-
02-docker network
Docker网络
Docker网络是什么
Docker 网络是 Docker 容器之间进行通信和连接的网络环境。在 Docker 中,每个容器都有自己的网络命名空间,这意味着每个容器都有自己的网络接口、IP 地址和网络配置
Docker网络启动后,会在宿主机中建立一个名称为 docker0 的网卡
1)Docker不启动,默认的网络情况
[root@nhk ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.188.150 netmask 255.255.255.0 broadcast 192.168.188.255 inet6 fe80::382f:4868:f511:276f prefixlen 64 scopeid 0x20<link> ether 00:0c:29:65:d3:21 txqueuelen 1000 (Ethernet) RX packets 4410 bytes 403698 (394.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2896 bytes 516834 (504.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 32 bytes 2592 (2.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 32 bytes 2592 (2.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 ether 52:54:00:da:bd:9f txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 # virbr0 在CentOS7安装过程中如果有选择相关虚拟化的服务安装服务后,启动网卡时会发现有一个以网桥连接的私网地址的virbr0网卡(virbr0网卡:它还有一个固定的默认IP地址 192.168.122.1),是做虚拟机网桥使用的,其作用是为连接其上的虚拟网卡提供NAT访问外网的功能。- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
2)Docker启动后,默认的网络情况
[root@nhk ~]# ifconfig # 会产生一个名为 docker0 的虚拟网桥 docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 inet6 fe80::42:22ff:fee7:54a1 prefixlen 64 scopeid 0x20<link> ether 02:42:22:e7:54:a1 txqueuelen 0 (Ethernet) RX packets 9 bytes 542 (542.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 15 bytes 1541 (1.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.188.150 netmask 255.255.255.0 broadcast 192.168.188.255 inet6 fe80::382f:4868:f511:276f prefixlen 64 scopeid 0x20<link> ether 00:0c:29:65:d3:21 txqueuelen 1000 (Ethernet) RX packets 4587 bytes 418581 (408.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3024 bytes 548746 (535.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 32 bytes 2592 (2.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 32 bytes 2592 (2.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 ether 52:54:00:da:bd:9f txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
Docker网络作用
Docker网络主要能做以下两件事:
- 容器间的互联和通信以及端口映射
- 容器IP变动时候可以通过服务名直接网络通信而不受到影响
Docker network 常用命令
查看docker网络模式
查看默认创建的3大网络模式
[root@nhk ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 8a75617d76d8 bridge bridge local 079c5936358a host host local b10eb48a66f7 none null local- 1
- 2
- 3
- 4
- 5
查看网络源数据
命令格式
docker network inspect XXX网络名字- 1
[root@nhk ~]# docker network inspect bridge # 查看的是默认的bridge [ { "Name": "bridge", "Id": "8a75617d76d8174ec040263e5d66b9fd174ca72f23095d1857af66cef2ec1aab", "Created": "2023-06-05T01:30:20.686059947-04:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] [root@nhk ~]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
删除网络
命令格式
docker network rm XXX网络名字- 1
查看帮助
[root@nhk ~]# docker network --help Usage: docker network COMMAND Manage networks Commands: connect Connect a container to a network # 将容器连接到网络 create Create a network # 创建网络 disconnect Disconnect a container from a network # 断开容器与网络的连接 inspect Display detailed information on one or more networks # 显示一个或多个网络的详细信息 ls List networks # 网络列表 prune Remove all unused networks # 删除所有未使用的网络 rm Remove one or more networks # 删除一个或多个网络 Run 'docker network COMMAND --help' for more information on a command. [root@nhk ~]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
演示案例
[root@nhk ~]# docker network create aaa_network # 创建网络 dd09c16d817371405974f2d0e06eb27d5363aeb65255419ec4eca1fc0a57ef93 [root@nhk ~]# docker network ls # 列出网络 NETWORK ID NAME DRIVER SCOPE dd09c16d8173 aaa_network bridge local 8a75617d76d8 bridge bridge local 079c5936358a host host local b10eb48a66f7 none null local [root@nhk ~]# docker network rm aaa_network # 删除网络 aaa_network [root@nhk ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 8a75617d76d8 bridge bridge local 079c5936358a host host local b10eb48a66f7 none null local [root@nhk ~]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
Docker网络模式
Docker网络模式有5种,主要是以下四种:
网络模式 描述 命令 bridge 为每个容器分配、设置IP等,并将容器连接到一个 docker0的虚拟网桥,默认为该模式使用 –network bridge 指定,默认使用docker0 host 容器将不会模拟出自己的网卡,配置自己的IP等,而是使用宿主机的IP和端口 使用 –network host 指定 none 容器有独立的 Network namespace,但并没有对其进行任何的网络设置,如分配 veth pair 和网桥连接,Ip等 使用 –network none 指定 container 新创建的容器不会指定自己的网卡和配置自己的IP,而是和指定的容器共享IP、端口范围等 使用 --network container:NAME或容器ID指定 容器实例内默认网络IP生产规则
# 1.先启动两个ubuntu容器实例 [root@nhk ~]# docker run -it --name u1 ubuntu bash root@030e1aa6f6b0:/# [root@nhk ~]# # run进去,可以使用ctrl+q+p退出,容器不会停止 [root@nhk ~]# docker run -it --name u2 ubuntu bash root@85377f94fa48:/# [root@nhk ~]# [root@nhk ~]# [root@nhk ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 85377f94fa48 ubuntu "bash" 49 seconds ago Up 48 seconds u2 030e1aa6f6b0 ubuntu "bash" 3 minutes ago Up 3 minutes u1 # 2.使用命令 docker inspect 容器ID或名字 查看容器内部细节 [root@nhk ~]# docker inspect u1 | tail -20 "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "8a75617d76d8174ec040263e5d66b9fd174ca72f23095d1857af66cef2ec1aab", "EndpointID": "5c8beb5cd7d0be4b4b915f936eb6e43984901d7a424b85f3c8a7bc8e7b2000a4", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:02", "DriverOpts": null } } } } ] [root@nhk ~]# docker inspect u2 | tail -20 "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "8a75617d76d8174ec040263e5d66b9fd174ca72f23095d1857af66cef2ec1aab", "EndpointID": "a82734da07cde955ca4267afdf62840c5be092567a0611a5b8f69a7013c6cb2a", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.3", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:03", "DriverOpts": null } } } } ] [root@nhk ~]# # 从上面可以看到 u1 使用的是 172.17.0.2 # u2 使用的是 172.17.0.3 # 3.接下来关闭 u2 实例,新建u3,查看ip变化情况 [root@nhk ~]# docker stop u2 u2 [root@nhk ~]# docker run -it --name u3 ubuntu bash root@3047ee811de3:/# [root@nhk ~]# [root@nhk ~]# docker inspect u3 |tail -20 "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "8a75617d76d8174ec040263e5d66b9fd174ca72f23095d1857af66cef2ec1aab", "EndpointID": "eba5ee2d3a1fb3df36a6b5c8490e0f3b45e27fd7ef4cff6e3a067a375b064b0e", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.3", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:03", "DriverOpts": null } } } } ] [root@nhk ~]# # 观察发现,u3使用了 172.17.0.3 ,当u2再次运行的时候,就使用不了 172.17.0.3 了,网络就会发生变化- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
总结
Dokcer容器内部的IP是有可能会发生变化的
Docker网络——bridge
bridge 模式 是什么?
Docker服务默认会创建一个名为 docker0 网桥(其上有一个docker0内部接口),该桥接网络的名称为docker0,它在内核层连通了其他的物理或虚拟网卡,这就将所有的容器和本地主机都放到了同一个物理网络。 Docker默认指定了 docker0 接口的IP地址和子网掩码,让主机和容器之间可以通过网桥相互通信。
# 查看 bridge 网络的详细信息,并通过 grep 获取名称项 [root@nhk ~]# docker network inspect bridge | grep name "com.docker.network.bridge.name": "docker0", [root@nhk ~]# ifconfig | grep docker docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500- 1
- 2
- 3
- 4
- 5
- 6
-
Docker使用Linux桥接,在宿主机虚拟一个Docker容器网桥(docker0),Docker启动一个容器时会根据Docker网桥的网段分配给容器一个IP地址,称为
Container-IP,同时Docker网桥是每个容器的默认网关。因为在同一个宿主机内的容器都接入同一个网桥,这样容器之间就能够通过容器的 Container-IP 直接通信。 -
