Comments (16)
@694982827 No configuration needed for kubelet.
It seems that the CNI config on node 100.64.15.228 is incorrect. Please check the files in your CNI config directory which defaults /etc/cni/net.d.
from anchor.
@hainesc
I found the /etc/cni/net.d/10-anchor.conf created by DaemonSet in anchor.yaml file,
{
"name": "anchor",
"cniVersion": "0.3.1",
"type": "",
"master": "",
"octopus": {__OCTOPUS__},
"policy": {
"type": "k8s",
"k8s_api_root": "https://172.1.0.1:443",
"k8s_auth_token": "xxxxxxxx"
},
"kubernetes": {
"kubeconfig": "/etc/cni/net.d/anchor-kubeconfig"
},
"ipam": {
"type": "anchor",
"etcd_endpoints": "https://XX:2379,https://XX:2379,https://XX:2379",
"etcd_key_file": "/etc/etcd/etcdSSL/etcd-key.pem",
"etcd_cert_file": "/etc/etcd/etcdSSL/etcd.pem",
"etcd_ca_cert_file": "/etc/etcd/etcdSSL/ca.pem",
"service_ipnet": "172.1.0.0/24",
"node_ips": [],
"policy": {
"type": "k8s",
"k8s_api_root": "https://172.1.0.1:443",
"k8s_auth_token": "XXXXXX"
},
"kubernetes": {
"kubeconfig": "/etc/cni/net.d/anchor-kubeconfig"
}
}
}
from anchor.
@694982827 Is there any other files except 10-anchor.conf?
from anchor.
@hainesc
no
root@ubuntu-1:/etc/cni/net.d# ls
10-anchor.conf anchor-kubeconfig anchor-tls
root@ubuntu-1:/etc/cni/net.d# tree
.
├── 10-anchor.conf
├── anchor-kubeconfig
└── anchor-tls
├── etcd-ca
├── etcd-cert
└── etcd-key
1 directory, 5 files
root@ubuntu-1:/etc/cni/net.d#
from anchor.
Please show me the ConfigMap in your anchor.yaml which you used to deploy anchor.
from anchor.
I set the anchor_mode of configmap to octopus,and the 10-anchor.conf as follows:
root@ubuntu-1:/etc/cni/net.d# cat 10-anchor.conf
{
"name": "anchor",
"cniVersion": "0.3.1",
"type": "octopus",
"octopus": {},
"policy": {
"type": "k8s",
"k8s_api_root": "https://172.1.0.1:443",
"k8s_auth_token": "XXX"
},
"kubernetes": {
"kubeconfig": "/etc/cni/net.d/anchor-kubeconfig"
},
"ipam": {
"type": "anchor",
"etcd_endpoints": "https://XXX:2379,https://XXX:2379,https://XXX:2379",
"etcd_key_file": "/etc/etcd/etcdSSL/etcd-key.pem",
"etcd_cert_file": "/etc/etcd/etcdSSL/etcd.pem",
"etcd_ca_cert_file": "/etc/etcd/etcdSSL/ca.pem",
"service_ipnet": "172.1.0.0/24",
"node_ips": [],
"policy": {
"type": "k8s",
"k8s_api_root": "https://172.1.0.1:443",
"k8s_auth_token": "XXX"
},
"kubernetes": {
"kubeconfig": "/etc/cni/net.d/anchor-kubeconfig"
}
}
}
root@ubuntu-1:/etc/cni/net.d#
And my ConfigMap as follows:
kind: ConfigMap
apiVersion: v1
metadata:
name: anchor-config
namespace: kube-system
data:
# Configure this with the location of your etcd cluster.
etcd_endpoints: "https://xxx:2379,https://xxx:2379,https://xxx:2379" # "https://10.0.1.2:2379,https://10.0.1.3:2379"
# Configure the Secret below if etcd TLS enabled.
etcd_ca: "/etc/etcd/etcdSSL/ca.pem" # "/anchor-secrets/etcd-ca"
etcd_cert: "/etc/etcd/etcdSSL/etcd.pem" # "/anchor-secrets/etcd-cert"
etcd_key: "/etc/etcd/etcdSSL/etcd-key.pem" # "/anchor-secrets/etcd-key"
# Config this as the value you specify in kube-apiserver.
service_cluster_ip_range: "172.1.0.0/24" # "10.96.0.0/12"
anchor_mode: "octopus" # "macvlan or octopus"
# Create a macvlan interface at the node, Only centos 7.2+ tested.
create_macvlan: "true" # "true" or "false"
