Kubernetesインストールシリーズのネットワークコンポーネント-Flannelインストール設定
18060 ワード
この文章は以下のMasterノードのflannelのインストールと設定方法を整理し,本稿ではスクリプトで固化し,githubのeasypackに内容を置く.
https://blog.csdn.net/liumiaocn/article/details/88413428
flannelの設定ファイル
全体的な操作
flannelの設定ファイル [root@host131 shell]# cat /etc/flannel/flannel.conf
FLANNELD_OPTS="-etcd-cafile=/etc/ssl/ca/ca.pem \
-etcd-certfile=/etc/ssl/flannel/flanneld.pem \
-etcd-keyfile=/etc/ssl/flannel/flanneld-key.pem \
-etcd-endpoints=https://192.168.163.131:2379 \
-etcd-prefix=/coreos.com/network \
-iface=enp0s3 \
-ip-masq"
[root@host131 shell]#
Systemdサービスプロファイル [root@host131 shell]# cat /usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld Service
Documentation=https://github.com/coreos/flannel
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service
[Service]
EnvironmentFile=-/etc/flannel/flannel.conf
ExecStart=/usr/local/bin/flanneld $FLANNELD_OPTS
ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
Restart=on-failure
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
[root@host131 shell]#
スクリプトの例 [root@host131 shell]# cat step6-install-flannel.sh
#!/bin/sh
. ./install.cfg
# set cfssl tools in search path
chmod 755 ${ENV_HOME_CFSSL}/*
if [ $? -ne 0 ]; then
echo "prepare downloaded cfssl tools in ${ENV_HOME_CFSSL} in advance"
exit
fi
export PATH=${ENV_HOME_CFSSL}:$PATH
mkdir -p ${ENV_SSL_FLANNEL_DIR}
cd ${ENV_SSL_FLANNEL_DIR}
if [ $? -ne 0 ]; then
echo "failed to create dir :${ENV_SSL_FLANNEL_DIR}"
exit
fi
cat > ${ENV_SSL_FLANNEL_CSR} <<EOF
{
"CN": "${ENV_SSL_FLANNEL_CSR_CN}",
"hosts": [],
"key": {
"algo": "${ENV_SSL_KEY_ALGO}",
"size": ${ENV_SSL_KEY_SIZE}
},
"names": [
{
"C": "${ENV_SSL_NAMES_C}",
"ST": "${ENV_SSL_NAMES_L}",
"L": "${ENV_SSL_NAMES_ST}",
"O": "${ENV_SSL_NAMES_O}",
"OU": "${ENV_SSL_NAMES_OU}"
}
]
}
EOF
cfssl gencert -ca=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \
-ca-key=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_KEY} \
-config=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_CONFIG} \
-profile=${ENV_SSL_PROFILE_K8S} ${ENV_SSL_FLANNEL_CSR} | cfssljson -bare ${ENV_SSL_FLANNEL_CERT_PRIFIX}
ls ${ENV_SSL_FLANNEL_DIR}/*pem
ETCD_ENDPOINTS=`echo ${ENV_ETCD_HOSTS} |awk -v port=${ENV_ETCD_CLIENT_PORT} -F" " '{
for(cnt=1; cnt$cnt ,port);
}
printf("https://%s:%s",$cnt,port);
}'`
# flannel v0.10 : not support etcd v3
ETCDCTL_API=2 etcdctl \
--endpoints=${ETCD_ENDPOINTS} \
--ca-file=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \
--cert-file=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}.pem \
--key-file=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}-key.pem \
set ${ENV_FLANNEL_ETCD_NETWORK_PREFIX}/config '{"Network":"'${ENV_KUBE_OPT_CLUSTER_IP_RANGE}'", "SubnetLen": 21, "Backend": {"Type": "vxlan"}}'
echo -e "
## flanneld service"
systemctl stop flanneld 2>/dev/null
mkdir -p ${ENV_FLANNEL_DIR_BIN} ${ENV_FLANNEL_DIR_ETC} ${ENV_FLANNEL_DIR_RUN}
chmod 755 ${ENV_HOME_FLANNEL}/{flanneld,mk-docker-opts.sh}
cp -p ${ENV_HOME_FLANNEL}/{flanneld,mk-docker-opts.sh} ${ENV_FLANNEL_DIR_BIN}
if [ $? -ne 0 ]; then
echo "please check flanneld binary file and mk-docker-opts.sh existed in ${ENV_HOME_FLANNEL}/ or not"
exit
fi
# create flannel configuration file
cat >${ENV_FLANNEL_DIR_ETC}/${ENV_FLANNEL_ETC} <<EOF
FLANNELD_OPTS="-etcd-cafile=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \\
-etcd-certfile=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}.pem \\
-etcd-keyfile=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}-key.pem \\
-etcd-endpoints=${ETCD_ENDPOINTS} \\
-etcd-prefix=${ENV_FLANNEL_ETCD_NETWORK_PREFIX} \\
-iface=${ENV_FLANNEL_OPT_IFACE} \\
-ip-masq"
EOF
# Create flannel service.
cat >${ENV_FLANNEL_SERVICE} <<EOF
[Unit]
Description=Flanneld Service
Documentation=https://github.com/coreos/flannel
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service
[Service]
EnvironmentFile=-${ENV_FLANNEL_DIR_ETC}/${ENV_FLANNEL_ETC}
ExecStart=${ENV_FLANNEL_DIR_BIN}/flanneld \$FLANNELD_OPTS
ExecStartPost=${ENV_FLANNEL_DIR_BIN}/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d ${ENV_FLANNEL_DIR_RUN}/docker
Restart=on-failure
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
EOF
echo -e "
## daemon reload service "
systemctl daemon-reload
echo -e "
## start flannel service "
systemctl start flanneld
echo -e "
## enable flannel service "
systemctl enable flanneld
echo -e "
## check flannel status"
systemctl status flanneld
[root@host131 shell]#
実行例 [root@host131 shell]# sh step6-install-flannel.sh
2019/03/24 13:37:03 [INFO] generate received request
2019/03/24 13:37:03 [INFO] received CSR
2019/03/24 13:37:03 [INFO] generating key: rsa-2048
2019/03/24 13:37:04 [INFO] encoded CSR
2019/03/24 13:37:04 [INFO] signed certificate with serial number 652274714063907134614492461596477882158874665465
2019/03/24 13:37:04 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
/etc/ssl/flannel/flanneld-key.pem /etc/ssl/flannel/flanneld.pem
{"Network":"172.200.0.0/16", "SubnetLen": 21, "Backend": {"Type": "vxlan"}}
## flanneld service
## daemon reload service
## start flannel service
## enable flannel service
## check flannel status
● flanneld.service - Flanneld Service
Loaded: loaded (/usr/lib/systemd/system/flanneld.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-03-24 13:37:04 CST; 266ms ago
Docs: https://github.com/coreos/flannel
Main PID: 14887 (flanneld)
CGroup: /system.slice/flanneld.service
└─14887 /usr/local/bin/flanneld -etcd-cafile=/etc/ssl/ca/ca.pem -etcd-certfile=/etc/ssl/flannel/flanneld.pem -etcd-keyfile=/etc/ssl/flannel/fla...
Mar 24 13:37:04 host131 systemd[1]: Starting Flanneld Service...
Mar 24 13:37:04 host131 systemd[1]: Started Flanneld Service.
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.868581 14887 main.go:488] Using interface with name enp0s3 and address 192.168.163.131
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.868911 14887 main.go:505] Defaulting external address to interface address (192.168.163.131)
Mar 24 13:37:04 host131 flanneld[14887]: warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.886022 14887 main.go:235] Created subnet manager: Etcd Local Manager with Previous Subnet: None
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.886039 14887 main.go:238] Installing signal handlers
[root@host131 shell]#
flannel設定後は各nodeノードがipを統一的に管理し,異なるコンテナ間の相互接続が可能となり,もちろんcalicoなども同様の役割を果たす.
