一、Docker安装

1、查看系统版本

# 系统内核3.10以上
uname -r
=================================================================================
3.10.0-514.26.2.el7.x86_64

# 系统版本
cat /etc/os-release
=================================================================================
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

2、安装步骤

2.1、卸载旧的版本

sudo yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine

2.2、安装一些docker需要的安装包

yum install -y yum-utils

2.3、设置镜像仓库

yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo #国外的非常慢
yum-config-manager \
         --add-repo \
    http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo #推荐使用阿里云

2.4、安装docker引擎

yum install docker-ce docker-ce-cli containerd.io

2.5、启动docker

systemctl start docker

2.6、hello world

docker run hello-world

2.7、使用阿里云镜像加速器

二、Docker常用命令

1、帮助命令

docker version                 #docker版本信息
docker info                        #docker系统信息，包括镜像和容器数量
docker 命令 --help        #万能命令

2、镜像命令

2.1、查询镜像

查看所有本地主机上的镜像：docker images

docker images
=================================================================================
REPOSITORY    TAG       IMAGE ID       CREATED         SIZE
hello-world   latest    bf756fb1ae65   12 months ago   13.3kB

解释：

REPOSITORY 镜像的仓库源 TAG 镜像的标签 IMAGE ID 镜像的id CREATED 镜像的创建时间 SIZE 镜像的大小

可选项：

列出所有镜像：-a, —all 只显示镜像的id：-q, —quiet

2.2、搜索镜像

查找仓库源里面的镜像： docker search

docker search mysql
=================================================================================
NAME                      DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
mysql                     MySQL is a widely used, open-source relation…   10380     [OK]       
mariadb                   MariaDB is a community-developed fork of MyS…   3848      [OK]       
mysql/mysql-server        Optimized MySQL Server Docker images. Create…   758                  [OK]
percona                   Percona Server is a fork of the MySQL relati…   519       [OK]       
centos/mysql-57-centos7   MySQL 5.7 SQL database server                   87                   
mysql/mysql-cluster       Experimental MySQL Cluster Docker images. Cr…   79                   
centurylink/mysql         Image containing mysql. Optimized to be link…   59                   [OK]
……

可选项：

过滤：—filter=

docker search mysql --filter=stars=3000 # 收藏数大于3000
=================================================================================
NAME      DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
mysql     MySQL is a widely used, open-source relation…   10380     [OK]        
mariadb   MariaDB is a community-developed fork of MyS…   3848      [OK]

2.3、下载镜像

下载/拉取镜像： docker pull [OPTIONS] NAME[:TAG]

2.3.1、默认版本下载

docker pull mysql
=================================================================================
Using default tag: latest #如果不写版本，默认下载最新的
latest: Pulling from library/mysql
a076a628af6f: Pull complete  #分层下载，docker images的核心 联合文件系统
f6c208f3f991: Pull complete 
88a9455a9165: Pull complete 
406c9b8427c6: Pull complete 
7c88599c0b25: Pull complete 
25b5c6debdaf: Pull complete 
43a5816f1617: Pull complete 
1a8c919e89bf: Pull complete 
9f3cf4bd1a07: Pull complete 
80539cea118d: Pull complete 
201b3cad54ce: Pull complete 
944ba37e1c06: Pull complete 
Digest: sha256:feada149cb8ff54eade1336da7c1d080c4a1c7ed82b5e320efb5beebed85ae8c
Status: Downloaded newer image for mysql:latest
docker.io/library/mysql:latest # 真实地址

2.3.2、指定版本下载

docker pull mysql:5.7
=================================================================================
5.7: Pulling from library/mysql
a076a628af6f: Already exists # 联合文件，因为latest里面有这些所以无需下载
f6c208f3f991: Already exists 
88a9455a9165: Already exists 
406c9b8427c6: Already exists 
7c88599c0b25: Already exists 
25b5c6debdaf: Already exists 
43a5816f1617: Already exists 
1831ac1245f4: Pull complete # 只需要下载5.7特有的即可
37677b8c1f79: Pull complete 
27e4ac3b0f6e: Pull complete 
7227baa8c445: Pull complete 
Digest: sha256:b3d1eff023f698cd433695c9506171f0d08a8f92a0c8063c1a4d9db9a55808df
Status: Downloaded newer image for mysql:5.7
docker.io/library/mysql:5.7

