除了默认使用docker默认的网络之外,还可以自己创建一个网络
查看docker的版本和当前已有的网络
root@ubuntu-3:~# docker --version
Docker version 20.10.19, build d85ef84
root@ubuntu-3:~# docker network ls
NETWORK ID NAME DRIVER SCOPE
a4c603fb01db bridge bridge local
e855573f84eb host host local
e5cfe0742dfa none null local
37d543bcb9a3 wuyang-net bridge local
查看新建网络的一些参数,主要使用–subnet和–gateway这两个参数
root@ubuntu-3:~# docker network create --help
Usage: docker network create [OPTIONS] NETWORK
Create a network
Options:
--attachable Enable manual container attachment
--aux-address map Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[])
--config-from string The network from which to copy the configuration
--config-only Create a configuration only network
-d, --driver string Driver to manage the Network (default "bridge")
--gateway strings IPv4 or IPv6 Gateway for the master subnet
--ingress Create swarm routing-mesh network
--internal Restrict external access to the network
--ip-range strings Allocate container ip from a sub-range
--ipam-driver string IP Address Management Driver (default "default")
--ipam-opt map Set IPAM driver specific options (default map[])
--ipv6 Enable IPv6 networking
--label list Set metadata on a network
-o, --opt map Set driver specific options (default map[])
--scope string Control the network's scope
--subnet strings Subnet in CIDR format that represents a network segment
新建一个名叫wuyang-net的网络,子网为172.16.10.0/24 网关为172.16.10.254
root@ubuntu-3:~# docker network create wuyang-net --subnet 172.16.10.0/24 --gateway 172.16.10.254
73e995824fcf4d23a2549883d21f31fb78fd9ffdbcdb843a38d1326c7383c671
root@ubuntu-3:~# docker network ls
NETWORK ID NAME DRIVER SCOPE
a4c603fb01db bridge bridge local
e855573f84eb host host local
e5cfe0742dfa none null local
73e995824fcf wuyang-net bridge local
运行一个使用wuyang-net的网络的容器
root@ubuntu-3:~# docker run -it -d -p 80:80 --net wuyang-net nginx:alpine
5ba37be61dcce97b8f2af4ad3472abd0575f43b4cf6377684f5c0992b3b6693a
进入容器查看容器IP是否是172.16.0网段
root@ubuntu-3:~# docker exec -it 5ba37be6 sh
/ # ifconfig | grep addr
eth0 Link encap:Ethernet HWaddr 02:42:AC:10:0A:01
inet addr:172.16.10.1 Bcast:172.16.10.255 Mask:255.255.255.0
inet addr:127.0.0.1 Mask:255.0.0.0
/ # ping -c 2 www.baidu.com
PING www.baidu.com (180.101.49.13): 56 data bytes
64 bytes from 180.101.49.13: seq=0 ttl=127 time=14.092 ms
64 bytes from 180.101.49.13: seq=1 ttl=127 time=14.653 ms
新建的网络和docker默认的网络创建的容器默认是不能通信的,ping不通,可以修改iptables实现不同虚拟网的容器通信
#使用docker默认的网络运行一个容器
root@ubuntu-3:~# docker run -it -d -p 81:80 nginx:alpine
b0d0a32dc53db2bc32e4c0063ada7dbb063d94f59d71c256784c1a7c054a310e
root@ubuntu-3:~# docker exec -it b0 sh
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
inet addr:127.0.0.1 Mask:255.0.0.0
/ # ping 172.16.10.2
PING 172.16.10.2 (172.16.10.2): 56 data bytes
修改iptables中的DOCKER-ISOLATION-STAGE-2规则链
#导出iptables规则链 将23、24行的DROP改为ACCEPT
root@ubuntu-3:~# iptables-restore < wuyang.txt
root@ubuntu-3:~# cat wuyang.txt | grep -n "DOCKER-ISOLATION-STAGE-2"
8::DOCKER-ISOLATION-STAGE-2 - [0:0]
20:-A DOCKER-ISOLATION-STAGE-1 -i br-1b7cc1634550 ! -o br-1b7cc1634550 -j DOCKER-ISOLATION-STAGE-2
21:-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
23:-A DOCKER-ISOLATION-STAGE-2 -o br-1b7cc1634550 -j DROP
24:-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
25:-A DOCKER-ISOLATION-STAGE-2 -j RETURN
#导入修改后的规则链
root@ubuntu-3:~# iptables-restore < wuyang.txt
#查看不同网络容器间的通信
root@ubuntu-3:~# docker exec -it b0 sh
/ # ping 172.16.10.2
PING 172.16.10.2 (172.16.10.2): 56 data bytes
64 bytes from 172.16.10.2: seq=13 ttl=63 time=0.529 ms
223
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
