Tungsten Fabric解决方案指南-Kubernetes集成(上)



  • 6a039d77-919e-4629-a316-c6645a8a8b8e-image.png
    作者:Tony Liu 译者:TF编译组

    1 Kubernetes与TF的集成

    集成方案中,在Kubernetes和Tungsten Fabric(编者按:原文为Contrail,其开源版已更名为Tungsten Fabric,本文出现Contrail之处均以Tungsten Fabric替换)之间有两个连接。

    • contrail-kube-manager和kube-api-server
    • Contrail CNI

    1.1 contrail-kube-manager

    此服务连接到kube-api-server以接收更新。然后,它会连接到Tungsten Fabric配置API服务器,来创建必要的配置(VM,VMI /端口,IP等),以将容器连接到overlay层。它还会将更新发送到kube-api-server。

    1.2 Contrail CNI

    每个node/minion上的Kubelet都使用CNI参数运行。启动容器时,kubelet调用CNI来建立网络。Contrail CNI连接到vRouter代理REST API:

    1)获得必要的配置
    2)将容器网络接口插入vRouter

    1.3 Gateway

    Tungsten Fabric使用gateway连接overlay和underlay网络,以提供外部访问。我们需要使用gateway来支持Kubernetes的暴露服务和ingress功能。

    必须在Tungsten Fabric中创建一个浮动IP池。

    在/etc/contrailctl/kubemanager.conf中配置这个FIP池的FQ名称,以进行配置(provisioning)。

    [KUBERNETES_VNC]public_fip_pool = {'domain': 'default-domain', 'project': 'default', 'network': 'public', 'name': 'public-fip-pool'}
    

    在容器condir-kube-manager中,浮动IP池在/etc/contrail/contrail-kubernetes.conf中进行配置。

    [VNC]public_fip_pool = {'domain': 'default-domain', 'project': 'default', 'network': 'public', 'name': 'public-fip-pool'}
    

    在Kubernetes中公开service或创建ingress时,将从该池中分配一个FIP作为外部IP。

    2 Namespace

    与Tungsten Fabric集成时,Kubernetes命名空间(namespace)可以映射到项目/租户(project/tenant)或虚拟网络。

    2.1 单租户(Single-tenant)

    如果有设置/etc/contrail/contrail-kubernetes.conf中的[KUBERNETES].cluster_project,它是单租户(single-tenant),Kubernetes命名空间将映射到Tungsten Fabric中的虚拟网络。所有非隔离命名空间都映射到默认虚拟网络“cluster-network”。而每个隔离命名空间都映射到一个单独的虚拟网络“-vn”。

    这里有一个示例,说明在/etc/contrailctl/kubemanager.conf中设置[KUBERNETES].cluster_project以启用单租户的情形。

    [KUBERNETES]cluster_project = {'domain': 'default-domain', 'project': 'kubernetes'}
    

    以下是由Condir-kube-manager在初始化期间创建的。

    • Flat IPAM :具有子网的pod-ipam

    • IPAM :service-ipam

    • 虚拟网络“cluster-network”的安全组k8s-default-default-default和k8s-default-default-sg

    • 虚拟网络:具有pod-ipam和service-ipam的cluster-network

    (参见附录A.1)

    2.1.1 非隔离的命名空间

    创建一个非隔离的命名空间。

    apiVersion: v1kind: Namespacemetadata: name: "dev-unisolated"
    

    当Kubernetes创建一个非隔离命名空间时,Tungsten Fabric将创建两个SG,即k8s-default--sg和k8s-default--sg。这里不创建虚拟网络。所有非隔离的NS中的容器都将位于cluster-network上。

    在非隔离命名空间中启动一个Pod。

    apiVersion: v1kind: Podmetadata:  name: nginx-1spec:  containers:  - name: nginx    image: docker.io/nginx    imagePullPolicy: IfNotPresentkubectl create -f nginx-1.yaml -n kubectl get pods -n 
    

    在非隔离命名空间中启动Pod时,Tungsten Fabric(contrail-kube-manager)将执行以下操作。
    53e81c03-065f-4667-86a8-0cb70a7c7b79-image.png

