安装flannel网络插件

所有的node节点都需要安装网络插件才能让所有的Pod加入到同一个局域网中,本文是安装flannel网络插件的参考文档。

建议直接使用yum安装flanneld,除非对版本有特殊需求,默认安装的是0.7.1版本的flannel。

  1. yum install -y flannel

service配置文件/usr/lib/systemd/system/flanneld.service

  1. [Unit]
  2. Description=Flanneld overlay address etcd agent
  3. After=network.target
  4. After=network-online.target
  5. Wants=network-online.target
  6. After=etcd.service
  7. Before=docker.service
  8. [Service]
  9. Type=notify
  10. EnvironmentFile=/etc/sysconfig/flanneld
  11. EnvironmentFile=-/etc/sysconfig/docker-network
  12. ExecStart=/usr/bin/flanneld-start \
  13. -etcd-endpoints=${FLANNEL_ETCD_ENDPOINTS} \
  14. -etcd-prefix=${FLANNEL_ETCD_PREFIX} \
  15. $FLANNEL_OPTIONS
  16. ExecStartPost=/usr/libexec/flannel/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
  17. Restart=on-failure
  18. [Install]
  19. WantedBy=multi-user.target
  20. RequiredBy=docker.service

/etc/sysconfig/flanneld配置文件:

  1. # Flanneld configuration options
  2. # etcd url location. Point this to the server where etcd runs
  3. FLANNEL_ETCD_ENDPOINTS="https://172.20.0.113:2379,https://172.20.0.114:2379,https://172.20.0.115:2379"
  4. # etcd config key. This is the configuration key that flannel queries
  5. # For address range assignment
  6. FLANNEL_ETCD_PREFIX="/kube-centos/network"
  7. # Any additional options that you want to pass
  8. FLANNEL_OPTIONS="-etcd-cafile=/etc/kubernetes/ssl/ca.pem -etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem -etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem"

如果是多网卡(例如vagrant环境),则需要在FLANNEL_OPTIONS中增加指定的外网出口的网卡,例如-iface=eth2

在etcd中创建网络配置

执行下面的命令为docker分配IP地址段。

  1. etcdctl --endpoints=https://172.20.0.113:2379,https://172.20.0.114:2379,https://172.20.0.115:2379 \
  2. --ca-file=/etc/kubernetes/ssl/ca.pem \
  3. --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  4. --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  5. mkdir /kube-centos/network
  6. etcdctl --endpoints=https://172.20.0.113:2379,https://172.20.0.114:2379,https://172.20.0.115:2379 \
  7. --ca-file=/etc/kubernetes/ssl/ca.pem \
  8. --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  9. --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  10. mk /kube-centos/network/config '{"Network":"172.30.0.0/16","SubnetLen":24,"Backend":{"Type":"vxlan"}}'

如果你要使用host-gw模式,可以直接将vxlan改成host-gw即可。

:参考网络和集群性能测试那节,最终我们使用的host-gw模式,关于flannel支持的backend模式见:https://github.com/coreos/flannel/blob/master/Documentation/backends.md

启动flannel

  1. systemctl daemon-reload
  2. systemctl enable flanneld
  3. systemctl start flanneld
  4. systemctl status flanneld

现在查询etcd中的内容可以看到:

  1. $etcdctl --endpoints=${ETCD_ENDPOINTS} \
  2. --ca-file=/etc/kubernetes/ssl/ca.pem \
  3. --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  4. --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  5. ls /kube-centos/network/subnets
  6. /kube-centos/network/subnets/172.30.14.0-24
  7. /kube-centos/network/subnets/172.30.38.0-24
  8. /kube-centos/network/subnets/172.30.46.0-24
  9. $etcdctl --endpoints=${ETCD_ENDPOINTS} \
  10. --ca-file=/etc/kubernetes/ssl/ca.pem \
  11. --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  12. --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  13. get /kube-centos/network/config
  14. { "Network": "172.30.0.0/16", "SubnetLen": 24, "Backend": { "Type": "vxlan" } }
  15. $etcdctl --endpoints=${ETCD_ENDPOINTS} \
  16. --ca-file=/etc/kubernetes/ssl/ca.pem \
  17. --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  18. --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  19. get /kube-centos/network/subnets/172.30.14.0-24
  20. {"PublicIP":"172.20.0.114","BackendType":"vxlan","BackendData":{"VtepMAC":"56:27:7d:1c:08:22"}}
  21. $etcdctl --endpoints=${ETCD_ENDPOINTS} \
  22. --ca-file=/etc/kubernetes/ssl/ca.pem \
  23. --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  24. --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  25. get /kube-centos/network/subnets/172.30.38.0-24
  26. {"PublicIP":"172.20.0.115","BackendType":"vxlan","BackendData":{"VtepMAC":"12:82:83:59:cf:b8"}}
  27. $etcdctl --endpoints=${ETCD_ENDPOINTS} \
  28. --ca-file=/etc/kubernetes/ssl/ca.pem \
  29. --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  30. --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  31. get /kube-centos/network/subnets/172.30.46.0-24
  32. {"PublicIP":"172.20.0.113","BackendType":"vxlan","BackendData":{"VtepMAC":"e6:b2:fd:f6:66:96"}}

如果可以查看到以上内容证明flannel已经安装完成,下一步是在node节点上安装和配置docker、kubelet、kube-proxy等,请参考下一节部署node节点