码迷,mamicode.com
首页 > 其他好文 > 详细

DOCKER学习_005:Flannel网络配置

时间:2019-11-15 00:11:17      阅读:166      评论:0      收藏:0      [点我收藏+]

标签:cluster   ica   inf   insecure   nerd   snap   vpc   ISE   eth0   

一 简介

  • Flannel是一种基于overlay网络的跨主机容器网络解决方案,也就是将TCP数据包封装在另一种网络包里面进行路由转发和通信,
  • Flannel是CoreOS开发,专门用于docker多机互联的一个工具,让集群中的不同节点主机创建的容器都具有全集群唯一的虚拟ip地址
  • Flannel使用go语言编写

二 Flannel实现原理

2.1原理说明

  • Flannel为每个host分配一个subnet,容器从这个subnet中分配IP,这些IP可以在host间路由,容器间无需使用nat和端口映射即可实现跨主机通信
  • 每个subnet都是从一个更大的IP池中划分的,flannel会在每个主机上运行一个叫flanneld的agent,其职责就是从池子中分配subnet
  • Flannel使用etcd存放网络配置、已分配 的subnet、host的IP等信息
  • Flannel数据包在主机间转发是由backend实现的,目前已经支持UDP、VxLAN、host-gw、AWS VPC和GCE路由等多种backend

2.2 数据转发流程

 技术图片

  1. 容器直接使用目标容器的ip访问,默认通过容器内部的eth0发送出去。
  2. 报文通过veth pair被发送到vethXXX。
  3. vethXXX是直接连接到虚拟交换机docker0的,报文通过虚拟bridge docker0发送出去。
  4. 查找路由表,外部容器ip的报文都会转发到flannel0虚拟网卡,这是一个P2P的虚拟网卡,然后报文就被转发到监听在另一端的flanneld。
  5. flanneld通过etcd维护了各个节点之间的路由表,把原来的报文UDP封装一层,通过配置的iface发送出去。
  6. 报文通过主机之间的网络找到目标主机。
  7. 报文继续往上,到传输层,交给监听在8285端口的flanneld程序处理。
  8. 数据被解包,然后发送给flannel0虚拟网卡。
  9. 查找路由表,发现对应容器的报文要交给docker0。
  10. docker0找到连到自己的容器,把报文发送过去。

三 Flannel安装配置 

3.1 环境准备

节点名称 IP地址 安装软件
docker-server1 192.168.132.131 etcd、flannel、docker
docker-server2 192.168.132.132 flannel、docker

删掉节点的所有容器

[root@docker-server1 ~]# docker ps -aq|xargs docker rm 

[root@docker-server2 ~]# docker ps -aq|xargs docker rm 

3.2 安装etcd

etcd下载地址:https://github.com/coreos/etcd/releases

下载

[root@docker-server1 ~]# wget https://github.com/coreos/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz

[root@docker-server2 ~]# wget https://github.com/coreos/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz

在131上安装etcd和flannel

[root@docker-server1 ~]# tar -xf etcd-v3.3.9-linux-amd64.tar.gz

[root@docker-server1 ~]# cd etcd-v3.3.9-linux-amd64

[root@docker-server1 etcd-v3.3.9-linux-amd64]# ll

total 33992
drwxr-xr-x 11 joy joy     4096 Jul 24  2018 Documentation
-rwxr-xr-x  1 joy joy 18934016 Jul 24  2018 etcd
-rwxr-xr-x  1 joy joy 15809280 Jul 24  2018 etcdctl
-rw-r--r--  1 joy joy    38864 Jul 24  2018 README-etcdctl.md
-rw-r--r--  1 joy joy     7262 Jul 24  2018 README.md
-rw-r--r--  1 joy joy     7855 Jul 24  2018 READMEv2-etcdctl.md

 

[root@docker-server1 etcd-v3.3.9-linux-amd64]# cp etcd*  /usr/bin/

启动命令:

[root@docker-server1 ~]# etcd -name etcd-131 -data-dir /var/lib/etcd --advertise-client-urls http://192.168.132.131:2379,http://127.0.0.1:2379 --listen-client-urls http://192.168.132.131:2379,http://127.0.0.1:2379 

-name:etc取名

-data-dir:定义数据路径

2019-11-09 14:12:36.719599 I | etcdmain: Git SHA: fca8add78
2019-11-09 14:12:36.719603 I | etcdmain: Go Version: go1.10.3
2019-11-09 14:12:36.719606 I | etcdmain: Go OS/Arch: linux/amd64
2019-11-09 14:12:36.719613 I | etcdmain: setting maximum number of CPUs to 4, total number of available CPUs is 4
2019-11-09 14:12:36.720048 I | embed: listening for peers on http://localhost:2380
2019-11-09 14:12:36.720124 I | embed: listening for client requests on 127.0.0.1:2379
2019-11-09 14:12:36.720146 I | embed: listening for client requests on 192.168.132.131:2379
2019-11-09 14:12:36.722745 I | etcdserver: name = etcd-131
2019-11-09 14:12:36.722778 I | etcdserver: data dir = /var/lib/etcd
2019-11-09 14:12:36.722783 I | etcdserver: member dir = /var/lib/etcd/member
2019-11-09 14:12:36.722787 I | etcdserver: heartbeat = 100ms
2019-11-09 14:12:36.722791 I | etcdserver: election = 1000ms
2019-11-09 14:12:36.722794 I | etcdserver: snapshot count = 100000
2019-11-09 14:12:36.722811 I | etcdserver: advertise client URLs = http://127.0.0.1:2379,http://192.168.132.131:2379
2019-11-09 14:12:36.722816 I | etcdserver: initial advertise peer URLs = http://localhost:2380
2019-11-09 14:12:36.722823 I | etcdserver: initial cluster = etcd-131=http://localhost:2380
2019-11-09 14:12:36.725597 I | etcdserver: starting member 8e9e05c52164694d in cluster cdf818194e3a8c32
2019-11-09 14:12:36.725645 I | raft: 8e9e05c52164694d became follower at term 0
2019-11-09 14:12:36.725658 I | raft: newRaft 8e9e05c52164694d [peers: [], term: 0, commit: 0, applied: 0, lastindex: 0, lastterm: 0]
2019-11-09 14:12:36.725663 I | raft: 8e9e05c52164694d became follower at term 1
2019-11-09 14:12:36.731392 W | auth: simple token is not cryptographically signed
2019-11-09 14:12:36.732944 I | etcdserver: starting server... [version: 3.3.9, cluster version: to_be_decided]
2019-11-09 14:12:36.733497 I | etcdserver: 8e9e05c52164694d as single-node; fast-forwarding 9 ticks (election ticks 10)
2019-11-09 14:12:36.734281 I | etcdserver/membership: added member 8e9e05c52164694d [http://localhost:2380] to cluster cdf818194e3a8c32
2019-11-09 14:12:37.635489 I | raft: 8e9e05c52164694d is starting a new election at term 1
2019-11-09 14:12:37.635568 I | raft: 8e9e05c52164694d became candidate at term 2
2019-11-09 14:12:37.635621 I | raft: 8e9e05c52164694d received MsgVoteResp from 8e9e05c52164694d at term 2
2019-11-09 14:12:37.635656 I | raft: 8e9e05c52164694d became leader at term 2
2019-11-09 14:12:37.635676 I | raft: raft.node: 8e9e05c52164694d elected leader 8e9e05c52164694d at term 2
2019-11-09 14:12:37.636216 I | etcdserver: setting up the initial cluster version to 3.3
2019-11-09 14:12:37.637689 N | etcdserver/membership: set the initial cluster version to 3.3
2019-11-09 14:12:37.637846 I | etcdserver/api: enabled capabilities for version 3.3
2019-11-09 14:12:37.637990 I | etcdserver: published {Name:etcd-131 ClientURLs:[http://127.0.0.1:2379 http://192.168.132.131:2379]} to cluster cdf818194e3a8c32
2019-11-09 14:12:37.638099 I | embed: ready to serve client requests
2019-11-09 14:12:37.638861 I | embed: ready to serve client requests
2019-11-09 14:12:37.639056 E | etcdmain: forgot to set Type=notify in systemd service file?
2019-11-09 14:12:37.640375 N | embed: serving insecure client requests on 127.0.0.1:2379, this is strongly discouraged!
2019-11-09 14:12:37.640424 N | embed: serving insecure client requests on 192.168.132.131:2379, this is strongly discouraged!

