发送来自Kubernetes中Pod的静态IP的出站SNMP警报。

huangapple
go评论119阅读模式
英文:

Send outbound SNMP alarms with static IP from pod in Kubernetes

问题

我有一个位于Kubernetes集群内的Pod,需要通过SNMP向外部网络管理系统发送警报。然而,外部系统只能识别该Pod,如果它保持一个稳定的IP地址。考虑到Pod的短暂性质,是否有可能将请求发送/重定向到具有静态IP的集群外系统?

到目前为止,我所能收集的信息只提出了如何通过服务等方式从集群外部访问Pod的解决方案。我找到了以下答案,建议使用出口网关,但没有提供如何解决这个问题的详细信息。

英文:

I have a pod within a Kubernetes cluster that needs to send alarms via SNMP to an external network management system. However, the external system will only be able to identify the pod if it keeps a stable IP address. Considering the ephermal nature of pods, would it be possible to send/redirect requests to a system outside of the cluster with a static IP?

The information I could gather by now only proposed solutions on how to reach the pod from outside the cluster with e.g. Services. I found the following answer that suggests using an egress gateway, but not much information is provided on how to approach the issue.

答案1

得分: 1

一种可行的解决方案是利用在此处定义的出口路由器资源1,它使用专用源IP地址将流量重定向到指定的IP地址:

apiVersion: v1
kind: Pod
metadata:
  name: egress-1
  labels:
    name: egress-1
  annotations:
    pod.network.openshift.io/assign-macvlan: "true" 
spec:
  initContainers:
  - name: egress-router
    image: registry.redhat.io/openshift4/ose-egress-router
    securityContext:
      privileged: true
    env:
    - name: EGRESS_SOURCE 
      value: <egress_router>
    - name: EGRESS_GATEWAY 
      value: <egress_gateway>
    - name: EGRESS_DESTINATION 
      value: <egress_destination>
    - name: EGRESS_ROUTER_MODE
      value: init
  containers:
  - name: egress-router-wait
    image: registry.redhat.io/openshift4/ose-pod

示例配置如下:

apiVersion: v1
kind: Pod
metadata:
  name: egress-multi
  labels:
    name: egress-multi
  annotations:
    pod.network.openshift.io/assign-macvlan: "true"
spec:
  initContainers:
  - name: egress-router
    image: registry.redhat.io/openshift4/ose-egress-router
    securityContext:
      privileged: true
    env:
    - name: EGRESS_SOURCE
      value: 192.168.12.99/24
    - name: EGRESS_GATEWAY
      value: 192.168.12.1
    - name: EGRESS_DESTINATION
      value: |
                203.0.113.25
    - name: EGRESS_ROUTER_MODE
      value: init
  containers:
  - name: egress-router-wait
    image: registry.redhat.io/openshift4/ose-pod

出口路由器 Pod 通过一个 Service 暴露,并与需要发送出站 SNMP 捕获的应用程序关联:

apiVersion: v1
kind: Service
metadata:
  name: egress-1
spec:
  ports:
  - name: snmp
    port: 162
  type: ClusterIP
  selector:
    name: egress-1

应用程序将 SNMP 捕获发送到暴露出口路由器 Pod 的 Service 的 ClusterIP/Service-Name,然后该 Pod 会将请求重定向到指定的远程服务器。一旦重定向,源 IP 将更改为出口路由器资源中指定的源 IP。有关在重定向模式下实施出口路由器的更多信息,请参阅这里

请注意,根据您的网络配置,您可能需要将 assign-macvlan 字段配置为不同的 NIC 接口,并将其设置为该接口的名称,例如 eth1

英文:

One viable solution is to utilize an Egress Router resource defined here, which redirects traffic to a specified IP using a dedicated source IP address:

apiVersion: v1
kind: Pod
metadata:
  name: egress-1
  labels:
    name: egress-1
  annotations:
    pod.network.openshift.io/assign-macvlan: &quot;true&quot; 
spec:
  initContainers:
  - name: egress-router
    image: registry.redhat.io/openshift4/ose-egress-router
    securityContext:
      privileged: true
    env:
    - name: EGRESS_SOURCE 
      value: &lt;egress_router&gt;
    - name: EGRESS_GATEWAY 
      value: &lt;egress_gateway&gt;
    - name: EGRESS_DESTINATION 
      value: &lt;egress_destination&gt;
    - name: EGRESS_ROUTER_MODE
      value: init
  containers:
  - name: egress-router-wait
    image: registry.redhat.io/openshift4/ose-pod

An example configuration looks like follows:

apiVersion: v1
kind: Pod
metadata:
  name: egress-multi
  labels:
    name: egress-multi
  annotations:
    pod.network.openshift.io/assign-macvlan: &quot;true&quot;
spec:
  initContainers:
  - name: egress-router
    image: registry.redhat.io/openshift4/ose-egress-router
    securityContext:
      privileged: true
    env:
    - name: EGRESS_SOURCE
      value: 192.168.12.99/24
    - name: EGRESS_GATEWAY
      value: 192.168.12.1
    - name: EGRESS_DESTINATION
      value: |
        203.0.113.25
    - name: EGRESS_ROUTER_MODE
      value: init
  containers:
  - name: egress-router-wait
    image: registry.redhat.io/openshift4/ose-pod

The Egress Router pod is exposed by a Service and linked to the application that needs to send outbound SNMP traps:

apiVersion: v1
kind: Service
metadata:
  name: egress-1
spec:
  ports:
  - name: snmp
    port: 162
  type: ClusterIP
  selector:
    name: egress-1

The application sends the SNMP trap to the ClusterIP/Service-Name of the Service exposing the Egress Router pod, and the pod redirects the request to the specified remote server. Once redirected, the source IP is changed to the Source IP specified in the Egress Router resource. For more information on implementing the egress router in redirection mode, see here.

Note that depending on your network configuration, you might need to configure the assign-macvlan field to a different NIC interface and set it to the name of that interface, e.g. eth1.

huangapple
  • 本文由 发表于 2023年2月27日 17:26:15
  • 转载请务必保留本文链接:https://go.coder-hub.com/75578684.html
  • kubernetes
  • kubernetes-networking
  • snmp
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定