網站首頁 編程語言 正文
Docker網絡
介紹
只要裝了docker,就會有一個網卡docker0,每啟動一個docker容器,docker就會給容器分配一個ip,默認使用的是橋接模式,使用的技術是evth-pair。當容器停止或被刪除時,生成的網卡也會被刪除,。
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:7d:1f:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.11.130/24 brd 192.168.11.255 scope global noprefixroute dynamic ens33
valid_lft 1624sec preferred_lft 1624sec
inet6 fe80::929c:9d6d:8589:24cd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:ff:d9:83:c2 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:ffff:fed9:83c2/64 scope link
valid_lft forever preferred_lft forever
$ docker run -d --name tomcat1 tomcat #運行容器
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:7d:1f:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.11.130/24 brd 192.168.11.255 scope global noprefixroute dynamic ens33
valid_lft 1667sec preferred_lft 1667sec
inet6 fe80::929c:9d6d:8589:24cd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ff:d9:83:c2 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:ffff:fed9:83c2/64 scope link
valid_lft forever preferred_lft forever
#多了一對網卡
381: veth3695120@if380: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 2a:04:14:48:38:ae brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::2804:14ff:fe48:38ae/64 scope link
valid_lft forever preferred_lft forever
#容器內部ip addr
$ docker exec -it tomcat1 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
380: eth0@if381: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
容器與容器之間是不互相通信,只是容器與docker0之間是通信的,docker0與宿主機的物理網卡通過-p參數映射。
隔離性
命令
docker network create --net 模式
模式:
bridge:橋接模式(默認),docker run 默認采用此模式。
host:本地模式,docker容器與宿主機采用相同的網絡。
此模式下啟動容器不會生成evth-pair,也不需要-p參數映射就可訪問容器內端口
none:不配置網絡,一般用作測試
container:使用其他容器的網絡棧,不同容器中ip相同,可通過回環接口訪問。
用法:docker run --net container:容器名
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
f3a0af1ba07b bridge bridge local
30eaddd942a9 host host local
383f7401900a none null local
創建自定義網絡
擴展:子網掩碼中的16代表位數,表明還可以創建255*255-回環-0.1這么多ip
如果是24 表明還可以創建255-回環-0.1這么多ip
#創建網關是169.253.0.1,容器ip可以為169.253.x.x的網絡
$ docker network create --gateway 169.253.0.1 --subnet 169.253.0.0/16 mynet
$ docker network ls #多出了自定義的網絡
$ ifconfig #多了一個網橋
#通過自定義網絡啟動容器
$ docker run -d --net mynet --name apache1 myhttpd:v1
$ docker run -d --net mynet --name apache2 myhttpd:v1
$ docker run -d --name apache3 myhttpd:v1
#再次查看自定義網絡元數據,發現分配了兩個容器ip
$ docker network inspect mynet
[
{
"Name": "mynet",
"Id": "1dfc137cc6918db0582a959933ce050c775f49c1c935007a82614b38affc19e5",
"Created": "2022-07-04T20:50:04.711134688+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "169.253.0.0/16",
"Gateway": "169.253.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"6ea0f20093935d29030fb3ad69d94d4c991fe745ec0f41fcdeafd5ec6a60b88a": {
"Name": "apache1",
"EndpointID": "c835e32a361103ae5d93da6740218b8720e9aa7e7a2a0577a05a3284cb3c5310",
"MacAddress": "02:42:a9:fd:00:02",
"IPv4Address": "169.253.0.2/16",
"IPv6Address": ""
},
"d9261eccd254f0d579033f312332bccb5430b06f4a82efb74023dee770483078": {
"Name": "apache2",
"EndpointID": "0535dca700b252bfa47564c68644e844d2cefc3cca40ce1c5eaf284c859f7c49",
"MacAddress": "02:42:a9:fd:00:03",
"IPv4Address": "169.253.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
相同網橋下兩個容器之間可以互通,而不同網橋下的容器無法互通.
$ docker exec -it apache2 ping apache1
PING apache1 (169.253.0.2) 56(84) bytes of data.
64 bytes from apache1.mynet (169.253.0.2): icmp_seq=1 ttl=64 time=0.259 ms
64 bytes from apache1.mynet (169.253.0.2): icmp_seq=2 ttl=64 time=0.255 ms
$ docker exec -it apache2 ping apache3
ping: apache3: Name or service not known
聯通性
如何實現不同網橋下容器的互通?網橋與網橋之間是不能通信的,實現的是容器與網橋之間的通信
命令:
$ docker network connect 網卡 容器
#容器apache1、apache2采用自定義網絡,apache3采用默認網橋
$ docker run -d --net mynet --name apache1 myhttpd:v1
$ docker run -d --net mynet --name apache2 myhttpd:v1
$ docker run -d --name apache3 myhttpd:v1
#此時相同網橋下兩個容器之間可以互通,而不同網橋下的容器無法互通.
