Dokcer网络

程序员文章站 2022-03-07 22:40:49

...

Dokcer网络

理解Docker0
1.我们每启动一个docker容器，docker就会给docker容器分配一个ip，只要安装了docker，就会有个网卡docker0，桥接模式，使用的是veth-pair技术。
veth-pair技术就是一对的虚拟设备接口，他们都是成对出现的。

[[email protected] tomcat]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 52:54:00:84:47:c3 brd ff:ff:ff:ff:ff:ff
    inet 172.17.16.11/20 brd 172.17.31.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe84:47c3/64 scope link 
       valid_lft forever preferred_lft forever
3: [email protected]: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
    inet 10.244.39.0/32 scope global tunl0
       valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:0b:8c:68:23 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:bff:fe8c:6823/64 scope link 
       valid_lft forever preferred_lft forever
#查看容器内部IP地址。
[[email protected] tomcat]# docker run -d -P --name tomcat01 tomcat
[[email protected] tomcat]# docker exec tomcat01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: [email protected]: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
70: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever
#linux可以ping通docker容器
[[email protected] tomcat]# ping 172.18.0.2
PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data.
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.098 ms
64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.047 ms
#2个docker容器之间可以通信
[[email protected] tomcat]# docker run -d -P --name tomcat02 tomcat
7d9fa0f10dffe7d2dea4f9b92030ae82e05b90dd3e6ef7e8dfb563371ac899bc
[[email protected] tomcat]# docker exec -it tomcat02 ping 172.18.0.2
PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data.
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.104 ms
64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.061 ms

–link

[[email protected] tomcat]# docker exec -it tomcat02 ping tomcat01
ping: tomcat01: Name or service not known

[[email protected] tomcat]# docker run -d -P --name tomcat03 --link tomcat02 tomcat
8b0cc29591896a9cb292899148679e5d4db28ce653b94f75b1e59d5350e22c53
[[email protected] tomcat]# docker exec -it tomcat02 ping tomcat03
ping: tomcat03: Name or service not known
[[email protected] tomcat]# docker exec -it tomcat03 ping tomcat02
PING tomcat02 (172.18.0.3) 56(84) bytes of data.
64 bytes from tomcat02 (172.18.0.3): icmp_seq=1 ttl=64 time=0.122 ms
64 bytes from tomcat02 (172.18.0.3): icmp_seq=2 ttl=64 time=0.054 ms
#实际就是在tomcat03的/etc/host文件中写了指向。
[[email protected] tomcat]# docker exec -it tomcat03 cat /etc/hosts
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.18.0.3	tomcat02 7d9fa0f10dff
172.18.0.4	8b0cc2959189

自定义网络

#查看所有的docker网络
[[email protected] tomcat]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
1c3c6040bda4   bridge    bridge    local
e66f66816108   host      host      local
7650407024a8   none      null      local

网络模式
brdige:桥接docker(默认，自定义也使用这个)
none:不配置网络
host:和宿主机共享网络
container:容器内网络连通(用的少,局限性很大)

测试
#我们直接启动的命令 --net bridge，而这个就是docker0
docker run -d -P --name tomcat01 tomcat
docker run -d -P --name tomcat01 tomcat --net bridge tomcat

#docker0特点: 默认域名不能访问。

#自定义网络（推荐使用）

[[email protected] tomcat]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
81f91bd3cd41c968c4dc545b2ac9a834f7d33e147fcb391893e4965a4373228e
[[email protected] tomcat]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
1c3c6040bda4   bridge    bridge    local
e66f66816108   host      host      local
81f91bd3cd41   mynet     bridge    local
7650407024a8   none      null      local

#测试
[[email protected] tomcat]# docker run -d -P --name tomcat01-net --net mynet tomcat
aaf52f7f541d0950b0feccb7bf6d656c8784d7123efec300a9aa398f76eb38f0
[[email protected] tomcat]# docker run -d -P --name tomcat02-net --net mynet tomcat
c717e6cc63bb12415aaf41f12f77cb9636208854f627061600d359da74662fc7

[[email protected] tomcat]# docker exec -it tomcat01-net ping tomcat02-net
PING tomcat02-net (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat02-net.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.071 ms
64 bytes from tomcat02-net.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.074 ms

自定义的网络docker已经帮我们维护好了对应关系。

好处：
redis-不同的集群使用不同的网络，保证集群的安全和健康
mysql-不同的集群使用不同的网络，保证集群的安全和健康

#测试docker0网络中的容器01连接mynet网络中的容器
#将tomcat01添加上mynet网段
[[email protected] tomcat]# docker network connect  mynet tomcat01
[[email protected] tomcat]# docker exec -it tomcat01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: [email protected]: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
81: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever
83: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.0.4/16 brd 192.168.255.255 scope global eth1
       valid_lft forever preferred_lft forever

[[email protected] tomcat]# docker exec -it tomcat01 ping tomcat02-net
PING tomcat02-net (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat02-net.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.092 ms
64 bytes from tomcat02-net.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.068 ms

Dokcer网络

Dokcer网络

自定义网络

组建简易的在线播放平台搭建DIY教程(HFS网络文件服务器)

苹果密谋折叠屏iPad：支持5G网络

Centos6 网络配置的实例详解

iPhone12提示无法加入网络怎么办

模板建站真比定制网站差？别被网络公司忽悠了！

小白如何学习网络推广？

适合上班族的25个副业家教、刷单和网络写手都是不错选择

如何通过网络获取你的精准客户？

OpenStack与ZStack深度对比：架构、部署、计算存储与网络、运维监控等

浅谈网络文案的用户体验

Dokcer网络

Dokcer网络

自定义网络

组建简易的在线播放平台搭建DIY教程(HFS网络文件服务器)

苹果密谋折叠屏iPad：支持5G网络

Centos6 网络配置的实例详解

iPhone12提示无法加入网络怎么办

模板建站真比定制网站差？别被网络公司忽悠了！

小白如何学习网络推广？

适合上班族的25个副业 家教、刷单和网络写手都是不错选择

如何通过网络获取你的精准客户？

OpenStack与ZStack深度对比：架构、部署、计算存储与网络、运维监控等

浅谈网络文案的用户体验

适合上班族的25个副业家教、刷单和网络写手都是不错选择