一、简介
Docker使用Linux桥接,在宿主机虚拟一个Docker容器网桥(docker0),Docker启动一个容器时会根据Docker网桥的网段分配给容器一个IP地址,称为Container-IP,同时Docker网桥是每个容器的默认网关。因为在同一宿主机内的容器都接入同一个网桥,这样容器之间就能够通过容器的Container-IP直接通信
Docker网桥是宿主机虚拟出来的,并不是真实存在的网络设备,外部网络是无法寻址到的,这也意味着外部网络无法通过直接Container-IP访问到容器。如果容器希望外部访问能够访问到,可以通过映射容器端口到宿主主机(端口映射),即docker run创建容器时候通过 -p 或 -P 参数来启用,访问容器的时候就通过[宿主机IP]:[容器端口]访问容器
| Docker网络模式 | 配置 | 说明 |
|---|---|---|
| host模式 | –net=host | 容器和宿主机共享Network namespace |
| container模式 | –net=container:NAME_or_ID | 容器和另外一个容器共享Network namespace。 kubernetes中的pod就是多个容器共享一个Network namespace |
| none模式 | –net=none | 容器有独立的Network namespace,但并没有对其进行任何网络设置,如分配veth pair 和网桥连接,配置IP等 |
| bridge模式 | –net=bridge | (默认为该模式) |
二、Docker的bridge网络
当Docker进程启动时,会在主机上创建一个名为docker0的虚拟网桥,此主机上启动的Docker容器会连接到这个虚拟网桥上。虚拟网桥的工作方式和物理交换机类似,这样主机上的所有容器就通过交换机连在了一个二层网络中
从docker0子网中分配一个IP给容器使用,并设置docker0的IP地址为容器的默认网关。在主机上创建一对虚拟网卡veth pair设备,Docker将veth pair设备的一端放在新创建的容器中,并命名为eth0(容器的网卡),另一端放在主机中,以vethxxx这样类似的名字命名,并将这个网络设备加入到docker0网桥中。可以通过brctl show命令查看
1、查看docker的网络
[root@Docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
008e1f7d9de6 bridge bridge local
4af288756611 host host local
ef28ef685a89 none null local
删除所有容器
[root@Docker ~]# docker ps -qa |xargs docker rm -f
2、本地的网卡信息
[root@Docker ~]# ip add
...............
..... #自己生成的容器网桥
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:ef:ba:d1:9c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:efff:feba:d19c/64 scope link
valid_lft forever preferred_lft forever
....3、创建一个容器,查看容器网卡
[root@Docker ~]# docker run -it busybox /bin/sh
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
009932687766: Pull complete
Digest: sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb
Status: Downloaded newer image for busybox:latest
BusyBox 是一个集成了三百多个最常用Linux命令和工具的软件。BusyBox 包含了一些简单的工具,例如ls、cat和echo等等,还包含了一些更大、更复杂的工具,例grep、find、mount以及telnet。有些人将 BusyBox 称为 Linux 工具里的瑞士军刀。简单的说BusyBox就好像是个大工具箱,它集成压缩了 Linux 的许多工具和命令,也包含了 Linux 系统的自带的shell
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
105: eth0@if106: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 #网卡地址
valid_lft forever preferred_lft forever
/ # ip route #路由
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 scope link src 172.17.0.2
4、宿主机变化
[root@Docker ~]# ip add
................
.......
106: vethe792ff0@if105: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether aa:aa:ae:c4:f7:0c brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::a8aa:aeff:fec4:f70c/64 scope link
valid_lft forever preferred_lft forever
————————————————————————————————————
两块网卡使用桥接模式连接5、网络结构示意图
6、修改docker的默认网络
[root@Docker ~]# vim /etc/docker/daemon.json #新建daemon.json文件
{
"log-driver": "journald",
"bip":"192.168.3.1/24"
}
保存
[root@Docker ~]# systemctl restart docker #这里注意如果配置文件错误,修改后需要等待几分钟在重启,否则会报错
[root@Docker ~]# ip a
............
......
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:47:d4:bb:3d brd ff:ff:ff:ff:ff:ff
inet 192.168.3.1/24 brd 192.168.3.255 scope global docker0
valid_lft forever preferred_lft forever
[root@Docker ~]# docker run -it busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:03:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.2/24 brd 192.168.3.255 scope global eth0
valid_lft forever preferred_lft forever
重新打开一个窗口,查看宿主机
[root@Docker ~]# ip a
..........
...
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:47:d4:bb:3d brd ff:ff:ff:ff:ff:ff
inet 192.168.3.1/24 brd 192.168.3.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:47ff:fed4:bb3d/64 scope link
valid_lft forever preferred_lft forever
6: veth6355ac1@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 3a:a2:1c:05:1c:38 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::38a2:1cff:fe05:1c38/64 scope link
valid_lft forever preferred_lft forever
7、验证bridge网络
开启两个容器
[root@Docker ~]# docker run -it busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:03:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.2/24 brd 192.168.3.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping 192.168.3.3 #先开启容器在进行测试
PING 192.168.3.3 (192.168.3.3): 56 data bytes
64 bytes from 192.168.3.3: seq=0 ttl=64 time=0.051 ms
64 bytes from 192.168.3.3: seq=1 ttl=64 time=0.048 ms
64 bytes from 192.168.3.3: seq=2 ttl=64 time=0.051 ms
——————————————————————————————————————————————————————————————————————————————————————
[root@Docker ~]# docker run -it busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:03:03 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.3/24 brd 192.168.3.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping 192.168.3.2 #开启容器后测试
PING 192.168.3.2 (192.168.3.2): 56 data bytes
64 bytes from 192.168.3.2: seq=0 ttl=64 time=0.066 ms
64 bytes from 192.168.3.2: seq=1 ttl=64 time=0.055 ms
64 bytes from 192.168.3.2: seq=2 ttl=64 time=0.065 ms
在同一个宿主机的两个容器是可以互相ping通的
注意:如果从另一个主机的容器ping,是无法ping通
容器通向外部
/ # ping www.baidu.com
PING www.baidu.com (180.101.49.11): 56 data bytes
64 bytes from 180.101.49.11: seq=0 ttl=50 time=40.914 ms
64 bytes from 180.101.49.11: seq=1 ttl=50 time=39.788 ms
/ # cat /etc/resolv.conf #查看DNS,和我外部的DNS是一样
# Generated by NetworkManager
nameserver 192.168.1.1
nameserver 192.168.0.1
查看bridge网络信息
通过以下命令会列出bridge网络的相关信息,其中"Containers"字段的表示是信息是指当前节点上有哪些容器使用了该网络
[root@Docker ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "468e0baf70108c1586c23f63617006f5ced321d52bfec18bfe024f280226bb03",
"Created": "2022-02-21T22:45:08.399718131+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "192.168.3.0/24",
"Gateway": "192.168.3.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"24d8e65795f0ae2a32ef3e8da85792fb05428bf3001a5be3c4a3ea0c7d322e54": {
"Name": "zealous_austin",
"EndpointID": "83e46abba8f613c1e9c688324571021e265cc6d345fa56810ed582bf5dff6737",
"MacAddress": "02:42:c0:a8:03:02",
"IPv4Address": "192.168.3.2/24",
"IPv6Address": ""
},
"8bc83d3dbce1ac7dfbc9b0b9e782bc772733901fd46380117bf3241ba70a7372": {
"Name": "reverent_keldysh",
"EndpointID": "6c3369caf72659e575cec26786835b8f3fc8b7b3ecc19a3147938cf8f4c67806",
"MacAddress": "02:42:c0:a8:03:03",
"IPv4Address": "192.168.3.3/24",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
8、创建使用bridge网络容器的示例
[root@Docker ~]# docker run -d --name web1 --net bridge nginx
[root@Docker ~]# iptables -t nat -L #
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere !loopback/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.3.0/24 anywhere
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
9、基于bridge网络的容器访问外部网络
默认情况下,基于bridge网络容器即可访问外部网络,这是因为默认情况下,docker使用了iptables的snat转发来实现容器对外部的访问(需要内核开启net.ipv4.ip_forward=1)
外部网络访问基于bridge网络的容器
如果想让外界可以访问到基于bridge网络创建的容器提供的服务,则必须要告诉docker要使用的端口
9.1、安装jq命令:详细信息查看 jq Manual (development version)
[root@Docker ~]# wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
.....
