Docker网络
清空所有环境
测试
网卡有三个
三个网络
# 问题:docker 是如何如何处理容器网络访问的?
[root@yum ~]# docker run -d -P --name tomcat01 tomcat
# 查看容器的内部网络地址 ip addr ,发现容器启动的时候会得到一个 eth0@if7 ip地址,docker分配的!
[root@yum ~]# docker exec -it tomcat01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
# 思考,Linux能不能ping通容器内部!
[root@yum ~]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.083 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.035 ms
^C
--- 172.17.0.2 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5000ms
rtt min/avg/max/mdev = 0.035/0.049/0.083/0.017 ms
# Linux可以ping 通docker容器内部
原理:
1、每启动一个docker容器,docker就会给docker容器分配一个ip,我们只要安装了docker,就会有一个网卡docker0桥接模式,使用的技术是evth-pair技术!
再次测试ip addr
2、再启动一个容器测试,发现又多了一对网卡
# 我们发现这个容器带来网卡,都是一对对的
# evth-pair 就是一对的虚拟设备接口,他们都是成对出现的,一段连着协议,一段彼此相连
# 正因为有这个特性,evth-pair充当一个桥梁,连接各种虚拟网络设备
# OpenStac,Docker容器之间的连接,OVS的连接,都是使用evth-pair技术
3、测试一个Tomcat01和Tomcat02是否可以ping通 可以ping通
[root@yum ~]# docker exec -it tomcat02 ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.086 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.057 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.044 ms
64 bytes from 172.17.0.2: icmp_seq=4 ttl=64 time=0.044 ms
^C
--- 172.17.0.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 4ms
rtt min/avg/max/mdev = 0.044/0.057/0.086/0.019 ms
绘制一个网络模型图:
结论:tomcat01和tomcat02是公用的路由器,docker0.
所有的容器不指定网络的情况下,都是docker0路由的,docker会给我们的容器分配一个默认的可用ip
小结:
Docker使用的是Linux的桥接,宿主机中是一个Docker容器的网桥 docker0。
Docker中所有的网络接口都是虚拟的。虚拟的转发效率高(内网传递文件)
只要容器删除,对应网桥一对就没了
–link
思考一个问题,我们编写一个微服务,database url=ip:,项目不重启,数据库ip换掉了,我们希望可以处理这个问题,可以名字来进行访问容器?
[root@yum /]# docker exec -it tomcat02 ping tomcat01
ping: tomcat01: Name or service not known
# 如何可以解决呢?
# 通过--link解决
[root@yum /]# docker run -d -P --name tomcat03 --link tomcat02 tomcat
070abaf018de32e0605d8083d2ee6c27117985e86ac4356431d5babaa364cb04
[root@yum /]# docker exec -it tomcat03 ping tomcat02
PING tomcat02 (172.17.0.3) 56(84) bytes of data.
64 bytes from tomcat02 (172.17.0.3): icmp_seq=1 ttl=64 time=0.140 ms
64 bytes from tomcat02 (172.17.0.3): icmp_seq=2 ttl=64 time=0.056 ms
64 bytes from tomcat02 (172.17.0.3): icmp_seq=3 ttl=64 time=0.206 ms
^C
--- tomcat02 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 0.056/0.134/0.206/0.061 ms
# 反向可以ping通吗?
[root@yum /]# docker exec -it tomcat02 ping tomcat03
ping: tomcat03: Name or service not known
探究;inspect
其实这个tomcat03就是在本地配置了tomcat的配置
# 查看hosts配置,在这里原理发现!
[root@yum /]# docker exec -it tomcat03 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 tomcat02 e9f4379e5dfd
172.17.0.4 070abaf018de
–link就是在hosts配置中增加了172.17.0.3 tomcat02 e9f4379e5dfd
我们在玩Docker已经不建议使用–link了
自定义网络!不适用docker0
docker0问题:不支持容器名连接访问!
