分配4個C的子網,比如 172.22.132.0/22
其中大數據應用連接 mq, iptable做了限制,只允許指定IP訪問, 所以需要從 172.22.132.0/22 切出子網
規划如下:
大數據網絡: 172.22.135.0/25 使用IP126個
其他pod網絡: 172.22.132.0/23 使用pod 512個
calicoctl create -f -<<EOF apiVersion: projectcalico.org/v3 kind: IPPool metadata: name: bgdata-receiver-ipv4pool spec: blockSize: 26 cidr: 172.22.135.0/25 ipipMode: Never nodeSelector: all() vxlanMode: Never natOutgoing: false EOF calicoctl create -f -<<EOF apiVersion: projectcalico.org/v3 kind: IPPool metadata: name: default-ipv4-ippool spec: blockSize: 26 cidr: 172.22.132.0/23 ipipMode: Never nodeSelector: all() vxlanMode: Never natOutgoing: false EOF
主要利用calico組件的兩個kubernetes注解:
cni.projectcalico.org/ipAddrs
metadata: labels: app: testnginx annotations: "cni.projectcalico.org/ipAddrs": "[\"172.22.135.1\"]"
cni.projectcalico.org/ipv4pools
對於deployment
[root@master1 ~]# cat nginx.yaml apiVersion: apps/v1 kind: Deployment metadata: name: testnginx spec: replicas: 1 selector: matchLabels: app: testnginx template: metadata: labels: app: testnginx annotations: "cni.projectcalico.org/ipv4pools": "[\"bgdata-receiver-ipv4pool\"]" spec: containers: - image: 172.22.1.1/source/nginx:latest imagePullPolicy: Always name: testnginx ports: - containerPort: 80 name: testnginx protocol: TCP