docker容器网络
1.docker网络模式查看
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
6a844e6b4341 bridge bridge local
9747a45196c2 host host local
6083c434027f none null local
注:docker默认有3中网络方式,bridge(默认)为nat桥接模式,host为主机模式
none为无外网模式(只有lo一个网卡,只能容器内通信)
2.docker默认加入到bridge桥,有自己独立的网络名称空间
[root@localhost ~]# docker run --name b1 --rm -it --network bridge busybox:latest
# [root@localhost ~]# docker run --name b1 --rm -it busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
3.docker容器可以通过--network指定加入到哪个网络模式中
[root@localhost ~]# docker run --name b1 --rm -it --network host busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:ba:e7:53 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:feba:e753/64 scope link
valid_lft forever preferred_lft forever
3: eno33554992: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:ba:e7:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.1.42/24 brd 192.168.1.255 scope global eno33554992
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feba:e75d/64 scope link
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 02:42:ec:c7:b7:a4 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:ecff:fec7:b7a4/64 scope link
valid_lft forever preferred_lft forever
注:查看到的是宿主机的网络名称空间
4.docker加入到none模式中
[root@localhost ~]# docker run --name b1 --rm -it --network none busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
注:只有lo网络环境
5.关于网络名称空间简单操作
5.1.创建网络名称空间
[root@localhost ~]# ip netns add r1
[root@localhost ~]# ip netns add r2
5.2.查看创建的网络名称空间
[root@localhost ~]# ip netns list
r2
r1
5.3.添加一对虚拟网卡
[root@localhost ~]# ip link add veth0-1 type veth peer name veth0-2
5: veth0-2@veth0-1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 8e:c1:6c:0c:d2:60 brd ff:ff:ff:ff:ff:ff
6: veth0-1@veth0-2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 52:c0:66:b1:6e:f2 brd ff:ff:ff:ff:ff:f
注:veth0-1和veth0-2分别是网卡的两端,此时两端均在物理主机上
5.4.将veth0-2接入到r1网络名称空间中
[root@localhost ~]# ip link set veth0-2 netns r1
[root@localhost ~]# ip link show
6: veth0-1@if5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 52:c0:66:b1:6e:f2 brd ff:ff:ff:ff:ff:ff link-netnsid 0
5.4.查看r1网络名称空间中的网卡
[root@localhost ~]# ip netns exec r1 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth0-2: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 8e:c1:6c:0c:d2:60 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
5.5.修改r1网络名称空间中网卡的名称
[root@localhost ~]# ip netns exec r1 ip link set veth0-2 name eth0
[root@localhost ~]# ip netns exec r1 ifconfig -a
eth0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 8e:c1:6c:0c:d2:60 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
5.6.给r1网络名称空间中的eth0网卡配IP并激活
[root@localhost ~]# ip netns exec r1 ifconfig eth0 10.1.1.1/24 up
[root@localhost ~]# ip netns exec r1 ifconfig
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.1.1.1 netmask 255.255.255.0 broadcast 10.1.1.255
ether 8e:c1:6c:0c:d2:60 txqueuelen 1000 (Ethernet)
5.6.修改宿主机网络名称空间中veth0-1名称
[root@localhost ~]# ip link set veth0-1 name eth0
5.7.给宿主机eth0配IP并激活
[root@localhost ~]# ifconfig eth0 10.1.1.2/24 up
5.8.宿主机与r1网络名称空间现在可通信
[root@localhost ~]# ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.145 ms
64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.070 ms
5.9.如果将宿主机上的eth0(veth0-1)端接入到r2网络名称空间中,并且配置IP激活,则r1可以与r2互相通信
6.docker容器启动默认主机名为容器ID值
[root@localhost ~]# docker run --name b1 --rm -it --network none busybox:latest
/ # hostname
b1c2a4295cf9
6.1.启动容器时注入主机名
[root@localhost ~]# docker run --name b1 --rm -it --network bridge -h cloud.com busybox:latest
/ # hostname
cloud.com
7.默认情况下,容器运行的web服务监听的80端口在容器内部
[root@localhost ~]# docker run --name b1 --rm -it --network bridge -h cloud.com test/web:v0.1-2
[root@localhost ~]# docker exec -it b1 /bin/sh
/ # netstat -an
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::80 :::* LISTEN
7.1.此时只能宿主机和同一个宿主机上其他同网段的容器可以访问80端口,将80端口映射到宿主机,则其它主机也可以访问该80端口口
[root@localhost ~]# docker run --name b1 --rm -it --network bridge -h cloud.com -p 80 test/web:v0.1-2
[root@localhost ~]# docker port b1
80/tcp -> 0.0.0.0:32768
注:此时容器80端口映射到宿主机所有IP+动态端口
7.2.指定映射到指定IP
[root@localhost ~]# docker run --name b1 --rm -it --network bridge -h cloud.com -p 172.17.0.1::80 test/web:v0.1-2
[root@localhost ~]# docker port b1
80/tcp -> 172.17.0.1:32768
注:此时容器80端口映射到宿主机指定IP+动态端口
7.3.指定映射到指定IP+指定端口
[root@localhost ~]# docker run --name b1 --rm -it --network bridge -h cloud.com -p 172.17.0.1:80:80 test/web:v0.1-2
[root@localhost ~]# docker port b1
80/tcp -> 172.17.0.1:80
8.容器共享网络名称空间
8.1.默认情况下,容器之间网络名称空间是隔离的
启动一个名为b1的容器
[root@localhost ~]# docker run --name b1 --rm -it busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:0 (0.0 B)
启动一个名为b2的容器
[root@localhost ~]# docker run --name b2 -it --rm busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:508 (508.0 B) TX bytes:0 (0.0 B)
注:两各容器具有各自的网络名称空间
8.2.重启启动一个名为b2的容器--共享b1的网络名称空间
[root@localhost ~]# docker run --name b2 --network container:b1 -it --rm busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:0 (0.0 B)
注:此时b1,b2共享网络名称空间,共用IP172.17.0.2
9.自定义docker0网桥默认IP
[root@localhost ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
, "bip": "10.1.0.1/16"
}
注:新增配置项要给原有的配置项添加上“,”,但是最后一个配置项不加,bip值要为一个具体的IP,否则docker无法启动
例如:配置为"bip":"10.1.0.0/16",给了一个网段,则docker无法启动
查看docker日志
[root@localhost ~]# journalctl -u docker.service -l
daemon: Error initializing network controller: Error creating default "bridge" network: failed to allocate gateway (10.1.0.0): Address already in use
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
