|
docker network ls #查看容器基础网络类型 docker inspect 网络ID #查看网络属性 |
[root@docker01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
9442ef7c7585 bridge bridge local
23d8bef1bd0c host host local
bf9960226a30 none null local
[root@docker01 ~]# docker inspect 9442ef7c7585
[
{
"Name": "bridge",
"Id": "9442ef7c7585749083bf316d790c4dba3f06b8d8f0abc6f50d0e9a95cea3221d",
"Created": "2020-06-17T10:42:42.637504836+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}一、brige
| bridge类型是docker默认的网络类型,其工作模式类似于KVM中的NAT模式。 |
[root@docker01 ~]# docker run -d alpine:3.11 tail -f /etc/hosts
acf1ce998c47e0cabfc9dd3c221177dd31aeff4354209d4cababfe79a7b3b8df
[root@docker01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
acf1ce998c47 alpine:3.11 "tail -f /etc/hosts" 7 seconds ago Up 7 seconds happy_keller
[root@docker01 ~]# docker inspect acf1ce998c47 | sed -n /Networks/,/}/p
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "f217cea2403427aa1378964e700ecac07de1b70e409d934a3987ce7178d2c663",
"EndpointID": "f63f4103ee261816a02063a452d79de0cd4df82b78678df14f825c8516106441",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}二、host
| host类型为使用宿主机网络类型 |
host类型集成宿主机的主机名,hosts文件内容以及网卡配置文件。
- 优势:其网络性能是所有Docker网络类型里性能最高的。
- 劣势:宿主机与容器不能端口复用
[root@docker01 ~]# docker run -d --network=host alpine:3.11 tail -f /etc/hosts
24b2f8e14b41f2c1bf8ac7c30a3c96da3d3c34ba232133ff83823edb6c97078c
[root@docker01 ~]# docker ps -al
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24b2f8e14b41 alpine:3.11 "tail -f /etc/hosts" 3 seconds ago Up 3 seconds jovial_noether
[root@docker01 ~]# docker inspect 24b2f8e14b41 | sed -n /Networks/,/}/p
"Networks": {
"host": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "23d8bef1bd0c2cefefb364e5f2ad12f1092e30a28f2d64309b8c930c9bc486ca",
"EndpointID": "c5177715eced5652876fbb93936673c743db998a21abeac5758664e81e8fd8c8",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}[root@docker01 ~]# hostname
docker01
[root@docker01 ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:03:a5:87 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.110/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe03:a587/64 scope link
valid_lft forever preferred_lft forever
[root@docker01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lb02
172.16.1.7 web01
172.16.1.8 web02
172.16.1.31 nfs01
172.16.1.41 backup
172.16.1.51 db01 db01.etiantian.org
172.16.1.61 m01
10.0.0.110 docker01
10.0.0.120 docker02
[root@docker01 ~]# docker exec -it 24b2f8e14b41 /bin/sh
/ # hostname
docker01
/ # ip a show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:03:a5:87 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.110/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe03:a587/64 scope link
valid_lft forever preferred_lft forever
/ # cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lb02
172.16.1.7 web01
172.16.1.8 web02
172.16.1.31 nfs01
172.16.1.41 backup
172.16.1.51 db01 db01.etiantian.org
172.16.1.61 m01
10.0.0.110 docker01
10.0.0.120 docker02三、none
| none类型为无网络类型,容器无法访问Internet。 |
[root@docker01 ~]# docker run -d --network=none alpine:3.11 tail -f /etc/hosts
2a2da850ef2e0e52eb9139706dfbeace6f355bfd26add440e259a31d686a22bd
[root@docker01 ~]# docker ps -al
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2a2da850ef2e alpine:3.11 "tail -f /etc/hosts" 5 seconds ago Up 4 seconds zealous_bell
[root@docker01 ~]# docker inspect 2a2da850ef2e | sed -n /Networks/,/}/p
"Networks": {
"none": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "bf9960226a306965d5d33489a4d671b3f9b450d655b69bc43d876ee0c1063fb4",
"EndpointID": "3be23972b3265415345073b1145bd951dcf2263894c3f0ef96052574fea56599",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}[root@docker01 ~]# docker exec -it 2a2da850ef2e /bin/sh
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever四、container类型
常用于k8s中
| container类型为与其他容器共用网络;与host类型类似。 |
[root@docker01 ~]# docker run -d --network container:2a2da850ef2e alpine:3.11 tail -f /etc/hosts
eb9e6d3c417bb6de1e3389ca23f1a05d100d636828619d5ee8f891219d84a4d9
[root@docker01 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
eb9e6d3c417b alpine:3.11 "tail -f /etc/hosts" 4 seconds ago Up 4 seconds elegant_albattani
[root@docker01 ~]# docker inspect eb9e6d3c417b| sed -n /Networks/,/}/p
"Networks": {}
}
[root@docker01 ~]# docker inspect eb9e6d3c417b | grep -i NetworkMode
"NetworkMode": "container:2a2da850ef2e0e52eb9139706dfbeace6f355bfd26add440e259a31d686a22bd",[root@docker01 ~]# docker exec -it eb9e6d3c417b /bin/sh
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever五、macvlan
macvlan主要用于跨宿主机的容器间通信
|
macvlan可以实现类似于虚拟机桥接的功能; 使用macvlan创建容器时,必须使用--ip参数,手动指定容器IP地址,否则会造成IP地址冲突等问题; |
| docker network create -d macvlan --subnet IP地址/掩码 --gateway 网关 -o parent=网卡名称 网络名称 #创建桥接到指定网卡的macvlan网络 |
使用macvlan的容器无法ping通容器自身的宿主机
[root@docker01 ~]# docker network create -d macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 young
5fc918bd2f00a644d8cbdf950b3221ff2d1e2e771c8dbc3f5f665fe2472a0ade
[root@docker01 ~]# docker network ls |tail -1
5fc918bd2f00 young macvlan local
[root@docker01 ~]# docker run -it --network young --ip 10.0.0.111 alpine:latest
/ # ip addr show eth0
8: eth0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 02:42:0a:00:00:6f brd ff:ff:ff:ff:ff:ff
inet 10.0.0.111/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever[root@docker02 ~]# docker network create -d macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 young
5f4216ee0eba8566cb3a8ca8319e550b4de51cb65b396179b90dc475ef5bec6a
[root@docker02 ~]# docker network ls | tail -1
5f4216ee0eba young macvlan local
[root@docker02 ~]# docker run -it --network young --ip 10.0.0.121 10.0.0.110/aspenhan/alpine:latest
/ # ip addr show eth0
5: eth0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 02:42:0a:00:00:79 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.121/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever# docker01
/ # ping -c2 -W1 10.0.0.121
PING 10.0.0.121 (10.0.0.121): 56 data bytes
64 bytes from 10.0.0.121: seq=0 ttl=64 time=0.254 ms
64 bytes from 10.0.0.121: seq=1 ttl=64 time=0.210 ms
--- 10.0.0.121 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.210/0.232/0.254 ms
/ # ping -c2 -W1 10.0.0.110
PING 10.0.0.110 (10.0.0.110): 56 data bytes
--- 10.0.0.110 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
# docker02
/ # ping -c2 -W1 10.0.0.111
PING 10.0.0.111 (10.0.0.111): 56 data bytes
64 bytes from 10.0.0.111: seq=0 ttl=64 time=0.254 ms
64 bytes from 10.0.0.111: seq=1 ttl=64 time=0.343 ms
--- 10.0.0.111 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.254/0.298/0.343 ms
/ # ping -c2 -W1 10.0.0.110
PING 10.0.0.110 (10.0.0.110): 56 data bytes
64 bytes from 10.0.0.110: seq=0 ttl=64 time=0.310 ms
64 bytes from 10.0.0.110: seq=1 ttl=64 time=0.910 ms
--- 10.0.0.110 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.310/0.610/0.910 ms
/ # ping -c2 -W1 10.0.0.120
PING 10.0.0.120 (10.0.0.120): 56 data bytes
--- 10.0.0.120 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss六.overlay
overlay主要用于跨宿主机的容器间通信 ;使用overlay网络的容器有两块网卡,eth0用于内部通信,eth1用于访问外网;
|
overlay网络中使用consul存储IP地址分配;建议设置独立节点运行consul容器; consul是一种(key:value)类型的存储数据库 |
|
consul镜像文件 文件提取码:dt7n |
1.启动consul容器
|
docker run -d -p 宿主机端口:8500 -h consul --name consul progrium/consul -server -bootstrap #启动consul容器 |
[root@consul /etc/docker]# docker pull progrium/consul
Using default tag: latest
latest: Pulling from progrium/consul
