Skip to content

默认Vpc配置vpc nat gw网关

oilbeater edited this page May 29, 2022 · 5 revisions

Kube-OVN已经支持了Vpc的实现,具体配置可以参考 Vpc配置

自定义vpc可以通过vpc-nat-gw 网关访问外网。对于默认vpc ovn-cluster,也可以配置vpc-nat-gw网关,实现其他vpc对默认vpc的访问。

首先确认环境上满足以下条件:

  1. 安装了multus-cni和macvlan cni,这是vpc-nat-gw 网关pod创建附加网卡的前提。
  2. 检查kube-system namespace下ConfigMap ovn-vpc-nat-gw-config 是否存在。如果不存在该ConfigMap,则需要创建一个,名称是固定的。具体ConfigMap的配置,可以参考Vpc配置

一个具体的ConfigMap配置示例

kind: ConfigMap
apiVersion: v1
metadata:
  name: ovn-vpc-nat-gw-config
  namespace: kube-system
data:
  image: 'kubeovn/vpc-nat-gateway:v1.10.0'  # Docker image for vpc nat gateway
  enable-vpc-nat-gw: true                  # 'true' for enable, 'false' for disable
  nic: eth1                                # The nic that connect to underlay network, use as the 'master' for macvlan

默认Vpc 网关配置

创建subnet

Kube-OVN安装以后,已经存在默认Vpc ovn-cluster和默认Subnet ovn-default,可以使用默认子网来为网关pod分配地址,也可以创建新子网,分配新子网范围的地址。

使用以下yaml,创建新子网

apiVersion: kubeovn.io/v1
kind: Subnet
metadata:
  name: test
spec:
  cidrBlock: 192.100.0.0/16
  default: false
  disableGatewayCheck: false
  disableInterConnection: true
  gatewayNode: ""
  gatewayType: distributed
  natOutgoing: false
  private: false
  protocol: IPv4
  provider: ovn
  vpc: ovn-cluster

创建网关pod

使用以下yaml,创建vpc-nat-gw实例,为默认Vpc创建网关pod

apiVersion: kubeovn.io/v1
kind: VpcNatGateway
metadata:
  name: default
spec:
  vpc: ovn-cluster                            # 默认vpc
  subnet: test                                # 给网关pod分配IP的子网,可以使用ovn-default
  lanIp: 192.100.10.10                        # 网关pod IP

  eips:
  - eipCIDR: 172.18.0.12/16                   # 指定对外暴露的eip地址,根据实际网络情况配置
    gateway: 172.18.0.1
  - eipCIDR: 172.18.0.22/16
    gateway: 172.18.0.1

执行yaml创建vpc-nat-gw之后,会在kube-system Namespace下创建对应的网关Pod。

apple@appledeMacBook-Pro ovn-test % kubectl get pod -n kube-system
NAME                                             READY   STATUS    RESTARTS   AGE
coredns-f9fd979d6-dcppf                          1/1     Running   0          4d18h
coredns-f9fd979d6-fg7rw                          1/1     Running   0          4d18h
etcd-kube-ovn-control-plane                      1/1     Running   0          4d18h
kube-apiserver-kube-ovn-control-plane            1/1     Running   0          4d18h
kube-controller-manager-kube-ovn-control-plane   1/1     Running   0          4d18h
kube-multus-ds-g782g                             1/1     Running   0          22h
kube-multus-ds-knj7m                             1/1     Running   0          22h
kube-ovn-cni-2q6b9                               1/1     Running   0          4d18h
kube-ovn-cni-6x7jl                               1/1     Running   0          4d18h
kube-ovn-controller-7658c87bd-kdwd8              1/1     Running   0          4d18h
kube-ovn-monitor-5dc58b495c-xv5vz                1/1     Running   0          4d18h
kube-ovn-pinger-9mc6l                            1/1     Running   0          4d18h
kube-ovn-pinger-xckxs                            1/1     Running   0          4d18h
kube-proxy-7xk9j                                 1/1     Running   0          4d18h
kube-proxy-h9r6x                                 1/1     Running   0          4d18h
kube-scheduler-kube-ovn-control-plane            1/1     Running   0          4d18h
ovn-central-6b87fcd545-pt8hr                     1/1     Running   0          4d18h
ovs-ovn-8nvj8                                    1/1     Running   0          4d18h
ovs-ovn-wffd2                                    1/1     Running   0          4d18h
vpc-nat-gw-default-cb7b9677f-q6sbg               1/1     Running   0          17h
apple@appledeMacBook-Pro ovn-test %

在默认Vpc ovn-cluster下,不需要添加到网关Pod的自定义路由。默认 Vpc的子网之间,在创建时已经添加了路由信息,可以实现网络互通。

在自定义Vpc下,访问默认Vpc中的Pod时,实际是访问的Pod的Eip地址,这点跟访问自定义Vpc中的Pod是一样的。

Clone this wiki locally