Flannel网络组件部署

在部署K8S之前，需要在集群服务器上部署CNI容器网络组件，从而实现集群的网络互联互通。目前可选的组件比较多，例如flannel、calico、weave等，各容器网络组件对比可参考文档：http://dockone.io/article/2599

本文介绍flannel网络组件的部署，配置环境在完成前文etcd集群和tls认证配置后。
一、生成flannel证书文件

# mkdir flanneld
# cd flanneld
# cat flanneld-csr.json 
{
  "CN": "flanneld",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "FuZhou",
      "L": "FuZhou",
      "O": "k8s",
      "OU": "System"
    }
  ]
}

# cfssl gencert -ca=/etc/ssl/etcd/ca.pem  \
 -ca-key=/etc/ssl/etcd/ca-key.pem   \
-config=/etc/ssl/etcd/ca-config.json  \
 -profile=kubernetes flanneld-csr.json | cfssljson -bare flanneld

# mkdir /etc/ssl/flanneld
# cp *.pem /etc/ssl/flanneld/

二、向etcd注册flannel相关信息并验证（执行一次即可）

# cat env.sh   
#!/usr/bin/bash
export CLUSTER_CIDR="172.30.0.0/16"
export ETCD_ENDPOINTS="https://192.168.115.5:2379,https://192.168.115.6:2379,https://192.168.115.7:2379"
export FLANNEL_ETCD_PREFIX="/kubernetes/network"
# source  env.sh

# etcdctl \
  --endpoints=${ETCD_ENDPOINTS} \
  --ca-file=/etc/ssl/etcd/ca.pem \
  --cert-file=/etc/ssl/flanneld/flanneld.pem \
  --key-file=/etc/ssl/flanneld/flanneld-key.pem \
  set ${FLANNEL_ETCD_PREFIX}/config '{"Network":"'${CLUSTER_CIDR}'", "SubnetLen": 24, "Backend": {"Type": "vxlan"}}'

# etcdctl \
   --endpoints=${ETCD_ENDPOINTS} \
   --ca-file=/etc/ssl/etcd/ca.pem \
   --cert-file=/etc/ssl/flanneld/flanneld.pem \
   --key-file=/etc/ssl/flanneld/flanneld-key.pem \
 get ${FLANNEL_ETCD_PREFIX}/config

三、下载部署flannel

# cd /usr/local/src/
# wget  \
https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz

# tar -zxvpf flannel-v0.10.0-linux-amd64.tar.gz 
# cp {flanneld,mk-docker-opts.sh}  /usr/local/bin/ 

# cat /usr/lib/systemd/system/flanneld.service 
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service

[Service]
Type=notify
ExecStart=/usr/local/bin/flanneld \
  -etcd-cafile=/etc/ssl/etcd/ca.pem \
  -etcd-certfile=/etc/ssl/flanneld/flanneld.pem \
  -etcd-keyfile=/etc/ssl/flanneld/flanneld-key.pem \
  -etcd-endpoints=https://192.168.115.5:2379,https://192.168.115.6:2379,https://192.168.115.7:2379 \
  -etcd-prefix=/kubernetes/network
ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
Restart=on-failure

[Install]
WantedBy=multi-user.target
RequiredBy=docker.service

# systemctl daemon-reload
# systemctl start flanneld 
# systemctl status flanneld -l

将flannel二进制程序文件和证书文件复制到vm2和vm3

# cd /usr/lib/systemd/system/
# scp flanneld.service  vm2:$(pwd)
# scp flanneld.service  vm3:$(pwd)

# scp -rp /etc/ssl/flanneld/ vm2:/etc/ssl/
# scp -rp /etc/ssl/flanneld/ vm3:/etc/ssl/
# scp -rp /usr/local/bin/flanneld  /usr/local/bin/mk-docker-opts.sh  vm2:/usr/local/bin/
# scp -rp /usr/local/bin/flanneld  /usr/local/bin/mk-docker-opts.sh  vm3:/usr/local/bin/

四、验证

# ifconfig flannel.1 && ssh vm2 ifconfig flannel.1  && ssh vm3 ifconfig flannel.1 

# etcdctl \
   --endpoints=${ETCD_ENDPOINTS} \
   --ca-file=/etc/ssl/etcd/ca.pem \
   --cert-file=/etc/ssl/flanneld/flanneld.pem \
   --key-file=/etc/ssl/flanneld/flanneld-key.pem \
 ls ${FLANNEL_ETCD_PREFIX}/subnets