=12512 match_index=12510 last msg 63 ms ago\n 9182 (9182 at tcp:[10.0.128.61]:6643) (self) next_index=10394 match_index=12510\n e631 (e631 at tcp:[10.0.131.173]:6643) next_index=12512 match_index=0\n
\u200b\u4ece\u200b\u96c6\u7fa4\u200b\u4e2d\u200b\u8e22\u200b\u51fa\u200b\u72b6\u6001\u200b\u5f02\u5e38\u200b\u8282\u70b9\u200b\uff1a
kubectl ko nb kick e631\n
\u200b\u767b\u5f55\u200b\u5f02\u5e38\u200b\u8282\u70b9\u200b\uff0c\u200b\u5220\u9664\u200b\u5bf9\u5e94\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff1a
mv /etc/origin/ovn/ovnnb_db.db /tmp\n
\u200b\u5220\u9664\u200b\u5bf9\u5e94\u200b\u8282\u70b9\u200b\u7684\u200b ovn-central Pod\uff0c\u200b\u7b49\u5f85\u200b\u96c6\u7fa4\u200b\u81ea\u52a8\u200b\u6062\u590d\u200b\uff1a
kubectl delete pod -n kube-system ovn-central-xxxx\n
"},{"location":"ops/recover-db/#_5","title":"\u96c6\u7fa4\u200b\u4e0d\u80fd\u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\u4e0b\u200b\u7684\u200b\u6062\u590d","text":"\u200b\u82e5\u200b\u96c6\u7fa4\u200b\u591a\u6570\u200b\u8282\u70b9\u200b\u53d7\u635f\u200b\u65e0\u6cd5\u200b\u9009\u4e3e\u200b\u51fa\u200b leader\uff0c\u200b\u8bf7\u200b\u53c2\u7167\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u3002
"},{"location":"ops/recover-db/#ovn-central","title":"\u505c\u6b62\u200b ovn-central","text":"\u200b\u8bb0\u5f55\u200b\u5f53\u524d\u200b ovn-central \u200b\u526f\u672c\u200b\u6570\u91cf\u200b\uff0c\u200b\u5e76\u200b\u505c\u6b62\u200b ovn-central \u200b\u907f\u514d\u200b\u65b0\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u53d8\u66f4\u200b\u5f71\u54cd\u200b\u6062\u590d\u200b\uff1a
kubectl scale deployment -n kube-system ovn-central --replicas=0\n
"},{"location":"ops/recover-db/#_6","title":"\u9009\u62e9\u200b\u5907\u4efd","text":"\u200b\u7531\u4e8e\u200b\u591a\u6570\u200b\u8282\u70b9\u200b\u53d7\u635f\u200b\uff0c\u200b\u9700\u8981\u200b\u4ece\u200b\u67d0\u4e2a\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u91cd\u5efa\u200b\u96c6\u7fa4\u200b\u3002\u200b\u5982\u679c\u200b\u4e4b\u524d\u200b\u5907\u4efd\u200b\u8fc7\u200b\u6570\u636e\u5e93\u200b \u200b\u53ef\u200b\u4f7f\u7528\u200b\u4e4b\u524d\u200b\u7684\u200b\u5907\u4efd\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u6062\u590d\u200b\u3002\u200b\u5982\u679c\u200b\u6ca1\u6709\u200b\u8fdb\u884c\u200b\u8fc7\u200b\u5907\u4efd\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u6b65\u9aa4\u200b\u4ece\u200b\u5df2\u6709\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b \u200b\u4e2d\u200b\u751f\u6210\u200b\u4e00\u4e2a\u200b\u5907\u4efd\u200b\u3002
\u200b\u7531\u4e8e\u200b\u9ed8\u8ba4\u200b\u6587\u4ef6\u5939\u200b\u4e0b\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u683c\u5f0f\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff0c\u200b\u5305\u542b\u200b\u5f53\u524d\u200b\u96c6\u7fa4\u200b\u7684\u200b\u4fe1\u606f\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u76f4\u63a5\u200b \u200b\u7528\u8be5\u200b\u6587\u4ef6\u200b\u91cd\u5efa\u200b\u6570\u636e\u5e93\u200b\uff0c\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b ovsdb-tool cluster-to-standalone \u200b\u8fdb\u884c\u200b\u683c\u5f0f\u200b\u8f6c\u6362\u200b\u3002
\u200b\u9009\u62e9\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u4e2d\u6392\u200b\u7b2c\u4e00\u200b\u7684\u200b\u8282\u70b9\u200b\u6062\u590d\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\uff0c \u200b\u5982\u679c\u200b\u7b2c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u5df2\u635f\u574f\u200b\uff0c\u200b\u4ece\u200b\u5176\u4ed6\u200b\u673a\u5668\u200b /etc/origin/ovn \u200b\u4e0b\u200b\u590d\u5236\u200b\u6587\u4ef6\u200b\u5230\u200b\u7b2c\u4e00\u53f0\u200b\u673a\u5668\u200b \uff0c \u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\u751f\u6210\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u5907\u4efd\u200b\u3002
docker run -it -v /etc/origin/ovn:/etc/ovn kubeovn/kube-ovn:v1.12.13 bash\ncd /etc/ovn/\novsdb-tool cluster-to-standalone ovnnb_db_standalone.db ovnnb_db.db\novsdb-tool cluster-to-standalone ovnsb_db_standalone.db ovnsb_db.db\n
"},{"location":"ops/recover-db/#ovn-central_1","title":"\u5220\u9664\u200b\u6bcf\u4e2a\u200b ovn-central \u200b\u8282\u70b9\u200b\u4e0a\u200b\u7684\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6","text":"\u200b\u4e3a\u4e86\u200b\u907f\u514d\u200b\u91cd\u5efa\u200b\u96c6\u7fa4\u200b\u65f6\u200b\u4f7f\u7528\u200b\u5230\u200b\u9519\u8bef\u200b\u7684\u200b\u6570\u636e\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u200b\u5df2\u6709\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u8fdb\u884c\u200b\u6e05\u7406\u200b\uff1a
mv /etc/origin/ovn/ovnnb_db.db /tmp\nmv /etc/origin/ovn/ovnsb_db.db /tmp\n
"},{"location":"ops/recover-db/#_7","title":"\u6062\u590d\u200b\u6570\u636e\u5e93\u200b\u96c6\u7fa4","text":"\u200b\u5c06\u200b\u5907\u4efd\u200b\u6570\u636e\u5e93\u200b\u5206\u522b\u200b\u91cd\u547d\u540d\u200b\u4e3a\u200b ovnnb_db.db \u200b\u548c\u200b ovnsb_db.db\uff0c\u200b\u5e76\u200b\u590d\u5236\u5230\u200b ovn-central \u200b\u73af\u5883\u53d8\u91cf\u200b NODE_IPS \u200b\u4e2d\u6392\u200b\u7b2c\u4e00\u200b\u673a\u5668\u200b\u7684\u200b /etc/origin/ovn/ \u200b\u76ee\u5f55\u200b\u4e0b\u200b\uff1a
mv /etc/origin/ovn/ovnnb_db_standalone.db /etc/origin/ovn/ovnnb_db.db\nmv /etc/origin/ovn/ovnsb_db_standalone.db /etc/origin/ovn/ovnsb_db.db\n
\u200b\u6062\u590d\u200b ovn-central \u200b\u7684\u200b\u526f\u672c\u200b\u6570\u200b\uff1a
kubectl scale deployment -n kube-system ovn-central --replicas=3\nkubectl rollout status deployment/ovn-central -n kube-system\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/architecture/","title":"\u603b\u4f53\u200b\u67b6\u6784","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u200b\u4ecb\u7ecd\u200b Kube-OVN \u200b\u7684\u200b\u603b\u4f53\u200b\u67b6\u6784\u200b\uff0c\u200b\u548c\u200b\u5404\u4e2a\u200b\u7ec4\u4ef6\u200b\u7684\u200b\u529f\u80fd\u200b\u4ee5\u53ca\u200b\u5176\u200b\u4e4b\u95f4\u200b\u7684\u200b\u4ea4\u4e92\u200b\u3002
\u200b\u603b\u4f53\u200b\u6765\u770b\u200b\uff0cKube-OVN \u200b\u4f5c\u4e3a\u200b Kubernetes \u200b\u548c\u200b OVN \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4e00\u4e2a\u200b\u6865\u6881\u200b\uff0c\u200b\u5c06\u200b\u6210\u719f\u200b\u7684\u200b SDN \u200b\u548c\u200b\u4e91\u200b\u539f\u751f\u200b\u76f8\u7ed3\u5408\u200b\u3002 \u200b\u8fd9\u200b\u610f\u5473\u7740\u200b Kube-OVN \u200b\u4e0d\u4ec5\u200b\u901a\u8fc7\u200b OVN \u200b\u5b9e\u73b0\u200b\u4e86\u200b Kubernetes \u200b\u4e0b\u200b\u7684\u200b\u7f51\u7edc\u200b\u89c4\u8303\u200b\uff0c\u200b\u4f8b\u5982\u200b CNI\uff0cService \u200b\u548c\u200b Networkpolicy\uff0c\u200b\u8fd8\u200b\u5c06\u200b\u5927\u91cf\u200b\u7684\u200b SDN \u200b\u9886\u57df\u200b\u80fd\u529b\u200b\u5e26\u5165\u200b\u4e91\u200b\u539f\u751f\u200b\uff0c\u200b\u4f8b\u5982\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\uff0c\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff0cVPC\uff0c\u200b\u7f51\u5173\u200b\uff0cQoS\uff0cACL \u200b\u548c\u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b\u3002
\u200b\u540c\u65f6\u200b Kube-OVN \u200b\u8fd8\u200b\u4fdd\u6301\u200b\u4e86\u200b\u826f\u597d\u200b\u7684\u200b\u5f00\u653e\u6027\u200b\u53ef\u4ee5\u200b\u548c\u200b\u8bf8\u591a\u200b\u6280\u672f\u200b\u65b9\u6848\u200b\u96c6\u6210\u200b\uff0c\u200b\u4f8b\u5982\u200b Cilium\uff0cSubmariner\uff0cPrometheus\uff0cKubeVirt \u200b\u7b49\u7b49\u200b\u3002
"},{"location":"reference/architecture/#_2","title":"\u7ec4\u4ef6\u200b\u4ecb\u7ecd","text":"Kube-OVN \u200b\u7684\u200b\u7ec4\u4ef6\u200b\u53ef\u4ee5\u200b\u5927\u81f4\u200b\u5206\u4e3a\u200b\u4e09\u7c7b\u200b\uff1a
- \u200b\u4e0a\u6e38\u200b OVN/OVS \u200b\u7ec4\u4ef6\u200b\u3002
- \u200b\u6838\u5fc3\u200b\u63a7\u5236\u5668\u200b\u548c\u200b Agent\u3002
- \u200b\u76d1\u63a7\u200b\uff0c\u200b\u8fd0\u7ef4\u200b\u5de5\u5177\u200b\u548c\u200b\u6269\u5c55\u200b\u7ec4\u4ef6\u200b\u3002
"},{"location":"reference/architecture/#ovnovs","title":"\u4e0a\u6e38\u200b OVN/OVS \u200b\u7ec4\u4ef6","text":"\u200b\u8be5\u200b\u7c7b\u578b\u200b\u7ec4\u4ef6\u200b\u6765\u81ea\u200b OVN/OVS \u200b\u793e\u533a\u200b\uff0c\u200b\u5e76\u200b\u9488\u5bf9\u200b Kube-OVN \u200b\u7684\u200b\u4f7f\u7528\u200b\u573a\u666f\u200b\u505a\u200b\u4e86\u200b\u7279\u5b9a\u200b\u4fee\u6539\u200b\u3002 OVN/OVS \u200b\u672c\u8eab\u200b\u662f\u200b\u4e00\u5957\u200b\u6210\u719f\u200b\u7684\u200b\u7ba1\u7406\u200b\u865a\u673a\u200b\u548c\u200b\u5bb9\u5668\u200b\u7684\u200b SDN \u200b\u7cfb\u7edf\u200b\uff0c\u200b\u6211\u4eec\u200b\u5f3a\u70c8\u5efa\u8bae\u200b \u200b\u5bf9\u200b Kube-OVN \u200b\u5b9e\u73b0\u200b\u611f\u5174\u8da3\u200b\u7684\u200b\u7528\u6237\u200b\u5148\u53bb\u200b\u8bfb\u200b\u4e00\u4e0b\u200b ovn-architecture(7) \u200b\u6765\u200b\u4e86\u89e3\u200b\u4ec0\u4e48\u200b\u662f\u200b OVN \u200b\u4ee5\u53ca\u200b \u200b\u5982\u4f55\u200b\u548c\u200b\u5b83\u200b\u8fdb\u884c\u200b\u96c6\u6210\u200b\u3002Kube-OVN \u200b\u4f7f\u7528\u200b OVN \u200b\u7684\u200b\u5317\u5411\u200b\u63a5\u53e3\u200b\u521b\u5efa\u200b\u548c\u200b\u8c03\u6574\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u5176\u4e2d\u200b\u7684\u200b\u7f51\u7edc\u200b\u6982\u5ff5\u200b\u6620\u5c04\u200b\u5230\u200b Kubernetes \u200b\u4e4b\u5185\u200b\u3002
\u200b\u6240\u6709\u200b OVN/OVS \u200b\u76f8\u5173\u200b\u7ec4\u4ef6\u200b\u90fd\u200b\u5df2\u200b\u6253\u5305\u200b\u6210\u200b\u5bf9\u5e94\u200b\u955c\u50cf\u200b\uff0c\u200b\u5e76\u200b\u53ef\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u8fd0\u884c\u200b\u3002
"},{"location":"reference/architecture/#ovn-central","title":"ovn-central","text":"ovn-central Deployment \u200b\u8fd0\u884c\u200b OVN \u200b\u7684\u200b\u7ba1\u7406\u200b\u5e73\u9762\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u5305\u62ec\u200b ovn-nb, ovn-sb, \u200b\u548c\u200b ovn-northd\u3002
ovn-nb\uff1a \u200b\u4fdd\u5b58\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\uff0c\u200b\u5e76\u200b\u63d0\u4f9b\u200b API \u200b\u8fdb\u884c\u200b\u865a\u62df\u200b\u7f51\u7edc\u7ba1\u7406\u200b\u3002kube-ovn-controller \u200b\u5c06\u4f1a\u200b\u4e3b\u8981\u200b\u548c\u200b ovn-nb \u200b\u8fdb\u884c\u200b\u4ea4\u4e92\u200b\u914d\u7f6e\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u3002ovn-sb\uff1a \u200b\u4fdd\u5b58\u200b\u4ece\u200b ovn-nb \u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u7edc\u200b\u751f\u6210\u200b\u7684\u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5404\u4e2a\u200b\u8282\u70b9\u200b\u7684\u200b\u5b9e\u9645\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u72b6\u6001\u200b\u3002ovn-northd\uff1a\u200b\u5c06\u200b ovn-nb \u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u7ffb\u8bd1\u6210\u200b ovn-sb \u200b\u4e2d\u200b\u7684\u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\u3002
\u200b\u591a\u4e2a\u200b ovn-central \u200b\u5b9e\u4f8b\u200b\u4f1a\u200b\u901a\u8fc7\u200b Raft \u200b\u534f\u8bae\u200b\u540c\u6b65\u200b\u6570\u636e\u200b\u4fdd\u8bc1\u200b\u9ad8\u200b\u53ef\u7528\u200b\u3002
"},{"location":"reference/architecture/#ovs-ovn","title":"ovs-ovn","text":"ovs-ovn \u200b\u4ee5\u200b DaemonSet \u200b\u5f62\u5f0f\u200b\u8fd0\u884c\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\uff0c\u200b\u5728\u200b Pod \u200b\u5185\u200b\u8fd0\u884c\u200b\u4e86\u200b openvswitch, ovsdb, \u200b\u548c\u200b ovn-controller\u3002\u200b\u8fd9\u4e9b\u200b\u7ec4\u4ef6\u200b\u4f5c\u4e3a\u200b ovn-central \u200b\u7684\u200b Agent \u200b\u5c06\u200b\u903b\u8f91\u200b\u6d41\u8868\u200b\u7ffb\u8bd1\u6210\u200b\u771f\u5b9e\u200b\u7684\u200b\u7f51\u7edc\u200b\u914d\u7f6e\u200b\u3002
"},{"location":"reference/architecture/#agent","title":"\u6838\u5fc3\u200b\u63a7\u5236\u5668\u200b\u548c\u200b Agent","text":"\u200b\u8be5\u200b\u90e8\u5206\u200b\u4e3a\u200b Kube-OVN \u200b\u7684\u200b\u6838\u5fc3\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u4f5c\u4e3a\u200b OVN \u200b\u548c\u200b Kubernetes \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4e00\u4e2a\u200b\u6865\u6881\u200b\uff0c\u200b\u5c06\u200b\u4e24\u4e2a\u200b\u7cfb\u7edf\u200b\u6253\u901a\u200b\u5e76\u200b\u5c06\u200b\u7f51\u7edc\u200b\u6982\u5ff5\u200b\u8fdb\u884c\u200b\u76f8\u4e92\u200b\u8f6c\u6362\u200b\u3002 \u200b\u5927\u90e8\u5206\u200b\u7684\u200b\u6838\u5fc3\u200b\u529f\u80fd\u200b\u90fd\u200b\u5728\u200b\u8be5\u200b\u90e8\u5206\u200b\u7ec4\u4ef6\u200b\u4e2d\u200b\u5b9e\u73b0\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-controller","title":"kube-ovn-controller","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b Deployment \u200b\u6267\u884c\u200b\u6240\u6709\u200b Kubernetes \u200b\u5185\u200b\u8d44\u6e90\u200b\u5230\u200b OVN \u200b\u8d44\u6e90\u200b\u7684\u200b\u7ffb\u8bd1\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u5176\u200b\u4f5c\u7528\u200b\u76f8\u5f53\u4e8e\u200b\u6574\u4e2a\u200b Kube-OVN \u200b\u7cfb\u7edf\u200b\u7684\u200b\u63a7\u5236\u200b\u5e73\u9762\u200b\u3002 kube-ovn-controller \u200b\u76d1\u542c\u200b\u4e86\u200b\u6240\u6709\u200b\u548c\u200b\u7f51\u7edc\u200b\u529f\u80fd\u200b\u76f8\u5173\u200b\u8d44\u6e90\u200b\u7684\u200b\u4e8b\u4ef6\u200b\uff0c\u200b\u5e76\u200b\u6839\u636e\u200b\u8d44\u6e90\u200b\u53d8\u5316\u200b\u60c5\u51b5\u200b\u66f4\u65b0\u200b OVN \u200b\u5185\u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u7edc\u200b\u3002\u200b\u4e3b\u8981\u200b\u76d1\u542c\u200b\u7684\u200b\u8d44\u6e90\u200b\u5305\u62ec\u200b\uff1a Pod\uff0cService\uff0cEndpoint\uff0cNode\uff0cNetworkPolicy\uff0cVPC\uff0cSubnet\uff0cVlan\uff0cProviderNetwork\u3002
\u200b\u4ee5\u200b Pod \u200b\u4e8b\u4ef6\u200b\u4e3a\u4f8b\u200b\uff0c kube-ovn-controller \u200b\u76d1\u542c\u200b\u5230\u200b Pod \u200b\u521b\u5efa\u200b\u4e8b\u4ef6\u200b\u540e\u200b\uff0c\u200b\u901a\u8fc7\u200b\u5185\u7f6e\u200b\u7684\u200b\u5185\u5b58\u200b IPAM \u200b\u529f\u80fd\u200b\u5206\u914d\u200b\u5730\u5740\u200b\uff0c\u200b\u5e76\u200b\u8c03\u7528\u200b ovn-central \u200b\u521b\u5efa\u200b \u200b\u903b\u8f91\u200b\u7aef\u53e3\u200b\uff0c\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u548c\u200b\u53ef\u80fd\u200b\u7684\u200b ACL \u200b\u89c4\u5219\u200b\u3002\u200b\u63a5\u4e0b\u6765\u200b kube-ovn-controller \u200b\u5c06\u200b\u5206\u914d\u200b\u5230\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u548c\u200b\u5b50\u7f51\u200b\u4fe1\u606f\u200b\u4f8b\u5982\u200b CIDR\uff0c\u200b\u7f51\u5173\u200b\uff0c\u200b\u8def\u7531\u200b\u7b49\u200b\u4fe1\u606f\u200b\u5199\u4f1a\u200b\u5230\u200b Pod \u200b\u7684\u200b annotation \u200b\u4e2d\u200b\u3002\u200b\u8be5\u200b annotation \u200b\u540e\u7eed\u200b\u4f1a\u200b\u88ab\u200b kube-ovn-cni \u200b\u8bfb\u53d6\u200b\u7528\u6765\u200b\u914d\u7f6e\u200b\u672c\u5730\u7f51\u7edc\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-cni","title":"kube-ovn-cni","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b DaemonSet \u200b\u8fd0\u884c\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\uff0c\u200b\u5b9e\u73b0\u200b CNI \u200b\u63a5\u53e3\u200b\uff0c\u200b\u5e76\u200b\u64cd\u4f5c\u200b\u672c\u5730\u200b\u7684\u200b OVS \u200b\u914d\u7f6e\u200b\u5355\u673a\u200b\u7f51\u7edc\u200b\u3002
\u200b\u8be5\u200b DaemonSet \u200b\u4f1a\u200b\u590d\u5236\u200b kube-ovn \u200b\u4e8c\u8fdb\u5236\u200b\u6587\u4ef6\u200b\u5230\u200b\u6bcf\u53f0\u200b\u673a\u5668\u200b\uff0c\u200b\u4f5c\u4e3a\u200b kubelet \u200b\u548c\u200b kube-ovn-cni \u200b\u4e4b\u95f4\u200b\u7684\u200b\u4ea4\u4e92\u200b\u5de5\u5177\u200b\uff0c\u200b\u5c06\u200b\u76f8\u5e94\u200b CNI \u200b\u8bf7\u6c42\u200b \u200b\u53d1\u9001\u7ed9\u200b kube-ovn-cni \u200b\u6267\u884c\u200b\u3002\u200b\u8be5\u200b\u4e8c\u8fdb\u5236\u200b\u6587\u4ef6\u200b\u9ed8\u8ba4\u200b\u4f1a\u200b\u88ab\u200b\u590d\u5236\u5230\u200b /opt/cni/bin \u200b\u76ee\u5f55\u200b\u4e0b\u200b\u3002
kube-ovn-cni \u200b\u4f1a\u200b\u914d\u7f6e\u200b\u5177\u4f53\u200b\u7684\u200b\u7f51\u7edc\u200b\u6765\u200b\u6267\u884c\u200b\u76f8\u5e94\u200b\u6d41\u91cf\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u4e3b\u8981\u200b\u5de5\u4f5c\u200b\u5305\u62ec\u200b\uff1a
- \u200b\u914d\u7f6e\u200b
ovn-controller \u200b\u548c\u200b vswitchd\u3002 - \u200b\u5904\u7406\u200b CNI add/del \u200b\u8bf7\u6c42\u200b\uff1a
- \u200b\u521b\u5efa\u200b\u5220\u9664\u200b veth \u200b\u5e76\u200b\u548c\u200b OVS \u200b\u7aef\u53e3\u200b\u7ed1\u5b9a\u200b\u3002
- \u200b\u914d\u7f6e\u200b OVS \u200b\u7aef\u53e3\u200b\u4fe1\u606f\u200b\u3002
- \u200b\u66f4\u65b0\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b iptables/ipset/route \u200b\u7b49\u200b\u89c4\u5219\u200b\u3002
- \u200b\u52a8\u6001\u200b\u66f4\u65b0\u200b\u5bb9\u5668\u200b QoS.
- \u200b\u521b\u5efa\u200b\u5e76\u200b\u914d\u7f6e\u200b
ovn0 \u200b\u7f51\u5361\u200b\u8054\u901a\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u548c\u200b\u4e3b\u673a\u200b\u7f51\u7edc\u200b\u3002 - \u200b\u914d\u7f6e\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b\u6765\u200b\u5b9e\u73b0\u200b Vlan/Underlay/EIP \u200b\u7b49\u200b\u529f\u80fd\u200b\u3002
- \u200b\u52a8\u6001\u200b\u914d\u7f6e\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u7f51\u200b\u5173\u200b\u3002
"},{"location":"reference/architecture/#_3","title":"\u76d1\u63a7\u200b\uff0c\u200b\u8fd0\u7ef4\u200b\u5de5\u5177\u200b\u548c\u200b\u6269\u5c55\u200b\u7ec4\u4ef6","text":"\u200b\u8be5\u200b\u90e8\u5206\u200b\u7ec4\u4ef6\u200b\u4e3b\u8981\u200b\u63d0\u4f9b\u200b\u76d1\u63a7\u200b\uff0c\u200b\u8bca\u65ad\u200b\uff0c\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u4ee5\u53ca\u200b\u548c\u200b\u5916\u90e8\u200b\u8fdb\u884c\u200b\u5bf9\u63a5\u200b\uff0c\u200b\u5bf9\u200b Kube-OVN \u200b\u7684\u200b\u6838\u5fc3\u200b\u7f51\u7edc\u200b\u80fd\u529b\u200b\u8fdb\u884c\u200b\u6269\u5c55\u200b\uff0c\u200b\u5e76\u200b\u7b80\u5316\u200b\u65e5\u5e38\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-speaker","title":"kube-ovn-speaker","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b DaemonSet \u200b\u8fd0\u884c\u200b\u5728\u200b\u7279\u5b9a\u200b\u6807\u7b7e\u200b\u7684\u200b\u8282\u70b9\u200b\u4e0a\u200b\uff0c\u200b\u5bf9\u5916\u200b\u53d1\u5e03\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u7684\u200b\u8def\u7531\u200b\uff0c\u200b\u4f7f\u5f97\u200b\u5916\u90e8\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b Pod IP \u200b\u8bbf\u95ee\u200b\u5bb9\u5668\u200b\u3002
\u200b\u66f4\u200b\u591a\u200b\u76f8\u5173\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u8bf7\u200b\u53c2\u8003\u200b BGP \u200b\u652f\u6301\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-pinger","title":"kube-ovn-pinger","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b DaemonSet \u200b\u8fd0\u884c\u200b\u5728\u200b\u6bcf\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u6536\u96c6\u200b OVS \u200b\u8fd0\u884c\u200b\u4fe1\u606f\u200b\uff0c\u200b\u8282\u70b9\u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\uff0c\u200b\u7f51\u7edc\u200b\u5ef6\u8fdf\u200b\u7b49\u200b\u4fe1\u606f\u200b\uff0c\u200b\u6536\u96c6\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u53ef\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
"},{"location":"reference/architecture/#kube-ovn-monitor","title":"kube-ovn-monitor","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b\u4e00\u4e2a\u200b Deployment \u200b\u6536\u96c6\u200b OVN \u200b\u7684\u200b\u8fd0\u884c\u200b\u4fe1\u606f\u200b\uff0c\u200b\u6536\u96c6\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u53ef\u200b\u53c2\u8003\u200b Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
"},{"location":"reference/architecture/#kubectl-ko","title":"kubectl-ko","text":"\u200b\u8be5\u200b\u7ec4\u4ef6\u200b\u4e3a\u200b kubectl \u200b\u63d2\u4ef6\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5feb\u901f\u200b\u8fd0\u884c\u200b\u5e38\u89c1\u200b\u8fd0\u7ef4\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u66f4\u200b\u591a\u200b\u4f7f\u7528\u200b\u8bf7\u200b\u53c2\u8003\u200b kubectl \u200b\u63d2\u4ef6\u200b\u4f7f\u7528\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/dev-env/","title":"\u5f00\u53d1\u200b\u73af\u5883\u200b\u6784\u5efa","text":""},{"location":"reference/dev-env/#_2","title":"\u73af\u5883\u200b\u51c6\u5907","text":"Kube-OVN \u200b\u4f7f\u7528\u200b Go 1.20 \u200b\u5f00\u53d1\u200b\u5e76\u200b\u4f7f\u7528\u200b Go Modules \u200b\u7ba1\u7406\u200b\u4f9d\u8d56\u200b\uff0c \u200b\u8bf7\u200b\u786e\u8ba4\u200b\u73af\u5883\u53d8\u91cf\u200b GO111MODULE=\"on\"\u3002
gosec \u200b\u88ab\u200b\u7528\u6765\u200b\u626b\u63cf\u200b\u4ee3\u7801\u200b\u5b89\u5168\u200b\u76f8\u5173\u200b\u95ee\u9898\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u5f00\u53d1\u200b\u73af\u5883\u200b\u5b89\u88c5\u200b\uff1a
go install github.com/securego/gosec/v2/cmd/gosec@latest\n
\u200b\u4e3a\u4e86\u200b\u964d\u4f4e\u200b\u6700\u7ec8\u200b\u751f\u6210\u200b\u955c\u50cf\u200b\u5927\u5c0f\u200b\uff0cKube-OVN \u200b\u4f7f\u7528\u200b\u4e86\u200b\u90e8\u5206\u200b Docker buildx \u200b\u8bd5\u9a8c\u200b\u7279\u6027\u200b\uff0c\u200b\u8bf7\u200b\u66f4\u65b0\u200b Docker \u200b\u81f3\u200b\u6700\u65b0\u200b\u7248\u672c\u200b \u200b\u5e76\u200b\u5f00\u542f\u200b buildx:
docker buildx create --use\n
"},{"location":"reference/dev-env/#_3","title":"\u6784\u5efa\u200b\u955c\u50cf","text":"\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u200b\u4ee3\u7801\u200b\uff0c\u200b\u5e76\u200b\u751f\u6210\u200b\u8fd0\u884c\u200b Kube-OVN \u200b\u6240\u200b\u9700\u200b\u955c\u50cf\u200b\uff1a
git clone https://github.com/kubeovn/kube-ovn.git\ncd kube-ovn\nmake release\n
\u200b\u5982\u9700\u200b\u6784\u5efa\u200b\u5728\u200b ARM \u200b\u73af\u5883\u200b\u4e0b\u200b\u8fd0\u884c\u200b\u7684\u200b\u955c\u50cf\u200b\uff0c\u200b\u8bf7\u200b\u6267\u884c\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\uff1a
make release-arm\n
"},{"location":"reference/dev-env/#base","title":"\u6784\u5efa\u200b base \u200b\u955c\u50cf","text":"\u200b\u5982\u200b\u9700\u8981\u200b\u66f4\u6539\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u7248\u672c\u200b\uff0c\u200b\u4f9d\u8d56\u200b\u5e93\u200b\uff0cOVS/OVN \u200b\u4ee3\u7801\u200b\u7b49\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u200b base \u200b\u955c\u50cf\u200b\u8fdb\u884c\u200b\u91cd\u65b0\u200b\u6784\u5efa\u200b\u3002
base \u200b\u955c\u50cf\u200b\u4f7f\u7528\u200b\u7684\u200b Dockerfile \u200b\u4e3a\u200b dist/images/Dockerfile.base\u3002
\u200b\u6784\u5efa\u200b\u65b9\u6cd5\u200b\uff1a
# build x86 base image\nmake base-amd64\n\n# build arm base image\nmake base-arm64\n
"},{"location":"reference/dev-env/#e2e","title":"\u8fd0\u884c\u200b E2E","text":"Kube-OVN \u200b\u4f7f\u7528\u200b KIND \u200b\u6784\u5efa\u200b\u672c\u5730\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\uff0cj2cli \u200b\u6e32\u67d3\u200b\u6a21\u677f\u200b\uff0c Ginkgo \u200b\u6765\u200b\u8fd0\u884c\u200b\u6d4b\u8bd5\u4ee3\u7801\u200b\u3002\u200b\u8bf7\u200b\u53c2\u8003\u200b\u76f8\u5173\u200b\u6587\u6863\u200b\u8fdb\u884c\u200b\u4f9d\u8d56\u200b\u5b89\u88c5\u200b\u3002
\u200b\u672c\u5730\u200b\u6267\u884c\u200b E2E \u200b\u6d4b\u8bd5\u200b\uff1a
make kind-init\nmake kind-install\nmake e2e\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b Underlay E2E \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install-underlay\nmake e2e-underlay-single-nic\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b ovn vpc nat gw eip, fip, snat, dnat \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install\nmake ovn-vpc-nat-gw-conformance-e2e\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b iptables vpc nat gw eip, fip, snat, dnat \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install\nmake kind-install-vpc-nat-gw\nmake iptables-vpc-nat-gw-conformance-e2e\n
\u200b\u5982\u9700\u200b\u8fd0\u884c\u200b loadbalancer service \u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-init\nmake kind-install\nmake kind-install-lb-svc\nmake kube-ovn-lb-svc-conformance-e2e\n
\u200b\u5982\u9700\u200b\u6e05\u7406\u200b\uff0c\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u547d\u4ee4\u200b\uff1a
make kind-clean\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/document-convention/","title":"\u6587\u6863\u200b\u89c4\u8303","text":"\u200b\u4e3a\u4e86\u200b\u4fdd\u8bc1\u200b\u6587\u6863\u200b\u98ce\u683c\u200b\u4e00\u81f4\u200b\uff0c\u200b\u8bf7\u200b\u5728\u200b\u63d0\u4ea4\u200b\u6587\u6863\u200b\u65f6\u200b\u9075\u5faa\u200b\u4e0b\u5217\u200b\u7684\u200b\u98ce\u683c\u200b\u89c4\u8303\u200b\u3002
"},{"location":"reference/document-convention/#_2","title":"\u6807\u70b9","text":"\u200b\u4e2d\u6587\u200b\u6587\u6863\u200b\u4e2d\u200b\u6587\u672c\u200b\u5185\u5bb9\u200b\u6240\u6709\u200b\u6807\u70b9\u200b\u5e94\u200b\u4f7f\u7528\u200b\u4e2d\u6587\u200b\u683c\u5f0f\u200b\u6807\u70b9\u200b\uff0c\u200b\u82f1\u6587\u200b\u6587\u6863\u200b\u4e2d\u200b\u6240\u6709\u200b\u6587\u672c\u200b\u5185\u5bb9\u200b\u4e2d\u5e94\u200b\u4f7f\u7528\u200b\u82f1\u6587\u200b\u6807\u70b9\u200b\u3002
BadGood \u200b\u8fd9\u91cc\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b,\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u5feb\u901f\u200b\u5b89\u88c5\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b,\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b. \u200b\u8fd9\u91cc\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u5feb\u901f\u200b\u5b89\u88c5\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b\uff0c\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u3002 \u200b\u82f1\u6587\u200b\u6570\u5b57\u200b\u548c\u200b\u4e2d\u6587\u200b\u5e94\u8be5\u200b\u7528\u200b\u7a7a\u683c\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002
BadGood Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u6765\u200b\u5b89\u88c5\u200b 1.10 \u200b\u7248\u672c\u200b Kube-OVN\u3002 Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\u6765\u200b\u5b89\u88c5\u200b 1.10 \u200b\u7248\u672c\u200b Kube-OVN\u3002 \u200b\u793a\u4f8b\u200b\u5185\u5bb9\u200b\u5e94\u8be5\u200b\u4ee5\u200b \uff1a \u200b\u5f00\u542f\u200b\uff0c\u200b\u5176\u4ed6\u200b\u53e5\u200b\u5c3e\u200b\u9700\u8981\u200b\u7528\u200b \u3002 \u200b\u7ed3\u675f\u200b\u3002
BadGood \u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b \u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\u3002 wget 127.0.0.1\n
\u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b\u3002 \u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a wget 127.0.0.1\n
"},{"location":"reference/document-convention/#_3","title":"\u4ee3\u7801\u200b\u5757","text":"yaml \u200b\u4ee3\u7801\u200b\u5757\u200b\u9700\u8981\u200b\u6807\u8bc6\u200b\u4e3a\u200b yaml\u3002
BadGood ````\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\n````\n
````yaml\napiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: attach-subnet\n````\n
\u200b\u547d\u4ee4\u884c\u200b\u64cd\u4f5c\u200b\u793a\u4f8b\u200b\u4ee3\u7801\u200b\u5757\u200b\u9700\u8981\u200b\u6807\u8bc6\u200b\u4e3a\u200b bash\u3002
BadGood ````\nwget 127.0.0.1\n````\n
````bash\nwget 127.0.0.1\n````\n
\u200b\u5982\u679c\u200b\u547d\u4ee4\u884c\u200b\u64cd\u4f5c\u200b\u793a\u4f8b\u200b\u4e2d\u200b\u5305\u542b\u200b\u8f93\u51fa\u200b\u5185\u5bb9\u200b\uff0c\u200b\u5219\u200b\u6240\u200b\u6267\u884c\u547d\u4ee4\u200b\u9700\u8981\u200b\u4ee5\u200b # \u200b\u5f00\u59cb\u200b\uff0c\u200b\u4ee5\u200b\u533a\u5206\u200b\u8f93\u5165\u200b\u4e0e\u200b\u8f93\u51fa\u200b\u3002
BadGood oilbeater@macdeMac-3 ~ ping 114.114.114.114 -c 3\nPING 114.114.114.114 (114.114.114.114): 56 data bytes\n64 bytes from 114.114.114.114: icmp_seq=0 ttl=83 time=10.429 ms\n64 bytes from 114.114.114.114: icmp_seq=1 ttl=79 time=11.360 ms\n64 bytes from 114.114.114.114: icmp_seq=2 ttl=76 time=10.794 ms\n\n--- 114.114.114.114 ping statistics ---\n3 packets transmitted, 3 packets received, 0.0% packet loss\nround-trip min/avg/max/stddev = 10.429/10.861/11.360/0.383 ms\n
# ping 114.114.114.114 -c 3\nPING 114.114.114.114 (114.114.114.114): 56 data bytes\n64 bytes from 114.114.114.114: icmp_seq=0 ttl=83 time=10.429 ms\n64 bytes from 114.114.114.114: icmp_seq=1 ttl=79 time=11.360 ms\n64 bytes from 114.114.114.114: icmp_seq=2 ttl=76 time=10.794 ms\n\n--- 114.114.114.114 ping statistics ---\n3 packets transmitted, 3 packets received, 0.0% packet loss\nround-trip min/avg/max/stddev = 10.429/10.861/11.360/0.383 ms\n
\u200b\u5982\u679c\u200b\u547d\u4ee4\u884c\u200b\u64cd\u4f5c\u200b\u793a\u4f8b\u200b\u4e2d\u200b\u53ea\u200b\u5305\u542b\u200b\u6267\u884c\u547d\u4ee4\u200b\uff0c\u200b\u6ca1\u6709\u200b\u8f93\u51fa\u200b\u7ed3\u679c\u200b\uff0c\u200b\u5219\u200b\u591a\u6761\u200b\u547d\u4ee4\u200b\u65e0\u9700\u200b # \u200b\u5f00\u59cb\u200b\u3002
BadGood # mv /etc/origin/ovn/ovnnb_db.db /tmp\n# mv /etc/origin/ovn/ovnsb_db.db /tmp\n
mv /etc/origin/ovn/ovnnb_db.db /tmp\nmv /etc/origin/ovn/ovnsb_db.db /tmp\n
"},{"location":"reference/document-convention/#_4","title":"\u94fe\u63a5","text":"\u200b\u7ad9\u200b\u5185\u200b\u94fe\u63a5\u200b\u4f7f\u7528\u200b\u5bf9\u5e94\u200b md \u200b\u6587\u4ef6\u200b\u8def\u5f84\u200b\u3002
BadGood \u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u53c2\u8003\u200b[\u200b\u51c6\u5907\u200b\u5de5\u4f5c\u200b](http://kubeovn.github.io/prepare)\u3002\n
\u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u53c2\u8003\u200b[\u200b\u51c6\u5907\u200b\u5de5\u4f5c\u200b](./prepare.md)\u3002\n
BadGood \u200b\u5982\u200b\u6709\u200b\u95ee\u9898\u200b\u8bf7\u200b\u53c2\u8003\u200b [Kubernetes \u200b\u6587\u6863\u200b](http://kubernetes.io)\u3002\n
\u200b\u5982\u200b\u6709\u200b\u95ee\u9898\u200b\u8bf7\u200b\u53c2\u8003\u200b [Kubernetes \u200b\u6587\u6863\u200b](http://kubernetes.io){: target=\"_blank\" }\u3002\n
"},{"location":"reference/document-convention/#_5","title":"\u7a7a\u884c","text":"\u200b\u4e0d\u540c\u200b\u903b\u8f91\u200b\u5757\u200b\uff0c\u200b\u4f8b\u5982\u200b\u6807\u9898\u200b\u548c\u200b\u6587\u672c\u200b\uff0c\u200b\u6587\u672c\u200b\u548c\u200b\u4ee3\u7801\u200b\uff0c\u200b\u6587\u672c\u200b\u548c\u200b\u7f16\u53f7\u200b\u4e4b\u95f4\u200b\u9700\u8981\u200b\u7528\u200b\u7a7a\u884c\u200b\u5206\u9694\u200b\u3002
BadGood \u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n```bash\nwget 127.0.0.1\n```\n
\u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n\n```bash\nwget 127.0.0.1\n```\n
\u200b\u4e0d\u540c\u200b\u903b\u8f91\u200b\u5757\u200b\u4e4b\u95f4\u200b\u53ea\u200b\u4f7f\u7528\u200b\u4e00\u4e2a\u200b\u7a7a\u884c\u200b\u8fdb\u884c\u200b\u5206\u9694\u200b\u3002
BadGood \u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n\n\n\n```bash\nwget 127.0.0.1\n```\n
\u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u8fdb\u884c\u200b\u5b89\u88c5\u200b\uff1a\n\n```bash\nwget 127.0.0.1\n```\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/feature-stage/","title":"\u529f\u80fd\u200b\u6210\u719f\u5ea6","text":"\u200b\u5728\u200b Kube-OVN \u200b\u4e2d\u200b\u6839\u636e\u200b\u529f\u80fd\u200b\u4f7f\u7528\u200b\u5ea6\u200b\uff0c\u200b\u6587\u6863\u200b\u5b8c\u5584\u200b\u7a0b\u5ea6\u200b\u548c\u200b\u6d4b\u8bd5\u200b\u8986\u76d6\u200b\u7a0b\u5ea6\u200b\u5c06\u200b\u529f\u80fd\u200b\u6210\u719f\u5ea6\u200b\u5206\u4e3a\u200b Alpha\uff0cBeta \u200b\u548c\u200b GA \u200b\u4e09\u4e2a\u200b\u9636\u6bb5\u200b\u3002
"},{"location":"reference/feature-stage/#_2","title":"\u6210\u719f\u5ea6\u200b\u5b9a\u4e49","text":"\u200b\u5bf9\u4e8e\u200b Alpha \u200b\u529f\u80fd\u200b\uff1a
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u6ca1\u6709\u200b\u5b8c\u6574\u200b\u7684\u200b\u6587\u6863\u200b\u548c\u200b\u5b8c\u5584\u200b\u7684\u200b\u6d4b\u8bd5\u200b\u8986\u76d6\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u672a\u6765\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u53d1\u751f\u53d8\u5316\u200b\u751a\u81f3\u200b\u6574\u4f53\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b API \u200b\u4e0d\u200b\u4fdd\u8bc1\u200b\u7a33\u5b9a\u200b\uff0c\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u88ab\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u793e\u533a\u200b\u652f\u6301\u200b\u4f18\u5148\u7ea7\u200b\u8f83\u200b\u4f4e\u200b\uff0c\u200b\u4e14\u200b\u65e0\u6cd5\u200b\u4fdd\u8bc1\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u529f\u80fd\u200b\u7a33\u5b9a\u6027\u200b\u548c\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u65e0\u6cd5\u200b\u4fdd\u8bc1\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u8fdb\u884c\u200b\u6d4b\u8bd5\u200b\u9a8c\u8bc1\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u200b\u63a8\u8350\u200b\u751f\u4ea7\u200b\u4f7f\u7528\u200b\u3002
\u200b\u5bf9\u4e8e\u200b Beta \u200b\u529f\u80fd\u200b\uff1a
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u6709\u200b\u90e8\u5206\u200b\u6587\u6863\u200b\u548c\u200b\u6d4b\u8bd5\u200b\uff0c\u200b\u4f46\u662f\u200b\u4e0d\u200b\u4fdd\u8bc1\u200b\u5b8c\u6574\u200b\u7684\u200b\u8986\u76d6\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u672a\u6765\u200b\u53ef\u80fd\u200b\u53d1\u751f\u53d8\u5316\u200b\uff0c\u200b\u5347\u7ea7\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u5f71\u54cd\u200b\u7f51\u7edc\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u4f1a\u200b\u88ab\u200b\u6574\u4f53\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b API \u200b\u672a\u6765\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u53d1\u751f\u53d8\u5316\u200b\uff0c\u200b\u5b57\u200b\u6bb5\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u8fdb\u884c\u200b\u8c03\u6574\u200b\uff0c\u200b\u4f46\u200b\u4e0d\u4f1a\u200b\u6574\u4f53\u200b\u79fb\u9664\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5f97\u5230\u200b\u793e\u533a\u200b\u7684\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u3002
- \u200b\u7531\u4e8e\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5f97\u5230\u200b\u957f\u671f\u200b\u652f\u6301\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5728\u200b\u975e\u5173\u952e\u200b\u4e1a\u52a1\u200b\u4e0a\u200b\u8fdb\u884c\u200b\u4f7f\u7528\u200b\uff0c\u200b\u4f46\u662f\u200b\u7531\u4e8e\u200b\u529f\u80fd\u200b\u548c\u200b API \u200b\u5b58\u5728\u200b\u53d8\u5316\u200b\u7684\u200b\u53ef\u80fd\u200b\uff0c\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u5728\u200b\u5347\u7ea7\u200b\u4e2d\u200b\u51fa\u73b0\u200b\u4e2d\u65ad\u200b\uff0c\u200b\u4e0d\u200b\u63a8\u8350\u200b\u5728\u200b\u5173\u952e\u200b\u751f\u4ea7\u200b\u4e1a\u52a1\u200b\u4e0a\u200b\u4f7f\u7528\u200b\u3002
\u200b\u5bf9\u4e8e\u200b GA \u200b\u529f\u80fd\u200b\uff1a
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u6709\u200b\u5b8c\u6574\u200b\u7684\u200b\u6587\u6863\u200b\u548c\u200b\u6d4b\u8bd5\u200b\u8986\u76d6\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u4fdd\u6301\u7a33\u5b9a\u200b\uff0c\u200b\u5347\u7ea7\u200b\u4f1a\u200b\u4fdd\u8bc1\u200b\u5e73\u6ed1\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b API \u200b\u4e0d\u4f1a\u200b\u53d1\u751f\u200b\u7834\u574f\u6027\u200b\u53d8\u5316\u200b\u3002
- \u200b\u8be5\u200b\u529f\u80fd\u200b\u4f1a\u200b\u5f97\u5230\u200b\u793e\u533a\u200b\u9ad8\u200b\u4f18\u5148\u7ea7\u200b\u652f\u6301\u200b\uff0c\u200b\u5e76\u4f1a\u200b\u4fdd\u8bc1\u200b\u957f\u671f\u200b\u652f\u6301\u200b\u3002
"},{"location":"reference/feature-stage/#_3","title":"\u6210\u719f\u5ea6\u200b\u5217\u8868","text":"\u200b\u672c\u200b\u5217\u8868\u200b\u7edf\u8ba1\u200b\u4ece\u200b v1.8 \u200b\u7248\u672c\u200b\u4e2d\u200b\u5305\u542b\u200b\u7684\u200b\u529f\u80fd\u200b\u5bf9\u5e94\u200b\u6210\u719f\u5ea6\u200b\u3002
\u200b\u529f\u80fd\u200b \u200b\u9ed8\u8ba4\u200b\u5f00\u542f\u200b \u200b\u72b6\u6001\u200b \u200b\u5f00\u59cb\u200b\uff08Since\uff09 \u200b\u7ed3\u675f\u200b\uff08Until\uff09 Namespaced Subnet true GA 1.8 \u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b true GA 1.8 \u200b\u4e3b\u4ece\u200b\u6a21\u5f0f\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b true GA 1.8 ECMP \u200b\u6a21\u5f0f\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b false Beta 1.8 \u200b\u5b50\u7f51\u200b ACL true Alpha 1.9 \u200b\u5b50\u7f51\u200b\u9694\u79bb\u200b (\u200b\u672a\u6765\u200b\u4f1a\u200b\u548c\u200b\u5b50\u7f51\u200b ACL \u200b\u5408\u5e76\u200b) true Beta 1.8 Underlay \u200b\u5b50\u7f51\u200b true GA 1.8 \u200b\u591a\u200b\u7f51\u5361\u200b\u7ba1\u7406\u200b true Beta 1.8 \u200b\u5b50\u7f51\u200b DHCP false Alpha 1.10 \u200b\u5b50\u7f51\u200b\u8bbe\u7f6e\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b false Alpha 1.8 \u200b\u4f7f\u7528\u200b OVN-IC \u200b\u8fdb\u884c\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b false Beta 1.8 \u200b\u4f7f\u7528\u200b Submariner \u200b\u8fdb\u884c\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b false Alpha 1.9 \u200b\u5b50\u7f51\u200b VIP \u200b\u9884\u7559\u200b true Alpha 1.10 \u200b\u521b\u5efa\u200b\u81ea\u5b9a\u4e49\u200b VPC true Beta 1.8 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u6d6e\u52a8\u200b IP/SNAT/DNAT true Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u9759\u6001\u200b\u8def\u7531\u200b true Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u7b56\u7565\u200b\u8def\u7531\u200b true Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5b89\u5168\u200b\u7ec4\u200b true Alpha 1.10 \u200b\u5bb9\u5668\u200b\u6700\u5927\u200b\u5e26\u5bbd\u200b QoS true GA 1.8 linux-netem QoS true Alpha 1.9 Prometheus \u200b\u96c6\u6210\u200b false GA 1.8 Grafana \u200b\u96c6\u6210\u200b false GA 1.8 \u200b\u53cc\u6808\u200b\u7f51\u7edc\u200b false GA 1.8 \u200b\u9ed8\u8ba4\u200b VPC EIP/SNAT false Beta 1.8 \u200b\u6d41\u91cf\u200b\u955c\u50cf\u200b false GA 1.8 NetworkPolicy true Beta 1.8 Webhook false Alpha 1.10 \u200b\u6027\u80fd\u200b\u8c03\u4f18\u200b false Beta 1.8 Overlay \u200b\u5b50\u7f51\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b false Alpha 1.8 Overlay \u200b\u5b50\u7f51\u200b BGP \u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b false Alpha 1.9 Cilium \u200b\u96c6\u6210\u200b false Alpha 1.10 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u4e92\u8054\u200b false Alpha 1.10 Mellanox Offload false Alpha 1.8 \u200b\u82af\u542f\u6e90\u200b Offload false Alpha 1.10 Windows \u200b\u652f\u6301\u200b false Alpha 1.10 DPDK \u200b\u652f\u6301\u200b false Alpha 1.10 OpenStack \u200b\u96c6\u6210\u200b false Alpha 1.9 \u200b\u5355\u4e2a\u200b Pod \u200b\u56fa\u5b9a\u200b IP/Mac true GA 1.8 Workload \u200b\u56fa\u5b9a\u200b IP true GA 1.8 StatefulSet \u200b\u56fa\u5b9a\u200b IP true GA 1.8 VM \u200b\u56fa\u5b9a\u200b IP false Beta 1.9 \u200b\u9ed8\u8ba4\u200b VPC Load Balancer \u200b\u7c7b\u578b\u200b Service false Alpha 1.11 \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b false Alpha 1.11 \u200b\u81ea\u5b9a\u4e49\u200b VPC DNS false Alpha 1.11 Underlay \u200b\u548c\u200b Overlay \u200b\u4e92\u901a\u200b false Alpha 1.11 \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/iptables-rules/","title":"Iptables \u200b\u89c4\u5219","text":"Kube-OVN \u200b\u4f7f\u7528\u200b ipset \u200b\u53ca\u200b iptables \u200b\u8f85\u52a9\u200b\u5b9e\u73b0\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\uff08Overlay\uff09\u200b\u7f51\u5173\u200b NAT \u200b\u7684\u200b\u529f\u80fd\u200b\u3002
\u200b\u4f7f\u7528\u200b\u7684\u200b ipset \u200b\u5982\u4e0b\u200b\u8868\u200b\u6240\u793a\u200b\uff1a
\u200b\u540d\u79f0\u200b\uff08IPv4/IPv6\uff09 \u200b\u7c7b\u578b\u200b \u200b\u5b58\u50a8\u200b\u5bf9\u8c61\u200b ovn40services/ovn60services hash:net Service \u200b\u7f51\u6bb5\u200b ovn40subnets/ovn60subnets hash:net Overlay \u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\u4ee5\u53ca\u200b NodeLocal DNS IP \u200b\u5730\u5740\u200b ovn40subnets-nat/ovn60subnets-nat hash:net \u200b\u5f00\u542f\u200b NatOutgoing \u200b\u7684\u200b Overlay \u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b ovn40subnets-distributed-gw/ovn60subnets-distributed-gw hash:net \u200b\u5f00\u542f\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\u7684\u200b Overlay \u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b ovn40other-node/ovn60other-node hash:net \u200b\u5176\u5b83\u200b\u8282\u70b9\u200b\u7684\u200b\u5185\u90e8\u200b IP \u200b\u5730\u5740\u200b ovn40local-pod-ip-nat/ovn60local-pod-ip-nat hash:ip \u200b\u5df2\u5f03\u200b\u7528\u200b ovn40subnets-nat-policy hash:net \u200b\u914d\u7f6e\u200b\u4e86\u200b natOutgoingPolicyRules \u200b\u7684\u200b\u6240\u6709\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b ovn40natpr-418e79269dc5-dst hash:net natOutgoingPolicyRules \u200b\u4e2d\u200b rule \u200b\u5bf9\u5e94\u200b\u7684\u200b dstIPs ovn40natpr-418e79269dc5-src hash:net natOutgoingPolicyRules \u200b\u4e2d\u200b rule \u200b\u5bf9\u5e94\u200b\u7684\u200b srcIPs \u200b\u4f7f\u7528\u200b\u7684\u200b iptables \u200b\u89c4\u5219\u200b\uff08IPv4\uff09\u200b\u5982\u4e0b\u200b\u8868\u200b\u6240\u793a\u200b\uff1a
\u200b\u8868\u200b \u200b\u94fe\u200b \u200b\u89c4\u5219\u200b \u200b\u7528\u9014\u200b \u200b\u5907\u6ce8\u200b filter INPUT -m set --match-set ovn40services src -j ACCEPT \u200b\u5141\u8bb8\u200b k8s Service \u200b\u548c\u200b Pod \u200b\u76f8\u5173\u200b\u6d41\u91cf\u200b\u901a\u8fc7\u200b -- filter INPUT -m set --match-set ovn40services dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter INPUT -m set --match-set ovn40subnets src -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter INPUT -m set --match-set ovn40subnets dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40services src -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40services dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40subnets src -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -m set --match-set ovn40subnets dst -j ACCEPT \u200b\u540c\u200b\u4e0a\u200b -- filter FORWARD -s 10.16.0.0/16 -m comment --comment \"ovn-subnet-gateway,ovn-default\" \u200b\u7528\u4e8e\u200b\u8ba1\u6570\u200b\u4ece\u200b subnet \u200b\u8bbf\u95ee\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u7684\u200b\u62a5\u6587\u200b 10.16.0.0/16 \u200b\u4e3a\u200b subnet \u200b\u7684\u200b cidr \uff0ccomment \u200b\u4e2d\u200b\u9017\u53f7\u200b\u524d\u9762\u200b\u7684\u200b ovn-subnet-gateway \u200b\u7528\u4e8e\u200b\u6807\u8bc6\u200b\u8be5\u200b iptables \u200b\u89c4\u5219\u200b\u7528\u4e8e\u200b subnet \u200b\u51fa\u5165\u200b\u7f51\u5173\u200b\u62a5\u6587\u200b\u8ba1\u6570\u200b\uff0c\u200b\u9017\u53f7\u200b\u540e\u9762\u200b ovn-default \u200b\u662f\u200b\u8be5\u200b subnet \u200b\u7684\u200b\u540d\u5b57\u200b filter FORWARD -d 10.16.0.0/16 -m comment --comment \"ovn-subnet-gateway,ovn-default\" \u200b\u7528\u4e8e\u200b\u8ba1\u6570\u200b\u4ece\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u8bbf\u95ee\u200b subnet \u200b\u7684\u200b\u62a5\u6587\u200b \u200b\u540c\u200b\u4e0a\u200b filter OUTPUT -p udp -m udp --dport 6081 -j MARK --set-xmark 0x0 \u200b\u6e05\u9664\u200b\u6d41\u91cf\u200b\u6807\u8bb0\u200b\uff0c\u200b\u907f\u514d\u200b\u6267\u884c\u200b SNAT UDP: bad checksum on VXLAN interface nat PREROUTING -m comment --comment \"kube-ovn prerouting rules\" -j OVN-PREROUTING \u200b\u8fdb\u5165\u200b OVN-PREROUTING \u200b\u94fe\u200b\u5904\u7406\u200b -- nat POSTROUTING -m comment --comment \"kube-ovn postrouting rules\" -j OVN-POSTROUTING \u200b\u8fdb\u5165\u200b OVN-POSTROUTING \u200b\u94fe\u200b\u5904\u7406\u200b -- nat OVN-PREROUTING -i ovn0 -m set --match-set ovn40subnets src -m set --match-set ovn40services dst -j MARK --set-xmark 0x4000/0x4000 \u200b\u4e3a\u200b Pod \u200b\u8bbf\u95ee\u200b Service \u200b\u6d41\u91cf\u200b\u6dfb\u52a0\u200b masquerade \u200b\u6807\u8bb0\u200b \u200b\u4f5c\u7528\u200b\u4e8e\u200b\u5173\u95ed\u200b\u5185\u7f6e\u200b LB \u200b\u7684\u200b\u573a\u666f\u200b nat OVN-PREROUTING -p tcp -m addrtype --dst-type LOCAL -m set --match-set KUBE-NODE-PORT-LOCAL-TCP dst -j MARK --set-xmark 0x80000/0x80000 \u200b\u4e3a\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff08TCP\uff09\u200b\u6dfb\u52a0\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b \u200b\u4ec5\u200b kube-proxy \u200b\u4f7f\u7528\u200b ipvs \u200b\u6a21\u5f0f\u200b\u65f6\u200b\u5b58\u5728\u200b nat OVN-PREROUTING -p udp -m addrtype --dst-type LOCAL -m set --match-set KUBE-NODE-PORT-LOCAL-UDP dst -j MARK --set-xmark 0x80000/0x80000 \u200b\u4e3a\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff08UDP\uff09\u200b\u6dfb\u52a0\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b \u200b\u540c\u200b\u4e0a\u200b nat OVN-POSTROUTING -m set --match-set ovn40services src -m set --match-set ovn40subnets dst -m mark --mark 0x4000/0x4000 -j SNAT --to-source \u200b\u5f53\u200b\u8282\u70b9\u200b\u901a\u8fc7\u200b Service IP \u200b\u8bbf\u95ee\u200b Overlay Pod \u200b\u65f6\u200b\uff0c\u200b\u4fdd\u6301\u200b\u6e90\u200b IP \u200b\u4e3a\u200b\u8282\u70b9\u200b IP\u3002 \u200b\u4ec5\u200b kube-proxy \u200b\u4f7f\u7528\u200b ipvs \u200b\u6a21\u5f0f\u200b\u65f6\u200b\u751f\u6548\u200b nat OVN-POSTROUTING -m mark --mark 0x4000/0x4000 -j MASQUERADE \u200b\u4e3a\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b\u7684\u200b\u6d41\u91cf\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m set --match-set ovn40subnets src -m set --match-set ovn40subnets dst -j MASQUERADE \u200b\u4e3a\u200b\u901a\u8fc7\u200b\u8282\u70b9\u200b\u7684\u200b Pod \u200b\u4e4b\u95f4\u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m mark --mark 0x80000/0x80000 -m set --match-set ovn40subnets-distributed-gw dst -j RETURN \u200b\u5bf9\u4e8e\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff0c\u200b\u82e5\u200b Endpoint \u200b\u4f7f\u7528\u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u65e0\u9700\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m mark --mark 0x80000/0x80000 -j MASQUERADE \u200b\u5bf9\u4e8e\u200b ExternalTrafficPolicy \u200b\u4e3a\u200b Local \u200b\u7684\u200b Service \u200b\u6d41\u91cf\u200b\uff0c\u200b\u82e5\u200b Endpoint \u200b\u4f7f\u7528\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -p tcp -m tcp --tcp-flags SYN NONE -m conntrack --ctstate NEW -j RETURN Pod IP \u200b\u5bf9\u5916\u200b\u66b4\u9732\u200b\u65f6\u200b\uff0c\u200b\u4e0d\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -s 10.16.0.0/16 -m set ! --match-set ovn40subnets dst -j SNAT --to-source 192.168.0.101 Pod \u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0c\u200b\u82e5\u200b\u5b50\u7f51\u200b\u5f00\u542f\u200b NatOutgoing \u200b\u4e14\u200b\u4f7f\u7528\u200b\u6307\u5b9a\u200b IP \u200b\u7684\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u6267\u884c\u200b SNAT 10.16.0.0/16 \u200b\u4e3a\u200b\u5b50\u7f51\u200b\u7f51\u6bb5\u200b\uff0c192.168.0.101 \u200b\u4e3a\u200b\u6307\u5b9a\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b IP nat OVN-POSTROUTING -m set --match-set ovn40subnets-nat src -m set ! --match-set ovn40subnets dst -j MASQUERADE Pod \u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0c\u200b\u82e5\u200b\u5b50\u7f51\u200b\u5f00\u542f\u200b NatOutgoing\uff0c\u200b\u6267\u884c\u200b SNAT -- nat OVN-POSTROUTING -m set --match-set ovn40subnets-nat-policy src -m set ! --match-set ovn40subnets dst -j OVN-NAT-POLICY Pod \u200b\u8bbf\u95ee\u200b\u96c6\u7fa4\u200b\u5916\u200b\u7f51\u7edc\u200b\u65f6\u200b\uff0c\u200b\u82e5\u200b\u5b50\u7f51\u200b\u5f00\u542f\u200b natOutgoingPolicyRules\uff0c\u200b\u6307\u5b9a\u200b\u7b56\u7565\u200b\u7684\u200b\u62a5\u6587\u200b\u6267\u884c\u200b SNAT \u200b\u914d\u7f6e\u200b\u4e86\u200b natOutgoingPolicyRules \u200b\u5b50\u7f51\u200b\u7684\u200b\u51fa\u5916\u200b\u7f51\u200b\u62a5\u6587\u200b\u7684\u200b\u8fdb\u5165\u200b\u94fe\u200b OVN-NAT-POLICY nat OVN-POSTROUTING -m mark --mark 0x90001/0x90001 -j MASQUERADE --random-fully \u200b\u540c\u200b\u4e0a\u200b \u200b\u4ece\u200b OVN-NAT-POLICY \u200b\u51fa\u6765\u200b\u540e\u200b\uff0c\u200b\u5982\u679c\u200b\u88ab\u200b\u6253\u200b\u4e0a\u200b tag 0x90001/0x90001 \u200b\u5c31\u200b\u4f1a\u200b\u505a\u200b SNAT nat OVN-POSTROUTING -m mark --mark 0x90002/0x90002 -j RETURN \u200b\u540c\u200b\u4e0a\u200b \u200b\u4ece\u200b OVN-NAT-POLICY \u200b\u51fa\u6765\u200b\u540e\u200b, \u200b\u5982\u679c\u200b\u88ab\u200b\u6253\u200b\u4e0a\u200b tag 0x90002/0x90002 \u200b\u4e0d\u4f1a\u200b\u505a\u200b SNAT nat OVN-NAT-POLICY -s 10.0.11.0/24 -m comment --comment natPolicySubnet-net1 -j OVN-NAT-PSUBNET-aa98851157c5 \u200b\u540c\u200b\u4e0a\u200b 10.0.11.0/24 \u200b\u8868\u793a\u200b\u5b50\u7f51\u200b net1 \u200b\u7684\u200b CIDR\uff0c OVN-NAT-PSUBNET-aa98851157c5 \u200b\u8fd9\u6761\u200b\u94fe\u4e0b\u200b\u7684\u200b\u89c4\u5219\u200b\u5c31\u200b\u5bf9\u5e94\u200b\u8fd9\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b natOutgoingPolicyRules \u200b\u914d\u7f6e\u200b nat OVN-NAT-PSUBNET-xxxxxxxxxxxx -m set --match-set ovn40natpr-418e79269dc5-src src -m set --match-set ovn40natpr-418e79269dc5-dst dst -j MARK --set-xmark 0x90002/0x90002 \u200b\u540c\u200b\u4e0a\u200b 418e79269dc5 \u200b\u8868\u793a\u200b natOutgoingPolicyRules \u200b\u4e2d\u200b\u7684\u200b\u4e00\u6761\u200b\u89c4\u5219\u200b\u7684\u200b ID\uff0c\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b status.natOutgoingPolicyRules[index].RuleID \u200b\u67e5\u770b\u200b\u5230\u200b\uff0c \u200b\u8868\u793a\u200b srcIPs \u200b\u6ee1\u8db3\u200b ovn40natpr-418e79269dc5-src\uff0c dstIPS \u200b\u6ee1\u8db3\u200b ovn40natpr-418e79269dc5-dst \u200b\u4f1a\u200b\u6253\u200b\u4e0a\u200b tag 0x90002 mangle OVN-OUTPUT -d 10.241.39.2/32 -p tcp -m tcp --dport 80 -j MARK --set-xmark 0x90003/0x90003 \u200b\u5c06\u200b kubelet \u200b\u7684\u200b\u63a2\u6d4b\u200b\u6d41\u91cf\u200b\u52a0\u4e0a\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b\u4ece\u800c\u200b\u5f15\u5165\u200b\u5230\u200b tproxy mangle OVN-PREROUTING -d 10.241.39.2/32 -p tcp -m tcp --dport 80 -j TPROXY --on-port 8102 --on-ip 172.18.0.3 --tproxy-mark 0x90004/0x90004 \u200b\u5c06\u200b kubelet \u200b\u7684\u200b\u63a2\u6d4b\u200b\u6d41\u91cf\u200b\u52a0\u4e0a\u200b\u7279\u5b9a\u200b\u6807\u8bb0\u200b\u4ece\u800c\u200b\u5f15\u5165\u200b\u5230\u200b tproxy \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/kube-ovn-api/","title":"Kube-OVN \u200b\u63a5\u53e3\u200b\u89c4\u8303","text":"\u200b\u57fa\u4e8e\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\uff0c\u200b\u6574\u7406\u200b\u4e86\u200b Kube-OVN \u200b\u652f\u6301\u200b\u7684\u200b CRD \u200b\u8d44\u6e90\u200b\u5217\u8868\u200b\uff0c\u200b\u5217\u51fa\u200b CRD \u200b\u5b9a\u4e49\u200b\u5404\u5b57\u200b\u6bb5\u200b\u7684\u200b\u53d6\u503c\u200b\u7c7b\u578b\u200b\u548c\u200b\u542b\u4e49\u200b\uff0c\u200b\u4ee5\u200b\u4f9b\u53c2\u8003\u200b\u3002
"},{"location":"reference/kube-ovn-api/#condition","title":"\u901a\u7528\u200b\u7684\u200b Condition \u200b\u5b9a\u4e49","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b type String \u200b\u72b6\u6001\u200b\u7c7b\u578b\u200b status String \u200b\u72b6\u6001\u503c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b True\uff0cFalse \u200b\u6216\u200b Unknown reason String \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u7684\u200b\u539f\u56e0\u200b message String \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u7684\u200b\u5177\u4f53\u200b\u4fe1\u606f\u200b lastUpdateTime Time \u200b\u4e0a\u6b21\u200b\u72b6\u6001\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b lastTransitionTime Time \u200b\u4e0a\u6b21\u200b\u72b6\u6001\u200b\u7c7b\u578b\u200b\u53d1\u751f\u53d8\u5316\u200b\u7684\u200b\u65f6\u95f4\u200b \u200b\u5728\u200b\u5404\u200b CRD \u200b\u7684\u200b\u5b9a\u4e49\u200b\u4e2d\u200b\uff0cStatus \u200b\u4e2d\u200b\u7684\u200b Condition \u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u90fd\u200b\u9075\u5faa\u200b\u4e0a\u8ff0\u200b\u683c\u5f0f\u200b\uff0c\u200b\u56e0\u6b64\u200b\u63d0\u524d\u200b\u8fdb\u884c\u200b\u8bf4\u660e\u200b\u3002
"},{"location":"reference/kube-ovn-api/#subnet","title":"Subnet \u200b\u5b9a\u4e49","text":""},{"location":"reference/kube-ovn-api/#subnet_1","title":"Subnet","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Subnet metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec SubnetSpec Subnet \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status SubnetStatus Subnet \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#subnetspec","title":"SubnetSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b default Bool \u200b\u8be5\u200b\u5b50\u7f51\u200b\u662f\u5426\u200b\u4e3a\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b vpc String \u200b\u5b50\u7f51\u200b\u6240\u5c5e\u200b Vpc\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b ovn-cluster protocol String IP \u200b\u534f\u8bae\u200b\uff0c\u200b\u53d6\u503c\u200b\u53ef\u4ee5\u200b\u4e3a\u200b IPv4\uff0cIPv6 \u200b\u6216\u200b Dual namespaces []String \u200b\u8be5\u200b\u5b50\u7f51\u200b\u6240\u200b\u7ed1\u5b9a\u200b\u7684\u200b namespace \u200b\u5217\u8868\u200b cidrBlock String \u200b\u5b50\u7f51\u200b\u7684\u200b\u7f51\u6bb5\u200b\u8303\u56f4\u200b\uff0c\u200b\u5982\u200b 10.16.0.0/16 gateway String \u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b\u8be5\u200b\u5b50\u7f51\u200b CIDRBlock \u200b\u4e0b\u200b\u7684\u200b\u7b2c\u4e00\u4e2a\u200b\u53ef\u7528\u200b\u5730\u5740\u200b excludeIps []String \u200b\u8be5\u200b\u5b50\u7f51\u200b\u4e0b\u200b\u4e0d\u4f1a\u200b\u88ab\u200b\u81ea\u52a8\u200b\u5206\u914d\u200b\u7684\u200b\u5730\u5740\u200b\u8303\u56f4\u200b provider String \u200b\u9ed8\u8ba4\u200b\u4e3a\u200b ovn\u3002\u200b\u591a\u200b\u7f51\u5361\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u53ef\u4ee5\u200b\u914d\u7f6e\u200b\u53d6\u503c\u200b\u4e3a\u200b NetworkAttachmentDefinition \u200b\u7684\u200b .\uff0cKube-OVN \u200b\u5c06\u4f1a\u200b\u4f7f\u7528\u200b\u8fd9\u4e9b\u200b\u4fe1\u606f\u200b\u627e\u5230\u200b\u5bf9\u5e94\u200b\u7684\u200b Subnet \u200b\u8d44\u6e90\u200b gatewayType String Overlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u7684\u200b\u7f51\u5173\u200b\u7c7b\u578b\u200b\uff0c\u200b\u53d6\u503c\u200b\u53ef\u4ee5\u200b\u4e3a\u200b distributed \u200b\u6216\u200b centralized gatewayNode String \u200b\u5f53\u200b\u7f51\u5173\u200b\u6a21\u5f0f\u200b\u4e3a\u200b centralized \u200b\u65f6\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4e3a\u200b\u9017\u53f7\u200b\u5206\u9694\u200b\u7684\u200b\u591a\u4e2a\u200b\u8282\u70b9\u200b natOutgoing Bool \u200b\u51fa\u7f51\u200b\u6d41\u91cf\u200b\u662f\u5426\u200b\u8fdb\u884c\u200b NAT\u3002\u200b\u8be5\u200b\u53c2\u6570\u200b\u548c\u200b externalEgressGateway \u200b\u53c2\u6570\u200b\u4e0d\u80fd\u200b\u540c\u65f6\u200b\u8bbe\u7f6e\u200b\u3002 externalEgressGateway String \u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u5730\u5740\u200b\u3002\u200b\u9700\u8981\u200b\u548c\u5b50\u200b\u7f51\u7f51\u200b\u5173\u8282\u70b9\u200b\u5728\u200b\u540c\u4e00\u4e2a\u200b\u4e8c\u5c42\u200b\u53ef\u8fbe\u57df\u200b\uff0c\u200b\u8be5\u200b\u53c2\u6570\u200b\u548c\u200b natOutgoing \u200b\u53c2\u6570\u200b\u4e0d\u80fd\u200b\u540c\u65f6\u200b\u8bbe\u7f6e\u200b policyRoutingPriority Uint32 \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b\u3002\u200b\u6dfb\u52a0\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4f7f\u7528\u200b\u53c2\u6570\u200b\uff0c\u200b\u63a7\u5236\u200b\u6d41\u91cf\u200b\u7ecf\u200b\u5b50\u7f51\u200b\u7f51\u5173\u200b\u4e4b\u540e\u200b\uff0c\u200b\u8f6c\u53d1\u200b\u5230\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u5730\u5740\u200b policyRoutingTableID Uint32 \u200b\u4f7f\u7528\u200b\u7684\u200b\u672c\u5730\u200b\u7b56\u7565\u200b\u8def\u7531\u8868\u200b\u7684\u200b TableID\uff0c\u200b\u6bcf\u4e2a\u200b\u5b50\u7f51\u200b\u5747\u200b\u9700\u200b\u4e0d\u540c\u200b\u4ee5\u200b\u907f\u514d\u200b\u51b2\u7a81\u200b private Bool \u200b\u6807\u8bc6\u200b\u8be5\u200b\u5b50\u7f51\u200b\u662f\u5426\u200b\u4e3a\u200b\u79c1\u6709\u200b\u5b50\u7f51\u200b\uff0c\u200b\u79c1\u6709\u200b\u5b50\u7f51\u200b\u9ed8\u8ba4\u200b\u62d2\u7edd\u200b\u5b50\u7f51\u200b\u5916\u200b\u7684\u200b\u5730\u5740\u200b\u8bbf\u95ee\u200b allowSubnets []String \u200b\u5b50\u7f51\u200b\u4e3a\u200b\u79c1\u6709\u200b\u5b50\u7f51\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0c\u200b\u5141\u8bb8\u200b\u8bbf\u95ee\u200b\u8be5\u200b\u5b50\u7f51\u200b\u5730\u5740\u200b\u7684\u200b\u96c6\u5408\u200b vlan String \u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\u7684\u200b Vlan \u200b\u540d\u79f0\u200b vips []String \u200b\u5b50\u7f51\u200b\u4e0b\u200b virtual \u200b\u7c7b\u578b\u200b lsp \u200b\u7684\u200b virtual-ip \u200b\u53c2\u6570\u4fe1\u606f\u200b logicalGateway Bool \u200b\u662f\u5426\u200b\u542f\u7528\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b disableGatewayCheck Bool \u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u662f\u5426\u200b\u8df3\u8fc7\u200b\u7f51\u5173\u200b\u8054\u901a\u200b\u6027\u200b\u68c0\u67e5\u200b disableInterConnection Bool \u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u5f00\u542f\u200b\u5b50\u7f51\u200b\u8de8\u200b\u96c6\u7fa4\u200b\u4e92\u8054\u200b enableDHCP Bool \u200b\u63a7\u5236\u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp \u200b\u7684\u200b dhcp \u200b\u914d\u7f6e\u200b\u9009\u9879\u200b dhcpV4Options String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv4_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b dhcpV6Options String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv6_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b enableIPv6RA Bool \u200b\u63a7\u5236\u200b\u5b50\u7f51\u200b\u8fde\u63a5\u200b\u8def\u7531\u5668\u200b\u7684\u200b lrp \u200b\u7aef\u53e3\u200b\uff0c\u200b\u662f\u5426\u200b\u914d\u7f6e\u200b ipv6_ra_configs \u200b\u53c2\u6570\u200b ipv6RAConfigs String \u200b\u5b50\u7f51\u200b\u8fde\u63a5\u200b\u8def\u7531\u5668\u200b\u7684\u200b lrp \u200b\u7aef\u53e3\u200b\uff0cipv6_ra_configs \u200b\u53c2\u6570\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b acls []Acl \u200b\u5b50\u7f51\u200b\u5bf9\u5e94\u200b logical-switch \u200b\u5173\u8054\u200b\u7684\u200b acls \u200b\u8bb0\u5f55\u200b u2oInterconnection Bool \u200b\u662f\u5426\u200b\u5f00\u542f\u200b Overlay/Underlay \u200b\u7684\u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b enableLb *Bool \u200b\u63a7\u5236\u200b\u5b50\u7f51\u200b\u5bf9\u5e94\u200b\u7684\u200b logical-switch \u200b\u662f\u5426\u200b\u5173\u8054\u200b load-balancer \u200b\u8bb0\u5f55\u200b enableEcmp Bool \u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\uff0c\u200b\u662f\u5426\u200b\u5f00\u542f\u200b ECMP \u200b\u8def\u7531"},{"location":"reference/kube-ovn-api/#acl","title":"Acl","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b direction String Acl \u200b\u9650\u5236\u200b\u65b9\u5411\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b from-lport \u200b\u6216\u8005\u200b to-lport priority Int Acl \u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u53d6\u503c\u200b\u8303\u56f4\u200b 0 \u200b\u5230\u200b 32767 match String Acl \u200b\u89c4\u5219\u200b\u5339\u914d\u200b\u8868\u8fbe\u5f0f\u200b action String Acl \u200b\u89c4\u5219\u200b\u52a8\u4f5c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b allow-related, allow-stateless, allow, drop, reject \u200b\u5176\u4e2d\u200b\u4e00\u4e2a"},{"location":"reference/kube-ovn-api/#subnetstatus","title":"SubnetStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []SubnetCondition \u200b\u5b50\u7f51\u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b v4AvailableIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv4 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v4availableIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv4 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b v4UsingIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv4 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v4usingIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv4 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b v6AvailableIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv6 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v6availableIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u53ef\u7528\u200b\u7684\u200b IPv6 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b v6UsingIPs Float64 \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv6 IP \u200b\u5730\u5740\u200b\u6570\u91cf\u200b v6usingIPrange String \u200b\u5b50\u7f51\u200b\u73b0\u5728\u200b\u5df2\u7528\u200b\u7684\u200b IPv6 \u200b\u5730\u5740\u200b\u8303\u56f4\u200b sctivateGateway String \u200b\u96c6\u4e2d\u5f0f\u200b\u5b50\u7f51\u200b\uff0c\u200b\u4e3b\u5907\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u5f53\u524d\u200b\u6b63\u5728\u200b\u5de5\u4f5c\u200b\u7684\u200b\u7f51\u200b\u5173\u8282\u70b9\u200b dhcpV4OptionsUUID String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv4_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b\u6807\u8bc6\u200b dhcpV6OptionsUUID String \u200b\u5b50\u7f51\u200b\u4e0b\u200b lsp dhcpv6_options \u200b\u5173\u8054\u200b\u7684\u200b DHCP_Options \u200b\u8bb0\u5f55\u200b\u6807\u8bc6\u200b u2oInterconnectionIP String \u200b\u5f00\u542f\u200b Overlay/Underlay \u200b\u4e92\u8054\u200b\u6a21\u5f0f\u200b\u540e\u200b\uff0c\u200b\u6240\u200b\u5360\u7528\u200b\u7684\u200b\u7528\u4e8e\u200b\u4e92\u8054\u200b\u7684\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#ip","title":"IP \u200b\u5b9a\u4e49","text":""},{"location":"reference/kube-ovn-api/#ip_1","title":"IP","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IP metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IPSpec IP \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#ipsepc","title":"IPSepc","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b podName String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u540d\u79f0\u200b namespace String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u6240\u5728\u200b Namespace \u200b\u540d\u79f0\u200b subnet String IP \u200b\u6240\u5c5e\u200b Subnet attachSubnets []String \u200b\u8be5\u4e3b\u200b IP \u200b\u4e0b\u200b\u5176\u4ed6\u200b\u9644\u5c5e\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b\uff08\u200b\u5b57\u200b\u6bb5\u200b\u5e9f\u5f03\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\uff09 nodeName String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u6240\u5728\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b ipAddress String IP \u200b\u5730\u5740\u200b\uff0c\u200b\u53cc\u6808\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u4e3a\u200b v4IP,v6IP \u200b\u683c\u5f0f\u200b v4IPAddress String IPv4 IP \u200b\u5730\u5740\u200b v6IPAddress String IPv6 IP \u200b\u5730\u5740\u200b attachIPs []String \u200b\u8be5\u4e3b\u200b IP \u200b\u4e0b\u200b\u5176\u4ed6\u200b\u9644\u5c5e\u200b IP \u200b\u5730\u5740\u200b\uff08\u200b\u5b57\u200b\u6bb5\u200b\u5e9f\u5f03\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\uff09 macAddress String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u7684\u200b Mac \u200b\u5730\u5740\u200b attachMacs []String \u200b\u8be5\u4e3b\u200b IP \u200b\u4e0b\u200b\u5176\u4ed6\u200b\u9644\u5c5e\u200b Mac \u200b\u5730\u5740\u200b\uff08\u200b\u5b57\u200b\u6bb5\u200b\u5e9f\u5f03\u200b\u4e0d\u518d\u200b\u4f7f\u7528\u200b\uff09 containerID String \u200b\u7ed1\u5b9a\u200b Pod \u200b\u5bf9\u5e94\u200b\u7684\u200b Container ID podType String \u200b\u7279\u6b8a\u200b\u5de5\u4f5c\u200b\u8d1f\u8f7d\u200b Pod\uff0c\u200b\u53ef\u200b\u4e3a\u200b StatefulSet\uff0cVirtualMachine \u200b\u6216\u7a7a"},{"location":"reference/kube-ovn-api/#underlay","title":"Underlay \u200b\u914d\u7f6e","text":""},{"location":"reference/kube-ovn-api/#vlan","title":"Vlan","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Vlan metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VlanSpec Vlan \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VlanStatus Vlan \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#vlanspec","title":"VlanSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b id Int Vlan tag \u200b\u53f7\u200b\uff0c\u200b\u53d6\u503c\u200b\u8303\u56f4\u200b\u4e3a\u200b 0~4096 provider String Vlan \u200b\u7ed1\u5b9a\u200b\u7684\u200b ProviderNetwork \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#vlanstatus","title":"VlanStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b subnets []String Vlan \u200b\u7ed1\u5b9a\u200b\u7684\u200b\u5b50\u7f51\u200b\u5217\u8868\u200b conditions []VlanCondition Vlan \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#providernetwork","title":"ProviderNetwork","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b ProviderNetwork metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec ProviderNetworkSpec ProviderNetwork \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status ProviderNetworkStatus ProviderNetwork \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#providernetworkspec","title":"ProviderNetworkSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b defaultInterface String \u200b\u8be5\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u63a5\u53e3\u200b\u540d\u79f0\u200b customInterfaces []CustomInterface \u200b\u8be5\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u7279\u6b8a\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b excludeNodes []String \u200b\u8be5\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u4e0d\u4f1a\u200b\u7ed1\u5b9a\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b exchangeLinkName Bool \u200b\u662f\u5426\u200b\u4ea4\u6362\u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u548c\u200b\u5bf9\u5e94\u200b OVS \u200b\u7f51\u6865\u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#custominterface","title":"CustomInterface","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b interface String Underlay \u200b\u4f7f\u7528\u200b\u7f51\u5361\u200b\u63a5\u53e3\u200b\u540d\u79f0\u200b nodes []String \u200b\u4f7f\u7528\u200b\u81ea\u5b9a\u4e49\u200b\u7f51\u5361\u200b\u63a5\u53e3\u200b\u7684\u200b\u8282\u70b9\u200b\u5217\u8868"},{"location":"reference/kube-ovn-api/#providernetworkstatus","title":"ProviderNetworkStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool \u200b\u5f53\u524d\u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u662f\u5426\u200b\u8fdb\u5165\u200b\u5c31\u7eea\u200b\u72b6\u6001\u200b