k8s----flannel部署详解

docker引擎部署

所有node节点部署docker引擎

关闭防火墙
[root@server1 ~]# systemctl stop firewalld
[root@server1 ~]# setenforce 0

[root@server1 ~]# vi /etc/resolv.conf 

nameserver  8.8.8.8

安装依赖包
[root@server1 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2


设置阿里云镜像源
[root@server1 yum.repos.d]# cd
[root@server1 ~]# cd /etc/yum.repos.d/
[root@server1 yum.repos.d]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

安装Docker-CE（社区版Docker引擎）

[root@server1 yum.repos.d]# yum install -y docker-ce  、、安装社区版docker
[root@server1 yum.repos.d]# systemctl start docker  、、开启docker服务
[root@server1 yum.repos.d]# systemctl enable docker  、、开机启动docker

设置镜像加速
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://rwyi253w.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

[root@node01 ~]# vim /etc/sysctl.conf 
[root@node01 ~]# sysctl -p
net.ipv4.ip_forward = 1

[root@node01 ~]# service network restart 
Restarting network (via systemctl):                        [  确定  ]
[root@node01 ~]# systemctl start docker
[root@node01 ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
[root@node01 ~]# docker images
REPOSITORY   TAG       IMAGE ID   CREATED   SIZE

flannel网络配置

写入分配的子网段到ETCD中，供flannel使用

 master操作
[root@server3 ssl]# ls
ca-key.pem  ca.pem  server-key.pem  server.pem
[root@server3 ssl]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.188.30:2379,https://192.168.188.40:2379,https://192.168.188.50:2379" set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'
{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}

查看写入的信息
[root@server3 ssl]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.188.30:2379,https://192.168.188.40:2379,https://192.168.188.50:2379" get /coreos.com/network/config 
{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}


拷贝到所有node节点（只需要部署在node节点即可）
[root@node01 ~]# ls
anaconda-ks.cfg                     original-ks.cfg  视频  下载
flannel-v0.10.0-linux-amd64.tar.gz  公共             图片  音乐
initial-setup-ks.cfg                模板             文档  桌面

所有node节点操作解压
[root@node01 ~]# tar zxvf flannel-v0.10.0-linux-amd64.tar.gz 
flanneld
mk-docker-opts.sh
README.md
[root@node01 ~]# ls
anaconda-ks.cfg                     mk-docker-opts.sh  模板  下载
flanneld                            original-ks.cfg    视频  音乐
flannel-v0.10.0-linux-amd64.tar.gz  README.md          图片  桌面
initial-setup-ks.cfg                公共               文档

k8s工作目录
[root@node02 ~]# mkdir /opt/kubernetes/{cfg,bin,ssl} -p
[root@node02 ~]# ls /opt/kubernetes/
bin  cfg  ssl
[root@node01 ~]# mv mk-docker-opts.sh flanneld /opt/kubernetes/bin/
[root@node01 ~]# ls /opt/kubernetes/bin/
flanneld  mk-docker-opts.sh


[root@node02 ~]# vim flannel.sh 

#!/bin/bash

ETCD_ENDPOINTS=${1:-"http://127.0.0.1:2379"}

cat <<EOF >/opt/kubernetes/cfg/flanneld
#!/bin/bash

ETCD_ENDPOINTS=${1:-"http://127.0.0.1:2379"}

cat <<EOF >/opt/kubernetes/cfg/flanneld

FLANNEL_OPTIONS="--etcd-endpoints=${ETCD_ENDPOINTS} \
-etcd-cafile=/opt/etcd/ssl/ca.pem \
-etcd-certfile=/opt/etcd/ssl/server.pem \
-etcd-keyfile=/opt/etcd/ssl/server-key.pem"

EOF

cat <<EOF >/usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network-online.target network.target
Before=docker.service

[Service]
Type=notify
EnvironmentFile=/opt/kubernetes/cfg/flanneld
ExecStart=/opt/kubernetes/bin/flanneld --ip-masq \$FLANNEL_OPTIONS
ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env
Restart=on-failure

[Install]
WantedBy=multi-user.target

开启flannel网络功能
[root@node01 ~]# bash flannel.sh https://192.168.188.30:2379,https://192.168.188.40:2379,https://192.168.188.50:2379
Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.
[root@node01 ~]# ifconfig 

node01

node02

配置docker连接flannel

所有node节点配置

[root@node01 ~]# cat /run/flannel/subnet.env 
DOCKER_OPT_BIP="--bip=172.17.20.1/24"
DOCKER_OPT_IPMASQ="--ip-masq=false"
DOCKER_OPT_MTU="--mtu=1450"
DOCKER_NETWORK_OPTIONS=" --bip=172.17.20.1/24 --ip-masq=false --mtu=1450"
[root@node01 ~]# vim /usr/lib/systemd/system/docker.service 
修改14  添加13
 13 EnvironmentFile=/run/flannel/subnet.env 
 14 ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS -H fd:// --containe    rd=/run/containerd/containerd.sock
 [root@node01 ~]# systemctl daemon-reload
[root@node01 ~]# systemctl restart docker

node01

node02

测试ping通对方docker0网卡 证明flannel起到路由作用

[root@node01 ~]# docker run -it centos:7 /bin/bash
Unable to find image 'centos:7' locally
7: Pulling from library/centos
2d473b07cdd5: Pull complete 
Digest: sha256:0f4ec88e21daf75124b8a9e5ca03c37a5e937e0e108a255d890492430789b60e
Status: Downloaded newer image for centos:7
[root@c09e8997c1a5 /]# yum install net-tools -y

node01 的容器ip

node02容器的ip

node01pingnode02的容器ping一下