DOCKER學習_004:Docker網絡
一 簡介
當Docker進程啓動時,會在主機上建立一個名爲docker0的虛擬網橋,此主機上啓動的docker容器會鏈接到這個虛擬網橋上。虛擬網橋的工做方式和物理交換機相似,這樣主機上的全部容器就經過交換機鏈接在了一個二層網絡中。從docker0子網中分配一個ip給容器使用,並設置docker0的ip地址爲容器的默認網關。在主機上建立一對虛擬網卡veth pair設備,docker將veth pair設備的一端放在新建立的容器中,並命名爲eth0(容器的網卡),另外一端放在主機中,以vethxxx這樣相似的名字命名,並將這個網絡設備加入到docker0網橋中。能夠經過brctl show命令查看。而這種網絡模式即稱之爲bridge網絡模式。
除了bridge模式之外,docker原生網絡,還支持另外兩種模式: none和hostmysql
1.1 查看docker的網絡
[root@docker-server1 ~]# docker network lsnginx
NETWORK ID NAME DRIVER SCOPE 01dcd6c7d8fa bridge bridge local 6505e9ea7ccb host host local 7ab639028591 none null local
刪除全部容器web
[root@docker-server1 data]# docker ps -qa |xargs docker rm -f sql
354fe8e46850
2fed9f37d75c
3b821b608a83
993ed9339059
9cd7c00cbfd7
e0ed338e565a
d5fe36b5a71a
b3dc7c8b56cd
a8ec13770dc0
e943751b7ce9
4ee7b1a64be5
a306908b2740
1.2本地的網卡信息
[root@docker-server1 data]# ip addrdocker
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:91:dd:19 brd ff:ff:ff:ff:ff:ff inet 192.168.132.131/24 brd 192.168.132.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::bcf9:af19:a325:e2c7/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default #本身生成的容器網橋 link/ether 02:42:3e:dd:55:81 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:3eff:fedd:5581/64 scope link valid_lft forever preferred_lft forever
1.3 建立一個容器,查看容器網卡
[root@docker-server1 ~]# docker run -it busybox /bin/shjson
Unable to find image 'busybox:latest' locally latest: Pulling from library/busybox 0f8c40e1270f: Pull complete Digest: sha256:1303dbf110c57f3edf68d9f5a16c082ec06c4cf7604831669faf2c712260b5a0 Status: Downloaded newer image for busybox:latest
/ # ip acentos
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 78: eth0@if79: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 #網卡地址 valid_lft forever preferred_lft forever
/ # ip routebash
default via 172.17.0.1 dev eth0 172.17.0.0/16 dev eth0 scope link src 172.17.0.2
1.4 宿主機變化
[root@docker-server1 ~]# ip addr網絡
79: veth5e51ab1@if78: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 46:67:f9:c9:79:8b brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::4467:f9ff:fec9:798b/64 scope link valid_lft forever preferred_lft forever
兩塊網卡使用橋接模式鏈接tcp
二 Docker的bridge網絡
網絡結構示意圖:
2.1 修改docker的默認網絡
[root@docker-server1 ~]# cat /etc/docker/daemon.json
{ "log-driver": "journald", "bip":"192.168.0.1/24" }
[root@docker-server1 ~]# systemctl restart docker
[root@docker-server1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:91:dd:19 brd ff:ff:ff:ff:ff:ff inet 192.168.132.131/24 brd 192.168.132.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::bcf9:af19:a325:e2c7/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:3e:dd:55:81 brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/24 brd 192.168.0.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:3eff:fedd:5581/64 scope link valid_lft forever preferred_lft forever
[root@docker-server1 ~]# docker run -it busybox /bin/sh
/ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 82: eth0@if83: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:c0:a8:00:02 brd ff:ff:ff:ff:ff:ff inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0 valid_lft forever preferred_lft forever
再看宿主機
[root@docker-server1 ~]# ip addr
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:3e:dd:55:81 brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/24 brd 192.168.0.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:3eff:fedd:5581/64 scope link valid_lft forever preferred_lft forever 83: veth6000535@if82: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether e6:4f:5f:61:f6:09 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::e44f:5fff:fe61:f609/64 scope link valid_lft forever preferred_lft forever
在另外一個機器上
2.2 驗證bridge網絡
開啓兩個容器,使用192.168.0.0/24網段
[root@docker-server2 ~]# docker run -it centos /bin/bash
[root@2d28d8051991 /]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:c0:a8:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0 valid_lft forever preferred_lft forever
開另外一個容器
[root@docker-server2 ~]# docker run -it centos /bin/bash
[root@73a145861fe5 /]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:c0:a8:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.0.3/24 brd 192.168.0.255 scope global eth0 valid_lft forever preferred_lft forever
同一個主機的兩個容器能夠互通
[root@2d28d8051991 /]# ping 192.168.0.3 PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data. 64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.218 ms 64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.054 ms 64 bytes from 192.168.0.3: icmp_seq=3 ttl=64 time=0.064 ms 64 bytes from 192.168.0.3: icmp_seq=4 ttl=64 time=0.078 ms
從另外一個主機的容器ping
/ # ping 192.168.0.3 #沒法ping通 PING 192.168.0.3 (192.168.0.3): 56 data bytes
容器通向外部
[root@docker-server1 ~]# docker exec -it c39a503abfae /bin/sh
/ # ping www.baidu.com PING www.baidu.com (103.235.46.39): 56 data bytes 64 bytes from 103.235.46.39: seq=0 ttl=127 time=1252.980 ms 64 bytes from 103.235.46.39: seq=1 ttl=127 time=249.676 ms 64 bytes from 103.235.46.39: seq=2 ttl=127 time=252.693 ms 64 bytes from 103.235.46.39: seq=3 ttl=127 time=306.417 ms / # cat /etc/resolv.conf # Generated by NetworkManager nameserver 8.8.8.8
和外部的DNS同樣
查看bridge網絡信息:
# 經過以下命令會列出bridge網絡的相關信息,其中"Containers"字段的表示是信息是指當前節點上有哪些容器使用了該網絡
[root@docker-server1 ~]# docker network inspect bridge
[ { "Name": "bridge", "Id": "4cac3a734539ba0178f382df11101c40477b9a6714c090a07bdb3278bd47524f", "Created": "2019-11-09T10:19:59.805931858-05:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "192.168.0.1/24", "Gateway": "192.168.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "c39a503abfaeb613551febf4a191d73cab26f381cfba2b972e074c93fc35c0a9": { "Name": "busy_cannon", "EndpointID": "21f2ff7ef65e69117d94a3d80dddde25ee334f12482a866d85e4cf56d7287dbb", "MacAddress": "02:42:c0:a8:00:02", "IPv4Address": "192.168.0.2/24", "IPv6Address": "" } }, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ]
2.4 建立使用bridge網絡容器的示例
[root@docker-server1 ~]# docker run -d --name web1 --net bridge nginx
42c2e52a339b76f44ba912888863810b4b7aaf379a8b5881ca0f4f4cee8622d0
[root@docker-server1 ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT) target prot opt source destination DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination DOCKER all -- anywhere !loopback/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 192.168.0.0/24 anywhere Chain DOCKER (2 references) target prot opt source destination RETURN all -- anywhere anywhere
2.5 基於bridge網絡的容器訪問外部網絡
默認狀況下,基於bridge網絡容器便可訪問外部網絡,這是由於默認狀況下,docker使用了iptables的snat轉發來實現容器對外部的訪問(須要內核開啓net.ipv4.ip_forward=1)
外部網絡訪問基於bridge網絡的容器
若是想讓外界能夠訪問到基於bridge網絡建立的容器提供的服務,則必需要告訴docker要使用的端口。
能夠經過以下方法查看鏡像會使用哪些端口:
[root@docker-server1 ~]# docker inspect nginx | jq .[]."ContainerConfig"."ExposedPorts"
{ "80/tcp": {} }
在建立容器的時候能夠指定這個容器的端口與主機端口的映射關係:
-p: 能夠指定主機與容器的端口關係,冒號左邊是主機的端口,右邊是映射到容器中的端口
-P:該參數會分配鏡像中全部的會使用的端口,並映射到主機上的隨機端口
這種端口映射基於iptables的dnat實現
查看容器的端口狀況:
[root@docker-server1 ~]# docker port 1f980072d2cf
80/tcp -> 0.0.0.0:32768
若是建立容器時,-p參數後面只一個指定端口,意思是主機會隨機一個端口,映射到容器的該指定端口:
下面是一個基於端口映射的示例:
[root@docker-server1 ~]# docker run -d --dns 8.8.8.8 -p 8080:80 -p 2022:22 --name webserver1 httpd:2.4
d386c0b3218db97fe54baf6e03b7f2545aca2108318b87b851a10b8b49b04a6e
[root@docker-server1 ~]# docker run -d --dns 8.8.8.8 -P --name webserver2 httpd:2.4
565f610a0e6a1b09799ee5f85fd7ec8490d320560d212c7b2f488529d63801a5
三 none網絡
故名思議,none網絡就是什麼都沒有的網絡。使用none網絡的容器除了lo,沒有其餘任何網卡,徹底隔離。用於既不須要訪問外部服務,也不容許外部服務訪問本身的應用場景。
3.1 查看none網絡信息
[root@docker-server1 ~]# docker network inspect none
