Vagranfile内容如下:
# -*- mode: ruby -*-
# # vi: set ft=ruby :
require 'fileutils'
require 'open-uri'
require 'tempfile'
require 'yaml'
Vagrant.require_version ">= 1.6.0"
$vm_num = 2
$vm_memory = 1024
#$shared_folders = {'./binary' => '/kubernetes'}
$shared_folders = {}
CONFIG = File.expand_path("config.rb")
if File.exist?(CONFIG)
require CONFIG
end
def vmIP(num)
return "172.12.7.#{num+50}"
end
vmIPs = [*1..$vm_num].map{ |i| vmIP(i) }
Vagrant.configure("2") do |config|
# always use Vagrant's insecure key
config.ssh.insert_key = false
config.vm.box = "coreos-alpha-928.0.0"
config.vm.provider :virtualbox do |vb|
vb.cpus = 1
vb.gui = false
end
(1..$vm_num).each do |i|
config.vm.define vm_name = "calico%d" % i do |host|
host.vm.hostname = vm_name
host.vm.provider :virtualbox do |vb|
vb.memory = $vm_memory
end
host.vm.network :private_network, ip: vmIP(i)
end
end
end
配置好config.vm.box,启动两个coreos虚拟机实体,IP地址分配为:172.12.7.51、172.12.7.52
在Vagrant file目录中执行vagrant up启动两台虚拟机
将两台虚拟机etcd组成集群
编写/etc/systemd/system/etcd2.service,其内容如下:
172.12.7.51上的etcd2.service:
[Unit]
Description=etcd
Conflicts=etcd2.service
[Service]
User=etcd
PermissionsStartOnly=true
Environment=ETCD_DATA_DIR=/var/lib/etcd2
Environment=ETCD_NAME=%m
ExecStart=/bin/etcd2 --name=infra0 \
--initial-advertise-peer-urls=http://172.12.7.51:2380 \
--listen-peer-urls=http://172.12.7.51:2380 \
--listen-client-urls=http://172.12.7.51:2379,http://127.0.0.1:2379 \
--advertise-client-urls=http://172.12.7.51:2379 \
--initial-cluster-token=etcd-cluster-1 \
--initial-cluster=infra0=http://172.12.7.51:2380,infra1=http://172.12.7.52:2380 \
--initial-cluster-state=new
Restart=always
RestartSec=10s
LimitNOFILE=40000
172.12.7.52上的etcd2.service:
[Unit]
Description=etcd
Conflicts=etcd2.service
[Service]
User=etcd
PermissionsStartOnly=true
Environment=ETCD_DATA_DIR=/var/lib/etcd2
Environment=ETCD_NAME=%m
ExecStart=/bin/etcd2 --name=infra1 \
--initial-advertise-peer-urls=http://172.12.7.52:2380 \
--listen-peer-urls=http://172.12.7.52:2380 \
--listen-client-urls=http://172.12.7.52:2379,http://127.0.0.1:2379 \
--advertise-client-urls=http://172.12.7.52:2379 \
--initial-cluster-token=etcd-cluster-1 \
--initial-cluster=infra0=http://172.12.7.51:2380,infra1=http://172.12.7.52:2380 \
--initial-cluster-state=new
Restart=always
RestartSec=10s
LimitNOFILE=40000
编写/etc/systemd/system/docker.service,其内容如下:
172.12.7.51上的docker.service:
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=docker.socket early-docker.target network.target etcd2.service
Requires=docker.socket early-docker.target etcd2.service
[Service]
EnvironmentFile=-/run/flannel_docker_opts.env
MountFlags=slave
LimitNOFILE=1048576
LimitNPROC=1048576
ExecStart=/usr/lib/coreos/dockerd daemon --cluster-store=etcd://127.0.0.1:2379 --host=fd:// $DOCKER_OPTS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
[Install]
WantedBy=multi-user.target
172.12.7.52上的docker.service:
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=docker.socket early-docker.target network.target etcd2.service
Requires=docker.socket early-docker.target etcd2.service
[Service]
EnvironmentFile=-/run/flannel_docker_opts.env
MountFlags=slave
LimitNOFILE=1048576
LimitNPROC=1048576
ExecStart=/usr/lib/coreos/dockerd daemon --cluster-store=etcd://127.0.0.1:2379 --host=fd:// $DOCKER_OPTS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
[Install]
WantedBy=multi-user.target
在两台虚拟机上以root用户分别按顺序执行,启动etcd2与docker服务
systemctl daemon-reload
systemctl start etcd2.service
systemctl start docker.service
创建/opt/bin目录
mkdir -p /opt/bin && cd /opt/bin
下载calico客户端工具,并修改为可执行权限
wget http://www.projectcalico.org/latest/calicoctl
chmod +x calicoctl
环境准备完成
在两台虚拟机上分别执行以下命令(此命令将pull calico/node 与calico/node-libnetwork容器):
calicoctl node --libnetwork
当容器pull完成之后,执行docker ps
会看到如下效果:
core@calico2 ~ $ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ab7f0b4889c6 calico/node-libnetwork:v0.7.0 "./start.sh" 46 minutes ago Up 46 minutes calico-libnetwork
5a2f980698db calico/node:v0.15.0 "/sbin/start_runit" 46 minutes ago Up 46 minutes calico-node
创建网络
ipam驱动选择请参考https://github.com/projectcalico/calico-containers/blob/master/docs/calico-with-docker/docker-network-plugin/README.md的Select the IPAM driver章节
创建地址池:calicoctl pool add 192.168.0.0/16
创建三个网络:
docker network create --driver calico --ipam-driver calico net1
docker network create --driver calico --ipam-driver calico net2
docker network create --driver calico --ipam-driver calico net3
在172.12.7.51上执行,(基于net1、net2创建3个容器):
docker run --net net1 --name workload-A -tid busybox
docker run --net net2 --name workload-B -tid busybox
docker run --net net1 --name workload-C -tid busybox
在172.12.7.52上执行(基于net3、net1创建2个容器):
docker run --net net3 --name workload-D -tid busybox
docker run --net net1 --name workload-E -tid busybox
理论上workload-A、workload-C、workload-E互通,其余的都不能互通。
测试workload-A、workload-C之间网络,在172.12.7.51上执行:
docker exec workload-A ping -c 4 workload-C.net1
core@calico1 ~ $ docker exec workload-A ping -c 4 workload-C.net1
PING workload-C.net1 (192.168.0.2): 56 data bytes
64 bytes from 192.168.0.2: seq=0 ttl=63 time=0.069 ms
64 bytes from 192.168.0.2: seq=1 ttl=63 time=0.090 ms
64 bytes from 192.168.0.2: seq=2 ttl=63 time=0.077 ms
64 bytes from 192.168.0.2: seq=3 ttl=63 time=0.062 ms
--- workload-C.net1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.062/0.074/0.090 ms
core@calico1 ~ $ docker exec workload-A ping -c 4 workload-E.net1
PING workload-E.net1 (192.168.0.65): 56 data bytes
64 bytes from 192.168.0.65: seq=0 ttl=62 time=0.894 ms
64 bytes from 192.168.0.65: seq=1 ttl=62 time=0.757 ms
64 bytes from 192.168.0.65: seq=2 ttl=62 time=0.758 ms
64 bytes from 192.168.0.65: seq=3 ttl=62 time=0.764 ms
--- workload-E.net1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.757/0.793/0.894 ms
以上测试验证了猜测workload-A、workload-C、workload-E,如果如果有兴趣可以测试下workload-C、workload-E之间,结果也是一样
测试workload-A与workload-B的网络
docker exec workload-A ping -c 4 `docker inspect --format "{{ .NetworkSettings.Networks.net2.IPAddress }}" workload-B`
core@calico1 ~ $ docker exec workload-A ping -c 4 `docker inspect --format "{{ .NetworkSettings.Networks.net2.IPAddress }}" workload-B`
PING 192.168.0.1 (192.168.0.1): 56 data bytes
--- 192.168.0.1 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
测试workload-A与workload-D的网络
先获取workload-D的ip地址为192.168.0.64,在172.12.7.52上执行:
docker inspect --format "{{ .NetworkSettings.Networks.net3.IPAddress }}" workload-D
core@calico2 ~ $ docker inspect --format "{{ .NetworkSettings.Networks.net3.IPAddress }}" workload-D
192.168.0.64
在172.12.7.51上执行
docker exec workload-A ping -c 4 192.168.0.64
core@calico1 ~ $ docker exec workload-A ping -c 4 192.168.0.64
PING 192.168.0.64 (192.168.0.64): 56 data bytes
--- 192.168.0.64 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
以上测试也在预料之中。