阿里云Kubernetes Terway插件给pod配置独立ip
Terway的权限是通过RAM角色AliyunCSManagedNetworkRole进行配置
在RAM控制台中为这个角色添加以下EIP相关权限
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"vpc:DescribeVSwitches",
"vpc:AllocateEipAddress",
"vpc:DescribeEipAddresses",
"vpc:AssociateEipAddress",
"vpc:UnassociateEipAddress",
"vpc:ReleaseEipAddress"
],
"Resource": [
"*"
]
}
]
}
CNI:
kubectl edit cm eni-config -n kube-system
在eni_conf中增加以下内容
"enable_eip_pool": "true"
"allow_eip_rob": "true"
执行以下命令重建Terway实例
kubectl delete pod -n kube-system -l app=terway-eniip
使用
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment-basic
namespace: sre
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
annotations:
k8s.aliyun.com/pod-with-eip: "true" # 为Nginx容器自动分配公网EIP地址。
#k8s.aliyun.com/pod-eip-instanceid: "eip-1234567890"
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
当Pod变成Running状态之后,可以观察部署完后的Pod中annotations的k8s.aliyun.com/allocated-eipAddress值来查看到它分配到的关联EIP地址,通过这个EIP即可访问到Pod。