Docker容器网络配置
文章目录
1. 创建命名空间
# 创建命名空间
[root@localhost ~]# systemctl stop docker //命名空间一般由docker服务自动创建,手动创建需要关闭docker服务
Warning: Stopping docker.service, but it can still be activated by:
docker.socket
[root@localhost ~]# ip netns help //查看netns帮助文档
Usage: ip netns list
ip netns add NAME
ip netns attach NAME PID
ip netns set NAME NETNSID
ip [-all] netns delete [NAME]
ip netns identify [PID]
ip netns pids NAME
ip [-all] netns exec [NAME] cmd ...
ip netns monitor
ip netns list-id [target-nsid POSITIVE-INT] [nsid POSITIVE-INT]
NETNSID := auto | POSITIVE-INT
[root@localhost ~]# ip netns add ns0 //创建ns0命名空间
[root@localhost ~]# ip netns list //查看已有的命名空间
ns0
[root@localhost ~]# ls /var/run/netns //命名空间在这个目录下
ns0
# 命名空间的操作
[root@localhost ~]# ip netns exec ns0 ip addr //查看ns0网卡信息
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@localhost ~]# ip netns exec ns0 ip link set lo up //启动ns0网卡
[root@localhost ~]# ip netns exec ns0 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
[root@localhost ~]# ip netns exec ns0 ping 127.0.0.1 -c 3 //可以ping通命名空间
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.026 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.038 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.075 ms
--- 127.0.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2068ms
rtt min/avg/max/mdev = 0.026/0.046/0.075/0.021 ms
注意:加入命名空间后会关闭并清空IP,所以先加入再配IP
# 加入命名空间
[root@localhost ~]# ip link add type veth //创建veth
[root@localhost ~]# ip link show veth0 //查看veth信息
6: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether da:76:40:36:05:cb brd ff:ff:ff:ff:ff:ff
# 实现命名空间的通信
[root@localhost ~]# ip link set veth0 netns ns0 //将veth0加入到ns0
[root@localhost ~]# ip netns exec ns0 ip link set veth0 up //启动veth
[root@localhost ~]# ip netns exec ns0 ip addr add 1.1.1.1/24 dev veth0 //配置IP地址
[root@localhost ~]# ip netns exec ns0 ip a //查看网卡信息
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: veth0@if7: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
link/ether da:76:40:36:05:cb brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 1.1.1.1/24 scope global veth0
valid_lft forever preferred_lft forever
[root@localhost ~]# ping 1.1.1.1 -c 3 //可以ping通ns0
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=64 time=0.091 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=64 time=0.071 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=64 time=0.057 ms
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2071ms
rtt min/avg/max/mdev = 0.057/0.073/0.091/0.013 ms
# 创建ns1命名空间
[root@localhost ~]# ip netns add ns1
[root@localhost ~]# ip netns list
ns1
ns0
[root@localhost ~]# ip link set veth1 netns ns1
[root@localhost ~]# ip netns exec ns1 ip link set veth1 up
[root@localhost ~]# ip netns exec ns1 ip addr add 1.1.1.2/24 dev veth1
[root@localhost ~]# ip netns exec ns1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
7: veth1@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 6e:79:5c:89:6d:96 brd ff:ff:ff:ff:ff:ff link-netns ns0
inet 1.1.1.2/24 scope global veth1
valid_lft forever preferred_lft forever
inet6 fe80::6c79:5cff:fe89:6d96/64 scope link
valid_lft forever preferred_lft forever
# ns0访问ns1
[root@localhost ~]# ip netns exec ns0 ping 1.1.1.2 -c 3
PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.056 ms
64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.057 ms
64 bytes from 1.1.1.2: icmp_seq=3 ttl=64 time=0.054 ms
--- 1.1.1.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2089ms
rtt min/avg/max/mdev = 0.054/0.055/0.057/0.008 ms
# veth设备重命名
[root@localhost ~]# ip netns exec ns0 ip link set veth0 down
[root@localhost ~]# ip netns exec ns0 ip link set dev veth0 name eth0
[root@localhost ~]# ip netns exec ns0 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether da:76:40:36:05:cb brd ff:ff:ff:ff:ff:ff link-netns ns1
inet 1.1.1.1/24 scope global eth0
valid_lft forever preferred_lft forever
[root@localhost ~]# ip netns exec ns0 ip link set eth0 up
2. Docker网络模式
Docker在安装后自动提供3种网络
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
de623a133635 bridge bridge local
eb0336465bba host host local
6e6079fddd34 none null local
Docker支持4种网络模式
| 网络模式 | 配置 | 说明 |
|---|---|---|
| host | –network host | 容器和宿主机共享命名空间 |
| container | –network container:NAME_OR_ID | 容器和另外一个容器共享命名空间 |
| none | –network none | 容器有独立的命名空间, 但并没有对其进行任何网络设置, 如分配veth pair 和网桥连接,配置IP等 |
| bridge | –network bridge | 默认模式 |
bridge模式配置
# bridge模式是默认模式,--network bridge与不加--network选项效果是一致的
[root@localhost ~]# systemctl start docker
[root@localhost ~]# docker run -it --rm busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:516 (516.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
16: eth0@if17: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # exit
[root@localhost ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
none模式配置
[root@localhost ~]# docker run -it --rm --network none busybox
/ # ifconfig -a
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # exit
container模式配置
# 启动第一个容器并开启apache
[root@localhost ~]# docker run -it --rm --name b1 --rm busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
18: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # echo 'hello world' > /tmp/index.html
/ # ls /tmp/
index.html
/ # httpd -h /tmp/
/ # netstat -antl
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::80 :::* LISTEN
# 启动第二个容器并访问apache
[root@localhost ~]# docker run -it --rm --network container:b1 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
18: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # wget -O - -q 127.0.0.1:80
hello world
host模式配置
[root@localhost ~]# docker run -it --rm --network host busybox
/ # ip a s ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:0c:29:39:99:51 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.102/24 brd 192.168.10.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe39:9951/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]# ip a s ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:39:99:51 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.102/24 brd 192.168.10.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe39:9951/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3. 容器的常用操作
注入主机名
# 容器是只读的,进入容器后不能修改,只能创建时注入
[root@localhost ~]# docker run -it --rm --name b2 --hostname zyq busybox
/ # hostname
zyq
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 zyq
/ # cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.10.2
/ # ping www.baidu.com -c 3
PING www.baidu.com (14.215.177.39): 56 data bytes
64 bytes from 14.215.177.39: seq=0 ttl=127 time=65.545 ms
64 bytes from 14.215.177.39: seq=1 ttl=127 time=45.179 ms
64 bytes from 14.215.177.39: seq=2 ttl=127 time=42.080 ms
--- www.baidu.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 42.080/50.934/65.545 ms
指定DNS
[root@localhost ~]# docker run -it --rm --name b3 --hostname zyq --dns 114.114.114.114 busybox
/ # cat /etc/resolv.conf
nameserver 114.114.114.114
主机名到IP地址的映射
[root@localhost ~]# docker run -it --rm --name b4 --hostname zyq --add-host a016619e29fe:172.17.0.2 busybox
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 a016619e29fe
172.17.0.3 zyq
开放端口
[root@localhost ~]# docker run -it --rm --name b4 --hostname zyq -p 8080:80 busybox
[root@localhost ~]# docker port b4
80/tcp -> 0.0.0.0:8080
80/tcp -> :::8080
219
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