2.4、删除镜像

2.4.1、通过镜像id删除

docker rmi -f a70d36bc331a
=================================================================================
Untagged: mysql:5.7
Untagged: mysql@sha256:b3d1eff023f698cd433695c9506171f0d08a8f92a0c8063c1a4d9db9a55808df
Deleted: sha256:a70d36bc331a13d297f882d3d63137d24b804f29fa67158c40ad91d5050c39c5
Deleted: sha256:50c77bf7bcddd1f1d97789d80ac2404eec22c860c104e858620d2a2e321f0ef7
Deleted: sha256:14244329b83dfc8982398ee4104a548385652d2bffb957798ff86a419013efd6
Deleted: sha256:6d990477f90af28473eb601a9bca22253f6381e053c5a8edda0a4f027e124a3c
Deleted: sha256:ee0449796df204071589162fc16f8d65586312a40c68d1ba156c93c56f5e5ce8

2.4.2、删除多个镜像

docker rmi -f 镜像id 镜像id 镜像id

2.4.3、组合命令删除所有镜像

docker rmi -f $(docker images -aq)

docker rmi -f $(docker images -aq)
=================================================================================
Untagged: mysql:latest
Untagged: mysql@sha256:feada149cb8ff54eade1336da7c1d080c4a1c7ed82b5e320efb5beebed85ae8c
Deleted: sha256:c8562eaf9d81c779cbfc318d6e01b8e6f86907f1d41233268a2ed83b2f34e748
Deleted: sha256:1b649b85960473808c6b812fc30c3f6a3ff1c0ffdcba5c9435daf01cf7d5373a
Deleted: sha256:19cc889447050c16c797fd209fa114ee219de23facb37c00d4137a4ed4aad922
Deleted: sha256:3c793c06a026d276cf56a6a6a75527026ed9eafa7a7d21a438f7d5ed2314148e
Deleted: sha256:1e1cd89a2bc183a7fea3dab0b543e9924278321ad0921c22cc088adbf3c2e77b
Deleted: sha256:83b2015dfd000588c7c947b2d89b3be7a8e5a3abc6ab562668c358033aa779ec
Deleted: sha256:d08533f1e2acc40ad561a46fc6a76b54c739e6b24f077c183c5709e0a6885312
Deleted: sha256:4f9d91a4728e833d1062fb65a792f06e22e425f63824f260c8b5a64b776ddc38
Deleted: sha256:20bf4c759d1b0d0e6286d2145453af4e0e1b7ba3d4efa3b8bce46817ad4109de
Deleted: sha256:a9371bbdf16ac95cc72555c6ad42f79b9f03a82d964fe89d52bdc5f335a5f42a
Deleted: sha256:5b02130e449d94f51e8ff6e5f7d24802246198749ed9eb064631e63833cd8f1d
Deleted: sha256:ab74465b38bc1acb16c23091df32c5b7033ed55783386cb57acae8efff9f4b37
Deleted: sha256:cb42413394c4059335228c137fe884ff3ab8946a014014309676c25e3ac86864
Untagged: hello-world:latest
Untagged: hello-world@sha256:31b9c7d48790f0d8c50ab433d9c3b7e17666d6993084c002c2ff1ca09b96391d
Deleted: sha256:bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b

3、容器命令

说明：有了镜像才可以创建容器

3.1、新建容器并启动

docker run [可选参数] images

选项	说明
—name	容器名字
-d	在后台运行容器，并且打印容器id。
-i	即使没有连接，也要保持标准输入保持打开状态，一般与 -t 连用。
-t	分配一个伪tty，一般与 -i 连用。
-p	指定容器的端口 -p ip:主机端口:容器端口 -p 主机端口:容器端口(常用) -p i容器端口
-P	随机指定端口
-e	配置环境遍历
-v	挂载卷

3.2、查看正在运行的容器

docker ps [可选参数]

