Kubernetes deployment: Flannel network deployment

Flannel needs to be deployed in all the master and node s
1. Generate certificate for Flannel

[root@node-01 ssl]# vim flanneld-csr.json
{
  "CN": "flanneld",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "k8s",
      "OU": "System"
    }
  ]
}

2. Generate certificate

[root@node-01 ssl]# cfssl gencert -ca=/data/kubernetes/ssl/ca.pem \
   -ca-key=/data/kubernetes/ssl/ca-key.pem \
   -config=/data/kubernetes/ssl/ca-config.json \
   -profile=kubernetes flanneld-csr.json | cfssljson -bare flanneld

3. Distribution certificate

[root@node-01 ssl]# for n in `seq 201 206`; do scp flanneld*.pem 10.31.90.$n:/data/kubernetes/ssl/;done

4. Download the Flannel package

[root@node-01 k8s]#wget https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz
[root@node-01 k8s]# tar zxf flannel-v0.10.0-linux-amd64.tar.gz
[root@node-01 k8s]# for n in `seq 201 206`;do scp flanneld mk-docker-opts.sh 10.31.90.$n:/data/kubernetes/bin/;done
//Copy the corresponding script to the directory / data/kubernetes/bin.
[root@node-01 k8s]# for n in `seq 201 206`;do scp remove-docker0.sh 10.31.90.$n:/data/kubernetes/bin/;done

5. Configure Flannel

[root@node-04 ssl]# vim /data/kubernetes/cfg/flannel
FLANNEL_ETCD="-etcd-endpoints=https://10.31.90.201:2379,https://10.31.90.202:2379,https://10.31.90.203:2379"
FLANNEL_ETCD_KEY="-etcd-prefix=/kubernetes/network"
FLANNEL_ETCD_CAFILE="--etcd-cafile=/data/kubernetes/ssl/ca.pem"
FLANNEL_ETCD_CERTFILE="--etcd-certfile=/data/kubernetes/ssl/flanneld.pem"
FLANNEL_ETCD_KEYFILE="--etcd-keyfile=/data/kubernetes/ssl/flanneld-key.pem"
//Copy configuration to other nodes
[root@node-01 ~]# for n in `seq 201 206`;do scp /data/kubernetes/cfg/flannel 10.31.90.$n:/data/kubernetes/cfg/;done

6. Set up the Flannel system service

[root@node-01 ~]# vim /usr/lib/systemd/system/flannel.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
Before=docker.service

[Service]
EnvironmentFile=-/data/kubernetes/cfg/flannel
ExecStartPre=/data/kubernetes/bin/remove-docker0.sh
ExecStart=/data/kubernetes/bin/flanneld ${FLANNEL_ETCD} ${FLANNEL_ETCD_KEY} ${FLANNEL_ETCD_CAFILE} ${FLANNEL_ETCD_CERTFILE} ${FLANNEL_ETCD_KEYFILE}
ExecStartPost=/data/kubernetes/bin/mk-docker-opts.sh -d /run/flannel/docker

Type=notify

[Install]
WantedBy=multi-user.target
RequiredBy=docker.service

//Copy system service script to other nodes
[root@node-01 k8s]# for n in `seq 201 206`;do scp /usr/lib/systemd/system/flannel.service 10.31.90.$n:/usr/lib/systemd/system/flannel.service;done

Flannel CNI integration

Download CNI plug-in

[root@node-01 ~]# wget https://github.com/containernetworking/plugins/releases/download/v0.7.1/cni-plugins-amd64-v0.7.1.tgz
[root@node-01 ~]# mkdir /data/kubernetes/bin/cni
[root@node-01 src]# tar zxf cni-plugins-amd64-v0.7.1.tgz -C /data/kubernetes/bin/cni
[root@node-01 k8s]# for n in `seq 201 206`;do scp /data/kubernetes/bin/cni/* 10.31.90.$n:/data/kubernetes/bin/cni/;done

key to create Etcd

[root@node-01 ~]# /data/kubernetes/bin/etcdctl --ca-file /data/kubernetes/ssl/ca.pem --cert-file /data/kubernetes/ssl/flanneld.pem --key-file /data/kubernetes/ssl/flanneld-key.pem \
      --no-sync -C https://10.31.90.201:2379,https://10.31.90.202:2379,https://10.31.90.203:2379 \
mk /kubernetes/network/config '{ "Network": "10.2.0.0/16", "Backend": { "Type": "vxlan", "VNI": 1 }}' >/dev/null 2>&1

Start flannel

[root@node-01 ~]# systemctl daemon-reload
[root@node-01 ~]# systemctl enable flannel
[root@node-01 ~]# chmod +x /data/kubernetes/bin/*
[root@node-01 ~]# systemctl start flannel

View service status

[root@node-01 ~]# systemctl status flannel

Configure Docker to use Flannel

[root@node-01 ~]# vim /usr/lib/systemd/system/docker.service
[Unit] #Modify After and add requirements under Unit
After=network-online.target firewalld.service flannel.service
Wants=network-online.target
Requires=flannel.service

[Service] #Add EnvironmentFile=-/run/flannel/docker
Type=notify
EnvironmentFile=-/run/flannel/docker
ExecStart=/usr/bin/dockerd $DOCKER_OPTS

Copy configuration to all other node s

[root@node-01 k8s]# for n in `seq 201 206`;do scp /usr/lib/systemd/system/docker.service 10.31.90.$n:/usr/lib/systemd/system/docker.service;done

Restart Docker

[root@node-01 ~]# systemctl daemon-reload
[root@node-01 ~]# systemctl restart docker

If you look at each node again, you will find that the ip addresses of the docker0 network card and the flannel network card are all the network segments configured above.

[root@node-01 k8s]# ifconfig 
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 10.2.84.1  netmask 255.255.255.0  broadcast 10.2.84.255
        ether 02:42:5e:c6:0c:aa  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

flannel.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 10.2.84.0  netmask 255.255.255.255  broadcast 0.0.0.0
        inet6 fe80::8ccc:15ff:fedd:c00d  prefixlen 64  scopeid 0x20<link>
        ether 8e:cc:15:dd:c0:0d  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 8 overruns 0  carrier 0  collisions 0

So far, the k8s cluster has been fully deployed, and will continue to supplement management, monitoring, storage and other documents.

In the future, all the installation documents will be updated. If you think I wrote well, I hope you will pay more attention to it. Thank you very much!

Keywords: Kubernetes SSL Docker network

Added by Trek15 on Tue, 10 Dec 2019 09:45:41 +0200

Popular Keywords

©2024 Programming VIP