侧边栏壁纸
博主头像
一揽芳华 博主等级

行动起来,活在当下

  • 累计撰写 246 篇文章
  • 累计创建 24 个标签
  • 累计收到 7 条评论

目 录CONTENT

文章目录

Docker网络

芳华是个男孩!
2024-10-11 / 0 评论 / 0 点赞 / 12 阅读 / 0 字
广告 广告

1、Docker网络基础

1.1.Docker0

学前准备

#清空所有环境(镜像、卷、容器等)

#清除所有镜像
[root@localhost ~]# docker rmi -f $(docker images -qa)
#清除所有容器
[root@localhost ~]# docker rm -f $(docker ps -qa)
#清除所有卷
[root@localhost ~]# docker volume rm -f $(docker volume ls)
#检查默认网络
[root@localhost ~]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
8f615dbd3633   bridge    bridge    local
e3f87c1992b3   host      host      local
c6953bc86adb   none      null      local

1.1.1.查看系统网卡。

重点是docker0,docker0是docker生成的网卡,后面学习全部围绕docker0网卡

[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:ec:95:ba brd ff:ff:ff:ff:ff:ff
    inet 192.168.4.110/24 brd 192.168.4.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:feec:95ba/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:1c:a7:95 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:1c:a7:95 brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:24:aa:59:e9 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
# Docker服务安装完成之后,默认在每个宿主机会生成一个名称为docker0的网卡其IP地址都是172.17.0.1/16

问题:docker,是如何处理容器网络访问的?

1.1.2.启动一个容器,测试与宿主机的网络连通性

[root@localhost ~]# docker run -d -it --name centos centos:latest
e22ef8dcca762558751430b907fd8d92bf9da578e7c9ed68929e2521167a7e58
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE           COMMAND       CREATED         STATUS        PORTS     NAMES
e22ef8dcca76   centos:latest   "/bin/bash"   3 seconds ago   Up 1 second             centos
​
# 查看容器IP地址
[root@localhost ~]# docker exec -it centos ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
​
# 测试容器与宿主机的连通性
[root@localhost ~]# docker exec -it centos bash
[root@e22ef8dcca76 /]# ping 192.168.4.110
PING 192.168.4.110 (192.168.4.110) 56(84) bytes of data.
64 bytes from 192.168.4.110: icmp_seq=1 ttl=64 time=0.085 ms
64 bytes from 192.168.4.110: icmp_seq=2 ttl=64 time=0.055 ms
64 bytes from 192.168.4.110: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from 192.168.4.110: icmp_seq=4 ttl=64 time=0.058 ms
64 bytes from 192.168.4.110: icmp_seq=5 ttl=64 time=0.054 ms
^C
--- 192.168.4.110 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4096ms
rtt min/avg/max/mdev = 0.054/0.061/0.085/0.013 ms

id="h3-u539Fu7406uFF1A">原理:

(1)我们没启动一个docker容器,docker就会给docker容器分配一个ip,我们只要安装了docker,就会有一个网卡docker0,网卡模式为桥接模式,使用的技术veth-pair技术。

#再次查看宿主机IP地址,会发现多了一个网卡

[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:ec:95:ba brd ff:ff:ff:ff:ff:ff
    inet 192.168.4.110/24 brd 192.168.4.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:feec:95ba/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:1c:a7:95 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:1c:a7:95 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:24:aa:59:e9 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:24ff:feaa:59e9/64 scope link
       valid_lft forever preferred_lft forever
​
# 多了一个veth45ec7ad@if10网卡
11: veth45ec7ad@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
    link/ether 4a:78:73:3b:ac:ef brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::4878:73ff:fe3b:acef/64 scope link
       valid_lft forever preferred_lft forever

注意观察宿主机与容器网卡信息,发现共同处,

#再次创建一个容器,观察容器网卡和宿主机网卡信息,发现创建容器后宿主机会自动创建一个与容器关联的网卡。

[root@localhost ~]# docker run -d -it --name centos2 centos
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE           COMMAND       CREATED              STATUS              PORTS     NAMES
6d76a29ec626   centos          "/bin/bash"   About a minute ago   Up About a minute             centos2
e22ef8dcca76   centos:latest   "/bin/bash"   19 minutes ago       Up 19 minutes                 centos

1.1.3.测试容器centos和centos2之间的连通性

[root@localhost ~]# docker exec -it centos ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.086 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.056 ms
64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.060 ms
64 bytes from 172.17.0.3: icmp_seq=4 ttl=64 time=0.054 ms
64 bytes from 172.17.0.3: icmp_seq=5 ttl=64 time=0.057 ms
^X^C
--- 172.17.0.3 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6146ms
rtt min/avg/max/mdev = 0.054/0.060/0.086/0.014 ms
[root@localhost ~]#

