8.28-回顾+容器与主机之间的通信+跨主机容器之间的通信

news2024/12/25 22:20:46

一、回顾

1.启动docker

  systemctl start docker

2.拉取registry

  docker pull registry

3.启动镜像,同时挂载目录(保存镜像)端口映射5000

  docker run -d -v /regist/:/var/lib/registry/ -p5000:5000 registry:latest

4.修改/etc/docker/daemon.json

  
  vim /etc/docker/daemon.json
  ​
  .....
  ,
  "insecure-registries":[
     "http://192.168.2.30:5000"
  ]

5.重启docker

  systemctl restart docker

6.访问测试仓库信息

  
  # 查看仓库目录
  [root@docker ~]# curl localhost:5000/v2/_catalog
  {"repositories":["centos","centosnginx"]}

7.上传

  
  # 打标签
  [root@docker ~]# docker tag centos:nginx 192.168.2.30:5000/centosnginx:v0
  ​
  # 将打标签的镜像上传
  [root@docker ~]# docker push 192.168.2.30:5000/centosnginx:v0
  The push refers to repository [192.168.2.30:5000/centosnginx]
  715d477d6a7d: Pushed 
  5700116c3db7: Pushed 
  82890c106451: Pushed 
  8c519ad003b5: Mounted from centos 
  acbca50d3a83: Mounted from centos 
  75cdf155cf76: Mounted from centos 
  07d4b334a739: Mounted from centos 
  74ddd0ec08fa: Mounted from centos 
  v0: digest: sha256:5fb4d1018f32c53f3b21f17771bfb6b9832e76b790426b9f4c067f4c75003deb size: 1997
  ​
  # 查看镜像
  [root@docker ~]# docker images
  REPOSITORY                      TAG       IMAGE ID       CREATED         SIZE
  192.168.2.30:5000/centosnginx   v0        4a14f7d33da9   18 hours ago    422MB
  centos                          nginx     4a14f7d33da9   18 hours ago    422MB
  centos                          httpd     ebbf109944f1   19 hours ago    338MB
  centos                          yum       69f3775bce0c   19 hours ago    272MB
  192.168.2.30:5000/centos        yum       ee9375ac855c   19 hours ago    272MB
  registry                        latest    cfb4d9904335   11 months ago   25.4MB
  centos                          latest    5d0da3dc9764   2 years ago     231MB

8.下载

  
  # 重建一台机器,尝试下载私有仓库的镜像
  ​
  # 上传docker.sh脚本
  [root@haha ~]# rz -E
  rz waiting to receive.
  ​
  # 运行docker脚本
  [root@haha ~]# source docker.sh 
  ​
  # 编辑配置文件
  [root@haha ~]# vim /etc/docker/daemon.json
  ​
  # 写私有仓库的ip和端口
  {
   "insecure-registries":[
      "http://192.168.2.30:5000"
   ]
  }
  ​
  # 重新启动docker服务
  [root@haha ~]# systemctl restart docker
  ​
  # 关闭本机的防火墙
  [root@haha ~]# ststemctl stop firewalld
  ​
  # 拉取私有仓库的镜像
  [root@haha ~]# docker pull 192.168.2.30:5000/centosnginx:v0
  v0: Pulling from centosnginx
  a1d0c7532777: Pull complete 
  5a3d9ba04912: Pull complete 
  ca847d29e107: Pull complete 
  46aacd2dd646: Pull complete 
  30902bbca4a1: Pull complete 
  4859db75d191: Pull complete 
  ea0b1348be03: Pull complete 
  2796eebf9904: Pull complete 
  Digest: sha256:5fb4d1018f32c53f3b21f17771bfb6b9832e76b790426b9f4c067f4c75003deb
  Status: Downloaded newer image for 192.168.2.30:5000/centosnginx:v0
  192.168.2.30:5000/centosnginx:v0
  ​
  # 查看拉取的镜像
  [root@haha ~]# docker images
  REPOSITORY                      TAG       IMAGE ID       CREATED        SIZE
  192.168.2.30:5000/centosnginx   v0        4a14f7d33da9   18 hours ago   422MB
  ​
  # 测试拉取的镜像
  [root@haha ~]# docker run -d --name c8  192.168.2.30:5000/centosnginx:v0
  decd8137f46ea29eb4012d9cc4be2a993ca2f3e6a0deeb2dfc18c3ceffbcb829
  ​
  [root@haha ~]# docker ps --all
  CONTAINER ID   IMAGE                              COMMAND                   CREATED              STATUS              PORTS     NAMES
  decd8137f46e   192.168.2.30:5000/centosnginx:v0   "/bin/sh -c /usr/sbi…"   About a minute ago   Up About a minute   80/tcp    c8

