使用Flannel网络或自定义网桥实现跨主机容器的互连

最新推荐文章于 2024-10-17 17:32:53 发布
最新推荐文章于 2024-10-17 17:32:53 发布
阅读量605 收藏 1
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/l_s_k/article/details/108532958
版权

Docker基础命令的使用

**

自定义网桥

**

主机名IP地址/子网掩码容器名容器ip
server192.168.200.10/24test1172.172.0.10
client192.168.200.20/24test2172.172.1.10

server

##配置自定义网桥
[root@server ~]# docker network create --subnet=172.172.0.0/24 docker-br0            //创建自定义网桥docker-br0
8e77d9b52d65c6d371c441f9f576128a3566306e8486bd34ab05cfd1d109b503
[root@server ~]# docker network inspect docker-br0                                    //查看网桥的详细信息
[
    {
        "Name": "docker-br0",
        "Id": "8e77d9b52d65c6d371c441f9f576128a3566306e8486bd34ab05cfd1d109b503",
        "Created": "2020-09-07T02:59:44.919156858-04:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.172.0.0/24"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

##在server上配置容器
[root@server ~]# docker run -dit --net docker-br0 --ip 172.172.0.10 --name test1 busybox            //创建容器并指定网桥与ip
3d9bff47359b7755d9ada558c5f6f4543fae889c94aae176334e38a454d26425
[root@server ~]# docker ps
CONTAINER ID        IMAGE                   COMMAND                  CREATED             STATUS              PORTS                              NAMES
3d9bff47359b        busybox                 "sh"                     1 second ago        Up 1 second                                            test1
f5b5128680cd        tomcat                  "/bin/bash"              2 days ago          Up 2 days           8080/tcp                           relaxed_yalow
994152c29684        tomcat                  "/bin/bash"              2 days ago          Up 2 days           0.0.0.0:32772->8080/tcp            tomcat2
48ad526131d2        tomcat                  "/bin/bash"              2 days ago          Up 2 days           0.0.0.0:32769->8080/tcp            tomcat1
1f3dd0434fbc        web:v1.0                "/bin/sh -c '${CAT..."   2 days ago          Up 2 days           0.0.0.0:32768->8081/tcp            elated_knuth
1c8bda415099        nginx                   "nginx -g 'daemon ..."   2 days ago          Up 2 days           0.0.0.0:81->80/tcp                 web1
0a83851d437d        rancher/server:v1.6.5   "/usr/bin/entry /u..."   3 days ago          Up 2 days           3306/tcp, 0.0.0.0:8080->8080/tcp   gallant_bose
8b75de826cae        c9bd19d022f6            "/entrypoint.sh /e..."   3 days ago          Up 2 days           0.0.0.0:5000->5000/tcp             registry
[root@server ~]# docker exec -it test1 /bin/sh                //进入该容器查看IP
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
133: eth0@if134: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
    link/ether 02:42:ac:ac:00:0a brd ff:ff:ff:ff:ff:ff
    inet 172.172.0.10/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:feac:a/64 scope link
       valid_lft forever preferred_lft forever
/ # ping 172.172.0.1 -c3                        //测试连通性
PING 172.172.0.1 (172.172.0.1): 56 data bytes
64 bytes from 172.172.0.1: seq=0 ttl=64 time=0.241 ms
64 bytes from 172.172.0.1: seq=1 ttl=64 time=0.053 ms
64 bytes from 172.172.0.1: seq=2 ttl=64 time=0.054 ms


--- 172.172.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.053/0.116/0.241 ms

client

##配置自定义网桥
[root@client ~]# docker network inspect docker-br0
[
    {
        "Name": "docker-br0",
        "Id": "4f6461a6f7355fb5f24566359ae10a782406a3c3810e2a1476a7bf1afdab6565",
        "Created": "2020-09-07T03:15:57.106936254-04:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.172.1.0/24"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]
##在client上配置容器
[root@client ~]# docker run -dit --name test2 --net docker-br0 --ip 172.172.1.10 busybox
f5a667d05e10331e429fef40ed6bfb0884e9e02111c60c41e3489b47ece79074
[root@client ~]# docker exec -it test2 /bin/sh                //进入该容器查看ip
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
3162: eth0@if3163: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
    link/ether 02:42:ac:ac:01:0a brd ff:ff:ff:ff:ff:ff
    inet 172.172.1.10/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:feac:10a/64 scope link
       valid_lft forever preferred_lft forever
/ # ping -c3 172.172.1.1                        //测试连通性
PING 172.172.1.1 (172.172.1.1): 56 data bytes
64 bytes from 172.172.1.1: seq=0 ttl=64 time=0.268 ms
64 bytes from 172.172.1.1: seq=1 ttl=64 time=0.054 ms
64 bytes from 172.172.1.1: seq=2 ttl=64 time=0.053 ms


