k8s集群之Docker安装镜像加速器配置与k8s容器网络
安装Docker
参考:https://www.cnblogs.com/rdchenxi/p/10381631.html
加速器配置
参考:https://www.cnblogs.com/rdchenxi/p/10399885.html
网络介绍k8s(CNI网络模型)
Flannel网络
overlay
覆盖网络就是应用层网络,它是面向应用层的,不考虑或很少考虑网络层,物理层的问题。
详细说来,覆盖网络是指建立在另一个网络上的网络。该网络中的结点可以看作通过虚拟或逻辑链路而连接起来的。虽然在底层有很多条物理链路,但是这些虚拟或逻辑链路都与路径一一对应。例如:许多P2P网络就是覆盖网络,因为它运行在互连网的上层。覆盖网络允许对没有IP地址标识的目的主机路由信息,例如:Freenet 和DHT(分布式哈希表)可以路由信息到一个存储特定文件的结点,而这个结点的IP地址事先并不知道。
覆盖网络被认为是一条用来改善互连网路由的途径,让二层网络在三层网络中传递,既解决了二层的缺点,又解决了三层的不灵活!
FIannel
Flannel实质上是一种“覆盖网络(overlay network)”,也就是将TCP数据包装在另一种网络包里面进行路由转发和通信,目前已经支持UDP、VxLAN、AWS VPC和GCE路由等数据转发方式。
默认的节点间数据通信方式是UDP转发。
安装Flannel
分配子网段写入edcd里
[root@mast-1 k8s]# /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.10.11:2379,ht
tps://192.168.10.12:2379,https://192.168.10.13:2379" set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'
{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}
[root@mast-1 k8s]#
查看数据
[root@mast-1 k8s]# /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.10.11:2379,ht
tps:////192.168.10.12:2379,https://192.168.10.13:2379" get /coreos.com/network/config { "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}
下载安装Flannel
[root@node-1 ~]# wget https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz
--2019-04-20 09:38:45-- https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz
正在解析主机 github.com (github.com)... 13.250.177.223, 52.74.223.119, 13.229.188.59
正在连接 github.com (github.com)|13.250.177.223|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 302 Found
位置:https://github-production-release-asset-2e65be.s3.amazonaws.com/21704134/596e76e2-002c-11e8-9359-36689058e7af?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20
190420%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190420T013853Z&X-Amz-Expires=300&X-Amz-Signature=9c7a12bd05f366c722480fd53b3968d2a3b6ed6f690baab3a24ef7b1955e2d11&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dflannel-v0.10.0-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream [跟随至新的 URL]--2019-04-20 09:38:53-- https://github-production-release-asset-2e65be.s3.amazonaws.com/21704134/596e76e2-002c-11e8-9359-36689058e7af?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIW
NJYAX4CSVEH53A%2F20190420%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190420T013853Z&X-Amz-Expires=300&X-Amz-Signature=9c7a12bd05f366c722480fd53b3968d2a3b6ed6f690baab3a24ef7b1955e2d11&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dflannel-v0.10.0-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream正在解析主机 github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.139.211
正在连接 github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.139.211|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:9706487 (9.3M) [application/octet-stream]