[root@Docker ~]# rpm -ivh epel-release-latest-7.noarch.rpm
[root@Docker ~]# yum install -y jq
........ 9.2、查看镜像使用的端口
[root@Docker ~]# docker inspect nginx | jq .[]."ContainerConfig"."ExposedPorts"
{
"80/tcp": {}
}
在创建容器的时候可以指定这个容器的端口与主机端口的映射关系;这种端口映射基于iptables的dnat实现
-p(小):可以指定主机与容器的端口关系,冒号左边是主机的端口,右边是映射到容器中的端口
-P(大):该参数会分配镜像中所有的会使用的端口,并映射到主机上的随机端口 9.3、查看容器的端口情况
[root@Docker ~]# docker run -d -P --name web2 --net bridge nginx
58d55a53b1b6b0cfd3cc56140a49630087b3631be6417c4a921e26650c08fbc1
[root@Docker ~]# docker port 58d55a53b1b6b0cfd3
80/tcp -> 0.0.0.0:49153
80/tcp -> :::49153
如果创建容器时,-p参数后面指一个指定端口,意思是主机会随机一个端口,映射到容器的该指定端口
———————————————————————————————— 指定DNS 指多个端口号
[root@Docker ~]# docker run -d --dns 8.8.8.8 -p 8080:80 -p 2022:20 --name web3 nginx
d4fe5fea64407e52d3e20e2f8f4c0697ef19710cfe944fa7fb0d2beaa41bbccf
[root@Docker ~]# docker port d4fe5fea64407e52d3e20e2f8f4c
20/tcp -> 0.0.0.0:2022
20/tcp -> :::2022
80/tcp -> 0.0.0.0:8080
80/tcp -> :::8080
——————————————————————————————————————————————————————————————————————
[root@Docker ~]# docker run -d --dns 8.8.8.8 -P --name web4 nginx
92555de89cc9c3567116cfec0ed896d816f9ebd4fde3e4a292378082c50e3688
[root@Docker ~]# docker port 92555de89cc9
80/tcp -> 0.0.0.0:49154
80/tcp -> :::49154
三、none网络
none网络就是什么都没有的网络。使用none网络的容器除了lo,没有其他任何网卡,完全隔离。用于既不需要访问外部服务,也不允许外部服务访问自己的应用场景
1、查看none网络信息
[root@Docker ~]# docker network inspect none
[
{
"Name": "none",
"Id": "ef28ef685a892c44bf54dbf8318115aa8e9261d8924440e7827b0aa5b2dbe7a5",
"Created": "2022-02-17T20:22:32.717345442+08:00",
"Scope": "local",
"Driver": "null",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": []
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
2、创建none网络容器的案例
[root@Docker ~]# docker run -it --net none busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
#无法ping通 192.168.3.2的
————————————————————————————————————————————————————————————————————————————
[root@Docker ~]# ping 192.168.3.2 #ping容器nginx
PING 192.168.3.2 (192.168.3.2) 56(84) bytes of data.
