將網絡配置信息寫入了ETCD中,啓動flanneld測試時一直報錯,具體報錯以下:git
[root@master1 ~]# tail -100f /var/log/messages Dec 15 23:39:22 localhost flanneld: E1215 23:39:22.688405 31176 main.go:382] Couldn't fetch network config: 100: Key not found (/coreos.com) [10] Dec 15 23:39:23 localhost flanneld: timed out Dec 15 23:39:23 localhost flanneld: E1215 23:39:23.701707 31176 main.go:382] Couldn't fetch network config: 100: Key not found (/coreos.com) [10] Dec 15 23:39:24 localhost flanneld: timed out Dec 15 23:39:24 localhost flanneld: E1215 23:39:24.717330 31176 main.go:382] Couldn't fetch network config: 100: Key not found (/coreos.com) [10] Dec 15 23:39:25 localhost flanneld: timed out Dec 15 23:39:25 localhost flanneld: E1215 23:39:25.725860 31176 main.go:382] Couldn't fetch network config: 100: Key not found (/coreos.com) [10] Dec 15 23:39:26 localhost flanneld: timed out Dec 15 23:39:26 localhost flanneld: E1215 23:39:26.733186 31176 main.go:382] Couldn't fetch network config: 100: Key not found (/coreos.com) [10] Dec 15 23:39:27 localhost flanneld: timed out Dec 15 23:39:27 localhost flanneld: E1215 23:39:27.744882 31176 main.go:382] Couldn't fetch network config: 100: Key not found (/coreos.com) [10] Dec 15 23:39:28 localhost flanneld: timed out Dec 15 23:39:28 localhost flanneld: E1215 23:39:28.755176 31176 main.go:382] Couldn't fetch network config: 100: Key not found (/coreos.com) [10] Dec 15 23:39:29 localhost systemd: flanneld.service start operation timed out. Terminating. Dec 15 23:39:29 localhost flanneld: I1215 23:39:29.528718 31176 main.go:370] shutdownHandler sent cancel signal... Dec 15 23:39:29 localhost systemd: Failed to start Flanneld overlay address etcd agent. Dec 15 23:39:29 localhost systemd: Unit flanneld.service entered failed state. Dec 15 23:39:29 localhost systemd: flanneld.service failed. Dec 15 23:39:29 localhost systemd: flanneld.service holdoff time over, scheduling restart. Dec 15 23:39:29 localhost systemd: Stopped Flanneld overlay address etcd agent. Dec 15 23:39:29 localhost systemd: Starting Flanneld overlay address etcd agent... Dec 15 23:39:29 localhost flanneld: warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated Dec 15 23:39:29 localhost flanneld: I1215 23:39:29.975581 31202 main.go:514] Determining IP address of default interface Dec 15 23:39:29 localhost flanneld: I1215 23:39:29.976573 31202 main.go:527] Using interface with name ens33 and address 192.168.31.101 Dec 15 23:39:29 localhost flanneld: I1215 23:39:29.976606 31202 main.go:544] Defaulting external address to interface address (192.168.31.101) Dec 15 23:39:29 localhost flanneld: I1215 23:39:29.983495 31202 main.go:244] Created subnet manager: Etcd Local Manager with Previous Subnet: None Dec 15 23:39:29 localhost flanneld: I1215 23:39:29.983525 31202 main.go:247] Installing signal handlers
(1)配置Falnnel使用的子網信息並存儲到etcdgithub
[root@master1 ~]# /opt/etcd/bin/etcdctl --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem --endpoints="https://192. 168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379" put /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}' OK
(2)獲取配置的子網信息docker
[root@master1 ~]# /opt/etcd/bin/etcdctl --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem --endpoints="https://192. 168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379" get /coreos.com/network/config /coreos.com/network/config { "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}
(3)配置flanneld信息vim
[root@master1 ~]# vim /opt/kubernetes/cfg/flanneld FLANNEL_OPTIONS="--etcd-endpoints=https://192.168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379 -etcd-cafile=/opt/etcd/ssl/ca.pem -etcd-certfile=/opt/etcd/ssl/server.pem -etcd-keyfile=/opt/etcd/ssl/server-key.pem"
(4)systemd管理Flannel:api
[root@master1 ~]# vim /usr/lib/systemd/system/flanneld.service [Unit] Description=Flanneld overlay address etcd agent After=network-online.target network.target Before=docker.service [Service] Type=notify EnvironmentFile=/opt/kubernetes/cfg/flanneld ExecStart=/opt/kubernetes/bin/flanneld --ip-masq $FLANNEL_OPTIONS ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env Restart=on-failure [Install] WantedBy=multi-user.target
(5)啓動flanneld服務網絡
[root@master1 ~]# iptables -I INPUT -s 192.168.0.0/24 -j ACCEPT [root@master1 ~]# iptables -I INPUT -s 172.17.0.0/24 -j ACCEPT [root@master1 ~]# systemctl daemon-reload [root@master1 ~]# systemctl start flanneld [root@master1 ~]# systemctl enable flanneld
提示開篇所示的錯誤!!ide
github上與此問題相關的一些issues,也即flanneld目前不能與etcdV3直接交互
https://github.com/coreos/flannel/issues/554
https://github.com/coreos/flannel/issues/755oop
按以下方法調整後,flanneld服務正常啓動。
(1) 開啓etcd 支持V2api功能,在etcd啓動參數中加入 --enable-v2參數,並重啓etcd2測試
