网络插件flannel
快速开始
第一步:配置etcd
-
启动
export ETCDCTL_API=3 /etcd \ --name etcd-1 \ --listen-peer-urls 'http://10.0.16.14:2380' \ --initial-advertise-peer-urls 'http://10.0.16.14:2380' \ --listen-client-urls 'http://10.0.16.14:2379,http://127.0.0.1:2379' \ --advertise-client-urls 'http://10.0.16.14:2379' -
配置flannel后端处理方式
/etcdctl --endpoints=127.0.0.1:2379 put /coreos.com/network/config '{"Network":"172.7.0.0/16","Backend":{"Type":"Vxlan","Directrouting":true}}'
第二步:启动flanneld
/root/flanneld --ip-masq --kube-subnet-mgr=false --etcd-endpoints=http://127.0.0.1:2379
第三步:查看配置
-
查看etcd存储信息
[info]
/coreos.com/network/config保存了flannel 报文处理方式,和 cidr/coreos.com/network/subnets/保存了flannel 分配出去的子网信息[root@tencent-sh kube-flannel]# /etcdctl --endpoints=127.0.0.1:2379 get / --prefix /coreos.com/network/config {"Network":"172.7.0.0/16","Backend":{"Type":"Vxlan","Directrouting":true}} /coreos.com/network/subnets/172.7.71.0-24 {"PublicIP":"10.0.16.14","PublicIPv6":null,"BackendType":"vxlan","BackendData":{"VNI":1,"VtepMAC":"7e:41:0f:5d:6a:54"}} -
查看文件配置
[info]
/run/flannel/subnet.env保存了flanneld 启动后子网分配信息/etc/kube-flannel/net-conf.jsonflanneld 启动时加载的配置文件。如果--kube-subnet-mgr=false 则从etcd中读取 key为/coreos.com/network/config的配置,否则从该文件读取配置[root@tencent-sh flannel]# cat /run/flannel/subnet.env FLANNEL_NETWORK=172.7.0.0/16 FLANNEL_SUBNET=172.7.71.1/24 FLANNEL_MTU=1450 FLANNEL_IPMASQ=true# 本示例中该文件不起作用 [root@tencent-sh /]# cat /etc/kube-flannel/net-conf.json { "Network": "10.244.0.0/16", "Backend": { "Type": "vxlan" } } -
查看网卡信息
[root@tencent-sh kube-flannel]# ip a 7: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether 7e:41:0f:5d:6a:54 brd ff:ff:ff:ff:ff:ff inet 172.7.71.0/32 scope global flannel.1 valid_lft forever preferred_lft forever inet6 fe80::7c41:fff:fe5d:6a54/64 scope link valid_lft forever preferred_lft forever
第四步:让docker使用flannel 网络
[info]
Docker 1.16及以后,将不再使用docker daemon命令,而直接使用dockerd命令了
需要先启动flanneld
source /run/flannel/subnet.env
docker daemon --bip=${FLANNEL_SUBNET} --mtu=${FLANNEL_MTU} &
EnvironmentFile=/run/flannel/subnet.env # 文件不存在是会报错
ExecStart=/usr/bin/dockerd \
-H fd:// --containerd=/run/containerd/containerd.sock \
--bip ${FLANNEL_SUBNET} \
--mtu=${FLANNEL_MTU}
systemctl daemon-reload
systemctl restart dockerd
第五步: 验证跨网络通讯
第六步:清理测试环境
iptables -F
iptables -X
iptables -Z
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
