-
Notifications
You must be signed in to change notification settings - Fork 449
默认Vpc配置vpc nat gw网关
hzma edited this page Dec 29, 2021
·
5 revisions
Kube-OVN已经支持了Vpc的实现,具体配置可以参考 Vpc配置。
自定义vpc可以通过vpc-nat-gw 网关访问外网。对于默认vpc ovn-cluster,也可以配置vpc-nat-gw网关,实现其他vpc对默认vpc的访问。
首先确认环境上满足以下条件:
- 安装了multus-cni和macvlan cni,这是vpc-nat-gw 网关pod创建附加网卡的前提。
- 检查kube-system namespace下ConfigMap ovn-vpc-nat-gw-config 是否存在。如果不存在该ConfigMap,则需要创建一个,名称是固定的。具体ConfigMap的配置,可以参考Vpc配置。
一个具体的ConfigMap配置示例
kind: ConfigMap
apiVersion: v1
metadata:
name: ovn-vpc-nat-gw-config
namespace: kube-system
data:
image: 'kubeovn/vpc-nat-gateway:v1.9.0' # Docker image for vpc nat gateway
enable-vpc-nat-gw: true # 'true' for enable, 'false' for disable
nic: eth1 # The nic that connect to underlay network, use as the 'master' for macvlan
Kube-OVN安装以后,已经存在默认Vpc ovn-cluster和默认Subnet ovn-default,可以使用默认子网来为网关pod分配地址,也可以创建新子网,分配新子网范围的地址。
使用以下yaml,创建新子网
apiVersion: kubeovn.io/v1
kind: Subnet
metadata:
name: test
spec:
cidrBlock: 192.100.0.0/16
default: false
disableGatewayCheck: false
disableInterConnection: true
gatewayNode: ""
gatewayType: distributed
natOutgoing: false
private: false
protocol: IPv4
provider: ovn
vpc: ovn-cluster
使用以下yaml,创建vpc-nat-gw实例,为默认Vpc创建网关pod
apiVersion: kubeovn.io/v1
kind: VpcNatGateway
metadata:
name: default
spec:
vpc: ovn-cluster # 默认vpc
subnet: test # 给网关pod分配IP的子网,可以使用ovn-default
lanIp: 192.100.10.10 # 网关pod IP
eips:
- eipCIDR: 172.18.0.12/16 # 指定对外暴露的eip地址,根据实际网络情况配置
gateway: 172.18.0.1
- eipCIDR: 172.18.0.22/16
gateway: 172.18.0.1
执行yaml创建vpc-nat-gw之后,会在kube-system Namespace下创建对应的网关Pod。
apple@appledeMacBook-Pro ovn-test % kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-f9fd979d6-dcppf 1/1 Running 0 4d18h
coredns-f9fd979d6-fg7rw 1/1 Running 0 4d18h
etcd-kube-ovn-control-plane 1/1 Running 0 4d18h
kube-apiserver-kube-ovn-control-plane 1/1 Running 0 4d18h
kube-controller-manager-kube-ovn-control-plane 1/1 Running 0 4d18h
kube-multus-ds-g782g 1/1 Running 0 22h
kube-multus-ds-knj7m 1/1 Running 0 22h
kube-ovn-cni-2q6b9 1/1 Running 0 4d18h
kube-ovn-cni-6x7jl 1/1 Running 0 4d18h
kube-ovn-controller-7658c87bd-kdwd8 1/1 Running 0 4d18h
kube-ovn-monitor-5dc58b495c-xv5vz 1/1 Running 0 4d18h
kube-ovn-pinger-9mc6l 1/1 Running 0 4d18h
kube-ovn-pinger-xckxs 1/1 Running 0 4d18h
kube-proxy-7xk9j 1/1 Running 0 4d18h
kube-proxy-h9r6x 1/1 Running 0 4d18h
kube-scheduler-kube-ovn-control-plane 1/1 Running 0 4d18h
ovn-central-6b87fcd545-pt8hr 1/1 Running 0 4d18h
ovs-ovn-8nvj8 1/1 Running 0 4d18h
ovs-ovn-wffd2 1/1 Running 0 4d18h
vpc-nat-gw-default-cb7b9677f-q6sbg 1/1 Running 0 17h
apple@appledeMacBook-Pro ovn-test %
在默认Vpc ovn-cluster下,不需要添加到网关Pod的自定义路由。默认 Vpc的子网之间,在创建时已经添加了路由信息,可以实现网络互通。
在自定义Vpc下,访问默认Vpc中的Pod时,实际是访问的Pod的Eip地址,这点跟访问自定义Vpc中的Pod是一样的。