为特定 IP 和端口路由 kubernetes pod 传出流量
[英]route kubernetes pod outgoing traffic for a specific IP and port
问题描述
We have a pod which is trying to reach an IP ( 192.168.xx.xx ) which is out side the kubernetes cluster.
我们有一个 pod 试图到达 kubernetes 集群之外的 IP ( 192.168.xx.xx )。 IP its trying to reach is the the Internal IP of an external entity which can be reached normally only using the external IP ( 10.110.xx.xx ). IP 它试图到达的是外部实体的内部 IP,只有使用外部 IP ( 10.110.xx.xx ) 才能正常到达。
We have defined the routes (using iptables ) on worker/master nodes to redirect the Internal IP to External one.我们已经在工作/主节点上定义了路由(使用iptables ),以将内部 IP 重定向到外部。 This redirect works fine on worker/master host level but kubernetes pod does not use these.此重定向在工作/主主机级别上运行良好,但 kubernetes pod 不使用这些。 Is there a way to implement this on pod level as well or make pod use the routes from host?有没有办法在 pod 级别实现这一点,或者让 pod 使用来自主机的路由? (i know using a hostnetwork in pod is an option but unfortunately we cant use it) (我知道在 pod 中使用主机网络是一种选择,但不幸的是我们不能使用它)
iptables are updated like below, iptables更新如下,
iptables -t nat -A OUTPUT -p tcp -d 192.168.xx.xx -j DNAT --to-destination 10.110.xx.xx
iptables -t nat -A OUTPUT -p tcp -d 192.168.xx.xx --dport 10550 -j DNAT --to-destination 10.110.xx.xx:10550
1 个解决方案
解决方案1
0 2021-05-31 09:32:04
The answer is probably "yes but it's really complicated".答案可能是“是的,但它真的很复杂”。 This would depend deeply on your CNI plugin and how it works.这将在很大程度上取决于您的 CNI 插件及其工作方式。 There's no single standard for how pod networks are allocated or configured. Pod 网络的分配或配置方式没有统一的标准。 You could probably do it via a privileged init container?您可能可以通过特权初始化容器来做到这一点? But if your break your CNI, you get to keep all the pieces.但是如果你破坏了你的 CNI,你就可以保留所有的部分。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.