Tungsten Fabric解决方案指南-Kubernetes集成(下)



  • Tungsten Fabric解决方案指南-Kubernetes集成(上)

    隔离端口

    {    "fq_name": [        "default-domain",        "kubernetes",        "dev-client__c64b3b12-f7b5-11e7-8f66-52540065dced"    ],    "virtual_machine_interface_mac_addresses": {        "mac_address": [            "02:c6:4b:3b:12:f7"        ]    },    "display_name": "dev__dev-client",    "security_group_refs": [        {            "to": [                "default-domain",                "kubernetes",                "k8s-default-dev-sg"            ],            "href": "http://127.0.0.1:8082/security-group/579019d5-038e-4901-b6ab-ed146022dd70",            "attr": null,            "uuid": "579019d5-038e-4901-b6ab-ed146022dd70"        },        {            "to": [                "default-domain",                "kubernetes",                "k8s-default-dev-default"            ],            "href": "http://127.0.0.1:8082/security-group/e43caf6e-6b35-40c3-b336-83c155078efe",            "attr": null,            "uuid": "e43caf6e-6b35-40c3-b336-83c155078efe"        }    ],    "routing_instance_refs": [        {            "to": [                "default-domain",                "kubernetes",                "dev-vn",                "dev-vn"            ],            "href": "http://127.0.0.1:8082/routing-instance/45173786-a1b4-4c75-8ef0-590de67d2d05",            "attr": {                "direction": "both",                "protocol": null,                "ipv6_service_chain_address": null,                "dst_mac": null,                "mpls_label": null,                "vlan_tag": null,                "src_mac": null,                "service_chain_address": null            },            "uuid": "45173786-a1b4-4c75-8ef0-590de67d2d05"        }    ],    "virtual_machine_interface_disable_policy": false,    "parent_type": "project",    "perms2": {        "owner": "None",        "owner_access": 7,        "global_access": 0,        "share": []    },    "virtual_network_refs": [        {            "to": [                "default-domain",                "kubernetes",                "dev-vn"            ],            "href": "http://127.0.0.1:8082/virtual-network/ce01826b-e3e6-407f-8798-80612018e89c",            "attr": null,            "uuid": "ce01826b-e3e6-407f-8798-80612018e89c"        }    ],    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2018-01-12T16:29:34.640295",        "uuid": {            "uuid_mslong": 14288579195414319591,            "uuid_lslong": 10333036915785587949        },        "user_visible": true,        "last_modified": "2018-01-12T16:29:34.708511",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "virtual_machine_refs": [        {            "to": [                "dev-client__c64878a1-f7b5-11e7-9dbb-98f2b3a33b90"            ],            "href": "http://127.0.0.1:8082/virtual-machine/c64878a1-f7b5-11e7-9dbb-98f2b3a33b90",            "attr": null,            "uuid": "c64878a1-f7b5-11e7-9dbb-98f2b3a33b90"        }    ],    "vlan_tag_based_bridge_domain": false,    "port_security_enabled": true,    "annotations": {        "key_value_pair": [            {                "key": "cluster",                "value": "k8s-default"            },            {                "key": "kind",                "value": "Pod"            },            {                "key": "namespace",                "value": "dev"            },            {                "key": "project",                "value": "kubernetes"            },            {                "key": "name",                "value": "dev-client"            },            {                "key": "owner",                "value": "k8s"            }        ]    },    "uuid": "c64b3b12-f7b5-11e7-8f66-52540065dced"}{    "fq_name": [        "dev-client__c65c2a12-f7b5-11e7-8f66-52540065dced"    ],    "uuid": "c65c2a12-f7b5-11e7-8f66-52540065dced",    "service_health_check_ip": false,    "instance_ip_address": "10.47.255.250",    "perms2": {        "owner": "cloud-admin",        "owner_access": 7,        "global_access": 0,        "share": []    },    "annotations": {        "key_value_pair": [            {                "key": "cluster",                "value": "k8s-default"            },            {                "key": "kind",                "value": "Pod"            },            {                "key": "namespace",                "value": "dev"            },            {                "key": "project",                "value": "kubernetes"            },            {                "key": "name",                "value": "dev-client"            },            {                "key": "owner",                "value": "k8s"            }        ]    },    "subnet_uuid": "4b421367-165a-4555-80ab-2cff90cb9401",    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2018-01-12T16:29:34.763793",        "uuid": {            "uuid_mslong": 14293345578320728551,            "uuid_lslong": 10333036915785587949        },        "user_visible": true,        "last_modified": "2018-01-12T16:29:34.810063",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "virtual_machine_interface_refs": [        {            "to": [                "default-domain",                "kubernetes",                "dev-client__c64b3b12-f7b5-11e7-8f66-52540065dced"            ],            "href": "http://127.0.0.1:8082/virtual-machine-interface/c64b3b12-f7b5-11e7-8f66-52540065dced",            "attr": null,            "uuid": "c64b3b12-f7b5-11e7-8f66-52540065dced"        }    ],    "service_instance_ip": false,    "instance_ip_local_ip": false,    "virtual_network_refs": [        {            "to": [                "default-domain",                "kubernetes",                "dev-vn"            ],            "href": "http://127.0.0.1:8082/virtual-network/ce01826b-e3e6-407f-8798-80612018e89c",            "attr": null,            "uuid": "ce01826b-e3e6-407f-8798-80612018e89c"        }    ],    "instance_ip_secondary": false,    "display_name": "dev__dev-client"}
    

