Kubernetes安装系列之网络组件-Flannel安装设定

这篇文章整理以下Master节点的flannel的安装与设定方法,本文以脚本的方式进行固化,内容仍然放在github的easypack上。

整体操作

flannel的设定文件

[root@host131 shell]# cat /etc/flannel/flannel.conf 
FLANNELD_OPTS="-etcd-cafile=/etc/ssl/ca/ca.pem \
  -etcd-certfile=/etc/ssl/flannel/flanneld.pem \
  -etcd-keyfile=/etc/ssl/flannel/flanneld-key.pem \
  -etcd-endpoints=https://192.168.163.131:2379 \
  -etcd-prefix=/coreos.com/network \
  -iface=enp0s3 \
  -ip-masq"
[root@host131 shell]#

Systemd服务配置文件

[root@host131 shell]# cat /usr/lib/systemd/system/flanneld.service 
[Unit]
Description=Flanneld Service
Documentation=https://github.com/coreos/flannel
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service

[Service]
EnvironmentFile=-/etc/flannel/flannel.conf
ExecStart=/usr/local/bin/flanneld $FLANNELD_OPTS
ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
Restart=on-failure

[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
[root@host131 shell]#

脚本示例

[root@host131 shell]# cat step6-install-flannel.sh 
#!/bin/sh

. ./install.cfg

# set cfssl tools in search path
chmod 755 ${ENV_HOME_CFSSL}/*
if [ $? -ne 0 ]; then
  echo "prepare downloaded cfssl tools in ${ENV_HOME_CFSSL} in advance"
  exit
fi

export PATH=${ENV_HOME_CFSSL}:$PATH

mkdir -p ${ENV_SSL_FLANNEL_DIR}
cd  ${ENV_SSL_FLANNEL_DIR}
if [ $? -ne 0 ]; then
  echo "failed to create dir :${ENV_SSL_FLANNEL_DIR}"
  exit
fi

cat > ${ENV_SSL_FLANNEL_CSR} <<EOF
{
  "CN": "${ENV_SSL_FLANNEL_CSR_CN}",
  "hosts": [],
  "key": {
    "algo": "${ENV_SSL_KEY_ALGO}",
    "size": ${ENV_SSL_KEY_SIZE}
  },
  "names": [
    {
      "C": "${ENV_SSL_NAMES_C}",
      "ST": "${ENV_SSL_NAMES_L}",
      "L": "${ENV_SSL_NAMES_ST}",
      "O": "${ENV_SSL_NAMES_O}",
      "OU": "${ENV_SSL_NAMES_OU}"
    }
  ]
}
EOF

cfssl gencert -ca=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \
  -ca-key=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_KEY} \
  -config=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_CONFIG} \
  -profile=${ENV_SSL_PROFILE_K8S} ${ENV_SSL_FLANNEL_CSR} | cfssljson -bare ${ENV_SSL_FLANNEL_CERT_PRIFIX}

ls ${ENV_SSL_FLANNEL_DIR}/*pem

ETCD_ENDPOINTS=`echo ${ENV_ETCD_HOSTS} |awk -v port=${ENV_ETCD_CLIENT_PORT} -F" " '{
    for(cnt=1; cnt<NF; cnt++){
        printf("https://%s:%s,",$cnt,port);
    }
    printf("https://%s:%s",$cnt,port);
}'`

# flannel v0.10 : not support etcd v3
ETCDCTL_API=2 etcdctl \
  --endpoints=${ETCD_ENDPOINTS} \
  --ca-file=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \
  --cert-file=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}.pem \
  --key-file=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}-key.pem \
  set ${ENV_FLANNEL_ETCD_NETWORK_PREFIX}/config '{"Network":"'${ENV_KUBE_OPT_CLUSTER_IP_RANGE}'", "SubnetLen": 21, "Backend": {"Type": "vxlan"}}'

echo -e "\n##  flanneld service"
systemctl stop flanneld 2>/dev/null

mkdir -p ${ENV_FLANNEL_DIR_BIN} ${ENV_FLANNEL_DIR_ETC} ${ENV_FLANNEL_DIR_RUN}
chmod 755 ${ENV_HOME_FLANNEL}/{flanneld,mk-docker-opts.sh} 
cp -p ${ENV_HOME_FLANNEL}/{flanneld,mk-docker-opts.sh} ${ENV_FLANNEL_DIR_BIN}
if [ $? -ne 0 ]; then
  echo "please check flanneld binary file and mk-docker-opts.sh existed in ${ENV_HOME_FLANNEL}/ or not"
  exit 
fi

# create flannel configuration file
cat >${ENV_FLANNEL_DIR_ETC}/${ENV_FLANNEL_ETC} <<EOF
FLANNELD_OPTS="-etcd-cafile=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \\
  -etcd-certfile=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}.pem \\
  -etcd-keyfile=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}-key.pem \\
  -etcd-endpoints=${ETCD_ENDPOINTS} \\
  -etcd-prefix=${ENV_FLANNEL_ETCD_NETWORK_PREFIX} \\
  -iface=${ENV_FLANNEL_OPT_IFACE} \\
  -ip-masq"
EOF

# Create flannel service.
cat >${ENV_FLANNEL_SERVICE} <<EOF
[Unit]
Description=Flanneld Service
Documentation=https://github.com/coreos/flannel
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service

[Service]
EnvironmentFile=-${ENV_FLANNEL_DIR_ETC}/${ENV_FLANNEL_ETC}
ExecStart=${ENV_FLANNEL_DIR_BIN}/flanneld \$FLANNELD_OPTS
ExecStartPost=${ENV_FLANNEL_DIR_BIN}/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d ${ENV_FLANNEL_DIR_RUN}/docker
Restart=on-failure

[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
EOF

echo -e "\n##  daemon reload service "
systemctl daemon-reload
echo -e "\n##  start flannel service "
systemctl start flanneld
echo -e "\n##  enable flannel service " 
systemctl enable flanneld
echo -e "\n##  check  flannel status"
systemctl status flanneld
[root@host131 shell]#

执行示例

[root@host131 shell]# sh step6-install-flannel.sh 
2019/03/24 13:37:03 [INFO] generate received request
2019/03/24 13:37:03 [INFO] received CSR
2019/03/24 13:37:03 [INFO] generating key: rsa-2048
2019/03/24 13:37:04 [INFO] encoded CSR
2019/03/24 13:37:04 [INFO] signed certificate with serial number 652274714063907134614492461596477882158874665465
2019/03/24 13:37:04 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
/etc/ssl/flannel/flanneld-key.pem  /etc/ssl/flannel/flanneld.pem
{"Network":"172.200.0.0/16", "SubnetLen": 21, "Backend": {"Type": "vxlan"}}

##  flanneld service

##  daemon reload service 

##  start flannel service 

##  enable flannel service 

##  check  flannel status
● flanneld.service - Flanneld Service
   Loaded: loaded (/usr/lib/systemd/system/flanneld.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2019-03-24 13:37:04 CST; 266ms ago
     Docs: https://github.com/coreos/flannel
 Main PID: 14887 (flanneld)
   CGroup: /system.slice/flanneld.service
           └─14887 /usr/local/bin/flanneld -etcd-cafile=/etc/ssl/ca/ca.pem -etcd-certfile=/etc/ssl/flannel/flanneld.pem -etcd-keyfile=/etc/ssl/flannel/fla...

Mar 24 13:37:04 host131 systemd[1]: Starting Flanneld Service...
Mar 24 13:37:04 host131 systemd[1]: Started Flanneld Service.
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.868581   14887 main.go:488] Using interface with name enp0s3 and address 192.168.163.131
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.868911   14887 main.go:505] Defaulting external address to interface address (192.168.163.131)
Mar 24 13:37:04 host131 flanneld[14887]: warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.886022   14887 main.go:235] Created subnet manager: Etcd Local Manager with Previous Subnet: None
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.886039   14887 main.go:238] Installing signal handlers
[root@host131 shell]#

flannel设定之后各node节点都会统一管理ip,不同容器之间的互联互通成为可能,当然calico等也是同样作用。

淼叔 CSDN认证博客专家 神经网络 TensorFlow NLP
资深架构师,PMP、OCP、CSM、HPE University讲师,EXIN DevOps Professional与DevOps Master认证讲师,曾担任HPE GD China DevOps & Agile Leader,帮助企业级客户提供DevOps咨询培训以及实施指导。熟悉通信和金融领域,有超过十年金融外汇行业的架构设计、开发、维护经验,在十几年的IT从业生涯中拥有了软件开发设计领域接近全生命周期的经验和知识积累,著有企业级DevOps技术与工具实战。
©️2020 CSDN 皮肤主题: 数字20 设计师:CSDN官方博客 返回首页