Kubernetes 网络方案:Flannel 插件全解析

原创 于 2025-06-04 15:10:04 发布 · 1.4k 阅读 · 10 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#kubernetes #网络 #容器

Flannel 是 Kubernetes 生态中最广泛使用的 CNI (Container Network Interface) 插件之一,由 CoreOS 团队开发,专注于解决容器跨节点通信问题。

一、Flannel 核心架构

1.组件构成

  • flanneld 守护进程:运行在每个节点,负责网络配置管理

  • CNI 插件:实现 Kubernetes CNI 规范

  • 后端引擎:支持多种网络传输模式

  • 子网管理:通过 etcd 或 Kubernetes API 分配子网

2.平面架构

图片

二、核心工作原理

1. 子网分配流程

  • 节点启动时,flanneld 从 etcd 或 Kubernetes API 获取子网

  • 分配结果存储到本地文件 /run/flannel/subnet.env

  • CNI 插件为每个 Pod 从节点子网分配 IP

2. 跨节点通信流程

  • 源 Pod 发送数据包到目标 Pod IP

  • cni0 网桥根据路由表将包转发到 flannel.1

  • flanneld 通过 VXLAN/UDP 封装数据包

  • 目标节点 flanneld 解封装并转发到目标 Pod

三、后端传输模式详解

1. VXLAN 模式

1.1 工作原理

  • 将原始数据包封装在 UDP 包中(默认使用 8472 端口)

  • 添加 VXLAN 头(VNI 通常为 1)

  • 外层使用宿主机的 IP 进行通信

1.2 优点

  • 支持三层网络,跨三层网络通信

  • MTU 需要调整(通常设为 1450)

  • 对底层网络无特殊要求

1.3 缺点

  • 约 10-20% 性能开销

1.4 使用场景

  • 云环境或物理网络不支持 BGP/直接路由

  • 节点位于不同子网

  • 对网络性能要求不高的环境

2.host-gw 模式 (Host Gateway)

2.1 工作原理

直接使用宿主机的路由表,为每个节点添加路由条目(目标 Pod CIDR 指向对端节点 IP)

2.2 优点

  • 接近裸机性能

  • 零封装开销

    2.3 缺点

    • 要求节点间二层连通

    • 不支持跨子网通信

    2.4 适用场景

    • 节点间在同一二层网络

    • 物理机或私有云环境

    • 对网络性能要求高的场景

    3.DirectRouting 模式

    3.1 工作原理

    • 同子网通信:使用 host-gw 模式

    • 跨子网通信:自动回退到 VXLAN 模式

    • 配置示例:

    {
  "Backend": {
    "Type": "vxlan",
    "DirectRouting": true
  }
}
    3.2 优点

    • 同子网的高性能

    • 跨子网的兼容性

    3.3 缺点

    • 配置略复杂

    • 仍然有跨子网时的 VXLAN 开销

    3.4 适用场景

    • 混合网络环境(部分节点同子网,部分不同)

    • 需要平衡性能和灵活性的场景

    • 逐步迁移的网络架构

    4.对比总结

    特性

    VXLAN

    host-gw

    DirectRouting

    封装

    UDP+VXLAN

    无封装

    条件性封装

    性能

    中 (~20%开销)

    高 (接近原生)

    同子网高,跨子网中

    网络要求

    仅需三层连通

    需二层连通

    混合要求

    跨子网

    支持

    不支持

    支持但性能下降

    复杂度

    中等

    中等

    5.选择建议

    • 云环境/复杂网络:优先选择 VXLAN 或 DirectRouting

    • 物理机/高性能需求:优先 host-gw(确保二层连通)

    • 混合环境:DirectRouting 是最平衡的选择

    四、部署模式对比

    1.Kubernetes Manifest 部署

    1.1 下载
    wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
    1.2 修改配置一镜像地址

