Docker Overlay 应用部署

Posted 2021-01-17 xiangsikai

Docker Overlay 部署条件

要想使用Docker原生Overlay网络，需要满足以下任意条件：

 

1、Docker运行在Swarm模式

 

2、使用键值存储的Docker主机集群

本次部署使用键值存储的Docker主机集群，需要满足以下条件：

1. 集群中主机连接到键值存储，Docker支持Consul、Etcd和Zookeeper；

2. 集群中主机运行一个Docker守护进程；

3. 集群中主机必须具有唯一的主机名，因为键值存储使用主机名来标识集群成员；

4. 集群中Linux主机内核版本3.12+，支持VXLAN数据包处理，否则可能无法通信。

5. Docker通过overlay网络驱动程序支持多主机容器网络通信。

---

内核版本升级方案：网址...

---

Docker Overlay 应用部署

• 节点1/键值存储：192.168.1.77
• 节点2：192.168.1.78

节点1节点2操作

# 修改两个测试端主机名，并退出终端生效
hostname overlay-01
hostname overlay-02

---

 

一、部署Consul并运行服务

1.1 节点1操作：下载Consul二进制包并启动

• 百度云：https://pan.baidu.com/s/1MsVJtYUDJ8LzBqVxwmdc8A
• 密码：g5jd

• 命令行下载：wget https://releases.hashicorp.com/consul/0.9.2/consul_0.9.2_linux_amd64.zip

# 1、解压Consul压缩包
unzip consul_0.9.2_linux_amd64.zip

# 2、将consul移动到/bin/目录下并添加执行权限
mv consul /usr/bin/consul && chmod +x /usr/bin/consul

# 3、启动consul并指定本机IP
nohup consul agent -server -bootstrap -ui -data-dir /var/lib/consul -client=192.168.1.77 -bind=192.168.1.77 &>/var/log/consul.log &

1.2 节点1操作：查看日志启动情况

tail /var/log/consul.log -f

2018/10/29 15:17:39 [INFO] agent: Started HTTP server on 192.168.1.77:8500

2018/10/29 15:17:45 [WARN] raft: Heartbeat timeout from "" reached, starting election

2018/10/29 15:17:45 [INFO] raft: Node at 192.168.1.77:8300 [Candidate] entering Candidate state in term 2

2018/10/29 15:17:45 [INFO] raft: Election won. Tally: 1

2018/10/29 15:17:45 [INFO] raft: Node at 192.168.1.77:8300 [Leader] entering Leader state

2018/10/29 15:17:45 [INFO] consul: cluster leadership acquired

2018/10/29 15:17:45 [INFO] consul: New leader elected: localhost.localdomain

2018/10/29 15:17:45 [INFO] consul: member ‘localhost.localdomain‘ joined, marking health alive

2018/10/29 15:17:45 [INFO] agent: Synced node info

==> Newer Consul version available: 1.3.0 (currently running: 0.9.2)

日志

---

二、部署Docker配置文件

2.节点配置Docker守护进程连接Consul

# 添加ExecStart如果已有则注释添加下面案例

vim /lib/systemd/system/docker.service

[Service]

ExecStart=/usr/bin/dockerd-current -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store consul://192.168.1.77:8500 --cluster-advertise 192.168.1.77:2375

 

# 为docker监听

tcp://0.0.0.0:2375

 

# systemctl daemon-reload

# systemctl restart docker

 

 

overlay-02

# 修改配置文件，使用的是overlay-01的IP

vi /lib/systemd/system/docker.service

[Service]

ExecStart=/usr/bin/dockerd-current -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store consul://192.168.1.77:8500 --cluster-advertise 192.168.1.78:2375

 

# 通告信息需要改为本机IP

--cluster-advertise 192.168.1.78:2375

 

 

 

3.创建overlay网络

# 创建网络 -d 指定网络驱动程序为 overlay multi_host

# docker network create -d overlay multi_host

 

注：再任意节点创建后会通过overlay同步到已连接的节点下创建网络。

 

# 查看本地网络

docker network ls

 

4abe591cdf50 multi_host overlay global

 

# 查看网络属性信息

docker network inspect ID/KEY

 

[

{

"Name": "multi_host",

"Id": "4abe591cdf504c1f15f563e4c8516c22b7d037268e6975e9491a417d2da83e8a",

"Created": "2018-11-01T10:42:00.117452769+08:00",

"Scope": "global",

# 驱动为overlay

"Driver": "overlay",

"EnableIPv6": false,

"IPAM": {

"Driver": "default",

"Options": {},

# 网段信息

"Config": [

{

"Subnet": "10.0.0.0/24",

"Gateway": "10.0.0.1"

}

]

},

"Internal": false,

"Attachable": false,

"Containers": {},

"Options": {},

"Labels": {}

}

]

 

 

4.测试互通

# 指定连接网络类型 --net=multi_host

docker run -it --net=multi_host busybox

 

注：如果报错则可在配置文件中ExecStart添加加如下参数

--default-runtime=docker-runc

 

建议添加 多个参数

--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current

--default-runtime=docker-runc

--exec-opt native.cgroupdriver=systemd

--userland-proxy-path=/usr/libexec/docker/docker-proxy-current

--init-path=/usr/libexec/docker/docker-init-current

--seccomp-profile=/etc/docker/seccomp.json

如下

ExecStart=/usr/bin/dockerd-current -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store consul://192.168.1.77:8500 --cluster-advertise 192.168.1.78:2375 --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json

 

 

两台分别运行容器

overlay-01

/ # ifconfig

eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:03

inet addr:10.0.0.3 Bcast:0.0.0.0 Mask:255.255.255.0

inet6 addr: fe80::42:aff:fe00:3/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1

RX packets:11 errors:0 dropped:0 overruns:0 frame:0

TX packets:7 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:906 (906.0 B) TX bytes:586 (586.0 B)

 

overlay-02

/ # ifconfig

eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:02

inet addr:10.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.0

inet6 addr: fe80::42:aff:fe00:2/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1

RX packets:14 errors:0 dropped:0 overruns:0 frame:0

TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:1136 (1.1 KiB) TX bytes:656 (656.0 B)

 

测试是否通信 overlay-02 ping overlay-01

/ # ping 10.0.0.3

PING 10.0.0.3 (10.0.0.3): 56 data bytes

64 bytes from 10.0.0.3: seq=0 ttl=64 time=0.960 ms

64 bytes from 10.0.0.3: seq=1 ttl=64 time=0.355 m

 

注：通信成功。