查看docker支持的网络驱动
[root@localhost ~]# docker info |grep "Network" WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled Network: bridge host macvlan null overlay
解决上面WARNING问题
vim /etc/sysctl.conf
.....
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
docker所支持的所有网络驱动
1、bridge:docker默认的网络模式,当docker进程启动之后,宿主机上会创建一个docker0的虚拟网桥,同主机启动的容器会连接到这个虚拟网桥上,从docker0子网中分配一个IP给容器使用,并把docker0当作它的网关;
2、host:使用host网络模式时,该容器并不会获得独立的network namespace而是和主机共用一个,直接使用主机的IP和端口,所以网络隔离性并不是很好,但是文件系统和进程等还是和主机隔离。
3、container模式:和已存在的容器共享一个network namespace,创建时不会创建自己的网卡、IP等,而是和启动时指定的一个容器共享IP、端口等,也就是说容器之间没有网络隔离;
4、macvlan:Macvlan网络允许您为容器分配MAC地址,使其显示为网络上的物理设备。Docker守护程序通过其MAC地址将流量路由到容器。macvlan 在处理期望直接连接到物理网络的传统应用程序时,使用驱动程序有时是最佳选择,而不是通过Docker主机的网络堆栈进行路由。
5、none:对于此容器,禁用所有网络,不对容器进行任何网络配置,只有lo本地回环,没有其他网卡。--network=none来设置,none不适用于群组服务。
bridge
[root@web2 ~]# docker run -it --name br --rm busybox / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever / #
另一个终端重起一个容器测试
说明默认的bridge网络可以和宿主机和其他容器之间进行通信
host
[root@web2 ~]# docker run -it --name h1 --network=host --rm busybox / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:06:37:3e brd ff:ff:ff:ff:ff:ff inet 192.168.53.8/24 brd 192.168.53.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe06:373e/64 scope link valid_lft forever preferred_lft forever 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue qlen 1000 link/ether 52:54:00:24:97:33 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 qlen 1000 link/ether 52:54:00:24:97:33 brd ff:ff:ff:ff:ff:ff 5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue link/ether 02:42:99:02:5c:9f brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:99ff:fe02:5c9f/64 scope link valid_lft forever preferred_lft forever 7: vetha0bcff7@if6: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master docker0 link/ether a2:8a:b0:d7:14:67 brd ff:ff:ff:ff:ff:ff inet6 fe80::a08a:b0ff:fed7:1467/64 scope link valid_lft forever preferred_lft forever / # echo "<h1>hello</h1>" > /tmp/index.html ###在容器上开启80端口宿主机查看访问 / # httpd -h /tmp/ / #
container
终端1 [root@web2 ~]# docker run -it --name c1 --rm busybox / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever / # 终端2 [root@web2 ~]# docker container run -it --name c2 --network=container:c1 --rm busybox / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever
none
[root@web2 ~]# docker run -it --name n1 --network=none --rm busybox / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever / #
用户自定义网络
[root@web2 ~]# docker network create -d macvlan --gateway 192.168.53.1 --subnet 192.168.53.0/24 my_net ebce8ca4e07aab20c0b3594c981c2c647e48faddd0e166dd33618fb256a8ee5b [root@web2 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE d8662ca85d00 bridge bridge local 42561d5708e2 host host local ebce8ca4e07a my_net macvlan local cb5f9c520285 none null local
-d 加载模块名
--gateway 指定网段所在网关
--subnet 指定网段
-o 指定继承网段的网卡