一、Docker 网络管理简介
为什么需要Docker网络管理
容器的网络默认与宿主机、与其他容器都是相互隔离。
- 容器中可以运行一些网络应用(如nginx、web应用、数据库等),如果要让外部也可以访问这些容器内运行的网络应用,那么就需要配置网络来实现。
- 有可能有的需求下,容器不想让它的网络与宿主机、与其他容器隔离。
- 有可能有的需求下,容器根本不需要网络。
- 有可能有的需求下,容器需要更高的定制化网络(如定制特殊的集群网络、定制容器间的局域网)。
- 有可能有的需求下, 容器数量特别多,体量很大的一系列容器的网络管理如何
- ……
因此容器的网络管理是非常重要的
Docker中有哪些网络驱动模式
Docker有五种网络驱动模式
- bridge network 模式(网桥):默认的网络模式。类似虚拟机的nat模式
- host network 模式(主机):容器与宿主机之间的网络无隔离,即容器直接使用宿主机网络
- None network 模式:容器禁用所有网络。
- Overlay network 模式(覆盖网络): 利用VXLAN实现的bridge模式
- Macvlan network 模式:容器具备Mac地址,使其显示为网络上的物理设备
C:\Users\lenovo>docker network ls
NETWORK ID NAME DRIVER SCOPE
ae82884de0b7 bridge bridge local
3977854daa84 host host local
25c4b2048836 none null local
C:\Users\lenovo>docker network ls --help
Usage: docker network ls [OPTIONS]
List networks
Aliases:
ls, list
Options:
-f, --filter filter Provide filter values (e.g. 'driver=bridge')
--format string Pretty-print networks using a Go template
--no-trunc Do not truncate the output
-q, --quiet Only display network IDs
C:\Users\lenovo>
二、Docker 网络管理命令
查看网络 – docker network ls
- 作用:
查看已经建立的网络对象 - 命令格式:
docker network ls [OPTIONS] - 命令参数(OPTIONS):
-f, --filter filter 过滤条件(如 'driver=bridge’)
–format string 格式化打印结果
–no-trunc 不缩略显示
-q, --quiet 只显示网络对象的ID - 注意:
默认情况下,docker安装完成后,会自动创建bridge、host、none三种网络驱动
C:\Users\lenovo>docker network create --help
Usage: docker network create [OPTIONS] NETWORK
Create a network
Options:
--attachable Enable manual container attachment
--aux-address map Auxiliary IPv4 or IPv6 addresses used by
Network driver (default map[])
--config-from string The network from which to copy the configuration
--config-only Create a configuration only network
-d, --driver string Driver to manage the Network (default "bridge")
--gateway strings IPv4 or IPv6 Gateway for the master subnet
--ingress Create swarm routing-mesh network
--internal Restrict external access to the network
--ip-range strings Allocate container ip from a sub-range
--ipam-driver string IP Address Management Driver (default "default")
--ipam-opt map Set IPAM driver specific options (default map[])
--ipv6 Enable IPv6 networking
--label list Set metadata on a network
-o, --opt map Set driver specific options (default map[])
--scope string Control the network's scope
--subnet strings Subnet in CIDR format that represents a
network segment
C:\Users\lenovo>docker network create -d bridge my-bridge
149a6cfabf2180daf43299e62987ad2cf4222285a0e27ec0a739eefdb548e28e
C:\Users\lenovo>docker network create my-bridge2
6da8fa8ea51031c61dfa2644a760508b416e6db734ad46d713bb98b500347c0b
C:\Users\lenovo>docker network ls
NETWORK ID NAME DRIVER SCOPE
ae82884de0b7 bridge bridge local
3977854daa84 host host local
149a6cfabf21 my-bridge bridge local
6da8fa8ea510 my-bridge2 bridge local
25c4b2048836 none null local
C:\Users\lenovo>docker network create -d host my-host
Error response from daemon: only one instance of "host" network is allowed
C:\Users\lenovo>docker network create -d null my-host
Error response from daemon: only one instance of "null" network is allowed
C:\Users\lenovo>docker network create -d overlay my-overlay
Error response from daemon: This node is not a swarm manager. Use "docker swarm init" or "docker swarm join" to connect this node to swarm and try again.
