docker network
虚拟出来一个网卡(docker0)关联到物理网卡上,并且将物理网卡的MAC地址剥夺过来,给这个虚拟网卡用。然后每一个虚拟机到都连到虚拟网卡上(类似于交换机)。虚拟的网卡网络叫桥。桥有四种类型,这里就不详细描述。
4种容器网络类型(从左至右):
1 close contanier(封闭式容器)。容器就是运行进程,而这个进程只是管理本机上的操作,没必要有网络。
2 bridge container(lsoate,host-only,phy bridge,NAT)
3 joined container(联盟式容器)。让两个容器共享同一个网络名称空间。只有当两个容器需要本地回环接口进行通信时,可使用此种方式。
联盟式容器彼此间存在端口冲突的可能性,因此,通常只会在多个容器上的程序需要程序loopback接口互相通信、或对某容器的网络属性进行监控时才使用此种械的网络模型
```shell
docker run --name b2 --net container:b1 busybox
```
4 open container(开放式容器)。使用宿主机的网络。直接把容器暴露在外部网络,并且可以直接修改宿主机网络。很危险。
多主机间容器间通信,使用ovarlay网络模型,tunnel。四层协议封装二层。会用专门的一张来写。
[root@centos7 ~]# docker network list
NETWORK ID NAME DRIVER SCOPE
5b3fcd0d69de bridge bridge local
7d9885b990ad busybox-net bridge local
bba79ff8e13a host host local
8070af41481e none null local
不连接网络的容器,就只有回环网络接口
**[root@centos7 ~]# docker run --name b1 --rm --net none busybox ifconfig**
**lo** Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[root@centos7 ~]#
用host网络的容器,可以看到就是用的宿主机的网络。非常危险,不建议使用。
**[root@centos7 ~]# docker run --name b1 --rm --net host busybox ifconfig**
br-7d9885b990ad Link encap:Ethernet HWaddr 02:42:26:02:11:61
inet addr:172.18.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:26ff:fe02:1161/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:26 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1580 (1.5 KiB) TX bytes:1358 (1.3 KiB)
**docker0** Link encap:Ethernet HWaddr 02:42:BC:DF:66:EF
inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:bcff:fedf:66ef/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:54 errors:0 dropped:0 overruns:0 frame:0
TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3186 (3.1 KiB) TX bytes:2454 (2.3 KiB)
**ens32** Link encap:Ethernet HWaddr 00:0C:29:AB:72:FE
inet addr:192.168.1.156 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feab:72fe/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:152571 errors:0 dropped:0 overruns:0 frame:0
TX packets:22789 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:42509065 (40.5 MiB) TX bytes:2356330 (2.2 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:135953 errors:0 dropped:0 overruns:0 frame:0
TX packets:135953 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:30633797 (29.2 MiB) TX bytes:30633797 (29.2 MiB)
[root@centos7 ~]#
使用bridge的容器,默认使用bridge,分配了一个ip地址
**[root@localhost ~]# docker run --name b1 docker.io/busybox ifconfig**
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:**172.17.0.2** Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:438 (438.0 B) TX bytes:180 (180.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[root@localhost ~]#
docker network command
docker network create
Usage
docker network create [OPTIONS] NETWORK
| Name,shorhand | Default | Description |
|---|---|---|
| --config-from | The network from which copying the configuration | |
| --driver,-d | bridge | Driver to manage the Network |
| --gateway | IPv4 or IPv6 Gateway for the master subnet | |
| --ip-range | Allocate container ip from a sub-range | |
| --subnet | Subnet in CIDR format that represents a network segment |
~]# docker network create
--driver=bridge
--subnet=10.10.0.0/16
--ip-range=10.10.1.0/24
--gateway=10.10.1.254
test
[root@localhost ~]# docker network list
NETWORK ID NAME DRIVER SCOPE
c372b82defdc bridge bridge local
ed02d84e3c87 host host local
ff97b1c27347 none null local
**a6f25cd5494f test bridge local**
网络已经创建出来了,接下来将容器添加至此虚拟网络上
**[root@localhost ~]# docker run --name b1 -it **--net=test** docker.io/busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
11: eth0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:0a:0a:01:00 brd ff:ff:ff:ff:ff:ff
inet **10.10.1.0/16** scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:aff:fe0a:100/64 scope link tentative
valid_lft forever preferred_lft forever
/ # **
查看创建网络的详细信息
[root@localhost ~]# docker network inspect test
[
{
**"Name": "test",**
"Id": "a6f25cd5494f5428de680126d18b628a0122bc93641d895a0bb6f25f8b7b6a57",
"Created": "2018-03-19T06:28:38.565181889-04:00",
"Scope": "local",
**"Driver": "bridge",**
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
** "Subnet": "10.10.0.0/16",
"IPRange": "10.10.1.0/24",
"Gateway": "10.10.1.254"**
}
...
docker network connect
Usage
docker network connect [OPTIONS] NETWORK CONTAINER
| Name,shorthand | Default | Description |
|---|---|---|
| --alias | Add network-scoped alias for the container | |
| --ip | IPv4 address (e.g., 172.30.100.104) | |
| --ip6 | IPv6 address (e.g., 2001:db8::33) | |
| --link | Add link to another container |
[root@localhost ~]# docker run --name b4 -it docker.io/busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:3/64 scope link tentative
valid_lft forever preferred_lft forever
重新打开一个终端,输入命令指定你想分配到这个容器接口的ip地址
[root@localhost ~]# docker network connect --ip=10.10.1.253 test b4
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:3/64 scope link
valid_lft forever preferred_lft forever
21: eth1@if22: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:0a:0a:01:fd brd ff:ff:ff:ff:ff:ff
inet **10.10.1.253/16** scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::42:aff:fe0a:1fd/64 scope link
valid_lft forever preferred_lft forever
/ #
可以看到已经添加进来了
要验证这个容器是否已连接到网络,使用docker network inspect命令。使用docker network disconnect来从网络删除容器。
[root@localhost ~]# **docker network disconnect test b4**
[root@localhost ~]# **docker exec b4 ip a**
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:3/64 scope link
valid_lft forever preferred_lft forever
已经删除了
docker network rm
删除网络,只有在此网络名称空间不用时,才可删除
大部容器的运行就是要让本容器的服务能够对外提供访问的。所以为了实现这种就必须把port expose出去。其实也就做NAT规则。
暴露端口命令:
docker run -p 宿主机ip:宿主机端口:容器端口 --name b1 docker.io/busybox:latest
如果此处-p参数后不指定宿主机的某个ip地址和端口,那么就会出现容器的端口会映射到宿主机的所有ip地址,并且宿主机上的端口是随机的。
~]# docker run --name b1 -p 192.168.1.157:80:80 -d --rm docker.io/xiaoniaoo/dm:v1.0 httpd -f -h /app/html
e0eb2edc180b8908393078b7ee9e881bcabcbbe6ed4657239bde4d4b7cac177a
~]# docker port b1
80/tcp -> 192.168.1.157:80
~]# curl 192.168.1.157
<h1>Hello dai!</h1>
~]# docker run --name b2 --rm -d -p :80 docker.io/xiaoniaoo/dm:v1.0 httpd -f -h /app/html/
ab56763063a2497b517c9fabf2aa131a77101b536428b6710a60bfbc9668640f
~]# docker port b2
80/tcp -> 0.0.0.0:32768
本次没有指定,就会使用宿主机的所有ip地址,并且随机端口
~]# curl 127.0.0.1:32768
<h1>Hello dai!</h1>
~]# curl 127.0.0.1:32768/login.html
<h1>Hello ming!</h1>