二、跨主机容器之间通讯

  
  # 创建容器
  [root@docker ~]# docker run -d  --name haha -p80:80/tcp centos:nginx 
  4f1af9bb44ed0894a7ace10ebd01cd5c136c9a10be7f5f63a1b54e482e8d2dad
  ​
  # 查看容器
  [root@docker ~]# docker ps -all
  CONTAINER ID   IMAGE          COMMAND                   CREATED       STATUS                    PORTS     NAMES
  4f1af9bb44ed   centos:nginx   "/bin/sh -c /usr/sbi…"   8 hours ago   Exited (0) 1 second ago             haha
  ​
  # 安装bridge-utils
  [root@docker ~]# yum -y install bridge-utils.x86_64
  ​
  # 停止docker服务
  [root@docker ~]# systemctl stop docker
  Warning: Stopping docker.service, but it can still be activated by:
    docker.socket
  ​
  # 显示网桥信息
  [root@docker ~]# brctl show
  bridge name bridge id      STP enabled interfaces
  docker0     8000.0242cb7fc4ce no 
  ​
  # 启动docker服务
  [root@docker ~]# systemctl start docker
  ​
  # 启动容器
  [root@docker ~]# docker start haha
  haha
  ​
  # 查看网桥信息
  [root@docker ~]# brctl show
  bridge name bridge id      STP enabled interfaces
  docker0     8000.0242cb7fc4ce no    veth5c3d783
  ​
  # 查看跨主机容器之间的通信方式
  [root@docker ~]# docker network ls
  NETWORK ID     NAME      DRIVER    SCOPE
  c1adfec7cffc   bridge    bridge    local
  d2749f541daa   host      host      local
  dc16f8943851   none      null      local
  # bridge-网桥模式
  # host-仅主机模式
  # none-独立的
  ​
  # 接连创建两个容器,就会发现他们的地址是连着的
  # 创建容器
  [root@docker ~]# docker run -it centos:latest /bin/bash
  ​
  # 退出不中断
  [root@f40505c2a977 /]# [root@docker ~]#
  ​
  # 查看容器ip
  [root@docker ~]# docker inspect f4|grep IPA
              "SecondaryIPAddresses": null,
              "IPAddress": "172.17.0.2",
                      "IPAMConfig": null,
                      "IPAddress": "172.17.0.2",
                      
  # 创建容器
  [root@docker ~]# docker run -it centos:latest /bin/bash
  ​
  # 退出不中断
  [root@0558cad162d7 /]# [root@docker ~]# 
  ​
  # 查看容器ip
  [root@docker ~]# docker inspect 0558|grep IPA
              "SecondaryIPAddresses": null,
              "IPAddress": "172.17.0.3",
                      "IPAMConfig": null,
                      "IPAddress": "172.17.0.3",
                      
  # 进行本主机和所创建容器的通信
  ​
  # 在宿主机的ls下查到的内容
  [root@docker ~]# ls /
  bin   dev  home  lib64  mnt  proc    root  sbin    srv  tmp  var
  boot  etc  lib   media  opt  regist  run   source  sys  usr
  ​
  # 创建能与主机通信的容器
  [root@docker ~]# docker run -it --network host centos:yum /bin/bash
  ​
  # 查看ls,发现和宿主机的一样
  [root@docker /]# ls
  bin  etc   lib   lost+found  mnt  proc  run   srv  tmp  var
  dev  home  lib64  media       opt  root  sbin  sys  usr
  ​
  # 退出容器不中断
  [root@docker /]# [root@docker ~]# 
  ​
  # 查看容器的ip地址,发现是空的
  [root@docker ~]# docker inspect 30e|grep IPA
              "SecondaryIPAddresses": null,
              "IPAddress": "",
                      "IPAMConfig": null,
                      "IPAddress": "",
  ​
  # 安装iproute
  [root@docker /]# yum -y install iproute
  ​
  # 查看ip,发现可以查到宿主机的ip
  [root@docker /]# ip a s
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      inet 127.0.0.1/8 scope host lo
         valid_lft forever preferred_lft forever
      inet6 ::1/128 scope host 
         valid_lft forever preferred_lft forever
  2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
      link/ether 00:0c:29:24:a3:0f brd ff:ff:ff:ff:ff:ff
      inet 192.168.2.30/24 brd 192.168.2.255 scope global noprefixroute ens33
         valid_lft forever preferred_lft forever
      inet6 fe80::f09d:7503:dea1:e7ab/64 scope link noprefixroute 
         valid_lft forever preferred_lft forever
  3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
      link/ether 02:42:cb:7f:c4:ce brd ff:ff:ff:ff:ff:ff
      inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
         valid_lft forever preferred_lft forever
      inet6 fe80::42:cbff:fe7f:c4ce/64 scope link 
         valid_lft forever preferred_lft forever
  11: veth6c87079@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
      link/ether 6a:47:f4:af:fa:ca brd ff:ff:ff:ff:ff:ff link-netnsid 0
      inet6 fe80::6847:f4ff:feaf:faca/64 scope link 
         valid_lft forever preferred_lft forever
  13: vethc725a6f@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
      link/ether 9a:d6:09:6b:fb:70 brd ff:ff:ff:ff:ff:ff link-netnsid 1
      inet6 fe80::98d6:9ff:fe6b:fb70/64 scope link 
         valid_lft forever preferred_lft forever
         
  # 给容器下载httpd
  [root@docker /]# yum -y install httpd
  ​
  # 给容器编辑httpd测试页面
  [root@docker /]# echo "haha" > /var/www/html/index.html
  ​
  # 启动httpd服务(报错)
  [root@docker /]# systemctl start httpd
  System has not been booted with systemd as init system (PID 1). Can't operate.
  Failed to connect to bus: Host is down
  ​
  # 使用此命令启动httpd服务
  [root@docker /]# httpd -k start
  AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::f09d:7503:dea1:e7ab. Set the 'ServerName' directive globally to suppress this message
  ​
  # 在容器内访问测试页面
  [root@docker /]# curl localhost
  haha
  ​
  # 退出容器不中断
  [root@docker /]# [root@docker ~]# 
  ​
  # 在宿主机中访问在容器中编辑的httpd测试页面
  [root@docker ~]# curl 192.168.2.30
  haha
  ​
  # 关闭防火墙
  [root@docker ~]# systemctl stop firewalld

使用浏览器访问容器中编辑的httpd的测试页面

192.168.2.30

三、跨主机容器之间的通信

主机名ip功能安装软件
node1192.168.2.10主控主机etcd,flannel,docker
node2192.168.2.11被控主机etcd,docker

主控

1.安装软件

  
  # 安装etcd数据库
  [root@node1 ~]# yum -y install etcd
  ​
  # 安装flannel
  [root@node1 ~]# yum -y install flannel

2.修改etcd数据库配置

  
  # 配置启动 etcd
  # 修改配置文件
  [root@node1 ~]# vim /etc/etcd/etcd.conf 
  6 ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"
  21 ETCD_ADVERTISE_CLIENT_URLS="http://192.168.2.10:2379,http://192.168.2.10:4001"

3.启动数据库

  [root@node1 ~]# systemctl restart etcd

4.测试端口

  # 查看端口看有没有启动成功
  ​
  [root@node1 ~]# netstat -lnput|grep 2379
  tcp6       0      0 :::2379                 :::*                    LISTEN      1608/etcd           
  [root@node1 ~]# netstat -lnput|grep 4001
  tcp6       0      0 :::4001                 :::*                    LISTEN      1608/etcd    

5.设置开机自启动

  
  # 设置开机自启
  ​
  [root@node1 ~]# systemctl enable etcd.service 
  Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
  ​

6.测试数据库功能

  [root@node1 ~]# etcdctl set testdir/testkey0 1000
  1000
  [root@node1 ~]# etcdctl get testdir/testkey0
  1000
  [root@node1 ~]# etcdctl set b 123
  123
  [root@node1 ~]# etcdctl get b
  123

7.测试集群是否健康

  # 测试集群健康
  ​
  [root@node1 ~]# etcdctl -C http://192.168.2.10:4001 cluster-health
  member 8e9e05c52164694d is healthy: got healthy result from http://192.168.2.10:2379
  cluster is healthy
  [root@node1 ~]# etcdctl -C http://192.168.2.10:2379 cluster-health
  member 8e9e05c52164694d is healthy: got healthy result from http://192.168.2.10:2379
  cluster is healthy

8.修改flannel的配置文件

  [root@node1 ~]# vim /etc/sysconfig/flanneld 
  4 FLANNEL_ETCD_ENDPOINTS="http://192.168.2.10:2379"
  [root@node1 ~]# cat /etc/sysconfig/flanneld 
  # Flanneld configuration options  
  ​
  # etcd url location.  Point this to the server where etcd runs
  FLANNEL_ETCD_ENDPOINTS="http://192.168.2.10:2379"
  ​
  # etcd config key.  This is the configuration key that flannel queries
  # For address range assignment
  FLANNEL_ETCD_PREFIX="/atomic.io/network" # 存储数据的位置
  ​
  # Any additional options that you want to pass
  #FLANNEL_OPTIONS=""

9.向数据库中存入网段信息

  
  [root@node1 ~]# etcdctl mk /atomic.io/network/config '{ "Network" : "172.20.0.0/16" }' 
  { "Network" : "172.20.0.0/16" }
  ​
  [root@node1 ~]# etcdctl get /atomic.io/network/config
  { "Network" : "172.20.0.0/16" }

10.查看flannel0的ip地址

  [root@node1 ~]# ip a s
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      inet 127.0.0.1/8 scope host lo
         valid_lft forever preferred_lft forever
      inet6 ::1/128 scope host 
         valid_lft forever preferred_lft forever
  2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
      link/ether 00:0c:29:a5:08:12 brd ff:ff:ff:ff:ff:ff
      inet 192.168.2.10/24 brd 192.168.2.255 scope global noprefixroute ens33
         valid_lft forever preferred_lft forever
      inet6 fe80::7bef:aa24:508b:e09/64 scope link tentative dadfailed 
         valid_lft forever preferred_lft forever
      inet6 fe80::9d6d:f728:f4f1:6c5b/64 scope link tentative dadfailed 
         valid_lft forever preferred_lft forever
      inet6 fe80::f09d:7503:dea1:e7ab/64 scope link tentative dadfailed 
         valid_lft forever preferred_lft forever
  3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
      link/none 
      inet 172.20.64.0/16 scope global flannel0
         valid_lft forever preferred_lft forever
      inet6 fe80::3ac2:e60:225:e090/64 scope link flags 800 
         valid_lft forever preferred_lft forever
  ​

11.安装docker

  # 执行docker脚本
  ​
  [root@node1 ~]# source docker.sh

12.docker服务没有开启之前查看ip

  
  # 启动docker服务前
  ​
  # 查看ip
  [root@node1 ~]# ip a s
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      inet 127.0.0.1/8 scope host lo
         valid_lft forever preferred_lft forever
      inet6 ::1/128 scope host 
         valid_lft forever preferred_lft forever
  2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
      link/ether 00:0c:29:a5:08:12 brd ff:ff:ff:ff:ff:ff
      inet 192.168.2.10/24 brd 192.168.2.255 scope global noprefixroute ens33
         valid_lft forever preferred_lft forever
      inet6 fe80::7bef:aa24:508b:e09/64 scope link tentative dadfailed 
         valid_lft forever preferred_lft forever
      inet6 fe80::9d6d:f728:f4f1:6c5b/64 scope link tentative dadfailed 
         valid_lft forever preferred_lft forever
      inet6 fe80::f09d:7503:dea1:e7ab/64 scope link tentative dadfailed 
         valid_lft forever preferred_lft forever
  3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
      link/none 
      inet 172.20.64.0/16 scope global flannel0
         valid_lft forever preferred_lft forever
      inet6 fe80::3ac2:e60:225:e090/64 scope link flags 800 
         valid_lft forever preferred_lft forever

13.启动docker服务后,查看ip

  
  # 启动docker服务
  [root@node1 ~]# systemctl start docker
  ​
  # 查看ip,就有docker了
  [root@node1 ~]# ip a s
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      inet 127.0.0.1/8 scope host lo
         valid_lft forever preferred_lft forever
      inet6 ::1/128 scope host 
         valid_lft forever preferred_lft forever
  2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
      link/ether 00:0c:29:a5:08:12 brd ff:ff:ff:ff:ff:ff
      inet 192.168.2.10/24 brd 192.168.2.255 scope global noprefixroute ens33
         valid_lft forever preferred_lft forever
      inet6 fe80::7bef:aa24:508b:e09/64 scope link tentative dadfailed 
         valid_lft forever preferred_lft forever
      inet6 fe80::9d6d:f728:f4f1:6c5b/64 scope link tentative dadfailed 
         valid_lft forever preferred_lft forever
      inet6 fe80::f09d:7503:dea1:e7ab/64 scope link tentative dadfailed 
         valid_lft forever preferred_lft forever
  3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
      link/none 
      inet 172.20.64.0/16 scope global flannel0
         valid_lft forever preferred_lft forever
      inet6 fe80::3ac2:e60:225:e090/64 scope link flags 800 
         valid_lft forever preferred_lft forever
  4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
      link/ether 02:42:35:91:9e:11 brd ff:ff:ff:ff:ff:ff
      inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
         valid_lft forever preferred_lft forever
         
  [root@node1 ~]# cat /run/flannel/subnet.env 
  FLANNEL_NETWORK=172.20.0.0/16
  FLANNEL_SUBNET=172.20.64.1/24
  FLANNEL_MTU=1472
  FLANNEL_IPMASQ=false

14.从配置好docker服务的主机复制一份daemon.json文件

  
  # 从其他主机复制一份daemon.json
  ​
  [root@node1 ~]# scp root@192.168.2.30:/etc/docker/daemon.json /etc/docker
  root@192.168.2.30's password: 
  daemon.json                                         100%  402   247.1KB/s   00:00    
  [root@node1 ~]# vim /etc/docker/daemon.json 
  {
      "registry-mirrors": [
          "https://do.nark.eu.org",
          "https://dc.j8.work",
          "https://docker.m.daocloud.io",
          "https://dockerproxy.com",
          "https://docker.mirrors.ustc.edu.cn",
          "https://docker.nju.edu.cn"
      ],
          "hosts":  [
                    "tcp://0.0.0.0:2375",
                    "unix:///var/run/docker.sock"
          ],
          "insecure-registries":[
                  "http://192.168.2.30:5000"
  ​
          ]
  }

15.docker不能重启,修改docker.service文件

  
  [root@node1 ~]# vim /usr/lib/systemd/system/docker.service
  ​
  # 修改前
  ​
  ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
  ​
  # 修改后
  ​
  ExecStart=/usr/bin/dockerd 
  ​
  # 需要重新加载文件,才能重启
  [root@node1 ~]# systemctl daemon-reload
  [root@node1 ~]# systemctl restart docker.service 

16.查看flannel子网ip

  [root@node1 ~]# cat /run/flannel/subnet.env 
  FLANNEL_NETWORK=172.20.0.0/16
  FLANNEL_SUBNET=172.20.64.1/24
  FLANNEL_MTU=1472
  FLANNEL_IPMASQ=false

17.修改docker0的IP和flannel0的IP在同一个网段

  
  # 修改添加桥ip和路由字节1472-1500
  ​
  [root@node1 ~]# vim /etc/docker/daemon.json 
  ​
  {
      "registry-mirrors": [
          "https://do.nark.eu.org",
          "https://dc.j8.work",
          "https://docker.m.daocloud.io",
          "https://dockerproxy.com",
          "https://docker.mirrors.ustc.edu.cn",
          "https://docker.nju.edu.cn"
      ],
          "hosts":  [
                    "tcp://0.0.0.0:2375",
                    "unix:///var/run/docker.sock"
          ],
          "insecure-registries":[
                  "http://192.168.2.30:5000"
  ​
          ],
          "bip" : "172.20.64.1/24",
          "mtu" : 1472
  }
  ​
  # 重启启动docker服务
  [root@node1 ~]# systemctl restart docker.service 

18.验证

  # 验证成功
  # docker0的IP和flannel0的IP在同一个网段(172.20.64.0)
  [root@node1 ~]# ip a s
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      inet 127.0.0.1/8 scope host lo
         valid_lft forever preferred_lft forever
      inet6 ::1/128 scope host 
         valid_lft forever preferred_lft forever
  2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
      link/ether 00:0c:29:a5:08:12 brd ff:ff:ff:ff:ff:ff
      inet 192.168.2.10/24 brd 192.168.2.255 scope global noprefixroute ens33
         valid_lft forever preferred_lft forever
      inet6 fe80::7bef:aa24:508b:e09/64 scope link tentative dadfailed 
         valid_lft forever preferred_lft forever
      inet6 fe80::9d6d:f728:f4f1:6c5b/64 scope link tentative dadfailed 
         valid_lft forever preferred_lft forever
      inet6 fe80::f09d:7503:dea1:e7ab/64 scope link tentative dadfailed 
         valid_lft forever preferred_lft forever
  3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
      link/none 
      inet 172.20.64.0/16 scope global flannel0
         valid_lft forever preferred_lft forever
      inet6 fe80::3ac2:e60:225:e090/64 scope link flags 800 
         valid_lft forever preferred_lft forever
  4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1472 qdisc noqueue state DOWN group default 
      link/ether 02:42:35:91:9e:11 brd ff:ff:ff:ff:ff:ff
      inet 172.20.64.1/24 brd 172.20.64.255 scope global docker0
         valid_lft forever preferred_lft forever

