容器中的網路是建立docker叢集的重要內容。
本文將介紹如何用flannel實現容器的多節點互通。
下圖是flannel的實現原理,摘自:
http://docker-k8s-lab.readthedocs.io/en/latest/docker/docker-flannel.html
本文有兩臺VM,一臺是主節點,將安裝docker、etcd、flannel,第二臺是docker的工作節點,將安裝docker、flannel。具體步驟如下:
一 安裝
1 node1
node1 將安裝docker、etcd和flannel
yum install docker etcd flannel -y
2 node2
node2 安裝docker、flannel
yum install docker flannel -y
二 配置啟動etcd
1 配置
配置etcd:
vim /etc/etcd/etcd.conf ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" #這個引數是指明對外提供服務的地址和埠。0.0.0.0表示所有介面都可以提供服務 ETCD_ADVERTISE_CLIENT_URLS="http://192.168.235.128:2379" #這個參數列明,其他etcd節點轉發本節點的連結
2 啟動
啟動etcd
systemctl start etcd
三 在etcd中增加flannel網路的kv值
通過etcdctl命令增加flannel網路配置的kv值,需要先將配置寫入a.json檔案:
etcdctl set /flannel/network/config < ./a.json {"Network": "10.0.0.0/8", "SubnetLen": 20, "SubnetMin": "10.10.0.0", "SubnetMax": "10.99.0.0", "Backend": {"Type": "vxlan", "VNI": 100, "Port": 8472} }
四 配置flannel
1 配置flannel配置檔案
兩個node配置相同:
準備log目錄
mkdir /var/log/k8s/flannel chmod 777 -R /var/log/k8s
編輯flannel配置
vim /etc/sysconfig/flanneld FLANNEL_ETCD_ENDPOINTS="http://192.168.235.128:2379" #etcd的ip地址和埠 FLANNEL_ETCD_PREFIX="/flannel/network" #和剛才在etcd中配置相對應 FLANNEL_OPTIONS="--logtostderr=false --log_dir=/var/log/k8s/flannel/ --iface=eno16777736" #log和在哪個埠enable flannel
2 啟動flannel
systemctl start flanneld
3 檢查埠資訊
此時檢查ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 172.18.0.1 netmask 255.255.240.0 broadcast 0.0.0.0 …… eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.235.128 netmask 255.255.255.0 broadcast 192.168.235.255 …… flannel.100: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 10.10.48.0 netmask 255.255.255.255 broadcast 0.0.0.0 ……
可以看到產生了一個flannel.100的埠。
4 配置docker0的地址
對docker0埠進行配置,使docker0採用flannel分配的地址段:
source /run/flannel/subnet.env echo ${FLANNEL_SUBNET} ifconfig docker0 ${FLANNEL_SUBNET}
可以看到docker0在flannel.100的網段中了:
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 10.10.48.1 netmask 255.255.240.0 broadcast 0.0.0.0 ...... eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.235.128 netmask 255.255.255.0 broadcast 192.168.235.255 ...... flannel.100: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 10.10.48.0 netmask 255.255.255.255 broadcast 0.0.0.0 ......
五 配置ip forward
1 配置iptables
配置iptables設定允許forward
iptables -P FORWARD ACCEPT
2 配置sysctl檔案
vim /etc/sysctl.conf net.ipv4.ip_forward=1 sysctl –p
六 重新啟動docker
兩個node上的docker都重新啟動
systemctl restart docker
七 檢查
1 啟動容器
docker01上:
docker run -d --name c01 httpd
docker02上:
docker run -d --name c02 httpd
2 檢查網路聯通性
在docker01上:
docker exec -it c01 bash
root@d0a04613f4d9:/usr/local/apache2# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 11: eth0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default link/ether 02:42:0a:0a:30:02 brd ff:ff:ff:ff:ff:ff inet 10.10.48.2/20 scope global eth0
可以看到eth的地址10.10.48.2是flannel.100的網段
ping www.sina.com.cn PING spool.grid.sinaedge.com (202.102.94.124) 56(84) bytes of data. 64 bytes from 202.102.94.124: icmp_seq=1 ttl=127 time=11.3 ms 64 bytes from 202.102.94.124: icmp_seq=2 ttl=127 time=11.9 ms 64 bytes from 202.102.94.124: icmp_seq=3 ttl=127 time=11.6 ms
在docker02上:
root@60973d570c81:/usr/local/apache2# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default link/ether 02:42:0a:0b:b0:02 brd ff:ff:ff:ff:ff:ff inet 10.11.176.2/20 scope global eth0
相同的,10.11.176.2是flannel分配的地址
相互ping:
ping 10.10.48.2 PING 10.10.48.2 (10.10.48.2) 56(84) bytes of data. 64 bytes from 10.10.48.2: icmp_seq=1 ttl=62 time=1.64 ms 64 bytes from 10.10.48.2: icmp_seq=2 ttl=62 time=1.32 ms 64 bytes from 10.10.48.2: icmp_seq=3 ttl=62 time=1.07 ms 64 bytes from 10.10.48.2: icmp_seq=4 ttl=62 time=1.39 ms
可以相互ping通
總結:
通過flannel可以實現多節點的docker互通。