5.使用Calico打通Pod网络

5.使用Calico打通Pod网络

现状

集群内pod&node可以通过pod ip直接进行访问,容器访问虚拟机没有问题,但是虚拟机不能访问容器,尤其是像consul、nacos这种需要做服务发现的服务,打通网络后才互相调用会方便很多

目标

打通pod和虚拟机的网络,使虚拟机可以访问pod ip
官方文档:https://docs.projectcalico.org/archive/v3.8/networking/bgp

前提

  1. 需要核心交换/路由器支持BGP动态路由
  2. 如果你用的是OpenStack务必参考配置0.环境准备

[M1]安装calico控制命令calicoctl

curl -O -L  https://github.com/projectcalico/calicoctl/releases/download/v3.8.9/calicoctl
chmod +x calicoctl
mv calicoctl /usr/bin/calicoctl

[M1]添加calico配置

mkdir /etc/calico
cat > /etc/calico/calicoctl.cfg <<EOF
apiVersion: projectcalico.org/v3
kind: CalicoAPIConfig
metadata:
spec:
  datastoreType: "kubernetes"
  kubeconfig: "/root/.kube/config"
EOF

测试一下

calicoctl version
Client Version:    v3.8.9
Git commit:        0991d2fb
Cluster Version:   v3.8.9        # 出现此行代表配置正确
Cluster Type:      k8s,bgp,kdd   # 出现此行代表配置正确

[M1]配置集群路由反射器,node节点与master节点对等、master节点彼此对等

在本环境下将kubernetes master节点作为反射器使用
查看节点信息

kubectl get node
NAME                STATUS   ROLES    AGE     VERSION
k8s-test-master-1   Ready    master   3d1h    v1.15.0
k8s-test-master-2   Ready    master   3d1h    v1.15.0
k8s-test-master-3   Ready    master   3d1h    v1.15.0
k8s-test-node-1     Ready    <none>   2d23h   v1.15.0
k8s-test-node-2     Ready    <none>   2d23h   v1.15.0
k8s-test-node-3     Ready    <none>   2d23h   v1.15.0

在3个Master节点配置中添加以下配置用于标识该节点为反射器

calicoctl patch node k8s-test-master-1 -p '{"spec": {"bgp": {"routeReflectorClusterID": "244.0.0.1"}}}'
calicoctl patch node k8s-test-master-2 -p '{"spec": {"bgp": {"routeReflectorClusterID": "244.0.0.1"}}}'
calicoctl patch node k8s-test-master-3 -p '{"spec": {"bgp": {"routeReflectorClusterID": "244.0.0.1"}}}'
kubectl   label node k8s-test-master-1 route-reflector=true
kubectl   label node k8s-test-master-2 route-reflector=true
kubectl   label node k8s-test-master-3 route-reflector=true

配置BGP AS Number

calicoctl apply -f - <<EOF
apiVersion: projectcalico.org/v3
kind: BGPConfiguration
metadata:
  name: default
spec:
  logSeverityScreen: Info
  nodeToNodeMeshEnabled: false
  asNumber: 64567
EOF

反射器(节点)彼此对等

calicoctl apply -f - <<EOF
kind: BGPPeer
apiVersion: projectcalico.org/v3
metadata:
  name: peer-with-route-reflectors
spec:
  nodeSelector: all()
  peerSelector: route-reflector == 'true'
EOF

与核心/路由器对等,网关IP:192.168.3.1

calicoctl apply -f - <<EOF
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
  name: rr-border
spec:
  peerIP: 192.168.3.1
  asNumber: 64567
  nodeSelector: route-reflector == 'true'
EOF
posted @ 2024-08-01 02:53  ArcherBrian  阅读(89)  评论(0)    收藏  举报