一、docker⽹络
1.桥接--bridge
所有容器连接到桥就可以使⽤外⽹,使⽤nat让容器可以访问外⽹
使⽤ ip a s指令查看桥,所有容器连接到此桥,ip地址都是 172.17.0.0/16 ⽹段,桥是启动docker服务后出现,在centos使⽤
bridge-utils安装
1.下载bridge-utils
yum -y install bridge-utils.x86_64
2.查看桥⽂件
yum provides *bin/brctl
3.查看桥
brctl show
4.使用network查看桥
docker network ls
2.仅主机--host
与主机共享⽹络,可让容器连接外⽹
所有容器与docker主机在同⼀个⽹络中,容器和外⽹相互访问
创建⼀个新的容器
[root@docker001 000]# docker run -d -p80 -v
查看ip,默认在桥上
[root@docker001 000]# docker inspect a4b6|grep IPA
/opt/:/usr/share/nginx/html/ centosnginx:v1
a4b6324a55e63a0966086a18519dd58fa26eaf91d0017d143d57f25312dfeb85
容器仅仅有lo⽹卡,不能与外界链接,在⾼级应⽤中使⽤,lo⽹卡,⽆法链接外⽹
查看ip,默认在桥上
[root@docker001 000]# docker inspect a4b6|grep IPA "SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAMConfig": null,
"IPAddress": "172.17.0.2",
绑定其他的桥
[root@docker001 000]# docker run -d --network
harbor_harbor centosnginx:v1
21a283fd5e684038d218892700e2b9689c0555bf2c59a554f00554bd0daca55d
[root@docker001 000]# docker inspect 21a2|grep IPAdd
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAddress": "172.19.0.11",
\# 使⽤--network对⽹桥的选择
绑定host主机⽹络
[root@docker001 001]# docker run -it --network host yum:v0 /bin/bash
[root@docker001 /]# yum -y install iprout
\#内部查看ip是本地主机ip
\# 外部查看ip 没有
[root@docker001 001]# docker inspect 306d|grep IPAdd
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAddress": "",
主机名同真机,⽹络也同真机
优点:可以直接访问容器
缺点:端⼝占⽤,多容器同时运⾏⼀个服务,不建议,在测试环境中使⽤0
3.none
容器仅仅有lo⽹卡,不能与外界链接,在⾼级应⽤中使⽤,lo⽹卡,⽆法链接外⽹
二、跨主机容器之间通讯
1.工作原理
使用flannel为docker主机分配网段网段信息及ip信息保存在etcd数据库中flannel运行时,会从etcd数据库中读取配置docker的daemon文件,让docker0网卡和flannel的网段一致
2.flannel
overlay 覆盖型⽹络,不⽀持路由转发,通过数据etcd数据库保存⼦⽹信息以及⽹络分配信息
给每台主机分配⼀个⽹段 ,通过udp传输数据包
3.主控主机:node1
1.安装etcd
#安装etcd数据库
yum -y install etcd
2.安装flannel
#提供跨主机的容器网络通信
yum -y install flannel
3.修改etcd数据库配置
编辑配置文件
vim /etc/etcd/etcd.conf
#----------------------------------------------------------------
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"
#----------------------------------------------------------------
#----------------------------------------------------------------------------
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.1.34:2379,http://192.168.1.34:4001"
#----------------------------------------------------------------------------
4.启动etcd数据库
[root@node1 ~]# systemctl start etcd.service
5.测试端口
[root@node1 ~]# netstat -lnput | grep 2379
tcp6 0 0 :::2379 :::* LISTEN 1560/etcd
[root@node1 ~]# netstat -lnput | grep 4001
tcp6 0 0 :::4001 :::* LISTEN 1560/etcd
6.设置开机自启动
[root@node1 ~]# systemctl enable etcd.service
7.测试数据库的功能
#数据的存取
#使用etcd数据库存入数据
[root@node1 ~]# etcdctl set testdir/testkey0 1000
1000
#使用etcd数据库取出数据
[root@node1 ~]# etcdctl get testdir/testkey0
1000
[root@node1 ~]# etcdctl set b 123
123
[root@node1 ~]#
[root@node1 ~]# etcdctl get b
123
8.测试集群健康
[root@node1 ~]# etcdctl -C http://192.168.1.34:2379 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://192.168.1.34:2379
cluster is healthy
[root@node1 ~]# etcdctl -C http://192.168.1.34:4001 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://192.168.1.34:2379
cluster is healthy
9.修改flannel配置文件
[root@node1 ~]# vim /etc/sysconfig/flanneld
#-----------------------------------------------
FLANNEL_ETCD_ENDPOINTS="http://192.168.1.34:2379"
#-----------------------------------------------
10.向数据库中存⼊⽹段信息
[root@node1 ~]# etcdctl mk /atomic.io/network/config '{"Network":"172.20.0.0/16"}'
{"Network":"172.20.0.0/16"}
[root@node1 ~]# etcdctl get /atomic.io/network/config
{"Network":"172.20.0.0/16"}
[root@node1 ~]# systemctl start flanneld.service
[root@node1 ~]# systemctl enable flanneld.service
11.查看ip地址
[root@node1 ~]# ip a s
12.安装docker
[root@node1 ~]# rz -E
rz waiting to receive.
