摘要:如果的網(wǎng)卡為�����,則不需要此步驟設(shè)置和的以下步驟得在或之前做假設(shè)你有三個機器�����,��,準備搞一個集群獲得的參數(shù)����,注意停掉刪掉虛擬網(wǎng)卡啟動重建,記得設(shè)置之前得到的參數(shù)和正確的值再到和上執(zhí)行相同的命令��。
原文地址
Docker Daemon生產(chǎn)環(huán)境配置提到了MTU設(shè)置���,但是這只是針對于名為bridge的docker bridge network�����,對于overlay network是無效的��。
如果docker host machine的網(wǎng)卡MTU為1500���,則不需要此步驟
設(shè)置ingress和docker_gwbridge的MTU
以下步驟得在swarm init或join之前做
假設(shè)你有三個機器,manager����、worker-1����、worker-2���,準備搞一個Docker swarm集群
1) [manager] docker swarm init
2) [manager] 獲得docker_gwbridge的參數(shù)���,注意Subnet
$ docker network inspect docker_gwbridge
[
{
"Name": "docker_gwbridge",
...
"IPAM": {
...
"Config": [
{
"Subnet": "172.18.0.0/16",
...
}
]
},
...
}
]
3) [manager] docker swarm leave --force
4) [manager] 停掉docker sudo systemctl stop docker.service
5) [manager] 刪掉虛擬網(wǎng)卡docker_gwbridge
$ sudo ip link set docker_gwbridge down
$ sudo ip link del dev docker_gwbridge
6) [manager] 啟動docker sudo systemctl start docker.service
7) [manager] 重建docker_gwbridge,
記得設(shè)置之前得到的Subnet參數(shù)和正確的MTU值
$ docker network rm docker_gwbridge
$ docker network create
--subnet 172.18.0.0/16
--opt com.docker.network.bridge.name=docker_gwbridge
--opt com.docker.network.bridge.enable_icc=false
--opt com.docker.network.bridge.enable_ip_masquerade=true
--opt com.docker.network.driver.mtu=1450
docker_gwbridge
再到worker-1和worker-2上執(zhí)行相同的命令�����。
8) [manager] docker swarm init
9) [manager] 先觀察ingress network的參數(shù)�,注意Subnet和Gateway:
$ docker network inspect ingress
[
{
"Name": "ingress",
...
"IPAM": {
...
"Config": [
{
"Subnet": "10.255.0.0/16",
"Gateway": "10.255.0.1"
}
]
},
...
}
]
10) [manager] 刪除ingress network����,docker network rm ingress。
11) [manager] 重新創(chuàng)建ingress network�����,記得填寫之前得到的Subnet和Gateway���,以及正確的MTU值:
$ docker network create
--driver overlay
--ingress
--subnet=10.255.0.0/16
--gateway=10.255.0.1
--opt com.docker.network.driver.mtu=1450
ingress
12) [worker-1] [worker-2] join docker swarm join ...
注意:新機器在join到swarm之前�����,得先執(zhí)行第7步
驗證:
1) 啟動一個swarm service�,docker service create -td --name busybox busybox
2) 觀察虛擬網(wǎng)卡
發(fā)現(xiàn)MTU都是1450:
$ ip link
1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens3: mtu 1450 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether fa:16:3e:71:09:f5 brd ff:ff:ff:ff:ff:ff
3: docker0: mtu 1450 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:6b:de:95:71 brd ff:ff:ff:ff:ff:ff
298: docker_gwbridge: mtu 1450 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:ae:7b:cd:b4 brd ff:ff:ff:ff:ff:ff
309: veth7e0f9e5@if308: mtu 1450 qdisc noqueue master docker_gwbridge state UP mode DEFAULT group default
link/ether 16:ca:8f:c7:d3:7f brd ff:ff:ff:ff:ff:ff link-netnsid 1
311: vethcb94fec@if310: mtu 1450 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 9a:aa:de:7b:4f:d4 brd ff:ff:ff:ff:ff:ff link-netnsid 2
3) 觀察容器內(nèi)網(wǎng)卡
網(wǎng)卡MTU也是1450:
$ docker exec b.1.pdsdgghzyy5rhqkk5et59qa3o ip link
1: lo: mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
310: eth0@if311: mtu 1450 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
自建overlay network的MTU
方法一:在docker compose file設(shè)置
...
networks:
my-overlay:
driver: bridge
driver_opts:
com.docker.network.driver.mtu: 1450
不過這樣不好,因為這樣就把docker compose file的內(nèi)容和生產(chǎn)環(huán)境綁定了����,換了個環(huán)境這個MTU值未必合適。
方法二:外部創(chuàng)建時設(shè)置
docker network create
-d overlay
--opt com.docker.network.driver.mtu=1450
--attachable
my-overlay
用法:
在docker compose file里這樣用:
...
networks:
app-net:
external: true
name: my-overlay
docker run --network my-overlay ...
docker service create --network my-overlay ...
參考資料
Use overlay networks
Docker MTU issues and solutions
docker network create
文章版權(quán)歸作者所有�,未經(jīng)允許請勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除���。
轉(zhuǎn)載請注明本文地址:http://systransis.cn/yun/27674.html
