是什么
docker不启动,默认网络情况 (ps: 此服务使用的是阿里云的centos8)
ifconfig
docker启动后,网路情况
systemctl start docker
查看docker网络模式命令
docker network ls
常用基本命令
docker network —help
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
docker network create aa_network
docker network rm 175eb5d9ab2a
docker inspect bridge
[{"Name": "bridge","Id": "f9c3951107cfe984de3a16d17c4d292adda13f133f6ff924231e7cf102e08afb","Created": "2022-01-20T22:52:34.641650293+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": null,"Config": [{"Subnet": "172.17.0.0/16","Gateway": "172.17.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {},"Options": {"com.docker.network.bridge.default_bridge": "true","com.docker.network.bridge.enable_icc": "true","com.docker.network.bridge.enable_ip_masquerade": "true","com.docker.network.bridge.host_binding_ipv4": "0.0.0.0","com.docker.network.bridge.name": "docker0","com.docker.network.driver.mtu": "1500"},"Labels": {}}]
能干嘛
容器间的互联和通信以及端口映射
容器IP变动时候可以通过服务名直接网络通信而不受到影响
网络模式
总体介绍
| 网络模式 | 简介 |
|---|---|
| bridge | 为每一个容器分配,设置IP等,并将容器链接到一个docker0虚拟网桥,默认为该模式 |
| host | 容器将不会虚拟出自己的网卡,配置自己的IP等,而是使用宿主机的IP和端口 |
| none | 容器有独立的Network namespace,但并没有对其进行任何网络设置,如分配weth pair和网络桥连接,IP等 |
| container | 新创建的容器不会创建自己的网卡和配置自己的IP,而是和一个指定的容器共享IP,端口范围等 |
容器实例内默认网络IP 生产规则
说明
结论
docker 容器内部的ip 是可能会发生改变的
启动两个实例
docker run -it —name u1 ubuntu bash
docker run -it —name u2 ubuntu bash
docker inspect u1| tail -n 20
"Networks": {"bridge": {"IPAMConfig": null,"Links": null,"Aliases": null,"NetworkID": "f9c3951107cfe984de3a16d17c4d292adda13f133f6ff924231e7cf102e08afb","EndpointID": "070e2e22548699ddddbabfba25493088fd41353551891b79c5c0d0c7a182b138","Gateway": "172.17.0.1","IPAddress": "172.17.0.2","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "02:42:ac:11:00:02","DriverOpts": null}}}}]
docker inspect u2 | tail -n 20
"Networks": {"bridge": {"IPAMConfig": null,"Links": null,"Aliases": null,"NetworkID": "f9c3951107cfe984de3a16d17c4d292adda13f133f6ff924231e7cf102e08afb","EndpointID": "6010b4355ae3f83a7bc2c898bab3a6191ae95aefc6745e220c5ca96a144ccbea","Gateway": "172.17.0.1","IPAddress": "172.17.0.3","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "02:42:ac:11:00:03","DriverOpts": null}}}}]
将u2 删除
docker rm -f u2
再启动一个u3
docker run -it —name u3 ubuntu bash
docker inspect u3 | tail -n 20
"Networks": {"bridge": {"IPAMConfig": null,"Links": null,"Aliases": null,"NetworkID": "f9c3951107cfe984de3a16d17c4d292adda13f133f6ff924231e7cf102e08afb","EndpointID": "dddaf7968e93eca7da7e70e42295934223973c92e3cabc4f38ba6798c87049cd","Gateway": "172.17.0.1","IPAddress": "172.17.0.3","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "02:42:ac:11:00:03","DriverOpts": null}}}}]
案例说明
创建一个自定义网络
docker network create bb_network
查询当前网络
bridge
docker network inspect bridge
[{"Name": "bridge","Id": "f9c3951107cfe984de3a16d17c4d292adda13f133f6ff924231e7cf102e08afb","Created": "2022-01-20T22:52:34.641650293+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": null,"Config": [{"Subnet": "172.17.0.0/16","Gateway": "172.17.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"12ecf5141640f9fc8acb23c76d62a586de34b72388aac2013e882fd150e2a815": {"Name": "u1","EndpointID": "070e2e22548699ddddbabfba25493088fd41353551891b79c5c0d0c7a182b138","MacAddress": "02:42:ac:11:00:02","IPv4Address": "172.17.0.2/16","IPv6Address": ""},"f521fa966c214304ebf8e7d07195d345bfcb313322eb2d9cd955e1d032998cc7": {"Name": "u3","EndpointID": "dddaf7968e93eca7da7e70e42295934223973c92e3cabc4f38ba6798c87049cd","MacAddress": "02:42:ac:11:00:03","IPv4Address": "172.17.0.3/16","IPv6Address": ""}},"Options": {"com.docker.network.bridge.default_bridge": "true","com.docker.network.bridge.enable_icc": "true","com.docker.network.bridge.enable_ip_masquerade": "true","com.docker.network.bridge.host_binding_ipv4": "0.0.0.0","com.docker.network.bridge.name": "docker0","com.docker.network.driver.mtu": "1500"},"Labels": {}}]
是什么
Docker 服务默认会创建一个 docker0 网桥(其上有一个 dockerO 内部接口),该桥接网络的名称为docker0,它在内核层连通了其他的物理或虚拟 网卡,这就将所有容器和本地丰机都放到同一个物理网络。Docker 默认指定了 docker0 接口的 IP 地址和子网掩码,让主机和容器之间可以通过网 桥相互通信。
案例
说明
1 Docker使用Linux桥接,在宿主机虚拟一个Docker密器网桥(docker0)docker0, Docker启动一个容器时会根据Docker网桥的网段分配给容器一个IP地址, 称为Container-IP,同时Docker网桥是每个容器的默认网关。因为在同一宿主机内的容器都接入同一个网桥,这样容器之间就能够通过容器的 Container-IP直接通信。
2 docker run 的时候,没有指定network的话默认使用的网桥模式就是bridge,使用的就是docker0。在宿主机ifconfig,就可以看到dockerO和自己 create的network(后面讲)ethO,eth1,eth2……代表网卡一,网卡二,网卡三……, lo代表127.0.0.1,即localhost,inet addr用来表示网卡的IP地址
3 网桥docker0 创建一对对等虚拟设备接口一个叫veth,另一个叫eth0,成对匹配
3.1 整个宿主机的网桥模式都是docker0,类似一个交换机有一堆接口,每个接口叫veth,在本地主机和容器内分别创建一个虚拟接口,并让他们彼 此联通(这样一对接口叫veth pair);
3.2 每个容器实例内部也有一块网卡,每个接口叫eth0;
3.3 docker0上面的每个veth匹配某个容器实例内部的eth0,两两配对,一一匹配。 通过上述,将宿主机上的所有容器都连接到这个内部网络上,两个容器在同一个网络下,会从这个网关下各自拿到分配的ip,此时两个容器的网络是 互通的。
代码
docker run -d -p 8081:8080 —name tomcat81 billygoo/tomcat8-jdk8
docker run -d -p 8082:8080 —name tomcat82 billygoo/tomcat8-jdk8
如果未找到 billygoo/tomcat8-jdk8, 先进行拉取 docker pull billygoo/tomcat8-jdk8
宿主机中查询网络信息ip addr
容器内查看网络信息 docker exec -it tomcat81 bash
容器内查看网络信息 docker exec -it tomcat82 bash
host
docker network inspect host
[
{
"Name": "host",
"Id": "9bd1f2f13706c4d36779ab211d1910e163e01b6443c3c0af9b2ab04f93e54edd",
"Created": "2022-01-08T11:13:40.288075856+08:00",
"Scope": "local",
"Driver": "host",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": []
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
是什么
直接使用宿主机的IP 地址与外界进行通信,不再需要额外进行NAT转换
说明
容器将不会获得一个独立的Network Namespace , 而是和宿主机共用一个Network Namespace,容器将不会虚拟出自己的网卡而是使用宿主机的IP 和端口
代码
docker run -d -p 8083:8080 —network host —name tomcat83 billygoo/tomcat8-jdk8
docker run -d —network host —name tomcat83 billygoo/tomcat8-jdk8
宿主机 ip addr 
容器 ip addr 
需要访问 tomcat83 直接访问 http://宿主机:8080
none
docker network inspect none
[
{
"Name": "none",
"Id": "01f8aa9a1cbbe53d2bacb36de76e811f2943a48c59e6e1036e6638b73a54fdf9",
"Created": "2022-01-08T11:13:40.274784925+08:00",
"Scope": "local",
"Driver": "null",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": []
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
是什么
在none模式下,并不为Docker容器进行任何网络配置。
也就是说,这个Docker容器没有网卡、IP、路由等信息,只有一个lo
需要我们自己丙Docker容器添加网卡、配置P等
代码
docker run -d -p 8084:8080 —network none —name tomcat84 billygoo/tomcat8-jdk8
"Networks": {
"none": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "01f8aa9a1cbbe53d2bacb36de76e811f2943a48c59e6e1036e6638b73a54fdf9",
"EndpointID": "b569c72a3feebc4800f8815bd6f1d03454772b3bb8095c98b401dcd266cc0802",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
}
}
}
]
container
是什么
新建的容器和已经存在的一个容器共享一个网络ip配置而不是和宿主机共享。新创建的容器不会创建自己的网卡,配置自己的IP,而是和一个指定的容器共享IP、端口范围等。同样,两个容器除了网络方面,其他的如文件系统、进程列表等还是隔离的。
案例
docker run -it —name alpine1 alpine /bin/sh
docker run -it —network container:alpine1 —name alpine2 alpine /bin/sh
暂停 alpine1 exit
alpine2 的 16消失
自定义网络
docker network inspect bb_network
[
{
"Name": "bb_network",
"Id": "fdc12f92e96431d67edaa6cde0577329a3b6898fba9f710850cafbe8cc77338b",
"Created": "2022-02-09T14:35:15.429548957+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.19.0.0/16",
"Gateway": "172.19.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
案例
docker run -d -p 8081:8080 —name tomcat81 billygoo/tomcat8-jdk8
docker run -d -p 8082:8080 —name tomcat82 billygoo/tomcat8-jdk8
按ip ping可以, 按服务名ping 不行
在172.17.0.2 使用ping 172.17.0.3
创建自定义网络,解决按服务名访问
创建网络名
docker network create ljx_network
创建容器,使用自定义的网络
docker run -d -p 8083:8080 —network ljx_network —name tomcat83 billygoo/tomcat8-jdk8
docker run -d -p 8084:8080 —network ljx_network —name tomcat84 billygoo/tomcat8-jdk8
相互ping测试
结论
自定义网络本身就维护好了主机名和ip 的对应关系(ip 和域名都能通)
Docker平台架构图解
若有收获,就点个赞吧
0 人点赞
