docker集群运行在calico网络上
2019独角兽企业重金招聘Python工程师标准>>> 
##网络及版本信息
docker1 centos7 192.168.75.200
docker2 centos7 192.168.75.201
物理网络 192.168.75.1/24
Docker version 1.10.3, build 3999ccb-unsupported ,安装过程略
# calicoctl version
Version: v1.0.0-12-g0d6d228
Build date: 2017-01-17T09:01:03+0000
Git commit: 0d6d228
##1.安装etcd
####下载安装etcd
# ETCD_VER=v3.0.16
# DOWNLOAD_URL=https://github.com/coreos/etcd/releases/download
# curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
# mkdir -p /tmp/test-etcd && tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/test-etcd --strip-components=1
# cd /tmp/test-etcd && cp etcd* /usr/local/bin/
启动etcd
# etcd --listen-client-urls 'http://192.168.75.200:2379' --advertise-client-urls 'http://192.168.75.200:2379'
查看etcd信息
# etcdctl --endpoint 'http://192.168.75.200:2379' member list
8e9e05c52164694d: name=default peerURLs=http://localhost:2380 clientURLs=http://192.168.75.200:2379 isLeader=true
##2.下载安装calico
修改网络内核参数
# sysctl -w net.netfilter.nf_conntrack_max=1000000 # echo "net.netfilter.nf_conntrack_max=1000000" >> /etc/sysctl.conf
下载calicoctl
# cd /usr/local/bin/ && wget http://www.projectcalico.org/builds/calicoctl
# chmod 755 calicoctl
设置etcd环境变量
# export ETCD_ENDPOINTS=http://192.168.75.200:2379 && echo "export ETCD_ENDPOINTS=http://192.168.75.200:2379" >>/etc/profile
安装运行calico node
# calicoctl node run
Running command to load modules: modprobe -a xt_set ip6_tables
Enabling IPv4 forwarding
Enabling IPv6 forwarding
Increasing conntrack limit
Removing old calico-node container (if running).
Running the following command to start calico-node:docker run --net=host --privileged --name=calico-node -d --restart=always -e ETCD_AUTHORITY= -e ETCD_SCHEME= -e NODENAME=docker1 -e CALICO_NETWORKING_BACKEND=bird -e NO_DEFAULT_POOLS= -e CALICO_LIBNETWORK_ENABLED=true -e CALICO_LIBNETWORK_IFPREFIX=cali -e ETCD_ENDPOINTS=http://192.168.75.200:2379 -v /run/docker/plugins:/run/docker/plugins -v /var/run/docker.sock:/var/run/docker.sock -v /var/run/calico:/var/run/calico -v /lib/modules:/lib/modules -v /var/log/calico:/var/log/calico calico/node:latestImage may take a short time to download if it is not available locally.
Container started, checking progress logs.
Waiting for etcd connection...
Using auto-detected IPv4 address: 192.168.75.200
No IPv6 address configured
Using global AS number
Calico node name: docker1
CALICO_LIBNETWORK_ENABLED is true - start libnetwork service
Calico node started successfully
在docker1查看calico node状态,发现与docker2(192.168.75.201)连接已建立
# calicoctl node status
Calico process is running.IPv4 BGP status
+----------------+-------------------+-------+----------+-------------+
| PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO |
+----------------+-------------------+-------+----------+-------------+
| 192.168.75.201 | node-to-node mesh | up | 01:57:54 | Established |
+----------------+-------------------+-------+----------+-------------+IPv6 BGP status
No IPv6 peers found.
##3.配置calico pool
查看默认pool
# calicoctl get pool
CIDR
192.168.0.0/16
fd80:24e2:f998:72d6::/64
删除默认pool,在任意一台node上操作
# calicoctl delete pool 192.168.0.0/16
Successfully deleted 1 'ipPool' resource(s)
# calicoctl delete pool fd80:24e2:f998:72d6::/64
Successfully deleted 1 'ipPool' resource(s)
创建新的ipPool,在任意一台node上操作
# vi /etc/calico/ippool_10.1.0.0_16.cfg
apiVersion: v1
kind: ipPool
metadata:cidr: 10.1.0.0/16
spec:ipip:enabled: truenat-outgoing: truedisabled: false
# calicoctl create -f /etc/calico/ippool_10.1.0.0_16.cfg
Successfully created 1 'ipPool' resource(s)
##4.配置docker,创建docker network
修改集群中每台docker启动参数,重启docker
添加--cluster-store=etcd://192.168.75.200:2379/calico 指定docker集群使用的存储,否则下一步不会成功创建network
# vi /etc/sysconfig/docker
OPTIONS='--selinux-enabled --log-driver=journald --cluster-store=etcd://192.168.75.200:2379/calico'
集群中任意一台上docker创建网络
# docker network create --driver=calico --ipam-driver=calico-ipam net1
0501f1b788756d122568e7aed2d7c56fe2de9138f9bd00f6628c4b66c81c7c9b
# docker network create --driver=calico --ipam-driver=calico-ipam net2
4b636bf63b23dee13b817c911335823a84ad6d55771a44e89fb81c16f76663ad
# docker network ls
NETWORK ID NAME DRIVER
54a450c39848 net1 calico
8fdcdecdb0bc net2 calico
e0d1a688fef8 none null
0e987140865a host host
b5122ac5e20e bridge bridge
##5.测试网络连否连通
docker1启动net1,net2各一个container
[root@docker1 bin]# docker run -itd --net=net1 --name=testnet1 centos /bin/bash
579c509e293e25340f10cc188a91136f99ed9021b99f795a9056a683b6b46864
[root@docker1 bin]# docker run -itd --net=net2 --name=testnet2 centos /bin/bash
c8777a2ff6add64e6abf454828820a6cfee332086a58c769a6cf1e5e0fda8760
docker2启动net1,net2各一个container
[root@docker2 bin]# docker run -itd --net=net1 --name=testnet3 centos /bin/bash
8bb7be8d86a04631a442a9f43e6be9576a891f704b91042550c5fe632fa11f06
[root@docker2 bin]# docker run -itd --net=net2 --name=testnet4 centos /bin/bash
422f4466db503b380f646d6eaee14a2f695550669fd4987fadefff438f456a36
container ip信息如下
testnet1 10.1.174.193
testnet2 10.1.174.194
testnet3 10.1.166.129
testnet4 10.1.166.130
####testnet1上ping其他container
testnet1容器只和docker2上的testnet3容器能通,因为两个container都属于net1网络
[root@579c509e293e /]# ping 10.1.166.129
PING 10.1.166.129 (10.1.166.129) 56(84) bytes of data.
64 bytes from 10.1.166.129: icmp_seq=1 ttl=62 time=0.400 ms
^C
--- 10.1.166.129 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.400/0.400/0.400/0.000 ms
[root@579c509e293e /]# ping 10.1.166.130
PING 10.1.166.130 (10.1.166.130) 56(84) bytes of data.
^C
--- 10.1.166.130 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3000ms[root@579c509e293e /]# ping 10.1.174.194
PING 10.1.174.194 (10.1.174.194) 56(84) bytes of data.
^C
--- 10.1.174.194 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2000ms
遇到的问题:
1.docker异常后无法restart testnet3,4容器
docker: Error response from daemon: service endpoint with name testnet3 already exists.
解决方案:
etcd中endpoint信息未删除,手动删除吧,查找方法如下
54a450.....是network id,可通过docker network ls查找到
遍历下/calico/docker/network/v1.0/endpoint/54a450c3984853b3942738163cfaaa7dd247686ccc10b8f395dfb807df11e2bb/的所有数据就能找到对应的数据手工删除
# etcdctl --endpoint 'http://192.168.75.200:2379' get /calico/docker/network/v1.0/endpoint/54a450c3984853b3942738163cfaaa7dd247686ccc10b8f395dfb807df11e2bb/5d9cad95e7193e47177eb6d8bdfa25ebc878d8565c48227861^Cf6700136a10c
{"anonymous":false,"disableResolution":false,"ep_iface":{"addr":"10.1.174.198/32","dstPrefix":"cali","mac":"ee:ee:ee:ee:ee:ee","routes":["169.254.1.1/32"],"srcName":"temp5d9cad95e71","v4PoolID":"CalicoPoolIPv4","v6PoolID":""},"exposed_ports":[],"generic":{"com.docker.network.endpoint.exposedports":[],"com.docker.network.portmap":[]},"id":"5d9cad95e7193e47177eb6d8bdfa25ebc878d8565c48227861f6f6700136a10c","locator":"","myAliases":null,"name":"testnet1","sandbox":"bc9abf7c29a9532500aeb9618b22254eab9e73aecc9d4b6c3bf488b6d173791e"}
2.node访问其他node上的container不通
默认net1和net2的profile是允许tag相同的访问endpoint,但是calico node默认无法访问,需要修改profile
# calicoctl get profile net1 -o yaml > /etc/calico/profile_net1.yaml
# vi /etc/calico/profile_net1.yaml
- apiVersion: v1kind: profilemetadata:name: net1tags:- net1spec:egress:- action: allowdestination: {}source: {}ingress:- action: allowdestination: {}source:tag: net1
#下面是新加的rule- action: allowdestination: {}source:net: 192.168.75.0/24- action: allowdestination: {}source:net: 10.1.174.192/32- action: allowdestination: {}source:net: 10.1.166.128/32
# calicoctl create -f /etc/calico/profile_net1.yaml
Successfully created 1 'policy' resource(s)
10.1.174.192/32和10.1.166.128/32是docker1和docker2的tunl0的ip,手工配置这个还是比较繁琐,应该写成脚本做这个工作
再在集群中任意一台node上ping另外一台node上随便一台net1下的container都能ping通了
转载于:https://my.oschina.net/u/1791060/blog/827084
docker集群运行在calico网络上相关推荐
- docker集群搭建
1.docker集群的概念 在docker集群搭建之前,一台机器中的容器和其他机器之间的容器是不能很方便的通信的,像下面这个样子: 在docker集群搭建之后,一台机器上的容器与其他机器之间的 ...
- SpringBoot + maven + Jenkins + docker 实现docker集群一键自动化部署
整体可分为以下几个步骤: 1,创建springboot项目 2,搭建docker私服库 3,build镜像并上传到私服库 4,搭建docker swarm集群 5,搭建jenkins并构建部署 演示系 ...
- PPTV Docker集群的网络方案选型
原作者:李周 转载来源:http://dockone.io/article/1673 PPTV Docker集群的网络方案选型 作者介绍:李周,现PPTVDCOS技术主要负责人.专注于Doc ...
- Docker集群(一) —— Docker网络及flannel介绍
[摘要]本文介绍docker网络原理和设置,以及在docker集群中需要解决的问题.最后介绍flannel在解决docker网络问题中的作用. 1 基础 在介绍docker的网络之前,必须先认识d ...
- Kubernetes与docker集群管理常见问题解析
很荣幸受邀参加开源中国社区的高手问答,我是时速云团队的后端工程师,负责主机管理功能开发.在互动过程中,发现大家在使用/调研kubernetes(简称k8s)过程中遇到了很多问题,这里我总结为几点: l ...
- docker swarm的应用----docker集群的构建
一.docker安装 这里我们安装docker-ce 的18.03版本 yum -y remove docker 删除原有版本 #安装依赖包 [root@Docker ~]# yum -y i ...
- 真快!10秒内将k8s集群运行起来
大家好,我是小碗汤,今天演示一个项目,可以在一分钟内用容器将k8s集群运行起来,真的很方便. 您可能已经知道,将 Kubernetes 集群安装在 VM 上.但在 Docker 容器中安装一个 Kub ...
- 基于Gitlab Jenkins Docker集群 微服务搭建自动化部署平台
随着公司应用系统的不断增多,原有手工部署流程越来越不满足上线的需求.为了各个系统能快速迭代与测试,减少上线流程时间和人为出错,迫切需要一套自动化部署系统. 转载原文:https://luoji.liv ...
- docker集群管理工具_太多选择:如何选择正确的工具来管理Docker集群
docker集群管理工具 There are all kinds of ways to play the Docker game and, obviously, no one of them is g ...
最新文章
- Map.putAll()用法
- html css integrity,integrity 属性
- crf linux使用教程,Linux下CRF++的使用
- git只添加指定类型的文件的.gitignore规则
- 利用HTML5 canvas合并图片并解决Filaed to execute 'toDataURL' on 'HTMLCanvasElement'异常
- Android环境配置
- 高效安全存储之选 佰维A3系列240G固态硬盘试用手记
- document 文挡对象详解(JavaScript脚本语言描述)
- php易宝支付扫码支付代码_谈谈扫码支付
- Linux下c编程设置串口属性和读写串口操作说明总结
- Aiiage Camp Day3 B Bipartite
- [R语言绘图]饼状图pie
- Illegal characters found in URL
- matlab定积分如何使用,如何用matlab计算定积分.pdf
- 【Unity3D插件】Highlighting System插件分享《物体高亮插件》
- C++之责任链(Chain of Responsibility)模式
- 另外一台电脑打开html,有的网页你打不开,在别的电脑就能打开,这样处理就解决了...
- ω-3脂肪酸:事实的列举
- “cp: 略过目录 “问题
- 银联电子签名jbig
热门文章
- java工程怎么构造成moven_将普通java工程结构改为由maven管理的工程结构域
- 未来计算机领域最急缺的人,未来十年最紧缺职业 没人愿意干的高薪职业
- .net core高并发_高并发下的Node.js与负载均衡
- 天津计算机的专科学校,天津市电子计算机职业中等专业学校
- apache服务器工作原理,Apache服务器的原理简介
- 性价比高台式计算机,2021年台式电脑什么牌子好,性价比高?
- linux x86-64下,Linux x86_64下安装Flash Player 9
- JVM 调优 1:“精通 JVM 调优,有过 JVM 调优经验”简历敢写吗?薪资涨 5k 的技巧
- v7000更换电池步骤_ups电源运行中是否可以更换电池?应如何操作呢
- ubuntu nfs linux,Ubuntu的NFS功能配置