一、Docker安装
1、查看系统版本
# 系统内核3.10以上
uname -r
=================================================================================
3.10.0-514.26.2.el7.x86_64
# 系统版本
cat /etc/os-release
=================================================================================
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
2、安装步骤
2.1、卸载旧的版本
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
2.2、安装一些docker需要的安装包
2.3、设置镜像仓库
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo #国外的非常慢
yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo #推荐使用阿里云
2.4、安装docker引擎
yum install docker-ce docker-ce-cli containerd.io
2.5、启动docker
2.6、hello world
2.7、使用阿里云镜像加速器
二、Docker常用命令
1、帮助命令
docker version #docker版本信息
docker info #docker系统信息,包括镜像和容器数量
docker 命令 --help #万能命令
2、镜像命令
2.1、查询镜像
查看所有本地主机上的镜像:docker images
docker images
=================================================================================
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest bf756fb1ae65 12 months ago 13.3kB
解释:
REPOSITORY 镜像的仓库源 TAG 镜像的标签 IMAGE ID 镜像的id CREATED 镜像的创建时间 SIZE 镜像的大小
可选项:
列出所有镜像:-a, —all 只显示镜像的id:-q, —quiet
2.2、搜索镜像
查找仓库源里面的镜像: docker search
docker search mysql
=================================================================================
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mysql MySQL is a widely used, open-source relation… 10380 [OK]
mariadb MariaDB is a community-developed fork of MyS… 3848 [OK]
mysql/mysql-server Optimized MySQL Server Docker images. Create… 758 [OK]
percona Percona Server is a fork of the MySQL relati… 519 [OK]
centos/mysql-57-centos7 MySQL 5.7 SQL database server 87
mysql/mysql-cluster Experimental MySQL Cluster Docker images. Cr… 79
centurylink/mysql Image containing mysql. Optimized to be link… 59 [OK]
……
可选项:
过滤:—filter=
docker search mysql --filter=stars=3000 # 收藏数大于3000
=================================================================================
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mysql MySQL is a widely used, open-source relation… 10380 [OK]
mariadb MariaDB is a community-developed fork of MyS… 3848 [OK]
2.3、下载镜像
下载/拉取镜像: docker pull [OPTIONS] NAME[:TAG]
2.3.1、默认版本下载
docker pull mysql
=================================================================================
Using default tag: latest #如果不写版本,默认下载最新的
latest: Pulling from library/mysql
a076a628af6f: Pull complete #分层下载,docker images的核心 联合文件系统
f6c208f3f991: Pull complete
88a9455a9165: Pull complete
406c9b8427c6: Pull complete
7c88599c0b25: Pull complete
25b5c6debdaf: Pull complete
43a5816f1617: Pull complete
1a8c919e89bf: Pull complete
9f3cf4bd1a07: Pull complete
80539cea118d: Pull complete
201b3cad54ce: Pull complete
944ba37e1c06: Pull complete
Digest: sha256:feada149cb8ff54eade1336da7c1d080c4a1c7ed82b5e320efb5beebed85ae8c
Status: Downloaded newer image for mysql:latest
docker.io/library/mysql:latest # 真实地址
2.3.2、指定版本下载
docker pull mysql:5.7
=================================================================================
5.7: Pulling from library/mysql
a076a628af6f: Already exists # 联合文件,因为latest里面有这些所以无需下载
f6c208f3f991: Already exists
88a9455a9165: Already exists
406c9b8427c6: Already exists
7c88599c0b25: Already exists
25b5c6debdaf: Already exists
43a5816f1617: Already exists
1831ac1245f4: Pull complete # 只需要下载5.7特有的即可
37677b8c1f79: Pull complete
27e4ac3b0f6e: Pull complete
7227baa8c445: Pull complete
Digest: sha256:b3d1eff023f698cd433695c9506171f0d08a8f92a0c8063c1a4d9db9a55808df
Status: Downloaded newer image for mysql:5.7
docker.io/library/mysql:5.7
2.4、删除镜像
2.4.1、通过镜像id删除
docker rmi -f a70d36bc331a
=================================================================================
Untagged: mysql:5.7
Untagged: mysql@sha256:b3d1eff023f698cd433695c9506171f0d08a8f92a0c8063c1a4d9db9a55808df
Deleted: sha256:a70d36bc331a13d297f882d3d63137d24b804f29fa67158c40ad91d5050c39c5
Deleted: sha256:50c77bf7bcddd1f1d97789d80ac2404eec22c860c104e858620d2a2e321f0ef7
Deleted: sha256:14244329b83dfc8982398ee4104a548385652d2bffb957798ff86a419013efd6
Deleted: sha256:6d990477f90af28473eb601a9bca22253f6381e053c5a8edda0a4f027e124a3c
Deleted: sha256:ee0449796df204071589162fc16f8d65586312a40c68d1ba156c93c56f5e5ce8
2.4.2、删除多个镜像
2.4.3、组合命令删除所有镜像
docker rmi -f $(docker images -aq)
docker rmi -f $(docker images -aq)
=================================================================================
Untagged: mysql:latest
Untagged: mysql@sha256:feada149cb8ff54eade1336da7c1d080c4a1c7ed82b5e320efb5beebed85ae8c
Deleted: sha256:c8562eaf9d81c779cbfc318d6e01b8e6f86907f1d41233268a2ed83b2f34e748
Deleted: sha256:1b649b85960473808c6b812fc30c3f6a3ff1c0ffdcba5c9435daf01cf7d5373a
Deleted: sha256:19cc889447050c16c797fd209fa114ee219de23facb37c00d4137a4ed4aad922
Deleted: sha256:3c793c06a026d276cf56a6a6a75527026ed9eafa7a7d21a438f7d5ed2314148e
Deleted: sha256:1e1cd89a2bc183a7fea3dab0b543e9924278321ad0921c22cc088adbf3c2e77b
Deleted: sha256:83b2015dfd000588c7c947b2d89b3be7a8e5a3abc6ab562668c358033aa779ec
Deleted: sha256:d08533f1e2acc40ad561a46fc6a76b54c739e6b24f077c183c5709e0a6885312
Deleted: sha256:4f9d91a4728e833d1062fb65a792f06e22e425f63824f260c8b5a64b776ddc38
Deleted: sha256:20bf4c759d1b0d0e6286d2145453af4e0e1b7ba3d4efa3b8bce46817ad4109de
Deleted: sha256:a9371bbdf16ac95cc72555c6ad42f79b9f03a82d964fe89d52bdc5f335a5f42a
Deleted: sha256:5b02130e449d94f51e8ff6e5f7d24802246198749ed9eb064631e63833cd8f1d
Deleted: sha256:ab74465b38bc1acb16c23091df32c5b7033ed55783386cb57acae8efff9f4b37
Deleted: sha256:cb42413394c4059335228c137fe884ff3ab8946a014014309676c25e3ac86864
Untagged: hello-world:latest
