Docker 使用Calico插件配置网络
一、环境介绍:
1、操作系统:CentOS 7
2、主机结点:node1(192.168.5.251) node2(192.168.5.252) node3(192.168.5.253)
3、软件版本:calicoctl(version v1.6.1) etcdctl(version: 3.2.15) docker(version:17.12.0-ce)
192.168.5.251 node1 安装docker+etcd+calicoctl 192.168.5.252 node2 安装docker+etcd+calicoctl 192.168.5.253 node3 安装docker+etcd+calicoctl [root@node1 ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) 修改三个节点的主机名 (主机名最好和后面ETCD_NAME和calico的NODENAME名称起一样的名,否则最后可能会出现容器之间ping不通的现象) [root@node1 ~]# hostnamectl --static set-hostname node1 [root@node1 ~]# echo "node1" > /etc/hostname [root@node2 ~]# hostnamectl --static set-hostname node2 [root@node2 ~]# echo "node2" > /etc/hostname [root@node3 ~]# hostnamectl --static set-hostname node3 [root@node3 ~]# echo "node3" > /etc/hostname 关闭三台主机的防火墙。若开启iptables防火墙,则需要打开2380端口通信。 [root@node1 ~]# systemctl disable firewalld.service [root@node1 ~]# systemctl stop firewalld.service [root@node1 ~]# iptables -F [root@node1 ~]# firewall-cmd --state not running 在三台机器上都要设置hosts,均执行如下命令: [root@node1 ~]# vim /etc/hosts 192.168.5.251 node1 192.168.5.252 node2 192.168.5.253 node3 三台集机器上的ip转发功能打开 [root@node1 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward [root@node1 ~]# cat /etc/sysctl.conf ...... net.ipv4.conf.all.rp_filter=1 net.ipv4.ip_forward=1 [root@node1 ~]# sysctl -p
二、配置ETCD集群
1、安装EPEL源 http://fedoraproject.org/wiki/EPEL 2、三台结点安装Etcd软件包 [root@node1 ~]# yum install etcd -y 3、三台结点配置ETCD集群模式 [root@node1 ~]# cat /etc/etcd/etcd.conf ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380" ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" # 根据不同主机进行相应修改,分别为node1 node2 node3 ETCD_NAME="node1" # 根据不同主机进行相应修改,分别为192.168.5.251 192.168.5.252 192.168.5.253 ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.5.251:2380" ETCD_ADVERTISE_CLIENT_URLS="http://192.168.5.251:2379" ETCD_INITIAL_CLUSTER="node1=http://192.168.5.251:2380,node2=http://192.168.5.252:2380,node3=http://192.168.5.253:2380" 3、启用Etcd服务,并测试是集群是否配置正确 [root@node1 ~]# systemctl start etcd [root@node1 ~]# export ETCDCTL_API=3 [root@node1 ~]# etcdctl member list 24535a04231931b0, started, node3, http://192.168.5.253:2380, http://192.168.5.253:2379 762f75df97deec48, started, node1, http://192.168.5.251:2380, http://192.168.5.251:2379 7d53f37d27d9c631, started, node2, http://192.168.5.252:2380, http://192.168.5.252:2379
二、 安装Docker,配置使用集群存储
1、安装 Docker https://yq.aliyun.com/articles/110806 2、配置Docker守护程序使用有群集存储 [root@node1 ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://7i5u59ls.mirror.aliyuncs.com"], "cluster-store": "etcd://192.168.5.251:2379" } 3、重启Docker进程,并检查配置是否正确 [root@node1 ~]# systemctl restart docker [root@node1 ~]# docker info | grep "Cluster Store" Cluster Store: etcd://192.168.5.251:2379
三、配置calico基于sysinit方式启动
1、三台主机分别添加calico-node配置文件 [root@node1 calico]# cat /etc/calico/calico.env ETCD_ENDPOINTS="http://192.168.5.251:2379,http://192.168.5.252:2379,http://192.168.5.253:2379" ETCD_CA_FILE="" ETCD_CERT_FILE="" ETCD_KEY_FILE="" # 根据不同主机进行配置,分别为node1 node2 node3 CALICO_NODENAME="node1" CALICO_NO_DEFAULT_POOLS="" CALICO_IP="192.168.5.251" CALICO_IP6="" CALICO_AS="" CALICO_LIBNETWORK_ENABLED=true CALICO_NETWORKING_BACKEND=bird 2、三台主机分别添加calico-node sysinit配置文件 [root@node1 calico]# cat /etc/systemd/system/calico-node.service [Unit] Description=calico-node After=docker.service Requires=docker.service [Service] EnvironmentFile=/etc/calico/calico.env ExecStartPre=-/usr/bin/docker rm -f calico-node ExecStart=/usr/bin/docker run --net=host --privileged \ --name=calico-node \ -e NODENAME=${CALICO_NODENAME} \ -e IP=${CALICO_IP} \ -e IP6=${CALICO_IP6} \ -e CALICO_NETWORKING_BACKEND=${CALICO_NETWORKING_BACKEND} \ -e AS=${CALICO_AS} \ -e NO_DEFAULT_POOLS=${CALICO_NO_DEFAULT_POOLS} \ -e CALICO_LIBNETWORK_ENABLED=${CALICO_LIBNETWORK_ENABLED} \ -e ETCD_ENDPOINTS=${ETCD_ENDPOINTS} \ -e ETCD_CA_CERT_FILE=${ETCD_CA_CERT_FILE} \ -e ETCD_CERT_FILE=${ETCD_CERT_FILE} \ -e ETCD_KEY_FILE=${ETCD_KEY_FILE} \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /var/log/calico:/var/log/calico \ -v /run/docker/plugins:/run/docker/plugins \ -v /lib/modules:/lib/modules \ -v /var/run/calico:/var/run/calico \ calico/node:v2.6.1 ExecStop=-/usr/bin/docker stop calico-node Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target 3、三台主机分别启动calico-node服务 [root@node1 calico]# systemctl daemon-reload [root@node1 calico]# systemctl start calico-node [root@node1 calico]# tail -f /var/log/messages ... Mar 11 12:23:46 node1 docker: Starting libnetwork service Mar 11 12:23:46 node1 docker: Calico node started successfully 4、下载calicoctl二进制文件,并添加执行权限 [root@node1 calico]# wget -O /usr/local/bin/calicoctl https://github.com/projectcalico/calicoctl/releases/download/v1.6.1/calicoctl [root@node1 calico]# chmod +x /usr/local/bin/calicoctl 5、检查calico-node是否正常 [root@node1 calico]# calicoctl node status Calico process is running. IPv4 BGP status +---------------+-------------------+-------+----------+-------------+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +---------------+-------------------+-------+----------+-------------+ | 192.168.5.252 | node-to-node mesh | up | 04:23:50 | Established | | 192.168.5.253 | node-to-node mesh | up | 04:23:50 | Established | +---------------+-------------------+-------+----------+-------------+ IPv6 BGP status No IPv6 peers found. [root@node1 calico]# calicoctl get node NAME node1 node2 node3
三、测试calico网络
1、创建网络 [root@node1 ~]# docker network create --driver calico --ipam-driver calico-ipam net1 #在任意一台主机,都可以看到新增的网络插件 [root@node1 ~]# docker network ls ... 9316f6603268 net1 calico global ... 2、在node1 node2 node3分别建立一个容器,查看IP地址 [root@node1 ~]# docker run --net net1 --name workload-A -tid busybox [root@node1 ~]# docker exec -it workload-A ip addr ... inet 192.168.166.136/32 brd 192.168.166.136 scope global cali0 ... [root@node2 ~]# docker run --net net1 --name workload-B -tid busybox [root@node1 ~]# docker exec -it workload-B ip addr ... inet 192.168.104.2/32 brd 192.168.104.2 scope global cali0 ... [root@node3 ~]# docker run --net net1 --name workload-C -tid busybox [root@node1 ~]# docker exec -it workload-C ip addr ... inet 192.168.135.7/32 brd 192.168.135.7 scope global cali0 ... 3、在node1的容器中(workload-A),ping各结点的容器IP,测试网络是否正常 / # ping 192.168.135.7 PING 192.168.135.7 (192.168.135.7): 56 data bytes 64 bytes from 192.168.135.7: seq=77 ttl=62 time=0.797 ms / # ping 192.168.104.2 PING 192.168.104.2 (192.168.104.2): 56 data bytes 64 bytes from 192.168.104.2: seq=0 ttl=62 time=56.072 ms 4、查看各结点的路由表 [root@node1 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.5.2 0.0.0.0 UG 100 0 0 ens33 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.5.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 192.168.104.0 192.168.5.252 255.255.255.192 UG 0 0 0 ens33 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 192.168.135.0 192.168.5.253 255.255.255.192 UG 0 0 0 ens33 192.168.166.128 0.0.0.0 255.255.255.192 U 0 0 0 * 192.168.166.136 0.0.0.0 255.255.255.255 UH 0 0 0 calia42c5f1e64a [root@node2 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.5.2 0.0.0.0 UG 100 0 0 ens33 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.5.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 192.168.104.0 0.0.0.0 255.255.255.192 U 0 0 0 * 192.168.104.2 0.0.0.0 255.255.255.255 UH 0 0 0 calic7493c5fa1e 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 192.168.135.0 192.168.5.253 255.255.255.192 UG 0 0 0 ens33 192.168.166.128 192.168.5.251 255.255.255.192 UG 0 0 0 ens33 [root@node3 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.5.2 0.0.0.0 UG 100 0 0 ens33 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.5.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 192.168.104.0 192.168.5.252 255.255.255.192 UG 0 0 0 ens33 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 192.168.135.0 0.0.0.0 255.255.255.192 U 0 0 0 * 192.168.135.7 0.0.0.0 255.255.255.255 UH 0 0 0 cali4a45031fc02 192.168.166.128 192.168.5.251 255.255.255.192 UG 0 0 0 ens33
参考 https://www.cnblogs.com/kevingrace/p/6864804.html?utm_source=itdadao&utm_medium=referral
https://my.oschina.net/huangweibin/blog/1632932
乌龟虽然跑的慢但是比兔子长寿啊
