docker容器网络配置
新建名称空间
//创建一个ns1的名称空间
[root@localhost ~]# ip netns add ns1
//查看
[root@localhost ~]# ip netns list
ns1
//创建ns1名称空间会出现在/var/run/netns/目录下
[root@localhost ~]# ls /var/run/netns/
ns1
veth pair 全称是 Virtual Ethernet Pair,是一个成对的端口,所有从这对端口一 端进入的数据包都将从另一端出来,反之也是一样。
引入veth pair是为了在不同的 Network Namespace 直接进行通信,利用它可以直接将两个 Network Namespace 连接起来。
操作名称空间
//查看ns1的ip地址
[root@localhost ~]# ip netns exec ns1 ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
//启动lo网卡
[root@localhost ~]# ip netns exec ns1 ip link set lo up
//查看lo网卡启动
[root@localhost ~]# ip netns exec ns1 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
[root@localhost ~]# ip netns exec ns1 ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.021 ms
64 bytes from 127.0.0.1: icmp_
转移设备
veth-pair
veth-pair 就是一对的虚拟设备接口,和 tap/tun 设备不同的是,它都是成对出现的。一端连着协议栈,一端彼此相连着。如下图所示:
//创建veth pair
[root@localhost ~]# ip link add type veth
//查看veth pair状态
[root@localhost ~]# ip a
3: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether c6:30:47:1e:24:c3 brd ff:ff:ff:ff:ff:ff
4: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
//将veth0加入ns1 veth1加入ns0
[root@localhost ~]# ip link set veth0 netns ns1
[root@localhost ~]# ip link set veth1 netns ns0
//设置ip
[root@localhost ~]# ip netns exec ns1 ip addr add 192.168.100.1/24 dev veth0
[root@localhost ~]# ip netns exec ns0 ip addr add 192.168.100.2/24 dev veth1
//查看ip
[root@localhost ~]# ip netns exec ns1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4: veth0@if5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 72:7b:9f:03:47:6e brd ff:ff:ff:ff:ff:ff link-netns ns0
inet 192.168.100.1/24 scope global veth0
valid_lft forever preferred_lft forever
[root@localhost ~]# ip netns exec ns0 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5: veth1@if4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 8e:84:8e:95:19:08 brd ff:ff:ff:ff:ff:ff link-netns ns1
inet 192.168.100.2/24 scope global veth1
valid_lft forever preferred_lft forever
//启动ns1 ns2
[root@localhost ~]# ip netns exec ns1 ip link set lo up
[root@localhost ~]# ip netns exec ns0 ip link set lo up
[root@localhost ~]# ip netns exec ns0 ping 192.168.100.2
PING 192.168.100.2 (192.168.100.2) 56(84) bytes of data.
64 bytes from 192.168.100.2: icmp_seq=1 ttl=64 time=0.080 ms
64 bytes from 192.168.100.2: icmp_seq=2 ttl=64 time=0.025 ms
64 bytes from 192.168.100.2: icmp_seq=3 ttl=64 time=0.025 ms
64 bytes from 192.168.100.2: icmp_seq=4 ttl=64 time=0.035 ms
[root@localhost ~]# ip netns exec ns1 ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.030 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.043 ms
veth设备重命名
//停止
[root@localhost ~]# ip netns exec ns1 ip link set veth0 down
//修改网卡名称
[root@localhost ~]# ip netns exec ns1 ip link set dev veth0 name eth0
//查看容器信息
[root@localhost ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
35a9fb150ed2 busybox "sh" 11 seconds ago Up 8 seconds nice_roentgen
//删除镜像
[root@localhost ~]# docker container rm -f 35a9fb150ed2
35a9fb150ed2
bridge模式配置
//进入容器
[root@localhost ~]# docker run -it --rm --network=bridge busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:836 (836.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
none模式
[root@localhost ~]# docker container run -it --rm --network=none busybox /bin/sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
container模式配置
[root@localhost ~]# docker container run -it --rm --name=b2 busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:766 (766.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[root@localhost ~]# docker container run -it --rm --network=container:b2 busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:836 (836.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[root@localhost ~]# docker container run -it --rm --name=b2 busybox /bin/sh
/ # echo 'nihao' > /tmp/index.
html
/ # httpd -h tmp/
[root@localhost ~]# docker container run -it --rm --network=container:b2 busybox /bin/sh
/ # wget -O - -q 127.0.0.1:80
nihao
查看容器的主机名
[root@localhost ~]# docker container run -it --rm busybox /bin/sh
/ # hostname
4563bdae0f70
//设置doker容器的主机名
[root@localhost ~]# docker container run -it --rm --hostname=ssh1 busybox /bin/sh
/ # hostname
ssh1
//自动映射
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 ssh1
手动指定容器要使用的DNS与配置域名
[root@localhost ~]# docker container run -it --rm --hostname=ssh1 --dns=8.8.8.8 busybox /bin/sh
/ # cat /etc/resolv.conf
search localdomain
nameserver 8.8.8.8
//域名解析
/ # nslookup -type=a www.baidu
.com
Server: 8.8.8.8
Address: 8.8.8.8:53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 182.61.200.7
Name: www.a.shifen.com
Address: 182.61.200.6
手动往/etc/hosts文件中注入主机名到IP地址的映射
[root@localhost ~]# docker conntainer run -it --rm --hostname=ssh1 --dns=8.8.8.8 --add-host=www.baidu.com:2.2.2.2 busybox /bin/sh
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
2.2.2.2 www.baidu.com
172.17.0.3 ssh1
开放容器端口
-p选项的使用格式:
-p
将指定的容器端口映射至主机所有地址的一个动态端口
[root@localhost ~]# docker container run --rm -p 80 httpd
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
45b3e62fd8ac httpd "httpd-foreground" 7 seconds ago Up 6 seconds 0.0.0.0:49155->80/tcp brave_northcutt
-p :
将容器端口映射至指定的主机端口
[root@localhost ~]# docker container run --rm -p 8080:80 httpd
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
87f9636767e4 httpd "httpd-foreground" 5 seconds ago Up 4 seconds 0.0.0.0:8080->80/tcp tender_raman
-p ::
将指定的容器端口映射至主机指定的动态端口
[root@localhost ~]# docker container run --rm -p 192.168.236.135::80 httpd
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a0cc78f31143 httpd "httpd-foreground" 8 seconds ago Up 7 seconds 192.168.236.135:49153->80/tcp pedantic_borg
-p ::
将指定的容器端口映射至主机指定的端口
[root@localhost ~]# docker container run --rm -p 192.168.236.135:8080:80 httpd
[root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
70203a22a000 httpd "httpd-foreground" 3 seconds ago Up 2 seconds 192.168.236.135:8080->80/tcp jolly_curran
动态端口指的是随机端口,具体的映射结果可使用docker port命令查看。
[root@localhost ~]# docker container run --rm -p80 httpd
[root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0f0842c3dfe3 httpd "httpd-foreground" 3 seconds ago Up 2 seconds 0.0.0.0:49158->80/tcp sleepy_fermat
[root@localhost ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9d9c668d6136 httpd "httpd-foreground" 17 seconds ago Up 16 seconds 0.0.0.0:49159->80/tcp strange_curran
[root@localhost ~]# curl 127.0.0.1:49159
<html><body><h1>It works!</h1></body></html>
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
127de4c79d5e bridge bridge local
c582edba06c7 host host local
2f6638e3c253 none null local
Docker远程连接
[root@localhost ~]# vim /etc/docker/daemon.json
{
"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"],
"registry-mirrors": ["https://0lziqy58.mirror.aliyuncs.com"]
}
[root@localhost ~]# mkdir /etc/systemd/system/docker.service.d
[root@localhost ~]# vim /etc/systemd/system/docker.service.d/docker.conf
[root@localhost ~]# cat /etc/systemd/system/docker.service.d/docker.conf
[Service]
ExecStart=
ExecStart=/usr/bin/docker
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
Docker创建自定义桥
[root@localhost ~]# docker network create -d bridge --subnet "192.168.88.0/24" --gateway "192.168.88.1" br0
a63e2924f97aa40e04f4ba7f91b9ba8f40dc295d4e56f6ed531d339fd17299f7
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
a63e2924f97a br0 bridge local
127de4c79d5e bridge bridge local
c582edba06c7 host host local
2f6638e3c253 none null local
//使用新创建的自定义桥来创建容器
[root@localhost ~]# docker container run --rm --network br0 -it busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
57: eth0@if58: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:58:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.88.2/24 brd 192.168.88.255 scope global eth0
valid_lft forever preferred_lft forever
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
