mkdir /opt/flanneld-v0.8.0 wget https://github.com/coreos/flannel/releases/download/v0.8.0/flannel-v0.8.0-linux-amd64.tar.gz tar -xzvf flannel-v0.8.0-linux-amd64.tar.gz -C /opt/flanneld-v0.8.0 ln -sf /opt/flanneld-v0.8.0/flanneld /usr/bin/flanneld rm -f flannel-v0.8.0-linux-amd64.tar.gz mkdir -p /var/log/k8s/flanneld #配置配置文件 vim /etc/sysconfig/flanneld FLANNEL_ETCD="http://10.31.75.198:2379,http://10.29.164.118:2379" FLANNEL_ETCD_KEY="/dudu_flannel/network" FLANNEL_OPTIONS="-ip-masq=true -v=0" FLANNEL_IFACE="eth0" 網卡 eth0 或IP -ip-masq=true 這個參數的目的是讓flannel進行ip假裝,而不讓docker進行ip假裝。這麼作的緣由是若是docker進行ip假裝,流量再從flannel出去,其餘host上看到的source ip就是flannel的網關ip,而不是docker容器的ip #配置系統啓動 vim /usr/lib/systemd/system/flanneld.service [Unit] Description=Flanneld server After=network.target After=network-online.target Wants=network-online.target Before=docker.service [Service] Type=notify EnvironmentFile=/etc/sysconfig/flanneld ExecStart=/usr/bin/flanneld -etcd-endpoints=${FLANNEL_ETCD} -iface=${FLANNEL_IFACE} -etcd-prefix=${FLANNEL_ETCD_KEY} $FLANNEL_OPTIONS Restart=on-failure [Install] WantedBy=multi-user.target #向etcd 寫入網段配置 export ETCDCTL_API=3 etcdctl put /dudu_flannel/network/config '{"Network": "172.17.0.1/16","SubnetMin": "172.17.0.0", "SubnetMax": "172.17.254.0","Backend":{"Type":"vxlan"}}' --endpoints=10.30.187.25:2379 查看 etcdctl --endpoints=10.30.187.25:2379 get /dudu_flannel/network/config 刪除 etcdctl --endpoints=10.30.187.25:2379 del --prefix=true "/dudu_flannel" 或rest接口 curl -X PUT http://10.30.187.25:2379/v2/keys/dudu_flannel/network/config -d value='{"Network": "172.17.0.1/16","SubnetLen":24,"Backend":{"Type":"vxlan"}}' curl http://localhost:2379/v2/keys/dudu_flannel/network/config #刪除配置 curl http://localhost:2379/v2/keys/dudu_flannel/network/config -XDELETE curl http://localhost:2379/v2/keys/dudu_flannel?recursive=true -XDELETE #關閉防火牆 flanneld systemctl stop firewalld systemctl disable firewalld #清理防火牆到默認規則 #沒有任何參數的 -F 命令在當前表中刷新全部鏈。一樣的, -X 命令刪除表中全部非默認鏈。 iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -t raw -F iptables -t raw -X iptables -t security -F iptables -t security -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT 保存規則 iptables-save #查看規則 iptables -t filter --list iptables -t mangle --list iptables -t nat --list iptables -t raw --list #清理網卡 ip link delete docker0 ip link delete flannel.1 #中止docker 啓動flannel systemctl daemon-reload systemctl stop docker systemctl stop flanneld systemctl enable flanneld systemctl start flanneld systemctl status -l flanneld systemctl restart flanneld #命令行啓動 /usr/local/bin/flanneld -etcd-endpoints=http://10.29.167.233:2379 -etcd-prefix=/dudu_flannel/network -iface=eth0 -log_dir=/var/log/k8s/flanneld #啓動flannel以後從etcd中獲取network的配置信息劃分本機subnet子網絡, #並在etcd中進行註冊本機的IP已經對應的子網。 #Flannel守護程序將子網配置信息記錄到/run/flannel/subnet.env文件中 #Flannel守護進程還建立/run/flannel/docker文件記錄docker的守護進程啓動須要的環境變量信息 #按照生成的docker環境變量配置docker的啓動參數啓動docker #若是沒有/run/flannel/docker 文件手動生成 /opt/flanneld-v0.8.0/mk-docker-opts.sh -i cat /run/docker_opts.env #例子: cat /run/flannel/subnet.env FLANNEL_NETWORK=172.17.0.0/16 FLANNEL_SUBNET=172.17.31.1/24 FLANNEL_MTU=1450 FLANNEL_IPMASQ=false cat /run/flannel/docker DOCKER_OPT_BIP="--bip=172.17.31.1/24" DOCKER_OPT_IPMASQ="--ip-masq=true" DOCKER_OPT_MTU="--mtu=1450" DOCKER_NETWORK_OPTIONS=" --bip=172.17.31.1/24 --ip-masq=true --mtu=1450 " #修改 docker的啓動參數 按照/run/flannel/docker 文件中的配置 ip-masq表示IP假裝 vim /etc/docker/daemon.json { "registry-mirrors": ["https://mb4qkfnx.mirror.aliyuncs.com"], "insecure-registries":["dudureg.xip.io:5000"], "bip":"172.17.0.1/24", "ip-masq": false, "mtu": 1450, "iptables":false } #重啓docker systemctl restart docker #查看路由,查看網卡 route -n ifconfig #查當作員 curl http://localhost:2379/v2/keys/dudu_flannel/network/subnets #PublicIP配置的地址是外網地址,不是內網地址 #測試 docker run -d -it --name ip_test alpine:3.5 ash docker inspect ip_test docker exec -ti ip_test ash #進入容器中互ping docker run -it --rm busybox sh docker logs -f -t --tail=100 ip_test #查看系統日誌 journalctl -fu docker.service journalctl --no-pager -l -u flanneld #監控包 tcpdump -i flannel.1 tcpdump host 10.29.168.24 and 10.29.167.186 -w /var/log/001.cap tcpdump -i flannel.1 -w /var/log/001.cap #防火牆Nat轉發規則 iptables -t filter -L -v #查看封包地址 bridge fdb show dev flannel.1 刪除 bridge fdb del xx:xx:xx:cc:dd:a7 dev flannel.1 添加 bridge fdb add xx:xx:xx:cc:dd:a7 dev flannel.1 dst 192.168.110.18 self permanent
cat /boot/config-uname -r
| grep CONFIG_VXLAN 檢查主機內核是否支持VXLAN 返回 CONFIG_VXLAN=m
支持linux
cat flannel-config.json { "Network": "172.17.0.0/16", "SubnetLen": 24, "Backend": { "Type": "vxlan", "VNI": 1 } } 在backend中還能夠配置 Port 默認爲內核默認端口8472 是發送UDP封包的端口號 #保存到etcd etcdctl set /dudu_flannel/network/config < flannel-config.json
使用udp 做爲後端 flanneld能夠從新啓動 甚至進行升級而不會影響現有的流量git
cat flannel-config.json { "Network": "172.17.0.0/16", "SubnetLen": 24, "SubnetMin": "172.17.0.0", "SubnetMax": "172.17.254.0", "Backend": { "Type": "udp", "Port": 7890 } }
etcdctl set /dudu_flannel/network/config '{"Network": "192.168.0.1/16","SubnetLen": 24,"Backend": {"Type": "host-gw"}}' curl http://10.99.132.22:2379/v2/keys/dudu_flannel/network/config flanneld -etcd-endpoints=http://10.99.132.21:2379 -etcd-prefix=/dudu_flannel/network -logtostderr=true -v=3 -iface=eth0 &>> /var/log/flanneld & 子節點啓動網橋模式 docker run --net=bridge -itd --name='vm2' sshd:1.0 測試聯通 docker exec vm1 ping -c 3 192.168.1.194 測試路由 docker exec vm1 traceroute 192.168.1.194