docker run 的时候,没有指定network 的话,默认使用的网桥模式就是bridge,使用的就是docker0。在宿主机ifconfig,就可以看到docker0 和自己 create 的network eth0,eth1,eth2… ,分别代表网卡一、网卡二、网卡三… ,lo 代表 127.0.0.1 ,即 localhost,inter addr 用来表示网卡的IP地址
- 网桥docker0 创建一对对等虚拟设备接口,一个叫 veth,另一个叫 eth0,成对匹配
- 整个宿主机的网桥模式都是 docker0,类似一个交换机有一堆接口,每个接口叫veth,在本地主机和容器内分别创建一个虚拟接口,并让它们彼此连通(这样一对接口叫 veth pair)
- 每个容器实例内部也有一块网卡,每个接口叫eth0。
-
docker0 上面的每个veth 匹配某个容器实例内部的 eth0,两两配对,一一匹配
通过上述,将宿主机上的所有容器都连接到这个内部网络,两个容器在同一个网络下,会从这个网关拿到分配的ip,此时两个容器的网络是互通的。
下面通过代码来验证
# 启动两个容器实例 [root@nhk ~]# docker run -itd --name centos7001 centos7:ssh /bin/bash f833d07afbe36c59698e68629229f8986d625305538643d145ef38e9cf0461b9 [root@nhk ~]# docker run -itd --name centos7002 centos7:ssh /bin/bash 18a43817e08e4d6ebdb1db8b645896edabd3e1a234980a6fe28716e02078ada3 # 查看宿主机 [root@nhk ~]# ip addr ... 12: veth4e2c0a0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 52:69:13:f4:6c:2f brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::5069:13ff:fef4:6c2f/64 scope link valid_lft forever preferred_lft forever 14: veth65be1b1@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 36:c4:4b:a7:a0:d5 brd ff:ff:ff:ff:ff:ff link-netnsid 1 inet6 fe80::34c4:4bff:fea7:a0d5/64 scope link valid_lft forever preferred_lft forever # 查看到了 12: veth4e2c0a0@if11 14: veth65be1b1@if13 # 进入容器内部查看 [root@nhk ~]# docker exec -it centos7001 /bin/bash [root@f833d07afbe3 /]# ip addr ... 11: eth0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@nhk ~]# docker exec -it centos7002 /bin/bash [root@18a43817e08e /]# ip addr ... 13: eth0@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever # 两个容器分别查看到了 11: eth0@if12 13: eth0@if14 刚好与宿主机查到的 12: veth4e2c0a0@if11 14: veth65be1b1@if13 相对应了,证明 veth,eth0,成对匹配- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
Docker网络——host
host 模式是什么?
直接使用宿主机的IP与外界进行通信,不需要额外进行NAT转换
- 容器将不会获得一个独立的 Network Namespace ,而是和宿主机共用一个Network Namespace。容器将不会虚拟出自己的网卡,而是直接使用宿主机的IP和端口
演示
[root@nhk ~]# docker run -itd -p 8083:8080 --network host --name centos7003 centos7:ssh /bin/bash WARNING: Published ports are discarded when using host network mode # 警告:使用主机网络模式时,已发布的端口将被丢弃 05ce66cbb2628e9ef21fbfba0ebe4ed5829a3a28e7f32fc774b3f3b7718390a8 [root@nhk ~]# docker ps # 此时,我们查看容器,发现我们映射出去的端口没有成功映射出去 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 05ce66cbb262 centos7:ssh "/bin/bash" 4 minutes ago Up 4 minutes centos7003 # 这里遇到了问题: docker启动时总是遇见怎么个警告 # 原因: docker启动时指定 --network=host 或 -net=host,如果还指定了端口映射,那么这时候就会有这么个警告,并且通过 -p 设置的参数将不会起到任何作用,端口号会以主机端口号为主,重复时则递增。 # 解决方法: 使用docker的其他网络模式,例如 --network=bridge,就这就解决了,或者是无视这个警告 [root@nhk ~]# docker inspect centos7003 | tail -n 20 "Networks": { "host": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "079c5936358a32cf4ebb844f0c5e6018471edde2eb2a05007cbb1f077b82d717", "EndpointID": "4351a5ecafc6ff92ff7c4f04554391b71036570606a78d7e4882b1b389c4ed30", "Gateway": "", # 发现host模式下,容器没有分配网关和IP "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "", "DriverOpts": null } } } } ] # 进入容器查看ip [root@nhk ~]# docker exec -it centos7003 /bin/bash [root@nhk /]# ifconfig docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 inet6 fe80::42:33ff:fe89:8eda prefixlen 64 scopeid 0x20<link> ether 02:42:33:89:8e:da txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 13 bytes 1752 (1.7 KiB) .. # 查看后发现,host 模式的网络配置与宿主机一致- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
总结
使用 host 模式时,端口映射没有意义,因此不推荐使用 -p 参数
那如果没有 -p 设置端口映射了,我们怎么访问容器内的8083端口呢?
