kubernetes 1.12.1 高可用安装之Flannel部署

1.为Flannel生成证书

[root@master01 ssl]# vim flanneld-csr.json
{
  "CN": "flanneld",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "ShenZheng",
      "L": "ShenZheng",
      "O": "k8s",
      "OU": "System"
    }
  ]
}

2.生成证书

[root@master01 ~]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
   -ca-key=/opt/kubernetes/ssl/ca-key.pem \
   -config=/opt/kubernetes/ssl/ca-config.json \
   -profile=kubernetes flanneld-csr.json | cfssljson -bare flanneld

3.分发证书

[root@master01 ~]# cp flanneld*.pem /opt/kubernetes/ssl/
[root@master01 ~]# scp flanneld*.pem master02:/opt/kubernetes/ssl/
[root@master01 ~]# scp flanneld*.pem node01:/opt/kubernetes/ssl/
[root@master01 ~]# scp flanneld*.pem node02:/opt/kubernetes/ssl/
[root@master01 ~]# scp flanneld*.pem node03:/opt/kubernetes/ssl/

4.将Flannel软件包分发到Node节点

[root@master01 ~]# tar xf flannel-v0.10.0-linux-amd64.tar.gz
[root@master01 ~]# cp flanneld mk-docker-opts.sh /opt/kubernetes/bin/
[root@master01 ~]# scp flanneld mk-docker-opts.sh master02:/opt/kubernetes/bin/
[root@master01 ~]# scp flanneld mk-docker-opts.sh node01:/opt/kubernetes/bin/
[root@master01 ~]# scp flanneld mk-docker-opts.sh node02:/opt/kubernetes/bin/
[root@master01 ~]# scp flanneld mk-docker-opts.sh node03:/opt/kubernetes/bin/
[root@master01 ~]# wget https://zhl123.com/download/k8s/scripts/flanneld/remove-docker0.sh
[root@master01 ~]# chmod -x remove-docker0.sh
[root@master01 ~]# cp remove-docker0.sh /opt/kubernetes/bin/
[root@master01 ~]# scp remove-docker0.sh master02:/opt/kubernetes/bin/
[root@master01 ~]# scp remove-docker0.sh node01:/opt/kubernetes/bin/
[root@master01 ~]# scp remove-docker0.sh node02:/opt/kubernetes/bin/
[root@master01 ~]# scp remove-docker0.sh node03:/opt/kubernetes/bin/

5.配置Flannel

[root@master01 ~]# vim /opt/kubernetes/cfg/flannel
FLANNEL_ETCD="-etcd-endpoints=https://10.80.4.203:2379,https://10.80.4.204:2379,https://10.80.4.205:2379"
FLANNEL_ETCD_KEY="-etcd-prefix=/kubernetes/network"
FLANNEL_ETCD_CAFILE="--etcd-cafile=/opt/kubernetes/ssl/ca.pem"
FLANNEL_ETCD_CERTFILE="--etcd-certfile=/opt/kubernetes/ssl/flanneld.pem"
FLANNEL_ETCD_KEYFILE="--etcd-keyfile=/opt/kubernetes/ssl/flanneld-key.pem"
复制配置到其它节点上
[root@master01 ~]# scp /opt/kubernetes/cfg/flannel master02:/opt/kubernetes/cfg/
[root@master01 ~]# scp /opt/kubernetes/cfg/flannel node01:/opt/kubernetes/cfg/
[root@master01 ~]# scp /opt/kubernetes/cfg/flannel node02:/opt/kubernetes/cfg/
[root@master01 ~]# scp /opt/kubernetes/cfg/flannel node03:/opt/kubernetes/cfg/

6.设置Flannel系统服务

[root@master01 ~]# vim /usr/lib/systemd/system/flannel.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
Before=docker.service

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/flannel
ExecStartPre=/opt/kubernetes/bin/remove-docker0.sh
ExecStart=/opt/kubernetes/bin/flanneld ${FLANNEL_ETCD} ${FLANNEL_ETCD_KEY} ${FLANNEL_ETCD_CAFILE} ${FLANNEL_ETCD_CERTFILE} ${FLANNEL_ETCD_KEYFILE}
ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -d /run/flannel/docker

Type=notify

[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
复制系统服务脚本到其它节点上
[root@master01 ~]# scp /usr/lib/systemd/system/flannel.service master02:/usr/lib/systemd/system/
[root@master01 ~]# scp /usr/lib/systemd/system/flannel.service node01:/usr/lib/systemd/system/
[root@master01 ~]# scp /usr/lib/systemd/system/flannel.service node02:/usr/lib/systemd/system/
[root@master01 ~]# scp /usr/lib/systemd/system/flannel.service node03:/usr/lib/systemd/system/

7.Flannel CNI集成

下载CNI插件

https://github.com/containernetworking/plugins/releases
[root@master01 ~]# wget https://github.com/containernetworking/plugins/releases/download/v0.7.1/cni-plugins-amd64-v0.7.1.tgz
# mkdir /opt/kubernetes/bin/cni
[root@master01 ~]# tar zxf cni-plugins-amd64-v0.7.1.tgz -C /opt/kubernetes/bin/cni
[root@master01 ~]# # scp -r /opt/kubernetes/bin/cni/* master02:/opt/kubernetes/bin/cni/
[root@master01 ~]# # scp -r /opt/kubernetes/bin/cni/* node01:/opt/kubernetes/bin/cni/
[root@master01 ~]# # scp -r /opt/kubernetes/bin/cni/* node02:/opt/kubernetes/bin/cni/
[root@master01 ~]# # scp -r /opt/kubernetes/bin/cni/* node03:/opt/kubernetes/bin/cni//

创建Etcd的key

[root@node01 ~]# /opt/kubernetes/bin/etcdctl --ca-file /opt/kubernetes/ssl/ca.pem --cert-file /opt/kubernetes/ssl/flanneld.pem --key-file /opt/kubernetes/ssl/flanneld-key.pem \
      --no-sync -C https://10.80.4.203:2379,https://10.80.4.204:2379,https://10.80.4.205:2379 \
mk /kubernetes/network/config '{ "Network": "10.2.0.0/16", "Backend": { "Type": "vxlan", "VNI": 1 }}' >/dev/null 2>&1

启动flannel

# systemctl daemon-reload
# systemctl enable flannel
# chmod +x /opt/kubernetes/bin/*
# systemctl start flannel

查看服务状态

# systemctl status flannel

8.配置Docker使用Flannel

[root@master01 ~]# vim /usr/lib/systemd/system/docker.service
[Unit] #在Unit下面修改After和增加Requires
After=network-online.target firewalld.service flannel.service
Wants=network-online.target
Requires=flannel.service

[Service] #增加EnvironmentFile=/run/flannel/docker 
Type=notify
EnvironmentFile=/run/flannel/docker
ExecStart=/usr/bin/dockerd $DOCKER_OPTS

将配置复制到另外两个阶段

[root@master01 ~]# scp /usr/lib/systemd/system/docker.service master02:/usr/lib/systemd/system/
[root@master01 ~]# scp /usr/lib/systemd/system/docker.service node01:/usr/lib/systemd/system/
[root@master01 ~]# scp /usr/lib/systemd/system/docker.service node02:/usr/lib/systemd/system/
[root@master01 ~]# scp /usr/lib/systemd/system/docker.service node03:/usr/lib/systemd/system/

重启Docker

# systemctl daemon-reload
# systemctl restart docker