Docker - 网络
Docker - 网络
理解Docker0
# 我们发现这个容器带来网卡,都是一对对的
# evth-pair 就是一对的虚拟设备接口,他们都是成对出现的,一段连着协议,一段彼此相连
# 正因为有了这个特性,evth-pair 充当一个桥梁,连接各种虚拟网络设备的
# OpenStac,Docker容器之间的连接,OVS的连接,都是使用evth-pair技术
[root@iZ2zeg7mctvft5renx1qvbZ ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:16:3e:39:7c:e6 brd ff:ff:ff:ff:ff:ff
inet 172.29.161.223/20 brd 172.29.175.255 scope global dynamic eth0
valid_lft 314947070sec preferred_lft 314947070sec
inet6 fe80::216:3eff:fe39:7ce6/64 scope link
valid_lft forever preferred_lft forever
3: bond0: <NO-CARRIER,BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 2a:54:48:d3:d8:27 brd ff:ff:ff:ff:ff:ff
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ff:42:50:72 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:ffff:fe42:5072/64 scope link
valid_lft forever preferred_lft forever
106: veth366b832@if105: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether da:67:68:de:a3:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::d867:68ff:fede:a33e/64 scope link
valid_lft forever preferred_lft forever
我们每启动一个docker容器,docker就会给docker容器分配一个,我们只要安装了docker,就会有一个网卡docker0桥接模式,使用的技术是evth-pair技术!
容器和容器之间是可以通信的
容器删除,对应的网卡也会被删除
# 通过 inspect 命令可以查看到当前窗口的ip
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker inspect 70f3d34a8c4b
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "765ff8aa537de2525f0ef4a726c6e0445f29b650cace9f8288a714b6c3c33526",
"EndpointID": "ccaabe374f9fb28133823ae28e51847131be3f761a59a0cf78142a40462622e3",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:04",
"DriverOpts": null
}
}
link
不建议使用
# 通过like进行连接
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker run -d -p 8090:8080 --name tomcat02 --link tomcat -v /home/build/tomcat/test/:/usr/local/apache-tomcat-9.0.82/webapps/test -v /home/build/tomcat/tomcatlogs/:/usr/local/apache-tomcat-9.0.82/logs registry.cn-beijing.aliyuncs.com/am98/tomcat:1.0
# 测试网络是否能连通【单向绑定】
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat ping tomcat02
ping: tomcat02: Name or service not known
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat02 ping tomcat
PING tomcat (172.17.0.2) 56(84) bytes of data.
64 bytes from tomcat (172.17.0.2): icmp_seq=1 ttl=64 time=0.096 ms
64 bytes from tomcat (172.17.0.2): icmp_seq=2 ttl=64 time=0.066 ms
# 查看hosts文件,link命令只是在hosts文件中进行了映射配置
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat02 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 tomcat 9f9cdd3c8b02
172.17.0.4 70f3d34a8c4b
自定义网络
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
765ff8aa537d bridge bridge local
7a933a7d4db8 host host local
e2d2897222d8 none null local
网络模式
bridge: 连接 docker (默认,自己搭建也使用bridge模式)
host: 不配置网络
none: 和宿主机共享网络
container: 容器网络连通!(用的少!局限很大)
# 查看docker network命令
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run 'docker network COMMAND --help' for more information on a command.
测试
# 我们直接启动命令 --net bridge,而这个就是我们的docker0
docker run -d -P --name tomcat01 tomcat
docker run -d -P --name tomcat01 --net bridge tomcat
# docker0特点,默认,域名不能访问, --like可以打通连接
# 我们可以自定义一个网络
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
94ab82cab2caaea17be29c3de0f5d96cee2ee2f0342e14869558c6867cfecb97
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
765ff8aa537d bridge bridge local
7a933a7d4db8 host host local
94ab82cab2ca mynet bridge local
e2d2897222d8 none null local
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "94ab82cab2caaea17be29c3de0f5d96cee2ee2f0342e14869558c6867cfecb97",
"Created": "2023-11-14T11:17:28.325534784+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
使用自定义网络启动容器并测试
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker run -d -p 8080:8080 --name tomcat01 --net mynet -v /home/build/tomcat/test/:/usr/local/apache-tomcat-9.0.82/webapps/test -v /home/build/tomcat/tomcatlogs/:/usr/local/apache-tomcat-9.0.82/logs registry.cn-beijing.aliyuncs.com/am98/tomcat:1.0
aaead7a414095b60c6db460020213332808e74e91453e848daa31f235ee31548
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker run -d -p 8081:8080 --name tomcat02 --net mynet -v /home/build/tomcat/test/:/usr/local/apache-tomcat-9.0.82/webapps/test -v /home/build/tomcat/tomcatlogs/:/usr/local/apache-tomcat-9.0.82/logs registry.cn-beijing.aliyuncs.com/am98/tomcat:1.0
42e75fb1cd57a66fe8dde474f530b8134d1578fb7846d806831852719af54f73
# 通过 ip 容器名 均可ping通
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat02 ping tomcat01
PING tomcat01 (192.168.0.2) 56(84) bytes of data.
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat01 ping tomcat02
PING tomcat02 (192.168.0.3) 56(84) bytes of data.
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat01 ping 192.168.0.3
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.098 ms
网络连通
网络与网络之间进行打通 【mynet与net网络之间的容器进行连接】
# 官方:一个容器两个IP
# 有点类似于 阿里云 内网IP与外网IP
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker run -d -p 8082:8080 --name tomcat03 -v /home/build/tomcat/test/:/usr/local/apache-tomcat-9.0.82/webapps/test -v /home/build/tomcat/tomcatlogs/:/usr/local/apache-tomcat-9.0.82/logs registry.cn-beijing.aliyuncs.com/am98/tomcat:1.0
fc84c14688ffef862a0fbc2d5ff7d5c4fadffc1be6be2e91a9e858af333e57d1
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat03 ping tomcat02
ping: tomcat02: Name or service not known
# 网络连通后再测试
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker network connect mynet tomcat03
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat03 ping tomcat02
PING tomcat02 (192.168.0.3) 56(84) bytes of data.
部署 Redis 集群
# 创建 redis 集群的网络
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker network create --driver bridge --subnet 192.169.0.0/16 --gateway 192.169.0.1 redis
# 创建配置文件
for port in $(seq 2 7); \
do \
mkdir -p /mydata/redis/node-${port}/conf
touch /mydata/redis/node-${port}/conf/redis.conf
cat << EOF >/mydata/redis/node-${port}/conf/redis.conf
port 6379
bind 0.0.0.0
cluster-enabled yes
cluster-config-file nodes.conf
cluster-node-timeout 5000
cluster-announce-ip 172.38.0.1${port}
cluster-announce-port 6379
cluster-announce-bus-port 16379
appendonly yes
EOF
done
# 创建 redis 容器
for port in $(seq 2 7); \
do \
docker run -p 637${port}:6379 -p 1637${port}:16379 --name redis-${port} -v /mydata/redis/node-${port}/data:/data -v /mydata/redis/node-${port}/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 192.169.0.${port} redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
done
# 进入容器
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it redis-2 /bin/sh
# 创建集群
/data # redis-cli --cluster create 192.169.0.2:6379 192.169.0.3:6379 192.169.0.4:6379 192.169.0.5:6379 192.169.0.6:6379 192.169.0.7:6379 --cluster-replicas 1
# 连接集群
/data # redis-cli -c
# 查看集群信息
/data # cluster info
# 查看集群节点
/data # cluster node
SpringBoot 发布镜像
# 1.将项目打包成jar
springbootDocker-0.0.1-SNAPSHOT.jar
# 2.Dockerfile 文件编写
FROM openjdk:8
COPY *.jar /app.jar
CMD ["--server.port=8080"]
EXPOSE 8080
ENTRYPOINT ["java","-jar","/app.jar"]
# 3.上传至服务器发布镜像
[root@iZ2zeg7mctvft5renx1qvbZ boot]# docker build -t boot .
[+] Building 2.5s (7/7) FINISHED
# 4.运行镜像容器并访问
[root@iZ2zeg7mctvft5renx1qvbZ boot]# docker run -d -P boot boot
3342e5bef35c31fd1783956325ae9fe246547278d6e198bf1d43cf1e8944963f
[root@iZ2zeg7mctvft5renx1qvbZ boot]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
3342e5bef35c boot "java -jar /app.jar …" 3 seconds ago Up 3 seconds 0.0.0.0:32771->8080/tcp, :::32771->8080/tcp
[root@iZ2zeg7mctvft5renx1qvbZ boot]# curl localhost:32771/hello
Hello Docker !