Docker 使用Calico插件配置網絡


一、環境介紹:

1、操作系統:CentOS 7

2、主機結點:node1(192.168.5.251) node2(192.168.5.252) node3(192.168.5.253)

3、軟件版本:calicoctl(version v1.6.1) etcdctl(version: 3.2.15)  docker(version:17.12.0-ce)

192.168.5.251     node1   安裝docker+etcd+calicoctl
192.168.5.252     node2   安裝docker+etcd+calicoctl
192.168.5.253     node3   安裝docker+etcd+calicoctl
   
[root@node1 ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
   
修改三個節點的主機名 (主機名最好和后面ETCD_NAME和calico的NODENAME名稱起一樣的名,否則最后可能會出現容器之間ping不通的現象)
[root@node1 ~]# hostnamectl --static set-hostname node1
[root@node1 ~]# echo "node1" > /etc/hostname
   
[root@node2 ~]# hostnamectl --static set-hostname node2
[root@node2 ~]# echo "node2" > /etc/hostname
   
[root@node3 ~]# hostnamectl --static set-hostname node3
[root@node3 ~]# echo "node3" > /etc/hostname
   
關閉三台主機的防火牆。若開啟iptables防火牆,則需要打開2380端口通信。
[root@node1 ~]# systemctl disable firewalld.service
[root@node1 ~]# systemctl stop firewalld.service
[root@node1 ~]# iptables -F
[root@node1 ~]# firewall-cmd --state
not running
   
在三台機器上都要設置hosts,均執行如下命令:
[root@node1 ~]# vim /etc/hosts
192.168.5.251     node1
192.168.5.252     node2
192.168.5.253     node3
   
三台集機器上的ip轉發功能打開
[root@node1 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@node1 ~]# cat /etc/sysctl.conf
......
net.ipv4.conf.all.rp_filter=1
net.ipv4.ip_forward=1
[root@node1 ~]# sysctl -p

 

二、配置ETCD集群

1、安裝EPEL源
http://fedoraproject.org/wiki/EPEL

2、三台結點安裝Etcd軟件包
[root@node1 ~]# yum install etcd -y

3、三台結點配置ETCD集群模式
[root@node1 ~]# cat /etc/etcd/etcd.conf 
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"

# 根據不同主機進行相應修改,分別為node1 node2 node3
ETCD_NAME="node1"

# 根據不同主機進行相應修改,分別為192.168.5.251 192.168.5.252 192.168.5.253
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.5.251:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.5.251:2379"

ETCD_INITIAL_CLUSTER="node1=http://192.168.5.251:2380,node2=http://192.168.5.252:2380,node3=http://192.168.5.253:2380"

3、啟用Etcd服務,並測試是集群是否配置正確
[root@node1 ~]# systemctl start etcd
[root@node1 ~]# export ETCDCTL_API=3
[root@node1 ~]# etcdctl member list
24535a04231931b0, started, node3, http://192.168.5.253:2380, http://192.168.5.253:2379
762f75df97deec48, started, node1, http://192.168.5.251:2380, http://192.168.5.251:2379
7d53f37d27d9c631, started, node2, http://192.168.5.252:2380, http://192.168.5.252:2379

二、 安裝Docker,配置使用集群存儲

1、安裝 Docker
https://yq.aliyun.com/articles/110806


2、配置Docker守護程序使用有群集存儲
[root@node1 ~]# cat /etc/docker/daemon.json

{
  "registry-mirrors": ["https://7i5u59ls.mirror.aliyuncs.com"],
  "cluster-store": "etcd://192.168.5.251:2379"
}

3、重啟Docker進程,並檢查配置是否正確
[root@node1 ~]# systemctl restart docker
[root@node1 ~]# docker info | grep "Cluster Store"
Cluster Store: etcd://192.168.5.251:2379

三、配置calico基於sysinit方式啟動

1、三台主機分別添加calico-node配置文件
[root@node1 calico]# cat /etc/calico/calico.env 
ETCD_ENDPOINTS="http://192.168.5.251:2379,http://192.168.5.252:2379,http://192.168.5.253:2379"
ETCD_CA_FILE=""
ETCD_CERT_FILE=""
ETCD_KEY_FILE=""
# 根據不同主機進行配置,分別為node1 node2 node3
CALICO_NODENAME="node1"
CALICO_NO_DEFAULT_POOLS=""
CALICO_IP="192.168.5.251"
CALICO_IP6=""
CALICO_AS=""
CALICO_LIBNETWORK_ENABLED=true
CALICO_NETWORKING_BACKEND=bird

2、三台主機分別添加calico-node sysinit配置文件
[root@node1 calico]# cat /etc/systemd/system/calico-node.service 
[Unit]
Description=calico-node
After=docker.service
Requires=docker.service

[Service]
EnvironmentFile=/etc/calico/calico.env
ExecStartPre=-/usr/bin/docker rm -f calico-node
ExecStart=/usr/bin/docker run --net=host --privileged \
 --name=calico-node \
 -e NODENAME=${CALICO_NODENAME} \
 -e IP=${CALICO_IP} \
 -e IP6=${CALICO_IP6} \
 -e CALICO_NETWORKING_BACKEND=${CALICO_NETWORKING_BACKEND} \
 -e AS=${CALICO_AS} \
 -e NO_DEFAULT_POOLS=${CALICO_NO_DEFAULT_POOLS} \
 -e CALICO_LIBNETWORK_ENABLED=${CALICO_LIBNETWORK_ENABLED} \
 -e ETCD_ENDPOINTS=${ETCD_ENDPOINTS} \
 -e ETCD_CA_CERT_FILE=${ETCD_CA_CERT_FILE} \
 -e ETCD_CERT_FILE=${ETCD_CERT_FILE} \
 -e ETCD_KEY_FILE=${ETCD_KEY_FILE} \
 -v /var/run/docker.sock:/var/run/docker.sock \
 -v /var/log/calico:/var/log/calico \
 -v /run/docker/plugins:/run/docker/plugins \
 -v /lib/modules:/lib/modules \
 -v /var/run/calico:/var/run/calico \
 calico/node:v2.6.1

ExecStop=-/usr/bin/docker stop calico-node

Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target


3、三台主機分別啟動calico-node服務
[root@node1 calico]# systemctl daemon-reload
[root@node1 calico]# systemctl start calico-node
[root@node1 calico]# tail -f /var/log/messages
...
Mar 11 12:23:46 node1 docker: Starting libnetwork service
Mar 11 12:23:46 node1 docker: Calico node started successfully

4、下載calicoctl二進制文件,並添加執行權限
[root@node1 calico]# wget -O /usr/local/bin/calicoctl https://github.com/projectcalico/calicoctl/releases/download/v1.6.1/calicoctl
[root@node1 calico]# chmod +x /usr/local/bin/calicoctl


5、檢查calico-node是否正常
[root@node1 calico]# calicoctl node status
Calico process is running.

IPv4 BGP status
+---------------+-------------------+-------+----------+-------------+
| PEER ADDRESS  |     PEER TYPE     | STATE |  SINCE   |    INFO     |
+---------------+-------------------+-------+----------+-------------+
| 192.168.5.252 | node-to-node mesh | up    | 04:23:50 | Established |
| 192.168.5.253 | node-to-node mesh | up    | 04:23:50 | Established |
+---------------+-------------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

[root@node1 calico]# calicoctl get node
NAME    
node1   
node2   
node3   

三、測試calico網絡

1、創建網絡
[root@node1 ~]# docker network create --driver calico --ipam-driver calico-ipam net1
#在任意一台主機,都可以看到新增的網絡插件
[root@node1 ~]# docker network ls
...
9316f6603268        net1                calico              global
...
2、在node1 node2 node3分別建立一個容器,查看IP地址
[root@node1 ~]# docker run --net net1 --name workload-A -tid busybox
[root@node1 ~]# docker exec -it workload-A ip addr
...
    inet 192.168.166.136/32 brd 192.168.166.136 scope global cali0
...

[root@node2 ~]# docker run --net net1 --name workload-B -tid busybox
[root@node1 ~]# docker exec -it workload-B ip addr
...
    inet 192.168.104.2/32 brd 192.168.104.2 scope global cali0
...

[root@node3 ~]# docker run --net net1 --name workload-C -tid busybox
[root@node1 ~]# docker exec -it workload-C ip addr
...
    inet 192.168.135.7/32 brd 192.168.135.7 scope global cali0
...

3、在node1的容器中(workload-A),ping各結點的容器IP,測試網絡是否正常

/ # ping 192.168.135.7
PING 192.168.135.7 (192.168.135.7): 56 data bytes
64 bytes from 192.168.135.7: seq=77 ttl=62 time=0.797 ms

/ # ping 192.168.104.2
PING 192.168.104.2 (192.168.104.2): 56 data bytes
64 bytes from 192.168.104.2: seq=0 ttl=62 time=56.072 ms

4、查看各結點的路由表

[root@node1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.5.2     0.0.0.0         UG    100    0        0 ens33
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.5.0     0.0.0.0         255.255.255.0   U     100    0        0 ens33
192.168.104.0   192.168.5.252   255.255.255.192 UG    0      0        0 ens33
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
192.168.135.0   192.168.5.253   255.255.255.192 UG    0      0        0 ens33
192.168.166.128 0.0.0.0         255.255.255.192 U     0      0        0 *
192.168.166.136 0.0.0.0         255.255.255.255 UH    0      0        0 calia42c5f1e64a


[root@node2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.5.2     0.0.0.0         UG    100    0        0 ens33
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.5.0     0.0.0.0         255.255.255.0   U     100    0        0 ens33
192.168.104.0   0.0.0.0         255.255.255.192 U     0      0        0 *
192.168.104.2   0.0.0.0         255.255.255.255 UH    0      0        0 calic7493c5fa1e
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
192.168.135.0   192.168.5.253   255.255.255.192 UG    0      0        0 ens33
192.168.166.128 192.168.5.251   255.255.255.192 UG    0      0        0 ens33


[root@node3 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.5.2     0.0.0.0         UG    100    0        0 ens33
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.5.0     0.0.0.0         255.255.255.0   U     100    0        0 ens33
192.168.104.0   192.168.5.252   255.255.255.192 UG    0      0        0 ens33
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
192.168.135.0   0.0.0.0         255.255.255.192 U     0      0        0 *
192.168.135.7   0.0.0.0         255.255.255.255 UH    0      0        0 cali4a45031fc02
192.168.166.128 192.168.5.251   255.255.255.192 UG    0      0        0 ens33

參考 https://www.cnblogs.com/kevingrace/p/6864804.html?utm_source=itdadao&utm_medium=referral

        https://my.oschina.net/huangweibin/blog/1632932


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM