1.本地网络
1.bridge
所有容器连接到桥就可以使用外网,使用nat让容器可以访问外网,使用ip a s指令查看桥,所有容器连接到此桥,ip地址都是 172.17.0.0/16网段,桥是启动docker服务后出现,在centos使用bridge-utils安装。
下载bridge-utils
[root@docker0 ~]# yum -y install bridge-utils
启动docker并运行了一个容器,发现有两个接口被使用
[root@docker0 ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.0242bbcb6f92 no veth3b2a111
veth432a975
使用docker network查看桥
[root@docker1 ~]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run 'docker network COMMAND --help' for more
information on a command.
[root@docker1 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
01fa71620d73 bridge bridge local
f46543c13863 host host local
c220508b862f none null local
每一台dcoker host上的docker0所在网段完全一样,但是会造成跨主机的容器无法通信。
2.host
与主机共享网络,可让容器连接外网所有容器与docker主机在同一个网络中,容器和外网相互访问。
绑定host主机网络
[root@docker001 001]# docker run -it --network host yum:v0 /bin/bash
[root@docker001 /]# yum -y install iprout
#内部查看ip是本地主机ip
# 外部查看ip 没有
[root@docker001 001]# docker inspect 306d|grep IPAdd
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAddress": "",
主机名同真机,网络也同真机
优点:可以直接访问容器
缺点:端口占用,多容器同时运行一个服务,不建议,在测试环境中使用
3.none
容器仅仅有lo网卡,不能与外界链接,在高级应用中使用lo网卡,无法链接外网
2.跨主机网络
跨主机之间的通讯工具---flannel
overlay 覆盖型网络,不支持路由转发,通过数据etcd数据库保存子网信息以及网络分配信息
部署两台主机
主机名 | ip | 功能 | 软件 |
node1 | x.x.x.10 | 主控主机 | etcd flannel docker |
node2 | x.x.x.11 | 被控主机 | etcd docker |
1.主控
1.安装etcd数据库
yum -y install etcd
2.安装flannel
yum -y install flanneld
3.修改etcd数据库配置
vim /etc/etcd/etcd.conf
4.启动访问
systemctl start etcd.service
5.设置开机自启
systemctl enable etcd.service
6.测试端口
[root@node1 ~]# netstat -lnput |grep 2379
tcp6 0 0 :::2379 :::* LISTEN 2161/etcd
[root@node1 ~]# netstat -lnput |grep 4001
tcp6 0 0 :::4001 :::* LISTEN 2161/etcd
7.测试数据库功能
[root@node1 ~]# etcdctl set testdir/testkey0 1000
1000
[root@node1 ~]# etcdctl get testdir/testkey0 1000
1000
8.修改flannel配置文件
[root@node1 ~]# vim /etc/sysconfig/flanneld
9.向数据库中存入网段信息
[root@node1 ~]# etcdctl mk /atomic.io/network/config '{ "Network":"172.20.0.0/16" }'
[root@node1 ~]# etcdctl get /atomic.io/network/config
{ "Network":"172.20.0.0/16" }
10.启动并设置开机启动flanneld
[root@node1 ~]# systemctl start flanneld
[root@node1 ~]# systemctl enable flanneld
11.查看ip地址
[root@node1 ~]# ip a s
...
3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 172.20.27.0/16 scope global flannel0
valid_lft forever preferred_lft forever
inet6 fe80::23c1:2c4f:5a44:5961/64 scope link flags 800
valid_lft forever preferred_lft forever
12.安装并启动docker
#执行安装docker的脚本
source docker.sh
#启动docker
systemctl start docker
13.启动docker服务后查看ip
systemctl start docker.service
ifconfig
14.从其他主机复制一份daemon.json文件
scp
root@192.168.1.50:/etc/docker/daemon.json /etc/docker/
15.修改添加桥ip和路由字节1472-1500
[root@node1 ~]# vim /etc/docker/daemon.json
[root@node1 ~]# cat /etc/docker/daemon.json
{
"insecure-registries":[
"http://192.168.1.50"
],
"registry-mirrors": [
"https://do.nark.eu.org",
"https://dc.j8.work",
"https://docker.m.daocloud.io",
"https://dockerproxy.com",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.nju.edu.cn"
],
"hosts": [
"tcp://0.0.0.0:2375",
"unix:///var/run/docker.sock"
],
"bip": "172.20.27.1/24",
"mtu": 1472
}
16.修改docker配置文件
vim /usr/lib/systemd/system/docker.service
17.加载配置,重启docker服务
systemctl daemon-reload
systemctl restart docker.service
18.查看ip地址
ip a s
19.拉取一个镜像测试ip地址
docker pull centos
docker run -it centos:latest /bin/bash
2.从控
1.安装flannel
yum -y install flannel
2.配置flanner 配置flannel要访问的etcd数据库所在的位置
cat /etc/sysconfig/flanneld
# Flanneld configuration options
# etcd url location. Point this to the server
where etcd runs
FLANNEL_ETCD_ENDPOINTS="http://192.168.71.10:2379"
# etcd config key. This is the configuration key
that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/atomic.io/network"
# Any additional options that you want to pass
#FLANNEL_OPTIONS=""
3.启动flannel
systemctl star flanneld
4.查看flannel分配的ip网段
cat /run/flannel/subnet.env
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.59.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
5.安装docker
source docker.sh
6.将flannel分配⽹段写入到daemon.json
cat /etc/docker/daemon.json
{
"registry-mirrors": [
"https://do.nark.eu.org",
"https://dc.j8.work",
"https://docker.m.daocloud.io",
"https://dockerproxy.com",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.nju.edu.cn"
],
"hosts": [
"tcp://0.0.0.0:2375",
"unix:///var/run/docker.sock"
],
"insecure-registries":[
"http://192.168.71.50:5000"
],
"bip" : "172.20.99.1/24",
"mtu" : 1472
}
[root@localhost ~]#
7.重启docaker 如果不能重启,就修改一下远程管理
ystemctl restart docker.service
8.拉取⼀个centos镜像
docker pull centos
9.ping node1中容器的ip地址
ping 172.20.27.2