參考：https://github.com/flannel-io/flannel

部署

For Kubernetes v1.17+

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

配置引數

--public-ip="": IP accessible by other nodes for inter-host communication. Defaults to the IP of the interface being used for communication.
--etcd-endpoints=http://127.0.0.1:4001: a comma-delimited list of etcd endpoints.
--etcd-prefix=/coreos.com/network: etcd prefix.
--etcd-keyfile="": SSL key file used to secure etcd communication.
--etcd-certfile="": SSL certification file used to secure etcd communication.
--etcd-cafile="": SSL Certificate Authority file used to secure etcd communication.
--kube-subnet-mgr: Contact the Kubernetes API for subnet assignment instead of etcd.
--iface="": interface to use (IP or name) for inter-host communication. Defaults to the interface for the default route on the machine. This can be specified multiple times to check each option in order. Returns the first match found.
--iface-regex="": regex expression to match the first interface to use (IP or name) for inter-host communication. If unspecified, will default to the interface for the default route on the machine. This can be specified multiple times to check each regex in order. Returns the first match found. This option is superseded by the iface option and will only be used if nothing matches any option specified in the iface options.
--iptables-resync=5: resync period for iptables rules, in seconds. Defaults to 5 seconds, if you see a large amount of contention for the iptables lock increasing this will probably help.
--subnet-file=/run/flannel/subnet.env: filename where env variables (subnet and MTU values) will be written to.
--net-config-path=/etc/kube-flannel/net-conf.json: path to the network configuration file to use
--subnet-lease-renew-margin=60: subnet lease renewal margin, in minutes.
--ip-masq=false: setup IP masquerade for traffic destined for outside the flannel network. Flannel assumes that the default policy is ACCEPT in the NAT POSTROUTING chain.
-v=0: log level for V logs. Set to 1 to see messages related to data path.
--healthz-ip="0.0.0.0": The IP address for healthz server to listen (default "0.0.0.0")
--healthz-port=0: The port for healthz server to listen(0 to disable)
--version: print version and exit
 

host-local IPAM 的限制

Flannel 網路使用 host-local IPAM（IP 地址管理）CNI 外掛，它為您的叢集提供簡單的 IP 地址管理。 雖然簡單，但也有侷限性：

• 建立節點時，它會預先分配一個 CIDR。 如果每個節點的 pod 數量超過每個節點可用的 IP 地址數量，則必須重新建立叢集。 相反，如果 Pod 的數量遠小於每個節點可用的地址數量，則無法有效利用 IP 地址空間； 隨著向外擴充套件和 IP 地址耗盡，效率低下成為一個痛點。

• 因為每個節點都有一個預先分配的 CIDR，所以 pod 必須始終根據執行它的節點分配一個 IP 地址。 能夠根據其他屬性（例如 pod 的名稱空間）分配 IP 地址，可以靈活地滿足出現的用例。