Kubernetes安装系列之网络组件-Flannel安装设定
2019-03-27 07:46
781 查看
版权声明:本文为博主原创文章,未经博主允许欢迎转载,但请注明出处。 https://blog.csdn.net/liumiaocn/article/details/88835527
这篇文章整理以下Master节点的flannel的安装与设定方法,本文以脚本的方式进行固化,内容仍然放在github的easypack上。
整体操作
flannel的设定文件
[root@host131 shell]# cat /etc/flannel/flannel.conf FLANNELD_OPTS="-etcd-cafile=/etc/ssl/ca/ca.pem \ -etcd-certfile=/etc/ssl/flannel/flanneld.pem \ -etcd-keyfile=/etc/ssl/flannel/flanneld-key.pem \ -etcd-endpoints=https://192.168.163.131:2379 \ -etcd-prefix=/coreos.com/network \ -iface=enp0s3 \ -ip-masq" [root@host131 shell]#
Systemd服务配置文件
[root@host131 shell]# cat /usr/lib/systemd/system/flanneld.service [Unit] Description=Flanneld Service Documentation=https://github.com/coreos/flannel After=network.target After=network-online.target Wants=network-online.target After=etcd.service Before=docker.service [Service] EnvironmentFile=-/etc/flannel/flannel.conf ExecStart=/usr/local/bin/flanneld $FLANNELD_OPTS ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker Restart=on-failure [Install] WantedBy=multi-user.target RequiredBy=docker.service [root@host131 shell]#
脚本示例
[root@host131 shell]# cat step6-install-flannel.sh #!/bin/sh . ./install.cfg # set cfssl tools in search path chmod 755 ${ENV_HOME_CFSSL}/* if [ $? -ne 0 ]; then echo "prepare downloaded cfssl tools in ${ENV_HOME_CFSSL} in advance" exit fi export PATH=${ENV_HOME_CFSSL}:$PATH mkdir -p ${ENV_SSL_FLANNEL_DIR} cd ${ENV_SSL_FLANNEL_DIR} if [ $? -ne 0 ]; then echo "failed to create dir :${ENV_SSL_FLANNEL_DIR}" exit fi cat > ${ENV_SSL_FLANNEL_CSR} <<EOF { "CN": "${ENV_SSL_FLANNEL_CSR_CN}", "hosts": [], "key": { "algo": "${ENV_SSL_KEY_ALGO}", "size": ${ENV_SSL_KEY_SIZE} }, "names": [ { "C": "${ENV_SSL_NAMES_C}", "ST": "${ENV_SSL_NAMES_L}", "L": "${ENV_SSL_NAMES_ST}", "O": "${ENV_SSL_NAMES_O}", "OU": "${ENV_SSL_NAMES_OU}" } ] } EOF cfssl gencert -ca=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \ -ca-key=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_KEY} \ -config=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_CONFIG} \ -profile=${ENV_SSL_PROFILE_K8S} ${ENV_SSL_FLANNEL_CSR} | cfssljson -bare ${ENV_SSL_FLANNEL_CERT_PRIFIX} ls ${ENV_SSL_FLANNEL_DIR}/*pem ETCD_ENDPOINTS=`echo ${ENV_ETCD_HOSTS} |awk -v port=${ENV_ETCD_CLIENT_PORT} -F" " '{ for(cnt=1; cnt<NF; cnt++){ printf("https://%s:%s,",$cnt,port); } printf("https://%s:%s",$cnt,port); }'` # flannel v0.10 : not support etcd v3 ETCDCTL_API=2 etcdctl \ --endpoints=${ETCD_ENDPOINTS} \ --ca-file=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \ --cert-file=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}.pem \ --key-file=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}-key.pem \ set ${ENV_FLANNEL_ETCD_NETWORK_PREFIX}/config '{"Network":"'${ENV_KUBE_OPT_CLUSTER_IP_RANGE}'", "SubnetLen": 21, "Backend": {"Type": "vxlan"}}' echo -e "\n## flanneld service" systemctl stop flanneld 2>/dev/null mkdir -p ${ENV_FLANNEL_DIR_BIN} ${ENV_FLANNEL_DIR_ETC} ${ENV_FLANNEL_DIR_RUN} chmod 755 ${ENV_HOME_FLANNEL}/{flanneld,mk-docker-opts.sh} cp -p ${ENV_HOME_FLANNEL}/{flanneld,mk-docker-opts.sh} ${ENV_FLANNEL_DIR_BIN} if [ $? -ne 0 ]; then echo "please check flanneld binary file and mk-docker-opts.sh existed in ${ENV_HOME_FLANNEL}/ or not" exit fi # create flannel configuration file cat >${ENV_FLANNEL_DIR_ETC}/${ENV_FLANNEL_ETC} <<EOF FLANNELD_OPTS="-etcd-cafile=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \\ -etcd-certfile=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}.pem \\ -etcd-keyfile=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}-key.pem \\ -etcd-endpoints=${ETCD_ENDPOINTS} \\ -etcd-prefix=${ENV_FLANNEL_ETCD_NETWORK_PREFIX} \\ -iface=${ENV_FLANNEL_OPT_IFACE} \\ -ip-masq" EOF # Create flannel service. cat >${ENV_FLANNEL_SERVICE} <<EOF [Unit] Description=Flanneld Service Documentation=https://github.com/coreos/flannel After=network.target After=network-online.target Wants=network-online.target After=etcd.service Before=docker.service [Service] EnvironmentFile=-${ENV_FLANNEL_DIR_ETC}/${ENV_FLANNEL_ETC} ExecStart=${ENV_FLANNEL_DIR_BIN}/flanneld \$FLANNELD_OPTS ExecStartPost=${ENV_FLANNEL_DIR_BIN}/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d ${ENV_FLANNEL_DIR_RUN}/docker Restart=on-failure [Install] WantedBy=multi-user.target RequiredBy=docker.service EOF echo -e "\n## daemon reload service " systemctl daemon-reload echo -e "\n## start flannel service " systemctl start flanneld echo -e "\n## enable flannel service " systemctl enable flanneld echo -e "\n## check flannel status" systemctl status flanneld [root@host131 shell]#
执行示例
[root@host131 shell]# sh step6-install-flannel.sh 2019/03/24 13:37:03 [INFO] generate received request 2019/03/24 13:37:03 [INFO] received CSR 2019/03/24 13:37:03 [INFO] generating key: rsa-2048 2019/03/24 13:37:04 [INFO] encoded CSR 2019/03/24 13:37:04 [INFO] signed certificate with serial number 652274714063907134614492461596477882158874665465 2019/03/24 13:37:04 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for websites. For more information see the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org); specifically, section 10.2.3 ("Information Requirements"). /etc/ssl/flannel/flanneld-key.pem /etc/ssl/flannel/flanneld.pem {"Network":"172.200.0.0/16", "SubnetLen": 21, "Backend": {"Type": "vxlan"}} ## flanneld service ## daemon reload service ## start flannel service ## enable flannel service ## check flannel status ● flanneld.service - Flanneld Service Loaded: loaded (/usr/lib/systemd/system/flanneld.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2019-03-24 13:37:04 CST; 266ms ago Docs: https://github.com/coreos/flannel Main PID: 14887 (flanneld) CGroup: /system.slice/flanneld.service └─14887 /usr/local/bin/flanneld -etcd-cafile=/etc/ssl/ca/ca.pem -etcd-certfile=/etc/ssl/flannel/flanneld.pem -etcd-keyfile=/etc/ssl/flannel/fla... Mar 24 13:37:04 host131 systemd[1]: Starting Flanneld Service... Mar 24 13:37:04 host131 systemd[1]: Started Flanneld Service. Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.868581 14887 main.go:488] Using interface with name enp0s3 and address 192.168.163.131 Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.868911 14887 main.go:505] Defaulting external address to interface address (192.168.163.131) Mar 24 13:37:04 host131 flanneld[14887]: warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.886022 14887 main.go:235] Created subnet manager: Etcd Local Manager with Previous Subnet: None Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.886039 14887 main.go:238] Installing signal handlers [root@host131 shell]#
flannel设定之后各node节点都会统一管理ip,不同容器之间的互联互通成为可能,当然calico等也是同样作用。
相关文章推荐
- Kubernetes安装系列之Docker安装与设定
- Kubernetes安装系列之证书与kubeconfig设定
- Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列之flanneld网络介绍及部署(三)
- Kubernetes1.91(K8s)安装部署过程(五)--安装flannel网络插件
- 面向基础系列之---Java网络编程---网络连接组件的使用(URL与URI) 3ff0
- Wix打包系列(七) 添加系统必备组件的安装程序
- kubernetes flannel neutron calico ovs-vxlan网络方案性能测试分析
- CCNA网络系列实验(1)之GNS3安装配置指南
- 配置网络(centos安装系列6)
- CDH系列大数据组件安装地址
- 安卓BroadcastReceiver组件使用系列3:使用广播来判断数据网络和无线网络的连接情况
- 网络安全系列之四十七 在IIS6中申请并安装证书
- VMware View 5.0从菜鸟到高手系列 3 -安装View Composer组件篇
- Wix打包系列(七) 添加系统必备组件的安装程序
- Wix打包系列(七) 添加系统必备组件的安装程序
- Tomcat系列之服务器的安装与配置以及各组件详解
- 【linux系列】安装虚拟机时候的3中网络模式
- VMware下ubuntu14.04安装和网络设定
- kubernetes集群网络配置方案——flannel部署
- debian下配置网络 安装无线网卡驱动 Broadcom BCMXX系列