集成方案中,在Kubernetes和Tungsten Fabric(编者按:原文为Contrail,其开源版已更名为Tungsten Fabric,本文出现Contrail之处均以Tungsten Fabric替换)之间有两个连接。
contrail-kube-manager和kube-api-server
Contrail CNI
此服务连接到kube-api-server以接收更新。然后,它会连接到Tungsten Fabric配置API服务器,来创建必要的配置(VM,VMI /端口,IP等),以将容器连接到overlay层。它还会将更新发送到kube-api-server。
每个node/minion上的Kubelet都使用CNI参数运行。启动容器时,kubelet调用CNI来建立网络。Contrail CNI连接到vRouter代理REST API:
1)获得必要的配置
2)将容器网络接口插入vRouter
Tungsten Fabric使用gateway连接overlay和underlay网络,以提供外部访问。我们需要使用gateway来支持Kubernetes的暴露服务和ingress功能。
必须在Tungsten Fabric中创建一个浮动IP池。
在/etc/contrailctl/kubemanager.conf中配置这个FIP池的FQ名称,以进行配置(provisioning)。
[KUBERNETES_VNC]public_fip_pool = {'domain': 'default-domain', 'project': 'default', 'network': 'public', 'name': 'public-fip-pool'}
在容器condir-kube-manager中,浮动IP池在/etc/contrail/contrail-kubernetes.conf中进行配置。
[VNC]public_fip_pool = {'domain': 'default-domain', 'project': 'default', 'network': 'public', 'name': 'public-fip-pool'}
在Kubernetes中公开service或创建ingress时,将从该池中分配一个FIP作为外部IP。
与Tungsten Fabric集成时,Kubernetes命名空间(namespace)可以映射到项目/租户(project/tenant)或虚拟网络。
如果有设置/etc/contrail/contrail-kubernetes.conf中的[KUBERNETES].cluster_project,它是单租户(single-tenant),Kubernetes命名空间将映射到Tungsten Fabric中的虚拟网络。所有非隔离命名空间都映射到默认虚拟网络“cluster-network”。而每个隔离命名空间都映射到一个单独的虚拟网络“-vn”。
这里有一个示例,说明在/etc/contrailctl/kubemanager.conf中设置[KUBERNETES].cluster_project以启用单租户的情形。
[KUBERNETES]cluster_project = {'domain': 'default-domain', 'project': 'kubernetes'}
以下是由Condir-kube-manager在初始化期间创建的。
Flat IPAM
IPAM
虚拟网络“cluster-network”的安全组k8s-default-default-default和k8s-default-default-sg
虚拟网络
(参见附录A.1)
创建一个非隔离的命名空间。
apiVersion: v1kind: Namespacemetadata: name: "dev-unisolated"
当Kubernetes创建一个非隔离命名空间时,Tungsten Fabric将创建两个SG,即k8s-default--sg和k8s-default--sg。这里不创建虚拟网络。所有非隔离的NS中的容器都将位于cluster-network上。
在非隔离命名空间中启动一个Pod。
apiVersion: v1kind: Podmetadata: name: nginx-1spec: containers: - name: nginx image: docker.io/nginx imagePullPolicy: IfNotPresentkubectl create -f nginx-1.yaml -n kubectl get pods -n
在非隔离命名空间中启动Pod时,Tungsten Fabric(contrail-kube-manager)将执行以下操作。
不同非隔离命名空间中的Pod可以相互连接,因为它们位于Tungsten Fabric中的同一虚拟网络上。
创建一个隔离的命名空间。
apiVersion: v1kind: Namespacemetadata: name: "dev-isolated" annotations: { "opencontrail.org/isolation" : "true" }
在Kubernetes中创建隔离命名空间时,Tungsten Fabric将创建以下内容。
在隔离命名空间中启动Pod时,Tungsten Fabric将执行以下操作。
由于端口位于不同的虚拟网络上,因此不同的隔离命名空间中的Pods无法相互连接。
如果未设置/etc/contrail/contrail-kubernetes.conf中的[KUBERNETES].cluster_project,它就是多租户,Kubernetes命名空间将映射到Tungsten Fabric中的租户/项目(tenant/project)。非隔离命名空间中的Pod在默认虚拟网络“cluster-network”上启动。而每个隔离命名空间都映射到一个单独的虚拟网络“-vn”。
在初始化时,contrail-kube-manager创建以下内容:
创建一个非隔离的命名空间。
apiVersion: v1kind: Namespacemetadata: name: "dev-unisolated"
Contrail-kube-manager将创建以下内容。
当在非隔离命名空间中启动Pod时,conventil-kube-manager将创建端口:
不同非隔离命名空间中的Pod可以相互连接,因为它们位于Tungsten Fabric中的同一虚拟网络上。
创建一个隔离的命名空间。
apiVersion: v1kind: Namespacemetadata: name: "dev-isolated" annotations: { "opencontrail.org/isolation" : "true" }
Contrail-cube-manager将创建以下内容。
当在非隔离命名空间中启动Pod时,conventil-kube-manager将创建端口。
由于端口位于不同的虚拟网络上,因此不同的隔离命名空间中的Pods无法相互连接。
创建一个自定义命名空间。
apiVersion: v1kind: Namespacemetadata: name: "dev-customized" annotations: { "opencontrail.org/network": '{"domain": "default-domain", "project": "demo", "name": "red"}' }
在自定义命名空间中启动Pod时,contrail-kube-manager将创建端口。
在指定的虚拟网络上启动Pod。
当在指定的虚拟网络上启动Pod时,conutil-kube-manager将创建端口。
Kubernetes网络策略将照常运行,它由Tungsten Fabric中的安全组实现。该版本将与4.0.1一起发布。
Tungsten Fabric支持该功能,可以在Tungsten Fabric中配置一个路由器(配置对象),使其成为启动容器的虚拟网络的外部网关。这与支持OpenStack的外部网关是一样的。
Kubernetes service支持ClusterIP,NodePort,LoadBalancer和ExternalName。它还支持使用ExternalIP指定IP。Tungsten Fabric支持ClusterIP和LoadBalancer,以及ExternalIP。
在Kubernetes中创建service时,Tungsten Fabric中会创建一个负载均衡器(loadbalancer)。负载均衡器的提供者为“native”,而ECMP负载均衡由vRouter实现。浮动IP被创建为VIP。
创建具有多个实例的应用程序。
apiVersion: v1kind: ReplicationControllermetadata: name: web-qaspec: replicas: 2 selector: app: web-qa template: metadata: name: web-qa labels: app: web-qa spec: containers: - name: web image: docker.io/nginx imagePullPolicy: IfNotPresent
在这些应用程序前面创建service。默认的service类型是ClusterIP。
kind: ServiceapiVersion: v1metadata: name: web-qaspec: selector: app: web-qa ports: - protocol: TCP port: 80 targetPort: 80
当service被创建后,conventil-kube-manager将执行以下操作。
当LB被创建后,“原生”LB驱动程序将执行以下操作。
当service类型为ClusterIP时,只能在集群内访问该service。FIP从集群网络(cluster-network)中的service FIP池中分配,并映射到所有的Pod地址。当访问集群内的service地址时,vRouter将在Pod之间平衡流量。
创建一个LoadBalancer类型的service。
kind: ServiceapiVersion: v1metadata: name: web-qaspec: selector: app: web-qa ports: - protocol: TCP port: 80 targetPort: 80 type: LoadBalancer
对于服务类型LoadBalancer,服务被暴露于外部。从服务FIP池中分配FIP,用于集群内的访问,同时从公共FIP池中分配FIP,映射到所有POD地址。该FIP将被通告给网关,网关将在POD之间进行ECMP负载均衡。
{ "fq_name": [ "default-domain", "kubernetes", "pod-ipam" ], "uuid": "c9641741-c785-456e-845b-a14a253c3572", "ipam_subnet_method": "flat-subnet", "parent_type": "project", "perms2": { "owner": "None", "owner_access": 7, "global_access": 0, "share": [] }, "ipam_subnets": { "subnets": [ { "subnet": { "ip_prefix": "10.32.0.0", "ip_prefix_len": 12 }, "dns_server_address": "10.47.255.253", "enable_dhcp": true, "created": null, "default_gateway": "10.47.255.254", "dns_nameservers": [], "dhcp_option_list": null, "subnet_uuid": null, "alloc_unit": 1, "last_modified": null, "host_routes": null, "addr_from_start": null, "subnet_name": null, "allocation_pools": [] } ] }, "id_perms": { "enable": true, "description": null, "creator": null, "created": "2017-12-27T18:45:33.957901", "uuid": { "uuid_mslong": 14511749470582293870, "uuid_lslong": 9537393975711511922 }, "user_visible": true, "last_modified": "2017-12-27T18:45:33.957901", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "display_name": "pod-ipam"}
{ "fq_name": [ "default-domain", "kubernetes", "service-ipam" ], "uuid": "526f554a-0bf4-47c6-a8e4-768a3f98cef4", "parent_type": "project", "perms2": { "owner": "None", "owner_access": 7, "global_access": 0, "share": [] }, "id_perms": { "enable": true, "description": null, "creator": null, "created": "2017-12-27T18:45:34.000690", "uuid": { "uuid_mslong": 5940060210041472966, "uuid_lslong": 12169982429206466292 }, "user_visible": true, "last_modified": "2017-12-27T18:45:34.000690", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "display_name": "service-ipam"}
k8s-default-dev-share-default
{ "fq_name": [ "default-domain", "kubernetes", "k8s-default-dev-share-default" ], "uuid": "ad29de07-5ef6-4f55-86bb-52c44827c09d", "parent_type": "project", "perms2": { "owner": "46c31b9b-d21c-4c27-9445-6c94db948b6d", "owner_access": 7, "global_access": 0, "share": [] }, "security_group_id": 8000010, "id_perms": { "enable": true, "description": "Default security group", "creator": null, "created": "2018-01-12T09:02:15.110429", "uuid": { "uuid_mslong": 12477748365846007637, "uuid_lslong": 9708444424704868509 }, "user_visible": true, "last_modified": "2018-01-12T15:45:08.899388", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "security_group_entries": { "policy_rule": [ { "direction": ">", "protocol": "any", "dst_addresses": [ { "security_group": "local", "subnet": null, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "action_list": null, "created": null, "rule_uuid": "dc13bb48-e2a7-4c59-a0b8-740ecfcb9a2c", "dst_ports": [ { "end_port": 65535, "start_port": 0 } ], "application": [], "last_modified": null, "ethertype": "IPv4", "src_addresses": [ { "security_group": null, "subnet": { "ip_prefix": "0.0.0.0", "ip_prefix_len": 0 }, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "rule_sequence": null, "src_ports": [ { "end_port": 65535, "start_port": 0 } ] }, { "direction": ">", "protocol": "any", "dst_addresses": [ { "security_group": "local", "subnet": null, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "action_list": null, "created": null, "rule_uuid": "a84e2d98-2b8f-45ba-aa75-88494da73b11", "dst_ports": [ { "end_port": 65535, "start_port": 0 } ], "application": [], "last_modified": null, "ethertype": "IPv6", "src_addresses": [ { "security_group": null, "subnet": { "ip_prefix": "::", "ip_prefix_len": 0 }, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "rule_sequence": null, "src_ports": [ { "end_port": 65535, "start_port": 0 } ] }, { "direction": ">", "protocol": "any", "dst_addresses": [ { "security_group": null, "subnet": { "ip_prefix": "0.0.0.0", "ip_prefix_len": 0 }, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "action_list": null, "created": null, "rule_uuid": "b7752ec1-6037-4c7f-97a9-291893fbed64", "dst_ports": [ { "end_port": 65535, "start_port": 0 } ], "application": [], "last_modified": null, "ethertype": "IPv4", "src_addresses": [ { "security_group": "local", "subnet": null, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "rule_sequence": null, "src_ports": [ { "end_port": 65535, "start_port": 0 } ] }, { "direction": ">", "protocol": "any", "dst_addresses": [ { "security_group": null, "subnet": { "ip_prefix": "::", "ip_prefix_len": 0 }, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "action_list": null, "created": null, "rule_uuid": "ea5cd2a8-2d47-47c4-a9ab-390de2317246", "dst_ports": [ { "end_port": 65535, "start_port": 0 } ], "application": [], "last_modified": null, "ethertype": "IPv6", "src_addresses": [ { "security_group": "local", "subnet": null, "virtual_network": null, "subnet_list": [], "network_policy": null } ], "rule_sequence": null, "src_ports": [ { "end_port": 65535, "start_port": 0 } ] } ] }, "annotations": { "key_value_pair": [ { "key": "namespace", "value": "dev-share" }, { "key": "cluster", "value": "k8s-default" }, { "key": "kind", "value": "Namespace" }, { "key": "project", "value": "kubernetes" }, { "key": "name", "value": "k8s-default-dev-share-default" }, { "key": "owner", "value": "k8s" } ] }, "display_name": "k8s-default-dev-share-default"}
k8s-default-dev-share-sg
{ "fq_name": [ "default-domain", "kubernetes", "k8s-default-dev-share-sg" ], "uuid": "791f1c7e-a66e-4c47-ba05-409f00ee2c8e", "parent_type": "project", "perms2": { "owner": "46c31b9b-d21c-4c27-9445-6c94db948b6d", "owner_access": 7, "global_access": 0, "share": [] }, "security_group_id": 8000017, "id_perms": { "enable": true, "description": "Namespace security group", "creator": null, "created": "2018-01-12T09:02:15.236401", "uuid": { "uuid_mslong": 8727725933151013959, "uuid_lslong": 13404190917597736078 }, "user_visible": true, "last_modified": "2018-01-12T09:02:15.275407", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "display_name": "k8s-default-dev-share-sg", "annotations": { "key_value_pair": [ { "key": "namespace", "value": "dev-share" }, { "key": "cluster", "value": "k8s-default" }, { "key": "kind", "value": "Namespace" }, { "key": "project", "value": "kubernetes" }, { "key": "name", "value": "k8s-default-dev-share-sg" }, { "key": "owner", "value": "k8s" } ] }}
{ "virtual_network_properties": { "forwarding_mode": "l3", "allow_transit": null, "network_id": null, "mirror_destination": false, "vxlan_network_identifier": null, "rpf": null }, "fq_name": [ "default-domain", "kubernetes", "cluster-network" ], "uuid": "1b9f7f74-17f0-493a-9108-729f91b43598", "address_allocation_mode": "user-defined-subnet-only", "mac_aging_time": 300, "parent_type": "project", "perms2": { "owner": "None", "owner_access": 7, "global_access": 0, "share": [] }, "display_name": "cluster-network", "pbb_e_enable": false, "mac_learning_enabled": false, "id_perms": { "enable": true, "description": null, "creator": null, "created": "2017-12-27T18:45:34.062865", "uuid": { "uuid_mslong": 1990449696915605818, "uuid_lslong": 10450728964983109016 }, "user_visible": true, "last_modified": "2017-12-29T10:29:20.685414", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "flood_unknown_unicast": false, "layer2_control_word": false, "port_security_enabled": true, "network_ipam_refs": [ { "to": [ "default-domain", "kubernetes", "service-ipam" ], "href": "http://127.0.0.1:8082/network-ipam/526f554a-0bf4-47c6-a8e4-768a3f98cef4", "attr": { "ipam_subnets": [ { "subnet": { "ip_prefix": "10.167.0.0", "ip_prefix_len": 16 }, "dns_server_address": "10.167.255.253", "enable_dhcp": true, "created": null, "default_gateway": "10.167.255.254", "dns_nameservers": [], "dhcp_option_list": null, "subnet_uuid": "10a8de65-9de8-419b-b14c-180bf2ab3dc9", "alloc_unit": 1, "last_modified": null, "host_routes": null, "addr_from_start": null, "subnet_name": null, "allocation_pools": [] } ], "host_routes": null }, "uuid": "526f554a-0bf4-47c6-a8e4-768a3f98cef4" }, { "to": [ "default-domain", "kubernetes", "pod-ipam" ], "href": "http://127.0.0.1:8082/network-ipam/c9641741-c785-456e-845b-a14a253c3572", "attr": { "ipam_subnets": [ { "subnet": null, "dns_server_address": null, "enable_dhcp": true, "created": null, "default_gateway": null, "dns_nameservers": [], "dhcp_option_list": null, "subnet_uuid": "d2b090ce-cbcc-4b00-b50a-cc1ed5468b00", "alloc_unit": 1, "last_modified": null, "host_routes": null, "addr_from_start": null, "subnet_name": null, "allocation_pools": [] } ], "host_routes": null }, "uuid": "c9641741-c785-456e-845b-a14a253c3572" } ], "pbb_etree_enable": false, "virtual_network_network_id": 5}
