不使用Docker0,如何实现Docker 自定义网络?
为什么要自定义网路?
Docker 不同容器之间通过Docker0相互通信,Docker0 相当于一个路由,不容容器之间的通信请求,通过Docker0 转发,从而实现通信。
这样就会有一个问题,我有一个微服务A,一个微服务B,都需要联网,但是彼此之间不想要它们互相通信,那么,我应该有两个路由器,把他们之间的网络分隔开来,微服务A连接路由器A,微服务B连接路由器B。
打个不恰当的比方,公司里有工作用的网络,专门用来开发调试,有另外一个网络,用来大家连手机上网休闲。
如何实现?
自定义网络
docker 默认的网络是这样的:
[root@master ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
fdb6422b930e bridge bridge local
011b1f4ef6e0 host host local
036c9a4e48f0 none null local
主要有这样几种网络模式:
bridge:桥接 docker(默认,自己创建也使用 bridge 模式)
none:不配置网络
host:和宿主机共享网络
container:容器网络连通!(用的少!局限很大)
创建自定义网络
--driver bridge 设置网络模式
--subnet 192.168.0.1/16 设置子网
--gateway 192.168.0.1 设置网关
mynet 自定义网络的名称
> docker network create --driver bridge --subnet 192.168.0.1/16 --gateway 192.168.0.1 mynet
再次查看网络:
[root@master ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
fdb6422b930e bridge bridge local
011b1f4ef6e0 host host local
39b0bd3511f1 mynet bridge local
036c9a4e48f0 none null local
查看网络的配置信息:
[root@master ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "39b0bd3511f18d421e3d98f207d8030bff75daad7606da122b7c775e7862967f",
"Created": "2020-08-13T18:04:43.194957243-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.1/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
可以看到 子网和网关已经改成我们自己配置的了。
测试自定义网络
启动2个容器,并指定到配置好的自定义网络:
docker run -d -P --name tomacat-01 --net mynet tomcat
docker run -d -P --name tomacat-02 --net mynet tomcat
查看 mynet 的网络配置:
[root@master ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "39b0bd3511f18d421e3d98f207d8030bff75daad7606da122b7c775e7862967f",
"Created": "2020-08-13T18:04:43.194957243-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.1/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"58458b207bd64924b8b0a48342fa3ee2dd37cb13007b2e8af489778dd27825eb": {
"Name": "tomacat-01",
"EndpointID": "c4df4aa340b4c2ecf83649808305028c580b531fc8ee39b8d896031fac453fae",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
},
"7e7667813210702d8b5df80e2b512dd9b22195f84c85974f41ea19e915afb686": {
"Name": "tomacat-03",
"EndpointID": "e16c0ac5b3cddf361f992cf108034b6c0979b2c5798aeb61b03ffe6685267a79",
"MacAddress": "02:42:c0:a8:00:04",
"IPv4Address": "192.168.0.4/16",
"IPv6Address": ""
},
"f51f76d7a7d0fa9d1d974aed9b0631e1d27de8d58612b3815c54c6d4acf9d63a": {
"Name": "tomacat-02",
"EndpointID": "34ca624d1e86ab13d6614dd39c4b3a3dbb9a9d3ecf595e77035286b067f25504",
"MacAddress": "02:42:c0:a8:00:03",
"IPv4Address": "192.168.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
可以看到刚才启动的两个容器的网络配置信息
检查网络之间是否能够ping 通
[root@master ~]# docker exec -it tomacat-01 ping tomacat-02
PING tomacat-02 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomacat-02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.090 ms
64 bytes from tomacat-02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.153 ms
64 bytes from tomacat-02.mynet (192.168.0.3): icmp_seq=3 ttl=64 time=0.104 ms
可以直接通过名字ping通,而通过docker0,只能通过ip ping通,如果想要通过名字ping通,需要通过--link 的方式,往hosts 文件里面写入名字和 ip的绑定关系。
再做一个测试,自定义的两个网络之间的容器是否可以网络访问
step01. 创建新的自定义网络 mynet2
[root@master ~]# docker network create --driver bridge --subnet 190.160.0.1/16 --gateway 190.160.0.1 mynet2
157079c4572404084896bd1aa360e2f489a712d8553663d4643b59875447ba9b
step02. 查看docker 网络信息
[root@master ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
fdb6422b930e bridge bridge local
011b1f4ef6e0 host host local
39b0bd3511f1 mynet bridge local
157079c45724 mynet2 bridge local
036c9a4e48f0 none null local
step03. 创建两个新的容器
[root@master ~]# docker run -d -P --name tomcat-03 --net mynet2 tomcat
f796706b582a585e062e3e753b60a8afa7d356f7abe1a50ce034dff819eacb41
[root@master ~]# docker run -d -P --name tomcat-04 --net mynet2 tomcat
535015649c37149dffe8d30a1ac5a49fad7d837331a67cef5f899187d6a4cc5e
step04. 查看mynet 的信息
[root@master ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "39b0bd3511f18d421e3d98f207d8030bff75daad7606da122b7c775e7862967f",
"Created": "2020-08-13T18:04:43.194957243-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.1/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"58458b207bd64924b8b0a48342fa3ee2dd37cb13007b2e8af489778dd27825eb": {
