15.5. 为 pod 分配出口 IP
运行以下命令来创建新项目:
$ oc new-project demo-egress-pod
运行以下命令,为 pod 创建出口规则:
注意spec.namespaceSelector是一个强制字段。$ cat <<EOF | oc apply -f - apiVersion: k8s.ovn.org/v1 kind: EgressIP metadata: name: demo-egress-pod spec: # NOTE: these egress IPs are within the subnet range(s) in which my worker nodes # are deployed. egressIPs: - 10.10.100.254 - 10.10.150.254 - 10.10.200.254 namespaceSelector: matchLabels: kubernetes.io/metadata.name: demo-egress-pod podSelector: matchLabels: run: demo-egress-pod EOF
15.5.1. 标记节点
运行以下命令来获取待处理的出口 IP 分配:
$ oc get egressips
输出示例
NAME EGRESSIPS ASSIGNED NODE ASSIGNED EGRESSIPS demo-egress-ns 10.10.100.253 demo-egress-pod 10.10.100.254
您创建的出口 IP 规则只适用于带有
k8s.ovn.org/egress-assignable标签的节点。确保该标签只在特定的机器池中。使用以下命令为您的机器池分配标签:
警告如果您依赖机器池的节点标签,这个命令会替换这些标签。务必在
--labels字段中输入所需标签,以确保您的节点标签保留。$ rosa update machinepool ${ROSA_MACHINE_POOL_NAME} \ --cluster="${ROSA_CLUSTER_NAME}" \ --labels "k8s.ovn.org/egress-assignable="
15.5.2. 查看出口 IP
运行以下命令,查看出口 IP 分配:
$ oc get egressips
输出示例
NAME EGRESSIPS ASSIGNED NODE ASSIGNED EGRESSIPS demo-egress-ns 10.10.100.253 ip-10-10-156-122.ec2.internal 10.10.150.253 demo-egress-pod 10.10.100.254 ip-10-10-156-122.ec2.internal 10.10.150.254
