Docker安装完成后,会自动创建三个网络,可使用“docker network ls”命令查看 bridge ɰ represents the docker0 network present in all Docker installations ɝ host ɝ none v 创建容器时,可为docker run命令使用--network选项指定要加 入的网
Closed containers
不参与网络通信,运行于此类容器中的进程仅能访问本地环回接口
仅适用于进程无须网络通信的场景中,例如备份、进程诊断及各种离线任务等
[root@node5 ~]# docker run --rm --net none docker.io/busybox:latest ifconfig -a
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[root@node5 ~]# Bridged containers
桥接式容器一般拥有两个接口:一个环回接口和一个连接至主机上某桥设备的以太网接口;
docker daemon启动时默认会创建一个名为docker0的网络桥,并且创建的容器为桥接式容器,其以太网接口桥接至docker0;
--net bridge即为将容器接口添加至docker0桥;
docker0桥为NAT桥,因此,桥接式容器可通过此桥接口访问外部网络,但防火墙规则阻止了一切从外部网络访问桥接式容器的请求;
docker0 NAT桥模型上的容器发布给外部网络访问:
-p <containerPort>
仅给出了容器端口,表示将指定的容器端口映射至主机上的某随机端口;
-p <hostPort>:<containerPort>
将主机的<hostPort>映射为容器的<containerPort>
-p <hostIP>::<containerPort>
将主机的<hostIP>上的某随机端口映射为容器的<containerPort>
-p <hostIP>:<hostPort>:<containerPort>
将主机的<hostIP>上的端口<hostPort>映射为容器的<containerPort>
-P, --publish-all
发布所有的端口,跟--expose选项一起指明要暴露出外部的端口;
[root@node5 ~]# docker run --rm --net bridge docker.io/busybox:latest ifconfig -a
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:08
inet addr:172.17.0.8 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:180 (180.0 B) TX bytes:168 (168.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[root@node5 ~]# 联盟式网络
[root@node2 ~]# docker run --name busybox --rm --net bridge -it docker.io/busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:07
inet addr:172.17.0.7 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:508 (508.0 B) TX bytes:508 (508.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # mkdir /data/html -pv
created directory: '/data/'
created directory: '/data/html'
/ # vi /data/html/index.html
/ # httpd -f -h /data/html/
[root@node2 ~]# docker run --name busybox1 --rm --net container:busybox -it docker.io/busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:07
inet addr:172.17.0.7 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # wget localhost/index.html
Connecting to localhost (127.0.0.1:80)
index.html 100% |**************************************************************************| 28 0:00:00 ETA
/ # cat index.html
<h1>Busybox Web Server</h1>
/ #
[root@node2 ~]# docker run --name busybox1 --rm --net bridge -it --hostname busybox.magedu.com --dns 192.168.170.31 --add-host www.magedu.com:192.168.170.31 docker.io/busybox:latest
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.170.31 www.magedu.com
172.17.0.7 busybox.magedu.com
/ # cat /etc/resolv.conf
nameserver 192.168.170.31
/ # hostname
busybox.magedu.com
/ #
[root@node2 ~]# docker run --name busybox1 --rm --net bridge -it --hostname busybox.magedu.com --dns 192.168.170.31 --add-host www.magedu.com:192.168.170.31 -p 80 docker.io/wangjinhuai/busybox:v0.1.1-httpd
[root@node2 ~]# docker port busybox1
80/tcp -> 0.0.0.0:32768
[root@node2 ~]# curl http://192.168.170.31:32768
<h1>Busybox Server</h1>
[root@node2 ~]# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 4 packets, 1023 bytes)
pkts bytes target prot opt in out source destination
8 456 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 4 packets, 1023 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1 packets, 60 bytes)
pkts bytes target prot opt in out source destination
2 120 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 2 packets, 120 bytes)
pkts bytes target prot opt in out source destination
121 7584 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
4 287 RETURN all -- * * 192.168.122.0/24 224.0.0.0/24
0 0 RETURN all -- * * 192.168.122.0/24 255.255.255.255
0 0 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24
0 0 MASQUERADE tcp -- * * 172.17.0.7 172.17.0.7 tcp dpt:80
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
1 60 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:32768 to:172.17.0.7:80
[root@node2 ~]#
示例2:
[root@node2 ~]# docker run --name busybox --rm --net bridge -it --hostname busybox.magedu.com --dns 192.168.170.31 --add-host www.magedu.com:192.168.170.31 -p 80:80 docker.io/wangjinhuai/busybox:v0.1.1-httpd
[root@node2 ~]# docker port busybox
80/tcp -> 0.0.0.0:80
[root@node2 ~]# curl http://192.168.170.31
<h1>Busybox Server</h1>
示例3:
[root@node2 ~]# docker run --name busybox --rm --net bridge -it --hostname busybox.magedu.com --dns 192.168.170.31 --add-host www.magedu.com:192.168.170.31 -p 192.168.170.31::80 docker.io/wangjinhuai/busybox:v0.1.1-httpd
[root@node2 ~]# curl http://192.168.170.31:32768
<h1>Busybox Server</h1>
示例4:
[root@node2 ~]# docker run --name busybox --rm --net bridge -it --hostname busybox.magedu.com --dns 192.168.170.31 --add-host www.magedu.com:192.168.170.31 -p 192.168.170.31:80:80 docker.io/wangjinhuai/busybox:v0.1.1-httpd
[root@node2 ~]# docker port busybox
80/tcp -> 192.168.170.31:80
[root@node2 ~]# curl http://192.168.170.31
<h1>Busybox Server</h1>
docker创建网桥
[root@node2 ~]# docker network create -d bridge --subnet=172.31.0.0/16 --ip-range=172.31.0.0/16 --gateway=172.31.0.254 br0
64d423223281a22082fff80ffb4a2efc88c1850dcf0cf4840a1d0615d99e49c2
[root@node2 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
64d423223281 br0 bridge local
3a83c6df5b49 bridge bridge local
df766207f388 host host local
1352f55a7719 none null local
[root@node2 ~]# ifconfig
br-64d423223281: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.31.0.254 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:86:2f:76:2a txqueuelen 0 (Ethernet)
RX packets 16 bytes 1351 (1.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 88 bytes 6762 (6.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@node2 ~]# docker run --name busybox --rm --net br0 -it docker.io/busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:1F:00:01
inet addr:172.31.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe1f:1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ #
[root@node2 ~]# docker network connect bridge busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:1F:00:01
inet addr:172.31.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe1f:1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)
eth1 Link encap:Ethernet HWaddr 02:42:AC:11:00:07
inet addr:172.17.0.7 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:578 (578.0 B) TX bytes:578 (578.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ #
root@node2 ~]# docker network disconnect bridge busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:1F:00:01
inet addr:172.31.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe1f:1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ #
3182
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