--- 172.172.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.053/0.125/0.268 ms

配置路由表和iptable规则

##在server上
[root@server ~]# ip route add 172.172.1.0/24 via 192.168.200.20 dev eno16777736
[root@server ~]# iptables -P INPUT ACCEPT
[root@server ~]# iptables -P FORWARD ACCEPT
[root@server ~]# iptables -F
[root@server ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (0 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION (0 references)
target     prot opt source               destination         


##在client上
[root@client ~]# ip route add 172.172.0.0/24 via 192.168.200.10 dev eno16777736
[root@client ~]# iptables -P INPUT ACCEPT
[root@client ~]# iptables -P FORWARD ACCEPT
[root@client ~]# iptables -F
[root@client ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain CATTLE_FORWARD (0 references)
target     prot opt source               destination         

Chain DOCKER (0 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION (0 references)
target     prot opt source               destination

测试

##server测试
[root@server ~]# docker exec -it test1 /bin/sh        //进入test1容器
/ # ping 172.172.1.10 -c3
PING 172.172.1.10 (172.172.1.10): 56 data bytes
64 bytes from 172.172.1.10: seq=0 ttl=62 time=1.660 ms
64 bytes from 172.172.1.10: seq=1 ttl=62 time=0.859 ms
64 bytes from 172.172.1.10: seq=2 ttl=62 time=0.615 ms

--- 172.172.1.10 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.615/1.044/1.660 ms

##client测试
[root@client ~]# docker exec -it test2 /bin/sh        //进入test2容器
/ # ping 172.172.0.10 -c3
PING 172.172.0.10 (172.172.0.10): 56 data bytes
64 bytes from 172.172.0.10: seq=0 ttl=62 time=0.592 ms
64 bytes from 172.172.0.10: seq=1 ttl=62 time=0.803 ms
64 bytes from 172.172.0.10: seq=2 ttl=62 time=0.569 ms

--- 172.172.0.10 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.569/0.654/0.803 ms

定义Flannel网络

主机名IP地址/子网掩码需安装软件
server192.168.200.10/24etcd、Flannel、Docker
client192.168.200.20/24etcd、Flannel、Docker

server

[root@server ~]# yum install -y flannel           //安装flannel           
[root@server ~]# yum install -y etcd                //安装etcd
[root@server ~]# systemctl start etcd                //启动etcd
[root@server ~]# etcdctl --endpoints http://127.0.0.1:2379 set /coreos.com/network/config '{"Network":"10.0.0.0/16","SubnetLen":24,"SubnetMin":"10.0.1.0","SubnetMax":"10.0.20.0","Backend":{"Type":"vxlan"}}'    //配置Flannel网络
{"Network":"10.0.0.0/16","SubnetLen":"24","SubnetMin":"10.0.1.0","SubnetMax":"10.0.20.0","Backend":{"Type":"vxlan"}}
[root@server ~]# vi /etc/sysconfig/flanneld         //编辑flanneld读取的文件
FLANNEL_ETCD_PREFIX="/coreos.com/network"            //文件改为上面配置的network

[root@server ~]# systemctl daemon-reload
[root@server ~]# systemctl start flanneld            //启动
[root@server ~]# etcdctl ls /coreos.com/network/subnets        //查看etcd中的数据
/coreos.com/network/subnets/10.0.3.0-24        
[root@server ~]# ip a show flannel.1                    //查看flannel.1网卡信息
135: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN
    link/ether b2:49:ca:53:26:79 brd ff:ff:ff:ff:ff:ff
    inet 10.0.3.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::b049:caff:fe53:2679/64 scope link
       valid_lft forever preferred_lft forever

[root@server ~]# systemctl daemon-reload                //重新加载守护进程
[root@server ~]# systemctl restart docker                //重启docker
[root@server ~]# ip a show docker0                        //查看docker0 ip
55: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1450 qdisc noqueue state DOWN
    link/ether 02:42:7b:ea:31:d5 brd ff:ff:ff:ff:ff:ff
    inet 10.0.3.1/24 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:7bff:feea:31d5/64 scope link
       valid_lft forever preferred_lft forever

