kubernetes集群网络插件
一、kubernetes集群网络插件
1.1.1 kubernetes集群网络插件
1 .kubernetes集群网络插件介绍
kubernetes设计了网络模型,但却将它的实现交给了网络插件,CNI网络插件最主要的功能就是实现POD资源能够跨主机进行通讯。常见的CNI网络插件:
- Flannel
- Calico
- Canal
- Contiv
- OpenContrail
- NSX-T
- Kube-router
- Flanel 网络插件安装
| 主机 | 角色 | ip |
|---|---|---|
| hdss-21 | Flanel | 10.0.0.21 |
| hdss-22 | Flanel | 10.0.0.22 |
下载地址:https://github.com/coreos/flannel/releases
[root@hdss-21.host.com ~]# cd /opt/src/
[root@hdss-21.host.com /opt/src]# ll
total 452336
-rw-r--r-- 1 root root 9850227 Apr 27 14:37 etcd-v3.1.20-linux-amd64.tar.gz
-rw-r--r-- 1 root root 9565743 Apr 27 13:57 flannel-v0.11.0-linux-amd64.tar.gz
-rw-r--r-- 1 root root 443770238 Apr 27 14:44 kubernetes-server-linux-amd64-v1.15.2.tar.gz
[root@hdss-21.host.com /opt/src]# mkdir /opt/flannel-v0.11.0
[root@hdss-21.host.com /opt/src]# tar zxf flannel-v0.11.0-linux-amd64.tar.gz -C /opt/flannel-v0.11.0/
[root@hdss-21.host.com /opt/src]# ll /opt/flannel-v0.11.0/
total 34436
-rwxr-xr-x 1 root root 35249016 Jan 29 2019 flanneld
-rwxr-xr-x 1 root root 2139 Oct 23 2018 mk-docker-opts.sh
-rw-r--r-- 1 root root 4300 Oct 23 2018 README.md
[root@hdss-21.host.com /opt/src]# ln -s /opt/flannel-v0.11.0/ /opt/flannel
[root@hdss-21.host.com /opt/src]# ll -ld /opt/flannel
lrwxrwxrwx 1 root root 21 Jun 20 04:45 /opt/flannel -> /opt/flannel-v0.11.0/
#22操作同上
- 拷贝 etcd的秘钥和证书
[root@hdss-21.host.com /opt/src]# cd /opt/flannel/
[root@hdss-21.host.com /opt/flannel]# mkdir certs
[root@hdss-21.host.com /opt/flannel]# cd certs/
[root@hdss-21.host.com /opt/flannel/certs]# scp -rp hdss-201:/opt/certs/ca.pem ./
root@hdss-201's password:
ca.pem 100% 1346 152.7KB/s 00:00
[root@hdss-21.host.com /opt/flannel/certs]# scp -rp hdss-201:/opt/certs/client.pem ./
root@hdss-201's password:
client.pem 100% 1363 65.3KB/s 00:00
[root@hdss-21.host.com /opt/flannel/certs]# scp -rp hdss-201:/opt/certs/client-key.pem ./
root@hdss-201's password:
client-key.pem 100% 1675 58.4KB/s 00:00
[root@hdss-21.host.com /opt/flannel/certs]# ll
total 12
-rw-r--r-- 1 root root 1346 Jun 10 21:49 ca.pem
-rw------- 1 root root 1675 Jun 13 21:23 client-key.pem
-rw-r--r-- 1 root root 1363 Jun 13 21:23 client.pem
##22 操作同上
- 配置文件
[root@hdss-21.host.com /opt/flannel/certs]# cd ..
