1.跨主机通信的基础
1.需要docker 安装成功(安装过程就略了,本文以yum安装的1.13.1为准)
2.需要有etcd数据库(就是第三部完成的)
3.提前规划好的flanneld网络(由于需要需要先申请证书,所以需要先创建证书)
2.创建etcd证书
cat > /etc/ssl/flanneld/flanneld-csr.json <<EOF
{
"CN": "flanneld",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "ChengDu",
"L": "ChengDu",
"O": "k8s",
"OU": "dessler"
}
]
}
EOF
复制代码
cfssl gencert -ca=/etc/ssl/ca.pem \
-ca-key=/etc/ssl/ca-key.pem \
-config=/etc/ssl/ca-config.json \
-profile=kubernetes flanneld-csr.json | cfssljson -bare flanneld
复制代码
ls
flanneld.csr flanneld-csr.json flanneld-key.pem flanneld.pem
复制代码
3.分发证书和二进制文件到所有的节点
包括后面增加的node节点
4.在etcd里面创建flanneld网络
也就是规划pod的网络
etcdctl \
> --endpoints=https://192.168.1.40:2379,https://192.168.1.41:2379,https://192.168.1.42:2379 \
> --ca-file=/etc/ssl/ca.pem \
> --cert-file=/etc/ssl/flanneld/flanneld.pem \
> --key-file=/etc/ssl/flanneld/flanneld-key.pem \
> set /kubernetes/network/config '{"Network":"'172.30.0.0/16'", "SubnetLen": 24, "Backend": {"Type": "vxlan"}}'
{"Network":"172.30.0.0/16", "SubnetLen": 24, "Backend": {"Type": "vxlan"}}
复制代码
由于物理节点的ip地址段是192.168.的 所有给docker规划的ip地址是172.30的,你也可以根据自己的情况选择不同的ip地址,至于为什么选择16 是因为选择16包含了254个网段,满足一般集群的需要,当然也可以选的更小或者更大
5.配置flanneld服务
这个就不区分mater还是node接点,其实master接点是可以不需要这个的,但是为了统一最好还是都加上
cat > /usr/lib/systemd/system/flanneld.service << EOF
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service
[Service]
Type=notify
ExecStart=/usr/bin/flanneld \\
-etcd-cafile=/etc/ssl/ca.pem \\
-etcd-certfile=/etc/ssl/flanneld/flanneld.pem \\
-etcd-keyfile=/etc/ssl/flanneld/flanneld-key.pem \\
-etcd-endpoints=https://192.168.1.40:2379,https://192.168.1.41:2379,https://192.168.1.42:2379 \\
-etcd-prefix=/kubernetes/network \\
-iface=eth0
ExecStartPost=/usr/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
Restart=on-failure
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
EOF复制代码
由于flanneld网络需要在docker之前启动,并且docker启动会依赖flanneld网络获取的ip地址段,所以需要修改docker启动参数以便能获取到flanneld的网络参数
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target rhel-push-plugin.socket registries.service
Wants=docker-storage-setup.service
Requires=docker-cleanup.timer
[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/run/flannel/docker
ExecStart=/usr/bin/dockerd --log-level=error $DOCKER_NETWORK_OPTIONS
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
MountFlags=slave
KillMode=process
[Install]
WantedBy=multi-user.target复制代码
这个参数对原始参数修改得有点多,一直想调试成功只增加1个参数即可实现(没有成功)
6.启动flanneld服务
systemctl daemon-reload
systemctl enable flanneld
systemctl restart flanneld
systemctl status flanneld
#重启docker,以便docker可以获得flanneld的网络地址
systemctl restart docker
复制代码
启动成功以后,只要在有flanneld的进程的节点的创建的容器默认就是可以跨主机通信的