Skip to content

Latest commit

 

History

History
92 lines (65 loc) · 3.34 KB

Rong修改flannel子网分配.md

File metadata and controls

92 lines (65 loc) · 3.34 KB
Raw

1、flannel切换使用etcd配置

目前,已部署的flannelconfigmap读取网络配置(https://github.com/coreos/flannel/blob/master/Documentation/configuration.md),根据已知bughttps://github.com/coreos/flannel/issues/1328)这种情况下修改SubnetLen不成功。因此需要flannel切换到读取etcd配置。

1)修改/etc/kubernetes/cni-flannel.yml

修改flanneldaemonset启动命令为

...
command: ["/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr=false", "--etcd-cafile=/etc/kube-flannel/ca.pem", "--etcd-certfile=/etc/kube-flannel/admin-arm-a1.pem","--etcd-keyfile=/etc/kube-flannel/admin-arm-a1-key.pem", "--etcd-endpoints=https://192.192.190.163:2379/"]
...

注: 192.192.190.163换成Rong环境的etcd集群中其中一个节点ip

注:etcd证书存在于etcd节点的/etc/ssl/etcd/ssl目录,ca.pem是固定存在的,额外寻找一对证书,例如上面例子选择admin-arm-a1.pemadmin-arm-a1-key.pem

2)修改flannelconfigmap,加入etcd的认证证书

首先创建名为etcd-keyconfigmap保存etcd证书。

# cd /etc/ssl/etcd/ssl
# kubectl create configmap etcd-key -n kube-system --from-file=ca.pem --from-file=admin-arm-a1.pem --from-file=admin-arm-a1-key.pem

然后将configmapetcd-keydata数据内容拷贝追加到/etc/kubernetes/cni-flannel.yml文件中configmapdata内容中。

---
kind: ConfigMap
...
data:
  cni-conf.json: |
   ...
  net-conf.json: |
   ...
  admin-arm-a1-key.pem: |
    -----BEGIN RSA PRIVATE KEY-----
    ...
  admin-arm-a1.pem: |
    -----BEGIN CERTIFICATE-----
    ...
  ca.pem: |
    -----BEGIN CERTIFICATE-----
    ...
...

2、配置etcd数据库

首先,etcd数据库集群中其中一个节点需要开启v2版本api支持,具体修改方法如下

在部署了etcd的节点上修改文件/usr/local/bin/etcd文件,增加--enable-v2内容。

...
/usr/local/bin/etcd \
--enable-v2 \
"$@"

重启etcd服务

systemctl restart etcd

修改etcd数据库,创建flannel的网络配置。

# export ETCDCTL_API=2 etcdctl --endpoints=https://127.0.0.1:2379/ --cert-file=/etc/ssl/etcd/ssl/admin-arm-a1.pem --key-file=/etc/ssl/etcd/ssl/admin-arm-a1-key.pem --ca-file=/etc/ssl/etcd/ssl/ca.pem mkdir /coreos.com
# export ETCDCTL_API=2 etcdctl --endpoints=https://127.0.0.1:2379/ --cert-file=/etc/ssl/etcd/ssl/admin-arm-a1.pem --key-file=/etc/ssl/etcd/ssl/admin-arm-a1-key.pem --ca-file=/etc/ssl/etcd/ssl/ca.pem mkdir /coreos.com/network
# export ETCDCTL_API=2 etcdctl --endpoints=https://127.0.0.1:2379/ --cert-file=/etc/ssl/etcd/ssl/admin-arm-a1.pem --key-file=/etc/ssl/etcd/ssl/admin-arm-a1-key.pem --ca-file=/etc/ssl/etcd/ssl/ca.pem set /coreos.com/network/config '{"Network":"10.233.64.0/18","SubnetLen": 25,"Backend":{"Type": "vxlan","VNI": 1,"Port": 8472}}'

注: 网段10.233.64.0/18必须与Rong安装时配置的pod cidr保持一致,Rongpod cidr配置由文件rong-var.yml的配置项kube_pods_subnet指定。

SubnetLen根据实际环境配置。

3、重新部署flannel

在部署节点执行以下命令重新部署flannel

kubectl delete -f /etc/kubernetes/cni-flannel.yml && kubectl create -f /etc/kubernetes/cni-flannel.yml

重启每台机器,使节点上的pod重启获取新的分配ip