-
Notifications
You must be signed in to change notification settings - Fork 444
webhook使用文档
oilbeater edited this page Jun 27, 2022
·
3 revisions
Wiki 下的中文文档将不在维护,请访问我们最新的中文文档网站,获取最新的文档更新。
从v1.9.0版本开始,Kube-OVN重新提供了webhook功能,用于Subnet和固定IP地址的校验。
webhook功能实现,需要使用cert-manager提供的证书,因此环境上需要先安装cert-manager 。可以执行以下命令来安装cert-manager
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.yaml
cert-manager的使用可以参考 cert-manager。
执行 kubectl apply -f yamls/webhook.yaml 来手动部署webhook组件。
apple@bogon kube-ovn % kubectl apply -f yamls/webhook.yaml
deployment.apps/kube-ovn-webhook created
service/kube-ovn-webhook created
validatingwebhookconfiguration.admissionregistration.k8s.io/kube-ovn-webhook created
certificate.cert-manager.io/kube-ovn-webhook-serving-cert created
issuer.cert-manager.io/kube-ovn-webhook-selfsigned-issuer created
apple@bogon kube-ovn %
首先创建静态IP的pod,使用IP地址为10.16.0.15
apple@bogon ovn-test % kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
static-7584848b74-fw9dm 1/1 Running 0 2d13h 10.16.0.15 kube-ovn-worker <none> <none>
apple@bogon ovn-test %
使用以下yaml文件,再次创建相同固定IP地址的Pod,查看创建是否成功
apiVersion: v1
kind: Pod
metadata:
annotations:
ovn.kubernetes.io/ip_address: 10.16.0.15
ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6
labels:
app: static
managedFields:
name: staticip-pod
namespace: default
spec:
containers:
- image: qaimages:helloworld
imagePullPolicy: IfNotPresent
name: qatest
使用以上yaml创建静态地址Pod的时候,提示IP地址冲突
apple@bogon ovn-test % kubectl apply -f pod-static.yaml
Error from server (annotation ip address 10.16.0.15 is conflict with ip crd static-7584848b74-fw9dm.default 10.16.0.15): error when creating "pod-static.yaml": admission webhook "pod-ip-validaing.kube-ovn.io" denied the request: annotation ip address 10.16.0.15 is conflict with ip crd static-7584848b74-fw9dm.default 10.16.0.15
apple@bogon ovn-test %