选项	说明
-a	列出正在运行+历史运行过的容器
-n[=?]	显示最近创建的？条容器
-q	只显示容器的编号

3.3、退出容器

exit                #直接停止容器并退出
Ctrl+p+q        #容器不停止退出

3.4、删除容器

docker rm 容器id                                    #不能删除正在运行的容器
docker rm -f $(docker ps -aq)            #删除所有容器
docker ps -a -q|xargs docker rm        #删除所有容器

3.5、启动和停止容器的操作

docker start 容器id
docker restart
docker stop
docker kill

4、常用的其他命令

4.1、后台启动容器

docker run -d centos        #后台启动centos
docker ps                             #发现 centos 停止了
# docker容器使用后台运行，就必须要有一个前台进程
# 否则docker发现没有应用，就会自动停止
# nginx，容器启动后，发现自己没有提供服务，就会立刻停止

4.2、查看日志命令

docker logs [OPTIONS] CONTAINER
Options:
  --details                #显示更多的信息
  -f, --follow        #跟踪实时日志
  --since string         #显示自某个timestamp之后的日志，或相对时间，如42m（即42分钟）
  --tail string       #从日志末尾显示多少行日志， 默认是all
  -t, --timestamps    #显示时间戳
  --until string      #显示自某个timestamp之前的日志，或相对时间，如42m（即42分钟）

例子：
查看指定时间后的日志，只显示最后100行：

$ docker logs -f -t --since="2018-02-08" --tail=100 CONTAINER_ID

查看最近30分钟的日志:

$ docker logs --since 30m CONTAINER_ID

查看某时间之后的日志：

$ docker logs -t --since="2018-02-08T13:23:37" CONTAINER_ID

查看某时间段日志：

$ docker logs -t --since="2018-02-08T13:23:37" --until "2018-02-09T12:23:37" CONTAINER_ID

4.3、查看容器中的进程信息

docker top 容器id

4.4、查看容器的元数据

docker inspect 容器id

4.5、进入当前正在运行的容器

# 方式1
docker exec -it 容器id /bin/bash        #进入容器后打开一个新的终端
# 方式2
docker attach 容器id                                #进入正在执行的

4.6、将容器内文件拷贝到主机上

docker cp 容器id:容器内文件路径 主机路径

4.7、查看docker所有容器的占cpu，内存情况

docker stats

三、Docker精髓

1、容器数据卷

容器的持久化和同步操作，容器间也是可以数据共享的

1.1、基本操作

创建卷：docker volume create
查看所有的卷：docker volume ps
查看具体某一个卷的信息： docker volume inspect 卷名

1.2、挂载方式

1.2.1、指定路径挂载

docker run -d -v /home/vvvv:/home 镜像id
查看容器的挂载信息可以在容器属性的Mounts中查看：docker inspect 容器id

1.2.2、具名挂载

docker run -v juming:容器内路径镜像id

1.2.3、匿名挂载

docker run -v 容器内路径镜像id

1.2.4、DockerFile挂载

dockerfile内容如下

FROM nginx
VOLUME ["volumn1","volumn1"]
CMD echo "========end==========="
CMD /bin/bash

使用dockerfile生成镜像

查看镜像并启动容器

查看容器，并看容器信息

此时可发现是匿名卷

注意：具名和匿名挂载的卷都是放在/var/lib/docker/volumes/xxxx/_data

1.3、权限

1.3.1、ro

ro=readonly，容器内仅拥有只读权限，如需修改需要到宿主机修改

1.3.2、rw

rw=readwrite，容器内拥有读写权限

1.3、两个容器同步一个卷

1.3.1、启动父容器centos01

docker run -it --name centos01 centos

1.3.2、启动子容器centos02，使用volumes-from

docker run -it --name centos02 --volumes-from centos01 centos
此时父子容器共用一个数据卷

# 两个mysql之间实现数据同步
# eg:
docker run -d -p 3306:3306 --name mysql01 -v /etc/mysql/conf.d -v /var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7
docker run -d -p 3306:3306 --name mysql02 --volumes-from mysql01 -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7

数据卷的生命周期一直持续到没有容器使用为止！
但是一旦持久化到本地，此时本地数据不会删除！
问题：匿名挂载和具名挂载是否算持久化到本地

2、DockerFile

用来构建docker镜像的构建文件，命令脚本

2.1、构建步骤

1：编写一个dockerfile文件
2：docker build 构建成为一个镜像
3：docker run 运行镜像
4：docker push 发布镜像（DockerHub，阿里云镜像仓库）