[root@node1 ~]# ls
anaconda-ks.cfg docker.sh
[root@node1 ~]# source docker.sh
[root@node1 ~]# systemctl start docker.service
13.docker服务没有开启之前查看ip
[root@node1 ~]# ifconfig
14.启动docker服务后查看ip
[root@node1 ~]# systemctl start docker.service
[root@node1 ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:9c:98:9b:7c txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
15.从其他主机复制一份daemon.json文件
[root@node1 ~]# scp root@192.168.1.32:/etc/docker/daemon.json /etc/docker/
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.32' (ECDSA) to the list of known hosts.
root@192.168.1.32's password:
daemon.json 100% 329 126.4KB/s 00:00
#重启docker
[root@node1 ~]# systemctl restart docker.service
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
此时出现启动不了的问题
#修改配置文件
[root@node1 ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd
16.查看flannel的子网ip
[root@node1 ~]# cat /run/flannel/subnet.env
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.76.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
FLANNEL_IPMASQ=false
17.编辑daemon.json文件
[root@node1 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": [
"https://do.nark.eu.org",
"https://dc.j8.work",
"https://docker.m.daocloud.io",
"https://dockerproxy.com",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.nju.edu.cn"
],
"hosts":[
"tcp://0.0.0.0:2375",
"unix:///var/run/docker.sock"
],
"insecure-registries":[
"http://192.168.1.32:5000"
],
"bip" : "172.20.16.1/24",
"mtu" : 1472
}
18.加载配置,重启docker
#重新加载daemon
[root@node1 ~]# systemctl daemon-reload
#重启docker
[root@node1 ~]# systemctl restart docker.service
19.拉取镜像
[root@node1 ~]# docker pull centos
#创建容器
[root@node1 ~]# docker run -it centos:latest /bin/bash
[root@8848da0d2c68 /]# [root@node1 ~]#
#查看容器详细信息
[root@node1 ~]# docker inspect 8848da0d2c68
4.被控主机:node2
1.安装flannel
[root@node2 ~]# yum -y install flannel
2.配置flannel
#配置flannel文件
[root@node2 ~]# vim /etc/sysconfig/flanneld
# Flanneld configuration options
# etcd url location. Point this to the server where etcd runs
#------------------------------------------------
FLANNEL_ETCD_ENDPOINTS="http://192.168.1.34:2379"
#------------------------------------------------
#此处的ip为node1的ip
# etcd config key. This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/atomic.io/network"
# Any additional options that you want to pass
#FLANNEL_OPTIONS=""
3.启动flannel
[root@node2 ~]# systemctl start flanneld.service
4.查看flannel分配的ip
[root@node2 ~]# cat /run/flannel/subnet.env
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.32.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
5.安装docker
#拖拽docker.sh脚本
[root@node2 ~]# rz -E
rz waiting to receive.
[root@node2 ~]# ls
anaconda-ks.cfg docker.sh
#让docker.sh脚本生效
[root@node2 ~]# source docker.sh
#启动docker
[root@node2 ~]# systemctl start docker.service
6.配置deamon
#从node1上传daemon文件到node2
[root@node2 ~]# scp root@192.168.1.34:/etc/docker/daemon.json /etc/docker/
Are you sure you want to continue connecting (yes/no)? yes
root@192.168.1.34's password:
daemon.json 100% 428 274.9KB/s 00:00
#查看flannel分配的ip
[root@node2 ~]# cat /run/flannel/subnet.env
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.32.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
#修改daemon.json文件
[root@node2 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": [
"https://do.nark.eu.org",
"https://dc.j8.work",
"https://docker.m.daocloud.io",
"https://dockerproxy.com",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.nju.edu.cn"
],
"hosts":[
"tcp://0.0.0.0:2375",
"unix:///var/run/docker.sock"
],
#----------------------------------------
"insecure-registries":[
"http://192.168.1.32:5000"
],
"bip" : "172.20.32.1/24",
"mtu" : 1472
#----------------------------------------
}
#修改docker.service文件
[root@node2 ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd
7.重启daemon
#此时重启docker会出现以下错误,按步骤操作即可
[root@node2 ~]# systemctl restart docker.service
Warning: docker.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
#重新加载daemon
[root@node2 ~]# systemctl daemon-reload
#重新启动docker服务
[root@node2 ~]# systemctl restart docker.service
8.拉取centos镜像
[root@node2 ~]# docker pull centos
#创建容器
[root@node2 ~]# docker run -it centos:latest /bin/bash
[root@33d47b2e38ce /]#
#使用ctrl p+q 退出
#查看容器的详细信息
[root@node2 ~]# docker inspect 33d
"Gateway": "172.20.32.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.20.32.2",
"IPPrefixLen": 24,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:14:20:02",
9.ping node1中容器的ip
[root@node2 ~]# ping 172.20.76.1
PING 172.20.76.1 (172.20.76.1) 56(84) bytes of data.
64 bytes from 172.20.76.1: icmp_seq=1 ttl=62 time=1.14 ms
64 bytes from 172.20.76.1: icmp_seq=2 ttl=62 time=0.989 ms
64 bytes from 172.20.76.1: icmp_seq=3 ttl=62 time=0.833 ms
64 bytes from 172.20.76.1: icmp_seq=4 ttl=62 time=0.772 ms
^C
--- 172.20.76.1 ping statistics ---