docker入門基礎(二)
阿新 • • 發佈:2018-12-09
目錄
三、docker的網路
1、容器虛擬化網路簡介
Linux核心支援的六種名稱空間
UTS 主機名和域名 User 使用者 Mount 掛載檔案系統 IPC 程序間通訊 Network網路 Pid程序ID
Docker 安裝時會自動在host上建立三個網路,我們可用 docker network ls命令檢視:
[[email protected] ~]# docker network ls NETWORK ID NAME DRIVER SCOPE df5b7970b3a8 bridge bridge local abd9c40d7983 host host local 6aad0b2dd7bb none null local
[[email protected] ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:acff:fe87:fd09 prefixlen 64 scopeid 0x20<link>
ether 02:42:ac:87:fd:09 txqueuelen 0 (Ethernet)
RX packets 16 bytes 1176 (1.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 1772 (1.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.10 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::ab2e:4f4:b96b:27d8 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:7e:60:50 txqueuelen 1000 (Ethernet)
RX packets 115204 bytes 160314892 (152.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 61790 bytes 8955801 (8.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 12 bytes 1404 (1.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12 bytes 1404 (1.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth22741b7: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::b010:b5ff:fef6:793a prefixlen 64 scopeid 0x20<link>
ether b2:10:b5:f6:79:3a txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 508 (508.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#veth22741b7為建立容器時候建立的 虛擬網絡卡,一半在docker容器上,一半在 宿主機上
#安裝bridge-utils 檢視
[ 2、網路模型理論
另開一臺沒有docker 的機器 使用ip命令就可以模擬網路名稱空間
[[email protected] ~]# rpm -q iproute
iproute-4.11.0-14.el7.x86_64
[[email protected] ~]# ip
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |
tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |
netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila |
vrf }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-h[uman-readable] | -iec |
-f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } |
-4 | -6 | -I | -D | -B | -0 |
-l[oops] { maximum-addr-flush-attempts } | -br[ief] |
-o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |
-rc[vbuf] [size] | -n[etns] name | -a[ll] | -c[olor]}
#新增網路名稱空間
[[email protected] ~]# ip netns help
Usage: ip netns list #列表
ip netns add NAME #新增
ip netns set NAME NETNSID #設定sid
ip [-all] netns delete [NAME] #刪除名稱空間
ip netns identify [PID]
ip netns pids NAME
ip [-all] netns exec [NAME] cmd ... #執行命令
ip netns monitor
ip netns list-id
#管理的時候 只有網路命令空間是隔離的 別的還是共享
[[email protected] ~]# ip netns add r1
[[email protected] ~]# ip netns add r2
[[email protected] ~]# ip netns list
r2
r1
#沒有設定網絡卡 預設是隻有一個lo 且未啟用 需要用 -a 顯示所有
[[email protected] ~]# ip netns exec r1 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#建立虛擬網絡卡對
[[email protected] ~]# ip link add name veth1.1 type veth peer name veth1.2
[[email protected] ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:ac:80:98 brd ff:ff:ff:ff:ff:ff
3: [email protected]: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether d2:07:70:74:78:31 brd ff:ff:ff:ff:ff:ff
4: [email protected]: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether e6:2e:77:c5:92:f0 brd ff:ff:ff:ff:ff:ff
#把veth2移動到r1
[[email protected] ~]# ip link set dev veth1.2 netns r1
[[email protected] ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:ac:80:98 brd ff:ff:ff:ff:ff:ff
4: [email protected]: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether e6:2e:77:c5:92:f0 brd ff:ff:ff:ff:ff:ff link-netnsid 0
#veth1.2被移動到r1 檢視r1的網絡卡裝置
[[email protected] ~]# ip netns exec r1 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth1.2: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether d2:07:70:74:78:31 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#修改veth1.2名字
[[email protected] ~]# ip netns exec r1 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
th0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether d2:07:70:74:78:31 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#開啟veth1
[[email protected] ~]# ifconfig veth1.1 10.2.0.1/24 up
[[email protected] ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ac:80:98 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.30/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::15d9:b011:9226:47ac/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: [email protected]: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
link/ether e6:2e:77:c5:92:f0 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.2.0.1/24 brd 10.2.0.255 scope global veth1.1
valid_lft forever preferred_lft forever
#開啟另一半
[[email protected] ~]# ip netns exec r1 ifconfig th0 10.2.0.2/24 up
[[email protected] ~]# ip netns exec r1 ifconfig
th0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.2.0.2 netmask 255.255.255.0 broadcast 10.2.0.255
inet6 fe80::d007:70ff:fe74:7831 prefixlen 64 scopeid 0x20<link>
ether d2:07:70:74:78:31 txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#ping測試
[[email protected] ~]# ping 10.2.0.2
PING 10.2.0.2 (10.2.0.2) 56(84) bytes of data.
64 bytes from 10.2.0.2: icmp_seq=1 ttl=64 time=0.064 ms
64 bytes from 10.2.0.2: icmp_seq=2 ttl=64 time=0.051 ms
64 bytes from 10.2.0.2: icmp_seq=3 ttl=64 time=0.054 ms
64 bytes from 10.2.0.2: icmp_seq=4 ttl=64 time=0.052 ms
^C
--- 10.2.0.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.051/0.055/0.064/0.007 ms
#把veth1.1也轉移走並測試
[[email protected] ~]# ip link set dev veth1.1 netns r2
[[email protected] ~]# ip netns exec r2 ifconfig veth1.1 10.2.0.3/24 up
[[email protected] ~]# ip netns exec r2 ping 10.2.0.2
PING 10.2.0.2 (10.2.0.2) 56(84) bytes of data.
64 bytes from 10.2.0.2: icmp_seq=1 ttl=64 time=0.065 ms
64 bytes from 10.2.0.2: icmp_seq=2 ttl=64 time=0.055 ms
64 bytes from 10.2.0.2: icmp_seq=3 ttl=64 time=0.052 ms
64 bytes from 10.2.0.2: icmp_seq=4 ttl=64 time=0.051 ms
^C
--- 10.2.0.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.051/0.055/0.065/0.010 ms
#完成手動建立虛擬網絡卡 可以使用ip命令手動配置轉移
####################################################################3、docker網路模型
docker有四種網路模型
closed container 只有lo介面 不能連線外網
bridged container 橋接模式 通過docker0橋接 net橋
joined container UTS NET IPC 通用 mount user pid是自己的 聯盟式網路
Open container 開放式網路 Joined的 一種擴充套件
建立docker容器的時候 使用一個--network 選擇網路 預設是bridge
1、bridge container
建立並開啟容器 關閉後刪除 使用bridge網路 --network bridge 預設
[[email protected] ~]# docker run --name t1 --network bridge -it --rm busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:508 (508.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
#本機檢視IP
/ # exit
[[email protected] ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:7e:60:50 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.10/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::bcd1:23b:c15b:3c72/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::ab2e:4f4:b96b:27d8/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:87:fd:09 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe87:fd09/64 scope link
valid_lft forever preferred_lft forever
#發現docker0虛擬網絡卡的IP為172.17.0.1 ,這是docker建立的橋接網路的虛擬閘道器,所有使用bridge建立的網路都在該IP段內。
#docker主機名 預設是容器id
/ # hostname
white.com
#可以在啟動容器的時候 指定 -h 且自動生成/etc/hosts內的本機解析 DNS解析預設使用宿主機一樣的DNS解析
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 white.com white
#指定dns --dns
[[email protected] ~]# docker run --name t1 --network bridge -h white.com --dns 114.114.114.114 -it --rm busybox:latest
/ # cat /etc/resolv.conf
nameserver 114.114.114.114
#指定dns-search
[[email protected] ~]# docker run --name t1 --network bridge -h white.com --dns 114.114.114.114 --dns-search ilinux.io -it --rm busybox:latest
/ # cat /etc/resolv.conf
search ilinux.io
nameserver 114.114.114.114
#自動注入host解析記錄
[[email protected] ~]# docker run --name t1 --network bridge -h white.com --dns 114.114.114.114 --dns-search ilinux.io --add-host www.baidu.com:10.0.0.22 -it --rm busybox:latest
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.0.0.22 www.baidu.com
172.17.0.3 white.com white
###埠
#Open container 比如nginx服務,需要開放80埠來提供web訪問
-p <containerPort> 將指定的容器埠應設定主機所有地址的一個動態埠 32767之後
-p <hostPort>:<containerPort> 將容器埠對映到指定的主機埠
-p <ip>::<containerPort> 將指定的容器埠對映只主機制定的<ip>的動態埠
-p <ip>:<hostPort>:<containerPort> 將指定容器的埠對映到主機制定IP的埠
動態埠就是隨機埠 使用docker port查詢
#開啟httpd服務並暴露80埠
[[email protected] ~]# docker run --name myweb -p 80 --rm xiaobai20201/httpd:v0.2
#此時暴露的埠是隨機的 ()
#複製終端檢視
[[email protected] ~]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
MASQUERADE tcp -- 172.17.0.3 172.17.0.3 tcp dpt:80
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32768 to:172.17.0.3:80
#發現開啟容器後防火牆自動生成docker的規則
#檢視虛擬機器的IP
[[email protected] ~]# docker inspect myweb
Gateway": "172.17.0.1",
"IPAddress": "172.17.0.3",
#由於做了埠對映 DNAT 所以我們訪問的時候訪問的是docker宿主機的地址和對映的埠 宿主機IP 10.0.0.10
故訪問 http://10.0.0.10:32768
#關閉myweb容器 檢視iptables規則刪除了DNAT規則
[[email protected] ~]# docker kill myweb
myweb
[[email protected] ~]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
#發現關閉容器後防火牆規則自動清除2、closed containe
預設只有lo網路, --network none
docker容器的主機名 預設是容器id
[[email protected] ~]# docker run --name t1 --network none -it --rm busybox:latest
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
#預設只有lo網路
#docker主機名 預設是容器id
/ # hostname
36654003ba6d
#可以在啟動容器的時候 指定 -h 且自動生成/etc/hosts內的本機解析 DNS解析預設使用宿主機一樣的DNS解析
[[email protected] ~]# docker run --name t1 --network none -h white.com -it --rm busybox:latest
/ # hostname
white.com再次啟動myweb 指定宿主機IP 宿主機埠隨機 容器埠80
[[email protected] ~]# docker run --name myweb --rm -p 10.0.0.10::80 xiaobai20201/httpd:v0.2
#複製終端檢視
[[email protected] ~]# docker port myweb
80/tcp -> 10.0.0.10:32768
#指定宿主機的IP隨機埠對映到容器的80埠再次啟動myweb 指定宿主機埠 宿主機ip隨機 容器埠80
[[email protected] ~]# docker run --name myweb --rm -p 8010:80 xiaobai20201/httpd:v0.2
#複製終端
[[email protected] ~]# docker port myweb
80/tcp -> 0.0.0.0:8010
#指定宿主機所有IP的8010埠對映到容器的埠再次啟動myweb 指定宿主機IP和埠 宿主機ip隨機 容器埠80
[[email protected] ~]# docker run --name myweb --rm -p 10.0.0.10:8010:80 xiaobai20201/httpd:v0.2
#複製終端
[[email protected] ~]# docker port myweb
80/tcp -> 10.0.0.10:8010
#指定宿主機指定IP的8010埠對映到容器的埠如果想要暴露多個埠,且是服務真正監聽的埠, 可以使用多次-p
-P 大寫 暴露所有埠
3、Joined containers
共享網路
啟動兩個容器 (使用預設birdge模式) --network container:<container name>
[[email protected] ~]# docker run --name b1 -it --rm busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
[[email protected] ~]# docker run --name b2 -it --rm busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:04
inet addr:172.17.0.4 Bcast:172.17.255.255 Mask:255.255.0.0
#預設是兩個隔離的網路地址 關閉b2 --network container:b1 重新建立
[[email protected] ~]# docker run --name b2 -it --network container:b1 --rm busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
#此時發現b1和b2容器網路實現共享
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
#網路共享 但是檔案系統還是隔離的
#b2操作:
/ # echo "test1 "> /tmp/index.html
/ # httpd -h /tmp
/ # netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::80 :::* LISTEN
#此時b2已經開始監聽80埠
#b1操作:
/ # wget -O - -q 127.0.0.1
test1
#互通的 IPC 效果類似一個主機上的兩個程序 4、open container
開放式容器網路 --network host
重啟開啟容器 指定network為宿主機
[[email protected] ~]# docker run --name b2 -it --network host --rm busybox
/ # ifconfig
docker0 Link encap:Ethernet HWaddr 02:42:AC:87:FD:09
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe87:fd09/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2099 (2.0 KiB) TX bytes:3155 (3.0 KiB)
ens33 Link encap:Ethernet HWaddr 00:0C:29:7E:60:50
inet addr:10.0.0.10 Bcast:10.0.0.255 Mask:255.255.255.0
#發現該容器網路是宿主機網路
#驗證
/ # echo "hello buasss" >/tmp/index.html
/ # httpd -h /tmp
/ # netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:25 :::* LISTEN
#宿主機檢視
[[email protected] ~]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
[[email protected] ~]# wget -O - -q 10.0.0.10
hello buasss5、擴充套件
1)修改docker0橋的網路屬性資訊
(舉例) : /etc/docker/daemon.json
{
"bip": "192.168.2.1/24", #bridge ip 最重要 設定bip後除了dns都可以自動推算出
