zoukankan      html  css  js  c++  java
  • k8s的两种网络方案与多种工作模式[flannel与calico]

    k8s的两种网络方案与多种工作模式

    1. Flannel:

    flannel有三种工作模式:
    1. vxlan(隧道方案) 2. host-gw(路由方案)
    2. udp(在用户态实现的数据封装解封装,由于性能较差已经被弃用)

    vxlan模式:

    vxlan模式会在当前服务器中创建一个cni0的网桥,和flannel.1隧道端点. 这个隧道端点会对数据包进行再次封装.然后flannel会把数据包传输到目标节点中.同时它也会在本地创建几个路由表.(可以通过命令 ip route 查看到)
    [root@k8s-master1 ~]# ip route
    default via 10.0.0.254 dev eth0 
    10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.63 
    10.244.1.0/24 via 10.244.1.0 dev flannel.1 onlink 
    10.244.2.0/24 via 10.244.2.0 dev flannel.1 onlink 
    169.254.0.0/16 dev eth0 scope link metric 1002 
    172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
    

    1.1 Flannel网络部署与卸载:

    1. 安装flannel网络:
    wget https://www.chenleilei.net/soft/k8s/kube-flannel.yaml
    kubectl apply -f kube-flannel.yaml
    
    1.1 验证网络:
    1.1.1 创建一个应用
    kubectl create deployment nginx --image=nginx
    kubectl expose deployment nginx --port=80 --target-port=80 --type=NodePort
    1.1.2 检查测试:
    [root@k8s-master1 ~]# kubectl get pods -o wide
    NAME                    READY   STATUS    RESTARTS   AGE   IP            NODE        NOMINATED NODE   READINESS GATES
    nginx-f89759699-rcgh2   1/1     Running   0          52s   10.244.2.16   k8s-node2   <none>           <none>
    1.1.3 测试flannel网络连通性:
    [root@k8s-master1 ~]# ping 10.244.2.16
    PING 10.244.2.16 (10.244.2.16) 56(84) bytes of data.
    64 bytes from 10.244.2.16: icmp_seq=1 ttl=63 time=0.865 ms
    64 bytes from 10.244.2.16: icmp_seq=2 ttl=63 time=0.549 ms
    
    1.1.4 卸载flannel网络:
    [root@k8s-master1 ~]# ip route
    default via 10.0.0.254 dev eth0 
    10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.63 
    10.244.1.0/24 via 10.244.1.0 dev flannel.1 onlink  # <---flannel网络
    10.244.2.0/24 via 10.244.2.0 dev flannel.1 onlink  # <---flannel网络
    169.254.0.0/16 dev eth0 scope link metric 1002 
    172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
    
    [老师提供方法: 所有服务器执行]
    ip link delete cni0
    ip link delete flannel.1
    
    执行后,检查ip route 查看是否有路由表,flannel网络已经不存在.
    [root@k8s-master1 ~]# ip link delete cni0
    Cannot find device "cni0"
    [root@k8s-master1 ~]# ip link delete flannel.1
    [root@k8s-master1 ~]# ip route
    default via 10.0.0.254 dev eth0 
    10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.63 
    169.254.0.0/16 dev eth0 scope link metric 1002 
    172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
    
    
    1.1.5 测试
    [root@k8s-master1 ~]# kubectl get pods -o wide
    NAME                    READY   STATUS    RESTARTS   AGE   IP            NODE        NOMINATED NODE   READINESS GATES
    nginx-f89759699-rcgh2   1/1     Running   0          23m   10.244.2.16   k8s-node2   <none>           <none>
    [root@k8s-master1 ~]# ping 10.244.2.16
    PING 10.244.2.16 (10.244.2.16) 56(84) bytes of data.
    ^C
    --- 10.244.2.16 ping statistics ---
    68 packets transmitted, 0 received, 100% packet loss, time 68199ms
    
    此时,没有flannel网络的情况下,nginx的这个pod已经无法访问.
    
    在卸载网络插件时无法删除可以使用 --grace-period=0 --force
    如:
    kubectl delete pod coredns-7ff77c879f-5cc29 -n kube-system --grace-period=0 --force
    

    2. Calico网络部署与卸载

    calico有2种中作模式:
    1. ipip(隧道方案) 2.bgp(路由方案)

    注意: 公有云可能会对路由方案造成影响,并且有的云主机会禁止路由(bgp)方案,所以有些云厂商是禁止此实现方式的,因为他会写入路由表,这样可能会影响到厂商现有网络.

