ovn-eip-snat enable external 功能测试

bobz965
219 阅读2分钟
  1. vpc 单独使用external功能

目前依然还是对默认vpc的的cm 有所依赖,后续可能需要加一个gw chassis node crd 来解耦,基于label管理gw node也行,但不够直观,操作量也有点大。



[root@pc-node-1 03-cust-vpc]# k  get cm -A -o wide | grep external
kube-system       ovn-external-gw-config                    5      5m12s

测试自定义vpc enable external



# cat 01-vpc-ecmp-enable-external-bfd.yml
kind: Vpc
apiVersion: kubeovn.io/v1
metadata:
  name: vpc1
spec:
  namespaces:
  - vpc1
    #enableExternal: true
    #enableBfd: true
  enableExternal: true
  #enableBfd: false



[root@pc-node-1 03-cust-vpc]# k ko nbctl show vpc1
router c568d87a-2c20-4814-ad3b-9e82bd0e42bc (vpc1)
    port vpc1-external204
        mac: "00:00:00:8F:8F:47"
        networks: ["10.5.204.103/24"]
        gateway chassis: [b25e36c0-4d1b-4dce-821d-02ecf4f40c8a d3890bf6-eccd-4e7d-8f11-c2c93e56eff6 7e0cba14-0ad7-41f5-a84f-36e409a02914]
[root@pc-node-1 03-cust-vpc]#
[root@pc-node-1 03-cust-vpc]#
[root@pc-node-1 03-cust-vpc]#
[root@pc-node-1 03-cust-vpc]#
[root@pc-node-1 03-cust-vpc]# k ko nbctl lr-route-list vpc1
IPv4 Routes
Route Table <main>:
                0.0.0.0/0              10.5.204.254 dst-ip


[root@pc-node-1 03-cust-vpc]# cat 02-subnet.yml
apiVersion: kubeovn.io/v1
kind: Subnet
metadata:
  name: vpc1-subnet1
spec:
  cidrBlock: 192.168.0.0/24
  default: false
  disableGatewayCheck: false
  disableInterConnection: true
  enableEcmp: false
  gatewayNode: ""
  gatewayType: distributed
  #gatewayType: centralized
  natOutgoing: false
  private: false
  protocol: IPv4
  provider: ovn
  vpc: vpc1
  namespaces:
  - vpc1


[root@pc-node-1 03-cust-vpc]# k apply -f 02-subnet.yml
subnet.kubeovn.io/vpc1-subnet1 created
[root@pc-node-1 03-cust-vpc]#
[root@pc-node-1 03-cust-vpc]#
[root@pc-node-1 03-cust-vpc]# k ko nbctl show vpc1
router c568d87a-2c20-4814-ad3b-9e82bd0e42bc (vpc1)
    port vpc1-vpc1-subnet1
        mac: "00:00:00:75:97:74"
        networks: ["192.168.0.1/24"]
    port vpc1-external204
        mac: "00:00:00:8F:8F:47"
        networks: ["10.5.204.103/24"]
        gateway chassis: [b25e36c0-4d1b-4dce-821d-02ecf4f40c8a d3890bf6-eccd-4e7d-8f11-c2c93e56eff6 7e0cba14-0ad7-41f5-a84f-36e409a02914]

# 直接创建,功能结果正常

置为false,查看是否可以关闭公网


# cat 01-vpc-ecmp-enable-external-bfd.yml
kind: Vpc
apiVersion: kubeovn.io/v1
metadata:
  name: vpc1
spec:
  namespaces:
  - vpc1
  enableExternal: false
    #enableBfd: true
    #enableExternal: true
  #enableBfd: false


[root@pc-node-1 03-cust-vpc]# k apply -f 01-vpc-ecmp-enable-external-bfd.yml
vpc.kubeovn.io/vpc1 configured
[root@pc-node-1 03-cust-vpc]#
[root@pc-node-1 03-cust-vpc]#
[root@pc-node-1 03-cust-vpc]#
[root@pc-node-1 03-cust-vpc]#
[root@pc-node-1 03-cust-vpc]# k ko nbctl show vpc1
router c568d87a-2c20-4814-ad3b-9e82bd0e42bc (vpc1)
    port vpc1-vpc1-subnet1
        mac: "00:00:00:75:97:74"
        networks: ["192.168.0.1/24"]

# 可以看到已关闭

参考

官方文档: kubeovn.github.io/docs/v1.12.…

avatar
文章
阅读
粉丝