今天就跟大家聊聊有关Tungsten Fabric及Kubernetes集成解决是怎样的,可能很多人都不太了解,为了让大家更加了解,小编给大家总结了以下内容,希望大家根据这篇文章可以有所收获。
让客户满意是我们工作的目标,不断超越客户的期望值来自于我们对这个行业的热爱。我们立志把好的技术通过有效、简单的方式提供给客户,将通过不懈努力成为客户在信息化领域值得信任、有价值的长期合作伙伴,公司提供的服务项目有:域名申请、网页空间、营销软件、网站建设、蛟河网站维护、网站推广。
1
Kubernetes与TF的集成
contrail-kube-manager和kube-api-server
Contrail CNI
1.2 Contrail CNI
[KUBERNETES_VNC]public_fip_pool = {'domain': 'default-domain', 'project': 'default', 'network': 'public', 'name': 'public-fip-pool'}
[VNC]public_fip_pool = {'domain': 'default-domain', 'project': 'default', 'network': 'public', 'name': 'public-fip-pool'}
2
Namespace
[KUBERNETES]cluster_project = {'domain': 'default-domain', 'project': 'kubernetes'}
Flat IPAM
IPAM
虚拟网络“cluster-network”的安全组k8s-default-default-default和k8s-default-default-sg
虚拟网络
apiVersion: v1kind: Namespacemetadata: name: "dev-unisolated"
apiVersion: v1kind: Podmetadata: name: nginx-1spec: containers: - name: nginx image: docker.io/nginx imagePullPolicy: IfNotPresentkubectl create -f nginx-1.yaml -nkubectl get pods -n
创建虚拟机
在启动Pod的虚拟路由器中,添加对VM的引用。
参考以下内容,创建VMI
SG k8s-default-
SG k8s-default-
VN
在VN cluster-network中从pod-ipam分配IP地址(cluster IP)。Subnet UUID被指定为从Flat IPAM pod-ipam进行分配。
apiVersion: v1kind: Namespacemetadata: name: "dev-isolated" annotations: { "opencontrail.org/isolation" : "true" }
虚拟网络
安全组k8s-default-
创建虚拟机
在启动了Pod的虚拟路由器中,添加对VM的引用。
参考以下内容,创建VMI
SG k8s-default-
SG k8s-default-
VN
在VN
为每个现有的Kubenetes命名空间(如default、kube-public和kube-system)提供一个项目/租户。
Flat IPAM 默认域:default:pod-ipam
IPAM 默认域:default:service-ipam
每一个命名空间的安全组:k8s-default-
虚拟网络默认域名:具有pod-ipam的default:cluster-network和service-ipam
apiVersion: v1kind: Namespacemetadata: name: "dev-unisolated"
项目default-domain:
在项目缺省域:
在虚拟网络缺省域:default:cluster-network
从IPAM缺省域:default:pod-ipam获取地址
附带安全组k8s-default-default-default和k8s-default-default-sg
apiVersion: v1kind: Namespacemetadata: name: "dev-isolated" annotations: { "opencontrail.org/isolation" : "true" }
项目缺省域:
虚拟网络default-domain:
安全组default-domain:
在项目default-domain:
在虚拟网络default-domain:
从IPAM default-domain:default:pod-ipam获取地址
附带安全组default-domain:
apiVersion: v1kind: Namespacemetadata: name: "dev-customized" annotations: { "opencontrail.org/network": '{"domain": "default-domain", "project": "demo", "name": "red"}' }
在项目default-domain:default中
在虚拟网络上映射到自定义命名空间
从与该虚拟网络关联的IPAM上获取地址
安全组?
在项目中映射到指定或默认的命名空间
在指定的虚拟网络上
从与特定虚拟网络关联的IPAM上获取地址
安全组?
3
Service
apiVersion: v1kind: ReplicationControllermetadata: name: web-qaspec: replicas: 2 selector: app: web-qa template: metadata: name: web-qa labels: app: web-qa spec: containers: - name: web image: docker.io/nginx imagePullPolicy: IfNotPresent
kind: ServiceapiVersion: v1metadata: name: web-qaspec: selector: app: web-qa ports: - protocol: TCP port: 80 targetPort: 80
参照以下内容,创建LB VMI
SG k8s-default-
SG k8s-default-
VN
在VN cluster-network中从service-ipam分配LB IP地址(service IP)。不需要subnet UUID。
创建负载均衡器
VIP是LB IP地址
VMI是LB VMI
提供者是“native”
创建浮动IP作为LB IP的子IP,地址相同,利用FIP支持端口NAT。
创建LB侦听器
创建LB池
创建LB成员
在FIP中设置端口映射。
将所有成员的VMI添加到FIP。
kind: ServiceapiVersion: v1metadata: name: web-qaspec: selector: app: web-qa ports: - protocol: TCP port: 80 targetPort: 80 type: LoadBalancer
附录A 单租户(Single-tenant)
{ "fq_name": [ "default-domain", "kubernetes", "pod-ipam" ], "uuid": "c9641741-c785-456e-845b-a14a253c3572", "ipam_subnet_method": "flat-subnet", "parent_type": "project", "perms2": { "owner": "None", "owner_access": 7, "global_access": 0, "share": [] }, "ipam_subnets": { "subnets": [ { "subnet": { "ip_prefix": "10.32.0.0", "ip_prefix_len": 12 }, "DNS_server_address": "10.47.255.253", "enable_dhcp": true, "created": null, "default_gateway": "10.47.255.254", "dns_nameservers": [], "dhcp_option_list": null, "subnet_uuid": null, "alloc_unit": 1, "last_modified": null, "host_routes": null, "addr_from_start": null, "subnet_name": null, "allocation_pools": [] } ] }, "id_perms": { "enable": true, "description": null, "creator": null, "created": "2017-12-27T18:45:33.957901", "uuid": { "uuid_mslong": 14511749470582293870, "uuid_lslong": 9537393975711511922 }, "user_visible": true, "last_modified": "2017-12-27T18:45:33.957901", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "display_name": "pod-ipam"}
{ "fq_name": [ "default-domain", "kubernetes", "service-ipam" ], "uuid": "526f554a-0bf4-47c6-a8e4-768a3f98cef4", "parent_type": "project", "perms2": { "owner": "None", "owner_access": 7, "global_access": 0, "share": [] }, "id_perms": { "enable": true, "description": null, "creator": null, "created": "2017-12-27T18:45:34.000690", "uuid": { "uuid_mslong": 5940060210041472966, "uuid_lslong": 12169982429206466292 }, "user_visible": true, "last_modified": "2017-12-27T18:45:34.000690", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "display_name": "service-ipam"}