[root@master1 ~]# vim /usr/lib/systemd/system/etcd.service [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target [Service] Type=notify EnvironmentFile=/opt/etcd/cfg/etcd.conf ExecStart=/opt/etcd/bin/etcd --cert-file=/opt/etcd/ssl/server.pem \ --key-file=/opt/etcd/ssl/server-key.pem \ --peer-cert-file=/opt/etcd/ssl/server.pem \ --peer-key-file=/opt/etcd/ssl/server-key.pem \ --trusted-ca-file=/opt/etcd/ssl/ca.pem \ --peer-trusted-ca-file=/opt/etcd/ssl/ca.pem \ --logger=zap \ --enable-v2 Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target [root@master1 ~]# systemctl daemon-reload [root@master1 ~]# systemctl restart etcd [root@master1 ~]# ETCDCTL_API=2 /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379" cluster-health member 969af216adf1108 is healthy: got healthy result from https://192.168.31.102:2379 member 4d384076f6bc6dde is healthy: got healthy result from https://192.168.31.101:2379 member ea776d7c1c3c494c is healthy: got healthy result from https://192.168.31.103:2379 cluster is healthy
(2)刪除原來寫入的子網信息fetch
/opt/etcd/bin/etcdctl --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem --endpoints="https://192. 168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379" del /coreos.com/network/config
(3)從新使用V2寫入子網信息
[root@master1 ~]# ETCDCTL_API=2 /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379" set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}} '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}} [root@master1 ~]# ETCDCTL_API=2 /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379" get /coreos.com/network/config { "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}
(4)重啓flanneld服務
[root@master1 ~]# iptables -I INPUT -s 192.168.0.0/24 -j ACCEPT [root@master1 ~]# iptables -I INPUT -s 172.17.0.0/24 -j ACCEPT [root@master1 ~]# systemctl daemon-reload [root@master1 ~]# systemctl start flanneld [root@master1 ~]# systemctl enable flanneld [root@master1 ~]# systemctl status flanneld ● flanneld.service - Flanneld overlay address etcd agent Loaded: loaded (/usr/lib/systemd/system/flanneld.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2020-12-15 23:40:07 CST; 4min 15s ago Main PID: 31202 (flanneld) CGroup: /system.slice/flanneld.service └─31202 /opt/kubernetes/bin/flanneld --ip-masq --etcd-endpoints=https://192.168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379 ... Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.171127 31202 iptables.go:155] Adding iptables rule: -s 172.17.0.0/16 -j ACCEPT Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.180271 31202 iptables.go:167] Deleting iptables rule: -s 172.17.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE Dec 15 23:40:07 master1 systemd[1]: Started Flanneld overlay address etcd agent. Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.182977 31202 iptables.go:167] Deleting iptables rule: ! -s 172.17.0.0/16 -d 172.17.51.0/24 -j RETURN Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.189015 31202 iptables.go:155] Adding iptables rule: -d 172.17.0.0/16 -j ACCEPT Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.195921 31202 iptables.go:167] Deleting iptables rule: ! -s 172.17.0.0/16 -d 172.17.0.0/16 -j MASQUERADE Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.203488 31202 iptables.go:155] Adding iptables rule: -s 172.17.0.0/16 -d 172.17.0.0/16 -j RETURN Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.212158 31202 iptables.go:155] Adding iptables rule: -s 172.17.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.219014 31202 iptables.go:155] Adding iptables rule: ! -s 172.17.0.0/16 -d 172.17.51.0/24 -j RETURN Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.228946 31202 iptables.go:155] Adding iptables rule: ! -s 172.17.0.0/16 -d 172.17.0.0/16 -j MASQUERADE
(5)查看各節點IP,並ping另外一節點的docker0網絡,以及確認docker0與flannel.1在同一網段
[root@master1 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:14:36:9d brd ff:ff:ff:ff:ff:ff inet 192.168.31.101/24 brd 192.168.31.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::eddd:ed6f:516a:ac4/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:05:2c:ef:6c brd ff:ff:ff:ff:ff:ff inet 172.17.51.1/24 brd 172.17.51.255 scope global docker0 valid_lft forever preferred_lft forever 4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether 02:fb:8d:80:3f:b2 brd ff:ff:ff:ff:ff:ff inet 172.17.51.0/32 scope global flannel.1 valid_lft forever preferred_lft forever inet6 fe80::fb:8dff:fe80:3fb2/64 scope link valid_lft forever preferred_lft forever [root@master1 ~]# ping 172.17.29.1 PING 172.17.29.1 (172.17.29.1) 56(84) bytes of data. 64 bytes from 172.17.29.1: icmp_seq=1 ttl=64 time=10.1 ms 64 bytes from 172.17.29.1: icmp_seq=2 ttl=64 time=0.635 ms