-
在 host 模式下,容器会借用宿主机的IP地址,所有容器与宿主机共享IP,此时也直接使用宿主机的对应端口访问8083,即通过 宿主机ip:8083 方式访问
-
host模式的好处,外部主机可以与容器直接进行通信
Docker网络——none
none 模式是什么?
在none模式下,并不为Docker容器进行任何的网络配置
也就是说,这个Docker容器没有网卡、IP、路由等信息,只有lo标识(127.0.0.1的本地回环)
此时,需要我们自己为Docker容器添加网卡、配置IP等
演示
[root@nhk ~]# docker run -itd -p 8084:8080 --network none --name centos7004 centos7:ssh /bin/bash 6ed05e25ccecc1add0114aeb4e525546a83c75406c5dd49be4998a6f52506e9d [root@nhk ~]# docker inspect centos7004 | tail -n 20 "Networks": { "none": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "b10eb48a66f7d2ef959475a8a90b66b5356c053d9fec87d083949aea39a37924", "EndpointID": "2174d69badad4969b4245b733a38d6f1083045207a8d566e0d5dedb857c84268", "Gateway": "", "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "", "DriverOpts": null } } } } ] [root@nhk ~]# docker exec -it centos7004 /bin/bash [root@6ed05e25ccec /]# ip addr # 只有lo 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
Docker网络——container
container 模式是什么?
新建的容器和已经存在的一个容器共享一个网络IP配置,而不是和宿主机共享。新创建的容器不会创建自己的网卡信息、配置IP等,而是和一个指定的容器共享IP、端口范围等。
同样,两个容器除了网络方面,其他的如文件系统、进程列表等都是隔离的
演示
[root@nhk ~]# docker run -itd -p 8085:8080 --name centos7005 centos7:ssh 3ec3291fa0e87c9ac2a61f0c4435fd1b850410f00b2be1cfcf0aa9600b13d977 [root@nhk ~]# docker run -itd -p 8086:8080 --network container:centos7005 --name centos7006 centos7:ssh docker: Error response from daemon: conflicting options: port publishing and the container type network mode. See 'docker run --help'. # 报错,相当于centos7005与 centos7006公用同一个ip同一个端口,导致端口冲突- 1
- 2
- 3
- 4
- 5
- 6
- 7
再次演示
# Alpine Linux 是一款独立的、非商用的Linux发行版,专为追求安全的、简单的和资源效率的用户而设计。这个Linux 很适合做Docker的基础镜像,因为它非常的小巧,特别适合容器打包 # 启动容器 alpine1 [root@nhk ~]# docker run -it --name alpine1 alpine /bin/sh / # # 启动容器 alpine2 [root@nhk ~]# docker run -it --network container:alpine1 --name alpine2 alpine /bin/sh / # # 在容器 alpine1 输入 观察到 19: eth0@if20 172.17.0.4 / # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever / # # 在容器 alpine2 输入 观察到 19: eth0@if20 172.17.0.4 ,验证了两个容器共用了网络配置 / # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever / # # 此时关闭容器 apline1,再看看容器apline2 的网络配置,发现没有了,只有一个lo了 / # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever / #- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
Docker网络——自定义
没有自定义网络之前
1)创建两个容器实例
[root@nhk ~]# docker run -itd -p 8081:8080 --name centos7001 centos7:ssh bf0c0411632b8737d68dac0fd3ff0b4e599d5672b6a13befafdc1881787cdc99 [root@nhk ~]# docker run -itd -p 8082:8080 --name centos7002 centos7:ssh 683d89bb0c261b845cf81034ef934de0a4ec17e3ba01a2eeb391b1c4da9b953d- 1
- 2
- 3
- 4
2)打开两个终端分别进入两个容器,并查看IP
[root@nhk ~]# docker exec -it centos7001 /bin/bash [root@bf0c0411632b /]# [root@bf0c0411632b /]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255 ... [root@nhk ~]# docker exec -it centos7002 /bin/bash [root@683d89bb0c26 /]# [root@683d89bb0c26 /]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.3 netmask 255.255.0.0 broadcast 172.17.255.255 ...- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
3)两个容器按照IP地址ping
