docker网络管理
一、docker容器网络模式
docker支持5中网络模式
1、bridge(nat模式)
默认网络,docker启动后默认创建一个docker0的网桥,默认创建的容器也是添加到这个网桥中
2、host(仅主机模式)
容器不会获取一个独立的network naespace,而是与宿主共用一个
3、none(不给容器配置任何网络环境,专门用来配置网桥模式)
获取独立的network namespace,但不为容器进行任何网络配置
4、container(让两个容器用一个网卡)
与指定的容器使用同一个network namespace,网络配置也都相同
5、自定义(给默认的网络模式起名)
自定义网桥,默认与bridge网络一样
二、bridge网络模式
#安装bridge管理工具
yum -y install bridge-utils
which brctl
/usr/sbin/brctl
#查看网桥状态
brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.024287a80a25 no
#查看docker0网卡
ifconfig docker0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:87:a8:0a:25 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#查看网络类型
docker network ls
NETWORK ID NAME DRIVER SCOPE
ca92722f2be6 bridge bridge local
5c2d415491a4 host host local
ea892f96ff1b none null local
#运行一个mynginx的容器
docker run -d --name mynginx nginx:latest
7a91571a6dec0a72e15bbe381d44927b7ca65f8fbbdede01500dbfef8ba8e161
#查看网络信息
docker inspect mynginx|grep -A 15 "Networks"
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "ca92722f2be67bffb5891b1fd964ee6ba173ffcf56be86a4f5109bd27be72362",
"EndpointID": "650708a2a7e64394bb2af2fae0c6ca510714da02eee0e540c1aa594191685aa0",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
#观察可以发现,默认运行的容器使用了docker0作为了自己的网关,也就是采用了bridge的方式
三、host网络类型
#启动一个网络类型为host的容器
docker run -d --name nginx-host --net host nginx:latest
08fdf882ac2634be2e463ba0a31f8a5cb58de72628ed0e06b20c783b9f750b3e
#查看nginx-host容器的网络信息
docker exec nginx-host hostname -I
172.24.16.171
#查看宿主机的网络信息
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.24.16.171 netmask 255.255.192.0 broadcast 172.24.63.255
ether 00:16:3e:2e:3a:d0 txqueuelen 1000 (Ethernet)
RX packets 148663 bytes 207358468 (197.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 90412 bytes 10938070 (10.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#可以发现与宿主机共用一个IP
四、none网络类型
启动一个网络类型为none的容器 docker run -d --name nginx-none --net none nginx:latest 2e048804bdd18bedd0eedf5355d904eed333ff184c38e016d13034cc4ddda540 #查看nginx-none的容器网络信息 docker exec nginx-none hostname -I #没有任何信息
五、container网络类型
#启动一个网络类型为container的容器,使用mynginx容器的网卡
docker run -d --name tomcat-container --net container:mynginx tomcat:latest
b9a0fd96968fbe8a228f02b2e31a1aabb4d67d4811bd548e850dc278a594e3f1
#查看网络设置
docker inspect tomcat-container | grep -A 15 "Networks"
"Networks": {}
}
}
]
#查看IP信息
docker exec tomcat-container hostname -I172.17.0.2
#可以看到tomcat-container没有网络配置,但有IP地址和mynginx的一样
六、建立网桥与配置固定IP地址
#构建永久生效的网桥br0
cd /etc/sysconfig/network-scripts/
cp ifcfg-eth0 ifcfg-br0
vim ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
BRIDGE=br0
vim ifcfg-br0
DEVICE=br0
BOOTPROTO=static
ONBOOT=yes
TYPE=Bridge
IPADD=192.168.200.111
NETMASK=255.255.255.0
GATEWAY=192.168.200.2
DNS1=192.168.200.2
#重启网络配置
systemctl restart network
通过pipework工具配置容器固定IP
#pipework工具下载地址
https://codeload.github.com/jpetazzo/pipework/zip/master
#git地址
https://github.com/jpetazzo/pipework.git
#使用unzip解压
unzip pipework-master.zip
mv pipework-master /usr/local/
ln -s /usr/local/pipework-master/pipework /usr/local/bin/
#查看链接是否成功
which pipework
/usr/local/bin/pipework
#创建一个none的镜像
docker run -d --name nginx-none --net none nginx:latest
eee9b25641cfdb73eb126da9c8eedefd15f9a26055d7438bd452ef148634dc95
#查看nginx-none的IP地址
docker exec nginx-none hostname -I
#查看网络配置信息
docker inspect nginx-none | grep -A 15 "Networks"
"Networks": {
"none": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "ce0560c3a2a1095690c46943d3d2874b873912197ad38261c6e5d9358ed9a649",
"EndpointID": "8eba61bd2cda602816d2ba5dfc28818e5ed9bc3a0c6b7fa240a4c2c1cc8afb1b",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
#使用pipework配置固定IP地址
pipework docker0 nginx-none 172.17.0.6/16@172.17.0.1
#再次查看nginx-none容器IP地址与网络信息
docker exec nginx-none hostname -I
172.17.0.6
docker inspect nginx-none | grep -A 15 "Networks"
"Networks": {
"none": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "ce0560c3a2a1095690c46943d3d2874b873912197ad38261c6e5d9358ed9a649",
"EndpointID": "8eba61bd2cda602816d2ba5dfc28818e5ed9bc3a0c6b7fa240a4c2c1cc8afb1b",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
#可以发现网络配置没变,只是有了IP地址
浙公网安备 33010602011771号