我们在学会安装和简单的使用docker后,我们来了解下docker的网络,包括docker原生网络和如何创建我们需要的自定义网络,学习容器间如何通信以及怎么和外界进行通信 1.1、none网络就是什么网络都没有,除了环回口,没有其他任何的网卡 这样的网络经常用于一些测试或者存储密码等用途 1.2、host网络是容器共享Docker Host的网络栈,与宿主机网络一模一样 我本机也是一个ens33网卡,一个docker0虚拟网卡和lo,它的主机名都使用的是宿主机的主机名 该场景主要用于需要大量数据传输,要求性能较好的情况下 1.3、bridge网络---应用最广泛的网络模式 可以看到默认创建的容器都挂在了docker0的默认bridge网桥上 容器里面的eth0@if15和veth5965854是一对veth pair,可以想象虚拟网线连接起来的一对网卡,示意图如下 docker提个三种自定义的网络驱动:bridge(默认)、overlay、macvlan overlay、macvlan主要用于跨主机网络通讯,这个我们后面在进行学习 2.1、创建一个默认驱动(bridge)的自定义网络 新增加了一个网桥181f81542dc2,下图是它的信息,其中IP和网关都可以在自己创建的时候指定 2.2、创建一个指定网段和网关的自定义bridge网络 2.3、使用自定义的网络创建一个容器,我们也可以自己指定IP,使用 --ip 172.22.16.x来指定,当然这个也是只能用在我们指定网段的自定义网络中,如果用在非指定网络中会出现报错 解决方案主要有Docker 自带的DNS服务,IP和join三种方式 3.1、通过DNS通信 使用DNS的限制:只能在user-defined网络中使用,默认的bridge网络是无法使用的 3.2、通过join方式---原理是两个或者多个容器共享一个网络栈,共享网卡的配置信息 这里我们可以看到两个容器的网络信息一模一样,共享了网络信息,join适合的场景 (1)、不同容器希望通过loopback高效快速的通信 (2)、希望监控其他容器的网络流量 好了,到这里简单的容器网络我们已经说的差不多了,下节我们讲一下跨主机和容器和外网的通信方式,感谢您的阅读,欢迎关注和转发。一、docker默认的网络
[root@my_server ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
61971e22a415 bridge bridge local
41f9794cbf9f host host local
e266e5678236 none null local
[root@my_server ~]# docker run -it --network=none busybox
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
322973677ef5: Pull complete
Digest: sha256:1828edd60c5efd34b2bf5dd3282ec0cc04d47b2ff9caa0b6d4f07a21d1c08084
Status: Downloaded newer image for busybox:latest
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ #
[root@my_server ~]# docker run -it --network=host busybox
/ # ifconfig
docker0 Link encap:Ethernet HWaddr 02:42:AC:69:5B:F8
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe69:5bf8/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:266 (266.0 B)
ens33 Link encap:Ethernet HWaddr 00:0C:29:52:39:DE
inet addr:192.168.157.147 Bcast:192.168.157.255 Mask:255.255.255.0
inet6 addr: fe80::8838:4f47:5581:2643/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3685 errors:0 dropped:0 overruns:0 frame:0
TX packets:1603 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1799256 (1.7 MiB) TX bytes:197037 (192.4 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # hostname
my_server
[root@my_server ~]# docker run -it -d busybox
1fb06c62819b0d3bfbf0b8ee5849aa53586f679d5d6ebdfdcf7e895e2082323e
[root@my_server ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1fb06c62819b busybox "sh" 2 seconds ago Up 2 seconds silly_beaver
[root@my_server ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.0242ac695bf8 no veth5965854
[root@my_server ~]# docker exec -it 1fb06c62819b sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
二、用户自定义网络
[root@my_server ~]# docker network create --driver bridge my_network
181f81542dc2b07b899da4cf1874b3e86d7e11dabaa1a0fa6f7e333934a7d446
[root@my_server ~]# brctl show
bridge name bridge id STP enabled interfaces
br-181f81542dc2 8000.02428b7e7023 no
br-7f629c2406e1 8000.02425cdc9f34 no
br-b4feab77c011 8000.0242c539187b no
docker0 8000.0242ac695bf8 no veth5965854
[root@my_server ~]# docker network create --subnet 172.22.16.0/24 --gateway 172.22.16.1 my_network_define
961e809ac5ea1e37e6c8d58ceff167307200d4c2dbc9e1ac9da3f79db24bd452
[root@my_server ~]# docker network inspect my_network_define
[
{
"Name": "my_network_define",
"Id": "961e809ac5ea1e37e6c8d58ceff167307200d4c2dbc9e1ac9da3f79db24bd452",
"Created": "2019-12-13T13:22:31.790686709+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.22.16.0/24",
"Gateway": "172.22.16.1"
}
]
},[root@my_server ~]# docker run -it --network=my_netwirk_define busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
20: eth0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:16:10:02 brd ff:ff:ff:ff:ff:ff
inet 172.22.16.2/24 brd 172.22.16.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
[root@my_server ~]# docker run -it --network=my_network --ip 172.20.0.5 busybox
docker: Error response from daemon: user specified IP address is supported only when connecting to networks with user configured subnets.
ERRO[0000] error waiting for container: context canceled
三、容器之间通信
[root@my_server ~]# docker run -it --network=my_netwirk_define --name=box1 busybox
[root@my_server ~]# docker run -it --network=my_netwirk_define --name=box2 busybox
/ # ping -c 4 box1
[root@my_server ~]# docker run -it -d --name=box3 busybox
6c0d6c0009ab53a23d90fdcf24c6197a57e3a759bee83b70456d712d02a957b3
[root@my_server ~]# docker exec -it box3 sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
30: eth0@if31: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@my_server ~]# docker run -it --network=container:box3 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
30: eth0@if31: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever