【Docker系列】网络基础
理解docker0
1、进入Linux服务器,查看网络信息
[root@iZ2zein4retlu7npemaz4qZ ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:16:3e:34:e3:16 brd ff:ff:ff:ff:ff:ff
inet 172.17.68.127/20 brd 172.17.79.255 scope global dynamic eth0
valid_lft 298941357sec preferred_lft 298941357sec
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:cb:eb:53:a5 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
valid_lft forever preferred_lft forever
9: vetha3ff9fc@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 8a:2a:b0:df:72:14 brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vetha8c1d18@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 0e:a2:8d:a2:b9:49 brd ff:ff:ff:ff:ff:ff link-netnsid 1
13: vethce5a18c@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether a6:86:22:3c:98:bb brd ff:ff:ff:ff:ff:ff link-netnsid 2
发现docker0,安装docker时就会生成,充当容器的路由器,记录容器的ip地址,负责容器之间的通信(容器之间不是直接通信的,而是通过docker0)
以及下面的信息
9: vetha3ff9fc@if8: mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 8a:2a:b0:df:72:14 brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vetha8c1d18@if10: mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 0e:a2:8d:a2:b9:49 brd ff:ff:ff:ff:ff:ff link-netnsid 1
13: vethce5a18c@if12: mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether a6:86:22:3c:98:bb brd ff:ff:ff:ff:ff:ff link-netnsid 2
以上的信息就是docker未docker容器创建的虚拟的网络信息,使用的技术为evth-pair。
evth-pair 就是一对虚拟的设备接口,他们都是成堆出现的,一端连着协议,一端彼此相连
正式因为有了这个技术,evth-pair 充当了一个桥梁,连接各种虚拟网络设备
容器之间是可以ping通的
link
问题:docker每次启动容器的ip地址都会重新分配,那么如何使用名称来代替ip来访问容器呢?
docker exec -it tomcat01 --link tomcat02 tomcat
#使用--link命令将tomcat01 与tomcat02 连接,这样tomcat01 就可以使用容器名称tomcat02来访问容器了,但是tomcat02并不能访问tomcat01
--link 原理就是在tomcat01 的hosts文件中使用tomcat02映射了他的ip
docker0存在的问题,不支持使用容器名连接访问!
自定义网络
docker network ls
NETWORK ID NAME DRIVER SCOPE
bf4ea77c70b8 bridge bridge local
993f64552733 host host local
b578ba5fbfa0 none null local
网络模式:
bridge:桥接 docker(默认)
none:不配置网络
host:和宿主机共享网络
container: 容器内网络联通(用的少,局限很大)
创建docker网络
[root@iZ2zein4retlu7npemaz4qZ ~]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
#create
[root@iZ2zein4retlu7npemaz4qZ ~]# docker network create --help
Usage: docker network create [OPTIONS] NETWORK
Create a network
Options:
--attachable Enable manual container attachment
--aux-address map Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[])
--config-from string The network from which to copy the configuration
--config-only Create a configuration only network
-d, --driver string Driver to manage the Network (default "bridge")
--gateway strings IPv4 or IPv6 Gateway for the master subnet
--ingress Create swarm routing-mesh network
--internal Restrict external access to the network
--ip-range strings Allocate container ip from a sub-range
--ipam-driver string IP Address Management Driver (default "default")
--ipam-opt map Set IPAM driver specific options (default map[])
--ipv6 Enable IPv6 networking
--label list Set metadata on a network
-o, --opt map Set driver specific options (default map[])
--scope string Control the network's scope
--subnet strings Subnet in CIDR format that represents a network segment
创建自定义网络“mynet"
#--driver bridge 桥接模式
#--subnet 192.168.0.0/16 子网
#--gateway 192.168.0.1 网关
docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
创建成功
[root@iZ2zein4retlu7npemaz4qZ ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
bf4ea77c70b8 bridge bridge local
993f64552733 host host local
3e88b34cea02 mynet bridge local
b578ba5fbfa0 none null local
查看创建的网络的信息
[root@iZ2zein4retlu7npemaz4qZ ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "3e88b34cea024a63c2674702d64babf9604664572294f7f2be255112b9785a14",
"Created": "2021-09-28T16:09:33.724740597+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
使用自定义网络启动容器
# -d 后台启动
# -P 随机端口
# --name 设置容器名称
# --net 指定网络
docker run -d -P --name tomcat-net-01 --net mynet tomcat
使用自定义网络启动的容器,不需要在使用–link命令就可以直接通过容器名进行连通
网络连通
连接连个不同的网络,例如将自定义的网络与docker0连通等
将网络与容器连通
[root@iZ2zein4retlu7npemaz4qZ ~]# docker network connect --help
Usage: docker network connect [OPTIONS] NETWORK CONTAINER
Connect a container to a network
Options:
--alias strings Add network-scoped alias for the container
--driver-opt strings driver options for the network
--ip string IPv4 address (e.g., 172.30.100.104)
--ip6 string IPv6 address (e.g., 2001:db8::33)
--link list Add link to another container
--link-local-ip strings Add a link-local address for the container
打通方式:一个容器两个IP,参考阿里云的内网和外网ip