[root@host131 shell]# cat /etc/flannel/flannel.conf
FLANNELD_OPTS="-etcd-cafile=/etc/ssl/ca/ca.pem \
-etcd-certfile=/etc/ssl/flannel/flanneld.pem \
-etcd-keyfile=/etc/ssl/flannel/flanneld-key.pem \
-etcd-endpoints=https://192.168.163.131:2379 \
-etcd-prefix=/coreos.com/network \
-iface=enp0s3 \
-ip-masq"
[root@host131 shell]#
[root@host131 shell]# cat /usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld Service
Documentation=https://github.com/coreos/flannel
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service
[Service]
EnvironmentFile=-/etc/flannel/flannel.conf
ExecStart=/usr/local/bin/flanneld $FLANNELD_OPTS
ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
Restart=on-failure
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
[root@host131 shell]#
スクリプトの例 [root@host131 shell]# cat step6-install-flannel.sh
#!/bin/sh
. ./install.cfg
# set cfssl tools in search path
chmod 755 ${ENV_HOME_CFSSL}/*
if [ $? -ne 0 ]; then
echo "prepare downloaded cfssl tools in ${ENV_HOME_CFSSL} in advance"
exit
fi
export PATH=${ENV_HOME_CFSSL}:$PATH
mkdir -p ${ENV_SSL_FLANNEL_DIR}
cd ${ENV_SSL_FLANNEL_DIR}
if [ $? -ne 0 ]; then
echo "failed to create dir :${ENV_SSL_FLANNEL_DIR}"
exit
fi
cat > ${ENV_SSL_FLANNEL_CSR} <<EOF
{
"CN": "${ENV_SSL_FLANNEL_CSR_CN}",
"hosts": [],
"key": {
"algo": "${ENV_SSL_KEY_ALGO}",
"size": ${ENV_SSL_KEY_SIZE}
},
"names": [
{
"C": "${ENV_SSL_NAMES_C}",
"ST": "${ENV_SSL_NAMES_L}",
"L": "${ENV_SSL_NAMES_ST}",
"O": "${ENV_SSL_NAMES_O}",
"OU": "${ENV_SSL_NAMES_OU}"
}
]
}
EOF
cfssl gencert -ca=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \
-ca-key=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_KEY} \
-config=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_CONFIG} \
-profile=${ENV_SSL_PROFILE_K8S} ${ENV_SSL_FLANNEL_CSR} | cfssljson -bare ${ENV_SSL_FLANNEL_CERT_PRIFIX}
ls ${ENV_SSL_FLANNEL_DIR}/*pem
ETCD_ENDPOINTS=`echo ${ENV_ETCD_HOSTS} |awk -v port=${ENV_ETCD_CLIENT_PORT} -F" " '{
for(cnt=1; cnt$cnt ,port);
}
printf("https://%s:%s",$cnt,port);
}'`
# flannel v0.10 : not support etcd v3
ETCDCTL_API=2 etcdctl \
--endpoints=${ETCD_ENDPOINTS} \
--ca-file=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \
--cert-file=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}.pem \
--key-file=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}-key.pem \
set ${ENV_FLANNEL_ETCD_NETWORK_PREFIX}/config '{"Network":"'${ENV_KUBE_OPT_CLUSTER_IP_RANGE}'", "SubnetLen": 21, "Backend": {"Type": "vxlan"}}'
echo -e "
## flanneld service"
systemctl stop flanneld 2>/dev/null
mkdir -p ${ENV_FLANNEL_DIR_BIN} ${ENV_FLANNEL_DIR_ETC} ${ENV_FLANNEL_DIR_RUN}
chmod 755 ${ENV_HOME_FLANNEL}/{flanneld,mk-docker-opts.sh}
cp -p ${ENV_HOME_FLANNEL}/{flanneld,mk-docker-opts.sh} ${ENV_FLANNEL_DIR_BIN}
if [ $? -ne 0 ]; then
echo "please check flanneld binary file and mk-docker-opts.sh existed in ${ENV_HOME_FLANNEL}/ or not"
exit
fi
# create flannel configuration file
cat >${ENV_FLANNEL_DIR_ETC}/${ENV_FLANNEL_ETC} <<EOF
FLANNELD_OPTS="-etcd-cafile=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \\
-etcd-certfile=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}.pem \\
-etcd-keyfile=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}-key.pem \\
-etcd-endpoints=${ETCD_ENDPOINTS} \\
-etcd-prefix=${ENV_FLANNEL_ETCD_NETWORK_PREFIX} \\
-iface=${ENV_FLANNEL_OPT_IFACE} \\
-ip-masq"
