建立服务器与k8s网络的互通

环境:
OS:Centos 7

目的:建立192.168.1.136机器与k8s pod网段和svc网段的互通

 

1.查看k8s node机器情况

[root@host134 nfs]# kubectl get nodes  -o wide
NAME      STATUS   ROLES           AGE   VERSION    INTERNAL-IP     EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION                CONTAINER-RUNTIME
host113   Ready    <none>          27d   v1.24.17   192.168.1.113   <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64         containerd://1.6.33
host134   Ready    control-plane   27d   v1.24.17   192.168.1.134   <none>        CentOS Linux 7 (Core)   3.10.0-862.el7.x86_64         containerd://1.6.33
host135   Ready    <none>          27d   v1.24.17   192.168.1.135   <none>        CentOS Linux 7 (Core)   3.10.0-1160.24.1.el7.x86_64   containerd://1.6.33

这里宿主机的网段是:192.168.1.0

获取k8s中pod的网段

[root@host134 ingress-demo]# kubectl get configmap kubeadm-config -n kube-system -o yaml | grep podSubnet
      podSubnet: 10.244.0.0/16

 

获取svc网段

[root@host134 nfs]# kubectl -n kube-system get cm kubeadm-config -o yaml | grep serviceSubnet
      serviceSubnet: 10.1.0.0/16

 

2.查看当前机器192.168.1.136的互通情况

[root@host134 nfs]# kubectl get pods -n ingress-nginx -o wide
NAME                                       READY   STATUS      RESTARTS   AGE   IP             NODE      NOMINATED NODE   READINESS GATES
ingress-nginx-admission-create-lsh52       0/1     Completed   0          22h   10.244.2.97    host113   <none>           <none>
ingress-nginx-admission-patch-ndbhp        0/1     Completed   1          22h   10.244.2.98    host113   <none>           <none>
ingress-nginx-controller-f4f9f47d9-6wmfn   1/1     Running     0          21h   10.244.1.125   host135   <none>           <none>
ingress-nginx-controller-f4f9f47d9-smqcs   1/1     Running     0          22h   10.244.2.99    host113   <none>           <none>
[root@host134 nfs]# kubectl get svc -n ingress-nginx -o wide
NAME                                 TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGE   SELECTOR
ingress-nginx-controller             LoadBalancer   10.1.121.181   <pending>     80:31871/TCP,443:32203/TCP   22h   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
ingress-nginx-controller-admission   ClusterIP      10.1.8.19      <none>        443/TCP                      22h   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
[root@host134 nfs]# 

找任意一个pod ip和svc ip ping看情况
[root@localhost ~]# telnet 10.244.1.125 80
Trying 10.244.1.125...
^C

[root@localhost ~]# telnet 10.1.121.181 80
Trying 10.1.121.181...

这个时候网络是不通的

 

3.临时路由(立即生效,重启失效)
k8s中任选一台node做网关,我这里选择192.168.1.134
ip route add 10.244.0.0/16 via 192.168.1.134
ip route add 10.1.0.0/16 via 192.168.1.134

删除的命令
ip route del 10.1.0.0/16 via 192.168.1.134 dev ens3
ip route del 10.244.0.0/16 via 192.168.1.134 dev ens3

 

查看
[root@localhost ~]# ip route
default via 192.168.1.1 dev ens3 proto static metric 100
10.1.0.0/16 via 192.168.1.134 dev ens3
10.244.0.0/16 via 192.168.1.134 dev ens3

 

配置永久生效

vi /etc/rc.d/rc.local
ip route add 10.244.0.0/16 via 192.168.1.134
ip route add 10.1.0.0/16 via 192.168.1.134
chmod +x /etc/rc.d/rc.local

 

4.验证
重点:ClusterIP 大多禁止 ICMP,ping 不通很正常,优先测端口

[root@localhost ~]# telnet 10.244.1.125 80
Trying 10.244.1.125...
Connected to 10.244.1.125.
Escape character is '^]'.
^CConnection closed by foreign host.

[root@localhost ~]# telnet 10.1.121.181 80
Trying 10.1.121.181...
Connected to 10.1.121.181.
Escape character is '^]'.
^CConnection closed by foreign host.

 

posted @ 2026-06-30 15:28  slnngk  阅读(3)  评论(0)    收藏  举报