readyNodes []String \u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u8fdb\u5165\u200b\u5c31\u7eea\u200b\u72b6\u6001\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b notReadyNodes []String \u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u672a\u200b\u8fdb\u5165\u200b\u5c31\u7eea\u200b\u72b6\u6001\u200b\u7684\u200b\u8282\u70b9\u200b\u540d\u79f0\u200b vlans []String \u200b\u6865\u63a5\u200b\u7f51\u7edc\u200b\u7ed1\u5b9a\u200b\u7684\u200b Vlan \u200b\u540d\u79f0\u200b conditions []ProviderNetworkCondition ProviderNetwork \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#vpc","title":"Vpc \u200b\u5b9a\u4e49","text":""},{"location":"reference/kube-ovn-api/#vpc_1","title":"Vpc","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Vpc metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VpcSpec Vpc \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VpcStatus Vpc \u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#vpcspec","title":"VpcSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b namespaces []String Vpc \u200b\u7ed1\u5b9a\u200b\u7684\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b\u5217\u8868\u200b staticRoutes []*StaticRoute Vpc \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u7684\u200b\u9759\u6001\u200b\u8def\u7531\u200b\u4fe1\u606f\u200b policyRoutes []*PolicyRoute Vpc \u200b\u4e0b\u200b\u914d\u7f6e\u200b\u7684\u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4fe1\u606f\u200b vpcPeerings []*VpcPeering Vpc \u200b\u4e92\u8054\u200b\u4fe1\u606f\u200b enableExternal Bool Vpc \u200b\u662f\u5426\u200b\u8fde\u63a5\u200b\u5230\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a"},{"location":"reference/kube-ovn-api/#staticroute","title":"StaticRoute","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b policy String \u200b\u8def\u7531\u200b\u7b56\u7565\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b policySrc \u200b\u6216\u8005\u200b policyDst cidr String \u200b\u8def\u7531\u200b Cidr \u200b\u7f51\u6bb5\u200b nextHopIP String \u200b\u8def\u7531\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#policyroute","title":"PolicyRoute","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b priority Int32 \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4f18\u5148\u7ea7\u200b match String \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u5339\u914d\u200b\u6761\u4ef6\u200b action String \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u52a8\u4f5c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b allow\u3001drop \u200b\u6216\u8005\u200b reroute nextHopIP String \u200b\u7b56\u7565\u200b\u8def\u7531\u200b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u4fe1\u606f\u200b\uff0cECMP \u200b\u8def\u7531\u200b\u60c5\u51b5\u200b\u4e0b\u4e0b\u200b\u4e00\u200b\u8df3\u200b\u5730\u5740\u200b\u4f7f\u7528\u200b\u9017\u53f7\u200b\u9694\u5f00"},{"location":"reference/kube-ovn-api/#vpcpeering","title":"VpcPeering","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b remoteVpc String Vpc \u200b\u4e92\u8054\u200b\u5bf9\u7aef\u200b Vpc \u200b\u540d\u79f0\u200b localConnectIP String Vpc \u200b\u4e92\u8054\u200b\u672c\u7aef\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#vpcstatus","title":"VpcStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []VpcCondition Vpc \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b standby Bool \u200b\u6807\u8bc6\u200b Vpc \u200b\u662f\u5426\u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\uff0cVpc \u200b\u4e0b\u200b\u7684\u200b Subnet \u200b\u9700\u8981\u200b\u7b49\u200b Vpc \u200b\u521b\u5efa\u200b\u5b8c\u6210\u200b\u8f6c\u6362\u200b\u518d\u200b\u7ee7\u7eed\u200b\u5904\u7406\u200b default Bool \u200b\u662f\u5426\u662f\u200b\u9ed8\u8ba4\u200b Vpc defaultLogicalSwitch String Vpc \u200b\u4e0b\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b router String Vpc \u200b\u5bf9\u5e94\u200b\u7684\u200b logical-router \u200b\u540d\u79f0\u200b tcpLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b TCP LB \u200b\u4fe1\u606f\u200b udpLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b UDP LB \u200b\u4fe1\u606f\u200b tcpSessionLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b TCP \u200b\u4f1a\u8bdd\u200b\u4fdd\u6301\u200b LB \u200b\u4fe1\u606f\u200b udpSessionLoadBalancer String Vpc \u200b\u4e0b\u200b\u7684\u200b UDP \u200b\u4f1a\u8bdd\u200b\u4fdd\u6301\u200b LB \u200b\u4fe1\u606f\u200b subnets []String Vpc \u200b\u4e0b\u200b\u7684\u200b\u5b50\u7f51\u200b\u5217\u8868\u200b vpcPeerings []String Vpc \u200b\u4e92\u8054\u200b\u7684\u200b\u5bf9\u200b\u7aef\u200b Vpc \u200b\u5217\u8868\u200b enableExternal Bool Vpc \u200b\u662f\u5426\u200b\u8fde\u63a5\u200b\u5230\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a"},{"location":"reference/kube-ovn-api/#vpcnatgateway","title":"VpcNatGateway","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b VpcNatGateway metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VpcNatSpec Vpc \u200b\u7f51\u5173\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5"},{"location":"reference/kube-ovn-api/#vpcnatspec","title":"VpcNatSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b vpc String Vpc \u200b\u7f51\u5173\u200b Pod \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b subnet String Vpc \u200b\u7f51\u5173\u200b Pod \u200b\u6240\u5c5e\u200b\u7684\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b lanIp String Vpc \u200b\u7f51\u5173\u200b Pod \u200b\u6307\u5b9a\u200b\u5206\u914d\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b selector []String \u200b\u6807\u51c6\u200b Kubernetes Selector \u200b\u5339\u914d\u200b\u4fe1\u606f\u200b tolerations []VpcNatToleration \u200b\u6807\u51c6\u200b Kubernetes \u200b\u5bb9\u5fcd\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#vpcnattoleration","title":"VpcNatToleration","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b key String \u200b\u5bb9\u5fcd\u200b\u6c61\u70b9\u200b\u7684\u200b key \u200b\u4fe1\u606f\u200b operator String \u200b\u53d6\u503c\u200b\u4e3a\u200b Exists \u200b\u6216\u8005\u200b Equal value String \u200b\u5bb9\u5fcd\u200b\u6c61\u70b9\u200b\u7684\u200b value \u200b\u4fe1\u606f\u200b effect String \u200b\u5bb9\u5fcd\u200b\u6c61\u70b9\u200b\u7684\u200b\u4f5c\u7528\u200b\u6548\u679c\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b NoExecute \u3001NoSchedule \u200b\u6216\u8005\u200b PreferNoSchedule tolerationSeconds Int64 \u200b\u6dfb\u52a0\u200b\u6c61\u70b9\u200b\u540e\u200b\uff0cPod \u200b\u8fd8\u200b\u80fd\u200b\u7ee7\u7eed\u200b\u5728\u200b\u8282\u70b9\u200b\u4e0a\u200b\u8fd0\u884c\u200b\u7684\u200b\u65f6\u95f4\u200b \u200b\u4ee5\u4e0a\u200b\u5bb9\u5fcd\u200b\u5b57\u6bb5\u200b\u7684\u200b\u542b\u4e49\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b Kubernetes \u200b\u5b98\u65b9\u200b\u6587\u6863\u200b \u200b\u6c61\u70b9\u200b\u548c\u200b\u5bb9\u5fcd\u5ea6\u200b\u3002
"},{"location":"reference/kube-ovn-api/#iptableseip","title":"IptablesEIP","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesEIP metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesEipSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesEipStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptableseipspec","title":"IptablesEipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b v4ip String IptablesEIP v4 \u200b\u5730\u5740\u200b v6ip String IptablesEIP v6 \u200b\u5730\u5740\u200b macAddress String IptablesEIP crd \u200b\u8bb0\u5f55\u200b\u5206\u914d\u200b\u7684\u200b mac \u200b\u5730\u5740\u200b\uff0c\u200b\u6ca1\u6709\u200b\u5b9e\u9645\u200b\u4f7f\u7528\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#iptableseipstatus","title":"IptablesEipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesEIP \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b ip String IptablesEIP \u200b\u4f7f\u7528\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u76ee\u524d\u200b\u53ea\u200b\u652f\u6301\u200b\u4e86\u200b IPv4 \u200b\u5730\u5740\u200b redo String IptablesEIP crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b nat String IptablesEIP \u200b\u7684\u200b\u4f7f\u7528\u200b\u7c7b\u578b\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b fip\u3001snat \u200b\u6216\u8005\u200b dnat conditions []IptablesEIPCondition IptablesEIP \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#iptablesfiprule","title":"IptablesFIPRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesFIPRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesFIPRuleSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesFIPRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesFIPRuleStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesFIPRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptablesfiprulespec","title":"IptablesFIPRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b eip String IptablesFIPRule \u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u540d\u79f0\u200b internalIp String IptablesFIPRule \u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u90e8\u200b\u7684\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#iptablesfiprulestatus","title":"IptablesFIPRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesFIPRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4ip String IptablesEIP \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b v6ip String IptablesEIP \u200b\u4f7f\u7528\u200b\u7684\u200b v6 IP \u200b\u5730\u5740\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0\u200b redo String IptablesFIPRule crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b conditions []IptablesFIPRuleCondition IptablesFIPRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#iptablessnatrule","title":"IptablesSnatRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesSnatRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesSnatRuleSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesSnatRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesSnatRuleStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesSnatRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptablessnatrulespec","title":"IptablesSnatRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b eip String IptablesSnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u540d\u79f0\u200b internalIp String IptablesSnatRule \u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u90e8\u200b\u7684\u200b IP \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#iptablessnatrulestatus","title":"IptablesSnatRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesSnatRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4ip String IptablesSnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b v6ip String IptablesSnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v6 IP \u200b\u5730\u5740\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0\u200b redo String IptablesSnatRule crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b conditions []IptablesSnatRuleCondition IptablesSnatRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#iptablesdnatrule","title":"IptablesDnatRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b IptablesDnatRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec IptablesDnatRuleSpec Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesDnatRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status IptablesDnatRuleStatus Vpc \u200b\u7f51\u5173\u200b\u4f7f\u7528\u200b\u7684\u200b IptablesDnatRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#iptablesdnatrulespec","title":"IptablesDnatRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b eip Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b IptablesEIP \u200b\u540d\u79f0\u200b externalPort Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b\u5916\u90e8\u200b\u7aef\u53e3\u200b protocol Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u7684\u200b\u534f\u8bae\u200b\u7c7b\u578b\u200b internalIp Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b\u5185\u90e8\u200b IP \u200b\u5730\u5740\u200b internalPort Sting Vpc \u200b\u7f51\u5173\u200b\u914d\u7f6e\u200b IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b\u5185\u90e8\u200b\u7aef\u53e3"},{"location":"reference/kube-ovn-api/#iptablesdnatrulestatus","title":"IptablesDnatRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool IptablesDnatRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4ip String IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b v6ip String IptablesDnatRule \u200b\u4f7f\u7528\u200b\u7684\u200b v6 IP \u200b\u5730\u5740\u200b natGwDp String Vpc \u200b\u7f51\u5173\u200b\u540d\u79f0\u200b redo String IptablesDnatRule crd \u200b\u521b\u5efa\u200b\u6216\u8005\u200b\u66f4\u65b0\u200b\u65f6\u95f4\u200b conditions []IptablesDnatRuleCondition IptablesDnatRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#vpcdns","title":"VpcDns","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b VpcDns metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VpcDnsSpec VpcDns \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VpcDnsStatus VpcDns \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#vpcdnsspec","title":"VpcDnsSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b vpc String VpcDns \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b subnet String VpcDns Pod \u200b\u5206\u914d\u200b\u5730\u5740\u200b\u7684\u200b Subnet \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#vpcdnsstatus","title":"VpcDnsStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []VpcDnsCondition VpcDns \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b active Bool VpcDns \u200b\u662f\u5426\u200b\u6b63\u5728\u200b\u4f7f\u7528\u200b VpcDns \u200b\u7684\u200b\u8be6\u7ec6\u200b\u4f7f\u7528\u200b\u6587\u6863\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b \u200b\u81ea\u5b9a\u4e49\u200b VPC DNS\u3002
"},{"location":"reference/kube-ovn-api/#switchlbrule","title":"SwitchLBRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b SwitchLBRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec SwitchLBRuleSpec SwitchLBRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status SwitchLBRuleStatus SwitchLBRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#switchlbrulespec","title":"SwitchLBRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b vip String SwitchLBRule \u200b\u914d\u7f6e\u200b\u7684\u200b vip \u200b\u5730\u5740\u200b namespace String SwitchLBRule \u200b\u7684\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b selector []String \u200b\u6807\u51c6\u200b Kubernetes Selector \u200b\u5339\u914d\u200b\u4fe1\u606f\u200b sessionAffinity String \u200b\u6807\u51c6\u200b Kubernetes Service \u200b\u4e2d\u200b sessionAffinity \u200b\u53d6\u503c\u200b ports []SlrPort SwitchLBRule \u200b\u7aef\u53e3\u200b\u5217\u8868\u200b SwitchLBRule \u200b\u7684\u200b\u8be6\u7ec6\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b \u200b\u81ea\u5b9a\u4e49\u200b VPC \u200b\u5185\u90e8\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u3002
"},{"location":"reference/kube-ovn-api/#slrport","title":"SlrPort","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b name String \u200b\u7aef\u53e3\u200b\u540d\u79f0\u200b port Int32 \u200b\u7aef\u53e3\u53f7\u200b targetPort Int32 \u200b\u76ee\u6807\u200b\u7aef\u53e3\u53f7\u200b protocol String \u200b\u534f\u8bae\u200b\u7c7b\u578b"},{"location":"reference/kube-ovn-api/#switchlbrulestatus","title":"SwitchLBRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []SwitchLBRuleCondition SwitchLBRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b ports String SwitchLBRule \u200b\u7aef\u53e3\u200b\u4fe1\u606f\u200b service String SwitchLBRule \u200b\u63d0\u4f9b\u200b\u670d\u52a1\u200b\u7684\u200b service \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#vip","title":"\u5b89\u5168\u200b\u7ec4\u4e0e\u200b Vip","text":""},{"location":"reference/kube-ovn-api/#securitygroup","title":"SecurityGroup","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b SecurityGroup metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec SecurityGroupSpec \u200b\u5b89\u5168\u200b\u7ec4\u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status SecurityGroupStatus \u200b\u5b89\u5168\u200b\u7ec4\u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#securitygroupspec","title":"SecurityGroupSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ingressRules []*SgRule \u200b\u5165\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b egressRules []*SgRule \u200b\u51fa\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b allowSameGroupTraffic Bool \u200b\u540c\u4e00\u200b\u5b89\u5168\u200b\u7ec4\u5185\u200b\u7684\u200b lsp \u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u4e92\u901a\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u6d41\u91cf\u200b\u89c4\u5219\u200b\u662f\u5426\u200b\u9700\u8981\u200b\u66f4\u65b0"},{"location":"reference/kube-ovn-api/#sgrule","title":"SgRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ipVersion String IP \u200b\u7248\u672c\u53f7\u200b\uff0c\u200b\u53d6\u503c\u200b\u4e3a\u200b ipv4 \u200b\u6216\u8005\u200b ipv6 protocol String \u200b\u53d6\u503c\u200b\u4e3a\u200b all\u3001icmp\u3001tcp \u200b\u6216\u8005\u200b udp priority Int Acl \u200b\u4f18\u5148\u7ea7\u200b\uff0c\u200b\u53d6\u503c\u200b\u8303\u56f4\u200b\u4e3a\u200b 1-200\uff0c\u200b\u6570\u503c\u200b\u8d8a\u5c0f\u200b\uff0c\u200b\u4f18\u5148\u7ea7\u200b\u8d8a\u9ad8\u200b remoteType String \u200b\u53d6\u503c\u200b\u4e3a\u200b address \u200b\u6216\u8005\u200b securityGroup remoteAddress String \u200b\u5bf9\u7aef\u200b\u5730\u5740\u200b remoteSecurityGroup String \u200b\u5bf9\u7aef\u200b\u5b89\u5168\u200b\u7ec4\u200b portRangeMin Int \u200b\u7aef\u53e3\u200b\u8303\u56f4\u200b\u8d77\u59cb\u503c\u200b\uff0c\u200b\u6700\u5c0f\u200b\u53d6\u503c\u200b\u4e3a\u200b 1 portRangeMax Int \u200b\u7aef\u53e3\u200b\u8303\u56f4\u200b\u6700\u5927\u503c\u200b\uff0c\u200b\u6700\u5927\u200b\u53d6\u503c\u200b\u4e3a\u200b 65535 policy String \u200b\u53d6\u503c\u200b\u4e3a\u200b allow \u200b\u6216\u8005\u200b drop"},{"location":"reference/kube-ovn-api/#securitygroupstatus","title":"SecurityGroupStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b portGroup String \u200b\u5b89\u5168\u200b\u7ec4\u200b\u5bf9\u5e94\u200b\u7684\u200b port-group \u200b\u540d\u79f0\u200b allowSameGroupTraffic Bool \u200b\u540c\u4e00\u200b\u5b89\u5168\u200b\u7ec4\u5185\u200b\u7684\u200b lsp \u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u4e92\u901a\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5b89\u5168\u200b\u7ec4\u200b\u7684\u200b\u6d41\u91cf\u200b\u89c4\u5219\u200b\u662f\u5426\u200b\u9700\u8981\u200b\u66f4\u65b0\u200b ingressMd5 String \u200b\u5165\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b MD5 \u200b\u53d6\u503c\u200b egressMd5 String \u200b\u51fa\u200b\u65b9\u5411\u200b\u5b89\u5168\u200b\u7ec4\u200b\u89c4\u5219\u200b MD5 \u200b\u53d6\u503c\u200b ingressLastSyncSuccess Bool \u200b\u5165\u200b\u65b9\u5411\u200b\u89c4\u5219\u200b\u4e0a\u200b\u4e00\u6b21\u200b\u540c\u6b65\u200b\u662f\u5426\u200b\u6210\u529f\u200b egressLastSyncSuccess Bool \u200b\u51fa\u200b\u65b9\u5411\u200b\u89c4\u5219\u200b\u4e0a\u200b\u4e00\u6b21\u200b\u540c\u6b65\u200b\u662f\u5426\u200b\u6210\u529f"},{"location":"reference/kube-ovn-api/#vip_1","title":"Vip","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b Vip metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec VipSpec Vip \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status VipStatus Vip \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#vipspec","title":"VipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b namespace String Vip \u200b\u6240\u5728\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b subnet String Vip \u200b\u6240\u5c5e\u200b\u5b50\u7f51\u200b v4ip String Vip v4 IP \u200b\u5730\u5740\u200b v6ip String Vip v6 IP \u200b\u5730\u5740\u200b macAddress String Vip mac \u200b\u5730\u5740\u200b parentV4ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b parentV6ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b parentMac String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b attachSubnets []String \u200b\u8be5\u5b57\u6bb5\u200b\u5e9f\u5f03\u200b\uff0c\u200b\u4e0d\u518d\u200b\u4f7f\u7528"},{"location":"reference/kube-ovn-api/#vipstatus","title":"VipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []VipCondition Vip \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b ready Bool Vip \u200b\u662f\u5426\u200b\u51c6\u5907\u200b\u597d\u200b v4ip String Vip v4 IP \u200b\u5730\u5740\u200b\uff0c\u200b\u5e94\u8be5\u200b\u548c\u200b spec \u200b\u5b57\u200b\u6bb5\u200b\u53d6\u503c\u200b\u4e00\u81f4\u200b v6ip String Vip v6 IP \u200b\u5730\u5740\u200b\uff0c\u200b\u5e94\u8be5\u200b\u548c\u200b spec \u200b\u5b57\u200b\u6bb5\u200b\u53d6\u503c\u200b\u4e00\u81f4\u200b mac String Vip mac \u200b\u5730\u5740\u200b\uff0c\u200b\u5e94\u8be5\u200b\u548c\u200b spec \u200b\u5b57\u200b\u6bb5\u200b\u53d6\u503c\u200b\u4e00\u81f4\u200b pv4ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b pv6ip String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528\u200b pmac String \u200b\u76ee\u524d\u200b\u6ca1\u6709\u200b\u4f7f\u7528"},{"location":"reference/kube-ovn-api/#ovneip","title":"OvnEip","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b OvnEip metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec OvnEipSpec \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnEip \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status OvnEipStatus \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnEip \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#ovneipspec","title":"OvnEipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b externalSubnet String OvnEip \u200b\u6240\u5728\u200b\u7684\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b v4ip String OvnEip IP \u200b\u5730\u5740\u200b macAddress String OvnEip Mac \u200b\u5730\u5740\u200b type String OvnEip \u200b\u4f7f\u7528\u200b\u7c7b\u578b\u200b\uff0c\u200b\u53d6\u503c\u200b\u6709\u200b fip\u3001snat \u200b\u6216\u8005\u200b lrp"},{"location":"reference/kube-ovn-api/#ovneipstatus","title":"OvnEipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b conditions []OvnEipCondition \u200b\u9ed8\u8ba4\u200b Vpc OvnEip \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b v4ip String OvnEip \u200b\u4f7f\u7528\u200b\u7684\u200b v4 IP \u200b\u5730\u5740\u200b macAddress String OvnEip \u200b\u4f7f\u7528\u200b\u7684\u200b Mac \u200b\u5730\u5740"},{"location":"reference/kube-ovn-api/#ovnfip","title":"OvnFip","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b OvnFip metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec OvnFipSpec \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnFip \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status OvnFipStatus \u200b\u9ed8\u8ba4\u200b Vpc \u200b\u4f7f\u7528\u200b OvnFip \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#ovnfipspec","title":"OvnFipSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ovnEip String OvnFip \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u540d\u79f0\u200b ipName String OvnFip \u200b\u7ed1\u5b9a\u200b Pod \u200b\u5bf9\u5e94\u200b\u7684\u200b IP crd \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#ovnfipstatus","title":"OvnFipStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool OvnFip \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4Eip String OvnFip \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u540d\u79f0\u200b v4Ip String OvnFip \u200b\u5f53\u524d\u200b\u4f7f\u7528\u200b\u7684\u200b OvnEip \u200b\u5730\u5740\u200b macAddress String OvnFip \u200b\u914d\u7f6e\u200b\u7684\u200b Mac \u200b\u5730\u5740\u200b vpc String OvnFip \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b conditions []OvnFipCondition OvnFip \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49"},{"location":"reference/kube-ovn-api/#ovnsnatrule","title":"OvnSnatRule","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b apiVersion String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u7248\u672c\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u6240\u6709\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b kubeovn.io/v1 kind String \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u7c7b\u578b\u200b\u5b57\u200b\u6bb5\u200b\uff0c\u200b\u672c\u200b\u8d44\u6e90\u200b\u6240\u6709\u200b\u5b9e\u4f8b\u200b\u8be5\u503c\u200b\u5747\u200b\u4e3a\u200b OvnSnatRule metadata ObjectMeta \u200b\u6807\u51c6\u200b Kubernetes \u200b\u8d44\u6e90\u200b\u5143\u200b\u6570\u636e\u200b\u4fe1\u606f\u200b spec OvnSnatRuleSpec \u200b\u9ed8\u8ba4\u200b Vpc OvnSnatRule \u200b\u5177\u4f53\u200b\u914d\u7f6e\u200b\u4fe1\u606f\u200b\u5b57\u200b\u6bb5\u200b status OvnSnatRuleStatus \u200b\u9ed8\u8ba4\u200b Vpc OvnSnatRule \u200b\u72b6\u6001\u200b\u4fe1\u606f"},{"location":"reference/kube-ovn-api/#ovnsnatrulespec","title":"OvnSnatRuleSpec","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ovnEip String OvnSnatRule \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u540d\u79f0\u200b vpcSubnet String OvnSnatRule \u200b\u914d\u7f6e\u200b\u7684\u200b\u5b50\u7f51\u200b\u540d\u79f0\u200b ipName String OvnSnatRule \u200b\u7ed1\u5b9a\u200b Pod \u200b\u5bf9\u5e94\u200b\u7684\u200b IP crd \u200b\u540d\u79f0"},{"location":"reference/kube-ovn-api/#ovnsnatrulestatus","title":"OvnSnatRuleStatus","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b ready Bool OvnSnatRule \u200b\u662f\u5426\u200b\u914d\u7f6e\u200b\u5b8c\u6210\u200b v4Eip String OvnSnatRule \u200b\u7ed1\u5b9a\u200b\u7684\u200b OvnEip \u200b\u5730\u5740\u200b v4IpCidr String \u200b\u5728\u200b logical-router \u200b\u4e2d\u200b\u914d\u7f6e\u200b snat \u200b\u8f6c\u6362\u200b\u4f7f\u7528\u200b\u7684\u200b cidr \u200b\u5730\u5740\u200b vpc String OvnSnatRule \u200b\u6240\u5728\u200b\u7684\u200b Vpc \u200b\u540d\u79f0\u200b conditions []OvnSnatRuleCondition OvnSnatRule \u200b\u72b6\u6001\u200b\u53d8\u5316\u200b\u4fe1\u606f\u200b\uff0c\u200b\u5177\u4f53\u200b\u5b57\u200b\u6bb5\u200b\u53c2\u8003\u200b\u6587\u6863\u200b\u5f00\u5934\u200b Condition \u200b\u5b9a\u4e49\u200b \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/kube-ovn-pinger-args/","title":"Kube-OVN-Pinger \u200b\u53c2\u6570\u200b\u53c2\u8003","text":"\u200b\u57fa\u4e8e\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\uff0c\u200b\u6574\u7406\u200b\u4e86\u200b Kube-ovn-pinger \u200b\u652f\u6301\u200b\u7684\u200b\u53c2\u6570\u200b\uff0c\u200b\u5217\u51fa\u200b\u53c2\u6570\u200b\u5b9a\u4e49\u200b\u5404\u5b57\u200b\u6bb5\u200b\u7684\u200b\u53d6\u503c\u200b\u7c7b\u578b\u200b\uff0c\u200b\u542b\u4e49\u200b\u548c\u200b\u9ed8\u8ba4\u503c\u200b\uff0c\u200b\u4ee5\u200b\u4f9b\u53c2\u8003\u200b
"},{"location":"reference/kube-ovn-pinger-args/#_1","title":"\u53c2\u6570\u200b\u63cf\u8ff0","text":"\u5c5e\u6027\u200b\u540d\u79f0\u200b \u200b\u7c7b\u578b\u200b \u200b\u63cf\u8ff0\u200b \u200b\u9ed8\u8ba4\u503c\u200b port Int metrics \u200b\u7aef\u53e3\u200b 8080 kubeconfig String \u200b\u5177\u6709\u200b\u8ba4\u8bc1\u200b\u4fe1\u606f\u200b\u7684\u200b kubeconfig \u200b\u6587\u4ef6\u200b\u8def\u5f84\u200b\uff0c \u200b\u5982\u679c\u200b\u672a\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u4f7f\u7528\u200b inCluster \u200b\u4ee4\u724c\u200b\u3002 \"\" ds-namespace String kube-ovn-pinger \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u547d\u540d\u200b\u7a7a\u95f4\u200b \"kube-system\" ds-name String kube-ovn-pinger \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u540d\u5b57\u200b \"kube-ovn-pinger\" interval Int \u200b\u8fde\u7eed\u200b ping \u200b\u4e4b\u95f4\u200b\u7684\u200b\u95f4\u9694\u200b\u79d2\u6570\u200b 5 mode String \u200b\u670d\u52a1\u5668\u200b\u6216\u200b\u5de5\u4f5c\u200b\u6a21\u5f0f\u200b \"server\" exit-code Int \u200b\u5931\u8d25\u200b\u65f6\u200b\u9000\u51fa\u200b\u4ee3\u7801\u200b 0 internal-dns String \u200b\u4ece\u200b pod \u200b\u5185\u200b\u89e3\u6790\u200b\u5185\u90e8\u200b dns \"kubernetes.default\" external-dns String \u200b\u4ece\u200b pod \u200b\u5185\u200b\u89e3\u6790\u200b\u5916\u90e8\u200b dns \"\" external-address String \u200b\u68c0\u67e5\u200b\u4e0e\u200b\u5916\u90e8\u200b\u5730\u5740\u200b\u7684\u200b ping \u200b\u8fde\u901a\u200b \"114.114.114.114\" network-mode String \u200b\u5f53\u524d\u200b\u96c6\u7fa4\u200b\u4f7f\u7528\u200b\u7684\u200b cni \u200b\u63d2\u4ef6\u200b \"kube-ovn\" enable-metrics Bool \u200b\u662f\u5426\u200b\u652f\u6301\u200b metrics \u200b\u67e5\u8be2\u200b true ovs.timeout Int \u200b\u5bf9\u200b OVS \u200b\u7684\u200b JSON-RPC \u200b\u8bf7\u6c42\u200b\u8d85\u65f6\u200b\u3002 2 system.run.dir String OVS \u200b\u9ed8\u8ba4\u200b\u8fd0\u884c\u200b\u76ee\u5f55\u200b\u3002 \"/var/run/openvswitch\" database.vswitch.name String OVS \u200b\u6570\u636e\u5e93\u200b\u7684\u200b\u540d\u79f0\u200b\u3002 \"Open_vSwitch\" database.vswitch.socket.remote String JSON-RPC unix \u200b\u5957\u200b\u63a5\u5b57\u200b\u5230\u200b OVS \u200b\u6570\u636e\u5e93\u200b\u3002 \"unix:/var/run/openvswitch/db.sock\" database.vswitch.file.data.path String OVS \u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u200b\u3002 \"/etc/openvswitch/conf.db\" database.vswitch.file.log.path String OVS \u200b\u6570\u636e\u5e93\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u200b\u3002 \"/var/log/openvswitch/ovsdb-server.log\" database.vswitch.file.pid.path String OVS \u200b\u6570\u636e\u5e93\u200b\u8fdb\u7a0b\u200b ID \u200b\u6587\u4ef6\u200b\u3002 \"/var/run/openvswitch/ovsdb-server.pid\" database.vswitch.file.system.id.path String OVS \u200b\u7cfb\u7edf\u200b\u6807\u8bc6\u200b\u6587\u4ef6\u200b\u3002 \"/etc/openvswitch/system-id.conf\" service.vswitchd.file.log.path String OVS vswitchd \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u200b\u3002 \"/var/log/openvswitch/ovs-vswitchd.log\" service.vswitchd.file.pid.path String OVS vswitchd \u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u8fdb\u7a0b\u200b ID \u200b\u6587\u4ef6\u200b\u3002 \"/var/run/openvswitch/ovs-vswitchd.pid\" service.ovncontroller.file.log.path String OVN \u200b\u63a7\u5236\u5668\u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u200b\u3002 \"/var/log/ovn/ovn-controller.log\" service.ovncontroller.file.pid.path String OVN \u200b\u63a7\u5236\u5668\u200b\u5b88\u62a4\u200b\u8fdb\u7a0b\u200b\u8fdb\u7a0b\u200b ID \u200b\u6587\u4ef6\u200b\u3002 \"/var/run/ovn/ovn-controller.pid\" \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/metrics/","title":"Kube-OVN \u200b\u76d1\u63a7\u200b\u6307\u6807","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u5217\u4e3e\u200b Kube-OVN \u200b\u6240\u200b\u63d0\u4f9b\u200b\u7684\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\u3002
"},{"location":"reference/metrics/#ovn-monitor","title":"ovn-monitor","text":"OVN \u200b\u81ea\u8eab\u200b\u72b6\u6001\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Gauge kube_ovn_ovn_status OVN \u200b\u89d2\u8272\u200b\u72b6\u6001\u200b\uff0c (2) \u200b\u4e3a\u200b follower\uff1b (1) \u200b\u4e3a\u200b leader, (0) \u200b\u4e3a\u200b\u5f02\u5e38\u200b\u72b6\u6001\u200b\u3002 Gauge kube_ovn_failed_req_count OVN \u200b\u5931\u8d25\u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_log_file_size_bytes OVN \u200b\u7ec4\u4ef6\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge kube_ovn_db_file_size_bytes OVN \u200b\u7ec4\u4ef6\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge kube_ovn_chassis_info OVN chassis \u200b\u72b6\u6001\u200b (1) \u200b\u8fd0\u884c\u200b\u4e2d\u200b\uff0c(0) \u200b\u505c\u6b62\u200b\u3002 Gauge kube_ovn_db_status OVN \u200b\u6570\u636e\u5e93\u200b\u72b6\u6001\u200b, (1) \u200b\u4e3a\u200b\u6b63\u5e38\u200b\uff1b (0) \u200b\u4e3a\u200b\u5f02\u5e38\u200b\u3002 Gauge kube_ovn_logical_switch_info OVN logical switch \u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b logical switch \u200b\u540d\u5b57\u200b\u3002 Gauge kube_ovn_logical_switch_external_id OVN logical switch external_id \u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b external-id \u200b\u5185\u5bb9\u200b\u3002 Gauge kube_ovn_logical_switch_port_binding OVN logical switch \u200b\u548c\u200b logical switch port \u200b\u5173\u8054\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u901a\u8fc7\u200b\u6807\u7b7e\u200b\u8fdb\u884c\u200b\u5173\u8054\u200b\u3002 Gauge kube_ovn_logical_switch_tunnel_key \u200b\u548c\u200b OVN logical switch \u200b\u5173\u8054\u200b\u7684\u200b tunnel key \u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_logical_switch_ports_num OVN logical switch \u200b\u4e0a\u200b logical port \u200b\u7684\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_logical_switch_port_info OVN logical switch port \u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5177\u4f53\u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_logical_switch_port_tunnel_key \u200b\u548c\u200b OVN logical switch port \u200b\u5173\u8054\u200b\u7684\u200b tunnel key \u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_enabled (1) OVN \u200b\u6570\u636e\u5e93\u200b\u4e3a\u200b\u96c6\u7fa4\u200b\u6a21\u5f0f\u200b\uff1b (0) OVN \u200b\u6570\u636e\u5e93\u200b\u4e3a\u200b\u975e\u200b\u96c6\u7fa4\u200b\u6a21\u5f0f\u200b\u3002 Gauge kube_ovn_cluster_role \u200b\u6bcf\u4e2a\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u89d2\u8272\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u89d2\u8272\u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_status \u200b\u6bcf\u4e2a\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u72b6\u6001\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u72b6\u6001\u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_term RAFT term \u200b\u4fe1\u606f\u200b\u3002 Gauge kube_ovn_cluster_leader_self \u200b\u5f53\u524d\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u662f\u5426\u200b\u4e3a\u200b leader (1) \u200b\u662f\u200b\uff0c (0) \u200b\u4e0d\u662f\u200b\u3002 Gauge kube_ovn_cluster_vote_self \u200b\u5f53\u524d\u200b\u6570\u636e\u5e93\u200b\u5b9e\u4f8b\u200b\u662f\u5426\u200b\u9009\u4e3e\u200b\u81ea\u5df1\u200b\u4e3a\u200b leader (1) \u200b\u662f\u200b\uff0c (0) \u200b\u4e0d\u662f\u200b\u3002 Gauge kube_ovn_cluster_election_timer \u200b\u5f53\u524d\u200b election timer \u200b\u503c\u200b\u3002 Gauge kube_ovn_cluster_log_not_committed \u200b\u672a\u200b commit \u200b\u7684\u200b RAFT \u200b\u65e5\u5fd7\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_log_not_applied \u200b\u672a\u200b apply \u200b\u7684\u200b RAFT \u200b\u65e5\u5fd7\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_log_index_start \u200b\u5f53\u524d\u200b RAFT \u200b\u65e5\u5fd7\u200b\u6761\u200b\u76ee\u7684\u200b\u8d77\u59cb\u503c\u200b\u3002 Gauge kube_ovn_cluster_log_index_next RAFT \u200b\u65e5\u5fd7\u200b\u6761\u200b\u76ee\u7684\u200b\u4e0b\u200b\u4e00\u4e2a\u200b\u503c\u200b\u3002 Gauge kube_ovn_cluster_inbound_connections_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u5165\u200b\u5411\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_outbound_connections_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u51fa\u200b\u5411\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_inbound_connections_error_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u5165\u200b\u5411\u200b\u9519\u8bef\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002 Gauge kube_ovn_cluster_outbound_connections_error_total \u200b\u5f53\u524d\u200b\u5b9e\u4f8b\u200b\u7684\u200b\u51fa\u200b\u5411\u200b\u9519\u8bef\u200b\u8fde\u63a5\u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#ovs-monitor","title":"ovs-monitor","text":"ovsdb \u200b\u548c\u200b vswitchd \u200b\u81ea\u8eab\u200b\u72b6\u6001\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Gauge ovs_status OVS \u200b\u5065\u5eb7\u200b\u72b6\u6001\u200b\uff0c (1) \u200b\u4e3a\u200b\u6b63\u5e38\u200b\uff0c(0) \u200b\u4e3a\u200b\u5f02\u5e38\u200b\u3002 Gauge ovs_info OVS \u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge failed_req_count OVS \u200b\u5931\u8d25\u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Gauge log_file_size OVS \u200b\u7ec4\u4ef6\u200b\u65e5\u5fd7\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge db_file_size OVS \u200b\u7ec4\u4ef6\u200b\u6570\u636e\u5e93\u200b\u6587\u4ef6\u5927\u5c0f\u200b\u3002 Gauge datapath Datapath \u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge dp_total \u200b\u5f53\u524d\u200b OVS \u200b\u4e2d\u200b datapath \u200b\u6570\u91cf\u200b\u3002 Gauge dp_if Datapath \u200b\u63a5\u53e3\u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge dp_if_total \u200b\u5f53\u524d\u200b datapath \u200b\u4e2d\u200b port \u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_total Datapath \u200b\u4e2d\u200b flow \u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_lookup_hit Datapath \u200b\u4e2d\u200b\u547d\u4e2d\u200b\u5f53\u524d\u200b flow \u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_lookup_missed Datapath \u200b\u4e2d\u672a\u200b\u547d\u4e2d\u200b\u5f53\u524d\u200b flow \u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_flows_lookup_lost Datapath \u200b\u4e2d\u200b\u9700\u8981\u200b\u53d1\u9001\u7ed9\u200b userspace \u200b\u5904\u7406\u200b\u7684\u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_masks_hit Datapath \u200b\u4e2d\u200b\u547d\u4e2d\u200b\u5f53\u524d\u200b mask \u200b\u6570\u636e\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge dp_masks_total Datapath \u200b\u4e2d\u200b mask \u200b\u7684\u200b\u6570\u91cf\u200b\u3002 Gauge dp_masks_hit_ratio Datapath \u200b\u4e2d\u200b \u200b\u6570\u636e\u5305\u200b\u547d\u4e2d\u200b mask \u200b\u7684\u200b\u6bd4\u7387\u200b\u3002 Gauge interface OVS \u200b\u63a5\u53e3\u200b\u57fa\u7840\u200b\u4fe1\u606f\u200b\uff0c\u200b\u503c\u4e3a\u200b (1)\uff0c\u200b\u6807\u7b7e\u200b\u4e2d\u200b\u5305\u542b\u200b\u5bf9\u5e94\u200b\u4fe1\u606f\u200b\u3002 Gauge interface_admin_state \u200b\u63a5\u53e3\u200b\u7ba1\u7406\u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b (0) \u200b\u4e3a\u200b down, (1) \u200b\u4e3a\u200b up, (2) \u200b\u4e3a\u200b\u5176\u4ed6\u200b\u72b6\u6001\u200b\u3002 Gauge interface_link_state \u200b\u63a5\u53e3\u200b\u94fe\u8def\u200b\u72b6\u6001\u200b\u4fe1\u606f\u200b (0) \u200b\u4e3a\u200b down, (1) \u200b\u4e3a\u200b up, (2) \u200b\u4e3a\u200b\u5176\u4ed6\u200b\u72b6\u6001\u200b\u3002 Gauge interface_mac_in_use OVS Interface \u200b\u4f7f\u7528\u200b\u7684\u200b MAC \u200b\u5730\u5740\u200b Gauge interface_mtu OVS Interface \u200b\u4f7f\u7528\u200b\u7684\u200b MTU\u3002 Gauge interface_of_port OVS Interface \u200b\u5173\u8054\u200b\u7684\u200b OpenFlow Port ID\u3002 Gauge interface_if_index OVS Interface \u200b\u5173\u8054\u200b\u7684\u200b Index\u3002 Gauge interface_tx_packets OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge interface_tx_bytes OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u5927\u5c0f\u200b\u3002 Gauge interface_rx_packets OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_bytes OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u5927\u5c0f\u200b\u3002 Gauge interface_rx_crc_err OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u6821\u9a8c\u200b\u548c\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_dropped OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u4e22\u5f03\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_errors OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_frame_err OVS Interface \u200b\u63a5\u6536\u200b\u5e27\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_missed_err OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b miss \u200b\u6570\u91cf\u200b\u3002 Gauge interface_rx_over_err OVS Interface \u200b\u63a5\u6536\u200b\u5305\u200b overrun \u200b\u6570\u91cf\u200b\u3002 Gauge interface_tx_dropped OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u4e22\u5f03\u200b\u6570\u91cf\u200b\u3002 Gauge interface_tx_errors OVS Interface \u200b\u53d1\u9001\u200b\u5305\u200b\u9519\u8bef\u200b\u6570\u91cf\u200b\u3002 Gauge interface_collisions OVS interface \u200b\u51b2\u7a81\u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#kube-ovn-pinger","title":"kube-ovn-pinger","text":"\u200b\u7f51\u7edc\u200b\u8d28\u91cf\u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Gauge pinger_ovs_up \u200b\u8282\u70b9\u200b OVS \u200b\u8fd0\u884c\u200b\u3002 Gauge pinger_ovs_down \u200b\u8282\u70b9\u200b OVS \u200b\u505c\u6b62\u200b\u3002 Gauge pinger_ovn_controller_up \u200b\u8282\u70b9\u200b ovn-controller \u200b\u8fd0\u884c\u200b\u3002 Gauge pinger_ovn_controller_down \u200b\u8282\u70b9\u200b ovn-controller \u200b\u505c\u6b62\u200b\u3002 Gauge pinger_inconsistent_port_binding OVN-SB \u200b\u91cc\u200b portbinding \u200b\u6570\u91cf\u200b\u548c\u200b\u4e3b\u673a\u200b OVS interface \u200b\u4e0d\u200b\u4e00\u81f4\u200b\u7684\u200b\u6570\u91cf\u200b\u3002 Gauge pinger_apiserver_healthy kube-ovn-pinger \u200b\u53ef\u4ee5\u200b\u8054\u901a\u200b apiserver\u3002 Gauge pinger_apiserver_unhealthy kube-ovn-pinger \u200b\u65e0\u6cd5\u200b\u8054\u901a\u200b apiserver\u3002 Histogram pinger_apiserver_latency_ms kube-ovn-pinger \u200b\u8bbf\u95ee\u200b apiserver \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_internal_dns_healthy kube-ovn-pinger \u200b\u53ef\u4ee5\u200b\u89e3\u6790\u200b\u5185\u90e8\u200b\u57df\u540d\u200b\u3002 Gauge pinger_internal_dns_unhealthy kube-ovn-pinger \u200b\u65e0\u6cd5\u200b\u89e3\u6790\u200b\u5185\u90e8\u200b\u57df\u540d\u200b\u3002 Histogram pinger_internal_dns_latency_ms kube-ovn-pinger \u200b\u89e3\u6790\u200b\u5185\u90e8\u200b\u57df\u540d\u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_external_dns_health kube-ovn-pinger \u200b\u53ef\u4ee5\u200b\u89e3\u6790\u200b\u5916\u90e8\u200b\u57df\u540d\u200b\u3002 Gauge pinger_external_dns_unhealthy kube-ovn-pinger \u200b\u65e0\u6cd5\u200b\u89e3\u6790\u200b\u5916\u90e8\u200b\u57df\u540d\u200b\u3002 Histogram pinger_external_dns_latency_ms kube-ovn-pinger \u200b\u89e3\u6790\u200b\u5916\u90e8\u200b\u57df\u540d\u200b\u5ef6\u8fdf\u200b\u3002 Histogram pinger_pod_ping_latency_ms kube-ovn-pinger ping Pod \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_pod_ping_lost_total kube-ovn-pinger ping Pod \u200b\u4e22\u5305\u200b\u6570\u91cf\u200b\u3002 Gauge pinger_pod_ping_count_total kube-ovn-pinger ping Pod \u200b\u6570\u91cf\u200b\u3002 Histogram pinger_node_ping_latency_ms kube-ovn-pinger ping Node \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_node_ping_lost_total kube-ovn-pinger ping Node \u200b\u4e22\u5305\u200b\u3002 Gauge pinger_node_ping_count_total kube-ovn-pinger ping Node \u200b\u6570\u91cf\u200b\u3002 Histogram pinger_external_ping_latency_ms kube-ovn-pinger ping \u200b\u5916\u90e8\u200b\u5730\u5740\u200b \u200b\u5ef6\u8fdf\u200b\u3002 Gauge pinger_external_lost_total kube-ovn-pinger ping \u200b\u5916\u90e8\u200b\u4e22\u5305\u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#kube-ovn-controller","title":"kube-ovn-controller","text":"kube-ovn-controller \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Histogram rest_client_request_latency_seconds \u200b\u8bf7\u6c42\u200b apiserver \u200b\u5ef6\u8fdf\u200b\u3002 Counter rest_client_requests_total \u200b\u8bf7\u6c42\u200b apiserver \u200b\u6570\u91cf\u200b\u3002 Counter lists_total API list \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary list_duration_seconds API list \u200b\u8bf7\u6c42\u200b\u5ef6\u8fdf\u200b\u3002 Summary items_per_list API list \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Counter watches_total API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Counter short_watches_total \u200b\u77ed\u65f6\u95f4\u200b API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary watch_duration_seconds API watch \u200b\u6301\u7eed\u65f6\u95f4\u200b\u3002 Summary items_per_watch API watch \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Gauge last_resource_version \u200b\u6700\u65b0\u200b\u7684\u200b resource version\u3002 Histogram ovs_client_request_latency_milliseconds \u200b\u8bf7\u6c42\u200b OVN \u200b\u7ec4\u4ef6\u200b\u5ef6\u8fdf\u200b\u3002 Gauge subnet_available_ip_count \u200b\u5b50\u7f51\u200b\u53ef\u7528\u200b IP \u200b\u6570\u91cf\u200b\u3002 Gauge subnet_used_ip_count \u200b\u5b50\u7f51\u200b\u5df2\u200b\u7528\u200b IP \u200b\u6570\u91cf\u200b\u3002"},{"location":"reference/metrics/#kube-ovn-cni","title":"kube-ovn-cni","text":"kube-ovn-cni \u200b\u76f8\u5173\u200b\u76d1\u63a7\u200b\u6307\u6807\u200b\uff1a
\u200b\u7c7b\u578b\u200b \u200b\u6307\u6807\u200b\u9879\u200b \u200b\u63cf\u8ff0\u200b Histogram cni_op_latency_seconds CNI \u200b\u64cd\u4f5c\u200b\u5ef6\u8fdf\u200b\u3002 Counter cni_wait_address_seconds_total CNI \u200b\u7b49\u5f85\u200b\u5730\u5740\u200b\u5c31\u7eea\u200b\u65f6\u95f4\u200b\u3002 Counter cni_wait_connectivity_seconds_total CNI \u200b\u7b49\u5f85\u200b\u8fde\u63a5\u200b\u5c31\u7eea\u200b\u65f6\u95f4\u200b\u3002 Counter cni_wait_route_seconds_total CNI \u200b\u7b49\u5f85\u200b\u8def\u7531\u200b\u5c31\u7eea\u200b\u65f6\u95f4\u200b\u3002 Histogram rest_client_request_latency_seconds \u200b\u8bf7\u6c42\u200b apiserver \u200b\u5ef6\u8fdf\u200b\u3002 Counter rest_client_requests_total \u200b\u8bf7\u6c42\u200b apiserver \u200b\u6570\u91cf\u200b\u3002 Counter lists_total API list \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary list_duration_seconds API list \u200b\u8bf7\u6c42\u200b\u5ef6\u8fdf\u200b\u3002 Summary items_per_list API list \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Counter watches_total API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Counter short_watches_total \u200b\u77ed\u65f6\u95f4\u200b API watch \u200b\u8bf7\u6c42\u200b\u6570\u91cf\u200b\u3002 Summary watch_duration_seconds API watch \u200b\u6301\u7eed\u65f6\u95f4\u200b\u3002 Summary items_per_watch API watch \u200b\u8fd4\u56de\u200b\u7ed3\u679c\u200b\u6570\u91cf\u200b\u3002 Gauge last_resource_version \u200b\u6700\u65b0\u200b\u7684\u200b resource version\u3002 Histogram ovs_client_request_latency_milliseconds \u200b\u8bf7\u6c42\u200b OVN \u200b\u7ec4\u4ef6\u200b\u5ef6\u8fdf\u200b\u3002 \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/ovs-ovn-customized/","title":"\u5bf9\u200b\u4e0a\u6e38\u200b OVS/OVN \u200b\u4fee\u6539","text":"\u200b\u4e0a\u6e38\u200b OVN/OVS \u200b\u6700\u521d\u200b\u8bbe\u8ba1\u200b\u76ee\u6807\u200b\u4e3a\u200b\u901a\u7528\u200b SDN \u200b\u63a7\u5236\u5668\u200b\u548c\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u3002\u200b\u7531\u4e8e\u200b Kubernetes \u200b\u7f51\u7edc\u200b\u5b58\u5728\u200b\u4e00\u4e9b\u200b\u7279\u6b8a\u200b\u7684\u200b\u7528\u6cd5\u200b\uff0c \u200b\u5e76\u4e14\u200b Kube-OVN \u200b\u53ea\u200b\u91cd\u70b9\u200b\u4f7f\u7528\u200b\u4e86\u200b\u90e8\u5206\u200b\u529f\u80fd\u200b\uff0c\u200b\u4e3a\u4e86\u200b \u200b\u8fbe\u5230\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u3001\u200b\u7a33\u5b9a\u6027\u200b\u548c\u200b\u7279\u5b9a\u200b\u7684\u200b\u529f\u80fd\u200b\uff0cKube-OVN \u200b\u5bf9\u200b\u4e0a\u6e38\u200b OVN/OVS \u200b\u505a\u200b\u4e86\u200b\u90e8\u5206\u200b\u4fee\u6539\u200b\u3002\u200b\u7528\u6237\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b\u81ea\u5df1\u200b\u7684\u200b OVN/OVS \u200b\u914d\u5408\u200b Kube-OVN \u200b\u7684\u200b\u63a7\u5236\u5668\u200b\u8fdb\u884c\u200b\u5de5\u4f5c\u200b\u65f6\u200b\u9700\u8981\u200b\u6ce8\u610f\u200b \u200b\u4e0b\u8ff0\u200b\u7684\u200b\u6539\u52a8\u200b\u53ef\u80fd\u200b\u9020\u6210\u200b\u7684\u200b\u5f71\u54cd\u200b\u3002
\u200b\u672a\u5408\u5165\u200b\u4e0a\u6e38\u200b\u4fee\u6539\u200b\uff1a
- 38df6fa3f7 \u200b\u8c03\u6574\u200b\u9009\u4e3e\u200b timer\uff0c\u200b\u907f\u514d\u200b\u5927\u89c4\u6a21\u200b\u96c6\u7fa4\u200b\u9009\u4e3e\u200b\u6296\u52a8\u200b\u3002
- d4888c4e75 \u200b\u6dfb\u52a0\u200b fdb \u200b\u66f4\u65b0\u200b\u65e5\u5fd7\u200b\u3002
- d4888c4e75 \u200b\u4fee\u590d\u200b hairpin \u200b\u73af\u5883\u200b\u4e0b\u200b fdb \u200b\u5b66\u4e60\u200b\u9519\u8bef\u200b\u7684\u200b\u95ee\u9898\u200b\u3002
- 9a81b91368 \u200b\u4e3a\u200b ovsdb-tool \u200b\u7684\u200b join-cluster \u200b\u5b50\u200b\u547d\u4ee4\u200b\u6dfb\u52a0\u200b Server ID \u200b\u53c2\u6570\u200b\u3002
- 62d4969877 \u200b\u4fee\u590d\u200b\u5f00\u542f\u200b SSL \u200b\u540e\u200b OVSDB \u200b\u76d1\u542c\u200b\u5730\u5740\u200b\u9519\u8bef\u200b\u7684\u200b\u95ee\u9898\u200b\u3002
- 0700cb90f9 \u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u975e\u200b Service \u200b\u6d41\u91cf\u200b\u7ed5\u8fc7\u200b conntrack \u200b\u4ee5\u200b\u63d0\u9ad8\u200b\u7279\u5b9a\u200b\u6570\u636e\u94fe\u200b\u8def\u200b\u6027\u80fd\u200b\u3002
- c48049a64f ECMP \u200b\u7b97\u6cd5\u200b\u7531\u200b dp_hash \u200b\u8c03\u6574\u200b\u4e3a\u200b hash\uff0c\u200b\u907f\u514d\u200b\u90e8\u5206\u200b\u5185\u6838\u200b\u51fa\u73b0\u200b\u7684\u200b\u54c8\u5e0c\u200b\u9519\u8bef\u200b\u95ee\u9898\u200b\u3002
- 64383c14a9 \u200b\u4fee\u590d\u200b Windows \u200b\u4e0b\u200b\u5185\u6838\u200b Crash \u200b\u95ee\u9898\u200b\u3002
- 08a95db2ca \u200b\u652f\u6301\u200b Windows \u200b\u4e0b\u200b\u7684\u200b github action \u200b\u6784\u5efa\u200b\u3002
- 680e77a190 Windows \u200b\u4e0b\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b tcp \u200b\u76d1\u542c\u200b\u3002
