Docker跨宿主机容器之间的通信

  • 2019-09-02
  • 0
  • 0

[toc]

1、Docker跨主机容器之间的通信-macvlan

1.1、创建macvlan网络

docker network create –driver macvlan –subnet 10.0.0.0/24 –gateway 10.0.0.2 -o parent=eth0 macvlan_1

1.2、设置eth0的网卡为混杂模式

ip link set eth1 promisc on

1.3、创建使用macvlan网络的容器

docker run -it –network macvlan_1 –ip=10.0.0.200 busybox

2、Dcoker跨主机容器通信之overlay

工作原理:
1、容器Container1会通过Container eth0 将这个数据包发送到 10.0.0.1 的网关。
2、网关将数据包发送出去后到达b20网桥。
3、b20网桥针对VXLAN设备,主要用于捕获对外的数据包通过VETP进行数据包封装。
4、封装好将VXLAN格式数据包交给eth0,通过UDP方式交给Container2的eth0。
5、Container2收到数据包后通过VETP将数据包解封装。
6、网桥通过网关将解封装的数据包转发给Container eth0,完毕通信。
overlay工作原理图

节点1:docer02 10.0.0.12
节点2:docer03 10.0.0.13

2.1、编辑配置文件

[root@docker02 ~]# vim /etc/docker/daemon.json
{
 "insecure-registries": ["10.0.0.11:5000"],
 "registry-mirrors": ["https://registry.docker-cn.com"],
  "hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
  "cluster-store": "consul://10.0.0.12:8500",   #### 容器跑在哪个宿主机上面
  "cluster-advertise": "10.0.0.12:2376"         #### 节点ip
}

[root@docker03 ~]# vim /etc/docker/daemon.json 
{
"registry-mirrors": ["https://pdrci26k.mirror.aliyuncs.com"],
"insecure-registries": ["10.0.0.11:5000"],
"hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
  "cluster-store": "consul://10.0.0.12:8500",   #### 容器跑在哪个宿主机上面
  "cluster-advertise": "10.0.0.13:2376"         #### 节点ip
}

systemd配置文件也修改

[root@docker02 ~]# cat /lib/systemd/system/docker.service | grep "ExecStart=/usr/bin/dockerd"                   
ExecStart=/usr/bin/dockerd   --containerd=/run/containerd/containerd.sock

[root@docker03 ~]#cat /lib/systemd/system/docker.service | grep "ExecStart=/usr/bin/dockerd"
ExecStart=/usr/bin/dockerd   --containerd=/run/containerd/containerd.sock
systemctl daemon-reload

2.2、重启docker服务

[root@docker02 ~]# systemctl daemon-reload
[root@docker02 ~]# systemctl restart docker

[root@docker03 ~]# systemctl daemon-reload
[root@docker03 ~]# systemctl restart docker

3、启动一台容器

[root@docker02 ~]# docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap /bin/sh

可以通过浏览器访问10.0.0.11:8500看到信息

4、在任意一台节点上创建overlay网络

不能和现有网段冲突

[root@docker02 ~]# docker network create -d overlay --subnet 172.16.2.0/24 --gateway 172.16.2.254 ol1

会在集群内所有节点添加这一网络。

通过2376端口远程控制docker客户端

[root@docker02 ~]# docker -H 10.0.0.11:2376 ps -a -l
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                                            NAMES
b209f9b89905        progrium/consul     "/bin/start -server …"   3 minutes ago       Up 3 minutes        53/tcp, 53/udp, 8300-8302/tcp, 8400/tcp, 8301-8302/udp, 0.0.0.0:8500->8500/tcp   consul

5、启动容器测试

[root@docker02 ~]# docker run -it --network ol1 --name test1 busybox /bin/sh
/ # ping -c 2 test2
/ # ping -c 2 172.16.2.2
PING 172.16.2.2 (172.16.2.2): 56 data bytes
64 bytes from 172.16.2.2: seq=0 ttl=64 time=0.682 ms
64 bytes from 172.16.2.2: seq=1 ttl=64 time=0.528 ms

--- 172.16.2.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.528/0.605/0.682 ms
/ # 
[root@docker03 ~]# docker run -it --network ol1 --name test2 busybox /bin/sh
/ # ping -c 2172.16.2.1
ping: invalid number '2172.16.2.1'
/ # ping -c 2 172.16.2.1
PING 172.16.2.1 (172.16.2.1): 56 data bytes
64 bytes from 172.16.2.1: seq=0 ttl=64 time=0.631 ms
64 bytes from 172.16.2.1: seq=1 ttl=64 time=0.731 ms

--- 172.16.2.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.631/0.681/0.731 ms
/ # 

会启动两张网卡,eth0内部访问,eth1外部访问上外网

/ # ifconfig 
eth0      Link encap:Ethernet  HWaddr 02:42:AC:10:02:02  
          inet addr:172.16.2.2  Bcast:172.16.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1450  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth1      Link encap:Ethernet  HWaddr 02:42:AC:12:00:02  
          inet addr:172.18.0.2  Bcast:172.18.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:656 (656.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
/ # route  -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.18.0.1      0.0.0.0         UG    0      0        0 eth1
172.16.2.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth1

起容器时候,使用端口映射实现被外部访问

评论

还没有任何评论,你来说两句吧

提供支持 - 友情链接 - 衫小寨