场景:由于需要做PBR策略路由,每个docker需要分配不同的系统IP地址,使用macvlan组网实现
# 除系统网卡外,再增加2张空白网卡,流量默认走第一张空白网卡,灾备切换走第二张空白网卡
# docker network create -d macvlan --subnet=103.1.1.0/25 --gateway=103.1.1.1 -o parent=eth1 macvlan-net
# 这里的eth1网卡不需要分配IP,二层穿透
#
# docker network create -d macvlan --subnet=103.2.2.0/25 --gateway=103.2.2.1 -o parent=enp5s0f1 macvlan-net-backup
# docker network ls
NETWORK ID NAME DRIVER SCOPE
ac915d2d9a38 bridge bridge local
f27594853b18 host host local
be4dd5a0bb72 macvlan-net macvlan local
975f6c7ab8fb macvlan-net-backup macvlan local
3bb4ac58083e none null local
# docker network inspect macvlan-net
[
{
"Name": "macvlan-net",
"Id": "be4dd5a0bb72b0705e88501603f0285d0070314100c31a1b6dbc8c1d004520d4",
"Created": "2024-09-03T14:52:08.01388903+08:00",
"Scope": "local",
"Driver": "macvlan",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "103.1.1.0/25",
"Gateway": "103.1.1.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"067619eeb324659e3d3ae83060c8eb5024fa7586de5affb862f7603da242579a": {
"Name": "roland-berger",
"EndpointID": "a5082f1fde9d4d6ebd15e8646dc032674bb8d7a4d770f301bf3eb6017fc7b14f",
"MacAddress": "02:42:67:27:e4:08",
"IPv4Address": "103.1.1.8/25",
"IPv6Address": ""
},
"0bd21796c23870f6c8f2b8d1cec394e588232e1cced707d8bd7f3760b78be64e": {
"Name": "longbridge-research",
"EndpointID": "ffd648bd71003f4f48ca0d7d2eccac6dc6475902029a52149caff3e41c8df8a9",
"MacAddress": "02:42:67:27:e4:0c",
"IPv4Address": "103.1.1.12/25",
"IPv6Address": ""
},
"0d3fad48b9ba04e41d04696cf51dc04b8ef117e05b2fe84c97f4c25863beff75": {
"Name": "soundhound-ai",
"EndpointID": "8390d707becf0250e1f17bbae78a74fdc18b6edb754f1927aca146484e39ee98",
"MacAddress": "02:42:67:27:e4:10",
"IPv4Address": "103.1.1.16/25",
"IPv6Address": ""
}
},
"Options": {
"parent": "eth1"
},
"Labels": {}
}
]
# docker network inspect macvlan-net-backup
[
{
"Name": "macvlan-net-backup",
"Id": "975f6c7ab8fb4aee9f02e2a2a1e732ea79e1d8251770f4a3575c871c214fe239",
"Created": "2024-10-30T18:09:53.983483572+08:00",
"Scope": "local",
"Driver": "macvlan",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "103.2.2.0/25",
"Gateway": "103.2.2.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"39579667f33c8c8cb90a6a19137a9758b16dd1faa613d130f7fb520db52a4034": {
"Name": "backup-server",
"EndpointID": "575b2902ec9ee3f9cfd56733190711629dfd29a2179f04e3ca1f9cd711b01a93",
"MacAddress": "02:42:67:2c:ff:03",
"IPv4Address": "103.44.255.3/28",
"IPv6Address": ""
}
},
"Options": {
"parent": "enp5s0f1"
},
"Labels": {}
}
]
# 创建业务容器
# docker run -itd --name poc-test1 --ip=103.1.1.2 --network macvlan-net --privileged --cap-add NET_ADMIN --cap-add NET_BROADCAST --cap-add SYS_ADMIN --cap-add SYS_TIME -v /sys/fs/cgroup:/sys/fs/cgroup -v /export/Logs/nginx/:/export/Logs/nginx/ blueduck-nginx /usr/sbin/init
# 创建灾备切换容器
# docker run -itd --name backup-server --ip=103.2.2.2 --network macvlan-net-backup --privileged --cap-add NET_ADMIN --cap-add NET_BROADCAST --cap-add SYS_ADMIN --cap-add SYS_TIME -v /sys/fs/cgroup:/sys/fs/cgroup -v /export/Logs/nginx/:/export/Logs/nginx/ blueduck-nginx /usr/sbin/init
