k8s集群之Docker安装镜像加速器配置与k8s容器网络
2024-04-30 10:44:53
安装Docker
参考:https://www.cnblogs.com/rdchenxi/p/10381631.html
加速器配置
参考:https://www.cnblogs.com/rdchenxi/p/10399885.html
网络介绍k8s(CNI网络模型)
Flannel网络
overlay
覆盖网络就是应用层网络,它是面向应用层的,不考虑或很少考虑网络层,物理层的问题。
详细说来,覆盖网络是指建立在另一个网络上的网络。该网络中的结点可以看作通过虚拟或逻辑链路而连接起来的。虽然在底层有很多条物理链路,但是这些虚拟或逻辑链路都与路径一一对应。例如:许多P2P网络就是覆盖网络,因为它运行在互连网的上层。覆盖网络允许对没有IP地址标识的目的主机路由信息,例如:Freenet 和DHT(分布式哈希表)可以路由信息到一个存储特定文件的结点,而这个结点的IP地址事先并不知道。
覆盖网络被认为是一条用来改善互连网路由的途径,让二层网络在三层网络中传递,既解决了二层的缺点,又解决了三层的不灵活!
FIannel
Flannel实质上是一种“覆盖网络(overlay network)”,也就是将TCP数据包装在另一种网络包里面进行路由转发和通信,目前已经支持UDP、VxLAN、AWS VPC和GCE路由等数据转发方式。
默认的节点间数据通信方式是UDP转发。
安装Flannel
分配子网段写入edcd里
[root@mast-1 k8s]# /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.10.11:2379,ht
tps://192.168.10.12:2379,https://192.168.10.13:2379" set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'
{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}
[root@mast-1 k8s]#
查看数据
[root@mast-1 k8s]# /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.10.11:2379,ht
tps:192.168.10.12:2379,https://192.168.10.13:2379" get /coreos.com/network/config { "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}
下载安装Flannel
[root@node-1 ~]# wget https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz --2019-04-20 09:38:45-- https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz 正在解析主机 github.com (github.com)... 13.250.177.223, 52.74.223.119, 13.229.188.59 正在连接 github.com (github.com)|13.250.177.223|:443... 已连接。 已发出 HTTP 请求,正在等待回应... 302 Found 位置:https://github-production-release-asset-2e65be.s3.amazonaws.com/21704134/596e76e2-002c-11e8-9359-36689058e7af?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20 190420%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190420T013853Z&X-Amz-Expires=300&X-Amz-Signature=9c7a12bd05f366c722480fd53b3968d2a3b6ed6f690baab3a24ef7b1955e2d11&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dflannel-v0.10.0-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream [跟随至新的 URL]--2019-04-20 09:38:53-- https://github-production-release-asset-2e65be.s3.amazonaws.com/21704134/596e76e2-002c-11e8-9359-36689058e7af?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIW NJYAX4CSVEH53A%2F20190420%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190420T013853Z&X-Amz-Expires=300&X-Amz-Signature=9c7a12bd05f366c722480fd53b3968d2a3b6ed6f690baab3a24ef7b1955e2d11&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dflannel-v0.10.0-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream正在解析主机 github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.139.211 正在连接 github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.139.211|:443... 已连接。 已发出 HTTP 请求,正在等待回应... 200 OK 长度:9706487 (9.3M) [application/octet-stream] 正在保存至: “flannel-v0.10.0-linux-amd64.tar.gz”100%[=====================================================================================================================================================>] 9,706,487 15.6KB/s 用时 7m 23s 2019-04-20 09:46:19 (21.4 KB/s) - 已保存 “flannel-v0.10.0-linux-amd64.tar.gz” [9706487/9706487])
node-1安装
[root@node-1 ~]# mkdir /opt/kubernetes/{bin,cfg} -pv
mkdir: 已创建目录 "/opt/kubernetes"
mkdir: 已创建目录 "/opt/kubernetes/bin"
mkdir: 已创建目录 "/opt/kubernetes/cfg"
[root@node-1 ~]# tar xf flannel-v0.10.0-linux-amd64.tar.gz -C /opt/kubernetes/bin/
[root@node-1 ~]# cat flannel.sh
#!/bin/bashETCD_ENDPOINTS=${1:-"http://127.0.0.1:2379"}cat <<EOF >/opt/kubernetes/cfg/flanneldFLANNEL_OPTIONS="--etcd-endpoints=${ETCD_ENDPOINTS} \
-etcd-cafile=/opt/etcd/ssl/ca.pem \
-etcd-certfile=/opt/etcd/ssl/server.pem \
-etcd-keyfile=/opt/etcd/ssl/server-key.pem"EOFcat <<EOF >/usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network-online.target network.target
Before=docker.service[Service]
Type=notify
EnvironmentFile=/opt/kubernetes/cfg/flanneld
ExecStart=/opt/kubernetes/bin/flanneld --ip-masq \$FLANNEL_OPTIONS
ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env
Restart=on-failure[Install]
WantedBy=multi-user.targetEOFcat <<EOF >/usr/lib/systemd/system/docker.service[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target[Service]
Type=notify
EnvironmentFile=/run/flannel/subnet.env 读取生成的子网
ExecStart=/usr/bin/dockerd \$DOCKER_NETWORK_OPTIONS
ExecReload=/bin/kill -s HUP \$MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s[Install]
WantedBy=multi-user.targetEOFsystemctl daemon-reload
systemctl enable flanneld
systemctl restart flanneld
systemctl restart docker
[root@node-1 ~]# bash flannel.sh "https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379"
[root@node-1 ~]# cat /opt/kubernetes/cfg/flanneld FLANNEL_OPTIONS="--etcd-endpoints=https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379 -etcd-cafile=/opt/etcd/ssl/ca.pem -etcd-certfile=/opt/etcd/ssl/server.pem -e
tcd-keyfile=/opt/etcd/ssl/server-key.pem"
[root@node-1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:f7:91:47 brd ff:ff:ff:ff:ff:ffinet 192.168.10.13/24 brd 192.168.10.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::6017:43d:a11c:2a9f/64 scope link noprefixroute valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:19:5d:ee:63 brd ff:ff:ff:ff:ff:ffinet 172.17.8.1/24 brd 172.17.8.255 scope global docker0valid_lft forever preferred_lft forever
4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether 56:2f:96:00:5c:05 brd ff:ff:ff:ff:ff:ffinet 172.17.8.0/32 scope global flannel.1valid_lft forever preferred_lft foreverinet6 fe80::542f:96ff:fe00:5c05/64 scope link valid_lft forever preferred_lft forever
node-2安装
[root@node-1 ~]# scp -r /usr/lib/systemd/system/docker.service 192.168.10.14:/usr/lib/systemd/system root@192.168.10.14's password: docker.service 100% 526 236.7KB/s 00:00 [root@node-1 ~]# scp -r /usr/lib/systemd/system/flanneld.service 192.168.10.14:/usr/lib/systemd/system root@192.168.10.14's password: flanneld.service 100% 417 178.3KB/s 00:00 [root@node-1 ~]# scp -r /opt/kubernetes 192.168.10.14:/opt/ root@192.168.10.14's password: Permission denied, please try again. root@192.168.10.14's password: flanneld 100% 35MB 11.5MB/s 00:03 mk-docker-opts.sh 100% 2139 40.6KB/s 00:00 README.md 100% 4298 109.4KB/s 00:00 flanneld 100% 235 55.1KB/s 00:00 [root@node-2 ~]# mkdir /opt/etcd node-2创建目录[root@node-1 ~]# scp -r /opt/etcd/ssl 192.168.10.14:/opt/etcd/ root@192.168.10.14's password: ca.pem 100% 1265 70.7KB/s 00:00 server-key.pem 100% 1675 79.2KB/s 00:00 server.pem node-2启动 100% 1338 39.5KB/s 00:00 [root@node-2 ~]# systemctl daemon-reload [root@node-2 ~]# systemctl restart flanneld [root@node-2 ~]# systemctl restart docker [root@node-2 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:e9:c2:41 brd ff:ff:ff:ff:ff:ffinet 192.168.10.14/24 brd 192.168.10.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::85fd:b3b3:c97:eca3/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:28:a8:bb:18 brd ff:ff:ff:ff:ff:ffinet 172.17.82.1/24 scope global docker0valid_lft forever preferred_lft forever 4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether 42:02:5f:e8:9d:d8 brd ff:ff:ff:ff:ff:ffinet 172.17.82.0/32 scope global flannel.1valid_lft forever preferred_lft foreverinet6 fe80::4002:5fff:fee8:9dd8/64 scope link valid_lft forever preferred_lft forever
添加路由,容器互通;注意正常应该是Flannel自己添加路由的,可能因为我没装route工具原因吧
[root@node-1 ~]# route add -net 172.17.82.0/24 gw 192.168.10.14 node-1添加的路由 [root@node-2 ~]# route add -net 172.17.8.0/24 gw 192.168.10.13 node-2 路由 [root@node-1 ~]# docker run -it busybox sh / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever 5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue link/ether 02:42:ac:11:08:02 brd ff:ff:ff:ff:ff:ffinet 172.17.8.2/24 brd 172.17.8.255 scope global eth0valid_lft forever preferred_lft forever node-2容器 / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever 15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:52:02 brd ff:ff:ff:ff:ff:ffinet 172.17.82.2/24 brd 172.17.82.255 scope global eth0valid/ # ping 172.17.8.2 PING 172.17.8.2 (172.17.8.2): 56 data bytes 64 bytes from 172.17.8.2: seq=3283 ttl=62 time=0.944 ms 64 bytes from 172.17.8.2: seq=3284 ttl=62 time=0.950 ms 64 bytes from 172.17.8.2: seq=3285 ttl=62 time=0.712 ms
查看生产网络配置
[root@node-1 ~]# /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379" ls /coreos.com/network/coreos.com/network/config /coreos.com/network/subnets [root@node-1 ~]# /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379" ls /coreos.com/network/subnets/coreos.com/network/subnets/172.17.8.0-24 /coreos.com/network/subnets/172.17.82.0-24
查看etcd里网络设置
[root@node-1 ~]# /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379" get /coreos.com/network/subnets/172.17.8.0-24
{"PublicIP":"192.168.10.13","BackendType":"vxlan","BackendData": {"VtepMAC":"56:2f:96:00:5c:05"}}
[root@node-1 ~]# /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379" get /coreos.com/network/subnets/172.17.82.0-24
{"PublicIP":"192.168.10.14","BackendType":"vxlan","BackendData":{"VtepMAC":"42:02:5f:e8:9d:d8"}}
转载于:https://www.cnblogs.com/rdchenxi/p/10740893.html
k8s集群之Docker安装镜像加速器配置与k8s容器网络相关推荐
- K8S集群应用市场安装部署:第一篇
这里是引用 操作系统要求 服务器配置信息 基础环境部署 3.1. NTP时钟源同步 3.2. 关闭firewalld服务 3.3. 关闭SElinux服务 3.4. 系统调优配置 3.5. 开启IP转 ...
