Docker网络类型
Bridge网桥
类似VMware的 NAT
Bridge:Docker设计的NAT网络模型 默认类型
# 查看Docker网络类型方式
[root@web03 wordpress]# docker network ls
NETWORK ID NAME DRIVER SCOPE
8fbce4827412 bridge bridge local
b531f4a5032a host host local
b1ffcfc86a8d none null local
# 详细信息
[root@docker01 ~]# docker network inspect bridge
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
# 拉一个网络工具的镜像busybox
[root@docker01 ~]# docker pull busybox
# 启容器
[root@docker01 ~]# docker run -it busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:04
inet addr:172.17.0.4 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:586 (586.0 B) TX bytes:0 (0.0 B)
[root@docker01 ~]# docker run -it busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:05
inet addr:172.17.0.5 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)
-#在开个终端,起一个容器ping 172.17.0.4可以通信,另一个容器也可以ping 172.17.0.5通
但是docker跨机器不能通信(要结合K8S才可以)。同一个机器,不同容器可以。修改网桥IP
方法一:修改docker的启动脚本(不推荐)
# 修改docker的启动脚本
[root@docker01 ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --bip=192.168.10.1/24
# 重新加载启动脚本
[root@docker01 ~]# systemctl daemon-reload
# 重启docker
[root@docker01 ~]# systemctl restart docker
# 查看一下
[root@docker01 ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::42:90ff:fe18:e464 prefixlen 64 scopeid 0x20<link>
ether 02:42:90:18:e4:64 txqueuelen 0 (Ethernet)
RX packets 156350 bytes 16301152 (15.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 197805 bytes 336556400 (320.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 开俩终端,分别起一个容器看ip变没变且能不能互相通信
[root@docker01 ~]# docker run -it busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:0A:02
inet addr:192.168.10.2 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:516 (516.0 B) TX bytes:0 (0.0 B)
/ # ping 192.168.10.3
PING 192.168.10.3 (192.168.10.3): 56 data bytes
64 bytes from 192.168.10.3: seq=0 ttl=64 time=0.068 ms
64 bytes from 192.168.10.3: seq=1 ttl=64 time=0.138 ms
^C
--- 192.168.10.3 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.068/0.103/0.138 ms
[root@docker01 ~]# docker run -it busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:0A:03
inet addr:192.168.10.3 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:516 (516.0 B) TX bytes:0 (0.0 B)
/ # ping 192.168.10.2
PING 192.168.10.2 (192.168.10.2): 56 data bytes
64 bytes from 192.168.10.2: seq=0 ttl=64 time=0.491 ms
64 bytes from 192.168.10.2: seq=1 ttl=64 time=0.077 ms
^C
--- 192.168.10.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.077/0.284/0.491 ms方法二:修改docker配置文件
# 修改docker配置文件
[root@docker01 ~]# vim /etc/docker/daemon.json
{
"bip": "10.0.1.1/24", ##把这一行加到配置文件里
"registry-mirrors": ["https://exjugyyn.mirror.aliyuncs.com"]
}
# 重启docker
[root@docker01 ~]# systemctl restart docker
# 开俩终端,分别起一个容器看ip变没变且能不能互相通信
-1#[root@docker01 ~]# docker run -it busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0A:00:01:02
inet addr:10.0.1.2 Bcast:10.0.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)
/ # ping 10.0.1.3
PING 10.0.1.3 (10.0.1.3): 56 data bytes
64 bytes from 10.0.1.3: seq=0 ttl=64 time=0.067 ms
64 bytes from 10.0.1.3: seq=1 ttl=64 time=0.087 ms
^C
--- 10.0.1.3 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.067/0.077/0.087 ms
-2#[root@docker01 ~]# docker run -it busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0A:00:01:03
inet addr:10.0.1.3 Bcast:10.0.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:516 (516.0 B) TX bytes:0 (0.0 B)
/ # ping 10.0.1.2
PING 10.0.1.2 (10.0.1.2): 56 data bytes
64 bytes from 10.0.1.2: seq=0 ttl=64 time=0.051 ms
64 bytes from 10.0.1.2: seq=1 ttl=64 time=0.186 ms
^C
--- 10.0.1.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.051/0.118/0.186 msHost
性能最好,但不支持端口映射
Host:--network=host/--network host
# 起个busybox容器查看网卡信息
[root@docker01 ~]# docker run -it --network=host busybox /bin/sh
/ # ifconfig
docker0 Link encap:Ethernet HWaddr 02:42:90:18:E4:64
inet addr:10.0.1.1 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::42:90ff:fe18:e464/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:156374 errors:0 dropped:0 overruns:0 frame:0
TX packets:197827 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16302832 (15.5 MiB) TX bytes:336558780 (320.9 MiB)
eth0 Link encap:Ethernet HWaddr 00:0C:29:E0:5D:A4
inet addr:10.0.0.101 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fee0:5da4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1361439 errors:0 dropped:0 overruns:0 frame:0