[root@server ~]# vi /etc/etcd/etcd.conf            //编辑配置文件,使客户端可以访问
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"            //第6行左右

client

//同server端,此处只写出不一样的配置

[root@client ~]# etcdctl --endpoints http://192.168.200.10:2379 set /coreos.com/network/config '{"Network":"10.0.0.0/16","SubnetLen":24,"SubnetMin":"10.0.1.0","SubnetMax":"10.0.20.0","Backend":{"Type":"vxlan"}}'    ///配置Flannel网络
{"Network":"10.0.0.0/16","SubnetLen":24,"SubnetMin":"10.0.1.0","SubnetMax":"10.0.20.0","Backend":{"Type":"vxlan"}}
[root@client ~]# vi /etc/sysconfig/flanneld         //编辑flanneld读取的文件
FLANNEL_ETCD_ENDPOINTS="http://192.168.200.10:2379"        //修改为服务端的ip
FLANNEL_ETCD_PREFIX="/coreos.com/network"            //文件改为上面配置的network
[root@client ~]# systemctl daemon-reload
[root@client ~]# systemctl start flanneld            //启动
[root@client ~]# ip a show flannel.1                //查看ip
3398: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN
    link/ether 66:64:91:e3:59:a3 brd ff:ff:ff:ff:ff:ff
    inet 10.0.20.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::6464:91ff:fee3:59a3/64 scope link
       valid_lft forever preferred_lft forever

[root@client ~]# systemctl daemon-reload                //重新加载守护进程
[root@client ~]# systemctl restart docker                //重启docker
[root@client ~]# ip a show docker0                        //查看docker0 ip
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc noqueue state DOWN
    link/ether 02:42:81:9f:d7:a7 brd ff:ff:ff:ff:ff:ff
    inet 10.42.0.1/16 scope global docker0
       valid_lft forever preferred_lft forever
    inet 10.0.20.1/24 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:81ff:fe9f:d7a7/64 scope link
       valid_lft forever preferred_lft forever

测试

##创建容器
[root@server ~]# docker run -it busybox1         //起容器   
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
154: eth0@if155: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue
    link/ether 02:42:0a:00:03:03 brd ff:ff:ff:ff:ff:ff
    inet 10.0.3.3/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:aff:fe00:303/64 scope link
       valid_lft forever preferred_lft forever

[root@client ~]# docker run -it busybox2          //起容器
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
3409: eth0@if3410: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue
    link/ether 02:42:0a:00:14:03 brd ff:ff:ff:ff:ff:ff
    inet 10.0.20.3/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:aff:fe00:1403/64 scope link
       valid_lft forever preferred_lft forever   


##测试连通性
/ # ping 10.0.20.3 -c3
PING 10.0.20.3 (10.0.20.3): 56 data bytes
64 bytes from 10.0.20.3: seq=0 ttl=62 time=0.787 ms
64 bytes from 10.0.20.3: seq=1 ttl=62 time=0.485 ms
64 bytes from 10.0.20.3: seq=2 ttl=62 time=0.496 ms

--- 10.0.20.3 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.485/0.589/0.787 ms


/ # ping 10.0.3.3 -c3
PING 10.0.3.3 (10.0.3.3): 56 data bytes
64 bytes from 10.0.3.3: seq=0 ttl=62 time=9.061 ms
64 bytes from 10.0.3.3: seq=1 ttl=62 time=0.509 ms
64 bytes from 10.0.3.3: seq=2 ttl=62 time=16.819 ms

