在配置k8s,过程中用到flannel,发现其docker大部分文档,启动没使用systemd的形式,故此完善了下,实际生产不需要证书,可以去除。
软件版本:
root@ubuntu132:~/scripts# etcd -version
etcd Version: 3.1.7
Git SHA: 43b7507
Go Version: go1.7.5
Go OS/Arch: linux/amd64
root@ubuntu132:~/scripts# flanneld -version
v0.6.2
1、下载etcd etcdctl flannel 二进制包,并放置到/usr/local/bin
2、设置etcd,systemd管理启动,这里使用了k8s的证书,可去除
root@ubuntu133:~# cat /etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
EnvironmentFile=-/etc/etcd/etcd.conf
ExecStart=/usr/local/bin/etcd \
--name ${ETCD_NAME} \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--initial-advertise-peer-urls ${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--listen-peer-urls ${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls ${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \
--advertise-client-urls ${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-cluster-token ${ETCD_INITIAL_CLUSTER_TOKEN} \
--initial-cluster infra1=https://192.168.15.132:2380,infra2=https://192.168.15.133:2380,infra3=https://192.168.15.134:2380 \
--initial-cluster-state new \
--data-dir=${ETCD_DATA_DIR}
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
每个etcd集群节点按具体情况配置
root@ubuntu133:~# cat /etc/etcd/etcd.conf
ETCD_NAME=infra2
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.15.133:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.15.133:2379"
#[cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.15.133:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.15.133:2379
systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
设置etcd内容,同时设置flannel网络
root@ubuntu132:~/scripts# cat etcdctl.sh
#!/bin/bash
etcdctl --endpoints=https://192.168.15.132:2379,https://192.168.15.133:2379,https://192.168.15.134:2379 \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
set /coreos.com/network/config '{"Network":"10.253.0.0/16"}'
3、flannel配置,可用systemd管理,也不使用,systemd配置
root@ubuntu133:~# cat flannelctl.sh
#!/bin/bash
flanneld -etcd-endpoints="https://192.168.15.132:2379,https://192.168.15.133:2379,https://192.168.15.134:2379" \
-etcd-prefix=/coreos.com/network \
-etcd-cafile=/etc/kubernetes/ssl/ca.pem \
-etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem \
-etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem &
sleep 5
source /run/flannel/subnet.env
./flannelctl.sh
4、docker网络配置,这里需要把flannel网络中的环境变量添加到docker启动环境变量中去,docker后启动于flannel。
root@ubuntu133:~# cat /etc/systemd/system/multi-user.target.wants/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target docker.socket firewalld.service
Requires=docker.socket
[Service]
Type=notify
#ExecStart=/usr/bin/dockerd -H fd://
#ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
EnvironmentFile=-/etc/default/docker
EnvironmentFile=-/run/flannel/subnet.env
ExecStart=/usr/bin/docker daemon --bip=${FLANNEL_SUBNET} --mtu=${FLANNEL_MTU} -H fd:// $DOCKER_OPTS
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable docker
systemctl restart docker