自定义网络
查看所有的docker网络
网络模式
bridge : 桥接模式(默认)
none:不配置网络
host:和宿主机共享模式
container:容器网络连通!(用得少!局限很大)
测试
# 我们直接启动的命令默认是--net bridge ,而这个就是我们的docker0
[root@yum /]# docker run -d -P --name tomcat01 tomcat
[root@yum /]# docker run -d -P --name tomcat01 --net bridge tomcat
# docker特点:默认,域名不能访问,--link可以打通连接
# 我们可以自定义一个网络
# 桥接 --driver bridge
# 子网的地址 --subnet 192.168.0.0/16 范围 192.168.0.2 -- 192.168.255.255
# 网关地址(路由器)--gateway 192.168.0.1 mynet
[root@yum /]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
e531094f710a651a26545b5181568bff715f9cd97e93da26a46188296b0e7d6e
[root@yum /]# docker network ls
NETWORK ID NAME DRIVER SCOPE
56ffdf385848 bridge bridge local
710d1f67d3c1 host host local
e531094f710a mynet bridge local
1c75e2d1f85d none null local
我们的网络就创建好了
[root@yum /]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "e531094f710a651a26545b5181568bff715f9cd97e93da26a46188296b0e7d6e",
"Created": "2021-04-18T23:21:25.612250232+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
[root@yum /]# docker run -d -P --name tomcat-net-01 --net mynet tomcat
2f3d002dfadfaa07948f5e72c4a351a09eda71d7bd20d562956cea68a2250c34
[root@yum /]# docker run -d -P --name tomcat-net-02 --net mynet tomcat
a10e97159916b8425658b976ecfd0db019f30516f28ea9bd404b2ddb9b677235
[root@yum /]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "e531094f710a651a26545b5181568bff715f9cd97e93da26a46188296b0e7d6e",
"Created": "2021-04-18T23:21:25.612250232+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"2f3d002dfadfaa07948f5e72c4a351a09eda71d7bd20d562956cea68a2250c34": {
"Name": "tomcat-net-01",
"EndpointID": "50cd972c19523252bede198a36726cbdb563b5fe72c0a143f8a1b8a6824af560",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
},
"a10e97159916b8425658b976ecfd0db019f30516f28ea9bd404b2ddb9b677235": {
"Name": "tomcat-net-02",
"EndpointID": "89cd66623b5b12dd0a0d676cd8274b706fba0a08e44bc73d5dcdc987b801bbca",
"MacAddress": "02:42:c0:a8:00:03",
"IPv4Address": "192.168.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
相互之间可以ping通,不再使用–link
[root@yum /]# docker exec -it tomcat-net-01 ping tomcat-net-2
^C[root@yum /]# docker exec -it tomcat-net-01 ping tomcat-net-02
PING tomcat-net-02 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.046 ms
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.040 ms
^C
--- tomcat-net-02 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1ms
rtt min/avg/max/mdev = 0.040/0.043/0.046/0.003 ms
我们自定义的网络docker都已经帮我们维护好了对应的关系,推荐我们平时这样使用网络
好处:
redis-不同的集群使用不同的网络,保证集群是安全和健康的
mysql-不同的集群使用不同的网络,保证集群是安全和健康的
网络连通
# 测试打通 tomcat01 - mynet
# 连通之后就是将 tomcat01放到了mynet网络下
# 一个容器两个ip地址
# 就好比阿里云服务器:公网ip 私网ip
# tomcat01连通
[root@yum /]# docker exec -it tomcat-net-01 ping tomcat01
PING tomcat01 (192.168.0.4) 56(84) bytes of data.
64 bytes from tomcat01.mynet (192.168.0.4): icmp_seq=1 ttl=64 time=0.048 ms
64 bytes from tomcat01.mynet (192.168.0.4): icmp_seq=2 ttl=64 time=0.041 ms
^C
--- tomcat01 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 0.041/0.044/0.048/0.007 ms
# tomcat02依旧打不通
[root@yum /]# docker exec -it tomcat-net-01 ping tomcat02
ping: tomcat02: Temporary failure in name resolution
结论:假设要跨网操作别人,就需要使用docker network connect 连通!。。。。
实战:部署Redis集群
shell脚本
# 创建网卡
[root@yum /]# docker network create redis --subnet 192.39.0.0/16
# 通过脚本创建六个redis配置
for port in $(seq 1 6);\
do \
mkdir -p /mydata/redis/node-${port}/conf
touch /mydata/redis/node-${port}/conf/redis.conf
cat << EOF >> /mydata/redis/node-${port}/conf/redis.conf
port 6379
bind 0.0.0.0
cluster-enabled yes
cluster-config-file nodes.conf
cluster-node-timeout 5000
cluster-announce-ip 172.38.0.1${port}
cluster-announce-port 6379
cluster-announce-bus-port 16379
appendonly ye
EOF
done
# 创建集群
docker exec -it redis-1 /bin/sh #redis默认没有bash redis-cli --cluster create 172.38.0.11:6379 172.38.0.12:6379 172.38.0.13:6379 172.38.0.14:6379 172.38.0.15:6379 172.38.0.16:6379 --cluster-replicas 1
连接及配置集群
连接集群
docker搭建redis集群完成
我们使用了docker之后,所有的技术慢慢变得简单了
Springboot微服务打包Docker镜像
1、构建springboot项目
2、打包应用
3、编写dockerfile
4、构建镜像
[root@yum idea]# ls
demo-0.0.1-SNAPSHOT.jar Dockerfile
[root@yum idea]# docker build -t zhangxing .
Sending build context to Docker daemon 17.64MB
Step 1/5 : FROM java:8
8: Pulling from library/java
5040bd298390: Pull complete
fce5728aad85: Pull complete
76610ec20bf5: Pull complete
60170fec2151: Pull complete
e98f73de8f0d: Pull complete
11f7af24ed9c: Pull complete
49e2d6393f32: Pull complete
bb9cdec9c7f3: Pull complete
Digest: sha256:c1ff613e8ba25833d2e1940da0940c3824f03f802c449f3d1815a66b7f8c0e9d
Status: Downloaded newer image for java:8
---> d23bdf5b1b1b
Step 2/5 : COPY *.jar /app.jar
---> e42a797c0b05
Step 3/5 : CMD ["--server.port=8080"]
---> Running in 03599b100a83
Removing intermediate container 03599b100a83
---> 13ec0d67a13b
Step 4/5 : EXPOSE 8080
---> Running in b3ba4dbc3fef
Removing intermediate container b3ba4dbc3fef
---> 00af26b78234
Step 5/5 : ENTRYPOINT ["java","-jar","/app.jar"]
---> Running in b6e654da4ebe
Removing intermediate container b6e654da4ebe
---> c8a4d6157a3c
Successfully built c8a4d6157a3c
Successfully tagged zhangxing:latest
[root@yum idea]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zhangxing latest c8a4d6157a3c 56 seconds ago 661MB
tomcat latest bd431ca8553c 7 days ago 667MB
hello-world latest d1165f221234 6 weeks ago 13.3kB
java 8 d23bdf5b1b1b 4 years ago 643MB
5、发布运行
[root@yum idea]# docker run -d -P --name zhangxing-springboot-web zhangxing
f120da8b58029fc40322ed050749b02feb350798f820322484f5bbbe24fccc11
[root@yum idea]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f120da8b5802 zhangxing "java -jar /app.jar …" 26 seconds ago Up 17 seconds 0.0.0.0:49161->8080/tcp, :::49161->8080/tcp zhangxing-springboot-web
[root@yum idea]# curl localhost:49161
{"timestamp":"2021-04-19T00:04:23.329+0000","status":404,"error":"Not Found","message":"No message available","path":"/"}[root@yum idea]#
[root@yum idea]# curl localhost:49161/hello
hello,zhangxing
以后我们使用了Dokcer之后,给别人交付的就是一个镜像即可
小结:多敲多练
预告;接下来学习
Docker Compose
Docker Swarm
CI/CD Jenkins
425
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
