brief introduction
Using kube-router to expose pod ip and cluter i in the k8s cluster to the outside of the cluster and realize direct access to pod and svc of k8s by nodes outside the cluster
Environmental description
This experiment is based on the k8s cluster which has been installed and configured. k8s installation refers to other blog articles.
Experimental framework
lab1: master 11.11.11.111 lab2: node 11.11.11.112 lab3: node 11.11.11.113 lab4: external 11.11.11.114 Copy code
install
# The experiment re-created the cluster, and failed to test the cluster environment of other network plug-ins before using it.
# It may be due to environmental interference. Attention should be paid to the experiment.
# Create a kube-router directory to download related files
mkdir kube-router && cd kube-router
rm -f generic-kuberouter-all-features.yaml
wget https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/generic-kuberouter-all-features-advertise-routes.yaml
# Enable pod network communication, network isolation strategy, all functions of service proxy
# CLUSTERCIDR kube-controller-manager startup parameter--the value of cluster-cidr
# APISERVER kube-apiserver startup parameter--advertise-address value
CLUSTERCIDR='10.244.0.0/16'
APISERVER='https://11.11.11.111:6443'
sed -i "s;%APISERVER%;$APISERVER;g" generic-kuberouter-all-features-advertise-routes.yaml
sed -i "s;%CLUSTERCIDR%;$CLUSTERCIDR;g" generic-kuberouter-all-features-advertise-routes.yaml
# Modify configuration
containers:
- name: kube-router
image: cloudnativelabs/kube-router
imagePullPolicy: Always
args:
...
- "--peer-router-ips=11.11.11.114"
- "--peer-router-asns=64513"
- "--cluster-asn=64512"
- "--advertise-cluster-ip=true"
...
# deploy
kubectl apply -f generic-kuberouter-all-features-advertise-routes.yaml
# Delete kube-proxy
kubectl -n kube-system delete ds kube-proxy
# Execute on each node
# If it's a binary installation, use the following commands
systemctl stop kube-proxy
# Execute on each node
# Clean up the rules left behind by kube-proxy
docker run --privileged --net=host registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.10.2 kube-proxy --cleanup
# See
kubectl get pods -n kube-system
kubectl get svc -n kube-system
Copy codetest
# Install and configure kube-dns or coredns before testing
# Start deployment for testing
kubectl run nginx --replicas=2 --image=nginx:alpine --port=80
kubectl expose deployment nginx --type=NodePort --name=example-service-nodeport
kubectl expose deployment nginx --name=example-service
# See
kubectl get pods -o wide
kubectl get svc -o wide
# dns and access testing
kubectl run curl --image=radial/busyboxplus:curl -i --tty
nslookup kubernetes
nslookup example-service
curl example-service
Copy codeConfigure quagga in lab4
# install
yum install -y quagga
# To configure
cat >/etc/quagga/bgpd.conf<<EOF
! -*- bgp -*-
!
! BGPd sample configuratin file
!
! $Id: bgpd.conf.sample,v 1.1 2002/12/13 20:15:29 paul Exp $
!
hostname lab4
password zebra
!
router bgp 64513
bgp router-id 11.11.11.114
neighbor 11.11.11.111 remote-as 64512
neighbor 11.11.11.112 remote-as 64512
neighbor 11.11.11.113 remote-as 64512
log stdout
EOF
# start-up
systemctl start bgpd
systemctl status bgpd
systemctl enable bgpd
# View routing information
ip route
Copy codeTest access to pod and svc in k8s cluster in lab4
# Get pod and svc information on lab1 kubectl get pods -o wide kubectl get svc # Access on lab4 ip of one nginx pod in # 10.244.2.11 10.106.123.190 is cluster ip of example-service curl 10.244.2.11 curl 10.106.123.190 Copy code
Clear
# Clear
kubectl delete svc example-service example-service-nodeport
kubectl delete deploy nginx curlThis article turns from gold digging- k8s uses kube-router to expose pod s and SVCS in clusters to the outside