$ docker exec -it apache2 ping apache1
PING apache1 (169.253.0.2) 56(84) bytes of data.
64 bytes from apache1.mynet (169.253.0.2): icmp_seq=1 ttl=64 time=0.259 ms
64 bytes from apache1.mynet (169.253.0.2): icmp_seq=2 ttl=64 time=0.255 ms
$ docker exec -it apache2 ping apache3
ping: apache3: Name or service not known
#使用docker network connect命令
$ docker network connect mynet apache3
#查看元數據,發現apache3直接寫在了mynet網絡的,并且ip地址發生了變化,變為169.253.0.4,變成同網段。
$ docker inspect mynet
[
...
"Containers": {
"6ea0f20093935d29030fb3ad69d94d4c991fe745ec0f41fcdeafd5ec6a60b88a": {
"Name": "apache1",
"EndpointID": "c835e32a361103ae5d93da6740218b8720e9aa7e7a2a0577a05a3284cb3c5310",
"MacAddress": "02:42:a9:fd:00:02",
"IPv4Address": "169.253.0.2/16",
"IPv6Address": ""
},
"85e7e7a6c99736a7ed428cb9df987ceee4107f3a2bd718c9d5be5d19c3b5025e": {
"Name": "apache3",
"EndpointID": "e25ec9c88c9b119425b4864b1304c1cd60604d84b427b28acdf2e8fa9f5a3d1d",
"MacAddress": "02:42:a9:fd:00:04",
"IPv4Address": "169.253.0.4/16",
"IPv6Address": ""
},
"d9261eccd254f0d579033f312332bccb5430b06f4a82efb74023dee770483078": {
"Name": "apache2",
"EndpointID": "0535dca700b252bfa47564c68644e844d2cefc3cca40ce1c5eaf284c859f7c49",
"MacAddress": "02:42:a9:fd:00:03",
"IPv4Address": "169.253.0.3/16",
"IPv6Address": ""
}
},
....
#此時,三個容器可以互相通信
$ docker exec -it apache2 ping apache3
PING apache3 (169.253.0.4) 56(84) bytes of data.
64 bytes from apache3.mynet (169.253.0.4): icmp_seq=1 ttl=64 time=0.175 ms
64 bytes from apache3.mynet (169.253.0.4): icmp_seq=2 ttl=64 time=0.132 ms
64 bytes from apache3.mynet (169.253.0.4): icmp_seq=3 ttl=64 time=0.160 ms
.....
刪除connect命令
$ docker network disconnect -f mynet apache3
#此時又無法通信
$ docker exec -it apache2 ping apache3
ping: apache3: Name or service not known
原文鏈接:https://blog.csdn.net/m0_37642477/article/details/125381353
- 上一篇:Harbor鏡像倉庫搭建
- 下一篇:Dockerfile文件介紹
相關推薦
- 2022-08-31 Centos安裝python3與scapy模塊的問題及解決方法_python
- 2022-08-14 使用Composing?builds提升Android編譯速度_Android
- 2023-12-10 怎么給數據庫某個字段建立一個前綴索引
- 2022-08-27 python基礎篇之pandas常用基本函數匯總_python
- 2022-06-25 JetBrains公司三大編輯器迭代循環模板快捷鍵詳解_相關技巧
- 2022-07-07 await context.Response.Body.WriteAsync("Hello from
- 2022-03-16 Linux環境下安裝nginx教程_nginx
- 2022-09-02 React?性能優化之非必要的渲染問題解決_React
- 最近更新
-
- window11 系統安裝 yarn
- 超詳細win安裝深度學習環境2025年最新版(
- Linux 中運行的top命令 怎么退出?
- MySQL 中decimal 的用法? 存儲小
- get 、set 、toString 方法的使
- @Resource和 @Autowired注解
- Java基礎操作-- 運算符,流程控制 Flo
- 1. Int 和Integer 的區別,Jav
- spring @retryable不生效的一種
- Spring Security之認證信息的處理
- Spring Security之認證過濾器
- Spring Security概述快速入門
- Spring Security之配置體系
- 【SpringBoot】SpringCache
- Spring Security之基于方法配置權
- redisson分布式鎖中waittime的設
- maven:解決release錯誤:Artif
- restTemplate使用總結
- Spring Security之安全異常處理
- MybatisPlus優雅實現加密?
- Spring ioc容器與Bean的生命周期。
- 【探索SpringCloud】服務發現-Nac
- Spring Security之基于HttpR
- Redis 底層數據結構-簡單動態字符串(SD
- arthas操作spring被代理目標對象命令
- Spring中的單例模式應用詳解
- 聊聊消息隊列,發送消息的4種方式
- bootspring第三方資源配置管理
- GIT同步修改后的遠程分支
提供CDN加速