docker网络+跨主机容器之间的通讯

本文主要是介绍docker网络+跨主机容器之间的通讯，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

docker网络

使用docker network 查看桥

[root@docker ~]# docker network ls 
NETWORK ID     NAME      DRIVER    SCOPE
6cacea2a7a49   bridge    bridge    local
5546f1e40d41   host      host      local
2e567ec1e04f   none      null      local

bridge

bridge和nat差不多，是默认的（default)

docker 启动之后会生成新的虚拟网卡，网卡名称为docker0,网段默认是172.17.0.1

所有的容器都桥接docker0,通过桥接共享网络

[root@docker ~]# yum -y install bridge-utils.x86_64

[root@docker ~]# brctl show

host

优点：使用方便，直接使用宿主机的ip,一般用来测试

缺点：无法并行多个同类的容器

仅主机模式，容器的IP就是宿主机的IP

绑定host主机网络：

[root@docker ~]# docker run -it --network host centos:yum /bin/bash
[root@docker /]# ls
bin  etc   lib      lost+found  mnt  proc  run   srv  tmp  var
dev  home  lib64  media       opt  root  sbin  sys  usr
[root@docker /]# yum -y install iproute

[root@docker /]# yum -y install httpd

[root@docker /]# echo "aaaaaaaa" > /var/www/html/index.html
[root@docker /]# systemctl start httpd
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
[root@docker /]# httpd -k start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::a134:1e30:d4f:74a1. Set the 'ServerName' directive globally to suppress this message
[root@docker /]# curl localhost
aaaaaaaa
[root@docker /]# [root@docker ~]# 
[root@docker ~]# systemctl stop firewalld
[root@docker ~]# curl 192.168.118.55

aaaaaaaa

在外部查看IP没有：

[root@docker ~]# docker inspect ab8 | grep IPA
            "SecondaryIPAddresses": null,
            "IPAddress": "",
                    "IPAMConfig": null,
                    "IPAddress": "",
 

在浏览器上访问宿主机的IP地址：

跨主机容器之间的通讯

两台不同主机上的容器的连接，如A宿主上的a1容器可以访问B主机上的b1容器

工具：pipwork   flannel

flannel技术

使用flannel分配网段，被分配的网段都可以ping通

overlay 覆盖型⽹络，不⽀持路由转发，通过数据etcd数据库保存⼦

工作原理：

1.使用flannel为docker主机（宿主）分配网段

2.网段的信息以及IP信息保存在etcd数据库中

3.当flannel开始运行的时候，会从etcd数据库中读取{"Network":"172.20.0.0/16"},随机为当前主机添加一个flannel0网段172.20.36.0(随机）

4.配置docker的daemon文件，让docker0网卡变成和flannel网卡的网段一致，之后docker下创建的容器的IP就在flannel的网段控制之内

flannel详细配置：

注：etcd（数据库，被flannel保存网络地址网段等信息）

主机名	ip	功能	软件
docker	192.168.118.55	主控主机	flannel,etcd,docker
docker1	192.168.118.56	被控主机	flannel,docker

docker主机：主控主机

1.安装flannel(分配ip地址)和etcd(数据库)

yum -y install etcd

yum -y install flannel

2.配置etcd数据库

vim /etc/etcd/etcd.conf

修改第6行和21行

3.启动数据库，设置开机启动

[root@docker ~]# systemctl start etcd.service 

[root@docker ~]# systemctl enable etcd.service 

4.测试端口
[root@docker ~]# netstat -lnput | grep 2379
tcp6       0      0 :::2379                 :::*                    LISTEN      3323/etcd           
[root@docker ~]# netstat -lnput | grep 4001
tcp6       0      0 :::4001                 :::*                    LISTEN      3323/etcd  

5.测试数据库功能

[root@docker ~]# etcdctl set testdir/testkey 1000
1000
[root@docker ~]# etcdctl get testdir/testkey 
1000

6.测试集群健康

[root@docker ~]# etcdctl -C http://192.168.118.55:4001 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://192.168.118.55:2379
cluster is healthy
[root@docker ~]# etcdctl -C http://192.168.118.55:2379 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://192.168.118.55:2379
cluster is healthy

7.配置flannel文件

[root@docker ~]# vim /etc/sysconfig/flanneld 

8.向数据库中存入网段信息

只要是连到flannel,指定之后所有的容器IP地址是127.20.0.0网段

[root@docker ~]# etcdctl mk /atomic.io/network/config '{ "Network" : "172.20.0.0/16" }'
{ "Network" : "172.20.0.0/16" }
[root@docker ~]# etcdctl get /atomic.io/network/config
{ "Network" : "172.20.0.0/16" }

10.启动flannel,在启动flannel服务时，会先读etcd的网段信息

[root@docker ~]# systemctl start flanneld.service 
[root@docker ~]# systemctl enable flanneld.service 

11.查看IP地址

ip a s

flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none 
    inet 172.20.36.0/16 scope global flannel0
       valid_lft forever preferred_lft forever

12.安装docker,启动docker,查看ip

安装docker：

cat << EOF | tee /etc/modules-load.d/k8s.conf 
overlay
br_netfilter
EOFmodprobe overlaymodprobe br_netfiltercat << EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOFsysctl --systemyum install -y yum-utils device-mapper-persistent-data lvm2yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repoyum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

启动docker:

systemctl start docker

查看ip:ip a s

flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none 
    inet 172.20.36.0/16 scope global flannel0
       valid_lft forever preferred_lft forever

docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:33:a2:6d:47 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

13.查看flannel子网ip

[root@docker ~]# cat /run/flannel/subnet.env 
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.36.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false

14.从其他主机复制一份daemon.json(/etc/docker/daemon.json),并且编辑 /usr/lib/systemd/system/docker.service(docker配置文件：套接字文件），然后加载配置，重新启动docker

systemctl daemon-reload

systemctl restart docker

15..修改添加桥ip和路由字节1472-1500（字节不能超过1500），重启启动docker

如果不配置docker的daemon.json文件，那么默认docker容器的IP地址是172.17.0.1，需要修改daemon.json并且重启docker服务，让docker0这个网卡的网段和flannel0网卡的网段一致

[root@docker ~]# vim /etc/docker/daemon.json 

{"registry-mirrors": ["https://do.nark.eu.org","https://dc.j8.work","https://docker.m.daocloud.io","https://dockerproxy.com","https://docker.mirrors.ustc.edu.cn","https://docker.nju.edu.cn"],"hosts": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"],"insecure-registries":["http://192.168.118.55:5000"],"bip" : "172.20.36.1/24","mtu" : 1472
}

[root@docker ~]# systemctl restart docker
 

16.查看IP地址：ip a s

flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none 
    inet 172.20.36.0/16 scope global flannel0
       valid_lft forever preferred_lft forever
docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1472 qdisc noqueue state DOWN group default 
    link/ether 02:42:33:a2:6d:47 brd ff:ff:ff:ff:ff:ff
    inet 172.20.36.1/24 brd 172.20.36.255 scope global docker0
       valid_lft forever preferred_lft forever

17.拉取一个镜像测试ip地址

[root@docker ~]# docker run -it centos:latest /bin/bash
[root@eada65ab4461 /]# [root@docker ~]# 
[root@docker ~]# docker inspect ead | grep IPA
            "SecondaryIPAddresses": null,
            "IPAddress": "172.20.36.2",
                    "IPAMConfig": null,
                    "IPAddress": "172.20.36.2",
 

docker1主机：被控主机

1.下载flannel

yum -y install flannel

2.修改flannel配置文件，配置flannel要访问的etcd数据库所在的位置（连接数据库）

[root@docker1 ~]# vim /etc/sysconfig/flanneld 

配置要从那个数据库中读取数据，从docker中的etcd数据库中读取网络信息

3.启动服务flannel
[root@docker1 ~]# systemctl start flanneld.service 

4.查看IP，分配了一个新的网段

[root@docker1 ~]# ip a s

flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none 
    inet 172.20.70.0/16 scope global flannel0
       valid_lft forever preferred_lft forever
5.查看flannel分配的IP网段

[root@docker1 ~]# cat /run/flannel/subnet.env 
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.70.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false

6.安装docker,启动docker,查看ip,出现docker0

flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none 
    inet 172.20.70.0/16 scope global flannel0
       valid_lft forever preferred_lft forever
docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:4e:6e:c0:01 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0

7.将flannel分配的网段写入到daemon中，重启docker，如果不能重启，就修改一下远程管理

vim  /etc/docker/daemon.json

注意：bip表示桥的IP地址

8.查看ip: ip a s

docker0的IP地址和flannel0的IP地址保持一致

docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1472 qdisc noqueue state DOWN group default 
    link/ether 02:42:4e:6e:c0:01 brd ff:ff:ff:ff:ff:ff
    inet 172.20.70.1/24 brd 172.20.70.255 scope global docker0
 flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none 
    inet 172.20.70.0/16 scope global flannel0
       valid_lft forever preferred_lft forever

 9.拉取一个centos镜像  ，创建一个容器，ping  docker 中容器的IP地址 

[root@docker1 ~]# docker run -it centos:latest /bin/bash
[root@5517e8987039 /]# ping 172.20.36.2
PING 172.20.36.2 (172.20.36.2) 56(84) bytes of data.
64 bytes from 172.20.36.2: icmp_seq=1 ttl=60 time=2.80 ms

10.查看docker1上容器的IP

[root@docker1 ~]# docker inspect 5517|grep IPA
            "SecondaryIPAddresses": null,
            "IPAddress": "172.20.70.2",
                    "IPAMConfig": null,
                    "IPAddress": "172.20.70.2",
 

这篇关于docker网络+跨主机容器之间的通讯的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！

---