zoukankan      html  css  js  c++  java
  • 二进制部署K8S集群(十八)addons之flannel三种模型安装部署详解

    0.架构图

    kubernetes设计了网络模型,但却将它的实现交给了网络插件,CNI网络插件最主要的功能主是实现pod资源能够跨宿主机进行通信。

    常见的CNI网络插件:

    • Flannel
    • Calico
    • Canal
    • Contiv
    • OpenContrail
    • NSX-T
    • Kube-router

    1.Flannel三种模型

    • host-gw
    • VxLan
    • Directrouting

    1.1 host-gw模型

    host-gw模型即网关模式,在服务器直接添加一条静态路由即可,效率高,各节点必须在同一网段。
    10.4.7.21通过172.7.22.0这条静态路由连接10.4.7.22这台主机再连接172.7.21网段,反之亦是。

    /opt/etcd/etcdctl set /coreos.com/network/config '{"Network": "172.7.0.0/16", "Backend": {"Type": "host-gw"}}' 
    /opt/etcd/etcdctl set /coreos.com/network/config # 查看
    /opt/etcd/etcdctl rm /coreos.com/network/config # 删除
    

    1.2 VxLAN模型

    在不同网段,可以用VxLAN模式,主机A会生成一个flannel.1网卡,通过封装头从flannel.1网卡出去通过flanne隧道传出,从flannel.1网卡传入拆包,到达目标主机网卡到指向的静态路由,效率低。

    /opt/etcd/etcdctl set /coreos.com/network/config '{"Network": "172.7.0.0/16", "Backend": {"Type": "VxLAN"}}'
    

    1.3 Directrouting模型

    直接路由模式,结合了VxLAN和host-gw模型,自动识别服务器,如果同网段,则使用host-gw模型,如果不同网段则使用VxLAN模型。

    /opt/etcd/etcdctl set /coreos.com/network/config '{"Network": "172.7.0.0/16", "Backend": {"Type": "VxLAN","Directrouting": true}}'
    

    1.4 Flannel部署

    1.4.1 集群规划
    主机名 IP 角色 节点
    hdss7-21.host.com 10.4.7.21 Flannel Node
    hdss7-22.host.com 10.4.7.22 Flannel Node
    1.4.2 下载解压

    在hdss21-host.com操作,hdss22-host.com操作类似。

    下载链接:https://github.com/coreos/flannel/releases

    cd /opt/src
    rz ==> flannel-v0.12.0-linux-amd64.tar.gz
    mkdir /opt/flanneld-v0.12.0
    tar xf flannel-v0.12.0-linux-amd64.tar.gz -C /opt/flanneld-v0.12.0
    ln -s /opt/flanneld-v0.12.0 /opt/flannel
    
    1.4.3 创建配置
    cat > /opt/flannel/subnet.env <<'eof'
    FLANNEL_NETWORK=172.7.0.0/16
    FLANNEL_SUBNET=172.7.21.1/24
    FLANNEL_MTU=1500
    FLANNEL_IPMASQ=false
    eof
    

    注:不同地方

    172.4.7.21 配置 FLANNEL_SUBNET=172.7.21.1/24
    172.4.7.22 配置 FLANNEL_SUBNET=172.7.22.1/24
    
    1.4.4 拷贝证书
    mkdir /opt/flannel/certs
    scp hdss7-200:/opt/certs/ca.pem /opt/flannel/certs/
    scp hdss7-200:/opt/certs/client.pem /opt/flannel/certs/
    scp hdss7-200:/opt/certs/client-key.pem /opt/flannel/certs/
    
    1.4.5 创建启动脚本
    cat > /opt/flannel/flanneld.sh <<'eof'
    #!/bin/sh
    ./flanneld 
      --public-ip=10.4.7.21 
      --etcd-endpoints=https://10.4.7.12:2379,https://10.4.7.21:2379,https://10.4.7.22:2379 
      --etcd-keyfile=./certs/client-key.pem 
      --etcd-certfile=./certs/client.pem 
      --etcd-cafile=./certs/ca.pem 
      --iface=ens33 
      --subnet-file=./subnet.env 
      --healthz-port=2401
    eof
    chmod +x /opt/flannel/flanneld.sh 
    mkdir -p /data/logs/flanneld
    

    注:不同地方

    172.4.7.21 配置 -public-ip=10.4.7.21
    172.4.7.22 配置 -public-ip=10.4.7.22
    –iface=ens33 配置为服务器网卡名
    