{ "fq_name": [ "default-domain", "kubernetes", "k8s-default-dev-share-default" ], "uuid": "ad29de07-5ef6-4f55-86bb-52c44827c09d", "parent_type": "project", "perms2": { "owner": "46c31b9b-d21c-4c27-9445-6c94db948b6d", "owner_access": 7, "global_access": 0, "share": [] }, "security_group_id": 8000010, "id_perms": { "enable": true, "description": "Default security group", "creator": null, "created": "2018-01-12T09:02:15.110429", "uuid": { "uuid_mslong": 12477748365846007637, "uuid_lslong": 9708444424704868509 }, "user_visible": true, "last_modified": "2018-01-12T15:45:08.899388", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "security_group_entries": { "policy_rule": [ { "direction": ">", "protocol": "any", "dst_addresses": [ { "security_group": "local", "subnet": null, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "action_list": null, "created": null, "rule_uuid": "dc13bb48-e2a7-4c59-a0b8-740ecfcb9a2c", "dst_ports": [ { "end_port": 65535, "start_port": 0 } ], "application": [], "last_modified": null, "ethertype": "IPv4", "src_addresses": [ { "security_group": null, "subnet": { "ip_prefix": "0.0.0.0", "ip_prefix_len": 0 }, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "rule_sequence": null, "src_ports": [ { "end_port": 65535, "start_port": 0 } ] }, { "direction": ">", "protocol": "any", "dst_addresses": [ { "security_group": "local", "subnet": null, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "action_list": null, "created": null, "rule_uuid": "a84e2d98-2b8f-45ba-aa75-88494da73b11", "dst_ports": [ { "end_port": 65535, "start_port": 0 } ], "application": [], "last_modified": null, "ethertype": "IPv6", "src_addresses": [ { "security_group": null, "subnet": { "ip_prefix": "::", "ip_prefix_len": 0 }, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "rule_sequence": null, "src_ports": [ { "end_port": 65535, "start_port": 0 } ] }, { "direction": ">", "protocol": "any", "dst_addresses": [ { "security_group": null, "subnet": { "ip_prefix": "0.0.0.0", "ip_prefix_len": 0 }, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "action_list": null, "created": null, "rule_uuid": "b7752ec1-6037-4c7f-97a9-291893fbed64", "dst_ports": [ { "end_port": 65535, "start_port": 0 } ], "application": [], "last_modified": null, "ethertype": "IPv4", "src_addresses": [ { "security_group": "local", "subnet": null, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "rule_sequence": null, "src_ports": [ { "end_port": 65535, "start_port": 0 } ] }, { "direction": ">", "protocol": "any", "dst_addresses": [ { "security_group": null, "subnet": { "ip_prefix": "::", "ip_prefix_len": 0 }, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "action_list": null, "created": null, "rule_uuid": "ea5cd2a8-2d47-47c4-a9ab-390de2317246", "dst_ports": [ { "end_port": 65535, "start_port": 0 } ], "application": [], "last_modified": null, "ethertype": "IPv6", "src_addresses": [ { "security_group": "local", "subnet": null, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "rule_sequence": null, "src_ports": [ { "end_port": 65535, "start_port": 0 } ] } ] }, "annotations": { "key_value_pair": [ { "key": "namespace", "value": "dev-share" }, { "key": "cluster", "value": "k8s-default" }, { "key": "kind", "value": "Namespace" }, { "key": "project", "value": "kubernetes" }, { "key": "name", "value": "k8s-default-dev-share-default" }, { "key": "owner", "value": "k8s" } ] }, "display_name": "k8s-default-dev-share-default"}
{ "fq_name": [ "default-domain", "kubernetes", "k8s-default-dev-share-sg" ], "uuid": "791f1c7e-a66e-4c47-ba05-409f00ee2c8e", "parent_type": "project", "perms2": { "owner": "46c31b9b-d21c-4c27-9445-6c94db948b6d", "owner_access": 7, "global_access": 0, "share": [] }, "security_group_id": 8000017, "id_perms": { "enable": true, "description": "Namespace security group", "creator": null, "created": "2018-01-12T09:02:15.236401", "uuid": { "uuid_mslong": 8727725933151013959, "uuid_lslong": 13404190917597736078 }, "user_visible": true, "last_modified": "2018-01-12T09:02:15.275407", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "display_name": "k8s-default-dev-share-sg", "annotations": { "key_value_pair": [ { "key": "namespace", "value": "dev-share" }, { "key": "cluster", "value": "k8s-default" },&n
文章名称:TungstenFabric及Kubernetes集成解决是怎样的
文章网址:http://njwzjz.com/article/jijpip.html