--- 10.0.3.3 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.509/8.796/16.819 ms
l_s_k
关注
【云原生进阶之容器】第六章容器网络6.5.1--Calico网络方案综述
junbaozi的专栏
04-16 667
Calico是一个用于容器、虚拟机和基于本地主机的工作负载的开源网络网络安全解决方案。Calico支持广泛的平台,包括Kubernetes、OpenShift、Docker EE、OpenStack和bare metal服务。Calico将灵活的网络功能与随处运行的安全实施相结合,提供了一个具有本地Linux内核性能和真正的云本地可伸缩性的解决方案。
k8s必知必会
哇哦~
01-27 509
目录 1、简述etcd及其特点 2、简述etcd适应的场景 3、简述什么是Kubernetes 4、简述Kubernetes和Docker的关系 5、简述Minikube、Kubectl、Kubelet分别是什么 6、简述Kubernetes常见的部署方式 7、简述Kubernetes如何实现集群管理 8、简述Kubernetes的优势、适应场景及其特点 9、简述Kubernetes的缺点当前的不足之处 10、简述Kubernetes相关基础概念 11、简述Kubernetes集群相
Etcd flannel Docker 实现 docker 跨主机容器之间通讯
06-27
Etcd flannel Docker 实现 docker 跨主机容器之间通讯
定义Flannel网络实现跨主机docker容器通讯
qq_67802965的博客
04-20 486
å·²åŠè½½æ件:已安装完毕!#[Member]ETCD_NAME="etcd1"coreos.com/network"[Unit][Service]inetinetvalid_lft forever preferred_lft forever子网地址etcd.conf [root@CentOS7-1 ~]# vi /etc/etcd/etcd.confETCD_NAME="etcd1"network"[Unit][Service]
Docker flannel网络搭建(跨主机通信)
耕耘
03-18 1620
Docker flannel网络搭建(跨主机通信)
Docker 容器跨主机通信 - Flannel
RAB
09-29 1285
Docker 容器跨主机通信 - Flannel
docker跨主机通信的两种方式
12-11
docker跨主机通信的两种方式。路由方式和网络桥接的实现
docker 同宿主机不同网络容器通信+跨宿主机容器之间网络互连详解
最新发布
m0_66705547的博客
10-17 3798
覆盖网络(Overlay Network)优点:内置支持,易于使用,支持多主机通信和服务发现。缺点:需要 Docker Swarm 模式。第三方网络插件(如 Weave Net)优点:提供更高级的网络功能,适用于复杂网络需求。缺点:需要额外安装和配置。使用桥接网络(变通方法)优点:不需要额外的网络插件,适用于简单的跨宿主机通信。缺点:配置复杂,需要手动设置路由和 IP 转还有种docker compose 需要借助 docker swarm 就不介绍了。
部署docker容器虚拟化平台:Docker网络配置方法详解
通过网络,各个容器可以相互通信,实现服务之间的互连和数据传输。在Docker中,网络按照一定的规则和模式进行配置,以满足不同应用场景下的需求。 ## 1.2 Docker网络配置的重要性 良好的Docker网络配置可以提升容器...
一文带你理解云原生
腾讯技术工程
06-16 2602
作者:William 孟祥龙,腾讯 CDG 系统架构师,从事云原生技术赋能金融科技。本文是一篇云原生的关键知识科普,希望给大家提供一扇云原生的“窗户”,传达三个目标:1、透过窗户看到一棵大...
centos7.4+kubenets v1.11+flannel三节点集群详细安装过程记录
08-20
文档非常详细,包括安装过程中遇到什么坑,怎么解决的都写的非常详细!
Etcd + flannel + Docker 实现 docker 跨主机容器之间通讯 .pdf
06-26
本文档集成了 docker 、flannel、etcd 配置搭建,实现跨主机容器访问技术
flannel 原理 之 子网划分
Network/Storage/Linux Kernel
03-24 1253
flannel 原理 之 子网划分 Docker 通常情况下, 2台物理机上分别安装Docker,Docker分别在2台物理机上,docker0的网桥,其IP地址属于私网网段,例如物理机地址是10.x.x.x,docker0地址通常是192.x.x.x。 任何在物理机上启动的container,其分配的eth0地址都是 192.x.x.x。 但是2台独立的物理机上的container之间是无法通信的,因为物理网络里是没有192.x.x.x网段的信息,无法对其进行路由,更何况物理网络作为基础设施,也不可能动态
flannel和calcio_网络-flannel及calico
weixin_39770165的博客
12-20 272
如上图所示,Flannel首先创建了一个名为flannel0的网桥,而且这个网桥的一端连接docker0网桥,另一端连接一个叫作flanneld的服务进程。flanneld进程上连etcd,利用etcd来管理可分配的IP地址段资源,同时监控etcd中每个Pod的实际地址,并在内存中建立了一个Pod节点路由表;flanneld进程下连docker0和物理网络使用内存中的Pod节点路由表,将dock...
Docker网络管理(bridge、docker自定义网络以及Flannel方案)-笔记4
weixin_33978016的博客
08-19 348
1、容器内部通信Docker容器和服务如此强大的原因之一是在通过网络可以将它们连接在一起,者将它们连接到非Docker工作负载。Docker容器和服务甚至不需要知道它们部署在Docker上,者它们的对等体是否也是Docker工作负载。Docker的网络子系统是可插拔的,使用驱动程序。默认情况下存在多个驱动程序,并提供核心网络功能:bridge:默认网络驱动程序。当你的应用...
Docker- 7.3、跨主机网络-flannel
无痕的博客
12-30 1211
跨主机网路flannel
Docker Flannel 跨主机容器通信解决方案
wtb617806038的博客
06-22 922
Docker Flannel 跨主机容器通信解决方案 方案介绍 Flannel Flannel是 CoreOS 团队针对 Kubernetes 设计的一个覆盖网络(Overlay Network)工具,其目的在于帮助每一个使用 Kuberentes 的 CoreOS 主机拥有一个完整的子网。这次的分享内容将从Flannel的介绍、工作原理及安装和配置三方面来介绍这个工具的使用方法。 Flannel通过给每台宿主机分配一个子网的方式为容器提供虚拟网络,它基于Linux TUN/TAP,使用UDP封装IP包来创
wsl2固定IP地址,主机ping通wsl2
yoongrui
04-11 4075
主机和wsl2互相访问, 注意在wsl2ping通主机时,主机防火墙需要添加入站规则。
搭建flannel网络
钟明家
07-08 533
一、生成Flannel网络TLS证书 在所有集群节点都安装Flannel,下面的操作在k8s-master1上进行,其他节点重复执行即可。(证书生成一次就行) 1、创建证书签名请求 cat > /tmp/certs/flanneld-csr.json <<EOF { "key": { "algo": "rsa", "size": 2048...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值