19.拉取镜像测试docker的ip地址

  
  # 拉取centos镜像
  [root@node1 ~]# docker pull centos
  Using default tag: latest
  latest: Pulling from library/centos
  a1d0c7532777: Pull complete 
  Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
  Status: Downloaded newer image for centos:latest
  docker.io/library/centos:latest
  # 创建容器
  [root@node1 ~]# docker run -it centos:latest /bin/bash
  ​
  # 退出不中断容器
  [root@72ed0ee15de4 /]# [root@node1 ~]# 
  ​
  # 查看容器的ip地址
  [root@node1 ~]# docker inspect 72e | grep IPA
              "SecondaryIPAddresses": null,
              "IPAddress": "172.20.64.2",
                      "IPAMConfig": null,
                      "IPAddress": "172.20.64.2",

从控

node2

  
  # 安装flannel
  [root@node2 ~]# yum -y install flannel
  ​
  # 修改flannel配置文件
  # 绑定node1的数据库
  [root@node2 ~]# vim /etc/sysconfig/flanneld 
  4  FLANNEL_ETCD_ENDPOINTS="http://192.168.2.10:2379"
  ​
  # 查看修改后的flannel配置文件的内容
  [root@node2 ~]# cat /etc/sysconfig/flanneld 
  # Flanneld configuration options  
  ​
  # etcd url location.  Point this to the server where etcd runs
  FLANNEL_ETCD_ENDPOINTS="http://192.168.2.10:2379"
  ​
  # etcd config key.  This is the configuration key that flannel queries
  # For address range assignment
  FLANNEL_ETCD_PREFIX="/atomic.io/network"
  ​
  # Any additional options that you want to pass
  #FLANNEL_OPTIONS=""
  ​
  # 启动flannel服务 
  [root@node2 ~]# systemctl start flanneld.service 
  Job for flanneld.service failed because a timeout was exceeded. See "systemctl status flanneld.service" and "journalctl -xe" for details.
  ​
  # 如果启动失败,就关掉node1的防火墙
  [root@node1 ~]# systemctl stop firewalld
  [root@node1 ~]# setenforce 0
  ​
  # 成功启动flannel服务
  [root@node2 ~]# systemctl start flanneld.service 
  ​
  # 查看flannel0的ip地址(172.20.45.0)
  [root@node2 ~]# ip a s
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      inet 127.0.0.1/8 scope host lo
         valid_lft forever preferred_lft forever
      inet6 ::1/128 scope host 
         valid_lft forever preferred_lft forever
  2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
      link/ether 00:0c:29:ef:db:fa brd ff:ff:ff:ff:ff:ff
      inet 192.168.2.11/24 brd 192.168.2.255 scope global noprefixroute ens33
         valid_lft forever preferred_lft forever
      inet6 fe80::7bef:aa24:508b:e09/64 scope link noprefixroute 
         valid_lft forever preferred_lft forever
      inet6 fe80::9d6d:f728:f4f1:6c5b/64 scope link tentative noprefixroute dadfailed 
         valid_lft forever preferred_lft forever
      inet6 fe80::f09d:7503:dea1:e7ab/64 scope link tentative noprefixroute dadfailed 
         valid_lft forever preferred_lft forever
  3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
      link/none 
      inet 172.20.45.0/16 scope global flannel0
         valid_lft forever preferred_lft forever
      inet6 fe80::4dd7:31b5:677f:fd33/64 scope link flags 800 
         valid_lft forever preferred_lft forever
  ​