- 尚硅谷Docker实战教程-笔记02【安装docker、镜像加速器配置】
尚硅谷大数据技术-教程-学习路线-笔记汇总表[课程资料下载] 视频地址:尚硅谷Docker实战教程(docker教程天花板)_哔哩哔哩_bilibili 尚硅谷Docker实战教程-笔记01[理念简介 ...
- Swarm集群搭建( docker安装、docker-compose安装、portainer可视化安装、基本使用命令总结、项目集群部署案例)
docker安装.docker-compose安装.Swarm集群搭建.portainer可视化安装.和项目部署案例 四台服务器,我这里选用四台虚拟机1核2G,系统centos7,ip:192.168 ...
- k8s篇-集群内的DNS原理与配置和K8s hosts 解析 HostAliases
背景:最近公司有个需求,要在POD应用容器里面能够访问到一些外部域名,这些域名都在一台自建的DNS服务器上做了解析绑定.如果直接在Pod容器里的/etc/hosts文件中设置域名解析,或修改/etc/ ...
- 【kubernetes】k8s集群的搭建安装详细说明【创建集群、加入集群、踢出集群、重置集群...】【含离线搭建方法】
文章目录 环境主机说明 虚拟机环境配置[3台主机同步] 配置selinux 配置防火墙 配置解析 关闭swap 配置yum源 安装docker并启动服务 配置加速器 设置内核参数 安装k8s 查看可用 ...
- K8S集群的详细安装步骤大数据教程
Kubernetes是一个可移植的,可扩展的开源平台,用于管理容器化的工作负载和服务,可促进声明式配置和自动化.它拥有一个庞大且快速增长的生态系统.Kubernetes的服务,支持和工具使用的非常广泛 ...
- K8S集群搭建:安装kubeadm集群部署工具
将镜像包上传至服务器每个节点 mkdir /usr/local/k8s-install cd /usr/local/k8s-install XFTP上传安装文件 每个CentOS上安装Docker 使 ...
- docker安装镜像加速器
配置加速器 由于国内从 Docker Hub 拉取镜像有时会遇到困难,此时可以配置镜像加速器.Docker 官方和国内很多云服务商都提供了国内加速器服务,例如:阿里云,网易蜂巢,DaoCloud,Do ...
- 【Kubernetes】K8s集群operator模式安装minio
尝试过使用网上分享的minio.yaml安装minio集群,但是结果都失败了,主要原因是访问不了minio的管理页面.下面的yaml就是网上各类技术文章使用的最多的一个,有些yaml连nodePort ...
最新文章
- PL/SQL语言基础
- PHP正则表达式入门教程[转]
- 【Android 逆向】整体加固脱壳 ( DexClassLoader 加载 dex 流程分析 | DexFile loadDexFile 函数 | 构造函数 | openDexFile 函数 )
- 走进移动web开发的四大框架
- Binder子系统之调试分析(二)
- 一个备份MySQL数据库的简单Shell脚本(转)
- 图像去畸变和添加畸变
- collections求和方法_java集合求和最大值最小值示例分享
- 一文总结Java\JDK 17发布的新特性
- WMS仓储管理系统实施时要注意哪些事项?
- 如何在VC环境下使用Halcon库
- select和epoll
- Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not availab
- pythoneducoder苹果梨子煮水的功效_苹果梨子煮水的功效是什么呢
- 前有阿里巴巴,后有拼多多,网易考拉要去哪儿?
- 手机高速访问an web方法
- [问题]mpu9250+bmp280数据读取
- 4线电子围栏安装示意图_电子围栏系统安装教程(图文)
- 主成分分析法PCA(一):算法原理
- watermark-removal: 一款超赞的开源图片去水印解决方案