本文深入探讨Docker 1.12中网络功能的改进,包括内置虚拟IP负载均衡、路由网格、加密多主机覆盖网络等特性。通过具体示例,讲解如何使用不同类型的网络,如none、host和bridge,并分析其对容器通信的影响。
分享一下我老师大神的人工智能教程!零基础,通俗易懂!http://blog.youkuaiyun.com/jiangjunshow
也欢迎大家转载本篇文章。分享知识,造福人民,实现我们中华民族伟大复兴!
docker1.12中的network功能作了一定改进, 但是关于network应该如何使用,docker中的网络模型是如何设计的,当我们在run起来一个container而全然没有意识到network的时候,docker是怎样处理的,在这篇文章中,我们回去尝试一探究竟.
docker1.12有关network的特性增加
| 特性 |
|---|
| Built-in Virtual-IP based internal and ingress load-balancing using IPVS |
| Routing Mesh using ingress overlay network |
| Secured multi-host overlay networking using encrypted control-plane and Data-plane |
| MacVlan driver is out of experimental |
| Add driver filter to network ls |
| Adding network filter to docker ps –filter |
| Add –link-local-ip flag to create, run and network connect to specify a container’s link-local address |
| Add network label filter support |
| Removed dependency on external KV-Store for Overlay networking in Swarm-Mode |
| Add container’s short-id as default network alias |
| run options –dns and –net=host are no longer mutually exclusive |
| Fix DNS issue when renaming containers with generated names |
| Allow both network inspect -f {{.Id}} and network inspect -f {{.ID}} to address inconsistency with inspect output |
比如关于:Add driver filter to network ls。现在可以使用driver作为过滤条件来确认network的情况
[root@host31 ~]# docker network ls --filter driver=bridgeNETWORK ID NAME DRIVER SCOPEe2836311817e bridge bridge local[root@host31 ~]#
- 1
- 2
- 3
- 4
docker network的种类
在刚刚安装完docker之后,下面三个network是被自动地创建出来的。
| network种类 |
|---|
| none |
| host |
| bridge |
[root@host31 ~]# docker network lsNETWORK ID NAME DRIVER SCOPEe2836311817e bridge bridge local58211460fd1f host host locala157ec9146b7 none null local[root@host31 ~]#
- 1
- 2
- 3
- 4
- 5
- 6
初期状态
使用network inspect命令可以看到以上三种network最初的状态。
docker network inspect none
[root@host31 ~]# docker network inspect none[ { "Name": "none", "Id": "a157ec9146b720cb38981fa1a22390b60c78fcd4396a1d50d979427f480799d6", "Scope": "local", "Driver": "null", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [] }, "Internal": false, "Containers": {}, "Options": {}, "Labels": {} }][root@host31 ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
docker network inspect host
[root@host31 ~]# docker network inspect host[ { "Name": "host", "Id": "58211460fd1f3da1bbc392a43ddd2b79a8bec663620b7783cefcf910940ddcd9", "Scope": "local", "Driver": "host", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [] }, "Internal": false, "Containers": {}, "Options": {}, "Labels": {} }][root@host31 ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
docker network inspect bridge
[root@host31 ~]# docker network inspect bridge[ { "Name": "bridge", "Id": "e2836311817eabd7b2d28e3bbc2ae5e7a545a8652446d52ca77cd55fa7ba50d1", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16" } ] }, "Internal": false, "Containers": {}, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} }][root@host31 ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
创建一个container加入none
用一下命令可以创建一个centos的container将其加入none的network中。
docker run -it --name container_none --network=none centos /bin/bash
- 1
[root@host31 ~]# docker run -it --name container_none --network=none centos /bin/bash[root@0dfd0712c5ca /]#
- 1
- 2
另外打开一个终端,让我们来看看发生了什么
[root@host31 tmp]# docker network inspect none[ { "Name": "none", "Id": "a157ec9146b720cb38981fa1a22390b60c78fcd4396a1d50d979427f480799d6", "Scope": "local", "Driver": "null", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [] }, "Internal": false, "Containers": { "0dfd0712c5cab81f3328a39aa5f57723c957915b67d5bc235fb514120bd03f56": { "Name": "container_none", "EndpointID": "a7b8a817f1cf42fa3566eb0327b337d2352f0f8efa5ceec4d10f96b69e13ffc4", "MacAddress": "", "IPv4Address": "", "IPv6Address": "" } }, "Options": {}, "Labels": {} }][root@host31 tmp]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
加入了none的network的container,我们可以从上面通过他的Name等发现就是刚刚穿件的container_none,下面我们来看一下这个container中有哪些特点。
