11. 第十篇 網路元件flanneld安裝及使用
阿新 • • 發佈:2022-03-17
kubernetes需要使用第三方的網路外掛來實現kubernetes的網路功能,這樣一來,安裝網路外掛成為必要前提;第三方網路外掛有多種,常用的有flanneld、calico和cannel(flanneld+calico),不同的網路元件,都提供基本的網路功能,為各個Node節點提供IP網路等。
二進位制下載連結https://github.com/coreos/flannel/releases/download/v0.11.0/flannel-v0.11.0-linux-amd64.tar.gz,下載完成後,分發到所有節點的/data/k8s/bin/目錄下。
Flannel外掛支援三種通訊模式如下
Flanneld配置寫到Etcd中
cd /data/k8s/work source /data/k8s/bin/env.sh etcdctl \ --endpoints=${ETCD_ENDPOINTS} \ --ca-file=/data/k8s/work/ca.pem \ --cert-file=/data/k8s/work/flanneld.pem \ --key-file=/data/k8s/work/flanneld-key.pem \ mk ${FLANNEL_ETCD_PREFIX}/config '{"Network":"'${CLUSTER_CIDR}'", "SubnetLen": 21, "Backend": {"Type": "vxlan", "DirectRouting": true}}'
這裡我們使用VxLan+DirectRouting的模式進行通訊,Node節點網段相同,直接路由,節點網段不同,使用Vxlan進行封裝;
檢視etcd中儲存配置
#!/bin/bash source /data/k8s/bin/env.sh etcdctl \ --endpoints=${ETCD_ENDPOINTS} \ --ca-file=/etc/kubernetes/cert/ca.pem \ --cert-file=/etc/flanneld/cert/flanneld.pem \ --key-file=/etc/flanneld/cert/flanneld-key.pem \ get ${FLANNEL_ETCD_PREFIX}/config 結果如下: {"Network":"172.19.0.0/16", "SubnetLen": 21, "Backend": {"Type": "vxlan", "DirectRouting": true}}
建立Flanneld啟動檔案並分發
#!/bin/bash
cd /data/k8s/work
source /data/k8s/bin/env.sh
cat > flanneld.service << EOF
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service
[Service]
Type=notify
ExecStart=/data/k8s/bin/flanneld \\
-etcd-cafile=/etc/kubernetes/cert/ca.pem \\
-etcd-certfile=/etc/flanneld/cert/flanneld.pem \\
-etcd-keyfile=/etc/flanneld/cert/flanneld-key.pem \\
-etcd-endpoints=${ETCD_ENDPOINTS} \\
-etcd-prefix=${FLANNEL_ETCD_PREFIX} \\
-iface=${IFACE} \\
-ip-masq
ExecStartPost=/data/k8s/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
Restart=always
RestartSec=5
StartLimitInterval=0
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
EOF
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
scp flannel
配置詳解
啟動flannel
#!/bin/bash
cd /data/k8s/work
source /data/k8s/bin/env.sh
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "systemctl daemon-reload && systemctl enable flanneld && systemctl restart flanneld"
done
驗證
#!/bin/bash
source /data/k8s/bin/env.sh
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "systemctl status flanneld|grep -i Active"
done
驗證結果
>>> 192.168.16.104
Active: active (running) since Sun 2019-12-29 18:03:43 CST; 1 months 0 days ago
>>> 192.168.16.105
Active: active (running) since Sat 2019-12-28 22:33:27 CST; 1 months 1 days ago
>>> 192.168.16.106
Active: active (running) since Sat 2019-12-28 22:33:27 CST; 1 months 1 days ago
>>> 192.168.16.107
Active: active (running) since Sat 2019-12-28 22:33:28 CST; 1 months 1 days ago
檢視已分配的網段資訊
#!/bin/bash
source /data/k8s/bin/env.sh
etcdctl \
--endpoints=${ETCD_ENDPOINTS} \
--ca-file=/etc/kubernetes/cert/ca.pem \
--cert-file=/etc/flanneld/cert/flanneld.pem \
--key-file=/etc/flanneld/cert/flanneld-key.pem \
ls ${FLANNEL_ETCD_PREFIX}/subnets
結果如下:
/kubernetes/network/subnets/172.19.120.0-21
/kubernetes/network/subnets/172.19.184.0-21
/kubernetes/network/subnets/172.19.72.0-21
/kubernetes/network/subnets/172.19.56.0-21
檢視下分配網段的詳情:
#!/bin/bash
source /data/k8s/bin/env.sh
etcdctl \
--endpoints=${ETCD_ENDPOINTS} \
--ca-file=/etc/kubernetes/cert/ca.pem \
--cert-file=/etc/flanneld/cert/flanneld.pem \
--key-file=/etc/flanneld/cert/flanneld-key.pem \
get ${FLANNEL_ETCD_PREFIX}/subnets/172.19.120.0-21
結果如下:
{"PublicIP":"192.168.16.104","BackendType":"vxlan","BackendData":{"VtepMAC":"aa:ea:b2:e1:88:a5"}}
總結
網路外掛有多種,根據公司或個人實際情況進行選擇,網上很多前輩說flannel支援的網路規模受限,建議使用calico,由於測試環境規模不大,這裡使用flannel即可滿足。