Kubernetes (K8s) 安装部署过程(六)之安装flannel网络插件

1、下载flannel包并安装

[root@k8s_Master package]# wget https://github.com/coreos/flannel/releases/download/v0.12.0/flannel-v0.12.0-linux-amd64.tar.gz
[root@k8s_Master package]# tar -xf flannel-v0.12.0-linux-amd64.tar.gz 
[root@k8s_Master package]# cp flanneld /usr/local/bin/
[root@k8s_Master package]# cp mk-docker-opts.sh /usr/local/bin/

2、创建subnet.env文件

[root@k8s_Master package]# mkdir /etc/flannel
[root@k8s_Master package]# cd /etc/flannel/
[root@k8s_Master flannel]# vim subnet.env

文件内容如下 

FLANNEL_NETWORK=172.7.0.0/16
FLANNEL_SUBNET=172.7.21.1/24         #每个nodes的子网不一样需修改，test-nodes1为21，而test-nodes2为22
FLANNEL_MTU=1500
FLANNEL_IPMASQ=false

3、编写启动服务，修改service文件/usr/lib/systemd/system/flanneld.service其内容为：

[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service

[Service]
Type=notify
ExecStart=/usr/local/bin/flanneld \
  --public-ip=192.168.0.221 \
  --etcd-endpoints=https://192.168.0.221:2379,https://192.168.0.222:2379,https://192.168.0.223:2379 \
  --etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem \
  --etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem \
  --etcd-cafile=/etc/kubernetes/ssl/ca.pem \
  --iface=ens33 \
  --subnet-file=/etc/flannel/subnet.env \
  --healthz-port=2401 \
  --etcd-prefix=/kube-centos/network
ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /etc/flannel/subnet.env
Restart=always
RestartSec=5
StartLimitInterval=0

[Install]
WantedBy=multi-user.target
RequiredBy=docker.service

 4、在etcd中常见网络配置信息（#上下是2条命令，在任何节点上创建都行，因为etcd是集群的。如果你要使用vxlan模式，可以直接将host-gw改成vxlan即可。）

/usr/local/bin/etcdctl --endpoints=https://192.168.0.221:2379,https://192.168.0.222:2379,https://192.168.0.223:2379 \
  --ca-file=/etc/kubernetes/ssl/ca.pem \
  --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  mkdir /kube-centos/network

[root@k8s_Master flannel]# etcdctl --endpoints=https://192.168.0.221:2379,https://192.168.0.222:2379,https://192.168.0.223:2379 \
>   --ca-file=/etc/kubernetes/ssl/ca.pem \
>   --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
>   --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
>   mk /kube-centos/network/config '{"Network":"172.7.0.0/16","SubnetLen":24,"Backend":{"Type":"host-gw"}}' &
[1] 90008
[root@k8s_Master flannel]# {"Network":"172.7.0.0/16","SubnetLen":24,"Backend":{"Type":"host-gw"}}

[1]+  Done                    etcdctl --endpoints=https://192.168.0.221:2379,https://192.168.0.222:2379,https://192.168.0.223:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem mk /kube-centos/network/config '{"Network":"172.7.0.0/16","SubnetLen":24,"Backend":{"Type":"host-gw"}}'

 

5、设置开机启动

# systemctl enable flanneld
# systemctl start flanneld
# systemctl status flanneld

具体信息如下

[root@k8s_Master flannel]# systemctl daemon-reload
[root@k8s_Master flannel]# systemctl enable flanneld
Created symlink /etc/systemd/system/multi-user.target.wants/flanneld.service → /usr/lib/systemd/system/flanneld.service.
Created symlink /etc/systemd/system/docker.service.requires/flanneld.service → /usr/lib/systemd/system/flanneld.service.
[root@k8s_Master flannel]# systemctl stop flanneld
\[root@k8s_Master flannel]# systemctl start flanneld
[root@k8s_Master flannel]# systemctl status flanneld
● flanneld.service - Flanneld overlay address etcd agent
   Loaded: loaded (/usr/lib/systemd/system/flanneld.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2020-08-22 03:02:00 CST; 6s ago
  Process: 90114 ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /etc/flannel/subnet.env (code=exited, status=0/SUCCESS)
 Main PID: 90103 (flanneld)
    Tasks: 13 (limit: 17489)
   Memory: 10.8M
   CGroup: /system.slice/flanneld.service
           └─90103 /usr/local/bin/flanneld --public-ip=192.168.0.221 --etcd-endpoints=https://192.168.0.221:2379,https://192.168.0.222:2379,https://192.168.0.223:2379 --etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem --etcd-certfile=/etc/kubernetes/ssl/kubernetes.p>

