网络插件flannel

快速开始

第一步:配置etcd

  • 启动

    export ETCDCTL_API=3
/etcd \
 --name etcd-1 \
 --listen-peer-urls 'http://10.0.16.14:2380' \
 --initial-advertise-peer-urls 'http://10.0.16.14:2380' \
 --listen-client-urls 'http://10.0.16.14:2379,http://127.0.0.1:2379' \
 --advertise-client-urls 'http://10.0.16.14:2379'

  • 配置flannel后端处理方式

    /etcdctl --endpoints=127.0.0.1:2379 put /coreos.com/network/config '{"Network":"172.7.0.0/16","Backend":{"Type":"Vxlan","Directrouting":true}}'

第二步:启动flanneld

/root/flanneld  --ip-masq --kube-subnet-mgr=false --etcd-endpoints=http://127.0.0.1:2379

第三步:查看配置

  • 查看etcd存储信息

    [info]

    /coreos.com/network/config 保存了flannel 报文处理方式,和 cidr

    /coreos.com/network/subnets/ 保存了flannel 分配出去的子网信息

    [root@tencent-sh kube-flannel]# /etcdctl --endpoints=127.0.0.1:2379 get / --prefix
/coreos.com/network/config
{"Network":"172.7.0.0/16","Backend":{"Type":"Vxlan","Directrouting":true}}

/coreos.com/network/subnets/172.7.71.0-24
{"PublicIP":"10.0.16.14","PublicIPv6":null,"BackendType":"vxlan","BackendData":{"VNI":1,"VtepMAC":"7e:41:0f:5d:6a:54"}}

  • 查看文件配置

    [info]

    /run/flannel/subnet.env 保存了flanneld 启动后子网分配信息

    /etc/kube-flannel/net-conf.json flanneld 启动时加载的配置文件。如果--kube-subnet-mgr=false 则从etcd中读取 key为/coreos.com/network/config的配置,否则从该文件读取配置

    [root@tencent-sh flannel]# cat /run/flannel/subnet.env 
FLANNEL_NETWORK=172.7.0.0/16
FLANNEL_SUBNET=172.7.71.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true

    # 本示例中该文件不起作用
[root@tencent-sh /]# cat /etc/kube-flannel/net-conf.json 
{
  "Network": "10.244.0.0/16",
  "Backend": {
    "Type": "vxlan"
  }
}

  • 查看网卡信息

    [root@tencent-sh kube-flannel]# ip a 
7: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether 7e:41:0f:5d:6a:54 brd ff:ff:ff:ff:ff:ff
    inet 172.7.71.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::7c41:fff:fe5d:6a54/64 scope link 
       valid_lft forever preferred_lft forever

第四步:让docker使用flannel 网络

[info]

Docker 1.16及以后,将不再使用docker daemon命令,而直接使用dockerd命令了

需要先启动flanneld

source /run/flannel/subnet.env
docker daemon --bip=${FLANNEL_SUBNET} --mtu=${FLANNEL_MTU} &

EnvironmentFile=/run/flannel/subnet.env   # 文件不存在是会报错
ExecStart=/usr/bin/dockerd \
          -H fd:// --containerd=/run/containerd/containerd.sock \
          --bip ${FLANNEL_SUBNET} \
          --mtu=${FLANNEL_MTU}

systemctl daemon-reload
systemctl restart dockerd

第五步: 验证跨网络通讯

第六步:清理测试环境

iptables -F
iptables -X 
iptables -Z
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
posted @ 2023-02-26 23:02  mingtian是吧  阅读(94)  评论(0编辑  收藏  举报