Untagged: hello-world@sha256:31b9c7d48790f0d8c50ab433d9c3b7e17666d6993084c002c2ff1ca09b96391d
Deleted: sha256:bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b
3、容器命令
说明:有了镜像才可以创建容器
3.1、新建容器并启动
docker run [可选参数] images
选项 | 说明 |
---|---|
—name | 容器名字 |
-d | 在后台运行容器,并且打印容器id。 |
-i | 即使没有连接,也要保持标准输入保持打开状态,一般与 -t 连用。 |
-t | 分配一个伪tty,一般与 -i 连用。 |
-p | 指定容器的端口 -p ip:主机端口:容器端口 -p 主机端口:容器端口(常用) -p i容器端口 |
-P | 随机指定端口 |
-e | 配置环境遍历 |
-v | 挂载卷 |
3.2、查看正在运行的容器
docker ps [可选参数]
选项 | 说明 |
---|---|
-a | 列出正在运行+历史运行过的容器 |
-n[=?] | 显示最近创建的?条容器 |
-q | 只显示容器的编号 |
3.3、退出容器
exit #直接停止容器并退出
Ctrl+p+q #容器不停止退出
3.4、删除容器
docker rm 容器id #不能删除正在运行的容器
docker rm -f $(docker ps -aq) #删除所有容器
docker ps -a -q|xargs docker rm #删除所有容器
3.5、启动和停止容器的操作
docker start 容器id
docker restart
docker stop
docker kill
4、常用的其他命令
4.1、后台启动容器
docker run -d centos #后台启动centos
docker ps #发现 centos 停止了
# docker容器使用后台运行,就必须要有一个前台进程
# 否则docker发现没有应用,就会自动停止
# nginx,容器启动后,发现自己没有提供服务,就会立刻停止
4.2、查看日志命令
docker logs [OPTIONS] CONTAINER
Options:
--details #显示更多的信息
-f, --follow #跟踪实时日志
--since string #显示自某个timestamp之后的日志,或相对时间,如42m(即42分钟)
--tail string #从日志末尾显示多少行日志, 默认是all
-t, --timestamps #显示时间戳
--until string #显示自某个timestamp之前的日志,或相对时间,如42m(即42分钟)
例子:
查看指定时间后的日志,只显示最后100行:
$ docker logs -f -t --since="2018-02-08" --tail=100 CONTAINER_ID
查看最近30分钟的日志:
$ docker logs --since 30m CONTAINER_ID
查看某时间之后的日志:
$ docker logs -t --since="2018-02-08T13:23:37" CONTAINER_ID
查看某时间段日志:
$ docker logs -t --since="2018-02-08T13:23:37" --until "2018-02-09T12:23:37" CONTAINER_ID
4.3、查看容器中的进程信息
docker top 容器id
4.4、查看容器的元数据
docker inspect 容器id
4.5、进入当前正在运行的容器
# 方式1
docker exec -it 容器id /bin/bash #进入容器后打开一个新的终端
# 方式2
docker attach 容器id #进入正在执行的
4.6、将容器内文件拷贝到主机上
docker cp 容器id:容器内文件路径 主机路径
4.7、查看docker所有容器的占cpu,内存情况
三、Docker精髓
1、容器数据卷
容器的持久化和同步操作,容器间也是可以数据共享的
1.1、基本操作
创建卷:docker volume create
查看所有的卷:docker volume ps
查看具体某一个卷的信息: docker volume inspect 卷名
1.2、挂载方式
1.2.1、指定路径挂载
docker run -d -v /home/vvvv:/home 镜像id
查看容器的挂载信息可以在容器属性的Mounts中查看:docker inspect 容器id
1.2.2、具名挂载
docker run -v juming:容器内路径 镜像id
1.2.3、匿名挂载
1.2.4、DockerFile挂载
dockerfile内容如下
FROM nginx
VOLUME ["volumn1","volumn1"]
CMD echo "========end==========="
CMD /bin/bash
使用dockerfile生成镜像
查看镜像并启动容器
查看容器,并看容器信息
此时可发现是匿名卷
注意:具名和匿名挂载的卷都是放在/var/lib/docker/volumes/xxxx/_data
1.3、权限
1.3.1、ro
ro=readonly,容器内仅拥有只读权限,如需修改需要到宿主机修改
1.3.2、rw
1.3、两个容器同步一个卷
1.3.1、启动父容器centos01
docker run -it --name centos01 centos
1.3.2、启动子容器centos02,使用volumes-from
docker run -it --name centos02 --volumes-from centos01 centos
此时父子容器共用一个数据卷
# 两个mysql之间实现数据同步
# eg:
docker run -d -p 3306:3306 --name mysql01 -v /etc/mysql/conf.d -v /var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7
docker run -d -p 3306:3306 --name mysql02 --volumes-from mysql01 -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7
数据卷的生命周期一直持续到没有容器使用为止!
但是一旦持久化到本地,此时本地数据不会删除!
问题:匿名挂载和具名挂载是否算持久化到本地
2、DockerFile
用来构建docker镜像的构建文件,命令脚本
2.1、构建步骤
1:编写一个dockerfile文件
2:docker build 构建成为一个镜像
3:docker run 运行镜像
4:docker push 发布镜像(DockerHub,阿里云镜像仓库)
2.2、构建过程
2.2.1、基础知识
1:每个保留关键字(指令)都是必须是大写字母
2:执行从上到下顺序执行
3:# 表示注释
4:每一个指令都会创建提交一个新的镜像层,并提交!
2.2.2、指令
FROM # 基础镜像
MAINTAINER # 镜像是谁写的,姓名+邮箱
RUN # 镜像构建的时候需要运行的命令
ADD # 步骤,tomcat镜像,这个tomcat压缩包!添加的内容
WORKDIR # 镜像的工作目录
VLOLUME # 挂在的目录
EXPOST # 保留端口配置
CMD # 指定容器启动的时候要运行的命令,只有最后一个会生效,可被替代
ENTRYPOINT # 指定容器启动的时候要运行的命令,可以追加命令
ONBUILD # 当构建一个被继承的DockerFile 这个时候就会运行ONBUILD的指令
COPY # 类似ADD,将文件拷贝到镜像中
ENV # 构建的时候设置环境变量
2.3、实战测试1
Docker Hub 99%都是从scratch基础镜像构建而来,然后通过配置需要的软件和配置来进行构建
1:编写dockerFile文件
FROM centos
MAINTAINER vvvv<vurx@qq.com>
# 配置环境变量
ENV MYPATH /usr/local
WORKDIR $MYPATH
# 导入需要执行的包
RUN yum -y install vim
RUN yum -y install net-tools
EXPOSE 80
CMD echo $MYPATH
CMD echo "------end------"
CMD /bin/bash
2:执行文件docker build -f dockerfile文件路径 -t 镜像名字:[tag] .
“.”一定不要忘记
3:成功输出
docker build -f mydockerfile-centos -t mycentos:0.1 .
=================================================================================
Sending build context to Docker daemon 2.048kB
Step 1/10 : FROM centos
latest: Pulling from library/centos
7a0437f04f83: Pull complete
Digest: sha256:5528e8b1b1719d34604c87e11dcd1c0a20bedf46e83b5632cdeac91b8c04efc1
Status: Downloaded newer image for centos:latest
---> 300e315adb2f
Step 2/10 : MAINTAINER vvvv<vurx@qq.com>
---> Running in 40a5b7bb22c9
Removing intermediate container 40a5b7bb22c9
---> b2c8ac4399b9
Step 3/10 : ENV MYPATH /usr/local
---> Running in bdc5a61f1803
Removing intermediate container bdc5a61f1803
---> 78e356498ede
Step 4/10 : WORKDIR $MYPATH
---> Running in 64cde09115f2
Removing intermediate container 64cde09115f2
---> dd92de8e574a
Step 5/10 : RUN yum -y install vim
---> Running in c17e2fb1e8c5
CentOS Linux 8 - AppStream 4.1 MB/s | 6.3 MB 00:01
CentOS Linux 8 - BaseOS 2.9 MB/s | 2.3 MB 00:00
CentOS Linux 8 - Extras 13 kB/s | 9.2 kB 00:00
Last metadata expiration check: 0:00:01 ago on Mon Mar 8 06:01:16 2021.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vim-enhanced x86_64 2:8.0.1763-15.el8 appstream 1.4 M
Installing dependencies:
gpm-libs x86_64 1.20.7-15.el8 appstream 39 k
vim-common x86_64 2:8.0.1763-15.el8 appstream 6.3 M
vim-filesystem noarch 2:8.0.1763-15.el8 appstream 48 k
which x86_64 2.21-12.el8 baseos 49 k
Transaction Summary
================================================================================
Install 5 Packages
Total download size: 7.8 M
Installed size: 30 M
Downloading Packages:
(1/5): gpm-libs-1.20.7-15.el8.x86_64.rpm 146 kB/s | 39 kB 00:00
(2/5): vim-filesystem-8.0.1763-15.el8.noarch.rp 711 kB/s | 48 kB 00:00
(3/5): which-2.21-12.el8.x86_64.rpm 395 kB/s | 49 kB 00:00
(4/5): vim-enhanced-8.0.1763-15.el8.x86_64.rpm 2.4 MB/s | 1.4 MB 00:00
(5/5): vim-common-8.0.1763-15.el8.x86_64.rpm 4.5 MB/s | 6.3 MB 00:01
--------------------------------------------------------------------------------
Total 3.3 MB/s | 7.8 MB 00:02
warning: /var/cache/dnf/appstream-02e86d1c976ab532/packages/gpm-libs-1.20.7-15.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
CentOS Linux 8 - AppStream 306 kB/s | 1.6 kB 00:00
Importing GPG key 0x8483C65D:
Userid : "CentOS (CentOS Official Signing Key) <security@centos.org>"
Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : which-2.21-12.el8.x86_64 1/5
Installing : vim-filesystem-2:8.0.1763-15.el8.noarch 2/5
Installing : vim-common-2:8.0.1763-15.el8.x86_64 3/5
Installing : gpm-libs-1.20.7-15.el8.x86_64 4/5
Running scriptlet: gpm-libs-1.20.7-15.el8.x86_64 4/5
Installing : vim-enhanced-2:8.0.1763-15.el8.x86_64 5/5
Running scriptlet: vim-enhanced-2:8.0.1763-15.el8.x86_64 5/5
Running scriptlet: vim-common-2:8.0.1763-15.el8.x86_64 5/5
Verifying : gpm-libs-1.20.7-15.el8.x86_64 1/5
Verifying : vim-common-2:8.0.1763-15.el8.x86_64 2/5
Verifying : vim-enhanced-2:8.0.1763-15.el8.x86_64 3/5
Verifying : vim-filesystem-2:8.0.1763-15.el8.noarch 4/5
Verifying : which-2.21-12.el8.x86_64 5/5
Installed:
gpm-libs-1.20.7-15.el8.x86_64 vim-common-2:8.0.1763-15.el8.x86_64
vim-enhanced-2:8.0.1763-15.el8.x86_64 vim-filesystem-2:8.0.1763-15.el8.noarch
which-2.21-12.el8.x86_64
Complete!
Removing intermediate container c17e2fb1e8c5
---> d753a853ed88
Step 6/10 : RUN yum -y install net-tools
---> Running in 9cea2adb7017
Last metadata expiration check: 0:00:11 ago on Mon Mar 8 06:01:16 2021.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
net-tools x86_64 2.0-0.52.20160912git.el8 baseos 322 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 322 k
Installed size: 942 k
Downloading Packages:
net-tools-2.0-0.52.20160912git.el8.x86_64.rpm 1.5 MB/s | 322 kB 00:00
--------------------------------------------------------------------------------
Total 212 kB/s | 322 kB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : net-tools-2.0-0.52.20160912git.el8.x86_64 1/1
Running scriptlet: net-tools-2.0-0.52.20160912git.el8.x86_64 1/1
Verifying : net-tools-2.0-0.52.20160912git.el8.x86_64 1/1
Installed:
net-tools-2.0-0.52.20160912git.el8.x86_64
Complete!
Removing intermediate container 9cea2adb7017
---> ec81f0874bf4
Step 7/10 : EXPOSE 80
---> Running in de8a50ba9121
Removing intermediate container de8a50ba9121
---> ef4e1dda7932
Step 8/10 : CMD echo $MYPATH
---> Running in 0a8209f16e92
Removing intermediate container 0a8209f16e92
---> d35f59696851
Step 9/10 : CMD echo "------end------"
---> Running in 8f3f4d463844
Removing intermediate container 8f3f4d463844
---> 68a8371f4718
Step 10/10 : CMD /bin/bash
---> Running in 9f5c311bcc9f
Removing intermediate container 9f5c311bcc9f
---> 5ed3b4ceae6e
Successfully built 5ed3b4ceae6e
Successfully tagged mycentos:0.1
Successfully built 5ed3b4ceae6e
Successfully tagged mycentos:0.1
4:启动测试docker run -it 5ed3b4ceae6e
5:可以通过history命令查看镜像如何构建的
docker history 5ed3b4ceae6e
=================================================================================
IMAGE CREATED CREATED BY SIZE COMMENT
5ed3b4ceae6e 7 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "/bin… 0B
68a8371f4718 7 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "echo… 0B
d35f59696851 7 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "echo… 0B
ef4e1dda7932 7 minutes ago /bin/sh -c #(nop) EXPOSE 80 0B
ec81f0874bf4 7 minutes ago /bin/sh -c yum -y install net-tools 14.3MB
d753a853ed88 7 minutes ago /bin/sh -c yum -y install vim 58MB
dd92de8e574a 7 minutes ago /bin/sh -c #(nop) WORKDIR /usr/local 0B
78e356498ede 7 minutes ago /bin/sh -c #(nop) ENV MYPATH=/usr/local 0B
b2c8ac4399b9 7 minutes ago /bin/sh -c #(nop) MAINTAINER vvvv<vurx@qq.c… 0B
300e315adb2f 3 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 3 months ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 3 months ago /bin/sh -c #(nop) ADD file:bd7a2aed6ede423b7… 209MB
2.4、实战测试2
3、Docker网络
3.1、Docker0
3.1.1、查看本机ip信息
ip addr
=================================================================================
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:16:3f:00:fb:b4 brd ff:ff:ff:ff:ff:ff
inet 172.17.7.119/18 brd 172.17.63.255 scope global dynamic eth0
valid_lft 308859459sec preferred_lft 308859459sec
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:5f:dc:f9:6d brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
valid_lft forever preferred_lft forever
# lo:本机回环地址
# eth0:本机内网地址
# docker0:docker地址
3.1.2、启动一个容器,并查看容器内部的ip
docker exec -it tomcat01 ip addr
=================================================================================
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
28: eth0@if29: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
发现容器启动时,会得到 eth0@if29 ip地址,这是docker进行分配的!
思考:linux能否ping通上述ip地址?
ping 172.18.0.2
=================================================================================
PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data.
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.104 ms
64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.054 ms
64 bytes from 172.18.0.2: icmp_seq=3 ttl=64 time=0.053 ms
64 bytes from 172.18.0.2: icmp_seq=4 ttl=64 time=0.054 ms
# linux可以ping通自己的容器内部
3.1.3、再次查看本机ip
ip addr
=================================================================================
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:16:3f:00:fb:b4 brd ff:ff:ff:ff:ff:ff
inet 172.17.7.119/18 brd 172.17.63.255 scope global dynamic eth0
valid_lft 308857569sec preferred_lft 308857569sec
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:5f:dc:f9:6d brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
valid_lft forever preferred_lft forever
29: veth614af1e@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 2a:f4:0b:3f:a2:1c brd ff:ff:ff:ff:ff:ff link-netnsid 0
3.1.4、再启动一个容器,查看本机ip
docker run -d --name tomcat02 tomcat
c5adb3ebbc9f426fcc278bd21acf071515c71ff34270bfc83cb4fe4b7372a101
ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:16:3f:00:fb:b4 brd ff:ff:ff:ff:ff:ff
inet 172.17.7.119/18 brd 172.17.63.255 scope global dynamic eth0
valid_lft 308857440sec preferred_lft 308857440sec
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:5f:dc:f9:6d brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
valid_lft forever preferred_lft forever
29: veth614af1e@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 2a:f4:0b:3f:a2:1c brd ff:ff:ff:ff:ff:ff link-netnsid 0
31: veth34bae8b@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether ba:d8:01:66:ba:59 brd ff:ff:ff:ff:ff:ff link-netnsid 1
发现又多了一对网卡~!docker新建容器的网卡都是一对的,这就是evth-pair技术!
evth-pair 是一对的虚拟设备接口,都是成对出现的,一段连着协议,一段彼此相连 正因为这个特性,evth-pair充当一个桥梁,链接各种虚拟网络设备
3.1.5、docker网络原理
- 只要安装了docker,就会有个一个网卡docker0
- 每启动一个docker容器,docker就会给容器分配一个ip
- 容器和docker之间是桥接模式,使用的技术是evth-pair!
问题:docker如何处理容器网络访问的?
1、首先我们在容器1里面ping容器2的ip
2、发现可以ping通
docker exec -it tomcat01 ping 172.18.0.3
=================================================================================
PING 172.18.0.3 (172.18.0.3) 56(84) bytes of data.
64 bytes from 172.18.0.3: icmp_seq=1 ttl=64 time=0.098 ms
64 bytes from 172.18.0.3: icmp_seq=2 ttl=64 time=0.069 ms
3、结论:tomcat01和tomcat02是公用的一个路由器 Docker0,所有容器不指定网络的情况下,默认使用docker0,docker会给我们的容器分配一个默认的可用ip。
Docker所有的网络接口都是虚拟的,虚拟转发效率高!
补充: 255.255.0.1/16,/16是什么意思 255.255.0.1 == 》 11111111.11111111.00000000.000000001 16代表前面16位是一个局域网,所以该局域网可以分配,255*255个网段
3.2、容器通过容器名互联—link(不推荐!!!)
能否通过容器名相互间ping通?—不可以
docker exec -it tomcat01 ping tomcat02
=================================================================================
ping: tomcat02: Name or service not known
解决:通过—link
docker run -d --name tomcat03 --link tomcat02 tomcat
104dbf067ac32dc5dc7e59f45974612a5698a7079fdbf84254be5b7618769fad
docker exec -it tomcat03 ping tomcat02
PING tomcat02 (172.18.0.3) 56(84) bytes of data.
64 bytes from tomcat02 (172.18.0.3): icmp_seq=1 ttl=64 time=0.094 ms
64 bytes from tomcat02 (172.18.0.3): icmp_seq=2 ttl=64 time=0.075 ms
反向不可以!!!
docker exec -it tomcat02 ping tomcat03
ping: tomcat03: Name or service not known
查看tomcat03元数据
……
"Links": [
"/tomcat02:/tomcat03/tomcat02"
],
……
查看容器内的hosts
docker exec -it tomcat03 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.18.0.3 tomcat02 c5adb3ebbc9f
172.18.0.4 104dbf067ac3
原理解析:—link其实就是在对应容器的hosts文件中加入了目标容器的转发。
3.3、自定义网络(推荐!!!)
不同的集群使用不同的网络,保证集群的健康
3.3.1、查看所有的docker网络
docker network ls
=================================================================================
NETWORK ID NAME DRIVER SCOPE
65154f3e35df bridge bridge local
40b59b6614ac host host local
eeee00b66ab4 none null local
bridge:桥接
none:不配置网络
host:和宿主机共享网络
container:容器内联通(用的少,局限性很大!)
