182. Docker跨主機容器之間的通信

1. Docker跨主機容器之間的通信macvlan

默認一個物理網卡，只有一個物理mac地址，虛擬多個mac地址

1. 創建macvlan網絡 【兩個節點都執行】
docker network create --driver macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 macvlan_1

[root@docker01 ~]# docker run -it --network=macvlan_1 --ip=10.0.0.66 alpine:3.9	
[root@docker02 ~]# docker run -it --network=macvlan_1 --ip=10.0.0.88 alpine:latest 

2. 兩個容器相互ping，可pint通正常
/ # ping 10.0.0.66
PING 10.0.0.66 (10.0.0.66): 56 data bytes
64 bytes from 10.0.0.66: seq=0 ttl=64 time=0.631 ms
64 bytes from 10.0.0.66: seq=1 ttl=64 time=1.720 ms
^C


3. 設置eth0的網卡爲混雜模式 ubuntu需要開啓
ip link set eth0 promisc on

4. 創建使用macvlan網絡的容器
docker run -it --network macvlan_1 --ip=10.0.0.200 busybox

2. Dcoker跨主機容器通信之overlay

http://www.cnblogs.com/CloudMan6/p/7270551.html

1.docker03安裝docker consul存儲ip地址的分配
啓動docker服務
systemctl start docker
systemctl enable docker

導入鏡像
[root@docker03 ~]# docker load -i docker_progrium_consul.tar.gz 

2.啓動容器並設置容器的主機名
[root@docker03 ~]# docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap

3.consul：kv類型的存儲數據庫（key:value）
docker01、02上操作：
[root@docker01 ~]# vim /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://registry.docker-cn.com"],
  "insecure-registries": ["10.0.0.12"],
  "cluster-store": "consul://10.0.0.13:8500",
  "cluster-advertise": "10.0.0.11:2376"

}

systemctl restart docker

[root@docker02 ~]# vim /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://registry.docker-cn.com"],
  "insecure-registries": ["10.0.0.12"],
  "cluster-store": "consul://10.0.0.13:8500",
  "cluster-advertise": "10.0.0.12:2376"

}

systemctl restart docker

4. 創建overlay網絡[docker01 | docker02] 全局網絡
[root@docker01 ~]# docker network create -d overlay --subnet 172.16.2.0/24 --gateway 172.16.2.254 ol1
 
5.查看集羣網絡信息
[root@docker01 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
6c757887ba69        bridge              bridge              local
8501e74d4174        host                host                local
901eb4ba5ac2        macvlan_1           macvlan             local
95dd4834641c        none                null                local
a18966b7d57e        ol1                 overlay             global	#剛創建的overlay網絡

6.啓動容器測試
[root@docker01 ~]# docker run -it --network ol1 --name test01 alpine:latest 
/ # ping test02
PING test02 (172.16.2.2): 56 data bytes
64 bytes from 172.16.2.2: seq=0 ttl=64 time=20.107 ms
64 bytes from 172.16.2.2: seq=1 ttl=64 time=0.469 ms
64 bytes from 172.16.2.2: seq=2 ttl=64 time=0.442 ms
^C
--- test02 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.442/7.006/20.107 ms

[root@docker02 ~]# docker run -it --network ol1 --name test02 alpine:latest
/ # ping test01
PING test01 (172.16.2.1): 56 data bytes
64 bytes from 172.16.2.1: seq=0 ttl=64 time=1.394 ms
64 bytes from 172.16.2.1: seq=1 ttl=64 time=0.699 ms
64 bytes from 172.16.2.1: seq=2 ttl=64 time=0.421 ms
^C
--- test01 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.421/0.838/1.394 ms

7. 爲什麼可以ping通呢？
因爲內部有一個小DNS
/ # cat /etc/resolv.conf 
nameserver 127.0.0.11      #DNS
options ndots:0
每個容器有兩塊網卡,eth0實現容器間的通訊,eth1實現容器訪問外網（通過nat轉換上的網）
每創建一個overlay網絡，會自動創建一個網關
看如下架構圖

8.登錄 http://10.0.0.13:8500/ui/#/dc1/services 查看
結果：有兩個nodes

docker overlay網絡實現