SRE文档

深浅模式

环境依赖

需要k8s版本在1.15.x以上

官方文档,

https://openelb.io/docs/getting-started/installation/install-openelb-on-kubernetes/

1. 下载

bash
wget https://raw.githubusercontent.com/openelb/openelb/release-0.5/deploy/openelb.yaml
wget https://raw.githubusercontent.com/openelb/openelb/release-0.5/deploy/openelb.yaml

2. 修改mode

Enable strictARP for kube-proxy

2.1 ipvs

bash
kubectl edit configmap kube-proxy -n kube-system
找到 mode , 改为 ipvs
找到ipvs: 修改 strictARP  :true
ipvs:
  strictARP: true
kubectl edit configmap kube-proxy -n kube-system
找到 mode , 改为 ipvs
找到ipvs: 修改 strictARP  :true
ipvs:
  strictARP: true
  • 重启kube-proxy
bash
kubectl rollout restart daemonset kube-proxy -n kube-system
kubectl rollout restart daemonset kube-proxy -n kube-system
  • 查看转发规则
bash
ipvsadm  -l
ipvsadm  -l

3. 安装yaml

3.1 修改image

bash
vim openelb.yaml
#替换两处image镜像

registry.cn-zhangjiakou.aliyuncs.com/hsuing/openelb-kube-webhook:v1.1.1
vim openelb.yaml
#替换两处image镜像

registry.cn-zhangjiakou.aliyuncs.com/hsuing/openelb-kube-webhook:v1.1.1

3.2 安装openelb

bash
[root@kube-master openelb]# kubectl apply -f openelb.yaml

namespace/openelb-system created
customresourcedefinition.apiextensions.k8s.io/bgpconfs.network.kubesphere.io created
customresourcedefinition.apiextensions.k8s.io/bgppeers.network.kubesphere.io created
customresourcedefinition.apiextensions.k8s.io/eips.network.kubesphere.io created
serviceaccount/kube-keepalived-vip created
serviceaccount/openelb-admission created
role.rbac.authorization.k8s.io/leader-election-role created
role.rbac.authorization.k8s.io/openelb-admission created
clusterrole.rbac.authorization.k8s.io/kube-keepalived-vip created
clusterrole.rbac.authorization.k8s.io/openelb-admission created
clusterrole.rbac.authorization.k8s.io/openelb-manager-role created
rolebinding.rbac.authorization.k8s.io/leader-election-rolebinding created
rolebinding.rbac.authorization.k8s.io/openelb-admission created
clusterrolebinding.rbac.authorization.k8s.io/kube-keepalived-vip created
clusterrolebinding.rbac.authorization.k8s.io/openelb-admission created
clusterrolebinding.rbac.authorization.k8s.io/openelb-manager-rolebinding created
service/openelb-admission created
deployment.apps/openelb-manager created
job.batch/openelb-admission-create created
job.batch/openelb-admission-patch created
mutatingwebhookconfiguration.admissionregistration.k8s.io/openelb-admission created
validatingwebhookconfiguration.admissionregistration.k8s.io/openelb-admission created
[root@kube-master openelb]# kubectl apply -f openelb.yaml

namespace/openelb-system created
customresourcedefinition.apiextensions.k8s.io/bgpconfs.network.kubesphere.io created
customresourcedefinition.apiextensions.k8s.io/bgppeers.network.kubesphere.io created
customresourcedefinition.apiextensions.k8s.io/eips.network.kubesphere.io created
serviceaccount/kube-keepalived-vip created
serviceaccount/openelb-admission created
role.rbac.authorization.k8s.io/leader-election-role created
role.rbac.authorization.k8s.io/openelb-admission created
clusterrole.rbac.authorization.k8s.io/kube-keepalived-vip created
clusterrole.rbac.authorization.k8s.io/openelb-admission created
clusterrole.rbac.authorization.k8s.io/openelb-manager-role created
rolebinding.rbac.authorization.k8s.io/leader-election-rolebinding created
rolebinding.rbac.authorization.k8s.io/openelb-admission created
clusterrolebinding.rbac.authorization.k8s.io/kube-keepalived-vip created
clusterrolebinding.rbac.authorization.k8s.io/openelb-admission created
clusterrolebinding.rbac.authorization.k8s.io/openelb-manager-rolebinding created
service/openelb-admission created
deployment.apps/openelb-manager created
job.batch/openelb-admission-create created
job.batch/openelb-admission-patch created
mutatingwebhookconfiguration.admissionregistration.k8s.io/openelb-admission created
validatingwebhookconfiguration.admissionregistration.k8s.io/openelb-admission created
  • 查看pod
[root@kube-master openelb]#  kubectl get pods -n openelb-system
NAME                               READY   STATUS      RESTARTS   AGE
openelb-admission-create-dgh5g     0/1     Completed   0          18m
openelb-admission-patch-n75mk      0/1     Completed   0          18m
openelb-keepalive-vip-2zdtm        1/1     Running     0          17m
openelb-keepalive-vip-tqv55        1/1     Running     0          17m
openelb-keepalive-vip-vg4cm        1/1     Running     0          17m
openelb-manager-794999f796-hdm8r   1/1     Running     0          18m
[root@kube-master openelb]#  kubectl get pods -n openelb-system
NAME                               READY   STATUS      RESTARTS   AGE
openelb-admission-create-dgh5g     0/1     Completed   0          18m
openelb-admission-patch-n75mk      0/1     Completed   0          18m
openelb-keepalive-vip-2zdtm        1/1     Running     0          17m
openelb-keepalive-vip-tqv55        1/1     Running     0          17m
openelb-keepalive-vip-vg4cm        1/1     Running     0          17m
openelb-manager-794999f796-hdm8r   1/1     Running     0          18m

3.3 配置对外ip池

  • 创建layer2配置文件
yaml
#查看ip
[root@kube-master openelb]# kubectl describe node | grep -A5 Annotations
Annotations:        kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
                    node.alpha.kubernetes.io/ttl: 0
                    projectcalico.org/IPv4Address: 10.103.236.201/24
                    projectcalico.org/IPv4IPIPTunnelAddr: 172.25.244.192
。。。

[root@kube-master openelb]# cat eip-layer2-pool.yaml
apiVersion: network.kubesphere.io/v1alpha2
kind: Eip
metadata:
    name: eip-pool 
    annotations:
      eip.openelb.kubesphere.io/is-default-eip: "true"
spec:
    address: 10.103.236.70-10.103.236.99 #这里必须和node在同一个网段
    protocol: layer2
    interface: ens33  #根据自己的interface修改(master节点)
    disable: false
status:
    occupied: false
    usage: 1
    poolSize: 10
    firstIP: 10.103.236.70
    lastIP: 10.103.236.99
    ready: true
    v4: true
#查看ip
[root@kube-master openelb]# kubectl describe node | grep -A5 Annotations
Annotations:        kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
                    node.alpha.kubernetes.io/ttl: 0
                    projectcalico.org/IPv4Address: 10.103.236.201/24
                    projectcalico.org/IPv4IPIPTunnelAddr: 172.25.244.192
。。。

[root@kube-master openelb]# cat eip-layer2-pool.yaml
apiVersion: network.kubesphere.io/v1alpha2
kind: Eip
metadata:
    name: eip-pool 
    annotations:
      eip.openelb.kubesphere.io/is-default-eip: "true"
spec:
    address: 10.103.236.70-10.103.236.99 #这里必须和node在同一个网段
    protocol: layer2
    interface: ens33  #根据自己的interface修改(master节点)
    disable: false
status:
    occupied: false
    usage: 1
    poolSize: 10
    firstIP: 10.103.236.70
    lastIP: 10.103.236.99
    ready: true
    v4: true
  • 执行apply
bash
[root@kube-master openelb]# kubectl apply -f eip-layer2-pool.yaml
eip.network.kubesphere.io/eip-sample-pool configured
[root@kube-master openelb]# kubectl apply -f eip-layer2-pool.yaml
eip.network.kubesphere.io/eip-sample-pool configured

命令行模式

kubectl annotate nodes master01 layer2.openelb.kubesphere.io/v1alpha2="eth_IP"

  • 查看eip
shell
[root@kube-master openelb]# kubectl get eip
NAME              CIDR                  USAGE   TOTAL
eip-pool   10.103.236.70-10.103.236.99           30
[root@kube-master openelb]# kubectl get eip
NAME              CIDR                  USAGE   TOTAL
eip-pool   10.103.236.70-10.103.236.99           30