这篇文章接上一篇《Kubernetes1.9生产环境高可用实践–003-node中docker安装及配置》。
这篇主要flannel的安装及配置。
kubernetes1.9安装flannel网络插件
安装flannel
yum install -y flanneld
查看版本
[root@yds-dev-svc02-node01 ~]# flanneld -version
0.7.1
准备证书
这里会使用ETCD的证书。我们在第一篇中已经创建了证书,现在我们只需要把证书复制过来就行。
这里我们在yds-dev-svc01-etcd01上的证书文件。
[root@yds-dev-svc01-etcd01 key]# pwd
/tmp/key
[root@yds-dev-svc01-etcd01 key]# ls
admin.csr ca-config.json ca.pem etcd.pem kubernetes.pem
admin-csr.json ca.csr etcd.csr kubernetes.csr
admin-key.pem ca-csr.json etcd-csr.json kubernetes-csr.json
admin.pem ca-key.pem etcd-key.pem kubernetes-key.pem
现在我们需要:ca.pem, etcd.pem, etcd-key.pem
先在yds-dev-svc02-node01中创建证书目录。
mkdir -p /etc/kubernetes/ssl
然后将ds-dev-svc01-etcd01中的证书复制到这个目录:
[root@yds-dev-svc01-etcd01 key]# scp etcd.pem etcd-key.pem ca.pem root@192.168.3.56:/etc/kubernetes/ssl/
The authenticity of host '192.168.3.56 (192.168.3.56)' can't be established.
ECDSA key fingerprint is SHA256:7LpF11pS/HejiSUfx1l/dvi74mz3lWGJpHV/iuim9n4.
ECDSA key fingerprint is MD5:50:66:d2:f3:73:07:00:88:73:5e:6c:cb:91:b7:7f:8e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.3.56' (ECDSA) to the list of known hosts.
root@192.168.3.56's password:
etcd.pem 100% 1436 1.1MB/s 00:00
etcd-key.pem 100% 1679 1.4MB/s 00:00
ca.pem 100% 1359 1.3MB/s 00:00
查看flanneld启动文件
[root@yds-dev-svc02-node01 ~]# cat /usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service
[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/flanneld
EnvironmentFile=-/etc/sysconfig/docker-network
ExecStart=/usr/bin/flanneld-start $FLANNEL_OPTIONS
ExecStartPost=/usr/libexec/flannel/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
Restart=on-failure
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
修改配置文件
修改flanneld的配置文件/etc/sysconfig/flanneld。
[root@yds-dev-svc02-node01 ~]# cat /etc/sysconfig/flanneld
# Flanneld configuration options
# etcd url location. Point this to the server where etcd runs
FLANNEL_ETCD_ENDPOINTS="https://192.168.3.50:2379,https://192.168.3.51:2379,https://192.168.3.52:2379"
# etcd config key. This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="kube-centos/network"
# Any additional options that you want to pass
FLANNEL_OPTIONS="-etcd-cafile=/etc/kubernetes/ssl/ca.pem -etcd-certfile=/etc/kubernetes/ssl/etcd.pem -etcd-keyfile=/etc/kubernetes/ssl/etcd-key.pem"
在etcd中创建网络配置
docker分配IP地址段。
我们在yds-dev-svc01-etcd01中执行下面两个命令.
etcdctl --endpoints=https://192.168.3.50:2379,https://192.168.3.51:2379,https://192.168.3.52:2379 \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/kubernetes/ssl/etcd.pem \
--key-file=/etc/kubernetes/ssl/etcd-key.pem \
mkdir /kube-centos/network
etcdctl --endpoints=https://192.168.3.50:2379,https://192.168.3.51:2379,https://192.168.3.52:2379 \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/kubernetes/ssl/etcd.pem \
--key-file=/etc/kubernetes/ssl/etcd-key.pem \
mk /kube-centos/network/config '{"Network":"172.30.0.0/16","SubnetLen":24,"Backend":{"Type":"host-gw"}}'
执行交易如下:
[root@yds-dev-svc01-etcd01 key]# etcdctl --endpoints=https://192.168.3.50:2379,https://192.168.3.51:2379,https://192.168.3.52:2379 \
> --ca-file=/etc/kubernetes/ssl/ca.pem \
> --cert-file=/etc/kubernetes/ssl/etcd.pem \
> --key-file=/etc/kubernetes/ssl/etcd-key.pem \
> mkdir /kube-centos/network
[root@yds-dev-svc01-etcd01 key]# etcdctl --endpoints=https://192.168.3.50:2379,https://192.168.3.51:2379,https://192.168.3.52:2379 \
> --ca-file=/etc/kubernetes/ssl/ca.pem \
> --cert-file=/etc/kubernetes/ssl/etcd.pem \
> --key-file=/etc/kubernetes/ssl/etcd-key.pem \
> mk /kube-centos/network/config '{"Network":"172.30.0.0/16","SubnetLen":24,"Backend":{"Type":"host-gw"}}'
{"Network":"172.30.0.0/16","SubnetLen":24,"Backend":{"Type":"host-gw"}}
启动flanneld
systemctl daemon-reload
systemctl enable flanneld
systemctl start flanneld
systemctl status flanneld
查看分配网段
[root@yds-dev-svc01-etcd01 key]# etcdctl --endpoints=https://192.168.3.50:2379,https://192.168.3.51:2379,https://192.168.3.52:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/etcd.pem --key-file=/etc/kubernetes/ssl/etcd-key.pem ls /kube-centos/network/subnets
/kube-centos/network/subnets/172.30.43.0-24