SRE文档环境依赖
需要k8s版本在1.15.x以上
官方文档,
https://openelb.io/docs/getting-started/installation/install-openelb-on-kubernetes/
1. 下载
bash
wget https://raw.githubusercontent.com/openelb/openelb/release-0.5/deploy/openelb.yamlwget https://raw.githubusercontent.com/openelb/openelb/release-0.5/deploy/openelb.yaml2. 修改mode
Enable strictARP for kube-proxy
2.1 ipvs
bash
kubectl edit configmap kube-proxy -n kube-system
找到 mode , 改为 ipvs
找到ipvs: 修改 strictARP :true
ipvs:
strictARP: truekubectl edit configmap kube-proxy -n kube-system
找到 mode , 改为 ipvs
找到ipvs: 修改 strictARP :true
ipvs:
strictARP: true- 重启kube-proxy
bash
kubectl rollout restart daemonset kube-proxy -n kube-systemkubectl rollout restart daemonset kube-proxy -n kube-system- 查看转发规则
bash
ipvsadm -lipvsadm -l3. 安装yaml
3.1 修改image
bash
vim openelb.yaml
#替换两处image镜像
registry.cn-zhangjiakou.aliyuncs.com/hsuing/openelb-kube-webhook:v1.1.1vim openelb.yaml
#替换两处image镜像
registry.cn-zhangjiakou.aliyuncs.com/hsuing/openelb-kube-webhook:v1.1.13.2 安装openelb
bash
[root@kube-master openelb]# kubectl apply -f openelb.yaml
namespace/openelb-system created
customresourcedefinition.apiextensions.k8s.io/bgpconfs.network.kubesphere.io created
customresourcedefinition.apiextensions.k8s.io/bgppeers.network.kubesphere.io created
customresourcedefinition.apiextensions.k8s.io/eips.network.kubesphere.io created
serviceaccount/kube-keepalived-vip created
serviceaccount/openelb-admission created
role.rbac.authorization.k8s.io/leader-election-role created
role.rbac.authorization.k8s.io/openelb-admission created
clusterrole.rbac.authorization.k8s.io/kube-keepalived-vip created
clusterrole.rbac.authorization.k8s.io/openelb-admission created
clusterrole.rbac.authorization.k8s.io/openelb-manager-role created
rolebinding.rbac.authorization.k8s.io/leader-election-rolebinding created
rolebinding.rbac.authorization.k8s.io/openelb-admission created
clusterrolebinding.rbac.authorization.k8s.io/kube-keepalived-vip created
clusterrolebinding.rbac.authorization.k8s.io/openelb-admission created
clusterrolebinding.rbac.authorization.k8s.io/openelb-manager-rolebinding created
service/openelb-admission created
deployment.apps/openelb-manager created
job.batch/openelb-admission-create created
job.batch/openelb-admission-patch created
mutatingwebhookconfiguration.admissionregistration.k8s.io/openelb-admission created
validatingwebhookconfiguration.admissionregistration.k8s.io/openelb-admission created[root@kube-master openelb]# kubectl apply -f openelb.yaml
namespace/openelb-system created
customresourcedefinition.apiextensions.k8s.io/bgpconfs.network.kubesphere.io created
customresourcedefinition.apiextensions.k8s.io/bgppeers.network.kubesphere.io created
customresourcedefinition.apiextensions.k8s.io/eips.network.kubesphere.io created
serviceaccount/kube-keepalived-vip created
serviceaccount/openelb-admission created
role.rbac.authorization.k8s.io/leader-election-role created
role.rbac.authorization.k8s.io/openelb-admission created
clusterrole.rbac.authorization.k8s.io/kube-keepalived-vip created
clusterrole.rbac.authorization.k8s.io/openelb-admission created
clusterrole.rbac.authorization.k8s.io/openelb-manager-role created
rolebinding.rbac.authorization.k8s.io/leader-election-rolebinding created
rolebinding.rbac.authorization.k8s.io/openelb-admission created
