bridge容器
听有容器连接到桥就可以使用外网,使用nat让容器可以访问外网使用ipas指令查看桥,所有容器连接到此桥,ip地址都是172.17.0.0/16网段,桥是启动docker服务后出现,在centos使用bridge-utils安装
跨主机的容器 网络连接 A=>mysql B=>java容器
将A -p3306:3306
1.安装bridge-utils
[root@docker ~]# yum -y install bridge-utils2.查看进程
[root@docker ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.024247b004cb no
[root@docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
0791e5b559a2 bridge bridge local
a9058e4eb605 host host local
b5976cf678d1 none null local3.创建主机
docker run -d -p80:80 centos:nginx
docker run -it --network host centos:latest /bin/bash 类似于主机的容器,进入容器
yum -y install httpd 下载httpd
[root@docker /]# echo "=======" > /var/www/html/index.html 写入页面
[root@docker /]# httpd -k start 开启httpd服务
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::cad1:833a:a57c:8cc3. Set the 'ServerName' directive globally to suppress this message
[root@docker /]# curl localhost 在容器内可以访问到
=======
退到主机
[root@docker ~]# curl 192.168.2.81 用Ctrl+P+Q退出,进行访问,可以访问到
=======跨主机容器之间的通讯
flannel
overlay 覆盖型网络,不支持路由转发,通过数据etcd数据库保存子网信息以及网络分配信息
给每台主机分配一个网段
通过udp传输数据包
实操:
主机名 ip 功能 软件
node1 x.x.x.10 主控主机 etcd flannel docker
node2 x.x.x.11 被控制主机 etcd docker
1.安装 flannel(数据分配) etcd(数据库)
[root@node1 ~]# yum -y install etcd
[root@node1 ~]# yum -y install flannel node1和node2都下载2.配置启动etcd
[root@node1 ~]# vim /etc/etcd/etcd.conf
[root@node1 ~]# systemctl start etcd.service
[root@node1 ~]# netstat -lnput | grep 2379 查看端口状态
tcp6 0 0 :::2379 :::* LISTEN 1285/etcd
[root@node1 ~]# netstat -lnput | grep 4001
tcp6 0 0 :::4001 :::* LISTEN 1285/etcd[root@node1 ~]# systemctl enable etcd 开机自启
3.存取
[root@node1 ~]# etcdctl set testdir/testkey0 1000 存
1000[root@node1 ~]# etcdctl get testdir/testkey0 取
10004.测试集群健康
[root@node1 ~]# etcdctl -C http://192.168.2.10:4001 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://192.168.2.10:2379
cluster is healthy
5.修改flannel配置文件[root@node1 ~]# vim /etc/sysconfig/flanneld
6.指定之后容器的ip地址的开头,向数据库存入网端信息
[root@node1 ~]# etcdctl mk /atomic.io/network/config '{ "Network" : "172.20.0.0/16" }'
{ "Network" : "172.20.0.0/16" }
[root@node1 ~]# etcdctl get /atomic.io/network/config
{ "Network" : "172.20.0.0/16" }
7.启动flannel[root@node1 ~]# systemctl start flanneld.service
[root@node1 ~]# systemctl enable flanneld.service
[root@node1 ~]# ip a s
3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 172.20.87.0/16 scope global flannel0
valid_lft forever preferred_lft forever
inet6 fe80::1ca4:371f:8807:91b9/64 scope link flags 800
valid_lft forever preferred_lft forever
8.安装docker9.查看flannel子网ip
[root@node1 ~]# cat /run/flannel/subnet.env
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.87.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
[root@node1 ~]#
10.配置docker环境[root@node1 ~]# scp root@192.168.2.81:/etc/docker/daemon.json /etc/docker/ 从配好的机器复制过来
[root@node1 ~]# vim /usr/lib/systemd/system/docker.service
[root@node1 ~]# vim /etc/docker/daemon.json
[root@node1 ~]# systemctl daemon-reload
[root@node1 ~]# systemctl restart docker.service
[root@node1 ~]# cat /run/flannel/subnet.env
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.87.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
[root@node1 ~]# vim /etc/docker/daemon.json[root@node1 ~]# systemctl restart docker.service
[root@node1 ~]# docker pull centos 拉取基础镜像11.对node2进行配置
[root@node2 ~]# vim /etc/sysconfig/flanneld
[root@node2 ~]# ip a s
3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 172.20.11.0/16 scope global flannel0
valid_lft forever preferred_lft forever
inet6 fe80::7f1d:c425:a9:e718/64 scope link flags 800
valid_lft forever preferred_lft forever
[root@node2 ~]# cat /run/flannel/subnet.env
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.11.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
在node1中
[root@node1 ~]# docker run -it centos:latest /bin/bash
[root@c5351f566cca /]# [root@node1 ~]#
[root@node1 ~]# docker inspect c5 | grep IPADD
[root@node1 ~]# docker inspect c535 | grep IPAdd
"SecondaryIPAddresses": null,
"IPAddress": "172.20.87.2",
"IPAddress": "172.20.87.2",
在node2配置docker然后开启一个容器[root@node2 ~]# docker run -it centos:latest /bin/bash
[root@2e6c4d8d8921 /]# ping 172.20.87.1
PING 172.20.87.1 (172.20.87.1) 56(84) bytes of data.
64 bytes from 172.20.87.1: icmp_seq=1 ttl=61 time=1.42 ms
64 bytes from 172.20.87.1: icmp_seq=2 ttl=61 time=0.540 ms
64 bytes from 172.20.87.1: icmp_seq=3 ttl=61 time=0.392 ms
--- 172.20.87.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.392/0.782/1.416/0.453 ms
显示可以ping通node1中的172.20.87.1就可以了。
小结:
1.安装flanner
yum -y install flanner
2.配置flannel 配置其要访问的etcd数据库所在的位置
vim /etc/sysconfig/flanner
# Flanneld configuration options
# etcd url location. Point this to the server where etcd runs
FLANNEL_ETCD_ENDPOINTS="http://192.168.2.10:2379"
# etcd config key. This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/atomic.io/network"# Any additional options that you want to pass
#FLANNEL_OPTIONS=""3.启动flannel
systemctl start flanneld
4.查看flannel分配的ip网段
cat /run/flanneld/subnet
5.安装docker
6.将flannel分配的网段写入到daemon.json中
[root@node2 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": [
"https://do.nark.eu.org",
"https://dc.j8.work",
"https://docker.m.daocloud.io",
"https://dockerproxy.com",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.nju.edu.cn"
],
"hosts": [
"tcp://0.0.0.0:2375",
"unix:///var/run/docker.sock"
],
"insecure-registries":[
"http://192.168.2.81:5000"
],
"bip" : "172.20.11.1/24",
"mtu" : 1472}
7.重启docker,如果不能重启,就修改一下远程管理
systemctl restart docker.service
8.拉取一个centos镜像
docker pull centos
docker run -it centos:latest /bin/bash
9.ping node1容器的ip地址
ping 172.20.87.1
总结工作原理
1.使用flannel为docker主机(宿主机)分配网段
2.网段的信息以及ip的信息保存在etcd数据库中
3.当flannel开始运行的时候,会从etcd数据库中读取{ "Network" : "172.20.0.0/16" },随机为当前的主机添加一个flannel0网卡172.20.87.1
4.配置docker的daemon文件,让docker0网卡变成和flannel的网段一致,之后docker下创建的容器的ip就在flannel的网段控制之内