EOF
# Create flannel service.
cat >${ENV_FLANNEL_SERVICE} <<EOF
[Unit]
Description=Flanneld Service
Documentation=https://github.com/coreos/flannel
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service
[Service]
EnvironmentFile=-${ENV_FLANNEL_DIR_ETC}/${ENV_FLANNEL_ETC}
ExecStart=${ENV_FLANNEL_DIR_BIN}/flanneld \$FLANNELD_OPTS
ExecStartPost=${ENV_FLANNEL_DIR_BIN}/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d ${ENV_FLANNEL_DIR_RUN}/docker
Restart=on-failure
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
EOF
echo -e "
## daemon reload service "
systemctl daemon-reload
echo -e "
## start flannel service "
systemctl start flanneld
echo -e "
## enable flannel service "
systemctl enable flanneld
echo -e "
## check flannel status"
systemctl status flanneld
[root@host131 shell]#
実行例 [root@host131 shell]# sh step6-install-flannel.sh
2019/03/24 13:37:03 [INFO] generate received request
2019/03/24 13:37:03 [INFO] received CSR
2019/03/24 13:37:03 [INFO] generating key: rsa-2048
2019/03/24 13:37:04 [INFO] encoded CSR
2019/03/24 13:37:04 [INFO] signed certificate with serial number 652274714063907134614492461596477882158874665465
2019/03/24 13:37:04 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
/etc/ssl/flannel/flanneld-key.pem /etc/ssl/flannel/flanneld.pem
{"Network":"172.200.0.0/16", "SubnetLen": 21, "Backend": {"Type": "vxlan"}}
## flanneld service
## daemon reload service
## start flannel service
## enable flannel service
## check flannel status
● flanneld.service - Flanneld Service
Loaded: loaded (/usr/lib/systemd/system/flanneld.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-03-24 13:37:04 CST; 266ms ago
Docs: https://github.com/coreos/flannel
Main PID: 14887 (flanneld)
CGroup: /system.slice/flanneld.service
└─14887 /usr/local/bin/flanneld -etcd-cafile=/etc/ssl/ca/ca.pem -etcd-certfile=/etc/ssl/flannel/flanneld.pem -etcd-keyfile=/etc/ssl/flannel/fla...
Mar 24 13:37:04 host131 systemd[1]: Starting Flanneld Service...
Mar 24 13:37:04 host131 systemd[1]: Started Flanneld Service.
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.868581 14887 main.go:488] Using interface with name enp0s3 and address 192.168.163.131
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.868911 14887 main.go:505] Defaulting external address to interface address (192.168.163.131)
Mar 24 13:37:04 host131 flanneld[14887]: warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.886022 14887 main.go:235] Created subnet manager: Etcd Local Manager with Previous Subnet: None
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.886039 14887 main.go:238] Installing signal handlers
[root@host131 shell]#
flannel設定後は各nodeノードがipを統一的に管理し,異なるコンテナ間の相互接続が可能となり,もちろんcalicoなども同様の役割を果たす.
[root@host131 shell]# cat step6-install-flannel.sh
#!/bin/sh
. ./install.cfg
# set cfssl tools in search path
chmod 755 ${ENV_HOME_CFSSL}/*
if [ $? -ne 0 ]; then
echo "prepare downloaded cfssl tools in ${ENV_HOME_CFSSL} in advance"
exit
fi
export PATH=${ENV_HOME_CFSSL}:$PATH
mkdir -p ${ENV_SSL_FLANNEL_DIR}
cd ${ENV_SSL_FLANNEL_DIR}
if [ $? -ne 0 ]; then
echo "failed to create dir :${ENV_SSL_FLANNEL_DIR}"
exit
fi
cat > ${ENV_SSL_FLANNEL_CSR} <<EOF
{
"CN": "${ENV_SSL_FLANNEL_CSR_CN}",
"hosts": [],
"key": {
"algo": "${ENV_SSL_KEY_ALGO}",
"size": ${ENV_SSL_KEY_SIZE}
},
"names": [
{
"C": "${ENV_SSL_NAMES_C}",
"ST": "${ENV_SSL_NAMES_L}",
"L": "${ENV_SSL_NAMES_ST}",
"O": "${ENV_SSL_NAMES_O}",
"OU": "${ENV_SSL_NAMES_OU}"
}
]
}
EOF
cfssl gencert -ca=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \
-ca-key=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_KEY} \
-config=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_CONFIG} \
-profile=${ENV_SSL_PROFILE_K8S} ${ENV_SSL_FLANNEL_CSR} | cfssljson -bare ${ENV_SSL_FLANNEL_CERT_PRIFIX}
ls ${ENV_SSL_FLANNEL_DIR}/*pem
ETCD_ENDPOINTS=`echo ${ENV_ETCD_HOSTS} |awk -v port=${ENV_ETCD_CLIENT_PORT} -F" " '{
for(cnt=1; cnt$cnt ,port);
}
printf("https://%s:%s",$cnt,port);
}'`
# flannel v0.10 : not support etcd v3
ETCDCTL_API=2 etcdctl \
--endpoints=${ETCD_ENDPOINTS} \
--ca-file=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \
--cert-file=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}.pem \
--key-file=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}-key.pem \
set ${ENV_FLANNEL_ETCD_NETWORK_PREFIX}/config '{"Network":"'${ENV_KUBE_OPT_CLUSTER_IP_RANGE}'", "SubnetLen": 21, "Backend": {"Type": "vxlan"}}'
echo -e "
## flanneld service"
systemctl stop flanneld 2>/dev/null
mkdir -p ${ENV_FLANNEL_DIR_BIN} ${ENV_FLANNEL_DIR_ETC} ${ENV_FLANNEL_DIR_RUN}
chmod 755 ${ENV_HOME_FLANNEL}/{flanneld,mk-docker-opts.sh}
cp -p ${ENV_HOME_FLANNEL}/{flanneld,mk-docker-opts.sh} ${ENV_FLANNEL_DIR_BIN}
if [ $? -ne 0 ]; then
echo "please check flanneld binary file and mk-docker-opts.sh existed in ${ENV_HOME_FLANNEL}/ or not"
exit
fi
# create flannel configuration file
cat >${ENV_FLANNEL_DIR_ETC}/${ENV_FLANNEL_ETC} <<EOF
FLANNELD_OPTS="-etcd-cafile=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} \\
-etcd-certfile=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}.pem \\
-etcd-keyfile=${ENV_SSL_FLANNEL_DIR}/${ENV_SSL_FLANNEL_CERT_PRIFIX}-key.pem \\
-etcd-endpoints=${ETCD_ENDPOINTS} \\
-etcd-prefix=${ENV_FLANNEL_ETCD_NETWORK_PREFIX} \\
-iface=${ENV_FLANNEL_OPT_IFACE} \\
-ip-masq"
EOF
# Create flannel service.
cat >${ENV_FLANNEL_SERVICE} <<EOF
[Unit]
Description=Flanneld Service
Documentation=https://github.com/coreos/flannel
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service
[Service]
EnvironmentFile=-${ENV_FLANNEL_DIR_ETC}/${ENV_FLANNEL_ETC}
ExecStart=${ENV_FLANNEL_DIR_BIN}/flanneld \$FLANNELD_OPTS
ExecStartPost=${ENV_FLANNEL_DIR_BIN}/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d ${ENV_FLANNEL_DIR_RUN}/docker
Restart=on-failure
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
EOF
echo -e "
## daemon reload service "
systemctl daemon-reload
echo -e "
## start flannel service "
systemctl start flanneld
echo -e "
## enable flannel service "
systemctl enable flanneld
echo -e "
## check flannel status"
systemctl status flanneld
[root@host131 shell]#
[root@host131 shell]# sh step6-install-flannel.sh
2019/03/24 13:37:03 [INFO] generate received request
2019/03/24 13:37:03 [INFO] received CSR
2019/03/24 13:37:03 [INFO] generating key: rsa-2048
2019/03/24 13:37:04 [INFO] encoded CSR
2019/03/24 13:37:04 [INFO] signed certificate with serial number 652274714063907134614492461596477882158874665465
2019/03/24 13:37:04 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
/etc/ssl/flannel/flanneld-key.pem /etc/ssl/flannel/flanneld.pem
{"Network":"172.200.0.0/16", "SubnetLen": 21, "Backend": {"Type": "vxlan"}}
## flanneld service
## daemon reload service
## start flannel service
## enable flannel service
## check flannel status
● flanneld.service - Flanneld Service
Loaded: loaded (/usr/lib/systemd/system/flanneld.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-03-24 13:37:04 CST; 266ms ago
Docs: https://github.com/coreos/flannel
Main PID: 14887 (flanneld)
CGroup: /system.slice/flanneld.service
└─14887 /usr/local/bin/flanneld -etcd-cafile=/etc/ssl/ca/ca.pem -etcd-certfile=/etc/ssl/flannel/flanneld.pem -etcd-keyfile=/etc/ssl/flannel/fla...
Mar 24 13:37:04 host131 systemd[1]: Starting Flanneld Service...
Mar 24 13:37:04 host131 systemd[1]: Started Flanneld Service.
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.868581 14887 main.go:488] Using interface with name enp0s3 and address 192.168.163.131
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.868911 14887 main.go:505] Defaulting external address to interface address (192.168.163.131)
Mar 24 13:37:04 host131 flanneld[14887]: warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.886022 14887 main.go:235] Created subnet manager: Etcd Local Manager with Previous Subnet: None
Mar 24 13:37:04 host131 flanneld[14887]: I0324 13:37:04.886039 14887 main.go:238] Installing signal handlers
[root@host131 shell]#
flannel設定後は各nodeノードがipを統一的に管理し,異なるコンテナ間の相互接続が可能となり,もちろんcalicoなども同様の役割を果たす.