docker-network
docker-network
Docker 四种网络模式:
1,不创建网络,封闭式容器
2,创建网络设备 一半在容器内,一半在docker0桥上 默认bridge
3,一个容器加入另外一个容器。共享ip 主机域名。联盟式容器。
4,名称空间直接共享给宿主机。独立的
Docker 网络:docker network ls
[root@nginx ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3e36d9c5d7f7 bridge bridge local
97517e6d8656 host host local
dd08fd3a8168 none null local
例:none
封闭式容器指定网络
docker run –name ss1 -ti --network none – rm bsuybox
None 不指定网络设备 --rm 退出容器即删除容器。 默认不指定网络为bridge
[root@nginx ~]# docker run --name test1 -ti --network none --rm busybox:latest
/ # ifconfig -a
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
联盟容器
指定某一个容器和另外一个容器network相关联。共享同一个名称空间,可以使用一个web容器做测试,我就不做了
[root@nginx ~]# docker run --name test --rm -ti busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:516 (516.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
test2使用test1相同的网络ip地址 172.17.0.2
[root@nginx ~]# docker run --name test2 --rm --network container:test -ti busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
创建一个nginx的web容器直观测试联盟式容器:
[root@nginx ~]# docker run --name nginx1 -dti nginx:latest
[root@nginx ~]# docker exec -t -i nginx1 /bin/bash
root@170a7f77e408:/usr/share/nginx/html# echo "emporerlinux test" >index.html
[root@nginx ~]# docker inspect nginx1 |grep IPAddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
[root@nginx ~]# docker run --name test2 --rm --network container:nginx1 -ti busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # wget -O - -q 127.0.0.1
emporerlinux test
共享宿主机网络
宿主机:
[root@nginx ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:79ff:feb8:765b prefixlen 64 scopeid 0x20<link>
ether 02:42:79:b8:76:5b txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 180 (180.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.5.128 netmask 255.255.255.0 broadcast 192.168.5.255
inet6 fe80::20c:29ff:fef6:84ad prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f6:84:ad txqueuelen 1000 (Ethernet)
RX packets 123857 bytes 166150754 (158.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 54546 bytes 3794140 (3.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 32 bytes 2592 (2.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 32 bytes 2592 (2.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethbffbbc5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::f87f:2eff:fe27:1dc0 prefixlen 64 scopeid 0x20<link>
ether fa:7f:2e:27:1d:c0 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 656 (656.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker:
[root@nginx ~]# docker run --network host -ti --name test --rm busybox:latest
/ # ifconfig
docker0 Link encap:Ethernet HWaddr 02:42:79:B8:76:5B
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:79ff:feb8:765b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:180 (180.0 B)
ens33 Link encap:Ethernet HWaddr 00:0C:29:F6:84:AD
inet addr:192.168.5.128 Bcast:192.168.5.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fef6:84ad/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:123821 errors:0 dropped:0 overruns:0 frame:0
TX packets:54523 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:166146942 (158.4 MiB) TX bytes:3787608 (3.6 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:32 errors:0 dropped:0 overruns:0 frame:0
TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2592 (2.5 KiB) TX bytes:2592 (2.5 KiB)
vethbffbbc5 Link encap:Ethernet HWaddr FA:7F:2E:27:1D:C0
inet6 addr: fe80::f87f:2eff:fe27:1dc0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:656 (656.0 B)
docker-port
-p :80 随机在宿主机产生一个端口 0.0.0.0所有
-p 172.19.22.213::80 宿主机上的该ip地址随机端口映射
-p 80:80 宿主机端口80端口映射容器80端口。
-p 172.19.22.213:8080:80 宿主机对应地址ip.对应8080端口映射到容器80端口。
-P
大写的P 表示随机开放一个大于32768端口的本地端口对外提供服务
[root@nginx ~]# docker run --name nginx1 -dti -P nginx:latest
d5e2b1fcd15b5d25924bb1667a2f1ba1eb6ca238ce352afccba53d8e7471137f
[root@nginx ~]# docker port nginx1
80/tcp -> 0.0.0.0:32768
80/tcp -> :::32768
[root@nginx ~]# curl 127.0.0.1:32768
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@nginx ~]#
自定义docker0桥网络地址段
/ect/docker/daemon.json文件
编辑/etc/docker/daemon.json文件添加配置段。默认安装docker的docker0网桥ip地址为172.17.0.1/16
“bip”: “10.0.0.1/16” 可以更改默认的ip地址段。即新创建容器默认使用bridge时,IP地址段为10.0.0.1/16
dns配置段。默认网关配置段,镜像加速器,守护进程使用tcp套接字或者sock文件都在这个文件中定义:
Docker 守护进程的C/S,其默认仅监听Unix Socket 格式的地址,/var/run/docker.sock,如果使用TCP套接字,/etc/docker/daemon.json:
“hosts”:[“tcp://0.0.0.0:2375”, “unix:///var/run/docker.sock”]
可使用-H选项连接其他主机的docker
docker -H 192.168.5.128:2375 ps -a
默认:
docker0 Link encap:Ethernet HWaddr 02:42:79:B8:76:5B
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:79ff:feb8:765b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:180 (180.0 B)
“bip”: “10.0.0.1/16”
[root@nginx ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:f6:84:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.5.128/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef6:84ad/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:2b:c5:53:43 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/16 brd 10.0.255.255 scope global docker0
valid_lft forever preferred_lft forever
创建自定义网桥
基于新的mybr0桥新建的容器 无法与其他桥的容器通信,需开启net.ipv4.ip_forward=1
[root@nginx docker]# docker network create --driver bridge --subnet 192.168.10.0/24 --gateway 192.168.10.1 mybr0
e4a1e5399382874e4dac5edd29b27ba4bca52928f6012fea50428eeffda35281
[root@nginx docker]# docker network ls
NETWORK ID NAME DRIVER SCOPE
0e9a9a87c800 bridge bridge local
97517e6d8656 host host local
e4a1e5399382 mybr0 bridge local
dd08fd3a8168 none null local
[root@nginx docker]# docker run --network mybr0 -ti --name test --rm busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:0a:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.2/24 brd 192.168.10.255 scope global eth0
valid_lft forever preferred_lft forever
docker其实是在ptables做了DNAT规则,实现端口转发功能。
[root@nginx docker]# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 3 packets, 609 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 192.168.5.140 192.168.5.142 tcp dpt:3122 to:192.168.5.141:22
1 136 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 3 packets, 609 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 26 packets, 1811 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 26 packets, 1811 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * !docker0 10.0.0.0/16 0.0.0.0/0
0 0 MASQUERADE tcp -- * * 0.0.0.0/0 192.168.5.141 tcp dpt:22
0 0 MASQUERADE tcp -- * * 10.0.0.2 10.0.0.2 tcp dpt:80
0 0 MASQUERADE tcp -- * * 10.0.0.3 10.0.0.3 tcp dpt:80
0 0 MASQUERADE tcp -- * * 10.0.0.4 10.0.0.4 tcp dpt:80
0 0 MASQUERADE tcp -- * * 10.0.0.5 10.0.0.5 tcp dpt:80
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:32768 to:10.0.0.2:80
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:32769 to:10.0.0.3:80
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:82 to:10.0.0.4:80
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:81 to:10.0.0.5:80
容器启动参数举例:
可以使用docker run --help 查看启动可以增加的参数,cpu,mem,开机自启动等。
容器默认主机名为容器id 可使用-h 参数指定主机名。
[root@nginx ~]# docker run --name test1 -ti --rm busybox:latest
/ # hostname
6738f3e27b4e
/ # exit
[root@nginx ~]# docker run --name test1 -ti -h emporerlinux --rm busybox:latest
/ # hostname
emporerlinux
–dns 指定dns服务器地址
[root@nginx ~]# docker run --name test1 -ti --dns "1.1.1.1" --rm busybox:latest
/ # cat /etc/resolv.conf
nameserver 1.1.1.1
–dns-search 指定搜索域
[root@nginx ~]# docker run --name test1 -ti --dns "1.1.1.1" --dns-search ilinux.io --rm busybox:latest
/ # cat /etc/resolv.conf
search ilinux.io
nameserver 1.1.1.1
–add-host 注入hosts文件 直接生成主机名域名
[root@nginx ~]# docker run --name test1 -ti --dns "1.1.1.1" --dns-search ilinux.io --add-host emporerlinux.com:6.6.6.6 --rm busybox:latest
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
6.6.6.6 emporerlinux.com
172.17.0.2 ce5dc45c63d6
/ #
本文链接:
/archives/docker-network
版权声明:
本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自
Emporer-Linux!
喜欢就支持一下吧