Kubernetes安装系列之网络组件-Flannel安装设定
2019-03-27 07:46
781 查看
版权声明:本文为博主原创文章,未经博主允许欢迎转载,但请注明出处。 https://blog.csdn.net/liumiaocn/article/details/88835527
这篇文章整理以下Master节点的flannel的安装与设定方法,本文以脚本的方式进行固化,内容仍然放在github的easypack上。
整体操作
flannel的设定文件
[root@host131 shell]# cat /etc/flannel/flannel.conf FLANNELD_OPTS="-etcd-cafile=/etc/ssl/ca/ca.pem \ -etcd-certfile=/etc/ssl/flannel/flanneld.pem \ -etcd-keyfile=/etc/ssl/flannel/flanneld-key.pem \ -etcd-endpoints=https://192.168.163.131:2379 \ -etcd-prefix=/coreos.com/network \ -iface=enp0s3 \ -ip-masq" [root@host131 shell]#
Systemd服务配置文件
[root@host131 shell]# cat /usr/lib/systemd/system/flanneld.service [Unit] Description=Flanneld Service Documentation=https://github.com/coreos/flannel After=network.target After=network-online.target Wants=network-online.target After=etcd.service Before=docker.service [Service] EnvironmentFile=-/etc/flannel/flannel.conf ExecStart=/usr/local/bin/flanneld $FLANNELD_OPTS ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker Restart=on-failure [Install] WantedBy=multi-user.target RequiredBy=docker.service [root@host131 shell]#
脚本示例
[root@host131 shell]# cat step6-install-flannel.sh
#!/bin/sh
. ./install.cfg
# set cfssl tools in search path
chmod 755 ${ENV_HOME_CFSSL}/*
if [ $? -ne 0 ]; then
echo "prepare downloaded cfssl tools in ${ENV_HOME_CFSSL} in advance"
exit
fi
export PATH=${ENV_HOME_CFSSL}:$PATH
mkdir -p ${ENV_SSL_FLANNEL_DIR}
cd ${ENV_SSL_FLANNEL_DIR}
if [ $? -ne 0 ]; then
echo "failed to create dir :${ENV_SSL_FLANNEL_DIR}"
exit
fi
cat > ${ENV_SSL_FLANNEL_CSR} <<EOF
{
"CN": "${ENV_SSL_FLANNEL_CSR_CN}",
"hosts": [],
"key": {
"algo": "${ENV_SSL_KEY_ALGO}",
"size": ${ENV_SSL_KEY_SIZE}
},
"names": [
{
"C": "${ENV_SSL_NAMES_C}",
"ST": "${ENV_SSL_NAMES_L}",
"L": "${ENV_SSL_NAMES_ST}",
"O": "${ENV_SSL_NAMES_O}",
"OU": "${ENV_SSL_NAMES_OU}"
}
]
}
EOF
cfssl gencert -ca=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \
-ca-key=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_KEY} \
-config=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_CONFIG} \
-profile=${ENV_SSL_PROFILE_K8S} ${ENV_SSL_FLANNEL_CSR} | cfssljson -bare ${ENV_SSL_FLANNEL_CERT_PRIFIX}
ls ${ENV_SSL_FLANNEL_DIR}/*pem
ETCD_ENDPOINTS=`echo ${ENV_ETCD_HOSTS} |awk -v port=${ENV_ETCD_CLIENT_PORT} -F" " '{
for(cnt=1; cnt<NF; cnt++){
printf("https://%s:%s,",$cnt,port);
}
printf("https://%s:%s",$cnt,port);
}'`
# flannel v0.10 : not support etcd v3
ETCDCTL_API=2 etcdctl \
--endpoints=${ETCD_ENDPOINTS} \
--ca-file=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \
--cert-file=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}.pem \
--key-file=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}-key.pem \
set ${ENV_FLANNEL_ETCD_NETWORK_PREFIX}/config '{"Network":"'${ENV_KUBE_OPT_CLUSTER_IP_RANGE}'", "SubnetLen": 21, "Backend": {"Type": "vxlan"}}'
echo -e "\n## flanneld service"
systemctl stop flanneld 2>/dev/null
mkdir -p ${ENV_FLANNEL_DIR_BIN} ${ENV_FLANNEL_DIR_ETC} ${ENV_FLANNEL_DIR_RUN}
chmod 755 ${ENV_HOME_FLANNEL}/{flanneld,mk-docker-opts.sh}
cp -p ${ENV_HOME_FLANNEL}/{flanneld,mk-docker-opts.sh} ${ENV_FLANNEL_DIR_BIN}
if [ $? -ne 0 ]; then
echo "please check flanneld binary file and mk-docker-opts.sh existed in ${ENV_HOME_FLANNEL}/ or not"
exit
fi
# create flannel configuration file
cat >${ENV_FLANNEL_DIR_ETC}/${ENV_FLANNEL_ETC} <<EOF
FLANNELD_OPTS="-etcd-cafile=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \\
-etcd-certfile=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}.pem \\
-etcd-keyfile=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}-key.pem \\
-etcd-endpoints=${ETCD_ENDPOINTS} \\
-etcd-prefix=${ENV_FLANNEL_ETCD_NETWORK_PREFIX} \\
-iface=${ENV_FLANNEL_OPT_IFACE} \\
-ip-masq"
