部署Flanneld网络

  • Flanneld:用于解决容器之间网络互通,这里我们要配置TLS认证。
  • Docker1.12.5:docker的安装很简单,这里也不说了。

配置Flanneld

  • 这里我们使用yum的方式部署Flanneld和docker
# yum install flannel docker -y

service配置文件/etc/systemd/system/flanneld.service

[Unit]

Description=Flanneld overlay address etcd agent

After=network.target

After=network-online.target

Wants=network-online.target

After=etcd.service

Before=docker.service

[Service]

Type=notify

EnvironmentFile=/etc/sysconfig/flanneld

EnvironmentFile=-/etc/sysconfig/docker-network

ExecStart=/usr/bin/flanneld-start $FLANNEL_OPTIONS

ExecStartPost=/usr/libexec/flannel/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker

Restart=on-failure

[Install]

WantedBy=multi-user.target

RequiredBy=docker.service

/etc/sysconfig/flanneld配置文件

# Flanneld configuration options  

# etcd url location.  Point this to the server where etcd runs

FLANNEL_ETCD_ENDPOINTS="https://192.168.1.121:2379,https://192.168.1.122:2379,https://192.168.1.123:2379"

# etcd config key.  This is the configuration key that flannel queries

# For address range assignment

FLANNEL_ETCD_PREFIX="/k8s-ks/network"

# Any additional options that you want to pass

FLANNEL_OPTIONS="-etcd-cafile=/etc/kubernetes/ssl/ca.pem -etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem -etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem"

在FLANNEL_OPTIONS中增加TLS的配置

在etcd中创建网络配置

执行下面的命令为docker分配IP地址段

# etcdctl --endpoints=https://192.168.1.121:2379,https://192.168.1.122:2379,https://192.168.1.123:2379 \

  --ca-file=/etc/kubernetes/ssl/ca.pem \

  --cert-file=/etc/kubernetes/ssl/kubernetes.pem \

  --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \

  mkdir /k8s-ks/network

# etcdctl --endpoints=https://192.168.1.121:2379,https://192.168.1.122:2379,https://192.168.1.123:2379 \

  --ca-file=/etc/kubernetes/ssl/ca.pem \

  --cert-file=/etc/kubernetes/ssl/kubernetes.pem \

  --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \

  mk /k8s-ks/network/config "{ \"Network\": \"172.30.0.0/16\", \"SubnetLen\": 24, \"Backend\": { \"Type\": \"vxlan\" } }"
  • 注意:vxlan的性能损耗大约是40%~50%,如果将Type设置为host-gw,网络性能损耗只有10%左右,而配置没有什么不同,只是要保证kubernetes的所有node都在同一个二层网络中。
  • 注意:这两条语句只需要在其中一台机器上执行即可

启动flanneld

在各节点上启动flanneld

# systemctl  enable flanneld

# systemctl  start flanneld
  • 启动flanneld后会在/run/flannel目录下生成subnet.env和docker文件
# ls /run/flannel/

docker  subnet.env

Flannel的文档中有写Docker Integration

Docker daemon accepts --bip argument to configure the subnet of the docker0 bridge. It also accepts --mtu to set the MTU for docker0 and veth devices that it will be creating. Since flannel writes out the acquired subnet and MTU values into a file, the script starting Docker can source in the values and pass them to Docker daemon:

执行如下命令:

# source /run/flannel/subnet.env

Systemd users can use EnvironmentFile directive in the .service file to pull in /run/flannel/subnet.env

  • 如果你不是使用yum安装的flanneld,那么需要下载flannel github release中的tar包,解压后会获得一个mk-docker-opts.sh文件。

这个文件是用来Generate Docker daemon options based on flannel env file

执行./mk-docker-opts.sh -i将会生成如下两个文件环境变量文件。

/run/flannel/subnet.env

FLANNEL_NETWORK=172.30.0.0/16

FLANNEL_SUBNET=172.30.46.1/24

FLANNEL_MTU=1450

FLANNEL_IPMASQ=false

/run/docker_opts.env

DOCKER_OPT_BIP="--bip=172.30.46.1/24"

DOCKER_OPT_IPMASQ="--ip-masq=true"

