Flannel

0.组件版本
docker-1.13.1
kubernetes-master-1.5.2
flannel-0.7.1

1.部署(默认已安装k8s基础环境
a. yum install flannel

b.配置/etc/sysconfig/flanneld, sample如下：
FLANNEL_ETCD_ENDPOINTS="http://192.168.56.201:2379"
FLANNEL_ETCD_PREFIX="/flannel/network"
FLANNEL_OPTIONS="--iface=enp0s9"

b.创建flannel配置文件，如下例flannel.cfg：
{

"Network": "172.31.0.0/16",

"SubnetLen": 24,

"Backend": {

"Type": "host-gw"

}
}

c.将上面的配置内容导入etcd
etcdctl --endpoints=192.168.56.201:2379 set /flannel/network/config < flannel.cfg
#数据节点路径与/etc/sysconfig/flanneld的FLANNEL_ETCD_PREFIX一致(注意key=>config)

d.启用服务
systemctl enable flanneld
systemctl start flanneld
systemctl restart docker
#/run/flannel/docker 默认应用到docker服务

2.vxlan
a. 从指定的Network范围内为每个host分配24掩码的subnet， 将子网应用到docker的--bip
b. 创建vtep设备flannl.1, 整个Network的路由都批指向flannel.1 sample如下：
[root@k01 todo]# ip addr show flannel.1
31: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN
link/ether fe:e4:6f:ea:5d:8e brd ff:ff:ff:ff:ff:ff
inet 172.31.35.0/32 scope global flannel.1
valid_lft forever preferred_lft forever
inet6 fe80::fce4:6fff:feea:5d8e/64 scope link
valid_lft forever preferred_lft forever

[root@k01 todo]# ip -d link show flannel.1
31: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT
link/ether fe:e4:6f:ea:5d:8e brd ff:ff:ff:ff:ff:ff promiscuity 0
vxlan id 1 local 192.168.100.201 dev enp0s9 srcport 0 0 dstport 8472 nolearning ageing 300 addrgenmode eui64

[root@k01 todo]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 enp0s3
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3
172.31.0.0 0.0.0.0 255.255.0.0 U 0 0 0 flannel.1
172.31.35.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s9

3.host-gw
a. 从指定的Network范围内为每个host分配24掩码的subnet， 将子网应用到docker的--bip
b. flanneld下发docker0和其它host的路由表,sample如下：
[root@k01 todo]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 enp0s3
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3
172.31.34.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
172.31.57.0 192.168.100.202 255.255.255.0 UG 0 0 0 enp0s9
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s9

4.kube-proxy
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 51 4038 KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
2 38 1928 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 288 18898 KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
2 239 14340 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 303 19798 KUBE-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */
2 0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0

Chain DOCKER (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0

Chain KUBE-MARK-DROP (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x8000

Chain KUBE-MARK-MASQ (5 references)
num pkts bytes target prot opt in out source destination
1 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000

Chain KUBE-NODEPORTS (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 KUBE-MARK-MASQ tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */ tcp dpt:30006
2 0 0 KUBE-SVC-M7XME3WTB36R42AM tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */ tcp dpt:30006

Chain KUBE-POSTROUTING (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000

Chain KUBE-SEP-3XAE4RZ4QKNBWHVI (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 KUBE-MARK-MASQ all -- * * 172.17.0.2 0.0.0.0/0 /* default/mysql: */
2 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */ tcp to:172.17.0.2:3306

Chain KUBE-SEP-BVDILWNHJHJ6GYVG (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 KUBE-MARK-MASQ all -- * * 172.17.0.4 0.0.0.0/0 /* default/mysql: */
2 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */ tcp to:172.17.0.4:3306

Chain KUBE-SEP-FO43SMKHP7ESNS5F (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 KUBE-MARK-MASQ all -- * * 172.17.0.3 0.0.0.0/0 /* default/mysql: */
2 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */ tcp to:172.17.0.3:3306

Chain KUBE-SEP-OGNOLD2JUSLFPOMZ (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 KUBE-MARK-MASQ all -- * * 10.0.2.15 0.0.0.0/0 /* default/kubernetes:https */
2 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: SET name: KUBE-SEP-OGNOLD2JUSLFPOMZ side: source mask: 255.255.255.255 tcp to:10.0.2.15:6443

Chain KUBE-SERVICES (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- * * 0.0.0.0/0 10.254.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443
2 0 0 KUBE-SVC-M7XME3WTB36R42AM tcp -- * * 0.0.0.0/0 10.254.104.18 /* default/mysql: cluster IP */ tcp dpt:3306
3 0 0 KUBE-NODEPORTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL

Chain KUBE-SVC-M7XME3WTB36R42AM (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 KUBE-SEP-3XAE4RZ4QKNBWHVI all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */ statistic mode random probability 0.33332999982
2 0 0 KUBE-SEP-FO43SMKHP7ESNS5F all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */ statistic mode random probability 0.50000000000
3 0 0 KUBE-SEP-BVDILWNHJHJ6GYVG all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/mysql: */

Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 KUBE-SEP-OGNOLD2JUSLFPOMZ all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: CHECK seconds: 10800 reap name: KUBE-SEP-OGNOLD2JUSLFPOMZ side: source mask: 255.255.255.255
2 0 0 KUBE-SEP-OGNOLD2JUSLFPOMZ all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */