需求: node1 node2 的 pod 都分配一个网段, node3 node4 的 pod 都分配一个网段
------------------- | router | ------------------- | | --------------- --------------- | rack-0 | | rack-1 | --------------- --------------- | kube-node-1 | | kube-node-3 | - - - - - - - - - - - - - - - - | kube-node-2 | | kube-node-4 | - - - - - - - - - - - - - - - -
使用pod 10.20.0.0/16
,我们的目标以下设置:保留10.20.1.0/24
和10.20.2.0/24
池的rack-0
,rack-1
通过calicoctl 命令 查看默认CIDR池, 并且删除
1. 删除默认IP池
calicoctl delete ippools default-ipv4-ippool
2. 对node节点打标记
设置label kubectl label node node1 rack=0 kubectl label node node2 rack=0 kubectl label node node3 rack=1 kubectl label node node3 rack=1
3. 为每个机架设置IP池
calicoctl create -f -<<EOF apiVersion: projectcalico.org/v3 kind: IPPool metadata: name: rack-0-ippool spec: cidr: 10.20.1.0/24 ipipMode: Always natOutgoing: true nodeSelector: rack == "0" EOF
calicoctl create -f -<<EOF apiVersion: projectcalico.org/v3 kind: IPPool metadata: name: rack-1-ippool spec: cidr: 10.20.2.0/24 ipipMode: Always natOutgoing: true nodeSelector: rack == "1" EOF
应该有两个启用的IP池,运行时可以看到它们
calicoctl get ippool -o wide NAME CIDR NAT IPIPMODE DISABLED SELECTOR rack-0-ippool 10.20.1.0/24 true Always false rack == "0" rack-1-ippool 10.20.2.0/24 true Always false rack == "1"
4. 验证
kubect get pod NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-5c7588df-prx4z 1/1 Running 0 6m3s 10.20.1.64 node1 <none> <none> nginx-5c7588df-s7qw6 1/1 Running 0 6m7s 10.20.1.129 node2 <none> <none> nginx-5c7588df-w7r7g 1/1 Running 0 6m3s 10.20.2.55 node3 <none> <none> nginx-5c7588df-62lnf 1/1 Running 0 6m3s 10.20.2.56 node4 <none> <none>
https://docs.projectcalico.org/networking/assign-ip-addresses-topology