正在保存至: “flannel-v0.10.0-linux-amd64.tar.gz” 100%[=====================================================================================================================================================>] 9,706,487 15.6KB/s 用时 7m 23s 2019-04-20 09:46:19 (21.4 KB/s) - 已保存 “flannel-v0.10.0-linux-amd64.tar.gz” [9706487/9706487])
node-1安装
[root@node-1 ~]# mkdir /opt/kubernetes/{bin,cfg} -pv
mkdir: 已创建目录 "/opt/kubernetes"
mkdir: 已创建目录 "/opt/kubernetes/bin"
mkdir: 已创建目录 "/opt/kubernetes/cfg"
[root@node-1 ~]# tar xf flannel-v0.10.0-linux-amd64.tar.gz -C /opt/kubernetes/bin/
[root@node-1 ~]# cat flannel.sh
#!/bin/bash
ETCD_ENDPOINTS=${1:-"http://127.0.0.1:2379"}
cat <<EOF >/opt/kubernetes/cfg/flanneld
FLANNEL_OPTIONS="--etcd-endpoints=${ETCD_ENDPOINTS} \
-etcd-cafile=/opt/etcd/ssl/ca.pem \
-etcd-certfile=/opt/etcd/ssl/server.pem \
-etcd-keyfile=/opt/etcd/ssl/server-key.pem"
EOF
cat <<EOF >/usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network-online.target network.target
Before=docker.service
[Service]
Type=notify
EnvironmentFile=/opt/kubernetes/cfg/flanneld
ExecStart=/opt/kubernetes/bin/flanneld --ip-masq \$FLANNEL_OPTIONS
ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=/run/flannel/subnet.env 读取生成的子网
ExecStart=/usr/bin/dockerd \$DOCKER_NETWORK_OPTIONS
ExecReload=/bin/kill -s HUP \$MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable flanneld
systemctl restart flanneld
systemctl restart docker
[root@node-1 ~]# bash flannel.sh "https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379"
[root@node-1 ~]# cat /opt/kubernetes/cfg/flanneld
FLANNEL_OPTIONS="--etcd-endpoints=https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379 -etcd-cafile=/opt/etcd/ssl/ca.pem -etcd-certfile=/opt/etcd/ssl/server.pem -e
tcd-keyfile=/opt/etcd/ssl/server-key.pem"
[root@node-1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:f7:91:47 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.13/24 brd 192.168.10.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::6017:43d:a11c:2a9f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:19:5d:ee:63 brd ff:ff:ff:ff:ff:ff
inet 172.17.8.1/24 brd 172.17.8.255 scope global docker0
valid_lft forever preferred_lft forever
4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default
link/ether 56:2f:96:00:5c:05 brd ff:ff:ff:ff:ff:ff
inet 172.17.8.0/32 scope global flannel.1
valid_lft forever preferred_lft forever
inet6 fe80::542f:96ff:fe00:5c05/64 scope link
valid_lft forever preferred_lft forever
node-2安装
[root@node-1 ~]# scp -r /usr/lib/systemd/system/docker.service 192.168.10.14:/usr/lib/systemd/system
root@192.168.10.14's password:
docker.service 100% 526 236.7KB/s 00:00
[root@node-1 ~]# scp -r /usr/lib/systemd/system/flanneld.service 192.168.10.14:/usr/lib/systemd/system
root@192.168.10.14's password:
flanneld.service 100% 417 178.3KB/s 00:00
[root@node-1 ~]# scp -r /opt/kubernetes 192.168.10.14:/opt/
root@192.168.10.14's password:
Permission denied, please try again.