[ { "Name": "none", "Id": "7ab6390285910ad89e0bbfaf857504d455609bd39eb68b39b59cea1b0b2a10b0", "Created": "2019-11-09T02:36:44.439087426-05:00", "Scope": "local", "Driver": "null", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": {}, "Labels": {} } ]
3.2 建立使用none網絡容器的示例
[root@docker-server1 ~]# docker run -it --net none busybox
/ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever / # ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.052 ms 64 bytes from 127.0.0.1: seq=1 ttl=64 time=0.100 ms/ # ping 192.168.0.3 PING 192.168.0.3 (192.168.0.3): 56 data bytes ping: sendto: Network is unreachable / # ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1): 56 data bytes ping: sendto: Network is unreachable
四 host網絡
使用host網絡的主機,與宿主機共享網絡地址,能夠得到最好的數據轉發性能。缺點是,同一個宿主機上的多個容器共享同一個ip地址,若是多容器使用相同的端口,須要自行解決端口衝突問題。
一樣的,能夠經過以下方式
4.1 查看host網絡信息
[root@docker-server1 ~]# docker network inspect host
[ { "Name": "host", "Id": "6505e9ea7ccb39a251ec7ec80fe6198d874e24aff60bc036fde4ac9777aeca8c", "Created": "2019-11-09T02:36:44.449893094-05:00", "Scope": "local", "Driver": "host", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": {}, "Labels": {} } ]
4.2 建立一個使用host網絡容器的示例
# 能夠看到該容器沒有本身的IP地址,由於它直接使用宿主機IP地址
[root@docker-server1 ~]# docker run -it --net host busybox
/ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:91:dd:19 brd ff:ff:ff:ff:ff:ff inet 192.168.132.131/24 brd 192.168.132.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::bcf9:af19:a325:e2c7/64 scope link valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue link/ether 02:42:3e:dd:55:81 brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/24 brd 192.168.0.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:3eff:fedd:5581/64 scope link valid_lft forever preferred_lft forever
容器的網絡和宿主機的網絡如出一轍
缺點是沒法啓動兩個同樣具備應用的容器,由於一個容器啓動以後,佔用一個端口,新的容器就沒法在使用這個端口
以nginx爲例
[root@docker-server1 ~]# docker run -d --net host nginx
[root@docker-server1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d5ce7b93140d nginx "nginx -g 'daemon of…" 8 seconds ago Up 7 seconds charming_nightingale
再啓動一個
[root@docker-server1 ~]# docker run -d --net host nginx
[root@docker-server1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 30255c80abb9 nginx "nginx -g 'daemon of…" 1 second ago Up 1 second infallible_tu [root@docker-server1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 30255c80abb9 nginx "nginx -g 'daemon of…" 3 seconds ago Exited (1) Less than a second ago infallible_tu
五 自定義網絡
Docker除了提供三種的默認網絡模式以外,也容許用戶針對一些特定的應用場景去建立一些自定義的網絡。這樣屬於這個網絡的容器就能夠單獨隔離出來,它們之間能夠相互通訊,而不在這個網絡的容器就不能直接訪問到它們。一個容器能夠屬於多個網絡,同一個自定義
網絡下的容器能夠經過各自的容器名訪問到對方,由於會使用到docker內嵌的一個dns功能。
Docker提供三種自定義網絡驅動
- bridge
- overlay
- macvlan
自定義bridge網絡
5.1 建立一個自定義網絡
建立一個叫做my_net的自定義網絡
[root@docker-server1 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE 4cac3a734539 bridge bridge local 6505e9ea7ccb host host local 7ab639028591 none null local
[root@docker-server1 ~]# docker network create --driver bridge my_net #--driver用於指定網絡類型
b1c2d9c1e522f55187ca9662846c598c1e6973dd75bda756846db1a83a9e317d
能夠經過docker network ls 查看到新建立的my_net網絡相關信息,Subnet表示這個網絡下的子網IP段,那麼基於my_net自定義網絡建立的容器IP都會以該IP段開頭。
[root@docker-server1 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE 4cac3a734539 bridge bridge local 6505e9ea7ccb host host local b1c2d9c1e522 my_net bridge local 7ab639028591 none null local
宿主機也會多一個網卡
[root@docker-server1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:91:dd:19 brd ff:ff:ff:ff:ff:ff inet 192.168.132.131/24 brd 192.168.132.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::bcf9:af19:a325:e2c7/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:3e:dd:55:81 brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/24 brd 192.168.0.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:3eff:fedd:5581/64 scope link valid_lft forever preferred_lft forever 94: br-b1c2d9c1e522: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:cd:4a:25:4f brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global br-b1c2d9c1e522 valid_lft forever preferred_lft forever
