文章目录

  • docker网络相关命令
  • Docker0 (虚拟网桥)
  • - -link(docker0不支持容器名连接访问)(使两个容器网络连通) (不推荐使用)
  • 自定义网络(支持容器名连接访问)
  • 网络连通

docker网络相关命令

官方文档:https://docs.docker.com/engine/reference/commandline/network/

Docker0 (虚拟网桥)

ip addr 查看宿主机网卡

docker是如何处理网络访问的?
(1) 启动一个容器

# -P 将所有暴露的端口发布到随机端口
[root@VM-4-17-centos local]# docker run -d -p 8080:8080 --name tomcat01 tomcat[root@VM-4-17-centos local]# docker ps
CONTAINER ID   IMAGE     COMMAND             CREATED              STATUS              PORTS                                         NAMES
6a1ae1518887   tomcat    "catalina.sh run"   About a minute ago   Up About a minute   0.0.0.0:49153->8080/tcp, :::49153->8080/tcp   tomcat01

(2) 查看容器的ip

[root@VM-4-17-centos local]# docker exec -it tomcat01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
114: eth0@if115: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever

注意:如果执行docker exec报错:OCI runtime exec failed: exec failed: container_linux.go:380: starting container process caused: exec: "ip": executable file not found in $PATH: unknown (Docker容器没有ip addr命令:exec ip addr 报错)
进入容器执行:apt-get update,apt install -y iproute2,安装命令;

(3) linux 能否ping通容器

[root@VM-4-17-centos local]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.046 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.071 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.070 ms
64 bytes from 172.17.0.2: icmp_seq=4 ttl=64 time=0.083 ms

(4) 原理
Docker安装时会创建一个名为docker0的虚拟网桥。除非我们进行另外的配置,新创建的容器都会自动连接到这个虚拟网桥提供的网络,bridge网络用于同一主机上的docker容器相互通信,连接到同一个网桥的docker容器可以相互通信。

bridge 对宿主机来讲相当于一个单独的网卡设备 对于运行在宿主机上的每个容器来说相当于一个交换机,所有容器的虚拟网线的一端都连接到docker0上。

容器通过本地主机进行上网,容器会创建名为veth的虚拟网卡,网卡一端连接到docker0网桥,另一端连接容器,容器就可以通过网桥通过分配的IP地址进行上网。

查看宿主机网卡

查看容器网卡


再启动一个容器:

[root@VM-4-17-centos local]# docker run -d -p 8080:8080 --name tomcat02 tomcat

再测试ip addr: 又多了一个网卡

再查看容器tomcat02 ip地址:

- -link(docker0不支持容器名连接访问)(使两个容器网络连通) (不推荐使用)

对于两个容器:通过ping ip可以ping通

[root@VM-4-17-centos ~]# docker exec -it tomcat02 ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: icmp_seq=0 ttl=64 time=0.106 ms
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.097 ms

对于两个容器:通过ping 容器名,不能ping通

[root@VM-4-17-centos ~]# docker exec -it tomcat02 ping tomcat01
ping: unknown host

使用--link命令,再启动一个容器

[root@VM-4-17-centos ~]# docker run -d -P --name tomcat03 --link tomcat02 tomcat

再次ping 容器*: 可以ping通

[root@VM-4-17-centos ~]# docker exec -it tomcat03 ping tomcat02
PING tomcat02 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: icmp_seq=0 ttl=64 time=0.132 ms
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.111 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.102 ms

思考:反过来可以吗? 不可以

[root@VM-4-17-centos ~]# docker exec -it tomcat02 ping tomcat03
ping: unknown host

原理:

  1. 执行命令,查看tomcat03的信息
[root@VM-4-17-centos ~]# docker inspect tomcat03
  1. 在HostConfig中有一个Links属性,
"HostConfig": {"Binds": null,"ContainerIDFile": "","LogConfig": {"Type": "json-file","Config": {}},"NetworkMode": "default","PortBindings": {},"RestartPolicy": {"Name": "no","MaximumRetryCount": 0},"AutoRemove": false,"VolumeDriver": "","VolumesFrom": null,"CapAdd": null,"CapDrop": null,"CgroupnsMode": "host","Dns": [],"DnsOptions": [],"DnsSearch": [],"ExtraHosts": null,"GroupAdd": null,"IpcMode": "private","Cgroup": "","Links": ["/tomcat02:/tomcat03/tomcat02"  #因为有这个属性,所以可以通过#tomcat03,ping通tomcat02],
  1. 也可以查看容器的hosts文件如下:
[root@VM-4-17-centos ~]# docker exec -it tomcat03 cat /etc/hosts
127.0.0.1   localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3  tomcat02 480a635e485c
172.17.0.4  c21f22390d2b

所以在tomcat03中执行ping tomcat02 可以ping通。

自定义网络(支持容器名连接访问)

docker run -d -P --name tomcat01 tomcat
实际上等于下面的命令,使用了默认的网络bridge
docker run -d -P --name tomcat01 --net bridge tomcat

(1) 通过docker network create创建一个网络:
语法:

[root@VM-4-17-centos ~]# docker network create --helpUsage:  docker network create [OPTIONS] NETWORKCreate a networkOptions:--attachable           Enable manual container attachment--aux-address map      Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[])--config-from string   The network from which to copy the configuration--config-only          Create a configuration only network-d, --driver string        Driver to manage the Network (default "bridge")--gateway strings      IPv4 or IPv6 Gateway for the master subnet--ingress              Create swarm routing-mesh network--internal             Restrict external access to the network--ip-range strings     Allocate container ip from a sub-range--ipam-driver string   IP Address Management Driver (default "default")--ipam-opt map         Set IPAM driver specific options (default map[])--ipv6                 Enable IPv6 networking--label list           Set metadata on a network-o, --opt map              Set driver specific options (default map[])--scope string         Control the network's scope--subnet strings       Subnet in CIDR format that represents a network segment

创建一个网络:mynet

[root@VM-4-17-centos ~]# docker network create --driver bridge --gateway 192.168.0.1  --subnet 192.168.0.0/16 mynet
d93cc297a0717a2a9b2beb6d5d042e960cf1f8d27527ccb4376a1a927cd5a9d6
[root@VM-4-17-centos ~]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
1d74ce539a6e   bridge    bridge    local
24cea2b78bc3   host      host      local
d93cc297a071   mynet     bridge    local
e04114cc1010   none      null      local

查看自定的网络的信息:

[root@VM-4-17-centos ~]# docker network inspect mynet
[{"Name": "mynet","Id": "d93cc297a0717a2a9b2beb6d5d042e960cf1f8d27527ccb4376a1a927cd5a9d6","Created": "2022-05-13T22:39:32.659283149+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": {},"Config": [{"Subnet": "192.168.0.0/16","Gateway": "192.168.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {},"Options": {},"Labels": {}}
]

使用mynet启动两个容器,再次查看mynet的信息:

[root@VM-4-17-centos ~]# docker run -d -P --name tomcat-net-01 --net mynet zhxtomcat:1.0
47c76d27a4b16bcb132482fb718dec5e3aa612dcec3d98a74643587c0022a3fa
[root@VM-4-17-centos ~]# docker run -d -P --name tomcat-net-02 --net mynet zhxtomcat:1.0
f6a222f56697120ae27c23be10241e8e76e4597e176e5c6dcf0ded1c439200ac

[root@VM-4-17-centos ~]# docker network inspect mynet
[{"Name": "mynet","Id": "d93cc297a0717a2a9b2beb6d5d042e960cf1f8d27527ccb4376a1a927cd5a9d6","Created": "2022-05-13T22:39:32.659283149+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": {},"Config": [{"Subnet": "192.168.0.0/16","Gateway": "192.168.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"47c76d27a4b16bcb132482fb718dec5e3aa612dcec3d98a74643587c0022a3fa": {"Name": "tomcat-net-01","EndpointID": "88599ffc68842e5386c9f8fe7cd003a9682058ca14666be05f926b7b1ef40dde","MacAddress": "02:42:c0:a8:00:02","IPv4Address": "192.168.0.2/16","IPv6Address": ""},"f6a222f56697120ae27c23be10241e8e76e4597e176e5c6dcf0ded1c439200ac": {"Name": "tomcat-net-02","EndpointID": "79e95fb5a0d5bdc9a18815469df8a17d053858578a3a30b2f400cb84346781be","MacAddress": "02:42:c0:a8:00:03","IPv4Address": "192.168.0.3/16","IPv6Address": ""}},"Options": {},"Labels": {}}
]

(2) 测试ping命令

  1. 通过ip地址可以ping通
[root@VM-4-17-centos ~]# docker exec -it tomcat-net-01 ping 192.168.0.3
PING 192.168.0.3 (192.168.0.3): 56 data bytes
64 bytes from 192.168.0.3: icmp_seq=0 ttl=64 time=0.138 ms
64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.098 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.113 ms
  1. 通过容器名可以ping通
[root@VM-4-17-centos ~]# docker exec -it tomcat-net-01 ping tomcat-net-02
PING tomcat-net-02 (192.168.0.3): 56 data bytes
64 bytes from 192.168.0.3: icmp_seq=0 ttl=64 time=0.090 ms
64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.105 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.100 ms

