Centos 二进制部署k8s (二)Flannel

2019年10月12日17:01:33 发表评论 63 views

在部署K8s网络之前,我们先在node上安装docker容器引擎,方面我们下面的网络部署及调试。

Docker官方网站

Docker部署传送门

一、部署Kubernetes网络

Kubernetes网络模型设计基本要求

  • 一个Pod一个IP
  • 每个Pod独立IP,Pod内所有容器共享网络(同一个IP)
  • 所有容器都可以与所有其他容器通信
  • 所有节点都可以与所有容器通信

Container Network Interface(CNI):容器网络接口,Google和CoreOS主导。

主流技术:
Centos 二进制部署k8s (二)Flannel
Centos 二进制部署k8s (二)Flannel

Overlay Network

覆盖网络,在基础网络上叠加的一种虚拟网络 技术模式,该网络中的主机通过虚拟链路连接起来。

二、部署 Flannel

是Overlay网络的一种,也是将源数据包封装在另一种网 络包里面进行路由转发和通信,目前已经支持UDP、VXLAN(常用)、Host-GW(不支持跨网段)、AWS、VPC和GCE路由等数据转发方式。

1.写入分配的子网段存储到etcd,供flanneld使用 【master】


/opt/etcd/bin/etcdctl \ --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem \ --endpoints="https://192.168.31.63:2379,https://192.168.31.65:2379,https://192.168.31.66:2379" \ set /coreos.com/network/config '{ "Network": "10.0.0.0/16", "Backend": {"Type": "vxlan"}}' #set 给flanneld 分配1个大的子网 16位掩码,类型vxlan

2.下载二进制包 【node节点】

(一般部署node节点即可,master根据需求而定)

github地址:https://github.com/coreos/flannel/releases

wget https://github.com/coreos/flannel/releases/download/v0.11.0/flannel-v0.11.0-linux-amd64.tar.gz
mkdir /opt/kubernetes/{bin,cfg,ssl} -p 
tar -zxvf flannel-v0.11.0-linux-amd64.tar.gz
mv flanneld mk-docker-opts.sh /opt/kubernetes/bin/

3,systemd管理Flannel

###配置Docker使用Flannel生成的子网

sh ./flannel.sh https://192.168.31.63:2379,https://192.168.31.65:2379,https://192.168.31.66:2379

4.启动Flannel

systemctl start flanneld.service

拷贝至另一node节点

scp -r /opt/etcd/ root@192.168.31.66:/opt/
scp -r /opt/kubernetes/ root@192.168.31.66:/opt/

scp -r /usr/lib/systemd/system/{docker,flanneld}.service root@192.168.31.66:/usr/lib/systemd/system/

#另一个节点也启动Flannel

systemctl daemon-reload
systemctl enable flanneld
systemctl start flanneld.service
systemctl restart flannesld
systemctl restart docker

查看配置好的子网(master上运行)

/opt/etcd/bin/etcdctl \
--ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem \
--endpoints="https://192.168.31.63:2379,https://192.168.31.65:2379,https://192.168.31.66:2379" \
ls /coreos.com/network/subnets


/opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.31.63:2379,https://192.168.31.65:2379,https://192.168.31.66:2379" get /coreos.com/network/subnets/172.17.19.0-24

ip route

检查是否生效:

[root@k8s-node1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:47:02:1e brd ff:ff:ff:ff:ff:ff
    inet 192.168.31.65/24 brd 192.168.31.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe47:21e/64 scope link 
       valid_lft forever preferred_lft forever
3: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN 
    link/ether ce:08:21:f8:f5:95 brd ff:ff:ff:ff:ff:ff
    inet 10.0.29.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::cc08:21ff:fef8:f595/64 scope link 
       valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP 
    link/ether 02:42:cf:d7:8e:8b brd ff:ff:ff:ff:ff:ff
    inet 10.0.29.1/24 brd 10.0.29.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:cfff:fed7:8e8b/64 scope link 
       valid_lft forever preferred_lft forever
6: veth1db833f@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master docker0 state UP 
    link/ether 56:04:4e:10:f9:75 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::5404:4eff:fe10:f975/64 scope link 
       valid_lft forever preferred_lft forever
[root@k8s-node1 ~]# ps -ef|grep docker
root       1302      1  0 18:43 ?        00:00:43 /usr/bin/dockerd --bip=10.0.29.1/24 --ip-masq=false --mtu=1450
root       1393   1302  0 18:44 ?        00:00:22 containerd --config /var/run/docker/containerd/containerd.toml --log-level info
root       4443   1393  0 19:23 ?        00:00:00 containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/ce57c46ff79bc6f2a5995970f3d2fb7e8531b2256afaada99a73cbd15594a9cb -address /var/run/docker/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/rundocker/runtime-runc
root      14783   4178  0 21:44 pts/0    00:00:00 grep --color=auto docker

确保docker0与flannel.1在同一网段。
Centos 二进制部署k8s (二)Flannel
Centos 二进制部署k8s (二)Flannel

5.测试容器间通信

要满足K8S 网络模型设计需求

docker run -it busybox
  • 5.1 容器之间通信

Centos 二进制部署k8s (二)Flannel

  • 5.2 所有节点都可以与所有容器通信
    Centos 二进制部署k8s (二)Flannel
  • QQ精品交流群
  • weinxin
  • 微信公众号
  • weinxin
admin

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: