29.B站薪享宏福笔记——第十一章(3)固定IP地址
11 B站薪享宏福笔记——第十一章
11.4 固定 IP 地址至 Pod
—— 满足特殊需求的地址分配
11.4.1 网络插件配置
修改配置文件 /etc/cni/net.d/10-calico.conflist ,将 ipam 类型修改为 calico-ipam(启动 calico 的 ip 管理器,实现单个 pod 地址的固定化分配)
[root@k8s-master01 11.4]# cat /etc/cni/net.d/10-calico.conflist { "name": "k8s-pod-network", "cniVersion": "0.3.1", "plugins": [ { "type": "calico", "log_level": "info", "log_file_path": "/var/log/calico/cni/cni.log", "datastore_type": "kubernetes", "nodename": "k8s-master01", "mtu": 0, "ipam": { "type": "calico-ipam" }, "policy": { "type": "k8s" }, "kubernetes": { "kubeconfig": "/etc/cni/net.d/calico-kubeconfig" } }, { "type": "portmap", "snat": true, "capabilities": {"portMappings": true} }, { "type": "bandwidth", "capabilities": {"bandwidth": true} } ] }
11.4.2 固定 IP 测试
[root@k8s-master01 11.4]# cat ip_pod.yaml apiVersion: v1 kind: Pod metadata: labels: app: myapp annotations: "cni.projectcalico.org/ipAddrs": "[\"10.244.140.67\"]" name: myapp-ip namespace: default spec: containers: - image: myapp:v1.0 imagePullPolicy: IfNotPresent name: myapp
3.元数据:标签:key: value、描述信息:key 名: 固定 IP 值、Pod 名、Pod 所在名称空间
注意:Pod 的 IP 必须在 集群中没有使用,已存在的没办法竞争 IP 地址
[root@k8s-master01 11.4]# kubectl apply -f ip_pod.yaml pod/myapp-ip created [root@k8s-master01 11.4]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES myapp-ip 1/1 Running 0 6s 10.244.140.67 k8s-node02 <none> <none> [root@k8s-master01 11.4]# kubectl delete -f ip_pod.yaml pod "myapp-ip" deleted [root@k8s-master01 11.4]# kubectl apply -f ip_pod.yaml pod/myapp-ip created [root@k8s-master01 11.4]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES myapp-ip 1/1 Running 0 9s 10.244.140.67 k8s-node02 <none> <none>
11.4.3 固定 IP 无法竞争
# 仅与上面的 Pod 名称不同,IP 地址是相同的
[root@k8s-master01 11.4]# cat ip2_pod.yaml apiVersion: v1 kind: Pod metadata: labels: app: myapp annotations: "cni.projectcalico.org/ipAddrs": "[\"10.244.140.67\"]" name: myapp-ip-2 namespace: default spec: containers: - image: myapp:v1.0 imagePullPolicy: IfNotPresent name: myapp
# 再次创建相同 IP 地址的 Pod ,无法创建成功,显示 IP 地址已存在 [root@k8s-master01 11.4]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES myapp-ip 1/1 Running 0 14m 10.244.140.67 k8s-node02 <none> <none> [root@k8s-master01 11.4]# kubectl apply -f ip2_pod.yaml pod/myapp-ip-2 created [root@k8s-master01 11.4]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES myapp-ip 1/1 Running 0 14m 10.244.140.67 k8s-node02 <none> <none> myapp-ip-2 0/1 ContainerCreating 0 9s <none> k8s-node01 <none> <none> [root@k8s-master01 11.4]# kubectl describe pod myapp-ip-2 ......... Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 36s default-scheduler Successfully assigned default/myapp-ip-2 to k8s-node01 Warning FailedCreatePodSandBox 30s kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "88e65cd7870bff9474496d0b7526d1ab98a222ab9809cc4cf19d0f3d3c2b7328" network for pod "myapp-ip-2": networkPlugin cni failed to set up pod "myapp-ip-2_default" network: plugin type="calico" failed (add): error getting IP from IPAM: resource already exists: 10.244.140.67
11.4.4 总结
固定 IP 在使用过程中可能会遇到 IP 没有释放等问题导致 Pod 启动失败,原因可能是 Pod 被删除后,使用的 IP 地址还未被释放,所以需要使用命令对地址池中的 IP 进行释放,才能够被 Pod 重新使用
calicoctl ipam release --ip 10.244.140.67
# 安装 calicoctl 客户端工具的方法 # 第一种,下载后 apply [root@k8s-master01 11.4]# wget https://docs.projectcalico.org/manifests/calicoctl.yaml --2025-07-31 13:37:29-- https://docs.projectcalico.org/manifests/calicoctl.yaml Resolving docs.projectcalico.org (docs.projectcalico.org)... 52.74.6.109, 13.215.239.219, 2406:da18:b3d:e201::258, ... Connecting to docs.projectcalico.org (docs.projectcalico.org)|52.74.6.109|:443... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://calico-v3-25.netlify.app/archive/v3.25/manifests/calicoctl.yaml [following] --2025-07-31 13:37:31-- https://calico-v3-25.netlify.app/archive/v3.25/manifests/calicoctl.yaml Resolving calico-v3-25.netlify.app (calico-v3-25.netlify.app)... 52.74.6.109, 13.215.239.219, 2406:da18:b3d:e201::259, ... Connecting to calico-v3-25.netlify.app (calico-v3-25.netlify.app)|52.74.6.109|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 2019 (2.0K) [text/yaml] Saving to: ‘calicoctl.yaml’ calicoctl.yaml 100%[========================================================================================================================================>] 1.97K --.-KB/s in 0s
# 第二种,直接 apply 网址的 yaml 文件 [root@k8s-master01 11.4]# kubectl apply -f https://docs.projectcalico.org/manifests/calicoctl.yaml serviceaccount/calicoctl created pod/calicoctl created clusterrole.rbac.authorization.k8s.io/calicoctl created clusterrolebinding.rbac.authorization.k8s.io/calicoctl created [root@k8s-master01 11.4]# kubectl get pod -n kube-system |grep calicoctl calicoctl 1/1 Running 0 10m
———————————————————————————————————————————————————————————————————————————
无敌小马爱学习
浙公网安备 33010602011771号