• docker网络管理


    查看docker支持的网络驱动

    [root@localhost ~]# docker info |grep "Network"
    WARNING: bridge-nf-call-iptables is disabled
    WARNING: bridge-nf-call-ip6tables is disabled
      Network: bridge host macvlan null overlay

    解决上面WARNING问题

    vim /etc/sysctl.conf

    .....

    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    net.bridge.bridge-nf-call-arptables = 1

     docker所支持的所有网络驱动

    1、bridge:docker默认的网络模式,当docker进程启动之后,宿主机上会创建一个docker0的虚拟网桥,同主机启动的容器会连接到这个虚拟网桥上,从docker0子网中分配一个IP给容器使用,并把docker0当作它的网关;

    2、host:使用host网络模式时,该容器并不会获得独立的network namespace而是和主机共用一个,直接使用主机的IP和端口,所以网络隔离性并不是很好,但是文件系统和进程等还是和主机隔离。

    3、container模式:和已存在的容器共享一个network namespace,创建时不会创建自己的网卡、IP等,而是和启动时指定的一个容器共享IP、端口等,也就是说容器之间没有网络隔离;

    4、macvlan:Macvlan网络允许您为容器分配MAC地址,使其显示为网络上的物理设备。Docker守护程序通过其MAC地址将流量路由到容器。macvlan 在处理期望直接连接到物理网络的传统应用程序时,使用驱动程序有时是最佳选择,而不是通过Docker主机的网络堆栈进行路由。

    5、none:对于此容器,禁用所有网络,不对容器进行任何网络配置,只有lo本地回环,没有其他网卡。--network=none来设置,none不适用于群组服务。

     bridge

    [root@web2 ~]# docker run -it --name br --rm busybox
    / # ip a
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
        link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
        inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
           valid_lft forever preferred_lft forever
    / # 

    另一个终端重起一个容器测试

     说明默认的bridge网络可以和宿主机和其他容器之间进行通信

    host

    [root@web2 ~]# docker run -it --name h1 --network=host --rm busybox
    / # ip a
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
        link/ether 00:0c:29:06:37:3e brd ff:ff:ff:ff:ff:ff
        inet 192.168.53.8/24 brd 192.168.53.255 scope global ens33
           valid_lft forever preferred_lft forever
        inet6 fe80::20c:29ff:fe06:373e/64 scope link 
           valid_lft forever preferred_lft forever
    3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue qlen 1000
        link/ether 52:54:00:24:97:33 brd ff:ff:ff:ff:ff:ff
        inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
           valid_lft forever preferred_lft forever
    4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 qlen 1000
        link/ether 52:54:00:24:97:33 brd ff:ff:ff:ff:ff:ff
    5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
        link/ether 02:42:99:02:5c:9f brd ff:ff:ff:ff:ff:ff
        inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
           valid_lft forever preferred_lft forever
        inet6 fe80::42:99ff:fe02:5c9f/64 scope link 
           valid_lft forever preferred_lft forever
    7: vetha0bcff7@if6: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master docker0 
        link/ether a2:8a:b0:d7:14:67 brd ff:ff:ff:ff:ff:ff
        inet6 fe80::a08a:b0ff:fed7:1467/64 scope link 
           valid_lft forever preferred_lft forever
    / # echo "<h1>hello</h1>" > /tmp/index.html       ###在容器上开启80端口宿主机查看访问
    / # httpd -h /tmp/
    / # 

      container

    终端1
    [root@web2 ~]# docker run -it --name c1 --rm busybox
    / # ip a
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
        link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
        inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
           valid_lft forever preferred_lft forever
    / # 
    
    终端2
    [root@web2 ~]# docker container run -it --name c2 --network=container:c1 --rm busybox
    / # ip a
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
        link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
        inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
           valid_lft forever preferred_lft forever

     

     none

    [root@web2 ~]# docker run -it --name n1 --network=none --rm busybox
    / # ip a
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    / #

    用户自定义网络

    [root@web2 ~]# docker network create -d macvlan --gateway 192.168.53.1 --subnet 192.168.53.0/24 my_net
    ebce8ca4e07aab20c0b3594c981c2c647e48faddd0e166dd33618fb256a8ee5b
    [root@web2 ~]# docker network ls
    NETWORK ID          NAME                DRIVER              SCOPE
    d8662ca85d00        bridge              bridge              local
    42561d5708e2        host                host                local
    ebce8ca4e07a        my_net              macvlan             local
    cb5f9c520285        none                null                local

    -d  加载模块名

    --gateway  指定网段所在网关

    --subnet  指定网段

    -o  指定继承网段的网卡

  • 相关阅读:
    组合数据类型练习
    词法分析
    ORACLE聚合函数细节
    Centos7 最小系统安装Redis
    JQuery版评分控件
    Javascript & JQuery读书笔记
    HTML5&CSS3读书笔记
    Javascript版显示相应图片的详细信息
    MVC2,MVC3,MVC4和MVC5的不同
    Microsoft Office Excel cannot access the file
  • 原文地址:https://www.cnblogs.com/goujinyang/p/13173415.html
Copyright © 2020-2023  润新知