10: docker 跨主机的容器间通信(macvlan / overlay )

Posted jim-xu

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了10: docker 跨主机的容器间通信(macvlan / overlay )相关的知识,希望对你有一定的参考价值。

docker 跨主机的容器间通信(macvlan)

 作用:

虚拟多个mac地址,虚拟出多个网卡给容器用。

 

#创建macvlan网络

docker network create --driver macvlan(要创建的网络类型) --subnet  子网IP段  --gateway 本机网关 -o parent=本机网卡  创建的macvlan网络名称

[root@k8s129 ~]# docker network create --driver macvlan --subnet 192.168.6.0/24 --gateway 192.168.6.254 -o parent=eth0  macvlan_xj

7e4729ca45692d2f2a5e4a2129a39027ac1b3f97331129a5dc07093e12edc9f7

[root@k8s129 ~]# docker network ls  #查看创建好的网络

NETWORK ID          NAME                DRIVER              SCOPE

391cca4ceb1e        bridge              bridge              local

ebb5492e53f3        host                host                local

7e4729ca4569        macvlan_xj          macvlan             local

b087e09b1e13        none                null                local

 

#在另外一台机器,也创建相同的网络

[root@k8s130 yum.repos.d]# docker network create --driver macvlan --subnet 192.168.6.0/24 --gateway 192.168.6.254 -o parent=eth0  macvlan_xj

34d43e62d44f26cee3124124a87187f89a81d8ef65cb7cd2f313f8c856bef7f3

[root@k8s130 yum.repos.d]# docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

922766952baf        bridge              bridge              local

45355ea7ab2b        host                host                local

34d43e62d44f        macvlan_xj          macvlan             local

1de35a0fe6bd        none                null                local

[root@k8s130 yum.repos.d]#

 

#创建使用macvlan 网络的 容器

[root@k8s129 ~]# ping 192.168.6.3  #找到一个没有被使用的IP

PING 192.168.6.3 (192.168.6.3) 56(84) bytes of data.

From 192.168.6.129 icmp_seq=1 Destination Host Unreachable

 

#128机器上面起一个容器,IP地址是:192.168.6.3

[root@k8s129 ~]# docker run -it --network macvlan_xj --ip=192.168.6.3 busybox:latest /bin/sh

/ # ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

7: eth0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue

    link/ether 02:42:c0:a8:06:03 brd ff:ff:ff:ff:ff:ff

    inet 192.168.6.3/24 brd 192.168.6.255 scope global eth0

       valid_lft forever preferred_lft forever

#ping 一下另外一台宿主机IP,发现是可以ping通的

#并且这时候可以直接使用xshell,登录这台容器,就和宿主机一样的效果

/ # ping 192.168.6.130

PING 192.168.6.130 (192.168.6.130): 56 data bytes

64 bytes from 192.168.6.130: seq=0 ttl=64 time=1.104 ms

^C

--- 192.168.6.130 ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max = 0.505/0.804/1.104 ms

/ #

#130机器上面也起一个容器,ip地址是:192.168.6.4

[root@k8s130 yum.repos.d]# docker run -it --network macvlan_xj --ip=192.168.6.4 busybox:latest /bin/sh

/ # ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

5: eth0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue

    link/ether 02:42:c0:a8:06:04 brd ff:ff:ff:ff:ff:ff

    inet 192.168.6.4/24 brd 192.168.6.255 scope global eth0

       valid_lft forever preferred_lft forever

/ # ping 192.168.6.3  # ping 192.168.6.3容器,发现是可以互相ping的,实现了容器互联

PING 192.168.6.3 (192.168.6.3): 56 data bytes

64 bytes from 192.168.6.3: seq=0 ttl=64 time=1.059 ms

^C

--- 192.168.6.3 ping statistics ---

1 packets transmitted, 1 packets received, 0% packet loss

round-trip min/avg/max = 1.059/1.059/1.059 ms

/ #

 缺点:

每次需要手动指定IP地址,分配IP地址(还要去手动的查看这个IP地址有没有被使用)

优点:

性能好,和局域网其它服务器处于同一个网段

-------------------------------

docker跨主机通信之 overlay(重叠网络,vxlan)

 

为支持容器跨主机通信,Docker 提供了 overlay driver,使用户可以创建基于 VxLAN 的 overlay 网络。

VxLAN 可将二层数据封装到 UDP 进行传输,VxLAN 提供与 VLAN 相同的以太网二层服务,但是拥有更强的扩展性和灵活性。

Docerk overlay 网络需要一个 key-value 数据库用于保存网络状态信息(这样就可以知道哪些IP目前是被使用的)

包括 Network、Endpoint、IP 等。Consul、Etcd 和 ZooKeeper 都是 Docker 支持的 key-vlaue 软件,我们这里使用 Consul。

Consul 类似于redis的功能。

 

#安装Consul  (直接起一个Consul 的容器就可以了)

[root@k8s129 ~]# docker run -d -p 8500:8500 -h consul --name consul  --restart=always progrium/consul -server -bootstrap

容器启动后,可以通过 http://192.168.6.129:8500 访问 Consul。

 

#在原有的基础上面增加如下三行:

  "hosts": ["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],#起2376端口,和sock

  "cluster-store": "consul://192.168.6.129:8500",           #consul网络地址

  "cluster-advertise": "192.168.6.129:2376"                

[root@k8s129 ~]# cat /etc/docker/daemon.json    

{

  "registry-mirrors": ["https://aeckruos.mirror.aliyuncs.com"],

  "insecure-registries": ["192.168.6.129:5000"],

  "hosts": ["tcp://0.0.0.0:2376","unix://var/run/docker.sock"],

  "cluster-store": "consul://192.168.6.129:8500",

   "cluster-advertise": "192.168.6.130:2376"

}

[root@k8s129 ~]# vim /usr/lib/systemd/system/docker.service

# for containers run by docker

#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

ExecStart=/usr/bin/dockerd  #上面的这句改成当前的这句

 

#重启 docker daemon。

[root@k8s129 ~]# systemctl daemon-reload  

[root@k8s129 ~]# systemctl restart docker.service

[root@k8s129 ~]# netstat -lntup

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      6120/sshd           

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      6209/master         

tcp6       0      0 :::5000                 :::*                    LISTEN      9063/docker-proxy   

tcp6       0      0 :::2376                 :::*                    LISTEN      8921/dockerd        

tcp6       0      0 :::22                   :::*                    LISTEN      6120/sshd           

tcp6       0      0 ::1:25                  :::*                    LISTEN      6209/master         

[root@k8s129 ~]#

#在把刚才的容器起一下

[root@k8s129 ~]# docker rm `docker ps  -a  -q`

[root@k8s129 ~]# docker run -d -p 8500:8500 -h consul --name consul  --restart=always progrium/consul -server -bootstrap

这个时候网页点击:key.value 在点击docker然后 nodes多点击几次,就会出现我们129 的节点了

 技术图片

 

 

 之后再130机器修改如下:

[root@k8s130 yum.repos.d]# cat /etc/docker/daemon.json

{

  "registry-mirrors": ["https://aeckruos.mirror.aliyuncs.com"],

  "insecure-registries": ["192.168.6.129:5000"],

  "hosts": ["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],

  "cluster-store": "consul://192.168.6.129:8500",

  "cluster-advertise": "192.168.6.130:2376"  #只需要把这个IP改成我们的本机130IP就可以

}

[root@k8s130 yum.repos.d]# vim /usr/lib/systemd/system/docker.service

# for containers run by docker

#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

ExecStart=/usr/bin/dockerd  #上面的这句改成当前的这句

[root@k8s130 yum.repos.d]# systemctl daemon-reload  

[root@k8s130 yum.repos.d]# systemctl restart docker.service

 

之后网页:

就会出现两个节点了

 技术图片

 

 

 

到此我们的环境就准备好了,下面overlay(重叠网络,vxlan)的用法:

 ==

创建overlay网络 

#129或者130创建都可以,在任何一个节点创建网络,会自动同步到另外一台

[root@k8s139 / 130 ~]# docker network ls  

NETWORK ID          NAME                DRIVER              SCOPE

aaa40ad04d54        bridge              bridge              local

45355ea7ab2b        host                host                local

34d43e62d44f        macvlan_xj          macvlan             local

1de35a0fe6bd        none                null                local

[root@k8s130 ~]# docker network rm 34d43e62d44f   #删掉之前创建的macvlan_xj 网络,因为我们要使用192的网段,如果你有两块网卡,比如172网段,就不需要删除,执行下面的指定成172网段的就行s

[root@k8s130 ~]# docker network create -d overlay --subnet 192.168.6.0/24 --gateway 192.168.6.254 oll

[root@k8s130 ~]# docker network ls  

NETWORK ID          NAME                DRIVER              SCOPE

aaa40ad04d54        bridge              bridge              local

45355ea7ab2b        host                host                local

1de35a0fe6bd        none                null                local

be79115dff0b        oll                 overlay             global

[root@k8s130 ~]#

 

#启动容器测试,跨主机pingping百度都可以上外网

[root@k8s129 ~]# docker run -it --network oll --name xujin01 busybox:latest /bin/sh

/ # ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

16: eth0@if17: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue

    link/ether 02:42:c0:a8:06:01 brd ff:ff:ff:ff:ff:ff

    inet 192.168.6.1/24 brd 192.168.6.255 scope global eth0

       valid_lft forever preferred_lft forever

19: eth1@if20: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue

    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff

    inet 172.18.0.2/16 brd 172.18.255.255 scope global eth1

       valid_lft forever preferred_lft forever

/ # ping 192.168.6.2

PING 192.168.6.2 (192.168.6.2): 56 data bytes

64 bytes from 192.168.6.2: seq=0 ttl=64 time=0.996 ms

64 bytes from 192.168.6.2: seq=1 ttl=64 time=1.023 ms

^C

--- 192.168.6.2 ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max = 0.996/1.009/1.023 ms

/ #

 

[root@k8s130 ~]# docker run -it --network oll --name xujin02 busybox:latest /bin/sh

/ # ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue

    link/ether 02:42:c0:a8:06:02 brd ff:ff:ff:ff:ff:ff

    inet 192.168.6.2/24 brd 192.168.6.255 scope global eth0

       valid_lft forever preferred_lft forever

9: eth1@if10: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue

    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff

    inet 172.18.0.2/16 brd 172.18.255.255 scope global eth1

       valid_lft forever preferred_lft forever

/ # ping 192.168.6.1

PING 192.168.6.1 (192.168.6.1): 56 data bytes

64 bytes from 192.168.6.1: seq=0 ttl=64 time=1.245 ms

^C

--- 192.168.6.1 ping statistics ---

1 packets transmitted, 1 packets received, 0% packet loss

round-trip min/avg/max = 1.245/1.245/1.245 ms

/ # ping baidu.com

PING baidu.com (220.181.38.148): 56 data bytes

64 bytes from 220.181.38.148: seq=0 ttl=127 time=35.268 ms

^C

--- baidu.com ping statistics ---

2 packets transmitted, 1 packets received, 50% packet loss

round-trip min/avg/max = 35.268/35.268/35.268 ms

/ #  

 原理图:(来源互联网强哥)

 技术图片

 扩展:

 #查看网络命名空间namespace

容器的网络环境隔离,就是靠网络命名空间隔离的

[root@k8s130 ~]# cd /var/run/docker/netns/

[root@k8s130 netns]# ls

256cde1c8c4e  2-be79115dff

[root@k8s130 netns]# ln -s /var/run/docker/netns/  /var/run/netns   # 默认是看不到网络命名空间,需要做一个软连接

[root@k8s130 netns]# ip netns

256cde1c8c4e (id: 0)

2-be79115dff (id: 1)

[root@k8s130 netns]# ip netns exec 2-be79115dff /bin/bash  #进入网络命名空间

[root@k8s130 netns]# ifconfig   # 此时会发现有个vxlan0,还有一个bro的网络,结合上图就好理解了

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450

        inet 192.168.6.254  netmask 255.255.255.0  broadcast 192.168.6.255

        ether 0e:15:bd:9d:12:a5  txqueuelen 0  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        loop  txqueuelen 1000  (Local Loopback)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

veth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450

        ether 0e:15:bd:9d:12:a5  txqueuelen 0  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

vxlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450

        ether ba:c0:e6:bc:58:7d  txqueuelen 0  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

#在129上面也进入命令空间。也会发现vxlan0,就是这个实现了两个宿主机的容器间的互联

 

以上是关于10: docker 跨主机的容器间通信(macvlan / overlay )的主要内容,如果未能解决你的问题,请参考以下文章

Docker:跨主机容器间通信之overlay [十五]

Docker-----网络自定义网络容器通信跨主机容器通信

docker之docker容器flannel模式多网段跨主机通信

Docker 容器跨主机多网段通信解决方案

docker容器跨主机网络overlay

Docker:macvlan实现容器跨主机通信 [十四]