文章目录



Overlay网络是为特定目的在物理(底层)网络之上创建的逻辑网络。一个虚拟专用网(VPN),例如,是一种常见类型的overlay网络,它利用互联网创建一个链接到另一个专用网络。Docker可以创建和管理容器之间的 overlay 网络,这可以用于容器化的应用程序之间直接对话。当容器被部署到覆盖(overlay)网络中时,它们被部署在集群中的哪个主机并不重要;它们将直接连接到其他容器化的服务,这些服务以相同的方式存在于相同的覆盖网络中,就像它们存在于相同的物理主机上一样。


Dockeroverlay网络用于在Docker群集群中的机器之间创建网状网络。在本练习中,您将使用两台机器来创建基本的Docker群群集。理想情况下,这些计算机将存在于同一网络段中,以确保它们之间的直接网络连接和快速网络连接。

//host133和 host134

$ docker --version
$ Docker version 20.10.2, build 2291f61

//host133 上,初始化 Docker 集群

$ docker swarm init
...
    docker swarm join --token SWMTKN-1-6bsx4wmpzc5233t23dlyx9n9sxdljn36s2ssk4i9riu7w242pp-b7hbmddtyq51qsnbpks8y46tu 192.168.20.133:2377
...

//host134 上加入 docker swarm 集群

$ docker swarm join --token SWMTKN-1-6bsx4wmpzc5233t23dlyx9n9sxdljn36s2ssk4i9riu7w242pp-b7hbmddtyq51qsnbpks8y46tu 192.168.20.133:2377
This node joined a swarm as a worker.

//任意节点查看swarm,这里是 host133

$ docker info
...
 Swarm: active
  NodeID: crtbx57iybntgam7l8a0ytykr
  Is Manager: true
  ClusterID: uj2btvjio2h7x4yh38f4xjimw
  Managers: 1
  Nodes: 2
  Default Address Pool: 10.0.0.0/8
  SubnetSize: 24
  Data Path Port: 4789
  Orchestration:
   Task History Retention Limit: 5
  Raft:
   Snapshot Interval: 10000
   Number of Old Snapshots to Retain: 0
   Heartbeat Tick: 1
   Election Tick: 10
  Dispatcher:
   Heartbeat Period: 5 seconds
  CA Configuration:
   Expiry Duration: 3 months
   Force Rotate: 0
  Autolock Managers: false
  Root Rotation In Progress: false
  Node Address: 192.168.20.133
  Manager Addresses:
   192.168.20.133:2377
...

//host133 创建一个 overlay 网络

$ docker network create overlaynet1 --driver overlay --subnet 172.45.0.0/16 --gateway 172.45.0.1

$ docker network ls

使用该docker service create命令创建一个服务,该服务将跨越群集集群中的多个节点。通过将容器部署为服务,您可以指定一个容器实例的多个副本以进行水平扩展,或跨集群中的节点扩展容器实例以实现高可用性。为使此示例简单,请创建Alpine Linux的单个容器服务。将此服务命名为alpine-overlay1:

$ docker service create -t --replicas 1 --network overlaynet1 --name alpine-overlay1 alpine:latest
crw1k260illdv3mv4ymkf9gpm
overall progress: 1 out of 1 tasks
1/1: running
verify: Service converged
  • -t :分配一个 tty

//再创建一个服务

$ docker service create -t --replicas 1 --network overlaynet1 --name alpine-overlay2 alpine:latest

//host133上查看

$ docker ps
CONTAINER ID   IMAGE           COMMAND     CREATED         STATUS         PORTS     NAMES
cbd4b697a0c4   alpine:latest   "/bin/sh"   2 minutes ago   Up 2 minutes             alpine-overlay1.1.7xh7afbhrfpqnxdoei5p979ri

//host134上查看

$ docker ps
CONTAINER ID   IMAGE           COMMAND     CREATED              STATUS              PORTS     NAMES
83fac5ecc6b0   alpine:latest   "/bin/sh"   About a minute ago   Up About a minute             alpine-overlay2.1.nnsf8m7xqf236ladj87vwfvej

从输出中看到,一个节点运行了一个容器。

//host133上查看

$ docker inspect alpine-overlay1.1.7xh7afbhrfpqnxdoei5p979ri
...
            "Networks": {
                "overlaynet1": {
                    "IPAMConfig": {
                        "IPv4Address": "172.45.0.3"
                    },
                    "Links": null,
                    "Aliases": [
                        "cbd4b697a0c4"
                    ],
                    "NetworkID": "jaov10fxdpyefaqv1byjmyu7q",
                    "EndpointID": "49628e30ee5dde4accb41e6a3cb2f0c82cfe7d3f855624570a4e37a69f0fc6b1",
                    "Gateway": "",
                    "IPAddress": "172.45.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:2d:00:03",
                    "DriverOpts": null
                }
...

请注意,此容器的IP地址与您在上指定的子网中的预期地址相同。

//host134上查看

$ docker network ls
NETWORK ID     NAME              DRIVER    SCOPE
a43ea7d87998   bridge            bridge    local
c46b808fd314   docker_gwbridge   bridge    local
93cabf935faa   host              host      local
myuoxjiurmwz   ingress           overlay   swarm
bf9661a8f576   none              null      local
jaov10fxdpye   overlaynet1       overlay   swarm

请注意,在 host133上创建的网络,在 host134 上也可见。这是因为使用该overlay驱动程序创建的网络可用于Docker群群集中的所有主机。

//host134

$ docker inspect alpine-overlay2.1.nnsf8m7xqf236ladj87vwfvej
...
            "Networks": {
                "overlaynet1": {
                    "IPAMConfig": {
                        "IPv4Address": "172.45.0.6"
                    },
                    "Links": null,
                    "Aliases": [
                        "83fac5ecc6b0"
                    ],
                    "NetworkID": "jaov10fxdpyefaqv1byjmyu7q",
                    "EndpointID": "947fce3c711d33e55726361e2943b4d1a8bd47881233de13666244da6022817e",
                    "Gateway": "",
                    "IPAddress": "172.45.0.6",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:2d:00:06",
                    "DriverOpts": null
                }
...

通过尝试从一种服务到另一种服务执行ping操作,检查服务之间的网络连接。这里应该注意,类似于部署在同一网络中的静态容器,部署在同一网络中的服务可以使用Docker DNS通过名称相互解析。

//host133,ping host134的容器的网络

$  docker exec -it alpine-overlay1.1.7xh7afbhrfpqnxdoei5p979ri /bin/sh
/ # ping alpine-overlay2
PING alpine-overlay2 (172.45.0.5): 56 data bytes
64 bytes from 172.45.0.5: seq=0 ttl=64 time=0.455 ms
64 bytes from 172.45.0.5: seq=1 ttl=64 time=0.360 ms

//host134 反过来ping

$ docker exec -it alpine-overlay2.1.nnsf8m7xqf236ladj87vwfvej /bin/sh
/ # ping alpine-overlay2
PING alpine-overlay2 (172.45.0.5): 56 data bytes
64 bytes from 172.45.0.5: seq=0 ttl=64 time=0.704 ms

//清理练习

$ docker service rm alpine-overlay1 alpine-overlay2
$ docker network rm overlaynet1

Overlay联网在Docker容器集群中非常有用,因为它允许集群中节点之间的容器水平扩展。从网络的角度来看,这些容器可以通过使用在主机物理网络接口上代理的服务网格直接相互通信。这不仅可以减少延迟,还可以利用Docker的许多功能(例如DNS)简化部署。