永久有效,二进制部署flannel v0.13.1-rc1

环境介绍

1、集群环境

  • 整体:k8s v1.18\etcd v3.3.1\cni插件v0.8.6\flannelv0.13.1-rc1\docker v19.03.6
[root@manager248 bin]# kubectl get node
NAME           STATUS   ROLES    AGE    VERSION
k8s-master-1   Ready    <none>   4h7m   v1.18.4
k8s-node-1     Ready    <none>   4h7m   v1.18.4
k8s-node-2     Ready    <none>   4h7m   v1.18.4
[root@manager248 bin]# kubectl get cs
NAME                 STATUS    MESSAGE             ERROR
scheduler            Healthy   ok                  
controller-manager   Healthy   ok                  
etcd-0               Healthy   {"health":"true"}   
etcd-2               Healthy   {"health":"true"}   
etcd-1               Healthy   {"health":"true"} 

[root@manager248 bin]# ./flannel -version
CNI flannel plugin v0.8.6
[root@manager248 bin]# ./flanneld -version
v0.13.1-rc1\docker 
[root@manager248 bin]# /opt/etcd/bin/etcd --version
etcd Version: 3.3.10
Git SHA: 27fc7e2
Go Version: go1.10.4
Go OS/Arch: linux/amd64
[root@manager248 bin]# docker version
Server: Docker Engine - Community
 Engine:
  Version:          19.03.6
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.16
  Git commit:       369ce74a3c
  Built:            Thu Feb 13 01:28:07 2020
  OS/Arch:          linux/amd64
[root@manager248 bin]# kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.4", GitCommit:"c96aede7b5205121079932896c4ad89bb93260af", GitTreeState:"clean", BuildDate:"2020-06-17T11:41:22Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.4", GitCommit:"c96aede7b5205121079932896c4ad89bb93260af", GitTreeState:"clean", BuildDate:"2020-06-17T11:33:59Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}


2、安装flannel

#第一步下flannel包并解压:
https://github.com/coreos/flannel/releases/ 点进去想下哪个版本下哪个,wget下来
wget https://github.com/coreos/flannel/releases/download/v0.13.1-rc1/flannel-v0.13.1-rc1-linux-amd64.tar.gz --这是我用的
tar -xzvf flannel-v0.13.1-rc1-linux-amd64.tar.gz -C /data/kubernets/bin --会有三个文件来着


#第二步 在bin目录下,创建一个删除网卡的脚本
vim remove-docker0.sh
#!/bin/bash
# Delete default docker bridge, so that docker can start with flannel network.
# exit on any erro
set -e
 
rc=0
ip link show docker0 > /dev/null 2>&1 || rc="$?"
if [[ "$rc" -eq "0" ]];then
ip link set dev docker0 down
ip link delete docker0
fi

记得给权限 chmod +x /data/kubernetes/bin/*.sh
#第三步flannel配置文件
vim /data/kubernetes/cfg/flannel
FLANNEL_ETCD="-etcd-endpoints=https://192.168.33.248:2379,https://192.168.33.249:2379,https://192.168.33.250:2379" --这是我etcd三个节点
FLANNEL_ETCD_KEY="-etcd-prefix=/coreos.com/network/"    --上面第二步添加进etcd数据库中的network键值对的位置
FLANNEL_ETCD_CAFILE="--etcd-cafile=/opt/etcd/ssl/ca.pem"  --注意ca机构,我etcd和k8s 两个软件都创建了ca证书颁发机构,这里要用etcd的那个ca
FLANNEL_ETCD_CERTFILE="--etcd-certfile=/data/kubernetes/ssl/flanneld.pem"
FLANNEL_ETCD_KEYFILE="--etcd-keyfile=/data/kubernetes/ssl/flanneld-key.pem"

#第四步:创建证书
[root@linux-node1 ssl]# vim flanneld-csr.json
{
  "CN": "flanneld",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
cfssl gencert -ca=ca.pem     -ca-key=ca-key.pem     -config=ca-config.json    -profile=www flanneld-csr.json | cfssljson -bare flanneld
#上面的profile=www;来自ca-config.json这个文件中的内容
#cat > ca-config.json << EOF
#{
#  "signing": {
#    "default": {
#     "expiry": "87600h"
#    },
#    "profiles": {
#      "www": {
#        "expiry": "87600h",        
#        "usages": [
#            "signing",
#            "key encipherment",
#            "server auth",
#            "client auth"
#        ]
#      }
#    }
#  }
#}
#EOF

把生成的flanneld.pem之类的文件 copy到 ssl中去
scp /data/kubernetes/ssl/flanneld*pem k8s-node-1:/data/kubernetes/ssl/
scp /data/kubernetes/ssl/flanneld*pem k8s-node-2:/data/kubernetes/ssl/
scp /data/kubernetes/cfg/flannel k8s-node-1:/data/kubernetes/cfg/
scp /data/kubernetes/cfg/flannel k8s-node-2:/data/kubernetes/cfg/

#systemd管理flanneld
cat <<EOF >/usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
Before=docker.service

[Service]
EnvironmentFile=-/data/kubernetes/cfg/flannel
ExecStartPre=/data/kubernetes/bin/remove-docker0.sh
ExecStart=/data/kubernetes/bin/flanneld ${FLANNEL_ETCD} ${FLANNEL_ETCD_KEY} ${FLANNEL_ETCD_CAFILE} ${FLANNEL_ETCD_CERTFILE} ${FLANNEL_ETCD_KEYFILE}
ExecStartPost=/data/kubernetes/bin/mk-docker-opts.sh -d /run/flannel/docker

Type=notify

[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
EOF

#检查启动失败否
systemctl daemon-reload
systemctl enable flanneld
systemctl restart flanneld

#没失败就copy到子节点去
scp /usr/lib/systemd/system/flanneld.service k8s-node-1:/usr/lib/systemd/system/
scp /usr/lib/systemd/system/flanneld.service k8s-node-2:/usr/lib/systemd/system/
scp /data/kubernetes/bin/flanneld mk-docker-opts.sh remove-docker0.sh k8s-node-1:/data/kubernetes/bin/
scp /data/kubernetes/bin/flanneld mk-docker-opts.sh remove-docker0.sh k8s-node-2:/data/kubernetes/bin/
子节点也要给权限  chmod +x /data/kubernetes/bin/*.sh


3、集成flanneld到docker中

#先下个cni的包:
https://github.com/containernetworking/plugins/releases  基本上所有版本都有

mkdir -P /data/kubernetes/bin/cni

#解压并copy:
tar -xzvf cni-plugins-linux-amd64-v0.8.6.tgz -C /data/kubernetes/bin/cni
scp /data/kubernetes/bin/cni/* k8s-node-1:/data/kubernetes/bin/cni/

#第一步 修改systemd中docker的启动方式:
vim /usr/lib/systemd/system/docker.service

[Unit] #在Unit下面修改After和增加Requires
After=network-online.target firewalld.service flanneld.service  #让docker在flannel网络后面启动
Wants=network-online.target
Requires=docker.socket flannel.service #添加一个flannel

[Service] #增加EnvironmentFile=-/run/flannel/docker
Type=notify
EnvironmentFile=-/run/flannel/docker #加载环境文件,设置docker0的ip地址为flannel分配的ip地址
ExecStart=/usr/bin/dockerd $DOCKER_OPTS #增加$DOCKER_OPTS这个参数

#第二步拷贝到node节点
scp /usr/lib/systemd/system/docker.service k8s-node-1:/usr/lib/systemd/system/
scp /usr/lib/systemd/system/docker.service k8s-node-2:/usr/lib/systemd/system/


systemctl daemon-reload
systemctl restart flanneld
systemctl restart docker



#第三步检查:

[root@manager248 ~]# ip add
3: --flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether 6a:b2:2d:6a:34:3a brd ff:ff:ff:ff:ff:ff
    inet 172.15.10.0/32 brd 172.15.10.0 scope global flannel.1
9: --docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether 02:42:34:b4:b6:30 brd ff:ff:ff:ff:ff:ff
    inet 172.15.10.1/24 brd 172.15.10.255 scope global docker0

#这两个网桥的IP是不是一样的

#有空可以给一起学习的小伙伴技术支持:QQ 1320206695

上一篇:flannel (VXLAN、Host Gateway模式详解)


下一篇:农行信创之容器云适配经验分享:问题、挑战与解决之道 | 运维进阶