TX packets:748055 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1678280956 (1.5 GiB) TX bytes:513319815 (489.5 MiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:E0:5D:AE
inet addr:172.16.1.101 Bcast:172.16.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fee0:5dae/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:47016 errors:0 dropped:0 overruns:0 frame:0
TX packets:25777 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:66818983 (63.7 MiB) TX bytes:62109237 (59.2 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:188 errors:0 dropped:0 overruns:0 frame:0
TX packets:188 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:11276 (11.0 KiB) TX bytes:11276 (11.0 KiB)
veth5cf09c6 Link encap:Ethernet HWaddr E6:FA:F8:7E:D8:4A
inet6 addr: fe80::e4fa:f8ff:fe7e:d84a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:24 errors:0 dropped:0 overruns:0 frame:0
TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2128 (2.0 KiB) TX bytes:3274 (3.1 KiB)
# 测试-起个nginx容器
[root@docker01 ~]# docker run --network host -d nginx:alpine
#宿主机没做端口映射,也可以curl出来
[root@docker01 ~]# curl 127.0.0.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>Container(K8S使用的模式)
容器之间共享同一个网络
先开一个终端起一个容器
再次开一个终端,起容器是指定要共享IP的容器的id
# 先开一个终端起一个容器
[root@docker01 ~]# docker run -it centos:7 /bin/bash
[root@c045e6e7130f /]# hostname -I
10.0.1.3
# 再次开一个终端,起容器是指定要共享IP的容器的id (起了一个nginx)
[root@docker01 ~]# docker run --network=container:c045e6e7130f -d nginx:alpine
201d1b65cf3640f1a0787ef65f1cdec7b72681de6e091f0de717fb862dbf3fa4
[root@docker01 ~]# docker exec -it 201d1b65cf364 /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0A:00:01:03
inet addr:10.0.1.3 Bcast:10.0.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
# 测试另一个终端的容器能不能curl
[root@c045e6e7130f /]# curl 127.0.0.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>None无网络模式
谁都不能访问,谁也都访问不了
完全隔离
# 无网络模式起个容器
[root@docker01 ~]# docker run -it --network none busybox /bin/sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ #自定义网络模式
以上4种模式都是docker自带的网络模式,docker还有一种叫做 自定义网络模式
自定义网络模板:docker network create -d <mode> --subnet <CIDR> --gateway <网关> <自定义网路名称>
# 创建自定义网络
[root@docker01 ~]# docker network create -d bridge --subnet 192.168.20.0/24 --gateway 192.168.20.1 Shanghai
5fc00191af83d634d97a4fc837e870a26c92fb16a2abb97cd4ad8d64d192846c
[root@docker01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
5fc00191af83 Shanghai bridge local
ebf1a3c74330 bridge bridge local
b7e0e168ad82 host host local
7ee05c9b14bc none null local
-#查看网卡信息
[root@docker01 ~]# ifconfig
br-5fc00191af83: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.20.1 netmask 255.255.255.0 broadcast 192.168.20.255
ether 02:42:27:69:c8:13 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.0.1.1 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::42:90ff:fe18:e464 prefixlen 64 scopeid 0x20<link>
ether 02:42:90:18:e4:64 txqueuelen 0 (Ethernet)
RX packets 156374 bytes 16302832 (15.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 197827 bytes 336558780 (320.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 引用自定义网络
[root@docker01 ~]# docker run -it --network Shanghai busybox /bin/sh
-#查看网卡信息
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:14:02
inet addr:192.168.20.2 Bcast:192.168.20.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:962 (962.0 B) TX bytes:0 (0.0 B)
## VPC网络
# 在开一个终端起容器,看能不能通信
[root@docker01 ~]# docker run -it --network Shanghai busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:14:02
inet addr:192.168.20.2 Bcast:192.168.20.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:962 (962.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # ping 192.168.20.3
PING 192.168.20.3 (192.168.20.3): 56 data bytes
64 bytes from 192.168.20.3: seq=0 ttl=64 time=0.059 ms
64 bytes from 192.168.20.3: seq=1 ttl=64 time=0.094 ms
^C
--- 192.168.20.3 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.059/0.076/0.094 ms
[root@docker01 ~]# docker run -it --network Shanghai busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:14:03
inet addr:192.168.20.3 Bcast:192.168.20.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # ping 192.168.20.2
PING 192.168.20.2 (192.168.20.2): 56 data bytes
64 bytes from 192.168.20.2: seq=0 ttl=64 time=0.167 ms
64 bytes from 192.168.20.2: seq=1 ttl=64 time=0.116 ms
^C
--- 192.168.20.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.116/0.141/0.167 ms
同一个项目放同一个网段,相当于做网络隔离