1.1 Docker0初体验
1、清空服务器所有的容器和正在运行的所有镜像
docker rm -f $(docker ps -a -q) # 删除所有容器
docker rmi -f $(docker images -qa) # 删除全部镜像
2、查看本地ip,执行命令:ip addr
网络端口分析
1: lo: 127.0.0.1/8 #本机回环地址
2: eth0: 172.17.183.201 #阿里云内网地址
3: docker0: 172.18.0.1 # docker0 地址
3、docker
是如何处理容器间的网络访问的?
# 启动 mytomcat01
[root@guardwhy ~]# docker run -d -P --name mytomcat01 tomcat
latest: Pulling from library/tomcat
42d8171e56e6: Pull complete
774078a3f8bb: Pull complete
Digest: sha256:71703331e3e7f8581f2a8206a612dbeedfbc7bb8caeee972eadca1cc4a72e6b1
Status: Downloaded newer image for tomcat:latest
eb4d1a5d5884ab76d06aaa6b1209d96905f0f822b78ca0ce82bea6a1532c9566
# 查看容器的内部网络地址:ip addr
# 容器启动的时候会得到一个 eth0@if33的IP地址,这是docker分配的!!!
[root@guardwhy ~]# docker exec -it mytomcat01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
32: eth0@if33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
## 宿主机能ping通容器内部!!
[root@guardwhy ~]# ping 172.18.0.2
PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data.
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.088 ms
64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.070 ms
64 bytes from 172.18.0.2: icmp_seq=3 ttl=64 time=0.050 ms
64 bytes from 172.18.0.2: icmp_seq=4 ttl=64 time=0.070 ms
[root@guardwhy ~]#
小结:docker会给每个容器都分配一个ip,且容器和容器之间是可以互相访问的。
原理分析
1、每当启动一个docker
容器,docker就会给docker容器分配一个ip
,只要安装了docker,就会有一个网卡docker0
。
2、注意:这是一个桥接模式,使用的技术是evth-pair
技术。
## 再次查看主机的 ip addr
[root@guardwhy ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:16:3e:03:c4:87 brd ff:ff:ff:ff:ff:ff
inet 172.17.183.201/20 brd 172.17.191.255 scope global dynamic eth0
valid_lft 280172255sec preferred_lft 280172255sec
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ff:a3:f7:8a brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
valid_lft forever preferred_lft forever
## 本来有三个网络,在启动了1个tomcat容器之后,多了一个if33的网络!!!
33: vethdeea84c@if32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether fe:d3:88:7b:b5:85 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@guardwhy ~]#
3、每启动一个容器,linux主机就会多了一个虚拟网卡。
[root@guardwhy ~]# docker run -d -P --name mytomcat02 tomcat
1f2a56ea7754f4c31a7713c840baa5af163a78332bb3a1edcc9e670d3718af3a
[root@guardwhy ~]# docker exec -it mytomcat02 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
34: eth0@if35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.18.0.3/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
## 再次查看主机的 ip addr
[root@guardwhy ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu