• Flannel

    0.组件版本
    docker-1.13.1
    kubernetes-master-1.5.2
    flannel-0.7.1

    1.部署(默认已安装k8s基础环境
    a. yum install flannel


    b.配置/etc/sysconfig/flanneld, sample如下:
    FLANNEL_ETCD_ENDPOINTS="http://192.168.56.201:2379"
    FLANNEL_ETCD_PREFIX="/flannel/network"
    FLANNEL_OPTIONS="--iface=enp0s9"


    b.创建flannel配置文件,如下例flannel.cfg:
    {

    "Network": "172.31.0.0/16",

    "SubnetLen": 24,

    "Backend": {

    "Type": "host-gw"

    }
    }


    c.将上面的配置内容导入etcd
    etcdctl --endpoints=192.168.56.201:2379 set /flannel/network/config < flannel.cfg
    #数据节点路径与/etc/sysconfig/flanneld的FLANNEL_ETCD_PREFIX一致(注意key=>config)


    d.启用服务
    systemctl enable flanneld
    systemctl start flanneld
    systemctl restart docker
    #/run/flannel/docker 默认应用到docker服务


    2.vxlan
    a. 从指定的Network范围内为每个host分配24掩码的subnet, 将子网应用到docker的--bip
    b. 创建vtep设备flannl.1, 整个Network的路由都批指向flannel.1 sample如下:
    [root@k01 todo]# ip addr show flannel.1
    31: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN
    link/ether fe:e4:6f:ea:5d:8e brd ff:ff:ff:ff:ff:ff
    inet 172.31.35.0/32 scope global flannel.1
    valid_lft forever preferred_lft forever
    inet6 fe80::fce4:6fff:feea:5d8e/64 scope link
    valid_lft forever preferred_lft forever

    [root@k01 todo]# ip -d link show flannel.1
    31: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT
    link/ether fe:e4:6f:ea:5d:8e brd ff:ff:ff:ff:ff:ff promiscuity 0
    vxlan id 1 local 192.168.100.201 dev enp0s9 srcport 0 0 dstport 8472 nolearning ageing 300 addrgenmode eui64

    [root@k01 todo]# route -n
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 enp0s3
    10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3
    172.31.0.0 0.0.0.0 255.255.0.0 U 0 0 0 flannel.1
    172.31.35.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
    192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s9

    3.host-gw
    a. 从指定的Network范围内为每个host分配24掩码的subnet, 将子网应用到docker的--bip
    b. flanneld下发docker0和其它host的路由表,sample如下:
    [root@k01 todo]# route -n
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 enp0s3
    10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3
    172.31.34.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
    172.31.57.0 192.168.100.202 255.255.255.0 UG 0 0 0 enp0s9
    192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s9

    4.kube-proxy
    Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
    num pkts bytes target prot opt in out source destination
    1 51 4038 KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
    2 38 1928 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL

    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    num pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
    num pkts bytes target prot opt in out source destination
    1 288 18898 KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
    2 239 14340 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL

    Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
    num pkts bytes target prot opt in out source destination
    1 303 19798 KUBE-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */
    2 0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0

    Chain DOCKER (2 references)
    num pkts bytes target prot opt in out source destination
    1 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0

    Chain KUBE-MARK-DROP (0 references)
    num pkts bytes target prot opt in out source destination
    1 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x8000

    Chain KUBE-MARK-MASQ (5 references)
    num pkts bytes target prot opt in out source destination
    1 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000

    Chain KUBE-NODEPORTS (1 references)
    num pkts bytes target prot opt in out source destination
    1 0 0 KUBE-MARK-MASQ tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */ tcp dpt:30006
    2 0 0 KUBE-SVC-M7XME3WTB36R42AM tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */ tcp dpt:30006

    Chain KUBE-POSTROUTING (1 references)
    num pkts bytes target prot opt in out source destination
    1 0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000

    Chain KUBE-SEP-3XAE4RZ4QKNBWHVI (1 references)
    num pkts bytes target prot opt in out source destination
    1 0 0 KUBE-MARK-MASQ all -- * * 172.17.0.2 0.0.0.0/0 /* default/mysql: */
    2 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */ tcp to:172.17.0.2:3306

    Chain KUBE-SEP-BVDILWNHJHJ6GYVG (1 references)
    num pkts bytes target prot opt in out source destination
    1 0 0 KUBE-MARK-MASQ all -- * * 172.17.0.4 0.0.0.0/0 /* default/mysql: */
    2 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */ tcp to:172.17.0.4:3306

    Chain KUBE-SEP-FO43SMKHP7ESNS5F (1 references)
    num pkts bytes target prot opt in out source destination
    1 0 0 KUBE-MARK-MASQ all -- * * 172.17.0.3 0.0.0.0/0 /* default/mysql: */
    2 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */ tcp to:172.17.0.3:3306

    Chain KUBE-SEP-OGNOLD2JUSLFPOMZ (2 references)
    num pkts bytes target prot opt in out source destination
    1 0 0 KUBE-MARK-MASQ all -- * * 10.0.2.15 0.0.0.0/0 /* default/kubernetes:https */
    2 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: SET name: KUBE-SEP-OGNOLD2JUSLFPOMZ side: source mask: 255.255.255.255 tcp to:10.0.2.15:6443

    Chain KUBE-SERVICES (2 references)
    num pkts bytes target prot opt in out source destination
    1 0 0 KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- * * 0.0.0.0/0 10.254.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443
    2 0 0 KUBE-SVC-M7XME3WTB36R42AM tcp -- * * 0.0.0.0/0 10.254.104.18 /* default/mysql: cluster IP */ tcp dpt:3306
    3 0 0 KUBE-NODEPORTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL

    Chain KUBE-SVC-M7XME3WTB36R42AM (2 references)
    num pkts bytes target prot opt in out source destination
    1 0 0 KUBE-SEP-3XAE4RZ4QKNBWHVI all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */ statistic mode random probability 0.33332999982
    2 0 0 KUBE-SEP-FO43SMKHP7ESNS5F all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */ statistic mode random probability 0.50000000000
    3 0 0 KUBE-SEP-BVDILWNHJHJ6GYVG all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */

    Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references)
    num pkts bytes target prot opt in out source destination
    1 0 0 KUBE-SEP-OGNOLD2JUSLFPOMZ all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: CHECK seconds: 10800 reap name: KUBE-SEP-OGNOLD2JUSLFPOMZ side: source mask: 255.255.255.255
    2 0 0 KUBE-SEP-OGNOLD2JUSLFPOMZ all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */
  • 相关阅读:
    js对select动态添加和删除OPTION
    文本框textarea实时提示还可以输入多少文字
    JavaScript中统计Textarea字数并提示还能输入的字符
    inupt textarea提示文字(点击消失,不输入恢复)
    inupt textarea提示文字(点击消失,不输入恢复)及限制字数
    Server.MapPath()获取本机绝对路径
    cocos基础教程(12)点击交互的三种处理
    cocos基础教程(9)声音和音效
    cocos进阶教程(2)多分辨率支持策略和原理
    cocos基础教程(10)纹理缓存技术
  • 原文地址:https://www.cnblogs.com/gaozhengwei/p/10533332.html
Copyright © 2020-2023  润新知