目录
Docker 跨主机通信
静态路由
flannel
etcd 数据库 (重点)
1)做缓存
2)做配置中心(key:vlue 例:dir:/etc/nginx/conf.d)
环境准备
| 主机 | IP | 角色 |
|---|---|---|
| docker01 | 10.0.0.101 | docker |
| docker02 | 10.0.0.102 | docker |
| harbor | 10.0.0.100 | etcd |
部署 etcd
# 安装etcd
[root@harbor ~]# yum install -y etcd
# 修改配置文件
[root@harbor ~]# vim /etc/etcd/etcd.conf
#[Memberz]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_NAME="default"
ETCD_LISTEN_CLIENT_URLS="http://10.0.0.100:2379,http://127.0.0.1:2379"
#[Clustering]
ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.100:2379"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
# 重启
[root@harbor ~]# systemctl restart etcd
# 查看端口
[root@harbor ~]# netstat -lntup
tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 53803/etcd
tcp 0 0 10.0.0.100:2379 0.0.0.0:* LISTEN 53803/etcd
tcp 0 0 127.0.0.1:2380 0.0.0.0:* LISTEN 53803/etcd
# 检查健康状态
[root@harbor ~]# etcdctl -C http://10.0.0.100:2379 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://10.0.0.100:2379
cluster is healthy
# 写入数据
[root@harbor ~]# etcdctl -C http://10.0.0.100:2379 set /testdir/testkey "hello world"
hello world
# 查看数据
[root@harbor ~]# etcdctl -C http://10.0.0.100:2379 get /testdir/testkey
hello world
部署 flannel(两台都要操作)
# 安装flannel
[root@docker01 ~]# yum install -y flannel
# 修改配置文件
[root@docker01 ~]# vim /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://10.0.0.100:2379"
FLANNEL_ETCD_PREFIX="/atomic.io/network"
# 创建数据 以下命令二选一
[root@harbor ~]# etcdctl mk /atomic.io/network/config '{"Network":"192.168.0.0/16"}'
{"Network":"192.168.0.0/16"}
# 获取数据
[root@harbor ~]# etcdctl -C http://10.0.0.100:2379 get /atomic.io/network/config
{"Network":"192.168.0.0/16"}
# 启动flannel
[root@docker01 ~]# systemctl start flanneld
flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472
inet 192.168.29.0 netmask 255.255.0.0 destination 192.168.29.0
inet6 fe80::8924:2ac3:56d:313b prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3 bytes 144 (144.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@docker02 ~]# systemctl start flanneld
flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472
inet 192.168.67.0 netmask 255.255.0.0 destination 192.168.67.0
inet6 fe80::b9e0:cada:d7ed:4d6d prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3 bytes 144 (144.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
etcd 图形化
# 拖入安装包
etcdkeeper-v0.7.6-linux_x86_64.zip
# 解压
[root@harbor ~]# unzip etcdkeeper-v0.7.6-linux_x86_64.zip
# 进入目录
[root@harbor ~]# cd etcdkeeper/
# 授权
[root@harbor etcdkeeper]# chmod +x etcdkeeper
# 赋予监听端口
[root@harbor etcdkeeper]# ./etcdkeeper -h 0.0.0.0
2023-09-15 10:43:46.006125 I | listening on 0.0.0.0:8080
启动 flannel 后会将自己的 ip 写入 etcd
docker 关联 flannel
# 查看
[root@docker01 ~]# cat /run/flannel/docker
DOCKER_OPT_BIP="--bip=192.168.29.1/24"
DOCKER_OPT_IPMASQ="--ip-masq=true"
DOCKER_OPT_MTU="--mtu=1472"
DOCKER_NETWORK_OPTIONS=" --bip=192.168.29.1/24 --ip-masq=true --mtu=1472"
[root@docker02 ~]# cat /run/flannel/docker
DOCKER_OPT_BIP="--bip=192.168.67.1/24"
DOCKER_OPT_IPMASQ="--ip-masq=true"
DOCKER_OPT_MTU="--mtu=1472"
DOCKER_NETWORK_OPTIONS=" --bip=192.168.67.1/24 --ip-masq=true --mtu=1472"
# 编辑配置文件
[root@docker01 ~]# vim /usr/lib/systemd/system/docker.service
EnviromentFile=/run/flannel/docker
ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_NETWORK_OPTIONS --containerd=/run/containerd/containerd.sock
[root@docker02 ~]# vim /usr/lib/systemd/system/docker.service
EnviromentFile=/run/flannel/docker
ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_NETWORK_OPTIONS --containerd=/run/containerd/containerd.sock
# 重启docker
[root@docker01 ~]# systemctl daemon-reload
[root@docker01 ~]# systemctl restart docker
[root@docker02 ~]# systemctl daemon-reload
[root@docker02 ~]# systemctl restart docker
# 查看网卡
[root@docker01 ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.29.1 netmask 255.255.255.0 broadcast 192.168.29.255
inet6 fe80::42:eff:fece:afc1 prefixlen 64 scopeid 0x20<link>
ether 02:42:0e:ce:af:c1 txqueuelen 0 (Ethernet)
RX packets 78272 bytes 184764921 (176.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 110882 bytes 224156208 (213.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@docker02 ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.67.1 netmask 255.255.255.0 broadcast 192.168.67.255
ether 02:42:28:82:85:bc txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
启动容器测试是否互通
# 开启内核转发
[root@docker01 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@docker02 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
# 防火墙加载规则
[root@docker01 ~]# systemctl start firewalld
[root@docker01 ~]# systemctl stop firewalld
[root@docker02 ~]# systemctl start firewalld
[root@docker02 ~]# systemctl stop firewalld
# 启动容器
[root@docker01 ~]# docker run -it busybox sh
[root@docker02 ~]# docker run -it busybox sh
# 查看网卡信息
##docker02
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1472 qdisc noqueue
link/ether 02:42:c0:a8:43:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.67.2/24 brd 192.168.67.255 scope global eth0
valid_lft forever preferred_lft forever
##docker01
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
149: eth0@if150: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1472 qdisc noqueue
link/ether 02:42:c0:a8:1d:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.29.2/24 brd 192.168.29.255 scope global eth0
valid_lft forever preferred_lft forever
# 测试是否互通
##docker01
/ # ping 192.168.67.2
PING 192.168.67.2 (192.168.67.2): 56 data bytes
64 bytes from 192.168.67.2: seq=0 ttl=60 time=0.567 ms
64 bytes from 192.168.67.2: seq=1 ttl=60 time=0.529 ms
64 bytes from 192.168.67.2: seq=2 ttl=60 time=0.531 ms
##docker02
/ # ping 192.168.29.2
PING 192.168.29.2 (192.168.29.2): 56 data bytes
64 bytes from 192.168.29.2: seq=0 ttl=60 time=0.656 ms
64 bytes from 192.168.29.2: seq=1 ttl=60 time=0.571 ms
64 bytes from 192.168.29.2: seq=2 ttl=60 time=0.576 ms
Docker 跨主机容器通信之 overlay
http://www.cnblogs.com/CloudMan6/p/7270551.html
# docker03上: consul存储ip地址的分配
docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap
# 设置容器的主机名
consul:kv类型的存储数据库(key:value)
docker01、02上:
vim /etc/docker/daemon.json
{
"cluster-store": "consul://10.0.0.13:8500",
"cluster-advertise": "10.0.0.11:2376"
}
vim /usr/lib/systemd/system/docker.service
systemctl daemon-reload
systemctl restart docker
# 2)创建overlay网络
docker network create -d overlay --subnet 172.16.2.0/24 --gateway 172.16.2.254 ol1
# 3)启动容器测试
docker run -it --network ol1 --name oldboy01 busybox /bin/sh
每个容器有两块网卡,eth0实现容器间的通讯,eth1实现容器访问外网
Docker跨主机容器之间的通信macvlan
默认一个物理网卡,只有一个物理mac地址,虚拟多个mac地址
创建 macvlan 网络
docker network create --driver macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0
macvlan_1
设置 eth0 的网卡为混杂模式
ip link set eth0 promisc on
创建使用 macvlan 网络的容器
docker run -it --network macvlan_1 --ip=10.0.0.200 busybox