 

[root@docker-server1 ~]# ps -ef|grep etcd

root      85130  84636  2 14:12 pts/4    00:00:01 etcd -name etcd-131 -data-dir /var/lib/etcd --advertise-client-urls http://192.168.132.131:2379,http://127.0.0.1:2379 --listen-client-urls http://192.168.132.131:2379,http://127.0.0.1:2379

3.3 安装Flannel

flannel下载地址:https://github.com/coreos/flannel/releases

下载

[root@docker-server1 ~]# wget https://github.com/coreos/flannel/releases/download/v0.11.0/flannel-v0.11.0-linux-amd64.tar.gz

[root@docker-server1 ~]# wget https://github.com/coreos/flannel/releases/download/v0.11.0/flannel-v0.11.0-linux-amd64.tar.gz

root@docker-server1 ~]# tar -xf flannel-v0.11.0-linux-amd64.tar.gz 

[root@docker-server1 ~]# cp flanneld /usr/bin/
[root@docker-server1 ~]# cp mk-docker-opts.sh /usr/bin/

添加flannel网络配置信息到etcd:

[root@docker-server1 ~]# etcdctl set /coreos.com/network/config ‘{"Network": "10.0.0.0/16", "SubnetLen": 24, "SubnetMin": "10.0.1.0","SubnetMax": "10.0.20.0", "Backend": {"Type": "vxlan"}}‘

如果不是本机可以加参数:--endpoints http://IP:2379

{"Network": "10.0.0.0/16", "SubnetLen": 24, "SubnetMin": "10.0.1.0","SubnetMax": "10.0.20.0", "Backend": {"Type": "vxlan"}}

Network:用于指定Flannel地址池

SubnetLen:用于指定分配给单个宿主机的docker0的ip段的子网掩码的长度

SubnetMin:用于指定最小能够分配的ip段

SudbnetMax:用于指定最大能够分配的ip段,在上面的示例中,表示每个宿主机可以分配一个24位掩码长度的子网,可以分配的子网从10.0.1.0/24到10.0.20.0/24,也就意味着在这个网段中,最多只能有20台宿主机

Backend:用于指定数据包以什么方式转发,默认为udp模式,host-gw模式性能最好,但不能跨宿主机网络

[root@docker-server1 ~]# etcdctl get /coreos.com/network/config

{"Network": "10.0.0.0/16", "SubnetLen": 24, "SubnetMin": "10.0.1.0","SubnetMax": "10.0.20.0", "Backend": {"Type": "vxlan"}}

 

3.4 启动Flannel

[root@docker-server1 ~]# /usr/bin/flanneld --etcd-endpoints="http://192.168.132.131:2379" --iface=192.168.132.131 --etcd-prefix=/coreos.com/network &

[root@docker-server1 ~]# I1109 15:02:01.696813   86107 main.go:450] Searching for interface using 192.168.132.131
I1109 15:02:01.698311   86107 main.go:527] Using interface with name ens33 and address 192.168.132.131
I1109 15:02:01.698335   86107 main.go:544] Defaulting external address to interface address (192.168.132.131)
I1109 15:02:01.698556   86107 main.go:244] Created subnet manager: Etcd Local Manager with Previous Subnet: 10.0.4.0/24
I1109 15:02:01.698571   86107 main.go:247] Installing signal handlers
I1109 15:02:01.700808   86107 main.go:386] Found network config - Backend type: vxlan
I1109 15:02:01.700880   86107 vxlan.go:120] VXLAN config: VNI=1 Port=0 GBP=false DirectRouting=false
I1109 15:02:01.703889   86107 local_manager.go:147] Found lease (10.0.4.0/24) for current IP (192.168.132.131), reusing
I1109 15:02:01.704954   86107 main.go:317] Wrote subnet file to /run/flannel/subnet.env
I1109 15:02:01.704967   86107 main.go:321] Running backend.
I1109 15:02:01.705791   86107 vxlan_network.go:60] watching for new subnet leases
I1109 15:02:01.709710   86107 main.go:429] Waiting for 22h59m59.994619649s to renew lease

