一、安装部署网络插件
1、概念
kubeenetes设计了网络模型,但是却将她得实现交给了网络插件,CNI网络插件最主要得功能就是实现POD资源能够跨宿主机进行通信
常见得CNI网络插件:
Flannel、Calico、Canal、Contiv、OpenContrail、NSX-T、Kube-router
2、安装部署
mkdir flannel-v0.13.0 tar -zxvf flannel-v0.13.0-linux-amd64.tar.gz -C /opt/flannel-v0.13.0 ln -s flannel-v0.13.0 flannel
3、拷贝证书
cd flannel && mkdir cert/ cd cert/ scp operations:/opt/certs/ca.pem ./ scp operations:/opt/certs/client.pem ./ scp operations:/opt/certs/client-key.pem ./
4、编辑环境变量env文件,FLANNEL_SUBNET根据规划填写
vim /opt/flannel/subnet.env FLANNEL_NETWORK=172.17.0.0/16 FLANNEL_SUBNET=172.7.21.1/24 FLANNEL_MTU=1500 FLANNEL_IPMASQ=false
5、编辑启动脚本:红色部分根据node节点信息修改,并且eth0信息根据本机网卡信息修改
vim /opt/flannel/flanneld.sh #!/bin/sh ./flanneld --public-ip=192.168.112.23 --etcd-endpoints=https://192.168.112.21:2379,https://192.168.112.22:2379,https://192.168.112.23:2379 --etcd-keyfile=./cert/client-key.pem --etcd-certfile=./cert/client.pem --etcd-cafile=./cert/ca.pem --iface=ens192 --subnet-file=./subnet.env --healthz-port=2401 chmod +x /opt/flannel/flanneld.sh mkdir -p /data/logs/flanneld
6、设置网络类型
cd /opt/etcd ./etcdctl set /coreos.com/network/config '{"Network":"172.7.0.0/16","Backend": {"Type": "host-gw"}}' 集群在二层网络中选择host-gw更快,三层网必须使用VxLAN模型
./etcdctl get /coreos.com/network/config
7、编辑supervisor启动脚本:
vim /etc/supervisord.d/flanneld.ini [program:flanneld-7-63] command=/opt/flannel/flanneld.sh ; the program (relative uses PATH, can take args) numprocs=1 ; number of processes copies to start (def 1) directory=/opt/flannel ; directory to cwd to before exec (def no cwd) autostart=true ; start at supervisord start (default: true) autorestart=true ; retstart at unexpected quit (default: true) startsecs=30 ; number of secs prog must stay running (def. 1) startretries=3 ; max # of serial start failures (default 3) exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) stopsignal=QUIT ; signal used to kill process (default TERM) stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) user=root ; setuid to this UNIX account to run the program redirect_stderr=true ; redirect proc stderr to stdout (default false) stdout_logfile=/data/logs/flanneld/flanneld.stdout.log ; stderr log path, NONE for none; default AUTO stdout_logfile_maxbytes=64MB ; max # logfile bytes b4 rotation (default 50MB) stdout_logfile_backups=4 ; # of stdout logfile backups (default 10) stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) stdout_events_enabled=false ; emit events on stdout writes (default false)
更新supervisor配置:
supervisorctl update
supervisorctl staus
8、验证,从192.168.112.22ping192.168.112.23上的pods
二、修改flnnel网络类型
模型图
1、停止flannel网络
supervisorctl stop flanneld-112-22
2、删除flannel网络给我们创建的路由
[root@kubectl1 etcd]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.112.1 0.0.0.0 UG 100 0 0 ens192 172.7.22.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0 172.7.23.0 192.168.112.23 255.255.255.0 UG 0 0 0 ens192 192.168.112.0 0.0.0.0 255.255.255.0 U 100 0 0 ens192 [root@kubectl1 etcd]# route del -net 172.7.23.0/24 gw 192.168.112.23
3、配置vxlan模型
cd /opt/etcd ./etcdctl set /coreos.com/network/config '{"Network": "172.7.0.0/16", "Backend": {"Type": "vxlan"}}'
./etcdctl get /coreos.com/network/config
4、启动flannel网络
supervisorctl restart flanneld-112-22
可以发现多了一块网卡,这块网卡就是vxlan用于隧道通信的虚拟网卡:
