基于centos7安装k8s集群之安装flannel组件

[root@node-k8s-01 ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.ymlUnable to connect to the server: read tcp 192.168.32.132:51060->185.199.

掉了壳的蜗牛

390人浏览 · 2021-11-11 09:52:11

掉了壳的蜗牛 · 2021-11-11 09:52:11 发布

[root@node-k8s-01 ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
Unable to connect to the server: read tcp 192.168.32.132:51060->185.199.108.133:443: read: connection reset by peer
[root@node-k8s-01 ~]# cat <<EOF > kube-flannel.yml
> ---
> apiVersion: policy/v1beta1
> kind: PodSecurityPolicy
> metadata:
>   name: psp.flannel.unprivileged
>   annotations:
>     seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
>     seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
>     apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
>     apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
> spec:
>   privileged: false
>   volumes:
>     - configMap
>     - secret
>     - emptyDir
>     - hostPath
>   allowedHostPaths:
>     - pathPrefix: "/etc/cni/net.d"
>     - pathPrefix: "/etc/kube-flannel"
>     - pathPrefix: "/run/flannel"
>   readOnlyRootFilesystem: false
>   # Users and groups
>   runAsUser:
>     rule: RunAsAny
>   supplementalGroups:
>     rule: RunAsAny
>   fsGroup:
>     rule: RunAsAny
>   # Privilege Escalation
>   allowPrivilegeEscalation: false
>   defaultAllowPrivilegeEscalation: false
>   # Capabilities
>   allowedCapabilities: ['NET_ADMIN']
>   defaultAddCapabilities: []
>   requiredDropCapabilities: []
>   # Host namespaces
>   hostPID: false
>   hostIPC: false
>   hostNetwork: true
>   hostPorts:
>   - min: 0
>     max: 65535
>   # SELinux
>   seLinux:
>     # SELinux is unused in CaaSP
>     rule: 'RunAsAny'
> ---
> kind: ClusterRole
> apiVersion: rbac.authorization.k8s.io/v1beta1
> metadata:
>   name: flannel
> rules:
>   - apiGroups: ['extensions']
>     resources: ['podsecuritypolicies']
>     verbs: ['use']
>     resourceNames: ['psp.flannel.unprivileged']
>   - apiGroups:
>       - ""
>     resources:
>       - pods
>     verbs:
>       - get
>   - apiGroups:
>       - ""
>     resources:
>       - nodes
>     verbs:
>       - list
>       - watch
>   - apiGroups:
>       - ""
>     resources:
>       - nodes/status
>     verbs:
>       - patch
> ---
> kind: ClusterRoleBinding
> apiVersion: rbac.authorization.k8s.io/v1beta1
> metadata:
>   name: flannel
> roleRef:
>   apiGroup: rbac.authorization.k8s.io
>   kind: ClusterRole
>   name: flannel
> subjects:
> - kind: ServiceAccount
>   name: flannel
>   namespace: kube-system
> ---
> apiVersion: v1
> kind: ServiceAccount
> metadata:
>   name: flannel
>   namespace: kube-system
> ---
> kind: ConfigMap
> apiVersion: v1
> metadata:
>   name: kube-flannel-cfg
>   namespace: kube-system
>   labels:
>     tier: node
>     app: flannel
> data:
>   cni-conf.json: |
>     {
>       "name": "cbr0",
>       "cniVersion": "0.3.1",
>       "plugins": [
>         {
>           "type": "flannel",
>           "delegate": {
>             "hairpinMode": true,
>             "isDefaultGateway": true
>           }
>         },
>         {
>           "type": "portmap",
>           "capabilities": {
>             "portMappings": true
>           }
>         }
>       ]
>     }
>   net-conf.json: |
>     {
>       "Network": "10.244.0.0/16",
>       "Backend": {
>         "Type": "vxlan"
>       }
>     }
> ---
> apiVersion: apps/v1
> kind: DaemonSet
> metadata:
>   name: kube-flannel-ds-amd64
>   namespace: kube-system
>   labels:
>     tier: node
>     app: flannel
> spec:
>   selector:
>     matchLabels:
>       app: flannel
>   template:
>     metadata:
>       labels:
>         tier: node
>         app: flannel
>     spec:
>       affinity:
>         nodeAffinity:
>           requiredDuringSchedulingIgnoredDuringExecution:
>             nodeSelectorTerms:
>               - matchExpressions:
>                   - key: beta.kubernetes.io/os
>                     operator: In
>                     values:
>                       - linux
>                   - key: beta.kubernetes.io/arch
>                     operator: In
>                     values:
>                       - amd64
