Kubernetes Pod 网段与主机内网网段互通

开发环境的需求

开发环境部署 K8s 后，服务器会部署在 K8s 里，通常 Pod 网段被隔离，主机无法访问

实际开发需求，往往需要当前开发调试的服务主机本地部署，其他服则在 K8s 内

因此，使用 K8s ，必然有开发环境网段要和 Pod 网段互通

flannel host-gw 模式

默认安装 flannel 网络插件，用的是vxlan模式，该模式 Pod 网段是隔离的

可以换成host-gw模式，即可达成需求，限制条件是：

K8s集群在同个局域网内

host-gw模式，可以让该局域网内主机和 Pod 互通

细节

执行以下脚本：

wget https://github.com/flannel-io/flannel/releases/download/v0.23.0/kube-flannel.yml
sed -i 's/"Type": "vxlan"/"Type": "host-gw"/g' kube-flannel.yml
kubectl apply -f kube-flannel.yml

验证

查看 pod busybox-deployment-86d4bf5956-d4xlv 的 ip : 10.244.0.61

❯ kubectl exec -it busybox-deployment-86d4bf5956-d4xlv -- ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0@if67: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue 
    link/ether 8e:38:e9:2e:95:c5 brd ff:ff:ff:ff:ff:ff
    inet 10.244.0.61/24 brd 10.244.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::8c38:e9ff:fe2e:95c5/64 scope link 
       valid_lft forever preferred_lft forever

查看主机的 IP 192.168.3.177：

❯ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:03:0e:00 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.177/24 brd 192.168.3.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fe03:e00/64 scope link 
       valid_lft forever preferred_lft forever

主机 ping pod busybox-deployment-86d4bf5956-d4xlv

❯ ping 10.244.0.61
PING 10.244.0.61 (10.244.0.61) 56(84) bytes of data.
64 bytes from 10.244.0.61: icmp_seq=1 ttl=64 time=0.159 ms
64 bytes from 10.244.0.61: icmp_seq=2 ttl=64 time=0.066 ms
64 bytes from 10.244.0.61: icmp_seq=3 ttl=64 time=0.063 ms
^C
--- 10.244.0.61 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2035ms
rtt min/avg/max/mdev = 0.063/0.096/0.159/0.044 ms

pod busybox-deployment-86d4bf5956-d4xlv ping 主机

❯ kubectl exec -it busybox-deployment-86d4bf5956-d4xlv -- ping 192.168.3.177
PING 192.168.3.177 (192.168.3.177): 56 data bytes
64 bytes from 192.168.3.177: seq=0 ttl=64 time=0.155 ms
64 bytes from 192.168.3.177: seq=1 ttl=64 time=0.178 ms
^C
--- 192.168.3.177 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.155/0.166/0.178 ms