我发现,直到几个月前,the "hostPort" configuration for Pods was not going to work with CNI based integrations . 这意味着,对于使用Calico的任何Kubernetes集群,无法直接暴露Pod 's port directly on a certain Node' s端口,而无需使用服务或标记 hostNetwork=true (这有点极端) .
从Kubernetes 1.7.0开始是可能的,但是有必要更改Calico配置以便让the new "portmap" CNI plugin进入,这是我正在尝试做的,但没有成功 . 我从一个新的IBM Bluemix Container Service集群开始 .
我的calico-node DaemonSet具有以下CNI_NETWORK_CONFIG环境变量:
{
"name": "k8s-pod-network",
"cniVersion": "0.3.1",
"type": "calico",
"etcd_endpoints": "__ETCD_ENDPOINTS__",
"etcd_key_file": "__ETCD_KEY_FILE__",
"etcd_cert_file": "__ETCD_CERT_FILE__",
"etcd_ca_cert_file": "__ETCD_CA_CERT_FILE__",
"log_level": "info",
"mtu": 1480,
"ipam": {
"type": "calico-ipam"
},
"policy": {
"type": "k8s",
"k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
"k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
},
"kubernetes": {
"kubeconfig": "__KUBECONFIG_FILEPATH__"
}
}
我在这里做的只是尝试用以下配置替换它:
{
"name": "k8s-pod-network",
"cniVersion": "0.3.1",
"plugins": [{
"type": "calico",
"etcd_endpoints": "__ETCD_ENDPOINTS__",
"etcd_key_file": "__ETCD_KEY_FILE__",
"etcd_cert_file": "__ETCD_CERT_FILE__",
"etcd_ca_cert_file": "__ETCD_CA_CERT_FILE__",
"log_level": "info",
"mtu": 1480,
"ipam": {
"type": "calico-ipam"
},
"policy": {
"type": "k8s",
"k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
"k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
},
"kubernetes": {
"kubeconfig": "__KUBECONFIG_FILEPATH__"
}
},
{
"type": "portmap",
"snat": true,
"capabilities": {
"portMappings": true
}
}
]
}
calico-node pods在强制重启后成功运行,但是我自己的Pod在初始化期间一直停留在"Pending"状态,事件"Error syncing pod"来自"kubelet NODE_IP" .
我对这个问题有所帮助 . 提前致谢 .
1 回答
你所看到的内容看起来是合理的,我认为问题可能是你需要将配置文件的名称从
.conf更改为.conflist. 有一些PR更改https://github.com/projectcalico/calico/pull/903用于在calico清单中启用hostport,您可以将其与您所做的进行比较 .如果你通过守护进程设置文件名,你应该删除主机上的先前配置文件,因为发布的install-cni容器没有清理以前的配置,我不确定kubelet将使用哪个配置文件 .