Kubernetes部署（八）：Flannel网络部署

相关内容：

Kubernetes部署（一）：架构及功能说明
Kubernetes部署（二）：系统环境初始化
Kubernetes部署（三）：CA证书制作
Kubernetes部署（四）：ETCD集群部署
Kubernetes部署（五）：Haproxy、Keppalived部署
Kubernetes部署（六）：Master节点部署
Kubernetes部署（七）：Node节点部署
Kubernetes部署（八）：Flannel网络部署
Kubernetes部署（九）：CoreDNS、Dashboard、Ingress部署
Kubernetes部署（十）：储存之glusterfs和heketi部署
Kubernetes部署（十一）：管理之Helm和Rancher部署
Kubernetes部署（十二）：helm部署harbor企业级镜像仓库

Flannel 需要在所有的master和node都部署
1.为Flannel生成证书

[root@node-01 ssl]# vim flanneld-csr.json{  "CN": "flanneld",  "hosts": [],  "key": {    "algo": "rsa",    "size": 2048  },  "names": [    {      "C": "CN",      "ST": "BeiJing",      "L": "BeiJing",      "O": "k8s",      "OU": "System"    }  ]}

2.生成证书

[root@node-01 ssl]# cfssl gencert -ca=/data/kubernetes/ssl/ca.pem \   -ca-key=/data/kubernetes/ssl/ca-key.pem \   -config=/data/kubernetes/ssl/ca-config.json \   -profile=kubernetes flanneld-csr.json | cfssljson -bare flanneld

3.分发证书

[root@node-01 ssl]# for n in `seq 201 206`; do scp flanneld*.pem 10.31.90.$n:/data/kubernetes/ssl/;done

4.下载Flannel软件包

[root@node-01 k8s]#wget https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz[root@node-01 k8s]# tar zxf flannel-v0.10.0-linux-amd64.tar.gz[root@node-01 k8s]# for n in `seq 201 206`;do scp flanneld mk-docker-opts.sh 10.31.90.$n:/data/kubernetes/bin/;done复制对应脚本到/data/kubernetes/bin目录下。[root@node-01 k8s]# for n in `seq 201 206`;do scp remove-docker0.sh 10.31.90.$n:/data/kubernetes/bin/;done    

5.配置Flannel

[root@node-04 ssl]# vim /data/kubernetes/cfg/flannelFLANNEL_ETCD="-etcd-endpoints=https://10.31.90.201:2379,https://10.31.90.202:2379,https://10.31.90.203:2379"FLANNEL_ETCD_KEY="-etcd-prefix=/kubernetes/network"FLANNEL_ETCD_CAFILE="--etcd-cafile=/data/kubernetes/ssl/ca.pem"FLANNEL_ETCD_CERTFILE="--etcd-certfile=/data/kubernetes/ssl/flanneld.pem"FLANNEL_ETCD_KEYFILE="--etcd-keyfile=/data/kubernetes/ssl/flanneld-key.pem"复制配置到其它节点上[root@node-01 ~]# for n in `seq 201 206`;do scp /data/kubernetes/cfg/flannel 10.31.90.$n:/data/kubernetes/cfg/;done

6.设置Flannel系统服务

[root@node-01 ~]# vim /usr/lib/systemd/system/flannel.service[Unit]Description=Flanneld overlay address etcd agentAfter=network.targetBefore=docker.service[Service]EnvironmentFile=-/data/kubernetes/cfg/flannelExecStartPre=/data/kubernetes/bin/remove-docker0.shExecStart=/data/kubernetes/bin/flanneld ${FLANNEL_ETCD} ${FLANNEL_ETCD_KEY} ${FLANNEL_ETCD_CAFILE} ${FLANNEL_ETCD_CERTFILE} ${FLANNEL_ETCD_KEYFILE}ExecStartPost=/data/kubernetes/bin/mk-docker-opts.sh -d /run/flannel/dockerType=notify[Install]WantedBy=multi-user.targetRequiredBy=docker.service复制系统服务脚本到其它节点上[root@node-01 k8s]# for n in `seq 201 206`;do scp /usr/lib/systemd/system/flannel.service 10.31.90.$n:/usr/lib/systemd/system/flannel.service;done

Flannel CNI集成

下载CNI插件

[root@node-01 ~]# wget https://github.com/containernetworking/plugins/releases/download/v0.7.1/cni-plugins-amd64-v0.7.1.tgz[root@node-01 ~]# mkdir /data/kubernetes/bin/cni[root@node-01 src]# tar zxf cni-plugins-amd64-v0.7.1.tgz -C /data/kubernetes/bin/cni[root@node-01 k8s]# for n in `seq 201 206`;do scp /data/kubernetes/bin/cni/* 10.31.90.$n:/data/kubernetes/bin/cni/;done     

创建Etcd的key

[root@node-01 ~]# /data/kubernetes/bin/etcdctl --ca-file /data/kubernetes/ssl/ca.pem --cert-file /data/kubernetes/ssl/flanneld.pem --key-file /data/kubernetes/ssl/flanneld-key.pem \      --no-sync -C https://10.31.90.201:2379,https://10.31.90.202:2379,https://10.31.90.203:2379 \mk /kubernetes/network/config '{ "Network": "10.2.0.0/16", "Backend": { "Type": "vxlan", "VNI": 1 }}' >/dev/null 2>&1

启动flannel

[root@node-01 ~]# systemctl daemon-reload[root@node-01 ~]# systemctl enable flannel[root@node-01 ~]# chmod +x /data/kubernetes/bin/*[root@node-01 ~]# systemctl start flannel

查看服务状态

[root@node-01 ~]# systemctl status flannel

配置Docker使用Flannel

[root@node-01 ~]# vim /usr/lib/systemd/system/docker.service[Unit] #在Unit下面修改After和增加RequiresAfter=network-online.target firewalld.service flannel.serviceWants=network-online.targetRequires=flannel.service[Service] #增加EnvironmentFile=-/run/flannel/dockerType=notifyEnvironmentFile=-/run/flannel/dockerExecStart=/usr/bin/dockerd $DOCKER_OPTS

将配置复制到其它所有的node

[root@node-01 k8s]# for n in `seq 201 206`;do scp /usr/lib/systemd/system/docker.service 10.31.90.$n:/usr/lib/systemd/system/docker.service;done

重启Docker

[root@node-01 ~]# systemctl daemon-reload[root@node-01 ~]# systemctl restart docker

再查看各个节点会发现docker0网卡和flannel网卡的ip地址都是我们上面配置的网段了。

[root@node-01 k8s]# ifconfig docker0: flags=4099  mtu 1500        inet 10.2.84.1  netmask 255.255.255.0  broadcast 10.2.84.255        ether 02:42:5e:c6:0c:aa  txqueuelen 0  (Ethernet)        RX packets 0  bytes 0 (0.0 B)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 0  bytes 0 (0.0 B)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0flannel.1: flags=4163  mtu 1450        inet 10.2.84.0  netmask 255.255.255.255  broadcast 0.0.0.0        inet6 fe80::8ccc:15ff:fedd:c00d  prefixlen 64  scopeid 0x20        ether 8e:cc:15:dd:c0:0d  txqueuelen 0  (Ethernet)        RX packets 0  bytes 0 (0.0 B)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 0  bytes 0 (0.0 B)        TX errors 0  dropped 8 overruns 0  carrier 0  collisions 0

至此k8s的集群就已经全部部署完成，后续会继续补充管理、监控、存储等方面的文档。

后续会陆续更新所有的安装文档，如果你觉得我写的不错，希望大家多多关注点赞，非常感谢！