docker进阶
Docker网络
[root@ecs-56325218 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
2c63c1a8145c bridge bridge local
70d3439bbb55 host host local
ffc74cf89143 none null local
[root@ecs-56325218 ~]# docker network create aa_network
[root@ecs-56325218 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
9462f910652a aa_network bridge local
2c63c1a8145c bridge bridge local
70d3439bbb55 host host local
ffc74cf89143 none null local
[root@ecs-56325218 ~]# docker network rm aa_network
[root@ecs-56325218 ~]# docker network inspect bridge
能干啥:
- 容器间的互联和通信及端口映射
- 容器IP变动时可以通过服务器名直接网络通信而不收到影响
bridge:为每个容器分配、设置IP等,并将容器连接到一个 docker0,虚拟网桥,默认模式
host:使用宿主机的IP和端口
none:有独立的network namespace,但没有任何网络设置
container:新创建的容器不会创建自己的网卡和配置自己ip,而是和指定的容器共享IP
[root@ecs-56325218 ~]# docker run -it --name u1 ubuntu bash
[root@ecs-56325218 ~]# docker run -it --name u2 ubuntu bash
[root@ecs-56325218 ~]# docker inspect u1|tail -n 20
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "2c63c1a8145c68c6c534a34b74000fa666f02992ff0c3c1f92c5e365dbdba150",
"EndpointID": "4d5e3d950cbb9a5350af354db9b494ab2d974f4f070dfd204f37985b88d8b167",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
[root@ecs-56325218 ~]# docker inspect u2|tail -n 20
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "2c63c1a8145c68c6c534a34b74000fa666f02992ff0c3c1f92c5e365dbdba150",
"EndpointID": "6b8d78dd245baaa8202e86d2f03721da8b822f23fd3be5c56dd1de82cc66cca0",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:03",
"DriverOpts": null
}
}
}
}
]
[root@ecs-56325218 ~]# docker rm -f u2
u2
[root@ecs-56325218 ~]# docker run -it --name u3 ubuntu
[root@ecs-56325218 ~]# docker inspect u3|tail -n 20
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "2c63c1a8145c68c6c534a34b74000fa666f02992ff0c3c1f92c5e365dbdba150",
"EndpointID": "17edefbc9981476ab8c6218deaefeaf75793d4b02aea367dce8c060abe983948",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:03",
"DriverOpts": null
}
}
}
}
]
# IPAddress 地址重复了(docker容器内的ip是有可能发生改变的)
Bridge
Docker服务默认会创建一个docker0网桥(其上有一个docker0内部接口),该桥接网络的名称为docker0,他在内核层连通了其他的物理或虚拟网卡。这就将所有容器和本地主机放到同一个物理网络。Docker默认指定了docker0接口的IP和子网掩码。让主机和容器之间可以通过网桥相互通信
查看bridge网络详细信息,并通过grep获取名称项
[root@ecs-56325218 ~]# docker network inspect bridge | grep name
"com.docker.network.bridge.name": "docker0",
[root@ecs-56325218 ~]# ifconfig | grep docker
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
网桥docker0创建一对对等虚拟设备接口一个叫veth,另一个叫eth0成对匹配
- 整个宿主机的网桥模式都是docker0,类似一个交换机有一堆接口,每个接口叫veth,在本地主机和容器内分别创建一个虚拟接口,并让他们彼此连通(这样一对接口叫做veth pair)
- 每个容器实例内部也有一块网卡,每个接口叫做eth0
- docker0上面的每个veth匹配某个容器内部的eth0.两两配对,一一匹配
通过上述,宿主机上的所有容器都连接到这个内部网络上,两个容器在同一个网络下,会从这个网关下各自拿到分配的ip,此时两个容器的ip是互通的
[root@ecs-56325218 ~]# docker run -d -p 8081:8080 --name tomcat81 billygoo/tomcat8-jdk8
[root@ecs-56325218 ~]# docker run -d -p 8082:8080 --name tomcat82 billygoo/tomcat8-jdk8
[root@ecs-56325218 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether fa:16:3e:3b:3a:19 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.6/24 brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe3b:3a19/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:4f:9b:14:d4 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:4fff:fe9b:14d4/64 scope link
