38次8.28(docker03:容器网络,主从镜像)
1.容器网络
1.本地⽹络
bridge
yum -y install bridge-utils
2.查看桥⽂件
yum provides *bin/brctl brctl show #使⽤docker network 查看桥 docker network ls
每⼀台dcoker host上的docker0所在⽹段完全⼀样,但是会造成跨主 机的容
器⽆法通信
3.host
与主机共享⽹络,可让容器连接外⽹ ,所有容器与docker主机在同⼀个⽹络
中,容器和外⽹相互访问
docker network ls
创建⼀个新的容器
docker run -d -p80 -v /opt/:/usr/share/nginx/html/ centosnginx:v1
4.查看ip,默认在桥上
docker inspect a4b6|grep IPA
5.绑定其他的桥
docker run -d --network harbor_harbor centosnginx:v1 docker inspect 21a2|grep IPAdd # 使⽤--network对⽹桥的选择
6.绑定host主机⽹络
docker run -it --network host yum:v0 /bin/bash yum -y install iprout #内部查看ip是本地主机ip # 外部查看ip 没有 [root@docker001 001]# docker inspect 306d|grep IPAdd
2.主控node1
1.安装etcd数据库和flannel
yum -y install etcd yum -y install flannel
2.修改etcd数据库配置文件
vim /etc/etcd/etcd.conf #第6行 ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001" #第21行 ETCD_ADVERTISE_CLIENT_URLS="http://192.168.1.10:2379,http://192.168.1.10:4001"
3.启动etcd服务
systemctl start etcd
4.查看端口是否启动
netstat -lnput|grep 2379 netstat -lnput|grep 4001
5.设置开机启动
systemctl enable etcd
6.测试数据库存取功能
[root@node1 ~]# etcdctl set testdir/testkey0 1000 1000 [root@node1 ~]# etcdctl get testdir/testkey0 1000
7.测试集群健康
etcdctl -C http://192.168.1.10:4001 cluster-health member 8e9e05c52164694d is healthy: got healthy result from http://192.168.1.10:2379 cluster is healthy etcdctl -C http://192.168.1.10:2379 cluster-health member 8e9e05c52164694d is healthy: got healthy result from http://192.168.1.10:2379 cluster is healthy
8.修改flannel配置⽂件
vim /etc/sysconfig/flanneld FLANNEL_ETCD_ENDPOINTS="http://192.168.1.10:2379" #第4行
9.向数据库存入网段信息
[root@node1 ~]# etcdctl mk /atomic.io/network/config '{ "Network" : "172.20.0.0/16" }' [root@node1 ~]# etcdctl get /atomic.io/network/config { "Network" : "172.20.0.0/16" }
10.启动服务
systemctl start flanneld systemctl enable flanneld
11.查看ip地址
[root@node1 ~]# ip a s 3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500 link/none inet 172.20.33.0/16 scope global flannel0 valid_lft forever preferred_lft forever inet6 fe80::455b:ea9e:f018:c395/64 scope link flags 800 valid_lft forever preferred_lft forever
12.docker启动,查看ip
systemctl start docker ip a s 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:ed:0a:92:fc brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever
13.查看flannel子网ip
cat /run/flannel/subnet.env FLANNEL_NETWORK=172.20.0.0/16 FLANNEL_SUBNET=172.20.33.1/24 FLANNEL_MTU=1472 #最大值 FLANNEL_IPMASQ=false
14.从其他主机复制一份daemon.json
scp root@192.168.1.50:/etc/docker/daemon.json /etc/docker/ { "registry-mirrors": [ "https://do.nark.eu.org", "https://dc.j8.work", "https://docker.m.daocloud.io", "https://dockerproxy.com", "https://docker.mirrors.ustc.edu.cn", "https://docker.nju.edu.cn" ] , "hosts":[ "tcp://0.0.0.0:2375", "unix:///var/run/docker.sock" ], "insecure-registries":[ "http://192.168.1.50:5000" ] } [root@node1 ~]# vim /usr/lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd #第13行 [root@node1 ~]# systemctl daemon-reload [root@node1 ~]# systemctl restart docker [root@node1 ~]# cat /run/flannel/subnet.env FLANNEL_NETWORK=172.20.0.0/16 FLANNEL_SUBNET=172.20.33.1/24 FLANNEL_MTU=1472 FLANNEL_IPMASQ=false [root@node1 ~]# cat /etc/docker/daemon.json { "registry-mirrors": [ "https://do.nark.eu.org", "https://dc.j8.work", "https://docker.m.daocloud.io", "https://dockerproxy.com", "https://docker.mirrors.ustc.edu.cn", "https://docker.nju.edu.cn" ] , "hosts":[ "tcp://0.0.0.0:2375", "unix:///var/run/docker.sock" ], "insecure-registries":[ "http://192.168.1.10:5000" ], "bip" : "172.0.33.1/24", "mtu" : "1472" } [root@node1 ~]# systemctl restart docker [root@node1 ~]# ip a s #docker的ip地址的网段和flannel一致 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1472 qdisc noqueue state DOWN group default link/ether 02:42:ed:0a:92:fc brd ff:ff:ff:ff:ff:ff inet 172.20.33.1/24 brd 172.20.33.255 scope global docker0 valid_lft forever preferred_lft forever
