Kubernetes 1.19.0——网络
K8S是如何实现跨主机通信的
Pod间的通信
准备两台虚拟机:
192.168.135.91----etcd1
192.168.135.92----etcd2
[root@vms91 ~]# cat /etc/etcd/etcd.conf
ETCD_DATA_DIR="/var/lib/etcd/cluster.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.135.91:2380,http://localhost:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.135.91:2379,http://localhost:2379"
ETCD_NAME="etcd-91"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.135.91:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379,http://192.168.135.91:2379"
ETCD_INITIAL_CLUSTER="etcd-91=http://192.168.135.91:2380,etcd-92=http://192.168.135.92:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
然后两个节点同时安装docker
[root@vms91 ~]# cat /etc/sysconfig/docker
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --cluster-store=etcd://192.168.135.91:2379'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
# Do not add registries in this file anymore. Use /etc/containers/registries.conf
# instead. For more information reference the registries.conf(5) man page.
# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overriden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp
# Controls the /etc/cron.daily/docker-logrotate cron job status.
# To disable, uncomment the line below.
# LOGROTATE=false
# docker-latest daemon can be used by starting the docker-latest unitfile.
# To use docker-latest client, uncomment below lines
#DOCKERBINARY=/usr/bin/docker-latest
#DOCKERDBINARY=/usr/bin/dockerd-latest
#DOCKER_CONTAINERD_BINARY=/usr/bin/docker-containerd-latest
#DOCKER_CONTAINERD_SHIM_BINARY=/usr/bin/docker-containerd-shim-latest
[root@vms91 ~]# mkdir /etc/calico
[root@vms91 ~]# vi /etc/calico/calicoctl.cfg
apiVersion: v1
kind: calicoApiConfig
metadata:
spec:
datastoreType: "etcdv2"
etcdEndpoints: "http://192.168.135.91:2379"
开始建立pod信息
[root@vms91 ~]# calicoctl node run --node-image=quay.io/calico/node:v2.6.12 -c /etc/calico/calicoctl.cfg
Running command to load modules: modprobe -a xt_set ip6_tables
Enabling IPv4 forwarding
Enabling IPv6 forwarding
Increasing conntrack limit
Removing old calico-node container (if running).
Running the following command to start calico-node:
docker run --net=host --privileged --name=calico-node -d --restart=always -e NODENAME=vms91 -e CALICO_NETWORKING_BACKEND=bird -e CALICO_LIBNETWORK_ENABLED=true -e ETCD_ENDPOINTS=http://192.168.135.91:2379 -v /var/log/calico:/var/log/calico -v /var/run/calico:/var/run/calico -v /lib/modules:/lib/modules -v /run:/run -v /run/docker/plugins:/run/docker/plugins -v /var/run/docker.sock:/var/run/docker.sock quay.io/calico/node:v2.6.12
Image may take a short time to download if it is not available locally.
Container started, checking progress logs.
2020-10-03 06:21:08.577 [INFO][8] startup.go 173: Early log level set to info
2020-10-03 06:21:08.577 [INFO][8] client.go 202: Loading config from environment
2020-10-03 06:21:08.578 [INFO][8] startup.go 83: Skipping datastore connection test
2020-10-03 06:21:08.593 [INFO][8] startup.go 259: Building new node resource Name="vms91"
2020-10-03 06:21:08.593 [INFO][8] startup.go 273: Initialise BGP data
2020-10-03 06:21:08.594 [INFO][8] startup.go 467: Using autodetected IPv4 address on interface ens32: 192.168.135.91/24
2020-10-03 06:21:08.594 [INFO][8] startup.go 338: Node IPv4 changed, will check for conflicts
2020-10-03 06:21:08.601 [INFO][8] etcd.go 430: Error enumerating host directories error=100: Key not found (/calico) [7]
2020-10-03 06:21:08.601 [INFO][8] startup.go 530: No AS number configured on node resource, using global value
2020-10-03 06:21:08.604 [INFO][8] etcd.go 105: Ready flag is now set
2020-10-03 06:21:08.608 [INFO][8] client.go 133: Assigned cluster GUID ClusterGUID="59666997aef64507a55ba1aa69ae14d8"
2020-10-03 06:21:08.629 [INFO][8] startup.go 419: CALICO_IPV4POOL_NAT_OUTGOING is true (defaulted) through environment variable
2020-10-03 06:21:08.629 [INFO][8] startup.go 659: Ensure default IPv4 pool is created. IPIP mode: off
