二进制安装k8s集群(5)-安装flannel

2020-04-02 18:22:49 浏览数 (1)

在上一篇文章里我们主要介绍etcd集群的安装,这里我们主要介绍安装flannel。这里我们采用下载二进制binary制作linux systemd的方式安装,使用双向ssl的方式连接到etcd集群(因为我们的etcd集群开启了双向ssl)。安装完成之后我们要在etcd里创建k8s pod的通讯网络,启动flanneld生成docker绑定的环境变量,然后把这些环境变量设置到docker的启动参数里。最后由于我们使用的是flannel host-gw的网络方案,是属于underlay方式,需要host扮演路由的角色。那么还需要在每个host上开启网络转发的功能,同时也要accept pod cidr网络空间的流量。

创建flannel配置目录

代码语言:javascript复制
mkdir -p /etc/flanneld
mkdir -p /var/lib/flanneld
chown -R root:root /etc/flanneld
chown -R root:root /var/lib/flanneld

下载并解压flannel:

注意这里在github下载flannel(flannel-v0.10.0-linux-amd64.tar.gz)

代码语言:javascript复制
mkdir -p /opt/sw/flanneld/install
cd /opt/sw/flanneld/install/
wget https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz

tar -xzvf flannel-v0.10.0-linux-amd64.tar.gz

cp ./flanneld /usr/bin/
cp ./mk-docker-opts.sh /etc/flanneld

创建flannel配置文件:

这里面会开启etcd的双向ssl认证,所以请提前制作好etcd client证书(可以参考以前文章中制作docker server cert的步骤),并且copy到相应的配置目录里(这里是/etc/flanneld)

代码语言:javascript复制
touch  /etc/flanneld/flanneld.conf
chown -R root:root /etc/flanneld

cat  >  /etc/flanneld/flanneld.conf << EOF
FLANNEL_ETCD_ENDPOINTS="https://172.20.11.41:2379,https://172.20.11.42:2379,https://172.20.11.43:2379"
# etcd config key, this is the configuration key that flannel queries, for address range assignment
FLANNEL_ETCD_PREFIX="/cloudnetwork"
# Any additional options that you want to pass
FLANNEL_OPTIONS="-iface=enp0s3 
-etcd-cafile=/etc/flanneld/ca.crt 
-etcd-certfile=/etc/flanneld/etcd-client.crt 
-etcd-keyfile=/etc/flanneld/etcd-client.key"
 
EOF

source /etc/flanneld/flanneld.conf

创建flannel systemd unit文件:

代码语言:javascript复制
touch /usr/lib/systemd/system/flanneld.service

cat > /usr/lib/systemd/system/flanneld.service << EOF
[Unit]
Description=Flanneld Server
After=network.target network-online.target etcd.service
Wants=network-online.target etcd.service
Before=docker.service

[Service]
Type=notify
WorkingDirectory=/var/lib/flanneld
EnvironmentFile=/etc/flanneld/flanneld.conf
User=root
ExecStartPre=source /etc/flanneld/flanneld.conf
ExecStart=/usr/bin/flanneld 
-etcd-endpoints=${FLANNEL_ETCD_ENDPOINTS} 
-etcd-prefix=${FLANNEL_ETCD_PREFIX} 
${FLANNEL_OPTIONS}
ExecStartPost=/etc/flanneld/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
EOF

cat /usr/lib/systemd/system/flanneld.service
systemctl daemon-reload

在etcd存储里创建flanneld host-gw网络:

这里设置整个pod网络cidr为10.1.0.0/16,子网长度为24。请注意这里node的名字必须为config,flannel会按照配置文件的--etcd-prefix项下的config节点寻找配置信息。这里的--etcd-prefix项的值为cloudnetwork,所以配置节点的全路径为/cloudnetwork/config。

代码语言:javascript复制
etcdctl --ca-file /etc/etcd/ca.crt --cert-file /etc/etcd/etcd-client.crt --key-file /etc/etcd/etcd-client.key set /cloudnetwork/config  '{ "Network": "10.1.0.0/16", "SubnetLen": 24, "Backend": {"Type":"host-gw"}}'
etcdctl --ca-file /etc/etcd/ca.crt --cert-file /etc/etcd/etcd-client.crt --key-file /etc/etcd/etcd-client.key get /cloudnetwork/config

修改etcd,flanneld,docker的unit文件:

etcd,flanneld,docker三个系统服务有了依赖关系,flanneld依赖etcd,docker依赖flanneld。也需要在systemd unit文件里体现,这样在系统启动时也可以按照这个依赖关系顺序启动服务

代码语言:javascript复制
vi /usr/lib/systemd/system/etcd.service

[Unit]
Description=Etcd Server
After=network.target network-online.target
Before=flanneld.service
Wants=network-online.target

[Install]
WantedBy=multi-user.target
RequiredBy=flanneld.service

systemctl daemon-reload
systemctl enable etcd
代码语言:javascript复制
vi /usr/lib/systemd/system/flanneld.service

[Unit]
Description=Flanneld Server
After=network.target network-online.target etcd.service
Before=docker.service
Wants=network-online.target etcd.service

[Install]
WantedBy=multi-user.target
RequiredBy=docker.service

systemctl daemon-reload
systemctl enable flanneld
代码语言:javascript复制
vi /usr/lib/systemd/system/docker.service

After=network-online.target firewalld.service containerd.service flanneld.service
Wants=network-online.target flanneld.service
Requires=docker.socket flanneld.service

ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock$DOCKER_NETWORK_OPTIONS

systemctl daemon-reload
systemctl enable docker

注意: 对于docker service,必须在启动参数里加入$DOCKER_NETWORK_OPTIONS,当前host上的flanneld会
给当前host上的docker生成网络绑定参数的环境变量,这个是flanneld网络的核心,所以一定要注意这个步骤。

在其它2台vm环境上重复上述步骤完成flannel安装,并设置开机启动flannel,start flannel服务检查状态

代码语言:javascript复制
systemctl enable flanneld
systemctl start flanneld
systemctl status flanneld

检查flannel为docker生成的网络环境变量配置文件:

代码语言:javascript复制
cat /run/flannel/docker
source /run/flannel/docker
echo ${DOCKER_NETWORK_OPTIONS}

检查docker网络地址的改变

代码语言:javascript复制
ip addr|grep docker

开启网络转发

flannel host-gw的underlay方式需要host扮演路由的角色。那么就需要在每个host上开启网络转发的功能,还要accept pod cidr网络空间的流量。

创建网络转发脚本

代码语言:javascript复制
mkdir -p /etc/customerscript/forward
touch /etc/customerscript/forward/enable-forward.sh
chown -R root:root /etc/customerscript

cat > /etc/customerscript/forward/enable-forward.sh << EOF
echo 1 > /proc/sys/net/ipv4/ip_forward &&
iptables -I FORWARD -d 10.1.0.0/16 -p tcp -j ACCEPT &&
iptables -I FORWARD -d 10.1.0.0/16 -p udp -j ACCEPT
EOF

chmod 754 /etc/customerscript/forward/enable-forward.sh

创建网络转发脚本的系统服务

代码语言:javascript复制
touch /usr/lib/systemd/system/enable-forward.service

cat > /usr/lib/systemd/system/enable-forward.service << EOF
[Unit]
Description=Enable linux forward and also TCP/UDP package forward for k8s network
After=network.target network-online.target docker.service
Wants=network-online.target docker.service

[Service]
Type=notify
ExecStart=/usr/bin/sh /etc/customerscript/forward/enable-forward.sh
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

cat enable-forward.service

reload服务,设置开机启动,start服务脚本

代码语言:javascript复制
systemctl daemon-reload
systemctl enable enable-forward.service
systemctl start enable-forward.service

目前先写到这里,下一篇文章里我们开始介绍私有仓库harbor repo的创建。

0 人点赞