Docker 自定义网络
一、现有网络
1.查看所有docker网络
[root@yang ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 1fc7183a2c33 bridge bridge local 4e768c3d806a host host local 3b4268e51eb9 none null local
网络模式:
bridge >>>桥接 docker(默认,自己创建的也使用bridge模式)
none >>>不使用网络
host >>>和宿主机共享网络
container >>>容器网络连通(用的少,局限大,不推荐使用)
测试:
我们一般情况下启动的容器,默认使用的是docker0 桥接模式
[root@yang ~]# docker run -it -d --name tomcat2 tomcat # 默认自带bridge 桥接模式,如同下面的启动方式!
[root@yang ~]# docker run -it -d --name tomcat2 --net bridge tomcat
docker0的特点:
1.默认
2.域名不能访问 ,--link 可以打通两个容器间的网络。
二、自定义网络
[root@yang ~]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
命令详解:
1 connect 将一个容器加入到一个网络中. 示例: docker network connect 网络名称 容器 ID 2 create 创建一个网络 示例: docker network create test-create 3 disconnect 与 connect 刚好相反, 从网络中断开一个容器的链接. 示例: docker network disconnect 网络名称 容器 ID ps: -f 参数强制删除 4 inspect 查看一个网络的详情 示例: docker network inspect test-create 5 ls 查看网络列表 示例: docker network ls 6 prune 删除所有未使用的网络. 示例: docker network prune ps: -f 强制删除,不提供任何确认情况下删除. 7 rm 删除一个网络. 示例 docker rm test-create ps: 如果网络中有容器连接需要加 -f 参数强制删除,建议不要这样执行,网络中若没有任何容器连接直接执行删除即可.
1.创建桥接网络
[root@yang ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
选项解释:
--driver # 设置网络模式,默认为bridge
--subnet # 网络分配IP范围,一般选择16。/16:(192.168.0.2-192.168.255.255 ) 大概 65535个IP,/24:(192.168.0.2-192.168.0.255)255个IP。
--gateway # 网桥通过的网关
mynet # 创建的桥接网络名称
2.查看创建好的网络
[root@yang ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 1fc7183a2c33 bridge bridge local 4e768c3d806a host host local 68bb4c7c3f1c mynet bridge local 3b4268e51eb9 none null local
查看mynet具体信息:
[root@yang ~]# docker network inspect mynet [ { "Name": "mynet", "Id": "68bb4c7c3f1c6808ab2ce49a966e11440f560b89080b6a20f9c9b715d690519b", "Created": "2021-01-29T16:10:07.565642609+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", "Gateway": "192.168.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": {}, "Labels": {} } ]
3.使用创建好的网络测试
创建两个容器:
# 第一个容器
[root@yang ~]# docker run -it -d --name tomcat-net-01 --net mynet tomcat 25e1b7c89af4744e9a7df48373886dc8f906c2e35dca2e644bf8deb81a6853db
# 第二个容器 [root@yang ~]# docker run -it -d --name tomcat-net-02 --net mynet tomcat 8685e41a59628a81c69752f9785065f5985c2165ef9ee33edc5acec1d801fa51
再次查看mynet:
[root@yang ~]# docker network inspect mynet [ { "Name": "mynet", "Id": "68bb4c7c3f1c6808ab2ce49a966e11440f560b89080b6a20f9c9b715d690519b", "Created": "2021-01-29T16:10:07.565642609+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", "Gateway": "192.168.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "25e1b7c89af4744e9a7df48373886dc8f906c2e35dca2e644bf8deb81a6853db": { "Name": "tomcat-net-01", "EndpointID": "3e2a2d4e4807c4c7058f248720e653ffdb094238a6c34df403d501cf68fa559b", "MacAddress": "02:42:c0:a8:00:02", "IPv4Address": "192.168.0.2/16", "IPv6Address": "" }, "8685e41a59628a81c69752f9785065f5985c2165ef9ee33edc5acec1d801fa51": { "Name": "tomcat-net-02", "EndpointID": "08e234cf42025805acc2bd7ae6a2dee602090e5f1f5e66ef5b7753e5654f348d", "MacAddress": "02:42:c0:a8:00:03", "IPv4Address": "192.168.0.3/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ]
以上发现,在这个网络下多了两个容器!tomcat-net-01和tomcat-net-02
4.测试连通性
# 使用容器命名ping tomcat-net-02 IP 可以ping通!
[root@yang ~]# docker exec -it tomcat-net-01 ping 192.168.0.3 PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data. 64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.211 ms 64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.108 ms 64 bytes from 192.168.0.3: icmp_seq=3 ttl=64 time=0.077 ms
# 现在不适用--link 也可以ping通 [root@yang ~]# docker exec -it tomcat-net-01 ping tomcat-net-02 PING tomcat-net-02 (192.168.0.3) 56(84) bytes of data. 64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.039 ms 64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.113 ms 64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=3 ttl=64 time=0.124 ms [root@yang ~]# docker exec -it tomcat-net-02 ping tomcat-net-01 PING tomcat-net-01 (192.168.0.2) 56(84) bytes of data. 64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=1 ttl=64 time=0.032 ms 64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=2 ttl=64 time=0.082 ms
我们自定义的网络都已经帮我们维护好了对应的关系,推荐我们平时这样使用网络!!!
拓展:
不同集群之间,使用不同网络,可以保证集群的安全及健康!
