kubernetes v1.18.2 flannelの導入

flannel yamlの作成

cat << EOF | tee ${HOST_PATH}/yaml/kube-flannel.yaml
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: flannel
rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - nodes/status
    verbs:
      - patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: flannel
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flannel
subjects:
- kind: ServiceAccount
  name: flannel
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: flannel
  namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: kube-flannel-cfg
  namespace: kube-system
  labels:
    tier: node
    app: flannel
data:
  cni-conf.json: |
     {
     "name":"cni0",
     "cniVersion":"0.3.1",
     "plugins":[
       {
         "type":"flannel",
         "delegate":{
           "forceAddress":false,
           "hairpinMode": true,
           "isDefaultGateway":true
         }
       },
       {
         "type":"portmap",
         "capabilities":{
           "portMappings":true
         }
       },
     {
       "name": "mytuning",  
       "type": "tuning",
       "sysctl": {
               "net.core.somaxconn": "65535",
               "net.ipv4.ip_local_port_range": "1024 65535",
               "net.ipv4.tcp_keepalive_time": "600",
               "net.ipv4.tcp_keepalive_probes": "10",
               "net.ipv4.tcp_keepalive_intvl": "30"
       }
     }
     ]
     }
  net-conf.json: |
    {
      "Network": "10.80.0.0/12",  # pod cird         
      "Backend": {
        "Type": "VXLAN",
        "Directrouting": true #                 
      }
    }
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds-amd64
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      hostNetwork: true
      nodeSelector:
        beta.kubernetes.io/arch: amd64
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni
        image: quay.io/coreos/flannel:v0.12.0-amd64
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: quay.io/coreos/flannel:v0.12.0-amd64
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: true
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
        - name: run
          hostPath:
            path: /run
        - name: cni
          hostPath:
            path: /apps/cni/etc/net.d #   kubelet cni     
        - name: flannel-cfg
          configMap:
            name: kube-flannel-cfg
EOF

配置flannel

 kubectl apply -f yaml/kube-flannel.yaml
 #       
 root@Qist:/mnt/g/work/ipv6/1# kubectl apply -f yaml/kube-flannel.yaml
clusterrole.rbac.authorization.k8s.io/flannel unchanged
clusterrolebinding.rbac.authorization.k8s.io/flannel unchanged
serviceaccount/flannel unchanged
configmap/kube-flannel-cfg unchanged
daemonset.apps/kube-flannel-ds-amd64 unchanged
#    flannel       
root@Qist:/mnt/g/work/ipv6/1# kubectl get node
NAME           STATUS   ROLES    AGE   VERSION
k8s-master-1   Ready       13h   v1.18.2
k8s-master-2   Ready       13h   v1.18.2
k8s-master-3   Ready       13h   v1.18.2
k8s-node-1     Ready       13h   v1.18.2
k8s-node-2     Ready       13h   v1.18.2
[root@k8s-master-1 conf]# ip a| grep flannel
4: flannel.1:  mtu 1450 qdisc noqueue state UNKNOWN group default
    inet 10.80.0.0/32 scope global flannel.1
[root@k8s-master-1 conf]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.2.2     0.0.0.0         UG    100    0        0 eth0
10.80.1.0       192.168.2.176   255.255.255.0   UG    0      0        0 eth0
10.80.2.0       192.168.2.177   255.255.255.0   UG    0      0        0 eth0
10.80.3.0       192.168.2.187   255.255.255.0   UG    0      0        0 eth0
10.80.4.0       192.168.2.185   255.255.255.0   UG    0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.254.0   U     100    0        0 eth0

最初のアプリケーションpodネットワークの導入が正常かどうか

kubectl create deployment myip --image=cloudnativelabs/whats-my-ip
kubectl expose deployment myip --port=8080 --target-port=8080
root@Qist:/tmp/sss# kubectl get pod
NAME                    READY   STATUS    RESTARTS   AGE
myip-75c9c47c7f-b8dv8   1/1     Running   0          11m
root@Qist:/tmp/sss# kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
kubernetes   ClusterIP   10.66.0.1               443/TCP    34m
myip         ClusterIP   10.66.147.150           8080/TCP   14s
#         service ip
root@k8s-master-1 conf]# curl 10.66.147.150:8080
HOSTNAME:myip-75c9c47c7f-b8dv8 IP:10.80.4.2
[root@k8s-master-1 conf]# curl 10.80.4.2:8080
HOSTNAME:myip-75c9c47c7f-b8dv8 IP:10.80.4.2
#