发布网友 发布时间:2024-09-27 15:54
共1个回答
热心网友 时间:2024-10-01 00:12
导言
两个或者多个之间的容器如何相互通信?
容器重启后IP变化如何解决?
容器内部间如何通过容器名通信?
如何自定义网络,让同属一个服务群的容器都加入到同一个网络?
一、宿主机网络Docker网络用于处理宿主机和容器内网络通信
容器间的互联和通信以及端口映射
容器IP变动时候可以通过服务名直接网络通信而不受到影响
Docker未启动情况下,宿主机的网络情况
系统通过vagrant安装和启动
此时有eth0和lo(local)两个网卡
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu 1500 inet 192.168.33.10netmask 255.255.255.0broadcast 192.168.33.255 inet6 fe80::a00:27ff:fe29:956cprefixlen 64scopeid 0x20<link> ether 08:00:27:29:95:6ctxqueuelen 1000(Ethernet) RX packets 204bytes 20733 (20.2 KiB) RX errors 0dropped 0overruns 0frame 0 TX packets 144bytes 23742 (23.1 KiB) TX errors 0dropped 0 overruns 0carrier 0collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> ?mtu 65536 inet 127.0.0.1 ?netmask 255.0.0.0 inet6 ::1 ?prefixlen 128 ?scopeid 0x10loop ?txqueuelen 1000 ?(Local Loopback) RX packets 64 ?bytes 5184 (5.0 KiB) RX errors 0 ?dropped 0 ?overruns 0 ?frame 0 TX packets 64 ?bytes 5184 (5.0 KiB) TX errors 0 ?dropped 0 overruns 0 ?carrier 0 ?collisions 0
3. docker启动情况下,宿主机的网络情况 - 此时宿主机会产生一个名为**docker0**的虚拟网桥```shelldocker0: flags=4099<UP,BROADCAST,MULTICAST>mtu 1500inet 172.17.0.1netmask 255.255.0.0broadcast 172.17.255.255ether 02:42:f7:55:5a:bdtxqueuelen 0(Ethernet)RX packets 0bytes 0 (0.0 B)RX errors 0dropped 0overruns 0frame 0TX packets 0bytes 0 (0.0 B)TX errors 0dropped 0 overruns 0carrier 0collisions 0eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu 1500inet 192.168.33.10netmask 255.255.255.0broadcast 192.168.33.255inet6 fe80::a00:27ff:fe29:956cprefixlen 64scopeid 0x20<link>ether 08:00:27:29:95:6ctxqueuelen 1000(Ethernet)RX packets 204bytes 20733 (20.2 KiB)RX errors 0dropped 0overruns 0frame 0TX packets 144bytes 23742 (23.1 KiB)TX errors 0dropped 0 overruns 0carrier 0collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>mtu 65536inet 127.0.0.1netmask 255.0.0.0inet6 ::1prefixlen 128scopeid 0x10<host>looptxqueuelen 1000(Local Loopback)RX packets 64bytes 5184 (5.0 KiB)RX errors 0dropped 0overruns 0frame 0TX packets 64bytes 5184 (5.0 KiB)TX errors 0dropped 0 overruns 0carrier 0collisions 0二、Docker网络查看docker网络模式命令
docker network <COMMAND>可以使用的命令如下
[root@server01 ~]# docker network --helpUsage: ?docker network COMMAND
Manage networks
Commands: connect ? ? Connect a container to a network create ? ? ?Create a network disconnect ?Disconnect a container from a network inspect ? ? Display detailed information on one or more networks ls ? ? ? ? ?List networks prune ? ? ? Remove all unused networks rm ? ? ? ? ?Remove one or more networks
3. 查看网卡列表```shell[root@server01 ~]# docker network lsNETWORK ID NAMEDRIVERSCOPEad11a58c25cc bridgebridgelocal1524da0505ee hosthostlocalf4cbc4779eaf nonenulllocal可以看到默认创建3大网络模式
查看网卡信息
[{ "Name": "bridge", "Id": "ad11a58c25cc80747576c2ef7c2ca09b960fe0565b4c6ab7032ed9dfdba94ca2", "Created": "2022-03-20T12:41:29.966511242Z", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", # 可以看到bridge用的网桥名称就是docker0 "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {}}]创建和删除网卡
# 原始所有网卡信息[root@server01 ~]# docker network lsNETWORK ID NAMEDRIVERSCOPEad11a58c25cc bridgebridgelocal1524da0505ee hosthostlocalf4cbc4779eaf nonenulllocal# 创建网卡[root@server01 ~]# docker network create my_network146a5d4683a8ef8256ce5280eabb719c5d7da061f317f03529dedbf4fe8ee2a5[root@server01 ~]# docker network lsNETWORK ID NAME DRIVERSCOPEad11a58c25cc bridge bridgelocal1524da0505ee host hostlocal# 默认创建的网卡类型是桥接类型146a5d4683a8 my_network bridgelocalf4cbc4779eaf none nulllocal# 删除网卡[root@server01 ~]# docker network rm my_networkmy_network[root@server01 ~]# docker network lsNETWORK ID NAMEDRIVERSCOPEad11a58c25cc bridgebridgelocal1524da0505ee hosthostlocalf4cbc4779eaf nonenulllocal三、网络模式3.1 bridge模式Docker 服务默认会创建一个 docker0 网桥(其上有一个 docker0 内部接口),该桥接网络的名称为docker0,它在内核层连通了其他的物理或虚拟网卡,将所有容器和本地主机都放到同一个物理网络
Docker 默认指定了 docker0 接口 的 IP 地址和子网掩码,让主机和容器之间可以通过网桥相互通信
为每一个容器分配和设置ip,并将容器连接到docker0,虚拟网桥默认为该模式
使用 --network ?bridge 指定容器使用的网络模式,默认bridge(docker0)
Docker使用Linux桥接,在宿主机虚拟一个Docker容器网桥(docker0),Docker启动一个容器时会根据Docker网桥的网段分配给容器一个IP地址,称为容器ip(Container-IP),同时Docker网桥是每个容器的默认网关。因为在同一宿主机内的容器都接入同一个网桥,这样容器之间就能够通过容器的Container-IP直接通信
docker run 的时候,如果没有指定network则默认使用的网桥模式就是bridge,使用的就是docker0。在宿主机ifconfig可以看到docker0和创建的的networketh0,eth1,eth2……代表网卡一,网卡二,网卡三……,lo代表127.0.0.1,即localhost,inet addr用来表示网卡的IP地址
网桥docker0创建一对对等虚拟设备接口一个叫veth,另一个叫eth0,成对匹配
整个宿主机的网桥模式都是docker0,类似一个交换机有一堆接口,每个接口叫veth,在本地主机和容器内分别创建一个虚拟接口,并让他们彼此联通(这样一对接口叫veth pair)
每个容器实例内部同时有一块网卡,每个接口叫eth0
docker0上面的每个veth匹配某个容器实例内部的eth0,两两配对,一一匹配。 通过配对网卡,将宿主机上的所有容器都连接到这个内部网络上,两个容器在同一个网络下,会从这个网关下各自拿到分配的ip,此时两个容器的网络互通
运行alpine(一个微型的linux版本) 容器,进入redis容器内容查看网络信息和宿主机网络信息
docker pull alpine
docker run -d --name alpine alpine:latest
docker exec -it apline bash
alpine容器内部
/ # ip addr1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever# eth0@if11:表示连接到宿主机的11号网卡信息10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UPlink/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever宿主机网络信息
# veth02096c1@if10:表示连接到容器内部的10号网卡11: veth02096c1@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group defaultlink/ether fe:e5:f2:56:6d:07 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet6 fe80::fce5:f2ff:fe56:6d07/64 scope linkvalid_lft forever preferred_lft forever对应关系如下
3.2 host模式直接使用宿主机的 IP 地址与外界进行通信,不再需要额外进行NAT 转换
使用--network host指定
查看host网卡信息
