kube-ovn打通节点和容器通信

kube-ovn v1.12.22

在kube-ovn中，ls是subnet，lr是vpc，ovn0是ovn-default才有的容器网关，即自定义vpc没有ovn0，自定义vpc不支持和k8s节点主机网络互通。

步骤中参数值只是类比，不和截图完全相同。

步骤1：veth和ovn0作为ovs port，与ls和lr建立关联。

# join与lr关联
ovn-nbctl ls-add join
ovn-nbctl lrp-add ovn-cluster ovn-cluster-join 00:00:00:E2:21:46 100.64.0.1/16
ovn-nbctl lsp-add join join-ovn-cluster
ovn-nbctl lsp-set-type join-ovn-cluster router
ovn-nbctl lsp-set-addresses join-ovn-cluster 00:00:00:E2:21:46
ovn-nbctl lsp-set-options join-ovn-cluster router-port=ovn-cluster-join
# ovn0与join关联
ovn-nbctl lsp-add join node-ovn-1
ovn-nbctl lsp-set-addresses node-ovn-1 "00:00:00:B0:35:E2 100.64.0.2"
ovn-nbctl lsp-add join node-ovn-2
ovn-nbctl lsp-set-addresses node-ovn-2 "00:00:00:B0:35:E3 100.64.0.3"
ovs-vsctl add-port br-int ovn0 -- set interface ovn0 type=internal -- set interface ovn0 external_ids:iface-id=node-ovn-1
ovs-vsctl add-port br-int ovn0 -- set interface ovn0 type=internal -- set interface ovn0 external_ids:iface-id=node-ovn-2
ip link set ovn0 address 00:00:00:B0:35:E2
ip link set dev ovn0 up
ip addr add 100.64.0.2/16 dev ovn0
ip link set ovn0 address 00:00:00:B0:35:E3
ip link set dev ovn0 up
ip addr add 100.64.0.3/16 dev ovn0

步骤2：添加自定义路由和策略路由

ovn-nbctl lr-route-add ovn-cluster "0.0.0.0/0" 100.64.0.1

ovn-nbctl lr-policy-add ovn-cluster 31000 "ip4.dst == 10.16.0.0/16" allow
ovn-nbctl lr-policy-add ovn-cluster 31000 "ip4.dst == 100.64.0.0/16" allow

步骤3：设置主机路由

ip route add 10.16.0.0/16 via 100.64.0.1
ip route add 100.64.0.0/16

参考资料

https://vectorcloud.io/blog/2022/06/22/kube-ovn%E5%A6%82%E4%BD%95%E8%BF%9E%E6%8E%A5pod%E7%BD%91%E7%BB%9C%E4%B8%8E%E4%B8%BB%E6%9C%BA%E7%BD%91%E7%BB%9C/