2.2、构建过程

2.2.1、基础知识

1：每个保留关键字（指令）都是必须是大写字母
2：执行从上到下顺序执行
3：# 表示注释
4：每一个指令都会创建提交一个新的镜像层，并提交！

2.2.2、指令

FROM                    # 基础镜像
MAINTAINER        # 镜像是谁写的，姓名+邮箱
RUN                        # 镜像构建的时候需要运行的命令
ADD                        # 步骤，tomcat镜像，这个tomcat压缩包！添加的内容
WORKDIR                # 镜像的工作目录
VLOLUME                # 挂在的目录
EXPOST                # 保留端口配置
CMD                        # 指定容器启动的时候要运行的命令，只有最后一个会生效，可被替代
ENTRYPOINT        # 指定容器启动的时候要运行的命令，可以追加命令
ONBUILD                # 当构建一个被继承的DockerFile 这个时候就会运行ONBUILD的指令
COPY                    # 类似ADD，将文件拷贝到镜像中
ENV                        # 构建的时候设置环境变量

2.3、实战测试1

Docker Hub 99%都是从scratch基础镜像构建而来，然后通过配置需要的软件和配置来进行构建

1：编写dockerFile文件

FROM centos
MAINTAINER vvvv<vurx@qq.com>
# 配置环境变量
ENV MYPATH /usr/local
WORKDIR $MYPATH
# 导入需要执行的包
RUN yum -y install vim
RUN yum -y install net-tools
EXPOSE 80
CMD echo $MYPATH
CMD echo "------end------"
CMD /bin/bash

2：执行文件
docker build -f dockerfile文件路径 -t 镜像名字:[tag] . “.”一定不要忘记

3：成功输出

docker build -f mydockerfile-centos -t mycentos:0.1 .
=================================================================================
Sending build context to Docker daemon  2.048kB
Step 1/10 : FROM centos
latest: Pulling from library/centos
7a0437f04f83: Pull complete 
Digest: sha256:5528e8b1b1719d34604c87e11dcd1c0a20bedf46e83b5632cdeac91b8c04efc1
Status: Downloaded newer image for centos:latest
 ---> 300e315adb2f
Step 2/10 : MAINTAINER vvvv<vurx@qq.com>
 ---> Running in 40a5b7bb22c9
Removing intermediate container 40a5b7bb22c9
 ---> b2c8ac4399b9
Step 3/10 : ENV MYPATH /usr/local
 ---> Running in bdc5a61f1803
Removing intermediate container bdc5a61f1803
 ---> 78e356498ede
Step 4/10 : WORKDIR $MYPATH
 ---> Running in 64cde09115f2
Removing intermediate container 64cde09115f2
 ---> dd92de8e574a
Step 5/10 : RUN yum -y install vim
 ---> Running in c17e2fb1e8c5
CentOS Linux 8 - AppStream                      4.1 MB/s | 6.3 MB     00:01    
CentOS Linux 8 - BaseOS                         2.9 MB/s | 2.3 MB     00:00    
CentOS Linux 8 - Extras                          13 kB/s | 9.2 kB     00:00    
Last metadata expiration check: 0:00:01 ago on Mon Mar  8 06:01:16 2021.
Dependencies resolved.
================================================================================
 Package             Arch        Version                   Repository      Size
================================================================================
Installing:
 vim-enhanced        x86_64      2:8.0.1763-15.el8         appstream      1.4 M
Installing dependencies:
 gpm-libs            x86_64      1.20.7-15.el8             appstream       39 k
 vim-common          x86_64      2:8.0.1763-15.el8         appstream      6.3 M
 vim-filesystem      noarch      2:8.0.1763-15.el8         appstream       48 k
 which               x86_64      2.21-12.el8               baseos          49 k
Transaction Summary
================================================================================
Install  5 Packages
Total download size: 7.8 M
Installed size: 30 M
Downloading Packages:
(1/5): gpm-libs-1.20.7-15.el8.x86_64.rpm        146 kB/s |  39 kB     00:00    
(2/5): vim-filesystem-8.0.1763-15.el8.noarch.rp 711 kB/s |  48 kB     00:00    
(3/5): which-2.21-12.el8.x86_64.rpm             395 kB/s |  49 kB     00:00    
(4/5): vim-enhanced-8.0.1763-15.el8.x86_64.rpm  2.4 MB/s | 1.4 MB     00:00    
(5/5): vim-common-8.0.1763-15.el8.x86_64.rpm    4.5 MB/s | 6.3 MB     00:01    
--------------------------------------------------------------------------------
Total                                           3.3 MB/s | 7.8 MB     00:02     
warning: /var/cache/dnf/appstream-02e86d1c976ab532/packages/gpm-libs-1.20.7-15.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
CentOS Linux 8 - AppStream                      306 kB/s | 1.6 kB     00:00    
Importing GPG key 0x8483C65D:
 Userid     : "CentOS (CentOS Official Signing Key) <security@centos.org>"
 Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : which-2.21-12.el8.x86_64                               1/5 
  Installing       : vim-filesystem-2:8.0.1763-15.el8.noarch                2/5 
  Installing       : vim-common-2:8.0.1763-15.el8.x86_64                    3/5 
  Installing       : gpm-libs-1.20.7-15.el8.x86_64                          4/5 
  Running scriptlet: gpm-libs-1.20.7-15.el8.x86_64                          4/5 
  Installing       : vim-enhanced-2:8.0.1763-15.el8.x86_64                  5/5 
  Running scriptlet: vim-enhanced-2:8.0.1763-15.el8.x86_64                  5/5 
  Running scriptlet: vim-common-2:8.0.1763-15.el8.x86_64                    5/5 
  Verifying        : gpm-libs-1.20.7-15.el8.x86_64                          1/5 
  Verifying        : vim-common-2:8.0.1763-15.el8.x86_64                    2/5 
  Verifying        : vim-enhanced-2:8.0.1763-15.el8.x86_64                  3/5 
  Verifying        : vim-filesystem-2:8.0.1763-15.el8.noarch                4/5 
  Verifying        : which-2.21-12.el8.x86_64                               5/5 
Installed:
  gpm-libs-1.20.7-15.el8.x86_64         vim-common-2:8.0.1763-15.el8.x86_64    
  vim-enhanced-2:8.0.1763-15.el8.x86_64 vim-filesystem-2:8.0.1763-15.el8.noarch
  which-2.21-12.el8.x86_64             
Complete!
Removing intermediate container c17e2fb1e8c5
 ---> d753a853ed88
Step 6/10 : RUN yum -y install net-tools
 ---> Running in 9cea2adb7017
Last metadata expiration check: 0:00:11 ago on Mon Mar  8 06:01:16 2021.
Dependencies resolved.
================================================================================
 Package         Architecture Version                        Repository    Size
================================================================================
Installing:
 net-tools       x86_64       2.0-0.52.20160912git.el8       baseos       322 k
Transaction Summary
================================================================================
Install  1 Package
Total download size: 322 k
Installed size: 942 k
Downloading Packages:
net-tools-2.0-0.52.20160912git.el8.x86_64.rpm   1.5 MB/s | 322 kB     00:00    
--------------------------------------------------------------------------------
Total                                           212 kB/s | 322 kB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : net-tools-2.0-0.52.20160912git.el8.x86_64              1/1 
  Running scriptlet: net-tools-2.0-0.52.20160912git.el8.x86_64              1/1 
  Verifying        : net-tools-2.0-0.52.20160912git.el8.x86_64              1/1 
Installed:
  net-tools-2.0-0.52.20160912git.el8.x86_64                                     
Complete!
Removing intermediate container 9cea2adb7017
 ---> ec81f0874bf4
Step 7/10 : EXPOSE 80
 ---> Running in de8a50ba9121
Removing intermediate container de8a50ba9121
 ---> ef4e1dda7932
Step 8/10 : CMD echo $MYPATH
 ---> Running in 0a8209f16e92
Removing intermediate container 0a8209f16e92
 ---> d35f59696851
Step 9/10 : CMD echo "------end------"
 ---> Running in 8f3f4d463844
Removing intermediate container 8f3f4d463844
 ---> 68a8371f4718
Step 10/10 : CMD /bin/bash
 ---> Running in 9f5c311bcc9f
Removing intermediate container 9f5c311bcc9f
 ---> 5ed3b4ceae6e
Successfully built 5ed3b4ceae6e
Successfully tagged mycentos:0.1

Successfully built 5ed3b4ceae6e
Successfully tagged mycentos:0.1

4：启动测试
docker run -it 5ed3b4ceae6e

5：可以通过history命令查看镜像如何构建的

docker history 5ed3b4ceae6e
=================================================================================
IMAGE          CREATED         CREATED BY                                      SIZE      COMMENT
5ed3b4ceae6e   7 minutes ago   /bin/sh -c #(nop)  CMD ["/bin/sh" "-c" "/bin…   0B        
68a8371f4718   7 minutes ago   /bin/sh -c #(nop)  CMD ["/bin/sh" "-c" "echo…   0B        
d35f59696851   7 minutes ago   /bin/sh -c #(nop)  CMD ["/bin/sh" "-c" "echo…   0B        
ef4e1dda7932   7 minutes ago   /bin/sh -c #(nop)  EXPOSE 80                    0B        
ec81f0874bf4   7 minutes ago   /bin/sh -c yum -y install net-tools             14.3MB    
d753a853ed88   7 minutes ago   /bin/sh -c yum -y install vim                   58MB      
dd92de8e574a   7 minutes ago   /bin/sh -c #(nop) WORKDIR /usr/local            0B        
78e356498ede   7 minutes ago   /bin/sh -c #(nop)  ENV MYPATH=/usr/local        0B        
b2c8ac4399b9   7 minutes ago   /bin/sh -c #(nop)  MAINTAINER vvvv<vurx@qq.c…   0B        
300e315adb2f   3 months ago    /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B        
<missing>      3 months ago    /bin/sh -c #(nop)  LABEL org.label-schema.sc…   0B        
<missing>      3 months ago    /bin/sh -c #(nop) ADD file:bd7a2aed6ede423b7…   209MB

2.4、实战测试2

3、Docker网络

3.1、Docker0

3.1.1、查看本机ip信息

ip addr
=================================================================================
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:16:3f:00:fb:b4 brd ff:ff:ff:ff:ff:ff
    inet 172.17.7.119/18 brd 172.17.63.255 scope global dynamic eth0
       valid_lft 308859459sec preferred_lft 308859459sec
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
    link/ether 02:42:5f:dc:f9:6d brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
       valid_lft forever preferred_lft forever
# lo：本机回环地址
# eth0：本机内网地址
# docker0：docker地址

3.1.2、启动一个容器，并查看容器内部的ip

docker exec -it tomcat01 ip addr
=================================================================================
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
28: eth0@if29: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever

发现容器启动时，会得到 eth0@if29 ip地址，这是docker进行分配的！

思考：linux能否ping通上述ip地址？

ping 172.18.0.2
=================================================================================
PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data.
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.104 ms
64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.054 ms
64 bytes from 172.18.0.2: icmp_seq=3 ttl=64 time=0.053 ms
64 bytes from 172.18.0.2: icmp_seq=4 ttl=64 time=0.054 ms
# linux可以ping通自己的容器内部

3.1.3、再次查看本机ip

ip addr
=================================================================================
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:16:3f:00:fb:b4 brd ff:ff:ff:ff:ff:ff
    inet 172.17.7.119/18 brd 172.17.63.255 scope global dynamic eth0
       valid_lft 308857569sec preferred_lft 308857569sec
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 02:42:5f:dc:f9:6d brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
       valid_lft forever preferred_lft forever
29: veth614af1e@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP 
    link/ether 2a:f4:0b:3f:a2:1c brd ff:ff:ff:ff:ff:ff link-netnsid 0