root@192.168.10.14's password:
flanneld 100% 35MB 11.5MB/s 00:03
mk-docker-opts.sh 100% 2139 40.6KB/s 00:00
README.md 100% 4298 109.4KB/s 00:00
flanneld 100% 235 55.1KB/s 00:00
[root@node-2 ~]# mkdir /opt/etcd node-2创建目录 [root@node-1 ~]# scp -r /opt/etcd/ssl 192.168.10.14:/opt/etcd/
root@192.168.10.14's password:
ca.pem 100% 1265 70.7KB/s 00:00
server-key.pem 100% 1675 79.2KB/s 00:00
server.pem
node-2启动 100% 1338 39.5KB/s 00:00
[root@node-2 ~]# systemctl daemon-reload
[root@node-2 ~]# systemctl restart flanneld
[root@node-2 ~]# systemctl restart docker
[root@node-2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e9:c2:41 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.14/24 brd 192.168.10.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::85fd:b3b3:c97:eca3/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:28:a8:bb:18 brd ff:ff:ff:ff:ff:ff
inet 172.17.82.1/24 scope global docker0
valid_lft forever preferred_lft forever
4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default
link/ether 42:02:5f:e8:9d:d8 brd ff:ff:ff:ff:ff:ff
inet 172.17.82.0/32 scope global flannel.1
valid_lft forever preferred_lft forever
inet6 fe80::4002:5fff:fee8:9dd8/64 scope link
valid_lft forever preferred_lft forever
添加路由,容器互通;注意正常应该是Flannel自己添加路由的,可能因为我没装route工具原因吧
[root@node-1 ~]# route add -net 172.17.82.0/24 gw 192.168.10.14 node-1添加的路由
[root@node-2 ~]# route add -net 172.17.8.0/24 gw 192.168.10.13 node-2 路由
[root@node-1 ~]# docker run -it busybox sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue
link/ether 02:42:ac:11:08:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.8.2/24 brd 172.17.8.255 scope global eth0
valid_lft forever preferred_lft forever
node-2容器
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:52:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.82.2/24 brd 172.17.82.255 scope global eth0
valid/ # ping 172.17.8.2
PING 172.17.8.2 (172.17.8.2): 56 data bytes
64 bytes from 172.17.8.2: seq=3283 ttl=62 time=0.944 ms
64 bytes from 172.17.8.2: seq=3284 ttl=62 time=0.950 ms
64 bytes from 172.17.8.2: seq=3285 ttl=62 time=0.712 ms
查看生产网络配置
[root@node-1 ~]# /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379" ls /coreos.com/network
/coreos.com/network/config
/coreos.com/network/subnets
[root@node-1 ~]# /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379" ls /coreos.com/network/subnets
/coreos.com/network/subnets/172.17.8.0-24
/coreos.com/network/subnets/172.17.82.0-24
查看etcd里网络设置
[root@node-1 ~]# /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379" get /coreos.com/network/subnets/172.17.8.0-24
{"PublicIP":"192.168.10.13","BackendType":"vxlan","BackendData": {"VtepMAC":"56:2f:96:00:5c:05"}}
[root@node-1 ~]# /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379" get /coreos.com/network/subnets/172.17.82.0-24
{"PublicIP":"192.168.10.14","BackendType":"vxlan","BackendData":{"VtepMAC":"42:02:5f:e8:9d:d8"}}
k8s集群之Docker安装镜像加速器配置与k8s容器网络的更多相关文章
- NVIDIA-GPU归入K8S集群管理的安装文档--第二版
一,nvidia K80驱动安装 1, 查看服务器上的Nvidia(英伟达)显卡信息,命令lspci |grep NVIDIA 2, 按下来,进行显卡驱动程序的安装,驱动程序可到nvidia的官网 ...
- Hadoop3集群搭建之——安装hadoop,配置环境
接上篇:Hadoop3集群搭建之——虚拟机安装 下篇:Hadoop3集群搭建之——配置ntp服务 Hadoop3集群搭建之——hive安装 Hadoop3集群搭建之——hbase安装及简单操作 上篇已 ...
- Hadoop 新生报道(二) hadoop2.6.0 集群系统版本安装和启动配置
本次基于Hadoop2.6版本进行分布式配置,Linux系统是基于CentOS6.5 64位的版本.在此设置一个主节点和两个从节点. 准备3台虚拟机,分别为: 主机名 IP地址 master 192. ...
- 二进制部署1.23.4版本k8s集群-1-系统安装及环境准备
1. 致谢 这篇文章参考了老男孩王导的视频,在此表示感谢和致敬! 2. 安装CentOS操作系统 系统镜像:CentOS-7-x86_64-DVD-2009.iso 安装过程略. 3. 环境准备 3. ...
- 在K8S集群中使用busybox-dig镜像,来作DNS解析分析
以前,判断K8S里的DNS功能是否正常时,得想很多办法. 如果有了busybox-dig镜像,则作这事就简单多了. 如下命令,直接部署 kubectl run busybox -it --image= ...
