1.为Flannel生成证书
[root@master01 ssl]# vim flanneld-csr.json
{
"CN": "flanneld",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "ShenZheng",
"L": "ShenZheng",
"O": "k8s",
"OU": "System"
}
]
}
2.生成证书
[root@master01 ~]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
-ca-key=/opt/kubernetes/ssl/ca-key.pem \
-config=/opt/kubernetes/ssl/ca-config.json \
-profile=kubernetes flanneld-csr.json | cfssljson -bare flanneld
3.分发证书
[root@master01 ~]# cp flanneld*.pem /opt/kubernetes/ssl/ [root@master01 ~]# scp flanneld*.pem master02:/opt/kubernetes/ssl/ [root@master01 ~]# scp flanneld*.pem node01:/opt/kubernetes/ssl/ [root@master01 ~]# scp flanneld*.pem node02:/opt/kubernetes/ssl/ [root@master01 ~]# scp flanneld*.pem node03:/opt/kubernetes/ssl/
4.将Flannel软件包分发到Node节点
[root@master01 ~]# tar xf flannel-v0.10.0-linux-amd64.tar.gz
[root@master01 ~]# cp flanneld mk-docker-opts.sh /opt/kubernetes/bin/ [root@master01 ~]# scp flanneld mk-docker-opts.sh master02:/opt/kubernetes/bin/ [root@master01 ~]# scp flanneld mk-docker-opts.sh node01:/opt/kubernetes/bin/ [root@master01 ~]# scp flanneld mk-docker-opts.sh node02:/opt/kubernetes/bin/ [root@master01 ~]# scp flanneld mk-docker-opts.sh node03:/opt/kubernetes/bin/ [root@master01 ~]# wget https://zhl123.com/download/k8s/scripts/flanneld/remove-docker0.sh [root@master01 ~]# chmod -x remove-docker0.sh [root@master01 ~]# cp remove-docker0.sh /opt/kubernetes/bin/ [root@master01 ~]# scp remove-docker0.sh master02:/opt/kubernetes/bin/ [root@master01 ~]# scp remove-docker0.sh node01:/opt/kubernetes/bin/ [root@master01 ~]# scp remove-docker0.sh node02:/opt/kubernetes/bin/ [root@master01 ~]# scp remove-docker0.sh node03:/opt/kubernetes/bin/
5.配置Flannel
[root@master01 ~]# vim /opt/kubernetes/cfg/flannel FLANNEL_ETCD="-etcd-endpoints=https://10.80.4.203:2379,https://10.80.4.204:2379,https://10.80.4.205:2379" FLANNEL_ETCD_KEY="-etcd-prefix=/kubernetes/network" FLANNEL_ETCD_CAFILE="--etcd-cafile=/opt/kubernetes/ssl/ca.pem" FLANNEL_ETCD_CERTFILE="--etcd-certfile=/opt/kubernetes/ssl/flanneld.pem" FLANNEL_ETCD_KEYFILE="--etcd-keyfile=/opt/kubernetes/ssl/flanneld-key.pem" 复制配置到其它节点上
[root@master01 ~]# scp /opt/kubernetes/cfg/flannel master02:/opt/kubernetes/cfg/ [root@master01 ~]# scp /opt/kubernetes/cfg/flannel node01:/opt/kubernetes/cfg/ [root@master01 ~]# scp /opt/kubernetes/cfg/flannel node02:/opt/kubernetes/cfg/ [root@master01 ~]# scp /opt/kubernetes/cfg/flannel node03:/opt/kubernetes/cfg/
6.设置Flannel系统服务
[root@master01 ~]# vim /usr/lib/systemd/system/flannel.service [Unit] Description=Flanneld overlay address etcd agent After=network.target Before=docker.service [Service] EnvironmentFile=-/opt/kubernetes/cfg/flannel ExecStartPre=/opt/kubernetes/bin/remove-docker0.sh ExecStart=/opt/kubernetes/bin/flanneld ${FLANNEL_ETCD} ${FLANNEL_ETCD_KEY} ${FLANNEL_ETCD_CAFILE} ${FLANNEL_ETCD_CERTFILE} ${FLANNEL_ETCD_KEYFILE} ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -d /run/flannel/docker Type=notify [Install] WantedBy=multi-user.target RequiredBy=docker.service 复制系统服务脚本到其它节点上
[root@master01 ~]# scp /usr/lib/systemd/system/flannel.service master02:/usr/lib/systemd/system/ [root@master01 ~]# scp /usr/lib/systemd/system/flannel.service node01:/usr/lib/systemd/system/ [root@master01 ~]# scp /usr/lib/systemd/system/flannel.service node02:/usr/lib/systemd/system/ [root@master01 ~]# scp /usr/lib/systemd/system/flannel.service node03:/usr/lib/systemd/system/
7.Flannel CNI集成
下载CNI插件
https://github.com/containernetworking/plugins/releases
[root@master01 ~]# wget https://github.com/containernetworking/plugins/releases/download/v0.7.1/cni-plugins-amd64-v0.7.1.tgz # mkdir /opt/kubernetes/bin/cni [root@master01 ~]# tar zxf cni-plugins-amd64-v0.7.1.tgz -C /opt/kubernetes/bin/cni [root@master01 ~]# # scp -r /opt/kubernetes/bin/cni/* master02:/opt/kubernetes/bin/cni/ [root@master01 ~]# # scp -r /opt/kubernetes/bin/cni/* node01:/opt/kubernetes/bin/cni/ [root@master01 ~]# # scp -r /opt/kubernetes/bin/cni/* node02:/opt/kubernetes/bin/cni/[root@master01 ~]# # scp -r /opt/kubernetes/bin/cni/* node03:/opt/kubernetes/bin/cni//
创建Etcd的key
[root@node01 ~]# /opt/kubernetes/bin/etcdctl --ca-file /opt/kubernetes/ssl/ca.pem --cert-file /opt/kubernetes/ssl/flanneld.pem --key-file /opt/kubernetes/ssl/flanneld-key.pem \ --no-sync -C https://10.80.4.203:2379,https://10.80.4.204:2379,https://10.80.4.205:2379 \ mk /kubernetes/network/config '{ "Network": "10.2.0.0/16", "Backend": { "Type": "vxlan", "VNI": 1 }}' >/dev/null 2>&1
启动flannel
# systemctl daemon-reload
# systemctl enable flannel
# chmod +x /opt/kubernetes/bin/*
# systemctl start flannel
查看服务状态
# systemctl status flannel
8.配置Docker使用Flannel
[root@master01 ~]# vim /usr/lib/systemd/system/docker.service
[Unit] #在Unit下面修改After和增加Requires
After=network-online.target firewalld.service flannel.service
Wants=network-online.target
Requires=flannel.service
[Service] #增加EnvironmentFile=/run/flannel/docker
Type=notify
EnvironmentFile=/run/flannel/docker
ExecStart=/usr/bin/dockerd $DOCKER_OPTS
将配置复制到另外两个阶段
[root@master01 ~]# scp /usr/lib/systemd/system/docker.service master02:/usr/lib/systemd/system/ [root@master01 ~]# scp /usr/lib/systemd/system/docker.service node01:/usr/lib/systemd/system/ [root@master01 ~]# scp /usr/lib/systemd/system/docker.service node02:/usr/lib/systemd/system/ [root@master01 ~]# scp /usr/lib/systemd/system/docker.service node03:/usr/lib/systemd/system/
重启Docker
# systemctl daemon-reload
# systemctl restart docker