(3) 自定义网络的好处

  • redis-不同的集群使用不同的网络,保证集群是安全和健康的
  • mysql -不同的集群使用不同的网络,保证集群是安全和健康的

网络连通

(1) 使用默认的网络启动两个容器

[root@VM-4-17-centos ~]# docker run -d -P --name tomcat01 zhxtomcat:1.0
b2ff3266eeb926647ceaa33cccb92ac19388a5407d8d0aa800c563c7b8c9a551
[root@VM-4-17-centos ~]# docker run -d -P --name tomcat02 zhxtomcat:1.0
6cc6c29b492b6e28461dbf61e0db66a855e5d9ef1487fb67d8f16036395f562a

(2) 查看所有运行中的容器

CONTAINER ID   IMAGE           COMMAND             CREATED          STATUS          PORTS                                         NAMES
6cc6c29b492b   zhxtomcat:1.0   "catalina.sh run"   6 seconds ago    Up 5 seconds    0.0.0.0:49165->8080/tcp, :::49165->8080/tcp   tomcat02
b2ff3266eeb9   zhxtomcat:1.0   "catalina.sh run"   14 seconds ago   Up 13 seconds   0.0.0.0:49164->8080/tcp, :::49164->8080/tcp   tomcat01
b6a2c4e6b541   zhxtomcat:1.0   "catalina.sh run"   16 hours ago     Up 16 hours     0.0.0.0:49163->8080/tcp, :::49163->8080/tcp   tomcat-net-02
1c98a248c495   zhxtomcat:1.0   "catalina.sh run"   16 hours ago     Up 16 hours     0.0.0.0:49162->8080/tcp, :::49162->8080/tcp   tomcat-net-01

(3) 两个不同的网络是隔开的

[root@VM-4-17-centos ~]# docker exec -it tomcat01 ping tomcat-net-01
ping: unknown host

(4) 使用docker network connect来将一个容器连接到另一个网络

语法:

[root@VM-4-17-centos ~]# docker network connect --helpUsage:  docker network connect [OPTIONS] NETWORK CONTAINERConnect a container to a networkOptions:--alias strings           Add network-scoped alias for the container--driver-opt strings      driver options for the network--ip string               IPv4 address (e.g., 172.30.100.104)--ip6 string              IPv6 address (e.g., 2001:db8::33)--link list               Add link to another container--link-local-ip strings   Add a link-local address for the container

测试: 发现tomcat01被加入到了mynet网络下,(一个容器两个网络中各有一个ip)

[root@VM-4-17-centos ~]# docker network connect mynet tomcat01
[root@VM-4-17-centos ~]# docker network inspect mynet
[{"Name": "mynet","Id": "d93cc297a0717a2a9b2beb6d5d042e960cf1f8d27527ccb4376a1a927cd5a9d6","Created": "2022-05-13T22:39:32.659283149+08:00",.......... 略"Containers": {"1c98a248c4951949443f19391698ac122211fa5b26c69f442a72937de8eb8a0d": {"Name": "tomcat-net-01","EndpointID": "8ea3d5951b2c59c202ff248a5eba9d8e62418c36dfefb256ab8ee511cac64cd6","MacAddress": "02:42:c0:a8:00:02","IPv4Address": "192.168.0.2/16","IPv6Address": ""},"b2ff3266eeb926647ceaa33cccb92ac19388a5407d8d0aa800c563c7b8c9a551": {"Name": "tomcat01","EndpointID": "b18ec5c681fa4a425dd600b7c1c67a5b5f8557844288001d0b2ebffbfcf95540","MacAddress": "02:42:c0:a8:00:04","IPv4Address": "192.168.0.4/16","IPv6Address": ""},"b6a2c4e6b541532459fa10d17b673771dc29350813c457e99ffcdcc11e5451b9": {"Name": "tomcat-net-02","EndpointID": "ad662e6f3d3ac7c170a4311f3d90d2506bbebc7f65b169982e8a0b8800264787","MacAddress": "02:42:c0:a8:00:03","IPv4Address": "192.168.0.3/16","IPv6Address": ""}},"Options": {},"Labels": {}}
]

(5) 再次测试,发现能够ping通

[root@VM-4-17-centos ~]# docker exec -it tomcat01 ping tomcat-net-01
PING tomcat-net-01 (192.168.0.2): 56 data bytes
64 bytes from 192.168.0.2: icmp_seq=0 ttl=64 time=0.120 ms
64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.109 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.112 ms

Docker知识总结 (六) Docker网络相关推荐

  1. Docker知识3:Docker的体系简介

    摘要: 本文是关于docker的专题讨论,作者用一组文档尽可能保证完整地阐述Docker到底是啥?如何使用?docker的使用范围等.相关的其它文章是: Docker知识1:Docker-hub简介 ...