    默认的镜像地址通常下载不下来,如何下载镜像清参考破解Docker镜像下载难题

    # 修改前
image: ghcr.io/flannel-io/flannel-cni-plugin:v1.7.1-flannel1

image: ghcr.io/flannel-io/flannel:v0.26.7

#修改后,修改为自己的镜像仓库地址,我这里是将镜像存储到阿里云的
image: registry.cn-hangzhou.aliyuncs.com/liuxing666/flannel-cni-plugin:v1.7.1-flannel1

image: registry.cn-hangzhou.aliyuncs.com/liuxing666/flannel:v0.26.7
    1.3 修改配置二flannel网段
    cni-conf.json: |
    { 
      "name": "cbr0",
      "cniVersion": "0.3.1",
      "plugins": [
        { 
          "type": "flannel",
          "delegate": {
            "hairpinMode": true,
            "isDefaultGateway": true
          }
        },
        { 
          "type": "portmap",
          "capabilities": { 
            "portMappings": true
          }
        }
      ]
    }
  net-conf.json: |
    { 
      "Network": "10.244.0.0/16",
      "EnableNFTables": false,
      "Backend": {
        "Type": "vxlan"
      }
    }


# "Network": "10.244.0.0/16" 修改为kube-controller-manager中设置的地址
#--cluster-cidr=10.244.0.0/16的地址或者etcd存储的flannel网段地址
    1.4修改后完整配置
    [root@master-1 ~]# cat kube-flannel.yml
---
kind: Namespace
apiVersion: v1
metadata:
  name: kube-flannel
  labels:
    k8s-app: flannel
    pod-security.kubernetes.io/enforce: privileged
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: flannel
  name: flannel
rules:
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes/status
  verbs:
  - patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: flannel
  name: flannel
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flannel
subjects:
- kind: ServiceAccount
  name: flannel
  namespace: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: flannel
  name: flannel
  namespace: kube-flannel
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: kube-flannel-cfg
  namespace: kube-flannel
  labels:
    tier: node
    k8s-app: flannel
    app: flannel
data:
  cni-conf.json: |
    {
      "name": "cbr0",
      "cniVersion": "0.3.1",
      "plugins": [
        {
          "type": "flannel",
          "delegate": {
            "hairpinMode": true,
            "isDefaultGateway": true
          }
        },
        {
          "type": "portmap",
          "capabilities": {
            "portMappings": true
          }
        }
      ]
    }
  net-conf.json: |
    {
      "Network": "10.244.0.0/16",
      "EnableNFTables": false,
      "Backend": {
        "Type": "vxlan"
      }
    }
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds
  namespace: kube-flannel
  labels:
    tier: node
    app: flannel
    k8s-app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/os
                operator: In
                values:
                - linux
      hostNetwork: true
      priorityClassName: system-node-critical
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni-plugin
        image: registry.cn-hangzhou.aliyuncs.com/liuxing666/flannel-cni-plugin:v1.7.1-flannel1
        command:
        - cp
        args:
        - -f
        - /flannel
        - /opt/cni/bin/flannel
        volumeMounts:
        - name: cni-plugin
          mountPath: /opt/cni/bin
      - name: install-cni
        image: registry.cn-hangzhou.aliyuncs.com/liuxing666/flannel:v0.26.7
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: registry.cn-hangzhou.aliyuncs.com/liuxing666/flannel:v0.26.7
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
            add: ["NET_ADMIN", "NET_RAW"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: EVENT_QUEUE_DEPTH
          value: "5000"
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
        - name: xtables-lock
          mountPath: /run/xtables.lock
      volumes:
      - name: run
        hostPath:
          path: /run/flannel
      - name: cni-plugin
        hostPath:
          path: /opt/cni/bin
      - name: cni
        hostPath:
          path: /etc/cni/net.d
      - name: flannel-cfg
        configMap:
          name: kube-flannel-cfg
      - name: xtables-lock
        hostPath:
          path: /run/xtables.lock
          type: FileOrCreate
    1.5 部署测试
    [root@master-1 ~]# kubectl apply -f kube-flannel.yaml

#查看
[root@master-1 ~]# kubectl get pods -n kube-flannel -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-flannel-ds-mx8tp 1/1     Running 0          3h7m 192.168.91.21   node-1   <none> <none>
kube-flannel-ds-xp8p5 1/1     Running 0          3h7m 192.168.91.23   node-3   <none> <none>
kube-flannel-ds-xp9dh 1/1     Running 0          3h7m 192.168.91.22   node-2   <none> <none>

#测试网络连通性
[root@master-1 ~]# cat nginx.yaml 
apiVersion: apps/v1
kind: Deployment 
metadata:
  name: nginx-demo
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        imagePullPolicy: IfNotPresent

