(三)如何自定义容器网络?
除了 none, host, bridge 这三个自动创建的网络,用户也可以根据业务需要创建 user-defined 网络。
Docker 提供三种 user-defined 网络驱动:bridge, overlay 和 macvlan。overlay 和 macvlan 用于创建跨主机的网络,我们后面有章节单独讨论。
我们可通过 bridge 驱动创建类似前面默认的 bridge 网络,例如:
root@cuiyongchao:~# docker network create --driver bridge my_net
283474cba87cc064846c65a10007f5bbfb75f36c1725bb0940ace016b652981e
root@cuiyongchao:~# brctl show
bridge name bridge id STP enabled interfaces
br-283474cba87c 8000.02429fbbaf05 no
docker0 8000.0242b316d415 no veth6825577
vethab0efda
vethea16017
vethf263a23
查看一下当前 host 的网络结构变化: 新增了一个网桥 br-283474cba87c,这里 283474cba87c 正好新建 bridge 网络 my_net 的短 id。
执行 docker network inspect 查看一下 my_net 的配置信息:
root@cuiyongchao:~# docker inspect my_net
[
{
"Name": "my_net",
"Id": "283474cba87cc064846c65a10007f5bbfb75f36c1725bb0940ace016b652981e",
"Created": "2020-10-30T07:22:22.351283107Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
这里 172.18.0.0/16 是 Docker 自动分配的 IP 网段。
我们可以自己指定 IP 网段吗?答案是:可以。只需在创建网段时指定 --subnet 和 --gateway 参数:
root@cuiyongchao:~# docker network create --driver bridge --subnet 172.22.0.0/16 --gateway 172.22.0.1 my_net2
ba21840c171312f98e1829cb240a46ce4d120ef7c5b8b94da3d199e606967d43
root@cuiyongchao:~#
root@cuiyongchao:~# brctl show
bridge name bridge id STP enabled interfaces
br-283474cba87c 8000.02429fbbaf05 no
br-ba21840c1713 8000.0242af51b219 no
docker0 8000.0242b316d415 no veth6825577
vethab0efda
vethea16017
vethf263a23
root@cuiyongchao:~# docker network inspect my_net2
[
{
"Name": "my_net2",
"Id": "ba21840c171312f98e1829cb240a46ce4d120ef7c5b8b94da3d199e606967d43",
"Created": "2020-10-30T07:27:38.256243235Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.22.0.0/16",
"Gateway": "172.22.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
这里我们创建了新的 bridge 网络 my_net2,网段为 172.22.0.0/16,网关为 172.22.0.1。与前面一样,网关在 my_net2 对应的网桥 br-ba21840c1713 上,在host上可以查看到:
root@cuiyongchao:~# ifconfig
br-283474cba87c: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:9f:bb:af:05 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br-ba21840c1713: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.22.0.1 netmask 255.255.0.0 broadcast 172.22.255.255
ether 02:42:af:51:b2:19 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
容器要使用新的网络,需要在启动时通过 --network 指定:
root@cuiyongchao:~# docker run -it --network my_net2 busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:16:00:02
inet addr:172.22.0.2 Bcast:172.22.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1032 (1.0 KiB) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ #
容器分配到的 IP 为 172.22.0.2。
到目前为止,容器的 IP 都是 docker 自动从 subnet 中分配,我们能否指定一个静态 IP 呢?答案是:可以,通过--ip指定。
root@cuiyongchao:~# docker run -it --network my_net2 --ip 172.22.0.88 busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:16:00:58
inet addr:172.22.0.88 Bcast:172.22.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:696 (696.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
注:只有使用 --subnet 创建的网络才能指定静态 IP。
my_net 创建时没有指定 --subnet,如果指定静态 IP 报错如下:
root@cuiyongchao:~# docker run -it --network my_net --ip 172.18.0.99 busybox
docker: Error response from daemon: user specified IP address is supported only when connecting to networks with user configured subnets.
ERRO[0000] error waiting for container: context canceled
root@cuiyongchao:~# docker run -it --network=my_net --ip 172.18.0.99 busybox
docker: Error response from daemon: user specified IP address is supported only when connecting to networks with user configured subnets.
root@cuiyongchao:~#
我们来看看当前 docker host 的网络拓扑结构。
root@cuiyongchao:~# brctl show
bridge name bridge id STP enabled interfaces
br-283474cba87c 8000.02429fbbaf05 no
br-ba21840c1713 8000.0242af51b219 no veth3ca68d7
veth99fbfd2
docker0 8000.0242b316d415 no veth6825577
vethab0efda
root@cuiyongchao:~#
