1.为Flannel生成证书:
<code>[root@k8s-master ~]# cd /usr/local/src/ssl/ [root@k8s-master ssl]# cat > flanneld-csr.json2.生成证书
<code>[root@k8s-master ssl]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \ -ca-key=/opt/kubernetes/ssl/ca-key.pem \ -config=/opt/kubernetes/ssl/ca-config.json \ -profile=kubernetes flanneld-csr.json | cfssljson -bare flanneld /<code>3.分发证书文件
<code>[root@k8s-master ssl]# cp flanneld*.pem /opt/kubernetes/ssl/ [root@k8s-master ssl]# scp flanneld*.pem 10.88.0.2:/opt/kubernetes/ssl/ [root@k8s-master ssl]# scp flanneld*.pem 10.88.0.3:/opt/kubernetes/ssl//<code>4.下载Flannel软件包
<code>[root@k8s-master ssl]# cd /usr/local/src [root@k8s-master src]# wget https://github.com/coreos/flannel/releases/download/v0.12.0/flannel-v0.12.0-linux-amd64.tar.gz [root@k8s-master src]# tar zxf flannel-v0.12.0-linux-amd64.tar.gz [root@k8s-master src]# cp flanneld mk-docker-opts.sh /opt/kubernetes/bin//<code>分发文件到node节点
<code>[root@k8s-master src]# scp flanneld mk-docker-opts.sh 10.88.0.2:/opt/kubernetes/bin/ [root@k8s-master src]# scp flanneld mk-docker-opts.sh 10.88.0.3:/opt/kubernetes/bin//<code>分发对应脚本到/opt/kubernetes/bin目录下
<code>[root@k8s-master src]# cd /usr/local/src/kubernetes/cluster/centos/node/bin/ [root@k8s-master bin]# cp remove-docker0.sh /opt/kubernetes/bin/ [root@k8s-master bin]# scp remove-docker0.sh 10.88.0.2:/opt/kubernetes/bin/ remove-docker0.sh 100% 850 0.8KB/s 00:00 [root@k8s-master bin]# scp remove-docker0.sh 10.88.0.3:/opt/kubernetes/bin/ remove-docker0.sh 100% 850 0.8KB/s 00:00 [root@k8s-master bin]# /<code>5.配置Flannel
<code>[root@k8s-master ~]# cat > /opt/kubernetes/cfg/flannel分发配置到其它节点上
<code>[root@k8s-master ~]# scp /opt/kubernetes/cfg/flannel 10.88.0.2:/opt/kubernetes/cfg/ [root@k8s-master ~]# scp /opt/kubernetes/cfg/flannel 10.88.0.3:/opt/kubernetes/cfg//<code>6.设置Flannel系统服务
<code>[root@k8s-master ~]#vim /usr/lib/systemd/system/flannel.service [Unit] Description=Flanneld overlay address etcd agent After=network.target Before=docker.service [Service] EnvironmentFile=-/opt/kubernetes/cfg/flannel ExecStartPre=/opt/kubernetes/bin/remove-docker0.sh ExecStart=/opt/kubernetes/bin/flanneld ${FLANNEL_ETCD} ${FLANNEL_ETCD_KEY} ${FLANNEL_ETCD_CAFILE} ${FLANNEL_ETCD_CERTFILE} ${FLANNEL_ETCD_KEYFILE} ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -d /run/flannel/docker Type=notify [Install] WantedBy=multi-user.target RequiredBy=docker.service/<code>复制系统服务脚本到其它节点上
<code>[root@k8s-master ~]# scp /usr/lib/systemd/system/flannel.service 10.88.0.2:/usr/lib/systemd/system/ [root@k8s-master ~]# scp /usr/lib/systemd/system/flannel.service 10.88.0.3:/usr/lib/systemd/system//<code>7.Flannel CNI集成软件下载CNI插件
git地址:https://github.com/containernetworking/plugins/releases
<code>[root@k8s-master ~]# cd /usr/local/src/ [root@k8s-master src]# wget https://github.com/containernetworking/plugins/releases/download/v0.8.5/cni-plugins-linux-amd64-v0.8.5.tgz/<code>在所有节点创建该目录,存放CNI插件文件.
<code>[root@k8s-master src]# mkdir /opt/kubernetes/bin/cni [root@k8s-master src]#tar zxf cni-plugins-linux-amd64-v0.8.5.tgz -C /opt/kubernetes/bin/cni [root@k8s-node1 ~]# mkdir -p /opt/kubernetes/bin/cni/ [root@k8s-node2 ~]# mkdir -p /opt/kubernetes/bin/cni/ [root@k8s-master src]# scp -r /opt/kubernetes/bin/cni/* 10.88.0.2:/opt/kubernetes/bin/cni/ [root@k8s-master src]# scp -r /opt/kubernetes/bin/cni/* 10.88.0.3:/opt/kubernetes/bin/cni//<code>8.在master节点创建Etcd的key
<code>/opt/kubernetes/bin/etcdctl --ca-file /opt/kubernetes/ssl/ca.pem --cert-file /opt/kubernetes/ssl/flanneld.pem --key-file /opt/kubernetes/ssl/flanneld-key.pem \ --no-sync -C https://10.88.0.1:2379,https://10.88.0.2:2379,https://10.88.0.3:2379 \ mk /kubernetes/network/config '{ "Network": "10.2.0.0/16", "Backend": { "Type": "vxlan", "VNI": 1 }}'/<code>9.启动flannel,在三个节点上都操作
<code># systemctl daemon-reload # systemctl enable flannel # chmod +x /opt/kubernetes/bin/* # systemctl start flannel 查看服务状态 # systemctl status flannel/<code>10.配置Docker使用Flannel
1.在Unit段中的After后面添加flannel.service参数,在Wants下面添加Requires=flannel.service.2.[Service]段中Type后面添加EnvironmentFile=-/run/flannel/docker段,在ExecStart后面添加$DOCKER_OPTS参数.
配置如下:
<code>[root@k8s-master ~]# cat /usr/lib/systemd/system/docker.service |grep -Ev '^#|^$' [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com BindsTo=containerd.service After=network-online.target firewalld.service containerd.service flannel.service Wants=network-online.target Requires=flannel.service [Service] Type=notify EnvironmentFile=-/run/flannel/docker ExecStart=/usr/bin/dockerd $DOCKER_OPTS ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always StartLimitBurst=3 StartLimitInterval=60s LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity Delegate=yes KillMode=process [Install] WantedBy=multi-user.target /<code>将配置分发到另外两个节点中
<code>[root@k8s-master ~]# rsync -av /usr/lib/systemd/system/docker.service 10.88.0.2:/usr/lib/systemd/system/docker.service [root@k8s-master ~]# rsync -av /usr/lib/systemd/system/docker.service 10.88.0.3:/usr/lib/systemd/system/docker.service/<code>重启Docker服务,在三个节点上都操作
<code># systemctl daemon-reload # systemctl restart docker/<code>如果docker0和flannel在一个网段,则表示正常.
<code>[root@k8s-master ~]# ifconfig docker0: flags=4099 mtu 1500 inet 10.2.47.1 netmask 255.255.255.0 broadcast 10.2.47.255 ether 02:42:22:bc:4f:c1 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163 mtu 1500 inet 10.88.0.1 netmask 255.255.255.0 broadcast 10.88.0.255 ether 00:16:3e:12:34:bc txqueuelen 1000 (Ethernet) RX packets 312971 bytes 108762399 (103.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 278350 bytes 252195481 (240.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 flannel.1: flags=4163 mtu 1450 inet 10.2.47.0 netmask 255.255.255.255 broadcast 0.0.0.0 ether 1a:73:4c:0f:ba:f1 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 212154 bytes 43982595 (41.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 212154 bytes 43982595 (41.9 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 /<code>
至此flannel网络配置完成,k8s的集群也部署完成