[root@hdss-21.host.com /opt/flannel]# vim subnet.env
[root@hdss-21.host.com /opt/flannel]# cat subnet.env
FLANNEL_NETWORK=10.0.0.0/16
FLANNEL_SUBNET=10.0.21.1/24
FLANNEL_MTU=1500
FLANNEL_IPMASQ=false
- 配置启动文件
[root@hdss-21.host.com /opt/flannel]# vim flanneld.sh
[root@hdss-21.host.com /opt/flannel]# cat flanneld.sh
#!/bin/sh
./flanneld
--public-ip=10.0.0.21
--etcd-endpoints=https://10.0.0.12:2379,https://10.0.0.21:2379,https://10.0.0.22:2379
--etcd-keyfile=./certs/client-key.pem
--etcd-certfile=./certs/client.pem
--etcd-cafile=./certs/ca.pem
--iface=eth0
--subnet-file=./subnet.env
--healthz-port=2041
[root@hdss-21.host.com /opt/flannel]# chmod +x flanneld.sh
创建log日志
[root@hdss-21.host.com /opt/flannel]# mkdir -p /data/logs/flanneld
[root@hdss-21.host.com /opt/flannel]# ll -ld /data/logs/flanneld
drwxr-xr-x 2 root root 6 Jun 19 21:48 /data/logs/flanneld
- 操作etcd,增加host-gw(操作一次即可)
[root@hdss-21.host.com /opt/flannel]# cd /opt/etcd/
[root@hdss-21.host.com /opt/etcd]# ./etcdctl member list
6cbdd801d2c800d9: name=etcd-server-21 peerURLs=https://10.0.0.21:2380 clientURLs=http://127.0.0.1:2379,https://10.0.0.21:2379 isLeader=false
74538ef5dc383e39: name=etcd-server-22 peerURLs=https://10.0.0.22:2380 clientURLs=http://127.0.0.1:2379,https://10.0.0.22:2379 isLeader=true
f7a9c20602b8532e: name=etcd-server-12 peerURLs=https://10.0.0.12:2380 clientURLs=http://127.0.0.1:2379,https://10.0.0.12:2379 isLeader=false
[root@hdss-21.host.com /opt/etcd]# ./etcdctl set /coreos.com/network/config '{"Network": "10.0.0.0/16", "Backend": {"Type": "host-gw"}}'
{"Network": "10.0.0.0/16", "Backend": {"Type": "host-gw"}}
检查
[root@hdss-21.host.com /opt/etcd]# ./etcdctl get /coreos.com/network/config
{"Network": "10.0.0.0/16", "Backend": {"Type": "host-gw"}}
6.配置supervisor后台管理flannel
[root@hdss-21.host.com /opt/etcd]# vim /etc/supervisord.d/flannel.ini
[root@hdss-21.host.com /opt/etcd]# cat /etc/supervisord.d/flannel.ini
[program:flanneld-21]
command=/opt/flannel/flanneld.sh ; the program (relative uses PATH, can take args)
numprocs=1 ; number of processes copies to start (def 1)
directory=/opt/flannel ; directory to cwd to before exec (def no cwd)
autostart=true ; start at supervisord start (default: true)
autorestart=true ; retstart at unexpected quit (default: true)
startsecs=30 ; number of secs prog must stay running (def. 1)
startretries=3 ; max # of serial start failures (default 3)
exitcodes=0,2 ; 'expected' exit codes for process (default 0,2)
stopsignal=QUIT ; signal used to kill process (default TERM)
stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10)
user=root ; setuid to this UNIX account to run the program
redirect_stderr=true ; redirect proc stderr to stdout (default false)
stdout_logfile=/data/logs/flanneld/flanneld.stdout.log ; stdout log path, NONE for none; default AUTO
stdout_logfile_maxbytes=64MB ; max # logfile bytes b4 rotation (default 50MB)
stdout_logfile_backups=4 ; # of stdout logfile backups (default 10)
stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)
stdout_events_enabled=false ; emit events on stdout writes (default false)
[root@hdss-21.host.com /opt/etcd]# supervisorctl status
etcd-server-21 RUNNING pid 1448, uptime 0:41:03
flanneld-21 RUNNING pid 85763, uptime 0:19:46
kube-apiserver-21 RUNNING pid 1449, uptime 0:41:03
kube-controller-manager-21 RUNNING pid 1450, uptime 0:41:03
kube-kubelet-21 RUNNING pid 1451, uptime 0:41:03
kube-proxy-21 RUNNING pid 1447, uptime 0:41:03
kube-scheduler-21 RUNNING pid 1454, uptime 0:41:03
#22操作相同
- 两个pods容器之间是否可以互ping
[root@hdss-21.host.com ~]# ping -c2 10.0.22.2
PING 10.0.22.2 (10.0.22.2) 56(84) bytes of data.
64 bytes from 10.0.22.2: icmp_seq=1 ttl=63 time=0.335 ms
64 bytes from 10.0.22.2: icmp_seq=2 ttl=63 time=0.385 ms
--- 10.0.22.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.335/0.360/0.385/0.025 ms
[root@hdss-22.host.com /opt/flannel]# ping -c 2 10.0.21.2
PING 10.0.21.2 (10.0.21.2) 56(84) bytes of data.
64 bytes from 10.0.21.2: icmp_seq=1 ttl=63 time=0.572 ms
64 bytes from 10.0.21.2: icmp_seq=2 ttl=63 time=0.414 ms
--- 10.0.21.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.414/0.493/0.572/0.079 ms