  2. docker知识5:在WSL2的ubuntu20.04环境安装使用docker

    提要: 本文是关于docker的专题讨论,作者用一组文档尽可能保证完整地阐述Docker到底是啥?如何使用?docker的使用范围等.相关的其它文章是: Docker知识1:Docker-hub简介 ...

  3. Docker知识4:如何在win10下安装 / 使用ubuntu ?应用WSL2

    官方文档:Install WSL on Windows 10 | Microsoft Docs 提要: 本文是关于docker的专题讨论,作者用一组文档尽可能保证完整地阐述Docker到底是啥?如何使 ...

  4. Docker知识2:安装docker-desktop

    摘要 本文是关于docker的专题讨论,作者用一组文档,尽可能保证完整地阐述Docker到底是啥?如何使用?docker的使用范围等.相关的其它文章是: Docker知识1:Docker-hub简介 ...

  5. Docker知识1:Docker-hub简介

    摘要: 本文是关于docker的专题讨论,作者用一组文档尽可能保证完整地阐述Docker到底是啥?如何使用?docker的使用范围等.相关的其它文章是: Docker知识2:安装docker-desk ...

  6. Docker学习四:Docker 网络

    前言 本次学习来自于datawhale组队学习: 教程地址为: https://github.com/datawhalechina/team-learning-program/tree/master/ ...

  7. 深入原理64式:29 docker知识总结

    目标: 整理docker知识,主要包含如下内容: 1.docker基础 2.docker架构 3.docker命名空间与控制组 4.docker网络 5.docker联合文件系统 6.docker与虚 ...

  8. Docker(十四):Docker:网络模式详解

    Docker作为目前最火的轻量级容器技术,牛逼的功能,如Docker的镜像管理,不足的地方网络方面. Docker自身的4种网络工作方式,和一些自定义网络模式 安装Docker时,它会自动创建三个网络 ...

  9. Docker知识6:实战!将一个tensorflow项目制作成Docker image

    提要: 这里完成一个完整的docker项目,并且将其推送到Docker-hub中. docker知识5:在WSL2的ubuntu20.04环境安装使用docker 第一步 登录hub并建立仓库 如果d ...

最新文章

  1. oracle 11g完全安装教程(CentOS)
  2. 最早做无糖茶的统一茶里王,是怎样错过年轻人的?
  3. mysql 登录_Spring boot redis +mysql实现登录功能
  4. xmx java_为什么我的Java进程比Xmx消耗更多的内存?
  5. NOI 2016 优秀的拆分 (后缀数组+差分)
  6. GitHub 长期被中国人“霸榜”?看完榜单我呆了...
  7. unserialize用法
  8. 一个程序员的成长的六个阶段(转帖)
  9. 无法向会话状态服务器发出回话状态请求
  10. 29_海星资讯9月29日报
  11. 基于Python-turtle库绘制哆啦A梦
  12. 如何用纯 CSS 创作 404 文字变形为 NON 文字的交互特效
  13. VS编译器的简单操作
  14. 复杂网络理论及其应用-基本概念
  15. vue3.0实现jsoneditor组件
  16. 不懂这些法律问题,你的创业融资很危险
  17. SSL协议与数字证书原理
  18. android 渐变歌词,Android仿酷狗动感歌词(支持翻译和音译歌词)显示效果
  19. 桌面计算机没反应是什么意思,点击显示桌面没反应? 显示桌面没反应解决方法...
  20. springmvc与ajax

热门文章

  1. 基于SpringBoot的在线快递寄送与管理系统
  2. 基于C#的快递物流管理系统#毕业设计
  3. R语言查找data.frame里面是否包含某些变量。
  4. 高数下|级数6|手写笔记(幂级数求和)
  5. Unity游戏脚本简单学习
  6. docker创建的activemq配置nio不能映射端口61618
  7. android adb 命令汇总
  8. 算法改进有多快?是否比迭代硬件收益更大?这是 MIT 的结论
  9. Fansblog  HDU-6608(费马小定理、威尔逊定理)
  10. php和durex,PHP语言25周年 杜蕾斯发文庆祝 文案绝了