[root@master-1 ~]# kubectl apply -f nginx.yaml

[root@master-1 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-demo-68984b745f-jxn7c 1/1     Running 0          3h6m 10.244.1.2    node-2   <none> <none>
nginx-demo-68984b745f-pc4t2 1/1     Running 0          3h6m 10.244.0.2    node-1   <none> <none>
nginx-demo-68984b745f-rx76j 1/1     Running 0          3h6m 10.244.2.60   node-3   <none> <none>

[root@node-1 ~]# curl -I 10.244.1.2 
HTTP/1.1200 OK
Server: nginx/1.27.5
Date: Tue, 03 Jun 202505:35:17 GMT

    测试发现node节点网络都是互通的

    图片

    2.二进制部署

    2.1 下载Flannel二进制包
    wget https://github.com/coreos/flannel/releases/download/v0.11.0/flannel-v0.11.0-linux-amd64.tar.gz
wget https://github.com/flannel-io/flannel/releases/download/v0.26.7/flannel-v0.26.7-linux-amd64.tar.gz
    2.2 解压
    [root@ master -1 ~]# tar xvf flannel-v0.11.0-linux-amd64.tar.gz
[root@ master -1 ~]# mv flanneld mk-docker-opts.sh /usr/local/bin/
    2.3  配置Flannel文件,添加etcd信息
    [root@node-1 ~]# mkdir -p /etc/flannel
[root@node-1 ~]# cat > /etc/flannel/flannel.cfg<<EOF
FLANNEL_OPTIONS="-etcd-endpoints=https://192.168.91.18:2379,https://192.168.91.19:2379,https://192.168.91.20:2379 -etcd-cafile=/etc/etcd/ssl/ca.pem -etcd-certfile=/etc/etcd/ssl/server.pem -etcd-keyfile=/etc/etcd/ssl/server-key.pem"
EOF
    2.4 设置flannel网段存储到etcd中
    [root@master-1 ~]# ETCDCTL_API=2 etcdctl \
--endpoints="https://192.168.91.18:2379,https://192.168.91.19:2379,https://192.168.91.20:2379"  \
--ca-file=/etc/etcd/ssl/ca.pem \
--key-file=/etc/etcd/ssl/server-key.pem \
--cert-file=/etc/etcd/ssl/server.pem \
set /coreos.com/network/config '{ "Network": "10.244.0.0/16", "Backend": {"Type": "vxlan"}}'
#检查是否建立网段
[root@master-1 ~]# ETCDCTL_API=2 etcdctl \
--endpoints=https://192.168.91.18:2379,https://192.168.91.19:2379,https://192.168.91.20:2379 \
--ca-file=/etc/etcd/ssl/ca.pem \
--cert-file=/etc/etcd/ssl/server.pem \
--key-file=/etc/etcd/ssl/server-key.pem \
get /coreos.com/network/config

#结果
{ "Network": "10.244.0.0/16", "Backend": {"Type": "vxlan"}}
    2.5 配置flannel 启动配置文件
    cat > /usr/lib/systemd/system/flanneld.service <<EOF
[Unit]
Description=Flanneld overlay address etcd agent
After=network-online.target network.target
Before=docker.service

[Service]
Type=notify
EnvironmentFile=/etc/flannel/flannel.cfg
ExecStart=/usr/local/bin/flanneld --ip-masq \$FLANNEL_OPTIONS
ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

#启动Flannel
[root@node-2 ~]# systemctl enable --now flanneld
[root@node-2 ~]# systemctl status flanneld
    2.6 修改docker 配置文件,让docker使用flannel网段
    [root@node-1 ~]# cat >/usr/lib/systemd/system/docker.service<<EOFL
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=/run/flannel/subnet.env
ExecStart=/usr/bin/dockerd \$DOCKER_NETWORK_OPTIONS
ExecReload=/bin/kill -s HUP \$MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target
EOFL
#重启docker
[root@node-1 ~]# systemctl daemon-reload
[root@node-1 ~]# systemctl restart docker

