-
Notifications
You must be signed in to change notification settings - Fork 431
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add doc for gateway pod in default vpc
- Loading branch information
1 parent
e8ddfa5
commit 0192a9a
Showing
1 changed file
with
103 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,103 @@ | ||
|
|
||
| Kube-OVN has supported the implementation of VPC. The detailed configuration can be referred to | ||
| [Vpc](https://github.com/kubeovn/kube-ovn/blob/master/docs/vpc.md). | ||
|
|
||
| A customized VPC can connect the Internet through the vpc-nat-gw pod. The default vpc can also be configured with a gateway, so that pod in customized vpc can visit the pod in default vpc. | ||
|
|
||
| The precondition should be matched in the environment: | ||
| 1. The multus-cni and macvlan cni should be installed, which is used for creating an attachment network for the gateway pod. | ||
| 2. The configmap of `ovn-vpc-nat-gw-config` in the kube-system namespace should have existed. It should be created if the configmap does not exist, which name is stable. | ||
|
|
||
| One detailed configuration for the configmap is as follows: | ||
|
|
||
| ```yaml | ||
| kind: ConfigMap | ||
| apiVersion: v1 | ||
| metadata: | ||
| name: ovn-vpc-nat-gw-config | ||
| namespace: kube-system | ||
| data: | ||
| image: 'kubeovn/vpc-nat-gateway:v1.9.0' # Docker image for vpc nat gateway | ||
| enable-vpc-nat-gw: true # 'true' for enable, 'false' for disable | ||
| nic: eth1 # The nic that connect to underlay network, use as the 'master' for macvlan | ||
| ``` | ||
|
|
||
| # Configuration for Default Vpc Gateway | ||
| ## Create Subnet | ||
| After the installation of Kube-OVN, the default vpc | ||
| `ovn-cluster` and the default subnet `ovn-default` had been created. The gateway pod for default vpc can be assigned an ip address from the default subnet, and also can be assigned an ip address from a new subnet. | ||
|
|
||
| It's an example to assign IP from a new subnet for the gateway pod. | ||
|
|
||
| Create subnet with yaml as follows | ||
|
|
||
| ``` | ||
| apiVersion: kubeovn.io/v1 | ||
| kind: Subnet | ||
| metadata: | ||
| name: test | ||
| spec: | ||
| cidrBlock: 192.100.0.0/16 | ||
| default: false | ||
| disableGatewayCheck: false | ||
| disableInterConnection: true | ||
| gatewayNode: "" | ||
| gatewayType: distributed | ||
| natOutgoing: false | ||
| private: false | ||
| protocol: IPv4 | ||
| provider: ovn | ||
| vpc: ovn-cluster | ||
| ``` | ||
|
|
||
| ## Create Gateway Pod | ||
| Create a vpc-nat-gw crd with yaml as follows, which will create a gateway pod for the default vpc. | ||
|
|
||
| ``` | ||
| apiVersion: kubeovn.io/v1 | ||
| kind: VpcNatGateway | ||
| metadata: | ||
| name: default | ||
| spec: | ||
| vpc: ovn-cluster # default vpc | ||
| subnet: test # assign ip from the subnet for gateway pod | ||
| lanIp: 192.100.10.10 # ip address for gateway pod | ||
| eips: | ||
| - eipCIDR: 172.18.0.12/16 # eip address for pod in the default vpc | ||
| gateway: 172.18.0.1 | ||
| - eipCIDR: 172.18.0.22/16 | ||
| gateway: 172.18.0.1 | ||
| ``` | ||
|
|
||
| After the vpc-nat-gw crd is created, a gateway pod will be created automatically in the kube-system namespace. | ||
|
|
||
| ``` | ||
| apple@appledeMacBook-Pro ovn-test % kubectl get pod -n kube-system | ||
| NAME READY STATUS RESTARTS AGE | ||
| coredns-f9fd979d6-dcppf 1/1 Running 0 4d18h | ||
| coredns-f9fd979d6-fg7rw 1/1 Running 0 4d18h | ||
| etcd-kube-ovn-control-plane 1/1 Running 0 4d18h | ||
| kube-apiserver-kube-ovn-control-plane 1/1 Running 0 4d18h | ||
| kube-controller-manager-kube-ovn-control-plane 1/1 Running 0 4d18h | ||
| kube-multus-ds-g782g 1/1 Running 0 22h | ||
| kube-multus-ds-knj7m 1/1 Running 0 22h | ||
| kube-ovn-cni-2q6b9 1/1 Running 0 4d18h | ||
| kube-ovn-cni-6x7jl 1/1 Running 0 4d18h | ||
| kube-ovn-controller-7658c87bd-kdwd8 1/1 Running 0 4d18h | ||
| kube-ovn-monitor-5dc58b495c-xv5vz 1/1 Running 0 4d18h | ||
| kube-ovn-pinger-9mc6l 1/1 Running 0 4d18h | ||
| kube-ovn-pinger-xckxs 1/1 Running 0 4d18h | ||
| kube-proxy-7xk9j 1/1 Running 0 4d18h | ||
| kube-proxy-h9r6x 1/1 Running 0 4d18h | ||
| kube-scheduler-kube-ovn-control-plane 1/1 Running 0 4d18h | ||
| ovn-central-6b87fcd545-pt8hr 1/1 Running 0 4d18h | ||
| ovs-ovn-8nvj8 1/1 Running 0 4d18h | ||
| ovs-ovn-wffd2 1/1 Running 0 4d18h | ||
| vpc-nat-gw-default-cb7b9677f-q6sbg 1/1 Running 0 17h | ||
| apple@appledeMacBook-Pro ovn-test % | ||
| ``` | ||
|
|
||
| There's no need to add a custom route to the gateway pod in the default vpc. The subnet in the default vpc has added route when created. | ||
|
|
||
| To visit the pod in the default vpc, it's visiting the eip address configured in gateway pod in fact, which is the same as visit pod in customized vpc. |