选项 | 说明 |
---|---|
connect | Connect a container to a network |
create | Create a network |
disconnect | Disconnect a container from a network |
inspect | Display detailed information on one or more networks |
ls | List networks |
prune | Remove all unused networks |
rm | Remove one or more networks |
3.3.2、创建自定义网络
创建:docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 vnet
3.3.3、查看自定义网络
docker network inspect vnet
=================================================================================
[
{
"Name": "vnet",
"Id": "0d2be09830a18fff0114fda7a64cb50030e36725b844aa8ff70de39bffb45055",
"Created": "2021-04-03T15:39:45.62675922+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
3.3.4、启动容器通过自定义网络
docker run -d -P --net vnet --name tomcat-net-1 tomcat
63255c91f3b7e933b64c1564c56f66d6bff438eb4f2831b29e6a2a1e561f53c8
docker run -d -P --net vnet --name tomcat-net-2 tomcat
329aa652ad8fd18382e2240b5a4a6833a11f2fe77b5cc8c979ce9d71274f62c2
3.3.5、再次查看自定义网络
发现自定义网络的containers里面包含了刚才启动的两个容器
docker network inspect vnet
[
{
"Name": "vnet",
"Id": "0d2be09830a18fff0114fda7a64cb50030e36725b844aa8ff70de39bffb45055",
"Created": "2021-04-03T15:39:45.62675922+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"329aa652ad8fd18382e2240b5a4a6833a11f2fe77b5cc8c979ce9d71274f62c2": {
"Name": "tomcat-net-2",
"EndpointID": "ee2134c6426cfcb5983074883d393ed8efdf1507003c33884143127e12036bbe",
"MacAddress": "02:42:c0:a8:00:03",
"IPv4Address": "192.168.0.3/16",
"IPv6Address": ""
},
"63255c91f3b7e933b64c1564c56f66d6bff438eb4f2831b29e6a2a1e561f53c8": {
"Name": "tomcat-net-1",
"EndpointID": "097cc06e3cc342a9a3a41f0f44d1a5291abc7999e042b59a830316afe35b8f43",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
3.3.6、测试通过容器名是否可以ping通
docker exec -it tomcat-net-1 ping tomcat-net-2
=================================================================================
PING tomcat-net-2 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat-net-2.vnet (192.168.0.3): icmp_seq=1 ttl=64 time=0.065 ms
64 bytes from tomcat-net-2.vnet (192.168.0.3): icmp_seq=2 ttl=64 time=0.082 ms
64 bytes from tomcat-net-2.vnet (192.168.0.3): icmp_seq=3 ttl=64 time=0.069 ms
3.4、网络连通
不同网络下的容器如何连通?
3.4.1、使用network下的connet将容器1与vnet相连
docker network connect [OPTIONS] NETWORK CONTAINER
docker network connect vnet tomcat01
3.4.2、查看vnet
发现tomcat01被加进了vnet的containers
docker network inspect vnet
=================================================================================
[
{
"Name": "vnet",
"Id": "0d2be09830a18fff0114fda7a64cb50030e36725b844aa8ff70de39bffb45055",
"Created": "2021-04-03T15:39:45.62675922+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"329aa652ad8fd18382e2240b5a4a6833a11f2fe77b5cc8c979ce9d71274f62c2": {
"Name": "tomcat-net-2",
"EndpointID": "ee2134c6426cfcb5983074883d393ed8efdf1507003c33884143127e12036bbe",
"MacAddress": "02:42:c0:a8:00:03",
"IPv4Address": "192.168.0.3/16",
"IPv6Address": ""
},
"562dba081db3e9a3842edd615038cc52f2ab47afcdf49efe996fd13fd7931631": {
"Name": "tomcat01",
"EndpointID": "8165ea265d0e8c2df91710312e66fa900f0f6b28f3df2c2ff08b2e0ecbf040be",
"MacAddress": "02:42:c0:a8:00:04",
"IPv4Address": "192.168.0.4/16",
"IPv6Address": ""
},
"63255c91f3b7e933b64c1564c56f66d6bff438eb4f2831b29e6a2a1e561f53c8": {
"Name": "tomcat-net-1",
"EndpointID": "097cc06e3cc342a9a3a41f0f44d1a5291abc7999e042b59a830316afe35b8f43",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]