Aug 22 03:02:00 k8s_Master flanneld[90103]: I0822 03:02:00.116408   90103 main.go:321] Wrote subnet file to /etc/flannel/subnet.env
Aug 22 03:02:00 k8s_Master flanneld[90103]: I0822 03:02:00.116435   90103 main.go:325] Running backend.
Aug 22 03:02:00 k8s_Master flanneld[90103]: I0822 03:02:00.119497   90103 route_network.go:53] Watching for new subnet leases
Aug 22 03:02:00 k8s_Master flanneld[90103]: I0822 03:02:00.356024   90103 main.go:433] Waiting for 22h59m40.973126967s to renew lease
Aug 22 03:02:00 k8s_Master systemd[1]: Started Flanneld overlay address etcd agent.
Aug 22 03:02:00 k8s_Master flanneld[90103]: I0822 03:02:00.833622   90103 iptables.go:145] Some iptables rules are missing; deleting and recreating rules
Aug 22 03:02:00 k8s_Master flanneld[90103]: I0822 03:02:00.833650   90103 iptables.go:167] Deleting iptables rule: -s 172.7.0.0/16 -j ACCEPT
Aug 22 03:02:00 k8s_Master flanneld[90103]: I0822 03:02:00.840175   90103 iptables.go:167] Deleting iptables rule: -d 172.7.0.0/16 -j ACCEPT
Aug 22 03:02:00 k8s_Master flanneld[90103]: I0822 03:02:00.841626   90103 iptables.go:155] Adding iptables rule: -s 172.7.0.0/16 -j ACCEPT
Aug 22 03:02:00 k8s_Master flanneld[90103]: I0822 03:02:00.857381   90103 iptables.go:155] Adding iptables rule: -d 172.7.0.0/16 -j ACCEPT

6、在其它的两台机器上也要执行相应的操作

（1）传包

[root@k8s_Master flannel]# scp flanneld mk-docker-opts.sh 192.168.0.222:/usr/local/bin/
[email protected]'s password: 
flanneld                                                                                                  100%   34MB 269.0MB/s   00:00    
mk-docker-opts.sh                                                                                                                                                                                                                           100% 2139     2.6MB/s   00:00    
[root@k8s_Master flannel]# scp flanneld mk-docker-opts.sh 192.168.0.223:/usr/local/bin/
[email protected]'s password: 
flanneld                                                                                                                                                                                                                                    100%   34MB 179.7MB/s   00:00    
mk-docker-opts.sh                                                                                                                                                                                                                           100% 2139     2.7MB/s   00:00

（2）传输环境配置文件 

[root@k8s_Node1 ~]# mkdir /etc/flannel/

[root@k8s_Master flannel]# scp /etc/flannel/subnet.env 192.168.0.222:/etc/flannel/
[email protected]'s password: 
subnet.env                                                                                                                                                                                                                                  100%   26    13.1KB/s   00:00    
[root@k8s_Master flannel]# scp /etc/flannel/subnet.env 192.168.0.223:/etc/flannel/
[email protected]'s password: 
subnet.env                                                                                                                                                                                                                                  100%   26    19.3KB/s   00:00

（3）传输启动文件（记得将public-ip的值改成相应节点的IP地址）

[root@k8s_Master flannel]# scp /usr/lib/systemd/system/flanneld.service 192.168.0.222:/usr/lib/systemd/system
[email protected]'s password: 
flanneld.service                                                                                                                                                                                                                            100%  856   141.1KB/s   00:00    
[root@k8s_Master flannel]# scp /usr/lib/systemd/system/flanneld.service 192.168.0.223:/usr/lib/systemd/system
[email protected]'s password: 
flanneld.service                                                                                                                                                                                                                            100%  856   890.7KB/s   00:00 

（4）在node节点上启动flanneld服务

# systemctl enable flanneld
# systemctl start flanneld
# systemctl status flanneld

 

 

现在查询etcd中的内容可以看到：

[root@k8s_Node1 ~]# /usr/local/bin/etcdctl --endpoints=https://192.168.0.221:2379,https://192.168.0.222:2379,https://192.168.0.223:2379 \
>   --ca-file=/etc/kubernetes/ssl/ca.pem \
>   --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
>   --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
>   ls /kube-centos/network/subnets
/kube-centos/network/subnets/172.7.21.0-24
/kube-centos/network/subnets/172.7.28.0-24
/kube-centos/network/subnets/172.7.68.0-24


[root@k8s_Node1 ~]# /usr/local/bin/etcdctl --endpoints=https://192.168.0.221:2379,https://192.168.0.222:2379,https://192.168.0.223:2379 \
 --ca-file=/etc/kubernetes/ssl/ca.pem  \
 --cert-file=/etc/kubernetes/ssl/kubernetes.pem  \
 --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
 get /kube-centos/network/config

{"Network":"172.7.0.0/16","SubnetLen":24,"Backend":{"Type":"host-gw"}}

[root@k8s_Master flannel]# /usr/local/bin/etcdctl --endpoints=https://192.168.0.221:2379,https://192.168.0.222:2379,https://192.168.0.223:2379 \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem  \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem  \
get /kube-centos/network/subnets/172.7.21.0-24

{"PublicIP":"192.168.0.221","BackendType":"host-gw"}


[root@k8s_Node1 ~]# /usr/local/bin/etcdctl --endpoints=https://192.168.0.221:2379,https://192.168.0.222:2379,https://192.168.0.223:2379  \
--ca-file=/etc/kubernetes/ssl/ca.pem  \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem  \
get /kube-centos/network/subnets/172.7.28.0-24

{"PublicIP":"192.168.0.222","BackendType":"host-gw"}



[root@k8s_Node2 ~]# /usr/local/bin/etcdctl --endpoints=https://192.168.0.221:2379,https://192.168.0.222:2379,https://192.168.0.223:2379 \  
--ca-file=/etc/kubernetes/ssl/ca.pem   \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem   \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem  \
get /kube-centos/network/subnets/172.7.68.0-24


{"PublicIP":"192.168.0.223","BackendType":"host-gw"}

注意：在部署的时候可能会出现Couldn't fetch network config: client: response is invalid json. The endpoint is probably not valid etcd cluster endpoint.的错，出现这个错的原因时flanneld v0.11不支持 etcd-3.4的版本，将版本改成flanneld v0.11和 etcd-3.3的版本即可成功部署