flannel，etcd，docker

bridge容器

听有容器连接到桥就可以使用外网，使用nat让容器可以访问外网使用ipas指令查看桥，所有容器连接到此桥，ip地址都是172.17.0.0/16网段，桥是启动docker服务后出现，在centos使用bridge-utils安装

跨主机的容器网络连接 A=>mysql B=>java容器

将A -p3306:3306

1.安装bridge-utils

bash 复制代码

[root@docker ~]# yum -y install bridge-utils

2.查看进程

bash 复制代码

[root@docker ~]# brctl show 
bridge name    bridge id        STP enabled    interfaces
docker0        8000.024247b004cb    no        

[root@docker ~]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
0791e5b559a2   bridge    bridge    local
a9058e4eb605   host      host      local
b5976cf678d1   none      null      local

3.创建主机

bash 复制代码

docker run -d -p80:80 centos:nginx

docker run -it --network host centos:latest /bin/bash        类似于主机的容器，进入容器

yum -y install httpd        下载httpd

[root@docker /]# echo "=======" > /var/www/html/index.html        写入页面
[root@docker /]# httpd -k start         开启httpd服务
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::cad1:833a:a57c:8cc3. Set the 'ServerName' directive globally to suppress this message
[root@docker /]# curl localhost        在容器内可以访问到
=======
退到主机
[root@docker ~]# curl 192.168.2.81        用Ctrl+P+Q退出，进行访问，可以访问到
=======

跨主机容器之间的通讯

flannel

overlay 覆盖型网络，不支持路由转发，通过数据etcd数据库保存子网信息以及网络分配信息

给每台主机分配一个网段

通过udp传输数据包

实操：

主机名 ip 功能软件

node1 x.x.x.10 主控主机 etcd flannel docker

node2 x.x.x.11 被控制主机 etcd docker

1.安装 flannel（数据分配） etcd（数据库）
$root@node1 \~\]# yum -y install etcd \[root@node1 \~\]# yum -y install flannel node1和node2都下载 2.配置启动etcd \[root@node1 \~\]# vim /etc/etcd/etcd.conf ![](https://i-blog.csdnimg.cn/direct/043ca08524024749ba32216cb6a63567.png) ![](https://i-blog.csdnimg.cn/direct/ea3a6daa0a294ed6adb2fa0578a26c5f.png) \[root@node1 \~\]# systemctl start etcd.service \[root@node1 \~\]# netstat -lnput \| grep 2379 查看端口状态 tcp6 0 0 :::2379 :::\* LISTEN 1285/etcd \[root@node1 \~\]# netstat -lnput \| grep 4001 tcp6 0 0 :::4001 :::\* LISTEN 1285/etcd \[root@node1 \~\]# systemctl enable etcd 开机自启 3.存取 \[root@node1 \~\]# etcdctl set testdir/testkey0 1000 存 1000 \[root@node1 \~\]# etcdctl get testdir/testkey0 取 1000 4.测试集群健康 \[root@node1 \~\]# etcdctl -C http://192.168.2.10:4001 cluster-health member 8e9e05c52164694d is healthy: got healthy result from http://192.168.2.10:2379 cluster is healthy 5.修改flannel配置文件 \[root@node1 \~\]# vim /etc/sysconfig/flanneld ![](https://i-blog.csdnimg.cn/direct/3295cd43d2604412bd4d668168038863.png) 6.指定之后容器的ip地址的开头，向数据库存入网端信息 \[root@node1 \~\]# etcdctl mk /atomic.io/network/config '{ "Network" : "172.20.0.0/16" }' { "Network" : "172.20.0.0/16" } \[root@node1 \~\]# etcdctl get /atomic.io/network/config { "Network" : "172.20.0.0/16" } 7.启动flannel \[root@node1 \~\]# systemctl start flanneld.service \[root@node1 \~\]# systemctl enable flanneld.service \[root@node1 \~\]# ip a s 3: flannel0: \ mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500 link/none inet 172.20.87.0/16 scope global flannel0 valid_lft forever preferred_lft forever inet6 fe80::1ca4:371f:8807:91b9/64 scope link flags 800 valid_lft forever preferred_lft forever 8.安装docker 9.查看flannel子网ip \[root@node1 \~\]# cat /run/flannel/subnet.env FLANNEL_NETWORK=172.20.0.0/16 FLANNEL_SUBNET=172.20.87.1/24 FLANNEL_MTU=1472 FLANNEL_IPMASQ=false \[root@node1 \~\]# 10.配置docker环境 \[root@node1 \~\]# scp root@192.168.2.81:/etc/docker/daemon.json /etc/docker/ 从配好的机器复制过来 \[root@node1 \~\]# vim /usr/lib/systemd/system/docker.service ![](https://i-blog.csdnimg.cn/direct/7240a07571cc4e288eff06f626faa616.png) \[root@node1 \~\]# vim /etc/docker/daemon.json ![](https://i-blog.csdnimg.cn/direct/27742b74dbde4846bc66504f5f2db034.png) \[root@node1 \~\]# systemctl daemon-reload \[root@node1 \~\]# systemctl restart docker.service \[root@node1 \~\]# cat /run/flannel/subnet.env FLANNEL_NETWORK=172.20.0.0/16 FLANNEL_SUBNET=172.20.87.1/24 FLANNEL_MTU=1472 FLANNEL_IPMASQ=false \[root@node1 \~\]# vim /etc/docker/daemon.json ![](https://i-blog.csdnimg.cn/direct/7b764154d3594456bae96f08e467866d.png) \[root@node1 \~\]# systemctl restart docker.service \[root@node1 \~\]# docker pull centos 拉取基础镜像 11.对node2进行配置 \[root@node2 \~\]# vim /etc/sysconfig/flanneld ![](https://i-blog.csdnimg.cn/direct/829abf14de9c4ef8978636b18e0531f2.png) \[root@node2 \~\]# ip a s 3: flannel0: \ mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500 link/none inet 172.20.11.0/16 scope global flannel0 valid_lft forever preferred_lft forever inet6 fe80::7f1d:c425:a9:e718/64 scope link flags 800 valid_lft forever preferred_lft forever \[root@node2 \~\]# cat /run/flannel/subnet.env FLANNEL_NETWORK=172.20.0.0/16 FLANNEL_SUBNET=172.20.11.1/24 FLANNEL_MTU=1472 FLANNEL_IPMASQ=false 在node1中 \[root@node1 \~\]# docker run -it centos:latest /bin/bash \[root@c5351f566cca /\]# \[root@node1 \~\]# \[root@node1 \~\]# docker inspect c5 \| grep IPADD \[root@node1 \~\]# docker inspect c535 \| grep IPAdd "SecondaryIPAddresses": null, "IPAddress": "172.20.87.2", "IPAddress": "172.20.87.2", 在node2配置docker然后开启一个容器 \[root@node2 \~\]# docker run -it centos:latest /bin/bash \[root@2e6c4d8d8921 /\]# ping 172.20.87.1 PING 172.20.87.1 (172.20.87.1) 56(84) bytes of data. 64 bytes from 172.20.87.1: icmp_seq=1 ttl=61 time=1.42 ms 64 bytes from 172.20.87.1: icmp_seq=2 ttl=61 time=0.540 ms 64 bytes from 172.20.87.1: icmp_seq=3 ttl=61 time=0.392 ms --- 172.20.87.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 0.392/0.782/1.416/0.453 ms 显示可以ping通node1中的172.20.87.1就可以了。$

小结：

1.安装flanner

yum -y install flanner

2.配置flannel 配置其要访问的etcd数据库所在的位置

vim /etc/sysconfig/flanner

Flanneld configuration options

etcd url location. Point this to the server where etcd runs

FLANNEL_ETCD_ENDPOINTS="http://192.168.2.10:2379"

etcd config key. This is the configuration key that flannel queries

For address range assignment

FLANNEL_ETCD_PREFIX="/atomic.io/network"

Any additional options that you want to pass

#FLANNEL_OPTIONS=""

3.启动flannel

systemctl start flanneld

4.查看flannel分配的ip网段

cat /run/flanneld/subnet

5.安装docker

6.将flannel分配的网段写入到daemon.json中
$root@node2 \~\]# cat /etc/docker/daemon.json { "registry-mirrors": \[ "https://do.nark.eu.org", "https://dc.j8.work", "https://docker.m.daocloud.io", "https://dockerproxy.com", "https://docker.mirrors.ustc.edu.cn", "https://docker.nju.edu.cn" \], "hosts": \[ "tcp://0.0.0.0:2375", "unix:///var/run/docker.sock" \], "insecure-registries":\[ "http://192.168.2.81:5000" \], "bip" : "172.20.11.1/24", "mtu" : 1472 } 7.重启docker，如果不能重启，就修改一下远程管理 systemctl restart docker.service 8.拉取一个centos镜像 docker pull centos docker run -it centos:latest /bin/bash 9.ping node1容器的ip地址 ping 172.20.87.1$

总结工作原理

1.使用flannel为docker主机（宿主机）分配网段

2.网段的信息以及ip的信息保存在etcd数据库中

3.当flannel开始运行的时候，会从etcd数据库中读取{ "Network" : "172.20.0.0/16" },随机为当前的主机添加一个flannel0网卡172.20.87.1

4.配置docker的daemon文件，让docker0网卡变成和flannel的网段一致，之后docker下创建的容器的ip就在flannel的网段控制之内