    1.4.6 创建supervisor配置
    cat > /etc/supervisord.d/flanneld.ini << 'eof'
    [program:flanneld-7-21]
    command=/opt/flannel/flanneld.sh                             ; the program (relative uses PATH, can take args)
    numprocs=1                                                   ; number of processes copies to start (def 1)
    directory=/opt/flannel                                       ; directory to cwd to before exec (def no cwd)
    autostart=true                                               ; start at supervisord start (default: true)
    autorestart=true                                             ; retstart at unexpected quit (default: true)
    startsecs=22                                                 ; number of secs prog must stay running (def. 1)
    startretries=3     				             ; max # of serial start failures (default 3)
    exitcodes=0,2      				             ; 'expected' exit codes for process (default 0,2)
    stopsignal=QUIT    				             ; signal used to kill process (default TERM)
    stopwaitsecs=10    				             ; max num secs to wait b4 SIGKILL (default 10)
    user=root                                                    ; setuid to this UNIX account to run the program
    redirect_stderr=false                                        ; redirect proc stderr to stdout (default false)
    stdout_logfile=/data/logs/flanneld/flanneld.stdout.log       ; stdout log path, NONE for none; default AUTO
    stdout_logfile_maxbytes=64MB                                 ; max # logfile bytes b4 rotation (default 50MB)
    stdout_logfile_backups=4                                     ; # of stdout logfile backups (default 10)
    stdout_capture_maxbytes=1MB                                  ; number of bytes in 'capturemode' (default 0)
    stdout_events_enabled=false                                  ; emit events on stdout writes (default false)
    stderr_logfile=/data/logs/flanneld/flanneld.stderr.log       ; stderr log path, NONE for none; default AUTO
    stderr_logfile_maxbytes=64MB                                 ; max # logfile bytes b4 rotation (default 50MB)
    stderr_logfile_backups=4                                     ; # of stderr logfile backups (default 10)
    stderr_capture_maxbytes=1MB                                  ; number of bytes in 'capturemode' (default 0)
    stderr_events_enabled=false  
    eof
    

    注:不同地方[program:flanneld-7-21]

    1.5 使用host-gw模型

    hdss21-host.com操作,任意一台etcd机器操作都可以。

    /opt/etcd/etcdctl set /coreos.com/network/config '{"Network": "172.7.0.0/16", "Backend": {"Type": "host-gw"}}'
    supervisorctl update
    supervisorctl status
    [root@hdss7-22 ~]# route -n # 在22主机上可看到添加了一条10.4.7.21的静态路由
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         10.4.7.254      0.0.0.0         UG    100    0        0 ens33
    10.4.7.0        0.0.0.0         255.255.255.0   U     100    0        0 ens33
    172.7.21.0      10.4.7.21       255.255.255.0   UG    0      0        0 ens33
    172.7.22.0      0.0.0.0         255.255.255.0   U     0      0        0 docker0
    [root@hdss7-21 ~]# route -n # 在21主机上可看到添加了一条10.4.7.22的静态路由
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         10.4.7.254      0.0.0.0         UG    100    0        0 ens33
    10.4.7.0        0.0.0.0         255.255.255.0   U     100    0        0 ens33
    172.7.21.0      0.0.0.0         255.255.255.0   U     0      0        0 docker0
    172.7.22.0      10.4.7.22       255.255.255.0   UG    0      0        0 ens33
    [root@hdss7-21 ~]# kubectl get pods -o wide
    NAME             READY   STATUS    RESTARTS   AGE     IP           NODE                NOMINATED NODE   READINESS GATES
    my-nginx-h88nr   1/1     Running   1          3h46m   172.7.22.2   hdss7-22.host.com   <none>           <none>
    my-nginx-vrlsk   1/1     Running   0          3h46m   172.7.21.2   hdss7-21.host.com   <none>           <none>
    [root@hdss7-21 ~]# ping 172.7.22.2
    [root@hdss7-22 ~]# ping 172.7.21.2
    

    由于flanned网络的gw模型是直接帮你添加一条静态路由,若不用flanned插件,可自行添加路由打通网络

    10.4.7.21上操作:
    route add -net 172.7.22.0/24 gw 10.4.7.22
    iptables -I FORWARD -d 172.7.21.0/24 -j ACCEPT
    
    10.4.7.22上操作:
    route add -net 172.7.21.0/24 gw 10.4.7.21
    iptables -I FORWARD -d 172.7.22.0/24 -j ACCEPT
    

