1、Docker网络基础
1.1.Docker0
学前准备
#清空所有环境(镜像、卷、容器等)
#清除所有镜像
[root@localhost ~]# docker rmi -f $(docker images -qa)
#清除所有容器
[root@localhost ~]# docker rm -f $(docker ps -qa)
#清除所有卷
[root@localhost ~]# docker volume rm -f $(docker volume ls)
#检查默认网络
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
8f615dbd3633 bridge bridge local
e3f87c1992b3 host host local
c6953bc86adb none null local
1.1.1.查看系统网卡。
重点是docker0,docker0是docker生成的网卡,后面学习全部围绕docker0网卡
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:ec:95:ba brd ff:ff:ff:ff:ff:ff
inet 192.168.4.110/24 brd 192.168.4.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feec:95ba/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:1c:a7:95 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:1c:a7:95 brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:24:aa:59:e9 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
# Docker服务安装完成之后,默认在每个宿主机会生成一个名称为docker0的网卡其IP地址都是172.17.0.1/16
问题:docker,是如何处理容器网络访问的?
1.1.2.启动一个容器,测试与宿主机的网络连通性
[root@localhost ~]# docker run -d -it --name centos centos:latest
e22ef8dcca762558751430b907fd8d92bf9da578e7c9ed68929e2521167a7e58
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e22ef8dcca76 centos:latest "/bin/bash" 3 seconds ago Up 1 second centos
# 查看容器IP地址
[root@localhost ~]# docker exec -it centos ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
# 测试容器与宿主机的连通性
[root@localhost ~]# docker exec -it centos bash
[root@e22ef8dcca76 /]# ping 192.168.4.110
PING 192.168.4.110 (192.168.4.110) 56(84) bytes of data.
64 bytes from 192.168.4.110: icmp_seq=1 ttl=64 time=0.085 ms
64 bytes from 192.168.4.110: icmp_seq=2 ttl=64 time=0.055 ms
64 bytes from 192.168.4.110: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from 192.168.4.110: icmp_seq=4 ttl=64 time=0.058 ms
64 bytes from 192.168.4.110: icmp_seq=5 ttl=64 time=0.054 ms
^C
--- 192.168.4.110 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4096ms
rtt min/avg/max/mdev = 0.054/0.061/0.085/0.013 ms
id="h3-u539Fu7406uFF1A">原理:
(1)我们没启动一个docker容器,docker就会给docker容器分配一个ip,我们只要安装了docker,就会有一个网卡docker0,网卡模式为桥接模式,使用的技术veth-pair技术。
#再次查看宿主机IP地址,会发现多了一个网卡
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:ec:95:ba brd ff:ff:ff:ff:ff:ff
inet 192.168.4.110/24 brd 192.168.4.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feec:95ba/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:1c:a7:95 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:1c:a7:95 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:24:aa:59:e9 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:24ff:feaa:59e9/64 scope link
valid_lft forever preferred_lft forever
# 多了一个veth45ec7ad@if10网卡
11: veth45ec7ad@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 4a:78:73:3b:ac:ef brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::4878:73ff:fe3b:acef/64 scope link
valid_lft forever preferred_lft forever
注意观察宿主机与容器网卡信息,发现共同处,
#再次创建一个容器,观察容器网卡和宿主机网卡信息,发现创建容器后宿主机会自动创建一个与容器关联的网卡。
[root@localhost ~]# docker run -d -it --name centos2 centos
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6d76a29ec626 centos "/bin/bash" About a minute ago Up About a minute centos2
e22ef8dcca76 centos:latest "/bin/bash" 19 minutes ago Up 19 minutes centos
1.1.3.测试容器centos和centos2之间的连通性
[root@localhost ~]# docker exec -it centos ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.086 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.056 ms
64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.060 ms
64 bytes from 172.17.0.3: icmp_seq=4 ttl=64 time=0.054 ms
64 bytes from 172.17.0.3: icmp_seq=5 ttl=64 time=0.057 ms
^X^C
--- 172.17.0.3 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6146ms
rtt min/avg/max/mdev = 0.054/0.060/0.086/0.014 ms
[root@localhost ~]#
结论:容器之间是可以互相通信的,容器之间共用一个路由器(Docker0)即处于同一子网下,centos把请求通过veth-pair技术转发给Docker0,Docker0在转发给cento2,从而实现容器之间互通。所以容器不指定网络的情况下都是通过Docker0路由,Docker0会给我们容器分配一个默认的可用IP地址。默认子网掩码是/16,该子网下共有256*256=65536个IP地址,减去网络地址和广播地址,共计可用65536-2=65534个IP地址。
Docker0与宿主机网卡之间是直连双向NAT关系。
Docker中所有的网络接口都是虚拟的,虚拟转发效率高。
只要容器删除对应的veth-pair就没了。
1.2.veth-pair技术
顾名思义,veth-pair 就是一对的虚拟设备接口,和 tap/tun 设备不同的是,它都是成对出现的。一端连着协议栈,一端彼此相连着。如下图所示:
正因为有这个特性,它常常充当着一个桥梁,连接着各种虚拟网络设备,典型的例子像“两个 namespace 之间的连接”,“Bridge、OVS 之间的连接”,“Docker 容器之间的连接” 等等,以此构建出非常复杂的虚拟网络结构,比如 OpenStack Neutron。
1.3.容器互联--Link
思考一个场景,我们编写一个微服务,database url=ip,项目不重启,数据库IP换掉了,我们希望可以处理这个问题,可以使用名字进行容器访问?
#测试使用容器centos ping centos2,用容器名测试
[root@localhost ~]# docker exec -it centos ping centos2
ping: centos2: Name or service not known
#发现不通,如何解决这个问题呢?
1.3.1.启动一个容器,使用--link,进行容器名互联
[root@localhost ~]# docker run --name centos3 -d -it --link centos2 centos
c807a047feda3d387a81673c99955cd34fb73f22f15ca252260d0546b7b54849
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c807a047feda centos "/bin/bash" 6 seconds ago Up 5 seconds centos3
6d76a29ec626 centos "/bin/bash" About an hour ago Up About an hour centos2
e22ef8dcca76 centos:latest "/bin/bash" About an hour ago Up About an hour centos
#测试联通性,可以ping通。反向可以连通嘛?使用centos2 ping centos3。答案不一定可以。如果要实现centos2 ping centos3,创建容器centos2的时候也需要link一下。
[root@localhost ~]# docker exec -it centos3 ping centos2
PING centos2 (172.17.0.3) 56(84) bytes of data.
64 bytes from centos2 (172.17.0.3): icmp_seq=1 ttl=64 time=0.085 ms
64 bytes from centos2 (172.17.0.3): icmp_seq=2 ttl=64 time=0.060 ms
64 bytes from centos2 (172.17.0.3): icmp_seq=3 ttl=64 time=0.060 ms
64 bytes from centos2 (172.17.0.3): icmp_seq=4 ttl=64 time=0.059 ms
64 bytes from centos2 (172.17.0.3): icmp_seq=5 ttl=64 time=0.060 ms
^C
--- centos2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4076ms
rtt min/avg/max/mdev = 0.059/0.064/0.085/0.014 ms
[root@localhost ~]# docker exec -it centos2 ping centos3
ping: centos3: Name or service not known
#分别查看容器centos2和centos3的本地hosts文件,查看本地域名解析。发现容器3上存在容器centos2的名称解析,而容器centos2上没有容器cnetos3的名称解析,所以容器centos2无法通过名称ping通容器centos3
[root@localhost ~]# docker exec -it centos3 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 centos2 6d76a29ec626 #存在容器centos2的域名解析
172.17.0.4 c807a047feda
[root@localhost ~]# docker exec -it centos2 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 6d76a29ec626
--link本质上实在容器中hosts文件中添加名称解析,现在已经不使用了。我们需要的是自定义网络,不适用docker0.
Docker0存在的问题:不支持容器名连接访问。
2.自定义网络
#命令参数
[root@localhost ~]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands: connect Connect a container to a network #将容器连接到网络 create Create a network #创建网络 disconnect Disconnect a container from a network #断开容器与网络的连接 inspect Display detailed information on one or more networks #显示一个或多个网络的详细信息 ls List networks #列出网络 prune Remove all unused networks #删除所有未使用的网络 rm Remove one or more networks #删除一个或多个网络
Run 'docker network COMMAND --help' for more information on a command.
