在多個Node組成的Kubernetes集羣內,跨主機的容器間網絡互通是Kubernetes集羣能夠正常工作的前提條件。Kubernetes本身並不會對跨主機容器網絡進行設置,這需要額外的工具來實現,開源工具flannel,Open vSwitch,Weave,Calico等都能實現跨主機的容器之間網絡互通,
1. flannel(覆蓋網絡)
flannel採用覆蓋網絡(Overlay Network)模型來完成對網絡的打通
1.1 安裝etcd
由於flannel使用etcd作爲數據庫,需要安裝etcd
https://blog.csdn.net/wanchaopeng/article/details/102912191
設置etcd爲外網訪問http://192.168.1.53:6379
1.2 安裝flannel
需要在每臺node上安裝flannel,falnnel下載地址爲
https://github.com/coreos/flannel/releases
下載壓縮包flannel-<version>-linux-amd64.tar.gz解壓,把二進制文件flanneld和mk-docker-opts.sh複製到/usr/bin(或其他PATH環境變量中的目錄),即可完成對flannel的安裝。
[root@node_01 /home/tools]# mv flanneld mk-docker-opts.sh /usr/bin/
1.3 配置flannel
對flanneld服務進行配置
vim /usr/lib/systemd/system/flanneld.service
[Unit]
Description=flannel
[Service]
ExecStart=/usr/bin/flanneld \
-etcd-endpoints=http://192.168.1.53:2379
[Install]
WantedBy=multi-user.target
編輯配置文件/etc/sysconfig/flannel,設置etcd的URL地址
# flanneld configuration options
# etcd url location. Point this to the server where etcd runs
FLANNEL_ETCD="http://192.168.1.53:2379"
# etcd config key. This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_KEY="/coreos.com/network"
在啓動flanneld服務之前,需要在etcd中添加一條網絡配置記錄,這個配置將用於flanneld 分配給每個Docker的虛擬IP地址段
etcdctl set /coreos.com/network/config '{ "Network": "10.1.0.0/16" }'
1.4 由於flannel將覆蓋docker0 網橋,所以如果Docker服務已啓動,則停止Docker服務
1.5 啓動flanneld 服務
systemctl restart flanneld
1.6 設置docker0網橋的Ip地址
mk-docker-opts.sh -i
source /run/flannel/subnet.env
ifconfig docker0 $FLANNEL_SUBNET
cat subnet.env
FLANNEL_NETWORK=10.1.0.0/16
FLANNEL_SUBNET=10.1.81.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
完成後確認網絡接口docker 0的IP地址屬於flannel0的子網;
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.1.81.1 netmask 255.255.255.0 broadcast 10.1.81.255
flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472
inet 10.1.81.0 netmask 255.255.255.255 destination 10.1.81.0
1.7 重新啓動docker
systemctl restart docker
完成flannel覆蓋網絡的設置
使用ping命令驗證各Node上docker0之間的相互訪問。例如在Node(docker0 IP=10.1.10.1)機器上ping Nod2的docker0(docker0's IP=10.1.30.1),通過flannel能夠成功鏈接到其他物理機的Docker網絡
我們也可以在etcd中查看flannel設置的flannel0地址與物理機IP地址的對應規則
etcdctl ls /coreos.com/network/subnets
/coreos.com/network/subnets/10.1.71.0-24
/coreos.com/network/subnets/10.1.8.0-24
/coreos.com/network/subnets/10.1.81.0-24
[root@kubernetes /etc/etcd]# etcdctl get /coreos.com/network/subnets/10.1.71.0-24
{"PublicIP":"192.168.1.53"}
[root@kubernetes /etc/etcd]# etcdctl get /coreos.com/network/subnets/10.1.8.0-24
{"PublicIP":"192.168.1.51"}
[root@kubernetes /etc/etcd]# etcdctl get /coreos.com/network/subnets/10.1.81.0-24
{"PublicIP":"192.168.1.52"}