2020-10-03 06:21:08.634 [INFO][8] startup.go 670: Created default IPv4 pool (192.168.0.0/16) with NAT outgoing true. IPIP mode: off
2020-10-03 06:21:08.634 [INFO][8] startup.go 419: FELIX_IPV6SUPPORT is true (defaulted) through environment variable
2020-10-03 06:21:08.634 [INFO][8] startup.go 626: IPv6 supported on this platform: true
2020-10-03 06:21:08.634 [INFO][8] startup.go 419: CALICO_IPV6POOL_NAT_OUTGOING is false (defaulted) through environment variable
2020-10-03 06:21:08.634 [INFO][8] startup.go 659: Ensure default IPv6 pool is created. IPIP mode: off
2020-10-03 06:21:08.637 [INFO][8] startup.go 670: Created default IPv6 pool (fd80:24e2:f998:72d6::/64) with NAT outgoing false. IPIP mode: off
2020-10-03 06:21:08.683 [INFO][8] startup.go 131: Using node name: vms91
2020-10-03 06:21:08.775 [INFO][13] client.go 202: Loading config from environment
Starting libnetwork service
Calico node started successfully
[root@vms91 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ffcd376cda40 quay.io/calico/node:v2.6.12 "start_runit" About a minute ago Up About a minute calico-node
通过docker network create --driver calico --ipam-driver calico-ipam calnet1创建一个名为calnet1的全局的网络,第一个节点创建成功后在第二个节点上自动出现
--driver calico 指定使用 calico 的 libnetwork CNM driver。
--ipam-driver calico-ipam 指定使用 calico 的 IPAM driver 管理 IP。
calico 为 global 网络,etcd 会将 calnet1 同步到所有主机。
[root@vms91 ~]# docker network create --driver calico --ipam-driver calico-ipam calnet1
ba5794c56fb0a00de3b50b9b4ddaafa0984fa7936f9c4e9c790acdceb5a78632
[root@vms91 ~]# docker network list
NETWORK ID NAME DRIVER SCOPE
cc525016a37d bridge bridge local
ba5794c56fb0 calnet1 calico global
af5df4b4da48 host host local
17e9381c6de0 none null local
到此,两个节点已经建立起来可以通信了
注:除了calico,也可以用flannel,还支持Weave Net等等,有兴趣可以去官网研究
网络解决方案
CNI(container network interface) CNCF下的一个项目,容器网络接口,由coreOS提出
通过插件的方式统一配置
flannel---基于overlay 不支持网络策略
calico---基于BGP 支持网络策略
canal---支持网络策略
配置canal网络
下载新的yaml文件重新apply一下,这里为节约篇幅不作演示,可自行尝试
--在maser上执行
kubeadm init --kubernetes-version=v1.19.0 --pod-network-cidr=10.244.0.0/16
kubectl apply -f https://docs.projectcalico.org/v3.1/getting-
started/kubernetes/installation/hosted/canal/rbac.yaml
kubectl apply -f https://docs.projectcalico.org/v3.1/getting-
started/kubernetes/installation/hosted/canal/canal.yaml
- ReactiveCocoa中潜在的内存泄漏及解决方案
- 面向对象系列讲解——混合模式
- 火力全开——仿造Baidu简单实现基于Lucene.net的全文检索的功能
- Go实战--实现简单的restful api
- 特殊字体神器-fontmin,秒杀一切工具
- 庖丁解牛——深入解析委托和事件
- RestQL:现代化的 API 开发方式
- 在递归函数中因不正确使用公共变量而形成死循环
- 用R语言做时间序列分析(附数据集和源码)
- Windows Live Writer插入代码vs2010插件
- 分布式队列编程优化篇
- 基于机器学习方法的POI品类推荐算法
- 【Scikit-Learn 中文文档】多类和多标签算法 - 监督学习 - 用户指南 | ApacheCN
- 【Scikit-Learn 中文文档】新异类和异常值检测 - 无监督学习 - 用户指南 | ApacheCN
- JavaScript 教程
- JavaScript 编辑工具
- JavaScript 与HTML
- JavaScript 与Java
- JavaScript 数据结构
- JavaScript 基本数据类型
- JavaScript 特殊数据类型
- JavaScript 运算符
- JavaScript typeof 运算符
- JavaScript 表达式
- JavaScript 类型转换
- JavaScript 基本语法
- JavaScript 注释
- Javascript 基本处理流程
- Javascript 选择结构
- Javascript if 语句
- Javascript if 语句的嵌套
- Javascript switch 语句
- Javascript 循环结构
- Javascript 循环结构实例
- Javascript 跳转语句
- Javascript 控制语句总结
- Javascript 函数介绍
- Javascript 函数的定义
- Javascript 函数调用
- Javascript 几种特殊的函数
- JavaScript 内置函数简介
- Javascript eval() 函数
- Javascript isFinite() 函数
- Javascript isNaN() 函数
- parseInt() 与 parseFloat()
- escape() 与 unescape()
- Javascript 字符串介绍
- Javascript length属性
- javascript 字符串函数
- Javascript 日期对象简介
- Javascript 日期对象用途
- Date 对象属性和方法
- Javascript 数组是什么
- Javascript 创建数组
- Javascript 数组赋值与取值
- Javascript 数组属性和方法
- python实现批量转换图片为黑白
- Keras构建神经网络踩坑(解决model.predict预测值全为0.0的问题)
- Python实现验证码识别
- 详解PHP神奇又有用的Trait
- laravel实现按时间日期进行分组统计方法示例
- Pytorch 使用CNN图像分类的实现
- PHP实现无限极分类的两种方式示例【递归和引用方式】
- 记录模型训练时loss值的变化情况
- phpstorm 配置xdebug的示例代码
- 利用Python实现Excel的文件间的数据匹配功能
- PHP设计模式之简单工厂和工厂模式实例分析
- PHP实现数据四舍五入的方法小结【4种方法】
- 如何在Windows中安装多个python解释器
- PHP设计模式之抽象工厂模式实例分析
- 使用python matploblib库绘制准确率,损失率折线图