k8s-CCE使用node节点使用VIP--hostNetwork&hostPort

CCE使用node节点使用VIP

背景：想在节点上使用VIP，将nodeport服务做到高可用。启动VIP后发现访问失败

部署

! Configuration File for keepalived
global_defs {
router_id master-node
}

vrrp_instance VI_1 {
     state BACKUP
     interface eth0
     mcast_src_ip 10.1.0.60
     virtual_router_id 51
     priority 100
     advert_int 1
     authentication {
               auth_type PASS
               auth_pass 1111
               }
     unicast_src_ip 10.1.0.60
     virtual_ipaddress {
                    10.1.0.88/24
                    }
}

! Configuration File for keepalived
global_defs {
router_id master-node
}

vrrp_instance VI_1 {
                state MASTER
                interface eth0
                mcast_src_ip 10.1.0.175
                virtual_router_id 51
                priority 101
                advert_int 1
                authentication {
                              auth_type PASS
                              auth_pass 1111
                             }
                unicast_src_ip 10.1.0.175
                virtual_ipaddress {
                             10.1.0.88
                             }
}

[root@cce-node3-dev ~]# ip a show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether fa:16:3e:46:43:df brd ff:ff:ff:ff:ff:ff
    inet 10.1.0.60/24 brd 10.3.0.255 scope global dynamic noprefixroute eth0
       valid_lft 100122990sec preferred_lft 100122990sec
    inet 10.1.0.88/32 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe46:43df/64 scope link 
       valid_lft forever preferred_lft forever

启动服务

-- 30007集群nodeport服务，8080 NGINX，任意一个节点启动

# 测试结果如下
-- RIP
10.1.0.60:80 OK
10.1.0.60:30007 OK

-- VIP
10.1.0.88:80 OK
10.1.0.88:30007 NOT OK

检查发现node节点并没有监听30007端口，而是通过ipvs添加了被负载均衡的虚拟地址。

[root@recovery-test-28141 ~]# ipvsadm -Ln | grep 30007 -A3
TCP  10.1.0.60:30007   rr
  -> 10.244.0.89:80               Masq        1      0