Docker网络模式，网络管理-外部访问容器，给默认网桥设置网段

Docker网络模式

列出所有网络命令

[root@localhost ~]# docker network
Usage:  docker network COMMAND
Manage networks
Commands:
  connect     Connect a container to a network
  create      Create a network
  disconnect  Disconnect a container from a network
  inspect     Display detailed information on one or more networks
  ls          List networks
  prune       Remove all unused networks
  rm          Remove one or more networks

查看网络

[root@localhost ~]# docker network ls

NETWORK ID NAME DRIVER SCOPE
8291336329d7 bridge bridge local
6bdbc5de5595 host host local
1cf8e3bc325d none null local

查询容器

[root@localhost ~]# docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
829ec7f9d031 registry:latest “/entrypoint.sh /etc…” 2 hours ago Up 26 minutes 0.0.0.0:5000->5000/tcp peaceful_northcutt

不进入容器查询网络ip

docker使用的网络实际上和宿主机一样，在容器内看到的网卡ip是宿主机ip

[root@localhost ~]# docker exec -it 829ec7f9d031 ip a

1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever

查看虚拟机的ip（会发现是同一网段）

[root@localhost ~]# ip a

1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777728: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:93:a9:8a brd ff:ff:ff:ff:ff:ff
inet 192.168.200.23/24 brd 192.168.200.255 scope global eno16777728
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe93:a98a/64 scope link
valid_lft forever preferred_lft forever
3: docker0: mtu 1500 qdisc noqueue state UP
link/ether 02:42:f0:8b:68:f6 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:f0ff:fe8b:68f6/64 scope link
valid_lft forever preferred_lft forever
9: vethb5144d7@if8: mtu 1500 qdisc noqueue master docker0 state UP
link/ether e2:b4:0d:da:d2:76 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::e0b4:dff:feda:d276/64 scope link
valid_lft forever preferred_lft forever

查看网段详情信息

一
bridge模式，使用–net=bridge指定默认模式，不用指定默认就是这种网络模式。这种模式会为每个容器分配一个独立的Network Namespace。类似于vmware的nat网络模式。同一个宿主机上的所有容器会在同一个网段下，相互之间是可以通信的。

[root@localhost ~]# docker network inspect bridge

[
{
“Name”: “bridge”,
“Id”: “8291336329d7b0276eb709544cd5b375e6961c14a8f3a23b578a198e1b074b84”,
“Created”: “2020-11-19T02:48:42.239285979+08:00”,
“Scope”: “local”,
“Driver”: “bridge”,
“EnableIPv6”: false,
“IPAM”: {
“Driver”: “default”,
“Options”: null,
“Config”: [
{

“Subnet”: "172.17.0.0/16",
“Gateway”: "172.17.0.1"

            }
        ]
    },
    "Internal": false,
    "Attachable": false,
    "Ingress": false,
    "ConfigFrom": {
        "Network": ""
    },
    "ConfigOnly": false,
    "Containers": {
        "829ec7f9d0311893f7cb5214a87758f7ab35440698cde7ad11a7b56aa8948aaa": {
            "Name": "peaceful_northcutt",
            "EndpointID": "7ecf0982babd9f58aeb421ced552921b3484f74a08acbc6b2d03ea91465b9a7a",
            "MacAddress": "02:42:ac:11:00:02",
            "IPv4Address": "172.17.0.2/16",
            "IPv6Address": ""
        }
    },
    "Options": {
        "com.docker.network.bridge.default_bridge": "true",
        "com.docker.network.bridge.enable_icc": "true",
        "com.docker.network.bridge.enable_ip_masquerade": "true",
        "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
        "com.docker.network.bridge.name": "docker0",
        "com.docker.network.driver.mtu": "1500"
    },
    "Labels": {}
}

二
none模式，使用–net=none指定
这种模式下，不会配置任何网络

[root@localhost ~]# docker network inspect host

[
{
“Name”: “host”,
“Id”: “6bdbc5de5595ff16f325b7961929e513a2c283bb77f4c46e6967b48396b10e4c”,
“Created”: “2020-11-19T01:14:08.568110562+08:00”,
“Scope”: “local”,
“Driver”: “host”,
“EnableIPv6”: false,
“IPAM”: {
“Driver”: “default”,
“Options”: null,
“Config”: []
},
“Internal”: false,
“Attachable”: false,
“Ingress”: false,
“ConfigFrom”: {
“Network”: “”
},
“ConfigOnly”: false,
“Containers”: {},
“Options”: {},
“Labels”: {}
}
]
三
空的

[root@localhost ~]# docker network inspect none

[
{
“Name”: “none”,
“Id”: “1cf8e3bc325d0714bd4076bada12e76abae3f67e5565c2975e450a85dc211133”,
“Created”: “2020-11-19T01:14:08.558290692+08:00”,
“Scope”: “local”,
“Driver”: “null”,
“EnableIPv6”: false,
“IPAM”: {
“Driver”: “default”,
“Options”: null,
“Config”: []
},
“Internal”: false,
“Attachable”: false,
“Ingress”: false,
“ConfigFrom”: {
“Network”: “”
},
“ConfigOnly”: false,
“Containers”: {},
“Options”: {},
“Labels”: {}
}
]

创建网络

[root@localhost ~]# docker network create aaa

fad1d82431321f4926c4f902ec67a1d0f8e4c5a55e9f329070cb9680a0677432

查询aaa的网段信息
自动同步bridge

[root@localhost ~]# docker network inspect aaa

[

{
    "Name": "aaa",
    "Id": "fad1d82431321f4926c4f902ec67a1d0f8e4c5a55e9f329070cb9680a0677432",
    "Created": "2020-11-19T03:33:26.152454869+08:00",
    "Scope": "local",
    "Driver": "bridge",
    "EnableIPv6": false,
    "IPAM": {
        "Driver": "default",
        "Options": {},
        "Config": [
            {
                "Subnet": `"172.18.0.0/16",`
                "Gateway": `"172.18.0.1"`
            }
        ]
    },
    "Internal": false,
    "Attachable": false,
    "Ingress": false,
    "ConfigFrom": {
        "Network": ""
    },
    "ConfigOnly": false,
    "Containers": {},
    "Options": {},
    "Labels": {}
}

]

删除aaa网络

[root@localhost ~]# docker network rm aaa

aaa
查看网络

[root@localhost ~]# docker network ls

NETWORK ID NAME DRIVER SCOPE
8291336329d7 bridge bridge local
6bdbc5de5595 host host local
1cf8e3bc325d none null local

创建一个新的容器并运行

前提准备：

拉取镜像

[root@localhost ~]# docker pull centos

查看镜像

[root@localhost ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 300e315adb2f Less than a second ago 209MB
①

[root@localhost ~]# docker run -itd --name host --network=host centos:latest  /bin/bash

与虚拟机本身一样

[root@localhost ~]# docker exec -it host  ip a

1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777728: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:93:a9:8a brd ff:ff:ff:ff:ff:ff
inet 192.168.200.23/24 brd 192.168.200.255 scope global eno16777728
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe93:a98a/64 scope link
valid_lft forever preferred_lft forever
3: docker0: mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:f0:8b:68:f6 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:f0ff:fe8b:68f6/64 scope link
valid_lft forever preferred_lft forever
9: vethb5144d7@if8: mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether e2:b4:0d:da:d2:76 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::e0b4:dff:feda:d276/64 scope link
valid_lft forever preferred_lft forever

②与虚拟机本身不一样（none模式，使用–net=none指定
这种模式下，不会配置任何网络）

[root@localhost ~]# docker run -itd --name none --network=none centos:latest  /bin/bash

2a20eabe640e4d9aaf7855fa6f0ce6853156d550e63fd32ea4154e2ad2a7ad3f

[root@localhost ~]# docker exec -it none ip a

1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
③使用上一个容器网络（ip是一模一样）
d58c2668dc01 centos:latest “/bin/bash” 14 minutes ago Up 14 minutes host

[root@localhost ~]# docker run -itd --name bridge centos:latest  /bin/bash

e7bfe0498aab6ca5b676f64db899c09218d4fddf953cbe29559b0a531342ea56

[root@localhost ~]# docker exec -it bridge ip a

1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
11: eth0@if12: mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever

[root@localhost ~]# docker run -itd --name bridge-2 --net=container:bridge centos:latest  /bin/bash

e4185965cd00449f57d852a19d40eb6e6bc315b6b512018d3f930e7113b08cf4

[root@localhost ~]# docker exec -it bridge-2 ip a

1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
11: eth0@if12: mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever

互ping也是ok哒！

[root@localhost ~]# docker exec -it bridge-2 ping 127.0.0.1

PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.172 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.082 ms
^C
— 127.0.0.1 ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 6ms
rtt min/avg/max/mdev = 0.082/0.127/0.172/0.045 ms

Docker网络管理-外部访问容器

使用centos镜像新建一个容器，然后在该容器中安装httpd服务，并启动

进入容器bridge

[root@localhost ~]# docker exec -it bridge /bin/bash

下载http

[root@e7bfe0498aab /]# yum install -y httpd

开启http

[root@e7bfe0498aab /]# httpd -k start

下载net-tools

[root@e7bfe0498aab /]# yum install -y net-tools

查看端口

[root@e7bfe0498aab /]# netstat -ntpl   

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 103/httpd

退出

把该容器导成一个新的镜像（centos-httpd)，然后再使用新镜像创建容器，并指定端口映射

[root@localhost ~]# docker ps -a

e7bfe0498aab centos:latest “/bin/bash” 23 minutes ago Up 23 minutes bridge

[root@localhost ~]# docker commit -m "install http" -a "Aming" e7bfe0498aab centos_with_http

sha256:8403fdc47e05dfeacf73dd76a72ccce1b139059053491a06da3cd7b5a3538bfd

[root@localhost ~]# docker images

centos_with_http latest 8403fdc47e05 3 seconds ago 250MB

新镜像创建容器，并指定端口映射

[root@localhost ~]# docker run -itd --name httpd -p 8888:80 8403fdc47e05 /bin/bash

5bc74d2e8855e58df15dccd71701cb28ecb65758b0298476331fe6c3a72706fd

进入httpd

[root@localhost ~]# docker exec -it httpd /bin/bash
[root@5bc74d2e8855 /]# httpd -k start

AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.4. Set the ‘ServerName’ directive globally to suppress this message

[root@5bc74d2e8855 /]# netstat -ntpl

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 29/httpd

访问apache网页

编辑1.html

[root@localhost ~]# docker exec -it httpd /bin/bash
[root@5bc74d2e8855 /]# vi /var/www/html/1.html
[root@5bc74d2e8855 /]# httpd -k start    

AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.4. Set the ‘ServerName’ directive globally to suppress this message
httpd (pid 29) already running

[root@5bc74d2e8855 /]# rm -rvf /etc/httpd/conf.d/welcome.conf 
removed '/etc/httpd/conf.d/welcome.conf'

[root@5bc74d2e8855 /]# httpd -k start      

AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.4. Set the ‘ServerName’ directive globally to suppress this message
httpd (pid 29) already running

访问网页

[root@localhost ~]# docker exec -it httpd /bin/bash
[root@5bc74d2e8855 /]# rm -rvf /etc/httpd/conf.d/welcome.conf
[root@5bc74d2e8855 /]# httpd -k restart
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message

给默认网桥设置网段

更改docker配置文件

[root@localhost ~]# [root@localhost ~]# vi /etc/docker/daemon.json 
 "bip": "192.168.5.1/24"
{
     
"insecure-registries":["192.168.200.23:5000"],
"registry-mirrors": ["https://dhq9bx4f.mirror.aliyuncs.com"],
 "bip": "192.168.0.1/24"

}

重启服务并启动容器测试

[root@localhost ~]# systemctl restart docker

[root@localhost ~]# ip a

1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777728: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:93:a9:8a brd ff:ff:ff:ff:ff:ff
inet 192.168.200.23/24 brd 192.168.200.255 scope global eno16777728
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe93:a98a/64 scope link
valid_lft forever preferred_lft forever
3: docker0: mtu 1500 qdisc noqueue state UP
link/ether 02:42:f0:8b:68:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:f0ff:fe8b:68f6/64 scope link
valid_lft forever preferred_lft forever
16: veth29fc350@if15: mtu 1500 qdisc noqueue master docker0 state UP
link/ether 92:01:a5:c4:39:22 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::9001:a5ff:fec4:3922/64 scope link
valid_lft forever preferred_lft forever