分配4个C的子网,比如 172.22.132.0/22
其中大数据应用连接 mq, iptable做了限制,只允许指定IP访问, 所以需要从 172.22.132.0/22 切出子网
规划如下:
大数据网络: 172.22.135.0/25 使用IP126个
其他pod网络: 172.22.132.0/23 使用pod 512个
calicoctl create -f -<<EOF apiVersion: projectcalico.org/v3 kind: IPPool metadata: name: bgdata-receiver-ipv4pool spec: blockSize: 26 cidr: 172.22.135.0/25 ipipMode: Never nodeSelector: all() vxlanMode: Never natOutgoing: false EOF calicoctl create -f -<<EOF apiVersion: projectcalico.org/v3 kind: IPPool metadata: name: default-ipv4-ippool spec: blockSize: 26 cidr: 172.22.132.0/23 ipipMode: Never nodeSelector: all() vxlanMode: Never natOutgoing: false EOF
主要利用calico组件的两个kubernetes注解:
cni.projectcalico.org/ipAddrs
metadata: labels: app: testnginx annotations: "cni.projectcalico.org/ipAddrs": "["172.22.135.1"]"
cni.projectcalico.org/ipv4pools
对于deployment
[root@master1 ~]# cat nginx.yaml apiVersion: apps/v1 kind: Deployment metadata: name: testnginx spec: replicas: 1 selector: matchLabels: app: testnginx template: metadata: labels: app: testnginx annotations: "cni.projectcalico.org/ipv4pools": "["bgdata-receiver-ipv4pool"]" spec: containers: - image: 172.22.1.1/source/nginx:latest imagePullPolicy: Always name: testnginx ports: - containerPort: 80 name: testnginx protocol: TCP