修改docker0的IP和flannel0为同一个网段

  [root@node2 ~]# cat /run/flannel/subnet.env
  FLANNEL_NETWORK=172.20.0.0/16
  FLANNEL_SUBNET=172.20.45.1/24
  FLANNEL_MTU=1472
  FLANNEL_IPMASQ=false
  [root@node2 ~]# vim /etc/docker/daemon.json
  {
      "registry-mirrors": [
          "https://do.nark.eu.org",
          "https://dc.j8.work",
          "https://docker.m.daocloud.io",
          "https://dockerproxy.com",
          "https://docker.mirrors.ustc.edu.cn",
          "https://docker.nju.edu.cn"
      ],
          "hosts":  [
                    "tcp://0.0.0.0:2375",
                    "unix:///var/run/docker.sock"
          ],
          "insecure-registries":[
                  "http://192.168.2.30:5000"
  ​
          ],
          "bip" : "172.20.45.1/24",
          "mtu" : 1472
  }
  ​
  # 修改daemon.json文件,需要重启docker服务
  # 启动失败
  [root@node2 ~]# systemctl restart docker
  Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
  ​
  # 修改docker.service配置文件
  [root@node2 ~]# vim /usr/lib/systemd/system/docker.service
  ​
  # 删除dockerd后面的内容
  13 ExecStart=/usr/bin/dockerd
  ​
  # 启动失败
  [root@node2 ~]# systemctl restart docker
  Warning: docker.service changed on disk. Run 'systemctl daemon-reload' to reload units.
  Job for docker.service failed because start of the service was attempted too often. See "systemctl status docker.service" and "journalctl -xe" for details.
  To force a start use "systemctl reset-failed docker.service" followed by "systemctl start docker.service" again.
  ​
  # 加载配置文件
  [root@node2 ~]# systemctl daemon-reload
  ​
  # 成功启动docker服务
  [root@node2 ~]# systemctl restart docker
  ​
  # 查看flannel0和docker0的ip地址,就会看到在同一个网段(172.20.45.0)
  [root@node2 ~]# ip a s
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      inet 127.0.0.1/8 scope host lo
         valid_lft forever preferred_lft forever
      inet6 ::1/128 scope host 
         valid_lft forever preferred_lft forever
  2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
      link/ether 00:0c:29:ef:db:fa brd ff:ff:ff:ff:ff:ff
      inet 192.168.2.11/24 brd 192.168.2.255 scope global noprefixroute ens33
         valid_lft forever preferred_lft forever
      inet6 fe80::7bef:aa24:508b:e09/64 scope link noprefixroute 
         valid_lft forever preferred_lft forever
      inet6 fe80::9d6d:f728:f4f1:6c5b/64 scope link tentative noprefixroute dadfailed 
         valid_lft forever preferred_lft forever
      inet6 fe80::f09d:7503:dea1:e7ab/64 scope link tentative noprefixroute dadfailed 
         valid_lft forever preferred_lft forever
  3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
      link/none 
      inet 172.20.45.0/16 scope global flannel0
         valid_lft forever preferred_lft forever
      inet6 fe80::4dd7:31b5:677f:fd33/64 scope link flags 800 
         valid_lft forever preferred_lft forever
  4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1472 qdisc noqueue state DOWN group default 
      link/ether 02:42:0b:a4:c1:55 brd ff:ff:ff:ff:ff:ff
      inet 172.20.45.1/24 brd 172.20.45.255 scope global docker0
         valid_lft forever preferred_lft forever
  [root@node2 ~]# docker pull centos
  ​

拉取镜像测试ip地址

  # 拉取centos镜像
  [root@node2 ~]# docker pull centos
  Using default tag: latest
  latest: Pulling from library/centos
  a1d0c7532777: Pull complete 
  Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
  Status: Downloaded newer image for centos:latest
  docker.io/library/centos:latest
  ​
  # 创建容器
  [root@node2 ~]# docker run -it centos:latest /bin/bash
  ​
  # 退出容器不中断
  [root@d2d8a0756299 /]# [root@node2 ~]# 
  ​
  # 查看容器ip地址,也和flannel0在同一个网段
  [root@node2 ~]# docker inspect d2 | grep IPA
              "SecondaryIPAddresses": null,
              "IPAddress": "172.20.45.2",
                      "IPAMConfig": null,
                      "IPAddress": "172.20.45.2",
  ​
  # 挂载容器终端,ping node1容器的地址:172.20.64.2
  [root@node2 ~]# docker attach d2
  [root@d2d8a0756299 /]# ping 172.20.64.2
  PING 172.20.64.2 (172.20.64.2) 56(84) bytes of data.
  64 bytes from 172.20.64.2: icmp_seq=1 ttl=60 time=2.51 ms
  64 bytes from 172.20.64.2: icmp_seq=2 ttl=60 time=0.759 ms
  ^C
  --- 172.20.64.2 ping statistics ---
  2 packets transmitted, 2 received, 0% packet loss, time 1002ms
  rtt min/avg/max/mdev = 0.759/1.632/2.506/0.874 ms
  ​
  # 在node1上拉取镜像,创建容器,测试ip地址
  [root@node1 ~]# docker run -it centos:latest /bin/bash
  [root@72ed0ee15de4 /]# [root@node1 ~]# 
  [root@node1 ~]# docker inspect 72e | grep IPA
              "SecondaryIPAddresses": null,
              "IPAddress": "172.20.64.2",
                      "IPAMConfig": null,
                      "IPAddress": "172.20.64.2",
                      
  # 在node1上挂载容器的终端,ping node2容器的地址:172.20.45.2
  [root@node1 ~]# docker attach 72e
  [root@72ed0ee15de4 /]# ping 172.20.45.2
  PING 172.20.45.2 (172.20.45.2) 56(84) bytes of data.
  64 bytes from 172.20.45.2: icmp_seq=1 ttl=60 time=0.437 ms
  64 bytes from 172.20.45.2: icmp_seq=2 ttl=60 time=0.845 ms
  ^C
  --- 172.20.45.2 ping statistics ---
  2 packets transmitted, 2 received, 0% packet loss, time 1001ms
  rtt min/avg/max/mdev = 0.437/0.641/0.845/0.204 ms
  ​

node2步骤小结:

1.安装flannel

  yum -y install flannel

2.配置flannel 要访问的etcd数据库所在的位置

  [root@node2 ~]# cat /etc/sysconfig/flanneld 
  # Flanneld configuration options  
  ​
  # etcd url location.  Point this to the server where etcd runs
  FLANNEL_ETCD_ENDPOINTS="http://192.168.2.10:2379"
  ​
  # etcd config key.  This is the configuration key that flannel queries
  # For address range assignment
  FLANNEL_ETCD_PREFIX="/atomic.io/network"
  ​
  # Any additional options that you want to pass
  #FLANNEL_OPTIONS=""

3.启动flannel

  systemctl start flannel 

4.查看flannel分配的ip网段

  [root@node2 ~]# cat /run/flannel/subnet.env
  FLANNEL_NETWORK=172.20.0.0/16
  FLANNEL_SUBNET=172.20.45.1/24
  FLANNEL_MTU=1472
  FLANNEL_IPMASQ=false