多建立一個網卡
[root@docker-server1 ~]# docker network create --driver bridge my_net2 ec4a8380b2d343dd468c7247c80e8c1349f6219dec6c19e3c4e71751981611b6 [root@docker-server1 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:91:dd:19 brd ff:ff:ff:ff:ff:ff inet 192.168.132.131/24 brd 192.168.132.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::bcf9:af19:a325:e2c7/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:3e:dd:55:81 brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/24 brd 192.168.0.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:3eff:fedd:5581/64 scope link valid_lft forever preferred_lft forever 94: br-b1c2d9c1e522: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:cd:4a:25:4f brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global br-b1c2d9c1e522 valid_lft forever preferred_lft forever 95: br-ec4a8380b2d3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:c9:ba:23:ae brd ff:ff:ff:ff:ff:ff inet 172.18.0.1/16 brd 172.18.255.255 scope global br-ec4a8380b2d3 valid_lft forever preferred_lft forever
5.2 基於my_net網絡建立容器:
[root@docker-server1 ~]# docker run -d --net my_net httpd:2.4
[root@docker-server1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES dc64cedce326 httpd:2.4 "httpd-foreground" 6 seconds ago Up 5 seconds 80/tcp optimistic_engelbart
[root@docker-server1 ~]# docker run -it --net my_net busybox
/ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 102: eth0@if103: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever / # ip route default via 172.17.0.1 dev eth0 172.17.0.0/16 dev eth0 scope link src 172.17.0.3
經過指定子網和網關的方式建立自定義網絡
5.3 經過指定子網和網關的方式建立my_net3網絡
[root@docker-server1 ~]# docker network create --driver bridge --subnet 172.22.16.0/24 --gateway 172.22.16.1 my_net3
f42e46889a2ab8930e2dbd828206ebe3c94d68efd0f1fe5ccf042674e6a08189
[root@docker-server1 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE 4cac3a734539 bridge bridge local 6505e9ea7ccb host host local b1c2d9c1e522 my_net bridge local ec4a8380b2d3 my_net2 bridge local f42e46889a2a my_net3 bridge local 7ab639028591 none null local
5.4 建立一個容器使用my_net3網絡
[root@docker-server1 ~]# docker run -it --net my_net3 busybox
/ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 105: eth0@if106: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:16:10:02 brd ff:ff:ff:ff:ff:ff inet 172.22.16.2/24 brd 172.22.16.255 scope global eth0 valid_lft forever preferred_lft forever / # ip route default via 172.22.16.1 dev eth0 172.22.16.0/24 dev eth0 scope link src 172.22.16.2
建立一個容器的使用my_net3網絡的同時指定其ip地址
[root@docker-server1 ~]# docker run -it --network=my_net3 --ip=172.22.16.8 busybox
/ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 107: eth0@if108: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:16:10:08 brd ff:ff:ff:ff:ff:ff inet 172.22.16.8/24 brd 172.22.16.255 scope global eth0 valid_lft forever preferred_lft forever / # ip route default via 172.22.16.1 dev eth0 172.22.16.0/24 dev eth0 scope link src 172.22.16.8
5.5 使用自定義網絡與默認網絡互通
清掉全部容器
[root@docker-server1 ~]# docker ps -qa |xargs docker rm -f
假設咱們在默認的bridge網絡中,還有一個busybox的容器:
此時默認網絡中的容器與my_net2網絡中的容器是沒法互相通訊的。宿主機上網絡結構以下:
以默認網卡建立一個容器
[root@docker-server1 ~]# docker run -it busybox /bin/sh
/ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 111: eth0@if112: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:c0:a8:00:02 brd ff:ff:ff:ff:ff:ff inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0 valid_lft forever preferred_lft forever
自定義網卡建立容器
[root@docker-server1 ~]# docker run -it --net my_net busybox /bin/sh
/ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 115: eth0@if116: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever
[root@docker-server1 ~]# docker run -it --net my_net busybox /bin/sh
/ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 117: eth0@if118: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever / # ping 172.17.0.2 PING 172.17.0.2 (172.17.0.2): 56 data bytes 64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.374 ms 64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.125 ms ^C --- 172.17.0.2 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.125/0.249/0.374 ms / # ping 192.168.0.2 PING 192.168.0.2 (192.168.0.2): 56 data bytes
若是想讓默認bridge網絡的busybox與my_net中的容器通訊,能夠給容器添加一塊自定義網絡的網卡,使用以下指令:
查看容器信息
[root@docker-server1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8423a78ce12d busybox "/bin/sh" 3 minutes ago Up 3 minutes xenodochial_pasteur cbc45429caa8 busybox "/bin/sh" 4 minutes ago Up 4 minutes competent_poitras 623ae56a899c busybox "/bin/sh" 6 minutes ago Up 5 minutes exciting_visvesvaraya
至關因而給623ae56a899c容器添加my_net網卡
root@docker-server1 ~]# docker network connect my_net 623ae56a899c
再查看容器的網卡
/ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 111: eth0@if112: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:c0:a8:00:02 brd ff:ff:ff:ff:ff:ff inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0 valid_lft forever preferred_lft forever 119: eth1@if120: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff inet 172.17.0.4/16 brd 172.17.255.255 scope global eth1 valid_lft forever preferred_lft forever / # ping 172.17.0.2 PING 172.17.0.2 (172.17.0.2): 56 data bytes 64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.195 ms 64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.073 ms ^C --- 172.17.0.2 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.073/0.134/0.195 ms / # ping 172.17.0.3 PING 172.17.0.3 (172.17.0.3): 56 data bytes 64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.194 ms 64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.072 ms
但是my_net依然不能和默認bridge通訊
在添加
[root@docker-server1 ~]# docker network connect bridge cbc45429caa8
第二個容器均可通訊
/ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 115: eth0@if116: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever 121: eth1@if122: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:c0:a8:00:03 brd ff:ff:ff:ff:ff:ff inet 192.168.0.3/24 brd 192.168.0.255 scope global eth1 valid_lft forever preferred_lft forever / # ping 192.168.0.2 PING 192.168.0.2 (192.168.0.2): 56 data bytes 64 bytes from 192.168.0.2: seq=0 ttl=64 time=0.288 ms 64 bytes from 192.168.0.2: seq=1 ttl=64 time=0.147 ms
5.6 刪掉網卡
若是要將webserver新添加的這塊網卡移除,可使用以下命令:
[root@docker-server1 ~]# docker network disconnect bridge cbc45429caa8
/ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 115: eth0@if116: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever / # ping 192.168.0.2 #又不能通訊了 PING 192.168.0.2 (192.168.0.2): 56 data bytes
同一臺宿主機容器互聯
同一臺宿主機上的容器互聯有兩種方式,第一種是基於ip,默認狀況下,同一個宿主機上的容器ip是互通的。另外一種方式是使用--link實現:
docker run -d --name db1 -e "MYSQL_ROOT_PASSWORD=123456" -P mysql:5.6 docker run -d --link db1:db1 --name webserver1 httpd:2.4
博主聲明:本文的內容來源主要來自譽天教育晏威老師,由本人實驗完成操做驗證,須要的博友請聯繫譽天教育(http://www.yutianedu.com/),得到官方贊成或者晏老師(https://www.cnblogs.com/breezey/)本人贊成便可轉載,謝謝!
相關文章
- 1. docker學習(九)——docker網絡
- 2. docker網絡學習-macvlan
- 3. docker網絡學習-flannel
- 4. docker網絡學習-weave
- 5. docker學習-bridge網絡
- 6. Docker學習之網絡篇
- 7. docker學習——docker的bridge網絡
- 8. docker學習筆記——docker網絡配置
- 9. docker學習筆記(六)——docker網絡
- 10. Docker學習筆記 — Docker網絡總結
- 更多相關文章...
- • 您已經學習了 XML Schema,下一步學習什麼呢? - XML Schema 教程
- • 我們已經學習了 SQL,下一步學習什麼呢? - SQL 教程
- • Tomcat學習筆記(史上最全tomcat學習筆記)
- • 適用於PHP初學者的學習線路和建議
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