DOCKER_OPT_MTU="--mtu=1450"

启动docker

# systemctl enable docker

# systemctl start docker #各节点上执行

# systemctl status docker

现在查询etcd中的内容可以看到:

ETCD_ENDPOINTS=https://192.168.1.121:2379,https://192.168.1.122:2379,https://192.168.1.123:2379

# etcdctl --endpoints=${ETCD_ENDPOINTS} \

  --ca-file=/etc/kubernetes/ssl/ca.pem \

  --cert-file=/etc/kubernetes/ssl/kubernetes.pem \

  --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \

  ls /k8s-ks/network/subnets

2017-07-25 09:57:47.969181 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated

/k8s-ks/network/subnets/172.30.25.0-24

/k8s-ks/network/subnets/172.30.99.0-24

/k8s-ks/network/subnets/172.30.59.0-24

# etcdctl --endpoints=${ETCD_ENDPOINTS} \

  --ca-file=/etc/kubernetes/ssl/ca.pem \

  --cert-file=/etc/kubernetes/ssl/kubernetes.pem \

  --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \

  get /k8s-ks/network/config

2017-07-25 10:03:01.516739 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated

{ "Network": "172.30.0.0/16", "SubnetLen": 24, "Backend": { "Type": "vxlan" } }

#etcdctl --endpoints=${ETCD_ENDPOINTS} \

  --ca-file=/etc/kubernetes/ssl/ca.pem \

  --cert-file=/etc/kubernetes/ssl/kubernetes.pem \

  --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \

  get /k8s-ks/network/subnets/172.30.0.0-24

2017-07-25 10:12:17.911371 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated

{"PublicIP":"192.168.1.121","BackendType":"vxlan","BackendData":{"VtepMAC":"b2:bf:15:fb:f8:14"}}

# etcdctl --endpoints=${ETCD_ENDPOINTS} \

  --ca-file=/etc/kubernetes/ssl/ca.pem \

  --cert-file=/etc/kubernetes/ssl/kubernetes.pem \

  --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \

  get /k8s-ks/network/subnets/172.30.99.0-24

2017-07-25 10:20:22.044716 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated

{"PublicIP":"192.168.1.122","BackendType":"vxlan","BackendData":{"VtepMAC":"42:5d:f5:9c:72:ae"}}

# etcdctl --endpoints=${ETCD_ENDPOINTS} \

  --ca-file=/etc/kubernetes/ssl/ca.pem \

  --cert-file=/etc/kubernetes/ssl/kubernetes.pem \

  --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \

  get /k8s-ks/network/subnets/172.30.59.0-24

2017-07-25 10:20:27.175817 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated

{"PublicIP":"192.168.1.123","BackendType":"vxlan","BackendData":{"VtepMAC":"52:ad:8d:17:23:7a"}}
  • 可以使用ip addr查看网卡ip,比如如下:
  • 使用docker0的ip能互相ping通flanneld就算搭建完毕
3: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN

    link/ether b2:bf:15:fb:f8:14 brd ff:ff:ff:ff:ff:ff

    inet 172.30.25.0/32 scope global flannel.1

       valid_lft forever preferred_lft forever

4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN

    link/ether 02:42:c2:bd:a6:ae brd ff:ff:ff:ff:ff:ff

    inet 172.30.25.1/24 scope global docker0

       valid_lft forever preferred_lft forever


3: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN

    link/ether 42:5d:f5:9c:72:ae brd ff:ff:ff:ff:ff:ff

    inet 172.30.99.0/32 scope global flannel.1

       valid_lft forever preferred_lft forever

4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN

    link/ether 02:42:38:28:40:88 brd ff:ff:ff:ff:ff:ff

    inet 172.30.99.1/24 scope global docker0

       valid_lft forever preferred_lft forever

07-部署Flanneld网络的更多相关文章

  1. Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列之flanneld网络介绍及部署(三)

    0.前言 整体架构目录:ASP.NET Core分布式项目实战-目录 k8s架构目录:Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列目录 一.flanneld介绍 ...

  2. 二进制安装 kubernetes 1.12(二) - 安装docker, 部署Flannel网络

    在 node 节点上安装 docker 参考 https://www.cnblogs.com/klvchen/p/8468855.html Flannel 工作原理: 部署Flannel网络 在 ma ...

  3. 高可用Kubernetes集群-5. 部署flannel网络

    七.部署flannel网络 kubernetes支持基于vxlan方式的flannel与weave网络,基于BGP路由的Calico网络,本节采用flannel网络. Flannel网络采用etcd等 ...

  4. 部署Flannel网络

    部署Flannel网络 部署flannel网络需要执行以下步骤: 1)写入分配的子网段到etcd,供flanneld使用 2)下载二进制包 3)配置Flannel 4)systemd管理Flannel ...

  5. kubernetes容器集群部署Flannel网络

    Overlay Network:覆盖网络,在基础网络上叠加的一种虚拟网络技术模式,该网络中的主机通过虚拟链路连接起来. VXLAN:将源数据包封装到UDP中,并使用基础网络的IP/MAC作为外层报文头 ...

  6. Linux shell编写脚本部署pxe网络装机

    Linux shell编写脚本部署pxe网络装机 人工安装配置,Linux PXE无人值守网络装机  https://www.cnblogs.com/yuzly/p/10582254.html 脚本实 ...

  7. openstack (5)-- 部署 Neutron 网络服务

    Neutron 概念: 传统的网络管理方式很大程度上依赖于管理员手工配置和维护各种网络硬件设备:而云环境下的网络已经变得非常复杂,特别是在多租户场景里,用户随时都可能需要创建.修改和删除网络,网络的连 ...

  8. NTP网络授时服务器部署及网络时钟同步设置说明

    NTP网络授时服务器部署及网络时钟同步设置说明 NTP网络授时服务器部署及网络时钟同步设置说明  本文由安徽京准科技提供@请勿转载. 一.前言 1.NTP简介 NTP是网络时间协议(Network T ...

  9. 8、二进制安装K8s之部署CIN网络

    二进制安装K8s之部署CIN网络 部署CIN网络可以使用flannel或者calico,这里介绍使用calico ecd 方式部署. 1.下载calico二进制安装包 创建所需目录 mkdir -p ...

随机推荐

  1. Python 学习图谱

    https://mp.weixin.qq.com/s/-fJYAlOs4ui0YeJ-W6BkeQ

  2. Netty4.0源码解析 NioServerSocketChannel

    一.引言Netty的Channel在JDK NIO的Channel基础上做了一层封装,提供了更多的功能.Netty的中的Channel实现类主要有:NioServerSocketChannel(用于服 ...

  3. CentOS6.8 使man支持显示中文

    1.安装显示中文的man命令 wget https://src.fedoraproject.org/repo/pkgs/man-pages-zh-CN/manpages-zh-1.5.1.tar.gz ...

  4. Oracle一次Insert多条数据

    insert all into JK_TB_DATE (fbmmc,fgzjh,fsbmc,fsbxh,fsbbh,db_shuifenyi,db_pihao,db_wuliaobianma) ',' ...

  5. Pandas分组

    GroupBy技术 分组运算的过程可以用下面的流程图表示出来 import pandas as pd from pandas import Series import numpy as np df = ...

  6. m3u8文件什么合成便于播放的MP4的方法

    先大家要知道M3U8文件不是一个视频文件,里面全是一些路径,说白了就是一个目录而已,所以要看视频,要找到对应存放视频的文件夹.如果不知道怎么找,可以使用文本格式打开M3U8文件,里面会有路径提示.   ...

  7. FortiGate双链路不同运营商上网配置

    1.防火墙端口配置 2.LLB配置

  8. 364. Nested List Weight Sum II 大小反向的括号加权求和

    [抄题]: Given a nested list of integers, return the sum of all integers in the list weighted by their ...

  9. [leetcode]42. Trapping Rain Water雨水积水问题

    Given n non-negative integers representing an elevation map where the width of each bar is 1, comput ...

  10. spring mvc controller中的参数验证机制(二)

    这里我们介绍以下自定义的校验器的简单的使用示例 一.包结构和主要文件 二.代码 1.自定义注解文件MyConstraint package com.knyel.validator; import ja ...