docker系列--2.docker高级--docker网络模型
查看docker支持的网络
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
1b8da85bd39d bridge bridge local
ec9fb76b1e0f host host local
cc895e4ef13d none null local
A、docker单机网络
- 一、bridge网桥模式
bridge模式为容器的默认模式,它将宿主机的docker0网卡(172.17.0.1)作为容器的网桥;
当创建容器时,容器内部的eth0网卡将和宿主机的docker0网卡进行通信,第一个容器的eth0为172.17.0.2,第二个为172.17.0.3,以此类推…
.
此种方式:
容器内部可通过网桥访问外网;
容器之间可以互相访问;
外部网络可通过宿主机ip访问容器内部,但必须设置网络映射。
宿主机查看网卡(此处截图只放docker0网卡):
[root@localhost ~]# ifconfig
容器内查看网卡(容器最小化安装,若没有ifconfig命令请使用ip addr):
[root@ac4e5e305b9d /]# ip addr
- 二、host模式
使用host模式,容器将和宿主机公用网卡(eth0),不同容器的服务占用不同的端口号,外部网络可通过宿主机ip+容器服务的端口号访问容器,弊端在于当容器内服务的默认端口号冲突时需要手动设置端口号。
[root@localhost ~]# docker run -it --network=host 831691599b88
- container模式
与其他容器共用NetworkNamespace
B、docker跨主机网络
- macvlan模式,docker自带的网络模式
第一步:在各宿主机上都运行以下命令,同时建立macvlan001网络模式(名称可自定义)
仅容器之间可以互相通信,不能访问外网
[root@localhost ~]# docker network create --driver macvlan --subnet=100.0.0.0/24 --gateway=100.0.0.254 -o parent=ens33 macvlan01
84a12aba0344bf9c1da0f49fa039e82587409b650e3ff91f0dfeb05f5c5dad55
[root@localhost ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:76:6d:01:d2 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.66.133 netmask 255.255.255.0 broadcast 192.168.66.255
inet6 fe80::62d:ab9e:c4b0:17a2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:57:a6:dc txqueuelen 1000 (Ethernet)
RX packets 983 bytes 84471 (82.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 291 bytes 32490 (31.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
参数说明
–driver macvlan 驱动名称,macvlan模式固定使用macvlan
–subnet=100.0.0.0/24 子网网段,以此模式启动的容器网络都在此网段内,自己设置
–gateway=100.0.0.254 网关地址
-o parent=ens33 父级网卡,宿主机的某个网卡,能用的网卡都可以
第二步:
在各宿主机上以上一步建立的网络模式启动容器,并指定ip地址,注意容器ID,下一步将验证
[root@localhost ~]# docker run -it --network=macvlan01 --ip=100.0.0.33 831691599b88
[root@21fd2d84d981 /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: eth0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
link/ether 02:42:64:00:00:21 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 100.0.0.33/24 brd 100.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
[root@localhost ~]# docker run -it --network macvlan01 --ip=100.0.0.11 831691599b88
[root@f706772ee75c /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
link/ether 02:42:64:00:00:0b brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 100.0.0.11/24 brd 100.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
第三步:
验证,可以互相ping通
[root@21fd2d84d981 /]# ping 100.0.0.11
PING 100.0.0.11 (100.0.0.11) 56(84) bytes of data.
64 bytes from 100.0.0.11: icmp_seq=1 ttl=64 time=1.56 ms
64 bytes from 100.0.0.11: icmp_seq=2 ttl=64 time=0.470 ms
64 bytes from 100.0.0.11: icmp_seq=3 ttl=64 time=0.428 ms
[root@f706772ee75c /]# ping 100.0.0.33
PING 100.0.0.33 (100.0.0.33) 56(84) bytes of data.
64 bytes from 100.0.0.33: icmp_seq=1 ttl=64 time=0.860 ms
64 bytes from 100.0.0.33: icmp_seq=2 ttl=64 time=0.479 ms
64 bytes from 100.0.0.33: icmp_seq=3 ttl=64 time=0.465 ms
- overlay模式
此方式为bridge和macvlan模式的结合,单机与外网之间使用bridge模式,多机之间使用macvlan模式
图片来自https://www.cnblogs.com/liujunjun/p/12124517.html
#拉取consul镜像
docker pull consul
#运行容器(一个机器执行即可)
docker run -d -p8500:8500 -h consul --name consul consul -server -bootstrap
#所有需要部署的机器修改文件加入以下三行信息,其中xx.xxx为宿主机ip
vim /etc/docker/daemon.json
“hosts”:[“tcp://0.0.0.0:2376”,“unix:///var/run/docker.sock”],
“cluster-store”:“consul://192.168.xx.xxx:8500”,
“cluster-advertise”:“192.168.xx.xxx:2376”
[root@localhost ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://j2iwjl6m.mirror.aliyuncs.com"],
"hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
"cluster-store":"consul://192.168.xx.xxx:8500",
"cluster-advertise":"192.168.xx.xxx:2376"
}
注意:docker19以上版本还需要修改/lib/systemd/system/docker.service的ExecStart,不然启动会报错
然后,分别执行以下:
systemctl daemon-reload
systemctl restart docker
所有机器创建overlay网络
docker network create -d overlay --subnet 172.16.0.0/24 --gateway 172.16.0.254 overlay001
启动容器验证
docker run -it --network overlay001 --name overlay001 imageID /bin/bash