生成证书

cd /usr/local/src/sslvim flanneld-csr.json{  "CN": "flanneld",  "hosts": [],  "key": {    "algo": "rsa",    "size": 2048  },  "names": [    {      "C": "CN",      "ST": "BeiJing",      "L": "BeiJing",      "O": "k8s",      "OU": "System"    }  ]}cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \   -ca-key=/opt/kubernetes/ssl/ca-key.pem \   -config=/opt/kubernetes/ssl/ca-config.json \   -profile=kubernetes flanneld-csr.json | cfssljson -bare flanneld   cp flanneld.pem flanneld-key.pem /opt/kubernetes/ssl/cp flanneld.pem flanneld-key.pem 192.168.56.11/opt/kubernetes/ssl/scp flanneld.pem flanneld-key.pem 192.168.56.12:/opt/kubernetes/ssl/下载Flannel软件包cd /usr/local/srcwget  https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gztar zxf flannel-v0.10.0-linux-amd64.tar.gzcp flanneld mk-docker-opts.sh /opt/kubernetes/bin/scp flanneld mk-docker-opts.sh 192.168.56.11:/opt/kubernetes/bin/scp flanneld mk-docker-opts.sh 192.168.56.12:/opt/kubernetes/bin/cd /usr/local/src/kubernetes/cluster/centos/node/bin/   ##官网kubernetes页面可以下载https://github.com/kubernetes/cp remove-docker0.sh /opt/kubernetes/bin/scp remove-docker0.sh 192.168.56.11:/opt/kubernetes/bin/scp remove-docker0.sh 192.168.56.12:/opt/kubernetes/bin/vim /opt/kubernetes/cfg/flannelFLANNEL_ETCD="-etcd-endpoints=https://192.168.56.10:2379,https://192.168.56.11:2379,https://192.168.56.12:2379"FLANNEL_ETCD_KEY="-etcd-prefix=/kubernetes/network"FLANNEL_ETCD_CAFILE="--etcd-cafile=/opt/kubernetes/ssl/ca.pem"FLANNEL_ETCD_CERTFILE="--etcd-certfile=/opt/kubernetes/ssl/flanneld.pem"FLANNEL_ETCD_KEYFILE="--etcd-keyfile=/opt/kubernetes/ssl/flanneld-key.pem"scp /opt/kubernetes/cfg/flannel 192.168.56.11:/opt/kubernetes/cfg/scp /opt/kubernetes/cfg/flannel 192.168.56.12:/opt/kubernetes/cfg/vim /usr/lib/systemd/system/flannel.service[Unit]Description=Flanneld overlay address etcd agentAfter=network.targetBefore=docker.service[Service]EnvironmentFile=-/opt/kubernetes/cfg/flannelExecStartPre=/opt/kubernetes/bin/remove-docker0.shExecStart=/opt/kubernetes/bin/flanneld ${FLANNEL_ETCD} ${FLANNEL_ETCD_KEY} ${FLANNEL_ETCD_CAFILE} ${FLANNEL_ETCD_CERTFILE} ${FLANNEL_ETCD_KEYFILE}ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -d /run/flannel/dockerType=notify[Install]WantedBy=multi-user.targetRequiredBy=docker.servicescp /usr/lib/systemd/system/flannel.service 192.168.56.11:/usr/lib/systemd/system/scp /usr/lib/systemd/system/flannel.service 192.168.56.12:/usr/lib/systemd/system/

Flannel CNI集成

cd /usr/local/srcwget mkdir /opt/kubernetes/bin/cni             #所有node 包括mastertar zxf cni-plugins-amd64-v0.7.1.tgz -C /opt/kubernetes/bin/cniscp -r /opt/kubernetes/bin/cni/* 192.168.56.11:/opt/kubernetes/bin/cni/scp -r /opt/kubernetes/bin/cni/* 192.168.56.12:/opt/kubernetes/bin/cni/
创建etcd的key  master节点就行 node也行  创建一次/opt/kubernetes/bin/etcdctl --ca-file /opt/kubernetes/ssl/ca.pem --cert-file /opt/kubernetes/ssl/flanneld.pem --key-file /opt/kubernetes/ssl/flanneld-key.pem \      --no-sync -C https://192.168.56.10:2379,https://192.168.56.11:2379,https://192.168.56.12:2379 \mk /kubernetes/network/config '{ "Network": "10.2.0.0/16", "Backend": { "Type": "vxlan", "VNI": 1 }}' >/dev/null 2>&1
systemctl daemon-reloadsystemctl enable flannelchmod +x /opt/kubernetes/bin/*systemctl start flannelsystemctl status flannel

配置Docker使用Flannel

vim /usr/lib/systemd/system/docker.service
[Unit] #在Unit下面修改After和增加RequiresAfter=network-online.target firewalld.service flannel.serviceWants=network-online.targetRequires=flannel.service[Service] #增加EnvironmentFile=-/run/flannel/docker  $DOCKER_OPTS也是加上去的Type=notifyEnvironmentFile=-/run/flannel/dockerExecStart=/usr/bin/dockerd $DOCKER_OPTS
scp /usr/lib/systemd/system/docker.service 192.168.56.11:/usr/lib/systemd/system/scp /usr/lib/systemd/system/docker.service 192.168.56.12:/usr/lib/systemd/system/
systemctl daemon-reloadsystemctl restart docker

node1测试

docker run -itd   --name bs01  busybox  ping

node2测试

docker run -itd   --name bs01  busybox  ping

1.png

2.png