# centos7001 屏 centos7002 能ping通 [root@bf0c0411632b /]# ping 172.17.0.3 PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data. 64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.079 ms 64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.180 ms ^C --- 172.17.0.3 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 0.079/0.129/0.180/0.051 ms [root@bf0c0411632b /]# # centos7002 屏 centos7001 能ping通 [root@683d89bb0c26 /]# ping 172.17.0.2 PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data. 64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.063 ms 64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.177 ms 64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.143 ms ^C --- 172.17.0.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 0.063/0.127/0.177/0.049 ms [root@683d89bb0c26 /]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
4)两个容器按照服务名ping
[root@bf0c0411632b /]# ping centos7002 ping: centos7002: Name or service not known [root@683d89bb0c26 /]# ping centos7002 ping: centos7002: Name or service not known # 都ping不通- 1
- 2
- 3
- 4
- 5
- 6
- 7
用了自定义网络之后
1)自定义桥接网络,自定义网络默认使用的是桥接网络bridge
[root@nhk ~]# docker network create test_network 59aa9546e3270fbd1076d7daa2cd75142876d69d10854c9046fec59dc10542cf [root@nhk ~]# docker network ls NETWORK ID NAME DRIVER SCOPE d36aa7b6e75b bridge bridge local 079c5936358a host host local b10eb48a66f7 none null local 59aa9546e327 test_network bridge local- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
2)新建容器并加入自定义网络
[root@nhk ~]# docker run -itd -p 8081:8080 --network test_network --name centos7001 centos7:ssh ea495df658d3d6a102c8c23c5c9cf4fbed660b0bccefca0d4203581cbfa8c9ca [root@nhk ~]# docker run -itd -p 8082:8080 --network test_network --name centos7002 centos7:ssh 963e806885fd73cdb2ac1b61080e3a578d1a34157dfbb68ffc8cc900f6345bb8 [root@nhk ~]#- 1
- 2
- 3
- 4
- 5
3)容器相互ping
[root@ea495df658d3 /]# ping 172.18.0.3 PING 172.18.0.3 (172.18.0.3) 56(84) bytes of data. 64 bytes from 172.18.0.3: icmp_seq=1 ttl=64 time=0.066 ms 64 bytes from 172.18.0.3: icmp_seq=2 ttl=64 time=0.175 ms ^C --- 172.18.0.3 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.066/0.120/0.175/0.055 ms [root@ea495df658d3 /]# [root@963e806885fd /]# ping 172.18.0.2 PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data. 64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.141 ms 64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.191 ms ^C --- 172.18.0.2 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.141/0.166/0.191/0.025 ms [root@963e806885fd /]# [root@ea495df658d3 /]# ping centos7002 PING centos7002 (172.18.0.3) 56(84) bytes of data. 64 bytes from centos7002.test_network (172.18.0.3): icmp_seq=1 ttl=64 time=0.042 ms 64 bytes from centos7002.test_network (172.18.0.3): icmp_seq=2 ttl=64 time=0.182 ms ^C --- centos7002 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.042/0.112/0.182/0.070 ms [root@ea495df658d3 /]# [root@963e806885fd /]# ping centos7001 PING centos7001 (172.18.0.2) 56(84) bytes of data. 64 bytes from centos7001.test_network (172.18.0.2): icmp_seq=1 ttl=64 time=0.053 ms 64 bytes from centos7001.test_network (172.18.0.2): icmp_seq=2 ttl=64 time=0.111 ms ^C --- centos7001 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.053/0.082/0.111/0.029 ms [root@963e806885fd /]# # 结果发现,当容器加入自定义网络后,相互通过ip ping 和 服务名 ping 都能ping通- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
总结
自定义网络本身就维护好了主机名和ip的对应关系(ip和域名都能通)
-
相关阅读:
【校招VIP】java语言考点之异常
网络安全(黑客)自学
nginx代理无法访问后端服务
kubectl 资源管理命令-陈述式
纯血鸿蒙来了,企业开发者应该关注什么
Vcenter6.5扩容存储后无法创建虚机处理方法
JVM三色标记
分布式系统中的乐观和错误假设
亲爱的朋友
【云原生】Helm 常用命令(chart 安装、升级、回滚、卸载等操作)
- 原文地址:https://blog.csdn.net/weixin_56058578/article/details/132717558
