Docker Cookbook

ExecStart=/usr/bin/docker start -a netcat-server
ExecStartPost=/bin/bash -c 'etcdctl set /services/netcat-server \
$(docker inspect --format="{{.NetworkSettings.IPAddress}}" netcat-server)'
ExecStop=/usr/bin/docker stop netcat-server
ExecStopPost=/usr/bin/docker rm netcat-server
An alternative to the 
ExecStartPost
entry is to create a separate
sidekick unit
. You can also use the 
SkyDNS
project to expose a
DNS interface for the clients.
With the default configuration, 
flannel
uses a TUN device to send packets to user
space for UDP encapsulation. It is a robust solution, as the TUN device has been part
of the Linux kernel for many years. However, the cost of moving every packet in and
out of the 
flannel
daemon can have significant impact on performance. Modern
Linux kernels have support for a new type of encapsulation called VXLAN. VXLAN
also wraps packets in network-friendly UDP but with the advantage of performing
this task in the kernel. CoreOS always ships the latest kernel, making it a great candi‐
date for taking advantage of VXLAN. Enabling VXLAN is as easy as selecting a differ‐
ent backend in the 
flannel
config:
ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config \
'{ "Network": "10.1.0.0/16", "Backend": { "Type": "vxlan" } }'
When running in nonsecure environments, it is best to use TLS for
flannel
-to-
etcd
communication. TLS client certificates can be
used to restrict access to 
etcd
. See 
etcd
and 
flannel
documenta‐
tion for details.

Download 6,31 Mb.

Do'stlaringiz bilan baham: