Skip to content

Commit

Permalink
add bgp translation (#198)
Browse files Browse the repository at this point in the history
Signed-off-by: oilbeater <[email protected]>
  • Loading branch information
oilbeater authored Sep 2, 2024
1 parent 837129d commit d9f1891
Show file tree
Hide file tree
Showing 2 changed files with 97 additions and 4 deletions.
4 changes: 2 additions & 2 deletions docs/advance/with-bgp.en.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ kubectl annotate pod sample ovn.kubernetes.io/bgp-
kubectl annotate subnet ovn-default ovn.kubernetes.io/bgp-
```

See [Announcement Policies](#announcement-policies) for the announcement behaviour depending on the policy set in the annotation.
See [Announcement Policies](#announcement-policies) for the announcement behavior depending on the policy set in the annotation.

## Publishing Services of type `ClusterIP`

Expand Down Expand Up @@ -96,7 +96,7 @@ To add BGP capabilities to NAT gateways, we first need to create a new `NetworkA
attached to our BGP speaker sidecars. This NAD will reference a provider shared by a `Subnet` in the default VPC (in which the Kubernetes API is running).
This will enable the sidecar to reach the K8S API, automatically detecting new EIPs added to the gateway. This operation only needs to be done once. All the NAT gateways will use this provider from now on. This is the same principle used for the CoreDNS in a custom VPC, which means you can reuse that NAD if you've already done that setup before.

Create a `NetworkAttachmentDefintion` and a `Subnet` with the same `provider`.
Create a `NetworkAttachmentDefinition` and a `Subnet` with the same `provider`.
The name of the provider needs to be of the form `nadName.nadNamespace.ovn`:

```yaml
Expand Down
97 changes: 95 additions & 2 deletions docs/advance/with-bgp.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
# BGP 支持

Kube-OVN 支持将 Pod 或 Subnet 的 IP 地址通过 BGP 协议向外部进行路由广播,从而使得 Pod IP 可以直接对外暴露
Kube-OVN 支持将 Pods、Subnets、Services 和 EIPs 的 IP 地址通过 BGP 协议向外部进行路由广播,从而使得外部可以直接访问到集群内的 IP 地址
如果需要使用该功能,需要在特定节点安装 `kube-ovn-speaker` 并对需要对外暴露的 Pod 或 Subnet 增加对应的 annotation。

Kube-OVN 还支持通过相同的注释广播 ClusterIP 类型 Service 的 IP 地址
如果要在 EIP 上使用 BGP,需要使用特殊参数创建 VPC NAT Gateway,有关更多信息,请参阅[发布 EIPs](#eips)

## 安装 kube-ovn-speaker

Expand Down Expand Up @@ -60,6 +60,8 @@ kubectl annotate pod sample ovn.kubernetes.io/bgp-
kubectl annotate subnet ovn-default ovn.kubernetes.io/bgp-
```

查看[发布策略](#_1)以了解如何通过设置注解来控制 BGP 对外发布策略。

## 发布 `ClusterIP` 类型 Service 路由

要将 Service 的 ClusterIP 公布给外部,需要将 `kube-ovn-speaker` 选项 `--announce-cluster-ip` 设置为 `true`。 有关更多详细信息,请参阅 BGP 高级选项。
Expand All @@ -76,6 +78,97 @@ kubectl annotate service sample ovn.kubernetes.io/bgp=true
kubectl annotate service sample ovn.kubernetes.io/bgp-
```

## 发布 EIPs

EIPs 可以由它们所在的 VPC NAT Gateway 对外发布。当在 `VpcNatGateway` 上启用 BGP 时,会向其注入一个新的 BGP Sidecar。

为了启用 VPC NAT Gateway 的 BGP 功能,搜选需要创建一个 BGP Speaker Sidecar 所使用的 `NetworkAttachmentDefinition`。这个 NAD 将会和一个在默认 VPC 下的 Subnet 关联。这样 Sidecar 内的控制器可以和 Kubernetes API 通信并自动同步 EIPs 信息。
如果你使用了用户自定义 VPC 下 CoreDNS 的功能则可以复用同一个 NAD。

创建 `NetworkAttachmentDefinition``Subnet` 并将 `provider` 设置为 `{nadName}.{nadNamespace}.ovn`

```yaml
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: api-ovn-nad
namespace: default
spec:
config: '{
"cniVersion": "0.3.0",
"type": "kube-ovn",
"server_socket": "/run/openvswitch/kube-ovn-daemon.sock",
"provider": "api-ovn-nad.default.ovn"
}'
---
apiVersion: kubeovn.io/v1
kind: Subnet
metadata:
name: vpc-apiserver-subnet
spec:
protocol: IPv4
cidrBlock: 100.100.100.0/24
provider: api-ovn-nad.default.ovn
```
`ovn-vpc-nat-config` ConfigMap 里 需要添加 `apiNadProvider` 和 BGP Speaker 所使用的镜像:

```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: ovn-vpc-nat-config
namespace: kube-system
data:
apiNadProvider: api-ovn-nad.default.ovn # What NetworkAttachmentDefinition provider to use so that the sidecar
# can access the K8S API, as it can't by default due to VPC segmentation
bgpSpeakerImage: docker.io/kubeovn/kube-ovn:v1.13.0 # Sets the BGP speaker image used
image: docker.io/kubeovn/vpc-nat-gateway:v1.13.0
```

修改 `ovn-default` 子网使用相同的 `provider`:

```yaml
provider: api-ovn-nad.default.ovn
```

在 VPC NAT Gateway 的配置里开启 BGP:

```yaml
kind: VpcNatGateway
apiVersion: kubeovn.io/v1
metadata:
name: vpc-natgw
spec:
vpc: vpc1
subnet: net1
lanIp: 10.0.1.10
bgpSpeaker:
enabled: true
asn: 65500
remoteAsn: 65000
neighbors:
- 100.127.4.161
- fd:01::1
enableGracefulRestart: true # Optional
routerId: 1.1.1.1 # Optional
holdTime: 1m # Optional
password: "password123" # Optional
extraArgs: # Optional, passed directly to the BGP speaker
- -v5 # Enables verbose debugging of the BGP speaker sidecar
selector:
- "kubernetes.io/os: linux"
externalSubnets:
- ovn-vpc-external-network # Network on which we'll speak BGP and receive/send traffic to the outside world
# BGP neighbors need to be on that network
```

现在可以通过注解,对外通过 BGP 发布这个 EIP:

```yaml
kubectl annotate eip sample ovn.kubernetes.io/bgp=true
```

## 发布策略

`kube-ovn-speaker` 支持两种发布路由的策略:
Expand Down

0 comments on commit d9f1891

Please sign in to comment.