{ "virtual_network_properties": { "forwarding_mode": "l3", "allow_transit": null, "network_id": null, "mirror_destination": false, "vxlan_network_identifier": null, "rpf": null }, "fq_name": [ "default-domain", "kubernetes", "dev-vn" ], "uuid": "ce01826b-e3e6-407f-8798-80612018e89c", "address_allocation_mode": "flat-subnet-only", "mac_aging_time": 300, "parent_type": "project", "perms2": { "owner": "None", "owner_access": 7, "global_access": 0, "share": [] }, "display_name": "dev-vn", "pbb_e_enable": false, "mac_learning_enabled": false, "id_perms": { "enable": true, "description": null, "creator": null, "created": "2018-01-09T11:40:06.196335", "uuid": { "uuid_mslong": 14844289246686494847, "uuid_lslong": 9770700546218977436 }, "user_visible": true, "last_modified": "2018-01-09T12:18:55.796399", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "flood_unknown_unicast": false, "layer2_control_word": false, "port_security_enabled": true, "network_ipam_refs": [ { "to": [ "default-domain", "kubernetes", "pod-ipam" ], "href": "http://127.0.0.1:8082/network-ipam/c9641741-c785-456e-845b-a14a253c3572", "attr": { "ipam_subnets": [ { "subnet": null, "dns_server_address": null, "enable_dhcp": true, "created": null, "default_gateway": null, "dns_nameservers": [], "dhcp_option_list": null, "subnet_uuid": "48ed8235-efcd-44a1-998c-659e4f5840f4", "alloc_unit": 1, "last_modified": null, "host_routes": null, "addr_from_start": null, "subnet_name": null, "allocation_pools": [] } ], "host_routes": null }, "uuid": "c9641741-c785-456e-845b-a14a253c3572" } ], "annotations": { "key_value_pair": [ { "key": "cluster", "value": "k8s-default" }, { "key": "kind", "value": "Namespace" }, { "key": "namespace", "value": "dev" }, { "key": "isolated", "value": "True" }, { "key": "project", "value": "kubernetes" }, { "key": "name", "value": "dev" }, { "key": "owner", "value": "k8s" } ] }, "pbb_etree_enable": false, "virtual_network_network_id": 11}
非隔离端口
{ "fq_name": [ "default-domain", "kubernetes", "dev-web-k528t__5a1fc03e-f7ab-11e7-8f66-52540065dced" ], "virtual_machine_interface_mac_addresses": { "mac_address": [ "02:5a:1f:c0:3e:f7" ] }, "display_name": "dev-share__dev-web-k528t", "security_group_refs": [ { "to": [ "default-domain", "kubernetes", "k8s-default-dev-share-default" ], "href": "http://127.0.0.1:8082/security-group/ad29de07-5ef6-4f55-86bb-52c44827c09d", "attr": null, "uuid": "ad29de07-5ef6-4f55-86bb-52c44827c09d" }, { "to": [ "default-domain", "kubernetes", "k8s-default-dev-share-sg" ], "href": "http://127.0.0.1:8082/security-group/791f1c7e-a66e-4c47-ba05-409f00ee2c8e", "attr": null, "uuid": "791f1c7e-a66e-4c47-ba05-409f00ee2c8e" } ], "routing_instance_refs": [ { "to": [ "default-domain", "kubernetes", "cluster-network", "cluster-network" ], "href": "http://127.0.0.1:8082/routing-instance/5ed7608a-28bb-4735-a8d8-2e9132b03d62", "attr": { "direction": "both", "protocol": null, "ipv6_service_chain_address": null, "dst_mac": null, "mpls_label": null, "vlan_tag": null, "src_mac": null, "service_chain_address": null }, "uuid": "5ed7608a-28bb-4735-a8d8-2e9132b03d62" } ], "virtual_machine_interface_disable_policy": false, "parent_type": "project", "perms2": { "owner": "None", "owner_access": 7, "global_access": 0, "share": [] }, "virtual_network_refs": [ { "to": [ "default-domain", "kubernetes", "cluster-network" ], "href": "http://127.0.0.1:8082/virtual-network/1b9f7f74-17f0-493a-9108-729f91b43598", "attr": null, "uuid": "1b9f7f74-17f0-493a-9108-729f91b43598" } ], "id_perms": { "enable": true, "description": null, "creator": null, "created": "2018-01-12T15:14:58.189964", "uuid": { "uuid_mslong": 6494120564367233511, "uuid_lslong": 10333036915785587949 }, "user_visible": true, "last_modified": "2018-01-12T15:14:58.253769", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "virtual_machine_refs": [ { "to": [ "dev-web-k528t__708154c6-f7ab-11e7-a9df-98f2b3a36be0" ], "href": "http://127.0.0.1:8082/virtual-machine/708154c6-f7ab-11e7-a9df-98f2b3a36be0", "attr": null, "uuid": "708154c6-f7ab-11e7-a9df-98f2b3a36be0" } ], "vlan_tag_based_bridge_domain": false, "port_security_enabled": true, "annotations": { "key_value_pair": [ { "key": "cluster", "value": "k8s-default" }, { "key": "kind", "value": "Pod" }, { "key": "namespace", "value": "dev-share" }, { "key": "project", "value": "kubernetes" }, { "key": "name", "value": "dev-web-k528t" }, { "key": "owner", "value": "k8s" } ] }, "uuid": "5a1fc03e-f7ab-11e7-8f66-52540065dced"}
IP实例
