k8s之配置flanneld網絡

Flannel是Overlay網絡的一種，也是將源數據包封裝在另一種網絡包里面進行路由轉發和通信，目前已經支持UDP、VXLAN、AWS VPC和GCE路由等數據轉發方式。

Flannel通過給每台宿主機分配一個子網的方式為容器提供虛擬網絡，它基於Linux TUN/TAP，使用UDP封裝IP包來創建overlay網絡，並借助etcd維護網絡的分配情況。

去官網下載相應二進制包：https://github.com/coreos/flannel/releases

解壓之后得到兩個文件：flanneld和mk-docker-opts.sh

將其復制到flanel的專屬目錄中。這里我們統一放在/opt/kubernetes/bin下面。

通過以下文件來配置flannel的配置文件

cat <<EOF >/opt/kubernetes/cfg/flanneld

FLANNEL_OPTIONS="--etcd-endpoints=${ETCD_ENDPOINTS} \
-etcd-cafile=/opt/kubernetes/ssl/ca.pem \
-etcd-certfile=/opt/kubernetes/ssl/server.pem \
-etcd-keyfile=/opt/kubernetes/ssl/server-key.pem"

EOF

注意：${ETCD_ENDPOINTS} 是etcd各節點路徑，比如：“https://192.168.10.63:2379,https://192.168.10.64:2379,https://192.168.10.65:2379"。這里可以手動填寫上去。

確定無誤之后再用以下文件來配置service啟動文件。

cat <<EOF >/usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network-online.target network.target
Before=docker.service

[Service]
Type=notify
EnvironmentFile=/opt/kubernetes/cfg/flanneld
ExecStart=/opt/kubernetes/bin/flanneld --ip-masq \$FLANNEL_OPTIONS
ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env
Restart=on-failure

[Install]
WantedBy=multi-user.target

EOF

確保證書完整情況下便可啟動flannel了。

啟動完flannel之后還要配置docker使用flannel網絡。

[root@k8s-node01-10 ~]# cat /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
#ExecStart=/usr/bin/dockerd   （這是原來的，將其注釋或者刪除）
EnvironmentFile=/run/flannel/subnet.env
ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS    （這兩行是替換上面哪一行的，有了這兩行之后docker便可以使用flannel網絡來）
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

重啟一下docker即可使用flannel網絡。