docker容器网络配置2
自定义docker0桥的网络属性信息
自定义docker0桥的网络属性信息需要修改/etc/docker/daemon.json配置文件
1 { 2 "bip": "192.168.1.5/24", # 网桥的ip 3 "fixed-cidr": "192.168.1.5/25", # 混合模式的ip 4 "fixed-cidr-v6": "2001:db8::/64", # 缓和模式ipv6的ip 5 "mtu": 1500, # 最大传输单元 6 "default-gateway": "10.20.1.1", # 网关 7 "default-gateway-v6": "2001:db8:abcd::89", # ipv6的网关 8 "dns": ["10.20.1.2","10.20.1.3"] 9 }
1 [root@localhost ~]# docker run -d --name web httpd # 启一个容器 2 b6cb0aea6b71e2d3e5330c58c3019576c2835ea5864e85c7ce2ea435ea60577e 3 [root@localhost ~]# docker ps 4 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5 b6cb0aea6b71 httpd "httpd-foreground" 11 seconds ago Up 9 seconds 80/tcp web 6 [root@localhost ~]# docker inspect web 7 "Gateway": "172.17.0.1", 8 "IPAddress": "172.17.0.2", # ip 9 [root@localhost ~]# vim /etc/docker/daemon.json # 修改如下 10 { 11 "registry-mirrors": ["https://o8iex5ry.mirror.aliyuncs.com"], 12 "bip":"192.168.1.1/24" 13 } 14 [root@localhost ~]# systemctl restart docker # 重启docker 15 web 16 [root@localhost ~]# ip a # 查看网络详细信息 17 docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 18 link/ether 02:42:e7:69:ef:af brd ff:ff:ff:ff:ff:ff 19 inet 192.168.1.1/24 brd 192.168.1.255 scope global docker0 20 valid_lft forever preferred_lft forever # IP变成我们设置的 21 [root@localhost ~]# docker ps -a # 更改以后容器会停掉 22 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 23 b6cb0aea6b71 httpd "httpd-foreground" 12 minutes ago Exited (0) 2 minutes ago web 24 [root@localhost ~]# docker start web # 重启容器 25 web 26 [root@localhost ~]# docker ps -a 27 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 28 b6cb0aea6b71 httpd "httpd-foreground" 13 minutes ago Up 5 seconds 80/tcp web 29 [root@localhost ~]# docker inspect web # 查看相信信息 30 "Gateway": "192.168.1.1", 31 "IPAddress": "192.168.1.2", # IP 也变成我们更改的 32 # 我们更改ip以后docker就会停止,重启之后容器没有启动,是我们手动启动的生产环境时候容器数量太多,我们不可能一个个去手动启动, 33 [root@localhost ~]# docker run -d --name web --restart=always httpd # 加上restart=always 选项,可以让docker重启时,自动启动相关容器 34 0dce636ec3217027391e9889e36caba9e95aec2bf3adafbd36474e5d73b6b5d5 35 [root@localhost ~]# vim /etc/docker/daemon.json 36 { 37 "registry-mirrors": ["https://o8iex5ry.mirror.aliyuncs.com"] 38 } # 删掉刚才更改的docker IP 39 [root@localhost ~]# systemctl restart docker # 重启docker,容器也会启动 40 [root@localhost ~]# docker inspect web # 查看web的ip 41 "Gateway": "192.168.1.1", 42 "IPAddress": "192.168.1.2", # 还是我们之前设置的 43 [root@localhost ~]# ip a 44 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 45 link/ether 02:42:e7:69:ef:af brd ff:ff:ff:ff:ff:ff 46 inet 192.168.1.1/24 brd 192.168.1.255 scope global docker0 47 valid_lft forever preferred_lft forever 48 inet6 fe80::42:e7ff:fe69:efaf/64 scope link # docker0的ip也是我们之前设置的,说明你设置了,删除还是会保留你设置的,除非你重新设置。 49 [root@localhost ~]# vim /etc/docker/daemon.json 50 { 51 "registry-mirrors": ["https://o8iex5ry.mirror.aliyuncs.com"], 52 "bip": "172.17.0.1/16" # 修改回来 53 } 54 [root@localhost ~]# systemctl restart docker # 重启docker 55 [root@localhost ~]# docker inspect web # 查看web的详细信息 56 "Gateway": "172.17.0.1", 57 "IPAddress": "172.17.0.2", # 改回来了 58 "IPPrefixLen": 16,
核心选项为bip,即bridge ip之意,用于指定docker0桥自身的IP地址;其它选项可通过此地址计算得出。
docker创建自定义桥
创建一个额外的自定义桥,区别于docker0
[root@localhost ~]# docker network ls # 默认的只有三个 NETWORK ID NAME DRIVER SCOPE 7eef472aff89 bridge bridge local 77faf4b77bb6 host host local f6caf930adf9 none null local [root@localhost ~]# docker network create -d bridge --subnet "192.168.1.0/24" --gateway "192.168.1.1" br0 # 创建一个叫br0的网络,指定用bridge模式(默认就是bridge模式)网段为192.168.1.0/24,24位子掩码,网关为192.168.1.1 04a189ad5987db4b1faff77dc3f7e983a9c743adcf89c19d5963ea994e3be0ce [root@localhost ~]# docker network ls # 新增了一个br0的桥 NETWORK ID NAME DRIVER SCOPE 04a189ad5987 br0 bridge local 7eef472aff89 bridge bridge local 77faf4b77bb6 host host local f6caf930adf9 none null local [root@localhost ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:bc:11:bf brd ff:ff:ff:ff:ff:ff inet 192.168.149.130/24 brd 192.168.149.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:e7:69:ef:af brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:e7ff:fe69:efaf/64 scope link valid_lft forever preferred_lft forever 81: veth9b90e31@if80: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether e2:e9:8b:02:76:6b brd ff:ff:ff:ff:ff:ff link-netnsid 2 inet6 fe80::e0e9:8bff:fe02:766b/64 scope link valid_lft forever preferred_lft forever 82: br-04a189ad5987: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default # br0的桥 link/ether 02:42:bd:e5:d6:f4 brd ff:ff:ff:ff:ff:ff inet 192.168.1.1/24 brd 192.168.1.255 scope global br-04a189ad5987 valid_lft forever preferred_lft forever
