Docker覆蓋網絡是否支持從主機到容器的通信?
[英]Do docker overlay networks support communication from hosts to container?
問題描述
我有運行服務的裸機主機和提供連接到主機服務的應用程序的Docker主機的混合網絡。 (在我的情況下,運行pyspark的容器中的Jupyter筆記本計算機連接到Spark Master主機以分發工作。)因此,我要求主機網絡能夠解析容器的地址並將流量路由回去。例如,容器正在向服務主機發出RMI調用,但是主機無法路由回(並且失敗)。
如果我使用覆蓋網絡將服務設置為從容器到容器,則一切正常,但是由於無法路由回容器,因此無法使用主機網絡中的基本管理控制台。
以下是我設置覆蓋網絡並在兩台主機之間進行測試的方法。
Docker覆蓋網絡是否支持從主機到容器的通信?
設定
bgercken@docker-manager ~]$ docker network create --driver=overlay --attachable --subnet=192.168.0.208/28 --gateway=192.168.0.209 container-net
[bgercken@docker-manager ~]$ docker container run -d --rm --name container1 -h container1 --net container-net --ip 192.168.0.210 alpine ping 8.8.8.8
[bgercken@titan ~]$ docker container run -d --rm --name container2 -h container2 --net container-net --ip 192.168.0.211 alpine ping 8.8.8.8
31853b87848f7c70e806f6f9c9d7b457fce6d64c0efa832b0e6991034132f453
[bgercken@titan ~]$ docker container exec -it container2 sh
/ # ping -c 1 container1
PING container1 (192.168.0.210): 56 data bytes
64 bytes from 192.168.0.210: seq=0 ttl=64 time=0.656 ms
[bgercken@docker-manager ~]$ docker container exec -it container1 sh
/ # ping -c 1 container2
PING container2 (192.168.0.211): 56 data bytes
64 bytes from 192.168.0.211: seq=0 ttl=64 time=0.557 ms
--- container2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.557/0.557/0.557 ms
/ # ping -c 1 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
64 bytes from 192.168.0.1: seq=0 ttl=63 time=0.492 ms
--- 192.168.0.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.492/0.492/0.492 ms
[root@docker-manager bgercken]# route add -net 192.168.0.208 netmask 255.255.255.240 gw 192.168.0.209
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A DOCKER -p icmp --icmp-type echo-request -j ACCEPT
iptables -A DOCKER -p icmp --icmp-type echo-reply -j ACCEPT
[root@docker-manager bgercken]# ping -c 1 container1
PING container1.ktdev.net (192.168.0.210) 56(84) bytes of data.
From docker-manager.ktdev.net (192.168.0.191) icmp_seq=1 Destination Host Unreachable
--- container1.ktdev.net ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
[root@docker-manager bgercken]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 ens192
10.0.156.64 192.168.0.160 255.255.255.192 UG 0 0 0 tunl0
10.0.173.0 0.0.0.0 255.255.255.192 U 0 0 0 *
10.0.173.11 0.0.0.0 255.255.255.255 UH 0 0 0 calicc9e1866c3e
10.0.173.12 0.0.0.0 255.255.255.255 UH 0 0 0 calibb3849d04c0
10.0.198.64 192.168.0.200 255.255.255.192 UG 0 0 0 tunl0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker_gwbridge
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ens192
192.168.0.208 192.168.0.209 255.255.255.240 UG 0 0 0 ens192
Docker信息
Containers: 52
Running: 37
Paused: 0
Stopped: 15
Images: 37
Server Version: 17.06.2-ee-16
Storage Driver: devicemapper
Pool Name: docker-thinpool
Pool Blocksize: 524.3kB
Base Device Size: 10.74GB
Backing Filesystem: xfs
Data file:
Metadata file:
Data Space Used: 6.259GB
Data Space Total: 153GB
Data Space Available: 146.7GB
Metadata Space Used: 2.085MB
Metadata Space Total: 1.606GB
Metadata Space Available: 1.604GB
Thin Pool Minimum Free Space: 15.3GB
Udev Sync Supported: true
Deferred Removal Enabled: true
Deferred Deletion Enabled: true
Deferred Deleted Device Count: 0
Library Version: 1.02.146-RHEL7 (2018-01-22)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
NodeID: nzx7kf0t3z42yuxmqsw3e96s8
Is Manager: true
ClusterID: m5851n1g1jt62my16of5bbrgw
Managers: 1
Nodes: 3
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
External CAs:
cfssl: https://192.168.0.191:12381/api/v1/cfssl/sign
Root Rotation In Progress: false
Node Address: 192.168.0.191
Manager Addresses:
192.168.0.191:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 6e23458c129b551d5c9871e5174f6b1b7f6d1170
runc version: 462c82662200a17ee39e74692f536067a3576a50
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-862.9.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.51GiB
Name: docker-manager.ktdev.net
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
1 個解決方案
解決方案1
0 已采納 2018-08-05 20:41:09
已解決:Docker通向救援的橋梁
找到了解決我特定問題的方法。 在這種配置中,源自容器的呼叫可以到達主機網絡,並且呼叫可以正確完成。
同意這不是最佳實踐,但是會彌合差距,直到所有工作節點都移入容器為止。
干杯。
細節
為地址池指定一個子網,該地址池將用於在主節點上啟動容器。
子網的所有容器名稱都在DNS中:
#
# 192.168.0.208/28
#
192.168.0.208 dbr0-ep1
192.168.0.209 dbr0-gw
192.168.0.210 container1
...