C:\Users\lenovo>docker network create -d macvlan my-macvlan
e3628b210f80909f7e1cdd4f453c4d277e7f35b3d1c3bfce8a18d564f787b006
C:\Users\lenovo>docker network ls
NETWORK ID NAME DRIVER SCOPE
ae82884de0b7 bridge bridge local
3977854daa84 host host local
149a6cfabf21 my-bridge bridge local
6da8fa8ea510 my-bridge2 bridge local
e3628b210f80 my-macvlan macvlan local
25c4b2048836 none null local
C:\Users\lenovo>docker network create -d macvlan my-macvlan2
7ec81e71645af24e327b4a47172ba33789e0c3e3295b3a802f38bb83d5b58622
C:\Users\lenovo>docker network ls
NETWORK ID NAME DRIVER SCOPE
ae82884de0b7 bridge bridge local
3977854daa84 host host local
149a6cfabf21 my-bridge bridge local
6da8fa8ea510 my-bridge2 bridge local
e3628b210f80 my-macvlan macvlan local
7ec81e71645a my-macvlan2 macvlan local
25c4b2048836 none null local
C:\Users\lenovo>docker network ls --no-trunc
C:\Users\lenovo>docker network ls -f 'driver=host'
创建网络 – docker network create
- 作用:
创建新的网络对象 - 命令格式:
docker network create [OPTIONS] NETWORK - 命令参数(OPTIONS):
-d, --driver string 指定网络的驱动(默认 “bridge”)
–subnet strings 指定子网网段(如192.168.0.0/16、172.88.0.0/24)
–ip-range strings 执行容器的IP范围,格式同subnet参数
–gateway strings 子网的IPv4 or IPv6网关,如(192.168.0.1) - 注意:
host和none模式网络只能存在一个
docker自带的overlay 网络创建依赖于docker swarm(集群负载均衡)服务
192.168.0.0/16 等于 192.168.0.0~192.168.255.255 192.168.8.0/24
172.88.0.0/24 等于 172.88.0.0~172.88.0.255
网络删除 – docker network rm
- 作用:
删除一个或多个网络 - 命令格式:
docker network rm NETWORK [NETWORK…] - 命令参数(OPTIONS):
无
C:\Users\lenovo>docker network rm --help
Usage: docker network rm NETWORK [NETWORK...]
Remove one or more networks
Aliases:
rm, remove
C:\Users\lenovo>docker network ls
NETWORK ID NAME DRIVER SCOPE
ae82884de0b7 bridge bridge local
3977854daa84 host host local
149a6cfabf21 my-bridge bridge local
6da8fa8ea510 my-bridge2 bridge local
e3628b210f80 my-macvlan macvlan local
7ec81e71645a my-macvlan2 macvlan local
25c4b2048836 none null local
C:\Users\lenovo>docker network rm 6da8fa8ea510 my-macvlan2
6da8fa8ea510
my-macvlan2
C:\Users\lenovo>docker network ls
NETWORK ID NAME DRIVER SCOPE
ae82884de0b7 bridge bridge local
3977854daa84 host host local
149a6cfabf21 my-bridge bridge local
e3628b210f80 my-macvlan macvlan local
25c4b2048836 none null local
C:\Users\lenovo>
查看网络详细信息 – docker network inspect
- 作用:
查看一个或多个网络的详细信息 - 命令格式:
docker network inspect [OPTIONS] NETWORK [NETWORK…]
或者 docker inspect [OPTIONS] NETWORK [NETWORK…] - 命令参数(OPTIONS):
-f, --format string 根据format输出结果
C:\Users\lenovo>docker network ls
NETWORK ID NAME DRIVER SCOPE
ae82884de0b7 bridge bridge local
3977854daa84 host host local
149a6cfabf21 my-bridge bridge local
e3628b210f80 my-macvlan macvlan local
25c4b2048836 none null local
C:\Users\lenovo>docker inspect bridge
[
{
"Name": "bridge",
"Id": "ae82884de0b74736e0031e62b1d367eddbe5388377f37cda6500f0292152be6c",
"Created": "2021-01-25T12:23:47.4618589Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
C:\Users\lenovo>docker inspect -f "{{json .IPAM.Config}}" bridge
[{"Subnet":"172.17.0.0/16","Gateway":"172.17.0.1"}]
C:\Users\lenovo>
使用网络 – docker run --network
- 作用:
为启动的容器指定网络模式 - 命令格式:
docker run/create --network NETWORK - 命令参数(OPTIONS):
无 - 注意:
默认情况下,docker创建或启动容器时,会默认使用名为bridge的网络
C:\Users\lenovo>docker run --network my-bridge -dti centos bash
ad1f600b775d353855e42219a6ead006843f571ca180d868e6a3f6eea50600b9
C:\Users\lenovo>docker run --network host -dti centos bash
c1e9e81618c6d726750ed46aa8d8a3844b7c2c11e5d8f320d776ba0c7a97d6e2
C:\Users\lenovo>docker run --network none -dti centos bash
3625e691bcd24750cc733919bbf1d17eb88e3f2de2e608a75b5cdc5b112a889d
C:\Users\lenovo>docker exec c1e9e81618c ping www.baidu.com
PING www.a.shifen.com (183.232.231.172) 56(84) bytes of data.
