calico 网络原理
文章目录
calico 网络原理
node节点 装网络之前路由
1 2 3 4 5 6 7 |
[root@iZj6c3cqwumhn5jov661z7Z ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.31.255.253 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.31.240.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0 |
网卡:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
[root@iZj6c3cqwumhn5jov661z7Z ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:cb:02:65:a3 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.31.242.156 netmask 255.255.240.0 broadcast 172.31.255.255
ether 00:16:3e:00:89:75 txqueuelen 1000 (Ethernet)
RX packets 72958 bytes 105395247 (100.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15711 bytes 1583143 (1.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
iptables:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[root@iZj6c3cqwumhn5jov661z7Z ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination DOCKER-ISOLATION all -- anywhere anywhere DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination Chain DOCKER-ISOLATION (1 references) target prot opt source destination RETURN all -- anywhere anywhere |
master节点安装之前
1 2 3 4 5 6 7 |
[root@izj6cg11g0cdegoowj058ez ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.31.255.253 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.31.240.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
[root@izj6cg11g0cdegoowj058ez ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:37:67:91:64 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.31.242.157 netmask 255.255.240.0 broadcast 172.31.255.255
ether 00:16:3e:01:aa:f2 txqueuelen 1000 (Ethernet)
RX packets 169779 bytes 246363004 (234.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 32790 bytes 3034892 (2.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1 (Local Loopback)
RX packets 22682 bytes 6946686 (6.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 22682 bytes 6946686 (6.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
[root@izj6cg11g0cdegoowj058ez ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */ KUBE-FIREWALL all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination DOCKER-ISOLATION all -- anywhere anywhere DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */ KUBE-FIREWALL all -- anywhere anywhere Chain DOCKER (1 references) target prot opt source destination Chain DOCKER-ISOLATION (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain KUBE-FIREWALL (2 references) target prot opt source destination DROP all -- anywhere anywhere /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000 Chain KUBE-SERVICES (2 references) target prot opt source destination REJECT udp -- anywhere 10.96.0.10 /* kube-system/kube-dns:dns has no endpoints */ udp dpt:domain reject-with icmp-port-unreachable REJECT tcp -- anywhere 10.96.0.10 /* kube-system/kube-dns:dns-tcp has no endpoints */ tcp dpt:domain reject-with icmp-port-unreachable |
启动完一个pod
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@izj6cg11g0cdegoowj058ez ~]# kubectl get pod --all-namespaces -o wide NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE kube-system calico-etcd-gqqv2 1/1 Running 0 22m 172.31.242.157 izj6cg11g0cdegoowj058ez kube-system calico-kube-controllers-55449f8d88-pmh9h 1/1 Running 0 22m 172.31.242.157 izj6cg11g0cdegoowj058ez kube-system calico-node-77hm6 2/2 Running 0 22m 172.31.242.157 izj6cg11g0cdegoowj058ez kube-system calico-node-c6jx5 2/2 Running 0 9m 172.31.242.156 izj6c3cqwumhn5jov661z7z kube-system etcd-izj6cg11g0cdegoowj058ez 1/1 Running 0 28m 172.31.242.157 izj6cg11g0cdegoowj058ez kube-system kube-apiserver-izj6cg11g0cdegoowj058ez 1/1 Running 1 27m 172.31.242.157 izj6cg11g0cdegoowj058ez kube-system kube-controller-manager-izj6cg11g0cdegoowj058ez 1/1 Running 1 28m 172.31.242.157 izj6cg11g0cdegoowj058ez kube-system kube-dns-545bc4bfd4-c9vsc 3/3 Running 0 27m 192.168.83.129 izj6c3cqwumhn5jov661z7z kube-system kube-proxy-4btpd 1/1 Running 0 27m 172.31.242.157 izj6cg11g0cdegoowj058ez kube-system kube-proxy-cdvvf 1/1 Running 0 9m 172.31.242.156 izj6c3cqwumhn5jov661z7z kube-system kube-scheduler-izj6cg11g0cdegoowj058ez 1/1 Running 1 28m 172.31.242.157 izj6cg11g0cdegoowj058ez sock-shop carts-794f6cc876-8lfj8 1/1 Running 0 5m 192.168.83.131 izj6c3cqwumhn5jov661z7z sock-shop carts-db-787f4b7896-v8qbn 1/1 Running 0 5m 192.168.83.130 izj6c3cqwumhn5jov661z7z |
1 2 3 4 5 6 7 8 9 |
[root@izj6cg11g0cdegoowj058ez ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.31.255.253 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.31.240.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0 192.168.83.128 172.31.242.156 255.255.255.192 UG 0 0 0 tunl0 192.168.179.0 0.0.0.0 255.255.255.192 U 0 0 0 * |
1 2 3 4 5 6 7 8 9 10 11 12 |
[root@iZj6c3cqwumhn5jov661z7Z ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.31.255.253 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.31.240.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0 192.168.83.128 0.0.0.0 255.255.255.192 U 0 0 0 * 192.168.83.129 0.0.0.0 255.255.255.255 UH 0 0 0 cali513e7f6c556 192.168.83.130 0.0.0.0 255.255.255.255 UH 0 0 0 cali85f45a254f4 192.168.83.131 0.0.0.0 255.255.255.255 UH 0 0 0 cali65bda6d8589 192.168.179.0 172.31.242.157 255.255.255.192 UG 0 0 0 tunl0 |
公众号:
微信群:
文章作者 fanux
上次更新 2017-07-11