    1.6 使用VxLAN模型

    • 关闭两台机器flannel
    • 删除两台机器先前添加的静态路由
    • 删除etc先前的设置重新添加新模型保存
    • 启动flannel查看网卡
    [root@hdss7-21 ~]# supervisorctl stop flanneld 
    [root@hdss7-22 ~]# supervisorctl stop flanneld 
    [root@hdss7-22 ~]# route del -net 172.7.21.0/24 gw 10.4.7.21
    [root@hdss7-21 ~]# route del -net 172.7.22.0/24 gw 10.4.7.22
    [root@hdss7-21 ~]# /opt/etcd/etcdctl rm /coreos.com/network/config
    [root@hdss7-21 ~]# /opt/etcd/etcdctl set /coreos.com/network/config '{"Network": "172.7.0.0/16", "Backend": {"Type": "VxLAN"}}'
    [root@hdss7-21 ~]# /opt/etcd/etcdctl get /coreos.com/network/config
    [root@hdss7-21 ~]# supervisorctl start flanneld
    [root@hdss7-22 ~]# supervisorctl start flanneld
    [root@hdss7-21 ~]# ifconfig flannel.1
    flannel.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
            inet 172.7.21.0  netmask 255.255.255.255  broadcast 0.0.0.0
            inet6 fe80::803:ff:fe6d:1f33  prefixlen 64  scopeid 0x20<link>
            ether 0a:03:00:6d:1f:33  txqueuelen 0  (Ethernet)
            RX packets 10  bytes 2234 (2.1 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 14  bytes 892 (892.0 B)
            TX errors 0  dropped 8 overruns 0  carrier 0  collisions 0
    [root@hdss7-22 etcd]# ifconfig flannel.1
    flannel.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
            inet 172.7.22.0  netmask 255.255.255.255  broadcast 0.0.0.0
            inet6 fe80::d0c2:4bff:fe29:df00  prefixlen 64  scopeid 0x20<link>
            ether d2:c2:4b:29:df:00  txqueuelen 0  (Ethernet)
            RX packets 14  bytes 892 (892.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 10  bytes 2234 (2.1 KiB)
            TX errors 0  dropped 8 overruns 0  carrier 0  collisions 0
    [root@hdss7-22 etcd]# route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         10.4.7.254      0.0.0.0         UG    100    0        0 ens33
    10.4.7.0        0.0.0.0         255.255.255.0   U     100    0        0 ens33
    172.7.21.0      172.7.21.0      255.255.255.0   UG    0      0        0 flannel.1
    172.7.22.0      0.0.0.0         255.255.255.0   U     0      0        0 docker0
    [root@hdss7-21 ~]# route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         10.4.7.254      0.0.0.0         UG    100    0        0 ens33
    10.4.7.0        0.0.0.0         255.255.255.0   U     100    0        0 ens33
    172.7.21.0      0.0.0.0         255.255.255.0   U     0      0        0 docker0
    172.7.22.0      172.7.22.0      255.255.255.0   UG    0      0        0 flannel.1
    [root@hdss7-21 ~]# ping 172.7.22.2
    [root@hdss7-22 ~]# ping 172.7.21.2
    

    1.7 使用Directrouting模型

    hdss7-21主机操作为例,7-22操作类似

    supervisorctl stop flanneld
    [root@hdss7-21 ~]# route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         10.4.7.254      0.0.0.0         UG    100    0        0 ens33
    10.4.7.0        0.0.0.0         255.255.255.0   U     100    0        0 ens33
    172.7.21.0      0.0.0.0         255.255.255.0   U     0      0        0 docker0
    172.7.22.0      172.7.22.0      255.255.255.0   UG    0      0        0 flannel.1
    
    route del -net 172.7.22.0/24 gw 172.7.22.0 # 删除旧flannel路由
    /opt/etcd/etcdctl rm /coreos.com/network/config # 删除旧数据
    /opt/etcd/etcdctl set /coreos.com/network/config '{"Network": "172.7.0.0/16", "Backend": {"Type": "VxLAN","Directrouting": true}}' #设置新数据
    /opt/etcd/etcdctl get /coreos.com/network/config
    supervisorctl start flanneld
    [root@hdss7-21 ~]# route -n # 由于服务器同网段直接路由模型使用host-gw模型
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         10.4.7.254      0.0.0.0         UG    100    0        0 ens33
    10.4.7.0        0.0.0.0         255.255.255.0   U     100    0        0 ens33
    172.7.21.0      0.0.0.0         255.255.255.0   U     0      0        0 docker0
    172.7.22.0      10.4.7.22       255.255.255.0   UG    0      0        0 ens33
    [root@hdss7-21 ~]# ping 172.7.22.2
    
  • 相关阅读:
    NFS共享储存
    Rsync服务
    企业集群架构概述
    定时任务
    开机启动流程
    进程管理(二)
    linux系统管理-进程管理
    RAID&LVM有关磁盘的故障
    gdisk分区及swap分区
    操作系统与磁盘管理
  • 原文地址:https://www.cnblogs.com/even160941/p/15048905.html
Copyright © 2011-2022 走看看