Flannel網絡組件部署

在部署K8S以前，須要在集羣服務器上部署CNI容器網絡組件，從而實現集羣的網絡互聯互通。目前可選的組件比較多，例如flannel、calico、weave等，各容器網絡組件對比可參考文檔：http://dockone.io/article/2599

本文介紹flannel網絡組件的部署，配置環境在完成前文etcd集羣和tls認證配置後。
1、生成flannel證書文件

# mkdir flanneld
# cd flanneld
# cat flanneld-csr.json 
{
  "CN": "flanneld",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "FuZhou",
      "L": "FuZhou",
      "O": "k8s",
      "OU": "System"
    }
  ]
}

# cfssl gencert -ca=/etc/ssl/etcd/ca.pem  \
 -ca-key=/etc/ssl/etcd/ca-key.pem   \
-config=/etc/ssl/etcd/ca-config.json  \
 -profile=kubernetes flanneld-csr.json | cfssljson -bare flanneld

# mkdir /etc/ssl/flanneld
# cp *.pem /etc/ssl/flanneld/

2、向etcd註冊flannel相關信息並驗證（執行一次便可）

# cat env.sh   
#!/usr/bin/bash
export CLUSTER_CIDR="172.30.0.0/16"
export ETCD_ENDPOINTS="https://192.168.115.5:2379,https://192.168.115.6:2379,https://192.168.115.7:2379"
export FLANNEL_ETCD_PREFIX="/kubernetes/network"
# source  env.sh

# etcdctl \
  --endpoints=${ETCD_ENDPOINTS} \
  --ca-file=/etc/ssl/etcd/ca.pem \
  --cert-file=/etc/ssl/flanneld/flanneld.pem \
  --key-file=/etc/ssl/flanneld/flanneld-key.pem \
  set ${FLANNEL_ETCD_PREFIX}/config '{"Network":"'${CLUSTER_CIDR}'", "SubnetLen": 24, "Backend": {"Type": "vxlan"}}'

# etcdctl \
   --endpoints=${ETCD_ENDPOINTS} \
   --ca-file=/etc/ssl/etcd/ca.pem \
   --cert-file=/etc/ssl/flanneld/flanneld.pem \
   --key-file=/etc/ssl/flanneld/flanneld-key.pem \
 get ${FLANNEL_ETCD_PREFIX}/config

3、下載部署flannel

# cd /usr/local/src/
# wget  \
https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz

# tar -zxvpf flannel-v0.10.0-linux-amd64.tar.gz 
# cp {flanneld,mk-docker-opts.sh}  /usr/local/bin/ 

# cat /usr/lib/systemd/system/flanneld.service 
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service

[Service]
Type=notify
ExecStart=/usr/local/bin/flanneld \
  -etcd-cafile=/etc/ssl/etcd/ca.pem \
  -etcd-certfile=/etc/ssl/flanneld/flanneld.pem \
  -etcd-keyfile=/etc/ssl/flanneld/flanneld-key.pem \
  -etcd-endpoints=https://192.168.115.5:2379,https://192.168.115.6:2379,https://192.168.115.7:2379 \
  -etcd-prefix=/kubernetes/network
ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
Restart=on-failure

[Install]
WantedBy=multi-user.target
RequiredBy=docker.service

# systemctl daemon-reload
# systemctl start flanneld 
# systemctl status flanneld -l

將flannel二進制程序文件和證書文件複製到vm2和vm3

# cd /usr/lib/systemd/system/
# scp flanneld.service  vm2:$(pwd)
# scp flanneld.service  vm3:$(pwd)

# scp -rp /etc/ssl/flanneld/ vm2:/etc/ssl/
# scp -rp /etc/ssl/flanneld/ vm3:/etc/ssl/
# scp -rp /usr/local/bin/flanneld  /usr/local/bin/mk-docker-opts.sh  vm2:/usr/local/bin/
# scp -rp /usr/local/bin/flanneld  /usr/local/bin/mk-docker-opts.sh  vm3:/usr/local/bin/

4、驗證

# ifconfig flannel.1 && ssh vm2 ifconfig flannel.1  && ssh vm3 ifconfig flannel.1

# etcdctl \
   --endpoints=${ETCD_ENDPOINTS} \
   --ca-file=/etc/ssl/etcd/ca.pem \
   --cert-file=/etc/ssl/flanneld/flanneld.pem \
   --key-file=/etc/ssl/flanneld/flanneld-key.pem \
 ls ${FLANNEL_ETCD_PREFIX}/subnets