kubernetes - 将 macvlan 静态 ip 应用到 pod

Question

我目前正在使用 multus 和 calico 测试 macvlan 配置，并且有 2 个问题。第一个问题是我创建了一个 macvlan 网络，如下所示：

apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: macvlan130
  namespace:testlog
spec:
  config: '{
      "cniVersion": "0.3.1",
      "type": "macvlan",
      "master": "eth0",
      "mode": "bridge",
      "ipam": {
        "type": "host-local",
        "subnet": "192.168.0.0/24",
        "rangeStart": "192.168.0.130",
        "rangeEnd": "192.168.0.130",
        "routes": [
          { "dst": "0.0.0.0/0" }
        ],
        "gateway": "192.168.0.7"
      }
        }'

然后我将其作为网络注释添加到测试 pod 中，如下所示：

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: testnode2
  name: testnode2
  namespace: testlog
spec:
  replicas: 1
  selector:
    matchLabels:
      app: testnode2
  template:
    metadata:
      annotations:
        k8s.v1.cni.cncf.io/networks: macvlan130
      labels:
        app: testnode2
    spec:
      containers:
      - env:
        - name: ES_JAVA_OPTS
          value: -Xms768m -Xmx768m
#        - name: MAX_LOCKED_MEMORY
#          value: unlimited
#        - name: bootstrap.memory_lock
#          value: "true"
        - name: cluster.initial_master_nodes
          value: testnode1,testnode2
        - name: cluster.name
          value: testcluster
        - name: discovery.seed_hosts
          value: testnode1,testnode2
        - name: http.cors.allow-origin
          value: "*"
        - name: network.host
          value: 0.0.0.0
        - name: node.data
          value: "true"
        - name: node.name
          value: testnode2
        - name: thread_pool.write.queue_size
          value: "500"
        image: amazon/opendistro-for-elasticsearch:1.8.0
        name: testnode2
        resources:
          requests:
            cpu: 2
          limits:
            cpu: 2
        securityContext:
          privileged: true
        volumeMounts:
        - mountPath: /usr/share/elasticsearch/data
          name: testnode2-claim0
#      restartPolicy: Always
      volumes:
        - name: testnode2-claim0
          hostPath:
            path: /logtest/es12
            type: DirectoryOrCreate

---

#es1 dns
apiVersion: v1
kind: Service
metadata:
  name: testnode2
  namespace: testlog
  labels:
    app: testnode2
spec:
  clusterIP: None
  selector:
    app: testnode2
---

#es1 portservice
apiVersion: v1
kind: Service
metadata:
  name: testnode2-service
  namespace: testlog
  labels:
    app: testnode2
spec:
  type: NodePort
  ports:
  - port: 9200
    nodePort: 9201
    targetPort: 9200
    protocol: TCP
    name: testnode2-9200
  - port: 9300
    nodePort: 9301
    targetPort: 9300
    protocol: TCP
    name: testnode2-9300
  selector:
    app: testnode2

macvlan 中的静态 ip 设置已成功应用于 pod：

[root@testnode2-554867db8c-n2xz6 elasticsearch]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if71: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default
    link/ether 16:ef:b9:1b:aa:d2 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.222.34.220/32 brd 10.222.34.212 scope global eth0
       valid_lft forever preferred_lft forever
5: net1@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default
    link/ether 12:7e:1e:00:fc:b5 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.0.130/24 brd 192.168.0.255 scope global net1
       valid_lft forever preferred_lft forever

但是，正如您所见，我的 kubernetes 集群 pod (10.222 ....) 的默认 IP 块仍然适用。

NAMESPACE      NAME                                       READY   STATUS    RESTARTS   AGE    IP              NODE               NOMINATED NODE   READINESS GATES

testlog        testnode2-554867db8c-8zpst                 1/1     Running   0          8s     10.222.34.220   k8s-cluster.test   <none>           <none>

我只希望将我在 macvlan 配置中设置的 ip 应用到 pod 并获得类似于此的结果：

NAMESPACE      NAME                                       READY   STATUS    RESTARTS   AGE    IP              NODE               NOMINATED NODE   READINESS GATES

testlog        testnode2-554867db8c-8zpst                 1/1     Running   0          8s     192.168.0.130   k8s-cluster.test   <none>           <none>

无需更改我的 kubernetes 默认 pod ip 块中的任何内容。我怎样才能做到这一点？

第二个问题：我也遇到端口分配问题。如上所示，我为测试 pod 设置了 9201 端口，并且在使用集群的默认网络设置时工作正常。实施 macvlan 后，我似乎只能访问默认端口。为什么会这样？