64 bytes from 192.168.3.2: icmp_seq=1 ttl=64 time=0.128 ms
64 bytes from 192.168.3.2: icmp_seq=2 ttl=64 time=0.037 ms
四、host网络
使用host网络的主机,与宿主机共享网络地址,可以获得最好的数据转发性能。缺点是,同一个宿主机上的多个容器共享同一个ip地址,如果多容器使用相同的端口,需要自行解决端口冲突问题
1、查看host网络信息
[root@Docker ~]# docker network inspect host
[
{
"Name": "host",
"Id": "4af2887566111d99d1ac48f055ba341a6334f94d24cfc86271b95bcc891f5bb2",
"Created": "2022-02-17T20:22:32.725525256+08:00",
"Scope": "local",
"Driver": "host",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": []
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
2、创建host网络容器的案例
[root@Docker ~]# docker run -it --net host busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:7b:cb:af brd ff:ff:ff:ff:ff:ff
inet 192.168.2.17/24 brd 192.168.2.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::c14f:f7cc:6b8e:2d49/64 scope link
valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 02:42:47:d4:bb:3d brd ff:ff:ff:ff:ff:ff
inet 192.168.3.1/24 brd 192.168.3.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:47ff:fed4:bb3d/64 scope link
valid_lft forever preferred_lft forever
19: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:7b:cb:b9 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.4/24 brd 192.168.0.255 scope global dynamic ens37
valid_lft 7156sec preferred_lft 7156sec
inet6 fe80::d813:b992:4112:3c0c/64 scope link
valid_lft forever preferred_lft forever
可以看到该容器没有自己的IP地址,因为它直接使用宿主机IP地址,容器的网络和宿主机的网络一模一样
缺点:无法启动两个一样具有应用的容器,因为一个容器启动之后,占用一个端口,新的容器就无法在使用这个端口
2.1、案例
[root@Docker ~]# docker run -d --net host nginx
458b2c1ad008beb328acd9c37ca13a2e19a369f1b839d3a56a8c1b90d42a6715
[root@Docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
458b2c1ad008 nginx "/docker-entrypoint.…" 7 seconds ago Up 6 seconds clever_williams
在启动一个nginx服务
[root@Docker ~]# docker run -d --net host nginx
30608d27b2cf1d61512c5ea1780520d2ed13d3baefe9dfb74cea4c95de75f265
[root@Docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
30608d27b2cf nginx "/docker-entrypoint.…" 11 seconds ago Exited (1) 8 seconds ago confident_lovelace
458b2c1ad008 nginx "/docker-entrypoint.…" 24 seconds ago Up 23 seconds clever_williams
因为新的容器无法在使用这个端口所以状态为Exited(停止)
五、自定义网络
Docker除了提供三种的默认网络模式之外,也允许用户针对一些特定的应用场景去创建一些自定义的网络。这样属于这个网络的容器就可以单独隔离出来,它们之间可以相互通信,而不在这个网络的容器就不能直接访问到它们。一个容器可以属于多个网络,同一个自定义
网络下的容器可以通过各自的容器名访问到对方,因为会使用到docker内嵌的一个dns功能
Docker提供三种自定义网络驱动:bridge、overlay、macvlan;自定义bridge网络
1、创建自定义网络
[root@Docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
468e0baf7010 bridge bridge local
4af288756611 host host local
ef28ef685a89 none null local
[root@Docker ~]# docker network create --driver bridge zdy
ef20e886ee644a5edad2ad07985716d71be0eff30a9b1ce3dea804b72330d11a
———————————————————— --driver:用于指定网络类型 zdy:自定义名称
[root@Docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
468e0baf7010 bridge bridge local
4af288756611 host host local
ef28ef685a89 none null local
ef20e886ee64 zdy bridge local
宿主机也会多一个网卡
[root@Docker ~]# ip a
...
........
20: br-ef20e886ee64: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:83:d0:f5:17 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global br-ef20e886ee64
valid_lft forever preferred_lft forever
多创建一个网卡
[root@Docker ~]# docker network create --driver bridge zdy2
09b717e8582e759df85083a668028b36500d34806576d454c66b1c75eec922b9
[root@Docker ~]# ip a
.........
.......
20: br-ef20e886ee64: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:83:d0:f5:17 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global br-ef20e886ee64
valid_lft forever preferred_lft forever
21: br-09b717e8582e: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:7a:61:ca:b5 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-09b717e8582e
valid_lft forever preferred_lft forever
2、基于zdy网络创建容器
[root@Docker ~]# docker run -d --net zdy nginx
3fbfe2f9e2d92ad7acb4a826c063e16e06675cbd195a638a27bbff0344dae657
[root@Docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3fbfe2f9e2d9 nginx "/docker-entrypoint.…" 35 seconds ago Up 33 seconds 80/tcp vigilant_williams
[root@Docker ~]# docker run -it --net zdy busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
3、通过指定子网和网关的方式创建自定义网络
[root@Docker ~]# docker network create --driver bridge --subnet 172.10.1.0/24 --gateway 172.10.1.1 zdy3
4b630b289238dcd81e338a8a9d1e5b620cd31be3917ae49a39b201b0d1a17465
[root@Docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
468e0baf7010 bridge bridge local
4af288756611 host host local
ef28ef685a89 none null local
ef20e886ee64 zdy bridge local
09b717e8582e zdy2 bridge local
4b630b289238 zdy3 bridge local
4、创建容器使用zdy3网络
[root@Docker ~]# docker run -it --net zdy3 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
27: eth0@if28: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:0a:01:02 brd ff:ff:ff:ff:ff:ff
inet 172.10.1.2/24 brd 172.10.1.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ip route
default via 172.10.1.1 dev eth0
172.10.1.0/24 dev eth0 scope link src 172.10.1.2
创建容器使用zdy3网络的同时指定其ip地址
[root@Docker ~]# docker run -it --network=zdy3 --ip=172.10.1.20 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
29: eth0@if30: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:0a:01:14 brd ff:ff:ff:ff:ff:ff
inet 172.10.1.20/24 brd 172.10.1.255 scope global eth0
valid_lft foreve r preferred_lft forever
/ # ip route
default via 172.10.1.1 dev eth0
172.10.1.0/24 dev eth0 scope link src 172.10.1.20
5、使用自定义网络与默认网络互通
先删除之前所以的容器
[root@Docker ~]# docker ps -qa |xargs docker rm -f
以默认网卡创建一个容器
[root@Docker ~]# docker run -it busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
31: eth0@if32: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:03:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.2/24 brd 192.168.3.255 scope global eth0
valid_lft forever preferred_lft forever
自定义网卡创建容器
[root@Docker ~]# docker run -it --net zdy busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
33: eth0@if34: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@Docker ~]# docker run -it --net zdy busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
35: eth0@if36: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.162 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.050 ms
64 bytes from 172.17.0.2: seq=2 ttl=64 time=0.049 ms
^C
--- 172.17.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.049/0.087/0.162 ms
/ # ping 192.168.3.2
PING 192.168.3.2 (192.168.3.2): 56 data bytes
如果想让默认bridge网络的busybox与 zdy 中的容器通信,可以给容器添加一块自定义网络的网卡,使用以下方式
查看容器信息
[root@Docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
82fb63cacb08 busybox "/bin/sh" 21 minutes ago Up 21 minutes mystifying_blackwell
99584446e48f busybox "/bin/sh" 22 minutes ago Up 22 minutes recursing_mendel
400d7e78ea02 busybox "/bin/sh" 22 minutes ago Up 22 minutes objective_booth
给 400d7e78ea02 容器添加 zdy 网卡
再次查看容器网卡
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
31: eth0@if32: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:03:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.2/24 brd 192.168.3.255 scope global eth0
valid_lft forever preferred_lft forever
37: eth1@if38: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.4/16 brd 172.17.255.255 scope global eth1
valid_lft forever preferred_lft forever
————————————————————ping 自定义的两个容器
/ # ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.065 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.063 ms
64 bytes from 172.17.0.2: seq=2 ttl=64 time=0.157 ms
^C
--- 172.17.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.063/0.095/0.157 ms
/ # ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.069 ms
64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.068 ms
64 bytes from 172.17.0.3: seq=2 ttl=64 time=0.052 ms
^C
--- 172.17.0.3 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.052/0.063/0.069 ms
给 zdy 添加 bridge 默认网卡
[root@Docker ~]# docker network connect bridge 99584446e48f
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
33: eth0@if34: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
39: eth1@if40: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:03:03 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.3/24 brd 192.168.3.255 scope global eth1
valid_lft forever preferred_lft forever
————————————————————————————————————————————————
/ # ping 192.168.3.2
PING 192.168.3.2 (192.168.3.2): 56 data bytes
64 bytes from 192.168.3.2: seq=0 ttl=64 time=0.074 ms
64 bytes from 192.168.3.2: seq=1 ttl=64 time=0.053 ms
^C
--- 192.168.3.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.053/0.063/0.074 ms
这样就可以互相ping通了
6、删掉网卡
将 busybox 新添加的这块网卡移除
[root@Docker ~]# docker network disconnect bridge 400d7e78ea02
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
37: eth1@if38: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.4/16 brd 172.17.255.255 scope global eth1
valid_lft forever preferred_lft forever
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