    不同非隔离命名空间中的Pod可以相互连接,因为它们位于Tungsten Fabric中的同一虚拟网络上。

    2.1.2 隔离的命名空间

    创建一个隔离的命名空间。

    apiVersion: v1kind: Namespacemetadata: name: "dev-isolated" annotations: {   "opencontrail.org/isolation" : "true" }
    

    在Kubernetes中创建隔离命名空间时,Tungsten Fabric将创建以下内容。

    96164191-af5c-47b7-853d-f9f115474381-image.png

    由于端口位于不同的虚拟网络上,因此不同的隔离命名空间中的Pods无法相互连接。

    2.2 多租户(Multi-tenant)

    如果未设置/etc/contrail/contrail-kubernetes.conf中的[KUBERNETES].cluster_project,它就是多租户,Kubernetes命名空间将映射到Tungsten Fabric中的租户/项目(tenant/project)。非隔离命名空间中的Pod在默认虚拟网络“cluster-network”上启动。而每个隔离命名空间都映射到一个单独的虚拟网络“-vn”。

    在初始化时,contrail-kube-manager创建以下内容:

    • 为每个现有的Kubenetes命名空间(如default、kube-public和kube-system)提供一个项目/租户。
    • Flat IPAM 默认域:default:pod-ipam
    • IPAM 默认域:default:service-ipam
    • 每一个命名空间的安全组:k8s-default--sg和k8s-default--sg
    • 虚拟网络默认域名:具有pod-ipam的default:cluster-network和service-ipam

    2.2.1 非隔离的命名空间

    创建一个非隔离的命名空间。

    apiVersion: v1kind: Namespacemetadata: name: "dev-unisolated"
    

    Contrail-kube-manager将创建以下内容。

    89734530-ac26-4fdf-86c5-48bb9f7d13dd-image.png

    不同非隔离命名空间中的Pod可以相互连接,因为它们位于Tungsten Fabric中的同一虚拟网络上。

    2.2.2 隔离的命名空间

    创建一个隔离的命名空间。

    apiVersion: v1kind: Namespacemetadata: name: "dev-isolated" annotations: {   "opencontrail.org/isolation" : "true" }
    

    Contrail-cube-manager将创建以下内容。

    4c0c907c-bf5f-4748-8ce7-29f896030db2-image.png

    由于端口位于不同的虚拟网络上,因此不同的隔离命名空间中的Pods无法相互连接。

    2.3 自定义命名空间

    创建一个自定义命名空间。

    apiVersion: v1kind: Namespacemetadata: name: "dev-customized" annotations: {   "opencontrail.org/network": '{"domain": "default-domain", "project": "demo", "name": "red"}' }
    

    在自定义命名空间中启动Pod时,contrail-kube-manager将创建端口。

    • 在项目default-domain:default中
    • 在虚拟网络上映射到自定义命名空间
    • 从与该虚拟网络关联的IPAM上获取地址
    • 安全组?

    2.4指定虚拟网络上的Pod

    在指定的虚拟网络上启动Pod。

    当在指定的虚拟网络上启动Pod时,conutil-kube-manager将创建端口。

    • 在项目中映射到指定或默认的命名空间
    • 在指定的虚拟网络上
    • 从与特定虚拟网络关联的IPAM上获取地址
    • 安全组?

    2.5 Kubernetes网络策略

    Kubernetes网络策略将照常运行,它由Tungsten Fabric中的安全组实现。该版本将与4.0.1一起发布。

    2.6 POD SNAT

    Tungsten Fabric支持该功能,可以在Tungsten Fabric中配置一个路由器(配置对象),使其成为启动容器的虚拟网络的外部网关。这与支持OpenStack的外部网关是一样的。

    3 Service

    Kubernetes service支持ClusterIP,NodePort,LoadBalancer和ExternalName。它还支持使用ExternalIP指定IP。Tungsten Fabric支持ClusterIP和LoadBalancer,以及ExternalIP。

    在Kubernetes中创建service时,Tungsten Fabric中会创建一个负载均衡器(loadbalancer)。负载均衡器的提供者为“native”,而ECMP负载均衡由vRouter实现。浮动IP被创建为VIP。

    创建具有多个实例的应用程序。

    apiVersion: v1kind: ReplicationControllermetadata:  name: web-qaspec:  replicas: 2  selector:    app: web-qa  template:    metadata:      name: web-qa      labels:        app: web-qa    spec:      containers:      - name: web        image: docker.io/nginx        imagePullPolicy: IfNotPresent
    

    3.1 ClusterIP

    在这些应用程序前面创建service。默认的service类型是ClusterIP。

    kind: ServiceapiVersion: v1metadata:  name: web-qaspec:  selector:    app: web-qa  ports:    - protocol: TCP      port: 80      targetPort: 80
    

    当service被创建后,conventil-kube-manager将执行以下操作。
    76b82306-3ce3-4658-93b9-d1bb34c1d608-image.png

    当LB被创建后,“原生”LB驱动程序将执行以下操作。

    • 在FIP中设置端口映射。
    • 将所有成员的VMI添加到FIP。

    当service类型为ClusterIP时,只能在集群内访问该service。FIP从集群网络(cluster-network)中的service FIP池中分配,并映射到所有的Pod地址。当访问集群内的service地址时,vRouter将在Pod之间平衡流量。

    3.2 Loadbalancer

    创建一个LoadBalancer类型的service。

    kind: ServiceapiVersion: v1metadata:  name: web-qaspec:  selector:    app: web-qa  ports:    - protocol: TCP      port: 80      targetPort: 80  type: LoadBalancer
    

    对于服务类型LoadBalancer,服务被暴露于外部。从服务FIP池中分配FIP,用于集群内的访问,同时从公共FIP池中分配FIP,映射到所有POD地址。该FIP将被通告给网关,网关将在POD之间进行ECMP负载均衡。

    附录A 单租户(Single-tenant)

    A.1 IPAM

    :pod-ipam

    {    "fq_name": [        "default-domain",        "kubernetes",        "pod-ipam"    ],    "uuid": "c9641741-c785-456e-845b-a14a253c3572",    "ipam_subnet_method": "flat-subnet",    "parent_type": "project",    "perms2": {        "owner": "None",        "owner_access": 7,        "global_access": 0,        "share": []    },    "ipam_subnets": {        "subnets": [            {                "subnet": {                    "ip_prefix": "10.32.0.0",                    "ip_prefix_len": 12                },                "dns_server_address": "10.47.255.253",                "enable_dhcp": true,                "created": null,                "default_gateway": "10.47.255.254",                "dns_nameservers": [],                "dhcp_option_list": null,                "subnet_uuid": null,                "alloc_unit": 1,                "last_modified": null,                "host_routes": null,                "addr_from_start": null,                "subnet_name": null,                "allocation_pools": []            }        ]    },    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2017-12-27T18:45:33.957901",        "uuid": {            "uuid_mslong": 14511749470582293870,            "uuid_lslong": 9537393975711511922        },        "user_visible": true,        "last_modified": "2017-12-27T18:45:33.957901",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "display_name": "pod-ipam"}
    

    :service-ipam

    {    "fq_name": [        "default-domain",        "kubernetes",        "service-ipam"    ],    "uuid": "526f554a-0bf4-47c6-a8e4-768a3f98cef4",    "parent_type": "project",    "perms2": {        "owner": "None",        "owner_access": 7,        "global_access": 0,        "share": []    },    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2017-12-27T18:45:34.000690",        "uuid": {            "uuid_mslong": 5940060210041472966,            "uuid_lslong": 12169982429206466292        },        "user_visible": true,        "last_modified": "2017-12-27T18:45:34.000690",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "display_name": "service-ipam"}
    

    A.2 安全组

    k8s-default-dev-share-default

    {    "fq_name": [        "default-domain",        "kubernetes",        "k8s-default-dev-share-default"    ],    "uuid": "ad29de07-5ef6-4f55-86bb-52c44827c09d",    "parent_type": "project",    "perms2": {        "owner": "46c31b9b-d21c-4c27-9445-6c94db948b6d",        "owner_access": 7,        "global_access": 0,        "share": []    },    "security_group_id": 8000010,    "id_perms": {        "enable": true,        "description": "Default security group",        "creator": null,        "created": "2018-01-12T09:02:15.110429",        "uuid": {            "uuid_mslong": 12477748365846007637,            "uuid_lslong": 9708444424704868509        },        "user_visible": true,        "last_modified": "2018-01-12T15:45:08.899388",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "security_group_entries": {        "policy_rule": [            {                "direction": ">",                "protocol": "any",                "dst_addresses": [                    {                        "security_group": "local",                        "subnet": null,                        "virtual_network": null,                        "subnet_list": [],                        "network_policy": null                    }                ],                "action_list": null,                "created": null,                "rule_uuid": "dc13bb48-e2a7-4c59-a0b8-740ecfcb9a2c",                "dst_ports": [                    {                        "end_port": 65535,                        "start_port": 0                    }                ],                "application": [],                "last_modified": null,                "ethertype": "IPv4",                "src_addresses": [                    {                        "security_group": null,                        "subnet": {                            "ip_prefix": "0.0.0.0",                            "ip_prefix_len": 0                        },                        "virtual_network": null,                        "subnet_list": [],                        "network_policy": null                    }                ],                "rule_sequence": null,                "src_ports": [                    {                        "end_port": 65535,                        "start_port": 0                    }                ]            },            {                "direction": ">",                "protocol": "any",                "dst_addresses": [                    {                        "security_group": "local",                        "subnet": null,                        "virtual_network": null,                        "subnet_list": [],                        "network_policy": null                    }                ],                "action_list": null,                "created": null,                "rule_uuid": "a84e2d98-2b8f-45ba-aa75-88494da73b11",                "dst_ports": [                    {                        "end_port": 65535,                        "start_port": 0                    }                ],                "application": [],                "last_modified": null,                "ethertype": "IPv6",                "src_addresses": [                    {                        "security_group": null,                        "subnet": {                            "ip_prefix": "::",                            "ip_prefix_len": 0                        },                        "virtual_network": null,                        "subnet_list": [],                        "network_policy": null                    }                ],                "rule_sequence": null,                "src_ports": [                    {                        "end_port": 65535,                        "start_port": 0                    }                ]            },            {                "direction": ">",                "protocol": "any",                "dst_addresses": [                    {                        "security_group": null,                        "subnet": {                            "ip_prefix": "0.0.0.0",                            "ip_prefix_len": 0                        },                        "virtual_network": null,                        "subnet_list": [],                        "network_policy": null                    }                ],                "action_list": null,                "created": null,                "rule_uuid": "b7752ec1-6037-4c7f-97a9-291893fbed64",                "dst_ports": [                    {                        "end_port": 65535,                        "start_port": 0                    }                ],                "application": [],                "last_modified": null,                "ethertype": "IPv4",                "src_addresses": [                    {                        "security_group": "local",                        "subnet": null,                        "virtual_network": null,                        "subnet_list": [],                        "network_policy": null                    }                ],                "rule_sequence": null,                "src_ports": [                    {                        "end_port": 65535,                        "start_port": 0                    }                ]            },            {                "direction": ">",                "protocol": "any",                "dst_addresses": [                    {                        "security_group": null,                        "subnet": {                            "ip_prefix": "::",                            "ip_prefix_len": 0                        },                        "virtual_network": null,                        "subnet_list": [],                        "network_policy": null                    }                ],                "action_list": null,                "created": null,                "rule_uuid": "ea5cd2a8-2d47-47c4-a9ab-390de2317246",                "dst_ports": [                    {                        "end_port": 65535,                        "start_port": 0                    }                ],                "application": [],                "last_modified": null,                "ethertype": "IPv6",                "src_addresses": [                    {                        "security_group": "local",                        "subnet": null,                        "virtual_network": null,                        "subnet_list": [],                        "network_policy": null                    }                ],                "rule_sequence": null,                "src_ports": [                    {                        "end_port": 65535,                        "start_port": 0                    }                ]            }        ]    },    "annotations": {        "key_value_pair": [            {                "key": "namespace",                "value": "dev-share"            },            {                "key": "cluster",                "value": "k8s-default"            },            {                "key": "kind",                "value": "Namespace"            },            {                "key": "project",                "value": "kubernetes"            },            {                "key": "name",                "value": "k8s-default-dev-share-default"            },            {                "key": "owner",                "value": "k8s"            }        ]    },    "display_name": "k8s-default-dev-share-default"}
    

    k8s-default-dev-share-sg

    {    "fq_name": [        "default-domain",        "kubernetes",        "k8s-default-dev-share-sg"    ],    "uuid": "791f1c7e-a66e-4c47-ba05-409f00ee2c8e",    "parent_type": "project",    "perms2": {        "owner": "46c31b9b-d21c-4c27-9445-6c94db948b6d",        "owner_access": 7,        "global_access": 0,        "share": []    },    "security_group_id": 8000017,    "id_perms": {        "enable": true,        "description": "Namespace security group",        "creator": null,        "created": "2018-01-12T09:02:15.236401",        "uuid": {            "uuid_mslong": 8727725933151013959,            "uuid_lslong": 13404190917597736078        },        "user_visible": true,        "last_modified": "2018-01-12T09:02:15.275407",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "display_name": "k8s-default-dev-share-sg",    "annotations": {        "key_value_pair": [            {                "key": "namespace",                "value": "dev-share"            },            {                "key": "cluster",                "value": "k8s-default"            },            {                "key": "kind",                "value": "Namespace"            },            {                "key": "project",                "value": "kubernetes"            },            {                "key": "name",                "value": "k8s-default-dev-share-sg"            },            {                "key": "owner",                "value": "k8s"            }        ]    }}
    

    A.3 虚拟网络

    :cluster-network

    {    "virtual_network_properties": {        "forwarding_mode": "l3",        "allow_transit": null,        "network_id": null,        "mirror_destination": false,        "vxlan_network_identifier": null,        "rpf": null    },    "fq_name": [        "default-domain",        "kubernetes",        "cluster-network"    ],    "uuid": "1b9f7f74-17f0-493a-9108-729f91b43598",    "address_allocation_mode": "user-defined-subnet-only",    "mac_aging_time": 300,    "parent_type": "project",    "perms2": {        "owner": "None",        "owner_access": 7,        "global_access": 0,        "share": []    },    "display_name": "cluster-network",    "pbb_evpn_enable": false,    "mac_learning_enabled": false,    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2017-12-27T18:45:34.062865",        "uuid": {            "uuid_mslong": 1990449696915605818,            "uuid_lslong": 10450728964983109016        },        "user_visible": true,        "last_modified": "2017-12-29T10:29:20.685414",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "flood_unknown_unicast": false,    "layer2_control_word": false,    "port_security_enabled": true,    "network_ipam_refs": [        {            "to": [                "default-domain",                "kubernetes",                "service-ipam"            ],            "href": "http://127.0.0.1:8082/network-ipam/526f554a-0bf4-47c6-a8e4-768a3f98cef4",            "attr": {                "ipam_subnets": [                    {                        "subnet": {                            "ip_prefix": "10.167.0.0",                            "ip_prefix_len": 16                        },                        "dns_server_address": "10.167.255.253",                        "enable_dhcp": true,                        "created": null,                        "default_gateway": "10.167.255.254",                        "dns_nameservers": [],                        "dhcp_option_list": null,                        "subnet_uuid": "10a8de65-9de8-419b-b14c-180bf2ab3dc9",                        "alloc_unit": 1,                        "last_modified": null,                        "host_routes": null,                        "addr_from_start": null,                        "subnet_name": null,                        "allocation_pools": []                    }                ],                "host_routes": null            },            "uuid": "526f554a-0bf4-47c6-a8e4-768a3f98cef4"        },        {            "to": [                "default-domain",                "kubernetes",                "pod-ipam"            ],            "href": "http://127.0.0.1:8082/network-ipam/c9641741-c785-456e-845b-a14a253c3572",            "attr": {                "ipam_subnets": [                    {                        "subnet": null,                        "dns_server_address": null,                        "enable_dhcp": true,                        "created": null,                        "default_gateway": null,                        "dns_nameservers": [],                        "dhcp_option_list": null,                        "subnet_uuid": "d2b090ce-cbcc-4b00-b50a-cc1ed5468b00",                        "alloc_unit": 1,                        "last_modified": null,                        "host_routes": null,                        "addr_from_start": null,                        "subnet_name": null,                        "allocation_pools": []                    }                ],                "host_routes": null            },            "uuid": "c9641741-c785-456e-845b-a14a253c3572"        }    ],    "pbb_etree_enable": false,    "virtual_network_network_id": 5}
    

    :dev-vn

    {    "virtual_network_properties": {        "forwarding_mode": "l3",        "allow_transit": null,        "network_id": null,        "mirror_destination": false,        "vxlan_network_identifier": null,        "rpf": null    },    "fq_name": [        "default-domain",        "kubernetes",        "dev-vn"    ],    "uuid": "ce01826b-e3e6-407f-8798-80612018e89c",    "address_allocation_mode": "flat-subnet-only",    "mac_aging_time": 300,    "parent_type": "project",    "perms2": {        "owner": "None",        "owner_access": 7,        "global_access": 0,        "share": []    },    "display_name": "dev-vn",    "pbb_evpn_enable": false,    "mac_learning_enabled": false,    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2018-01-09T11:40:06.196335",        "uuid": {            "uuid_mslong": 14844289246686494847,            "uuid_lslong": 9770700546218977436        },        "user_visible": true,        "last_modified": "2018-01-09T12:18:55.796399",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "flood_unknown_unicast": false,    "layer2_control_word": false,    "port_security_enabled": true,    "network_ipam_refs": [        {            "to": [                "default-domain",                "kubernetes",                "pod-ipam"            ],            "href": "http://127.0.0.1:8082/network-ipam/c9641741-c785-456e-845b-a14a253c3572",            "attr": {                "ipam_subnets": [                    {                        "subnet": null,                        "dns_server_address": null,                        "enable_dhcp": true,                        "created": null,                        "default_gateway": null,                        "dns_nameservers": [],                        "dhcp_option_list": null,                        "subnet_uuid": "48ed8235-efcd-44a1-998c-659e4f5840f4",                        "alloc_unit": 1,                        "last_modified": null,                        "host_routes": null,                        "addr_from_start": null,                        "subnet_name": null,                        "allocation_pools": []                    }                ],                "host_routes": null            },            "uuid": "c9641741-c785-456e-845b-a14a253c3572"        }    ],    "annotations": {        "key_value_pair": [            {                "key": "cluster",                "value": "k8s-default"            },            {                "key": "kind",                "value": "Namespace"            },            {                "key": "namespace",                "value": "dev"            },            {                "key": "isolated",                "value": "True"            },            {                "key": "project",                "value": "kubernetes"            },            {                "key": "name",                "value": "dev"            },            {                "key": "owner",                "value": "k8s"            }        ]    },    "pbb_etree_enable": false,    "virtual_network_network_id": 11}
    

    A.4虚拟机接口和实例IP

    非隔离端口

    {    "fq_name": [        "default-domain",        "kubernetes",        "dev-web-k528t__5a1fc03e-f7ab-11e7-8f66-52540065dced"    ],    "virtual_machine_interface_mac_addresses": {        "mac_address": [            "02:5a:1f:c0:3e:f7"        ]    },    "display_name": "dev-share__dev-web-k528t",    "security_group_refs": [        {            "to": [                "default-domain",                "kubernetes",                "k8s-default-dev-share-default"            ],            "href": "http://127.0.0.1:8082/security-group/ad29de07-5ef6-4f55-86bb-52c44827c09d",            "attr": null,            "uuid": "ad29de07-5ef6-4f55-86bb-52c44827c09d"        },        {            "to": [                "default-domain",                "kubernetes",                "k8s-default-dev-share-sg"            ],            "href": "http://127.0.0.1:8082/security-group/791f1c7e-a66e-4c47-ba05-409f00ee2c8e",            "attr": null,            "uuid": "791f1c7e-a66e-4c47-ba05-409f00ee2c8e"        }    ],    "routing_instance_refs": [        {            "to": [                "default-domain",                "kubernetes",                "cluster-network",                "cluster-network"            ],            "href": "http://127.0.0.1:8082/routing-instance/5ed7608a-28bb-4735-a8d8-2e9132b03d62",            "attr": {                "direction": "both",                "protocol": null,                "ipv6_service_chain_address": null,                "dst_mac": null,                "mpls_label": null,                "vlan_tag": null,                "src_mac": null,                "service_chain_address": null            },            "uuid": "5ed7608a-28bb-4735-a8d8-2e9132b03d62"        }    ],    "virtual_machine_interface_disable_policy": false,    "parent_type": "project",    "perms2": {        "owner": "None",        "owner_access": 7,        "global_access": 0,        "share": []    },    "virtual_network_refs": [        {            "to": [                "default-domain",                "kubernetes",                "cluster-network"            ],            "href": "http://127.0.0.1:8082/virtual-network/1b9f7f74-17f0-493a-9108-729f91b43598",            "attr": null,            "uuid": "1b9f7f74-17f0-493a-9108-729f91b43598"        }    ],    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2018-01-12T15:14:58.189964",        "uuid": {            "uuid_mslong": 6494120564367233511,            "uuid_lslong": 10333036915785587949        },        "user_visible": true,        "last_modified": "2018-01-12T15:14:58.253769",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "virtual_machine_refs": [        {            "to": [                "dev-web-k528t__708154c6-f7ab-11e7-a9df-98f2b3a36be0"            ],            "href": "http://127.0.0.1:8082/virtual-machine/708154c6-f7ab-11e7-a9df-98f2b3a36be0",            "attr": null,            "uuid": "708154c6-f7ab-11e7-a9df-98f2b3a36be0"        }    ],    "vlan_tag_based_bridge_domain": false,    "port_security_enabled": true,    "annotations": {        "key_value_pair": [            {                "key": "cluster",                "value": "k8s-default"            },            {                "key": "kind",                "value": "Pod"            },            {                "key": "namespace",                "value": "dev-share"            },            {                "key": "project",                "value": "kubernetes"            },            {                "key": "name",                "value": "dev-web-k528t"            },            {                "key": "owner",                "value": "k8s"            }        ]    },    "uuid": "5a1fc03e-f7ab-11e7-8f66-52540065dced"}
    

    IP实例

    {    "fq_name": [        "dev-web-k528t__5a2f9cde-f7ab-11e7-8f66-52540065dced"    ],    "uuid": "5a2f9cde-f7ab-11e7-8f66-52540065dced",    "service_health_check_ip": false,    "instance_ip_address": "10.47.255.251",    "perms2": {        "owner": "cloud-admin",        "owner_access": 7,        "global_access": 0,        "share": []    },    "annotations": {        "key_value_pair": [            {                "key": "cluster",                "value": "k8s-default"            },            {                "key": "kind",                "value": "Pod"            },            {                "key": "namespace",                "value": "dev-share"            },            {                "key": "project",                "value": "kubernetes"            },            {                "key": "name",                "value": "dev-web-k528t"            },            {                "key": "owner",                "value": "k8s"            }        ]    },    "subnet_uuid": "d2b090ce-cbcc-4b00-b50a-cc1ed5468b00",    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2018-01-12T15:14:58.323069",        "uuid": {            "uuid_mslong": 6498585268770771431,            "uuid_lslong": 10333036915785587949        },        "user_visible": true,        "last_modified": "2018-01-12T15:14:58.363792",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "virtual_machine_interface_refs": [        {            "to": [                "default-domain",                "kubernetes",                "dev-web-k528t__5a1fc03e-f7ab-11e7-8f66-52540065dced"            ],            "href": "http://127.0.0.1:8082/virtual-machine-interface/5a1fc03e-f7ab-11e7-8f66-52540065dced",            "attr": null,            "uuid": "5a1fc03e-f7ab-11e7-8f66-52540065dced"        }    ],    "service_instance_ip": false,    "instance_ip_local_ip": false,    "virtual_network_refs": [        {            "to": [                "default-domain",                "kubernetes",                "cluster-network"            ],            "href": "http://127.0.0.1:8082/virtual-network/1b9f7f74-17f0-493a-9108-729f91b43598",            "attr": null,            "uuid": "1b9f7f74-17f0-493a-9108-729f91b43598"        }    ],    "instance_ip_secondary": false,    "display_name": "dev-share__dev-web-k528t"}
    

    Tungsten Fabric解决方案指南-Kubernetes集成(下)


    推荐阅读

    Tungsten Fabric解决方案指南-Gateway MX


Log in to reply