    附录B Service

    B.1 LB VMI

    {    "fq_name": [        "default-domain",        "kubernetes",        "svc-dev-web__20c27603-2d0f-45f5-9647-defe4adaba9a"    ],    "virtual_machine_interface_mac_addresses": {        "mac_address": [            "02:20:c2:76:03:2d"        ]    },    "display_name": "dev-share__svc-dev-web",    "security_group_refs": [        {            "to": [                "default-domain",                "kubernetes",                "k8s-default-dev-share-sg"            ],            "href": "http://127.0.0.1:8082/security-group/791f1c7e-a66e-4c47-ba05-409f00ee2c8e",            "attr": null,            "uuid": "791f1c7e-a66e-4c47-ba05-409f00ee2c8e"        },        {            "to": [                "default-domain",                "kubernetes",                "k8s-default-dev-share-default"            ],            "href": "http://127.0.0.1:8082/security-group/ad29de07-5ef6-4f55-86bb-52c44827c09d",            "attr": null,            "uuid": "ad29de07-5ef6-4f55-86bb-52c44827c09d"        }    ],    "routing_instance_refs": [        {            "to": [                "default-domain",                "kubernetes",                "cluster-network",                "cluster-network"            ],            "href": "http://127.0.0.1:8082/routing-instance/5ed7608a-28bb-4735-a8d8-2e9132b03d62",            "attr": {                "direction": "both",                "protocol": null,                "ipv6_service_chain_address": null,                "dst_mac": null,                "mpls_label": null,                "vlan_tag": null,                "src_mac": null,                "service_chain_address": null            },            "uuid": "5ed7608a-28bb-4735-a8d8-2e9132b03d62"        }    ],    "virtual_machine_interface_disable_policy": false,    "parent_type": "project",    "perms2": {        "owner": "None",        "owner_access": 7,        "global_access": 0,        "share": []    },    "virtual_network_refs": [        {            "to": [                "default-domain",                "kubernetes",                "cluster-network"            ],            "href": "http://127.0.0.1:8082/virtual-network/1b9f7f74-17f0-493a-9108-729f91b43598",            "attr": null,            "uuid": "1b9f7f74-17f0-493a-9108-729f91b43598"        }    ],    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2018-01-12T15:21:05.324801",        "uuid": {            "uuid_mslong": 2360578910708516341,            "uuid_lslong": 10828869012794555034        },        "user_visible": true,        "last_modified": "2018-01-12T15:21:05.365345",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "vlan_tag_based_bridge_domain": false,    "virtual_machine_interface_device_owner": "K8S:LOADBALANCER",    "port_security_enabled": true,    "uuid": "20c27603-2d0f-45f5-9647-defe4adaba9a"}
    

    B.2 LB IP实例和浮动IP

    IP实例

    {    "fq_name": [        "svc-dev-web__ff9782ea-f79d-423e-af9e-cde45ef847f2"    ],    "uuid": "ff9782ea-f79d-423e-af9e-cde45ef847f2",    "service_health_check_ip": false,    "instance_ip_address": "10.167.87.84",    "perms2": {        "owner": "cloud-admin",        "owner_access": 7,        "global_access": 0,        "share": []    },    "virtual_network_refs": [        {            "to": [                "default-domain",                "kubernetes",                "cluster-network"            ],            "href": "http://127.0.0.1:8082/virtual-network/1b9f7f74-17f0-493a-9108-729f91b43598",            "attr": null,            "uuid": "1b9f7f74-17f0-493a-9108-729f91b43598"        }    ],    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2018-01-12T15:21:05.433006",        "uuid": {            "uuid_mslong": 18417333146843169342,            "uuid_lslong": 12654778383687239666        },        "user_visible": true,        "last_modified": "2018-01-12T15:21:05.433006",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "virtual_machine_interface_refs": [        {            "to": [                "default-domain",                "kubernetes",                "svc-dev-web__20c27603-2d0f-45f5-9647-defe4adaba9a"            ],            "href": "http://127.0.0.1:8082/virtual-machine-interface/20c27603-2d0f-45f5-9647-defe4adaba9a",            "attr": null,            "uuid": "20c27603-2d0f-45f5-9647-defe4adaba9a"        }    ],    "service_instance_ip": false,    "instance_ip_local_ip": false,    "instance_ip_secondary": false,    "display_name": "svc-dev-web"}
    

    Floating IP

    {    "project_refs": [        {            "to": [                "default-domain",                "kubernetes"            ],            "href": "http://127.0.0.1:8082/project/46c31b9b-d21c-4c27-9445-6c94db948b6d",            "attr": null,            "uuid": "46c31b9b-d21c-4c27-9445-6c94db948b6d"        }    ],    "fq_name": [        "svc-dev-web__ff9782ea-f79d-423e-af9e-cde45ef847f2",        "dee62bd0-ed5a-4ac5-b7d7-dc6f329cdba7"    ],    "uuid": "dee62bd0-ed5a-4ac5-b7d7-dc6f329cdba7",    "floating_ip_port_mappings": {        "port_mappings": [            {                "protocol": "TCP",                "src_port": 80,                "dst_port": 80            }        ]    },    "parent_type": "instance-ip",    "perms2": {        "owner": "cloud-admin",        "owner_access": 7,        "global_access": 0,        "share": []    },    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2018-01-12T15:21:05.562790",        "uuid": {            "uuid_mslong": 16061573297398762181,            "uuid_lslong": 13247299199082224551        },        "user_visible": true,        "last_modified": "2018-01-12T15:21:06.073466",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "floating_ip_address": "10.167.87.84",    "virtual_machine_interface_refs": [        {            "to": [                "default-domain",                "kubernetes",                "dev-web-669n0__59f3d2a8-f7ab-11e7-8f66-52540065dced"            ],            "href": "http://127.0.0.1:8082/virtual-machine-interface/59f3d2a8-f7ab-11e7-8f66-52540065dced",            "attr": null,            "uuid": "59f3d2a8-f7ab-11e7-8f66-52540065dced"        },        {            "to": [                "default-domain",                "kubernetes",                "dev-web-k528t__5a1fc03e-f7ab-11e7-8f66-52540065dced"            ],            "href": "http://127.0.0.1:8082/virtual-machine-interface/5a1fc03e-f7ab-11e7-8f66-52540065dced",            "attr": null,            "uuid": "5a1fc03e-f7ab-11e7-8f66-52540065dced"        }    ],    "floating_ip_port_mappings_enable": true,    "display_name": "dee62bd0-ed5a-4ac5-b7d7-dc6f329cdba7",    "floating_ip_traffic_direction": "ingress"}
    

    B.3 LB

    Loadbalancer

    {    "fq_name": [        "default-domain",        "kubernetes",        "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90"    ],    "uuid": "34f826d8-f7ac-11e7-9dbb-98f2b3a33b90",    "service_appliance_set_refs": [        {            "to": [                "default-global-system-config",                "native"            ],            "href": "http://127.0.0.1:8082/service-appliance-set/d5cf94dd-6556-40fc-b3dd-0020dacf7cfc",            "attr": null,            "uuid": "d5cf94dd-6556-40fc-b3dd-0020dacf7cfc"        }    ],    "parent_type": "project",    "perms2": {        "owner": "None",        "owner_access": 7,        "global_access": 0,        "share": []    },    "loadbalancer_properties": {        "status": null,        "provisioning_status": "ACTIVE",        "admin_state": true,        "vip_address": "10.167.87.84",        "vip_subnet_id": null,        "operating_status": "ONLINE"    },    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2018-01-12T15:21:05.486093",        "uuid": {            "uuid_mslong": 3816843397506535911,            "uuid_lslong": 11365846252762905488        },        "user_visible": true,        "last_modified": "2018-01-12T15:21:05.514920",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "virtual_machine_interface_refs": [        {            "to": [                "default-domain",                "kubernetes",                "svc-dev-web__20c27603-2d0f-45f5-9647-defe4adaba9a"            ],            "href": "http://127.0.0.1:8082/virtual-machine-interface/20c27603-2d0f-45f5-9647-defe4adaba9a",            "attr": null,            "uuid": "20c27603-2d0f-45f5-9647-defe4adaba9a"        }    ],    "display_name": "dev-share__svc-dev-web",    "loadbalancer_provider": "native",    "annotations": {        "key_value_pair": [            {                "key": "cluster",                "value": "k8s-default"            },            {                "key": "kind",                "value": "Service"            },            {                "key": "namespace",                "value": "dev-share"            },            {                "key": "project",                "value": "kubernetes"            },            {                "key": "name",                "value": "svc-dev-web"            },            {                "key": "owner",                "value": "k8s"            }        ]    }}
    

