二进制部署K8s集群第19节addons之flannel三种模型安装部署详解

二进制部署K8s集群第19节addons之flannel三种模型安装部署详解

常见的CNI网络插件：

Flannel Calico Canal Contiv OpenContrail NSX-T Kube-router

Flannel三种模型：

host-gw VxLan Directrouting

1.1 host-gw模型

host-gw模型即网关模式，在服务器直接添加一条静态路由即可，效率高，各节点必须在同一网段

10.4.7.21通过172.7.22.0这条静态路由连接10.4.7.22这台主机再连接172.7.21网段，反之亦是

/opt/etcd/etcdctl set /coreos.com/network/config '{"Network": "172.7.0.0/16", "Backend": {"Type": "host-gw"}}' /opt/etcd/etcdctl set /coreos.com/network/config # 查看 /opt/etcd/etcdctl rm /coreos.com/network/config # 删除

1.2 VxLAN模型

在不同网段，可以用VxLAN模式，主机A会生成一个flannel.1网卡，通过封装头从flannel.1网卡出去通过flanne隧道传出，从flannel.1网卡传入拆包，到达目标主机网卡到指向的静态路由，效率低

/opt/etcd/etcdctl set /coreos.com/network/config '{"Network": "172.7.0.0/16", "Backend": {"Type": "VxLAN"}}'

1.3 Directrouting模型

直接路由模式，结合了VxLAN和host-gw模型 自动识别服务器，如果同网段，则使用host-gw模型，如果不同网段则使用VxLAN模型

/opt/etcd/etcdctl set /coreos.com/network/config '{"Network": "172.7.0.0/16", "Backend": {"Type": "VxLAN","Directrouting": true}}'

1.4 Flannel部署

1.4.1 集群规划

1.4.2 下载解压

在hdss21-host.com操作，hdss22-host.com操作类似 下载链接：/opt/src rz ==> flannel-v0.12.0-linux-amd64.tar.gz mkdir /opt/flanneld-v0.12.0 tar xf flannel-v0.12.0-linux-amd64.tar.gz -C /opt/flanneld-v0.12.0 ln -s /opt/flanneld-v0.12.0 /opt/flannel

1.4.3 创建配置

cat > /opt/flannel/subnet.env <<'eof' FLANNEL_NETWORK=172.7.0.0/16 FLANNEL_SUBNET=172.7.21.1/24 FLANNEL_MTU=1500 FLANNEL_IPMASQ=false eof

不同地方 172.4.7.21 配置 FLANNEL_SUBNET=172.7.21.1/24 172.4.7.22 配置 FLANNEL_SUBNET=172.7.22.1/24

1.4.4 拷贝证书

mkdir /opt/flannel/certs scp hdss7-200:/opt/certs/ca.pem /opt/flannel/certs/ scp hdss7-200:/opt/certs/client.pem /opt/flannel/certs/ scp hdss7-200:/opt/certs/client-key.pem /opt/flannel/certs/

1.4.5 创建启动脚本

cat > /opt/flannel/flanneld.sh <<'eof' #!/bin/sh ./flanneld \ --public-ip=10.4.7.21 \ --etcd-endpoints=\ --etcd-keyfile=./certs/client-key.pem \ --etcd-certfile=./certs/client.pem \ --etcd-cafile=./certs/ca.pem \ --iface=ens33 \ --subnet-file=./subnet.env \ --healthz-port=2401 eof chmod +x /opt/flannel/flanneld.sh mkdir -p /data/logs/flanneld

不同地方： 172.4.7.21 配置 -public-ip=10.4.7.21 172.4.7.22 配置 -public-ip=10.4.7.22 --iface=ens33 配置为服务器网卡名

1.4.6 创建supervisor配置

cat > /etc/supervisord.d/flanneld.ini << 'eof' [program:flanneld-7-21] command=/opt/flannel/flanneld.sh ; the program (relative uses PATH, can take args) numprocs=1 ; number of processes copies to start (def 1) directory=/opt/flannel ; directory to cwd to before exec (def no cwd) autostart=true ; start at supervisord start (default: true) autorestart=true ; retstart at unexpected quit (default: true) startsecs=22 ; number of secs prog must stay running (def. 1) startretries=3 ; max # of serial start failures (default 3) exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) stopsignal=QUIT ; signal used to kill process (default TERM) stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) user=root ; setuid to this UNIX account to run the program redirect_stderr=false ; redirect proc stderr to stdout (default false) stdout_logfile=/data/logs/flanneld/flanneld.stdout.log ; stdout log path, NONE for none; default AUTO stdout_logfile_maxbytes=64MB ; max # logfile bytes b4 rotation (default 50MB) stdout_logfile_backups=4 ; # of stdout logfile backups (default 10) stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) stdout_events_enabled=false ; emit events on stdout writes (default false) stderr_logfile=/data/logs/flanneld/flanneld.stderr.log ; stderr log path, NONE for none; default AUTO stderr_logfile_maxbytes=64MB ; max # logfile bytes b4 rotation (default 50MB) stderr_logfile_backups=4 ; # of stderr logfile backups (default 10) stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) stderr_events_enabled=false eof

不同地方：[program:flanneld-7-21]

