docker學習之路網絡篇
docker的四種網絡類型
1) bridge模式:
bridge模式是Docker默認的網絡設置,此模式會爲每一個容器分配Network Namespace、設置IP等,並將並將一個主機上的Docker容器連接到一個虛擬網橋上。當Docker server啓動時,會在主機上創建一個名爲docker0的虛擬網橋,此主機上啓動的Docker容器會連接到這個虛擬網橋上。虛擬網橋的工作方式和物理交換機類似,這樣主機上的所有容器就通過交換機連在了一個二層網絡中。接下來就要爲容器分配IP了,Docker會從RFC1918所定義的私有IP網段中,選擇一個和宿主機不同的IP地址和子網分配給docker0,連接到docker0的容器就從這個子網中選擇一個未佔用的IP使用。如一般Docker會使用172.17.0.0/16這個網段,並將172.17.42.1/16分配給docker0網橋(在主機上使用ifconfig命令是可以看到docker0的,可以認爲它是網橋的管理端口,在宿主機上作爲一塊虛擬網卡使用)。
2) host模式:
如果啓動容器的時候使用host模式,那麼這個容器將不會獲得一個獨立的Network Namespace,而是和宿主機共用一個Network Namespace。容器將不會虛擬出自己的網卡,配置自己的IP等,而是使用宿主機的IP和端口。
3) none模式:
在none模式下,Docker容器擁有自己的Network Namespace,但是,並不爲Docker容器進行任何網絡配置。也就是說,這個Docker容器沒有網卡、IP、路由等信息。需要我們自己爲Docker容器添加網卡、配置IP等。
4) container模式:
這個模式指定新創建的容器和已經存在的一個容器共享一個Network Namespace,而不是和宿主機共享。新創建的容器不會創建自己的網卡,配置自己的IP,而是和一個指定的容器共享IP、端口範圍等。同樣,兩個容器除了網絡方面,其他的如文件系統、進程列表等還是隔離的。兩個容器的進程可以通過lo網卡設備通信。
以上是
一. 基礎環境
1.系統版本以及docker版本
[root@docker ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@docker ~]#
[root@docker ~]# docker -v
Docker version 18.09.0, build 4d60db4
[root@docker ~]#
2.docker網絡(默認)
[root@docker ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:b5:c8:bf brd ff:ff:ff:ff:ff:ff
inet 192.168.1.31/24 brd 192.168.1.255 scope global dynamic ens33
valid_lft 6621sec preferred_lft 6621sec
inet6 fe80::ca58:2ea0:cde5:290/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:65:90:e5:3c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
3.docker鏡像、容器、網絡以及卷列表(默認)
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
fac18b86913d bridge bridge local
5c25ba0dec47 host host local
ff32283000f2 none null local
[root@docker ~]# ll /var/lib/docker/volumes/
total 24
-rw-------. 1 root root 32768 Jan 23 04:40 metadata.db
二.下載一個鏡像,run一個容器
[root@docker ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
a02a4930cb5d: Pull complete
Digest: sha256:184e5f35598e333bfa7de10d8fb1cebb5ee4df5bc0f970bf2b1e7c7345136426
Status: Downloaded newer image for centos:latest
[root@docker ~]# docker run -it --name db1 -d centos
83965573d79ae0ba4a413d821c74d92dcf0f85dc04824a09ec2e758cce8fd0cb
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 1e1148e4cc2c 6 weeks ago 202MB
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
83965573d79a centos "/bin/bash" 12 seconds ago Up 12 seconds db1
[root@docker ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:b5:c8:bf brd ff:ff:ff:ff:ff:ff
inet 192.168.1.31/24 brd 192.168.1.255 scope global dynamic ens33
valid_lft 6121sec preferred_lft 6121sec
inet6 fe80::ca58:2ea0:cde5:290/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:65:90:e5:3c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:65ff:fe90:e53c/64 scope link
valid_lft forever preferred_lft forever
5: veth0f485c5@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 4a:ed:d3:94:b3:75 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::48ed:d3ff:fe94:b375/64 scope link
valid_lft forever preferred_lft forever
[root@docker ~]# docker inspect db1 | tail -n 20
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "fac18b86913df0fecb95c466a57f22f608b85c314b06cbb24d309b9025609e66",
"EndpointID": "c43e42c3a1def426dac2a23009189a441094315e656c20e35fd99d01eb3622e6",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
這裏pull一個CentOS的鏡像,然後使用這個鏡像run一個名字爲db1的容器。然後使用docker inspect db1 命令查看容器的信息,發現db1的容器網絡地址爲172.17.0.2,這是默認網段
三.創建一個docker網絡,然後使用這個網絡run一個容器;(默認網段172.17.0.0/16,添加第一個網絡:172.18.0.0/16,添加第二個網絡:172.19.0.0/16,…………)
[root@docker ~]# docker network create network-test1
f3d416fe3b1f1214ff423ac22bafb93a61e262890e0cfe0a96e899103cdc5714
[root@docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
fac18b86913d bridge bridge local
5c25ba0dec47 host host local
f3d416fe3b1f network-test1 bridge local
ff32283000f2 none null local
[root@docker ~]# docker run -it --name db2 --network network-test1 -d centos
e74060cd8ab5864ce9e224622f638bb6dd6eacb39968b1597e1b59f84b82cc09
[root@docker ~]# docker inspect db2 |tail -n 20
"IPAMConfig": null,
"Links": null,
"Aliases": [
"e74060cd8ab5"
],
"NetworkID": "f3d416fe3b1f1214ff423ac22bafb93a61e262890e0cfe0a96e899103cdc5714",
"EndpointID": "56d3d1d0d9538cb493359fa9f0e92c960d037dcecb144849f82be007b11f6ea9",
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:02",
"DriverOpts": null
}
}
}
}
]
[root@docker ~]# docker exec -it db2 bash
[root@e74060cd8ab5 /]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
四.一個已存在的容器添加一個網絡
[root@docker ~]# docker network connect network-test1 db1
[root@docker ~]# docker inspect db1 | tail -n 40
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "fac18b86913df0fecb95c466a57f22f608b85c314b06cbb24d309b9025609e66",
"EndpointID": "c43e42c3a1def426dac2a23009189a441094315e656c20e35fd99d01eb3622e6",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
},
"network-test1": {
"IPAMConfig": {},
"Links": null,
"Aliases": [
"83965573d79a"
],
"NetworkID": "f3d416fe3b1f1214ff423ac22bafb93a61e262890e0cfe0a96e899103cdc5714",
"EndpointID": "639e89639a8cf9e1b2938d8a8524c1f5e413b7f1c5379ef94b435fb3c690c816",
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:03",
"DriverOpts": null
}
}
}
}
]
[root@docker ~]# docker exec -it db1 bash
[root@83965573d79a /]# ping 172.18.0.2
PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data.
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.070 ms
64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.069 ms
64 bytes from 172.18.0.2: icmp_seq=3 ttl=64 time=0.075 ms
64 bytes from 172.18.0.2: icmp_seq=4 ttl=64 time=0.078 ms
64 bytes from 172.18.0.2: icmp_seq=5 ttl=64 time=0.055 ms
^C
--- 172.18.0.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3998ms
rtt min/avg/max/mdev = 0.055/0.069/0.078/0.010 ms
[root@83965573d79a /]# exit
exit
[root@docker ~]# docker exec -it db2 bash
[root@e74060cd8ab5 /]# 172.17.0.2
bash: 172.17.0.2: command not found
[root@e74060cd8ab5 /]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
^C
--- 172.17.0.2 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
[root@e74060cd8ab5 /]# ping 172.18.0.3
PING 172.18.0.3 (172.18.0.3) 56(84) bytes of data.
