背景说明
容器技术具备了良好的隔离性,但针对一个项目而言经常存在多个服务,多个容器需要经过网络进行通信来完成组件间的调用。
解决方案
默认网桥
当Docker启动时会在主机上自动创建一个docker0网桥,实际上是Linux的一个bridge,可以理解为一个交换机,创建容器时,容器默认连接到此交换机,容器会挂载到网桥的网口上进行流量报文转发。
docker0网桥默认IP:172.17.0.1,网段: 172.17.0.0/16
[root@vm1 ~]# ip addr1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:ac:19:5a brd ff:ff:ff:ff:ff:ffinet 192.168.184.137/24 brd 192.168.184.255 scope global noprefixroute dynamic ens33valid_lft 1653sec preferred_lft 1653secinet6 fe80::1d72:8c06:652b:cc91/64 scope link noprefixroutevalid_lft forever preferred_lft forever3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group defaultlink/ether 02:42:ba:dc:f8:16 brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft foreverinet6 fe80::42:baff:fedc:f816/64 scope linkvalid_lft forever preferred_lft forevervalid_lft forever preferred_lft forever6: veth6a6d3ae@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group defaultlink/ether 76:b1:36:2d:7e:13 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet6 fe80::74b1:36ff:fe2d:7e13/64 scope linkvalid_lft forever preferred_lft forever[root@vm1 ~]# docker network lsNETWORK ID NAME DRIVER SCOPE83bb168565b4 bridge bridge locale28930b69a9c host host local99b918d1d66f none null local[root@vm1 ~]# docker network inspect bridge[{"Name": "bridge","Id": "83bb168565b43a6aff65444d6720c64a4175b62eda0f340525bd09547a578eae","Created": "2022-04-09T22:42:46.362169371+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": null,"Config": [{"Subnet": "172.17.0.0/16","Gateway": "172.17.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"c9b6b417eb2f656f0b19c92d8b7a7334e7b40121273dd7297f13e5d62febce1e": {"Name": "modest_goldstine","EndpointID": "30266235454d3751b7c621f2bef5147cd267a8dff8c9dd81bac35558c3b58195","MacAddress": "02:42:ac:11:00:02","IPv4Address": "172.17.0.2/16","IPv6Address": ""}},"Options": {"com.docker.network.bridge.default_bridge": "true","com.docker.network.bridge.enable_icc": "true","com.docker.network.bridge.enable_ip_masquerade": "true","com.docker.network.bridge.host_binding_ipv4": "0.0.0.0","com.docker.network.bridge.name": "docker0","com.docker.network.driver.mtu": "1500"},"Labels": {}}][root@vm1 ~]#
互联原理
当创建一个Docker容器时,同时会创建一对veth pair接口(当数据包发送到一个接口时,另外一个接口也可以收到相同的数据包),这对接口一端在容器内即eth0,另一端在本地并挂载到docker0网桥,名称以veth开头(例如veth6a6d3ae)。通过这张方式,主机可以和容器进行通信,容器之间也可以互相通信,Docker就创建了主机和所有容器之间的虚拟共享网络。
网络查看
[root@vm1 ~]# docker network lsNETWORK ID NAME DRIVER SCOPE83bb168565b4 bridge bridge locale28930b69a9c host host local99b918d1d66f none null local[root@vm1 ~]#
网络创建
[root@vm1 ~]# docker network create -d bridge my-net
-d 参数指定 Docker网络类型,有 bridge overlay。其中 overlay 网络类型用于 Swarm mode
网络加入
启动容器后将容器加入到某个网络中。
[root@vm1 ~]# docker network connect my-net 容器标识
网络删除
[root@vm1 ~]# docker network rm my-net
网络详情
[root@vm1 ~]# docker network inspect my-net
网络清理
[root@vm1 ~]# docker network prune
若有收获,就点个赞吧
0 人点赞
