Docker 网络相关

网络命令

[root@localhost ~]# docker network --help

Usage: docker network COMMAND

Manage networks

Commands:

#连接一个容器到网络，作用是为一个容器添加一个指定网络的网卡使这个容器可以和指定网络的容器互通

connect Connect a container to a network

#创建容器centos01使用指定网络test-net
admin01@docker01:~$ docker run -itd --name centos01 --net test-net centos
6712150b40178db590cef3d0a30fc093078636476b455e63f8bfa78c3e9b0d37

#查看容器centtos01的详细配置
admin01@docker01:~$ docker inspect 6712150b40178d
[
    {
        "Id": "6712150b40178db590cef3d0a30fc093078636476b455e63f8bfa78c3e9b0d37",
        "Created": "2022-01-12T12:05:50.829190705Z",
        "Path": "/bin/bash",
        "Args": [],
        "State": {
    .
    .
    .
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "5664ee20e05d52e680d61606f91c8653de1ff561f38cd09c187b237a8329d4cc",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/5664ee20e05d",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "test-net": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "6712150b4017"
                    ],
                    "NetworkID": "d0914824d54176ef45e25e01e0d64ac3c323fdb85bdc9e26e4fb6e2081301911",
                    "EndpointID": "b4976de22d2d17955f3c691b1d029ed82872a54a2c361332a50828c9f76fad86",
                    "Gateway": "172.18.0.1",
                    "IPAddress": "172.18.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:12:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
]


#创建容器centos02，使用系统默认的bridge网路
admin01@docker01:~$ docker run -itd --name centos02 centos
f2d12b5174dcf25f663af41d202466f3b288db0b63104b472a06730b9275108c

#查看centos02的详细配置
admin01@docker01:~$ docker inspect f2d12b5174dcf25
[
    {
        "Id": "f2d12b5174dcf25f663af41d202466f3b288db0b63104b472a06730b9275108c",
        "Created": "2022-01-12T12:09:04.674869341Z",
        "Path": "/bin/bash",
        "Args": [],
    .
    .
    .
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "2ac19b854285c24a765599c3a01c7912b964444df5375e570aab2de2145728ef",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/2ac19b854285",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "3c57f3e86e465d2fedc06a145297be09d8bce8b02eb0763a1bf359a78314d154",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.3",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:03",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "4979d9095091a9e6ea8db6b7d77522a31d0009d769e6142135f41a5f831bea0c",
                    "EndpointID": "3c57f3e86e465d2fedc06a145297be09d8bce8b02eb0763a1bf359a78314d154",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:03",
                    "DriverOpts": null
                }
            }
        }
    }
]

#使用docker network connect命令为centos02增加一张test-net网络的网卡
admin01@docker01:~$ docker network connect test-net centos02 

#再次查看centos02的详细配置，发现多了一张test-net网络的网卡配置信息
admin01@docker01:~$ docker inspect f2d12b5174dcf25
[
    {
        "Id": "f2d12b5174dcf25f663af41d202466f3b288db0b63104b472a06730b9275108c",
        "Created": "2022-01-12T12:09:04.674869341Z",
        "Path": "/bin/bash",
        "Args": [],
        "State": {
    .
    .
    .
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "2ac19b854285c24a765599c3a01c7912b964444df5375e570aab2de2145728ef",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/2ac19b854285",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "3c57f3e86e465d2fedc06a145297be09d8bce8b02eb0763a1bf359a78314d154",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.3",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:03",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "4979d9095091a9e6ea8db6b7d77522a31d0009d769e6142135f41a5f831bea0c",
                    "EndpointID": "3c57f3e86e465d2fedc06a145297be09d8bce8b02eb0763a1bf359a78314d154",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:03",
                    "DriverOpts": null
                },
                "test-net": {
                    "IPAMConfig": {},
                    "Links": null,
                    "Aliases": [
                        "f2d12b5174dc"
                    ],
                    "NetworkID": "d0914824d54176ef45e25e01e0d64ac3c323fdb85bdc9e26e4fb6e2081301911",
                    "EndpointID": "43cf9c59a165f01d39ff6e8be506a9c66f558aa3cf27d42b86bca2df221d5c11",
                    "Gateway": "172.18.0.1",
                    "IPAddress": "172.18.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:12:00:03",
                    "DriverOpts": {}
                }
            }
        }
    }
]

