在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称:terway开源软件地址:https://gitee.com/AliyunContainerService/terway开源软件介绍:Terway 网络插件CNI plugin for alibaba cloud VPC/ENI English | 简体中文 安装Kubernetes
安装好了之后要:
通过 安装terway插件Terway有两种安装模式:
使用 验证terway的功能一般VPC网络的容器在VPC安装模式下,在容器没有做任何特殊配置时,terway会通过在节点上的podCidr中去分配地址然后配置给容器。例如: [root@iZj6c86lmr8k9rk78ju0ncZ ~]# kubectl run -it --rm --image busybox busyboxIf you don't see a command prompt, try pressing enter./ # ip link1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:003: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 46:02:02:6b:65:1e brd ff:ff:ff:ff:ff:ff/ # ip addr show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever3: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 46:02:02:6b:65:1e brd ff:ff:ff:ff:ff:ff inet 172.30.0.4/24 brd 172.30.0.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::4402:2ff:fe6b:651e/64 scope link valid_lft forever preferred_lft forever 使用ENI弹性网卡获得等同于底层网络的性能在VPC安装模式下,在Pod的其中一个container的 apiVersion: v1kind: Podmetadata: name: nginxspec: containers: - name: nginx image: nginx resources: limits: aliyun/eni: 1 然后我们exec到这个容器中就可以看到terway创建并绑定了一个ECS的弹性网卡: [root@iZj6c86lmr8k9rk78ju0ncZ ~]# kubectl exec -it nginx sh# ip addr show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN qlen 1000 link/ether 00:16:3e:02:38:05 brd ff:ff:ff:ff:ff:ff inet 172.31.80.193/20 brd 172.31.95.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::216:3eff:fe02:3805/64 scope link valid_lft forever preferred_lft forever4: veth1@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP link/ether 1e:60:c7:cb:1e:0e brd ff:ff:ff:ff:ff:ff inet6 fe80::1c60:c7ff:fecb:1e0e/64 scope link valid_lft forever preferred_lft forever ENI辅助IP的容器:在ENI多IP安装模式下,Terway会通过创建和分配ENI和ENI网卡上的辅助IP地址给Pod使用,Pod上的IP地址将和VPC和VSwitch的IP地址相同段,例如: [root@iZj6c86lmr8k9rk78ju0ncZ ~]# kubectl get pod -o wideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODEnginx-64f497f8fd-ckpdm 1/1 Running 0 4d 192.168.0.191 cn-hangzhou.i-j6c86lmr8k9rk78ju0nc <none>[root@iZj6c86lmr8k9rk78ju0ncZ ~]# kubectl get node -o wide cn-hangzhou.i-j6c86lmr8k9rk78ju0ncNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIMEcn-hangzhou.i-j6c86lmr8k9rk78ju0nc Ready <none> 12d v1.11.5 192.168.0.154 <none> CentOS Linux 7 (Core) 3.10.0-693.2.2.el7.x86_64 docker://17.6.2[root@iZj6c86lmr8k9rk78ju0ncZ ~]# kubectl exec -it nginx-64f497f8fd-ckpdm bashroot@nginx-64f497f8fd-ckpdm:/# ip addr show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever3: eth0@if106: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 4a:60:eb:97:f4:07 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.0.191/32 brd 192.168.0.191 scope global eth0 valid_lft forever preferred_lft forever 使用NetworkPolicy来限制容器间访问Terway插件兼容标准的K8S中的NetworkPolicy来控制容器间的访问,例如:
限制容器的出入带宽Terway插件通过配置容器网卡上的限流规则来实现对容器的流量控制,避免由于单个容器的流量占满整个节点的流量,通过配置Pod上的 apiVersion: v1kind: Podmetadata: name: nginx annotations: k8s.aliyun.com/ingress-bandwidth: 1m k8s.aliyun.com/egress-bandwidth: 1mspec: nodeSelector: kubernetes.io/hostname: cn-shanghai.i-uf63p6s96kf4jfh8wpwn containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80 |
请发表评论