此时发现，本机的ip多了个29，和上方容器中的一致

3.1.4、再启动一个容器，查看本机ip

docker run -d --name tomcat02 tomcat
c5adb3ebbc9f426fcc278bd21acf071515c71ff34270bfc83cb4fe4b7372a101
ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:16:3f:00:fb:b4 brd ff:ff:ff:ff:ff:ff
    inet 172.17.7.119/18 brd 172.17.63.255 scope global dynamic eth0
       valid_lft 308857440sec preferred_lft 308857440sec
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 02:42:5f:dc:f9:6d brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
       valid_lft forever preferred_lft forever
29: veth614af1e@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP 
    link/ether 2a:f4:0b:3f:a2:1c brd ff:ff:ff:ff:ff:ff link-netnsid 0
31: veth34bae8b@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP 
    link/ether ba:d8:01:66:ba:59 brd ff:ff:ff:ff:ff:ff link-netnsid 1

发现又多了一对网卡~！docker新建容器的网卡都是一对的，这就是evth-pair技术！

evth-pair 是一对的虚拟设备接口，都是成对出现的，一段连着协议，一段彼此相连正因为这个特性，evth-pair充当一个桥梁，链接各种虚拟网络设备

3.1.5、docker网络原理

只要安装了docker，就会有个一个网卡docker0
每启动一个docker容器，docker就会给容器分配一个ip
容器和docker之间是桥接模式，使用的技术是evth-pair！

问题：docker如何处理容器网络访问的？

1、首先我们在容器1里面ping容器2的ip
2、发现可以ping通

docker exec -it tomcat01 ping 172.18.0.3
=================================================================================
PING 172.18.0.3 (172.18.0.3) 56(84) bytes of data.
64 bytes from 172.18.0.3: icmp_seq=1 ttl=64 time=0.098 ms
64 bytes from 172.18.0.3: icmp_seq=2 ttl=64 time=0.069 ms

3、结论：tomcat01和tomcat02是公用的一个路由器 Docker0，所有容器不指定网络的情况下，默认使用docker0，docker会给我们的容器分配一个默认的可用ip。
Docker所有的网络接口都是虚拟的，虚拟转发效率高！

补充： 255.255.0.1/16，/16是什么意思 255.255.0.1 == 》 11111111.11111111.00000000.000000001 16代表前面16位是一个局域网，所以该局域网可以分配，255*255个网段

3.2、容器通过容器名互联—link（不推荐！！！）

能否通过容器名相互间ping通？—不可以

docker exec -it tomcat01 ping tomcat02
=================================================================================
ping: tomcat02: Name or service not known

解决：通过—link

docker run -d --name tomcat03 --link tomcat02 tomcat
104dbf067ac32dc5dc7e59f45974612a5698a7079fdbf84254be5b7618769fad
docker exec -it tomcat03 ping tomcat02
PING tomcat02 (172.18.0.3) 56(84) bytes of data.
64 bytes from tomcat02 (172.18.0.3): icmp_seq=1 ttl=64 time=0.094 ms
64 bytes from tomcat02 (172.18.0.3): icmp_seq=2 ttl=64 time=0.075 ms

反向不可以！！！

docker exec -it tomcat02 ping tomcat03
ping: tomcat03: Name or service not known

查看tomcat03元数据

……
"Links": [
    "/tomcat02:/tomcat03/tomcat02"
],
……

查看容器内的hosts

docker exec -it tomcat03 cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.18.0.3      tomcat02 c5adb3ebbc9f
172.18.0.4      104dbf067ac3

原理解析：—link其实就是在对应容器的hosts文件中加入了目标容器的转发。

3.3、自定义网络（推荐！！！）

不同的集群使用不同的网络，保证集群的健康

3.3.1、查看所有的docker网络

docker network ls
=================================================================================
NETWORK ID     NAME      DRIVER    SCOPE
65154f3e35df   bridge    bridge    local
40b59b6614ac   host      host      local
eeee00b66ab4   none      null      local

bridge：桥接
none：不配置网络
host：和宿主机共享网络
container：容器内联通（用的少，局限性很大！）

选项	说明
connect	Connect a container to a network
create	Create a network
disconnect	Disconnect a container from a network
inspect	Display detailed information on one or more networks
ls	List networks
prune	Remove all unused networks
rm	Remove one or more networks

3.3.2、创建自定义网络

创建：docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 vnet

3.3.3、查看自定义网络

docker network inspect vnet
=================================================================================
[
    {
        "Name": "vnet",
        "Id": "0d2be09830a18fff0114fda7a64cb50030e36725b844aa8ff70de39bffb45055",
        "Created": "2021-04-03T15:39:45.62675922+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.0.0/16",
                    "Gateway": "192.168.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

