高可用容器网络需要确保网络连接的持续性和容错能力,即使部分节点或网络组件出现故障,容器间的通信也能保持稳定。以下是几种实现高可用容器网络的方案。
# 使用kubeadm安装Calico
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
# 创建BGP配置
cat <<EOF | kubectl apply -f -
apiVersion: projectcalico.org/v3
kind: BGPConfiguration
metadata:
name: default
spec:
logSeverityScreen: Info
nodeToNodeMeshEnabled: true
asNumber: 64512
EOF
# 在每个节点上配置多个BGP对等点
calicoctl create -f - <<EOF
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
name: peer-to-route-reflector
spec:
peerIP: 192.168.1.100
asNumber: 64512
EOF
helm install cilium cilium/cilium --namespace kube-system \
--set kubeProxyReplacement=strict \
--set loadBalancer.mode=dsr \
--set ipam.mode=kubernetes
# 在每个节点上启用ECMP
echo "net.ipv4.fib_multipath_hash_policy=1" >> /etc/sysctl.conf
echo "net.ipv4.fib_multipath_use_neigh=1" >> /etc/sysctl.conf
sysctl -p
kubectl apply -f https://github.com/k8snetworkplumbingwg/multus-cni/releases/download/v3.9/deployments/multus-daemonset.yml
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: secondary-net
spec:
config: '{
"cniVersion": "0.3.1",
"type": "macvlan",
"master": "eth1",
"mode": "bridge",
"ipam": {
"type": "host-local",
"subnet": "192.168.2.0/24",
"rangeStart": "192.168.2.100",
"rangeEnd": "192.168.2.200",
"routes": [{"dst": "0.0.0.0/0"}],
"gateway": "192.168.2.1"
}
}'
# 检查网络策略
calicoctl get networkpolicy --all-namespaces
# 检查BGP状态
calicoctl node status
# 检查Cilium状态
cilium status
# 检查多网络接口
ip -d link show
通过以上方案,您可以在Linux上构建一个高可用的容器网络环境,确保业务连续性。