Docker跨主机容器通信

参考：
https://blog.csdn.net/NewTyun/article/details/104191062/
https://www.networkinghowtos.com/howto/enable-ip-forwarding-on-ubuntu-13-04/
https://gist.github.com/tzermias/5408466

1. 环境信息

安装ubuntu docker环境
机器1
IP：172.30.30.231
Docker网段：172.17.231.1

机器2
IP：172.30.30.232
Docker网段：172.17.232.1

2. 修改Docker配置

修改/etc/docker/daemon.json配置docker网段，并重启docker服务

在机器1上修改

op@dev-01:~$ cat /etc/docker/daemon.json
{
  "bip": "172.17.231.1/24"
}
op@dev-01:~$ systemctl reestart docker

在机器2上修改

op@dev-02:~$ cat /etc/docker/daemon.json
{
  "bip": "172.17.232.1/24"
}
op@dev-02:~$ systemctl reestart docker

3. 添加路由规则

在机器1上执行

root@dev-01:~# route add -net 172.17.232.0/24 gw 172.30.30.232
root@dev-01:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.30.30.254   0.0.0.0         UG    0      0        0 eth0
172.17.231.0    0.0.0.0         255.255.255.0   U     0      0        0 docker0
172.17.232.0    172.30.30.232   255.255.255.0   UG    0      0        0 eth0
172.30.30.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
root@dev-01:~#

在机器2上执行

root@dev-02:~# route add -net 172.17.231.0/24 gw 172.30.30.231
root@dev-02:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.30.30.254   0.0.0.0         UG    0      0        0 eth0
172.17.232.0    0.0.0.0         255.255.255.0   U     0      0        0 docker0
172.17.231.0    172.30.30.231   255.255.255.0   UG    0      0        0 eth0
172.30.30.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
root@dev-02:~#

将其写入/etc/rc.local则可以重启机器后仍生效

4. 在两台机器上都配置ip_forward和网卡转发

临时配置ip_forward

root@dev:~# sysctl net.ipv4.ip_forward=1

永久配置ip_forward

编辑配置文件/etc/sysctl.conf，去掉net.ipv4.ip_forward=1前面的#注释，执行sysctl -p使其生效

root@dev:~# cat /etc/sysctl.conf|grep 'net.ipv4.ip_forward'
net.ipv4.ip_forward=1
root@dev:~# sysctl -p

配置网卡转发

root@dev:~# iptables -A FORWARD --in-interface eth0 -j ACCEPT
root@dev:~# iptables --table nat -A POSTROUTING --out-interface docker0 -j MASQUERADE
root@dev:~# iptables-save

5. 测试

在两台机器上分别启动nginx测试docker,默认ip分别为172.17.231.2和172.17.232.2

root@dev:~# docker run -d nginx

在机器1上测试

# 测试ping
root@dev-01:!# ping -c 2 172.17.232.2
PING 172.17.232.2 (172.17.232.2) 56(84) bytes of data.
64 bytes from 172.17.232.2: icmp_seq=1 ttl=63 time=0.255 ms
64 bytes from 172.17.232.2: icmp_seq=2 ttl=63 time=0.239 ms

--- 172.17.232.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.239/0.247/0.255/0.008 ms
# 测试curl
root@dev-01:~# curl 172.17.232.2



Welcome to nginx!



Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.

For online documentation and support please refer to
nginx.org.

Commercial support is available at
nginx.com.

Thank you for using nginx.


root@dev-01:~#

测试成功，同理在机器2上测试一样可以访问。