|
|
docker 默认有三种网络,分别是None ,host,brdge和userdefine network。可以通过下面命令列出来
[root@docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
36414aee064d bridge bridge local
89cd8e7304db host host local
06996adc6218 none null local
[root@docker ~]#
我们来分别说下几个网络
none 网络:
none 网络 在docker中 只有一个localhost的回环地址,不会有 其他的ip,比如用在比较安全的场景,我们可以用它生成密钥等等
我们来创建一个使用none 网络的容器
[root@docker ~]# docker run -d --name "none-network" --network=none httpd
f0b91a4855058c12614f71523ae47921d18ed179d5b438163d08b560041a7657
[root@docker ~]# docker exec f0b91a485505 ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
[root@docker ~]#
host网络:
host网络是和host主机共享网络,当容器使用了host网络后,会和host使用一样的网络,在docker里面执行“ip a ”后可以看到和host上所有的网络。host网络 的性能比较高,可以在要求性能比较高的场景下使用,当然host网络的短板是不灵活,比如不能和host主机使用同一个端口
[root@docker ~]# docker run --network=host httpd ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:95:29:ff brd ff:ff:ff:ff:ff:ff
inet 192.168.1.39/24 brd 192.168.1.255 scope global ens192
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe95:29ff/64 scope link
valid_lft forever preferred_lft forever
3: docker0: mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:73:5f:c6:55 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:73ff:fe5f:c655/64 scope link
valid_lft forever preferred_lft forever
29: veth249d154@if28: mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether c6:4d:63:06:06:27 brd ff:ff:ff:ff:ff:ff
inet6 fe80::c44d:63ff:fe06:627/64 scope link
valid_lft forever preferred_lft forever
43: vethaf1f205@if42: mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether d6:c4:51:53:24:7e brd ff:ff:ff:ff:ff:ff
inet6 fe80::d4c4:51ff:fe53:247e/64 scope link
valid_lft forever preferred_lft forever
69: veth86a910d@if68: mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether c2:a6:16:27:a7:1d brd ff:ff:ff:ff:ff:ff
inet6 fe80::c0a6:16ff:fe27:a71d/64 scope link
valid_lft forever preferred_lft forever
89: vethfeccd23@if88: mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 56:0b:f0:42:0a:c9 brd ff:ff:ff:ff:ff:ff
inet6 fe80::540b:f0ff:fe42:ac9/64 scope link
valid_lft forever preferred_lft forever
可以看到容器中已经能看到host的所有网络
birdge 网络:
bridge网络是最常用的网络,docker 服务本身提供 了一个docker0的网络
[root@docker ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.0242735fc655 no veth249d154
我们创建的容器的设备会和这个桥上的接口是一对 veth pair。下面我们看怎么区分是一堆veth pair
这样就可以找到这对veth pair了
可以用命令看到 网络的详细信息
[root@docker ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "36414aee064de73ff8fcd71b470507ff82dd4ae91be32cc03ed80b6ad240a94e",
"Created": "2018-06-19T02:48:01.107394423+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Containers": {
"05f082b8a57c1304a0d3f4eaed3d677f12af0638f1c3092cc2b267ce7051ab4f": {
"Name": "test-1",
"EndpointID": "1079bdb32cbc1f8c5677d4be9d8fc7cb0f33c43ba28070e13adf6a0fc69f0fa5",
"MacAddress": "02:42:ac:11:00:05",
"IPv4Address": "172.17.0.5/16",
"IPv6Address": ""
},
"6d15d629bccb5c69f5e0644bcda6d50d08efd72ea6b2e23ebcec1cd0a797c51c": {
"Name": "laughing_blackwell",
"EndpointID": "d98dc85e0fd4df9dfb39a242936183c8bf6e2e984e1f05b25cb85f78ef5f8ab4",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"98219ea6e0efb30f601d4f831f8a661757512c2d409f3368c481fd8347836024": {
"Name": "httpd-1",
"EndpointID": "85b3ee2038a815434d887271b6b8ca8145f156ffd62272a3b0a73661f3f97b50",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
},
"ea88011707af990740229ef0eba0954566df2ccf5a84d2349cb9093e0ffcf751": {
"Name": "my-registry",
"EndpointID": "8bed7766e1f0f53ee95a0a616a4e5c31ae120f9324598d1a143e1c9ded95b37c",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
[root@docker ~]#
可以看到每个容器的ip地址
user-define network:
查看现在的网络
[root@docker ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.0242735fc655 no veth249d154
veth86a910d
vethaf1f205
vethfeccd23
创建一个bridge网络
[root@docker ~]# docker network create --driver bridge my_bridge
85da3fbbacbc395364a9a13d95d018da4932caf9542cf21d5315672b3a4e5265
查看现在的网络
[root@docker ~]# brctl show
bridge name bridge id STP enabled interfaces
br-85da3fbbacbc 8000.0242a644c794 no
docker0 8000.0242735fc655 no veth249d154
veth86a910d
vethaf1f205
vethfeccd23
[root@docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
36414aee064d bridge bridge local
89cd8e7304db host host local
85da3fbbacbc my_bridge bridge local
06996adc6218 none null local
[root@docker ~]#
创建网络时不指定网络的ip,系统会自动为其分配子网和ip,我们现在自己为其指定ip网段
root@docker ~]# docker network create --driver bridge --subnet 192.168.100.0/24 --gateway=192.168.100.1 my_bridge02
1555bc9399f5aea71c6b84b3065f376c1358c841ecb83ca8e5a4b4b0dfda89a6
[root@docker ~]# brctl show
bridge name bridge id STP enabled interfaces
br-1555bc9399f5 8000.0242dc345fca no
br-85da3fbbacbc 8000.0242a644c794 no
docker0 8000.0242735fc655 no veth249d154
veth86a910d
vethaf1f205
vethfeccd23
在host 主机查看我们刚刚创建的桥
[root@docker ~]# ifconfig br-1555bc9399f5
br-1555bc9399f5: flags=4099 mtu 1500
inet 192.168.100.1 netmask 255.255.255.0 broadcast 0.0.0.0
ether 02:42:dc:34:5f:ca txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@docker ~]#
我们在创建虚拟机时指定我创建的网络就好
[root@docker ~]# docker run -it --name "test-my_ip" --network=my_bridge02 httpd ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
114: eth0@if115: mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:64:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.2/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:c0ff:fea8:6402/64 scope link tentative
valid_lft forever preferred_lft forever
[root@docker ~]#
为容器指定ip地址
[root@docker ~]# docker run -d --name "test-static-ip" --network=my_bridge02 --ip 192.168.100.10 httpd
1a3f2977da80c908cdb56c290d052b53a5b50daef1006d4d4603680cc2637d3a
[root@docker ~]# docker exec test-static-ip ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
140: eth0@if141: mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:64:0a brd ff:ff:ff:ff:ff:ff
inet 192.168.100.10/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:c0ff:fea8:640a/64 scope link
valid_lft forever preferred_lft forever
[root@docker ~]#
可以看到 我们指定的ip了
我们还可以为容器添加bridge port 首先查看 docker的网络
root@1a3f2977da80:~# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
140: eth0@if141: mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:64:0a brd ff:ff:ff:ff:ff:ff
inet 192.168.100.10/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:c0ff:fea8:640a/64 scope link
valid_lft forever preferred_lft forever
我们为其添加一个网络
[root@docker ~]# docker network connect my_bridge 1a3f2977da80
再次查看
root@1a3f2977da80:~# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
140: eth0@if141: mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:64:0a brd ff:ff:ff:ff:ff:ff
inet 192.168.100.10/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:c0ff:fea8:640a/64 scope link
valid_lft forever preferred_lft forever
142: eth1@if143: mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.2/16 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe12:2/64 scope link
valid_lft forever preferred_lft forever
可以看到容器已经 存在IP了
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2019-2-21 10:50:19
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