192.168.0.222 container12
192.168.0.223 dbr0-ep2
在主控主機(titan 192.168.0.160)上創建Docker橋:
docker network create --driver=bridge --subnet=192.168.0.208/28 --gateway=192.168.0.209 dbr0
在每個工作節點主機上添加一條路由,該路由路由回到指定用於運行容器的子網(xxx160是主服務器):
route add -net 192.168.0.208 netmask 255.255.255.240 gw 192.168.0.160
在主服務器(titan)上啟動容器:
[bgercken@titan ~]$ docker container run -d --rm --name container1 -h container1 \
--net=dbr0 --ip=192.168.0.210 debian sleep infinity
...
[bgercken@titan ~]$ ping -c 1 192.168.0.210
PING 192.168.0.210 (192.168.0.210) 56(84) bytes of data.
64 bytes from 192.168.0.210: icmp_seq=1 ttl=64 time=0.027 ms
--- 192.168.0.210 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.027/0.027/0.027/0.000 ms
在工作節點上:
[bgercken@node1 ~]$ ping -c 1 container1
PING container1.ktdev.net (192.168.0.210) 56(84) bytes of data.
64 bytes from container1.ktdev.net (192.168.0.210): icmp_seq=1 ttl=63 time=0.256 ms
--- container1.ktdev.net ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.256/0.256/0.256/0.000 ms
[bgercken@node2 ~]$ ping -c 1 container1
PING container1.ktdev.net (192.168.0.210) 56(84) bytes of data.
64 bytes from container1.ktdev.net (192.168.0.210): icmp_seq=1 ttl=63 time=0.370 ms
--- container1.ktdev.net ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.370/0.370/0.370/0.000 ms
Windows Host和Linux Docker Container之間的通信
[英]Communication between Windows Host and Linux Docker Container
將/ dev / sda1掛載到Docker容器中的/ etc / hosts是什么意思
[英]What is the meaning of mounting /dev/sda1 to /etc/hosts in Docker container
在_interactive_ docker啟動之前,docker容器似乎已經失敗了/ etc / hosts
[英]docker container seems to have failing /etc/hosts until an _interactive_ docker start
Docker 組合設置 Linux Docker 主機 ZA12A3079E14CED46E69BA52B8A90B2 中的地址
[英]Docker Compose Set Linux Docker Host IP Address in Container's /etc/hosts
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
如何從 docker 容器管理主機網絡命名空間
Docker容器可以訪問DNS但不能解析主機
修改正在運行的Docker容器的hosts文件
如何在多主機之間創建docker overlay網絡?
Windows Host和Linux Docker Container之間的通信
將/ dev / sda1掛載到Docker容器中的/ etc / hosts是什么意思
我如何從Docker容器中知道主機的映射端口?
在_interactive_ docker啟動之前,docker容器似乎已經失敗了/ etc / hosts
Docker 組合設置 Linux Docker 主機 ZA12A3079E14CED46E69BA52B8A90B2 中的地址
如何直接從主機執行容器內的命令?
相關標簽