Kubernetes------二进制部署ETCD集群+Flannel网络

文章目录

一、资源分配
二、ETCD部署
- 2.1、master节点部署
- - 2.1.1、定义制作证书及启动脚本
  - 2.1.2、制作证书
  - 2.1.3、ETCD集群部署
- 2.2、node节点部署
三、Flannel网络部署
- 3.1、node节点安装Docker
- 3.2、Flannel网络部署
- - 3.2.1、flannel网络配置
  - 3.2.2、测试容器互通

一、资源分配

主机	IP地址	所需软件
master1	192.168.88.10	kube-apiserver、kube-controller-manager、kube-scheduler、etcd
node1	192.168.88.20	kubelet、kube-proxy、docker、flannel、etcd
node2	192.168.88.30	kubelet、kube-proxy、docker、flannel、etcd

二、ETCD部署

所有节点关闭防火墙及系统安全防护机制

[root@master1 ~/k8s]# systemctl stop firewalld.service 
[root@master1 ~/k8s]# systemctl disable firewalld.service 
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@master1 ~/k8s]# setenforce 0
#node节点相同操作

2.1、master节点部署 2.1.1、定义制作证书及启动脚本

创建k8s目录，并导入两个脚本

[root@localhost ~]# hostnamectl set-hostname master1
[root@localhost ~]# su -
上一次登录：六 10月  9 09:08:13 CST 2021从 192.168.88.1pts/2 上
[root@master1 ~]# mkdir k8s
[root@master1 ~]# cd k8s/
[root@master1 ~/k8s]# ls
etcd-cert.sh  etcd.sh

证书制作脚本内容如下(etcd-cert.sh)

cat > ca-config.json < ca-csr.json < server-csr.json < 
启动脚本内容如下（etcd.sh ） 
#!/bin/bash
#以下为使用格式：etcd名称 当前etcd的IP地址+完整的集群名称和地址
# example: ./etcd.sh etcd01 192.168.1.10 etcd02=https://192.168.1.11:2380,etcd03=https://192.168.1.12:2380

ETCD_NAME=$1						#位置变量1：etcd节点名称
ETCD_IP=$2						#位置变量2：节点地址
ETCD_CLUSTER=$3						#位置变量3：集群

WORK_DIR=/opt/etcd					#指定工作目录

cat <$WORK_DIR/cfg/etcd				#在指定工作目录创建ETCD的配置文件
#[Member]
ETCD_NAME="${ETCD_NAME}"				#etcd名称
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://${ETCD_IP}:2380"		#etcd IP地址：2380端口。用于集群之间通讯
ETCD_LISTEN_CLIENT_URLS="https://${ETCD_IP}:2379"	#etcd IP地址：2379端口，用于开放给外部客户端通讯

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://${ETCD_IP}:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://${ETCD_IP}:2379"	#对外提供的url使用https的协议进行访问
ETCD_INITIAL_CLUSTER="etcd01=https://${ETCD_IP}:2380,${ETCD_CLUSTER}"		#多路访问
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"		#tokens 令牌环名称：etcd-cluster
ETCD_INITIAL_CLUSTER_STATE="new"			#状态，重新创建
EOF

cat </usr/lib/systemd/system/etcd.service		#定义ectd的启动脚本
[Unit]								#基本项			
Description=Etcd Server					#类似为 etcd 服务
After=network.target					#vu癌症
After=network-online.target
Wants=network-online.target

[Service]						#服务项
Type=notify
EnvironmentFile=${WORK_DIR}/cfg/etcd	#etcd文件位置
ExecStart=${WORK_DIR}/bin/etcd 			#准启动状态及以下的参数
--name=${ETCD_NAME} 
--data-dir=${ETCD_DATA_DIR} 
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS} 
--listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS}  #以下为群集内部的设定
--initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} 
--initial-cluster=${ETCD_INITIAL_CLUSTER} 
--initial-cluster-token=${ETCD_INITIAL_CLUSTER_TOKEN} 	#群集内部通信，也是使用的令牌，为了保证安全（防范中间人窃取）
--initial-cluster-state=new 
--cert-file=${WORK_DIR}/ssl/server.pem 		#证书相关参数
--key-file=${WORK_DIR}/ssl/server-key.pem 
--peer-cert-file=${WORK_DIR}/ssl/server.pem 
--peer-key-file=${WORK_DIR}/ssl/server-key.pem 
--trusted-ca-file=${WORK_DIR}/ssl/ca.pem 
--peer-trusted-ca-file=${WORK_DIR}/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536					#开放最多的端口号

