主页 / user-575124

figarcia's questions

Martin Hope
figarcia
Asked: 2020-05-17 16:04:27 +0800 CST
  • 1

我正在尝试在 Google Cloud 上安装以下平台:

2 个私有(原生)GKE 集群,位于 2 个不同的 VPC 中,为了让它们能够访问互联网,每个 vpc 都配置了一个 Cloud Nat。

我需要的是 2 个 GKE 集群交互,但对等 VPC,我只能在 POD 之间进行通信,而不是在 POD -> 服务或 POD -> 内部负载均衡器之间进行通信。

集群:

NAME     LOCATION      MASTER_VERSION  MASTER_IP        MACHINE_TYPE  NODE_VERSION   NUM_NODES  STATUS
Shrek01  asia-east1-a  1.16.8-gke.15   <none>           g1-small      1.16.8-gke.15  3          RUNNING
Shrek02  asia-east2-a  1.15.9-gke.24   <none>           g1-small      1.15.9-gke.24  3          RUNNING

虚拟个人电脑:

NAME         SUBNET_MODE  BGP_ROUTING_MODE  IPV4_RANGE  GATEWAY_IPV4
Shrek01      CUSTOM       REGIONAL
Shrek02      CUSTOM       REGIONAL

子网:

NAME                REGION        NETWORK      RANGE
Shrek01             asia-east1    Shrek01      192.168.13.0/24
Shrek02             asia-east2    Shrek02      192.168.14.0/24

对等:

NAME                                     NETWORK      PEER_PROJECT                  PEER_NETWORK                            AUTO_CREATE_ROUTES  STATE   STATE_DETAILS
Shrek01-Shrek01-peering                  Shrek01      pocprod2-2019001              Shrek02                                 True                ACTIVE  [2020-05-16T14:29:57.864-07:00]: Connected.
Shrek02-Shrek01-peering                  Shrek02      pocprod2-2019001              Shrek01                                 True                ACTIVE  [2020-05-16T14:29:57.864-07:00]: Connected.

防火墙规则:

  • “Shrek01-对等入口”
{
  "allowed": [
    {
      "IPProtocol": "all"
    }
  ],
  "creationTimestamp": "2020-05-16T16:05:14.829-07:00",
  "description": "",
  "direction": "INGRESS",
  "disabled": false,
  "id": "6807007164648771397",
  "kind": "compute#firewall",
  "logConfig": {
    "enable": false
  },
  "name": "peering-ingress",
  "network": "https://www.googleapis.com/compute/v1/projects/pocprod2-2019001/global/networks/Shrek01",
  "priority": 1000,
  "selfLink": "https://www.googleapis.com/compute/v1/projects/pocprod2-2019001/global/firewalls/peering-ingress",
  "sourceRanges": [
    "192.168.14.0/24",
    "10.113.64.0/19",
    "10.213.64.0/19"
  ]
}
  • “Shrek02-对等入口”
{
  "allowed": [
    {
      "IPProtocol": "all"
    }
  ],
  "creationTimestamp": "2020-05-16T16:24:28.545-07:00",
  "description": "",
  "direction": "INGRESS",
  "disabled": false,
  "id": "7130188648920500419",
  "kind": "compute#firewall",
  "logConfig": {
    "enable": false
  },
  "name": "Shrek02-peering-ingress",
  "network": "https://www.googleapis.com/compute/v1/projects/pocprod2-2019001/global/networks/Shrek02",
  "priority": 1000,
  "selfLink": "https://www.googleapis.com/compute/v1/projects/pocprod2-2019001/global/firewalls/Shrek02-peering-ingress",
  "sourceRanges": [
    "192.168.13.0/24",
    "10.113.32.0/19",
    "10.213.32.0/19"
  ]
}

k8s Shrek01集群:

  • kubectl get svc -o wide
NAME         TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)        AGE   SELECTOR
kubernetes   ClusterIP      10.213.32.1    <none>         443/TCP        85m   <none>
nginx        LoadBalancer   10.213.60.14   192.168.13.7   80:32612/TCP   92s   app=nginx
nginx-cip    ClusterIP      10.213.34.24   <none>         80/TCP         93s   app=nginx
nginx-np     NodePort       10.213.35.31   <none>         80:30444/TCP   92s   app=nginx
  • kubectl get pod -o wide
NAME                     READY   STATUS    RESTARTS   AGE     IP             NODE                                     NOMINATED NODE   READINESS GATES
nginx-64b4f9bb85-9sjcp   1/1     Running   0          3m34s   10.113.34.11   gke-Shrek01-default-pool-f9ecbfcc-dz9z   <none>           <none>
nginx-64b4f9bb85-l2bzd   1/1     Running   0          3m34s   10.113.32.5    gke-Shrek01-default-pool-f9ecbfcc-pdll   <none>           <none>
nginx-64b4f9bb85-xd7kw   1/1     Running   0          3m34s   10.113.33.9    gke-Shrek01-default-pool-f9ecbfcc-v67d   <none>           <none>
  • kubectl get nodes -o wide
NAME                                     STATUS   ROLES    AGE   VERSION          INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                             KERNEL-VERSION   CONTAINER-RUNTIME
gke-Shrek01-default-pool-f9ecbfcc-dz9z   Ready    <none>   89m   v1.16.8-gke.15   192.168.13.4                 Container-Optimized OS from Google   4.19.109+        docker://19.3.1
gke-Shrek01-default-pool-f9ecbfcc-pdll   Ready    <none>   89m   v1.16.8-gke.15   192.168.13.2                 Container-Optimized OS from Google   4.19.109+        docker://19.3.1
gke-Shrek01-default-pool-f9ecbfcc-v67d   Ready    <none>   89m   v1.16.8-gke.15   192.168.13.3                 Container-Optimized OS from Google   4.19.109+        docker://19.3.1
  • 从 Shrek02 的 pod 检查:
root@nginx-5c66c56f55-8jwv2:/# echo ${MY_POD_IP} 
10.113.66.9

# internal load balancer
root@nginx-5c66c56f55-8jwv2:/# nc -vz 192.168.13.7 80
192.168.13.7: inverse host lookup failed: Unknown host
(UNKNOWN) [192.168.13.7] 80 (?) : Connection timed out

# intarnal load balancer's Cluster IP
root@nginx-5c66c56f55-8jwv2:/# nc -vz 10.213.60.14 80
10.213.60.14: inverse host lookup failed: Unknown host
(UNKNOWN) [10.213.60.14] 80 (?) : Connection timed out

# ClusterIP
root@nginx-5c66c56f55-8jwv2:/# nc -vz 10.213.34.24 80
10.213.34.24: inverse host lookup failed: Unknown host
(UNKNOWN) [10.213.34.24] 80 (?) : Connection timed out

# NodePort 
root@nginx-5c66c56f55-8jwv2:/# nc -vz 10.213.35.31 80
10.213.35.31: inverse host lookup failed: Unknown host
(UNKNOWN) [10.213.35.31] 80 (?) : Connection timed out

# Pod IP
root@nginx-5c66c56f55-8jwv2:/# nc -vz 10.113.34.11 80
10.113.34.11: inverse host lookup failed: Unknown host
(UNKNOWN) [10.113.34.11] 80 (?) open

root@nginx-5c66c56f55-8jwv2:/# nc -vz 10.113.32.5 80
10.113.32.5: inverse host lookup failed: Unknown host
(UNKNOWN) [10.113.32.5] 80 (?) open

root@nginx-5c66c56f55-8jwv2:/# nc -vz 10.113.33.9 80
10.113.33.9: inverse host lookup failed: Unknown host
(UNKNOWN) [10.113.33.9] 80 (?) open

我忘了任何步骤吗?我没发现错误。

google-cloud-platform private kubernetes google-kubernetes-engine vpc-peering