容器中跨主机的网络方案-flannel

容器中的网络是建立docker集群的重要内容。

本文将介绍如何用flannel实现容器的多节点互通。

下图是flannel的实现原理,摘自:

http://docker-k8s-lab.readthedocs.io/en/latest/docker/docker-flannel.html

本文有两台VM,一台是主节点,将安装docker、etcd、flannel,第二台是docker的工作节点,将安装docker、flannel。具体步骤如下:

一 安装

1 node1

node1 将安装docker、etcd和flannel 

yum install docker  etcd flannel -y

2 node2

node2 安装docker、flannel 

yum install docker flannel -y

二 配置启动etcd

1 配置

配置etcd: 

vim /etc/etcd/etcd.conf

ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" #这个参数是指明对外提供服务的地址和端口。0.0.0.0表示所有接口都可以提供服务
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.235.128:2379" #这个参数表明,其他etcd节点转发本节点的链接

2 启动

启动etcd 

systemctl start etcd

三 在etcd中增加flannel网络的kv值

通过etcdctl命令增加flannel网络配置的kv值,需要先将配置写入a.json文件:

复制代码
etcdctl set /flannel/network/config < ./a.json
{"Network": "10.0.0.0/8",
"SubnetLen": 20,
"SubnetMin": "10.10.0.0",
"SubnetMax": "10.99.0.0",
"Backend": {"Type": "vxlan",
        "VNI": 100,
        "Port": 8472}
}
复制代码

四 配置flannel

1 配置flannel配置文件

两个node配置相同:

准备log目录 

mkdir /var/log/k8s/flannel
chmod 777 -R /var/log/k8s

编辑flannel配置 

vim /etc/sysconfig/flanneld

FLANNEL_ETCD_ENDPOINTS="http://192.168.235.128:2379" #etcd的ip地址和端口
FLANNEL_ETCD_PREFIX="/flannel/network" #和刚才在etcd中配置相对应
FLANNEL_OPTIONS="--logtostderr=false --log_dir=/var/log/k8s/flannel/ --iface=eno16777736" #log和在哪个端口enable flannel

2 启动flannel 

systemctl start flanneld

3 检查端口信息

此时检查ifconfig

复制代码
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
    inet 172.18.0.1 netmask 255.255.240.0 broadcast 0.0.0.0
    ……

eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.235.128 netmask 255.255.255.0 broadcast 192.168.235.255
    ……

flannel.100: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
    inet 10.10.48.0 netmask 255.255.255.255 broadcast 0.0.0.0
    ……
复制代码

可以看到产生了一个flannel.100的端口。

4 配置docker0的地址

对docker0端口进行配置,使docker0采用flannel分配的地址段: 

source /run/flannel/subnet.env
echo ${FLANNEL_SUBNET}
ifconfig docker0 ${FLANNEL_SUBNET}

可以看到docker0在flannel.100的网段中了:

复制代码
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
    inet 10.10.48.1 netmask 255.255.240.0 broadcast 0.0.0.0
    ......

eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.235.128 netmask 255.255.255.0 broadcast 192.168.235.255
    ......

flannel.100: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
    inet 10.10.48.0 netmask 255.255.255.255 broadcast 0.0.0.0 
    ......
复制代码

五 配置ip forward

1 配置iptables

配置iptables设置允许forward 

iptables -P FORWARD ACCEPT

2 配置sysctl文件 

vim /etc/sysctl.conf                   

net.ipv4.ip_forward=1              
sysctl –p

六 重新启动docker

两个node上的docker都重新启动

systemctl restart docker

七 检查

1 启动容器

docker01上: 

docker run -d --name c01 httpd

docker02上: 

docker run -d --name c02 httpd

2 检查网络联通性

在docker01上: 

docker exec -it c01 bash 
root@d0a04613f4d9:/usr/local/apache2# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
11: eth0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
link/ether 02:42:0a:0a:30:02 brd ff:ff:ff:ff:ff:ff
inet 10.10.48.2/20 scope global eth0

可以看到eth的地址10.10.48.2是flannel.100的网段 

ping www.sina.com.cn

PING spool.grid.sinaedge.com (202.102.94.124) 56(84) bytes of data.
64 bytes from 202.102.94.124: icmp_seq=1 ttl=127 time=11.3 ms
64 bytes from 202.102.94.124: icmp_seq=2 ttl=127 time=11.9 ms
64 bytes from 202.102.94.124: icmp_seq=3 ttl=127 time=11.6 ms

在docker02上: 

root@60973d570c81:/usr/local/apache2# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
link/ether 02:42:0a:0b:b0:02 brd ff:ff:ff:ff:ff:ff
inet 10.11.176.2/20 scope global eth0

相同的,10.11.176.2是flannel分配的地址

相互ping: 

ping 10.10.48.2

PING 10.10.48.2 (10.10.48.2) 56(84) bytes of data.
64 bytes from 10.10.48.2: icmp_seq=1 ttl=62 time=1.64 ms
64 bytes from 10.10.48.2: icmp_seq=2 ttl=62 time=1.32 ms
64 bytes from 10.10.48.2: icmp_seq=3 ttl=62 time=1.07 ms
64 bytes from 10.10.48.2: icmp_seq=4 ttl=62 time=1.39 ms

可以相互ping通

 

总结

通过flannel可以实现多节点的docker互通。

 

 

   

 

posted @   衡子  阅读(515)  评论(0编辑  收藏  举报
点击右上角即可分享
微信分享提示