Shulou(Shulou.com)06/02 Report--

Flannel is a standard network plug-in in the CNI camp. In the absence of strict network requirements, it is usually used as a common solution for network interconnection in kubernetes clusters. Of course, there are other network schemes, such as calico,weave,mxvlan and so on. Here we mainly use flannel as the network solution of kubernetes.

1 deployment preparation

Kubernetes requires that all nodes in the cluster (including master nodes) can communicate with each other through Pod network segments. Flannel uses vxlan technology to create an interoperable Pod network for each node, using UDP 8472 port (such as public cloud AWS, etc.).

When flanneld starts for the first time, it obtains the configured Pod segment information from etcd, assigns an unused address range to this node, and then creates a flannedl.1 network interface (which may also be another name, such as flannel1, etc.).

Flannel writes the Pod segment information assigned to it to the / run/flannel/docker file, and docker then uses the environment variables in this file to set the docker0 bridge, thus allocating IP to all Pod containers of this node from this address segment.

Environment variable definition # Variable parameter setting # # FLANNEL_INSTALL_PATH=/data/apps/k8s/networks/flannelSOFTWARE=/root/softwareVERSION=v0.11.0PACKAGE=flannel-$ {VERSION}-linux-amd64.tar.gzDOWNLOAD_URL= https://github.com/devops-apps/download/raw/master/network/$PACKAGEETCD_ENPOINTS=https://10.10.10.22:2379, Https://10.10.10.23:2379,https://10.10.10.24:2379FLANNEL_ETCD_PREFIX=/k8s/networkCA_DIR=/etc/k8s/sslNETWORK_SUBNET=172.16.0.0/20IFACE=eth0 1.2 download and distribute kubernetes binaries

Log in to the devops machine and visit the official address of flannel github to download the stable realease package to this machine.

Wget $DOWNLOAD_URL-P $SOFTWARE

Distribute flannel packages to all node servers in the cluster

Sudo ansible master_k8s_vgs-m copy-a "src=$ {SOFTWARE} / $PACKAGE dest=$ {SOFTWARE} /"-bsudo ansible worker_k8s_vgs-m copy-a "src=$ {SOFTWARE} / $PACKAGE dest=$ {SOFTWARE} /"-b2 install flannel network plug-in 2.1 install flannel binaries # # 1.Check if the install directory exists.if [!-d $FLANNEL_INSTALL_PATH/bin] Then mkdir-p $FLANNEL_INSTALL_PATH/bin fi### 2.Install binary of flannel.if [!-f "$SOFTWARE/flannel-$ {VERSION}-linux-amd64.tar.gz"] Then wget $DOWNLOAD_URL-P $SOFTWARE > > / tmp/install.log 2 > & 1ficd $SOFTWARE & & tar-xzf flannel-$ {VERSION}-linux-amd64.tar.gz-C. / cp-fp ${SOFTWARE} / {flanneld,mk-docker-opts.sh} ${FLANNEL_INSTALL_PATH} / binln-sf ${FLANNEL_INSTALL_PATH} / bin/ {flanneld Mk-docker-opts.sh} / usr/local/binchmod-R 755 $FLANNEL_INSTALL_PATH2.3 distribute certificate file cd ${CA_DIR} sudo ansible master_k8s_vgs-m copy-a "src=ca.pem dest=$ {CA_DIR} /"-bsudo ansible master_k8s_vgs-m copy-a "src=flannel.pem dest=$ {CA_DIR} /"-bsudo ansible master_k8s_vgs-m copy-a "src=flannel-key.pem dest=$ {CA_DIR} /"-bflannel HTTPS access is enabled, so certificate support is required. Flannel does not need to access apiserver, so kubeconfig file authentication is not required. 2.4 write cluster Pod segment information # Create network subnet of flannel .etcdctl-- endpoint=$ETCD_ENPOINTS\-- ca-file=$ {CA_DIR} / ca.pem\-- cert-file=$ {CA_DIR} / etcd.pem\-- key-file=$ {CA_DIR} / etcd-key.pem\ mkdir $FLANNEL_ETCD_PREFIXetcdctl-- endpoints=$ETCD_ENPOINTS\-- ca-file=$ {CA_DIR} / ca.pem\-- cert-file=$ {CA_DIR} / etcd.pem\-key-file=$ {CA_DIR} / etcd-key.pem\ mk ${FLANNEL_ETCD_PREFIX} / config\'{"Network": "'${NETWORK_SUBNET}'" "SubnetLen": 24, "Backend": {"Type": "$TYPE"}} 'flanneld current version (v0.11.0) does not support etcd v3 Therefore, use etcd v2 API to write configuration key and network segment data The written Pod segment ${CLUSTER_CIDR} address field (such as / 16) must be less than SubnetLen and must be consistent with the-cluster-cidr parameter value of kube-controller-manager; 2.5 create flannel startup service cat > / usr/lib/systemd/system/flanneld.service

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.