[Install]
WantedBy=multi-user.target				#进行启动
EOF

systemctl daemon-reload					#参数重载
systemctl enable etcd
systemctl restart etcd
 
2.1.2、制作证书 
创建证书目录etcd-cert，并把k8s目录下的证书创建脚本移动到该目录 
[root@master1 ~/k8s]# mkdir etcd-cert
[root@master1 ~/k8s]# ls
etcd-cert  etcd-cert.sh  etcd.sh
[root@master1 ~/k8s]# cd etcd-cert/
[root@master1 ~/k8s/etcd-cert]# mv ../etcd-cert.sh ./
[root@master1 ~/k8s/etcd-cert]# ls
etcd-cert.sh
 
创建cfssl类型工具下载脚本 
[root@master1 ~/k8s/etcd-cert]# vim cfssl.sh
[root@master1 ~/k8s/etcd-cert]# cat cfssl.sh 
#从官网源中下载制作证书的工具，放在/usr/local/bin中便于系统识别
curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl

#从另一个站点源中下载cfssljson工具，用于识别json配置文件格式
curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson

#下载cfssl-certinfo工具
curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo

#赋予执行权限
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo

[root@master1 ~/k8s/etcd-cert]# bash cfssl.sh 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  9.8M  100  9.8M    0     0   516k      0  0:00:19  0:00:19 --:--:--  622k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 2224k  100 2224k    0     0   181k      0  0:00:12  0:00:12 --:--:--  264k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 6440k  100 6440k    0     0   431k      0  0:00:14  0:00:14 --:--:--  796k
[root@master1 ~/k8s/etcd-cert]# ls /usr/local/bin
cfssl  cfssl-certinfo  cfssljson
 
定义生成CA证书的配置文件 
[root@master1 ~/k8s/etcd-cert]# cat > ca-config.json < {
>   "signing": {
>     "default": {
>       "expiry": "87600h"
>     },
> "profiles": {
>       "www": {
>          "expiry": "87600h",
>          "usages": [
>             "signing",
> "key encipherment",
>             "server auth",
>             "client auth"
>         ]  
>       } 
>     }
>   }
> }
> EOF
[root@master1 ~/k8s/etcd-cert]# ls
ca-config.json  cfssl.sh  etcd-cert.sh
 
定义生成ca证书的签名文件 
[root@master1 ~/k8s/etcd-cert]#  cat > ca-csr.json < {   
>     "CN": "etcd CA",
> "key": {
>         "algo": "rsa",
> "size": 2048
>     },
>     "names": [
>  {
>             "C": "CN",
>             "L": "Beijing",
>             "ST": "Beijing"
>         }
>     ]
> }
> EOF
[root@master1 ~/k8s/etcd-cert]# ls
ca-config.json  ca-csr.json  cfssl.sh  etcd-cert.sh
 
生成证书（ca-key.pem和ca.pem） 
[root@master1 ~/k8s/etcd-cert]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
2021/10/09 15:19:18 [INFO] generating a new CA key and certificate from CSR
2021/10/09 15:19:18 [INFO] generate received request
2021/10/09 15:19:18 [INFO] received CSR
2021/10/09 15:19:18 [INFO] generating key: rsa-2048
2021/10/09 15:19:18 [INFO] encoded CSR
2021/10/09 15:19:18 [INFO] signed certificate with serial number 359637663957383059699943769032698074453257926546
[root@master1 ~/k8s/etcd-cert]# ls
ca-config.json  ca.csr  ca-csr.json  ca-key.pem  ca.pem  cfssl.sh  etcd-cert.sh
 
指定ETCD所有节点之间的通信验证 
[root@master1 ~/k8s/etcd-cert]# cat > server-csr.json < {
>     "CN": "etcd",
>     "hosts": [
> "192.168.88.10",
> "192.168.88.20",
> "192.168.88.30"
>  ],
>     "key": {
>         "algo": "rsa",
>         "size": 2048
>     },
>     "names": [
>  {
>             "C": "CN",
>             "L": "BeiJing",
>             "ST": "BeiJing"
>         }
>     ]
> }
> EOF
[root@master1 ~/k8s/etcd-cert]# ls
ca-config.json  ca.csr  ca-csr.json  ca-key.pem  ca.pem  cfssl.sh  etcd-cert.sh  server-csr.json
 
生成服务器端密钥证书（server-key.pem）和服务器端证书（server.pem） 
[root@master1 ~/k8s/etcd-cert]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server
2021/10/09 15:22:32 [INFO] generate received request
2021/10/09 15:22:32 [INFO] received CSR
2021/10/09 15:22:32 [INFO] generating key: rsa-2048
2021/10/09 15:22:32 [INFO] encoded CSR
2021/10/09 15:22:32 [INFO] signed certificate with serial number 455397338395263654887754770894151470180934523427
2021/10/09 15:22:32 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
 