- 05e57b3227 \u200b\u652f\u6301\u200b Windows \u200b\u7f16\u8bd1\u200b\u3002
- b3801ecb73 \u200b\u4fee\u6539\u200b\u6e90\u200b\u8def\u7531\u200b\u7684\u200b\u4f18\u5148\u7ea7\u200b\u3002
- 977e569539 \u200b\u4fee\u590d\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b Pod \u200b\u6570\u91cf\u200b\u8fc7\u591a\u200b\u5bfc\u81f4\u200b OVS \u200b\u6d41\u8868\u200b resubmit \u200b\u6b21\u6570\u200b\u8d85\u8fc7\u200b\u4e0a\u9650\u200b\u7684\u200b\u95ee\u9898\u200b\u3002
- 45a4a22161 ovn-nbctl\uff1avips \u200b\u4e3a\u200b\u7a7a\u65f6\u200b\u4e0d\u200b\u5220\u9664\u200b Load Balancer\u3002
- 540592b9ff DNAT \u200b\u540e\u200b\u66ff\u6362\u200b Mac \u200b\u5730\u5740\u200b\u4e3a\u200b\u76ee\u6807\u200b\u5730\u5740\u200b\uff0c\u200b\u51cf\u5c11\u200b\u989d\u5916\u200b\u6027\u80fd\u200b\u5f00\u9500\u200b\u3002
- 10972d9632 \u200b\u4fee\u590d\u200b vswitchd ofport_usage \u200b\u5185\u5b58\u200b\u6cc4\u9732\u200b\u3002
\u200b\u5df2\u5408\u5165\u200b\u4e0a\u6e38\u200b\u4fee\u6539\u200b\uff1a
- 20626ea909 \u200b\u7ec4\u64ad\u200b\u6d41\u91cf\u200b\u7ed5\u8fc7\u200b LB \u200b\u548c\u200b ACL \u200b\u5904\u7406\u200b\u9636\u6bb5\u200b\uff0c\u200b\u4ee5\u200b\u63d0\u9ad8\u200b\u7279\u5b9a\u200b\u6570\u636e\u94fe\u200b\u8def\u200b\u6027\u80fd\u200b\u3002
- a2d9ff3ccd Deb \u200b\u6784\u5efa\u200b\u589e\u52a0\u200b\u7f16\u8bd1\u200b\u4f18\u5316\u200b\u9009\u9879\u200b\u3002
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/tunnel-protocol/","title":"\u96a7\u9053\u200b\u534f\u8bae\u200b\u8bf4\u660e","text":"Kube-OVN \u200b\u4f7f\u7528\u200b OVN/OVS \u200b\u4f5c\u4e3a\u200b\u6570\u636e\u200b\u5e73\u9762\u200b\u5b9e\u73b0\u200b\uff0c\u200b\u76ee\u524d\u200b\u652f\u6301\u200b Geneve\uff0cVxlan \u200b\u548c\u200b STT \u200b\u4e09\u79cd\u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\u3002 \u200b\u8fd9\u200b\u4e09\u79cd\u200b\u534f\u8bae\u200b\u5728\u200b\u529f\u80fd\u200b\uff0c\u200b\u6027\u80fd\u200b\u548c\u200b\u6613\u7528\u6027\u200b\u4e0a\u200b\u5b58\u5728\u200b\u7740\u200b\u533a\u522b\u200b\uff0c\u200b\u672c\u200b\u6587\u6863\u200b\u5c06\u200b\u4ecb\u7ecd\u200b\u4e09\u79cd\u200b\u534f\u8bae\u200b\u5728\u200b\u4f7f\u7528\u200b\u4e2d\u200b\u7684\u200b\u5dee\u5f02\u200b\uff0c\u200b\u7528\u6237\u200b\u53ef\u200b\u6839\u636e\u200b\u81ea\u5df1\u200b\u7684\u200b\u60c5\u51b5\u200b\u8fdb\u884c\u200b\u9009\u62e9\u200b\u3002
"},{"location":"reference/tunnel-protocol/#geneve","title":"Geneve","text":"Geneve \u200b\u534f\u8bae\u200b\u4e3a\u200b Kube-OVN \u200b\u90e8\u7f72\u200b\u65f6\u200b\u9009\u62e9\u200b\u7684\u200b\u9ed8\u8ba4\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\uff0c\u200b\u4e5f\u200b\u662f\u200b OVN \u200b\u9ed8\u8ba4\u200b\u63a8\u8350\u200b\u7684\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\u3002\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u200b\u5f97\u5230\u200b\u4e86\u200b\u5e7f\u6cdb\u200b\u7684\u200b\u652f\u6301\u200b\uff0c \u200b\u5e76\u200b\u53ef\u4ee5\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b\u901a\u7528\u200b Offload \u200b\u80fd\u529b\u200b\u8fdb\u884c\u200b\u52a0\u901f\u200b\u3002\u200b\u7531\u4e8e\u200b Geneve \u200b\u6709\u7740\u200b\u53ef\u53d8\u200b\u957f\u200b\u7684\u200b\u5934\u90e8\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b 24bit \u200b\u7a7a\u95f4\u200b\u6765\u200b\u6807\u5fd7\u200b\u4e0d\u540c\u200b\u7684\u200b datapath \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u521b\u5efa\u200b\u66f4\u200b\u591a\u200b\u6570\u91cf\u200b\u7684\u200b\u865a\u62df\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b Mellanox \u200b\u6216\u200b\u82af\u542f\u6e90\u200b\u7684\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b OVS \u200b\u5378\u8f7d\u200b\uff0cGeneve \u200b\u9700\u8981\u200b\u8f83\u200b\u9ad8\u200b\u7248\u672c\u200b\u7684\u200b\u5185\u6838\u200b\u652f\u6301\u200b\uff0c\u200b\u9700\u8981\u200b\u9009\u62e9\u200b 5.4 \u200b\u4ee5\u4e0a\u200b\u7684\u200b\u4e0a\u6e38\u200b\u5185\u6838\u200b\uff0c \u200b\u6216\u200b backport \u200b\u4e86\u200b\u8be5\u200b\u529f\u80fd\u200b\u7684\u200b\u5176\u4ed6\u200b\u517c\u5bb9\u200b\u5185\u6838\u200b\u3002
\u200b\u7531\u4e8e\u200b\u4f7f\u7528\u200b UDP \u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5904\u7406\u200b TCP over UDP \u200b\u65f6\u200b\u4e0d\u80fd\u200b\u5f88\u200b\u597d\u200b\u7684\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b TCP \u200b\u76f8\u5173\u200b\u5378\u8f7d\u200b\uff0c\u200b\u5728\u200b\u5904\u7406\u200b\u5927\u5305\u200b\u65f6\u4f1a\u200b\u6d88\u8017\u200b\u8f83\u200b\u591a\u200b CPU \u200b\u8d44\u6e90\u200b\u3002
"},{"location":"reference/tunnel-protocol/#vxlan","title":"Vxlan","text":"Vxlan \u200b\u4e3a\u200b\u4e0a\u6e38\u200b OVN \u200b\u8fd1\u671f\u200b\u652f\u6301\u200b\u7684\u200b\u534f\u8bae\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u200b\u5f97\u5230\u200b\u4e86\u200b\u5e7f\u6cdb\u200b\u7684\u200b\u652f\u6301\u200b\uff0c \u200b\u5e76\u200b\u53ef\u4ee5\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b\u901a\u7528\u200b Offload \u200b\u80fd\u529b\u200b\u8fdb\u884c\u200b\u52a0\u901f\u200b\u3002 \u200b\u7531\u4e8e\u200b\u8be5\u200b\u534f\u8bae\u200b\u5934\u90e8\u200b\u957f\u5ea6\u200b\u6709\u9650\u200b\uff0c\u200b\u5e76\u4e14\u200b OVN \u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u989d\u5916\u200b\u7684\u200b\u7a7a\u95f4\u200b\u8fdb\u884c\u200b\u7f16\u6392\u200b\uff0cdatapath \u200b\u7684\u200b\u6570\u91cf\u200b\u5b58\u5728\u200b\u9650\u5236\u200b\uff0c\u200b\u6700\u200b\u591a\u200b\u53ea\u80fd\u200b\u521b\u5efa\u200b 4096 \u200b\u4e2a\u200b datapath\uff0c \u200b\u6bcf\u4e2a\u200b datapath \u200b\u4e0b\u200b\u6700\u200b\u591a\u200b 4096 \u200b\u4e2a\u200b\u7aef\u53e3\u200b\u3002\u200b\u540c\u65f6\u200b\u7531\u4e8e\u200b\u7a7a\u95f4\u200b\u6709\u9650\u200b\uff0c\u200b\u57fa\u4e8e\u200b inport \u200b\u7684\u200b ACL \u200b\u6ca1\u6709\u200b\u8fdb\u884c\u200b\u652f\u6301\u200b\u3002
\u200b\u5982\u679c\u200b\u4f7f\u7528\u200b Mellanox \u200b\u6216\u200b\u82af\u542f\u6e90\u200b\u7684\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b OVS \u200b\u5378\u8f7d\u200b\uff0cVxlan \u200b\u7684\u200b\u5378\u8f7d\u200b\u5728\u200b\u5e38\u89c1\u200b\u5185\u6838\u200b\u4e2d\u200b\u5df2\u200b\u83b7\u5f97\u200b\u652f\u6301\u200b\u3002
\u200b\u7531\u4e8e\u200b\u4f7f\u7528\u200b UDP \u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u5728\u200b\u5904\u7406\u200b TCP over UDP \u200b\u65f6\u200b\u4e0d\u80fd\u200b\u5f88\u200b\u597d\u200b\u7684\u200b\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u7684\u200b TCP \u200b\u76f8\u5173\u200b\u5378\u8f7d\u200b\uff0c\u200b\u5728\u200b\u5904\u7406\u200b\u5927\u5305\u200b\u65f6\u4f1a\u200b\u6d88\u8017\u200b\u8f83\u200b\u591a\u200b CPU \u200b\u8d44\u6e90\u200b\u3002
"},{"location":"reference/tunnel-protocol/#stt","title":"STT","text":"STT \u200b\u534f\u8bae\u200b\u4e3a\u200b OVN \u200b\u8f83\u200b\u65e9\u200b\u652f\u6301\u200b\u7684\u200b\u96a7\u9053\u200b\u534f\u8bae\u200b\uff0c\u200b\u8be5\u200b\u534f\u8bae\u200b\u4f7f\u7528\u200b\u7c7b\u200b TCP \u200b\u7684\u200b\u5934\u90e8\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5145\u5206\u5229\u7528\u200b\u73b0\u4ee3\u200b\u7f51\u5361\u200b\u901a\u7528\u200b\u7684\u200b TCP \u200b\u5378\u8f7d\u200b\u80fd\u529b\u200b\uff0c\u200b\u5927\u5e45\u200b\u63d0\u5347\u200b TCP \u200b\u7684\u200b\u541e\u5410\u91cf\u200b\u3002\u200b\u540c\u65f6\u200b\u8be5\u200b\u534f\u8bae\u200b\u5934\u90e8\u200b\u8f83\u957f\u200b\u53ef\u200b\u652f\u6301\u200b\u5b8c\u6574\u200b\u7684\u200b OVN \u200b\u80fd\u529b\u200b\u548c\u200b\u5927\u89c4\u6a21\u200b\u7684\u200b datapath\u3002
\u200b\u8be5\u200b\u534f\u8bae\u200b\u672a\u200b\u5728\u200b\u5185\u6838\u200b\u4e2d\u200b\u652f\u6301\u200b\uff0c\u200b\u82e5\u200b\u8981\u200b\u4f7f\u7528\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u7f16\u8bd1\u200b OVS \u200b\u5185\u6838\u6a21\u5757\u200b\uff0c\u200b\u5e76\u200b\u5728\u200b\u5347\u7ea7\u200b\u5185\u6838\u200b\u65f6\u200b\u5bf9\u5e94\u200b\u518d\u6b21\u200b\u7f16\u8bd1\u200b\u65b0\u200b\u7248\u672c\u200b\u5185\u6838\u6a21\u5757\u200b\u3002
\u200b\u8be5\u200b\u534f\u8bae\u200b\u76ee\u524d\u200b\u672a\u200b\u88ab\u200b\u667a\u80fd\u7f51\u200b\u5361\u200b\u652f\u6301\u200b\uff0c\u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b OVS \u200b\u7684\u200b\u5378\u8f7d\u200b\u80fd\u529b\u200b\u3002
"},{"location":"reference/tunnel-protocol/#_2","title":"\u53c2\u8003\u8d44\u6599","text":" - https://ipwithease.com/vxlan-vs-geneve-understand-the-difference/
- OVN FAQ
- What is Geneve
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"reference/underlay-topology/","title":"Underlay \u200b\u6d41\u91cf\u200b\u62d3\u6251","text":"\u200b\u672c\u200b\u6587\u6863\u200b\u4ecb\u7ecd\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u6d41\u91cf\u200b\u5728\u200b\u4e0d\u540c\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u7684\u200b\u8f6c\u53d1\u200b\u8def\u5f84\u200b\u3002
"},{"location":"reference/underlay-topology/#_1","title":"\u540c\u200b\u8282\u70b9\u200b\u540c\u200b\u5b50\u7f51","text":"\u200b\u5185\u90e8\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u76f4\u63a5\u200b\u4ea4\u6362\u200b\u6570\u636e\u5305\u200b\uff0c\u200b\u4e0d\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\u3002
"},{"location":"reference/underlay-topology/#_2","title":"\u8de8\u200b\u8282\u70b9\u200b\u540c\u200b\u5b50\u7f51","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u3002
"},{"location":"reference/underlay-topology/#_3","title":"\u540c\u200b\u8282\u70b9\u200b\u4e0d\u540c\u200b\u5b50\u7f51","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u53ca\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u548c\u200b\u8def\u7531\u200b\u8f6c\u53d1\u200b\u3002
\u200b\u6b64\u5904\u200b br-provider-1 \u200b\u548c\u200b br-provider-2 \u200b\u53ef\u4ee5\u200b\u662f\u200b\u540c\u4e00\u4e2a\u200b OVS \u200b\u7f51\u6865\u200b\uff0c\u200b\u5373\u200b\u591a\u4e2a\u200b\u4e0d\u540c\u200b\u5b50\u7f51\u200b\u53ef\u4ee5\u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b Provider Network\u3002
"},{"location":"reference/underlay-topology/#_4","title":"\u8de8\u200b\u8282\u70b9\u200b\u4e0d\u540c\u200b\u5b50\u7f51","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u53ca\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u548c\u200b\u8def\u7531\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"reference/underlay-topology/#_5","title":"\u8bbf\u95ee\u200b\u5916\u90e8","text":"\u200b\u6570\u636e\u5305\u200b\u7ecf\u7531\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u7f51\u7edc\u200b\uff0c\u200b\u7531\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u53ca\u200b\u8def\u7531\u5668\u200b\u8fdb\u884c\u200b\u4ea4\u6362\u200b\u548c\u200b\u8def\u7531\u200b\u8f6c\u53d1\u200b\u3002
\u200b\u8282\u70b9\u200b\u4e0e\u200b Pod \u200b\u4e4b\u95f4\u200b\u7684\u200b\u901a\u4fe1\u200b\u5927\u4f53\u4e0a\u200b\u4e5f\u200b\u9075\u5faa\u200b\u6b64\u200b\u903b\u8f91\u200b\u3002
"},{"location":"reference/underlay-topology/#vlan-tag","title":"\u65e0\u200b Vlan Tag \u200b\u4e0b\u200b\u603b\u89c8","text":""},{"location":"reference/underlay-topology/#vlan","title":"\u591a\u200b VLAN \u200b\u603b\u89c8","text":""},{"location":"reference/underlay-topology/#pod-service-ip","title":"Pod \u200b\u8bbf\u95ee\u200b Service IP","text":"Kube-OVN \u200b\u4e3a\u200b\u6bcf\u4e2a\u200b Kubernetes Service \u200b\u5728\u200b\u6bcf\u4e2a\u200b\u5b50\u7f51\u200b\u7684\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u4e0a\u200b\u914d\u7f6e\u200b\u4e86\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u3002 \u200b\u5f53\u200b Pod \u200b\u901a\u8fc7\u200b\u8bbf\u95ee\u200b Service IP \u200b\u8bbf\u95ee\u200b\u5176\u5b83\u200b Pod \u200b\u65f6\u200b\uff0c\u200b\u4f1a\u200b\u6784\u9020\u200b\u4e00\u4e2a\u200b\u76ee\u7684\u200b\u5730\u5740\u200b\u4e3a\u200b Service IP\u3001\u200b\u76ee\u7684\u200b MAC \u200b\u5730\u5740\u200b\u4e3a\u200b\u7f51\u5173\u200b MAC \u200b\u5730\u5740\u200b\u7684\u200b\u7f51\u7edc\u200b\u5305\u200b\u3002 \u200b\u7f51\u7edc\u200b\u5305\u200b\u8fdb\u5165\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u540e\u200b\uff0c\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u200b\u4f1a\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u5305\u200b\u8fdb\u884c\u200b\u62e6\u622a\u200b\u548c\u200b DNAT \u200b\u5904\u7406\u200b\uff0c\u200b\u5c06\u200b\u76ee\u7684\u200b IP \u200b\u548c\u200b\u7aef\u53e3\u200b\u4fee\u6539\u200b\u4e3a\u200b Service \u200b\u5bf9\u5e94\u200b\u7684\u200b\u67d0\u4e2a\u200b Endpoint \u200b\u7684\u200b IP \u200b\u548c\u200b\u7aef\u53e3\u200b\u3002 \u200b\u7531\u4e8e\u200b\u903b\u8f91\u200b\u4ea4\u6362\u673a\u200b\u5e76\u672a\u200b\u4fee\u6539\u200b\u7f51\u7edc\u200b\u5305\u200b\u7684\u200b\u4e8c\u5c42\u200b\u76ee\u7684\u200b MAC \u200b\u5730\u5740\u200b\uff0c\u200b\u7f51\u7edc\u200b\u5305\u200b\u5728\u200b\u8fdb\u5165\u200b\u5916\u90e8\u200b\u4ea4\u6362\u673a\u200b\u540e\u200b\u4ecd\u7136\u200b\u4f1a\u200b\u9001\u5230\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\uff0c\u200b\u6b64\u65f6\u200b\u9700\u8981\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\u5bf9\u200b\u7f51\u7edc\u200b\u5305\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"reference/underlay-topology/#service-pod","title":"Service \u200b\u540e\u7aef\u200b\u4e3a\u200b\u540c\u200b\u8282\u70b9\u200b\u540c\u200b\u5b50\u7f51\u200b Pod","text":""},{"location":"reference/underlay-topology/#service-pod_1","title":"Service \u200b\u540e\u7aef\u200b\u4e3a\u200b\u540c\u200b\u8282\u70b9\u200b\u4e0d\u540c\u200b\u5b50\u7f51\u200b Pod","text":" \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/one-step-install/","title":"\u4e00\u952e\u200b\u5b89\u88c5","text":"Kube-OVN \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e00\u952e\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u4f60\u200b\u5feb\u901f\u200b\u5b89\u88c5\u200b\u4e00\u4e2a\u200b\u9ad8\u200b\u53ef\u7528\u200b\uff0c\u200b\u751f\u4ea7\u200b\u5c31\u7eea\u200b\u7684\u200b Kube-OVN \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u90e8\u7f72\u200b\u4e3a\u200b Overlay \u200b\u7c7b\u578b\u200b\u7f51\u7edc\u200b\u3002
\u200b\u4ece\u200b Kube-OVN v1.12.0 \u200b\u7248\u672c\u200b\u5f00\u59cb\u200b\uff0c\u200b\u652f\u6301\u200b Helm Chart \u200b\u5b89\u88c5\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u90e8\u7f72\u200b\u4e3a\u200b Overlay \u200b\u7c7b\u578b\u200b\u7f51\u7edc\u200b\u3002
\u200b\u5982\u679c\u200b\u9ed8\u8ba4\u200b\u7f51\u7edc\u200b\u9700\u8981\u200b\u642d\u5efa\u200b Underlay/Vlan \u200b\u7f51\u7edc\u200b\uff0c\u200b\u8bf7\u200b\u53c2\u8003\u200b Underlay \u200b\u7f51\u7edc\u200b\u652f\u6301\u200b\u3002
\u200b\u5b89\u88c5\u200b\u524d\u200b\u8bf7\u200b\u53c2\u8003\u200b\u51c6\u5907\u200b\u5de5\u4f5c\u200b\u786e\u8ba4\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u6b63\u786e\u200b\u3002
"},{"location":"start/one-step-install/#_2","title":"\u811a\u672c\u200b\u5b89\u88c5","text":""},{"location":"start/one-step-install/#_3","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c","text":"\u200b\u6211\u4eec\u200b\u63a8\u8350\u200b\u5728\u200b\u751f\u4ea7\u200b\u73af\u5883\u200b\u4f7f\u7528\u200b\u7a33\u5b9a\u200b\u7684\u200b release \u200b\u7248\u672c\u200b\uff0c\u200b\u8bf7\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u200b\u7a33\u5b9a\u200b\u7248\u672c\u200b\u5b89\u88c5\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
\u200b\u5982\u679c\u200b\u5bf9\u200b master \u200b\u5206\u652f\u200b\u7684\u200b\u6700\u65b0\u200b\u529f\u80fd\u200b\u611f\u5174\u8da3\u200b\uff0c\u200b\u60f3\u200b\u4f7f\u7528\u200b\u4e0b\u9762\u200b\u7684\u200b\u547d\u4ee4\u200b\u4e0b\u8f7d\u200b\u5f00\u53d1\u200b\u7248\u672c\u200b\u90e8\u7f72\u200b\u811a\u672c\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/images/install.sh\n
"},{"location":"start/one-step-install/#_4","title":"\u4fee\u6539\u200b\u914d\u7f6e\u200b\u53c2\u6570","text":"\u200b\u4f7f\u7528\u200b\u7f16\u8f91\u5668\u200b\u6253\u5f00\u200b\u811a\u672c\u200b\uff0c\u200b\u5e76\u200b\u4fee\u6539\u200b\u4e0b\u5217\u200b\u53d8\u91cf\u200b\u4e3a\u200b\u9884\u671f\u200b\u503c\u200b\uff1a
REGISTRY=\"kubeovn\" # \u200b\u955c\u50cf\u200b\u4ed3\u5e93\u200b\u5730\u5740\u200b\nVERSION=\"v1.12.13\" # \u200b\u955c\u50cf\u200b\u7248\u672c\u200b/Tag\nPOD_CIDR=\"10.16.0.0/16\" # \u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b CIDR \u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/JOIN CIDR \u200b\u91cd\u53e0\u200b\nSVC_CIDR=\"10.96.0.0/12\" # \u200b\u9700\u8981\u200b\u548c\u200b apiserver \u200b\u7684\u200b service-cluster-ip-range \u200b\u4fdd\u6301\u4e00\u81f4\u200b\nJOIN_CIDR=\"100.64.0.0/16\" # Pod \u200b\u548c\u200b\u4e3b\u673a\u200b\u901a\u4fe1\u200b\u7f51\u7edc\u200b CIDR\uff0c\u200b\u4e0d\u8981\u200b\u548c\u200b SVC/NODE/POD CIDR \u200b\u91cd\u53e0\u200b \nLABEL=\"node-role.kubernetes.io/master\" # \u200b\u90e8\u7f72\u200b OVN DB \u200b\u8282\u70b9\u200b\u7684\u200b\u6807\u7b7e\u200b\nIFACE=\"\" # \u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u6240\u200b\u4f7f\u7528\u200b\u7684\u200b\u7684\u200b\u5bbf\u4e3b\u673a\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u5982\u679c\u200b\u4e3a\u200b\u7a7a\u5219\u200b\u4f7f\u7528\u200b Kubernetes \u200b\u4e2d\u200b\u7684\u200b Node IP \u200b\u6240\u5728\u200b\u7f51\u5361\u200b\nTUNNEL_TYPE=\"geneve\" # \u200b\u96a7\u9053\u200b\u5c01\u88c5\u200b\u534f\u8bae\u200b\uff0c\u200b\u53ef\u200b\u9009\u200b geneve, vxlan \u200b\u6216\u200b stt\uff0cstt \u200b\u9700\u8981\u200b\u5355\u72ec\u200b\u7f16\u8bd1\u200b ovs \u200b\u5185\u6838\u6a21\u5757\u200b\n
\u200b\u53ef\u200b\u4f7f\u7528\u200b\u6b63\u5219\u8868\u8fbe\u5f0f\u200b\u6765\u200b\u5339\u914d\u200b\u7f51\u5361\u200b\u540d\u200b\uff0c\u200b\u4f8b\u5982\u200b IFACE=enp6s0f0,eth.*\u3002
"},{"location":"start/one-step-install/#_5","title":"\u6267\u884c\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"bash install.sh
\u200b\u7b49\u5f85\u200b\u5b89\u88c5\u200b\u5b8c\u6210\u200b\u3002
"},{"location":"start/one-step-install/#helm-chart","title":"Helm Chart \u200b\u5b89\u88c5","text":"\u200b\u7531\u4e8e\u200b Kube-OVN \u200b\u7684\u200b\u5b89\u88c5\u200b\uff0c\u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e00\u4e9b\u200b\u53c2\u6570\u200b\uff0c\u200b\u56e0\u6b64\u200b\u4f7f\u7528\u200b Helm \u200b\u5b89\u88c5\u200b Kube-OVN\uff0c\u200b\u9700\u8981\u200b\u6309\u7167\u200b\u4ee5\u4e0b\u200b\u6b65\u9aa4\u200b\u6267\u884c\u200b\u3002
"},{"location":"start/one-step-install/#ip","title":"\u67e5\u770b\u200b\u8282\u70b9\u200b IP \u200b\u5730\u5740","text":"$ kubectl get node -o wide\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\nkube-ovn-control-plane NotReady control-plane 20h v1.26.0 172.18.0.3 <none> Ubuntu 22.04.1 LTS 5.10.104-linuxkit containerd://1.6.9\nkube-ovn-worker NotReady <none> 20h v1.26.0 172.18.0.2 <none> Ubuntu 22.04.1 LTS 5.10.104-linuxkit containerd://1.6.9\n
"},{"location":"start/one-step-install/#master","title":"\u53bb\u6389\u200b\u96c6\u7fa4\u200b master \u200b\u8282\u70b9\u200b\u6c61\u70b9","text":"$ kubectl taint node kube-ovn-control-plane node-role.kubernetes.io/control-plane:NoSchedule-\nnode/kube-ovn-control-plane untainted\n
\u200b\u5982\u679c\u200b\u786e\u5b9a\u200b\u4e0d\u200b\u9700\u8981\u200b\u5728\u200b master \u200b\u8282\u70b9\u200b\u8c03\u5ea6\u200b\u4e1a\u52a1\u200b Pod\uff0c\u200b\u8fd9\u200b\u4e00\u6b65\u200b\u53ef\u4ee5\u200b\u8df3\u8fc7\u200b\u3002
"},{"location":"start/one-step-install/#label","title":"\u7ed9\u200b\u8282\u70b9\u200b\u6dfb\u52a0\u200b label","text":"$ kubectl label node -lbeta.kubernetes.io/os=linux kubernetes.io/os=linux --overwrite\nnode/kube-ovn-control-plane not labeled\nnode/kube-ovn-worker not labeled\n\n$ kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=master --overwrite\nnode/kube-ovn-control-plane labeled\n\n# \u200b\u4ee5\u4e0b\u200b label \u200b\u7528\u4e8e\u200b dpdk \u200b\u955c\u50cf\u200b\u7684\u200b\u5b89\u88c5\u200b\uff0c\u200b\u975e\u200b dpdk \u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5ffd\u7565\u200b\n$ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel --overwrite\nnode/kube-ovn-control-plane labeled\nnode/kube-ovn-worker labeled\n
"},{"location":"start/one-step-install/#helm-repo","title":"\u6dfb\u52a0\u200b Helm Repo \u200b\u4fe1\u606f","text":"$ helm repo add kubeovn https://kubeovn.github.io/kube-ovn/\n\"kubeovn\" has been added to your repositories\n\n$ helm repo list\nNAME URL\nkubeovn https://kubeovn.github.io/kube-ovn/\n\n$ helm search repo kubeovn\nNAME CHART VERSION APP VERSION DESCRIPTION\nkubeovn/kube-ovn 0.1.0 1.12.0 Helm chart for Kube-OVN\n
"},{"location":"start/one-step-install/#helm-install-kube-ovn","title":"\u6267\u884c\u200b helm install \u200b\u5b89\u88c5\u200b Kube-OVN","text":"Node0IP\u3001Node1IP\u3001Node2IP \u200b\u53c2\u6570\u200b\u5206\u522b\u200b\u4e3a\u200b\u96c6\u7fa4\u200b master \u200b\u8282\u70b9\u200b\u7684\u200b IP \u200b\u5730\u5740\u200b\u3002\u200b\u5176\u4ed6\u200b\u53c2\u6570\u200b\u7684\u200b\u8bbe\u7f6e\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u53c2\u8003\u200b values.yaml \u200b\u6587\u4ef6\u200b\u4e2d\u200b\u53d8\u91cf\u200b\u5b9a\u4e49\u200b\u3002
# \u200b\u5355\u200b master \u200b\u8282\u70b9\u200b\u73af\u5883\u200b\u5b89\u88c5\u200b\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=${Node0IP}\n\n# \u200b\u4ee5\u4e0a\u200b\u8fb9\u200b\u7684\u200b node \u200b\u4fe1\u606f\u200b\u4e3a\u4f8b\u200b\uff0c\u200b\u6267\u884c\u200b\u5b89\u88c5\u200b\u547d\u4ee4\u200b\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=172.18.0.3\nNAME: kube-ovn\nLAST DEPLOYED: Fri Mar 31 12:43:43 2023\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\n\n# \u200b\u9ad8\u200b\u53ef\u7528\u200b\u96c6\u7fa4\u200b\u5b89\u88c5\u200b\n$ helm install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=${Node0IP}\\,${Node1IP}\\,${Node2IP} --set replicaCount=3\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/prepare/","title":"\u51c6\u5907\u200b\u5de5\u4f5c","text":"Kube-OVN \u200b\u662f\u200b\u4e00\u4e2a\u200b\u7b26\u5408\u200b CNI \u200b\u89c4\u8303\u200b\u7684\u200b\u7f51\u7edc\u200b\u7ec4\u4ef6\u200b\uff0c\u200b\u5176\u200b\u8fd0\u884c\u200b\u9700\u8981\u200b\u4f9d\u8d56\u200b Kubernetes \u200b\u73af\u5883\u200b\u53ca\u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u6838\u200b\u7f51\u7edc\u200b\u6a21\u5757\u200b\u3002 \u200b\u4ee5\u4e0b\u200b\u662f\u200b\u901a\u8fc7\u200b\u6d4b\u8bd5\u200b\u7684\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u548c\u200b\u8f6f\u4ef6\u200b\u7248\u672c\u200b\uff0c\u200b\u73af\u5883\u200b\u914d\u7f6e\u200b\u548c\u200b\u6240\u200b\u9700\u8981\u200b\u5f00\u653e\u200b\u7684\u200b\u7aef\u53e3\u200b\u4fe1\u606f\u200b\u3002
"},{"location":"start/prepare/#_2","title":"\u8f6f\u4ef6\u200b\u7248\u672c","text":" - Kubernetes >= 1.23\u3002
- Docker >= 1.12.6, Containerd >= 1.3.4\u3002
- \u200b\u64cd\u4f5c\u7cfb\u7edf\u200b: CentOS 7/8, Ubuntu 16.04/18.04/20.04\u3002
- \u200b\u5176\u4ed6\u200b Linux \u200b\u53d1\u884c\u7248\u200b\uff0c\u200b\u9700\u8981\u200b\u68c0\u67e5\u4e00\u4e0b\u200b\u5185\u6838\u6a21\u5757\u200b\u662f\u5426\u200b\u5b58\u5728\u200b
geneve, openvswitch, ip_tables \u200b\u548c\u200b iptable_nat\uff0cKube-OVN \u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\u4f9d\u8d56\u200b\u4e0a\u8ff0\u200b\u6a21\u5757\u200b\u3002
\u200b\u6ce8\u610f\u4e8b\u9879\u200b\uff1a
- \u200b\u5982\u679c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e3a\u200b 3.10.0-862 \u200b\u5185\u6838\u200b
netfilter \u200b\u6a21\u5757\u200b\u5b58\u5728\u200b bug \u200b\u4f1a\u200b\u5bfc\u81f4\u200b Kube-OVN \u200b\u5185\u7f6e\u200b\u8d1f\u8f7d\u200b\u5747\u8861\u5668\u200b\u65e0\u6cd5\u200b\u5de5\u4f5c\u200b\uff0c\u200b\u9700\u8981\u200b\u5bf9\u200b\u5185\u6838\u200b\u5347\u7ea7\u200b\uff0c\u200b\u5efa\u8bae\u200b\u4f7f\u7528\u200b CentOS \u200b\u5b98\u65b9\u200b\u5bf9\u5e94\u200b\u7248\u672c\u200b\u6700\u65b0\u200b\u5185\u6838\u200b\u4fdd\u8bc1\u7cfb\u7edf\u200b\u7684\u200b\u5b89\u5168\u200b\u3002\u200b\u76f8\u5173\u200b\u5185\u6838\u200b bug \u200b\u53c2\u8003\u200b Floating IPs broken after kernel upgrade to Centos/RHEL 7.5 - DNAT not working\u3002 - Rocky Linux 8.6 \u200b\u7684\u200b\u5185\u6838\u200b 4.18.0-372.9.1.el8.x86_64 \u200b\u5b58\u5728\u200b TCP \u200b\u901a\u4fe1\u200b\u95ee\u9898\u200b TCP connection failed in Rocky Linux 8.6\uff0c\u200b\u8bf7\u200b\u5347\u7ea7\u200b\u5185\u6838\u200b\u81f3\u200b 4.18.0-372.13.1.el8_6.x86_64 \u200b\u6216\u200b\u66f4\u200b\u9ad8\u200b\u7248\u672c\u200b\u3002
- \u200b\u5982\u679c\u200b\u5185\u6838\u200b\u7248\u672c\u200b\u4e3a\u200b 4.4 \u200b\u5219\u200b\u5bf9\u5e94\u200b\u7684\u200b\u5185\u6838\u200b
