docker网络+跨主机容器之间的通讯

docker网络

使用docker network 查看桥

[root@docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
6cacea2a7a49 bridge bridge local
5546f1e40d41 host host local
2e567ec1e04f none null local

bridge

bridge和nat差不多，是默认的（default)

docker 启动之后会生成新的虚拟网卡，网卡名称为docker0,网段默认是172.17.0.1

所有的容器都桥接docker0,通过桥接共享网络

所有容器连接到桥就可以使⽤外⽹，使⽤nat让容器可以访问外⽹，

使⽤ ip a s指令查看桥，所有容器连接到此桥，ip地址都是

172.17.0.0/16⽹段，桥是启动docker服务后出现，在centos使⽤

bridge-utils安装

[root@docker ~]# yum -y install bridge-utils.x86_64

[root@docker ~]# brctl show

host

优点：使用方便，直接使用宿主机的ip,一般用来测试

缺点：无法并行多个同类的容器

与主机共享⽹络，可让容器连接外⽹

所有容器与docker主机在同⼀个⽹络中，容器和外⽹相互访问

仅主机模式，容器的IP就是宿主机的IP

绑定host主机网络：

[root@docker ~]# docker run -it --network host centos:yum /bin/bash
[root@docker /]# ls
bin etc lib lost+found mnt proc run srv tmp var
dev home lib64 media opt root sbin sys usr
[root@docker /]# yum -y install iproute

[root@docker /]# yum -y install httpd

[root@docker /]# echo "aaaaaaaa" > /var/www/html/index.html
[root@docker /]# systemctl start httpd
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
[root@docker /]# httpd -k start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::a134:1e30:d4f:74a1. Set the 'ServerName' directive globally to suppress this message
[root@docker /]# curl localhost
aaaaaaaa
[root@docker /]# [root@docker ~]#
[root@docker ~]# systemctl stop firewalld
[root@docker ~]# curl 192.168.118.55

aaaaaaaa

在外部查看IP没有：

[root@docker ~]# docker inspect ab8 | grep IPA
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAMConfig": null,
"IPAddress": "",

在浏览器上访问宿主机的IP地址：

跨主机容器之间的通讯

两台不同主机上的容器的连接，如A宿主上的a1容器可以访问B主机上的b1容器

工具：pipwork flannel

flannel技术

使用flannel分配网段，被分配的网段都可以ping通

overlay 覆盖型⽹络，不⽀持路由转发，通过数据etcd数据库保存⼦

⽹信息以及⽹络分配信息

给每台主机分配⼀个⽹段

通过udp传输数据包

工作原理：

1.使用flannel为docker主机（宿主）分配网段

2.网段的信息以及IP信息保存在etcd数据库中

3.当flannel开始运行的时候，会从etcd数据库中读取{"Network":"172.20.0.0/16"},随机为当前主机添加一个flannel0网段172.20.36.0(随机）

4.配置docker的daemon文件，让docker0网卡变成和flannel网卡的网段一致，之后docker下创建的容器的IP就在flannel的网段控制之内

flannel详细配置：

注：etcd（数据库，被flannel保存网络地址网段等信息）

主机名	ip	功能	软件
docker	192.168.118.55	主控主机	flannel,etcd,docker
docker1	192.168.118.56	被控主机	flannel,docker

docker主机：主控主机

1.安装flannel(分配ip地址)和etcd(数据库)

yum -y install etcd

yum -y install flannel

2.配置etcd数据库

vim /etc/etcd/etcd.conf

修改第6行和21行

3.启动数据库，设置开机启动

[root@docker ~]# systemctl start etcd.service

[root@docker ~]# systemctl enable etcd.service

4.测试端口
[root@docker ~]# netstat -lnput | grep 2379
tcp6 0 0 :::2379 :::* LISTEN 3323/etcd
[root@docker ~]# netstat -lnput | grep 4001
tcp6 0 0 :::4001 :::* LISTEN 3323/etcd

5.测试数据库功能

[root@docker ~]# etcdctl set testdir/testkey 1000
1000
[root@docker ~]# etcdctl get testdir/testkey
1000

6.测试集群健康

[root@docker ~]# etcdctl -C http://192.168.118.55:4001 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://192.168.118.55:2379
cluster is healthy
[root@docker ~]# etcdctl -C http://192.168.118.55:2379 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://192.168.118.55:2379
cluster is healthy

7.配置flannel文件

[root@docker ~]# vim /etc/sysconfig/flanneld

8.向数据库中存入网段信息

只要是连到flannel,指定之后所有的容器IP地址是127.20.0.0网段

[root@docker ~]# etcdctl mk /atomic.io/network/config '{ "Network" : "172.20.0.0/16" }'
{ "Network" : "172.20.0.0/16" }
[root@docker ~]# etcdctl get /atomic.io/network/config
{ "Network" : "172.20.0.0/16" }

10.启动flannel,在启动flannel服务时，会先读etcd的网段信息

[root@docker ~]# systemctl start flanneld.service
[root@docker ~]# systemctl enable flanneld.service

11.查看IP地址

ip a s

12.安装docker,启动docker,查看ip

安装docker：

cat << EOF | tee /etc/modules-load.d/k8s.conf 
overlay
br_netfilter
EOF

modprobe overlay

modprobe br_netfilter

cat << EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF

sysctl --system

yum install -y yum-utils device-mapper-persistent-data lvm2

yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

启动docker:

systemctl start docker

查看ip:ip a s

docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:33:a2:6d:47 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever

13.查看flannel子网ip

[root@docker ~]# cat /run/flannel/subnet.env
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.36.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false

14.从其他主机复制一份daemon.json(/etc/docker/daemon.json),并且编辑 /usr/lib/systemd/system/docker.service(docker配置文件：套接字文件），然后加载配置，重新启动docker

systemctl daemon-reload

systemctl restart docker

15..修改添加桥ip和路由字节1472-1500（字节不能超过1500），重启启动docker

如果不配置docker的daemon.json文件，那么默认docker容器的IP地址是172.17.0.1，需要修改daemon.json并且重启docker服务，让docker0这个网卡的网段和flannel0网卡的网段一致

[root@docker ~]# vim /etc/docker/daemon.json

{
    "registry-mirrors": [
        "https://do.nark.eu.org",
        "https://dc.j8.work",
        "https://docker.m.daocloud.io",
        "https://dockerproxy.com",
        "https://docker.mirrors.ustc.edu.cn",
        "https://docker.nju.edu.cn"
    ],
    "hosts": [
	"tcp://0.0.0.0:2375",
	"unix:///var/run/docker.sock"

   ],
    "insecure-registries":[
	"http://192.168.118.55:5000"

   ],
   "bip" : "172.20.36.1/24",
   "mtu" : 1472
}

[root@docker ~]# systemctl restart docker

16.查看IP地址：ip a s

flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 172.20.36.0/16 scope global flannel0
valid_lft forever preferred_lft forever
docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1472 qdisc noqueue state DOWN group default
link/ether 02:42:33:a2:6d:47 brd ff:ff:ff:ff:ff:ff
inet 172.20.36.1/24 brd 172.20.36.255 scope global docker0
valid_lft forever preferred_lft forever

17.拉取一个镜像测试ip地址

[root@docker ~]# docker run -it centos:latest /bin/bash
[root@eada65ab4461 /]# [root@docker ~]#
[root@docker ~]# docker inspect ead | grep IPA
"SecondaryIPAddresses": null,
"IPAddress": "172.20.36.2",
"IPAMConfig": null,
"IPAddress": "172.20.36.2",

docker1主机：被控主机

1.下载flannel

yum -y install flannel

2.修改flannel配置文件，配置flannel要访问的etcd数据库所在的位置（连接数据库）

[root@docker1 ~]# vim /etc/sysconfig/flanneld

配置要从那个数据库中读取数据，从docker中的etcd数据库中读取网络信息

3.启动服务flannel
[root@docker1 ~]# systemctl start flanneld.service

4.查看IP，分配了一个新的网段

[root@docker1 ~]# ip a s

[root@docker1 ~]# cat /run/flannel/subnet.env
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.70.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false

6.安装docker,启动docker,查看ip,出现docker0

flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 172.20.70.0/16 scope global flannel0
valid_lft forever preferred_lft forever
docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:4e:6e:c0:01 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0

7.将flannel分配的网段写入到daemon中，重启docker，如果不能重启，就修改一下远程管理

vim /etc/docker/daemon.json

注意：bip表示桥的IP地址

8.查看ip: ip a s

docker0的IP地址和flannel0的IP地址保持一致

docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1472 qdisc noqueue state DOWN group default
link/ether 02:42:4e:6e:c0:01 brd ff:ff:ff:ff:ff:ff
inet 172.20.70.1/24 brd 172.20.70.255 scope global docker0
flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 172.20.70.0/16 scope global flannel0
valid_lft forever preferred_lft forever

9.拉取一个centos镜像，创建一个容器，ping docker 中容器的IP地址

[root@docker1 ~]# docker run -it centos:latest /bin/bash
[root@5517e8987039 /]# ping 172.20.36.2
PING 172.20.36.2 (172.20.36.2) 56(84) bytes of data.
64 bytes from 172.20.36.2: icmp_seq=1 ttl=60 time=2.80 ms

10.查看docker1上容器的IP

[root@docker1 ~]# docker inspect 5517|grep IPA
"SecondaryIPAddresses": null,
"IPAddress": "172.20.70.2",
"IPAMConfig": null,
"IPAddress": "172.20.70.2",