Docker——網路
阿新 • • 發佈:2020-09-15
docker0
-
檢視主機的ip
[root@iZwz908j8pbqd86doyrez5Z test]# ip addr #本機迴環地址 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever #阿里雲內網地址 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:16:3e:10:37:ba brd ff:ff:ff:ff:ff:ff inet 172.18.199.233/20 brd 172.18.207.255 scope global dynamic eth0 valid_lft 309999819sec preferred_lft 309999819sec #docker生成的地址 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:6f:43:1c:ae brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever -
檢視容器的ip
[root@iZwz908j8pbqd86doyrez5Z test]# docker exec -it 5046feaea51f ip addr #容器內網地址 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever #docker生成的地址 282: eth0@if283: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever -
嘗試從主機直接ping通容器的eth0ip
#嘗試ping通主機和容器 [root@iZwz908j8pbqd86doyrez5Z test]# ping 172.17.0.2 #連線成功 -
容器間的通訊:docker網路
原理:使用了evth-pair技術,本質上都是通過主機相連.每個主機有一個埠對應一個容器(如上面的容器-282和主機-283),如此構成了一個區域網.實際上各個容器無法直接相連,只能通過enth0進行橋接
#嘗試ping通容器和容器 [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat1 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 284: eth0@if285: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat2 ping 172.17.0.3 #測試:可以ping通
docker網路解決的問題:容器之間的ping通
原理
-
我們沒啟動一個docker容器,docker就會給docker容器分配一個ip,我們只要安裝了docker,就會有一個網絡卡橋接模式,使用的技術是evth-pair技術
#再次檢視主機ip:多了一個263(猜測“283: veth30fdc0b@if282”表示:這裡的263與容器內的262相對應,即每執行一個容器,都會建立一對網絡卡) [root@iZwz908j8pbqd86doyrez5Z test]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:16:3e:10:37:ba brd ff:ff:ff:ff:ff:ff inet 172.18.199.233/20 brd 172.18.207.255 scope global dynamic eth0 valid_lft 309996899sec preferred_lft 309996899sec 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:6f:43:1c:ae brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 283: veth30fdc0b@if282: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 4e:d2:72:ba:14:a0 brd ff:ff:ff:ff:ff:ff link-netnsid 0 -
linux橋接:我們每啟動一個容器,linux主機就會多一個虛擬網絡卡,這個網絡卡連線著各個容器,我們可以嘗試使用兩個容器進行通訊
#evth-pair技術:一對虛擬裝置介面,他們都是成對出現的,一端連著協議,一端彼此相連 [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat1 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 284: eth0@if285: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat2 ping 172.17.0.3 -
網路模型圖
結論:tomcat1和tomcat2公用一個路由器docker0
-
小結
注:
- Docker中的所有網路介面都是虛擬的.虛擬的轉發效率高!
- 只要容器刪除,對應網橋一對就沒了
-
–link(官方不推薦)
當通過datasource連線mysql時,通常總是對應一個指定的埠,而容器的埠卻是在啟動難時生成(主機埠-容器埠),是否有辦法通過主機埠-服務找到對應的埠?
#嘗試直接ping通 docker exec -it tomcat2 ping tomcat1 #無法直接ping通 #嘗試使用link啟動一個容器 docker run -d -P --name tomcat3 --link tomcat2 tomcat docker exec -it tomcat3 ping tomcat2 #可以ping通 #嘗試tomcat1向tomcat2反向Ping通 docker exec -it tomcat1 ping tomcat3 #失敗 #檢視/etc/hosts檔案探究--link原理 [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat3 cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.4 tomcat2 e55b43eede71 #其實本質上是更改了hosts檔案,將訪問轉到本地對應的埠 172.17.0.5 c13e595e3183原理:直接在/etc/hosts中寫死了
-
自定義網路
#檢視當前的網路 [root@iZwz908j8pbqd86doyrez5Z ~]# docker network ls NETWORK ID NAME DRIVER SCOPE e33b6b9e8a86 bridge bridge local e4a72501819c host host local ee755fa64360 none null local網路模式
bridge:橋接模式,橋接docker(預設)
none:不配置網路
host:和宿主機共享網路
container:容器內網路連通(不建議)測試
