flannel网络部署

简介

Flannel is a simple and easy way to configure a layer 3 network fabric designed for Kubernetes. Flannel runs a small, single binary agent called flanneld on each host, and is responsible for allocating a subnet lease to each host out of a larger, preconfigured address space. Flannel uses either the Kubernetes API or etcd directly to store the network configuration, the allocated subnets, and any auxiliary data (such as the host’s public IP). Packets are forwarded using one of several backend mechanisms including VXLAN and various cloud integrations.

安装部署

注意:必须先安装flanneld,后安装docker

安装:

yum install -y flannel
etcdctl put /coreos.com/network/config '{ "Network": "172.17.0.0/16" }'
## 出错No help topic for 'put', 解决办法是export ETCDCTL_API=3

创建日志文件夹:

mkdir -p /var/log/flannel

修改配置: vi /etc/sysconfig/flanneld

# Flanneld configuration options
# etcd url location.  Point this to the server where etcd runs
FLANNEL_ETCD_ENDPOINTS="http://192.168.126.135:2379,http://192.168.126.136:2379"
# etcd config key.  This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/coreos.com/network"
# Any additional options that you want to pass
FLANNEL_OPTIONS="--logtostderr=false --log_dir=/var/log/flannel/ --iface=ens33" ##网卡名ens33

启动:

systemctl start flanneld

安装docker

yum install docker -y

查看配置完成的网络配置

192.168.126.135主机:

[root@localhost ~]# ip a show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:40:68:bf brd ff:ff:ff:ff:ff:ff
    inet 192.168.126.135/24 brd 192.168.126.255 scope global noprefixroute dynamic ens33
       valid_lft 1738sec preferred_lft 1738sec
    inet6 fe80::f0c3:e2c0:22bd:be67/64 scope link tentative noprefixroute dadfailed
       valid_lft forever preferred_lft forever
    inet6 fe80::98a4:7320:3df3:8633/64 scope link tentative noprefixroute dadfailed
       valid_lft forever preferred_lft forever
    inet6 fe80::a433:d964:dce2:6726/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
4: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none
    inet 172.17.80.0/16 scope global flannel0
       valid_lft forever preferred_lft forever
    inet6 fe80::ddae:513b:3130:1646/64 scope link flags 800
       valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:a7:c7:0a:0a brd ff:ff:ff:ff:ff:ff
    inet 172.17.80.1/24 scope global docker0
       valid_lft forever preferred_lft forever

192.168.126.136主机:

[root@localhost ~]# ip a show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:5c:d6:2c brd ff:ff:ff:ff:ff:ff
    inet 192.168.126.136/24 brd 192.168.126.255 scope global noprefixroute dynamic ens33
       valid_lft 1640sec preferred_lft 1640sec
    inet6 fe80::98a4:7320:3df3:8633/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none
    inet 172.17.38.0/16 scope global flannel0
       valid_lft forever preferred_lft forever
    inet6 fe80::cf47:969e:5b63:6352/64 scope link flags 800
       valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:3b:dd:a0:51 brd ff:ff:ff:ff:ff:ff
    inet 172.17.38.1/24 scope global docker0
       valid_lft forever preferred_lft forever

上述信息中,网卡flannel0和网卡docker0应该在同一网段

查看路由

[root@localhost ~]# ip route
default via 192.168.126.2 dev ens33 proto dhcp metric 100
172.17.0.0/16 dev flannel0 proto kernel scope link src 172.17.80.0
172.17.80.0/24 dev docker0 proto kernel scope link src 172.17.80.1
192.168.126.0/24 dev ens33 proto kernel scope link src 192.168.126.135 metric 100

测试: 192.168.126.136与192.168.126.135上的flanneld和docker网卡互相ping通

总结

使用etcd数据库存放网卡信息,flanneld从etcd中读取配置,然后生成网卡信息; docker网卡流量由flannel管理 集群间使用flannel实现互通,区别于一般的ip通信,原因在于可以托管docker的流量信息