Docker--容器之间的互相连通
主机名IP/子网掩码容器名容器IPcontroller192.168.100.10busybox1172.172.0.10compute192.168.100.20busybox2172.172.1.10自定义网桥实现Docker容器内互联在controller主机上创建自定义网桥,网桥名称为docker-br0,并为其分配IP 172.172.0.0/24 并查看详细信息[root@localh
主机配置
主机名 | IP/子网掩码 | 容器名 | 容器IP |
controller | 192.168.100.10 | busybox1 | 172.172.0.10 |
compute | 192.168.100.20 | busybox2 | 172.172.1.10 |
自定义网桥实现Docker容器内互联
在controller主机上创建自定义网桥,网桥名称为docker-br0,并为其分配IP 172.172.0.0/24 并查看详细信息
[root@localhost ~]# docker network create --subnet=172.172.0.0/24 docker-br0
7207cd9f56e41ee80ee4d90678f40dad8ee9240c9de8e988258214c6163105b9
[root@localhost ~]# docker network inspect docker-br0
[
{
"Name": "docker-br0",
"Id": "7207cd9f56e41ee80ee4d90678f40dad8ee9240c9de8e988258214c6163105b9",
"Created": "2021-03-22T23:06:12.165521025+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.172.0.0/24"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
在controller主机中通过busybox镜像创建名称为busybox1的容器分配IP地址172.172.0.10,并进入容器内部,查看详细信息,可以看到,IP配置成功
[root@localhost ~]# docker run -dit --net docker-br0 --ip 172.172.0.10 --name busybox1 busybox:latest /bin/sh
a0c5fce1d99e0ff0129001274bcbe24e273be76ae05f2b414a901d61747044ae
[root@localhost ~]# docker exec -it busybox1 /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:ac:00:0a brd ff:ff:ff:ff:ff:ff
inet 172.172.0.10/24 brd 172.172.0.255 scope global eth0
valid_lft forever preferred_lft forever
测试busybox1 容器与 controller主机的连通性
/ # ping 172.172.0.1
PING 172.172.0.1 (172.172.0.1): 56 data bytes
64 bytes from 172.172.0.1: seq=0 ttl=64 time=48.860 ms
64 bytes from 172.172.0.1: seq=1 ttl=64 time=0.218 ms
64 bytes from 172.172.0.1: seq=2 ttl=64 time=0.262 ms
64 bytes from 172.172.0.1: seq=3 ttl=64 time=0.209 ms
^C
--- 172.172.0.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.209/12.387/48.860 ms
在compute上配置网桥
在compute主机上创建自定义网桥,网桥名称为docker-br0,并为其分配IP 172.172.1.0/24 并查看详细信息
[root@compute ~]# docker network create --subnet=172.172.1.0/24 docker-br0
6ba878a96885a21f434b34e7584ea9376b4c6a197f75a635d1a574865c253e90
[root@compute ~]# docker network inspect docker-br0
[
{
"Name": "docker-br0",
"Id": "6ba878a96885a21f434b34e7584ea9376b4c6a197f75a635d1a574865c253e90",
"Created": "2021-03-22T15:13:55.89002362+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.172.1.0/24"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
在compute主机中通过busybox镜像创建名称为busybox2的容器分配IP地址172.172.1.10,并进入容器内部,查看详细信息,可以看到,IP配置成功
[root@compute ~]# docker run -dit --net docker-br0 --ip 172.172.1.10 --name busybox2 busybox /bin/sh
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
e5d9363303dd: Pull complete
Digest: sha256:c5439d7db88ab5423999530349d327b04279ad3161d7596d2126dfb5b02bfd1f
Status: Downloaded newer image for busybox:latest
d4fb0b0491f9b0d93ea2cef6a45d7de19ac4f07698779f755be94cf4d02b0d5b
[root@compute ~]# docker exec -it busybox2 /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:ac:01:0a brd ff:ff:ff:ff:ff:ff
inet 172.172.1.10/24 brd 172.172.1.255 scope global eth0
valid_lft forever preferred_lft forever
测试busybox2容器与docker2主机的连通性
/ # ping -c 4 172.172.1.1
PING 172.172.1.1 (172.172.1.1): 56 data bytes
64 bytes from 172.172.1.1: seq=0 ttl=64 time=0.163 ms
64 bytes from 172.172.1.1: seq=1 ttl=64 time=0.179 ms
64 bytes from 172.172.1.1: seq=2 ttl=64 time=0.164 ms
64 bytes from 172.172.1.1: seq=3 ttl=64 time=0.246 ms
--- 172.172.1.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.163/0.188/0.246 ms
测试busybox1和busybox2的连通性,可以看到,无法ping通
[root@controller ~]# docker exec -it busybox1 /bin/sh
/ # ping -c 4 172.172.1.10
PING 172.172.1.10 (172.172.1.10): 56 data bytes
--- 172.172.1.10 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
解决:配置路由表和iptables规则
在 controller 主机和 compute 主机上配置路由表,实现busybox1 容器和 busybox2容器的连通
controller
[root@controller ~]# ip route add 172.172.1.0/24 via 192.168.100.20 dev ens33
[root@controller ~]# iptables -P INPUT ACCEPT
[root@controller ~]# iptables -P FORWARD ACCEPT
[root@controller ~]# iptables -F
[root@controller ~]# iptables -L -n
compute
[root@compute ~]# ip route add 172.172.0.0/24 via 192.168.100.10 dev ens33
[root@compute ~]# iptables -P INPUT ACCEPT
[root@compute ~]# iptables -P FORWARD ACCEPT
[root@compute ~]# iptables -F
[root@compute ~]# iptables -L -n
在 busybox1 容器中测试 busybox2 容器的连通性
/ # ping -c 4 172.172.1.10
PING 172.172.1.10 (172.172.1.10): 56 data bytes
64 bytes from 172.172.1.10: seq=0 ttl=62 time=1.506 ms
64 bytes from 172.172.1.10: seq=1 ttl=62 time=2.994 ms
64 bytes from 172.172.1.10: seq=2 ttl=62 time=2.244 ms
64 bytes from 172.172.1.10: seq=3 ttl=62 time=1.823 ms
--- 172.172.1.10 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.506/2.141/2.994 ms
更多推荐
所有评论(0)