Raven
本文将介绍如何安装Raven和使用Raven来增强边缘集群中的边-边和边-云网络打通能力。
假设你已经有了一个边缘kubernetes集群,节点分布在不同的物理区域,并且已经在这个集群中部署了Raven Controller Manager,有关Raven Controller Manager的详细信息在这里可以找到。
1. 节点打标区分不同网络域
如下所示,假设你的边缘集群中有五个节点,分布在三个不同的物理(网络)区域,其中节点master节点为云端节点。
$ kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP
hhht-node1 Ready <none> 20d v1.16.2 10.48.115.9
hhht-node2 Ready <none> 20d v1.16.2 10.48.115.10
master Ready master 20d v1.16.2 10.48.115.8
wlcb-node1 Ready <none> 20d v1.16.2 10.48.115.11
wlcb-node2 Ready <none> 20d v1.16.2 10.48.115.12
我们对位于不同物理(网络)区域节点,分别使用一个Gateway CR来进行管理。通过给节点打标的方式,来标识节点由哪个Gateway管理。
通过如下命�令,我们给位于cn-huhehaote的节点打gw-hhht的标签,来表明这些节点是由gw-hhht这个Gateway CR来管理的。
$ kubectl label nodes hhht-node1 hhht-node2 raven.openyurt.io/gateway=gw-hhht
hhht-node1 labeled
hhht-node2 labeled
同样地,我们分别为位于云端节点和cn-huhehaote的节点打上gw-cloud和gw-wlcb的标签。
$ kubectl label nodes master raven.openyurt.io/gateway=gw-cloud
master labeled
$ kubectl label nodes wlcb-node1 wlcb-node2 raven.openyurt.io/gateway=gw-wlcb
wlcb-node1 labeled
wlcb-node2 labeled
安装Raven Agent
运行如下命令安装最新版本:
git clone https://github.com/openyurtio/raven.git
cd raven
make deploy
运行如下命令,检查相应的Raven Agent的Pod是否成功运行。
$ kubectl get pod -n kube-system | grep raven-agent-ds
raven-agent-ds-2jw47 1/1 Running 0 91s
raven-agent-ds-bq8zc 1/1 Running 0 91s
raven-agent-ds-cj7k4 1/1 Running 0 91s
raven-agent-ds-p9fk9 1/1 Running 0 91s
raven-agent-ds-rlb9q 1/1 Running 0 91s
2. 如何使用
2.1 Gateways
- 创建的Gateway CR
$ cat <<EOF | kubectl apply -f -
apiVersion: raven.openyurt.io/v1alpha1
kind: Gateway
metadata:
name: gw-hhht
spec:
endpoints:
- nodeName: hhht-node1
underNAT: true
- nodeName: hhht-node2
underNAT: true
---
apiVersion: raven.openyurt.io/v1alpha1
kind: Gateway
metadata:
name: gw-cloud
spec:
endpoints:
- nodeName: master
underNAT: false
---
apiVersion: raven.openyurt.io/v1alpha1
kind: Gateway
metadata:
name: gw-wlcb
spec:
endpoints:
- nodeName: wlcb-node1
underNAT: true
- nodeName: wlcb-node2
underNAT: true
EOF
- 查看各个Gateway CR的状态
$ kubectl get gateways
NAME ACTIVEENDPOINT
gw-hhht hhht-node1
gw-master master
gw-wlcb wlcb-node1
2.2 测试位于不同网络域的Pod网络联通性
- 创建测试Pod
$ cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: fedora-1
spec:
nodeName: hhht-node2
containers:
- name: fedora
image: njucjc/fedora:latest
imagePullPolicy: Always
---
apiVersion: v1
kind: Pod
metadata:
name: fedora-2
spec:
nodeName: wlcb-node2
containers:
- name: fedora
image: njucjc/fedora:latest
imagePullPolicy: Always
EOF
- 确定测试Pod正常运行
$ kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
fedora-1 1/1 Running 0 46s 10.14.10.67 hhht-node2 <none> <none>
fedora-2 1/1 Running 0 46s 10.14.2.70 wlcb-node2 <none> <none>
- 测试跨网络域的Pod网络联通
$ kubectl exec -it fedora-1 -- bash
[root@fedora-1]# ping 10.14.2.70 -c 4
PING 10.14.2.70 (10.14.2.70) 56(84) bytes of data.
64 bytes from 10.14.2.70: icmp_seq=1 ttl=60 time=32.2 ms
64 bytes from 10.14.2.70: icmp_seq=2 ttl=60 time=32.2 ms
64 bytes from 10.14.2.70: icmp_seq=3 ttl=60 time=32.0 ms
64 bytes from 10.14.2.70: icmp_seq=4 ttl=60 time=32.1 ms
--- 10.14.2.70 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 32.047/32.136/32.246/0.081 ms