12 .docker的基础网络
1.docker的基础网络类型
- bridge 默认类型
- host host类型,使用宿主机网络,网络性能是最高的,缺点是宿主机占用端口,则容器无法用该端口 (--network=host)
- container 容器类型,与其他的容器共用网络
- none 没有网络,上不了外网
2.如何查看一个容器的网络类型
[root@docker03 ~]# docker inspect b59d7b4fc4bf (容器ID)
"Networks": {
"harbor_harbor": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"proxy",
"b59d7b4fc4bf"
##查看当前有多少网络
[root@docker03 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3ce2d5c31c18 bridge bridge local
637727309b2f harbor_harbor bridge local
5431fe9482cc host host local
2b76ae6b2bfc none null local
0c88dee4b12c zabbix_default bridge local
3.启动容器是不加任何参数为bridge类型网络
[root@docker03 ~]# docker run -d -p 81:80 kod:v2
4d0a6cccbe9120ac1d8a8732c10e74a82c04f22ecf7017e0a4e8f4ece4c4b10e
[root@docker03 ~]# docker inspect 4d0a6cccbe9
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "3ce2d5c31c18891d013269320dd32809b00a04494957193b1cd0661154252508",
"EndpointID": "30865aa3be98345620038fb3d8d09d6facc8c740057e5c2872e82645e96716e4",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
##################################################################
#查看bridge网络类型
[root@docker03 ~]# docker inspect bridge
[
{
"Name": "bridge",
"Id": "3ce2d5c31c18891d013269320dd32809b00a04494957193b1cd0661154252508",
"Created": "2019-12-26T17:07:42.222341606+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
4.使用host网络类型
[root@docker03 ~]# docker run -d --network=host -p 82:82 kod:v2
WARNING: Published ports are discarded when using host network mode
警告:使用主机网络模式时将丢弃已发布的端口
31bd5284fe0886f675420fbbe5e1acc33cff21b25120763e9741eca95000b783
[root@docker03 ~]# docker inspect 31bd5284fe
"Networks": {
"host": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "5431fe9482cc4b0c73f8af25b2acad891f707217eda2c098c53064ab5fdd2056",
5.与其他容器共用网络的container 类型(在k8s中使用)
[root@docker03 ~]# docker run -d --network container:4d0a6cccbe91 nginx:latest
623ff4f099fb585e33eb8caa8c8843308ab6cbcfe6d856a1e4326f600ca7bffd
[root@docker03 ~]# docker inspect 623ff4f099 | grep -i network
"NetworkMode": "container:4d0a6cccbe9120ac1d8a8732c10e74a82c04f22ecf7017e0a4e8f4ece4c4b10e",
"NetworkSettings": {
"Networks": {}
6.使用none类型网络
[root@docker03 ~]# docker run -d --network none -p 83:82 kod:v2
dfead2fb303292b6e6e463c2713aef66ac0cdaaf954224377aa496b672c9e66a
[root@docker03 ~]# docker inspect dfead2fb
"Networks": {
"none": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
7.自定义网络
[root@docker03 ~]# docker network create -d bridge --subnet 172.20.0.0/16 --gateway 172.20.0.1 ashuai
3b31a6dbf4ebb3c6bcf8aecd4041173d83084541ee8d6bfcc5cda20fc8203387
[root@docker03 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3b31a6dbf4eb ashuai bridge local
3ce2d5c31c18 bridge bridge local
637727309b2f harbor_harbor bridge local
5431fe9482cc host host local
2b76ae6b2bfc none null local
0c88dee4b12c zabbix_default bridge local
[root@docker03 ~]# docker run -it --network ashuai alpine:3.9
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:14:00:02
inet addr:172.20.0.2 Bcast:172.20.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1032 (1.0 KiB) TX bytes:0 (0.0 B)
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.20.0.1 0.0.0.0 UG 0 0 0 eth0
172.20.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
8.跨宿主机容器间的通讯macvlan
默认一个物理网卡,只有一个物理mac地址,虚拟出多个MAC地址,ping不通自己宿主机IP,IP地址需要手动分配
#宿主机1创建网络
[root@docker03 ~]# docker network create -d macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 macvlan_1
875e9117b8b5be50a349492b55a068a3dca9e42c24fb4487fc390d9fc62745ef
#宿主机1启动容器
[root@docker03 ~]# docker run -it --network macvlan_1 --ip 10.0.0.105 alpine:3.9
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:69
inet addr:10.0.0.105 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[root@docker03 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3b31a6dbf4eb ashuai bridge local
875e9117b8b5 macvlan_1 macvlan local
#宿主机2创建网络
[root@docker02 ~]# docker network create -d macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 macvlan_1
22f19ff98f4d407c75f622e5d31c6e675f7ce2c492b19e27d4f1f607516ba5ed
[root@docker02 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
22f19ff98f4d macvlan_1 macvlan locall
#宿主机2启动容器
[root@docker02 ~]# docker run -it --network macvlan_1 --ip 10.0.0.105 alpine:3.9
/ # ping 10.0.0.105
PING 10.0.0.105 (10.0.0.105): 56 data bytes
64 bytes from 10.0.0.105: seq=0 ttl=64 time=0.052 ms
64 bytes from 10.0.0.105: seq=1 ttl=64 time=0.149 ms
9.跨宿主机容器间的通讯overlay(会有一个数据库来管理IP地址分配)
docker03上: consul存储ip地址的分配
docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap
docker01、02上:
vim /etc/docker/daemon.json
{
"cluster-store": "consul://10.0.0.13:8500",
"cluster-advertise": "10.0.0.11:2376"
}
vim /usr/lib/systemd/system/docker.service
systemctl daemon-reload
2.创建overlay网络
docer network create -d overlay --subnet 172.16.2.0/24 --gateway 172.16.2.254 ol1
3.启动容器测试
docker run -it --network ol1 --name oldboy01 alpine:3.9 /bin/sh
每个容器有两块网卡,eth0实现容器间的通讯,eth1实现容器访问外网
Linux运维
浙公网安备 33010602011771号