部署 docker
旧的三节点 docker 已经安装好只需要安装新节点的 docker 但是所有节点都需要修改 docker 配置文件
安装参考前面的基础篇里的安装方法
所有 work 节点都需要修改以下参数需要修改 dokcer 的参数
- [root@nfs-store ~]# systemctl status docker
- docker.service - Docker Application Container Engine
- ?? Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
?? Active: active (running) since 三 2018-08-29 14:47:45 CST; 1s ago
- ? ?? Docs: https://docs.docker.com
- Main PID: 5934 (dockerd)
- ? ? Tasks: 16
- ?? Memory: 14.5M
- ?? CGroup: /system.slice/docker.service
- ? ? ? ? ?? 5934 /usr/bin/dockerd
- ? ? ? ? ?? 5940 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start...
8 月 29 14:47:44 nfs-store dockerd[5934]: time="2018-08-29T14:47:44.989167050+08:00" level=info msg="[graphdriver] using ...erlay
8 月 29 14:47:44 nfs-store dockerd[5934]: time="2018-08-29T14:47:44.992032549+08:00" level=info msg="Graph migration to c...conds"
8 月 29 14:47:44 nfs-store dockerd[5934]: time="2018-08-29T14:47:44.993033475+08:00" level=info msg="Loading containers: start."
8 月 29 14:47:45 nfs-store dockerd[5934]: time="2018-08-29T14:47:45.000879000+08:00" level=info msg="Firewalld running: false"
8 月 29 14:47:45 nfs-store dockerd[5934]: time="2018-08-29T14:47:45.102773462+08:00" level=info msg="Default bridge (dock...dress"
8 月 29 14:47:45 nfs-store dockerd[5934]: time="2018-08-29T14:47:45.145154328+08:00" level=info msg="Loading containers: done."
8 月 29 14:47:45 nfs-store dockerd[5934]: time="2018-08-29T14:47:45.157327519+08:00" level=info msg="Daemon has completed...ation"
8 月 29 14:47:45 nfs-store dockerd[5934]: time="2018-08-29T14:47:45.157365151+08:00" level=info msg="Docker daemon" commi...3.1-ce
8 月 29 14:47:45 nfs-store dockerd[5934]: time="2018-08-29T14:47:45.165294766+08:00" level=info msg="API listen on /var/r....sock"
8 月 29 14:47:45 nfs-store systemd[1]: Started Docker Application Container Engine.
- Hint: Some lines were ellipsized, use -l to show in full.
- [root@nfs-store ~]#
修改这个文件:
- /usr/lib/systemd/system/docker.service
- [root@nfs-store ~]# cat /usr/lib/systemd/system/docker.service |grep -v ^#
- [Unit]
- Description=Docker Application Container Engine
- Documentation=https://docs.docker.com
- After=network.target firewalld.service
- [Service]
- Type=notify
- EnvironmentFile=/run/flannel/docker
- ExecStart=/usr/bin/dockerd --log-level=error $DOCKER_NETWORK_OPTIONS
- ExecReload=/bin/kill -s HUP $MAINPID
- LimitNOFILE=infinity
- LimitNPROC=infinity
- LimitCORE=infinity
- TimeoutStartSec=0
- Delegate=yes
- KillMode=process
- [Install]
- WantedBy=multi-user.target
- [root@nfs-store ~]#
$DOCKER_NETWORK_OPTIONS;dockerd 运行时会调用其它 docker 命令, 如 docker-proxy, 所以需要将 docker 命令所在的目录加到 PATH 环境变量中; flanneld 启动时将网络配置写入 /run/flannel/docker 文件中, dockerd 启动前读取该文件中的环境变量 DOCKER_NETWORK_OPTIONS , 然后设置 docker0 网桥网段; 如果指定了多个 EnvironmentFile 选项, 则必须将 /run/flannel/docker 放在最后 (确保 docker0 使用 flanneld 生成的 bip 参数);docker 需要以 root 用于运行; docker 从 1.13 版本开始, 可能将 iptables FORWARD chain 的默认策略设置为 DROP, 从而导致 ping 其它 Node 上的 Pod IP 失败, 遇到这种情况时, 需要手动设置策略为 ACCEPT :iptables -P FORWARD ACCEPT 并且把以下命令写入 /etc/rc.local 文件中, 防止节点重启 iptablesFORWARD chain 的默认策略又还原为 DROP/sbin/iptables -P FORWARD ACCEPT
重启 docker, 可以看到所有 work 节点同一个节点的 flannel 和 docker 是一个网段了
- 3: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN
- ? ? link/ether 7a:a5:c6:8d:1e:55 brd ff:ff:ff:ff:ff:ff
- ? ? inet 172.30.14.0/32 scope global flannel.1
- ? ? ?? valid_lft forever preferred_lft forever
- 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
- ? ? link/ether 02:42:18:17:e4:f7 brd ff:ff:ff:ff:ff:ff
- ? ? inet 172.30.14.1/24 scope global docker0
- ? ? ?? valid_lft forever preferred_lft forever
来源: http://www.bubuko.com/infodetail-2751508.html