0.环境准备
0.环境准备
环境
系统版本:CentOS 7.5.1804
Kubernetes 版本:v1.15.0
Calico 版本:v3.8.0
目标
- 使用OpenStack创建虚拟机
- 部署Kubernetes集群
- 使用Calico BGP打通Pod、SVC与集群外的网络
机器信息
| ID | 主机名 | IP | 角色 | 安装软件 |
|---|---|---|---|---|
| H1 | k8s-test-lvs-1 | 192.168.3.15/vip 192.168.3.3 | 高可用&负载均衡 Master | keepalive、haproxy |
| H2 | k8s-test-lvs-2 | 192.168.3.26/vip 192.168.3.3 | 高可用&负载均衡 Slave | keepalive、haproxy |
| M1 | k8s-test-master-1 | 192.168.3.36 | Kubernetes Master | docker-ce、kubelet、kubeadm、kubectl、calicoctl |
| M2 | k8s-test-master-2 | 192.168.3.54 | Kubernetes Master | docker-ce、kubelet、kubeadm、kubectl、calicoctl |
| M3 | k8s-test-master-3 | 192.168.3.49 | Kubernetes Master | docker-ce、kubelet、kubeadm、kubectl、calicoctl |
| N1 | k8s-test-node-1 | 192.168.3.52 | Kubernetes Node | docker-ce、kubelet、kubeadm、kubectl |
| N2 | k8s-test-node-2 | 192.168.3.22 | Kubernetes Node | docker-ce、kubelet、kubeadm、kubectl |
| N3 | k8s-test-node-3 | 192.168.3.37 | Kubernetes Node | docker-ce、kubelet、kubeadm、kubectl |
网络规划
| 名称 | 网络 | 备注 |
|---|---|---|
| 节点网络 | 192.168.3.0/24 | 容器宿主机所用网络 |
| Pod网络 | 172.15.0.0/16 | 容器网络 |
| Svc 网络 | 172.16.0.0/16 | 服务网络 |
系统配置
所有节点关闭Selinux
sed -i "/SELINUX/ s/enforcing/disabled/g" /etc/selinux/config
所有节点关闭防火墙
systemctl disable firewalld
所有节点配置内核参数
cat > /etc/sysctl.conf <<EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_fin_timeout = 30
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
注意事项
- OpenStack中部署,需要关闭所有主机的端口安全组,如果不关闭,pod网络和svc网络将无法正常通信,在openstack控制节点执行
- Kubernetes集群中所有主机都需要操作,可以使用for循环批量操作,下面是单虚拟机移除步骤
查看端口ID
neutron port-list| grep 192.168.3.15
INFO:
| ea065e6c-65d9-457b-a68e-282653c890e5 | | 9f83fb35aed1422588096b578cc01341 | fa:16:3e:bd:41:81 | {"subnet_id": "710ffde5-d820-4a30-afe2-1dfd6f40e288", "ip_address": "192.168.3.15"} |
移除安全组
neutron port-update --no-security-groups ea065e6c-65d9-457b-a68e-282653c890e5
INFO:
Updated port: ea065e6c-65d9-457b-a68e-282653c890e5
关闭端口安全组
neutron port-update ea065e6c-65d9-457b-a68e-282653c890e5 --port-security-enabled=False
INFO:
Updated port: ea065e6c-65d9-457b-a68e-282653c890e5
查看状态
neutron port-show fcf46a43-5a72-4a28-8e57-1eb04ae24c42
INFO:
+-----------------------+--------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | compute6.openstack |
| binding:profile | {} |
| binding:vif_details | {"port_filter": true} |
| binding:vif_type | bridge |
| binding:vnic_type | normal |
| created_at | 2021-07-01T10:13:32Z |
| description | |
| device_id | 0a10a372-95fa-4b95-a036-ee43675f1ff4 |
| device_owner | compute:nova |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "710ffde5-d820-4a30-afe2-1dfd6f40e288", "ip_address": "192.168.3.22"} |
| id | fcf46a43-5a72-4a28-8e57-1eb04ae24c42 |
| mac_address | fa:16:3e:3f:1d:a8 |
| name | |
| network_id | 02a8d505-af1e-4da5-af08-ed5ea7600293 |
| port_security_enabled | False | # 此项为False则代表端口安全组关闭
| project_id | 9f83fb35aed1422588096b578cc01341 |
| revision_number | 10 |
| security_groups | | # 此项必须为空
| status | ACTIVE |
| tags | |
| tenant_id | 9f83fb35aed1422588096b578cc01341 |
| updated_at | 2021-07-01T10:13:42Z |
+-----------------------+--------------------------------------------------------------------------------------+
浙公网安备 33010602011771号