1.5 使用host-gw模型

hdss21-host.com操作，任意一台etcd机器操作都可以

/opt/etcd/etcdctl set /coreos.com/network/config '{"Network": "172.7.0.0/16", "Backend": {"Type": "host-gw"}}' supervisorctl update supervisorctl status [root@hdss7-22 ~]# route -n # 在22主机上可看到添加了一条10.4.7.21的静态路由 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.4.7.254 0.0.0.0 UG 100 0 0 ens33 10.4.7.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 172.7.21.0 10.4.7.21 255.255.255.0 UG 0 0 0 ens33 172.7.22.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0 [root@hdss7-21 ~]# route -n # 在21主机上可看到添加了一条10.4.7.22的静态路由 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.4.7.254 0.0.0.0 UG 100 0 0 ens33 10.4.7.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 172.7.21.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0 172.7.22.0 10.4.7.22 255.255.255.0 UG 0 0 0 ens33 [root@hdss7-21 ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES my-nginx-h88nr 1/1 Running 1 3h46m 172.7.22.2 hdss7-22.host.com my-nginx-vrlsk 1/1 Running 0 3h46m 172.7.21.2 hdss7-21.host.com [root@hdss7-21 ~]# ping 172.7.22.2 [root@hdss7-22 ~]# ping 172.7.21.2

由于flanned网络的gw模型是直接帮你添加一条静态路由，若不用flanned插件，可自行添加路由打通网络 10.4.7.21上操作 route add -net 172.7.22.0/24 gw 10.4.7.22 iptables -I FORWARD -d 172.7.21.0/24 -j ACCEPT 10.4.7.22上操作 route add -net 172.7.21.0/24 gw 10.4.7.21 iptables -I FORWARD -d 172.7.22.0/24 -j ACCEPT

1.6 使用VxLAN模型

关闭两台机flannel 删除两台机先前添加的静态路由 删除etc先前的设置重新添加新模型保存 启动flannel查看网卡

[root@hdss7-21 ~]# supervisorctl stop flanneld [root@hdss7-22 ~]# supervisorctl stop flanneld [root@hdss7-22 ~]# route del -net 172.7.21.0/24 gw 10.4.7.21 [root@hdss7-21 ~]# route del -net 172.7.22.0/24 gw 10.4.7.22 [root@hdss7-21 ~]# /opt/etcd/etcdctl rm /coreos.com/network/config [root@hdss7-21 ~]# /opt/etcd/etcdctl set /coreos.com/network/config '{"Network": "172.7.0.0/16", "Backend": {"Type": "VxLAN"}}' [root@hdss7-21 ~]# /opt/etcd/etcdctl get /coreos.com/network/config [root@hdss7-21 ~]# supervisorctl start flanneld [root@hdss7-22 ~]# supervisorctl start flanneld [root@hdss7-21 ~]# ifconfig flannel.1 flannel.1: flags=4163 mtu 1450 inet 172.7.21.0 netmask 255.255.255.255 broadcast 0.0.0.0 inet6 fe80::803:ff:fe6d:1f33 prefixlen 64 scopeid 0x20 ether 0a:03:00:6d:1f:33 txqueuelen 0 (Ethernet) RX packets 10 bytes 2234 (2.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 14 bytes 892 (892.0 B) TX errors 0 dropped 8 overruns 0 carrier 0 collisions 0 [root@hdss7-22 etcd]# ifconfig flannel.1 flannel.1: flags=4163 mtu 1450 inet 172.7.22.0 netmask 255.255.255.255 broadcast 0.0.0.0 inet6 fe80::d0c2:4bff:fe29:df00 prefixlen 64 scopeid 0x20 ether d2:c2:4b:29:df:00 txqueuelen 0 (Ethernet) RX packets 14 bytes 892 (892.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 10 bytes 2234 (2.1 KiB) TX errors 0 dropped 8 overruns 0 carrier 0 collisions 0 [root@hdss7-22 etcd]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.4.7.254 0.0.0.0 UG 100 0 0 ens33 10.4.7.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 172.7.21.0 172.7.21.0 255.255.255.0 UG 0 0 0 flannel.1 172.7.22.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0 [root@hdss7-21 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.4.7.254 0.0.0.0 UG 100 0 0 ens33 10.4.7.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 172.7.21.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0 172.7.22.0 172.7.22.0 255.255.255.0 UG 0 0 0 flannel.1 [root@hdss7-21 ~]# ping 172.7.22.2 [root@hdss7-22 ~]# ping 172.7.21.2

1.7 使用Directrouting模型

hdss7-21主机操作为例，7-22操作类似

supervisorctl stop flanneld [root@hdss7-21 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.4.7.254 0.0.0.0 UG 100 0 0 ens33 10.4.7.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 172.7.21.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0 172.7.22.0 172.7.22.0 255.255.255.0 UG 0 0 0 flannel.1 route del -net 172.7.22.0/24 gw 172.7.22.0 # 删除旧flannel路由 /opt/etcd/etcdctl rm /coreos.com/network/config # 删除旧数据 /opt/etcd/etcdctl set /coreos.com/network/config '{"Network": "172.7.0.0/16", "Backend": {"Type": "VxLAN","Directrouting": true}}' #设置新数据 /opt/etcd/etcdctl get /coreos.com/network/config supervisorctl start flanneld [root@hdss7-21 ~]# route -n # 由于服务器同网段直接路由模型使用host-gw模型 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.4.7.254 0.0.0.0 UG 100 0 0 ens33 10.4.7.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 172.7.21.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0 172.7.22.0 10.4.7.22 255.255.255.0 UG 0 0 0 ens33 [root@hdss7-21 ~]# ping 172.7.22.2

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。