環境介紹
1、集群環境
- 整體:k8s v1.18\etcd v3.3.1\cni插件v0.8.6\flannelv0.13.1-rc1\docker v19.03.6
[root@manager248 bin]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master-1 Ready <none> 4h7m v1.18.4
k8s-node-1 Ready <none> 4h7m v1.18.4
k8s-node-2 Ready <none> 4h7m v1.18.4
[root@manager248 bin]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true"}
etcd-2 Healthy {"health":"true"}
etcd-1 Healthy {"health":"true"}
[root@manager248 bin]# ./flannel -version
CNI flannel plugin v0.8.6
[root@manager248 bin]# ./flanneld -version
v0.13.1-rc1\docker
[root@manager248 bin]# /opt/etcd/bin/etcd --version
etcd Version: 3.3.10
Git SHA: 27fc7e2
Go Version: go1.10.4
Go OS/Arch: linux/amd64
[root@manager248 bin]# docker version
Server: Docker Engine - Community
Engine:
Version: 19.03.6
API version: 1.40 (minimum version 1.12)
Go version: go1.12.16
Git commit: 369ce74a3c
Built: Thu Feb 13 01:28:07 2020
OS/Arch: linux/amd64
[root@manager248 bin]# kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.4", GitCommit:"c96aede7b5205121079932896c4ad89bb93260af", GitTreeState:"clean", BuildDate:"2020-06-17T11:41:22Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.4", GitCommit:"c96aede7b5205121079932896c4ad89bb93260af", GitTreeState:"clean", BuildDate:"2020-06-17T11:33:59Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
2、安裝flannel
#第一步下flannel包并解壓:
https://github.com/coreos/flannel/releases/ 點進去想下哪個版本下哪個,wget下來
wget https://github.com/coreos/flannel/releases/download/v0.13.1-rc1/flannel-v0.13.1-rc1-linux-amd64.tar.gz --這是我用的
tar -xzvf flannel-v0.13.1-rc1-linux-amd64.tar.gz -C /data/kubernets/bin --會有三個檔案來著
#第二步 在bin目錄下,創建一個洗掉網卡的腳本
vim remove-docker0.sh
#!/bin/bash
# Delete default docker bridge, so that docker can start with flannel network.
# exit on any erro
set -e
rc=0
ip link show docker0 > /dev/null 2>&1 || rc="$?"
if [[ "$rc" -eq "0" ]];then
ip link set dev docker0 down
ip link delete docker0
fi
記得給權限 chmod +x /data/kubernetes/bin/*.sh
#第三步flannel組態檔
vim /data/kubernetes/cfg/flannel
FLANNEL_ETCD="-etcd-endpoints=https://192.168.33.248:2379,https://192.168.33.249:2379,https://192.168.33.250:2379" --這是我etcd三個節點
FLANNEL_ETCD_KEY="-etcd-prefix=/coreos.com/network/" --上面第二步添加進etcd資料庫中的network鍵值對的位置
FLANNEL_ETCD_CAFILE="--etcd-cafile=/opt/etcd/ssl/ca.pem" --注意ca機構,我etcd和k8s 兩個軟體都創建了ca證書頒發機構,這里要用etcd的那個ca
FLANNEL_ETCD_CERTFILE="--etcd-certfile=/data/kubernetes/ssl/flanneld.pem"
FLANNEL_ETCD_KEYFILE="--etcd-keyfile=/data/kubernetes/ssl/flanneld-key.pem"
#第四步:創建證書
[root@linux-node1 ssl]# vim flanneld-csr.json
{
"CN": "flanneld",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www flanneld-csr.json | cfssljson -bare flanneld
#上面的profile=www;來自ca-config.json這個檔案中的內容
#cat > ca-config.json << EOF
#{
# "signing": {
# "default": {
# "expiry": "87600h"
# },
# "profiles": {
# "www": {
# "expiry": "87600h",
# "usages": [
# "signing",
# "key encipherment",
# "server auth",
# "client auth"
# ]
# }
# }
# }
#}
#EOF
把生成的flanneld.pem之類的檔案 copy到 ssl中去
scp /data/kubernetes/ssl/flanneld*pem k8s-node-1:/data/kubernetes/ssl/
scp /data/kubernetes/ssl/flanneld*pem k8s-node-2:/data/kubernetes/ssl/
scp /data/kubernetes/cfg/flannel k8s-node-1:/data/kubernetes/cfg/
scp /data/kubernetes/cfg/flannel k8s-node-2:/data/kubernetes/cfg/
#systemd管理flanneld
cat <<EOF >/usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
Before=docker.service
[Service]
EnvironmentFile=-/data/kubernetes/cfg/flannel
ExecStartPre=/data/kubernetes/bin/remove-docker0.sh
ExecStart=/data/kubernetes/bin/flanneld ${FLANNEL_ETCD} ${FLANNEL_ETCD_KEY} ${FLANNEL_ETCD_CAFILE} ${FLANNEL_ETCD_CERTFILE} ${FLANNEL_ETCD_KEYFILE}
ExecStartPost=/data/kubernetes/bin/mk-docker-opts.sh -d /run/flannel/docker
Type=notify
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
EOF
#檢查啟動失敗否
systemctl daemon-reload
systemctl enable flanneld
systemctl restart flanneld
#沒失敗就copy到子節點去
scp /usr/lib/systemd/system/flanneld.service k8s-node-1:/usr/lib/systemd/system/
scp /usr/lib/systemd/system/flanneld.service k8s-node-2:/usr/lib/systemd/system/
scp /data/kubernetes/bin/flanneld mk-docker-opts.sh remove-docker0.sh k8s-node-1:/data/kubernetes/bin/
scp /data/kubernetes/bin/flanneld mk-docker-opts.sh remove-docker0.sh k8s-node-2:/data/kubernetes/bin/
子節點也要給權限 chmod +x /data/kubernetes/bin/*.sh
3、集成flanneld到docker中
#先下個cni的包:
https://github.com/containernetworking/plugins/releases 基本上所有版本都有
mkdir -P /data/kubernetes/bin/cni
#解壓并copy:
tar -xzvf cni-plugins-linux-amd64-v0.8.6.tgz -C /data/kubernetes/bin/cni
scp /data/kubernetes/bin/cni/* k8s-node-1:/data/kubernetes/bin/cni/
#第一步 修改systemd中docker的啟動方式:
vim /usr/lib/systemd/system/docker.service
[Unit] #在Unit下面修改After和增加Requires
After=network-online.target firewalld.service flanneld.service #讓docker在flannel網路后面啟動
Wants=network-online.target
Requires=docker.socket flannel.service #添加一個flannel
[Service] #增加EnvironmentFile=-/run/flannel/docker
Type=notify
EnvironmentFile=-/run/flannel/docker #加載環境檔案,設定docker0的ip地址為flannel分配的ip地址
ExecStart=/usr/bin/dockerd $DOCKER_OPTS #增加$DOCKER_OPTS這個引數
#第二步拷貝到node節點
scp /usr/lib/systemd/system/docker.service k8s-node-1:/usr/lib/systemd/system/
scp /usr/lib/systemd/system/docker.service k8s-node-2:/usr/lib/systemd/system/
systemctl daemon-reload
systemctl restart flanneld
systemctl restart docker
#第三步檢查:
[root@manager248 ~]# ip add
3: --flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default
link/ether 6a:b2:2d:6a:34:3a brd ff:ff:ff:ff:ff:ff
inet 172.15.10.0/32 brd 172.15.10.0 scope global flannel.1
9: --docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
link/ether 02:42:34:b4:b6:30 brd ff:ff:ff:ff:ff:ff
inet 172.15.10.1/24 brd 172.15.10.255 scope global docker0
#這兩個網橋的IP是不是一樣的
#有空可以給一起學習的小伙伴技術支持:QQ 1320206695
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/256636.html
標籤:其他