"fixed-cidr": "10.2.0.0/16", #
"mtu": 1500,
"default-gateway": "10.2.0.1" #預設網管
"dns": ["10.2.0.2","10.2.0.3"] #dns伺服器地址
}
#驗證
[[email protected] ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://xhszfb4i.mirror.aliyuncs.com"],
"bip": "172.10.2.1/24"
}
#宿主機ifconfig檢視 docker0網路i已經發生變化
[[email protected] ~]# systemctl daemon-reload
[[email protected] ~]# systemctl restart docker
[[email protected] ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:7e:60:50 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.10/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::bcd1:23b:c15b:3c72/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::ab2e:4f4:b96b:27d8/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:ac:87:fd:09 brd ff:ff:ff:ff:ff:ff
inet 172.10.2.1/24 brd 172.10.2.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe87:fd09/64 scope link
valid_lft forever preferred_lft forever2)docker容器允許外部機器訪問
#配置
[[email protected] ~]# systemctl stop docker
[[email protected] ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://xhszfb4i.mirror.aliyuncs.com"],
"bip": "172.10.2.1/24",
"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]
}
[[email protected] ~]# systemctl daemon-reload
[[email protected] ~]# systemctl start docker
[[email protected] ~]# ss -lnt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::2375 :::*
LISTEN 0 128 :::22 :::*
#適用另外一個機器連線 node1 檢視docker容器 -H
[[email protected] ~]# docker -H tcp://10.0.0.10:2375 ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[[email protected] ~]# docker -H tcp://10.0.0.10:2375 images
REPOSITORY TAG IMAGE ID CREATED SIZE
xiaobai20201/httpd v0.2 488c5ad2de0d 23 hours ago 1.15MB
xiaobai20201/httpd v0.1-1 453488ef766a 23 hours ago 1.15MB
nginx latest dbfc48660aeb 6 weeks ago 109MB
busybox latest 59788edf1f3e 8 weeks ago 1.15MB
nginx 1.14-alpine 14d4a58e0d2e 2 months ago 17.4MB3)建立自定義的網路模式 橋
[[email protected] ~]# docker network create -d bridge --subnet "172.26.0.0/24" --gateway "172.26.0.1" mybr0
0548c07a2face12cc1c0832651a19dc7866b74090fced409ee21c8d094a7ba44
[[email protected] ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
13e6f0fed458 bridge bridge local
abd9c40d7983 host host local
0548c07a2fac mybr0 bridge local
6aad0b2dd7bb none null local
[[email protected] ~]# ifconfig
br-0548c07a2fac: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.26.0.1 netmask 255.255.255.0 broadcast 172.26.0.255
#修改名稱 需要先down 掉再修改
[[email protected] ~]# ifconfig br-0548c07a2fac down
[[email protected] ~]# ip link set br-0548c07a2fac name docker1
[[email protected] ~]# ip a
[[email protected] ~]# ifconfig docker1 up
#測試mybr0
[[email protected] ~]# docker run --name t1 -it --network mybr0 busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:1A:00:02
inet addr:172.26.0.2 Bcast:172.26.0.255 Mask:255.255.255.0
#複製終端,用原bridge橋再建立一個容器
[[email protected] ~]# docker run --name t2 -it --network bridge busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:10:01:02
inet addr:172.16.1.2 Bcast:172.16.1.255 Mask:255.255.255.0
#此時 t1和t2不能通訊 需要宿主機開啟核心轉發才可以 檢視核心轉發 1為開啟
[[email protected] ~]# cat /proc/sys/net/ipv4/ip_forward
1
#無法通訊是由於生成容器會自動生成一個iptables規則阻斷虛擬機器之間相互通訊
[[email protected] ~]# iptables -vnL
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION-STAGE-2 all -- br-0548c07a2fac !br-0548c07a2fac 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0