>       hostNetwork: true
>       tolerations:
>       - operator: Exists
>         effect: NoSchedule
>       serviceAccountName: flannel
>       initContainers:
>       - name: install-cni
>         image: quay.io/coreos/flannel:v0.11.0-amd64
>         command:
>         - cp
>         args:
>         - -f
>         - /etc/kube-flannel/cni-conf.json
>         - /etc/cni/net.d/10-flannel.conflist
>         volumeMounts:
>         - name: cni
>           mountPath: /etc/cni/net.d
>         - name: flannel-cfg
>           mountPath: /etc/kube-flannel/
>       containers:
>       - name: kube-flannel
>         image: quay.io/coreos/flannel:v0.11.0-amd64
>         command:
>         - /opt/bin/flanneld
>         args:
>         - --ip-masq
>         - --kube-subnet-mgr
>         resources:
>           requests:
>             cpu: "100m"
>             memory: "50Mi"
>           limits:
>             cpu: "100m"
>             memory: "50Mi"
>         securityContext:
>           privileged: false
>           capabilities:
>             add: ["NET_ADMIN"]
>         env:
>         - name: POD_NAME
>           valueFrom:
>             fieldRef:
>               fieldPath: metadata.name
>         - name: POD_NAMESPACE
>           valueFrom:
>             fieldRef:
>               fieldPath: metadata.namespace
>         volumeMounts:
>         - name: run
>           mountPath: /run/flannel
>         - name: flannel-cfg
>           mountPath: /etc/kube-flannel/
>       volumes:
>         - name: run
>           hostPath:
>             path: /run/flannel
>         - name: cni
>           hostPath:
>             path: /etc/cni/net.d
>         - name: flannel-cfg
>           configMap:
>             name: kube-flannel-cfg
> ---
> apiVersion: apps/v1
> kind: DaemonSet
> metadata:
>   name: kube-flannel-ds-arm64
>   namespace: kube-system
>   labels:
>     tier: node
>     app: flannel
> spec:
>   selector:
>     matchLabels:
>       app: flannel
>   template:
>     metadata:
>       labels:
>         tier: node
>         app: flannel
>     spec:
>       affinity:
>         nodeAffinity:
>           requiredDuringSchedulingIgnoredDuringExecution:
>             nodeSelectorTerms:
>               - matchExpressions:
>                   - key: beta.kubernetes.io/os
>                     operator: In
>                     values:
>                       - linux
>                   - key: beta.kubernetes.io/arch
>                     operator: In
>                     values:
>                       - arm64
>       hostNetwork: true
>       tolerations:
>       - operator: Exists
>         effect: NoSchedule
>       serviceAccountName: flannel
>       initContainers:
>       - name: install-cni
>         image: quay.io/coreos/flannel:v0.11.0-arm64
>         command:
>         - cp
>         args:
>         - -f
>         - /etc/kube-flannel/cni-conf.json
>         - /etc/cni/net.d/10-flannel.conflist
>         volumeMounts:
>         - name: cni
>           mountPath: /etc/cni/net.d
>         - name: flannel-cfg
>           mountPath: /etc/kube-flannel/
>       containers:
>       - name: kube-flannel
>         image: quay.io/coreos/flannel:v0.11.0-arm64
>         command:
>         - /opt/bin/flanneld
>         args:
>         - --ip-masq
>         - --kube-subnet-mgr
>         resources:
>           requests:
>             cpu: "100m"
>             memory: "50Mi"
>           limits:
>             cpu: "100m"
>             memory: "50Mi"
>         securityContext:
>           privileged: false
>           capabilities:
>              add: ["NET_ADMIN"]
>         env:
>         - name: POD_NAME
>           valueFrom:
>             fieldRef:
>               fieldPath: metadata.name
>         - name: POD_NAMESPACE
>           valueFrom:
>             fieldRef:
>               fieldPath: metadata.namespace
>         volumeMounts:
>         - name: run
>           mountPath: /run/flannel
>         - name: flannel-cfg
>           mountPath: /etc/kube-flannel/
>       volumes:
>         - name: run
>           hostPath:
>             path: /run/flannel
>         - name: cni
>           hostPath:
>             path: /etc/cni/net.d
