Kubernetes

8、kuberbetes-node节点Flannel网络部署

Linux · 3月9日 · 2020年

一、部署CNI网络

1、二进制安装下载地

wget https://github.com/containernetworking/plugins/releases/download/v0.8.5/cni-plugins-linux-amd64-v0.8.5.tgz

2、建目录并且指定解进制的工作目录

# mkdir /opt/cni/bin /etc/cni/net.d -p
# tar xf cni-plugins-linux-amd64-v0.8.2.tgz –C /opt/cni/bin

说明:

/op/cni/bin 命令执行目录

/etc/cni/net.d 配置信息的目

二、yml文件下载到Master主节点下执行

1、下载地址

wget https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml

2、确保kubelet启用CNI

[root@k8s-node1 ~]# cat /opt/etcd/cfg/kubelet.conf 
KUBELET_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/etcd/logs \
--hostname-override=k8s-node1 \
--network-plugin=cni \
--kubeconfig=/opt/etcd/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/etcd/cfg/bootstrap.kubeconfig \
--config=/opt/etcd/cfg/kubelet-config.yml \
--cert-dir=/opt/etcd/ssl \
--pod-infra-container-image=lizhenliang/pause-amd64:3.0"

3、在Master执行安装flannel网络安装:

[root@k8s-master scripts]# kubectl apply -f kube-flannel.yml 
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created

4、授权flannel节点日志权限查询apiserver-to-kubelet-rbac.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: system:kube-apiserver-to-kubelet
rules:
  - apiGroups:
      - ""
    resources:
      - nodes/proxy
      - nodes/stats
      - nodes/log
      - nodes/spec
      - nodes/metrics
      - pods/log
    verbs:
      - "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: system:kube-apiserver
  namespace: ""
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:kube-apiserver-to-kubelet
subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: kubernetesapiserver-to-kubelet-rbac.yaml

5、过程

[root@k8s-master scripts]# kubectl apply -f apiserver-to-kubelet-rbac.yaml 
clusterrole.rbac.authorization.k8s.io/system:kube-apiserver-to-kubelet created
clusterrolebinding.rbac.authorization.k8s.io/system:kube-apiserver created

 

6、检查命令

[root@k8s-master scripts]# kubectl get pods -n kube-system
NAME                          READY   STATUS    RESTARTS   AGE
kube-flannel-ds-amd64-5jq2h   1/1     Running   0          4m10s
kube-flannel-ds-amd64-6pmrt   1/1     Running   0          4m10s
kube-flannel-ds-amd64-lwrh9   1/1     Running   0          4m10s

7、查看下载过程请跟踪日志/opt/etcd/logs/kubelet.INFO

tailf/opt/etcd/logs/kubelet.INFO

 

0 条回应