kubernetes集群环境准备工作

本文介绍学习kubernetes的环境相关准备工作，要进行kubernetes集群的学习我们至少需要两台主机，在本例中，我使用了两台VMware虚拟机完成了docker环境和flannel网络的配置工作。
k8s支持丰富的网络插件，通过网络插件实现不同主机上的docker容器网络互联互通，常见的解决方案有openswitch、calico、weave、flannel等

1、环境介绍
操作系统版本：centos linux 7.2 64bit
主机名vm1 IP地址：192.168.115.5/24
主机名vm2 IP地址：192.168.115.6/24

2、安装docker

# yum -y install docker
# rpm -qa |grep docker
docker-forward-journald-1.9.1-25.el7.centos.x86_64
docker-client-1.12.6-11.el7.centos.x86_64
docker-common-1.12.6-11.el7.centos.x86_64
docker-1.12.6-11.el7.centos.x86_64

3、配置docker及image镜像下载加速

# grep -v '^#' /etc/sysconfig/docker |grep -v '^$'
OPTIONS='-g /home/docker -H 0.0.0.0:2375 -H unix:///var/run/docker.sock'
DOCKER_CERT_PATH=/etc/docker

# cat /etc/docker/daemon.json 
{"registry-mirrors": ["https://pee6w651.mirror.aliyuncs.com"],
    "live-restore": false
}

4、安装etcd，并在etcd上配置网络相关的内容。本例中etcd安装在vm1主机上

# yum -y install etcd
# grep -v '^#' /etc/etcd/etcd.conf 
ETCD_NAME=default
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379"
# systemctl start etcd
# systemctl enable etcd 
# etcdctl set /atomic.io/network/config  "{ \"Network\": \"172.16.0.0/16\"}"

5、在vm1和vm2上配置flannel网络

# yum -y install flannel
# grep -v '^#' /etc/sysconfig/flanneld |grep -v '^$'
FLANNEL_ETCD_ENDPOINTS="http://192.168.115.5:2379"
FLANNEL_ETCD_PREFIX="/atomic.io/network"

注意配置文件中的FLANNEL_ETCD_PREFIX值要和前面在etc配置中创建的一致

# cat /usr/lib/systemd/system/docker.service  #注意启动脚本中subnet.env和--bip配置
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target
Wants=docker-storage-setup.service
Requires=docker-cleanup.timer

[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/run/containers/registries.conf
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
EnvironmentFile=-/run/flannel/subnet.env
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd-current \
          --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
          --default-runtime=docker-runc \
          --exec-opt native.cgroupdriver=systemd \
          --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
          --bip=${FLANNEL_SUBNET} --mtu=${FLANNEL_MTU} \
          $OPTIONS \
          $DOCKER_STORAGE_OPTIONS \
          $DOCKER_NETWORK_OPTIONS \
          $ADD_REGISTRY \
          $BLOCK_REGISTRY \
          $INSECURE_REGISTRY\
          $REGISTRIES
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
MountFlags=slave
KillMode=process

[Install]
WantedBy=multi-user.target

# source /run/flannel/subnet.env
# systemctl daemon-reload
# systemctl start flanneld
# systemctl enable flanneld
# systemctl start docker
# systemctl enable docker

6、测试与验证
现在我们完成了docker和flannel网络的准备工作，下面我们开始测试一下docker容器的跨主机互联。
Vm1的路由和docker0、flannel网桥情况

Vm2的路由和docker0、flannel网桥情况

分别在vm1和vm2上下载busybox镜像并启动容器，进行网络互联互通测试。

# docker pull docker.io/busybox
# docker run -idt --name vm1-busybox docker.io/busybox sleep 3600
# docker run -idt --name vm2-busybox docker.io/busybox sleep 3600
# docker exec -it vm1-busybox sh
# ip a
# route -n

# docker exec -it vm2-busybox sh
# ip a
# route -n

在vm1-busybox上测试网络连通性

# ip a |grep 172
# ping 172.16.47.2 -c 3

在vm2-busybox上测试网络连通性

# ip a |grep 172
# ping 172.16.15.5
``

Etcd上验证

# etcdctl ls /atomic.io/network/
# etcdctl ls /atomic.io/network/subnets
# etcdctl get /atomic.io/network/config
# etcdctl get /atomic.io/network/subnets/172.16.15.0-24
# etcdctl get /atomic.io/network/subnets/172.16.47.0-24

参考：
https://coreos.com/flannel/docs/latest/flannel-config.html