clusterrolebinding.rbac.authorization.k8s.io/kube-keepalived-vip created
clusterrolebinding.rbac.authorization.k8s.io/openelb-admission created
clusterrolebinding.rbac.authorization.k8s.io/openelb-manager-rolebinding created
service/openelb-admission created
deployment.apps/openelb-manager created
job.batch/openelb-admission-create created
job.batch/openelb-admission-patch created
mutatingwebhookconfiguration.admissionregistration.k8s.io/openelb-admission created
validatingwebhookconfiguration.admissionregistration.k8s.io/openelb-admission created- 查看pod
[root@kube-master openelb]# kubectl get pods -n openelb-system
NAME READY STATUS RESTARTS AGE
openelb-admission-create-dgh5g 0/1 Completed 0 18m
openelb-admission-patch-n75mk 0/1 Completed 0 18m
openelb-keepalive-vip-2zdtm 1/1 Running 0 17m
openelb-keepalive-vip-tqv55 1/1 Running 0 17m
openelb-keepalive-vip-vg4cm 1/1 Running 0 17m
openelb-manager-794999f796-hdm8r 1/1 Running 0 18m[root@kube-master openelb]# kubectl get pods -n openelb-system
NAME READY STATUS RESTARTS AGE
openelb-admission-create-dgh5g 0/1 Completed 0 18m
openelb-admission-patch-n75mk 0/1 Completed 0 18m
openelb-keepalive-vip-2zdtm 1/1 Running 0 17m
openelb-keepalive-vip-tqv55 1/1 Running 0 17m
openelb-keepalive-vip-vg4cm 1/1 Running 0 17m
openelb-manager-794999f796-hdm8r 1/1 Running 0 18m3.3 配置对外ip池
- 创建layer2配置文件
yaml
#查看ip
[root@kube-master openelb]# kubectl describe node | grep -A5 Annotations
Annotations: kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
node.alpha.kubernetes.io/ttl: 0
projectcalico.org/IPv4Address: 10.103.236.201/24
projectcalico.org/IPv4IPIPTunnelAddr: 172.25.244.192
。。。
[root@kube-master openelb]# cat eip-layer2-pool.yaml
apiVersion: network.kubesphere.io/v1alpha2
kind: Eip
metadata:
name: eip-pool
annotations:
eip.openelb.kubesphere.io/is-default-eip: "true"
spec:
address: 10.103.236.70-10.103.236.99 #这里必须和node在同一个网段
protocol: layer2
interface: ens33 #根据自己的interface修改(master节点)
disable: false
status:
occupied: false
usage: 1
poolSize: 10
firstIP: 10.103.236.70
lastIP: 10.103.236.99
ready: true
v4: true#查看ip
[root@kube-master openelb]# kubectl describe node | grep -A5 Annotations
Annotations: kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
node.alpha.kubernetes.io/ttl: 0
projectcalico.org/IPv4Address: 10.103.236.201/24
projectcalico.org/IPv4IPIPTunnelAddr: 172.25.244.192
。。。
[root@kube-master openelb]# cat eip-layer2-pool.yaml
apiVersion: network.kubesphere.io/v1alpha2
kind: Eip
metadata:
name: eip-pool
annotations:
eip.openelb.kubesphere.io/is-default-eip: "true"
spec:
address: 10.103.236.70-10.103.236.99 #这里必须和node在同一个网段
protocol: layer2
interface: ens33 #根据自己的interface修改(master节点)
disable: false
status:
occupied: false
usage: 1
poolSize: 10
firstIP: 10.103.236.70
lastIP: 10.103.236.99
ready: true
v4: true- 执行apply
bash
[root@kube-master openelb]# kubectl apply -f eip-layer2-pool.yaml
eip.network.kubesphere.io/eip-sample-pool configured[root@kube-master openelb]# kubectl apply -f eip-layer2-pool.yaml
eip.network.kubesphere.io/eip-sample-pool configured命令行模式
kubectl annotate nodes master01 layer2.openelb.kubesphere.io/v1alpha2="eth_IP"
- 查看eip
shell
[root@kube-master openelb]# kubectl get eip
NAME CIDR USAGE TOTAL
eip-pool 10.103.236.70-10.103.236.99 30[root@kube-master openelb]# kubectl get eip
NAME CIDR USAGE TOTAL
eip-pool 10.103.236.70-10.103.236.99 30