flannel网络的安装配置
今天在做kubernetes集群中flannel网络的配置时遇到的问题,记录下来
一、安装etcd:
如果搭建好了kubernetes集群,应该是已经安装配置好了etcd,这里简单说一下:
为什么需要etcd,是因为flannel使用etcd作为数据库,保存集群中分配的网络信息,从而保证了集群中的pod网络是同一个网段,并且不会重复。
使用yum install etcd来安装,或者使用源码进行安装,详见这里。
安装好了之后修改一下etcd的配置文件/etc/etcd/etcd.conf
修改以下两个参数:
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379"
我这里修改为了监听所有网卡,你可以按需要进行修改,然后重启etcd服务:
systemctl restart etcd
二、安装flannel
同样我这里使用yum install flannel -y的方式进行安装,你也可以去github下载对应的包进行安装,解压之后将二进制文件flannel和nk-docker-opts.sh拷贝到/usr/bin目录下完成安装。
三、配置flannel
如果是手动拷贝二进制文件安装,可以参考yum安装之后的配置文件进行配置,这里只修改flannel的配置文件,编辑配置文件/etc/sysconfig/flannel,按照以下参数配置:
FLANNEL_ETCD_ENDPOINTS="http://192.168.26.250:2379"
FLANNEL_ETCD_PREFIX="/coreos.com/network"
设置为你的etcd的地址即可,在启动flannel之前,需要添加一条网络配置记录,用于flannel分配给每个docker0的网络:
etcdctl set /coreos.com/network/config '{ "Network": "10.1.0.0/16" }'
由于启动
flannel时将会覆盖docker0的网络,因此在启动flannel之前需要将docker服务停掉。
四、启动flannel
systemctl restart flanneld
接下来就是重启docker服务了,如果是手动安装flannel,可能需要配置docker0网络的地址,使用以下命令:
mk-docker-opts.sh -i
source /run/flannel/subnet.env
ifconfig docker0 ${FLANNEL_SUBNET}
五、重启docker
systemctl restart docker
查看网络配置:
# ip a
4: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN qlen 500
link/none
inet 10.1.13.0/16 scope global flannel0
valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:da:9c:59:22 brd ff:ff:ff:ff:ff:ff
inet 10.1.13.1/24 scope global docker0
valid_lft forever preferred_lft forever
可以发现配置的网络已经生效,我这里是flannel自动分配的网段
我本人在重启docker的时候发现了如下报错:
-- Unit docker.service has begun starting up.
5月 29 13:56:44 master.kube.com dockerd-current[13290]: time="2018-05-29T13:56:44.717023320+08:00" level=warning msg="could not change group /var/run/docker.sock to do
5月 29 13:56:44 master.kube.com dockerd-current[13290]: time="2018-05-29T13:56:44.720843794+08:00" level=info msg="libcontainerd: new containerd process, pid: 13295"
5月 29 13:56:46 master.kube.com dockerd-current[13290]: Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel. Either boot into
5月 29 13:56:46 master.kube.com systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
5月 29 13:56:46 master.kube.com systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: Unit docker.service has failed
原因是因为在当前的内核上selinux不支持overlay的网络,解决办法是升级内核或者修改docker的配置文件的/etc/sysconfig/docker的参数为--selinux-enabled=false
按照相同的方式配置另一台机器
六、验证网络
可以通过ping另一台机器的docker0来验证网络的连通性
使用以下命令查看每台机器上的flannel0和docker0的网络信息和对应物理机的地址:
[root@master ~]# etcdctl ls /coreos.com/network/subnets
/coreos.com/network/subnets/10.1.13.0-24
/coreos.com/network/subnets/10.1.50.0-24
[root@master ~]# etcdctl get /coreos.com/network/subnets/10.1.13.0-24
{"PublicIP":"192.168.26.250"}
[root@master ~]# etcdctl get /coreos.com/network/subnets/10.1.50.0-24
{"PublicIP":"192.168.26.240"}
至此,flannel网络配置完成。
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
thanks
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
WARNING - The message you received from @bdbalok is a CONFIRMED SCAM!
DO NOT FOLLOW any instruction and DO NOT CLICK on any link in the comment!
For more information, read this post:
https://steemit.com/steemit/@arcange/phishing-site-reported-steemituper
If you find my work to protect you and the community valuable, please consider to upvote this warning or to vote for my witness.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit