一、Flannel网络简介

Flannel是一种基于overlay网络的跨主机容器网络解决方案,也就是将TCP数据包封装在另一种网络包里面进行路由转发和通信,Flannel是CoreOS开发,专门用于docker多机互联的一个工具,让集群中的不同节点主机创建的容器都具有全集群唯一的虚拟ip地址,Flannel使用go语言编写

二、Flannel实现原理

2.1、原理说明

1、Flannel为每个host分配一个subnet,容器从这个subnet中分配IP,这些IP可以在host间路由,容器间无需使用nat和端口映射即可实现跨主机通信

2、每个subnet都是从一个更大的IP池中划分的,flannel会在每个主机上运行一个叫flanneld的agent,其职责就是从池子中分配subnet

3、Flannel使用etcd存放网络配置、已分配 的subnet、host的IP等信息

4、Flannel数据包在主机间转发是由backend实现的,目前已经支持UDP、VxLAN、host-gw、AWS VPC和GCE路由等多种backend

2.2、数据转发流程

1、容器直接使用目标容器的ip访问,默认通过容器内部的eth0发送出去。

2、报文通过veth pair被发送到vethXXX。

3、ethXXX是直接连接到虚拟交换机docker0的,报文通过虚拟bridge docker0发送出去。

4、查找路由表,外部容器ip的报文都会转发到flannel0虚拟网卡,这是一个P2P的虚拟网卡,然后报文就被转发到监听在另一端的flanneld。

5、flanneld通过etcd维护了各个节点之间的路由表,把原来的报文UDP封装一层,通过配置的iface发送出去。

6、报文通过主机之间的网络找到目标主机。

7、报文继续往上,到传输层,交给监听在8285端口的flanneld程序处理。

8、数据被解包,然后发送给flannel0虚拟网卡。

9、查找路由表,发现对应容器的报文要交给docker0。

10、docker0找到连到自己的容器,把报文发送过去。

三、部署etcd集群

3.1、环境准备

 
节点名称
 
IP地址
 
安装软件
 
node1
 
192.168.0.115
 
etcd
 
node2
 
192.168.0.116
 
etcd
 
node3
 
192.168.0.117
 
etcd
 




3.2、安装etcd




# yum -y install etcd




3.3、配置etcd




# cp /etc/etcd/etcd.conf{,_bak}


【注释:每个ETCD_NAME必须不同,绿色部分的ip为当前宿主机的ip】

# grep -v '^#' /etc/etcd/etcd.conf

ETCD_NAME="node1"

ETCD_DATA_DIR="/var/lib/etcd/node1.etcd"

ETCD_LISTEN_PEER_URLS="http://192.168.0.115:2380"

ETCD_LISTEN_CLIENT_URLS="http://192.168.0.115:2379,http://127.0.0.1:2379"

ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.0.115:2380"

ETCD_ADVERTISE_CLIENT_URLS="http://192.168.0.115:2379"

ETCD_INITIAL_CLUSTER="node1=http://192.168.0.115:2380,node2=http://192.168.0.116:2380,node3=http://192.168.0.117:2380"

ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"

ETCD_INITIAL_CLUSTER_STATE="new"




3.4、修改etcd启动文件




# cp /usr/lib/systemd/system/etcd.service{,_bak}

# cat /usr/lib/systemd/system/etcd.service

[Service]

Type=notify

WorkingDirectory=/var/lib/etcd/

EnvironmentFile=-/etc/etcd/etcd.conf

User=etcd

# set GOMAXPROCS to number of processors

ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/bin/etcd \

--name=\"${ETCD_NAME}\" \

--data-dir=\"${ETCD_DATA_DIR}\" \

--listen-peer-urls=\"${ETCD_LISTEN_PEER_URLS}\" \

--listen-client-urls=\"${ETCD_LISTEN_CLIENT_URLS}\" \

--initial-advertise-peer-urls=\"${ETCD_INITIAL_ADVERTISE_PEER_URLS}\" \

--advertise-client-urls=\"${ETCD_ADVERTISE_CLIENT_URLS}\" \

--initial-cluster=\"${ETCD_INITIAL_CLUSTER}\"  \

--initial-cluster-token=\"${ETCD_INITIAL_CLUSTER_TOKEN}\" \

--initial-cluster-state=\"${ETCD_INITIAL_CLUSTER_STATE}\""

Restart=on-failure

LimitNOFILE=




3.5、启动etcd服务




【注释:另外两台服务器,操作也如上】
# systemctl start etcd.service




3.6、检测etcd集群状态,至此etcd安装完成




# 查看cluster状态

# etcdctl cluster-health

member 3e398d43ae9c8720 is healthy: got healthy result from http://192.168.0.116:2379

member 65368524050cc2e8 is healthy: got healthy result from http://192.168.0.115:2379

member d8ff06c8c9b413da is healthy: got healthy result from http://192.168.0.117:2379

cluster is healthy

# 列出etcd服务状态,从列出信息可以看出,目前是node2为主节点。

# etcdctl member list

3e398d43ae9c8720: name=node2 peerURLs=http://192.168.0.116:2380 clientURLs=http://192.168.0.116:2379 isLeader=true

65368524050cc2e8: name=node1 peerURLs=http://192.168.0.115:2380 clientURLs=http://192.168.0.115:2379 isLeader=false

d8ff06c8c9b413da: name=node3 peerURLs=http://192.168.0.117:2380 clientURLs=http://192.168.0.117:2379 isLeader=false




3.7、添加flannel网络配置信息到etcd




【注释: 此(flannel_use)目录自己可以定义,但是此处设置的目录必须与flannel配置文件中FLANNEL_ETCD_PREFIX="/flannel_use/network"配置保持一致,flannel启动程序只认带“config”的key,否则会报错Not a directory (/flannel_use/network)】 


# 固定配置方式
# etcdctl set /flannel_use/network/config '{"Network":"10.10.0.0/16"}'




四、部署flannel


4.1、安装flannel




# yum install -y flannel




4.2、修改flannel配置文件




# cp /etc/sysconfig/flanneld{,_bak}

# cat /etc/sysconfig/flanneld

# Flanneld configuration options

# etcd url location.  Point this to the server where etcd runs

FLANNEL_ETCD_ENDPOINTS="http://192.168.0.115:2379,http://192.168.0.116:2379,http://192.168.0.117:2379"

# etcd config key.  This is the configuration key that flannel queries

# For address range assignment

FLANNEL_ETCD_PREFIX="/flannel_use/network"

# Any additional options that you want to pass

#FLANNEL_OPTIONS=""




4.3、启动flannel




# systemctl start flanneld

# systemctl status flanneld

● flanneld.service - Flanneld overlay address etcd agent

   Loaded: loaded (/usr/lib/systemd/system/flanneld.service; disabled; vendor preset: disabled)

   Active: active (running) since Mon -- :: CST; 4s ago

  Process:  ExecStartPost=/usr/libexec/flannel/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker (code=exited, status=/SUCCESS)

 Main PID:  (flanneld)

   Memory: 18.8M

   CGroup: /system.slice/flanneld.service

           └─ /usr/bin/flanneld -etcd-endpoints=http://192.168.0.115:2379,http://192.168.0.116:2379,http://192.168.0.117:2379 -etcd-prefix=/flannel_use/network

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.365994     main.go:] Installing signal handlers

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.366705     manager.go:] Determining IP address of default interface

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.366916     manager.go:] Using interface with name eth0 and address 192.168.0.109

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.366933     manager.go:] Defaulting external address to interface address (192.168.0.109)

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.375600     local_manager.go:] Picking subnet in range 10.10.1.0 ... 10.10.255.0

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.383110     manager.go:] Lease acquired: 10.10.88.0/

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.383333     network.go:] Watching for new subnet leases

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.388324     network.go:] Subnet added: 10.10.65.0/

Dec  :: nanan-product-yanpan-bigdate01 flanneld-start[]: I1223 ::07.388344     network.go:] Subnet added: 10.10.50.0/

Dec  :: nanan-product-yanpan-bigdate01 systemd[]: Started Flanneld overlay address etcd agent.

# ip a

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue state UNKNOWN qlen

    link/loopback ::::: brd :::::

    inet 127.0.0.1/ scope host lo

       valid_lft forever preferred_lft forever

: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc mq state UP qlen

    link/ether ::3e:2c::be brd ff:ff:ff:ff:ff:ff

    inet 192.168.0.109/ brd 192.168.0.255 scope global dynamic eth0

       valid_lft 314756444sec preferred_lft 314756444sec

: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu  qdisc noqueue state DOWN

    link/ether :::1b:b8:fd brd ff:ff:ff:ff:ff:ff

    inet 10.10.0.1/ brd 10.10.0.255 scope global docker0

       valid_lft forever preferred_lft forever

: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu  qdisc pfifo_fast state UNKNOWN qlen

    link/none

    inet 10.10.88.0/ scope global flannel0

       valid_lft forever preferred_lft forever




4.4、注释




启动Flannel后,一定要记得重启docker,这样Flannel配置分配的ip才能生效,即docker0虚拟网卡的ip会变成上面flannel设定的ip段




4.5、修改docker启动/配置文件使用flannel网络




# cat /usr/lib/systemd/system/docker.service

[Unit]

Description=Docker Application Container Engine

Documentation=https://docs.docker.com

BindsTo=containerd.service

After=network-online.target firewalld.service containerd.service

Wants=network-online.target

Requires=docker.socket

[Service]

Type=notify

# the default is not to use systemd for cgroups because the delegate issues still

# exists and systemd currently does not support the cgroup feature set required

# for containers run by docker

ExecStart=/usr/bin/dockerd --insecure-registry=172.17.29.74 -H fd:// --containerd=/run/containerd/containerd.sock $DOCKER_NETWORK_OPTIONS

ExecReload=/bin/kill -s HUP $MAINPID

TimeoutSec=

RestartSec=

Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd .

# Both the old, and new location are accepted by systemd  and up, so using the old location

# to make them work for either version of systemd.

StartLimitBurst=

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd .

# Both the old, and new name are accepted by systemd  and up, so using the old name to make

# this option work for either version of systemd.

StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead

# in the kernel. We recommend using cgroups to do container-local accounting.

LimitNOFILE=infinity

LimitNPROC=infinity

LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.

# Only systemd  and above support this option.

TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers

Delegate=yes

# kill only the docker process, not all processes in the cgroup

KillMode=process

[Install]

WantedBy=multi-user.target

# cat /etc/docker/daemon.json

{

  "registry-mirrors": ["https://registry.docker-cn.com"]

}




4.6、重启docker




# systemctl daemon-reload

# systemctl restart docker




4.7、查看docker是否使用flannel网络




# ip a

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue state UNKNOWN qlen

    link/loopback ::::: brd :::::

    inet 127.0.0.1/ scope host lo

       valid_lft forever preferred_lft forever

: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc mq state UP qlen

    link/ether ::3e:2c::be brd ff:ff:ff:ff:ff:ff

    inet 192.168.0.109/ brd 192.168.0.255 scope global dynamic eth0

       valid_lft 314756133sec preferred_lft 314756133sec

: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu  qdisc noqueue state DOWN

    link/ether :::1b:b8:fd brd ff:ff:ff:ff:ff:ff

    inet 10.10.88.1/ brd 10.10.88.255 scope global docker0

       valid_lft forever preferred_lft forever

: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu  qdisc pfifo_fast state UNKNOWN qlen

    link/none

    inet 10.10.88.0/ scope global flannel0

       valid_lft forever preferred_lft forever




4.8、如果容器无法联通,是由于flannel.0网卡和docker0网卡通过iptables的forward转发,所以需确保如下设置




、核中的forward功能开启(立即生效,重启后效果不再)

# echo "" > /proc/sys/net/ipv4/ip_forward

  

、包不会被iptables的forward规则拦截

# iptables -P FORWARD ACCEPT


												


											
docker使用 Flannel(etcd+flannel)网络的更多相关文章
	

    
								
  1. 008.Docker Flannel+Etcd分布式网络部署
		
    一 环境准备 1.1 Flannel概述 Flannel是一种基于overlay网络的跨主机容器网络解决方案,即将TCP数据包封装在另一种网络包里面进行路由转发和通信,Flannel是CoreOS开发 ...
    
		
    2. 
						
  2. docker环境下构建flannel 网络
		
    flannel 是coreos 开发的网络解决方案,为每一台主机分配一个 subnet,容器从此subnet 中分配ip,ip可以在主机间路由.每个subnet从更大的ip池中划分,为了在各个主机间共 ...
    
		
    3. 
						
  3. kubelet集群网络配置flannel(覆盖网络)
		
    kubernetes本身并不会对跨主机容器的网络进行设置,这需要额外的工具来实现.一些常用的开源工具主要包括flanne.OpenvSwitch.Weave.Calico等,这里面最常用的是flann ...
    
		
    4. 
						
  4. Flannel和Calico网络插件工作流程对比
		
    Flannel和Calico网络插件对比   Calico简介 Calico是一个纯三层的网络插件,calico的bgp模式类似于flannel的host-gw Calico方便集成 OpenStac ...
    
		
    5. 
						
  5. Flannel和Calico网络插件对比
		
    1.Kubernetes通信问题 1.容器间通信:即同一个Pod内多个容器间通信,通常使用loopback来实现. 2.Pod间通信:K8s要求,Pod和Pod之间通信必须使用Pod-IP 直接访问另 ...
    
		
    6. 
						
  6. ETCD&Flannel安装
		
    .ETCD 安装: nohup etcd --name etcd0 \ --advertise-client-urls http://172.31.24.246:2379,http://127.0.0 ...
    
		
    7. 
						
  7. Docker容器基础入门认知-网络篇
		
    这篇文章中,会从 docker 中的单机中的 netns 到 veth,再到单机多个容器之间的 bridge 网络交互,最后到跨主机容器之间的 nat 和 vxlan 通信过程,让大家对 docker ...
    
		
    8. 
						
  8. Docker的单主机容器网络
		
    作者:杨冬 欢迎转载,也请保留这段声明.谢谢! 出处: https://andyyoung01.github.io/ 或 http://andyyoung01.16mb.com/ 本篇文章主要探索Do ...
    
		
    9. 
						
  9. centos7下安装docker(12.2自定义网络)
		
    通常默认的情况下我们使用的是docker的bridge的网络,用户也可以根据自己的业务需要,创建user-defined docker 提供三种user-defined网络驱动:bridge,over ...
    
		
    10. 
		

	


随机推荐
	

    
									
  1. Java开源网页抓取工具httpClient以及jsoup
			
    网上看到不错的Java网页抓取工具和库 先记录一下 使用java开源工具httpClient及jsoup抓取解析网页数据
    
			
    2. 
						
  2. @Autowired注解与@Qualifier注解搭配使用----解决多实现选择注入问题
			
    问题:当一个接口实现由两个实现类时,只使用@Autowired注解,会报错,如下图所示 实现类1 实现类2 controller中注入 然后启动服务报错,如下所示: Exception encount ...
    
			
    3. 
						
  3. hdfs架构详解(防脑裂fencing机制值得学习)
			
    HDFS(Hadoop Distributed File System)是一个分布式文件存储系统,几乎是离线存储领域的标准解决方案(有能力自研的大厂列外),业内应用非常广泛.近段抽时间,看一下 HDF ...
    
			
    4. 
						
  4. Java8排序
			
    @Data @AllArgsConstructor @NoArgsConstructor public class Apple { private int wight; } 排序 List<In ...
    
			
    5. 
						
  5. python之数字类型小知识
			
    数字是表示计数的抽象事物,也是数学运算和推理的基础,所以,生活中数字是生活中无处不在的,那么,在python语言中运用数字有哪些小知识呢,不妨花点时间看一下这篇博文,牢记这些小知识. 整数类型中四种进 ...
    
			
    6. 
						
  6. frp 路由穿透(github开源穿透软件)
			
    server配置(windows):下载: https://github.com/fatedier/frp/releases [common] # 服务器端端口 bind_port = # 客户端连接 ...
    
			
    7. 
						
  7. 阿里Java开发规约【摘录】
			
    1.命名规约 [强制]类名使用UpperCamelCase风格,必须遵从驼峰形式,但以下情形例外:(领域模型的相关命名)DO / BO / DTO / VO等. 正例:MarcoPolo / User ...
    
			
    8. 
						
  8. JavaJDBC【七、JDBC升级版简介】
			
    Commons-dbutils Apache提供的一个开源JDBC工具类库,对传统操作数据库的类进行二次封装,可以把结果集转换成List. 特点: 1.杜绝资源泄漏 2.简化代码 3.以Bean实例形 ...
    
			
    9. 
						
  9. centos 7 安装 LNMPC cacti 1.2.7 监控
			
    先上图,后续更新
    
			
    10. 
						
  10. 最简单webview跳转
			
    String url = "http://www.qq.com" Uri uri=Uri.parse("http://www.baidu.com"); Inte ...
    
			
    11.