使用新创建的自定义桥来创建容器:
1 [root@localhost ~]# docker run -it --rm --network br0 busybox # 指定br0的桥运行一个容器 2 / # ip a 3 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 4 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 5 inet 127.0.0.1/8 scope host lo 6 valid_lft forever preferred_lft forever 7 83: eth0@if84: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 8 link/ether 02:42:c0:a8:01:02 brd ff:ff:ff:ff:ff:ff 9 inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0 10 valid_lft forever preferred_lft forever 11
再创建一个容器,使用默认的bridge桥:
1 [root@localhost ~]# docker run -it --rm --name b1 busybox 2 / # ip a 3 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 4 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 5 inet 127.0.0.1/8 scope host lo 6 valid_lft forever preferred_lft forever 7 85: eth0@if86: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 8 link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff 9 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 10 valid_lft forever preferred_lft forever 11 / # ping 192.168.1.2 12 PING 192.168.1.2 (192.168.1.2): 56 data bytes 不通
试想一下,此时的没有名字的容器与b1容器能否互相通信?如果不能该如何实现通信?
[root@localhost ~]# docker network connect br0 b1 # b1这个容器链接br0网络 / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 85: eth0@if86: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever 87: eth1@if88: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:c0:a8:01:03 brd ff:ff:ff:ff:ff:ff inet 192.168.1.3/24 brd 192.168.1.255 scope global eth1 valid_lft forever preferred_lft forever # 此时b1多了一个1.3的网段 / # ping 192.168.1.2 # 他ping的通1.2了,因为在一个网段 PING 192.168.1.2 (192.168.1.2): 56 data bytes 64 bytes from 192.168.1.2: seq=0 ttl=64 time=0.211 ms 64 bytes from 192.168.1.2: seq=1 ttl=64 time=0.201 ms # 所以这两个容器想要通信可以新增网卡,把对方的网段加到里面去就可以了 [root@localhost ~]# docker network disconnect br0 b1 # 断开连接 / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 85: eth0@if86: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever # ens1网卡就断开连接了 [root@localhost ~]# docker run -itd --name b1 busybox sleep 60000 # 创建一个新容器b1 b9409973687f0c0e4555cc004fec12514fafbf5bd56cfbaa1941a27dcc001655 [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b9409973687f busybox "sleep 60000" 34 seconds ago Up 33 seconds b1 [root@localhost ~]# docker exec -it b1 /bin/sh # 进到里面去 / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 91: eth0@if92: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@localhost ~]# docker network connect br0 b1 # b1连接br0网络 / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 91: eth0@if92: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever 93: eth1@if94: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:c0:a8:01:02 brd ff:ff:ff:ff:ff:ff inet 192.168.1.2/24 brd 192.168.1.255 scope global eth1 valid_lft forever preferred_lft forever # 连上了 [root@localhost ~]# docker restart b1 # 重启b1 [root@localhost ~]# docker exec -it b1 /bin/sh / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 95: eth1@if96: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth1 valid_lft forever preferred_lft forever 97: eth0@if98: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:c0:a8:01:02 brd ff:ff:ff:ff:ff:ff inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0 valid_lft forever preferred_lft forever # 还是存在 [root@localhost ~]# systemctl restart docker # 重启docker,b1会断掉 [root@localhost ~]# docker start b1 # 手动启动b1 b1 [root@localhost ~]# docker exec -it b1 /bin/sh # 进到b1 网卡还在 说明是永久性的 / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 99: eth1@if100: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth1 valid_lft forever preferred_lft forever 101: eth0@if102: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:c0:a8:01:02 brd ff:ff:ff:ff:ff:ff inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0 valid_lft forever preferred_lft forever
浙公网安备 33010602011771号