此时证书已经制作完成 
[root@master1 ~/k8s/etcd-cert]# ls
ca-config.json  ca.csr  ca-csr.json  ca-key.pem  ca.pem  cfssl.sh  etcd-cert.sh  server.csr  server-csr.json  server-key.pem  server.pem
 
2.1.3、ETCD集群部署 
导入所需软件包（etcd-v3.3.10-linux-amd64.tar.gz、flannel-v0.10.0-linux-amd64.tar.gz、kubernetes-server-linux-amd64.tar.gz） 
[root@master1 ~/k8s/etcd-cert]# cd ..
[root@master1 ~/k8s]# rz -E
rz waiting to receive.
[root@master1 ~/k8s]# rz -E
rz waiting to receive.
[root@master1 ~/k8s]# rz -E
rz waiting to receive.
[root@master1 ~/k8s]# ls
etcd-cert  etcd.sh  etcd-v3.3.10-linux-amd64.tar.gz  flannel-v0.10.0-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz
 
解压ETCD软件包 
[root@master1 ~/k8s]# tar zxvf etcd-v3.3.10-linux-amd64.tar.gz 
[root@master1 ~/k8s]# cd etcd-v3.3.10-linux-amd64/
[root@master1 ~/k8s/etcd-v3.3.10-linux-amd64]# ls
documentation  etcd  etcdctl  README-etcdctl.md  README.md  READMEv2-etcdctl.md
 
创建ETCD工作目录（cfg配置文件目录、bin命令文件目录、ssl证书文件目录） 
[root@master1 ~/k8s/etcd-v3.3.10-linux-amd64]# cd ..
[root@master1 ~/k8s]# mkdir /opt/etcd/{cfg,bin,ssl} -p
[root@master1 ~/k8s]# ls /opt/etcd/
bin  cfg  ssl
 
移动命令文件到bin目录 
[root@master1 ~/k8s]# mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin
[root@master1 ~/k8s]# ls /opt/etcd/bin/
etcd  etcdctl
 
复制证书文件到ssl目录 
[root@master1 ~/k8s]# cp etcd-cert/*.pem /opt/etcd/ssl
[root@master1 ~/k8s]# ls /opt/etcd/ssl/
ca-key.pem  ca.pem  server-key.pem  server.pem
 
此时进入卡住状态等待其他节点加入
 执行以下命令会产生两个文件（配置文件，启动脚本），等待其他节点加入，如果没有节点加入，几分钟后会自动退出。 
[root@master1 ~/k8s]# bash etcd.sh etcd01 192.168.88.10 etcd02=https://192.168.88.20:2380,etcd03=https://192.168.88.30:2380
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
 
另起终端，查看产生的配置文件 
[root@master1 ~]# cd /opt/etcd/cfg
[root@master1 /opt/etcd/cfg]# ls
etcd
[root@master1 /opt/etcd/cfg]# cat etcd 
#[Member]
ETCD_NAME="etcd01"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.88.10:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.88.10:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.88.10:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.88.10:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.88.10:2380,etcd02=https://192.168.88.20:2380,etcd03=https://192.168.88.30:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
#以上是群集信息和各节点信息，配置文件中的变量引用前面在k8s目录中设置的启动脚本变量
 
查看etcd进程 
[root@master1 /opt/etcd/cfg]# ps -ef | grep etcd
root      48622      1  0 16:43 ?        00:00:00 /opt/etcd/bin/etcd --name=etcd01 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://192.168.88.10:2380 --listen-client-urls=https://192.168.88.10:2379,http://127.0.0.1:2379 --advertise-client-urls=https://192.168.88.10:2379 --initial-advertise-peer-urls=https://192.168.88.10:2380 --initial-cluster=etcd01=https://192.168.88.10:2380,etcd02=https://192.168.88.20:2380,etcd03=https://192.168.88.30:2380 --initial-cluster-token=etcd-cluster --initial-cluster-state=new --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --peer-cert-file=/opt/etcd/ssl/server.pem --peer-key-file=/opt/etcd/ssl/server-key.pem --trusted-ca-file=/opt/etcd/ssl/ca.pem --peer-trusted-ca-file=/opt/etcd/ssl/ca.pem
root      48637  48568  0 16:44 pts/1    00:00:00 grep --color=auto etcd
 