    LB Listener

    {    "loadbalancer_listener_properties": {        "default_tls_container": null,        "protocol": "TCP",        "connection_limit": null,        "admin_state": true,        "sni_containers": [],        "protocol_port": 80    },    "fq_name": [        "default-domain",        "kubernetes",        "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90-TCP-80-331d4fc1-7e80-47a7-a6a0-6cef54c37b6c"    ],    "uuid": "331d4fc1-7e80-47a7-a6a0-6cef54c37b6c",    "parent_type": "project",    "perms2": {        "owner": "None",        "owner_access": 7,        "global_access": 0,        "share": []    },    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2018-01-12T15:21:05.564006",        "uuid": {            "uuid_mslong": 3683187762728552359,            "uuid_lslong": 12006716381744823148        },        "user_visible": true,        "last_modified": "2018-01-12T15:21:05.564006",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "loadbalancer_refs": [        {            "to": [                "default-domain",                "kubernetes",                "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90"            ],            "href": "http://127.0.0.1:8082/loadbalancer/34f826d8-f7ac-11e7-9dbb-98f2b3a33b90",            "attr": null,            "uuid": "34f826d8-f7ac-11e7-9dbb-98f2b3a33b90"        }    ],    "display_name": "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90-TCP-80-331d4fc1-7e80-47a7-a6a0-6cef54c37b6c"}
    

    LB Pool

    {    "fq_name": [        "default-domain",        "kubernetes",        "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90-TCP-80-331d4fc1-7e80-47a7-a6a0-6cef54c37b6c"    ],    "uuid": "3ed542dc-cbc5-4b47-aeb7-c35f8443a672",    "parent_type": "project",    "perms2": {        "owner": "None",        "owner_access": 7,        "global_access": 0,        "share": []    },    "loadbalancer_listener_refs": [        {            "to": [                "default-domain",                "kubernetes",                "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90-TCP-80-331d4fc1-7e80-47a7-a6a0-6cef54c37b6c"            ],            "href": "http://127.0.0.1:8082/loadbalancer-listener/331d4fc1-7e80-47a7-a6a0-6cef54c37b6c",            "attr": null,            "uuid": "331d4fc1-7e80-47a7-a6a0-6cef54c37b6c"        }    ],    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2018-01-12T15:21:05.646375",        "uuid": {            "uuid_mslong": 4527598516469844807,            "uuid_lslong": 12589746098345846386        },        "user_visible": true,        "last_modified": "2018-01-12T15:21:05.646375",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "loadbalancer_pool_properties": {        "status": null,        "protocol": "TCP",        "subnet_id": null,        "session_persistence": null,        "admin_state": true,        "persistence_cookie_name": null,        "status_description": null,        "loadbalancer_method": null    },    "display_name": "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90-TCP-80-331d4fc1-7e80-47a7-a6a0-6cef54c37b6c"}
    

