k8s集羣部署四（部署Flannel網絡）

時間 2019-11-13

標籤 k8s 集羣部署 flannel 網絡欄目負載均衡简体版

原文原文鏈接

Flannel網絡是在以太網的基礎上再封裝的一個包含容器IP地址的虛擬網絡。node

在master節點上建一個文件夾linux

mkdir flannelgit

cd flannelgithub

下載安裝包docker

wget https://github.com/coreos/flannel/releases/download/v0.9.1/flannel-v0.9.1-linux-amd64.tar.gzvim

解壓網絡

tar -xzvf flannel-v0.9.1-linux-amd64.tar.gzui

將解壓後的兩個文件flanneld和mk-docker-opts.sh分別拷貝到node節點上spa

由於個人hosts文件映射爲.net

172.18.98.46 host1
172.18.98.47 host2
172.18.98.48 master

scp flanneld mk-docker-opts.sh root@host1:/opt/kubernetes/bin/

scp flanneld mk-docker-opts.sh root@host2:/opt/kubernetes/bin/

在host1和host2中分別添加網段

cd /opt/kubernetes/ssl

# etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://172.18.98.48:2379,https://172.18.98.47:2379,https://172.18.98.46:2379" set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'

查看

# etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://172.18.98.48:2379,https://172.18.98.47:2379,https://172.18.98.46:2379" get /coreos.com/network/config
{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}

cd /opt/kubernetes/cfg

touch flanneld

vim flanneld

內容以下

FLANNEL_OPTIONS="--etcd-endpoints=https://172.18.98.48:2379,https://172.18.98.47:2379,https://172.18.98.46:2379 -etcd-cafile=/opt/kubernetes/ssl/ca.pem -etcd-certfile=/opt/kubernetes/ssl/server.pem -etcd-keyfile=/opt/kubernetes/ssl/server-key.pem"

cd /usr/lib/systemd/system

touch flanneld.service

vim flanneld.service

內容以下

[Unit]
Description=Flanneld overlay address etcd agent
After=network-online.target network.target
Before=docker.service

[Service]
Type=notify
EnvironmentFile=/opt/kubernetes/cfg/flanneld
ExecStart=/opt/kubernetes/bin/flanneld --ip-masq $FLANNEL_OPTIONS
ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env
Restart=on-failure

[Install]
WantedBy=multi-user.target

啓動flanneld.service

service flanneld start

成功啓動，查看進程

# ps -ef | grep flanneld
root 24305 1 0 14:28 ? 00:00:01 /opt/kubernetes/bin/flanneld --ip-masq --etcd-endpoints=https://172.18.98.48:2379,https://172.18.98.47:2379,https://172.18.98.46:2379 -etcd-cafile=/opt/kubernetes/ssl/ca.pem -etcd-certfile=/opt/kubernetes/ssl/server.pem -etcd-keyfile=/opt/kubernetes/ssl/server-key.pem

經過ifconfig,咱們能夠看到多了一個flannel.1的虛擬網卡

flannel.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 172.17.27.0 netmask 255.255.255.255 broadcast 0.0.0.0
ether 8a:00:81:c6:2a:a1 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 11 overruns 0 carrier 0 collisions 0

查看subnet.env文件

cd /run/flannel/

# cat subnet.env
DOCKER_OPT_BIP="--bip=172.17.27.1/24"
DOCKER_OPT_IPMASQ="--ip-masq=false"
DOCKER_OPT_MTU="--mtu=1450"
DOCKER_NETWORK_OPTIONS=" --bip=172.17.27.1/24 --ip-masq=false --mtu=1450"

這裏面就是分配了一個子網。

讓docker使用該網絡，修改docker.service

cd /usr/lib/systemd/system

vim docker.service

修改內容

[Service]
Type=notify
EnvironmentFile=/run/flannel/subnet.env
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS

紅色部分爲修改內容

重啓docker

systemctl daemon-reload & systemctl restart docker

再次執行ifconfig，能夠看到flannel和docker的網橋在同一個網段，表示開始生效

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 172.17.27.1 netmask 255.255.255.0 broadcast 172.17.27.255
ether 02:42:ff:c9:b9:9a txqueuelen 0 (Ethernet)
RX packets 9430218 bytes 10206182292 (9.5 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7696548 bytes 2199505782 (2.0 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

在兩臺node都裝好的狀況下，能夠互相ping一下對方的flannel的網關

好比我在host2上ping host1的flannel網關

# ping 172.17.27.1
PING 172.17.27.1 (172.17.27.1) 56(84) bytes of data.
64 bytes from 172.17.27.1: icmp_seq=1 ttl=64 time=0.440 ms
64 bytes from 172.17.27.1: icmp_seq=2 ttl=64 time=0.379 ms
64 bytes from 172.17.27.1: icmp_seq=3 ttl=64 time=0.333 ms
64 bytes from 172.17.27.1: icmp_seq=4 ttl=64 time=0.363 ms
64 bytes from 172.17.27.1: icmp_seq=5 ttl=64 time=0.377 ms

徹底沒有問題

查看全部node的flannel網段（在node節點上，任意節點）

cd /opt/kubernetes/ssl

# etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://172.18.98.48:2379,https://172.18.98.47:2379,https://172.18.98.46:2379" ls /coreos.com/network/subnets
/coreos.com/network/subnets/172.17.27.0-24
/coreos.com/network/subnets/172.17.94.0-24

這個是個人兩個node節點的網段。

獲取某一個節點的key

# etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://172.18.98.48:2379,https://172.18.98.47:2379,https://172.18.98.46:2379" get /coreos.com/network/subnets/172.17.27.0-24
{"PublicIP":"172.18.98.46","BackendType":"vxlan","BackendData":{"VtepMAC":"8a:00:81:c6:2a:a1"}}

查看路由

# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default gateway 0.0.0.0 UG 0 0 0 eth0 link-local 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 172.17.27.0 172.17.27.0 255.255.255.0 UG 0 0 0 flannel.1 172.17.94.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0 172.18.96.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。