openvswitch \u200b\u6a21\u5757\u200b\u5b58\u5728\u200b\u95ee\u9898\u200b\uff0c\u200b\u5efa\u8bae\u200b\u5347\u7ea7\u200b\u6216\u200b\u624b\u52a8\u200b\u7f16\u8bd1\u200b openvswitch \u200b\u65b0\u200b\u7248\u672c\u200b\u6a21\u5757\u200b\u8fdb\u884c\u200b\u66f4\u65b0\u200b - Geneve \u200b\u96a7\u9053\u200b\u5efa\u7acb\u200b\u9700\u8981\u200b\u68c0\u67e5\u200b IPv6\uff0c\u200b\u53ef\u200b\u901a\u8fc7\u200b
cat /proc/cmdline \u200b\u68c0\u67e5\u200b\u5185\u6838\u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\uff0c \u200b\u76f8\u5173\u200b\u5185\u6838\u200b bug \u200b\u8bf7\u200b\u53c2\u8003\u200b Geneve tunnels don't work when ipv6 is disabled\u3002
"},{"location":"start/prepare/#_3","title":"\u73af\u5883\u200b\u914d\u7f6e","text":" - Kernel \u200b\u542f\u52a8\u200b\u9700\u8981\u200b\u5f00\u542f\u200b IPv6, \u200b\u5982\u679c\u200b kernel \u200b\u542f\u52a8\u200b\u53c2\u6570\u200b\u5305\u542b\u200b
ipv6.disable=1 \u200b\u9700\u8981\u200b\u5c06\u200b\u5176\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b 0\u3002 kube-proxy \u200b\u6b63\u5e38\u200b\u5de5\u4f5c\u200b\uff0cKube-OVN \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b Service ClusterIP \u200b\u8bbf\u95ee\u200b\u5230\u200b kube-apiserver\u3002- \u200b\u786e\u8ba4\u200b kubelet \u200b\u914d\u7f6e\u200b\u53c2\u6570\u200b\u5f00\u542f\u200b\u4e86\u200b CNI\uff0c\u200b\u5e76\u4e14\u200b\u914d\u7f6e\u200b\u5728\u200b\u6807\u51c6\u200b\u8def\u5f84\u200b\u4e0b\u200b, kubelet \u200b\u542f\u52a8\u200b\u65f6\u5e94\u200b\u5305\u542b\u200b\u5982\u4e0b\u200b\u53c2\u6570\u200b
--network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-conf-dir=/etc/cni/net.d\u3002 - \u200b\u786e\u8ba4\u200b\u672a\u200b\u5b89\u88c5\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u6216\u8005\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u5df2\u7ecf\u200b\u88ab\u200b\u6e05\u9664\u200b\uff0c\u200b\u68c0\u67e5\u200b
/etc/cni/net.d/ \u200b\u8def\u5f84\u200b\u4e0b\u200b\u65e0\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u914d\u7f6e\u6587\u4ef6\u200b\u3002\u200b\u5982\u679c\u200b\u4e4b\u524d\u200b\u5b89\u88c5\u200b\u8fc7\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u5efa\u8bae\u200b\u5220\u9664\u200b\u540e\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u6e05\u7406\u200b\u6b8b\u7559\u200b\u7f51\u7edc\u8d44\u6e90\u200b\u3002
"},{"location":"start/prepare/#_4","title":"\u7aef\u53e3\u200b\u4fe1\u606f","text":"\u7ec4\u4ef6\u200b \u200b\u7aef\u53e3\u200b \u200b\u7528\u9014\u200b ovn-central 6641/tcp, 6642/tcp, 6643/tcp, 6644/tcp ovn-db \u200b\u548c\u200b raft server \u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b ovs-ovn Geneve 6081/udp, STT 7471/tcp, Vxlan 4789/udp \u200b\u96a7\u9053\u200b\u7aef\u53e3\u200b kube-ovn-controller 10660/tcp \u200b\u76d1\u63a7\u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b kube-ovn-daemon 10665/tcp \u200b\u76d1\u63a7\u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b kube-ovn-monitor 10661/tcp \u200b\u76d1\u63a7\u200b\u76d1\u542c\u200b\u7aef\u53e3\u200b \u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/sealos-install/","title":"\u4f7f\u7528\u200b sealos \u200b\u4e00\u952e\u200b\u90e8\u7f72\u200b Kubernetes \u200b\u548c\u200b Kube-OVN","text":"sealos \u200b\u4f5c\u4e3a\u200b Kubernetes \u200b\u7684\u200b\u4e00\u4e2a\u200b\u53d1\u884c\u7248\u200b\uff0c\u200b\u901a\u8fc7\u200b\u6781\u7b80\u200b\u7684\u200b\u4f7f\u7528\u200b\u65b9\u5f0f\u200b\u548c\u200b\u56fd\u5185\u200b\u7684\u200b\u955c\u50cf\u200b\u4ed3\u5e93\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5e2e\u52a9\u200b\u7528\u6237\u200b\u5feb\u901f\u200b\u4ece\u200b\u96f6\u200b\u521d\u59cb\u5316\u200b\u4e00\u4e2a\u200b\u5bb9\u5668\u200b\u96c6\u7fa4\u200b\u3002 \u200b\u901a\u8fc7\u200b\u4f7f\u7528\u200b sealos \u200b\u7528\u6237\u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u4e00\u6761\u200b\u547d\u4ee4\u200b\u5728\u200b\u51e0\u5206\u949f\u200b\u5185\u200b\u90e8\u7f72\u200b\u51fa\u200b\u4e00\u4e2a\u200b\u5b89\u88c5\u200b\u597d\u200b Kube-OVN \u200b\u7684\u200b Kubernetes \u200b\u96c6\u7fa4\u200b\u3002
"},{"location":"start/sealos-install/#sealos","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b sealos","text":"AMD64 ARM64 wget https://github.com/labring/sealos/releases/download/v4.1.4/sealos_4.1.4_linux_amd64.tar.gz && \\\ntar -zxvf sealos_4.1.4_linux_amd64.tar.gz sealos && chmod +x sealos && mv sealos /usr/bin\n
wget https://github.com/labring/sealos/releases/download/v4.1.4/sealos_4.1.4_linux_arm64.tar.gz && \\\ntar -zxvf sealos_4.1.4_linux_arm64.tar.gz sealos && chmod +x sealos && mv sealos /usr/bin\n
"},{"location":"start/sealos-install/#kubernetes-kube-ovn","title":"\u90e8\u7f72\u200b Kubernetes \u200b\u548c\u200b Kube-OVN","text":"```bash\nsealos run labring/kubernetes:v1.24.3 labring/kube-ovn:v1.10.5 \\\n --masters [masters ips seperated by comma] \\\n --nodes [nodes ips seperated by comma] -p [your-ssh-passwd]\n```\n
"},{"location":"start/sealos-install/#_1","title":"\u7b49\u5f85\u200b\u90e8\u7f72\u200b\u5b8c\u6210","text":"```bash\n[Step 6/6] Finish\n\n ,,,,\n ,::,\n ,,::,,,,\n ,,,,,::::::::::::,,,,,\n ,,,::::::::::::::::::::::,,,\n ,,::::::::::::::::::::::::::::,,\n ,,::::::::::::::::::::::::::::::::,,\n ,::::::::::::::::::::::::::::::::::::,\n ,:::::::::::::,, ,,:::::,,,::::::::::,\n ,,:::::::::::::, ,::, ,:::::::::,\n ,:::::::::::::, :x, ,:: :, ,:::::::::,\n,:::::::::::::::, ,,, ,::, ,, ,::::::::::,\n,:::::::::::::::::,,,,,,:::::,,,,::::::::::::, ,:, ,:, ,xx, ,:::::, ,:, ,:: :::, ,x\n,::::::::::::::::::::::::::::::::::::::::::::, :x: ,:xx: , :xx, :xxxxxxxxx, :xx, ,xx:,xxxx, :x\n,::::::::::::::::::::::::::::::::::::::::::::, :xxxxx:, ,xx, :x: :xxx:x::, ::xxxx: :xx:, ,:xxx :xx, ,xx: ,xxxxx:, :x\n,::::::::::::::::::::::::::::::::::::::::::::, :xxxxx, :xx, :x: :xxx,,:xx,:xx:,:xx, ,,,,,,,,,xxx, ,xx: :xx:xx: ,xxx,:xx::x\n,::::::,,::::::::,,::::::::,,:::::::,,,::::::, :x:,xxx: ,xx, :xx :xx: ,xx,xxxxxx:, ,xxxxxxx:,xxx:, ,xxx, :xxx: ,xxx, :xxxx\n,::::, ,::::, ,:::::, ,,::::, ,::::, :x: ,:xx,,:xx::xxxx,,xxx::xx: :xx::::x: ,,,,,, ,xxxxxxxxx, ,xx: ,xxx, :xxx\n,::::, ,::::, ,::::, ,::::, ,::::, ,:, ,:, ,,::,,:, ,::::,, ,:::::, ,,:::::, ,, :x: ,::\n,::::, ,::::, ,::::, ,::::, ,::::,\n ,,,,, ,::::, ,::::, ,::::, ,:::, ,,,,,,,,,,,,,\n ,::::, ,::::, ,::::, ,:::, ,,,:::::::::::::::,\n ,::::, ,::::, ,::::, ,::::, ,,,,:::::::::,,,,,,,:::,\n ,::::, ,::::, ,::::, ,::::::::::::,,,,,\n ,,,, ,::::, ,,,, ,,,::::,,,,\n ,::::,\n ,,::,\n\nThanks for choosing Kube-OVN!\nFor more advanced features, please read https://github.com/kubeovn/kube-ovn#documents\nIf you have any question, please file an issue https://github.com/kubeovn/kube-ovn/issues/new/choose\n2022-08-10T16:31:34 info succeeded in creating a new cluster, enjoy it!\n2022-08-10T16:31:34 info\n ___ ___ ___ ___ ___ ___\n /\\ \\ /\\ \\ /\\ \\ /\\__\\ /\\ \\ /\\ \\\n /::\\ \\ /::\\ \\ /::\\ \\ /:/ / /::\\ \\ /::\\ \\\n /:/\\ \\ \\ /:/\\:\\ \\ /:/\\:\\ \\ /:/ / /:/\\:\\ \\ /:/\\ \\ \\\n _\\:\\~\\ \\ \\ /::\\~\\:\\ \\ /::\\~\\:\\ \\ /:/ / /:/ \\:\\ \\ _\\:\\~\\ \\ \\\n /\\ \\:\\ \\ \\__\\ /:/\\:\\ \\:\\__\\ /:/\\:\\ \\:\\__\\ /:/__/ /:/__/ \\:\\__\\ /\\ \\:\\ \\ \\__\\\n \\:\\ \\:\\ \\/__/ \\:\\~\\:\\ \\/__/ \\/__\\:\\/:/ / \\:\\ \\ \\:\\ \\ /:/ / \\:\\ \\:\\ \\/__/\n \\:\\ \\:\\__\\ \\:\\ \\:\\__\\ \\::/ / \\:\\ \\ \\:\\ /:/ / \\:\\ \\:\\__\\\n \\:\\/:/ / \\:\\ \\/__/ /:/ / \\:\\ \\ \\:\\/:/ / \\:\\/:/ /\n \\::/ / \\:\\__\\ /:/ / \\:\\__\\ \\::/ / \\::/ /\n \\/__/ \\/__/ \\/__/ \\/__/ \\/__/ \\/__/\n\n Website :https://www.sealos.io/\n Address :github.com/labring/sealos\n```\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/underlay/","title":"Underlay \u200b\u7f51\u7edc\u200b\u5b89\u88c5","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Kube-OVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u4f7f\u7528\u200b Geneve \u200b\u5bf9\u200b\u8de8\u200b\u4e3b\u673a\u200b\u6d41\u91cf\u200b\u8fdb\u884c\u200b\u5c01\u88c5\u200b\uff0c\u200b\u5728\u200b\u57fa\u7840\u8bbe\u65bd\u200b\u4e4b\u4e0a\u200b\u62bd\u8c61\u200b\u51fa\u200b\u4e00\u5c42\u200b\u865a\u62df\u200b\u7684\u200b Overlay \u200b\u7f51\u7edc\u200b\u3002
\u200b\u5bf9\u4e8e\u200b\u5e0c\u671b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u7269\u7406\u200b\u7f51\u7edc\u5730\u5740\u200b\u6bb5\u200b\u60c5\u51b5\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u5c06\u200b Kube-OVN \u200b\u7684\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u5de5\u4f5c\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u76f4\u63a5\u200b\u7ed9\u200b\u5bb9\u5668\u200b\u5206\u914d\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e2d\u200b\u7684\u200b\u5730\u5740\u200b\u8d44\u6e90\u200b\uff0c\u200b\u8fbe\u5230\u200b\u66f4\u597d\u200b\u7684\u200b\u6027\u80fd\u200b\u4ee5\u53ca\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7684\u200b\u8fde\u901a\u6027\u200b\u3002
"},{"location":"start/underlay/#_1","title":"\u529f\u80fd\u200b\u9650\u5236","text":"\u200b\u7531\u4e8e\u200b\u8be5\u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u5bb9\u5668\u200b\u7f51\u7edc\u200b\u76f4\u63a5\u200b\u4f7f\u7528\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u8fdb\u884c\u200b\u4e8c\u5c42\u200b\u5305\u8f6c\u53d1\u200b\uff0cOverlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\u7684\u200b SNAT/EIP\uff0c \u200b\u5206\u5e03\u5f0f\u200b\u7f51\u5173\u200b/\u200b\u96c6\u4e2d\u5f0f\u200b\u7f51\u5173\u200b\u7b49\u200b L3 \u200b\u529f\u80fd\u200b\u65e0\u6cd5\u200b\u4f7f\u7528\u200b\uff0cVPC \u200b\u7ea7\u522b\u200b\u7684\u200b\u9694\u79bb\u200b\u4e5f\u200b\u65e0\u6cd5\u200b\u5bf9\u200b Underlay \u200b\u5b50\u7f51\u200b\u751f\u6548\u200b\u3002
"},{"location":"start/underlay/#macvlan","title":"\u548c\u200b Macvlan \u200b\u6bd4\u8f83","text":"Kube-OVN \u200b\u7684\u200b Underlay \u200b\u6a21\u5f0f\u200b\u548c\u200b Macvlan \u200b\u5de5\u4f5c\u200b\u6a21\u5f0f\u200b\u5341\u5206\u200b\u7c7b\u4f3c\u200b\uff0c\u200b\u5728\u200b\u529f\u80fd\u200b\u548c\u200b\u6027\u80fd\u200b\u4e0a\u200b\u4e3b\u8981\u200b\u6709\u200b\u4ee5\u4e0b\u200b\u51e0\u4e2a\u200b\u533a\u522b\u200b\uff1a
- \u200b\u7531\u4e8e\u200b Macvlan \u200b\u7684\u200b\u5185\u6838\u200b\u8def\u5f84\u200b\u66f4\u200b\u77ed\u200b\uff0c\u200b\u5e76\u4e14\u200b\u4e0d\u200b\u9700\u8981\u200b OVS \u200b\u5bf9\u200b\u6570\u636e\u5305\u200b\u8fdb\u884c\u200b\u5904\u7406\u200b\uff0cMacvlan \u200b\u5728\u200b\u541e\u5410\u91cf\u200b\u548c\u200b\u5ef6\u8fdf\u200b\u6027\u80fd\u6307\u6807\u200b\u4e0a\u200b\u8868\u73b0\u200b\u4f1a\u200b\u66f4\u597d\u200b\u3002
- Kube-OVN \u200b\u901a\u8fc7\u200b\u6d41\u8868\u200b\u63d0\u4f9b\u200b\u4e86\u200b arp-proxy \u200b\u529f\u80fd\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u7f13\u89e3\u200b\u5927\u89c4\u6a21\u200b\u7f51\u7edc\u200b\u4e0b\u200b\u7684\u200b arp \u200b\u5e7f\u64ad\u200b\u98ce\u66b4\u200b\u98ce\u9669\u200b\u3002
- \u200b\u7531\u4e8e\u200b Macvlan \u200b\u5de5\u4f5c\u200b\u5728\u200b\u5185\u6838\u200b\u5e95\u5c42\u200b\uff0c\u200b\u4f1a\u200b\u7ed5\u8fc7\u200b\u5bbf\u4e3b\u673a\u200b\u7684\u200b netfilter\uff0cService \u200b\u548c\u200b NetworkPolicy \u200b\u529f\u80fd\u200b\u9700\u8981\u200b\u989d\u5916\u200b\u5f00\u53d1\u200b\u3002Kube-OVN \u200b\u901a\u8fc7\u200b OVS \u200b\u6d41\u8868\u200b\u63d0\u4f9b\u200b\u4e86\u200b Service \u200b\u548c\u200b NetworkPolicy \u200b\u7684\u200b\u80fd\u529b\u200b\u3002
- Kube-OVN \u200b\u7684\u200b Underlay \u200b\u6a21\u5f0f\u200b\u76f8\u6bd4\u200b Macvlan \u200b\u989d\u5916\u200b\u63d0\u4f9b\u200b\u4e86\u200b\u5730\u5740\u200b\u7ba1\u7406\u200b\uff0c\u200b\u56fa\u5b9a\u200b IP \u200b\u548c\u200b QoS \u200b\u7b49\u200b\u529f\u80fd\u200b\u3002
"},{"location":"start/underlay/#_2","title":"\u73af\u5883\u200b\u8981\u6c42","text":"\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u4e0b\u200b\uff0cOVS \u200b\u5c06\u4f1a\u200b\u6865\u63a5\u200b\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u5230\u200b OVS \u200b\u7f51\u6865\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u6570\u636e\u5305\u200b\u76f4\u63a5\u200b\u901a\u8fc7\u200b\u8be5\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u5bf9\u5916\u200b\u53d1\u9001\u200b\uff0cL2/L3 \u200b\u5c42\u9762\u200b\u7684\u200b\u8f6c\u53d1\u200b\u80fd\u529b\u200b\u9700\u8981\u200b\u4f9d\u8d56\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u3002 \u200b\u9700\u8981\u200b\u9884\u5148\u200b\u5728\u200b\u5e95\u5c42\u200b\u7f51\u7edc\u8bbe\u5907\u200b\u914d\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5173\u200b\u3001Vlan \u200b\u548c\u200b\u5b89\u5168\u7b56\u7565\u200b\u7b49\u200b\u914d\u7f6e\u200b\u3002
- \u200b\u5bf9\u4e8e\u200b OpenStack \u200b\u7684\u200b VM \u200b\u73af\u5883\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b\u5bf9\u5e94\u200b\u7f51\u7edc\u200b\u7aef\u53e3\u200b\u7684\u200b
PortSecurity \u200b\u5173\u95ed\u200b\u3002 - \u200b\u5bf9\u4e8e\u200b VMware \u200b\u7684\u200b vSwitch \u200b\u7f51\u7edc\u200b\uff0c\u200b\u9700\u8981\u200b\u5c06\u200b
MAC Address Changes, Forged Transmits \u200b\u548c\u200b Promiscuous Mode Operation \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b allow\u3002 - \u200b\u5bf9\u4e8e\u200b Hyper-V \u200b\u865a\u62df\u5316\u200b\uff0c\u200b\u9700\u8981\u200b\u5f00\u542f\u200b\u865a\u62df\u673a\u200b\u7f51\u5361\u200b\u9ad8\u7ea7\u200b\u529f\u80fd\u200b\u4e2d\u200b\u7684\u200b
MAC Address Spoofing\u3002 - \u200b\u516c\u6709\u200b\u4e91\u200b\uff0c\u200b\u4f8b\u5982\u200b AWS\u3001GCE\u3001\u200b\u963f\u91cc\u200b\u4e91\u200b\u7b49\u200b\u7531\u4e8e\u200b\u4e0d\u200b\u652f\u6301\u200b\u7528\u6237\u200b\u81ea\u5b9a\u4e49\u200b Mac \u200b\u65e0\u6cd5\u200b\u652f\u6301\u200b Underlay \u200b\u6a21\u5f0f\u200b\u7f51\u7edc\u200b\uff0c\u200b\u5728\u200b\u8fd9\u79cd\u200b\u573a\u666f\u200b\u4e0b\u200b\u5982\u679c\u200b\u60f3\u200b\u4f7f\u7528\u200b Underlay \u200b\u63a8\u8350\u200b\u4f7f\u7528\u200b\u5bf9\u5e94\u200b\u516c\u6709\u200b\u4e91\u200b\u5382\u5546\u200b\u63d0\u4f9b\u200b\u7684\u200b VPC-CNI\u3002
- \u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u4e0d\u80fd\u200b\u4e3a\u200b Linux Bridge\u3002
\u200b\u5bf9\u4e8e\u200b\u7ba1\u7406\u200b\u7f51\u200b\u548c\u200b\u5bb9\u5668\u200b\u7f51\u200b\u4f7f\u7528\u200b\u540c\u4e00\u4e2a\u200b\u7f51\u5361\u200b\u7684\u200b\u60c5\u51b5\u200b\u4e0b\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u5c06\u200b\u7f51\u5361\u200b\u7684\u200b Mac \u200b\u5730\u5740\u200b\u3001IP \u200b\u5730\u5740\u200b\u3001\u200b\u8def\u7531\u200b\u4ee5\u53ca\u200b MTU \u200b\u5c06\u200b\u8f6c\u79fb\u200b\u6216\u200b\u590d\u5236\u200b\u81f3\u200b\u5bf9\u5e94\u200b\u7684\u200b OVS Bridge\uff0c \u200b\u4ee5\u200b\u652f\u6301\u200b\u5355\u200b\u7f51\u5361\u200b\u90e8\u7f72\u200b Underlay \u200b\u7f51\u7edc\u200b\u3002OVS Bridge \u200b\u540d\u79f0\u200b\u683c\u5f0f\u200b\u4e3a\u200b br-PROVIDER_NAME\uff0cPROVIDER_NAME \u200b\u4e3a\u200b Provider \u200b\u7f51\u7edc\u200b\u540d\u79f0\u200b\uff08\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b provider\uff09\u3002
"},{"location":"start/underlay/#_3","title":"\u90e8\u7f72\u200b\u65f6\u200b\u6307\u5b9a\u200b\u7f51\u7edc\u200b\u6a21\u5f0f","text":"\u200b\u8be5\u200b\u90e8\u7f72\u200b\u6a21\u5f0f\u200b\u5c06\u200b\u9ed8\u8ba4\u200b\u5b50\u7f51\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b Underlay \u200b\u6a21\u5f0f\u200b\uff0c\u200b\u6240\u6709\u200b\u672a\u6307\u5b9a\u200b\u5b50\u7f51\u200b\u7684\u200b Pod \u200b\u5747\u4f1a\u200b\u9ed8\u8ba4\u200b\u8fd0\u884c\u200b\u5728\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e2d\u200b\u3002
"},{"location":"start/underlay/#_4","title":"\u4e0b\u8f7d\u5b89\u88c5\u200b\u811a\u672c","text":"wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh\n
"},{"location":"start/underlay/#_5","title":"\u4fee\u6539\u200b\u811a\u672c\u200b\u4e2d\u200b\u76f8\u5e94\u200b\u914d\u7f6e","text":"ENABLE_ARP_DETECT_IP_CONFLICT # \u200b\u5982\u200b\u6709\u200b\u9700\u8981\u200b\uff0c\u200b\u53ef\u4ee5\u200b\u9009\u62e9\u200b\u5173\u95ed\u200b vlan \u200b\u7f51\u7edc\u200b arp \u200b\u51b2\u7a81\u68c0\u6d4b\u200b\nNETWORK_TYPE # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b vlan\nVLAN_INTERFACE_NAME # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u5bbf\u4e3b\u673a\u200b\u4e0a\u200b\u627f\u62c5\u200b\u5bb9\u5668\u200b\u6d41\u91cf\u200b\u7684\u200b\u7f51\u5361\u200b\uff0c\u200b\u4f8b\u5982\u200b eth1\nVLAN_ID # \u200b\u4ea4\u6362\u673a\u200b\u6240\u200b\u63a5\u53d7\u200b\u7684\u200b VLAN Tag\uff0c\u200b\u82e5\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b 0 \u200b\u5219\u200b\u4e0d\u200b\u505a\u200b VLAN \u200b\u5c01\u88c5\u200b\nPOD_CIDR # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b CIDR\uff0c \u200b\u4f8b\u5982\u200b 192.168.1.0/24\nPOD_GATEWAY # \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7f51\u5173\u200b\uff0c\u200b\u4f8b\u5982\u200b 192.168.1.1\nEXCLUDE_IPS # \u200b\u6392\u9664\u200b\u8303\u56f4\u200b\uff0c\u200b\u907f\u514d\u200b\u5bb9\u5668\u200b\u7f51\u6bb5\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u5df2\u200b\u7528\u200b IP \u200b\u51b2\u7a81\u200b\uff0c\u200b\u4f8b\u5982\u200b 192.168.1.1..192.168.1.100\nENABLE_LB # \u200b\u5982\u679c\u200b Underlay \u200b\u5b50\u7f51\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b Service \u200b\u9700\u8981\u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true \nEXCHANGE_LINK_NAME # \u200b\u662f\u5426\u200b\u4ea4\u6362\u200b\u9ed8\u8ba4\u200b provider-network \u200b\u4e0b\u200b OVS \u200b\u7f51\u6865\u200b\u548c\u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u7684\u200b\u540d\u5b57\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b false\nLS_DNAT_MOD_DL_DST # DNAT \u200b\u65f6\u200b\u662f\u5426\u200b\u5bf9\u200b MAC \u200b\u5730\u5740\u200b\u8fdb\u884c\u200b\u8f6c\u6362\u200b\uff0c\u200b\u53ef\u200b\u52a0\u901f\u200b Service \u200b\u7684\u200b\u8bbf\u95ee\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u4e3a\u200b true\n
"},{"location":"start/underlay/#_6","title":"\u8fd0\u884c\u200b\u5b89\u88c5\u200b\u811a\u672c","text":"bash install.sh\n
"},{"location":"start/underlay/#crd-underlay","title":"\u901a\u8fc7\u200b CRD \u200b\u52a8\u6001\u521b\u5efa\u200b Underlay \u200b\u7f51\u7edc","text":"\u200b\u8be5\u200b\u65b9\u5f0f\u200b\u53ef\u200b\u5728\u200b\u5b89\u88c5\u200b\u540e\u200b\u52a8\u6001\u200b\u7684\u200b\u521b\u5efa\u200b\u67d0\u4e2a\u200b Underlay \u200b\u5b50\u7f51\u200b\u4f9b\u200b Pod \u200b\u4f7f\u7528\u200b\u3002\u200b\u9700\u8981\u200b\u914d\u7f6e\u200b ProviderNetwork\uff0cVlan \u200b\u548c\u200b Subnet \u200b\u4e09\u79cd\u200b\u81ea\u5b9a\u4e49\u200b\u8d44\u6e90\u200b\u3002
"},{"location":"start/underlay/#providernetwork","title":"\u521b\u5efa\u200b ProviderNetwork","text":"ProviderNetwork \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u4e3b\u673a\u200b\u7f51\u5361\u200b\u5230\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u6620\u5c04\u200b\u7684\u200b\u62bd\u8c61\u200b\uff0c\u200b\u5c06\u200b\u540c\u5c5e\u200b\u4e00\u4e2a\u200b\u7f51\u7edc\u200b\u7684\u200b\u7f51\u5361\u200b\u8fdb\u884c\u200b\u7edf\u4e00\u200b\u7ba1\u7406\u200b\uff0c \u200b\u5e76\u200b\u89e3\u51b3\u200b\u5728\u200b\u590d\u6742\u200b\u73af\u5883\u200b\u4e0b\u540c\u200b\u673a\u5668\u200b\u591a\u200b\u7f51\u5361\u200b\u3001\u200b\u7f51\u5361\u200b\u540d\u200b\u4e0d\u200b\u4e00\u81f4\u200b\u3001\u200b\u5bf9\u5e94\u200b Underlay \u200b\u7f51\u7edc\u200b\u4e0d\u200b\u4e00\u81f4\u200b\u7b49\u200b\u60c5\u51b5\u200b\u4e0b\u200b\u7684\u200b\u914d\u7f6e\u200b\u95ee\u9898\u200b\u3002
\u200b\u521b\u5efa\u200b\u5982\u4e0b\u200b ProviderNetwork \u200b\u5e76\u200b\u5e94\u7528\u200b:
apiVersion: kubeovn.io/v1\nkind: ProviderNetwork\nmetadata:\n name: net1\nspec:\n defaultInterface: eth1\n customInterfaces:\n - interface: eth2\n nodes:\n - node1\n excludeNodes:\n - node2\n
\u200b\u6ce8\u610f\u200b\uff1aProviderNetwork \u200b\u8d44\u6e90\u200b\u540d\u79f0\u200b\u7684\u200b\u957f\u5ea6\u200b\u4e0d\u5f97\u200b\u8d85\u8fc7\u200b 12\u3002
defaultInterface: \u200b\u4e3a\u200b\u9ed8\u8ba4\u200b\u4f7f\u7528\u200b\u7684\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u540d\u79f0\u200b\u3002 ProviderNetwork \u200b\u521b\u5efa\u200b\u6210\u529f\u200b\u540e\u200b\uff0c\u200b\u5404\u200b\u8282\u70b9\u200b\uff08\u200b\u9664\u200b excludeNodes \u200b\u5916\u200b\uff09\u200b\u4e2d\u200b\u4f1a\u200b\u521b\u5efa\u200b\u540d\u4e3a\u200b br-net1\uff08\u200b\u683c\u5f0f\u200b\u4e3a\u200b br-NAME\uff09\u200b\u7684\u200b OVS \u200b\u7f51\u6865\u200b\uff0c\u200b\u5e76\u200b\u5c06\u200b\u6307\u5b9a\u200b\u7684\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u6865\u63a5\u200b\u81f3\u6b64\u200b\u7f51\u6865\u200b\u3002customInterfaces: \u200b\u4e3a\u200b\u53ef\u9009\u9879\u200b\uff0c\u200b\u53ef\u200b\u9488\u5bf9\u200b\u7279\u5b9a\u200b\u8282\u70b9\u200b\u6307\u5b9a\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u7684\u200b\u7f51\u5361\u200b\u3002excludeNodes: \u200b\u53ef\u9009\u9879\u200b\uff0c\u200b\u7528\u4e8e\u200b\u6307\u5b9a\u200b\u4e0d\u200b\u6865\u63a5\u200b\u7f51\u5361\u200b\u7684\u200b\u8282\u70b9\u200b\u3002\u200b\u8be5\u200b\u5217\u8868\u200b\u4e2d\u200b\u7684\u200b\u8282\u70b9\u200b\u4f1a\u200b\u88ab\u200b\u6dfb\u52a0\u200b net1.provider-network.ovn.kubernetes.io/exclude=true \u200b\u6807\u7b7e\u200b\u3002
\u200b\u5176\u5b83\u200b\u8282\u70b9\u200b\u4f1a\u200b\u88ab\u200b\u6dfb\u52a0\u200b\u5982\u4e0b\u200b\u6807\u7b7e\u200b\uff1a
Key Value \u200b\u63cf\u8ff0\u200b net1.provider-network.ovn.kubernetes.io/ready true \u200b\u8282\u70b9\u200b\u4e2d\u200b\u7684\u200b\u6865\u63a5\u200b\u5de5\u4f5c\u200b\u5df2\u200b\u5b8c\u6210\u200b\uff0cProviderNetwork \u200b\u5728\u200b\u8282\u70b9\u200b\u4e2d\u200b\u53ef\u7528\u200b net1.provider-network.ovn.kubernetes.io/interface eth1 \u200b\u8282\u70b9\u200b\u4e2d\u200b\u88ab\u200b\u6865\u63a5\u200b\u7684\u200b\u7f51\u5361\u200b\u7684\u200b\u540d\u79f0\u200b net1.provider-network.ovn.kubernetes.io/mtu 1500 \u200b\u8282\u70b9\u200b\u4e2d\u200b\u88ab\u200b\u6865\u63a5\u200b\u7684\u200b\u7f51\u5361\u200b\u7684\u200b MTU \u200b\u5982\u679c\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u4e0a\u200b\u5df2\u7ecf\u200b\u914d\u7f6e\u200b\u4e86\u200b IP\uff0c\u200b\u5219\u200b IP \u200b\u5730\u5740\u200b\u548c\u200b\u7f51\u5361\u200b\u4e0a\u200b\u7684\u200b\u8def\u7531\u200b\u4f1a\u200b\u88ab\u200b\u8f6c\u79fb\u200b\u81f3\u200b\u5bf9\u5e94\u200b\u7684\u200b OVS \u200b\u7f51\u6865\u200b\u3002
"},{"location":"start/underlay/#vlan","title":"\u521b\u5efa\u200b VLAN","text":"Vlan \u200b\u63d0\u4f9b\u200b\u4e86\u200b\u5c06\u200b Vlan Tag \u200b\u548c\u200b ProviderNetwork \u200b\u8fdb\u884c\u200b\u7ed1\u5b9a\u200b\u7684\u200b\u80fd\u529b\u200b\u3002
\u200b\u521b\u5efa\u200b\u5982\u4e0b\u200b VLAN \u200b\u5e76\u200b\u5e94\u7528\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Vlan\nmetadata:\n name: vlan1\nspec:\n id: 0\n provider: net1\n
id: \u200b\u4e3a\u200b VLAN ID/Tag\uff0cKube-OVN \u200b\u4f1a\u200b\u5bf9\u200b\u5bf9\u200b\u8be5\u200b Vlan \u200b\u4e0b\u200b\u7684\u200b\u6d41\u91cf\u200b\u589e\u52a0\u200b Vlan \u200b\u6807\u7b7e\u200b\uff0c\u200b\u4e3a\u200b 0 \u200b\u65f6\u200b\u4e0d\u200b\u589e\u52a0\u200b\u4efb\u4f55\u200b\u6807\u7b7e\u200b\u3002provider: \u200b\u4e3a\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u7684\u200b ProviderNetwork \u200b\u8d44\u6e90\u200b\u7684\u200b\u540d\u79f0\u200b\u3002\u200b\u591a\u4e2a\u200b VLAN \u200b\u53ef\u4ee5\u200b\u5f15\u7528\u200b\u540c\u4e00\u4e2a\u200b ProviderNetwork\u3002
"},{"location":"start/underlay/#subnet","title":"\u521b\u5efa\u200b Subnet","text":"\u200b\u5c06\u200b Vlan \u200b\u548c\u200b\u4e00\u4e2a\u200b\u5b50\u7f51\u200b\u7ed1\u5b9a\u200b\uff0c\u200b\u5982\u4e0b\u200b\u6240\u793a\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n vlan: vlan1\n
\u200b\u5c06\u200b vlan \u200b\u7684\u200b\u503c\u200b\u6307\u5b9a\u200b\u4e3a\u200b\u9700\u8981\u200b\u4f7f\u7528\u200b\u7684\u200b VLAN \u200b\u540d\u79f0\u200b\u5373\u53ef\u200b\u3002\u200b\u591a\u4e2a\u200b Subnet \u200b\u53ef\u4ee5\u200b\u5f15\u7528\u200b\u540c\u4e00\u4e2a\u200b VLAN\u3002
"},{"location":"start/underlay/#_7","title":"\u5bb9\u5668\u200b\u521b\u5efa","text":"\u200b\u53ef\u200b\u6309\u200b\u6b63\u5e38\u200b\u5bb9\u5668\u200b\u521b\u5efa\u200b\u65b9\u5f0f\u200b\u8fdb\u884c\u200b\u521b\u5efa\u200b\uff0c\u200b\u67e5\u770b\u200b\u5bb9\u5668\u200b IP \u200b\u662f\u5426\u200b\u5728\u200b\u89c4\u5b9a\u200b\u8303\u56f4\u200b\u5185\u200b\uff0c\u200b\u4ee5\u53ca\u200b\u5bb9\u5668\u200b\u662f\u5426\u200b\u53ef\u4ee5\u200b\u548c\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e92\u901a\u200b\u3002
\u200b\u5982\u200b\u6709\u200b\u56fa\u5b9a\u200b IP \u200b\u9700\u6c42\u200b\uff0c\u200b\u53ef\u200b\u53c2\u8003\u200b Pod \u200b\u56fa\u5b9a\u200b IP \u200b\u548c\u200b Mac