复制证书和启动脚本到node节点服务器 
#将所有配置文件、证书、脚本复制到node节点服务器
[root@master1 ~/k8s]# scp -r /opt/etcd/ root@192.168.88.20:/opt
[root@master1 ~/k8s]# scp -r /opt/etcd/ root@192.168.88.30:/opt

#将启动脚本复制到node节点服务器
[root@master1 ~/k8s]# scp -r /usr/lib/systemd/system/etcd.service root@192.168.88.20:/usr/lib/systemd/system/
[root@master1 ~/k8s]# scp -r /usr/lib/systemd/system/etcd.service root@192.168.88.30:/usr/lib/systemd/system/
 
2.2、node节点部署 
修改配置文件 
[root@localhost ~]# hostnamectl set-hostname node1
[root@localhost ~]# su -
上一次登录：六 10月  9 09:08:15 CST 2021从 192.168.88.1pts/1 上
[root@node1 ~]# ls /usr/lib/systemd/system/ | grep etcd
etcd.service
[root@node1 ~]# vim /opt/etcd/cfg/etcd
#node2相同操作，配置文件中修改为本机IP，ETCD-NAME改为etcd03即可
 

 开启ETCD服务 
#master节点
[root@master1 ~/k8s]# bash etcd.sh etcd01 192.168.88.10 etcd02=https://192.168.88.20:2380,etcd03=https://192.168.88.30:2380

#node节点（node2相同操作）
[root@node1 /opt/etcd/cfg]# systemctl start etcd
 
检查集群状态 
#查看节点命令需要使用ca证书，在证书文件目录下执行
[root@master1 ~/k8s]# cd etcd-cert/
[root@master1 ~/k8s/etcd-cert]# ls
ca-config.json  ca.csr  ca-csr.json  ca-key.pem  ca.pem  cfssl.sh  etcd-cert.sh  server.csr  server-csr.json  server-key.pem  server.pem
[root@master1 ~/k8s/etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.88.10:2379,https://192.168.88.20:2379,https://192.168.88.30:2379" cluster-health
member 15c0c1231d3995a5 is healthy: got healthy result from https://192.168.88.20:2379
member 8f448cc206fd4980 is healthy: got healthy result from https://192.168.88.10:2379
member ef957ce8d9da80da is healthy: got healthy result from https://192.168.88.30:2379
cluster is healthy
#此时三个节点通讯已完成
 
三、Flannel网络部署 
3.1、node节点安装Docker 
#安装依赖包
[root@node1 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
#设置阿里云镜像源
[root@node1 ~]# cd /etc/yum.repos.d/
[root@node1 /etc/yum.repos.d]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce
#安装社区版Docker-ce
[root@node1 /etc/yum.repos.d]# yum install -y docker-ce
#node2相同操作
 
如果安装docker-ce出现报错，解决方法如下
  
#开启Docker
[root@node1 /etc/yum.repos.d]# systemctl start docker
[root@node1 /etc/yum.repos.d]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
#配置镜像加速
[root@node1 /etc/yum.repos.d]# tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://i657xnlq.mirror.aliyuncs.com"]
> }
> EOF
{
"registry-mirrors": ["https://i657xnlq.mirror.aliyuncs.com"]
}
[root@node1 /etc/yum.repos.d]# systemctl daemon-reload
[root@node1 /etc/yum.repos.d]# systemctl restart docker
#网络优化
[root@node1 /etc/yum.repos.d]# vim /etc/sysctl.conf
[root@node1 /etc/yum.repos.d]# sysctl -p
net.ipv4.ip_forward = 1
[root@node1 /etc/yum.repos.d]# systemctl restart network
[root@node1 /etc/yum.repos.d]# systemctl restart docker
 
3.2、Flannel网络部署 
3.2.1、flannel网络配置 
写入分配的子网段到ETCD中，供Flannel使用 
[root@master1 ~/k8s/etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.88.10:2379,https://192.168.88.20:2379,https://192.168.88.30:2379" set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'
{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}
 
导入Flannel软件包到node节点服务器并解压 
[root@node1 ~]# rz -E
rz waiting to receive.
[root@node1 ~]# ls
anaconda-ks.cfg  flannel-v0.10.0-linux-amd64.tar.gz  initial-setup-ks.cfg  公共  模板  视频  图片  文档  下载  音乐  桌面
[root@node1 ~]# tar zxvf flannel-v0.10.0-linux-amd64.tar.gz 
flanneld
mk-docker-opts.sh
README.md
#node2相同操作
 
node节点创建k8s工作目录 
[root@node1 ~]# mkdir -p /opt/kubernetes/{cfg,bin,ssl} 
[root@node1 ~]# mv mk-docker-opts.sh flanneld /opt/kubernetes/bin/
[root@node1 ~]# ls /opt/kubernetes/bin/
flanneld  mk-docker-opts.sh
 
node节点导入启动脚本 
 [root@node1 ~]# rz -E
rz waiting to receive.
[root@node1 ~]# ls
anaconda-ks.cfg  flannel.sh  flannel-v0.10.0-linux-amd64.tar.gz  initial-setup-ks.cfg  README.md  公共  模板  视频  图片  文档  下载  音乐  桌面
[root@node1 ~]# cat flannel.sh 
#!/bin/bash

