【K8s网络】部署Flannel网络（不支持网络策略）

转载

mb5fdb1266ce6df 2021-08-09 17:08:00

文章标签 sed 地址管理 github 用例命名空间 文章分类 代码人生

参考：https://github.com/flannel-io/flannel

部署

For Kubernetes v1.17+

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

配置参数

--public-ip="": IP accessible by other nodes for inter-host communication. Defaults to the IP of the interface being used for communication.
--etcd-endpoints=http://127.0.0.1:4001: a comma-delimited list of etcd endpoints.
--etcd-prefix=/coreos.com/network: etcd prefix.
--etcd-keyfile="": SSL key file used to secure etcd communication.
--etcd-certfile="": SSL certification file used to secure etcd communication.
--etcd-cafile="": SSL Certificate Authority file used to secure etcd communication.
--kube-subnet-mgr: Contact the Kubernetes API for subnet assignment instead of etcd.
--iface="": interface to use (IP or name) for inter-host communication. Defaults to the interface for the default route on the machine. This can be specified multiple times to check each option in order. Returns the first match found.
--iface-regex="": regex expression to match the first interface to use (IP or name) for inter-host communication. If unspecified, will default to the interface for the default route on the machine. This can be specified multiple times to check each regex in order. Returns the first match found. This option is superseded by the iface option and will only be used if nothing matches any option specified in the iface options.
--iptables-resync=5: resync period for iptables rules, in seconds. Defaults to 5 seconds, if you see a large amount of contention for the iptables lock increasing this will probably help.
--subnet-file=/run/flannel/subnet.env: filename where env variables (subnet and MTU values) will be written to.
--net-config-path=/etc/kube-flannel/net-conf.json: path to the network configuration file to use
--subnet-lease-renew-margin=60: subnet lease renewal margin, in minutes.
--ip-masq=false: setup IP masquerade for traffic destined for outside the flannel network. Flannel assumes that the default policy is ACCEPT in the NAT POSTROUTING chain.
-v=0: log level for V logs. Set to 1 to see messages related to data path.
--healthz-ip="0.0.0.0": The IP address for healthz server to listen (default "0.0.0.0")
--healthz-port=0: The port for healthz server to listen(0 to disable)
--version: print version and exit

host-local IPAM 的限制

Flannel 网络使用 host-local IPAM（IP 地址管理）CNI 插件，它为您的集群提供简单的 IP 地址管理。虽然简单，但也有局限性：

创建节点时，它会预先分配一个 CIDR。如果每个节点的 pod 数量超过每个节点可用的 IP 地址数量，则必须重新创建集群。相反，如果 Pod 的数量远小于每个节点可用的地址数量，则无法有效利用 IP 地址空间；随着向外扩展和 IP 地址耗尽，效率低下成为一个痛点。
因为每个节点都有一个预先分配的 CIDR，所以 pod 必须始终根据运行它的节点分配一个 IP 地址。能够根据其他属性（例如 pod 的命名空间）分配 IP 地址，可以灵活地满足出现的用例。

本文章为转载内容，我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题，欢迎原作者联系我们进行内容更正或删除文章。