>         - name: flannel-cfg
>           configMap:
>             name: kube-flannel-cfg
> ---
> apiVersion: apps/v1
> kind: DaemonSet
> metadata:
>   name: kube-flannel-ds-arm
>   namespace: kube-system
>   labels:
>     tier: node
>     app: flannel
> spec:
>   selector:
>     matchLabels:
>       app: flannel
>   template:
>     metadata:
>       labels:
>         tier: node
>         app: flannel
>     spec:
>       affinity:
>         nodeAffinity:
>           requiredDuringSchedulingIgnoredDuringExecution:
>             nodeSelectorTerms:
>               - matchExpressions:
>                   - key: beta.kubernetes.io/os
>                     operator: In
>                     values:
>                       - linux
>                   - key: beta.kubernetes.io/arch
>                     operator: In
>                     values:
>                       - arm
>       hostNetwork: true
>       tolerations:
>       - operator: Exists
>         effect: NoSchedule
>       serviceAccountName: flannel
>       initContainers:
>       - name: install-cni
>         image: quay.io/coreos/flannel:v0.11.0-arm
>         command:
>         - cp
>         args:
>         - -f
>         - /etc/kube-flannel/cni-conf.json
>         - /etc/cni/net.d/10-flannel.conflist
>         volumeMounts:
>         - name: cni
>           mountPath: /etc/cni/net.d
>         - name: flannel-cfg
>           mountPath: /etc/kube-flannel/
>       containers:
>       - name: kube-flannel
>         image: quay.io/coreos/flannel:v0.11.0-arm
>         command:
>         - /opt/bin/flanneld
>         args:
>         - --ip-masq
>         - --kube-subnet-mgr
>         resources:
>           requests:
>             cpu: "100m"
>             memory: "50Mi"
>           limits:
>             cpu: "100m"
>             memory: "50Mi"
>         securityContext:
>           privileged: false
>           capabilities:
>              add: ["NET_ADMIN"]
>         env:
>         - name: POD_NAME
>           valueFrom:
>             fieldRef:
>               fieldPath: metadata.name
>         - name: POD_NAMESPACE
>           valueFrom:
>             fieldRef:
>               fieldPath: metadata.namespace
>         volumeMounts:
>         - name: run
>           mountPath: /run/flannel
>         - name: flannel-cfg
>           mountPath: /etc/kube-flannel/
>       volumes:
>         - name: run
>           hostPath:
>             path: /run/flannel
>         - name: cni
>           hostPath:
>             path: /etc/cni/net.d
>         - name: flannel-cfg
>           configMap:
>             name: kube-flannel-cfg
> ---
> apiVersion: apps/v1
> kind: DaemonSet
> metadata:
>   name: kube-flannel-ds-ppc64le
>   namespace: kube-system
>   labels:
>     tier: node
>     app: flannel
> spec:
>   selector:
>     matchLabels:
>       app: flannel
>   template:
>     metadata:
>       labels:
>         tier: node
>         app: flannel
>     spec:
>       affinity:
>         nodeAffinity:
>           requiredDuringSchedulingIgnoredDuringExecution:
>             nodeSelectorTerms:
>               - matchExpressions:
>                   - key: beta.kubernetes.io/os
>                     operator: In
>                     values:
>                       - linux
>                   - key: beta.kubernetes.io/arch
>                     operator: In
>                     values:
>                       - ppc64le
>       hostNetwork: true
>       tolerations:
>       - operator: Exists
>         effect: NoSchedule
>       serviceAccountName: flannel
>       initContainers:
>       - name: install-cni
>         image: quay.io/coreos/flannel:v0.11.0-ppc64le
>         command:
>         - cp
>         args:
>         - -f
>         - /etc/kube-flannel/cni-conf.json
>         - /etc/cni/net.d/10-flannel.conflist
>         volumeMounts:
>         - name: cni
>           mountPath: /etc/cni/net.d
>         - name: flannel-cfg
>           mountPath: /etc/kube-flannel/
>       containers:
>       - name: kube-flannel
>         image: quay.io/coreos/flannel:v0.11.0-ppc64le
>         command:
>         - /opt/bin/flanneld
>         args:
>         - --ip-masq
