VPC Peering¶
VPC peering provides a mechanism for bridging two VPC networks through logical routes so that workloads within two VPCs can access each other through private addresses as if they were on the same private network, without the need for NAT forwarding through a gateway.
Prerequisites¶
- This feature is only available for customized VPCs.
- To avoid route overlap the subnet CIDRs within the two VPCs cannot overlap.
- Currently, only interconnection of two VPCs is supported.
Usage¶
First create two non-interconnected VPCs with one Subnet under each VPC, and the CIDRs of the Subnets do not overlap with each other.
kind: Vpc
apiVersion: kubeovn.io/v1
metadata:
name: vpc-1
spec: {}
---
kind: Subnet
apiVersion: kubeovn.io/v1
metadata:
name: net1
spec:
vpc: vpc-1
cidrBlock: 10.0.0.0/16
---
kind: Vpc
apiVersion: kubeovn.io/v1
metadata:
name: vpc-2
spec: {}
---
kind: Subnet
apiVersion: kubeovn.io/v1
metadata:
name: net2
spec:
vpc: vpc-2
cidrBlock: 172.31.0.0/16
Add vpcPeerings
and the corresponding static routes within each VPC:
kind: Vpc
apiVersion: kubeovn.io/v1
metadata:
name: vpc-1
spec:
vpcPeerings:
- remoteVpc: vpc-2
localConnectIP: 169.254.0.1/30
staticRoutes:
- cidr: 172.31.0.0/16
nextHopIP: 169.254.0.2
policy: policyDst
---
kind: Vpc
apiVersion: kubeovn.io/v1
metadata:
name: vpc-2
spec:
vpcPeerings:
- remoteVpc: vpc-1
localConnectIP: 169.254.0.2/30
staticRoutes:
- cidr: 10.0.0.0/16
nextHopIP: 169.254.0.1
policy: policyDst
remoteVpc
: The name of another peering VPC.localConnectIP
: As the IP address and CIDR of the interconnection endpoint. Note that both IPs should belong to the same CIDR and should not conflict with existing subnets.cidr
:CIDR of the peering Subnet.nextHopIP
:ThelocalConnectIP
on the other end of the peering VPC.
Create Pods under the two Subnets
apiVersion: v1
kind: Pod
metadata:
annotations:
ovn.kubernetes.io/logical_switch: net1
name: vpc-1-pod
spec:
containers:
- name: vpc-1-pod
image: docker.io/library/nginx:alpine
---
apiVersion: v1
kind: Pod
metadata:
annotations:
ovn.kubernetes.io/logical_switch: net2
name: vpc-2-pod
spec:
containers:
- name: vpc-2-pod
image: docker.io/library/nginx:alpine
Test the network connectivity
# kubectl exec -it vpc-1-pod -- ping $(kubectl get pod vpc-2-pod -o jsonpath='{.status.podIP}')
PING 172.31.0.2 (172.31.0.2): 56 data bytes
64 bytes from 172.31.0.2: seq=0 ttl=62 time=0.655 ms
64 bytes from 172.31.0.2: seq=1 ttl=62 time=0.086 ms
64 bytes from 172.31.0.2: seq=2 ttl=62 time=0.098 ms
^C
--- 172.31.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.086/0.279/0.655 ms
# kubectl exec -it vpc-2-pod -- ping $(kubectl get pod vpc-1-pod -o jsonpath='{.status.podIP}')
PING 10.0.0.2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: seq=0 ttl=62 time=0.594 ms
64 bytes from 10.0.0.2: seq=1 ttl=62 time=0.093 ms
64 bytes from 10.0.0.2: seq=2 ttl=62 time=0.088 ms
^C
--- 10.0.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.088/0.258/0.594 ms
微信群 Slack Twitter Support Meeting