Shulou(Shulou.com)06/03 Report--

This article shares with you how to deploy Flannel components in a kubernetes cluster. This article covers the configuration and deployment of Flannel components. I hope you can learn something from this article.

Flannel Container Cluster Network deployment Overlay Network: overlay network, a virtual network technology model superimposed on the basic network, in which hosts are connected by virtual links VXLAN: encapsulates the source packet into UDP, encapsulates it using the IP/MAC of the basic network as the outer header, and then transmits it over Ethernet After arriving at the destination, the tunnel endpoint unencapsulates the data and sends the data to the destination address Flannel: it is a kind of Overlay network, and it also encapsulates the source packet in another network packet for routing, forwarding and communication. Currently, data forwarding methods such as UDP, VXLAN, AWS, VPC and GCE routing are supported.

About Flannel Flannel is an overlay network (Overlay Network) tool designed by the CoreOS team for Kubernetes. Its purpose is to help every CoreOS host using Kuberentes to have a complete subnet Flannel provides a virtual network for the container by assigning a subnet to each host. It is based on Linux TUN/TAP, uses UDP to encapsulate IP packets to create overlay networks, and maintains network allocation with etcd. Flannel principle Flannel is a network planning service designed by the CoreOS team for Kubernetes. To put it simply, its function is to make the Docker containers created by different node hosts in the cluster have unique virtual IP addresses in the whole cluster. In the default Docker configuration, the Docker service of each Node is responsible for the IP allocation of the node container in which it resides. Containers within Node can access each other, but they cannot communicate with each other across host (Node) networks. The purpose of Flannel design is to replan the rules for the use of IP addresses for all nodes in the cluster, so that containers on different nodes can obtain IP addresses that "belong to the same intranet" and "do not repeat", and containers belonging to different nodes can communicate directly through the intranet IP. Flannel uses etcd to store configuration data and subnet allocation information. After flannel starts, the background process first retrieves the list of configurations and subnets in use, then selects an available subnet, and then attempts to register it. Etcd also stores the ip corresponding to each host. Flannel uses etcd's watch mechanism to monitor changes in all elements under / coreos.com/network/subnets and maintain a routing table based on it. In order to improve performance, flannel optimizes Universal TAP/TUN devices and proxies ip shards between TUN and UDP. Flannel schematic diagram

As shown in the figure, how Flannel works can be explained as follows:

After the data is sent from the source container, it is forwarded to the flannel0 virtual network card through the docker0 virtual network card of the host, which is a P2P virtual network card, and the flanneld service listens on the other end of the network card. Flannel maintains a routing table between nodes through Etcd service, which stores the subnet network segment information of each node host. The flanneld service of the source host encapsulates the original data content UDP and delivers it to the flanneld service of the destination node according to its own routing table. When the data arrives, it is unpackaged, then directly enters the flannel0 virtual network card of the destination node, and then is forwarded to the docker0 virtual network card of the destination host. Finally, it is routed to the destination container by docker0 just like the communication of the local container. In addition to UDP,Flannel, many other Backend:udp are supported: user-mode udp encapsulation, with port 8285 by default. Due to the performance loss of vxlan:vxlan encapsulation due to encapsulation and unpacking in user mode, it is necessary to configure VNI,Port (default 8472) and GBPhost-gw: direct routing to update the routing information of the container network directly to the routing table of the host, which is only applicable to layer 2 directly reachable network aws-vpc: use Amazon VPC route table to create routes, suitable for containers running on AWS gce: create routes using Google Compute Engine Network All instance needs to enable IP forwarding, which is suitable for container ali-vpc running on GCE: create routes using Aliyun VPC route table, and apply to container experimental deployment experimental environment Master01:192.168.80.12Node01:192.168.80.13Node02:192.168.80.14 running on Aliyun. This experimental deployment was deployed after the previous article, so the experimental environment remains unchanged. Flannel only needs to be deployed on the node node. There is no need to deploy Flannel in master, deployed in node01, Deploy docker container in node02 node [root@node01 ~] # yum install-y yum-utils device-mapper-persistent-data lvm2 / / install dependency package loaded plug-in: fastestmirrorbase | 3.6 kB 00:00:00extras | | 2.9 kB 00... [root@node01 ~] # yum-config-manager-- add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo / / set Ali cloud image source loaded plug-in: fastestmirroradding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repograbbing file https:/ | / mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to / etc/yum.repos.d/docker-ce.reporepo saved to / etc/yum.repos.d/docker-ce.repo [root@node01 ~] # yum install-y docker-ce/ / installation Docker-CE loaded plug-in: fastestmirrordocker-ce-stable | | 3.5 kB 00:00:00 (1amp 2): docker-ce-stable/x86_64/updateinfo | 55 B 00:00:01 (2pm 2): docker-ce-stable/x86_64/primary_db | 37 kB 00:00:01Loading mirror speeds from cached hostfile... [root@] | Node01 ~] # systemctl start docker.service / / start the docker service [root@node01 ~] # systemctl enable docker.service / / configure boot Created symlink from / etc/systemd/system/multi-user.target.wants/docker.service to / usr/lib/systemd/system/docker.service. [root@node01 ~] # tee / etc/docker/daemon.json "registry-mirrors": ["https://**********.aliyuncs" .com "] >} > EOF {" registry-mirrors ": [" https://**********.aliyuncs.com"]}[root@node01 ~] # systemctl daemon-reload / / reload process [root@node01 ~] # systemctl restart docker / / restart docker [root@node01 ~] # vim / etc/sysctl.conf / / Edit to enable route forwarding. # For more information See sysctl.conf (5) and sysctl.d (5). Net.ipv4.ip_forward=1: WQ [root @ node01 ~] # sysctl-p / / reload net.ipv4.ip_forward=1 [root@node01 ~] # service network restart / / restart network Restarting network (via systemctl): [OK] [root@node01 ~] # systemctl restart docker / / restart docker server Do [root@node01 ~] # docker versionClient: Docker Engine-Community / / check the docker version Version: 19.03.5API version: 1.40Go version: go1.12.12... / / docker service deployment completed operation in master01 [root@master01 etcd-cert] # / opt/etcd/bin/etcdctl-- ca-file=ca.pem-- cert-file=server.pem-- key-file=server-key.pem-- endpoints= "https://192.168.80.12:2379,https://192.168.80.13:2379,https://192.168.80.14:2379" set / coreos.com/network/config'{" Network ":" 172.17.0.0Comp16 " "Backend": {"Type": "vxlan"}'/ / write the assigned subnet segment to ETCD For flannel to use {"Network": "172.17.0 vxlan 16", "Backend": {"Type": "vxlan"} [root@master01 etcd-cert] # / opt/etcd/bin/etcdctl-- ca-file=ca.pem-- cert-file=server.pem-- key-file=server-key.pem-- endpoints= "https://192.168.80.12:2379,https://192.168.80.13:2379, Https://192.168.80.14:2379" get / coreos.com/network/config / / check to see if {"Network": "172.17.0.0 vxlan 16", "Backend": {"Type": "vxlan"} [root@master01 etcd-cert] # cd. / / return to the k8s directory [root@master01 K8s] # ls / / check whether cfssl.sh etcd-v3.3.10-linux-amd64 kubernetes-server-linux-amd64.tar.gzetcd-cert etcd-v3.3.10-linux-amd64.tar.gzetcd.sh flannel-v0.10.0-linux-amd64.tar.gz [root@master01 K8s] # scp flannel-v0.10.0-linux- exists in the flannel package Amd64.tar.gz flannel.sh root@192.168.80.13:/root / / copy the package to the node01 node root@192.168.80.13's password:flannel-v0.10.0-linux-amd64.tar.gz 100% 9479KB 61.1MB/s 00:00flannel.sh: No such file or directory [root@master01 K8s] # scp flannel-v0.10.0-linux-amd64 .tar.gz flannel.sh root@192.168.80.14:/root / / copy the package to the node02 node root@192.168.80.14's password:flannel-v0.10.0-linux-amd64.tar.gz 100% 9479KB 119.3MB/s 00:00flannel.sh: No such file or directory

Synchronous operation of node01 and node02 nodes

[root@node01 ~] # ls / / check whether the package has successfully copied the anaconda-ks.cfg flannel-v0.10.0-linux-amd64.tar.gz [root@node01 ~] # tar zxvf flannel-v0.10.0-linux-amd64.tar.gz / / decompression package flanneldmk-docker-opts.shREADME.md [root@node01 ~] # mkdir / opt/kubernetes/ {cfg,bin Ssl}-p / / Recursively create the k8s working directory [root@node01 ~] # mv mk-docker-opts.sh flanneld / opt/kubernetes/bin/ move the script file to the bin directory under the working directory [root@node01 ~] # vim flannel.sh / / Edit flannel execute script and generate configuration file #! / bin/bashETCD_ENDPOINTS=$ {1 mv mk-docker-opts.sh flanneld-"http://127.0.0.1:2379"}cat

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.