#测试网络连通
admin01@docker01:~$ docker exec -it centos01 ping centos02
PING centos02 (172.18.0.3) 56(84) bytes of data.
64 bytes from centos02.test-net (172.18.0.3): icmp_seq=1 ttl=64 time=0.127 ms
64 bytes from centos02.test-net (172.18.0.3): icmp_seq=2 ttl=64 time=0.063 ms
^C
--- centos02 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.063/0.095/0.127/0.032 ms
admin01@docker01:~$ docker exec -it centos02 ping centos01
PING centos01 (172.18.0.2) 56(84) bytes of data.
64 bytes from centos01.test-net (172.18.0.2): icmp_seq=1 ttl=64 time=0.103 ms
64 bytes from centos01.test-net (172.18.0.2): icmp_seq=2 ttl=64 time=0.063 ms
^C
--- centos01 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1021ms
rtt min/avg/max/mdev = 0.063/0.083/0.103/0.020 ms

#创建一个网络

create Create a network

#断开一个容器到指定网络的链接，实际是删除容器指定网络的网卡

disconnect Disconnect a container from a network

#查看一个或更多网络的详细配置信息

inspect Display detailed information on one or more networks

#列出网络

ls List networks

#移除所有未使用的网络

prune Remove all unused networks

#移除一个或更多网络

rm Remove one or more networks

Run 'docker network COMMAND --help' for more information on a command.

网络创建命令

[root@localhost ~]# docker network create --help

Usage: docker network create [OPTIONS] NETWORK

Create a network

Options:

--attachable Enable manual container attachment

--aux-address map Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[])

--config-from string The network from which to copy the configuration

--config-only Create a configuration only network

#设置管理网络的模式：默认bridge（桥接），还可以配置none（本地私有网络，不与宿主机连通）和host（公用宿主机网络）

-d, --driver string Driver to manage the Network (default "bridge")

#设置网关

--gateway strings IPv4 or IPv6 Gateway for the master subnet

#创建集群网络

--ingress Create swarm routing-mesh network

#限制外部对网络的访问

--internal Restrict external access to the network

#从一个容器中分配子网络

--ip-range strings Allocate container ip from a sub-range

#设置管理网络IP

--ipam-driver string IP Address Management Driver (default "default")

--ipam-opt map Set IPAM driver specific options (default map[])

--ipv6 Enable IPv6 networking

--label list Set metadata on a network

-o, --opt map Set driver specific options (default map[])

--scope string Control the network's scope

#设置网段，例如：192.168.0.1/24

--subnet strings Subnet in CIDR format that represents a network segment

创建一个网络

#创建一个网络redisnet，网段172.18.0.1，子网掩码255.255.255.0，网关172.18.0.1

docker network create -d bridge --subnet 172.18.0.1/24 --gateway 172.18.0.1 redisnet

#查看docker网络

docker network ls

NETWORK ID NAME DRIVER SCOPE

c395805e2de5 bridge bridge local

fd0b8df7bcac host host local

7781b9e77197 none null local

fb23e597993e redisnet bridge local

查看redisnet的详细配置

[root@localhost ~]# docker network inspect redisnet

[

{

"Name": "redisnet",

"Id": "fb23e597993ea4e029aab8c44c323d4d997abb111f3b750e41bace34ea74abfd",

"Created": "2022-01-11T09:22:39.332201857+08:00",

"Scope": "local",

"Driver": "bridge",

"EnableIPv6": false,

"IPAM": {

"Driver": "default",

"Options": {},

"Config": [

{

"Subnet": "172.18.0.1/24",

"Gateway": "172.18.0.1"

}

]

},

"Internal": false,

"Attachable": false,

"Ingress": false,

"ConfigFrom": {

"Network": ""

},

"ConfigOnly": false,

"Containers": {},

"Options": {},

"Labels": {}

}

]

查看bridge（docker0）的详细配置

发现比我们自己创建的网卡多了"Containers"和"Options"两个部分的详细设定。

[root@localhost ~]# docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "c395805e2de53f5db99cdd1efe74545c53dbdd74427cf9f338be75fd9ce29b62",
        "Created": "2022-01-10T13:46:03.711755654+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "8cea4b4bdaa7dff35a2f943198330104c2b910a5aeb77181eca72bb887ab584e": {
                "Name": "priceless_chaplygin",
                "EndpointID": "d7f38b3c279d4134be30767e5d344d7d4bf7e2c4517a8994ff7e3c71b74e3dae",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }

容器间网络的连同性比较

自己创建的网络内部的容器可以使用容器名直接ping通

使用docker默认的网络创建的容器是不能直接使用容器名ping的