    五、总结

    Flannel 作为 Kubernetes 网络生态的基石:简单可靠的 Overlay 网络,适用于中小集群、混合云环境,部署简单、社区支持好。

    【K8S系列】深入解析k8s网络插件Flannel
    颜淡慕潇
    07-20 1万+
    Flannel是一个简单、轻量级且可靠的容器网络解决方案,特别适合用于初级部署或者对网络要求不是特别苛刻的场景。 它在Kubernetes社区中得到广泛的应用和支持,并且与其他网络解决方案(如Calico、Weave等)相互兼容,可以根据需求进行灵活选择。
    Kubernetes(k8s)-网络插件(Flannel)
    最新发布
    04-12 1323
    Kubernetes里面使用比较广泛的网络插件主要是Flannel和Calico,当然还有使用最新的eBPF技术的Cilium。本小节我们讲解Flannel
    KubernetesFlannel网络插件介绍
    专注于数据库技术分享,包含但不限于Oracle,MySQL,PostgreSQL,ElasticSearch及国产数据库等
    04-30 882
    Flannel 是一个轻量级的网络虚拟化解决方案,专为容器环境设计,特别是在 Kubernetes 集群中作为网络插件(Container Network Interface, CNI)使用,为集群中的各个节点间提供跨主机的网络通信能力。Flannel 的核心目标是为每个 Pod 分配一个唯一的、在整个集群范围内可路由的 IP 地址,并确保这些 Pod 之间能够直接、高效地进行网络通信,同时保持与底层网络基础设施的解耦。
    Kubernetes网络分析之Flannel
    gao2175的博客
    10-23 1080
    Flannel是cereos开源的CNI网络插件,下图flannel官网提供的一个数据包经过封包、传输以及拆包的示意图,从这个图片里面里面可以看出两台机器的docker0分别处于不同的段:10.1.20.1/24 和 10.1.15.1/24 ,如果从Web App Frontend1 pod(10.1.15.2)去连接另一台主机上的Backend Service2 pod(10.1.20.3),...
    最硬核k8s网络插件详解(flannel
    Timmy的博客
    02-21 785
    Flannel 是一个轻量级、易于配置的网络插件,旨在简化 Kubernetes 集群中 Pod 网络的管理。Flannel 的核心功能是提供一个虚拟的网络,允许每个 Pod 获取一个独立的 IP 地址,并实现不同节点间的 Pod 之间的通信。
    Kubernetes(K8S)(七)——网络插件flannel和calico应用于跨主机调度通信
    Aimee_c的博客
    06-26 1416
    文章目录1.网络插件flannel1.1 Flannel——vxlan模式跨主机通信1.2 Flannel——host-gw模式跨主机通信(纯三层)1.1 Flannel——vxlan+directrouting模式2.网络插件calico 1.网络插件flannel 跨主机通信的一个解决方案Flannel,由CoreOS推出,支持3种实现:UDP、VXLAN、host-gw udp模式:使用设备flannel.0进行封包解包,不是内核原生支持,上下文切换较大,性能非常差 vxlan模式:使用flanne
    FlannelKubernetes 网络方案的“轻骑兵”
    weixin_44066506的博客
    01-04 453
    FlannelKubernetes 网络方案的“轻骑兵”在 Kubernetes 中,网络是连接所有组件的核心。每个 Pod 都需要一个独立的 IP,方便 Pod 间的通信,而 Flannel 正是解决这个问题的经典容器网络插件(CNI)。它简单、轻量、高效,被广泛用于 Kubernetes网络方案中。今天我们就来聊...
    Kubernetes网络实践:CNI与服务发现解析
    Flannel是一种简单的网络编排工具,它被Kubernetes用作默认的CNI插件之一。在Flannel-vxlan的实现中,每个节点上有一个flanneld进程,它创建并管理cni0这样的桥接设备。Pod的网络流量通过veth pair转发,其中一端...
    Kubernetes网络插件解析
    专注于数据库技术分享,包含但不限于Oracle,MySQL,PostgreSQL,ElasticSearch及国产数据库等
    04-29 1243
    Calico是一个强大的网络网络策略解决方案,它基于纯三层(IP)网络模型,使用BGP协议实现高效的跨主机通信。Calico提供细粒度的网络策略控制,支持丰富的策略表达式,适用于大规模生产环境。同时,Calico还支持IPv6、网络遥测等功能。
    Kubernetes网络模型解析:CNI网络插件容器通信机制
    "该资源主要探讨了Kubernetes网络模型以及CNI(Container Network Interface)网络插件的工作原理。在Kubernetes中,网络插件通过CNI接口来创建和管理网络设备,确保容器间的跨主机通信。" 在Kubernetes中,网络...
    kube-flannel.yml
    08-11
    --- apiVersion: extensions/v1beta1 kind: PodSecurityPolicy metadata: name: psp.flannel.unprivileged annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default spec: privileged: false volumes: - configMap - secret - emptyDir - hostPath allowedHostPaths: - pathPrefix: "/etc/cni/net.d" - pathPrefix: "/etc/kube-flannel" - pathPrefix: "/run/flannel" readOnlyRootFilesystem: false # Users and groups runAsUser: rule: RunAsAny supplementalGroups: rule: RunAsAny fsGroup: rule: RunAsAny # Privilege Escalation allowPrivilegeEscalation: false defaultAllowPrivilegeEscalation: false # Capabilities allowedCapabilities: ['NET_ADMIN'] defaultAddCapabilities: [] requiredDropCapabilities: [] # Host namespaces hostPID: false hostIPC: false hostNetwork: true hostPorts: - min: 0 max: 65535 # SELinux seLinux: # SELinux is unsed in CaaSP rule: 'RunAsAny' --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: flannel rules: - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: ['psp.flannel.unprivileged'] - apiGroups: - "" resources: - pods verbs: - get - apiGroups: - "" resources: - nodes verbs: - list - watch - apiGroups: - "" resources: - nodes/status verbs: - patch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: flannel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannel subjects: - kind: ServiceAccount name: flannel namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: flannel namespace: kube-system --- kind: ConfigMap apiVersion: v1 metadata: name: kube-flannel-cfg namespace: kube-system labels: tier: node app: flannel data: cni-conf.json: | { "name": "cbr0", "plugins": [ { "type": "flannel", "delegate": { "hairpinMode": true, "isDefaultGateway": true } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } net-conf.json: | { "Network": "10.244.0.0/16", "Backend": { "Type": "vxlan" } } --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: kube-flannel-ds-amd64 namespace: kube-system labels: tier: node app: flannel spec: template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: amd64 tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni image: jmgao1983/flannel:v0.11.0-amd64 command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: jmgao1983/flannel:v0.11.0-amd64 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run/flannel - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: kube-flannel-ds-arm64 namespace: kube-system labels: tier: node app: flannel spec: template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: arm64 tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni image: quay.io/coreos/flannel:v0.11.0-arm64 command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.11.0-arm64 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run/flannel - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: kube-flannel-ds-arm namespace: kube-system labels: tier: node app: flannel spec: template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: arm tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni image: quay.io/coreos/flannel:v0.11.0-arm command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.11.0-arm command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run/flannel - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: kube-flannel-ds-ppc64le namespace: kube-system labels: tier: node app: flannel spec: template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: ppc64le tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni image: quay.io/coreos/flannel:v0.11.0-ppc64le command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.11.0-ppc64le command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run/flannel - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: kube-flannel-ds-s390x namespace: kube-system labels: tier: node app: flannel spec: template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: s390x tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni image: quay.io/coreos/flannel:v0.11.0-s390x command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.11.0-s390x command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run/flannel - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg
    VMware与Kubernetes网络集成:打造企业级网络解决方案
    [VMware与Kubernetes网络集成:打造企业级网络解决方案](https://4sysops.com/wp-content/uploads/2021/02/Enable-NIOC-on-vSphere-7-vDS.png) # 1. VMware与Kubernetes网络基础 ## 1.1 介绍VMware与Kubernetes的...
    Kubernetes中的Flannel网络插件
    ✨ 欢迎来到【Seal ^_^ 的CSDN博客】!✨
    09-10 5223
    Kubernetes集群中,确保各个Node上的容器能够顺畅通信是关键。Flannel作为网络插件,简化了这一过程。
    Kubernetes_容器网络_Flannel_01_Flannel简介
    毛毛的专栏
    02-05 1330
    Flannel
    评论
    添加红包

    请填写红包祝福语或标题

    红包个数最小为10个

    红包金额最低5元

    当前余额3.43前往充值 >
    需支付:10.00
    成就一亿技术人!
    领取后你会自动成为博主和红包主的粉丝 规则
    hope_wisdom
    发出的红包

    打赏作者

    liux3528

    你的鼓励将是我创作的最大动力

    ¥1 ¥2 ¥4 ¥6 ¥10 ¥20
    扫码支付:¥1
    获取中
    扫码支付

    您的余额不足,请更换扫码支付或充值

    打赏作者

    实付
    使用余额支付
    点击重新获取
    扫码支付
    钱包余额 0

    抵扣说明:

    1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
    2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

    余额充值