5.安装docker

  # 执行docker.sh脚本

6.将flannel分配的网段写入到daemon.json

  [root@node2 ~]# vim /etc/docker/daemon.json
  {
      "registry-mirrors": [
          "https://do.nark.eu.org",
          "https://dc.j8.work",
          "https://docker.m.daocloud.io",
          "https://dockerproxy.com",
          "https://docker.mirrors.ustc.edu.cn",
          "https://docker.nju.edu.cn"
      ],
          "hosts":  [
                    "tcp://0.0.0.0:2375",
                    "unix:///var/run/docker.sock"
          ],
          "insecure-registries":[
                  "http://192.168.2.30:5000"
  ​
          ],
          "bip" : "172.20.45.1/24",
          "mtu" : 1472
  }
  ​

7.重启docker 如果不能重启,就修改远程管理

  [root@node2 ~]# systemctl restart docker
  Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
  [root@node2 ~]# vim /usr/lib/systemd/system/docker.service
  # 删除dockerd后面的内容
  13 ExecStart=/usr/bin/dockerd
  ​
  [root@node2 ~]# systemctl restart docker
  Warning: docker.service changed on disk. Run 'systemctl daemon-reload' to reload units.
  Job for docker.service failed because start of the service was attempted too often. See "systemctl status docker.service" and "journalctl -xe" for details.
  To force a start use "systemctl reset-failed docker.service" followed by "systemctl start docker.service" again.
  [root@node2 ~]# systemctl daemon-reload

8.启动docker

  [root@node2 ~]# systemctl restart docker

9.拉去一个centos镜像

  [root@node2 ~]# docker pull centos
  Using default tag: latest
  latest: Pulling from library/centos
  a1d0c7532777: Pull complete 
  Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
  Status: Downloaded newer image for centos:latest
  docker.io/library/centos:latest

10.ping node1中容器的ip地址

  [root@node2 ~]# docker run -it centos:latest /bin/bash
  [root@d2d8a0756299 /]# [root@node2 ~]# 
  [root@node2 ~]# docker inspect d2 | grep IPA
              "SecondaryIPAddresses": null,
              "IPAddress": "172.20.45.2",
                      "IPAMConfig": null,
                      "IPAddress": "172.20.45.2",
  ​
  [root@node2 ~]# docker attach d2
  [root@d2d8a0756299 /]# ping 172.20.64.2
  PING 172.20.64.2 (172.20.64.2) 56(84) bytes of data.
  64 bytes from 172.20.64.2: icmp_seq=1 ttl=60 time=2.51 ms
  64 bytes from 172.20.64.2: icmp_seq=2 ttl=60 time=0.759 ms
  ^C
  --- 172.20.64.2 ping statistics ---
  2 packets transmitted, 2 received, 0% packet loss, time 1002ms
  rtt min/avg/max/mdev = 0.759/1.632/2.506/0.874 ms

四、总结:工作原理

1.使用flannel为docker主机(宿主)分配网段

2.网段的信息以及ip的信息保存在etcd数据库中

3.当flannel开始运行的时候,会从etcd数据库中读取

{"Network":"172.20.0.0/16"},随机为当前的主机添加一个flannel0网段172.20.64.0

4.配置docker的daemon文件,让docker0网卡变成和flannel0的网段一致,之后docker下创建的容器的ip就在flannel网段控制之内

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/2082425.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

培训第三十八天(上传镜像,私有仓库下载镜像,跨主机容器间的通信,harbor软件包下载)

1、harbor软件包下载 https://github.com/search?qharbor&typerepositories 2、出现拒绝连接错误&#xff0c;可能是由于容器没开 # 问题解决&#xff1a;[rootdocker ~]# curl localhost:5000/v2/_catalogcurl: (7) Failed connect to localhost:5000; 拒绝连接[rootdoc…

pdf怎么转换成excel?掌握好这9个pdf转换方法就够了(全)

pdf怎么转换成excel&#xff1f;日常的办公生活中&#xff0c;我们经常需要接触很多文档格式&#xff0c;而pdf格式文件因为其稳定性和安全性受到很多办公人士的喜爱。但PDF文件不能直接编辑&#xff0c;很多小伙伴们就会出现关于pdf格式转换的难题&#xff0c;比如说想把一份带…

MATLAB虫害检测预警系统

一、课题介绍 本课题是基于MATLAB颜色的植物虫害检测识别&#xff0c;可以辨析植物叶子属于是轻度虫害&#xff0c;中度虫害&#xff0c;严重虫害&#xff0c;正常等四个级别。算法流程&#xff1a;每种等级叶子分别放在同一个文件夹&#xff0c;训练得到每个文件夹每个叶…

SSL安全认证网关:保障网络安全的强大护盾

随着信息技术的飞速发展&#xff0c;我们的生活和工作越来越依赖于网络&#xff0c;但与此同时&#xff0c;网络安全威胁也日益严峻。为了保护我们的信息安全&#xff0c;各种安全技术和产品应运而生&#xff0c;其中SSL安全认证网关就是一种非常重要的安全防护工具。 今天&…

3款伪原创工具,为你轻松一键生成原创文案

在当今信息爆炸的时代&#xff0c;原创内容的重要性愈发凸显。然而&#xff0c;对于许多创作者来说&#xff0c;创作原创文案却是一项费时费力的挑战。幸运的是&#xff0c;随着科技的进步&#xff0c;现在有三款伪原创工具能够帮助你轻松一键生成原创文案&#xff0c;为你节省…

DNS服务器的配置(服务名named,端口53)

目录 前言 配置文件 DNS服务器的配置 主配置文件 扩展配置文件 区域配置文件 重启服务 配置防火墙 配置客户端dns 前言 DNS服务器的主要作用是将人类可读的域名转换为机器可读的IP地址&#xff0c;从而方便用户访问互联网资源。 在互联网中&#xff0c;设备需要通过I…

基于资源管控+TiCDC实现多业务融合容灾测试

作者&#xff1a; 数据源的TiDB学习之路 原文来源&#xff1a; https://tidb.net/blog/959b8d07 背景 金融机构越来越多的选择将多套业务系统融合到一套分布式数据库集群来支撑&#xff0c;一方面可以节约硬件成本&#xff0c;另一方面可以简化运维复杂性。多租户能力及资源…

【电控笔记z26】串级PID单环位置PID

1P-PI 传函(梅森法) : 2PI-P 3PID 三者等效

HyperMesh概述与有限元分析简介

1.1 HyperMesh 概述 本节将介绍有限单元法基本原理&#xff0c;HyperMesh 软件基本功能及界面介绍&#xff0c;获取在线帮助等内容。 1.1.1 有限元分析方法简介 有限单元法&#xff08;FEM&#xff09;是一种可以精确预测复杂结构在外界载荷作用下响应的方法&#xff0c;该数…

问界都回暖了,是谁还在持续掉队?

文/王俣祺 导语&#xff1a;在8月份的最后一个完整周&#xff0c;国内汽车市场的销量表现全面提升&#xff0c;乘用车市场销量达到了46.6万辆车&#xff0c;环比增长13.1%。其中&#xff0c;新能源汽车销量达到24.2万辆&#xff0c;环比增长11.6%&#xff0c;市场渗透率达到了…

《探索现代JavaScript中的异步编程》

探索现代JavaScript中的异步编程 随着Web应用变得越来越复杂&#xff0c;前端开发中对异步处理的需求也日益增加。JavaScript 作为 Web 开发中最主要的语言之一&#xff0c;提供了多种异步编程的方法来帮助开发者编写高效、可维护的应用程序。本文将介绍几种现代 JavaScript 中…

P5928 [国家集训队] 文学 题解

Description 给定 n n n 个半平面 a i x b i y ≤ c i a_i xb_i y\le c_i ai​xbi​y≤ci​ 和 p p p 个关键点 ( x i , y i ) (x_i,y_i) (xi​,yi​)&#xff0c;第 i i i 个半平面有价格 w i w_i wi​&#xff0c;你需要选择一些半平面覆盖所有的关键点&#xff0c;同…

深入探索Elasticsearch:从零基础到实战精通的全方位指南

ElasticSearch 一、初识ElasticSearch1、ES的介绍2、索引3、正排索引3、倒排索引 一、安装1、下载2、检查是否启动 二、语法1、添加一个文档编辑2、批量插入3、搜索4、查询某个特定的字段5、根据id查询6、修改7、删除8、mapping 三、分词器 一、初识ElasticSearch 1、ES的介绍…

大型公司网络系统集成方案

一、前言 1.1.公司综合信息系统建设目标 -----------------------------------------------------3 1.2. 用户具体需求----------------------------------------------------------------------------4 1.3.公司综合信息系统建设原则 -------------------------------…

vue3+ts+mock实现增删改查json文件

1.代码结构图&#xff1a; 2.路由 import { createRouter, createWebHashHistory } from "vue-router";import Home from "/pages/home/index.vue"; import AppDetail from "/pages/app-detail/index.vue"; import PageDetail from "/pages…

hadoop生态圈(四)- MapReduce

目录 MapReduce的基本原理 MapReduce流程图 Map阶段执行流程 Reduce阶段执行流程 Shuffle机制 MapReduce解决的是海量数据计算 MapReduce的思想核心是“分而治之”。就是把一个复杂的问题按一定的“分解”方法分为规模较小的若干部分&#xff0c;然后逐个解决&#xff0c;…

作业0828

使用C手动封装一个顺序表&#xff0c;包含成员数组一个&#xff0c;成员变量N个 #include <iostream> #include <string>using namespace std;using datatype int;struct Seqlist { private:datatype *data NULL;int size 0;int len 0;public://初始化函数voi…

从零成本到高效能:免费报表工具在金融行业的实践与应用

在当今金融行业中&#xff0c;多样化的报表体系是支撑机构高效运营、精准决策的重要基石。这些报表不仅反映了金融机构的财务状况&#xff0c;还涵盖了风险管理、业绩评估、流动性管理及合规监管等多个维度。今天我将带领大家深入探讨金融行业中这些报表的多样性和重要性&#…

数据的存储3(第三十二天)

1.整形在内存中的存储&#xff08;补充&#xff09; 原码&#xff0c;反码&#xff0c;补码的概念 &#xff08;1&#xff09;正数的原码&#xff0c;反码&#xff0c;补码相同 &#xff08;2&#xff09;对于整数来说&#xff1a;数据存放内存中其实存放的就是补码 2.浮点…

最长的一帧学习 part3

文章目录 八、osgUtil:: SceneView::cull ()part1 初始化必要的SceneView类成员变量part2 立体显示的处理part3 执行SceneView::cullStage函数&#xff0c;它也是场景视图筛选工作的核心函数part3.1 首先统计场景中的遮挡节点&#xff08;OccluderNode&#xff09;&#xff0c;…