[root@0dfd0712c5ca /]# ping www.baidu.comping: unknown host www.baidu.com[root@0dfd0712c5ca /]#[root@0dfd0712c5ca /]# ping 192.168.32.31connect: Network is unreachable[root@0dfd0712c5ca /]#[root@0dfd0712c5ca /]# ping localhostPING localhost (127.0.0.1) 56(84) bytes of data.64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.338 ms64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.082 ms^C--- localhost ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1001msrtt min/avg/max/mdev = 0.082/0.210/0.338/0.128 ms[root@0dfd0712c5ca /]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
除了自己谁都连接不通,是它的特点。
创建一个container加入host
用一下命令可以创建一个centos的container将其加入host的network中。
docker run -it --name container_host --network=host centos /bin/bash
- 1
[root@host31 ~]# docker run -it --name container_host --network=host centos /bin/bash[root@host31 /]#
- 1
- 2
怎么回事,不是-i方式启动的麽,另外怎么目录变了呢。另外打开一个终端,让我们来看看发生了什么
[root@host31 tmp]# docker ps |grep container_host43b4f08151e2 centos "/bin/bash" 7 minutes ago Up 6 minutes container_host[root@host31 tmp]#这个就是host的方式的container,上面提示的[root@host31 /]已经不是在宿主机,而是在container_host中了,我们可以简单的确认一下,比如至少用centos官方最新镜像启动的container中是不可能有我们安装的docker1.12的。[root@host31 /]# hostnamehost31[root@host31 /]# docker infobash: docker: command not found[root@host31 /]#虽然你的hostname跟宿主机一样,但是我们都知道那是你的马甲了。通过下面的inspect也能看到其已经加入host网络中了。[root@host31 tmp]# docker network inspect host[ { "Name": "host", "Id": "58211460fd1f3da1bbc392a43ddd2b79a8bec663620b7783cefcf910940ddcd9", "Scope": "local", "Driver": "host", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [] }, "Internal": false, "Containers": { "43b4f08151e2da050e26aa62b27f68229cd112a963a35e5fcb7b6ed47e0e7f11": { "Name": "container_host", "EndpointID": "365f5858203d3d5162edf7350fa1094174df29f60d9978f90aa975068f93db74", "MacAddress": "", "IPv4Address": "", "IPv6Address": "" } }, "Options": {}, "Labels": {} }][root@host31 tmp]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
加入了host的network的container,我们可以从上面通过他的Name等发现就是刚刚穿件的container_host,下面我们来看一下这个container中有哪些特点。
[root@host31 /]# ping -w1 www.baidu.comPING www.a.shifen.com (14.215.177.38) 56(84) bytes of data.64 bytes from 14.215.177.38: icmp_seq=1 ttl=128 time=61.2 ms--- www.a.shifen.com ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 61.262/61.262/61.262/0.000 ms[root@host31 /]#[root@host31 /]# ping container_hostping: unknown host container_host[root@host31 /]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
跟none不同,它不再是只能自己跟自己通信. 它和外部是连通的。
创建一个container加入bridge
用一下命令可以创建一个centos的container将其加入bridge的network中。因为缺省不指定就是这种方式, 我们平时没有意识到network的存在,其实是使用的bridge的方式
docker run -it --name container_bridge centos /bin/bash
- 1
[root@host31 ~]# docker run -it –name container_bridge centos /bin/bash
[root@743d5689399a /]#
- 1
另外打开一个终端,让我们来看看发生了什么
[root@host31 tmp]# docker ps |grep container_bridge743d5689399a centos "/bin/bash" 42 seconds ago Up 41 seconds container_bridge[root@host31 tmp]# docker network inspect bridge[ { "Name": "bridge", "Id": "e2836311817eabd7b2d28e3bbc2ae5e7a545a8652446d52ca77cd55fa7ba50d1", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16" } ] }, "Internal": false, "Containers": { "743d5689399aab527f83a0708763970bc671801ff377ac791f9aee2b58de4b34": { "Name": "container_bridge", "EndpointID": "c0ad0de740ed65b7c6e8e63fc34e42e807c9d82822341bef8f474dcca8fc4272", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" } }, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} }][root@host31 tmp]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
加入了bridge的network的container,我们可以从上面通过他的Name等发现就是刚刚穿件的container_bridge,下面我们来看一下这个container中有哪些特点。
[root@743d5689399a /]# ping -w1 www.baidu.comPING www.a.shifen.com (103.235.46.39) 56(84) bytes of data.64 bytes from 103.235.46.39: icmp_seq=1 ttl=127 time=255 ms--- www.a.shifen.com ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 255.315/255.315/255.315/0.000 ms[root@743d5689399a /]#[root@743d5689399a /]# ping container_bridgeping: unknown host container_bridge[root@743d5689399a /]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
跟none不同,它不再是只能自己跟自己通信.它和外部是连通的。在接下来的文章中,我们将会通过更多的试验来学习docker不同的network是如何运转以及他们之间可以如何通信等。
给我老师的人工智能教程打call!http://blog.youkuaiyun.com/jiangjunshow
扫一扫
1612
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
