二進制搭建kubernetes多master集羣【2、配置flannel網絡】
上一篇咱們已經搭建etcd高可用集羣,參考:二進制搭建kubernetes多master集羣【1、使用TLS證書搭建etcd集羣】html
此文將搭建flannel網絡,目的使跨主機的docker可以互相通訊,也是保障kubernetes集羣的網絡基礎和保障,下面正式開始配置。node
1、生成Flannel網絡TLS證書
在全部集羣節點都安裝Flannel,下面的操做在k8s-master1上進行,其餘節點重複執行便可。(證書生成一次就行)linux
一、建立證書籤名請求git
cat > flanneld-csr.json <<EOF { "CN": "flanneld", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "BeiJing", "L": "BeiJing", "O": "k8s", "OU": "4Paradigm" } ] } EOF
- 該證書只會被 kubectl 當作 client 證書使用,因此 hosts 字段爲空;
生成證書和私鑰:github
cfssl gencert -ca=/etc/kubernetes/cert/ca.pem \ -ca-key=/etc/kubernetes/cert/ca-key.pem \ -config=/etc/kubernetes/cert/ca-config.json \ -profile=kubernetes flanneld-csr.json | cfssljson -bare flanneld
二、將證書分發到全部集羣節點/etc/kubernetes/cert/目錄下docker
scp flanneld*.pem k8s-master1:/etc/kubernetes/cert/ scp flanneld*.pem k8s-master2:/etc/kubernetes/cert/ scp flanneld*.pem k8s-master3:/etc/kubernetes/cert/ scp flanneld*.pem k8s-node1:/etc/kubernetes/cert/ scp flanneld*.pem k8s-node2:/etc/kubernetes/cert/ scp flanneld*.pem k8s-node3:/etc/kubernetes/cert/
2、部署 Flannel
一、下載安裝Flanneljson
wget https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz tar -xzvf flannel-v0.10.0-linux-amd64.tar.gz cp {flanneld,mk-docker-opts.sh} /usr/local/bin
二、向 etcd 寫入網段信息centos
下面2條命令在etcd集羣中任意一臺執行一次便可,也是是建立一個flannel網段供docker分配使用網絡
[root@etcd1 cert]# etcdctl --ca-file=/etc/kubernetes/cert/ca.pem --cert-file=/etc/kubernetes/cert/etcd.pem --key-file=/etc/kubernetes/cert/etcd-key.pem mkdir /kubernetes/network [root@etcd1 cert]# etcdctl --ca-file=/etc/kubernetes/cert/ca.pem --cert-file=/etc/kubernetes/cert/etcd.pem --key-file=/etc/kubernetes/cert/etcd-key.pem mk /kubernetes/network/config '{"Network":"172.30.0.0/16","SubnetLen":24,"Backend":{"Type":"vxlan"}}'
三、建立system unit文件post
[root@k8s-master1 ssl]# cat > /etc/systemd/system/flanneld.service << EOF [Unit] Description=Flanneld overlay address etcd agent After=network.target After=network-online.target Wants=network-online.target After=etcd.service Before=docker.service [Service] Type=notify ExecStart=/usr/local/bin/flanneld \ -etcd-cafile=/etc/kubernetes/cert/ca.pem \ -etcd-certfile=/etc/kubernetes/cert/flanneld.pem \ -etcd-keyfile=/etc/kubernetes/cert/flanneld-key.pem \ -etcd-endpoints=https://192.168.80.4:2379,https://192.168.80.5:2379,https://192.168.80.6:2379 \ -etcd-prefix=/kubernetes/network ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker Restart=on-failure [Install] WantedBy=multi-user.target RequiredBy=docker.service
EOF
mk-docker-opts.sh 腳本將分配給 flanneld 的 Pod 子網網段信息寫入到 /run/flannel/docker 文件中,後續 docker 啓動時使用這個文件中參數值設置 docker0 網橋。
flanneld 使用系統缺省路由所在的接口和其它節點通訊,對於有多個網絡接口的機器(如,內網和公網),能夠用 -iface=enpxx 選項值指定通訊接口。
四、啓動flannel而且設置開機自啓動
systemctl daemon-reload
systemctl enable flanneld
systemctl start flanneld
五、查看flannel分配的子網信息
[root@k8s-master1 ~]# cat /run/flannel/docker
DOCKER_OPT_BIP="--bip=172.30.94.1/24" DOCKER_OPT_IPMASQ="--ip-masq=true" DOCKER_OPT_MTU="--mtu=1450" DOCKER_NETWORK_OPTIONS=" --bip=172.30.94.1/24 --ip-masq=true --mtu=1450" [root@k8s-master1 ~]# cat /run/flannel/subnet.env FLANNEL_NETWORK=172.30.0.0/16 FLANNEL_SUBNET=172.30.94.1/24 FLANNEL_MTU=1450 FLANNEL_IPMASQ=false
/run/flannel/docker是flannel分配給docker的子網信息,/run/flannel/subnet.env包含了flannel整個大網段以及在此節點上的子網段。
六、查看flannel網絡是否生效
[root@k8s-master1 ~]# ifconfig docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 172.30.94.1 netmask 255.255.255.0 broadcast 172.30.94.255 inet6 fe80::42:1aff:fed2:a4b4 prefixlen 64 scopeid 0x20<link> ether 02:42:1a:d2:a4:b4 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 648 (648.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.20.210 netmask 255.255.254.0 broadcast 192.168.21.255 inet6 fe80::ff2:187b:66fc:621b prefixlen 64 scopeid 0x20<link> ether 00:0c:29:c3:dc:a5 txqueuelen 1000 (Ethernet) RX packets 3965867 bytes 619350597 (590.6 MiB) RX errors 0 dropped 583 overruns 0 frame 0 TX packets 3159970 bytes 390102190 (372.0 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 flannel.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 172.30.94.0 netmask 255.255.255.255 broadcast 0.0.0.0 inet6 fe80::7827:fcff:fe4e:b5ff prefixlen 64 scopeid 0x20<link> ether 7a:27:fc:4e:b5:ff txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 8 overruns 0 carrier 0 collisions 0
能夠明顯看到flannel1.1的網絡信息,說明flannel網絡已經正常。
3、配置docker支持flannel網絡
一、全部node安裝docker
關於安裝docker,請參考:安裝指定版本的docker
二、配置docker支持flannel網絡,全部docker節點都操做
[root@k8s-master1 ~]# vi /etc/systemd/system/multi-user.target.wants/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker EnvironmentFile=/run/flannel/docker ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Uncomment TasksMax if your systemd version supports it. # Only systemd 226 and above support this version. #TasksMax=infinity TimeoutStartSec=0 # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process # restart the docker process if it exits prematurely Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target
如上紅色即爲新增長支持flannel網絡的配置
三、重啓docker,使配置生效
systemctl daemon-reload
systemctl restart docker
四、查看docker網絡是否生效
i、啓動一個容器(若有現有容器能夠不run一個新的) [root@k8s-master1 ~]# docker run -itd centos d63ee9c72b5023fgfg36ld93j6723hd72jd1hsp2303kf7 ii、查看ip地址是不是flannel網絡分配的網段 [root@k8s-master1 ~]# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' d63 172.30.94.2
五、查看全部集羣主機的網絡狀況
[root@etcd1 cert]# etcdctl --ca-file=/etc/kubernetes/cert/ca.pem --cert-file=/etc/kubernetes/cert/etcd.pem --key-file=/etc/kubernetes/cert/etcd-key.pem ls /kubernetes/network/subnets /kubernetes/network/subnets/172.30.94.0-24 /kubernetes/network/subnets/172.30.51.0-24 /kubernetes/network/subnets/172.30.10.0-24
/kubernetes/network/subnets/172.30.92.0-24
/kubernetes/network/subnets/172.30.85.0-24
/kubernetes/network/subnets/172.30.89.0-24
發現容器使用了172.30.94.0/24網段。屬於flannel,配置完成。
相關文章
- 1. 二進制搭建kubernetes多master集羣【4、配置k8s node】
- 2. 二進制搭建kubernetes多master集羣【3、配置k8s master及高可用】
- 3. Kubernetes: 集羣網絡配置 - flannel
- 4. Kubernetes二進制部署——多master節點集羣部署(2)
- 5. kubernetes搭建 三、flannel網絡
- 6. Kubernetes 網絡搭建-flannel
- 7. kubernetes單節點集羣搭建之CNI flannel網絡安裝
- 8. 二進制搭建kubernetes多master集羣【1、使用TLS證書搭建etcd集羣】
- 9. Kubernetes-基於flannel的集羣網絡
- 10. kubernetes容器集羣部署Flannel網絡
- 更多相關文章...
- • netwox顯示網絡配置信息 - TCP/IP教程
- • Swarm 集羣管理 - Docker教程
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
- • IDEA下SpringBoot工程配置文件沒有提示
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 二進制搭建kubernetes多master集羣【4、配置k8s node】
- 2. 二進制搭建kubernetes多master集羣【3、配置k8s master及高可用】
- 3. Kubernetes: 集羣網絡配置 - flannel
- 4. Kubernetes二進制部署——多master節點集羣部署(2)
- 5. kubernetes搭建 三、flannel網絡
- 6. Kubernetes 網絡搭建-flannel
- 7. kubernetes單節點集羣搭建之CNI flannel網絡安裝
- 8. 二進制搭建kubernetes多master集羣【1、使用TLS證書搭建etcd集羣】
- 9. Kubernetes-基於flannel的集羣網絡
- 10. kubernetes容器集羣部署Flannel網絡