[ { "Name": "host", "Id": "1524da0505eef1c3f188e337551fe0259b99c3e00915fd9eafea288aa4ec69c9", "Created": "2022-03-06T06:55:13.717636641Z", "Scope": "local", # 驱动为host "Driver": "host", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": {}, "Labels": {} }]3. docker启动情况下,宿主机的网络情况 - 此时宿主机会产生一个名为**docker0**的虚拟网桥```shelldocker0: flags=4099<UP,BROADCAST,MULTICAST>mtu 1500inet 172.17.0.1netmask 255.255.0.0broadcast 172.17.255.255ether 02:42:f7:55:5a:bdtxqueuelen 0(Ethernet)RX packets 0bytes 0 (0.0 B)RX errors 0dropped 0overruns 0frame 0TX packets 0bytes 0 (0.0 B)TX errors 0dropped 0 overruns 0carrier 0collisions 0eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu 1500inet 192.168.33.10netmask 255.255.255.0broadcast 192.168.33.255inet6 fe80::a00:27ff:fe29:956cprefixlen 64scopeid 0x20<link>ether 08:00:27:29:95:6ctxqueuelen 1000(Ethernet)RX packets 204bytes 20733 (20.2 KiB)RX errors 0dropped 0overruns 0frame 0TX packets 144bytes 23742 (23.1 KiB)TX errors 0dropped 0 overruns 0carrier 0collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>mtu 65536inet 127.0.0.1netmask 255.0.0.0inet6 ::1prefixlen 128scopeid 0x10<host>looptxqueuelen 1000(Local Loopback)RX packets 64bytes 5184 (5.0 KiB)RX errors 0dropped 0overruns 0frame 0TX packets 64bytes 5184 (5.0 KiB)TX errors 0dropped 0 overruns 0carrier 0collisions 00如果容器启动在此模式下,内部将只有lo地址
3.4 container模式新建的容器和已经存在的一个容器共享网络ip和配置,而不会创建自己的网卡,配置自己的IP等
两个容器除了网络方面,其他的如文件系统、进程列表等依然隔离
使用--network container:NAME 或者容器ID指定
先运行基础容器
docker run -it --name alpine alpine:latest
3. docker启动情况下,宿主机的网络情况 - 此时宿主机会产生一个名为**docker0**的虚拟网桥```shelldocker0: flags=4099<UP,BROADCAST,MULTICAST>mtu 1500inet 172.17.0.1netmask 255.255.0.0broadcast 172.17.255.255ether 02:42:f7:55:5a:bdtxqueuelen 0(Ethernet)RX packets 0bytes 0 (0.0 B)RX errors 0dropped 0overruns 0frame 0TX packets 0bytes 0 (0.0 B)TX errors 0dropped 0 overruns 0carrier 0collisions 0eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu 1500inet 192.168.33.10netmask 255.255.255.0broadcast 192.168.33.255inet6 fe80::a00:27ff:fe29:956cprefixlen 64scopeid 0x20<link>ether 08:00:27:29:95:6ctxqueuelen 1000(Ethernet)RX packets 204bytes 20733 (20.2 KiB)RX errors 0dropped 0overruns 0frame 0TX packets 144bytes 23742 (23.1 KiB)TX errors 0dropped 0 overruns 0carrier 0collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>mtu 65536inet 127.0.0.1netmask 255.0.0.0inet6 ::1prefixlen 128scopeid 0x10<host>looptxqueuelen 1000(Local Loopback)RX packets 64bytes 5184 (5.0 KiB)RX errors 0dropped 0overruns 0frame 0TX packets 64bytes 5184 (5.0 KiB)TX errors 0dropped 0 overruns 0carrier 0collisions 01再运行alpine,然后指定基础基础容器
docker run -it --network container:alpine --name alpine-01 alpine:latest
3. docker启动情况下,宿主机的网络情况 - 此时宿主机会产生一个名为**docker0**的虚拟网桥```shelldocker0: flags=4099<UP,BROADCAST,MULTICAST>mtu 1500inet 172.17.0.1netmask 255.255.0.0broadcast 172.17.255.255ether 02:42:f7:55:5a:bdtxqueuelen 0(Ethernet)RX packets 0bytes 0 (0.0 B)RX errors 0dropped 0overruns 0frame 0TX packets 0bytes 0 (0.0 B)TX errors 0dropped 0 overruns 0carrier 0collisions 0eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu 1500inet 192.168.33.10netmask 255.255.255.0broadcast 192.168.33.255inet6 fe80::a00:27ff:fe29:956cprefixlen 64scopeid 0x20<link>ether 08:00:27:29:95:6ctxqueuelen 1000(Ethernet)RX packets 204by