# Configure it only when create_macvlan is true.
# Fields: hostname,master_interface,ip,gateway,mask. Use semicolon(;)
# to seperate multi items. Recently we only support one item per node
cluster_network: "100.64.15.228,enp130s0f0,100.64.15.228,100.64.15.254,20;100.64.15.229,enp130s0f0,100.64.15.229,100.64.15.254,20" # "node01,eth0,10.0.2.8,10.0.2.1,24;node02,eth3.2,10.0.12.3,10.0.12.1,24"
# The CNI network configuration to install on each node.
cni_network_config: |-
{
"name": "anchor",
"cniVersion": "0.3.1",
"type": "__ANCHOR_MODE__",
"master": "__MACVLAN_INTERFACE__",
"octopus": {__OCTOPUS__},
"policy": {
"type": "k8s",
"k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
"k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
},
"kubernetes": {
"kubeconfig": "__KUBECONFIG_FILEPATH__"
},
"ipam": {
"type": "anchor",
"etcd_endpoints": "__ETCD_ENDPOINTS__",
"etcd_key_file": "__ETCD_KEY_FILE__",
"etcd_cert_file": "__ETCD_CERT_FILE__",
"etcd_ca_cert_file": "__ETCD_CA_CERT_FILE__",
"service_ipnet": "__SERVICE_CLUSTER_IP_RANGE__",
"node_ips": [__NODE_IPS__],
"policy": {
"type": "k8s",
"k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
"k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
},
"kubernetes": {
"kubeconfig": "__KUBECONFIG_FILEPATH__"
}
}
}
---
from anchor.
I was confused. The type
field in 10-anchor.conf is not the same in your last two comments. And the hostname, ubuntu-1 or 100.64.15.228, which one is correct?
from anchor.
@hainesc
I am Sorry,
-
ubuntu-1 is the hostname od 100.64.15.228 , and I have set kubelet config
KUBELET_HOSTNAME="--hostname-override=100.64.15.228"
. -
And the
type
last is blank ,I have just update the configmap'sanchor_mode
set it's value tooctopus
;then the 10-anchor.conftype
change tooctopus
.
now,the 10-anchor.conf as follows:
{
"name": "anchor",
"cniVersion": "0.3.1",
"type": "octopus",
"octopus": {},
"policy": {
"type": "k8s",
"k8s_api_root": "https://172.1.0.1:443",
"k8s_auth_token": ""
},
"kubernetes": {
"kubeconfig": "/etc/cni/net.d/anchor-kubeconfig"
},
"ipam": {
"type": "anchor",
"etcd_endpoints": "https://xxx:2379,https://xxx:2379,https://xxx:2379",
"etcd_key_file": "/etc/etcd/etcdSSL/etcd-key.pem",
"etcd_cert_file": "/etc/etcd/etcdSSL/etcd.pem",
"etcd_ca_cert_file": "/etc/etcd/etcdSSL/ca.pem",
"service_ipnet": "172.1.0.0/24",
"node_ips": [],
"policy": {
"type": "k8s",
"k8s_api_root": "https://172.1.0.1:443",
"k8s_auth_token": ""
},
"kubernetes": {
"kubeconfig": "/etc/cni/net.d/anchor-kubeconfig"
}
}
}
and the configmap :
root@k8s-master:~/network# cat install.yaml
kind: ConfigMap
apiVersion: v1
metadata:
name: anchor-config
namespace: kube-system
data:
# Configure this with the location of your etcd cluster.
etcd_endpoints: "https://xxx:2379,https://xxx:2379,https://xxx:2379" # "https://10.0.1.2:2379,https://10.0.1.3:2379"
# Configure the Secret below if etcd TLS enabled.
etcd_ca: "/etc/etcd/etcdSSL/ca.pem" # "/anchor-secrets/etcd-ca"
etcd_cert: "/etc/etcd/etcdSSL/etcd.pem" # "/anchor-secrets/etcd-cert"
etcd_key: "/etc/etcd/etcdSSL/etcd-key.pem" # "/anchor-secrets/etcd-key"
# Config this as the value you specify in kube-apiserver.
service_cluster_ip_range: "172.1.0.0/24" # "10.96.0.0/12"
anchor_mode: "octopus" # "macvlan or octopus"
# Create a macvlan interface at the node, Only centos 7.2+ tested.
create_macvlan: "true" # "true" or "false"
# Configure it only when create_macvlan is true.
# Fields: hostname,master_interface,ip,gateway,mask. Use semicolon(;)
# to seperate multi items. Recently we only support one item per node
cluster_network: "100.64.15.228,enp130s0f0,100.64.15.228,100.64.15.254,20;100.64.15.229,enp130s0f0,100.64.15.229,100.64.15.254,20" # "node01,eth0,10.0.2.8,10.0.2.1,24;node02,eth3.2,10.0.12.3,10.0.12.1,24"
# The CNI network configuration to install on each node.
cni_network_config: |-
{
"name": "anchor",
"cniVersion": "0.3.1",
"type": "__ANCHOR_MODE__",
"master": "__MACVLAN_INTERFACE__",
"octopus": {__OCTOPUS__},
"policy": {
"type": "k8s",
"k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
"k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
},
"kubernetes": {
"kubeconfig": "__KUBECONFIG_FILEPATH__"
},
"ipam": {
"type": "anchor",
"etcd_endpoints": "__ETCD_ENDPOINTS__",
"etcd_key_file": "__ETCD_KEY_FILE__",
"etcd_cert_file": "__ETCD_CERT_FILE__",
"etcd_ca_cert_file": "__ETCD_CA_CERT_FILE__",
"service_ipnet": "__SERVICE_CLUSTER_IP_RANGE__",
"node_ips": [__NODE_IPS__],
"policy": {
"type": "k8s",
"k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
"k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
},
"kubernetes": {
"kubeconfig": "__KUBECONFIG_FILEPATH__"
}
}
}
---
root@k8s-master:~/network# cat anchor-2048.yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: anchor-2048
labels:
app: anchor-2048
spec:
template:
metadata:
name: anchor-2048
labels:
app: anchor-2048
annotations:
cni.anchor.org/subnet: 100.64.0.0/20
cni.anchor.org/gateway: 100.64.15.254
spec:
nodeSelector:
kubernetes.io/hostname: "100.64.15.228"
containers:
- name: anchor-2048
image: alexwhen/docker-2048
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: anchor-2048
spec:
type: NodePort
ports:
- port: 80
selector:
app: anchor-2048
root@k8s-master:~/network# kubectl create -f anchor-2048.yaml
root@k8s-master:~/network# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
anchor-2048-5989c879c6-8fmw8 1/1 Running 0 20m 172.17.0.13 100.64.15.228
root@k8s-master:~/network#
from anchor.
It's a sad story I am not sure the root cause and the config file 10-anchor.conf
is wrong. The octopus
field and node_ip
should not empty. The project has only been tested on Centos 7.x and maybe the install script works incorrectly on Ubuntu.
from anchor.
oh, thank you.
from anchor.
My advice:
- Set a hostname that looks normally.
- Set the command to
sleep 3600
for the daemonset in anchor.yaml, then run into the Pod, and run install-cni.sh manually and check the output.
Good luck, boy.
from anchor.
ok.
from anchor.
I have succeed!
I fond the cluster_network
should config the hostname of the node and could not be the ip of the node. and I config the ip of the node so it cannot create the macvlan interfance successfully.
I have another problem,for now I should add ips to etcd for every namespace in k8s ,is there any way to add ips to all namespaces once ?
from anchor.
Good job.
Frankly, there is no way to allocate IPs to all namespaces. Powder monkey is a WebUI that can help you allocate IPs, show etcd data but it is half ready.
BTW, may I know your use case?
- What's the kubernetes cluster used for?
- Why anchor?
- How do you know anchor?
from anchor.
oh,
- We used kubernetes cluster for Machine Learning and HPC.
- I found the default macvlan plugin could not work well for us ,for example the pod could not communicate with the host and pod could not visit k8s's cluster ip by drfault. Anchor solved these problems
- I just search macvlan in github and found anchor
from anchor.
Since you have installed anchor and it works correctly, I will close this issue.
If any problem in future, please feel free to open a new issue.
from anchor.
Related Issues (5)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from anchor.