Kubernetes Flannel Network Deployment

The previous blog has introduced the deployment of a simple kubernete s cluster, but the cluster environment does not have a reasonable network configuration. In the actual production to realize the communication of the components in the cluster, it is necessary to use the network plug-in provided by the third party.

Flannel binary Installation

1. Download Fannel components

wget https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz

2. Installing Flannel network components

tar xf flannel-v0.10.0-linux-amd64.tar.gz cp flanneld  /usr/bin/cp mk-docker-opts.sh  /usr/bin/

3, by the binary file, the Flanneld copy to the system environment variable executable path to complete the installation.kubernetes vs docker  The following describes the specific configuration process and principles.

Flannel Configuration

The reason we want to use a third-party network plug-in alone is to extend k8s, what is kubernetes mainly because in an environment where Docker is used, the DOCKER0 default network segment on each node is 172.17.0.0/16 network. If you want to implement a different host node on the pod (which can also be understood as a container) to communicate with each other, you cannot use the default network segment provided by DOCKER0, we need to deploy an overlay network, so that each node nodes Docker0 Network is in a different network segment, aws kubernetes so that By adding some routing and forwarding policies, each pod in the cluster can communicate in the same virtual network.

1. Write Flanneld's systemd file here:

# cat /usr/lib/systemd/system/flanneld.service [Unit]Description=Flanneld overlay address etcd agentAfter=network.targetBefore=docker.service[Service]EnvironmentFile=-/etc/kubernetes/flanneldExecStartPre=/usr/bin/remove-docker0.shExecStart=/usr/bin/flanneld  ${FLANNEL_ETCD} $FLANNEL_OPTIONSExecStartPost=/usr/bin/mk-docker-opts.sh -d /run/flannel/dockerType=notify[Install]WantedBy=multi-user.targetRequiredBy=docker.service

Explain the above file:

• The flannel network must be activated in the event that the host network is able to communicate normally with the other node nodes, so this definesAfter=network.target
• A network that does not conflict with other nodes can be created only after the flannel network is booted, kubernetes ingress and Docker's network needs to be the same as the Fannel network to ensure cross-host communication, so Docker must be created after the flannel network is built, definedBefore=docker.service
• In the/etc/kubernetes/flanneldfile, we will specify the flannel related startup parameters, here because the need to specify the ETCD cluster, there will be a part of the non-generic parameters, so separately defined.
• When the Flannel network is currently created, we will execute/usr/bin/remove-docker0.shthe script and remove it if a DOCKER0 network card has been created to prevent conflicts. (This script comes from K8s's source package)
• After booting, we need to use Fannel's own script to create a docker-used startup parameter that contains the network segment that configures the Docker0 NIC.kubernetes certification

2. Configure the Fannel parameter file:

# cat /etc/kubernetes/flanneld FLANNEL_ETCD="-etcd-endpoints=http://10.0.0.1:2379"               # etcd集群FLANNEL_ETCD_KEY="/coreos.com/network"                # etcd存储flannel网络信息的key

3, add Fannel key in Etcd, here Specify the network segment of flannel:

etcdctl set /coreos.com/network/config ‘{ "Network": "10.1.0.0/16" }‘

4. Start Fannel:

systemctl daemon-reload systemctl start flanneld

Docker configuration

1, if you want to use the flannel network, when you start Docker, you need to add--bipparameters, modify the systemd boot file:

#  vim /usr/lib/systemd/system/docker.service[Unit]  # 添加如下内容After=network-online.target firewalld.service flanneld.serviceWants=network-online.targetRequires=flanneld.service[Service]   #增加EnvironmentFile=-/run/flannel/docker,并添加参数 ...EnvironmentFile=-/run/flannel/dockerExecStart=/usr/bin/dockerd

To modify the configuration description:

• Docker's network configuration needs to rely on Fannel, so defineRequires=flanneld.service
• When you run Docker, you need to load the configuration parameters, which are generated after you execute the flannel script.
• When you start Docker, you specify the parameters.

2, verify DOCKER0 information:

[[email protected] ~]# ifconfig docker0docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500        inet 10.1.90.1  netmask 255.255.255.0  broadcast 0.0.0.0        ether 02:42:44:54:5b:c5  txqueuelen 0  (Ethernet)        RX packets 0  bytes 0 (0.0 B)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 0  bytes 0 (0.0 B)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

3. Deploy flannel on each node, then create pods to verify that pods on different nodes can ping. Here is not a demonstration, you can refer to my previous blog.

Flannel Network principle

Flannel is how to make different hosts on the pod interoperability, the following network diagram clearly explains the problem:

Kubernetes Flannel Network Deployment