#Docker的网络支持5种网络模式:
none #不配置网络
bridge #桥接(自己创建也使用桥接模式)
host #主机模式,与宿主机共享网络
container #容器内网络连通(用的少,局限性很大)
network-name #自定义网络
#我们之前直接启动的命令,包含了默认命令:--net bridge
[root@localhost ~]# docker run --name centos3 -d -it centos
-
=等价于
-
[root@localhost ~]# docker run --name centos3 -d -it --net bridge centos
#docker0特点:默认,域名不能访问,可以使用--link打通连接,现在不适用。
2.1.查看docker所有网络
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
93da780fc672 bridge bridge local #默认Docker0网络
e3f87c1992b3 host host local
c6953bc86adb none null local
2.2.创建自定义网络
2.2.1.创建一个简单的自定义网络
--driver #网络模式
--subnet #子网
--gateway #网关地址
[root@localhost ~]#
ec97dca5039a6695dd14729eaa21ed0e4383c6e734dcd91d799a50792d9ef587
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
93da780fc672 bridge bridge local
e3f87c1992b3 host host local
ec97dca5039a mynet bridge local
c6953bc86adb none null local
[root@localhost ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "ec97dca5039a6695dd14729eaa21ed0e4383c6e734dcd91d799a50792d9ef587",
"Created": "2023-08-17T12:02:26.279341134+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.200.0/24",
"Gateway": "192.168.200.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
2.2.2.启动2个容器使用自定义网络,并查看相关信息,使用容器名测试连通性
#创建容器1
[root@localhost ~]# docker run -d -it --name centos1 --network mynet centos
b3a14527656942f503ce93098a16cebbc1893b2947559cabbe6addb45195efd2
[root@localhost ~]# docker exec -it centos1 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:c8:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.200.2/24 brd 192.168.200.255 scope global eth0
valid_lft forever preferred_lft forever
#创建容器2
[root@localhost ~]# docker run -d -it --name centos2 --network mynet centos
dc9ed6fb825753ff0fa7dfc74efb04f98af02bdc014c6c01002f580242c19e9d
[root@localhost ~]# docker exec -it centos2 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:c8:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.200.3/24 brd 192.168.200.255 scope global eth0
valid_lft forever preferred_lft forever
#查看mynet网络信息
[root@localhost ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "ec97dca5039a6695dd14729eaa21ed0e4383c6e734dcd91d799a50792d9ef587",
"Created": "2023-08-17T12:02:26.279341134+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.200.0/24",
"Gateway": "192.168.200.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"b3a14527656942f503ce93098a16cebbc1893b2947559cabbe6addb45195efd2": {
"Name": "centos1",
"EndpointID": "d8b8a95eaa5b974bfcf5c343738597da9d15555c5466acc98ad9a5b5e5133aa0",
"MacAddress": "02:42:c0:a8:c8:02",
"IPv4Address": "192.168.200.2/24",
"IPv6Address": ""
},
"dc9ed6fb825753ff0fa7dfc74efb04f98af02bdc014c6c01002f580242c19e9d": {
"Name": "centos2",
"EndpointID": "771aefc14d74a087dc84aad86aa6ad074c2012f156a3ba0e3044168e2d7ac9cc",
"MacAddress": "02:42:c0:a8:c8:03",
"IPv4Address": "192.168.200.3/24",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
#使用容器名测试容器间的连通性
[root@localhost ~]# docker exec -it centos1 ping centos2
PING centos2 (192.168.200.3) 56(84) bytes of data.
64 bytes from centos2.mynet (192.168.200.3): icmp_seq=1 ttl=64 time=0.061 ms
64 bytes from centos2.mynet (192.168.200.3): icmp_seq=2 ttl=64 time=0.062 ms
64 bytes from centos2.mynet (192.168.200.3): icmp_seq=3 ttl=64 time=0.084 ms
^C
--- centos2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
rtt min/avg/max/mdev = 0.061/0.069/0.084/0.010 ms
[root@localhost ~]# docker exec -it centos2 ping centos1
PING centos1 (192.168.200.2) 56(84) bytes of data.
