Open Virtual Networking (OVN)

ovn-kubernetes 提供了一个ovs OVN 网络插件,支持 underlay 和 overlay 两种模式。

  • underlay:容器运行在虚拟机中,而ovs则运行在虚拟机所在的物理机上,OVN将容器网络和虚拟机网络连接在一起
  • overlay:OVN通过logical overlay network连接所有节点的容器,此时ovs可以直接运行在物理机或虚拟机上

Overlay模式

OVN - 图1

配置master

  1. # start ovn
  2. /usr/share/openvswitch/scripts/ovn-ctl start_northd
  3. /usr/share/openvswitch/scripts/ovn-ctl start_controller
  5. # start ovnkube
  6. nohup sudo ovnkube -k8s-kubeconfig kubeconfig.yaml -net-controller \
  7.  -loglevel=4 \
  8.  -k8s-apiserver="http://$CENTRAL_IP:8080" \
  9.  -logfile="/var/log/openvswitch/ovnkube.log" \
  10.  -init-master=$NODE_NAME -cluster-subnet="$CLUSTER_IP_SUBNET" \
  11.  -service-cluster-ip-range=$SERVICE_IP_SUBNET \
  12.  -nodeport \
  13.  -nb-address="tcp://$CENTRAL_IP:6631" \
  14.  -sb-address="tcp://$CENTRAL_IP:6632" 2>&1 &

配置Node

  1. nohup sudo ovnkube -k8s-kubeconfig kubeconfig.yaml -loglevel=4 \
  2.     -logfile="/var/log/openvswitch/ovnkube.log" \
  3.     -k8s-apiserver="http://$CENTRAL_IP:8080" \
  4.     -init-node="$NODE_NAME"  \
  5.     -nodeport \
  6.     -nb-address="tcp://$CENTRAL_IP:6631" \
  7.     -sb-address="tcp://$CENTRAL_IP:6632" -k8s-token="$TOKEN" \
  8.     -init-gateways \
  9.     -service-cluster-ip-range=$SERVICE_IP_SUBNET \
  10.     -cluster-subnet=$CLUSTER_IP_SUBNET 2>&1 &

CNI插件原理

ADD操作

  • ovn annotation获取ip/mac/gateway
  • 在容器netns中配置接口和路由
  • 添加ovs端口
  1. ovs-vsctl add-port br-int veth_outside \
  2.   --set interface veth_outside \
  3.     external_ids:attached_mac=mac_address \
  4.     external_ids:iface-id=namespace_pod \
  5.     external_ids:ip_address=ip_address

DEL操作

  1. ovs-vsctl del-port br-int port

Underlay模式

暂未实现。

OVN 安装方法

所有节点配置安装源并安装公共依赖

  1. sudo apt-get install apt-transport-https
  2. echo "deb https://packages.wand.net.nz $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/wand.list
  3. sudo curl https://packages.wand.net.nz/keyring.gpg -o /etc/apt/trusted.gpg.d/wand.gpg
  4. sudo apt-get update
  6. sudo apt-get build-dep dkms
  7. sudo apt-get install python-six openssl python-pip -y
  8. sudo -H pip install --upgrade pip
  10. sudo apt-get install openvswitch-datapath-dkms -y
  11. sudo apt-get install openvswitch-switch openvswitch-common -y
  12. sudo -H pip install ovs

Master 节点安装 ovn-central

  1. sudo apt-get install ovn-central ovn-common ovn-host -y

Node 节点安装 ovn-host

  1. sudo apt-get install ovn-host ovn-common -y

参考文档