一、Flannel网络简介

Flannel是一种基于overlay网络的跨主机容器网络解决方案,也就是将TCP数据包封装在另一种网络包里面进行路由转发和通信,Flannel是CoreOS开发,专门用于docker多机互联的一个工具,让集群中的不同节点主机创建的容器都具有全集群唯一的虚拟ip地址,Flannel使用go语言编写

二、Flannel实现原理

2.1、原理说明

1、Flannel为每个host分配一个subnet,容器从这个subnet中分配IP,这些IP可以在host间路由,容器间无需使用nat和端口映射即可实现跨主机通信

2、每个subnet都是从一个更大的IP池中划分的,flannel会在每个主机上运行一个叫flanneld的agent,其职责就是从池子中分配subnet

3、Flannel使用etcd存放网络配置、已分配 的subnet、host的IP等信息

4、Flannel数据包在主机间转发是由backend实现的,目前已经支持UDP、VxLAN、host-gw、AWS VPC和GCE路由等多种backend

2.2、数据转发流程

1、容器直接使用目标容器的ip访问,默认通过容器内部的eth0发送出去。

2、报文通过veth pair被发送到vethXXX。

3、ethXXX是直接连接到虚拟交换机docker0的,报文通过虚拟bridge docker0发送出去。

4、查找路由表,外部容器ip的报文都会转发到flannel0虚拟网卡,这是一个P2P的虚拟网卡,然后报文就被转发到监听在另一端的flanneld。

5、flanneld通过etcd维护了各个节点之间的路由表,把原来的报文UDP封装一层,通过配置的iface发送出去。

6、报文通过主机之间的网络找到目标主机。

7、报文继续往上,到传输层,交给监听在8285端口的flanneld程序处理。

8、数据被解包,然后发送给flannel0虚拟网卡。

9、查找路由表,发现对应容器的报文要交给docker0。

10、docker0找到连到自己的容器,把报文发送过去。

三、部署etcd集群

3.1、环境准备

 
节点名称
 
IP地址
 
安装软件
 
node1
 
192.168.0.115
 
etcd
 
node2
 
192.168.0.116
 
etcd
 
node3
 
192.168.0.117
 
etcd
 




3.2、安装etcd




# yum -y install etcd




3.3、配置etcd




# cp /etc/etcd/etcd.conf{,_bak}


【注释:每个ETCD_NAME必须不同,绿色部分的ip为当前宿主机的ip】

# grep -v '^#' /etc/etcd/etcd.conf

ETCD_NAME="node1"

ETCD_DATA_DIR="/var/lib/etcd/node1.etcd"

ETCD_LISTEN_PEER_URLS="http://192.168.0.115:2380"

ETCD_LISTEN_CLIENT_URLS="http://192.168.0.115:2379,http://127.0.0.1:2379"

ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.0.115:2380"

ETCD_ADVERTISE_CLIENT_URLS="http://192.168.0.115:2379"

ETCD_INITIAL_CLUSTER="node1=http://192.168.0.115:2380,node2=http://192.168.0.116:2380,node3=http://192.168.0.117:2380"

ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"

ETCD_INITIAL_CLUSTER_STATE="new"




3.4、修改etcd启动文件




# cp /usr/lib/systemd/system/etcd.service{,_bak}

# cat /usr/lib/systemd/system/etcd.service

[Service]

Type=notify

WorkingDirectory=/var/lib/etcd/

EnvironmentFile=-/etc/etcd/etcd.conf

User=etcd

# set GOMAXPROCS to number of processors

ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/bin/etcd \

--name=\"${ETCD_NAME}\" \

--data-dir=\"${ETCD_DATA_DIR}\" \

--listen-peer-urls=\"${ETCD_LISTEN_PEER_URLS}\" \

--listen-client-urls=\"${ETCD_LISTEN_CLIENT_URLS}\" \

--initial-advertise-peer-urls=\"${ETCD_INITIAL_ADVERTISE_PEER_URLS}\" \

--advertise-client-urls=\"${ETCD_ADVERTISE_CLIENT_URLS}\" \

--initial-cluster=\"${ETCD_INITIAL_CLUSTER}\"  \

--initial-cluster-token=\"${ETCD_INITIAL_CLUSTER_TOKEN}\" \

--initial-cluster-state=\"${ETCD_INITIAL_CLUSTER_STATE}\""