    路由方案: 对现有网络有一定的要求,但是他的性能最好,它是直接的路由转发模式,他不会经过数据包封装再封装,没有网络消耗.此方案优先选择,但是也要看厂商是否支持. 它会要求,二层网络可达
    隧道方案: 对现有网络要求不高,它只需要三层通信正常基本都可以通信.

     calico网络插件下载:
     官方地址:
     wget https://docs.projectcalico.org/manifests/calico.yaml
     个人网盘地址:
     wget https://www.chenleilei.net/soft/k8s/calico.yaml
    
    注意: 安装calico网络插件 需要卸载 flannel网络插件.
    
    #卸载flannel网络:
    ip link delete cni0
    ip link delete flannel.1
    kubectl delete  -f kube-flannel.yaml
    
    #执行后,检查ip route 查看是否有路由表,flannel网络已经不存在.
    [root@k8s-master1 ~]# ip link delete cni0
    Cannot find device "cni0"
    [root@k8s-master1 ~]# ip link delete flannel.1
    [root@k8s-master1 ~]# ip route
    default via 10.0.0.254 dev eth0 
    10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.63 
    169.254.0.0/16 dev eth0 scope link metric 1002 
    172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
     
     
     calico配置:
    1.默认网段修改:
    找到以下内容:
    # - name: CALICO_IPV4POOL_CIDR
    #   value: "192.168.0.0/16"
    改为安装kubernetes时初始化的网段:
    - name: CALICO_IPV4POOL_CIDR
      value: "10.244.0.0/16"
      
     2. 安装calico网络插件 执行yaml
     [root@k8s-master1 ~]# kubectl apply -f calico.yaml 
    configmap/calico-config created
    customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
    customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
    customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
    customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
    customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
    customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
    customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
    customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
    customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
    customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
    customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
    customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
    customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created
    customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
    customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
    clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
    clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
    clusterrole.rbac.authorization.k8s.io/calico-node created
    clusterrolebinding.rbac.authorization.k8s.io/calico-node created
    daemonset.apps/calico-node created
    serviceaccount/calico-node created
    deployment.apps/calico-kube-controllers created
    serviceaccount/calico-kube-controllers created
    
    
    3. 卸载calico网络插件.
     [root@k8s-master1 ~]# kubectl delete -f calico.yaml 
    

    检查;

    kubectl get pods -o wide -n kube-system

    2.1 验证与日志检查:

    应用创建:
    kubectl create deployment nginx --image=nginx
    kubectl expose deployment nginx --port=80 --target-port=80 --type=NodePort
    
    
    日志检查:
    [root@k8s-master1 ~]# kubectl get pods -o wide
    NAME                    READY  STATUS   RESTARTS  AGE  IP              NODE        NOMINATED NODE   READINESS GATES
    nginx-f89759699-qlckm   1/1    Running  0         95s  10.244.169.130  k8s-node2   <none>           <none>
    
    [root@k8s-master1 ~]# curl -I 10.244.169.130
    HTTP/1.1 200 OK
    Server: nginx/1.19.0
    Date: Thu, 18 Jun 2020 12:41:58 GMT
    Content-Type: text/html
    Content-Length: 612
    Last-Modified: Tue, 26 May 2020 15:00:20 GMT
    Connection: keep-alive
    ETag: "5ecd2f04-264"
    Accept-Ranges: bytes
    
    [root@k8s-master1 ~]# kubectl logs nginx-f89759699-qlckm 
    10.244.36.64 - - [18/Jun/2020:12:47:09 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://10.0.0.65:32746/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36" "-"
    
    访问没有问题,证明calico网络部署成功.
    

  • 相关阅读:
    POJ 3041 Asteroids 最小点覆盖 == 二分图的最大匹配
    POJ 3083 Children of the Candy Corn bfs和dfs
    POJ 2049 Finding Nemo bfs 建图很难。。
    POJ 2513 Colored Sticks 字典树、并查集、欧拉通路
    POJ 1013 Counterfeit Dollar 集合上的位运算
    POJ 2965 The Pilots Brothers' refrigerator 位运算枚举
    无聊拿socket写的100以内的加法考试。。。
    POJ 1753 Flip Game
    初学socket,c语言写的简单局域网聊天
    汇编语言 复习 第十一章 标志寄存器
  • 原文地址:https://www.cnblogs.com/superlinux/p/13160033.html
Copyright © 2011-2022 走看看