# 我們直接啟動的命令 --net bridge,也就是我們docker0的橋接 docker run -d -P --name tomcat01 tomcat docker run -d -P --name tomcat01 --net bridge tomcat #與上面等同 # docker0特點:預設,域名不能訪問,可以--link打通,但是不推薦 #嘗試建立一個自定義網路 #--driver bridge:橋接模式 #--subnet 192.168.0.0/16:子網地址(/16,說明只限制了前面16位,可以有255*255個不同的地址;如果是/24,則只有255個地址) #--getaway 192.168.0.1:閘道器 [root@iZwz908j8pbqd86doyrez5Z ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet27ebc9223f194268120a12710971c9093c53b9fc3f65e19697ca63e05ee464f9 [root@iZwz908j8pbqd86doyrez5Z ~]# docker network ls NETWORK ID NAME DRIVER SCOPE e33b6b9e8a86 bridge bridge local e4a72501819c host host local 27ebc9223f19 mynet bridge local #* ee755fa64360 none null local #docker network inspect mynet [root@iZwz908j8pbqd86doyrez5Z ~]# docker network inspect mynet [ { "Name": "mynet", "Id": "27ebc9223f194268120a12710971c9093c53b9fc3f65e19697ca63e05ee464f9", "Created": "2020-09-15T15:13:49.178777935+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", #子網 "Gateway": "192.168.0.1" #閘道器 } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": {}, "Labels": {} } ] #ping測試 [root@iZwz908j8pbqd86doyrez5Z ~]# docker run -d -P --net mynet --name tomcat4 tomcat b763cb6ecf5d4befefcacac1c4fafff8bc3ef28de3ba51d11dfa36e64e0c7cbd [root@iZwz908j8pbqd86doyrez5Z ~]# docker run -d -P --net mynet --name tomcat5 tomcat f292f97cf1d6a0b7d6fc77f207730cf3774a65cf72bf99c3bb392e1acf6b4993 [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat4 ping tomcat5 #再次檢視資訊 [root@iZwz908j8pbqd86doyrez5Z ~]# docker network inspect mynet [ { "Name": "mynet", "Id": "27ebc9223f194268120a12710971c9093c53b9fc3f65e19697ca63e05ee464f9", "Created": "2020-09-15T15:13:49.178777935+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", "Gateway": "192.168.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { #兩個容器 "b763cb6ecf5d4befefcacac1c4fafff8bc3ef28de3ba51d11dfa36e64e0c7cbd": { "Name": "tomcat4", "EndpointID": "5f7cd9c91fdf08ff27ed82d0419aa428c365c1a2d1b5eed476bb1bdb45a86d06", "MacAddress": "02:42:c0:a8:00:02", "IPv4Address": "192.168.0.2/16", "IPv6Address": "" }, "f292f97cf1d6a0b7d6fc77f207730cf3774a65cf72bf99c3bb392e1acf6b4993": { "Name": "tomcat5", "EndpointID": "92660007315adb53a812b564b06090b3039a7771e7c5d9a4fad2b1c9df9753d8", "MacAddress": "02:42:c0:a8:00:03", "IPv4Address": "192.168.0.3/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ]注:
- 不同的叢集建立不同的網路
- 我們自定義的網路docker都已經幫我們維護好了對應的關係,推薦我們平時這樣使用網路!
-
網路連通
#嘗試ping通不同網段(bridge和mynet)的容器 [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat3 ping tomcat4 ping: tomcat4: Name or service not known #在mynet網路中加入tomcat3容器 [root@iZwz908j8pbqd86doyrez5Z ~]# docker network connect mynet tomcat3 [root@iZwz908j8pbqd86doyrez5Z ~]# docker network inspect mynet [ { "Name": "mynet", "Id": "27ebc9223f194268120a12710971c9093c53b9fc3f65e19697ca63e05ee464f9", "Created": "2020-09-15T15:13:49.178777935+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", "Gateway": "192.168.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "b763cb6ecf5d4befefcacac1c4fafff8bc3ef28de3ba51d11dfa36e64e0c7cbd": { "Name": "tomcat4", "EndpointID": "5f7cd9c91fdf08ff27ed82d0419aa428c365c1a2d1b5eed476bb1bdb45a86d06", "MacAddress": "02:42:c0:a8:00:02", "IPv4Address": "192.168.0.2/16", "IPv6Address": "" }, "c13e595e31833afb032661b077f310bebce5d68bc19012caabc67dbaced129b9": { "Name": "tomcat3", "EndpointID": "ad22702408b9cad4cd67d58758506e60b6a48a0274f26a1134403c4153468a1f", "MacAddress": "02:42:c0:a8:00:04", "IPv4Address": "192.168.0.4/16", "IPv6Address": "" }, "f292f97cf1d6a0b7d6fc77f207730cf3774a65cf72bf99c3bb392e1acf6b4993": { "Name": "tomcat5", "EndpointID": "92660007315adb53a812b564b06090b3039a7771e7c5d9a4fad2b1c9df9753d8", "MacAddress": "02:42:c0:a8:00:03", "IPv4Address": "192.168.0.3/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ] #嘗試用tomcat3來ping通tomcat4 [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat3 ping tomcat4 #成功注:
- 網段不同,無法ping通
- 為了實現不同網段的容器互通,應該將要連通的容器連通整個網絡卡(圖)
- 連通之後,就是將容器加入到對應的網路中(一個容器,兩個ip地址
-
springboot打包docker映象
- 在IDEA中下載docker外掛
- 在IDEA中設定連線遠端倉庫
- 編寫dockerfile檔案
- 將jar和dockerfile檔案釋出上去