结论:容器之间是可以互相通信的,容器之间共用一个路由器(Docker0)即处于同一子网下,centos把请求通过veth-pair技术转发给Docker0,Docker0在转发给cento2,从而实现容器之间互通。所以容器不指定网络的情况下都是通过Docker0路由,Docker0会给我们容器分配一个默认的可用IP地址。默认子网掩码是/16,该子网下共有256*256=65536个IP地址,减去网络地址和广播地址,共计可用65536-2=65534个IP地址。

Docker0与宿主机网卡之间是直连双向NAT关系。

Docker中所有的网络接口都是虚拟的,虚拟转发效率高。

只要容器删除对应的veth-pair就没了。

1.2.veth-pair技术

顾名思义,veth-pair 就是一对的虚拟设备接口,和 tap/tun 设备不同的是,它都是成对出现的。一端连着协议栈,一端彼此相连着。如下图所示:

正因为有这个特性,它常常充当着一个桥梁,连接着各种虚拟网络设备,典型的例子像“两个 namespace 之间的连接”,“Bridge、OVS 之间的连接”,“Docker 容器之间的连接” 等等,以此构建出非常复杂的虚拟网络结构,比如 OpenStack Neutron。

思考一个场景,我们编写一个微服务,database url=ip,项目不重启,数据库IP换掉了,我们希望可以处理这个问题,可以使用名字进行容器访问?

#测试使用容器centos ping centos2,用容器名测试

[root@localhost ~]# docker exec -it centos ping centos2
ping: centos2: Name or service not known

#发现不通,如何解决这个问题呢?

1.3.1.启动一个容器,使用--link,进行容器名互联

[root@localhost ~]# docker run --name centos3 -d -it --link centos2 centos
c807a047feda3d387a81673c99955cd34fb73f22f15ca252260d0546b7b54849
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE           COMMAND       CREATED             STATUS             PORTS     NAMES
c807a047feda   centos          "/bin/bash"   6 seconds ago       Up 5 seconds                 centos3
6d76a29ec626   centos          "/bin/bash"   About an hour ago   Up About an hour             centos2
e22ef8dcca76   centos:latest   "/bin/bash"   About an hour ago   Up About an hour             centos

#测试联通性,可以ping通。反向可以连通嘛?使用centos2 ping centos3。答案不一定可以。如果要实现centos2 ping centos3,创建容器centos2的时候也需要link一下。

[root@localhost ~]# docker exec -it centos3 ping centos2
PING centos2 (172.17.0.3) 56(84) bytes of data.
64 bytes from centos2 (172.17.0.3): icmp_seq=1 ttl=64 time=0.085 ms
64 bytes from centos2 (172.17.0.3): icmp_seq=2 ttl=64 time=0.060 ms
64 bytes from centos2 (172.17.0.3): icmp_seq=3 ttl=64 time=0.060 ms
64 bytes from centos2 (172.17.0.3): icmp_seq=4 ttl=64 time=0.059 ms
64 bytes from centos2 (172.17.0.3): icmp_seq=5 ttl=64 time=0.060 ms
^C
--- centos2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4076ms
rtt min/avg/max/mdev = 0.059/0.064/0.085/0.014 ms


[root@localhost ~]# docker exec -it centos2 ping centos3
ping: centos3: Name or service not known

#分别查看容器centos2和centos3的本地hosts文件,查看本地域名解析。发现容器3上存在容器centos2的名称解析,而容器centos2上没有容器cnetos3的名称解析,所以容器centos2无法通过名称ping通容器centos3

[root@localhost ~]# docker exec -it centos3 cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3      centos2 6d76a29ec626    #存在容器centos2的域名解析
172.17.0.4      c807a047feda

[root@localhost ~]# docker exec -it centos2 cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3      6d76a29ec626

--link本质上实在容器中hosts文件中添加名称解析,现在已经不使用了。我们需要的是自定义网络,不适用docker0.

Docker0存在的问题:不支持容器名连接访问。

2.自定义网络

#命令参数

[root@localhost ~]# docker network --help

Usage: docker network COMMAND

Manage networks

Commands: connect Connect a container to a network #将容器连接到网络 create Create a network #创建网络 disconnect Disconnect a container from a network #断开容器与网络的连接 inspect Display detailed information on one or more networks #显示一个或多个网络的详细信息 ls List networks #列出网络 prune Remove all unused networks #删除所有未使用的网络 rm Remove one or more networks #删除一个或多个网络

Run 'docker network COMMAND --help' for more information on a command.

#Docker的网络支持5种网络模式:

none #不配置网络

bridge #桥接(自己创建也使用桥接模式)

host #主机模式,与宿主机共享网络

container #容器内网络连通(用的少,局限性很大)

network-name #自定义网络

#我们之前直接启动的命令,包含了默认命令:--net bridge

[root@localhost ~]# docker run --name centos3 -d -it  centos
-
=等价于
-
[root@localhost ~]# docker run --name centos3 -d -it --net bridge  centos

#docker0特点:默认,域名不能访问,可以使用--link打通连接,现在不适用。

2.1.查看docker所有网络

[root@localhost ~]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
93da780fc672   bridge    bridge    local        #默认Docker0网络
e3f87c1992b3   host      host      local
c6953bc86adb   none      null      local

2.2.创建自定义网络

2.2.1.创建一个简单的自定义网络

--driver #网络模式

--subnet #子网

--gateway #网关地址

[root@localhost ~]#
ec97dca5039a6695dd14729eaa21ed0e4383c6e734dcd91d799a50792d9ef587
[root@localhost ~]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
93da780fc672   bridge    bridge    local
e3f87c1992b3   host      host      local
ec97dca5039a   mynet     bridge    local
c6953bc86adb   none      null      local

[root@localhost ~]# docker network inspect mynet
[
    {
        "Name": "mynet",
        "Id": "ec97dca5039a6695dd14729eaa21ed0e4383c6e734dcd91d799a50792d9ef587",
        "Created": "2023-08-17T12:02:26.279341134+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.200.0/24",
                    "Gateway": "192.168.200.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

2.2.2.启动2个容器使用自定义网络,并查看相关信息,使用容器名测试连通性

#创建容器1
[root@localhost ~]# docker run -d -it --name centos1 --network mynet centos
b3a14527656942f503ce93098a16cebbc1893b2947559cabbe6addb45195efd2
[root@localhost ~]# docker exec -it centos1 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:c0:a8:c8:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.200.2/24 brd 192.168.200.255 scope global eth0
       valid_lft forever preferred_lft forever

#创建容器2       
[root@localhost ~]# docker run -d -it --name centos2 --network mynet centos
dc9ed6fb825753ff0fa7dfc74efb04f98af02bdc014c6c01002f580242c19e9d
[root@localhost ~]# docker exec -it centos2 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:c0:a8:c8:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.200.3/24 brd 192.168.200.255 scope global eth0
       valid_lft forever preferred_lft forever     

#查看mynet网络信息
[root@localhost ~]# docker network inspect mynet
[
    {
        "Name": "mynet",
        "Id": "ec97dca5039a6695dd14729eaa21ed0e4383c6e734dcd91d799a50792d9ef587",
        "Created": "2023-08-17T12:02:26.279341134+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.200.0/24",
                    "Gateway": "192.168.200.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "b3a14527656942f503ce93098a16cebbc1893b2947559cabbe6addb45195efd2": {
                "Name": "centos1",
                "EndpointID": "d8b8a95eaa5b974bfcf5c343738597da9d15555c5466acc98ad9a5b5e5133aa0",
                "MacAddress": "02:42:c0:a8:c8:02",
                "IPv4Address": "192.168.200.2/24",
                "IPv6Address": ""
            },
            "dc9ed6fb825753ff0fa7dfc74efb04f98af02bdc014c6c01002f580242c19e9d": {
                "Name": "centos2",
                "EndpointID": "771aefc14d74a087dc84aad86aa6ad074c2012f156a3ba0e3044168e2d7ac9cc",
                "MacAddress": "02:42:c0:a8:c8:03",
                "IPv4Address": "192.168.200.3/24",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

#使用容器名测试容器间的连通性
[root@localhost ~]# docker exec -it centos1 ping centos2
PING centos2 (192.168.200.3) 56(84) bytes of data.
64 bytes from centos2.mynet (192.168.200.3): icmp_seq=1 ttl=64 time=0.061 ms
64 bytes from centos2.mynet (192.168.200.3): icmp_seq=2 ttl=64 time=0.062 ms
64 bytes from centos2.mynet (192.168.200.3): icmp_seq=3 ttl=64 time=0.084 ms
^C
--- centos2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
rtt min/avg/max/mdev = 0.061/0.069/0.084/0.010 ms

[root@localhost ~]# docker exec -it centos2 ping centos1
PING centos1 (192.168.200.2) 56(84) bytes of data.
64 bytes from centos1.mynet (192.168.200.2): icmp_seq=1 ttl=64 time=0.109 ms
64 bytes from centos1.mynet (192.168.200.2): icmp_seq=2 ttl=64 time=0.063 ms
64 bytes from centos1.mynet (192.168.200.2): icmp_seq=3 ttl=64 time=0.062 ms
^C
--- centos1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2091ms
rtt min/avg/max/mdev = 0.062/0.078/0.109/0.021 ms

我们自定义的网络docker已经帮我们维护好了对应的关系。不需要通过--link指定,通过平时自定义使用网络。

好出:redis- mysql- #不同的集群使用不同的网络,保证了集群的安全和健康。

3.自定义网络之间的互通

实现如下功能:

(1)分别定义两个网络:

mynet110 --subnet 172.0.110.0/24 --gateway 172.0.110.1

mynet120 --subnet 172.0.120.0/24 --gateway 172.0.120.1

(2)分别在两个网络下,创建1个容器。测试不同网络下,容器间连通性情况。

不同网络下容器互通原理:把容器加入到别的网络下,试该容器获得对应网络的地址,这样就可以实现互通。

#命令参数

docker network connect 【网络名称】 【容器ID/名称】

3.1.创建相关网络

[root@localhost ~]# docker network create --driver bridge --subnet 172.0.110.0/24 --gateway 172.0.110.1 mynet110
[root@localhost ~]# docker network create --driver bridge --subnet 172.0.120.0/24 --gateway 172.0.120.1 mynet120

3.2.分别创建容器

[root@localhost ~]# docker run -d -it --name centos-mynet110-01 --network mynet110 centos:latest
[root@localhost ~]# docker run -d -it --name centos-mynet120-01 --network mynet120 centos:latest
[root@localhost ~]# docker exec -it centos-mynet110-01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:00:6e:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.0.110.2/24 brd 172.0.110.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@localhost ~]# docker exec -it centos-mynet120-01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
25: eth0@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:00:78:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.0.120.2/24 brd 172.0.120.255 scope global eth0
       valid_lft forever preferred_lft forever

3.3.测试容器间的连通性

[root@localhost ~]# docker exec -it centos-mynet110-01 ping centos-mynet120-01
ping: centos-mynet120-01: Name or service not known

#容器间无法通信

3.4.配置容器网络

#将容器centos-mynet110-01加入到网络mynet120下,该容器将获得2个IP地址

[root@localhost ~]# docker network connect mynet120 centos-mynet110-01
[root@localhost ~]# docker exec -it centos-mynet110-01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:00:6e:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.0.110.2/24 brd 172.0.110.255 scope global eth0
       valid_lft forever preferred_lft forever
27: eth1@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:00:78:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.0.120.3/24 brd 172.0.120.255 scope global eth1
       valid_lft forever preferred_lft forever

3.5.再次测试容器间的连通性

[root@localhost ~]# docker exec -it centos-mynet110-01 ping centos-mynet120-01
PING centos-mynet120-01 (172.0.120.2) 56(84) bytes of data.
64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=1 ttl=64 time=0.089 ms
64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=2 ttl=64 time=0.062 ms
64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=3 ttl=64 time=0.060 ms
64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=4 ttl=64 time=0.062 ms
64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=5 ttl=64 time=0.059 ms
^C
--- centos-mynet120-01 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4086ms
rtt min/avg/max/mdev = 0.059/0.066/0.089/0.013 ms

4.Docker容器与宿主机同网段配置

4.1、查看所有容器ip地址

docker inspect --format='{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -aq)

4.2、将docker容器设置为宿主机同一网段

一、本文主要讲述,将docker的容器ip设置为宿主机同一网段,并且允许宿主机以及局域网其它机器访问它。
1、创建docker的虚拟网络,本人局域网的网段为192.168.1.0/24,网关为路由器的192.168.1.1
docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o parent=br0 docker-bridge
2、创建docker容器,通过network参数指定前面创建的虚拟网络,ip参数指定容器的ip地址。下面是个例子,具体命令可以自行替换
docker run -itd --name test --network=docker-bridge --ip=192.168.1.18 alpine
二、进行到这里之后,会发现外部机器能ping通容器,但是宿主机无法ping通,这是因为macvlan的原因,还需要进行以下步骤
1、添加一个虚拟网卡并桥接到物理网卡,我这里因为上面还有一层虚拟网桥,所以用的是br0,否则就是用物理网卡名
ip link add macvlan-proxy link br0 type macvlan mode bridge
2、给虚拟网卡配置ip,这里可以是网段内任意ip,但是要避免ip冲突
ip addr add 192.168.1.16 dev macvlan-proxy
3、启用虚拟网卡
ip link set macvlan-proxy up
4、添加路由映射表,这里ip使用容器的ip
ip route add 192.168.1.18 dev macvlan-proxy

0
广告 广告

评论区