建立服务器与k8s网络的互通
环境:
OS:Centos 7
目的:建立192.168.1.136机器与k8s pod网段和svc网段的互通
1.查看k8s node机器情况
[root@host134 nfs]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
host113 Ready <none> 27d v1.24.17 192.168.1.113 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 containerd://1.6.33
host134 Ready control-plane 27d v1.24.17 192.168.1.134 <none> CentOS Linux 7 (Core) 3.10.0-862.el7.x86_64 containerd://1.6.33
host135 Ready <none> 27d v1.24.17 192.168.1.135 <none> CentOS Linux 7 (Core) 3.10.0-1160.24.1.el7.x86_64 containerd://1.6.33
这里宿主机的网段是:192.168.1.0
获取k8s中pod的网段
[root@host134 ingress-demo]# kubectl get configmap kubeadm-config -n kube-system -o yaml | grep podSubnet
podSubnet: 10.244.0.0/16
获取svc网段
[root@host134 nfs]# kubectl -n kube-system get cm kubeadm-config -o yaml | grep serviceSubnet
serviceSubnet: 10.1.0.0/16
2.查看当前机器192.168.1.136的互通情况
[root@host134 nfs]# kubectl get pods -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ingress-nginx-admission-create-lsh52 0/1 Completed 0 22h 10.244.2.97 host113 <none> <none>
ingress-nginx-admission-patch-ndbhp 0/1 Completed 1 22h 10.244.2.98 host113 <none> <none>
ingress-nginx-controller-f4f9f47d9-6wmfn 1/1 Running 0 21h 10.244.1.125 host135 <none> <none>
ingress-nginx-controller-f4f9f47d9-smqcs 1/1 Running 0 22h 10.244.2.99 host113 <none> <none>
[root@host134 nfs]# kubectl get svc -n ingress-nginx -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
ingress-nginx-controller LoadBalancer 10.1.121.181 <pending> 80:31871/TCP,443:32203/TCP 22h app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
ingress-nginx-controller-admission ClusterIP 10.1.8.19 <none> 443/TCP 22h app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
[root@host134 nfs]#
找任意一个pod ip和svc ip ping看情况
[root@localhost ~]# telnet 10.244.1.125 80
Trying 10.244.1.125...
^C
[root@localhost ~]# telnet 10.1.121.181 80
Trying 10.1.121.181...
这个时候网络是不通的
3.临时路由(立即生效,重启失效)
k8s中任选一台node做网关,我这里选择192.168.1.134
ip route add 10.244.0.0/16 via 192.168.1.134
ip route add 10.1.0.0/16 via 192.168.1.134
删除的命令
ip route del 10.1.0.0/16 via 192.168.1.134 dev ens3
ip route del 10.244.0.0/16 via 192.168.1.134 dev ens3
查看
[root@localhost ~]# ip route
default via 192.168.1.1 dev ens3 proto static metric 100
10.1.0.0/16 via 192.168.1.134 dev ens3
10.244.0.0/16 via 192.168.1.134 dev ens3
配置永久生效
vi /etc/rc.d/rc.local
ip route add 10.244.0.0/16 via 192.168.1.134
ip route add 10.1.0.0/16 via 192.168.1.134
chmod +x /etc/rc.d/rc.local
4.验证
重点:ClusterIP 大多禁止 ICMP,ping 不通很正常,优先测端口
[root@localhost ~]# telnet 10.244.1.125 80
Trying 10.244.1.125...
Connected to 10.244.1.125.
Escape character is '^]'.
^CConnection closed by foreign host.
[root@localhost ~]# telnet 10.1.121.181 80
Trying 10.1.121.181...
Connected to 10.1.121.181.
Escape character is '^]'.
^CConnection closed by foreign host.
浙公网安备 33010602011771号