64 bytes from 172.18.0.3: icmp_seq=1 ttl=64 time=0.069 ms
^C
--- 172.18.0.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.069/0.069/0.069/0.000 ms
五.創建一個指定的網段,一定不能與宿主機的網段一樣
[root@docker ~]# docker network create --subnet=192.168.10.0/24 --gateway=192.168.10.254 network-test2
b4447cd299ec5e0e06d9cef76fbb211569724ec9585a9ee1e1bd8ba3f2c1e60b
[root@docker ~]#
[root@docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
fac18b86913d bridge bridge local
5c25ba0dec47 host host local
f3d416fe3b1f network-test1 bridge local
b4447cd299ec network-test2 bridge local
ff32283000f2 none null local
[root@docker ~]# docker run -itd --name db3 --network network-test2 centos
aa3738327f27150ffe77d638a44b221d29d44a21134e21961a259180596832fd
[root@docker ~]# docker ipspect db3 |tail -n 20
docker: 'ipspect' is not a docker command.
See 'docker --help'
[root@docker ~]# docker inspect db3 |tail -n 20
"IPAMConfig": null,
"Links": null,
"Aliases": [
"aa3738327f27"
],
"NetworkID": "b4447cd299ec5e0e06d9cef76fbb211569724ec9585a9ee1e1bd8ba3f2c1e60b",
"EndpointID": "779bb57b85c70552a2bb49f266070413579e0029761c2e2b46ef603cb4e7567b",
"Gateway": "192.168.10.254",
"IPAddress": "192.168.10.1",
"IPPrefixLen": 24,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:c0:a8:0a:01",
"DriverOpts": null
}
}
}
}
]
六. 刪除網絡
[root@docker ~]# docker network rm network-test2
Error response from daemon: error while removing network: network network-test2 id b4447cd299ec5e0e06d9cef76fbb211569724ec9585a9ee1e1bd8ba3f2c1e60b has active endpoints
#上面報錯是因爲該網絡應用在容器上,所以需要從容器上把該網絡移除掉
[root@docker ~]# docker network disconnect network-test2 db3
[root@docker ~]# docker network rm network-test2
network-test2
[root@docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
fac18b86913d bridge bridge local
5c25ba0dec47 host host local
f3d416fe3b1f network-test1 bridge local
ff32283000f2 none null local
#由於網絡已移除,所以該容器下沒有IP地址,需要添加一個網絡到該容器
[root@docker ~]# docker inspect db3 | tail -n 20
"SandboxID": "da143898cabe72caed5cf92b86cab2633c3a68f5fe6f86e50ac386fbccd4905c",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/da143898cabe",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {}
}
}
]
[root@docker ~]# docker network connect network-test1 db3
[root@docker ~]# docker inspect db3 | tail -n 20
"IPAMConfig": {},
"Links": null,
"Aliases": [
"aa3738327f27"
],
"NetworkID": "f3d416fe3b1f1214ff423ac22bafb93a61e262890e0cfe0a96e899103cdc5714",
"EndpointID": "92023e9c0b2399e8633c5a5ace9796172632ca177941635468182acb96df7b0d",
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:04",
"DriverOpts": null
}
}
}
}
]
七.修改默認網絡
[root@docker ~]# cat > /etc/docker/daemon.json <<EOF
{"bip": "172.17.10.1/24"}
EOF
[root@docker ~]# systemctl restart docker
ip a
[root@docker ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:b5:c8:bf brd ff:ff:ff:ff:ff:ff
inet 192.168.1.31/24 brd 192.168.1.255 scope global dynamic ens33
valid_lft 6285sec preferred_lft 6285sec
inet6 fe80::ca58:2ea0:cde5:290/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:65:90:e5:3c brd ff:ff:ff:ff:ff:ff
inet 172.17.10.1/24 brd 172.17.10.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:65ff:fe90:e53c/64 scope link
valid_lft forever preferred_lft forever
6: br-f3d416fe3b1f: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:2d:50:bc:16 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-f3d416fe3b1f
valid_lft forever preferred_lft forever
inet6 fe80::42:2dff:fe50:bc16/64 scope link
valid_lft forever preferred_lft forever