一步一步搞定Kubernetes二進制部署（二）——flannel網絡配置（單節點）

一步一步搞定Kubernetes二進制部署（二）——flannel網絡配置（單節點）

前言

​ 前面搭建了單節點Kubernetes二進制部署的etcd集羣流程的演示，本文將結合上次的文章繼續部署Kubernetes單節點集羣，完成集羣的外部通訊之flannel網絡配置。

環境準備

​ 首先，兩個node節點安裝docker-ce，能夠查看我以前的有關docker部署的文章：揭開docker的面紗——基礎理論梳理和安裝流程演示，這裏我直接使用shell腳本安裝了，注意其中的鏡像加速最好使用本身在阿里雲或其餘地方申請的地址。

​ 上次我是在實驗環境中掛起了虛擬機，此時建議檢查網絡是否能夠訪問外網，而後檢查三個節點的etcd集羣健康狀態，這裏的三個環境已node01爲例演示驗證

[root@node01 opt]# ping www.baidu.com
#兩個node節點上測試驗證docker服務是否開啓
[root@node01 opt]# systemctl status docker.service 
#健康狀態檢查
[root@node01 ssl]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.0.128:2379,https://192.168.0.129:2379,https://192.168.0.130:2379" cluster-health 
member a25c294d3a391c7c is healthy: got healthy result from https://192.168.0.128:2379
member b2db359ffad36ee5 is healthy: got healthy result from https://192.168.0.129:2379
member eddae83baed564ba is healthy: got healthy result from https://192.168.0.130:2379
cluster is healthy

結果顯示cluster is healthy表示目前etcd集羣是健康的

配置flannel網絡

master節點上：寫入分配的子網段到ETCD中，供flannel使用

#寫入操做
[root@master01 etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.0.128:2379,https://192.168.0.129:2379,https://192.168.0.131:2379" set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'

#執行結果顯示
{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}

#查看命令操做
[root@master01 etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.0.128:2379,https://192.168.0.129:2379,https://192.168.0.130:2379" get /coreos.com/network/config
#執行結果顯示
{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}

在node節點上部署flannel，首先須要軟件包，兩個節點上配置同樣，這裏仍是以node01爲例：
軟件包資源：
連接：https://pan.baidu.com/s/1etCPIGRQ1ZUxcNaCxChaCQ
提取碼：65ml

[root@node01 ~]# ls
anaconda-ks.cfg                     initial-setup-ks.cfg  模板  圖片  下載  桌面
flannel-v0.10.0-linux-amd64.tar.gz 
[root@node01 ~]# tar zxvf flannel-v0.10.0-linux-amd64.tar.gz 
flanneld
mk-docker-opts.sh
README.md
#以上就是該軟件包解壓後的文件

咱們在兩個節點上建立Kubernetes的工做目錄，將兩個文件移動到bin目錄下

oot@node01 ~]# mkdir /opt/kubernetes/{cfg,bin,ssl} -p
[root@node01 ~]# mv mk-docker-opts.sh flanneld /opt/kubernetes/bin/

須要編寫配置文件以及啓動腳本文件，這裏使用shell腳本便可

vim flannel.sh

#!/bin/bash

ETCD_ENDPOINTS=${1:-"http://127.0.0.1:2379"}

cat <<EOF >/opt/kubernetes/cfg/flanneld

FLANNEL_OPTIONS="--etcd-endpoints=${ETCD_ENDPOINTS} \
-etcd-cafile=/opt/etcd/ssl/ca.pem \
-etcd-certfile=/opt/etcd/ssl/server.pem \
-etcd-keyfile=/opt/etcd/ssl/server-key.pem"

EOF

cat <<EOF >/usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network-online.target network.target
Before=docker.service

[Service]
Type=notify
EnvironmentFile=/opt/kubernetes/cfg/flanneld
ExecStart=/opt/kubernetes/bin/flanneld --ip-masq \$FLANNEL_OPTIONS
ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env
Restart=on-failure

[Install]
WantedBy=multi-user.target

EOF

systemctl daemon-reload
systemctl enable flanneld
systemctl restart flanneld

執行腳本

[root@node01 ~]# bash flannel.sh https://192.168.0.128:2379,https://192.168.0.129:2379,https://192.168.0.130:2379
#執行結果以下：
Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.