- (转)解决k8s集群提示docker login问题(同样适用于Rancher)
文章转自 https://blog.liv1020.com/ 参考文档:https://kubernetes.io/docs/concepts/containers/images/#configuri ...
- 企业运维实践-还不会部署高可用的kubernetes集群?使用kubeadm方式安装高可用k8s集群v1.23.7
关注「WeiyiGeek」公众号 设为「特别关注」每天带你玩转网络安全运维.应用开发.物联网IOT学习! 希望各位看友[关注.点赞.评论.收藏.投币],助力每一个梦想. 文章目录: 0x00 前言简述 ...
- 第3篇K8S集群部署
一.利用ansible部署kubernetes准备: 集群介绍 本系列文档致力于提供快速部署高可用k8s集群的工具,并且也努力成为k8s实践.使用的参考书:基于二进制方式部署和利用ansible- ...
- K8S(08)交付实战-交付jenkins到k8s集群
k8s交付实战-交付jenkins到k8s集群 目录 k8s交付实战-交付jenkins到k8s集群 1 准备jenkins镜像 1.1 下载官方镜像 1.2 修改官方镜像 1.2.1 创建目录 1. ...
随机推荐
- bzoj2973石头游戏——矩阵乘法
题目:权限题! 写了一下,但提交不了,先放着吧. 代码如下: #include<iostream> #include<cstdio> #include<cstring&g ...
- npm 脚本
查看安装的包: npm list -g --depth 0 考虑到用CLI这种方式来运行本地的webpack不是特别方便,我们可以设置一个快捷方式,在package.json添加一个npm脚本(npm ...
- 字符指针unsigned char *ch_p
指向类型为unsigned char的指针变量叫字符指针. 例如: unsigned char ch = 'a'; unsigned char *ch_p = &ch;那么指针变量ch_p就是 ...
- typeof操作符返回一个字符串,表示未经计算的操作数的类型。
typeof操作符返回一个字符串,表示未经计算的操作数的类型. 语法 typeof运算符后跟操作数: typeof operand or typeof (operand) 参数 operand 是 ...
- lightoj 1033【区间DP/LCS】
题意: 给你一个长度<=100的字符串. 然后你可以在任何位置插入字符,问最少插入几个构成回文. 思路: 1.长度-LCS: 2.区间DP; 我保证小的区间是一个回文,然后枚举区间,构成大区间, ...
- bzoj 3172: [Tjoi2013]单词【AC自动机】
一眼AC自动机,就是先把串建一个自动机,标记每个串在自动机上的位置,然后加上间隔符连成一个串在自动机上跑,每跑到一个点就说明这个串以及它到root的所有点表示的串都要被更新一次 先在点上打上标记,最后 ...
- 关于${pageContext.request.contextPath}的理解(转载)
${pageContext.request.contextPath}是JSP取得绝对路径的方法,等价于<%=request.getContextPath()%> . 也就是取出部署的应用程 ...
- 让VS2010也支持html5和css3语法验证
让VS2010也支持html5和css3语法验证 步骤: 首先打开VS2010或者可自行下载均可,我这里是利用VS的扩展器 弹出如下画面,然后选在,联机库,在右上角输入css3,即可看到下面,然后选中 ...
- JSP | 基础 | 加载类失败:com.mysql.jdbc.Driver
两个原因: 1. 连接数据库需要的jar包没有导入Tomcat的lib库中 解决方案: 打开Tomcat的安装目录下的lib文件夹,把jar包拖进lib库后,重启tomcat服务器 2. mysql ...
- The Specials Menu LightOJ - 1025
The Specials Menu LightOJ - 1025 题意:在给定的字符串中删去一些字符,使其成为回文串(不能全部都删).求方案数. 方法:常规的区间dp.ans[i][j]表示在i到j的 ...