docker的网络类型和使用方式
docker的网络类型
5种网络类型
bridge
默认类型,桥接到宿主机docker0的网络,有点类似于VM虚拟机的NAT网络模型。
案例:
docker run --rm -itd --network bridge --name wzy666wzy-bridge alpine
host
host类型,共享宿主机的网络空间,网络性能是最高的。
案例:
docker run --rm -itd --network host --name wzy666wzy-host alpine
none
只有本地回环网卡,没有其他网络,即该容器不能上网。
案例:
docker run --rm -itd --network none --name wzy666wzy-none alpine
container
共享其他容器的网络,这个网络在K8S中Pod是频繁使用的。
案例:
docker run --rm -itd --network container:wzy666wzy-bridge --name wzy666wzy-container alpine
custom network
自定义网络,我们可以使用"docker network create"创建自定义网络。
同一个自定义网络中,各个容器可以直接基于容器名称进行通信,无需解析"/etc/hosts"!
bridge类型
docker run -dit --network bridge --name bri-net apps:v1
host类型
docker run -dit --network host --name host-net apps:v1
none不使用网络连接
docker run -dit --network none --name none-net apps:v1
自定义网络
link互联
创建容器
[root@docker101~]# docker run -di --name c1 apps:v1
[root@docker101~]# docker run -di --name c2 --link c1 apps:v1
查看ip,2个容器的IP并不相同
停止容器c1导致c2没有ip
docker stop c1
开启容器c1可以解决c2没网的问题
create network
创建
创建网络时可以自定义网关,IP地址范围,子网范围,网络类型等
创建:docker network create --subnet 20.0.0.0/24 --ip-range 20.0.0.254/24 --gateway 20.0.0.254 qwe
– 默认是bridge类型
-d bridge 手动指定类型
删除:docker network docker network rm qwe
使用
[root@docker101~]# docker run -d --name net-qwe -p 80:80 --network qwe apps:v1
8851c9662496ce924b299786789cc85b9e8ee3fa4781156959d106cba45660e6
[root@docker101~]# curl 10.0.0.101
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>yinzhengjie apps v1</title>
<style>
div img {
width: 900px;
height: 600px;
margin: 0;
}
</style>
</head>
<body>
<h1 style="color: green">凡人修仙传 v1 </h1>
<div>
<img src="1.jpg">
<div>
</body>
</html>
[root@docker101~]# docker exec -it net-qwe ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:14:00:00:01 brd ff:ff:ff:ff:ff:ff
inet 20.0.0.1/24 brd 20.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
[root@docker101~]# docker container inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' net-qwe
20.0.0.1
使用自定义网络自动写入hosts
[root@docker101~]# docker network create -d bridge --subnet 11.0.0.0/24 --gateway 11.0.0.254 wzy666
[root@docker101~]# docker run -d -p 81:80 --name n1 --network wzy666 --ip 11.0.0.1 apps:v1
[root@docker101~]# docker run -d -p 82:80 --name n2 --network wzy666 --ip 11.0.0.2 apps:v1
# 没有手动添加hosts可以ping通
[root@docker101~]# docker exec n1 ping n2 -c3
PING n2 (11.0.0.2): 56 data bytes
64 bytes from 11.0.0.2: seq=0 ttl=64 time=0.261 ms
64 bytes from 11.0.0.2: seq=1 ttl=64 time=0.176 ms
64 bytes from 11.0.0.2: seq=2 ttl=64 time=0.166 ms
--- n2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.166/0.201/0.261 ms
[root@docker101~]# docker exec n1 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
11.0.0.1 07888692a0cf
跨节点互联
macvlan
| 节点 | 容器 | 容器IP |
|---|---|---|
| docker101 | WordPress | 172.22.0.1 |
| docker102 | database | 172.22.0.2 |
1.两个节点加载Linux内核是否支持macvlan模块,
lsmod | grep macvlan
modprobe macvlan #临时开启macvlan
lsmod | grep macvlan
2.两个节点创建同网段的自定义网络类型
docker network create -d macvlan --subnet 172.29.0.0/16 --gateway 172.29.0.254 -o parent=eth0 wzy-macvlan
3.运行容器
docker102节点:
docker run -d --name db --network wzy-macvlan --ip 172.22.0.2 \
-e MYSQL_ALLOW_EMPTY_PASSWORD=yes \
-e MYSQL_DATABASE=wordpress \
-e MYSQL_USER=wzy \
-e MYSQL_PASSWORD=wzy666 \
mysql:8.3.0-oracle
docker101节点:
docker run -d --name wp \
--network wzy-macvlan --ip 172.22.0.1 \
-e WORDPRESS_DB_HOST=172.22.0.2:3306 \
-e WORDPRESS_DB_USER=wzy \
-e WORDPRESS_DB_PASSWORD=wzy666 \
-e WORDPRESS_DB_NAME=wordpress \
-p 80:80 \
wordpress
# 最后添加bridge网卡
docker network connect bridge wp
4.访问测试网页
overlay网络
1.运行consul容器
docker run -d --network host --restart always --name=dev-consul -e CONSUL_BIND_INTERFACE=eth0 \
consul:1.15.4
root@docker101:~# ss -ntl | grep 8500
LISTEN 0 4096 *:8500 *:*
2.docker101/102客户端指定consul服务的地址(客户端对应的cluster-advertise值要根据实际情况调整)。然后重启docker.service
[root@docker101 ~]# cat /etc/docker/daemon.json
{
"cluster-store": "consul://10.0.0.101:8500",
"cluster-advertise": "10.0.0.101:6666"
}
[root@docker102~]# systemctl restart docker.service
查看consul节点信息:
3.docker101创建overlay网络
[root@docker101~]# docker network create -d overlay \
--subnet 172.30.0.0/16 --gateway 172.30.0.254 wzy-overlay
该网络同步到102节点
[root@docker102~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3009cd56b1f6 bridge bridge local
ca55b5dcb849 host host local
8a4525466e60 none null local
454a12a54ef7 wzy-overlay overlay global
4.创建容器
[root@docker101~]# docker run -d -p 81:80 --name c1 --network wzy-overlay apps:v1
[root@docker102~]# docker run -d -p 82:80 --name c2 --network wzy-overlay apps:v1
5.查看IP地址
[root@docker101~]# docker exec c1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
40: eth0@if41: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue state UP
link/ether 02:42:ac:1e:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.30.0.2/16 brd 172.30.255.255 scope global eth0
valid_lft forever preferred_lft forever
42: eth1@if43: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth1
valid_lft forever preferred_lft forever
[root@docker102~]# docker exec c2 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue state UP
link/ether 02:42:ac:1e:00:01 brd ff:ff:ff:ff:ff:ff
inet 172.30.0.1/16 brd 172.30.255.255 scope global eth0
valid_lft forever preferred_lft forever
11: eth1@if12: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth1
valid_lft forever preferred_lft forever
6.c1可以ping通c2,底层走了vxlan网络
_lft forever
11: eth1@if12: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth1
valid_lft forever preferred_lft forever
6.c1可以ping通c2,底层走了vxlan网络