{ "fq_name": [ "dev-web-k528t__5a2f9cde-f7ab-11e7-8f66-52540065dced" ], "uuid": "5a2f9cde-f7ab-11e7-8f66-52540065dced", "service_health_check_ip": false, "instance_ip_address": "10.47.255.251", "perms2": { "owner": "cloud-admin", "owner_access": 7, "global_access": 0, "share": [] }, "annotations": { "key_value_pair": [ { "key": "cluster", "value": "k8s-default" }, { "key": "kind", "value": "Pod" }, { "key": "namespace", "value": "dev-share" }, { "key": "project", "value": "kubernetes" }, { "key": "name", "value": "dev-web-k528t" }, { "key": "owner", "value": "k8s" } ] }, "subnet_uuid": "d2b090ce-cbcc-4b00-b50a-cc1ed5468b00", "id_perms": { "enable": true, "description": null, "creator": null, "created": "2018-01-12T15:14:58.323069", "uuid": { "uuid_mslong": 6498585268770771431, "uuid_lslong": 10333036915785587949 }, "user_visible": true, "last_modified": "2018-01-12T15:14:58.363792", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "virtual_machine_interface_refs": [ { "to": [ "default-domain", "kubernetes", "dev-web-k528t__5a1fc03e-f7ab-11e7-8f66-52540065dced" ], "href": "http://127.0.0.1:8082/virtual-machine-interface/5a1fc03e-f7ab-11e7-8f66-52540065dced", "attr": null, "uuid": "5a1fc03e-f7ab-11e7-8f66-52540065dced" } ], "service_instance_ip": false, "instance_ip_local_ip": false, "virtual_network_refs": [ { "to": [ "default-domain", "kubernetes", "cluster-network" ], "href": "http://127.0.0.1:8082/virtual-network/1b9f7f74-17f0-493a-9108-729f91b43598", "attr": null, "uuid": "1b9f7f74-17f0-493a-9108-729f91b43598" } ], "instance_ip_secondary": false, "display_name": "dev-share__dev-web-k528t"}
隔离端口
{ "fq_name": [ "default-domain", "kubernetes", "dev-client__c64b3b12-f7b5-11e7-8f66-52540065dced" ], "virtual_machine_interface_mac_addresses": { "mac_address": [ "02:c6:4b:3b:12:f7" ] }, "display_name": "dev__dev-client", "security_group_refs": [ { "to": [ "default-domain", "kubernetes", "k8s-default-dev-sg" ], "href": "http://127.0.0.1:8082/security-group/579019d5-038e-4901-b6ab-ed146022dd70", "attr": null, "uuid": "579019d5-038e-4901-b6ab-ed146022dd70" }, { "to": [ "default-domain", "kubernetes", "k8s-default-dev-default" ], "href": "http://127.0.0.1:8082/security-group/e43caf6e-6b35-40c3-b336-83c155078efe", "attr": null, "uuid": "e43caf6e-6b35-40c3-b336-83c155078efe" } ], "routing_instance_refs": [ { "to": [ "default-domain", "kubernetes", "dev-vn", "dev-vn" ], "href": "http://127.0.0.1:8082/routing-instance/45173786-a1b4-4c75-8ef0-590de67d2d05", "attr": { "direction": "both", "protocol": null, "ipv6_service_chain_address": null, "dst_mac": null, "mpls_label": null, "vlan_tag": null, "src_mac": null, "service_chain_address": null }, "uuid": "45173786-a1b4-4c75-8ef0-590de67d2d05" } ], "virtual_machine_interface_disable_policy": false, "parent_type": "project", "perms2": { "owner": "None", "owner_access": 7, "global_access": 0, "share": [] }, "virtual_network_refs": [ { "to": [ "default-domain", "kubernetes", "dev-vn" ], "href": "http://127.0.0.1:8082/virtual-network/ce01826b-e3e6-407f-8798-80612018e89c", "attr": null, "uuid": "ce01826b-e3e6-407f-8798-80612018e89c" } ], "id_perms": { "enable": true, "description": null, "creator": null, "created": "2018-01-12T16:29:34.640295", "uuid": { "uuid_mslong": 14288579195414319591, "uuid_lslong": 10333036915785587949 }, "user_visible": true, "last_modified": "2018-01-12T16:29:34.708511", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "virtual_machine_refs": [ { "to": [ "dev-client__c64878a1-f7b5-11e7-9dbb-98f2b3a33b90" ], "href": "http://127.0.0.1:8082/virtual-machine/c64878a1-f7b5-11e7-9dbb-98f2b3a33b90", "attr": null, "uuid": "c64878a1-f7b5-11e7-9dbb-98f2b3a33b90" } ], "vlan_tag_based_bridge_domain": false, "port_security_enabled": true, "annotations": { "key_value_pair": [ { "key": "cluster", "value": "k8s-default" }, { "key": "kind", "value": "Pod" }, { "key": "namespace", "value": "dev" }, { "key": "project", "value": "kubernetes" }, { "key": "name", "value": "dev-client" }, { "key": "owner", "value": "k8s" } ] }, "uuid": "c64b3b12-f7b5-11e7-8f66-52540065dced"}{ "fq_name": [ "dev-client__c65c2a12-f7b5-11e7-8f66-52540065dced" ], "uuid": "c65c2a12-f7b5-11e7-8f66-52540065dced", "service_health_check_ip": false, "instance_ip_address": "10.47.255.250", "perms2": { "owner": "cloud-admin", "owner_access": 7, "global_access": 0, "share": [] }, "annotations": { "key_value_pair": [ { "key": "cluster", "value": "k8s-default" }, { "key": "kind", "value": "Pod" }, { "key": "namespace", "value": "dev" }, { "key": "project", "value": "kubernetes" }, { "key": "name", "value": "dev-client" }, { "key": "owner", "value": "k8s" } ] }, "subnet_uuid": "4b421367-165a-4555-80ab-2cff90cb9401", "id_perms": { "enable": true, "description": null, "creator": null, "created": "2018-01-12T16:29:34.763793", "uuid": { "uuid_mslong": 14293345578320728551, "uuid_lslong": 10333036915785587949 }, "user_visible": true, "last_modified": "2018-01-12T16:29:34.810063", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "virtual_machine_interface_refs": [ { "to": [ "default-domain", "kubernetes", "dev-client__c64b3b12-f7b5-11e7-8f66-52540065dced" ], "href": "http://127.0.0.1:8082/virtual-machine-interface/c64b3b12-f7b5-11e7-8f66-52540065dced", "attr": null, "uuid": "c64b3b12-f7b5-11e7-8f66-52540065dced" } ], "service_instance_ip": false, "instance_ip_local_ip": false, "virtual_network_refs": [ { "to": [ "default-domain", "kubernetes", "dev-vn" ], "href": "http://127.0.0.1:8082/virtual-network/ce01826b-e3e6-407f-8798-80612018e89c", "attr": null, "uuid": "ce01826b-e3e6-407f-8798-80612018e89c" } ], "instance_ip_secondary": false, "display_name": "dev__dev-client"}
B.1 LB VMI
{ "fq_name": [ "default-domain", "kubernetes", "svc-dev-web__20c27603-2d0f-45f5-9647-defe4adaba9a" ], "virtual_machine_interface_mac_addresses": { "mac_address": [ "02:20:c2:76:03:2d" ] }, "display_name": "dev-share__svc-dev-web", "security_group_refs": [ { "to": [ "default-domain", "kubernetes", "k8s-default-dev-share-sg" ], "href": "http://127.0.0.1:8082/security-group/791f1c7e-a66e-4c47-ba05-409f00ee2c8e", "attr": null, "uuid": "791f1c7e-a66e-4c47-ba05-409f00ee2c8e" }, { "to": [ "default-domain", "kubernetes", "k8s-default-dev-share-default" ], "href": "http://127.0.0.1:8082/security-group/ad29de07-5ef6-4f55-86bb-52c44827c09d", "attr": null, "uuid": "ad29de07-5ef6-4f55-86bb-52c44827c09d" } ], "routing_instance_refs": [ { "to": [ "default-domain", "kubernetes", "cluster-network", "cluster-network" ], "href": "http://127.0.0.1:8082/routing-instance/5ed7608a-28bb-4735-a8d8-2e9132b03d62", "attr": { "direction": "both", "protocol": null, "ipv6_service_chain_address": null, "dst_mac": null, "mpls_label": null, "vlan_tag": null, "src_mac": null, "service_chain_address": null }, "uuid": "5ed7608a-28bb-4735-a8d8-2e9132b03d62" } ], "virtual_machine_interface_disable_policy": false, "parent_type": "project", "perms2": { "owner": "None", "owner_access": 7, "global_access": 0, "share": [] }, "virtual_network_refs": [ { "to": [ "default-domain", "kubernetes", "cluster-network" ], "href": "http://127.0.0.1:8082/virtual-network/1b9f7f74-17f0-493a-9108-729f91b43598", "attr": null, "uuid": "1b9f7f74-17f0-493a-9108-729f91b43598" } ], "id_perms": { "enable": true, "description": null, "creator": null, "created": "2018-01-12T15:21:05.324801", "uuid": { "uuid_mslong": 2360578910708516341, "uuid_lslong": 10828869012794555034 }, "user_visible": true, "last_modified": "2018-01-12T15:21:05.365345", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "vlan_tag_based_bridge_domain": false, "virtual_machine_interface_device_owner": "K8S:LOADBALANCER", "port_security_enabled": true, "uuid": "20c27603-2d0f-45f5-9647-defe4adaba9a"}
B.2 LB IP实例和浮动IP
IP实例
{ "fq_name": [ "svc-dev-web__ff9782ea-f79d-423e-af9e-cde45ef847f2" ], "uuid": "ff9782ea-f79d-423e-af9e-cde45ef847f2", "service_health_check_ip": false, "instance_ip_address": "10.167.87.84", "perms2": { "owner": "cloud-admin", "owner_access": 7, "global_access": 0, "share": [] }, "virtual_network_refs": [ { "to": [ "default-domain", "kubernetes", "cluster-network" ], "href": "http://127.0.0.1:8082/virtual-network/1b9f7f74-17f0-493a-9108-729f91b43598", "attr": null, "uuid": "1b9f7f74-17f0-493a-9108-729f91b43598" } ], "id_perms": { "enable": true, "description": null, "creator": null, "created": "2018-01-12T15:21:05.433006", "uuid": { "uuid_mslong": 18417333146843169342, "uuid_lslong": 12654778383687239666 }, "user_visible": true, "last_modified": "2018-01-12T15:21:05.433006", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "virtual_machine_interface_refs": [ { "to": [ "default-domain", "kubernetes", "svc-dev-web__20c27603-2d0f-45f5-9647-defe4adaba9a" ], "href": "http://127.0.0.1:8082/virtual-machine-interface/20c27603-2d0f-45f5-9647-defe4adaba9a", "attr": null, "uuid": "20c27603-2d0f-45f5-9647-defe4adaba9a" } ], "service_instance_ip": false, "instance_ip_local_ip": false, "instance_ip_secondary": false, "display_name": "svc-dev-web"}
Floating IP