>         - --kube-subnet-mgr
>         resources:
>           requests:
>             cpu: "100m"
>             memory: "50Mi"
>           limits:
>             cpu: "100m"
>             memory: "50Mi"
>         securityContext:
>           privileged: false
>           capabilities:
>              add: ["NET_ADMIN"]
>         env:
>         - name: POD_NAME
>           valueFrom:
>             fieldRef:
>               fieldPath: metadata.name
>         - name: POD_NAMESPACE
>           valueFrom:
>             fieldRef:
>               fieldPath: metadata.namespace
>         volumeMounts:
>         - name: run
>           mountPath: /run/flannel
>         - name: flannel-cfg
>           mountPath: /etc/kube-flannel/
>       volumes:
>         - name: run
>           hostPath:
>             path: /run/flannel
>         - name: cni
>           hostPath:
>             path: /etc/cni/net.d
>         - name: flannel-cfg
>           configMap:
>             name: kube-flannel-cfg
> ---
> apiVersion: apps/v1
> kind: DaemonSet
> metadata:
>   name: kube-flannel-ds-s390x
>   namespace: kube-system
>   labels:
>     tier: node
>     app: flannel
> spec:
>   selector:
>     matchLabels:
>       app: flannel
>   template:
>     metadata:
>       labels:
>         tier: node
>         app: flannel
>     spec:
>       affinity:
>         nodeAffinity:
>           requiredDuringSchedulingIgnoredDuringExecution:
>             nodeSelectorTerms:
>               - matchExpressions:
>                   - key: beta.kubernetes.io/os
>                     operator: In
>                     values:
>                       - linux
>                   - key: beta.kubernetes.io/arch
>                     operator: In
>                     values:
>                       - s390x
>       hostNetwork: true
>       tolerations:
>       - operator: Exists
>         effect: NoSchedule
>       serviceAccountName: flannel
>       initContainers:
>       - name: install-cni
>         image: quay.io/coreos/flannel:v0.11.0-s390x
>         command:
>         - cp
>         args:
>         - -f
>         - /etc/kube-flannel/cni-conf.json
>         - /etc/cni/net.d/10-flannel.conflist
>         volumeMounts:
>         - name: cni
>           mountPath: /etc/cni/net.d
>         - name: flannel-cfg
>           mountPath: /etc/kube-flannel/
>       containers:
>       - name: kube-flannel
>         image: quay.io/coreos/flannel:v0.11.0-s390x
>         command:
>         - /opt/bin/flanneld
>         args:
>         - --ip-masq
>         - --kube-subnet-mgr
>         resources:
>           requests:
>             cpu: "100m"
>             memory: "50Mi"
>           limits:
>             cpu: "100m"
>             memory: "50Mi"
>         securityContext:
>           privileged: false
>           capabilities:
>              add: ["NET_ADMIN"]
>         env:
>         - name: POD_NAME
>           valueFrom:
>             fieldRef:
>               fieldPath: metadata.name
>         - name: POD_NAMESPACE
>           valueFrom:
>             fieldRef:
>               fieldPath: metadata.namespace
>         volumeMounts:
>         - name: run
>           mountPath: /run/flannel
>         - name: flannel-cfg
>           mountPath: /etc/kube-flannel/
>       volumes:
>         - name: run
>           hostPath:
>             path: /run/flannel
>         - name: cni
>           hostPath:
>             path: /etc/cni/net.d
>         - name: flannel-cfg
>           configMap:
>             name: kube-flannel-cfg
> EOF

[root@node-k8s-01 ~]# kubectl apply -f kube-flannel.yml 
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created

K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 | 韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号前言台湾作家林清玄在接受记者采访的时候，如此评价自己 30 多年写作生涯：“第一个十年我才华横溢，‘贼光闪现’，令周边黯然失色；第二个十年，我终于‘宝光现形’，不再去抢风头，反而与身边的美丽相得益彰；进入第三个十年，繁华落尽见真醇，我进入了‘醇光初现’的阶段，真正体味到了境界之美”。长夜有穷，真水无香。领略过了 K8s“身在江

K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台？

作者 | 孙健波（天元）导读：当前云原生 DevOps 体系现状如何？面临哪些挑战？如何通过 OAM 解决云原生 DevOps 场景下的诸多问题？云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答，并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps？为什么基于 Kub