1.容器网络

1.本地⽹络

bridge

yum -y install bridge-utils

2.查看桥⽂件

yum provides *bin/brctl
brctl show
#使⽤docker network 查看桥
docker network ls

每⼀台dcoker host上的docker0所在⽹段完全⼀样，但是会造成跨主 机的容

器⽆法通信

3.host

与主机共享⽹络，可让容器连接外⽹ ，所有容器与docker主机在同⼀个⽹络

中，容器和外⽹相互访问

 docker network ls

创建⼀个新的容器

docker run -d -p80 -v /opt/:/usr/share/nginx/html/ centosnginx:v1 
​

4.查看ip，默认在桥上

docker inspect a4b6|grep IPA

5.绑定其他的桥

docker run -d --network harbor_harbor centosnginx:v1
​
docker inspect 21a2|grep IPAdd   # 使⽤--network对⽹桥的选择

6.绑定host主机⽹络

docker run -it --network host yum:v0 /bin/bash
yum -y install iprout   #内部查看ip是本地主机ip
​# 外部查看ip 没有
[root@docker001 001]# docker inspect 306d|grep IPAdd

2.主控node1

1.安装etcd数据库和flannel

yum -y install etcd
yum -y install flannel

2.修改etcd数据库配置文件

vim /etc/etcd/etcd.conf 
#第6行
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"
#第21行
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.1.10:2379,http://192.168.1.10:4001"

3.启动etcd服务

systemctl start etcd

4.查看端口是否启动

netstat -lnput|grep 2379       
netstat -lnput|grep 4001

5.设置开机启动

systemctl enable etcd

6.测试数据库存取功能

[root@node1 ~]# etcdctl set testdir/testkey0 1000
1000
[root@node1 ~]# etcdctl get testdir/testkey0 
1000

7.测试集群健康

etcdctl -C http://192.168.1.10:4001 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://192.168.1.10:2379
cluster is healthy
​
etcdctl -C http://192.168.1.10:2379 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://192.168.1.10:2379
cluster is healthy

8.修改flannel配置⽂件

vim /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://192.168.1.10:2379"   #第4行
​

9.向数据库存入网段信息

[root@node1 ~]# etcdctl mk /atomic.io/network/config '{ "Network" : "172.20.0.0/16" }'
​
[root@node1 ~]# etcdctl get /atomic.io/network/config
{ "Network" : "172.20.0.0/16" }

10.启动服务

systemctl start flanneld
systemctl enable flanneld

11.查看ip地址

[root@node1 ~]# ip a s
3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.33.0/16 scope global flannel0valid_lft forever preferred_lft foreverinet6 fe80::455b:ea9e:f018:c395/64 scope link flags 800 valid_lft forever preferred_lft forever
​

12.docker启动，查看ip

systemctl start docker
ip a s
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:ed:0a:92:fc brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft forever
​

13.查看flannel子网ip

cat /run/flannel/subnet.env 
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.33.1/24
FLANNEL_MTU=1472   #最大值
FLANNEL_IPMASQ=false

14.从其他主机复制一份daemon.json

scp root@192.168.1.50:/etc/docker/daemon.json /etc/docker/
{"registry-mirrors": ["https://do.nark.eu.org","https://dc.j8.work","https://docker.m.daocloud.io","https://dockerproxy.com","https://docker.mirrors.ustc.edu.cn","https://docker.nju.edu.cn"]
,
​"hosts":["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"],"insecure-registries":["http://192.168.1.50:5000"]
​
}
​
​
[root@node1 ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd   #第13行
[root@node1 ~]# systemctl daemon-reload
[root@node1 ~]# systemctl restart docker
[root@node1 ~]# cat /run/flannel/subnet.env 
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.33.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
​
[root@node1 ~]# cat /etc/docker/daemon.json
{"registry-mirrors": ["https://do.nark.eu.org","https://dc.j8.work","https://docker.m.daocloud.io","https://dockerproxy.com","https://docker.mirrors.ustc.edu.cn","https://docker.nju.edu.cn"]
,
​"hosts":["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"],"insecure-registries":["http://192.168.1.10:5000"],"bip" : "172.0.33.1/24","mtu" : "1472"
​
}
[root@node1 ~]# systemctl restart docker
[root@node1 ~]# ip a s  #docker的ip地址的网段和flannel一致
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1472 qdisc noqueue state DOWN group default link/ether 02:42:ed:0a:92:fc brd ff:ff:ff:ff:ff:ffinet 172.20.33.1/24 brd 172.20.33.255 scope global docker0valid_lft forever preferred_lft forever
​
​
​
​

3.从控node2

[root@node2 ~]# yum -y install etcd
[root@node2 ~]# yum -y install flannel
​
[root@node2 ~]# vim /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://192.168.1.11:2379"   #第4行
[root@node2 ~]# systemctl start flanneld
[root@node2 ~]# ip a s
3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.32.0/16 scope global flannel0valid_lft forever preferred_lft foreverinet6 fe80::4fcb:f1f1:f227:ee11/64 scope link flags 800 valid_lft forever preferred_lft forever
[root@node2 ~]# cat /run/flannel/subnet.env 
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.32.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
[root@node2 ~]# chmod +x docker.sh 
[root@node2 ~]# ./docker.sh 
[root@node2 ~]# ip a s
3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.32.0/16 scope global flannel0valid_lft forever preferred_lft foreverinet6 fe80::4fcb:f1f1:f227:ee11/64 scope link flags 800 valid_lft forever preferred_lft forever[root@node2 ~]# systemctl start docker
[root@node2 ~]# ip  a s
3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.32.0/16 scope global flannel0valid_lft forever preferred_lft foreverinet6 fe80::4fcb:f1f1:f227:ee11/64 scope link flags 800 valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:e4:a7:5a:cb brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft forever
​
[root@node2 ~]# scp root@192.168.1.10:/etc/docker/daemon.json /etc/docker/
​
[root@node2 ~]# vim /etc/docker/daemon.json 
{"registry-mirrors": ["https://do.nark.eu.org","https://dc.j8.work","https://docker.m.daocloud.io","https://dockerproxy.com","https://docker.mirrors.ustc.edu.cn","https://docker.nju.edu.cn"]
,
​"hosts":["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"],"insecure-registries":["http://192.168.1.10:5000"],"bip" : "172.20.32.1/24","mtu" : 1472
​
}
​
[root@node2 ~]# cat /run/flannel/subnet.env 
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.32.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
[root@node2 ~]# vim /usr/lib/systemd/system/docker.service
[root@node2 ~]# systemctl daemon-reload
[root@node2 ~]# systemctl restart docker
​
[root@node2 ~]# ip a s
3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.32.0/16 scope global flannel0valid_lft forever preferred_lft foreverinet6 fe80::4fcb:f1f1:f227:ee11/64 scope link flags 800 valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1472 qdisc noqueue state DOWN group default link/ether 02:42:e4:a7:5a:cb brd ff:ff:ff:ff:ff:ffinet 172.20.32.1/24 brd 172.20.32.255 scope global docker0valid_lft forever preferred_lft forever
​
[root@node2 ~]# docker pull centos
[root@node2 ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
centos       latest    5d0da3dc9764   2 years ago   231MB
[root@node2 ~]# docker run -it centos:latest /bin/bash
[root@d5cec2a20adf /]# ping 172.20.33.2  #测试是否互通
​

总结，工作原理

1.使用flanner为docker主机（宿主）分配网段

2.网段的信息以及ip的信息保存在etcd数据库中

3.当flanner开始运⾏的时候，会从etcd数据库中读{"Network":"172.20.0.0/16"},随机为当前的主机添加⼀个flannel0 网络172.20.78.0

4.配置docker的daemon⽂件，让docker0⽹卡变成和flannel的⽹段 ⼀致，

之后docker下创建的容器的ip就在flannel的⽹段控制之内