All Products
Search
Document Center

Container Service for Kubernetes:Configure BGP networks for data centers

最終更新日:Apr 02, 2024

If your data center uses a Border Gateway Protocol (BGP) network in a hybrid cloud environment, you can use only the BGP Peer mode. In this case, the switches and routers that are used in the data center must support BGP. Calico is a networking solution that supports overlay networks and BGP networks. This topic describes how to use Calico to configure container networks for Kubernetes clusters that are deployed in data centers.

Prerequisites

Background Information

The following figure shows how a data center is connected to Alibaba Cloud.

image

Procedure

  1. Install the calicoctl command-line tool. For more information, see Install calicoctl.

  2. Use calicoctl to create resource objects that are used to configure a Calico network policy based on the following template.

    {
        "Version": "1",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "arms:List*",
                    "arms:Get*",
                    "arms:Update*",
                    "arms:Exe*",
                    "arms:Create*",
                    "arms:Del*",
                    "arms:Add*",
                    "arms:Check*",
                    "arms:Delete*",
                    "arms:Restart*",
                    "arms:HealthCheck*",
                    "arms:BindPrometheus*",
                    "arms:install*"
                ],
                "Resource": "acs:arms:cn-hangzhou:*:prometheus/*"
            }
        ]
    }

    Set the asNumber and peerIP parameters based on your data center.

    kubectl apply -f - << EOF
    apiVersion: projectcalico.org/v3
    kind: BGPConfiguration
    metadata:
      name: default
    spec:
      logSeverityScreen: Info
      nodeToNodeMeshEnabled: false
      asNumber: 64513
    EOF
    kubectl apply -f - << EOF
    apiVersion: projectcalico.org/v3
    kind: BGPPeer
    metadata:
      name: my-global-peer
    spec:
      peerIP: 192.168.0.1
      asNumber: 64513
    EOF
  3. Use one of the following methods to check whether a new route entry is added.

    • Use calicoctl to check whether a new route entry is added.

      [root@master ~]# ./calicoctl node status
      Calico process is running.
      
      IPv4 BGP status
      +--------------+-----------+-------+----------+-------------+
      | PEER ADDRESS | PEER TYPE | STATE |  SINCE   |    INFO     |
      +--------------+-----------+-------+----------+-------------+
      | 192.168.0.1  | global    | up    | 03:38:03 | Established |
      +--------------+-----------+-------+----------+-------------+
      
      IPv6 BGP status
      No IPv6 peers found.
    • Check whether a new route entry is added to the custom route table of the virtual private cloud (VPC) that is attached to the CEN instance.

      1. Log on to the VPC console.

      2. In the left-side navigation pane, click Route Tables.

      3. On the Route Tables page, click the name of the route table to go to the details page.

      4. Click Route Entry List. Then, click Cloud Enterprise Network to verify that a new route entry is added to the route table.