"},{"location":"start/underlay/#_8","title":"\u4f7f\u7528\u200b\u903b\u8f91\u200b\u7f51\u5173","text":"\u200b\u5bf9\u4e8e\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u4e0d\u200b\u5b58\u5728\u200b\u7f51\u5173\u200b\u7684\u200b\u60c5\u51b5\u200b\uff0cKube-OVN \u200b\u652f\u6301\u200b\u5728\u200b Underlay \u200b\u6a21\u5f0f\u200b\u7684\u200b\u5b50\u7f51\u200b\u4e2d\u200b\u914d\u7f6e\u200b\u4f7f\u7528\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u3002 \u200b\u82e5\u200b\u8981\u200b\u4f7f\u7528\u200b\u6b64\u200b\u529f\u80fd\u200b\uff0c\u200b\u8bbe\u7f6e\u200b\u5b50\u7f51\u200b\u7684\u200b spec.logicalGateway \u200b\u4e3a\u200b true \u200b\u5373\u53ef\u200b\uff1a
apiVersion: kubeovn.io/v1\nkind: Subnet\nmetadata:\n name: subnet1\nspec:\n protocol: IPv4\n cidrBlock: 172.17.0.0/16\n gateway: 172.17.0.1\n vlan: vlan1\n logicalGateway: true\n
\u200b\u5f00\u542f\u200b\u6b64\u200b\u529f\u80fd\u200b\u540e\u200b\uff0cPod \u200b\u4e0d\u200b\u4f7f\u7528\u200b\u5916\u90e8\u200b\u7f51\u5173\u200b\uff0c\u200b\u800c\u662f\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u521b\u5efa\u200b\u7684\u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\uff08Logical Router\uff09\u200b\u5bf9\u4e8e\u200b\u8de8\u200b\u7f51\u6bb5\u200b\u901a\u4fe1\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"start/underlay/#underlay-overlay","title":"Underlay \u200b\u548c\u200b Overlay \u200b\u7f51\u7edc\u200b\u4e92\u901a","text":"\u200b\u5982\u679c\u200b\u4e00\u4e2a\u200b\u96c6\u7fa4\u200b\u540c\u65f6\u200b\u5b58\u5728\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u5b50\u7f51\u200b\uff0c\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Overlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u53ef\u4ee5\u200b\u901a\u8fc7\u200b\u7f51\u5173\u200b\u4ee5\u200b NAT \u200b\u7684\u200b\u65b9\u5f0f\u200b\u8bbf\u95ee\u200b Underlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod IP\u3002 \u200b\u5728\u200b Underlay \u200b\u5b50\u7f51\u200b\u7684\u200b Pod \u200b\u770b\u6765\u200b Overlay \u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u662f\u200b\u4e00\u4e2a\u200b\u5916\u90e8\u200b\u7684\u200b\u5730\u5740\u200b\uff0c\u200b\u9700\u8981\u200b\u901a\u8fc7\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u8bbe\u5907\u200b\u53bb\u200b\u8f6c\u53d1\u200b\uff0c\u200b\u4f46\u200b\u5e95\u5c42\u200b\u7269\u7406\u200b\u8bbe\u5907\u200b\u5e76\u200b\u4e0d\u200b\u6e05\u695a\u200b Overlay \u200b\u5b50\u7f51\u200b\u7684\u200b\u5730\u5740\u200b\u65e0\u6cd5\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002 \u200b\u56e0\u6b64\u200b Underlay \u200b\u5b50\u7f51\u200b\u4e0b\u200b\u7684\u200b Pod \u200b\u65e0\u6cd5\u200b\u901a\u8fc7\u200b Pod IP \u200b\u76f4\u63a5\u200b\u8bbf\u95ee\u200b Overlay \u200b\u5b50\u7f51\u200b\u7684\u200b Pod\u3002
\u200b\u5982\u679c\u200b\u9700\u8981\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u4e92\u901a\u200b\u9700\u8981\u200b\u5c06\u200b\u5b50\u7f51\u200b\u7684\u200b u2oInterconnection \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true\uff0c\u200b\u5728\u200b\u8fd9\u4e2a\u200b\u60c5\u51b5\u200b\u4e0b\u200b Kube-OVN \u200b\u4f1a\u200b\u989d\u5916\u200b\u4f7f\u7528\u200b\u4e00\u4e2a\u200b Underlay IP \u200b\u5c06\u200b Underlay \u200b\u5b50\u7f51\u200b \u200b\u548c\u200b ovn-cluster \u200b\u903b\u8f91\u200b\u8def\u7531\u5668\u200b\u8fde\u63a5\u200b\uff0c\u200b\u5e76\u200b\u8bbe\u7f6e\u200b\u5bf9\u5e94\u200b\u7684\u200b\u8def\u7531\u200b\u89c4\u5219\u200b\u5b9e\u73b0\u200b\u4e92\u901a\u200b\u3002 \u200b\u548c\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u4e0d\u540c\u200b\uff0c\u200b\u8be5\u200b\u65b9\u6848\u200b\u53ea\u4f1a\u200b\u8fde\u63a5\u200b Kube-OVN \u200b\u5185\u90e8\u200b\u7684\u200b Underlay \u200b\u548c\u200b Overlay \u200b\u5b50\u7f51\u200b\uff0c\u200b\u5176\u4ed6\u200b\u8bbf\u95ee\u200b\u5916\u7f51\u200b\u7684\u200b\u6d41\u91cf\u200b\u8fd8\u662f\u200b\u4f1a\u200b\u901a\u8fc7\u200b\u7269\u7406\u200b\u7f51\u5173\u200b\u8fdb\u884c\u200b\u8f6c\u53d1\u200b\u3002
"},{"location":"start/underlay/#ip","title":"\u6307\u5b9a\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b IP","text":"\u200b\u5f00\u542f\u200b\u4e92\u901a\u200b\u529f\u80fd\u200b\u540e\u200b\uff0c\u200b\u4f1a\u200b\u968f\u673a\u200b\u4ece\u200b subnet \u200b\u5185\u200b\u7684\u200b\u53d6\u200b\u4e00\u4e2a\u200b IP \u200b\u4f5c\u4e3a\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\uff0c\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u6307\u5b9a\u200b Underlay Subnet \u200b\u7684\u200b\u903b\u8f91\u200b\u7f51\u5173\u200b\u53ef\u4ee5\u200b\u6307\u5b9a\u200b\u5b57\u200b\u6bb5\u200b u2oInterconnectionIP\u3002
"},{"location":"start/underlay/#underlay-subnet-vpc","title":"\u6307\u5b9a\u200b Underlay Subnet \u200b\u8fde\u63a5\u200b\u7684\u200b\u81ea\u5b9a\u4e49\u200b VPC","text":"\u200b\u9ed8\u8ba4\u200b\u60c5\u51b5\u200b\u4e0b\u200b Underlay Subnet \u200b\u4f1a\u200b\u548c\u200b\u9ed8\u8ba4\u200b VPC \u200b\u4e0a\u200b\u7684\u200b Overlay Subnet \u200b\u4e92\u901a\u200b\uff0c\u200b\u5982\u679c\u200b\u8981\u200b\u6307\u5b9a\u200b\u548c\u200b\u67d0\u4e2a\u200b VPC \u200b\u4e92\u901a\u200b\uff0c\u200b\u5728\u200b u2oInterconnection \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b true \u200b\u540e\u200b\uff0c\u200b\u6307\u5b9a\u200b subnet.spec.vpc \u200b\u5b57\u6bb5\u200b\u4e3a\u200b\u8be5\u200b VPC \u200b\u540d\u5b57\u200b\u5373\u53ef\u200b\u3002
"},{"location":"start/underlay/#_9","title":"\u6ce8\u610f\u4e8b\u9879","text":"\u200b\u5982\u679c\u200b\u60a8\u200b\u4f7f\u7528\u200b\u7684\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u4e0a\u200b\u914d\u7f6e\u200b\u6709\u200b IP \u200b\u5730\u5740\u200b\uff0c\u200b\u4e14\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u901a\u8fc7\u200b Netplan \u200b\u914d\u7f6e\u200b\u7f51\u7edc\u200b\uff08\u200b\u5982\u200b Ubuntu\uff09\uff0c\u200b\u5efa\u8bae\u60a8\u200b\u5c06\u200b Netplan \u200b\u7684\u200b renderer \u200b\u8bbe\u7f6e\u200b\u4e3a\u200b NetworkManager\uff0c\u200b\u5e76\u200b\u4e3a\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b\u9759\u6001\u200b IP \u200b\u5730\u5740\u200b\uff08\u200b\u5173\u95ed\u200b DHCP\uff09\uff1a
network:\n renderer: NetworkManager\n ethernets:\n eth0:\n dhcp4: no\n addresses:\n - 172.16.143.129/24\n version: 2\n
\u200b\u5982\u679c\u200b\u60a8\u200b\u8981\u200b\u4fee\u6539\u200b\u7f51\u5361\u200b\u7684\u200b IP \u200b\u6216\u200b\u8def\u7531\u200b\u914d\u7f6e\u200b\uff0c\u200b\u9700\u8981\u200b\u5728\u200b\u4fee\u6539\u200b netplan \u200b\u914d\u7f6e\u200b\u540e\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff1a
netplan generate\n\nnmcli connection reload netplan-eth0\nnmcli device set eth0 managed yes\n
\u200b\u6267\u884c\u200b\u4ee5\u4e0a\u200b\u547d\u4ee4\u200b\u540e\u200b\uff0cKube-OVN \u200b\u4f1a\u200b\u5c06\u200b\u7f51\u5361\u200b\u4e0a\u200b\u7684\u200b IP \u200b\u53ca\u200b\u8def\u7531\u200b\u91cd\u65b0\u200b\u8f6c\u79fb\u200b\u81f3\u200b OVS \u200b\u7f51\u6865\u200b\u3002
\u200b\u5982\u679c\u200b\u60a8\u200b\u4f7f\u7528\u200b\u7684\u200b\u64cd\u4f5c\u7cfb\u7edf\u200b\u901a\u8fc7\u200b NetworkManager \u200b\u7ba1\u7406\u7f51\u7edc\u200b\uff08\u200b\u5982\u200b CentOS\uff09\uff0c\u200b\u5728\u200b\u4fee\u6539\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b\u540e\u200b\u9700\u8981\u200b\u6267\u884c\u200b\u4ee5\u4e0b\u200b\u547d\u4ee4\u200b\uff1a
nmcli connection reload eth0\nnmcli device set eth0 managed yes\nnmcli -t -f GENERAL.STATE device show eth0 | grep -qw unmanaged || nmcli device reapply eth0\n
\u200b\u6ce8\u610f\u200b\uff1a\u200b\u8282\u70b9\u200b\u7f51\u5361\u200b\u914d\u7f6e\u200b\u7684\u200b\u52a8\u6001\u200b\u4fee\u6539\u200b\u4ec5\u200b\u652f\u6301\u200b IP \u200b\u548c\u200b\u8def\u7531\u200b\uff0c\u200b\u4e0d\u200b\u652f\u6301\u200b MAC \u200b\u5730\u5740\u200b\u7684\u200b\u4fee\u6539\u200b\u3002
"},{"location":"start/underlay/#_10","title":"\u5df2\u77e5\u200b\u95ee\u9898","text":""},{"location":"start/underlay/#hairpin-pod","title":"\u7269\u7406\u200b\u7f51\u7edc\u200b\u5f00\u542f\u200b hairpin \u200b\u65f6\u200b Pod \u200b\u7f51\u7edc\u200b\u5f02\u5e38","text":"\u200b\u5f53\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u5f00\u542f\u200b hairpin \u200b\u6216\u200b\u7c7b\u4f3c\u200b\u884c\u4e3a\u200b\u65f6\u200b\uff0c\u200b\u53ef\u80fd\u200b\u51fa\u73b0\u200b\u521b\u5efa\u200b Pod \u200b\u65f6\u200b\u7f51\u5173\u200b\u68c0\u67e5\u200b\u5931\u8d25\u200b\u3001Pod \u200b\u7f51\u7edc\u901a\u4fe1\u200b\u5f02\u5e38\u200b\u7b49\u200b\u95ee\u9898\u200b\u3002\u200b\u8fd9\u200b\u662f\u56e0\u4e3a\u200b OVS \u200b\u7f51\u6865\u200b\u9ed8\u8ba4\u200b\u7684\u200b MAC \u200b\u5b66\u4e60\u200b\u529f\u80fd\u200b\u4e0d\u200b\u652f\u6301\u200b\u8fd9\u79cd\u200b\u7f51\u7edc\u200b\u73af\u5883\u200b\u3002
\u200b\u8981\u200b\u89e3\u51b3\u200b\u6b64\u200b\u95ee\u9898\u200b\uff0c\u200b\u9700\u8981\u200b\u5173\u95ed\u200b hairpin\uff08\u200b\u6216\u200b\u4fee\u6539\u200b\u7269\u7406\u200b\u7f51\u7edc\u200b\u7684\u200b\u76f8\u5173\u200b\u914d\u7f6e\u200b\uff09\uff0c\u200b\u6216\u200b\u66f4\u65b0\u200b Kube-OVN \u200b\u7248\u672c\u200b\u3002
"},{"location":"start/underlay/#pod-pod","title":"Pod \u200b\u6570\u91cf\u200b\u8f83\u591a\u65f6\u200b\u65b0\u5efa\u200b Pod \u200b\u7f51\u5173\u200b\u68c0\u67e5\u200b\u5931\u8d25","text":"\u200b\u82e5\u200b\u540c\u4e00\u4e2a\u200b\u8282\u70b9\u200b\u4e0a\u200b\u8fd0\u884c\u200b\u7684\u200b Pod \u200b\u6570\u91cf\u200b\u8f83\u200b\u591a\u200b\uff08\u200b\u5927\u4e8e\u200b 300\uff09\uff0c\u200b\u53ef\u80fd\u200b\u4f1a\u200b\u51fa\u73b0\u200b ARP \u200b\u5e7f\u64ad\u200b\u5305\u200b\u7684\u200b OVS \u200b\u6d41\u8868\u200b resubmit \u200b\u6b21\u6570\u200b\u8d85\u8fc7\u200b\u4e0a\u9650\u200b\u5bfc\u81f4\u200b\u4e22\u5305\u200b\u7684\u200b\u73b0\u8c61\u200b\uff1a
2022-11-13T08:43:46.782Z|00222|ofproto_dpif_upcall(handler5)|WARN|Flow: arp,in_port=331,vlan_tci=0x0000,dl_src=00:00:00:25:eb:39,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.213.131.240,arp_tpa=10.213.159.254,arp_op=1,arp_sha=00:00:00:25:eb:39,arp_tha=ff:ff:ff:ff:ff:ff\n\nbridge(\"br-int\")\n----------------\n 0. No match.\n >>>> received packet on unknown port 331 <<<<\n drop\n\nFinal flow: unchanged\nMegaflow: recirc_id=0,eth,arp,in_port=331,dl_src=00:00:00:25:eb:39\nDatapath actions: drop\n2022-11-13T08:44:34.077Z|00224|ofproto_dpif_xlate(handler5)|WARN|over 4096 resubmit actions on bridge br-int while processing arp,in_port=13483,vlan_tci=0x0000,dl_src=00:00:00:59:ef:13,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.213.152.3,arp_tpa=10.213.159.254,arp_op=1,arp_sha=00:00:00:59:ef:13,arp_tha=ff:ff:ff:ff:ff:ff\n
\u200b\u8981\u200b\u89e3\u51b3\u200b\u6b64\u200b\u95ee\u9898\u200b\uff0c\u200b\u53ef\u200b\u4fee\u6539\u200b OVN NB \u200b\u9009\u9879\u200b bcast_arp_req_flood \u200b\u4e3a\u200b false\uff1a
kubectl ko nbctl set NB_Global . options:bcast_arp_req_flood=false\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"},{"location":"start/uninstall/","title":"\u5378\u8f7d","text":"\u200b\u5982\u679c\u200b\u9700\u8981\u200b\u5220\u9664\u200b Kube-OVN \u200b\u5e76\u200b\u66f4\u6362\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\uff0c\u200b\u8bf7\u200b\u6309\u7167\u200b\u4e0b\u5217\u200b\u7684\u200b\u6b65\u9aa4\u200b\u5220\u9664\u200b\u5bf9\u5e94\u200b\u7684\u200b Kube-OVN \u200b\u7ec4\u4ef6\u200b\u4ee5\u53ca\u200b OVS \u200b\u914d\u7f6e\u200b\uff0c\u200b\u4ee5\u200b\u907f\u514d\u200b\u5bf9\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u4ea7\u751f\u200b\u5e72\u6270\u200b\u3002 \u200b\u4e5f\u200b\u6b22\u8fce\u200b\u63d0\u200b issue \u200b\u8054\u7cfb\u200b\u6211\u4eec\u200b\u53cd\u9988\u200b\u4e0d\u200b\u4f7f\u7528\u200b Kube-OVN \u200b\u7684\u200b\u539f\u56e0\u200b\u5e2e\u52a9\u200b\u6211\u4eec\u200b\u6539\u8fdb\u200b\u3002
"},{"location":"start/uninstall/#kubernetes","title":"\u5220\u9664\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u521b\u5efa\u200b\u7684\u200b\u8d44\u6e90","text":"\u200b\u4e0b\u8f7d\u200b\u4e0b\u9762\u200b\u7684\u200b\u811a\u672c\u200b\uff0c\u200b\u6267\u884c\u200b\u811a\u672c\u200b\u5220\u9664\u200b\u5728\u200b Kubernetes \u200b\u4e2d\u200b\u521b\u5efa\u200b\u7684\u200b\u8d44\u6e90\u200b\uff1a
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/cleanup.sh\nbash cleanup.sh\n
"},{"location":"start/uninstall/#_2","title":"\u6e05\u7406\u200b\u4e3b\u673a\u200b\u4e0a\u200b\u7684\u200b\u65e5\u5fd7\u200b\u548c\u200b\u914d\u7f6e\u6587\u4ef6","text":"\u200b\u5728\u200b\u6bcf\u53f0\u200b\u673a\u5668\u200b\u4e0a\u200b\u6267\u884c\u200b\u4e0b\u5217\u200b\u64cd\u4f5c\u200b\uff0c\u200b\u6e05\u7406\u200b ovsdb \u200b\u4ee5\u53ca\u200b openvswitch \u200b\u4fdd\u5b58\u200b\u7684\u200b\u914d\u7f6e\u200b\uff1a
rm -rf /var/run/openvswitch\nrm -rf /var/run/ovn\nrm -rf /etc/origin/openvswitch/\nrm -rf /etc/origin/ovn/\nrm -rf /etc/cni/net.d/00-kube-ovn.conflist\nrm -rf /etc/cni/net.d/01-kube-ovn.conflist\nrm -rf /var/log/openvswitch\nrm -rf /var/log/ovn\nrm -fr /var/log/kube-ovn\n
"},{"location":"start/uninstall/#_3","title":"\u91cd\u542f\u200b\u8282\u70b9","text":"\u200b\u91cd\u542f\u200b\u673a\u5668\u200b\u786e\u4fdd\u200b\u5bf9\u5e94\u200b\u7684\u200b\u7f51\u5361\u200b\u4fe1\u606f\u200b\uff0ciptable/ipset \u200b\u89c4\u5219\u200b\u5f97\u4ee5\u200b\u6e05\u9664\u200b\uff0c\u200b\u907f\u514d\u200b\u5bf9\u200b\u5176\u4ed6\u200b\u7f51\u7edc\u200b\u63d2\u4ef6\u200b\u7684\u200b\u5f71\u54cd\u200b\uff1a
reboot\n
\u200b\u5fae\u4fe1\u7fa4\u200b Slack Twitter Support
"}]}
\ No newline at end of file
diff --git a/v1.12.x/sitemap.xml b/v1.12.x/sitemap.xml
index 5052c5740..6ed1eac4e 100644
--- a/v1.12.x/sitemap.xml
+++ b/v1.12.x/sitemap.xml
@@ -2,1008 +2,1008 @@
https://kubeovn.github.io/docs/v1.12.x/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/contact/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/accelerate-intra-node-tcp-with-ebpf/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/cilium-hubble-observe/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/cilium-networkpolicy/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/dhcp/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/dpdk/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/external-gateway/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/fastpath/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/multi-nic/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/nat-policy-rule/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/node-local-dns/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/offload-corigine/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/offload-mellanox/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/overlay-with-route/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/ovn-eip-fip-snat/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/ovn-ipsec/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/ovn-l3-ha-based-ecmp-with-bfd/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/ovn-remote-port-mirroring/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/performance-tuning/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/security-group/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/vip/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/vpc-dns/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/vpc-internal-lb/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/vpc-peering/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/windows/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/with-bgp/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/with-cilium/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/with-openstack/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/with-ovn-ic/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/advance/with-submariner/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/custom-routes/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/dual-stack/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/eip-snat/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/ippool/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/loadbalancer-service/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/mirror/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/networkpolicy-log/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/prometheus-grafana/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/prometheus/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/qos/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/setup-options/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/static-ip-mac/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/subnet/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/vpc-qos/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/vpc/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/guide/webhook/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/ops/change-default-subnet/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/ops/change-join-subnet/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/ops/change-log-level/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/ops/change-ovn-central-node/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/ops/delete-worker-node/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/ops/faq/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/ops/from-calico/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/ops/kubectl-ko/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/ops/recover-db/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/reference/architecture/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/reference/dev-env/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/reference/document-convention/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/reference/feature-stage/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/reference/iptables-rules/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/reference/kube-ovn-api/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/reference/kube-ovn-pinger-args/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/reference/metrics/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/reference/ovs-ovn-customized/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/reference/tunnel-protocol/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/reference/underlay-topology/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/start/one-step-install/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/start/prepare/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/start/sealos-install/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/start/underlay/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/start/uninstall/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/contact/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/accelerate-intra-node-tcp-with-ebpf/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/cilium-hubble-observe/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/cilium-networkpolicy/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/dhcp/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/dpdk/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/external-gateway/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/fastpath/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/multi-nic/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/nat-policy-rule/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/node-local-dns/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/offload-corigine/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/offload-mellanox/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/overlay-with-route/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/ovn-eip-fip-snat/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/ovn-ipsec/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/ovn-l3-ha-based-ecmp-with-bfd/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/ovn-remote-port-mirroring/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/performance-tuning/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/security-group/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/vip/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/vpc-dns/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/vpc-internal-lb/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/vpc-peering/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/windows/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/with-bgp/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/with-cilium/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/with-openstack/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/with-ovn-ic/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/advance/with-submariner/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/custom-routes/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/dual-stack/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/eip-snat/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/ippool/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/loadbalancer-service/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/mirror/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/networkpolicy-log/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/prometheus-grafana/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/prometheus/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/qos/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/setup-options/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/static-ip-mac/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/subnet/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/vpc-qos/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/vpc/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/guide/webhook/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/ops/change-default-subnet/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/ops/change-join-subnet/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/ops/change-log-level/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/ops/change-ovn-central-node/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/ops/delete-worker-node/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/ops/faq/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/ops/from-calico/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/ops/kubectl-ko/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/ops/recover-db/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/reference/architecture/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/reference/dev-env/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/reference/document-convention/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/reference/feature-stage/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/reference/iptables-rules/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/reference/kube-ovn-api/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/reference/kube-ovn-pinger-args/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/reference/metrics/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/reference/ovs-ovn-customized/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/reference/tunnel-protocol/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/reference/underlay-topology/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/start/one-step-install/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/start/prepare/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/start/sealos-install/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/start/underlay/
- 2024-04-23
+ 2024-04-30
daily
https://kubeovn.github.io/docs/v1.12.x/en/start/uninstall/
- 2024-04-23
+ 2024-04-30
daily
一键安装¶
Kube-OVN 提供了一键安装脚本,可以帮助你快速安装一个高可用,生产就绪的 Kube-OVN 容器网络,默认部署为 Overlay 类型网络。
从 Kube-OVN v1.12.0 版本开始,支持 Helm Chart 安装,默认部署为 Overlay 类型网络。
如果默认网络需要搭建 Underlay/Vlan 网络,请参考 Underlay 网络支持。
安装前请参考准备工作确认环境配置正确。
脚本安装¶
下载安装脚本¶
我们推荐在生产环境使用稳定的 release 版本,请使用下面的命令下载稳定版本安装脚本:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/install.sh
如果对 master 分支的最新功能感兴趣,想使用下面的命令下载开发版本部署脚本:
wget https://raw.githubusercontent.com/kubeovn/kube-ovn/master/dist/images/install.sh
修改配置参数¶
使用编辑器打开脚本,并修改下列变量为预期值:
REGISTRY="kubeovn" # 镜像仓库地址
-VERSION="v1.12.12" # 镜像版本/Tag
+VERSION="v1.12.13" # 镜像版本/Tag
POD_CIDR="10.16.0.0/16" # 默认子网 CIDR 不要和 SVC/NODE/JOIN CIDR 重叠
SVC_CIDR="10.96.0.0/12" # 需要和 apiserver 的 service-cluster-ip-range 保持一致
JOIN_CIDR="100.64.0.0/16" # Pod 和主机通信网络 CIDR,不要和 SVC/NODE/POD CIDR 重叠