英文:
Send outbound SNMP alarms with static IP from pod in Kubernetes
问题
我有一个位于Kubernetes集群内的Pod,需要通过SNMP向外部网络管理系统发送警报。然而,外部系统只能识别该Pod,如果它保持一个稳定的IP地址。考虑到Pod的短暂性质,是否有可能将请求发送/重定向到具有静态IP的集群外系统?
到目前为止,我所能收集的信息只提出了如何通过服务等方式从集群外部访问Pod的解决方案。我找到了以下答案,建议使用出口网关,但没有提供如何解决这个问题的详细信息。
英文:
I have a pod within a Kubernetes cluster that needs to send alarms via SNMP to an external network management system. However, the external system will only be able to identify the pod if it keeps a stable IP address. Considering the ephermal nature of pods, would it be possible to send/redirect requests to a system outside of the cluster with a static IP?
The information I could gather by now only proposed solutions on how to reach the pod from outside the cluster with e.g. Services. I found the following answer that suggests using an egress gateway, but not much information is provided on how to approach the issue.
答案1
得分: 1
一种可行的解决方案是利用在此处定义的出口路由器资源1,它使用专用源IP地址将流量重定向到指定的IP地址:
apiVersion: v1
kind: Pod
metadata:
name: egress-1
labels:
name: egress-1
annotations:
pod.network.openshift.io/assign-macvlan: "true"
spec:
initContainers:
- name: egress-router
image: registry.redhat.io/openshift4/ose-egress-router
securityContext:
privileged: true
env:
- name: EGRESS_SOURCE
value: <egress_router>
- name: EGRESS_GATEWAY
value: <egress_gateway>
- name: EGRESS_DESTINATION
value: <egress_destination>
- name: EGRESS_ROUTER_MODE
value: init
containers:
- name: egress-router-wait
image: registry.redhat.io/openshift4/ose-pod
示例配置如下:
apiVersion: v1
kind: Pod
metadata:
name: egress-multi
labels:
name: egress-multi
annotations:
pod.network.openshift.io/assign-macvlan: "true"
spec:
initContainers:
- name: egress-router
image: registry.redhat.io/openshift4/ose-egress-router
securityContext:
privileged: true
env:
- name: EGRESS_SOURCE
value: 192.168.12.99/24
- name: EGRESS_GATEWAY
value: 192.168.12.1
- name: EGRESS_DESTINATION
value: |
203.0.113.25
- name: EGRESS_ROUTER_MODE
value: init
containers:
- name: egress-router-wait
image: registry.redhat.io/openshift4/ose-pod
出口路由器 Pod 通过一个 Service 暴露,并与需要发送出站 SNMP 捕获的应用程序关联:
apiVersion: v1
kind: Service
metadata:
name: egress-1
spec:
ports:
- name: snmp
port: 162
type: ClusterIP
selector:
name: egress-1
应用程序将 SNMP 捕获发送到暴露出口路由器 Pod 的 Service 的 ClusterIP/Service-Name,然后该 Pod 会将请求重定向到指定的远程服务器。一旦重定向,源 IP 将更改为出口路由器资源中指定的源 IP。有关在重定向模式下实施出口路由器的更多信息,请参阅这里。
请注意,根据您的网络配置,您可能需要将 assign-macvlan 字段配置为不同的 NIC 接口,并将其设置为该接口的名称,例如 eth1。
英文:
One viable solution is to utilize an Egress Router resource defined here, which redirects traffic to a specified IP using a dedicated source IP address:
apiVersion: v1
kind: Pod
metadata:
name: egress-1
labels:
name: egress-1
annotations:
pod.network.openshift.io/assign-macvlan: "true"
spec:
initContainers:
- name: egress-router
image: registry.redhat.io/openshift4/ose-egress-router
securityContext:
privileged: true
env:
- name: EGRESS_SOURCE
value: <egress_router>
- name: EGRESS_GATEWAY
value: <egress_gateway>
- name: EGRESS_DESTINATION
value: <egress_destination>
- name: EGRESS_ROUTER_MODE
value: init
containers:
- name: egress-router-wait
image: registry.redhat.io/openshift4/ose-pod
An example configuration looks like follows:
apiVersion: v1
kind: Pod
metadata:
name: egress-multi
labels:
name: egress-multi
annotations:
pod.network.openshift.io/assign-macvlan: "true"
spec:
initContainers:
- name: egress-router
image: registry.redhat.io/openshift4/ose-egress-router
securityContext:
privileged: true
env:
- name: EGRESS_SOURCE
value: 192.168.12.99/24
- name: EGRESS_GATEWAY
value: 192.168.12.1
- name: EGRESS_DESTINATION
value: |
203.0.113.25
- name: EGRESS_ROUTER_MODE
value: init
containers:
- name: egress-router-wait
image: registry.redhat.io/openshift4/ose-pod
The Egress Router pod is exposed by a Service and linked to the application that needs to send outbound SNMP traps:
apiVersion: v1
kind: Service
metadata:
name: egress-1
spec:
ports:
- name: snmp
port: 162
type: ClusterIP
selector:
name: egress-1
The application sends the SNMP trap to the ClusterIP/Service-Name of the Service exposing the Egress Router pod, and the pod redirects the request to the specified remote server. Once redirected, the source IP is changed to the Source IP specified in the Egress Router resource. For more information on implementing the egress router in redirection mode, see here.
Note that depending on your network configuration, you might need to configure the assign-macvlan field to a different NIC interface and set it to the name of that interface, e.g. eth1.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论