此時配置docker鏈接flannel

#編輯docker服務啓動文件
[root@node01 ~]# vim /usr/lib/systemd/system/docker.service
#設置環境文件
14 EnvironmentFile=/run/flannel/subnet.env
#添加$DOCKER_NETWORK_OPTIONS參數
15 ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS -H fd:// --containerd=/run/containerd/containerd.sock

查看一下subnet.env文件

[root@node01 ~]# cat /run/flannel/subnet.env 
DOCKER_OPT_BIP="--bip=172.17.56.1/24"
DOCKER_OPT_IPMASQ="--ip-masq=false"
DOCKER_OPT_MTU="--mtu=1450"
DOCKER_NETWORK_OPTIONS=" --bip=172.17.56.1/24 --ip-masq=false --mtu=1450"
#其中--bip表示的是啓動時的子網

重啓docker服務

[root@node01 ~]# systemctl daemon-reload
[root@node01 ~]# systemctl restart docker

查看flannel網絡

[root@node01 ~]# ifconfig 
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.56.1  netmask 255.255.255.0  broadcast 172.17.56.255
        ether 02:42:fb:e2:37:f9  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.129  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::20c:29ff:fe1d:9287  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:1d:92:87  txqueuelen 1000  (Ethernet)
        RX packets 1068818  bytes 1195325321 (1.1 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 461088  bytes 43526519 (41.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
#flannel的網段是否和前的subnet.env一致
flannel.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 172.17.56.0  netmask 255.255.255.255  broadcast 0.0.0.0
        inet6 fe80::74a5:98ff:fe3f:4bf7  prefixlen 64  scopeid 0x20<link>
        ether 76:a5:98:3f:4b:f7  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 26 overruns 0  carrier 0  collisions 0

個人node02節點上的網段是172.17.91.0，在node01上測試ping該網段的網關

[root@node01 ~]# ping 172.17.91.1
PING 172.17.91.1 (172.17.91.1) 56(84) bytes of data.
64 bytes from 172.17.91.1: icmp_seq=1 ttl=64 time=0.436 ms
64 bytes from 172.17.91.1: icmp_seq=2 ttl=64 time=0.343 ms
64 bytes from 172.17.91.1: icmp_seq=3 ttl=64 time=1.19 ms
64 bytes from 172.17.91.1: icmp_seq=4 ttl=64 time=0.439 ms
^C

可以ping通就證實flannel起到路由做用

此時咱們在兩個節點上啓動一個容器來測試兩個容器之間的網絡通訊是否正常

[root@node01 ~]#  docker run -it centos:7 /bin/bash
#直接進入容器
[root@8bf87d48390f /]# yum install -y net-tools
[root@8bf87d48390f /]# ifconfig                
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 172.17.56.2  netmask 255.255.255.0  broadcast 172.17.56.255
        ether 02:42:ac:11:38:02  txqueuelen 0  (Ethernet)
        RX packets 9511  bytes 7631125 (7.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4561  bytes 249617 (243.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

#第二個容器地址
[root@234aac7fad6c /]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 172.17.91.2  netmask 255.255.255.0  broadcast 172.17.91.255
        ether 02:42:ac:11:5b:02  txqueuelen 0  (Ethernet)
        RX packets 9456  bytes 7629047 (7.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4802  bytes 262568 (256.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

測試兩個容器是否能夠互相ping通

[root@8bf87d48390f /]# ping 172.17.91.2
PING 172.17.91.2 (172.17.91.2) 56(84) bytes of data.
64 bytes from 172.17.91.2: icmp_seq=1 ttl=62 time=0.555 ms
64 bytes from 172.17.91.2: icmp_seq=2 ttl=62 time=0.361 ms
64 bytes from 172.17.91.2: icmp_seq=3 ttl=62 time=0.435 ms

測試能夠ping通則代表此時節點間能夠互相通訊了