3.8. K8s必备Addons安装_使用Flannel代替
master上执行:K8S Addons安装
git clone https://gitee.com/dukuan/k8s-ha-install.git cd k8s-ha-install ! 切换到K8S集群初始化对应的分支(kubeadm---x86_64---1.30.14-150500.1.1---kubernetes---10 M) git checkout manual-installation-v1.30.x cd single/ ! K8S Addons安装命令 kubectl apply -f .
1. 代替使用Flannel
1. kube-flannel.yml文件内容, 执行命令: kubectl apply -f kube-flannel.yml 执行安装
---
kind: Namespace
apiVersion: v1
metadata:
name: kube-flannel
labels:
k8s-app: flannel
pod-security.kubernetes.io/enforce: privileged
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: flannel
name: flannel
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: flannel
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: flannel
name: flannel
namespace: kube-flannel
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-flannel
labels:
tier: node
k8s-app: flannel
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"EnableNFTables": false,
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds
namespace: kube-flannel
labels:
tier: node
app: flannel
k8s-app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni-plugin
image: ghcr.io/flannel-io/flannel-cni-plugin:v1.9.1-flannel1
command:
- cp
args:
- -f
- /flannel
- /opt/cni/bin/flannel
volumeMounts:
- name: cni-plugin
mountPath: /opt/cni/bin
- name: install-cni
image: ghcr.io/flannel-io/flannel:v0.28.4
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: ghcr.io/flannel-io/flannel:v0.28.4
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN", "NET_RAW"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: EVENT_QUEUE_DEPTH
value: "5000"
- name: CONT_WHEN_CACHE_NOT_READY
value: "false"
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
- name: xtables-lock
mountPath: /run/xtables.lock
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni-plugin
hostPath:
path: /opt/cni/bin
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
2. Flannel常见问题
问题1: 镜像拉取失败
# 手动拉取镜像 crictl pull ghcr.io/flannel-io/flannel-cni-plugin:v1.9.1-flannel1 crictl pull ghcr.io/flannel-io/flannel:v0.28.4
问题2: Init容器卡住
# 创建必要目录 mkdir -p /opt/cni/bin mkdir -p /etc/cni/net.d # 检查权限 chmod 755 /opt/cni/bin chmod 755 /etc/cni/net.d
问题3: 使用国内镜像加速
# 替换为国内镜像源 image: docker.io/flannel/flannel-cni-plugin:v1.9.1-flannel1 image: docker.io/flannel/flannel:v0.28.4
3. 验证Flannel安装
# 查看Flannel DaemonSet kubectl get ds -n kube-flannel # 查看Flannel Pod状态 kubectl get pods -n kube-flannel -o wide # 查看Flannel日志 kubectl logs -n kube-flannel -l app=flannel # 检查CNI配置是否生成 ls /etc/cni/net.d/ cat /etc/cni/net.d/10-flannel.conflist
4. 总结:Flannel的shell脚本
#!/bin/bash
# flannel-install.sh - 完整的Flannel安装验证脚本
set -e
echo "=== Flannel安装验证 ==="
# 1. 检查Flannel Pod状态
echo "1. 检查Flannel Pod状态..."
FLANNEL_PODS=$(kubectl get pods -n kube-flannel -l app=flannel -o jsonpath='{.items[*].status.phase}')
if [[ "$FLANNEL_PODS" == *"Running"* ]]; then
echo "✅ Flannel Pods运行正常"
else
echo "❌ Flannel Pods状态异常"
exit 1
fi
# 2. 检查CNI配置
echo "2. 检查CNI配置..."
if [ -f /etc/cni/net.d/10-flannel.conflist ]; then
echo "✅ CNI配置文件存在"
else
echo "❌ CNI配置文件不存在"
exit 1
fi
# 3. 检查节点状态
echo "3. 检查节点状态..."
READY_NODES=$(kubectl get nodes | grep -c Ready)
TOTAL_NODES=$(kubectl get nodes | grep -c -v NAME)
if [ "$READY_NODES" -eq "$TOTAL_NODES" ]; then
echo "✅ 所有节点都Ready ($READY_NODES/$TOTAL_NODES)"
else
echo "❌ 部分节点未就绪"
kubectl get nodes
exit 1
fi
# 4. 检查网络连通性
echo "4. 测试网络连通性..."
kubectl run ping-test --image=busybox --rm -it --restart=Never -- ping -c 3 8.8.8.8 > /dev/null 2>&1
if [ $? -eq 0 ]; then
echo "✅ 网络连通性正常"
else
echo "⚠️ 网络连通性测试失败(可能需要额外配置)"
fi
echo "=== Flannel安装验证完成 ==="
浙公网安备 33010602011771号