环境介绍
1、集群环境
- 整体:k8s v1.18\etcd v3.3.1\cni插件v0.8.6\flannelv0.13.1-rc1\docker v19.03.6
[root@manager248 bin]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master-1 Ready <none> 4h7m v1.18.4
k8s-node-1 Ready <none> 4h7m v1.18.4
k8s-node-2 Ready <none> 4h7m v1.18.4
[root@manager248 bin]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true"}
etcd-2 Healthy {"health":"true"}
etcd-1 Healthy {"health":"true"}
[root@manager248 bin]# ./flannel -version
CNI flannel plugin v0.8.6
[root@manager248 bin]# ./flanneld -version
v0.13.1-rc1\docker
[root@manager248 bin]# /opt/etcd/bin/etcd --version
etcd Version: 3.3.10
Git SHA: 27fc7e2
Go Version: go1.10.4
Go OS/Arch: linux/amd64
[root@manager248 bin]# docker version
Server: Docker Engine - Community
Engine:
Version: 19.03.6
API version: 1.40 (minimum version 1.12)
Go version: go1.12.16
Git commit: 369ce74a3c
Built: Thu Feb 13 01:28:07 2020
OS/Arch: linux/amd64
[root@manager248 bin]# kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.4", GitCommit:"c96aede7b5205121079932896c4ad89bb93260af", GitTreeState:"clean", BuildDate:"2020-06-17T11:41:22Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.4", GitCommit:"c96aede7b5205121079932896c4ad89bb93260af", GitTreeState:"clean", BuildDate:"2020-06-17T11:33:59Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
2、安装flannel
#第一步下flannel包并解压:
https://github.com/coreos/flannel/releases/ 点进去想下哪个版本下哪个,wget下来
wget https://github.com/coreos/flannel/releases/download/v0.13.1-rc1/flannel-v0.13.1-rc1-linux-amd64.tar.gz --这是我用的
tar -xzvf flannel-v0.13.1-rc1-linux-amd64.tar.gz -C /data/kubernets/bin --会有三个文件来着
#第二步 在bin目录下,创建一个删除网卡的脚本
vim remove-docker0.sh
#!/bin/bash
# Delete default docker bridge, so that docker can start with flannel network.
# exit on any erro
set -e
rc=0
ip link show docker0 > /dev/null 2>&1 || rc="$?"
if [[ "$rc" -eq "0" ]];then
ip link set dev docker0 down
ip link delete docker0
fi
记得给权限 chmod +x /data/kubernetes/bin/*.sh
#第三步flannel配置文件
vim /data/kubernetes/cfg/flannel
FLANNEL_ETCD="-etcd-endpoints=https://192.168.33.248:2379,https://192.168.33.249:2379,https://192.168.33.250:2379" --这是我etcd三个节点
FLANNEL_ETCD_KEY="-etcd-prefix=/coreos.com/network/" --上面第二步添加进etcd数据库中的network键值对的位置
FLANNEL_ETCD_CAFILE="--etcd-cafile=/opt/etcd/ssl/ca.pem" --注意ca机构,我etcd和k8s 两个软件都创建了ca证书颁发机构,这里要用etcd的那个ca
FLANNEL_ETCD_CERTFILE="--etcd-certfile=/data/kubernetes/ssl/flanneld.pem"
FLANNEL_ETCD_KEYFILE="--etcd-keyfile=/data/kubernetes/ssl/flanneld-key.pem"
#第四步:创建证书
[root@linux-node1 ssl]# vim flanneld-csr.json
{
"CN": "flanneld",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www flanneld-csr.json | cfssljson -bare flanneld
#上面的profile=www;来自ca-config.json这个文件中的内容
#cat > ca-config.json << EOF
#{
# "signing": {
# "default": {
# "expiry": "87600h"
# },
# "profiles": {
# "www": {
# "expiry": "87600h",
# "usages": [
# "signing",
# "key encipherment",
# "server auth",
# "client auth"
# ]
# }
# }
# }
#}