valid_lft forever preferred_lft forever
18: veth73d8667@if17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 7a:7e:42:81:ce:59 brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::787e:42ff:fe81:ce59/64 scope link
valid_lft forever preferred_lft forever
20: veth5b8262f@if19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether da:5c:73:1f:ba:d4 brd ff:ff:ff:ff:ff:ff link-netnsid 3
inet6 fe80::d85c:73ff:fe1f:bad4/64 scope link
valid_lft forever preferred_lft forever
# 宿主机上存在veth虚拟接口
[root@ecs-56325218 ~]# docker exec -it tomcat81 bash
root@b187acd19e51:/usr/local/tomcat# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
# 容器内存在对应eth0
Host 
容器将不会获得一个独立的Network Namespace,而是和宿主机共用一个Netwrok Namespace,容器将不会虚拟出自己的网卡而是使用宿主机的ip和端口
[root@ecs-56325218 ~]# docker run -d -p 8083:8080 --network host --name tomcat83 billygoo/tomcat8-jdk8
WARNING: Published ports are discarded when using host network mode
77208dd7f37acaf699395453c21e158398972de5fd091a54c4adf333cb1110c6
[root@ecs-56325218 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
77208dd7f37a billygoo/tomcat8-jdk8 "catalina.sh run" 14 seconds ago Up 13 seconds tomcat83
e20c064bcaa7 billygoo/tomcat8-jdk8 "catalina.sh run" 9 minutes ago Up 9 minutes 0.0.0.0:8082->8080/tcp, :::8082->8080/tcp tomcat82
b187acd19e51 billygoo/tomcat8-jdk8 "catalina.sh run" 9 minutes ago Up 9 minutes 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp tomcat81
有警告,原因:不推荐
忽略警告
[root@ecs-56325218 ~]# docker run -d --network host --name tomcat83 billygoo/tomcat8-jdk8
[root@ecs-56325218 ~]# curl http://localhost:8080
# 共用宿主机端口
Container 
tomcat 共用一套网络有端口冲突不适合演示
使用Alpine Linux ,特点:安全、简单、小巧(6M)
[root@ecs-56325218 ~]# docker run -it --name alpine1 alpine /bin/sh
[root@ecs-56325218 ~]# docker run -it --network container:alpine1 --name alpine2 alpine /bin/sh
[root@ecs-56325218 ~]# docker exec -it alpine1 /bin/sh
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
[root@ecs-56325218 ~]# docker exec -it alpine2 /bin/sh
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
自定义网络:重点
- 容器间的互联和通信及端口映射
- 容器IP变动时可以通过服务器名直接网络通信而不收到影响
默认桥接的缺点,同一网络内服务名称无法ping通
docker network create aa
docker run -d -p 8081:8080 --network aa --name tomcat81 billygoo/tomcat8-jdk8
docker run -d -p 8082:8080 --network aa --name tomcat82 billygoo/tomcat8-jdk8
[root@ecs-56325218 ~]# docker exec -it tomcat81 bash
root@88a936c716c9:/usr/local/tomcat# ping tomcat82
PING tomcat82 (172.20.0.3) 56(84) bytes of data.
64 bytes from tomcat82.aa (172.20.0.3): icmp_seq=1 ttl=64 time=0.089 ms
64 bytes from tomcat82.aa (172.20.0.3): icmp_seq=2 ttl=64 time=0.093 ms
64 bytes from tomcat82.aa (172.20.0.3): icmp_seq=3 ttl=64 time=0.051 ms
以后玩docker一定要维护好服务名,注意!!!以后要走服务名,不要直接走ip了(带宽),做好网络隔离
docker-compose容器编排
工程:docker-compose.yml,一个完整的业务单元
服务:docker-compose.yml里面编写的容器
docker-compose
-h # 查看帮助
up # 启动所有docker-compose服务
up -d # 后台启动所有d-c服务
down # 停止并删除容器、网络、卷、镜像
exec yml里面的服务id # 进入容器实例内部
ps # 查看运行容器
top # 查看当前容器进程
logs yml里面的服务id # 日志
config # 检查配置
config -q # 检查配置,有问题输出
restart
start
stop
以 https://gitee.com/gz-yami/mall4j.git 为例
具体参考 我的谷
监控
简单监控
docker stats
重量监控
CIG