ETCD_ENDPOINTS=${1:-"http://127.0.0.1:2379"}

cat </opt/kubernetes/cfg/flanneld

FLANNEL_OPTIONS="--etcd-endpoints=${ETCD_ENDPOINTS} 
-etcd-cafile=/opt/etcd/ssl/ca.pem 
-etcd-certfile=/opt/etcd/ssl/server.pem 
-etcd-keyfile=/opt/etcd/ssl/server-key.pem"

EOF

cat </usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network-online.target network.target
Before=docker.service

[Service]
Type=notify
EnvironmentFile=/opt/kubernetes/cfg/flanneld
ExecStart=/opt/kubernetes/bin/flanneld --ip-masq $FLANNEL_OPTIONS
ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env
Restart=on-failure

[Install]
WantedBy=multi-user.target

EOF

systemctl daemon-reload
systemctl enable flanneld
systemctl restart flanneld
 
node节点开启flannel网络功能 
[root@node1 ~]# bash flannel.sh https://192.168.88.10:2379,https://192.168.88.20:2379,https://192.168.88.30:2379
Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.
 
node节点配置Docker用以连接Flannel 
 [root@node1 ~]# vim /usr/lib/systemd/system/docker.service

#想要docker可以使用flannel网络，需要设置env指向flannal的运行文件
#13行写入：EnvironmentFile=/run/flannel/subnet.env

#原14行在dockerd后面添加一个参数$DOCKER_NETWORK_OPTIONS
#此参数让docker使用的网络组件为flannel，而不是自身的组件
ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS -H fd:// --containerd=/run/containerd/containerd.sock
 

 node节点查看Flannel所分配的子网段 
[root@node1 ~]# cat /run/flannel/subnet.env 
DOCKER_OPT_BIP="--bip=172.17.79.1/24"
DOCKER_OPT_IPMASQ="--ip-masq=false"
DOCKER_OPT_MTU="--mtu=1450"
DOCKER_NETWORK_OPTIONS=" --bip=172.17.79.1/24 --ip-masq=false --mtu=1450"

[root@node2 ~]# cat /run/flannel/subnet.env 
DOCKER_OPT_BIP="--bip=172.17.65.1/24"
DOCKER_OPT_IPMASQ="--ip-masq=false"
DOCKER_OPT_MTU="--mtu=1450"
DOCKER_NETWORK_OPTIONS=" --bip=172.17.65.1/24 --ip-masq=false --mtu=1450"

#或使用ifconfig命令查看flannel1的信息
 
重载进程并重启Docker 
[root@node1 ~]# systemctl daemon-reload 
[root@node1 ~]# systemctl restart docker
 
3.2.2、测试容器互通 
node节点下载centos:7 
[root@node1 ~]# docker run -it centos:7 /bin/bash
Unable to find image 'centos:7' locally
7: Pulling from library/centos
2d473b07cdd5: Pull complete 
Digest: sha256:9d4bcbbb213dfd745b58be38b13b996ebb5ac315fe75711bd618426a630e0987
Status: Downloaded newer image for centos:7
[root@0c33a1d4e50f /]# 
 
node节点下载net-tools工具 
[root@0c33a1d4e50f /]# yum -y install net-tools
 
查看地址，并使用ping命令测试是否可以跨容器互通 
[root@0c33a1d4e50f /]# ifconfig 
eth0: flags=4163  mtu 1450
        inet 172.17.79.2  netmask 255.255.255.0  broadcast 172.17.79.255
        ether 02:42:ac:11:4f:02  txqueuelen 0  (Ethernet)
        RX packets 21297  bytes 19619722 (18.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13081  bytes 709744 (693.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



[root@e122f4e98088 /]# ifconfig 
eth0: flags=4163  mtu 1450
        inet 172.17.65.2  netmask 255.255.255.0  broadcast 172.17.65.255
        ether 02:42:ac:11:41:02  txqueuelen 0  (Ethernet)
        RX packets 21785  bytes 19644283 (18.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13036  bytes 707319 (690.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Kubernetes------二进制部署ETCD集群+Flannel网络

Linux相关栏目本月热门文章