目前我正在运行一个 Kubernetes 集群。
主机网络:10.17.20.x Docker 网络:172.17.60.x
我正在运行一个具有 IP 的 RabbitMQ pod:172.17.60.217 注释:
- cni.projectcalico.org/podIP:172.17.60.217/32 cni.projectcalico.org/podIPs:172.17.60.217/32
我所有的 pod 都需要连接到 RabbitMQ。这工作得很好。我需要将 pod“A”作为 macvlan 运行,因为它需要可以从主机网络访问以进行外围设备。
所以从拓扑的角度来看。我的 pod "A" 需要有两个网络接口才能连接到 rabbitmq 172.17.60.217 并获得分配的 Hostnetwork IP。因此提出了 NetworkAttachmentDefinitions。我的计划是创建一个 NetworkAttachment 来从 Hostnetwork 分配一个 IP。
NetworkAttachmentDefinition:
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: macvlan-conf
spec:
config: '{
"cniVersion": "0.3.1",
"plugins": [
{
"type": "macvlan",
"capabilities": { "ips": true },
"master": "ens224",
"mode": "bridge",
"ipam": {
"type": "static",
"routes": [
{
"dst": "0.0.0.0/0",
"gw": "10.17.20.1"
}
]
}
}
]
}'
似乎IP分配正确。
apiVersion: v1
kind: Pod
metadata:
labels:
run: udpechroute
name: udpechoroute
annotations:
annotations:
k8s.v1.cni.cncf.io/networks: '[ {
"name": "macvlan-conf",
"ips": [ "10.17.20.124/24" ],
"route": [ "10.17.20.1" ]
}]'
spec:
containers:
- image: alpine/socat:latest
imagePullPolicy: Never
name: udpecho
args:
- "-v"
- "PIPE"
- "udp-recvfrom:5553,fork"
restartPolicy: Always
status: {}
kubectl 描述 pod udpechoroute
Name: udpechoroute
Namespace: kube-system
Priority: 0
Node: openstack1/10.17.20.21
Start Time: Fri, 26 Nov 2021 17:38:10 +0100
Labels: run=udpechroute
Annotations: cni.projectcalico.org/podIP: 172.17.60.206/32
cni.projectcalico.org/podIPs: 172.17.60.206/32
k8s.v1.cni.cncf.io/network-status:
[{
"name": "",
"ips": [
"172.17.60.206"
],
"default": true,
"dns": {}
},{
"name": "kube-system/macvlan-conf",
"interface": "net1",
"ips": [
"10.17.20.124"
],
"mac": "26:7f:a1:40:79:c9",
"dns": {}
}]
k8s.v1.cni.cncf.io/networks: [ { "name": "macvlan-conf", "ips": [ "10.17.20.124/24" ], "route": [ "10.17.20.1" ] }]
k8s.v1.cni.cncf.io/networks-status:
[{
"name": "",
"ips": [
"172.17.60.206"
],
"default": true,
"dns": {}
},{
"name": "kube-system/macvlan-conf",
"interface": "net1",
"ips": [
"10.17.20.124"
],
"mac": "26:7f:a1:40:79:c9",
"dns": {}
}]
[root@openstack1]# kubectl exec -it udpechoroute /bin/sh -- 路由
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 169.254.1.1 0.0.0.0 UG 0 0 0 eth0
10.17.20.0 * 255.255.255.0 U 0 0 0 net1
169.254.1.1 * 255.255.255.255 UH 0 0 0 eth0
[root@openstack1]# kubectl exec -it udpechowithoutan /bin/sh -- 路由
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 169.254.1.1 0.0.0.0 UG 0 0 0 eth0
169.254.1.1 * 255.255.255.255 UH 0 0 0 eth0
我的问题:我删除了一个不使用任何 NetworkAttachmentDefinition 的 Pod,以便了解该 pod 的网关信息。但是从我的 udpechoroute Pod 我可以 ping RabbitMQ 地址,但无法从 IP 10.17.20.124 上的外围访问它。
kubectl exec -it udpechoroute -- ping 172.17.60.217:
PING 172.17.60.217 (172.17.60.217): 56 data bytes
64 bytes from 172.17.60.217: seq=0 ttl=63 time=0.164 ms
64 bytes from 172.17.60.217: seq=1 ttl=63 time=0.131 ms
64 bytes from 172.17.60.217: seq=2 ttl=63 time=0.106 ms
从 10.17.20.x 到 10.17.20.124 的 Ping 不起作用。
Pinging 10.17.20.124 with 32 bytes of data:
Request timed out.
没有防火墙规则阻止通信。
你知道我做错了什么吗?