碼上歡樂
相關內容    簡體    繁體

Calico配置雙RR架構

本文轉載自   查看原文   2019-10-22 10:51   537    K8S

0 背景

由於本次部署的節點有20個,2個Master,18個Node,而Calico默認采用Full-mesh BGP,將導致建立的連接數過多,故引入RR完成路由的分發

1 節點及配置規划

1.1 地址規划

ip范圍 角色
192.168.2.1-2 RR
192.168.2.3-20 RR-Client

1.2 關鍵配置

修改/etc/ansible/roles/calico/defaults 配置

本K8S集群運行在同網段kvm虛機上,虛機間沒有網絡ACL限制,因此可以設置CALICO_IPV4POOL_IPIP=off,如果你的主機位於不同網段,或者運行在公有雲上需要打開這個選項 CALICO_IPV4POOL_IPIP=always

# 設置 CALICO_IPV4POOL_IPIP=“off”,可以提高網絡性能
CALICO_IPV4POOL_IPIP: "off"

安裝完成后會發現,網卡並未像開啟IPIP那樣生成tunl0網卡,而是通過物理網卡獲取到各節點POD網段的路由,說明配置成功;

查看路由表:

路由表一開始不一定每個節點都會宣告進來,待節點調度生成過POD后即可宣告路由,就可以看到更新后的路由表

配置全局禁用Full-mesh

$ cat << EOF | calicoctl -f -
apiVersion: projectcalico.org/v3
kind: BGPConfiguration
metadata:
  name: default
spec:
  logSeverityScreen: Info
  nodeToNodeMeshEnabled: false
  asNumber: 64512
EOF

上述命令配置完成后,再次使用命令ansible all -m shell -a '/opt/kube/bin/calicoctl node status'查看,可以看到之前所有的bgp連接都消失了。

配置 BGP node 與 Route Reflector 的連接建立規則

設定規則,通過標簽區分節點角色

$ cat << EOF | calicoctl create -f -
kind: BGPPeer
apiVersion: projectcalico.org/v3
metadata:
  name: peer-to-rrs
spec:
  # 規則1:普通 bgp node 與 rr 建立連接
  nodeSelector: !has(i-am-a-route-reflector)
  peerSelector: has(i-am-a-route-reflector)

---
kind: BGPPeer
apiVersion: projectcalico.org/v3
metadata:
  name: rr-mesh
spec:
  # 規則2:route reflectors 之間也建立連接
  nodeSelector: has(i-am-a-route-reflector)
  peerSelector: has(i-am-a-route-reflector)
EOF

導出節點1和節點2的配置並修改:

calicoctl get node node1 --export -oyaml > rr01.yml
vim rr01.yaml
apiVersion: projectcalico.org/v3
kind: Node
metadata:
  creationTimestamp: null
  name: node1
  labels:
    # 增加標簽,將rr標簽置為true
    i-am-a-route-reflector: true
spec:
  bgp:
    ipv4Address: 192.168.2.1/24
    # 增加標簽,確保同一個反射簇配置ID一致,即rr01與rr02一致,用於冗余和防環
    routeReflectorClusterID: 224.0.0.1
  orchRefs:
  - nodeName: 192.168.2.1
    orchestrator: k8s

RR1和RR2的配置同理,編寫完成后應用

calicoctl apply -f rr01.yml
$ ansible all -m shell -a '/opt/kube/bin/calicoctl node status'

192.168.2.2 | SUCCESS | rc=0 >>
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 192.168.2.1    | global        | up    | 13:29:08 | Established |
| 192.168.2.10   | node specific | up    | 13:29:10 | Established |
##省略..
| 192.168.2.9    | node specific | up    | 13:29:08 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

192.168.2.3 | SUCCESS | rc=0 >>
Calico process is running.

IPv4 BGP status
+--------------+-----------+-------+----------+-------------+
| PEER ADDRESS | PEER TYPE | STATE |  SINCE   |    INFO     |
+--------------+-----------+-------+----------+-------------+
| 192.168.2.1    | global    | up    | 13:27:01 | Established |
| 192.168.2.2    | global    | up    | 13:29:08 | Established |
+--------------+-----------+-------+----------+-------------+
##其他省略...

可以看到RR1和RR2建立連接;

其他節點分別與RR1和RR2建立連接,互相並不直連


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 calico bgp rr Calico架構 Kubernetes網絡組件之Calico策略實踐(BGP、RR、IPIP) [轉]Kubernetes網絡組件之Calico策略實踐(BGP、RR、IPIP) iptables的statistic模塊配置rr Calico搭建配置 k8s之使用RR路由反射優化calico的bgp網絡 路由反射器(RR)配置 calico 配置 BGP Route Reflectors calico ipip 變更 BGP 配置
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM