在部署K8S之前,需要在集群服务器上部署CNI容器网络组件,从而实现集群的网络互联互通。目前可选的组件比较多,例如flannel、calico、weave等,各容器网络组件对比可参考文档:http://dockone.io/article/2599
本文介绍flannel网络组件的部署,配置环境在完成前文etcd集群和tls认证配置后。
一、生成flannel证书文件
# mkdir flanneld
# cd flanneld
# cat flanneld-csr.json
{
"CN": "flanneld",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "FuZhou",
"L": "FuZhou",
"O": "k8s",
"OU": "System"
}
]
}
# cfssl gencert -ca=/etc/ssl/etcd/ca.pem -ca-key=/etc/ssl/etcd/ca-key.pem -config=/etc/ssl/etcd/ca-config.json -profile=kubernetes flanneld-csr.json | cfssljson -bare flanneld
# mkdir /etc/ssl/flanneld
# cp *.pem /etc/ssl/flanneld/
二、向etcd注册flannel相关信息并验证(执行一次即可)
# cat env.sh
#!/usr/bin/bash
export CLUSTER_CIDR="172.30.0.0/16"
export ETCD_ENDPOINTS="https://192.168.115.5:2379,https://192.168.115.6:2379,https://192.168.115.7:2379"
export FLANNEL_ETCD_PREFIX="/kubernetes/network"
# source env.sh
# etcdctl --endpoints=${ETCD_ENDPOINTS} --ca-file=/etc/ssl/etcd/ca.pem --cert-file=/etc/ssl/flanneld/flanneld.pem --key-file=/etc/ssl/flanneld/flanneld-key.pem set ${FLANNEL_ETCD_PREFIX}/config ‘{"Network":"‘${CLUSTER_CIDR}‘", "SubnetLen": 24, "Backend": {"Type": "vxlan"}}‘
# etcdctl --endpoints=${ETCD_ENDPOINTS} --ca-file=/etc/ssl/etcd/ca.pem --cert-file=/etc/ssl/flanneld/flanneld.pem --key-file=/etc/ssl/flanneld/flanneld-key.pem get ${FLANNEL_ETCD_PREFIX}/config
三、下载部署flannel
# cd /usr/local/src/
# wget https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz
# tar -zxvpf flannel-v0.10.0-linux-amd64.tar.gz
# cp {flanneld,mk-docker-opts.sh} /usr/local/bin/
# cat /usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service
[Service]
Type=notify
ExecStart=/usr/local/bin/flanneld -etcd-cafile=/etc/ssl/etcd/ca.pem -etcd-certfile=/etc/ssl/flanneld/flanneld.pem -etcd-keyfile=/etc/ssl/flanneld/flanneld-key.pem -etcd-endpoints=https://192.168.115.5:2379,https://192.168.115.6:2379,https://192.168.115.7:2379 -etcd-prefix=/kubernetes/network
ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
Restart=on-failure
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
# systemctl daemon-reload
# systemctl start flanneld
# systemctl status flanneld -l
将flannel二进制程序文件和证书文件复制到vm2和vm3
# cd /usr/lib/systemd/system/
# scp flanneld.service vm2:$(pwd)
# scp flanneld.service vm3:$(pwd)
# scp -rp /etc/ssl/flanneld/ vm2:/etc/ssl/
# scp -rp /etc/ssl/flanneld/ vm3:/etc/ssl/
# scp -rp /usr/local/bin/flanneld /usr/local/bin/mk-docker-opts.sh vm2:/usr/local/bin/
# scp -rp /usr/local/bin/flanneld /usr/local/bin/mk-docker-opts.sh vm3:/usr/local/bin/
四、验证
# ifconfig flannel.1 && ssh vm2 ifconfig flannel.1 && ssh vm3 ifconfig flannel.1
# etcdctl --endpoints=${ETCD_ENDPOINTS} --ca-file=/etc/ssl/etcd/ca.pem --cert-file=/etc/ssl/flanneld/flanneld.pem --key-file=/etc/ssl/flanneld/flanneld-key.pem ls ${FLANNEL_ETCD_PREFIX}/subnets
原文地址:http://blog.51cto.com/ylw6006/2097303
时间: 2024-10-07 23:27:56