一.kubernetes网络模型
kubernetes网络模型(CNI)
Container Network Interface:容器网络接口
k8s网络模型设计要求:
1.一个Pod一个IP
2.每个Pod独立IP,Pod内所有容器共享网络(同一个IP)
3.所有容器都可以与其他容器通信
4.所有节点都可以与所有容器通信
flannel 小规模集群(100台以下)
calic 大规模集群
Contiv 集合flannel和calic的优点
二.安装配置flannel
2.1.在所有的node机器上安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo yum install docker-ce -y #如果出现拉取镜像较慢的情况,可以配置docker镜像站来进行加速 curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io systemctl enable docker systemctl start docker vim /etc/docker/daemon.json { "log-driver": "json-file", "log-opts": { "max-size": "5g", "max-file": "3" } } systemctl restart docker
2.2.配置安装flannel
使用flannel作为k8s网络模型,使用VXLAN作为数据转发方式
2.2.1.写入分配的子网到etcd中,供flannel使用
/opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.244.226:2379,https://192.168.244.227:2379,https://192.168.244.228:2379" set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'
查看配置
/opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.244.226:2379,https://192.168.244.227:2379,https://192.168.244.228:2379" get /coreos.com/network/config
2.2.3.下载安装flannel
wget https://github.com/coreos/flannel/releases/download/v0.11.0/flannel-v0.11.0-linux-amd64.tar.gz
tar -zxvf flannel-v0.11.0-linux-amd64.tar.gz
mkdir /opt/kubernetes/{bin,cfg,ssl,logs} -p mv flanneld mk-docker-opts.sh /opt/kubernetes/bin/
执行安装脚本
#!/bin/bash ETCD_ENDPOINTS=${1:-"http://127.0.0.1:2379"} cat <<EOF >/opt/kubernetes/cfg/flanneld FLANNEL_OPTIONS="--etcd-endpoints=${ETCD_ENDPOINTS} \ -etcd-cafile=/opt/etcd/ssl/ca.pem \ -etcd-certfile=/opt/etcd/ssl/server.pem \ -etcd-keyfile=/opt/etcd/ssl/server-key.pem" EOF cat <<EOF >/usr/lib/systemd/system/flanneld.service [Unit] Description=Flanneld overlay address etcd agent After=network-online.target network.target Before=docker.service [Service] Type=notify EnvironmentFile=/opt/kubernetes/cfg/flanneld ExecStart=/opt/kubernetes/bin/flanneld --ip-masq \$FLANNEL_OPTIONS ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env Restart=on-failure [Install] WantedBy=multi-user.target EOF cat <<EOF >/usr/lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify # 读取flannel分配的子网网段 EnvironmentFile=/run/flannel/subnet.env # 修改docker启动配置,设置docker启动的子网 ExecStart=/usr/bin/docker \$DOCKER_NETWORK_OPTIONS ExecReload=/bin/kill -s HUP \$MAINPID LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TimeoutStartSec=0 Delegate=yes KillMode=process Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable flanneld systemctl restart flanneld systemctl restart docker
sh -x flannel.sh https://192.168.244.226:2379,https://192.168.244.227:2379,https://192.168.244.228:2379
2.2.4.查看ETCD中flannel注册的网段信息
/opt/etcd/bin/etcdctl -ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.244.226:2379,https://192.168.244.227:2379,https://192.168.244.228:2379" ls /coreos.com/network/subnets/
查看docker和flannel的网段信息,docker会使用flannel中的一个子网网段IP
2.2.5.测试两台node之间容器的通信
docker run --rm -it busybox