Kubernetes集群中验证集群网络

容器云技术

在Kubernetes集群中验证网络是否好用,一般从以下几个方面入手:

  1. 相同主机上的不同Pod之间的网络连通性;
  2. 不同主机上的不同Pod之间的网络连通性;
  3. 不同主机上的Pod中能否解析Kubernetes集群中的DNS记录。

为了顺利完成上述验证,需要准备一个验证环境。下面先介绍一下,如何构建这样一个网络验证环境,然后再介绍如何验证网络。

一、构建集群网络验证环境

1. 构建网络验证环境基础镜像

Alpine 3.8 Dockerfile Example

1
2
3
4
5
FROM alpine:3.8

MAINTAINER wangxin_0611@126.com

RUN apk add --no-cache ca-certificates bind-tools iputils iproute2 net-tools tcpdump

Ubuntu 16.04 Dockerfile Example

1
2
3
4
5
6
7
8
9
10
FROM ubuntu:16.04

MAINTAINER wangxin_0611@126.com

RUN apt-get update && \
    apt-get install -y iproute2 && \
    apt-get install -y dnsutils && \
    apt-get install -y net-tools && \
    apt-get install -y iputils-ping && \
    apt-get install -y tcpdump

CentOS 7.5.1804 Dockerfile Example

1
2
3
4
5
6
7
8
9
10
FROM centos:7.5.1804

MAINTAINER wangxin_0611@126.com

RUN yum makecache fast && \
    yum install -y iproute && \
    yum install -y bind-utils && \
    yum install -y net-tools && \
    yum install -y iputils && \
    yum install -y tcpdump

2. 利用基础镜像在各个宿主机上部署一个Pod,对于该种情况,利用DaemonSet实现最为合适。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: network
  namespace: default
spec:
  selector:
    matchLabels:
      app: network
  template:
    metadata:
      labels:
        app: network
    spec:
      containers:
      - name: network
        image: 10.0.55.126/base/alpine:3.8-network
        imagePullPolicy: IfNotPresent
        command:
        - sleep
        - "3600"
      restartPolicy: Always
      tolerations:
      - effect: NoSchedule
        operator: Exists

创建后,查看DaemonSet和其对应的Pod信息如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@master alpine]# kubectl get daemonsets
NAME             DESIRED   CURRENT   READY     UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
network          9         9         9         9            9           <none>          1m
[root@master alpine]# kubectl get pods -o wide
NAME                   READY     STATUS    RESTARTS   AGE       IP              NODE
network-76xzk          1/1       Running   0          1m        10.211.3.42     node03
network-79dzf          1/1       Running   0          1m        10.211.2.195    node02
network-ftn7g          1/1       Running   0          1m        10.211.4.25     node04
network-jbr8g          1/1       Running   0          1m        10.211.13.187   node07
network-kflgv          1/1       Running   0          1m        10.211.0.153    master
network-mvqlx          1/1       Running   0          1m        10.211.14.97    node08
network-nbzsc          1/1       Running   0          1m        10.211.12.94    node06
network-rxc2f          1/1       Running   0          1m        10.211.6.5      node05
network-w89xg          1/1       Running   0          1m        10.211.1.240    node01

二、验证集群网络

1. 进入master上对应的Pod后,ping各个Node上对应的Pod的IP地址,以此验证连通性;

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[root@master alpine]# kubectl exec -it network-kflgv /bin/sh
/ # ping -c 4 10.211.1.240
PING 10.211.1.240 (10.211.1.240) 56(84) bytes of data.
64 bytes from 10.211.1.240: icmp_seq=1 ttl=62 time=0.575 ms
64 bytes from 10.211.1.240: icmp_seq=2 ttl=62 time=0.374 ms
64 bytes from 10.211.1.240: icmp_seq=3 ttl=62 time=0.445 ms
64 bytes from 10.211.1.240: icmp_seq=4 ttl=62 time=0.380 ms

--- 10.211.1.240 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3103ms
rtt min/avg/max/mdev = 0.374/0.443/0.575/0.083 ms
/ # ping -c 4 10.211.2.195
PING 10.211.2.195 (10.211.2.195) 56(84) bytes of data.
64 bytes from 10.211.2.195: icmp_seq=1 ttl=62 time=0.390 ms
64 bytes from 10.211.2.195: icmp_seq=2 ttl=62 time=0.544 ms
64 bytes from 10.211.2.195: icmp_seq=3 ttl=62 time=0.460 ms
64 bytes from 10.211.2.195: icmp_seq=4 ttl=62 time=0.483 ms

--- 10.211.2.195 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3064ms
rtt min/avg/max/mdev = 0.390/0.469/0.544/0.057 ms
/ # ping -c 4 10.211.3.42
PING 10.211.3.42 (10.211.3.42) 56(84) bytes of data.
64 bytes from 10.211.3.42: icmp_seq=1 ttl=62 time=0.598 ms
64 bytes from 10.211.3.42: icmp_seq=2 ttl=62 time=0.463 ms
64 bytes from 10.211.3.42: icmp_seq=3 ttl=62 time=0.530 ms
64 bytes from 10.211.3.42: icmp_seq=4 ttl=62 time=0.426 ms

以此类推 。。。。。。

2. 验证各个Pod中能否解析Kubernetes集群中的DNS记录。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
[root@master alpine]# kubectl exec -it network-kflgv /bin/sh
/ # nslookup kubernetes.default
Server:		10.96.0.10
Address:	10.96.0.10#53

Name:	kubernetes.default.svc.cluster.local
Address: 10.96.0.1

[root@master alpine]# kubectl exec -it network-w89xg /bin/sh
/ # nslookup kubernetes.default
Server:		10.96.0.10
Address:	10.96.0.10#53

Name:	kubernetes.default.svc.cluster.local
Address: 10.96.0.1

[root@master alpine]# kubectl exec -it network-79dzf /bin/sh
/ # nslookup kubernetes.default
Server:		10.96.0.10
Address:	10.96.0.10#53

Name:	kubernetes.default.svc.cluster.local
Address: 10.96.0.1

[root@master alpine]# kubectl exec -it network-76xzk /bin/sh
/ # nslookup kubernetes.default
Server:		10.96.0.10
Address:	10.96.0.10#53

Name:	kubernetes.default.svc.cluster.local
Address: 10.96.0.1

以此类推 。。。。。。