docker容器网络配置
四种网络模式配置
bridge
[root@YL ~]# docker run -it --name ly busybox //bridg是docker默认的网络模式所以可以不用加--network
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
none
[root@YL ~]# docker run -it --name ly --network none --rm busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
host
[root@YL ~]# docker run -it --name ly --network host --rm busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel qlen 1000
link/ether 00:0c:29:18:57:bd brd ff:ff:ff:ff:ff:ff
inet 192.168.124.128/24 brd 192.168.124.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe18:57bd/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 02:42:c3:16:60:4b brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:c3ff:fe16:604b/64 scope link
valid_lft forever preferred_lft forever
启动第一个日本容器
[root@YL ~]# docker run -it --name liu busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
启动第二个容器
[root@YL ~]# docker run -it --name yang --network container:liu busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
容器的常用操作
查看hostnmae
[root@YL ~]# docker run -it --name ly --rm busybox //不指定hostname时会以容器id命名
/ # hostname
f8fec1b227ec
手动指定hostname
[root@YL ~]# docker run -it --hostname liuyang --name ly --rm busybox
/ # hostname
liuyang
手动指定容器要使用的dns,手动注入主机名到IP地址的映射
[root@YL ~]# docker run -it --name ly --network host --dns 8.8.8.8 --add-host www.baidu.com:1.2.3.4 --hostname ly busybox
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
1.2.3.4 www.baidu.com
/ # cat /etc/resolv.conf
nameserver 8.8.8.8
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel qlen 1000
link/ether 00:0c:29:18:57:bd brd ff:ff:ff:ff:ff:ff
inet 192.168.124.128/24 brd 192.168.124.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe18:57bd/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 02:42:c3:16:60:4b brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:c3ff:fe16:604b/64 scope link
valid_lft forever preferred_lft forever
11: veth399c5d7@if10: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master docker0
link/ether 6e:b7:32:bb:1a:3c brd ff:ff:ff:ff:ff:ff
inet6 fe80::6cb7:32ff:febb:1a3c/64 scope link
valid_lft forever preferred_lft forever
虚拟设备创建应用
创建一个ns0的命名空间
[root@YL ~]# ip netns add ns0
[root@YL ~]# ip netns list
ns0
[root@YL ~]# ls /var/run/netns/
ns0
查看新创建 Network Namespace 的网卡信息
[root@YL ~]# ip netns exec ns0 ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
可以看到,新创建的Network Namespace中会默认创建一个lo回环网卡,此时网卡处于关闭状态。此时,尝试去 ping 该lo回环网卡,会提示Network is unreachable
通过下面的命令启用lo回环网卡:
[root@YL ~]# ip netns exec ns0 ping 127.0.0.1
connect: Network is unreachable
[root@YL ~]# ip netns exec ns0 ip link set lo up
[root@YL ~]# ip netns exec ns0 ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.019 ms
^C
--- 127.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.019/0.019/0.019/0.000 ms
创建veth pair
下面我们利用veth pair实现两个不同的 Network Namespace 之间的通信。刚才我们已经创建了一个名为ns0的 Network Namespace,下面再创建一个信息Network Namespace,命名为ns1
[root@YL ~]# ip link add type veth
[root@YL ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
18: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether be:57:fb:db:31:25 brd ff:ff:ff:ff:ff:ff
19: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ce:7e:17:a1:d5:e4 brd ff:ff:ff:ff:ff:ff
[root@YL netns]# ip netns add ns1
//然后我们将veth0加入到ns0,将veth1加入到ns1
[root@YL netns]# ip link set veth1 netns ns1
[root@YL ~]# ip link set veth0 netns ns0
然后我们分别为这对veth pair配置上ip地址,并启用它们
[root@YL netns]# ip netns exec ns0 ip link set veth0 up
[root@YL netns]# ip netns exec ns0 ip addr add 192.168.1.2/24 dev veth0
[root@YL netns]# ip netns exec ns1 ip link set lo up
[root@YL netns]# ip netns exec ns1 ip link set veth1 up
[root@YL netns]# ip netns exec ns1 ip addr add 192.168.1.3/24 dev veth1
查看这对veth pair的状态
[root@YL netns]# ip netns exec ns0 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
18: veth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether be:57:fb:db:31:25 brd ff:ff:ff:ff:ff:ff link-netns ns1
inet 192.168.1.2/24 scope global veth0
valid_lft forever preferred_lft forever
inet6 fe80::bc57:fbff:fedb:3125/64 scope link
valid_lft forever preferred_lft forever
[root@YL netns]# ip netns exec ns1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
19: veth1@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ce:7e:17:a1:d5:e4 brd ff:ff:ff:ff:ff:ff link-netns ns0
inet 192.168.1.3/24 scope global veth1
valid_lft forever preferred_lft forever
inet6 fe80::cc7e:17ff:fea1:d5e4/64 scope link
valid_lft forever preferred_lft forever
从上面可以看出,我们已经成功启用了这个veth pair,并为每个veth设备分配了对应的ip地址。我们尝试在ns1中访问ns0中的ip地址:
[root@YL netns]# ip netns exec ns1 ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.102 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.108 ms
^C
--- 192.168.1.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1060ms
rtt min/avg/max/mdev = 0.102/0.105/0.108/0.003 ms
veth设备重命名
[root@YL netns]# ip netns exec ns0 ip link set veth0 down
[root@YL netns]# ip netns exec ns0 ip link set dev veth0 name eth0
[root@YL netns]# ip netns exec ns0 ip -a
[root@YL netns]# ip netns exec ns0 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
18: eth0@if19: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether be:57:fb:db:31:25 brd ff:ff:ff:ff:ff:ff link-netns ns1
inet 192.168.1.2/24 scope global eth0
valid_lft forever preferred_lft forever
[root@YL netns]# ip netns exec ns0 ip link set eth0 up
浙公网安备 33010602011771号