在不同的网络上安装Kubernetes + Cilium [英] Install Kubernetes + Cilium on different networks

问题描述

有以下拓扑:

'left-1'，'left-2'，'right-1'，'right-2'，'center'-主机(DNS名称相同).

'left-1', 'left-2', 'right-1', 'right-2', 'center' - hosts (DNS names are same).

云" -网络.

在正确安装的所有主机上的kubeadm，kubectl，kubelet，docker.

kubeadm, kubectl, kubelet, docker on all hosts installed correctly.

Kubernetes需要这样安装:主机"left-1"上的"Master-1"，主机"right-1"上的"Master-2"以及主机"left-2"和"right-2"上的工作器

Kubernetes need install like: 'Master-1' on host 'left-1', 'Master-2' on host 'right-1', and workers on hosts 'left-2' and 'right-2'

所有主机通过域名相互ping通.所有主机上的所有端口均处于打开状态.任何地方都没有防火墙.

All hosts ping each other by the domain name. All ports on all hosts are open. No firewall anywhere.

所有主机都可以访问互联网.

All hosts have access to the internet.

这里有安装Kubernetes的手册:

Here there is a manual to install Kubernetes:

https://kubernetes.io/docs/设置/生产环境/工具/kubeadm/高可用性/

如果仅在'left-1'和'left-2'上安装Kubernetes-一切正常.

If I install Kubernetes only on 'left-1' and 'left-2' - all works fine.

如果我仅在'right-1'和'right-2'上安装Kubernetes-一切正常.

If I install Kubernetes only on 'right-1' and 'right-2' - all works fine.

但是，如果我安装在所有节点上-左侧的Pod不会连接到右侧的Pod，而右侧的Pod不会连接到左侧的Pod.

But if I install on all nodes - pods from the left do not connect to pods from right, and right pods do not connect to left pods.

如何在左右节点上同时安装Kubernetes?

How to install Kubernetes on the left and right nodes together?

我使用Cilium网络.

I use a Cilium network.

我使用以下命令安装了Cilium网络:

I installed a Cilium network with the command:

kubectl apply -f https://raw.githubusercontent.com/cilium/cilium/v1.6.8/install/kubernetes/quick-install.yaml

kubectl apply -f https://raw.githubusercontent.com/cilium/cilium/v1.6.8/install/kubernetes/quick-install.yaml

当我初始化第一个主节点时，我会描述CIDR:10.217.0.0/16

When i init the first master node, i describe CIDR: 10.217.0.0/16

我试图将etcd与kubernetes分开安装.我有错误:

I tried to install etcd separately from kubernetes. i've got error:

2020-06-25 02:49:37.073290 I | embed: rejected connection from "10.7.0.1:48422" (error "tls: \"10.7.0.1\" does not match any of DNSNames [\"right-1\" \"localhost\"]", ServerName "", IPAddresses ["10.8.1.1" "127.0.0.1" "::1" "10.8.1.1"], DNSNames ["right-1" "localhost"])

10.7.0.1-它是center，并且中心不是etcd集群的一部分.为什么etcd会检查它?

10.7.0.1 - it is center, and center is not a part of the etcd cluster. Why etcd checks it?

[left-1]$ traceroute right-1
traceroute to right-1 (10.8.1.1), 30 hops max, 60 byte packets
 1  center (10.7.0.1)  1.381 ms  1.252 ms  1.159 ms
 2  right-1 (10.8.1.1)  1.068 ms  0.990 ms  0.912 ms

推荐答案

我们解决了这个问题.

必须通过以下命令创建集群:

Cluster must be created by command:

kubeadm init --config=kubeadm-config.yaml --upload-certs

其中kubeadm-config.yaml包含:

Where kubeadm-config.yaml contains:

apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: 1.18.3
controlPlaneEndpoint: "10.7.1.1:6443"
networking:
  podSubnet: "10.217.0.0/16"
etcd:
  local:
    serverCertSANs: ["10.7.1.1", "10.7.2.2", "10.7.0.1", "10.8.1.1", "10.8.2.2", "10.8.0.1"]
    peerCertSANs:   ["10.7.1.1", "10.7.2.2", "10.7.0.1", "10.8.1.1", "10.8.2.2", "10.8.0.1"]

请注意yaml参数:serverCertSAN和peerCertSAN:其包含10.7.0.1和10.8.0.1-这些IP作为客户端IP到达网络软件包中的节点，并且必须注册为受信任IP.如果您在节点间交互中还有其他IP，则也必须对其进行注册.

Pay attention to yaml-parameters: serverCertSANs, and peerCertSANs : its contain 10.7.0.1 and 10.8.0.1 - these IPs come to node in network packages as client IP and must be registered as trusted IP. If you have another IPs in inter-node interaction, it must be registered too.

这篇关于在不同的网络上安装Kubernetes + Cilium的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！