国产精品久久久久久久专区,暖暖在线日本免费中文,国内精品视频一区二区三区八戒

Flannel是 CoreOS 團(tuán)隊(duì)針對 Kubernetes 設(shè)計(jì)的一個覆蓋網(wǎng)絡(luò)（Overlay Network）工具，其目的在于幫助每一個使用 Kuberentes 的 CoreOS 主機(jī)擁有一個完整的子網(wǎng)
Flannel通過給每臺宿主機(jī)分配一個子網(wǎng)的方式為容器提供虛擬網(wǎng)絡(luò)，它基于Linux TUN/TAP，使用UDP封裝IP包來創(chuàng)建overlay網(wǎng)絡(luò)，并借助etcd維護(hù)網(wǎng)絡(luò)的分配情況。

Flannel是CoreOS團(tuán)隊(duì)針對Kubernetes設(shè)計(jì)的一個網(wǎng)絡(luò)規(guī)劃服務(wù)，簡單來說，它的功能是讓集群中的不同節(jié)點(diǎn)主機(jī)創(chuàng)建的Docker容器都具有全集群唯一的虛擬IP地址。
在默認(rèn)的Docker配置中，每個Node的Docker服務(wù)會分別負(fù)責(zé)所在節(jié)點(diǎn)容器的IP分配。Node內(nèi)部得容器之間可以相互訪問,但是跨主機(jī)(Node)網(wǎng)絡(luò)相互間是不能通信。
Flannel設(shè)計(jì)目的就是為集群中所有節(jié)點(diǎn)重新規(guī)劃IP地址的使用規(guī)則，從而使得不同節(jié)點(diǎn)上的容器能夠獲得"同屬一個內(nèi)網(wǎng)"且"不重復(fù)的"IP地址，并讓屬于不同節(jié)點(diǎn)上的容器能夠直接通過內(nèi)網(wǎng)IP通信。
Flannel 使用etcd存儲配置數(shù)據(jù)和子網(wǎng)分配信息。flannel 啟動之后，后臺進(jìn)程首先檢索配置和正在使用的子網(wǎng)列表，然后選擇一個可用的子網(wǎng)，然后嘗試去注冊它。
etcd也存儲這個每個主機(jī)對應(yīng)的ip。flannel 使用etcd的watch機(jī)制監(jiān)視/coreos.com/network/subnets下面所有元素的變化信息，并且根據(jù)它來維護(hù)一個路由表。
為了提高性能，flannel優(yōu)化了Universal TAP/TUN設(shè)備，對TUN和UDP之間的ip分片做了代理。

數(shù)據(jù)從源容器中發(fā)出后，經(jīng)由所在主機(jī)的docker0虛擬網(wǎng)卡轉(zhuǎn)發(fā)到flannel0虛擬網(wǎng)卡，這是個P2P的虛擬網(wǎng)卡，flanneld服務(wù)監(jiān)聽在網(wǎng)卡的另外一端。
Flannel通過Etcd服務(wù)維護(hù)了一張節(jié)點(diǎn)間的路由表，該張表里保存了各個節(jié)點(diǎn)主機(jī)的子網(wǎng)網(wǎng)段信息。
源主機(jī)的flanneld服務(wù)將原本的數(shù)據(jù)內(nèi)容UDP封裝后根據(jù)自己的路由表投遞給目的節(jié)點(diǎn)的flanneld服務(wù)，數(shù)據(jù)到達(dá)以后被解包，然后直接進(jìn)入目的節(jié)點(diǎn)的flannel0虛擬網(wǎng)卡，然后被轉(zhuǎn)發(fā)到目的主機(jī)的docker0虛擬網(wǎng)卡，最后就像本機(jī)容器通信一樣的由docker0路由到達(dá)目標(biāo)容器。

udp：使用用戶態(tài)udp封裝，默認(rèn)使用8285端口。由于是在用戶態(tài)封裝和解包，性能上有較大的損失
vxlan：vxlan封裝，需要配置VNI，Port（默認(rèn)8472）和GBP
host-gw：直接路由的方式，將容器網(wǎng)絡(luò)的路由信息直接更新到主機(jī)的路由表中，僅適用于二層直接可達(dá)的網(wǎng)絡(luò)
aws-vpc：使用 Amazon VPC route table 創(chuàng)建路由，適用于AWS上運(yùn)行的容器
gce：使用Google Compute Engine Network創(chuàng)建路由，所有instance需要開啟IP forwarding，適用于GCE上運(yùn)行的容器
ali-vpc：使用阿里云VPC route table 創(chuàng)建路由，適用于阿里云上運(yùn)行的容器

Master01:192.168.80.12
Node01:192.168.80.13
Node02:192.168.80.14
本篇實(shí)驗(yàn)部署是接上篇文章部署的，所以實(shí)驗(yàn)環(huán)境不變，F(xiàn)lannel只需要在node節(jié)點(diǎn)部署，master中不需要部署

[root@node01 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 //安裝依賴包已加載插件：fastestmirror base | 3.6 kB 00:00:00 extras | 2.9 kB 00:00:00 ... [root@node01 ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo //設(shè)置阿里云鏡像源已加載插件：fastestmirror adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo grabbing file https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo repo saved to /etc/yum.repos.d/docker-ce.repo [root@node01 ~]# yum install -y docker-ce //安裝Docker-CE 已加載插件：fastestmirror docker-ce-stable | 3.5 kB 00:00:00 (1/2): docker-ce-stable/x86_64/updateinfo | 55 B 00:00:01 (2/2): docker-ce-stable/x86_64/primary_db | 37 kB 00:00:01 Loading mirror speeds from cached hostfile ... [root@node01 ~]# systemctl start docker.service //啟動docker服務(wù) [root@node01 ~]# systemctl enable docker.service //配置開機(jī)自啟 Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service. [root@node01 ~]# tee /etc/docker/daemon.json <<-\\\'EOF\\\' //配置鏡像加速 > { > registry-mirrors: [https://**********.aliyuncs.com] > } > EOF { registry-mirrors: [https://**********.aliyuncs.com] } [root@node01 ~]# systemctl daemon-reload //重新加載進(jìn)程 [root@node01 ~]# systemctl restart docker //重啟docker [root@node01 ~]# vim /etc/sysctl.conf //編輯開啟路由轉(zhuǎn)發(fā)功能 ... # For more information, see sysctl.conf(5) and sysctl.d(5). net.ipv4.ip_forward=1 :wq [root@node01 ~]# sysctl -p //重新加載 net.ipv4.ip_forward = 1 [root@node01 ~]# service network restart //重啟網(wǎng)絡(luò) Restarting network (via systemctl): [ 確定 ] [root@node01 ~]# systemctl restart docker //重啟docker服務(wù) [root@node01 ~]# docker version Client: Docker Engine - Community //查看docker版本 Version: 19.03.5 API version: 1.40 Go version: go1.12.12 ... //docker服務(wù)部署完成

[root@master01 etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints=https://192.168.80.12:2379,https://192.168.80.13:2379,https://192.168.80.14:2379 set /coreos.com/network/config \\\'{ Network: 172.17.0.0/16, Backend: {Type: vxlan}}\\\' //寫入分配的子網(wǎng)段到ETCD中，供flannel使用 { Network: 172.17.0.0/16, Backend: {Type: vxlan}} [root@master01 etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints=https://192.168.80.12:2379,https://192.168.80.13:2379,https://192.168.80.14:2379 get /coreos.com/network/config //查看是否成功寫入 { Network: 172.17.0.0/16, Backend: {Type: vxlan}} [root@master01 etcd-cert]# cd .. //回到k8s目錄 [root@master01 k8s]# ls //查看flannel軟件包是否存在 cfssl.sh etcd-v3.3.10-linux-amd64 kubernetes-server-linux-amd64.tar.gz etcd-cert etcd-v3.3.10-linux-amd64.tar.gz etcd.sh flannel-v0.10.0-linux-amd64.tar.gz [root@master01 k8s]# scp flannel-v0.10.0-linux-amd64.tar.gz flannel.sh root@192.168.80.13:/root //將軟件包拷貝到node01節(jié)點(diǎn) root@192.168.80.13\\\'s flannel-v0.10.0-linux-amd64.tar.gz 100% 9479KB 61.1MB/s 00:00 flannel.sh: No such file or directory [root@master01 k8s]# scp flannel-v0.10.0-linux-amd64.tar.gz flannel.sh root@192.168.80.14:/root //將軟件包拷貝到node02節(jié)點(diǎn) root@192.168.80.14\\\'s flannel-v0.10.0-linux-amd64.tar.gz 100% 9479KB 119.3MB/s 00:00 flannel.sh: No such file or directory

[root@node01 ~]# ls //查看軟件包是否成功拷貝 anaconda-ks.cfg flannel-v0.10.0-linux-amd64.tar.gz [root@node01 ~]# tar zxvf flannel-v0.10.0-linux-amd64.tar.gz //解壓軟件包 flanneld mk-docker-opts.sh README.md [root@node01 ~]# mkdir /opt/kubernetes/{cfg,bin,ssl} -p //遞歸創(chuàng)建k8s工作目錄 [root@node01 ~]# mv mk-docker-opts.sh flanneld /opt/kubernetes/bin/ //移動腳本文件到工作目錄下的bin目錄 [root@node01 ~]# vim flannel.sh //編輯flannel執(zhí)行腳本并生成配置文件 #!/bin/bash ETCD_ENDPOINTS=${1:-http://127.0.0.1:2379} cat <<EOF >/opt/kubernetes/cfg/flanneld FLANNEL_OPTIONS=--etcd-endpoints=${ETCD_ENDPOINTS} \\\\ -etcd-cafile=/opt/etcd/ssl/ca.pem \\\\ -etcd-certfile=/opt/etcd/ssl/server.pem \\\\ -etcd-keyfile=/opt/etcd/ssl/server-key.pem EOF cat <<EOF >/usr/lib/systemd/system/flanneld.service [Unit] Description=Flanneld overlay address etcd agent After=network-online.target network.target Before=docker.service [Service] Type=notify EnvironmentFile=/opt/kubernetes/cfg/flanneld ExecStart=/opt/kubernetes/bin/flanneld --ip-masq \\\\$FLANNEL_OPTIONS ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d / /run/flannel/subnet.env Restart=on-failure [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable flanneld systemctl restart flanneld :wq [root@node01 ~]# bash flannel.sh https://192.168.80.12:2379,https://192.168.80.13:2379,https://192.168.80.14:2379 //執(zhí)行flannel腳本文件開啟flannel網(wǎng)絡(luò)功能 Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service. [root@node01 ~]# vim /usr/lib/systemd/system/docker.service //配置docker啟動腳本連接flannel ... [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker EnvironmentFile=/run/flannel/subnet.env //添加連接運(yùn)行語句 ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS -H fd:// --containerd=/run/containerd/containerd.sock //添加變量 ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 ... :wq [root@node01 ~]# cat /run/flannel/subnet.env //查看docker運(yùn)行時連接flannel文件 DOCKER_OPT_BIP=--bip=172.17.49.1/24 DOCKER_OPT_IPMASQ=--ip-masq=false DOCKER_OPT_MTU=--mtu=1450 DOCKER_NETWORK_OPTIONS= --bip=172.17.49.1/24 --ip-masq=false --mtu=1450 //bip指定啟動時的子網(wǎng) 注意：此處node01與node02指定啟動時的子網(wǎng)IP地址都屬于172.17.0.0/24網(wǎng)段

[root@node01 ~]# systemctl daemon-reload //重新加載進(jìn)程 [root@node01 ~]# systemctl restart docker //重新啟動docker [root@node01 ~]# ifconfig //查看網(wǎng)絡(luò)信息 docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.49.1 netmask 255.255.255.0 broadcast 172.17.49.255 //docker0網(wǎng)卡IP地址 ... ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.80.13 netmask 255.255.255.0 broadcast 192.168.80.255 ... flannel.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 172.17.49.0 netmask 255.255.255.255 broadcast 0.0.0.0 //flannel網(wǎng)卡地址 ... lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 ...