 

[root@docker-server1 ~]# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:91:dd:19 brd ff:ff:ff:ff:ff:ff
    inet 192.168.132.131/24 brd 192.168.132.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::bcf9:af19:a325:e2c7/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:3e:dd:55:81 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 brd 192.168.0.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:3eff:fedd:5581/64 scope link 
       valid_lft forever preferred_lft forever
94: br-b1c2d9c1e522: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:cd:4a:25:4f brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global br-b1c2d9c1e522
       valid_lft forever preferred_lft forever
    inet6 fe80::42:cdff:fe4a:254f/64 scope link 
       valid_lft forever preferred_lft forever
95: br-ec4a8380b2d3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:c9:ba:23:ae brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-ec4a8380b2d3
       valid_lft forever preferred_lft forever
104: br-f42e46889a2a: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:b4:b6:35:7f brd ff:ff:ff:ff:ff:ff
    inet 172.22.16.1/24 brd 172.22.16.255 scope global br-f42e46889a2a
       valid_lft forever preferred_lft forever
    inet6 fe80::42:b4ff:feb6:357f/64 scope link 
       valid_lft forever preferred_lft forever
123: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether 8e:b1:37:26:b0:59 brd ff:ff:ff:ff:ff:ff
    inet 10.0.4.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::8cb1:37ff:fe26:b059/64 scope link 

 

 

[root@docker-server1 ~]# ps -ef |grep flan

root      86107  84636  0 15:02 pts/4    00:00:00 /usr/bin/flanneld --etcd-endpoints=http://192.168.132.131:2379 --iface=192.168.132.131 --etcd-prefix=/coreos.com/network

 

可以使用flannel提供的脚本将subnet.env转写成Docker启动参数,创建好的启动参数默认生成在/run/docker_opts.env文件中:

[root@docker-server1 ~]# mk-docker-opts.sh 

[root@docker-server1 ~]# cat /run/docker_opts.env

DOCKER_OPT_BIP="--bip=10.0.4.1/24"
DOCKER_OPT_IPMASQ="--ip-masq=true"
DOCKER_OPT_MTU="--mtu=1450"
DOCKER_OPTS=" --bip=10.0.4.1/24 --ip-masq=true --mtu=1450"

 

需要把这个文件加到docker的启动项

EnvironmentFile=/run/docker_opts.env
ExecStart=/usr/bin/dockerd  $DOCKER_OPTS  -H fd:// --containerd=/run/containerd/containerd.sock

 

启动docker

[root@docker-server1 ~]# systemctl daemon-reload

[root@docker-server1 ~]# systemctl restart docker

报错

[root@docker-server1 ~]# journalctl -xe -u docker

Nov 09 15:13:52 docker-server1 dockerd[86540]: unable to configure the Docker daemon with file /etc/docker/daemon.json: the following 
Nov 09 15:13:52 docker-server1 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE

 

删除/etc/docker/daemon.json里的bip配置

[root@docker-server1 ~]# systemctl restart docker

To force a start use "systemctl reset-failed docker.service" followed by "systemctl start docker.service" again.

[root@docker-server1 ~]# systemctl restart docker

[root@docker-server1 ~]# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:91:dd:19 brd ff:ff:ff:ff:ff:ff
    inet 192.168.132.131/24 brd 192.168.132.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::bcf9:af19:a325:e2c7/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:3e:dd:55:81 brd ff:ff:ff:ff:ff:ff
    inet 10.0.4.1/24 brd 10.0.4.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:3eff:fedd:5581/64 scope link 
       valid_lft forever preferred_lft forever
94: br-b1c2d9c1e522: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:cd:4a:25:4f brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global br-b1c2d9c1e522
       valid_lft forever preferred_lft forever
    inet6 fe80::42:cdff:fe4a:254f/64 scope link 
       valid_lft forever preferred_lft forever
95: br-ec4a8380b2d3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:c9:ba:23:ae brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-ec4a8380b2d3
       valid_lft forever preferred_lft forever
104: br-f42e46889a2a: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:b4:b6:35:7f brd ff:ff:ff:ff:ff:ff
    inet 172.22.16.1/24 brd 172.22.16.255 scope global br-f42e46889a2a
       valid_lft forever preferred_lft forever
    inet6 fe80::42:b4ff:feb6:357f/64 scope link 
       valid_lft forever preferred_lft forever
123: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether 8e:b1:37:26:b0:59 brd ff:ff:ff:ff:ff:ff
    inet 10.0.4.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::8cb1:37ff:fe26:b059/64 scope link 
       valid_lft forever preferred_lft forever