3.从控node2
[root@node2 ~]# yum -y install etcd [root@node2 ~]# yum -y install flannel [root@node2 ~]# vim /etc/sysconfig/flanneld FLANNEL_ETCD_ENDPOINTS="http://192.168.1.11:2379" #第4行 [root@node2 ~]# systemctl start flanneld [root@node2 ~]# ip a s 3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500 link/none inet 172.20.32.0/16 scope global flannel0 valid_lft forever preferred_lft forever inet6 fe80::4fcb:f1f1:f227:ee11/64 scope link flags 800 valid_lft forever preferred_lft forever [root@node2 ~]# cat /run/flannel/subnet.env FLANNEL_NETWORK=172.20.0.0/16 FLANNEL_SUBNET=172.20.32.1/24 FLANNEL_MTU=1472 FLANNEL_IPMASQ=false [root@node2 ~]# chmod +x docker.sh [root@node2 ~]# ./docker.sh [root@node2 ~]# ip a s 3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500 link/none inet 172.20.32.0/16 scope global flannel0 valid_lft forever preferred_lft forever inet6 fe80::4fcb:f1f1:f227:ee11/64 scope link flags 800 valid_lft forever preferred_lft forever [root@node2 ~]# systemctl start docker [root@node2 ~]# ip a s 3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500 link/none inet 172.20.32.0/16 scope global flannel0 valid_lft forever preferred_lft forever inet6 fe80::4fcb:f1f1:f227:ee11/64 scope link flags 800 valid_lft forever preferred_lft forever 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:e4:a7:5a:cb brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever [root@node2 ~]# scp root@192.168.1.10:/etc/docker/daemon.json /etc/docker/ [root@node2 ~]# vim /etc/docker/daemon.json { "registry-mirrors": [ "https://do.nark.eu.org", "https://dc.j8.work", "https://docker.m.daocloud.io", "https://dockerproxy.com", "https://docker.mirrors.ustc.edu.cn", "https://docker.nju.edu.cn" ] , "hosts":[ "tcp://0.0.0.0:2375", "unix:///var/run/docker.sock" ], "insecure-registries":[ "http://192.168.1.10:5000" ], "bip" : "172.20.32.1/24", "mtu" : 1472 } [root@node2 ~]# cat /run/flannel/subnet.env FLANNEL_NETWORK=172.20.0.0/16 FLANNEL_SUBNET=172.20.32.1/24 FLANNEL_MTU=1472 FLANNEL_IPMASQ=false [root@node2 ~]# vim /usr/lib/systemd/system/docker.service [root@node2 ~]# systemctl daemon-reload [root@node2 ~]# systemctl restart docker [root@node2 ~]# ip a s 3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500 link/none inet 172.20.32.0/16 scope global flannel0 valid_lft forever preferred_lft forever inet6 fe80::4fcb:f1f1:f227:ee11/64 scope link flags 800 valid_lft forever preferred_lft forever 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1472 qdisc noqueue state DOWN group default link/ether 02:42:e4:a7:5a:cb brd ff:ff:ff:ff:ff:ff inet 172.20.32.1/24 brd 172.20.32.255 scope global docker0 valid_lft forever preferred_lft forever [root@node2 ~]# docker pull centos [root@node2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos latest 5d0da3dc9764 2 years ago 231MB [root@node2 ~]# docker run -it centos:latest /bin/bash [root@d5cec2a20adf /]# ping 172.20.33.2 #测试是否互通
总结,工作原理
1.使用flanner为docker主机(宿主)分配网段
2.网段的信息以及ip的信息保存在etcd数据库中
3.当flanner开始运⾏的时候,会从etcd数据库中读{"Network":"172.20.0.0/16"},随机为当前的主机添加⼀个flannel0 网络172.20.78.0
4.配置docker的daemon⽂件,让docker0⽹卡变成和flannel的⽹段 ⼀致,
之后docker下创建的容器的ip就在flannel的⽹段控制之内