[root@node02 ~]# ifconfig docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.63.1 netmask 255.255.255.0 broadcast 172.17.63.255 //docker網(wǎng)卡信息 ... ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.80.14 netmask 255.255.255.0 broadcast 192.168.80.255 ... flannel.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 172.17.63.0 netmask 255.255.255.255 broadcast 0.0.0.0 //flannel網(wǎng)卡信息 ... lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 ... [root@node02 ~]# ping 172.17.49.1 //使用ping命令測試網(wǎng)絡(luò)是否互通 PING 172.17.49.1 (172.17.49.1) 56(84) bytes of data. 64 bytes from 172.17.49.1: icmp_seq=1 ttl=64 time=0.344 ms 64 bytes from 172.17.49.1: icmp_seq=2 ttl=64 time=0.333 ms 64 bytes from 172.17.49.1: icmp_seq=3 ttl=64 time=0.346 ms ^C --- 172.17.49.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.333/0.341/0.346/0.005 ms

[root@node01 ~]# docker run -it centos:7 /bin/bash //運(yùn)行docker鏡像 Unable to find image \\\'centos:7\\\' locally 7: Pulling from library/centos ab5ef0e58194: Pull complete Digest: sha256:4a701376d03f6b39b8c2a8f4a8e499441b0d567f9ab9d58e4991de4472fb813c Status: Downloaded newer image for centos:7 [root@e8ee45a4fd28 /]# yum install net-tools -y //容器中安裝網(wǎng)絡(luò)工具 Loaded plugins: fastestmirror, ovl Determining fastest mirrors * base: mirrors.163.com * extras: mirrors.163.com ...

[root@e8ee45a4fd28 /]# ifconfig //查看網(wǎng)卡信息 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 172.17.49.2 netmask 255.255.255.0 broadcast 172.17.49.255 ... lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 ...

[root@47aa8b55a61a /]# ifconfig //查看網(wǎng)卡信息 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 172.17.63.2 netmask 255.255.255.0 broadcast 172.17.63.255 ... lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 ... [root@47aa8b55a61a /]# ping 172.17.49.2 //node02服務(wù)器中docker容器使用ping命令測試與node01服務(wù)器中docker是否可以通信 PING 172.17.49.2 (172.17.49.2) 56(84) bytes of data. 64 bytes from 172.17.49.2: icmp_seq=1 ttl=62 time=0.406 ms 64 bytes from 172.17.49.2: icmp_seq=2 ttl=62 time=0.377 ms 64 bytes from 172.17.49.2: icmp_seq=3 ttl=62 time=0.389 ms 64 bytes from 172.17.49.2: icmp_seq=4 ttl=62 time=0.356 ms ^C --- 172.17.49.2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3001ms rtt min/avg/max/mdev = 0.356/0.382/0.406/0.018 ms //成功通信

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以原創(chuàng)、轉(zhuǎn)載和分享網(wǎng)絡(luò)內(nèi)容為主，如果涉及侵權(quán)請盡快告知，我們將會在第一時間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場，如需處理請聯(lián)系客服。郵箱：3140448839@qq.com。本站原創(chuàng)內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時需注明出處：三五互聯(lián)知識庫 » k8s部署---Flannel組件部署（二）

^{<blockquote id="cr8po"></blockquote>}

熱門搶注

熱門競價(jià)

推薦一口價(jià)

猜你還會喜歡下面的內(nèi)容

熱門標(biāo)簽

切換注冊登錄

切換登錄注冊