Docker网络
docker网络类型
-
Bridge 桥接
-
类似VMware NAT
-
-
Host
-
容器与宿主机之间网卡共享 不支持端口映射,但性能好
-
-
Container(K8s使用的模式)
-
容器与容器之间网卡共享
-
-
None
-
无网络模式
-
Briage
# 查看网络方式
[root@docker02 wordpress]# docker network ls
NETWORK ID NAME DRIVER SCOPE
73848298b8b9 bridge bridge local
aecdd274f8e4 host host local
ffef9ad12645 none null local
# 详细信息
[root@docker02 wordpress]# docker network inspect bridge
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
# 安装bridge-utils 查看
[root@zabbix01 ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.0242eca7bc4c no
# 启动镜像
[root@docker02 wordpress]# docker run -it busybox sh
# 查看网卡
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:04
inet addr:172.17.0.4 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)
# 启动镜像
[root@docker01 wordpress]# docker run -it busybox sh
# 查看网卡
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:04
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)
## 目前容器是无法跨主机通讯的
修改网桥IP
# 方法1
[root@docker01 ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --bip=192.168.10.1/24
[root@docker01 ~]# systemctl restart docker
[root@docker01 ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::42:eff:fece:afc1 prefixlen 64 scopeid 0x20<link>
ether 02:42:0e:ce:af:c1 txqueuelen 0 (Ethernet)
RX packets 32158 bytes 29815441 (28.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 48670 bytes 109381416 (104.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 方法2
[root@docker01 docker]# vim /etc/docker/daemon.json
{
"bip": "10.0.1.1/24",
"registry-mirrors": ["https://7t3bpp45.mirror.aliyuncs.com"]
}
Host
# 以host模式启动容器
[root@docker01 docker]# docker run -it --network=host busybox sh
/ # ifconfig
docker0 Link encap:Ethernet HWaddr 02:42:0E:CE:AF:C1
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::42:eff:fece:afc1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32158 errors:0 dropped:0 overruns:0 frame:0
TX packets:48670 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:29815441 (28.4 MiB) TX bytes:109381416 (104.3 MiB)
eth0 Link encap:Ethernet HWaddr 00:0C:29:85:DA:E0
inet addr:10.0.0.101 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe85:dae0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1667149 errors:0 dropped:0 overruns:0 frame:0
TX packets:379134 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2410223695 (2.2 GiB) TX bytes:127704831 (121.7 MiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:85:DA:EA
inet addr:172.16.1.101 Bcast:172.16.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe85:daea/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1672 (1.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
veth2144a4a Link encap:Ethernet HWaddr AE:26:2D:7D:BA:B9
inet6 addr: fe80::ac26:2dff:fe7d:bab9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:656 (656.0 B)
Container(K8s使用的模式)
## 启动一个centos
[root@docker01 ~]# docker run -it centos:7 /bin/bash
[root@6f25e43e5e9b /]# curl 127.0.0.1
curl: (7) Failed connect to 127.0.0.1:80; Connection refused # 连接127.0.0.1:80失败;连接拒绝
[root@6f25e43e5e9b /]# hostname -I
172.17.0.2
## 启动一个nginx使用container模式
[root@docker01 ~]# docker run --network=container:6f25e43e5e9b -d nginx:alpine
[root@docker01 ~]# docker exec -it c0daffdfd3fc7a3b /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)
## 再curl一下
[root@6f25e43e5e9b /]# curl 127.0.0.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
None
## 无网络模式
[root@docker01 docker]# docker run -it --network none busybox /bin/sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
自定义网络模式
以上4种模式都是docker自带的网络模式,docker还有一种叫做 自定义网络模式
## 创建自定义网络模板
docker network create -d <mode> --subnet <CIDR> --gateway <网关> <自定义网路名称>
## 创建自定义网络
[root@docker01 docker]# docker network create -d bridge --subnet 192.168.20.0/24 --gateway 192.168.20.1 Shanghai
22d2f7f9f37b0fd7968e30a06fe262116049dd89f4657735dba4a4587f899e8d
## 查看网络模式
[root@docker01 docker]# docker network ls
NETWORK ID NAME DRIVER SCOPE
22d2f7f9f37b Shanghai bridge local
afc1a46a075c bridge bridge local
13b1e5b180ca host host local
93421e492ab8 none null local
## VPC网络
[root@docker01 docker]# docker run -it --network Shanghai busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:14:02
inet addr:192.168.20.2 Bcast:192.168.20.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:962 (962.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # ping 192.168.20.2
PING 192.168.20.2 (192.168.20.2): 56 data bytes
64 bytes from 192.168.20.2: seq=0 ttl=64 time=0.036 ms
64 bytes from 192.168.20.2: seq=1 ttl=64 time=0.058 ms
[root@docker01 ~]# docker run -it busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:0A:03
inet addr:192.168.10.3 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:516 (516.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # ping 192.168.20.2
PING 192.168.20.2 (192.168.20.2): 56 data bytes