Docker实战之自定义网桥

Docker自定义网桥

一. 安装网桥管理工具

1. ubuntu系统

apt-get install bridge-utils

2. Centos系统

yum install bridge-utils

默认情况下，docker启动的时候会创建并配置一个网络接口在linux的内核中；如果已经启动并运行了docker，默认情况下会创建并配置好docker0的网桥。

查看当前的网桥以及接入网桥的网卡：

brctl show

➜  ~ brctl show
bridge name bridge id       STP enabled interfaces
br-89dfec96b8c7     8000.0242a580a633   no
docker0     8000.02428cbcb83d   no      vetha24f64d
                            vethbb782cf

---

二.创建自己的网桥，并指定docker使用新的网桥

首先，停止docker服务，并移除docker0网桥：

# 停止docker服务，并移除docker0网桥
systemctl stop docker

ip link set dev docker0 down
brctl delbr docker0
iptables -t nat -F POSTROUTING

创建自定义网桥：

brctl addbr bridge0
ip addr add 172.16.xx.1/24 dev bridge0
ip link set dev bridge0 up

确认自定义网桥是否正常运行

ip addr show bridge0

4: bridge0:  mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:8c:bc:b8:3d brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:8cff:febc:b83d/64 scope link
       valid_lft forever preferred_lft forever

三. 修改配置，设置docker默认使用新的网桥

修改启动参数

1. ubuntu系统

echo 'DOCKER_OPTS="-b=bridge0"' >> /etc/default/docker

2. Centos系统

echo 'DOCKER_OPTS="-b=bridge0"' >> /etc/sysconfig/docker

修改systemctl启动配置

路径：/lib/systemd/system/docker.service

➜  ~ vim /lib/systemd/system/docker.service

在[Service]模块中添加参数：

EnvironmentFile=-/etc/{default or sysconfig}/docker

修改ExecStart在末尾追加参数$DOCKER_OPTS，运行时/etc/{default or sysconfig}/docker文件DOCKER_OPTS参数内容将替换$DOCKER_OPTS

ExecStart=/usr/bin/dockerd $DOCKER_OPTS

如下：

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
EnvironmentFile=-/etc/default/docker #添加配置文件
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd $DOCKER_OPTS
#ExecStart=/usr/bin/dockerd --insecure-registry 10.1.64.179:8050
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

四. Reload daemon

➜  ~ systemctl daemon-reload

五. 启动docker

➜  ~ systemctl start docker