 

docker0的IP是10.0.4.1

可以看到flannel0网卡的地址和etcd存储的地址一样,这样flannel网络配置完成

Flannel启动过程解析:

  1. 从etcd中获取network的配置信息
  2. 划分subnet,并在etcd中进行注册
  3. 将子网信息记录到/run/flannel/subnet.env中
  4. Flannel必须先于Docker启动

3.5 验证Flannel网络

查看etcd中的数据:

[root@docker-server1 ~]# etcdctl ls /coreos.com/network/subnets

/coreos.com/network/subnets/10.0.4.0-24

3.6 配置Docker

Docker安装完成以后,需要修改其启动参数以使其能够使用flannel进行IP分配,以及网络通讯

在Flannel运行之后,会生成一个环境变量文件,包含了当前主机要使用flannel通讯的相关参数,如下:

[root@docker-server1 ~]# cat /run/flannel/subnet.env

FLANNEL_NETWORK=10.0.0.0/16
FLANNEL_SUBNET=10.0.4.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=false

 

docker-server1相同操作配置flannel,不用安装etcd

[root@docker-server2 ~]# tar -xf flannel-v0.11.0-linux-amd64.tar.gz
[root@docker-server2 ~]# mv flanneld /usr/bin/

[root@docker-server2 ~]# mv mk-docker-opts.sh /usr/bin/

[root@docker-server2 ~]# /usr/bin/flanneld --etcd-endpoints="http://192.168.132.131:2379" --iface=192.168.132.132 --etcd-prefix=/coreos.com/network &

[root@docker-server2 ~]# mk-docker-opts.sh -c

[root@docker-server2 ~]# cat /run/docker_opts.env 

修改docker启动文件,删除daemon.json的bip配置

[root@docker-server2 ~]# systemctl daemon-reload
[root@docker-server2 ~]# systemctl restart docker

[root@docker-server2 ~]# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:63:fd:11 brd ff:ff:ff:ff:ff:ff
    inet 192.168.132.132/24 brd 192.168.132.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::6a92:62ba:1b33:c93d/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:50:67:ff:90 brd ff:ff:ff:ff:ff:ff
    inet 10.0.18.1/24 brd 10.0.18.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:50ff:fe67:ff90/64 scope link 
       valid_lft forever preferred_lft forever
14: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether 62:b9:76:44:bf:32 brd ff:ff:ff:ff:ff:ff
    inet 10.0.18.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::60b9:76ff:fe44:bf32/64 scope link 
       valid_lft forever preferred_lft forever

 

3.7 验证容器互通

[root@docker-server1 ~]# docker run -it busybox

/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
124: eth0@if125: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue 
    link/ether 02:42:0a:00:04:02 brd ff:ff:ff:ff:ff:ff
    inet 10.0.4.2/24 brd 10.0.4.255 scope global eth0
       valid_lft forever preferred_lft forever

 

[root@docker-server2 ~]# docker run -it busybox

/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue 
    link/ether 02:42:0a:00:12:02 brd ff:ff:ff:ff:ff:ff
    inet 10.0.18.2/24 brd 10.0.18.255 scope global eth0
       valid_lft forever preferred_lft forever

 

互ping

192.168.132.131容器
/ # ping 10.0.18.2
PING 10.0.18.2 (10.0.18.2): 56 data bytes
64 bytes from 10.0.18.2: seq=0 ttl=62 time=2.517 ms
64 bytes from 10.0.18.2: seq=1 ttl=62 time=1.058 ms
64 bytes from 10.0.18.2: seq=2 ttl=62 time=1.676 ms
192.168.132.132容器
PING 10.0.4.2 (10.0.4.2): 56 data bytes
64 bytes from 10.0.4.2: seq=0 ttl=62 time=2.606 ms
64 bytes from 10.0.4.2: seq=1 ttl=62 time=1.727 ms

 

两主机的容器可以互通

此时的网络数据包流向如图:

技术图片

 

 

 

3.8 配置backend为host-gwhost-gw bakcend是flannel的另一个backend。与vxlan不同,host-gw不会封装数据包,而是在主机的路由表中创建到其他主机的subnet的路由条目,从而实现容器网络跨主机通信。需要说明的是,host-gw不能跨宿主机网络通信,或者说跨宿主机网络通信需要物理路由支持。
修改etcd如下:

[root@docker-server1 ~]# etcdctl --endpoints http://127.0.0.1:2379 set /coreos.com/network/config ‘{"Network": "10.0.0.0/16", "SubnetLen": 24, "SubnetMin": "10.0.1.0","SubnetMax": "10.0.20.0", "Backend": {"Type": "host-gw"}}‘

{"Network": "10.0.0.0/16", "SubnetLen": 24, "SubnetMin": "10.0.1.0","SubnetMax": "10.0.20.0", "Backend": {"Type": "host-gw"}

重启flanneld与docker:

root@docker-server1 ~]# kill -9 86780

[root@docker-server1 ~]#  /usr/bin/flanneld --etcd-endpoints="http://192.168.132.131:2379" --iface=192.168.132.131 --etcd-prefix=/coreos.com/network &

[root@docker-server1 ~]# systemctl restart docker

3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:3e:dd:55:81 brd ff:ff:ff:ff:ff:ff
    inet 10.0.4.1/24 brd 10.0.4.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:3eff:fedd:5581/64 scope link 
       valid_lft forever preferred_lft forever
123: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether 8e:b1:37:26:b0:59 brd ff:ff:ff:ff:ff:ff
    inet 10.0.4.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::8cb1:37ff:fe26:b059/64 scope link 
       valid_lft forever preferred_lft forever

[root@docker-server2 ~]# kill -9 74050

[root@docker-server2 ~]# /usr/bin/flanneld --etcd-endpoints="http://192.168.132.131:2379" --iface=192.168.132.132 --etcd-prefix=/coreos.com/network &

[root@docker-server2 ~]# systemctl restart docker

[root@docker-server2 ~]# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:63:fd:11 brd ff:ff:ff:ff:ff:ff
    inet 192.168.132.132/24 brd 192.168.132.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::6a92:62ba:1b33:c93d/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:50:67:ff:90 brd ff:ff:ff:ff:ff:ff
    inet 10.0.18.1/24 brd 10.0.18.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:50ff:fe67:ff90/64 scope link 
       valid_lft forever preferred_lft forever
14: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether 62:b9:76:44:bf:32 brd ff:ff:ff:ff:ff:ff
    inet 10.0.18.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::60b9:76ff:fe44:bf32/64 scope link 
       valid_lft forever preferred_lft forever

可以在宿主机上查看到路由条目:

[root@docker-server1 ~]# ip route

default via 192.168.132.2 dev ens33 proto static metric 100 
10.0.0.0/16 dev flannel.1 
10.0.4.0/24 dev docker0 proto kernel scope link src 10.0.4.1 
10.0.18.0/24 via 192.168.132.132 dev ens33 
172.17.0.0/16 dev br-b1c2d9c1e522 proto kernel scope link src 172.17.0.1 
172.18.0.0/16 dev br-ec4a8380b2d3 proto kernel scope link src 172.18.0.1 
172.22.16.0/24 dev br-f42e46889a2a proto kernel scope link src 172.22.16.1 
192.168.132.0/24 dev ens33 proto kernel scope link src 192.168.132.131 metric 100 

 博主声明:本文的内容来源主要来自誉天教育晏威老师,由本人实验完成操作验证,需要的博友请联系誉天教育(http://www.yutianedu.com/),获得官方同意或者晏老师(https://www.cnblogs.com/breezey/)本人同意即可转载,谢谢!

DOCKER学习_005:Flannel网络配置

标签:cluster   ica   inf   insecure   nerd   snap   vpc   ISE   eth0   

原文地址:https://www.cnblogs.com/zyxnhr/p/11838414.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!