#EOF
把生成的flanneld.pem之类的文件 copy到 ssl中去
scp /data/kubernetes/ssl/flanneld*pem k8s-node-1:/data/kubernetes/ssl/
scp /data/kubernetes/ssl/flanneld*pem k8s-node-2:/data/kubernetes/ssl/
scp /data/kubernetes/cfg/flannel k8s-node-1:/data/kubernetes/cfg/
scp /data/kubernetes/cfg/flannel k8s-node-2:/data/kubernetes/cfg/
#systemd管理flanneld
cat <<EOF >/usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
Before=docker.service
[Service]
EnvironmentFile=-/data/kubernetes/cfg/flannel
ExecStartPre=/data/kubernetes/bin/remove-docker0.sh
ExecStart=/data/kubernetes/bin/flanneld ${FLANNEL_ETCD} ${FLANNEL_ETCD_KEY} ${FLANNEL_ETCD_CAFILE} ${FLANNEL_ETCD_CERTFILE} ${FLANNEL_ETCD_KEYFILE}
ExecStartPost=/data/kubernetes/bin/mk-docker-opts.sh -d /run/flannel/docker
Type=notify
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
EOF
#检查启动失败否
systemctl daemon-reload
systemctl enable flanneld
systemctl restart flanneld
#没失败就copy到子节点去
scp /usr/lib/systemd/system/flanneld.service k8s-node-1:/usr/lib/systemd/system/
scp /usr/lib/systemd/system/flanneld.service k8s-node-2:/usr/lib/systemd/system/
scp /data/kubernetes/bin/flanneld mk-docker-opts.sh remove-docker0.sh k8s-node-1:/data/kubernetes/bin/
scp /data/kubernetes/bin/flanneld mk-docker-opts.sh remove-docker0.sh k8s-node-2:/data/kubernetes/bin/
子节点也要给权限 chmod +x /data/kubernetes/bin/*.sh
3、集成flanneld到docker中
#先下个cni的包:
https://github.com/containernetworking/plugins/releases 基本上所有版本都有
mkdir -P /data/kubernetes/bin/cni
#解压并copy:
tar -xzvf cni-plugins-linux-amd64-v0.8.6.tgz -C /data/kubernetes/bin/cni
scp /data/kubernetes/bin/cni/* k8s-node-1:/data/kubernetes/bin/cni/
#第一步 修改systemd中docker的启动方式:
vim /usr/lib/systemd/system/docker.service
[Unit] #在Unit下面修改After和增加Requires
After=network-online.target firewalld.service flanneld.service #让docker在flannel网络后面启动
Wants=network-online.target
Requires=docker.socket flannel.service #添加一个flannel
[Service] #增加EnvironmentFile=-/run/flannel/docker
Type=notify
EnvironmentFile=-/run/flannel/docker #加载环境文件,设置docker0的ip地址为flannel分配的ip地址
ExecStart=/usr/bin/dockerd $DOCKER_OPTS #增加$DOCKER_OPTS这个参数
#第二步拷贝到node节点
scp /usr/lib/systemd/system/docker.service k8s-node-1:/usr/lib/systemd/system/
scp /usr/lib/systemd/system/docker.service k8s-node-2:/usr/lib/systemd/system/
systemctl daemon-reload
systemctl restart flanneld
systemctl restart docker
#第三步检查:
[root@manager248 ~]# ip add
3: --flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default
link/ether 6a:b2:2d:6a:34:3a brd ff:ff:ff:ff:ff:ff
inet 172.15.10.0/32 brd 172.15.10.0 scope global flannel.1
9: --docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
link/ether 02:42:34:b4:b6:30 brd ff:ff:ff:ff:ff:ff
inet 172.15.10.1/24 brd 172.15.10.255 scope global docker0
#这两个网桥的IP是不是一样的
#有空可以给一起学习的小伙伴技术支持:QQ 1320206695