{ "project_refs": [ { "to": [ "default-domain", "kubernetes" ], "href": "http://127.0.0.1:8082/project/46c31b9b-d21c-4c27-9445-6c94db948b6d", "attr": null, "uuid": "46c31b9b-d21c-4c27-9445-6c94db948b6d" } ], "fq_name": [ "svc-dev-web__ff9782ea-f79d-423e-af9e-cde45ef847f2", "dee62bd0-ed5a-4ac5-b7d7-dc6f329cdba7" ], "uuid": "dee62bd0-ed5a-4ac5-b7d7-dc6f329cdba7", "floating_ip_port_mappings": { "port_mappings": [ { "protocol": "TCP", "src_port": 80, "dst_port": 80 } ] }, "parent_type": "instance-ip", "perms2": { "owner": "cloud-admin", "owner_access": 7, "global_access": 0, "share": [] }, "id_perms": { "enable": true, "description": null, "creator": null, "created": "2018-01-12T15:21:05.562790", "uuid": { "uuid_mslong": 16061573297398762181, "uuid_lslong": 13247299199082224551 }, "user_visible": true, "last_modified": "2018-01-12T15:21:06.073466", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "floating_ip_address": "10.167.87.84", "virtual_machine_interface_refs": [ { "to": [ "default-domain", "kubernetes", "dev-web-669n0__59f3d2a8-f7ab-11e7-8f66-52540065dced" ], "href": "http://127.0.0.1:8082/virtual-machine-interface/59f3d2a8-f7ab-11e7-8f66-52540065dced", "attr": null, "uuid": "59f3d2a8-f7ab-11e7-8f66-52540065dced" }, { "to": [ "default-domain", "kubernetes", "dev-web-k528t__5a1fc03e-f7ab-11e7-8f66-52540065dced" ], "href": "http://127.0.0.1:8082/virtual-machine-interface/5a1fc03e-f7ab-11e7-8f66-52540065dced", "attr": null, "uuid": "5a1fc03e-f7ab-11e7-8f66-52540065dced" } ], "floating_ip_port_mappings_enable": true, "display_name": "dee62bd0-ed5a-4ac5-b7d7-dc6f329cdba7", "floating_ip_traffic_direction": "ingress"}
B.3 LB
Loadbalancer
{ "fq_name": [ "default-domain", "kubernetes", "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90" ], "uuid": "34f826d8-f7ac-11e7-9dbb-98f2b3a33b90", "service_appliance_set_refs": [ { "to": [ "default-global-system-config", "native" ], "href": "http://127.0.0.1:8082/service-appliance-set/d5cf94dd-6556-40fc-b3dd-0020dacf7cfc", "attr": null, "uuid": "d5cf94dd-6556-40fc-b3dd-0020dacf7cfc" } ], "parent_type": "project", "perms2": { "owner": "None", "owner_access": 7, "global_access": 0, "share": [] }, "loadbalancer_properties": { "status": null, "provisioning_status": "ACTIVE", "admin_state": true, "vip_address": "10.167.87.84", "vip_subnet_id": null, "operating_status": "ONLINE" }, "id_perms": { "enable": true, "description": null, "creator": null, "created": "2018-01-12T15:21:05.486093", "uuid": { "uuid_mslong": 3816843397506535911, "uuid_lslong": 11365846252762905488 }, "user_visible": true, "last_modified": "2018-01-12T15:21:05.514920", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "virtual_machine_interface_refs": [ { "to": [ "default-domain", "kubernetes", "svc-dev-web__20c27603-2d0f-45f5-9647-defe4adaba9a" ], "href": "http://127.0.0.1:8082/virtual-machine-interface/20c27603-2d0f-45f5-9647-defe4adaba9a", "attr": null, "uuid": "20c27603-2d0f-45f5-9647-defe4adaba9a" } ], "display_name": "dev-share__svc-dev-web", "loadbalancer_provider": "native", "annotations": { "key_value_pair": [ { "key": "cluster", "value": "k8s-default" }, { "key": "kind", "value": "Service" }, { "key": "namespace", "value": "dev-share" }, { "key": "project", "value": "kubernetes" }, { "key": "name", "value": "svc-dev-web" }, { "key": "owner", "value": "k8s" } ] }}
LB Listener
{ "loadbalancer_listener_properties": { "default_tls_container": null, "protocol": "TCP", "connection_limit": null, "admin_state": true, "sni_containers": [], "protocol_port": 80 }, "fq_name": [ "default-domain", "kubernetes", "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90-TCP-80-331d4fc1-7e80-47a7-a6a0-6cef54c37b6c" ], "uuid": "331d4fc1-7e80-47a7-a6a0-6cef54c37b6c", "parent_type": "project", "perms2": { "owner": "None", "owner_access": 7, "global_access": 0, "share": [] }, "id_perms": { "enable": true, "description": null, "creator": null, "created": "2018-01-12T15:21:05.564006", "uuid": { "uuid_mslong": 3683187762728552359, "uuid_lslong": 12006716381744823148 }, "user_visible": true, "last_modified": "2018-01-12T15:21:05.564006", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "loadbalancer_refs": [ { "to": [ "default-domain", "kubernetes", "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90" ], "href": "http://127.0.0.1:8082/loadbalancer/34f826d8-f7ac-11e7-9dbb-98f2b3a33b90", "attr": null, "uuid": "34f826d8-f7ac-11e7-9dbb-98f2b3a33b90" } ], "display_name": "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90-TCP-80-331d4fc1-7e80-47a7-a6a0-6cef54c37b6c"}
LB Pool
{ "fq_name": [ "default-domain", "kubernetes", "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90-TCP-80-331d4fc1-7e80-47a7-a6a0-6cef54c37b6c" ], "uuid": "3ed542dc-cbc5-4b47-aeb7-c35f8443a672", "parent_type": "project", "perms2": { "owner": "None", "owner_access": 7, "global_access": 0, "share": [] }, "loadbalancer_listener_refs": [ { "to": [ "default-domain", "kubernetes", "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90-TCP-80-331d4fc1-7e80-47a7-a6a0-6cef54c37b6c" ], "href": "http://127.0.0.1:8082/loadbalancer-listener/331d4fc1-7e80-47a7-a6a0-6cef54c37b6c", "attr": null, "uuid": "331d4fc1-7e80-47a7-a6a0-6cef54c37b6c" } ], "id_perms": { "enable": true, "description": null, "creator": null, "created": "2018-01-12T15:21:05.646375", "uuid": { "uuid_mslong": 4527598516469844807, "uuid_lslong": 12589746098345846386 }, "user_visible": true, "last_modified": "2018-01-12T15:21:05.646375", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "loadbalancer_pool_properties": { "status": null, "protocol": "TCP", "subnet_id": null, "session_persistence": null, "admin_state": true, "persistence_cookie_name": null, "status_description": null, "loadbalancer_method": null }, "display_name": "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90-TCP-80-331d4fc1-7e80-47a7-a6a0-6cef54c37b6c"}
LB Member
{ "fq_name": [ "default-domain", "kubernetes", "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90-TCP-80-331d4fc1-7e80-47a7-a6a0-6cef54c37b6c", "53d85c7f-6b13-482e-8706-92142bfa2543" ], "uuid": "53d85c7f-6b13-482e-8706-92142bfa2543", "parent_type": "loadbalancer-pool", "perms2": { "owner": "None", "owner_access": 7, "global_access": 0, "share": [] }, "id_perms": { "enable": true, "description": null, "creator": null, "created": "2018-01-12T15:21:05.811773", "uuid": { "uuid_mslong": 6041680602444548142, "uuid_lslong": 9729624660315350339 }, "user_visible": true, "last_modified": "2018-01-12T15:21:05.830431", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "display_name": "53d85c7f-6b13-482e-8706-92142bfa2543", "loadbalancer_member_properties": { "status": null, "status_description": null, "weight": 1, "admin_state": true, "address": null, "protocol_port": 80 }, "annotations": { "key_value_pair": [ { "key": "vm", "value": "708154c6-f7ab-11e7-a9df-98f2b3a36be0" }, { "key": "vmi", "value": "5a1fc03e-f7ab-11e7-8f66-52540065dced" } ] }}
B.4 外部FIP
{ "project_refs": [ { "to": [ "default-domain", "kubernetes" ], "href": "http://127.0.0.1:8082/project/46c31b9b-d21c-4c27-9445-6c94db948b6d", "attr": null, "uuid": "46c31b9b-d21c-4c27-9445-6c94db948b6d" } ], "fq_name": [ "default-domain", "kubernetes", "BGP", "BGP", "svc-dev-web__1526aa69-f7bf-11e7-9dbb-98f2b3a33b90120.136.134.67-externalIP" ], "uuid": "ac091da2-28d7-467f-bd49-10edb2885219", "floating_ip_port_mappings": { "port_mappings": [ { "protocol": "TCP", "src_port": 80, "dst_port": 80 } ] }, "parent_type": "floating-ip-pool", "perms2": { "owner": "None", "owner_access": 7, "global_access": 0, "share": [] }, "id_perms": { "enable": true, "description": null, "creator": null, "created": "2018-01-12T17:36:13.280888", "uuid": { "uuid_mslong": 12396472031621105279, "uuid_lslong": 13639451559556829721 }, "user_visible": true, "last_modified": "2018-01-12T17:36:13.424379", "permissions": { "owner": "cloud-admin", "owner_access": 7, "other_access": 7, "group": "cloud-admin-group", "group_access": 7 } }, "floating_ip_address": "120.136.134.67", "virtual_machine_interface_refs": [ { "to": [ "default-domain", "kubernetes", "dev-web-669n0__59f3d2a8-f7ab-11e7-8f66-52540065dced" ], "href": "http://127.0.0.1:8082/virtual-machine-interface/59f3d2a8-f7ab-11e7-8f66-52540065dced", "attr": null, "uuid": "59f3d2a8-f7ab-11e7-8f66-52540065dced" }, { "to": [ "default-domain", "kubernetes", "svc-dev-web__78f5adca-cbfe-422a-810c-bb3be9c15589" ], "href": "http://127.0.0.1:8082/virtual-machine-interface/78f5adca-cbfe-422a-810c-bb3be9c15589", "attr": null, "uuid": "78f5adca-cbfe-422a-810c-bb3be9c15589" }, { "to": [ "default-domain", "kubernetes", "dev-web-k528t__5a1fc03e-f7ab-11e7-8f66-52540065dced" ], "href": "http://127.0.0.1:8082/virtual-machine-interface/5a1fc03e-f7ab-11e7-8f66-52540065dced", "attr": null, "uuid": "5a1fc03e-f7ab-11e7-8f66-52540065dced" } ], "floating_ip_port_mappings_enable": true, "display_name": "svc-dev-web__1526aa69-f7bf-11e7-9dbb-98f2b3a33b90120.136.134.67-externalIP", "floating_ip_traffic_direction": "ingress"}
Tungsten Fabric解决方案指南-Gateway MX
“Tungsten Fabric+K8s集成指南”系列文章——
第一篇:部署准备与初始状态
第二篇:创建虚拟网络
第三篇:创建安全策略
第四篇:创建隔离命名空间
“Tungsten Fabric+K8s轻松上手”系列文章——
第一篇:TF Carbide 评估指南–准备篇
第二篇:通过Kubernetes的服务进行基本应用程序连接
第三篇:通过Kubernetes Ingress进行高级外部应用程序连接
第四篇:通过Kubernetes命名空间实现初步的应用程序隔离
第五篇:通过Kubernetes网络策略进行应用程序微分段