kubeasz/docs/06.kube-router.md

108 lines
3.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# kube-router 网络组件
kube-router是一个简单、高效的网络插件它提供一揽子解决方案
- 基于GoBGP 提供Pod 网络互联Routing
- 使用ipsets优化的iptables 提供网络策略支持Firewall/NetworkPolicy
- 基于IPVS/LVS 提供高性能服务代理Service Proxy
更多介绍请前往`https://github.com/cloudnativelabs/kube-router`
## 配置
本项目提供多种网络插件可选如果需要安装kube-router请在/etc/ansible/hosts文件中设置变量 `CLUSTER_NETWORK="kube-router"`
- kube-router需要在所有master节点和node节点安装
## 安装
- 单步安装已经集成:`ansible-playbook 90.setup.yml`
- 分步安装请执行:`ansible-playbook 06.network.yml`
## 验证
- 1.pod间网络联通性
- 2.host路由表
``` bash
# master上路由
root@master1:~$ ip route
...
172.20.1.0/24 via 192.168.1.2 dev ens3 proto 17
172.20.2.0/24 via 192.168.1.3 dev ens3 proto 17
...
# node3上路由
root@node3:~$ ip route
...
172.20.0.0/24 via 192.168.1.1 dev ens3 proto 17
172.20.1.0/24 via 192.168.1.2 dev ens3 proto 17
172.20.2.0/24 dev kube-bridge proto kernel scope link src 172.20.2.1
...
```
- 3.bgp连接状态
``` bash
# master上
root@master1:~$ netstat -antlp|grep router|grep LISH|grep 179
tcp 0 0 192.168.1.1:179 192.168.1.3:58366 ESTABLISHED 26062/kube-router
tcp 0 0 192.168.1.1:42537 192.168.1.2:179 ESTABLISHED 26062/kube-router
# node3上
root@node3:~$ netstat -antlp|grep router|grep LISH|grep 179
tcp 0 0 192.168.1.3:58366 192.168.1.1:179 ESTABLISHED 18897/kube-router
tcp 0 0 192.168.1.3:179 192.168.1.2:43928 ESTABLISHED 18897/kube-router
```
- 4.NetworkPolicy有效性验证参照[这里](guide/networkpolicy.md)
- 5.ipset列表查看
``` bash
$ ipset list
...
Name: kube-router-pod-subnets
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536 timeout 0
Size in memory: 672
References: 2
Members:
172.20.1.0/24 timeout 0
172.20.2.0/24 timeout 0
172.20.0.0/24 timeout 0
Name: kube-router-node-ips
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 0
Size in memory: 416
References: 1
Members:
192.168.1.1 timeout 0
192.168.1.2 timeout 0
192.168.1.3 timeout 0
...
```
- 6.ipvs虚拟服务器查看 (/etc/ansible/hosts需配置`SERVICE_PROXY="IPVS"`)
``` bash
# 首先创建测试应用
$ kubectl run nginx --image=nginx --replicas=3 --port=80 --expose
# 查看ipvsadm输出
$ ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.68.0.1:https rr persistent 10800 # 这个kubernetes虚拟服务地址
-> 192.168.1.1:6443 Masq 1 0 0
TCP 10.68.199.39:http rr # 这个是测试应用nginx的虚拟服务地址
-> 172.20.1.5:http Masq 1 0 0
-> 172.20.2.6:http Masq 1 0 0
-> 172.20.2.8:http Masq 1 0 0
```