182. Docker跨主机容器之间的通信

1. Docker跨主机容器之间的通信macvlan

默认一个物理网卡，只有一个物理mac地址，虚拟多个mac地址

1. 创建macvlan网络 【两个节点都执行】
docker network create --driver macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 macvlan_1

[root@docker01 ~]# docker run -it --network=macvlan_1 --ip=10.0.0.66 alpine:3.9	
[root@docker02 ~]# docker run -it --network=macvlan_1 --ip=10.0.0.88 alpine:latest 

2. 两个容器相互ping，可pint通正常
/ # ping 10.0.0.66
PING 10.0.0.66 (10.0.0.66): 56 data bytes
64 bytes from 10.0.0.66: seq=0 ttl=64 time=0.631 ms
64 bytes from 10.0.0.66: seq=1 ttl=64 time=1.720 ms
^C


3. 设置eth0的网卡为混杂模式 ubuntu需要开启
ip link set eth0 promisc on

4. 创建使用macvlan网络的容器
docker run -it --network macvlan_1 --ip=10.0.0.200 busybox

2. Dcoker跨主机容器通信之overlay

http://www.cnblogs.com/CloudMan6/p/7270551.html

1.docker03安装docker consul存储ip地址的分配
启动docker服务
systemctl start docker
systemctl enable docker

导入镜像
[root@docker03 ~]# docker load -i docker_progrium_consul.tar.gz 

2.启动容器并设置容器的主机名
[root@docker03 ~]# docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap

3.consul：kv类型的存储数据库（key:value）
docker01、02上操作：
[root@docker01 ~]# vim /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://registry.docker-cn.com"],
  "insecure-registries": ["10.0.0.12"],
  "cluster-store": "consul://10.0.0.13:8500",
  "cluster-advertise": "10.0.0.11:2376"

}

systemctl restart docker

[root@docker02 ~]# vim /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://registry.docker-cn.com"],
  "insecure-registries": ["10.0.0.12"],
  "cluster-store": "consul://10.0.0.13:8500",
  "cluster-advertise": "10.0.0.12:2376"

}

systemctl restart docker

4. 创建overlay网络[docker01 | docker02] 全局网络
[root@docker01 ~]# docker network create -d overlay --subnet 172.16.2.0/24 --gateway 172.16.2.254 ol1
 
5.查看集群网络信息
[root@docker01 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
6c757887ba69        bridge              bridge              local
8501e74d4174        host                host                local
901eb4ba5ac2        macvlan_1           macvlan             local
95dd4834641c        none                null                local
a18966b7d57e        ol1                 overlay             global	#刚创建的overlay网络

6.启动容器测试
[root@docker01 ~]# docker run -it --network ol1 --name test01 alpine:latest 
/ # ping test02
PING test02 (172.16.2.2): 56 data bytes
64 bytes from 172.16.2.2: seq=0 ttl=64 time=20.107 ms
64 bytes from 172.16.2.2: seq=1 ttl=64 time=0.469 ms
64 bytes from 172.16.2.2: seq=2 ttl=64 time=0.442 ms
^C
--- test02 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.442/7.006/20.107 ms

[root@docker02 ~]# docker run -it --network ol1 --name test02 alpine:latest
/ # ping test01
PING test01 (172.16.2.1): 56 data bytes
64 bytes from 172.16.2.1: seq=0 ttl=64 time=1.394 ms
64 bytes from 172.16.2.1: seq=1 ttl=64 time=0.699 ms
64 bytes from 172.16.2.1: seq=2 ttl=64 time=0.421 ms
^C
--- test01 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.421/0.838/1.394 ms

7. 为什么可以ping通呢？
因为内部有一个小DNS
/ # cat /etc/resolv.conf 
nameserver 127.0.0.11      #DNS
options ndots:0
每个容器有两块网卡,eth0实现容器间的通讯,eth1实现容器访问外网（通过nat转换上的网）
每创建一个overlay网络，会自动创建一个网关
看如下架构图

8.登录 http://10.0.0.13:8500/ui/#/dc1/services 查看
结果：有两个nodes

docker overlay网络实现