    LB Member

    {    "fq_name": [        "default-domain",        "kubernetes",        "svc-dev-web__34f826d8-f7ac-11e7-9dbb-98f2b3a33b90-TCP-80-331d4fc1-7e80-47a7-a6a0-6cef54c37b6c",        "53d85c7f-6b13-482e-8706-92142bfa2543"    ],    "uuid": "53d85c7f-6b13-482e-8706-92142bfa2543",    "parent_type": "loadbalancer-pool",    "perms2": {        "owner": "None",        "owner_access": 7,        "global_access": 0,        "share": []    },    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2018-01-12T15:21:05.811773",        "uuid": {            "uuid_mslong": 6041680602444548142,            "uuid_lslong": 9729624660315350339        },        "user_visible": true,        "last_modified": "2018-01-12T15:21:05.830431",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "display_name": "53d85c7f-6b13-482e-8706-92142bfa2543",    "loadbalancer_member_properties": {        "status": null,        "status_description": null,        "weight": 1,        "admin_state": true,        "address": null,        "protocol_port": 80    },    "annotations": {        "key_value_pair": [            {                "key": "vm",                "value": "708154c6-f7ab-11e7-a9df-98f2b3a36be0"            },            {                "key": "vmi",                "value": "5a1fc03e-f7ab-11e7-8f66-52540065dced"            }        ]    }}
    

    B.4 外部FIP

    {    "project_refs": [        {            "to": [                "default-domain",                "kubernetes"            ],            "href": "http://127.0.0.1:8082/project/46c31b9b-d21c-4c27-9445-6c94db948b6d",            "attr": null,            "uuid": "46c31b9b-d21c-4c27-9445-6c94db948b6d"        }    ],    "fq_name": [        "default-domain",        "kubernetes",        "BGP",        "BGP",        "svc-dev-web__1526aa69-f7bf-11e7-9dbb-98f2b3a33b90120.136.134.67-externalIP"    ],    "uuid": "ac091da2-28d7-467f-bd49-10edb2885219",    "floating_ip_port_mappings": {        "port_mappings": [            {                "protocol": "TCP",                "src_port": 80,                "dst_port": 80            }        ]    },    "parent_type": "floating-ip-pool",    "perms2": {        "owner": "None",        "owner_access": 7,        "global_access": 0,        "share": []    },    "id_perms": {        "enable": true,        "description": null,        "creator": null,        "created": "2018-01-12T17:36:13.280888",        "uuid": {            "uuid_mslong": 12396472031621105279,            "uuid_lslong": 13639451559556829721        },        "user_visible": true,        "last_modified": "2018-01-12T17:36:13.424379",        "permissions": {            "owner": "cloud-admin",            "owner_access": 7,            "other_access": 7,            "group": "cloud-admin-group",            "group_access": 7        }    },    "floating_ip_address": "120.136.134.67",    "virtual_machine_interface_refs": [        {            "to": [                "default-domain",                "kubernetes",                "dev-web-669n0__59f3d2a8-f7ab-11e7-8f66-52540065dced"            ],            "href": "http://127.0.0.1:8082/virtual-machine-interface/59f3d2a8-f7ab-11e7-8f66-52540065dced",            "attr": null,            "uuid": "59f3d2a8-f7ab-11e7-8f66-52540065dced"        },        {            "to": [                "default-domain",                "kubernetes",                "svc-dev-web__78f5adca-cbfe-422a-810c-bb3be9c15589"            ],            "href": "http://127.0.0.1:8082/virtual-machine-interface/78f5adca-cbfe-422a-810c-bb3be9c15589",            "attr": null,            "uuid": "78f5adca-cbfe-422a-810c-bb3be9c15589"        },        {            "to": [                "default-domain",                "kubernetes",                "dev-web-k528t__5a1fc03e-f7ab-11e7-8f66-52540065dced"            ],            "href": "http://127.0.0.1:8082/virtual-machine-interface/5a1fc03e-f7ab-11e7-8f66-52540065dced",            "attr": null,            "uuid": "5a1fc03e-f7ab-11e7-8f66-52540065dced"        }    ],    "floating_ip_port_mappings_enable": true,    "display_name": "svc-dev-web__1526aa69-f7bf-11e7-9dbb-98f2b3a33b90120.136.134.67-externalIP",    "floating_ip_traffic_direction": "ingress"}
    

    推荐阅读

    Tungsten Fabric解决方案指南-Gateway MX

    “Tungsten Fabric+K8s集成指南”系列文章——

    第一篇:部署准备与初始状态
    第二篇:创建虚拟网络
    第三篇:创建安全策略
    第四篇:创建隔离命名空间

    “Tungsten Fabric+K8s轻松上手”系列文章——
    第一篇:TF Carbide 评估指南--准备篇
    第二篇:通过Kubernetes的服务进行基本应用程序连接
    第三篇:通过Kubernetes Ingress进行高级外部应用程序连接
    第四篇:通过Kubernetes命名空间实现初步的应用程序隔离
    第五篇:通过Kubernetes网络策略进行应用程序微分段


Log in to reply