上云——docker基础篇 docker网络

docker网络

每启动一个docker容器，docker都会给容器分配一个ip，只要安装了docker，默认就会有一个docker0的网卡（桥接模式），使用的技术是evth-pair技术，我们直接在主机输入ip addr，就可以发现veth开头的网卡

# 如果你发现docker容器无法查看ip
[root@lv94 docker]# docker exec -it tomcat04 ip addr
OCI runtime exec failed: exec failed: container_linux.go:380: starting container process caused: exec: "ip": executable file not found in $PATH: unknown
# 进入容器输入如下命令，即可解决上述问题
apt update && apt install -y iproute2

# 如果你发现docker容器没有ping命令，进入容器输入如下命令
apt-get update
apt install net-tools
apt install iputils-ping

# 主机输入ip addr ，可发现如下类似网卡
212: veth424583e@if211: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
    link/ether 1a:7b:18:ea:a6:ba brd ff:ff:ff:ff:ff:ff link-netnsid 0

evth-pair是一对虚拟设备的接口，一段连着协议，一端彼此相连，可以设想虚拟机有这个接口，docker容器也有这个接口，两者通过接口相连，所以可通

# 如何证明上述思想
# 这是docker容器内的网关
[root@lv94 docker]# docker exec -it tomcat04 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
211: eth0@if212: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
```shell
# 这是主机网关(不全仅取代表)
212: veth424583e@if211: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
    link/ether 1a:7b:18:ea:a6:ba brd ff:ff:ff:ff:ff:ff link-netnsid 0

我们发现211：212，对应212：211,这不就是成对出现的嘛？，而且是递增的，下一个容器一定是213：214

docker0其实相当于路由器的角色地位

link

如果直接用容器名去ping其他容器名是没法ping通的，但是如果在开始运行容器的时候加上–link就可以ping通，但是反向如何没加–link是无法通的

# 如下，tomcat06可以ping通tomcat07
docker run -d -P --name tomcat06 --link tomcat07 tomcat

# 实则就是直接绑定hosts
[root@lv94 docker]# docker run -d -P --name tomcat07 --link tomcat06 tomcat
d577a2d9456f764a3b78b58cc3069cfa6ae8de856bb8f7e982e123253166e687
[root@lv94 docker]# docker exec -it tomcat07 /bin/bash
root@d577a2d9456f:/usr/local/tomcat# cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2      tomcat06 7080378f73ce
172.17.0.3      d577a2d9456f

自定义网络

[root@lv94 docker]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
94536c9ebaf3   bridge    bridge    local
76290327ac46   host      host      local
32f10c8673ed   none      null      local

# 网络的模式
bridge 桥接模式
none 不匹配网络
host 和宿主机共享网络
container 容器网络互通

[root@lv94 docker]# docker network --help
Usage:  docker network COMMAND
Manage networks
Commands:
  connect     Connect a container to a network
  create      Create a network
  disconnect  Disconnect a container from a network
  inspect     Display detailed information on one or more networks
  ls          List networks
  prune       Remove all unused networks
  rm          Remove one or more networks
Run 'docker network COMMAND --help' for more information on a command.

# 自定义
[root@lv94 docker]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 xiaonet
11f7c60b0b7e32cdbb12418ecab1a5a27c475cd398f1fcd9fe41556a0f4e33cb
[root@lv94 docker]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
94536c9ebaf3   bridge    bridge    local
76290327ac46   host      host      local
32f10c8673ed   none      null      local
11f7c60b0b7e   xiaonet   bridge    local
# 万能inspect查看详情
[root@lv94 docker]# docker network inspect xiaonet

# 利用自定义容器
[root@lv94 docker]# docker run -d -P --name tomcat08 --net xiaonet tomcat

# 再次查看，发现详细信息已有该容器，并且已分配好ip
[root@lv94 docker]# docker network inspect xiaonet

# 自定义网络在同一网段是可以ping通的不需要link
这一点的好处在于不同的集群之间使用不同的网络，保证集群内部的安全和健康

很明显，不同的网段是无法ping通的，就比如docker0和上述的xiaonet网段

# 可以使用connect进行容器和网段的连通
[root@lv94 docker]# docker network connect xiaonet tomcat09
[root@lv94 docker]# docker network inspect xiaonet
...
        "Containers": {
     
            "63731f043b4a6605c1035d4212e5c4a6663a023897d231caaac80249bd66ec50": {
     
                "Name": "tomcat09",
                "EndpointID": "e1ce0c069ce0b3fb4f22c470fde37bb1b07e3a2f2cbc197257388a4f2a68961b",
                "MacAddress": "02:42:c0:a8:00:03",
                "IPv4Address": "192.168.0.3/16",
                "IPv6Address": ""
            },
            "fa90663b8153ecd20a336e7776cbfe812e19cd4867fe9051846391b3ef3baca2": {
     
                "Name": "tomcat_xiaonet",
                "EndpointID": "49792557f1ddadb3030760d260167faa5a37d7ccbee66ba4e101e3bff76a823d",
                "MacAddress": "02:42:c0:a8:00:02",
                "IPv4Address": "192.168.0.2/16",
                "IPv6Address": ""
            }
        }
        ...
        

# 就可以发现xiaonet中多了一个ip就是tomcat09
# 取消连接的命令
[root@lv94 docker]# docker network disconnect xiaonet tomcat09
[root@lv94 docker]# docker network inspect xiaonet
...
        "Containers": {
     
            "fa90663b8153ecd20a336e7776cbfe812e19cd4867fe9051846391b3ef3baca2": {
     
                "Name": "tomcat_xiaonet",
                "EndpointID": "49792557f1ddadb3030760d260167faa5a37d7ccbee66ba4e101e3bff76a823d",
                "MacAddress": "02:42:c0:a8:00:02",
                "IPv4Address": "192.168.0.2/16",
                "IPv6Address": ""
            }
        }
        ...

# 连接到网段后发现是可以ping通的
[root@lv94 docker]# docker exec -it tomcat09 ping tomcat_xiaonet
ping: tomcat_xiaonet: Name or service not known
[root@lv94 docker]# docker network connect xiaonet tomcat09
[root@lv94 docker]# docker exec -it tomcat09 ping tomcat_xiaonet
PING tomcat_xiaonet (192.168.0.2) 56(84) bytes of data.
64 bytes from tomcat_xiaonet.xiaonet (192.168.0.2): icmp_seq=1 ttl=64 time=0.135 ms
64 bytes from tomcat_xiaonet.xiaonet (192.168.0.2): icmp_seq=2 ttl=64 time=0.050

# 其实我们查看tomcat09不难发现，是有两个ip的
            "Networks": {
     
                "bridge": {
     
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "273a873b979b4d4431304ce4156347135cb4c9e956fc7926278e6140fcb5feeb",
                    "EndpointID": "53bc310e41528db31584749b77818170a49adc80eb2d7465b18483854db26bdd",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:03",
                    "DriverOpts": null
                },
                "xiaonet": {
     
                    "IPAMConfig": {
     },
                    "Links": null,
                    "Aliases": [
                        "63731f043b4a"
                    ],
                    "NetworkID": "11f7c60b0b7e32cdbb12418ecab1a5a27c475cd398f1fcd9fe41556a0f4e33cb",
                    "EndpointID": "d58c06aa0cc35a4d1c19f809ac3d148e1187be95d45f35735c8de780bfd1eb88",
                    "Gateway": "192.168.0.1",
                    "IPAddress": "192.168.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:c0:a8:00:03",
                    "DriverOpts": {
     }
                }
            }