EOF
# Create flannel service.
cat >${ENV_FLANNEL_SERVICE} <<EOF
[Unit]
Description=Flanneld Service
Documentation=https://github.com/coreos/flannel
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service
[Service]
EnvironmentFile=-${ENV_FLANNEL_DIR_ETC}/${ENV_FLANNEL_ETC}
ExecStart=${ENV_FLANNEL_DIR_BIN}/flanneld \$FLANNELD_OPTS
ExecStartPost=${ENV_FLANNEL_DIR_BIN}/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d ${ENV_FLANNEL_DIR_RUN}/docker
Restart=on-failure
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
EOF
echo -e "\n## daemon reload service "
systemctl daemon-reload
echo -e "\n## start flannel service "
systemctl start flanneld
echo -e "\n## enable flannel service "
systemctl enable flanneld
echo -e "\n## check flannel status"
systemctl status flanneld
[root@host131 shell]#
执行示例
[root@host131 shell]# sh step6-install-flannel.sh
2019/03/24 13:37:03 [INFO] generate received request
2019/03/24 13:37:03 [INFO] received CSR
2019/03/24 13:37:03 [INFO] generating key: rsa-2048
2019/03/24 13:37:04 [INFO] encoded CSR
2019/03/24 13:37:04 [INFO] signed certificate with serial number 652274714063907134614492461596477882158874665465
2019/03/24 13:37:04 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
/etc/ssl/flannel/flanneld-key.pem /etc/ssl/flannel/flanneld.pem
{"Network":"172.200.0.0/16", "SubnetLen": 21, "Backend": {"Type": "vxlan"}}
## flanneld service
## daemon reload service
## start flannel service
## enable flannel service
## check flannel status
● flanneld.service - Flanneld Service
Loaded: loaded (/usr/lib/systemd/system/flanneld.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-03-24 13:37:04 CST; 266ms ago
Docs: https://github.com/coreos/flannel
Main PID: 14887 (flanneld)
CGroup: /system.slice/flanneld.service
└─14887 /usr/local/bin/flanneld -etcd-cafile=/etc/ssl/ca/ca.pem -etcd-certfile=/etc/ssl/flannel/flanneld.pem -etcd-keyfile=/etc/ssl/flannel/fla...
Mar 24 13:37:04 host131 systemd[1]: Starting Flanneld Service...
Mar 24 13:37:04 host131 systemd[1]: Started Flanneld Service.
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.868581 14887 main.go:488] Using interface with name enp0s3 and address 192.168.163.131
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.868911 14887 main.go:505] Defaulting external address to interface address (192.168.163.131)
Mar 24 13:37:04 host131 flanneld[14887]: warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.886022 14887 main.go:235] Created subnet manager: Etcd Local Manager with Previous Subnet: None
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.886039 14887 main.go:238] Installing signal handlers
[root@host131 shell]#
flannel设定之后各node节点都会统一管理ip,不同容器之间的互联互通成为可能,当然calico等也是同样作用。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Kubernetes安装系列之Docker安装与设定
- Kubernetes安装系列之证书与kubeconfig设定
- Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列之flanneld网络介绍及部署(三)
- Kubernetes1.91(K8s)安装部署过程(五)--安装flannel网络插件
- 面向基础系列之---Java网络编程---网络连接组件的使用(URL与URI) 3ff0
- Wix打包系列(七) 添加系统必备组件的安装程序
- kubernetes flannel neutron calico ovs-vxlan网络方案性能测试分析
- CCNA网络系列实验(1)之GNS3安装配置指南
- 配置网络(centos安装系列6)
- CDH系列大数据组件安装地址
- 安卓BroadcastReceiver组件使用系列3:使用广播来判断数据网络和无线网络的连接情况
- 网络安全系列之四十七 在IIS6中申请并安装证书
- VMware View 5.0从菜鸟到高手系列 3 -安装View Composer组件篇
- Wix打包系列(七) 添加系统必备组件的安装程序
- Wix打包系列(七) 添加系统必备组件的安装程序
- Tomcat系列之服务器的安装与配置以及各组件详解
- 【linux系列】安装虚拟机时候的3中网络模式
- VMware下ubuntu14.04安装和网络设定
- kubernetes集群网络配置方案——flannel部署
- debian下配置网络 安装无线网卡驱动 Broadcom BCMXX系列