Kubernetes安装系列之网络组件-Flannel安装设定

这篇文章整理以下Master节点的flannel的安装与设定方法,本文以脚本的方式进行固化,内容仍然放在github的easypack上。

整体操作

  • https://blog.csdn.net/liumiaocn/article/details/88413428

flannel的设定文件

[root@host131 shell]# cat /etc/flannel/flannel.conf 
FLANNELD_OPTS="-etcd-cafile=/etc/ssl/ca/ca.pem \
  -etcd-certfile=/etc/ssl/flannel/flanneld.pem \
  -etcd-keyfile=/etc/ssl/flannel/flanneld-key.pem \
  -etcd-endpoints=https://192.168.163.131:2379 \
  -etcd-prefix=/coreos.com/network \
  -iface=enp0s3 \
  -ip-masq"
[root@host131 shell]#

Systemd服务配置文件

[root@host131 shell]# cat /usr/lib/systemd/system/flanneld.service 
[Unit]
Description=Flanneld Service
Documentation=https://github.com/coreos/flannel
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service

[Service]
EnvironmentFile=-/etc/flannel/flannel.conf
ExecStart=/usr/local/bin/flanneld $FLANNELD_OPTS
ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
Restart=on-failure

[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
[root@host131 shell]#

脚本示例

[root@host131 shell]# cat step6-install-flannel.sh 
#!/bin/sh

. ./install.cfg

# set cfssl tools in search path
chmod 755 ${ENV_HOME_CFSSL}/*
if [ $? -ne 0 ]; then
  echo "prepare downloaded cfssl tools in ${ENV_HOME_CFSSL} in advance"
  exit
fi

export PATH=${ENV_HOME_CFSSL}:$PATH

mkdir -p ${ENV_SSL_FLANNEL_DIR}
cd  ${ENV_SSL_FLANNEL_DIR}
if [ $? -ne 0 ]; then
  echo "failed to create dir :${ENV_SSL_FLANNEL_DIR}"
  exit
fi

cat > ${ENV_SSL_FLANNEL_CSR} <<EOF
{
  "CN": "${ENV_SSL_FLANNEL_CSR_CN}",
  "hosts": [],
  "key": {
    "algo": "${ENV_SSL_KEY_ALGO}",
    "size": ${ENV_SSL_KEY_SIZE}
  },
  "names": [
    {
      "C": "${ENV_SSL_NAMES_C}",
      "ST": "${ENV_SSL_NAMES_L}",
      "L": "${ENV_SSL_NAMES_ST}",
      "O": "${ENV_SSL_NAMES_O}",
      "OU": "${ENV_SSL_NAMES_OU}"
    }
  ]
}
EOF

cfssl gencert -ca=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \
  -ca-key=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_KEY} \
  -config=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_CONFIG} \
  -profile=${ENV_SSL_PROFILE_K8S} ${ENV_SSL_FLANNEL_CSR} | cfssljson -bare ${ENV_SSL_FLANNEL_CERT_PRIFIX}

ls ${ENV_SSL_FLANNEL_DIR}/*pem

ETCD_ENDPOINTS=`echo ${ENV_ETCD_HOSTS} |awk -v port=${ENV_ETCD_CLIENT_PORT} -F" " '{
    for(cnt=1; cnt$cnt,port);
    }
    printf("https://%s:%s",$cnt,port);
}'`

# flannel v0.10 : not support etcd v3
ETCDCTL_API=2 etcdctl \
  --endpoints=${ETCD_ENDPOINTS} \
  --ca-file=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \
  --cert-file=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}.pem \
  --key-file=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}-key.pem \
  set ${ENV_FLANNEL_ETCD_NETWORK_PREFIX}/config '{"Network":"'${ENV_KUBE_OPT_CLUSTER_IP_RANGE}'", "SubnetLen": 21, "Backend": {"Type": "vxlan"}}'

echo -e "\n##  flanneld service"
systemctl stop flanneld 2>/dev/null

mkdir -p ${ENV_FLANNEL_DIR_BIN} ${ENV_FLANNEL_DIR_ETC} ${ENV_FLANNEL_DIR_RUN}
chmod 755 ${ENV_HOME_FLANNEL}/{flanneld,mk-docker-opts.sh} 
cp -p ${ENV_HOME_FLANNEL}/{flanneld,mk-docker-opts.sh} ${ENV_FLANNEL_DIR_BIN}
if [ $? -ne 0 ]; then
  echo "please check flanneld binary file and mk-docker-opts.sh existed in ${ENV_HOME_FLANNEL}/ or not"
  exit 
fi

# create flannel configuration file
cat >${ENV_FLANNEL_DIR_ETC}/${ENV_FLANNEL_ETC} <<EOF
FLANNELD_OPTS="-etcd-cafile=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \\
  -etcd-certfile=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}.pem \\
  -etcd-keyfile=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}-key.pem \\
  -etcd-endpoints=${ETCD_ENDPOINTS} \\
  -etcd-prefix=${ENV_FLANNEL_ETCD_NETWORK_PREFIX} \\
  -iface=${ENV_FLANNEL_OPT_IFACE} \\
  -ip-masq"
EOF

# Create flannel service.
cat >${ENV_FLANNEL_SERVICE} <<EOF
[Unit]
Description=Flanneld Service
Documentation=https://github.com/coreos/flannel
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service

[Service]
EnvironmentFile=-${ENV_FLANNEL_DIR_ETC}/${ENV_FLANNEL_ETC}
ExecStart=${ENV_FLANNEL_DIR_BIN}/flanneld \$FLANNELD_OPTS
ExecStartPost=${ENV_FLANNEL_DIR_BIN}/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d ${ENV_FLANNEL_DIR_RUN}/docker
Restart=on-failure

[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
EOF

echo -e "\n##  daemon reload service "
systemctl daemon-reload
echo -e "\n##  start flannel service "
systemctl start flanneld
echo -e "\n##  enable flannel service " 
systemctl enable flanneld
echo -e "\n##  check  flannel status"
systemctl status flanneld
[root@host131 shell]#

执行示例

[root@host131 shell]# sh step6-install-flannel.sh 
2019/03/24 13:37:03 [INFO] generate received request
2019/03/24 13:37:03 [INFO] received CSR
2019/03/24 13:37:03 [INFO] generating key: rsa-2048
2019/03/24 13:37:04 [INFO] encoded CSR
2019/03/24 13:37:04 [INFO] signed certificate with serial number 652274714063907134614492461596477882158874665465
2019/03/24 13:37:04 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
/etc/ssl/flannel/flanneld-key.pem  /etc/ssl/flannel/flanneld.pem
{"Network":"172.200.0.0/16", "SubnetLen": 21, "Backend": {"Type": "vxlan"}}

##  flanneld service

##  daemon reload service 

##  start flannel service 

##  enable flannel service 

##  check  flannel status
● flanneld.service - Flanneld Service
   Loaded: loaded (/usr/lib/systemd/system/flanneld.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2019-03-24 13:37:04 CST; 266ms ago
     Docs: https://github.com/coreos/flannel
 Main PID: 14887 (flanneld)
   CGroup: /system.slice/flanneld.service
           └─14887 /usr/local/bin/flanneld -etcd-cafile=/etc/ssl/ca/ca.pem -etcd-certfile=/etc/ssl/flannel/flanneld.pem -etcd-keyfile=/etc/ssl/flannel/fla...

Mar 24 13:37:04 host131 systemd[1]: Starting Flanneld Service...
Mar 24 13:37:04 host131 systemd[1]: Started Flanneld Service.
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.868581   14887 main.go:488] Using interface with name enp0s3 and address 192.168.163.131
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.868911   14887 main.go:505] Defaulting external address to interface address (192.168.163.131)
Mar 24 13:37:04 host131 flanneld[14887]: warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.886022   14887 main.go:235] Created subnet manager: Etcd Local Manager with Previous Subnet: None
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.886039   14887 main.go:238] Installing signal handlers
[root@host131 shell]#

flannel设定之后各node节点都会统一管理ip,不同容器之间的互联互通成为可能,当然calico等也是同样作用。

你可能感兴趣的:(Kubernetes,深入浅出kubernetes)