kube-ovn 的nat gw pod是否可以复用ovn eip snat的公网网桥

bobz965
207 阅读2分钟

理论上是可以,但是目前测试存在一个问题,那就是当这么用之后,ovn 原生fip公网不通了。 而 nat gw pod 相关的功能iptables eip fip dnat snat 没有任何问题,可以正常使用。

[root@k8s-ctrl-1 ~]# k get cm -n kube-system            ovn-vpc-nat-gw-config  -o yaml
apiVersion: v1
data:
  enable-vpc-nat-gw: "true"
  image: kubeovn/vpc-nat-gateway:v1.11.0
  nic: br-vlan
kind: ConfigMap
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","data":{"enable-vpc-nat-gw":"true","image":"kubeovn/vpc-nat-gateway:v1.11.0","nic":"br-vlan"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"ovn-vpc-nat-gw-config","namespace":"kube-system"}}
  creationTimestamp: "2022-08-25T09:43:08Z"
  name: ovn-vpc-nat-gw-config
  namespace: kube-system
  resourceVersion: "117996066"
  uid: 17d37851-acd4-409b-aed5-05d129444db4


# k get provider-network vlan -o yaml
apiVersion: kubeovn.io/v1
kind: ProviderNetwork
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"kubeovn.io/v1","kind":"ProviderNetwork","metadata":{"annotations":{},"name":"vlan"},"spec":{"defaultInterface":"vlan"}}
  creationTimestamp: "2022-12-15T08:41:07Z"
  generation: 1
  name: vlan
  resourceVersion: "118043192"
  uid: e0f3fa7d-84df-4eef-a28e-646242ebe765
spec:
  defaultInterface: vlan
status:
  conditions:
  - lastTransitionTime: "2022-12-15T10:44:00Z"
    lastUpdateTime: "2022-12-15T10:44:00Z"
    node: k8s-ctrl-1
    reason: InitOVSBridgeSucceeded
    status: "True"
    type: Ready
  - lastTransitionTime: "2022-12-15T10:44:00Z"
    lastUpdateTime: "2022-12-15T10:44:00Z"
    node: k8s-ctrl-2
    reason: InitOVSBridgeSucceeded
    status: "True"
    type: Ready
  - lastTransitionTime: "2022-12-15T10:44:00Z"
    lastUpdateTime: "2022-12-15T10:44:00Z"
    node: k8s-ctrl-3
    reason: InitOVSBridgeSucceeded
    status: "True"
    type: Ready
  ready: true
  readyNodes:
  - k8s-ctrl-3
  - k8s-ctrl-1
  - k8s-ctrl-2
  vlans:
  - underlay
  - vlan-203
  - vlan-207
  - vlan-202


# k get vlan underlay -o yaml
apiVersion: kubeovn.io/v1
kind: Vlan
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"kubeovn.io/v1","kind":"Vlan","metadata":{"annotations":{},"name":"underlay"},"spec":{"id":0,"provider":"vlan"}}
  creationTimestamp: "2022-12-15T08:41:34Z"
  generation: 1
  name: underlay
  resourceVersion: "117967054"
  uid: f2f77abd-396e-4f42-9c68-acbaaee1e880
spec:
  id: 0
  provider: vlan
status:
  subnets:
  - underlay


# k get subnet underlay -o yaml
apiVersion: kubeovn.io/v1
kind: Subnet
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"kubeovn.io/v1","kind":"Subnet","metadata":{"annotations":{},"name":"underlay"},"spec":{"cidrBlock":"10.5.48.0/20","default":false,"excludeIps":["10.5.48.1..10.5.48.255","10.5.50.0..10.5.63.254"],"gateway":"10.5.63.254","namespaces":["underlay"],"protocol":"IPv4","vlan":"underlay"}}
    ovn.kubernetes.io/multicast: "true"
  creationTimestamp: "2022-12-15T08:41:47Z"
  finalizers:
  - kube-ovn-controller
  generation: 3
  name: underlay
  resourceVersion: "175008736"
  uid: cf0a2c4d-b2e0-4bfc-ba0f-e7eb1c9d4811
spec:
  cidrBlock: 10.5.48.0/20
  default: false
  enableLb: true
  excludeIps:
  - 10.5.48.1..10.5.48.255
  - 10.5.50.0..10.5.63.254
  gateway: 10.5.63.254
  gatewayNode: ""
  gatewayType: distributed
  namespaces:
  - underlay
  natOutgoing: false
  private: false
  protocol: IPv4
  provider: ovn
  vlan: underlay
  vpc: ovn-cluster

a2f6d0d9857c4136b12a2de5a6bdf291.png

但在我的自测环境,单独只用ovn eip snat,不使用nat gw模式,是ok的

avatar
文章
阅读
粉丝