3.3.4、启动容器通过自定义网络

docker run -d -P --net vnet --name tomcat-net-1 tomcat
63255c91f3b7e933b64c1564c56f66d6bff438eb4f2831b29e6a2a1e561f53c8
docker run -d -P --net vnet --name tomcat-net-2 tomcat
329aa652ad8fd18382e2240b5a4a6833a11f2fe77b5cc8c979ce9d71274f62c2

3.3.5、再次查看自定义网络

发现自定义网络的containers里面包含了刚才启动的两个容器

docker network inspect vnet
[
    {
        "Name": "vnet",
        "Id": "0d2be09830a18fff0114fda7a64cb50030e36725b844aa8ff70de39bffb45055",
        "Created": "2021-04-03T15:39:45.62675922+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.0.0/16",
                    "Gateway": "192.168.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "329aa652ad8fd18382e2240b5a4a6833a11f2fe77b5cc8c979ce9d71274f62c2": {
                "Name": "tomcat-net-2",
                "EndpointID": "ee2134c6426cfcb5983074883d393ed8efdf1507003c33884143127e12036bbe",
                "MacAddress": "02:42:c0:a8:00:03",
                "IPv4Address": "192.168.0.3/16",
                "IPv6Address": ""
            },
            "63255c91f3b7e933b64c1564c56f66d6bff438eb4f2831b29e6a2a1e561f53c8": {
                "Name": "tomcat-net-1",
                "EndpointID": "097cc06e3cc342a9a3a41f0f44d1a5291abc7999e042b59a830316afe35b8f43",
                "MacAddress": "02:42:c0:a8:00:02",
                "IPv4Address": "192.168.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

3.3.6、测试通过容器名是否可以ping通

docker exec -it tomcat-net-1 ping tomcat-net-2
=================================================================================
PING tomcat-net-2 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat-net-2.vnet (192.168.0.3): icmp_seq=1 ttl=64 time=0.065 ms
64 bytes from tomcat-net-2.vnet (192.168.0.3): icmp_seq=2 ttl=64 time=0.082 ms
64 bytes from tomcat-net-2.vnet (192.168.0.3): icmp_seq=3 ttl=64 time=0.069 ms

3.4、网络连通

不同网络下的容器如何连通？

3.4.1、使用network下的connet将容器1与vnet相连

docker network connect [OPTIONS] NETWORK CONTAINER
docker network connect vnet tomcat01

3.4.2、查看vnet

发现tomcat01被加进了vnet的containers

docker network inspect vnet
=================================================================================
[
    {
        "Name": "vnet",
        "Id": "0d2be09830a18fff0114fda7a64cb50030e36725b844aa8ff70de39bffb45055",
        "Created": "2021-04-03T15:39:45.62675922+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.0.0/16",
                    "Gateway": "192.168.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "329aa652ad8fd18382e2240b5a4a6833a11f2fe77b5cc8c979ce9d71274f62c2": {
                "Name": "tomcat-net-2",
                "EndpointID": "ee2134c6426cfcb5983074883d393ed8efdf1507003c33884143127e12036bbe",
                "MacAddress": "02:42:c0:a8:00:03",
                "IPv4Address": "192.168.0.3/16",
                "IPv6Address": ""
            },
            "562dba081db3e9a3842edd615038cc52f2ab47afcdf49efe996fd13fd7931631": {
                "Name": "tomcat01",
                "EndpointID": "8165ea265d0e8c2df91710312e66fa900f0f6b28f3df2c2ff08b2e0ecbf040be",
                "MacAddress": "02:42:c0:a8:00:04",
                "IPv4Address": "192.168.0.4/16",
                "IPv6Address": ""
            },
            "63255c91f3b7e933b64c1564c56f66d6bff438eb4f2831b29e6a2a1e561f53c8": {
                "Name": "tomcat-net-1",
                "EndpointID": "097cc06e3cc342a9a3a41f0f44d1a5291abc7999e042b59a830316afe35b8f43",
                "MacAddress": "02:42:c0:a8:00:02",
                "IPv4Address": "192.168.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]