容器中跨主机的网络方案-flannel
容器中的网络是建立docker集群的重要内容。
本文将介绍如何用flannel实现容器的多节点互通。
下图是flannel的实现原理,摘自:
http://docker-k8s-lab.readthedocs.io/en/latest/docker/docker-flannel.html
本文有两台VM,一台是主节点,将安装docker、etcd、flannel,第二台是docker的工作节点,将安装docker、flannel。具体步骤如下:
一 安装
1 node1
node1 将安装docker、etcd和flannel
yum install docker etcd flannel -y
2 node2
node2 安装docker、flannel
yum install docker flannel -y
二 配置启动etcd
1 配置
配置etcd:
vim /etc/etcd/etcd.conf ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" #这个参数是指明对外提供服务的地址和端口。0.0.0.0表示所有接口都可以提供服务 ETCD_ADVERTISE_CLIENT_URLS="http://192.168.235.128:2379" #这个参数表明,其他etcd节点转发本节点的链接
2 启动
启动etcd
systemctl start etcd
三 在etcd中增加flannel网络的kv值
通过etcdctl命令增加flannel网络配置的kv值,需要先将配置写入a.json文件:
etcdctl set /flannel/network/config < ./a.json {"Network": "10.0.0.0/8", "SubnetLen": 20, "SubnetMin": "10.10.0.0", "SubnetMax": "10.99.0.0", "Backend": {"Type": "vxlan", "VNI": 100, "Port": 8472} }
四 配置flannel
1 配置flannel配置文件
两个node配置相同:
准备log目录
mkdir /var/log/k8s/flannel chmod 777 -R /var/log/k8s
编辑flannel配置
vim /etc/sysconfig/flanneld FLANNEL_ETCD_ENDPOINTS="http://192.168.235.128:2379" #etcd的ip地址和端口 FLANNEL_ETCD_PREFIX="/flannel/network" #和刚才在etcd中配置相对应 FLANNEL_OPTIONS="--logtostderr=false --log_dir=/var/log/k8s/flannel/ --iface=eno16777736" #log和在哪个端口enable flannel
2 启动flannel
systemctl start flanneld
3 检查端口信息
此时检查ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 172.18.0.1 netmask 255.255.240.0 broadcast 0.0.0.0 …… eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.235.128 netmask 255.255.255.0 broadcast 192.168.235.255 …… flannel.100: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 10.10.48.0 netmask 255.255.255.255 broadcast 0.0.0.0 ……
可以看到产生了一个flannel.100的端口。
4 配置docker0的地址
对docker0端口进行配置,使docker0采用flannel分配的地址段:
source /run/flannel/subnet.env echo ${FLANNEL_SUBNET} ifconfig docker0 ${FLANNEL_SUBNET}
可以看到docker0在flannel.100的网段中了:
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 10.10.48.1 netmask 255.255.240.0 broadcast 0.0.0.0 ...... eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.235.128 netmask 255.255.255.0 broadcast 192.168.235.255 ...... flannel.100: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 10.10.48.0 netmask 255.255.255.255 broadcast 0.0.0.0 ......
五 配置ip forward
1 配置iptables
配置iptables设置允许forward
iptables -P FORWARD ACCEPT
2 配置sysctl文件
vim /etc/sysctl.conf net.ipv4.ip_forward=1 sysctl –p
六 重新启动docker
两个node上的docker都重新启动
systemctl restart docker
七 检查
1 启动容器
docker01上:
docker run -d --name c01 httpd
docker02上:
docker run -d --name c02 httpd
2 检查网络联通性
在docker01上:
docker exec -it c01 bash
root@d0a04613f4d9:/usr/local/apache2# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 11: eth0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default link/ether 02:42:0a:0a:30:02 brd ff:ff:ff:ff:ff:ff inet 10.10.48.2/20 scope global eth0
可以看到eth的地址10.10.48.2是flannel.100的网段
ping www.sina.com.cn PING spool.grid.sinaedge.com (202.102.94.124) 56(84) bytes of data. 64 bytes from 202.102.94.124: icmp_seq=1 ttl=127 time=11.3 ms 64 bytes from 202.102.94.124: icmp_seq=2 ttl=127 time=11.9 ms 64 bytes from 202.102.94.124: icmp_seq=3 ttl=127 time=11.6 ms
在docker02上:
root@60973d570c81:/usr/local/apache2# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default link/ether 02:42:0a:0b:b0:02 brd ff:ff:ff:ff:ff:ff inet 10.11.176.2/20 scope global eth0
相同的,10.11.176.2是flannel分配的地址
相互ping:
ping 10.10.48.2 PING 10.10.48.2 (10.10.48.2) 56(84) bytes of data. 64 bytes from 10.10.48.2: icmp_seq=1 ttl=62 time=1.64 ms 64 bytes from 10.10.48.2: icmp_seq=2 ttl=62 time=1.32 ms 64 bytes from 10.10.48.2: icmp_seq=3 ttl=62 time=1.07 ms 64 bytes from 10.10.48.2: icmp_seq=4 ttl=62 time=1.39 ms
可以相互ping通
总结:
通过flannel可以实现多节点的docker互通。
