Docker网络操作详解

转载自：http://www.srcmini.com/50538.html

docker中主要有五个网络-桥, 主机, 覆盖, 无和macvlan。

桥接网络是docker中的默认网络。

每当你运行Docker容器时, 默认的桥接网络调用docker0都会与该容器相关联, 除非指定了任何其他网络。例如, 当我运行ifconfig命令时, 你将获得网桥类型的docker0网络的详细信息以及其他网络详细信息。

# ifconfig

docker0: flags=4099<UP, BROADCAST, MULTICAST>  mtu 1500
inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
ether 02:42:f6:59:4a:5f  txqueuelen 0  (Ethernet)
RX packets 0  bytes 0 (0.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 0  bytes 0 (0.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


enp0s3: flags=4163<UP, BROADCAST, RUNNING, MULTICAST>  mtu 1500
inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
inet6 fe80::763e:c0b4:14df:b273  prefixlen 64  scopeid 0x20<link>
ether 08:00:27:68:64:9a  txqueuelen 1000  (Ethernet)
RX packets 2157  bytes 2132896 (2.1 MB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 952  bytes 151610 (151.6 KB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


enp0s8: flags=4163<UP, BROADCAST, RUNNING, MULTICAST>  mtu 1500
inet 192.168.56.102  netmask 255.255.255.0  broadcast 192.168.56.255
inet6 fe80::20a:6c57:839d:2652  prefixlen 64  scopeid 0x20<link>
ether 08:00:27:53:45:82  txqueuelen 1000  (Ethernet)
RX packets 10597  bytes 1497146 (1.4 MB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 12058  bytes 1730219 (1.7 MB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


lo: flags=73<UP, LOOPBACK, RUNNING>  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
inet6 ::1  prefixlen 128  scopeid 0x10<host>
loop  txqueuelen 1000  (Local Loopback)
RX packets 1196  bytes 105396 (105.3 KB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 1196  bytes 105396 (105.3 KB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

1 查看网络

运行ls命令, 检查当前主机上运行的所有网络。你可以看到, 当前存在七个网络, 包括网桥, 主机和安装Docker时不会自动创建的网络。根据我过去运行的容器, 还有其他自定义网络的详细信息。

[email protected]:~$ docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

fec751a6ae21        bridge              bridge              local

21943b20735d        docker_gwbridge     bridge              local

f51d1f3379e0        host                host                local

ppp8i7tvrxa0        ingress             overlay             swarm

ba68f73abeed        mean-app_default    bridge              local

d466e75d86fa        mean_default        bridge              local

5e5d9a192c00        none                null                local

2 检查网络

你可以运行inspect命令以获取有关网络类型的所有详细信息。它提供有关网络的信息, 包括名称, ID, 创建时间, 范围, 驱动程序, 配置详细信息, 例如子网和网关地址。如果有任何容器正在运行, 我还将提供容器详细信息。否则, 它将返回一个空字符串。

[email protected]:~$ docker network inspect bridge

[

{

"Name": "bridge", "Id": "fec751a6ae21f20a06cdc6eb823e773caec063b6bf9a388016594e59fd1db475", "Created": "2019-08-01T10:30:27.595054009-04:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": {

"Driver": "default", "Options": null, "Config": [

{

"Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1"

}

]

}, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": {

"Network": ""

}, "ConfigOnly": false, "Containers": {}, "Options": {

"com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500"

}, "Labels": {}

}

]

3 建立网络

使用create命令, 你可以创建自己的网络。你需要使用–driver标志提及驱动程序类型, 在下面的示例中, 我正在使用网桥类型。

[email protected]:~$ docker network create --driver bridge geekflare_network

08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409

运行ls命令以检查是否已创建网络。

[email protected]:~$ docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

fec751a6ae21        bridge              bridge              local

21943b20735d        docker_gwbridge     bridge              local

08e0da91f6de        geekflare_network   bridge              local

f51d1f3379e0        host                host                local

ppp8i7tvrxa0        ingress             overlay             swarm

ba68f73abeed        mean-app_default    bridge              local

d466e75d86fa        mean_default        bridge              local

5e5d9a192c00        none                null                local

现在, 我将在创建的网络上运行一个docker容器。我在下面的命令中运行一个简单的Apache服务器容器。

[email protected]:~$ docker run -it -d --network=geekflare_network httpd

38a0b0646da1a0045afcf7aa0cd6228b851f74107a6718bb19d599e896df1002

运行inspect命令检查geekflare_network的所有信息。你可以在这次检查输出中找到容器的详细信息。容器名称确定为_dubinsky。

[email protected]:~$ docker network inspect geekflare_network

[

{

"Name": "geekflare_network", "Id": "08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409", "Created": "2019-09-03T13:56:36.244295204-04:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": {

"Driver": "default", "Options": {}, "Config": [

{

"Subnet": "172.21.0.0/16", "Gateway": "172.21.0.1"

}

]

}, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": {

"Network": ""

}, "ConfigOnly": false, "Containers": {

"38a0b0646da1a0045afcf7aa0cd6228b851f74107a6718bb19d599e896df1002": {

"Name": "determined_dubinsky", "EndpointID": "30d252720e0f381ba01d6f5414525dff8587abcf3c4920100f112898a52c8a23", "MacAddress": "02:42:ac:15:00:02", "IPv4Address": "172.21.0.2/16", "IPv6Address": ""

}

}, "Options": {}, "Labels": {}

}

]

4 断开网络

要从容器断开网络连接, 请运行以下命令。你需要在断开连接命令中提及网络名称和容器名称。

[email protected]:~$ docker network disconnect geekflare_network determined_dubinsky

该网络将不再运行named_dubinsky容器；容器字段将为空。

[email protected]:~$ docker network inspect geekflare_network

[

{

"Name": "geekflare_network", "Id": "08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409", "Created": "2019-09-03T13:56:36.244295204-04:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": {

"Driver": "default", "Options": {}, "Config": [

{

"Subnet": "172.21.0.0/16", "Gateway": "172.21.0.1"

}

]

}, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": {

"Network": ""

}, "ConfigOnly": false, "Containers": {}, "Options": {}, "Labels": {}

}

]

要创建除网桥以外的网络, 你需要提及网桥以外的驱动程序名称。要创建覆盖网络, 请运行以下命令。

[email protected]:~$ docker network create --driver overlay  geekflare_network_2

ynd2858eu1cngwhpc40m3h1nx

[email protected]:~$ docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

fec751a6ae21        bridge              bridge              local

21943b20735d        docker_gwbridge     bridge              local

08e0da91f6de        geekflare_network   bridge              local

f51d1f3379e0        host                host                local

ppp8i7tvrxa0        ingress             overlay             swarm

ba68f73abeed        mean-app_default    bridge              local

d466e75d86fa        mean_default        bridge              local

5e5d9a192c00        none                null                local

ynd2858eu1cn        geekflare_network_2   overlay             swarm

要创建主机网络, 请使用–driver标志提及host。下面的示例返回一个错误, 因为仅允许一个主机网络实例, 该实例之前已经运行过。因此, 此命令不会创建另一个主机网络。

[email protected]:~$ docker network create --driver host  geekflare_network_3

Error response from daemon: only one instance of "host" network is allowed