1

这是场景。有一个部署集,通过该部署集创建了 2 个 POD。我将 MACVLAN 接口附加到这些 POD 以进行外部通信。

麦克兰定义

apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: test-macvlandef01
spec:
  config: '{
      "cniVersion": "0.3.0",
      "name": "test-macvlandef01",
      "type": "macvlan",
      "master": "eth0",
      "mode": "bridge",
      "ipam": {
        "type": "whereabouts",
        "datastore": "kubernetes",
        "kubernetes": { "kubeconfig": "/etc/cni/net.d/whereabouts.d/whereabouts.kubeconfig" },
        "range": "192.168.0.0/24",
        "range_start": "192.168.0.44",
        "range_end": "192.168.0.45"
      }
    }'

部署集

apiVersion: apps/v1
kind: Deployment
metadata:
  name: centos-test
spec:
  replicas: 2
  selector:
    matchLabels:
      app: centos
  template:
    metadata:
      labels:
        app: centos
      annotations:
       k8s.v1.cni.cncf.io/networks: "test-macvlandef01"
    spec:
      nodeSelector:
        test: "true"
      containers:
      - name: centos
        image: centos
        imagePullPolicy: IfNotPresent
        command: ["bin/bash", "-c", "sleep 100000" ]
        ports:
        - containerPort: 80

结果。两个 POD 都有来自分配池的 IP。

[master1 ~]# kubectl exec -it centos-test-64f8fbf47f-wrjr7  ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if61: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default 
    link/ether 72:ef:ca:2c:31:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.20.14.176/32 scope global eth0
       valid_lft forever preferred_lft forever
5: net1@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default 
    link/ether 52:2f:bd:f9:03:09 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.0.44/24 brd 192.168.0.255 scope global net1
       valid_lft forever preferred_lft forever
       
[master1 ~]# kubectl exec -it centos-test-64f8fbf47f-vtkst  ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if60: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default 
    link/ether ae:e6:4e:95:2a:f2 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.20.14.175/32 scope global eth0
       valid_lft forever preferred_lft forever
5: net1@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default 
    link/ether 72:fb:b5:90:d0:37 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.0.45/24 brd 192.168.0.255 scope global net1
       valid_lft forever preferred_lft forever

现在我需要配置的是,macvlan 定义文件中有一个更大的分配池,但只有特定的 2 个 IP 分配给 POD。我尝试了以下配置。

麦克兰定义

apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: test-macvlandef01
spec:
  config: '{
      "cniVersion": "0.3.0",
      "name": "test-macvlandef01",
      "type": "macvlan",
      "master": "eth0",
      "mode": "bridge",
      "ipam": {
        "type": "whereabouts",
        "datastore": "kubernetes",
        "kubernetes": { "kubeconfig": "/etc/cni/net.d/whereabouts.d/whereabouts.kubeconfig" },
        "range": "192.168.0.0/24",
        "range_start": "192.168.0.40",
        "range_end": "192.168.0.50"
      }
    }'

部署集

apiVersion: apps/v1
kind: Deployment
metadata:
  name: centos-test
spec:
  replicas: 2
  selector:
    matchLabels:
      app: centos
  template:
    metadata:
      labels:
        app: centos
      annotations:
       k8s.v1.cni.cncf.io/networks: '[{ "name": "test-macvlandef01","ips": "192.168.0.44"},{"name": "test-macvlandef01","ips": "192.168.0.45"}]'
    spec:
      nodeSelector:
        test: "true"
      containers:
      - name: centos
        image: centos
        imagePullPolicy: IfNotPresent
        command: ["bin/bash", "-c", "sleep 100000" ]
        ports:
        - containerPort: 80

POD 在没有 MACVLAN 接口的情况下出现,我也没有看到与 POD 相关的错误。

[master1 ~]# kubectl exec -it centos-test-b59db89f7-2vvqx  ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if65: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default 
    link/ether 62:31:fc:64:8f:5b brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.20.14.180/32 scope global eth0
       valid_lft forever preferred_lft forever

[master1 ~]# kubectl exec -it centos-test-b59db89f7-6c75h  ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if64: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default 
    link/ether e6:23:30:ff:bf:c3 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.20.14.179/32 scope global eth0
       valid_lft forever preferred_lft forever

请提出任何有助于满足要求的修改或添加。

提前致谢。

4

1 回答 1

0

我想请您注意以下两点。部分回答。

  1. 从您的帖子中,我看到您想使用特殊的 IP 地址。要使用此类功能,根据 CNI 的扩展约定,您可能需要"capabilities": {"ips": true}在 Macvlan 定义中使用功能。像这样的东西:
spec:
  config: '{
      "cniVersion": "0.3.0",
      "name": "test-macvlandef01",
      "type": "macvlan",
      "capabilities": {"ips": true}
      "master": "eth0",
      "mode": "bridge",

您还可以在将 pod 附加到附加网络文档中找到很好的示例说明。

macvlan_plugin

  1. 我想你使用了 whereabouts plugin,因为"type": "whereabouts"它出现在你的 Macvlan 定义中。它支持排除:

您还可以指定要从分配中排除的范围,例如,如果您想在范围内分配 IP 地址 192.168.2.0/24,您可以通过将 IP 地址添加到排除列表来排除其中的 IP 地址。例如,如果您决定排除范围192.168.2.0/28,则在范围中分配的第一个 IP 地址将是192.168.2.16

了解这一事实后,您可以根据Whereabouts IPAM Config 示例指定要从配置中排除的 IP 范围。尝试exclude在 Macvlan 定义中添加具有必要 IP/子网的字段,应将其排除。针对您的特定情况的可能解决方案:

spec:
  config: '{
      "cniVersion": "0.3.0",
      "name": "test-macvlandef01",
      "type": "macvlan",
      "capabilities": {"ips": true}
      "master": "eth0",
      "mode": "bridge",
      "ipam": {
        "type": "whereabouts",
        "range": "192.168.0.0/24",
        "range_start": "192.168.0.40",
        "range_end": "192.168.0.50"
        "exclude": [
           "192.168.0.40/32",
           "192.168.0.41/32",
           ...
        ]
      }
  }'
于 2021-08-06T18:25:16.970 回答