Status: Downloaded newer image for progrium/consul:latest
docker.io/progrium/consul:latest
[root@consul /etc/docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
progrium/consul latest 09ea64205e55 4 years ago 69.4MB
[root@consul /etc/docker]# docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap
5fe4d6dc7493b2f9c87c8d36f57f832c54111d93a065b7217a5bb1ca72167877
[root@consul /etc/docker]# docker ps -al
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5fe4d6dc7493 progrium/consul "/bin/start -server …" 5 seconds ago Up 4 seconds 53/tcp, 53/udp, 8300-8302/tcp, 8400/tcp, 8301-8302/udp, 0.0.0.0:8500->8500/tcp consul
2.节点关联consul
|
#编辑/etc/docker/daemon.json {
"cluster-store": "consul://IP地址:端口",
"cluster-advertise": "节点IP地址:2376"
} |
[root@docker01 ~]# cat /etc/docker/daemon.json
{
"cluster-store":"consul://10.0.0.130:8500",
"cluster-advertise":"10.0.0.110:2376"
}
[root@docker01 ~]# systemctl restart docker[root@docker02 ~]# cat /etc/docker/daemon.json
{
"cluster-store":"consul://10.0.0.130:8500",
"cluster-advertise":"10.0.0.120:2376"
}
[root@docker02 ~]# systemctl restart docker
3.创建overlay网络
在单一节点创建overlay网络,会自动同步至所有consul节点
|
docker network create -d overlay --subnet IP地址/掩码 --gateway 网关 网络名称 #创建overlay网络 |
[root@docker01 ~]# docker network create -d overlay --subnet 10.100.100.0/26 --gateway 10.100.100.62 ol_1
[root@docker01 ~]# docker network ls | grep overlay
4b3fe75fb888 ol_1 overlay global
[root@docker01 ~]# docker run -it --network ol_1 --name aspen_00 alpine:latest /bin/sh
/ # ip addr show eth0;ip addr show eth1
11: eth0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue state UP
link/ether 02:42:0a:64:64:02 brd ff:ff:ff:ff:ff:ff
inet 10.100.100.2/26 brd 10.100.100.63 scope global eth0
valid_lft forever preferred_lft forever
14: eth1@if15: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:13:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.19.0.2/16 brd 172.19.255.255 scope global eth1
valid_lft forever preferred_lft forever
/ # ping -c2 -W1 aspen_01
PING aspen_01 (10.100.100.1): 56 data bytes
64 bytes from 10.100.100.1: seq=0 ttl=64 time=0.791 ms
64 bytes from 10.100.100.1: seq=1 ttl=64 time=0.444 ms
--- aspen_01 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.444/0.617/0.791 ms[root@docker02 ~]# docker network ls | grep overlay
4b3fe75fb888 ol_1 overlay global
[root@docker02 ~]# docker run -it --network ol_1 --name aspen_01 10.0.0.110/aspenhan/alpine:latest /bin/sh
/ # ip addr show eth0 && ip addr show eth1
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue state UP
link/ether 02:42:0a:64:64:01 brd ff:ff:ff:ff:ff:ff
inet 10.100.100.1/26 brd 10.100.100.63 scope global eth0
valid_lft forever preferred_lft forever
12: eth1@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth1
valid_lft forever preferred_lft forever
/ # ping -c2 -W1 aspen_00
PING aspen_00 (10.100.100.2): 56 data bytes
64 bytes from 10.100.100.2: seq=0 ttl=64 time=0.253 ms
64 bytes from 10.100.100.2: seq=1 ttl=64 time=0.295 ms
--- aspen_00 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.253/0.274/0.295 ms七、自定义网络
| docker network create -d 网络类型 --subnet IP地址/掩码 --gateway 网关 网络名称 |
[root@docker01 ~]# docker network create -d bridge --subnet 172.18.1.0/16 --gateway 172.18.1.254 aspen
50fe854ee796cde854dcc0c458faddcabd9efacef32bbb16d421c376503d091b
[root@docker01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
50fe854ee796 aspen bridge local
ddbc0455f38f bridge bridge local
23d8bef1bd0c host host local
bf9960226a30 none null local
[root@docker01 ~]# docker run -it --network aspen alpine:3.11
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:12:00:01 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever