生成证书
cd /usr/local/src/ssl
vim flanneld-csr.json
{
"CN": "flanneld",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
-ca-key=/opt/kubernetes/ssl/ca-key.pem \
-config=/opt/kubernetes/ssl/ca-config.json \
-profile=kubernetes flanneld-csr.json | cfssljson -bare flanneld
cp flanneld.pem flanneld-key.pem /opt/kubernetes/ssl/
cp flanneld.pem flanneld-key.pem 192.168.56.11/opt/kubernetes/ssl/
scp flanneld.pem flanneld-key.pem 192.168.56.12:/opt/kubernetes/ssl/
下载Flannel软件包
cd /usr/local/src
wget https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz
tar zxf flannel-v0.10.0-linux-amd64.tar.gz
cp flanneld mk-docker-opts.sh /opt/kubernetes/bin/
scp flanneld mk-docker-opts.sh 192.168.56.11:/opt/kubernetes/bin/
scp flanneld mk-docker-opts.sh 192.168.56.12:/opt/kubernetes/bin/
cd /usr/local/src/kubernetes/cluster/centos/node/bin/ ##官网kubernetes页面可以下载https://github.com/kubernetes/
cp remove-docker0.sh /opt/kubernetes/bin/
scp remove-docker0.sh 192.168.56.11:/opt/kubernetes/bin/
scp remove-docker0.sh 192.168.56.12:/opt/kubernetes/bin/
vim /opt/kubernetes/cfg/flannel
FLANNEL_ETCD="-etcd-endpoints=https://192.168.56.10:2379,https://192.168.56.11:2379,https://192.168.56.12:2379"
FLANNEL_ETCD_KEY="-etcd-prefix=/kubernetes/network"
FLANNEL_ETCD_CAFILE="--etcd-cafile=/opt/kubernetes/ssl/ca.pem"
FLANNEL_ETCD_CERTFILE="--etcd-certfile=/opt/kubernetes/ssl/flanneld.pem"
FLANNEL_ETCD_KEYFILE="--etcd-keyfile=/opt/kubernetes/ssl/flanneld-key.pem"
scp /opt/kubernetes/cfg/flannel 192.168.56.11:/opt/kubernetes/cfg/
scp /opt/kubernetes/cfg/flannel 192.168.56.12:/opt/kubernetes/cfg/
vim /usr/lib/systemd/system/flannel.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
Before=docker.service
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/flannel
ExecStartPre=/opt/kubernetes/bin/remove-docker0.sh
ExecStart=/opt/kubernetes/bin/flanneld ${FLANNEL_ETCD} ${FLANNEL_ETCD_KEY} ${FLANNEL_ETCD_CAFILE} ${FLANNEL_ETCD_CERTFILE} ${FLANNEL_ETCD_KEYFILE}
ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -d /run/flannel/docker
Type=notify
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
scp /usr/lib/systemd/system/flannel.service 192.168.56.11:/usr/lib/systemd/system/
scp /usr/lib/systemd/system/flannel.service 192.168.56.12:/usr/lib/systemd/system/
Flannel CNI集成
cd /usr/local/src wget mkdir /opt/kubernetes/bin/cni #所有node 包括master tar zxf cni-plugins-amd64-v0.7.1.tgz -C /opt/kubernetes/bin/cni scp -r /opt/kubernetes/bin/cni/* 192.168.56.11:/opt/kubernetes/bin/cni/ scp -r /opt/kubernetes/bin/cni/* 192.168.56.12:/opt/kubernetes/bin/cni/
创建etcd的key master节点就行 node也行 创建一次
/opt/kubernetes/bin/etcdctl --ca-file /opt/kubernetes/ssl/ca.pem --cert-file /opt/kubernetes/ssl/flanneld.pem --key-file /opt/kubernetes/ssl/flanneld-key.pem \
--no-sync -C https://192.168.56.10:2379,https://192.168.56.11:2379,https://192.168.56.12:2379 \
mk /kubernetes/network/config '{ "Network": "10.2.0.0/16", "Backend": { "Type": "vxlan", "VNI": 1 }}' >/dev/null 2>&1
systemctl daemon-reload systemctl enable flannel chmod +x /opt/kubernetes/bin/* systemctl start flannel systemctl status flannel
配置Docker使用Flannel
vim /usr/lib/systemd/system/docker.service
[Unit] #在Unit下面修改After和增加Requires After=network-online.target firewalld.service flannel.service Wants=network-online.target Requires=flannel.service [Service] #增加EnvironmentFile=-/run/flannel/docker $DOCKER_OPTS也是加上去的 Type=notify EnvironmentFile=-/run/flannel/docker ExecStart=/usr/bin/dockerd $DOCKER_OPTS
scp /usr/lib/systemd/system/docker.service 192.168.56.11:/usr/lib/systemd/system/ scp /usr/lib/systemd/system/docker.service 192.168.56.12:/usr/lib/systemd/system/
systemctl daemon-reload systemctl restart docker
node1测试
docker run -itd --name bs01 busybox ping www.baidu.com
node2测试
docker run -itd --name bs01 busybox ping www.baidu.com