"Name": "tomacat-01",
"EndpointID": "c4df4aa340b4c2ecf83649808305028c580b531fc8ee39b8d896031fac453fae",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
},
"7e7667813210702d8b5df80e2b512dd9b22195f84c85974f41ea19e915afb686": {
"Name": "tomacat-03",
"EndpointID": "e16c0ac5b3cddf361f992cf108034b6c0979b2c5798aeb61b03ffe6685267a79",
"MacAddress": "02:42:c0:a8:00:04",
"IPv4Address": "192.168.0.4/16",
"IPv6Address": ""
},
"f51f76d7a7d0fa9d1d974aed9b0631e1d27de8d58612b3815c54c6d4acf9d63a": {
"Name": "tomacat-02",
"EndpointID": "34ca624d1e86ab13d6614dd39c4b3a3dbb9a9d3ecf595e77035286b067f25504",
"MacAddress": "02:42:c0:a8:00:03",
"IPv4Address": "192.168.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
step05. 查看mynet 的信息
[root@master ~]# docker network inspect mynet2
[
{
"Name": "mynet2",
"Id": "157079c4572404084896bd1aa360e2f489a712d8553663d4643b59875447ba9b",
"Created": "2020-08-13T18:36:42.810030253-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "190.160.0.1/16",
"Gateway": "190.160.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"535015649c37149dffe8d30a1ac5a49fad7d837331a67cef5f899187d6a4cc5e": {
"Name": "tomcat-04",
"EndpointID": "7f0d88a501f80ccf6bec1b3fc50bc65db5900feb8b3a35e32ebcde3ff1d9229f",
"MacAddress": "02:42:be:a0:00:03",
"IPv4Address": "190.160.0.3/16",
"IPv6Address": ""
},
"f796706b582a585e062e3e753b60a8afa7d356f7abe1a50ce034dff819eacb41": {
"Name": "tomcat-03",
"EndpointID": "83041338117c1b6c3d62f28e01d6055b10f399d22cf7a011ebb18df49acd4ddd",
"MacAddress": "02:42:be:a0:00:02",
"IPv4Address": "190.160.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
step06. 尝试用tomacat-01 ping 通 tomcat-03
[root@master ~]# docker exec -it tomacat-01 ping tomcat-03
ping: tomcat-03: Name or service not known
实现发现,ping 不同,这样可以保证不同服务之间彼此独立,保证独立性和安全性。
如何联通?
[root@master ~]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run 'docker network COMMAND --help' for more information on a command.
使用connect 指令,可以把一个容器联通到一个网络。
# connect 指令,将mynet 网络与tomcat-03 联通
docker network connect mynet tomcat-03
#查看mynet的网络配置信息
[root@master ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "39b0bd3511f18d421e3d98f207d8030bff75daad7606da122b7c775e7862967f",
"Created": "2020-08-13T18:04:43.194957243-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.1/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"58458b207bd64924b8b0a48342fa3ee2dd37cb13007b2e8af489778dd27825eb": {
"Name": "tomacat-01",
"EndpointID": "c4df4aa340b4c2ecf83649808305028c580b531fc8ee39b8d896031fac453fae",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
},
"7e7667813210702d8b5df80e2b512dd9b22195f84c85974f41ea19e915afb686": {
"Name": "tomacat-03",
"EndpointID": "e16c0ac5b3cddf361f992cf108034b6c0979b2c5798aeb61b03ffe6685267a79",
"MacAddress": "02:42:c0:a8:00:04",
"IPv4Address": "192.168.0.4/16",
"IPv6Address": ""
},
"f51f76d7a7d0fa9d1d974aed9b0631e1d27de8d58612b3815c54c6d4acf9d63a": {
"Name": "tomacat-02",
"EndpointID": "34ca624d1e86ab13d6614dd39c4b3a3dbb9a9d3ecf595e77035286b067f25504",
"MacAddress": "02:42:c0:a8:00:03",
"IPv4Address": "192.168.0.3/16",
"IPv6Address": ""
},
"f796706b582a585e062e3e753b60a8afa7d356f7abe1a50ce034dff819eacb41": {
"Name": "tomcat-03",
"EndpointID": "1bdfa074eeacd156ad16110bd19e485126de88bbfbcf443be8a3938455d61c02",
"MacAddress": "02:42:c0:a8:00:05",
"IPv4Address": "192.168.0.5/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
# 测试是否联通 03能联通,04不通
[root@master ~]# docker exec -it tomacat-01 ping tomcat-03
PING tomcat-03 (192.168.0.5) 56(84) bytes of data.
64 bytes from tomcat-03.mynet (192.168.0.5): icmp_seq=1 ttl=64 time=0.096 ms
64 bytes from tomcat-03.mynet (192.168.0.5): icmp_seq=2 ttl=64 time=0.100 ms
64 bytes from tomcat-03.mynet (192.168.0.5): icmp_seq=3 ttl=64 time=0.098 ms
^C
--- tomcat-03 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.096/0.098/0.100/0.001 ms
[root@master ~]# docker exec -it tomacat-01 ping tomcat-04
ping: tomcat-04: Name or service not known
这样就可以实现容器与其他网络之间的联通。
网络与网络之间怎么联通?
配在一起不就完了嘛