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=1 ttl=38 time=81.8 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=2 ttl=38 time=84.6 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=3 ttl=38 time=106 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=4 ttl=38 time=129 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=5 ttl=38 time=43.4 ms
C:\Users\lenovo>docker exec 3625e691bcd24 ping www.baidu.com
ping: www.baidu.com: Name or service not known
C:\Users\lenovo>docker exec ad1f600b775d3 ping www.baidu.com
PING www.a.shifen.com (183.232.231.172) 56(84) bytes of data.
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=1 ttl=37 time=62.8 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=2 ttl=37 time=43.0 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=3 ttl=37 time=44.6 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=4 ttl=37 time=43.5 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=5 ttl=37 time=45.4 ms
C:\Users\lenovo>
网络连接与断开 – docker network connect/disconnect
- 作用:
将指定容器与指定网络进行连接或者断开连接 - 命令格式:
docker network connect [OPTIONS] NETWORK CONTAINER
docker network disconnect [OPTIONS] NETWORK CONTAINER - 命令参数(OPTIONS):
-f, --force 强制断开连接(用于disconnect)
C:\Users\lenovo>docker network ls
NETWORK ID NAME DRIVER SCOPE
ae82884de0b7 bridge bridge local
3977854daa84 host host local
149a6cfabf21 my-bridge bridge local
e3628b210f80 my-macvlan macvlan local
25c4b2048836 none null local
# 默认创建docker run --network bridge -dti centos
C:\Users\lenovo>docker run -dti centos
926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025
C:\Users\lenovo>docker inspect 926c58cd9
[
{
"Id": "926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025",
"Created": "2021-01-25T13:48:34.4568341Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1250,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-01-25T13:48:34.8717727Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55",
"ResolvConfPath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/hostname",
"HostsPath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/hosts",
"LogPath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025-json.log",
"Name": "/hopeful_chatterjee",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
40,
171
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38-init/diff:/var/lib/docker/overlay2/4e1486ceffcea4cb9a14394cbafad16282982ff4064b5d187a57f3e832554af4/diff",
"MergedDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38/merged",
"UpperDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38/diff",
"WorkDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "926c58cd9383",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": true,
"OpenStdin": true,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/bash"
],
"Image": "centos",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20201204",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "4ee1162e964eb0bb29bb5a773002f1eaffbec2b10c9579dafb7c96941903e676",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/4ee1162e964e",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "ffbe40fe1657be77cb1482f8d56c38cf27418f0f03cc662ea85ad6c4583be218",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
## 连接
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "ae82884de0b74736e0031e62b1d367eddbe5388377f37cda6500f0292152be6c",
"EndpointID": "ffbe40fe1657be77cb1482f8d56c38cf27418f0f03cc662ea85ad6c4583be218",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
# 断开连接
C:\Users\lenovo>docker network disconnect bridge 926c58cd9
C:\Users\lenovo>docker inspect 926c58cd9
[
{
"Id": "926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025",
"Created": "2021-01-25T13:48:34.4568341Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1250,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-01-25T13:48:34.8717727Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55",
"ResolvConfPath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/hostname",
"HostsPath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/hosts",
"LogPath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025-json.log",
"Name": "/hopeful_chatterjee",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
40,
171
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38-init/diff:/var/lib/docker/overlay2/4e1486ceffcea4cb9a14394cbafad16282982ff4064b5d187a57f3e832554af4/diff",
"MergedDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38/merged",
"UpperDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38/diff",
"WorkDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "926c58cd9383",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": true,
"OpenStdin": true,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/bash"
],
"Image": "centos",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20201204",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "4ee1162e964eb0bb29bb5a773002f1eaffbec2b10c9579dafb7c96941903e676",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/4ee1162e964e",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
# 断开连接
"Networks": {}
}
}
]
# 连接
C:\Users\lenovo>docker network connect bridge 926c58cd9
C:\Users\lenovo>docker inspect 926c58cd9
[
{
"Id": "926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025",
"Created": "2021-01-25T13:48:34.4568341Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1250,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-01-25T13:48:34.8717727Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55",
"ResolvConfPath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/hostname",
"HostsPath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/hosts",
"LogPath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025-json.log",
"Name": "/hopeful_chatterjee",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
40,
171
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38-init/diff:/var/lib/docker/overlay2/4e1486ceffcea4cb9a14394cbafad16282982ff4064b5d187a57f3e832554af4/diff",
"MergedDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38/merged",
"UpperDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38/diff",
"WorkDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "926c58cd9383",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": true,
"OpenStdin": true,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/bash"
],
"Image": "centos",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20201204",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "4ee1162e964eb0bb29bb5a773002f1eaffbec2b10c9579dafb7c96941903e676",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/4ee1162e964e",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "dd0857e504d4ba0d871265c06c661cc41a69665b3a6f4370d393252a1f0499e6",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": {},
"Links": null,
"Aliases": [],
"NetworkID": "ae82884de0b74736e0031e62b1d367eddbe5388377f37cda6500f0292152be6c",
"EndpointID": "dd0857e504d4ba0d871265c06c661cc41a69665b3a6f4370d393252a1f0499e6",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": {}
}
}
}
}
]
# 尝试断开host网络
C:\Users\lenovo>docker network connect host 926c58cd9
Error response from daemon: container cannot be disconnected from host network or connected to host network
# none和bridge不能同时存在
C:\Users\lenovo>docker network connect null 926c58cd9
Error response from daemon: network null not found
C:\Users\lenovo>docker network connect none 926c58cd9
Error response from daemon: container cannot be connected to multiple networks with one of the networks in private (none) mode
C:\Users\lenovo>docker network disconnect bridge 926c58cd9
C:\Users\lenovo>docker network connect none 926c58cd9
C:\Users\lenovo>docker network connect bridge 926c58cd9
Error response from daemon: container cannot be connected to multiple networks with one of the networks in private (none) mode
# 同时连接两个bridge
C:\Users\lenovo>docker network disconnect none 926c58cd9
C:\Users\lenovo>docker network connect bridge 926c58cd9
C:\Users\lenovo>docker network connect my-bridge 926c58cd9
C:\Users\lenovo>docker inspect 926c58cd9
[
{
"Id": "926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025",
"Created": "2021-01-25T13:48:34.4568341Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1250,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-01-25T13:48:34.8717727Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55",
"ResolvConfPath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/hostname",
"HostsPath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/hosts",
"LogPath": "/var/lib/docker/containers/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025/926c58cd93831e803af1436ad1a771f1eb9838e646061ccdd21e155fb0e2f025-json.log",
"Name": "/hopeful_chatterjee",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
40,
171
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38-init/diff:/var/lib/docker/overlay2/4e1486ceffcea4cb9a14394cbafad16282982ff4064b5d187a57f3e832554af4/diff",
"MergedDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38/merged",
"UpperDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38/diff",
"WorkDir": "/var/lib/docker/overlay2/3d67c710bb7152b31bc9c5aa4cbec01901039d9fa79beb17229e4b685a837d38/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "926c58cd9383",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": true,
"OpenStdin": true,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/bash"
],
"Image": "centos",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20201204",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "4ee1162e964eb0bb29bb5a773002f1eaffbec2b10c9579dafb7c96941903e676",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/4ee1162e964e",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "01269487ab3a5a0f40f481d8bbeef061e65258f4493fdd5d948277679d95f1ed",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": {},
"Links": null,
"Aliases": [],
"NetworkID": "ae82884de0b74736e0031e62b1d367eddbe5388377f37cda6500f0292152be6c",
"EndpointID": "01269487ab3a5a0f40f481d8bbeef061e65258f4493fdd5d948277679d95f1ed",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": {}
},
"my-bridge": {
"IPAMConfig": {},
"Links": null,
"Aliases": [
"926c58cd9383"
],
"NetworkID": "149a6cfabf2180daf43299e62987ad2cf4222285a0e27ec0a739eefdb548e28e",
"EndpointID": "9ccbc860f9d390dad0640b732c3de89c59d86bc14ec1b0e95397ceabf3b3ccd7",
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:03",
"DriverOpts": {}
}
}
}
}
]
C:\Users\lenovo>
三、Docker 网络模式简介
bridge 网络模式(一)
特点:
- 宿主机上需要单独的bridge网卡,如默认docker默认创建的docker0。
- 容器之间、容器与主机之间的网络通信,是借助为每一个容器生成的一对veth pair虚拟网络设备对,进行通信的。一个在容器上,另一个在宿主机上。
- 每创建一个基于bridge网络的容器,都会自动在宿主机上创建一个veth**虚拟网络设备。
- 外部无法直接访问容器。需要建立端口映射才能访问。
- 容器借由veth虚拟设备通过如docker0这种bridge网络设备进行通信。
- 每一容器具有单独的IP
bridge 网络模式(二) – 端口映射
- 作用:
启动的容器时,为容器进行端口映射 - 命令格式:
docker run/create -P …
或者 docker run/create –p … - 命令参数(OPTIONS):
-P, --publish-all 将容器内部所有暴露端口进行随机映射
-p, --publish list 手动指定端口映射 - 注意:
-p [HOST_IP]:[HOST_PORT]:CONTAINER_PORT
如:-p ::80 将容器的80端口随机(端口)映射到宿主机任意IP
-p :8000:6379 将容器的6379端口映射到宿主机任意IP的8000端口
-p 192.168.5.1::3306 将容器的3306端口随机(端口)映射到宿主机的192.168.5.1IP上
host 网络模式
特点:
- 容器完全共享宿主机的网络。网络没有隔离。宿主机的网络就是容器的网络。
- 容器、主机上的应用所使用的端口不能重复。例如:如果宿主机已经占用了8090端口,那么任何一个host模式的容器都不可以使用8090端口了;反之同理。
- 外部可以直接访问容器,不需要端口映射。
- 容器的IP就是宿主机的IP
特殊host 网络模式(Container网络模式)
- Container网络模式,其实就是容器共享其他容器的网络。
- 相当于该容器,,在网络层面上,将其他容器作为“主机”。它们之间的网络没有隔离。
- 这些容器之间的特性同host模式。
使用方法:
- Docker run/create --network container:CONTAINER …
none 网络模式
特点:
- 容器上没有网络,也无任何网络设备。
- 如果需要使用网络,需要用户自行安装与配置。
应用场景
- 该模式适合需要高度定制网络的用户使用。
overlay 网络模式(一)
- Overlay 网络,也称为覆盖网络。
- Overlay 网络的实现方式和方案有多种。Docker自身集成了一种,基于VXLAN隧道技术实现。
- Overlay 网络主要用于实现跨主机容器之间的通信。
应用场景:需要管理成百上千个跨主机的容器集群的网络时。
overlay 网络模式(二)- 了解TCP/IP协议栈
overlay 网络模式(三)- 实现原理
IP隧道网络原理
macvlan 网络模式
- macvlan网络模式,最主要的特征就是他们的通信会直接基于mac地址进行转发。
- 这时宿主机其实充当一个二层交换机。Docker会维护着一个MAC地址表,当宿主机网络收到一个数据包后,直接根据mac地址找到对应的容器,再把数据交给对应的容器。
- 容器之间可以直接通过IP互通,通过宿主机上内建的虚拟网络设备(创建macvlan网络时自动创建),但与主机无法直接利用IP互通。
应用场景:由于每个外来的数据包的目的mac地址就是容器的mac地址,这时每个容器对于外面网络来说就相当于一个真实的物理网络设备。因此当需要让容器来的网络看起来是一个真实的物理机时,使用macvlan模式
扫一扫
4万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