Restart=on-failure

LimitNOFILE=




3.5、启动etcd服务




【注释:另外两台服务器,操作也如上】
# systemctl start etcd.service




3.6、检测etcd集群状态,至此etcd安装完成




# 查看cluster状态

# etcdctl cluster-health

member 3e398d43ae9c8720 is healthy: got healthy result from http://192.168.0.116:2379

member 65368524050cc2e8 is healthy: got healthy result from http://192.168.0.115:2379

member d8ff06c8c9b413da is healthy: got healthy result from http://192.168.0.117:2379

cluster is healthy

# 列出etcd服务状态,从列出信息可以看出,目前是node2为主节点。

# etcdctl member list

3e398d43ae9c8720: name=node2 peerURLs=http://192.168.0.116:2380 clientURLs=http://192.168.0.116:2379 isLeader=true

65368524050cc2e8: name=node1 peerURLs=http://192.168.0.115:2380 clientURLs=http://192.168.0.115:2379 isLeader=false

d8ff06c8c9b413da: name=node3 peerURLs=http://192.168.0.117:2380 clientURLs=http://192.168.0.117:2379 isLeader=false




3.7、添加flannel网络配置信息到etcd




【注释: 此(flannel_use)目录自己可以定义,但是此处设置的目录必须与flannel配置文件中FLANNEL_ETCD_PREFIX="/flannel_use/network"配置保持一致,flannel启动程序只认带“config”的key,否则会报错Not a directory (/flannel_use/network)】 


# 固定配置方式
# etcdctl set /flannel_use/network/config '{"Network":"10.10.0.0/16"}'




四、部署flannel


4.1、安装flannel




# yum install -y flannel




4.2、修改flannel配置文件




# cp /etc/sysconfig/flanneld{,_bak}

# cat /etc/sysconfig/flanneld

# Flanneld configuration options

# etcd url location.  Point this to the server where etcd runs

FLANNEL_ETCD_ENDPOINTS="http://192.168.0.115:2379,http://192.168.0.116:2379,http://192.168.0.117:2379"

# etcd config key.  This is the configuration key that flannel queries

# For address range assignment

FLANNEL_ETCD_PREFIX="/flannel_use/network"

# Any additional options that you want to pass

#FLANNEL_OPTIONS=""




4.3、启动flannel




# systemctl start flanneld

# systemctl status flanneld

● flanneld.service - Flanneld overlay address etcd agent

   Loaded: loaded (/usr/lib/systemd/system/flanneld.service; disabled; vendor preset: disabled)

   Active: active (running) since Mon -- :: CST; 4s ago

  Process:  ExecStartPost=/usr/libexec/flannel/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker (code=exited, status=/SUCCESS)

 Main PID:  (flanneld)

   Memory: 18.8M

   CGroup: /system.slice/flanneld.service

           └─ /usr/bin/flanneld -etcd-endpoints=http://192.168.0.115:2379,http://192.168.0.116:2379,http://192.168.0.117:2379 -etcd-prefix=/flannel_use/network

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.365994     main.go:] Installing signal handlers

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.366705     manager.go:] Determining IP address of default interface

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.366916     manager.go:] Using interface with name eth0 and address 192.168.0.109

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.366933     manager.go:] Defaulting external address to interface address (192.168.0.109)

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.375600     local_manager.go:] Picking subnet in range 10.10.1.0 ... 10.10.255.0

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.383110     manager.go:] Lease acquired: 10.10.88.0/

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.383333     network.go:] Watching for new subnet leases

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.388324     network.go:] Subnet added: 10.10.65.0/

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.388344     network.go:] Subnet added: 10.10.50.0/

Dec  :: nanan-product-yanpan-bigdate01 systemd[]: Started Flanneld overlay address etcd agent.

# ip a

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue state UNKNOWN qlen

    link/loopback ::::: brd :::::

    inet 127.0.0.1/ scope host lo

       valid_lft forever preferred_lft forever

: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc mq state UP qlen

    link/ether ::3e:2c::be brd ff:ff:ff:ff:ff:ff

    inet 192.168.0.109/ brd 192.168.0.255 scope global dynamic eth0

       valid_lft 314756444sec preferred_lft 314756444sec

: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu  qdisc noqueue state DOWN

    link/ether :::1b:b8:fd brd ff:ff:ff:ff:ff:ff

    inet 10.10.0.1/ brd 10.10.0.255 scope global docker0

       valid_lft forever preferred_lft forever

: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu  qdisc pfifo_fast state UNKNOWN qlen

    link/none

    inet 10.10.88.0/ scope global flannel0

       valid_lft forever preferred_lft forever




4.4、注释




启动Flannel后,一定要记得重启docker,这样Flannel配置分配的ip才能生效,即docker0虚拟网卡的ip会变成上面flannel设定的ip段




4.5、修改docker启动/配置文件使用flannel网络




# cat /usr/lib/systemd/system/docker.service

[Unit]

Description=Docker Application Container Engine

Documentation=https://docs.docker.com

BindsTo=containerd.service

After=network-online.target firewalld.service containerd.service

Wants=network-online.target

Requires=docker.socket

[Service]

Type=notify

# the default is not to use systemd for cgroups because the delegate issues still

# exists and systemd currently does not support the cgroup feature set required

# for containers run by docker

ExecStart=/usr/bin/dockerd --insecure-registry=172.17.29.74 -H fd:// --containerd=/run/containerd/containerd.sock $DOCKER_NETWORK_OPTIONS

ExecReload=/bin/kill -s HUP $MAINPID

TimeoutSec=

RestartSec=

Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd .

# Both the old, and new location are accepted by systemd  and up, so using the old location

# to make them work for either version of systemd.

StartLimitBurst=

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd .

# Both the old, and new name are accepted by systemd  and up, so using the old name to make

# this option work for either version of systemd.

StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead

# in the kernel. We recommend using cgroups to do container-local accounting.

LimitNOFILE=infinity

LimitNPROC=infinity

LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.

# Only systemd  and above support this option.

TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers

Delegate=yes

# kill only the docker process, not all processes in the cgroup

KillMode=process

[Install]

WantedBy=multi-user.target

# cat /etc/docker/daemon.json

{

  "registry-mirrors": ["https://registry.docker-cn.com"]

}




4.6、重启docker




# systemctl daemon-reload

# systemctl restart docker




4.7、查看docker是否使用flannel网络




# ip a

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue state UNKNOWN qlen

    link/loopback ::::: brd :::::

    inet 127.0.0.1/ scope host lo

       valid_lft forever preferred_lft forever

: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc mq state UP qlen

    link/ether ::3e:2c::be brd ff:ff:ff:ff:ff:ff

    inet 192.168.0.109/ brd 192.168.0.255 scope global dynamic eth0

       valid_lft 314756133sec preferred_lft 314756133sec

: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu  qdisc noqueue state DOWN

    link/ether :::1b:b8:fd brd ff:ff:ff:ff:ff:ff

    inet 10.10.88.1/ brd 10.10.88.255 scope global docker0

       valid_lft forever preferred_lft forever

: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu  qdisc pfifo_fast state UNKNOWN qlen

    link/none

    inet 10.10.88.0/ scope global flannel0

       valid_lft forever preferred_lft forever




4.8、如果容器无法联通,是由于flannel.0网卡和docker0网卡通过iptables的forward转发,所以需确保如下设置




、核中的forward功能开启(立即生效,重启后效果不再)

# echo "" > /proc/sys/net/ipv4/ip_forward

  

、包不会被iptables的forward规则拦截

# iptables -P FORWARD ACCEPT


												


											
docker使用 Flannel(etcd+flannel)网络的更多相关文章
	

    
								
  1. 008.Docker Flannel+Etcd分布式网络部署
		
    一 环境准备 1.1 Flannel概述 Flannel是一种基于overlay网络的跨主机容器网络解决方案,即将TCP数据包封装在另一种网络包里面进行路由转发和通信,Flannel是CoreOS开发 ...
    
		
    2. 
						
  2. docker环境下构建flannel 网络
		
    flannel 是coreos 开发的网络解决方案,为每一台主机分配一个 subnet,容器从此subnet 中分配ip,ip可以在主机间路由.每个subnet从更大的ip池中划分,为了在各个主机间共 ...
    
		
    3. 
						
  3. kubelet集群网络配置flannel(覆盖网络)
		
    kubernetes本身并不会对跨主机容器的网络进行设置,这需要额外的工具来实现.一些常用的开源工具主要包括flanne.OpenvSwitch.Weave.Calico等,这里面最常用的是flann ...
    
		
    4. 
						
  4. Flannel和Calico网络插件工作流程对比
		
    Flannel和Calico网络插件对比   Calico简介 Calico是一个纯三层的网络插件,calico的bgp模式类似于flannel的host-gw Calico方便集成 OpenStac ...
    
		
    5. 
						
  5. Flannel和Calico网络插件对比
		
    1.Kubernetes通信问题 1.容器间通信:即同一个Pod内多个容器间通信,通常使用loopback来实现. 2.Pod间通信:K8s要求,Pod和Pod之间通信必须使用Pod-IP 直接访问另 ...
    
		
    6. 
						
  6. ETCD&Flannel安装
		
    .ETCD 安装: nohup etcd --name etcd0 \ --advertise-client-urls http://172.31.24.246:2379,http://127.0.0 ...
    
		
    7. 
						
  7. Docker容器基础入门认知-网络篇
		
    这篇文章中,会从 docker 中的单机中的 netns 到 veth,再到单机多个容器之间的 bridge 网络交互,最后到跨主机容器之间的 nat 和 vxlan 通信过程,让大家对 docker ...
    
		
    8. 
						
  8. Docker的单主机容器网络
		
    作者:杨冬 欢迎转载,也请保留这段声明.谢谢! 出处: https://andyyoung01.github.io/ 或 http://andyyoung01.16mb.com/ 本篇文章主要探索Do ...
    
		
    9. 
						
  9. centos7下安装docker(12.2自定义网络)
		
    通常默认的情况下我们使用的是docker的bridge的网络,用户也可以根据自己的业务需要,创建user-defined docker 提供三种user-defined网络驱动:bridge,over ...
    
		
    10. 
		

	


随机推荐
	

    
									
  1. linux下vi编辑器常用命令
			
    最近折腾云主机centOS,不得不接触到各种命令,特别是vi编辑器. 时常悔恨当时没好好听金老伯的linux课,导致现在操作命令用的十分生疏,甚至跳转行首行尾都要查一查才知道. 所以〒▽〒有了下面这篇 ...
    
			
    2. 
						
  2. IDEA中便捷更新Git项目最新代码
			
    更新:IDEA中直接点击Gir后面的第一个图标 会出现一个这样的弹框,点击OK,就可以将GitLab中最新的代码更新到IDEA中(本地)
    
			
    3. 
						
  3. Python【print函数】
			
    下面是 print函数的一种用法,用逗号隔开,可在同一行打印不同类型的数据.x = input('请你输入被除数:')y = input('请你输入除数:')z = float(x)/float(y) ...
    
			
    4. 
						
  4. X86逆向1:软件破解入门课【课件下载】
			
    从本节课开始,我将带领小白入门学习软件破解的相关内容,大佬绕过,以后将会定期更新从最基本的破解知识点开始学习,由简单到复杂循序渐进,难度会逐步提高. 为了防止版权方面的争议,我将自行编写一些破解案例来 ...
    
			
    5. 
						
  5. NET Core:搭建私有Nuget服务器以及打包发布Nuget包
			
    docker 安装 https://www.cnblogs.com/liuxiaoji/p/11014329.html 1.使用docker搭建私有Nuget服务器 docker run -d -p  ...
    
			
    6. 
						
  6. SQL基础:语句执行顺序
			
    SQL入门 select * from table; SQL实战题目 有下面一个表 t ,存储了每个商品类别的成交明细,我们需要通过下面这张表获取订单量大于10对应的类别,并从中取出订单量前3的商品类 ...
    
			
    7. 
						
  7. Java--java.util.stream.Collectors文档实例
			
    // java.util.stream.Collectors 类的主要作用就是辅助进行各类有用的 reduction 操作,例如转变输出为 Collection,把 Stream 元素进行归组. pu ...
    
			
    8. 
						
  8. swift学习网址
			
    一.网站: 0.swift学习者资源分享 1.swift苹果官网:Swift - Overview 2.Swiftist: Home - Swiftist 社区 3.swift中文指南 4.一起swi ...
    
			
    9. 
						
  9. netfilter/iptables全攻略
			
    转:http://www.linuxso.com/linuxpeixun/10332.html 内容简介防火墙的概述iptables简介iptables基础iptables语法iptables实例案例 ...
    
			
    10. 
						
  10. contextlib:上下文管理器工具
			
    介绍 contextlib模块包含的工具可以用于处理上下文管理器和with语句 上下文管理器API ''' 上下文管理器(context manager)负责管理一个代码块中的资源,会在进入代码块时创 ...
    
			
    11.