64 bytes from centos1.mynet (192.168.200.2): icmp_seq=1 ttl=64 time=0.109 ms
64 bytes from centos1.mynet (192.168.200.2): icmp_seq=2 ttl=64 time=0.063 ms
64 bytes from centos1.mynet (192.168.200.2): icmp_seq=3 ttl=64 time=0.062 ms
^C
--- centos1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2091ms
rtt min/avg/max/mdev = 0.062/0.078/0.109/0.021 ms
我们自定义的网络docker已经帮我们维护好了对应的关系。不需要通过--link指定,通过平时自定义使用网络。
好出:redis- mysql- #不同的集群使用不同的网络,保证了集群的安全和健康。
3.自定义网络之间的互通
实现如下功能:
(1)分别定义两个网络:
mynet110 --subnet 172.0.110.0/24 --gateway 172.0.110.1
mynet120 --subnet 172.0.120.0/24 --gateway 172.0.120.1
(2)分别在两个网络下,创建1个容器。测试不同网络下,容器间连通性情况。
不同网络下容器互通原理:把容器加入到别的网络下,试该容器获得对应网络的地址,这样就可以实现互通。
#命令参数
docker network connect 【网络名称】 【容器ID/名称】
3.1.创建相关网络
[root@localhost ~]# docker network create --driver bridge --subnet 172.0.110.0/24 --gateway 172.0.110.1 mynet110
[root@localhost ~]# docker network create --driver bridge --subnet 172.0.120.0/24 --gateway 172.0.120.1 mynet120
3.2.分别创建容器
[root@localhost ~]# docker run -d -it --name centos-mynet110-01 --network mynet110 centos:latest
[root@localhost ~]# docker run -d -it --name centos-mynet120-01 --network mynet120 centos:latest
[root@localhost ~]# docker exec -it centos-mynet110-01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:00:6e:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.0.110.2/24 brd 172.0.110.255 scope global eth0
valid_lft forever preferred_lft forever
[root@localhost ~]# docker exec -it centos-mynet120-01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
25: eth0@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:00:78:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.0.120.2/24 brd 172.0.120.255 scope global eth0
valid_lft forever preferred_lft forever
3.3.测试容器间的连通性
[root@localhost ~]# docker exec -it centos-mynet110-01 ping centos-mynet120-01
ping: centos-mynet120-01: Name or service not known
#容器间无法通信
3.4.配置容器网络
#将容器centos-mynet110-01加入到网络mynet120下,该容器将获得2个IP地址
[root@localhost ~]# docker network connect mynet120 centos-mynet110-01
[root@localhost ~]# docker exec -it centos-mynet110-01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:00:6e:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.0.110.2/24 brd 172.0.110.255 scope global eth0
valid_lft forever preferred_lft forever
27: eth1@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:00:78:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.0.120.3/24 brd 172.0.120.255 scope global eth1
valid_lft forever preferred_lft forever
3.5.再次测试容器间的连通性
[root@localhost ~]# docker exec -it centos-mynet110-01 ping centos-mynet120-01
PING centos-mynet120-01 (172.0.120.2) 56(84) bytes of data.
64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=1 ttl=64 time=0.089 ms
64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=2 ttl=64 time=0.062 ms
64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=3 ttl=64 time=0.060 ms
64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=4 ttl=64 time=0.062 ms
64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=5 ttl=64 time=0.059 ms
^C
--- centos-mynet120-01 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4086ms
rtt min/avg/max/mdev = 0.059/0.066/0.089/0.013 ms
4.Docker容器与宿主机同网段配置
4.1、查看所有容器ip地址
docker inspect --format='{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -aq)
4.2、将docker容器设置为宿主机同一网段
一、本文主要讲述,将docker的容器ip设置为宿主机同一网段,并且允许宿主机以及局域网其它机器访问它。
1、创建docker的虚拟网络,本人局域网的网段为192.168.1.0/24,网关为路由器的192.168.1.1
docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o parent=br0 docker-bridge
2、创建docker容器,通过network参数指定前面创建的虚拟网络,ip参数指定容器的ip地址。下面是个例子,具体命令可以自行替换
docker run -itd --name test --network=docker-bridge --ip=192.168.1.18 alpine
二、进行到这里之后,会发现外部机器能ping通容器,但是宿主机无法ping通,这是因为macvlan的原因,还需要进行以下步骤
1、添加一个虚拟网卡并桥接到物理网卡,我这里因为上面还有一层虚拟网桥,所以用的是br0,否则就是用物理网卡名
ip link add macvlan-proxy link br0 type macvlan mode bridge
2、给虚拟网卡配置ip,这里可以是网段内任意ip,但是要避免ip冲突
ip addr add 192.168.1.16 dev macvlan-proxy
3、启用虚拟网卡
ip link set macvlan-proxy up
4、添加路由映射表,这里ip使用容器的ip
ip route add 192.168.1.18 dev macvlan-proxy
评论区