Overlay在网络技术领域,指的是一种网络架构上叠加的虚拟化技术模式,其大体框架是对基础网络不进行大规模修改的条件下,实现应用在网络上的承载,并能与其它网络业务分离,并且以基于IP的基础网络技术为主。Overlay 技术是在现有的物理网络之上构建一个虚拟网络,上层应用只与虚拟网络相关。
相对macvlan手动管理,overlay属于自动管理docker通信,consul会存储各个docker容器的地址信息,consul相当于overlay的数据库。
配置overlay类型网络:
- 新建一台服务器docker03:docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap
#-p 8500:8500 指定映射端口8500[root@docker03 ~]# docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap Unable to find image 'progrium/consul:latest' locally latest: Pulling from progrium/consul [DEPRECATION NOTICE] registry v2 schema1 support will be removed in an upcoming release. Please contact admins of the docker.io registry NOW to avoid future disruption. c862d82a67a2: Pull complete 0e7f3c08384e: Pull complete 0e221e32327a: Pull complete 09a952464e47: Pull complete 60a1b927414d: Pull complete 4c9f46b5ccce: Pull complete 417d86672aa4: Pull complete b0d47ad24447: Pull complete fd5300bd53f0: Pull complete a3ed95caeb02: Pull complete d023b445076e: Pull complete ba8851f89e33: Pull complete 5d1cefca2a28: Pull complete Digest: sha256:8cc8023462905929df9a79ff67ee435a36848ce7a10f18d6d0faba9306b97274 Status: Downloaded newer image for progrium/consul:latest b8a05d7b2bc363f4130480b3a33eb3588dbb43221371e6d92f410159c55ea827 [root@docker03 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b8a05d7b2bc3 progrium/consul "/bin/start -server …" 15 minutes ago Up 15 minutes 53/tcp, 53/udp, 8300-8302/tcp, 8400/tcp, 8301-8302/udp, 0.0.0.0:8500->8500/tcp consul [root@docker03 ~]#
#-h consul 指定主机名
#--name consul 是容器的名字
#progrium/consul 镜像名
#-server 启动参数,自行百度
#-bootstrap 启动参数,自行百度 -
docker01、02上:
#host 开启和监听2376端口,同时使用docker.sock文件vim /etc/docker/daemon.json { "hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"], "cluster-store": "consul://10.0.0.13:8500", "cluster-advertise": "10.0.0.11:2376", #这里为docker01,docker02的ip "insecure-registries": ["10.0.0.11:5000"] }
#cluster-store 集群信息存储到docker03的sonsul中,指定docker03(10.0.0.13)
#cluster-advertise 自身在集群中的节点名
为了让大家更清楚,我还是傻瓜式的写出来。[root@docker01 ~]# vim /etc/docker/daemon.json { "hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"], "cluster-store": "consul://10.0.0.13:8500", "cluster-advertise": "10.0.0.11:2376", "insecure-registries": ["10.0.0.11:5000"] } [root@docker01 ~]# systemctl restart docker[root@docker02 ~]# vim /etc/docker/daemon.json { "hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"], "cluster-store": "consul://10.0.0.13:8500", "cluster-advertise": "10.0.0.12:2376", "insecure-registries": ["10.0.0.11:5000"] } [root@docker01 ~]# systemctl restart docker#如果docker启动报错:
1.请检查daemon.json 文件是否存在格式问题或者中文字符,注意:文件内不允许用tab进行缩进
2.如果还是报错,请编辑/usr/lib/systemd/system/docker.service,在ExecStart=/usr/bin/dockerd这一行,删掉ExecStart=/usr/bin/dockerd 之后的内容,然后执行systemctl daemon-reload,再重启systemctl restart docker
- 创建好以上步骤后,我们就可以在网页上访问:10.0.0.13:8500
在KEY/VALUE -> docker -> nodes 下如果有你创建的两个节点docker01(10.0.0.11),docker02(10.0.0.12),说明成功。
-
在docker01创建overlay网络:docker network create -d overlay ol13,查看到docker01下出现了ol13网络
[root@docker01 ~]# docker network create -d overlay ol13 d9b3c3fb729206713b1b9e5c55165a37483a3f71a90ab357517c21eb9846ed2c [root@docker01 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 810c045a975d bridge bridge local 1a2a87ff3711 host host local 28a1fbd4c009 macvlan_1 macvlan local 3a7f8b6f580d none null local d9b3c3fb7292 ol13 overlay global [root@docker01 ~]#同时查看docker02,也会出现ol13网络,因为docker network create -d overlay ol13属于全局操作
[root@docker02 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE d34747a4ce4a bridge bridge local 1a2a87ff3711 host host local 21a0a7312fda macvlan_1 macvlan local 3a7f8b6f580d none null local d9b3c3fb7292 ol13 overlay global [root@docker02 ~]#
- 分别在docker01,docker02启动容器busybox
指定网络ol13,容器名fxw01[root@docker01 ~]# docker run -it --network ol13 --name fxw01 busybox:latest /bin/sh / #指定网络ol13,容器名fxw02
[root@docker02 ~]# docker run -it --network ol13 --name fxw02 busybox:latest /bin/sh / # ping fxw01 PING fxw01 (10.0.0.2): 56 data bytes 64 bytes from 10.0.0.2: seq=0 ttl=64 time=14.340 ms 64 bytes from 10.0.0.2: seq=1 ttl=64 time=0.701 ms ^C --- fxw01 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.701/7.520/14.340 ms / #fxw01与fxw02之间可相互完成通信。
fxw01:(docker01宿主机)
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:02
inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:238 (238.0 B) TX bytes:238 (238.0 B)
eth1 Link encap:Ethernet HWaddr 02:42:AC:14:00:02
inet addr:172.20.0.2 Bcast:172.20.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1206 (1.1 KiB) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # / # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:03
inet addr:10.0.0.3 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:238 (238.0 B) TX bytes:238 (238.0 B)
eth1 Link encap:Ethernet HWaddr 02:42:AC:12:00:02
inet addr:172.18.0.2 Bcast:172.18.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1206 (1.1 KiB) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:225 (225.0 B) TX bytes:225 (225.0 B)
/ # [root@docker01 ~]# docker run -it --network ol13 --name fxw03 busybox:latest /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:04
inet addr:10.0.0.4 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth1 Link encap:Ethernet HWaddr 02:42:AC:14:00:03
inet addr:172.20.0.3 Bcast:172.20.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:508 (508.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # [root@docker02 ~]# docker run -it --network ol13 --name fxw04 busybox:latest /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:05
inet addr:10.0.0.5 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth1 Link encap:Ethernet HWaddr 02:42:AC:12:00:03
inet addr:172.18.0.3 Bcast:172.18.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:508 (508.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # 同一个宿主机下,容器的eth1是相同的,而所有容器都与宿主机在同一个网段,所以容器都是10.0.0.0/16网段:
fxw01:10.0.0.2
fxw02:10.0.0.3
fxw03:10.0.0.4
fxw04:10.0.0.5
(自动分配)
具体overlay原理请参看(我真的怕自己讲不好,误导大家):www.cnblogs.com/xiangsikai/…
