Docker自学文档
学前零星使用操作
一、基础镜像篇
二、基础容器篇
三、容器数据卷
四、DockerFile构建镜像
五、网络篇
六、Docker Compose
docker 在已经启动的容器中开启端口映射
ubuntu22.04使用docker-compose部署最美博客系统
本文档使用 MrDoc 发布
-
+
home page
五、网络篇
## 1、Docker网络基础 ### 1.1.Docker0 >#### 学前准备 #清空所有环境(镜像、卷、容器等) ``` #清除所有镜像 [root@localhost ~]# docker rmi -f $(docker images -qa) #清除所有容器 [root@localhost ~]# docker rm -f $(docker ps -qa) #清除所有卷 [root@localhost ~]# docker volume rm -f $(docker volume ls) #检查默认网络 [root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 8f615dbd3633 bridge bridge local e3f87c1992b3 host host local c6953bc86adb none null local ``` #### 1.1.1.查看系统网卡。 > 重点是docker0,docker0是docker生成的网卡,后面学习全部围绕docker0网卡 ``` [root@localhost ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:ec:95:ba brd ff:ff:ff:ff:ff:ff inet 192.168.4.110/24 brd 192.168.4.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feec:95ba/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:1c:a7:95 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:1c:a7:95 brd ff:ff:ff:ff:ff:ff 5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:24:aa:59:e9 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever # Docker服务安装完成之后,默认在每个宿主机会生成一个名称为docker0的网卡其IP地址都是172.17.0.1/16 ``` `问题:docker,是如何处理容器网络访问的?` #### 1.1.2.启动一个容器,测试与宿主机的网络连通性 ``` [root@localhost ~]# docker run -d -it --name centos centos:latest e22ef8dcca762558751430b907fd8d92bf9da578e7c9ed68929e2521167a7e58 [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e22ef8dcca76 centos:latest "/bin/bash" 3 seconds ago Up 1 second centos # 查看容器IP地址 [root@localhost ~]# docker exec -it centos ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever # 测试容器与宿主机的连通性 [root@localhost ~]# docker exec -it centos bash [root@e22ef8dcca76 /]# ping 192.168.4.110 PING 192.168.4.110 (192.168.4.110) 56(84) bytes of data. 64 bytes from 192.168.4.110: icmp_seq=1 ttl=64 time=0.085 ms 64 bytes from 192.168.4.110: icmp_seq=2 ttl=64 time=0.055 ms 64 bytes from 192.168.4.110: icmp_seq=3 ttl=64 time=0.055 ms 64 bytes from 192.168.4.110: icmp_seq=4 ttl=64 time=0.058 ms 64 bytes from 192.168.4.110: icmp_seq=5 ttl=64 time=0.054 ms ^C --- 192.168.4.110 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4096ms rtt min/avg/max/mdev = 0.054/0.061/0.085/0.013 ms ``` >### 原理: > >(1)我们没启动一个docker容器,docker就会给docker容器分配一个ip,我们只要安装了docker,就会有一个网卡docker0,网卡模式为桥接模式,使用的技术veth-pair技术。 #再次查看宿主机IP地址,会发现多了一个网卡 ``` [root@localhost ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:ec:95:ba brd ff:ff:ff:ff:ff:ff inet 192.168.4.110/24 brd 192.168.4.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feec:95ba/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:1c:a7:95 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:1c:a7:95 brd ff:ff:ff:ff:ff:ff 5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:24:aa:59:e9 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:24ff:feaa:59e9/64 scope link valid_lft forever preferred_lft forever # 多了一个veth45ec7ad@if10网卡 11: veth45ec7ad@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 4a:78:73:3b:ac:ef brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::4878:73ff:fe3b:acef/64 scope link valid_lft forever preferred_lft forever ``` 注意观察宿主机与容器网卡信息,发现共同处, ![](/media/202309/image-20230817101245786.png) #再次创建一个容器,观察容器网卡和宿主机网卡信息,发现创建容器后宿主机会自动创建一个与容器关联的网卡。 ``` [root@localhost ~]# docker run -d -it --name centos2 centos [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6d76a29ec626 centos "/bin/bash" About a minute ago Up About a minute centos2 e22ef8dcca76 centos:latest "/bin/bash" 19 minutes ago Up 19 minutes centos ``` ![](/media/202309/image-20230817101519177.png) #### 1.1.3.测试容器centos和centos2之间的连通性 ``` [root@localhost ~]# docker exec -it centos ping 172.17.0.3 PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data. 64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.086 ms 64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.056 ms 64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.060 ms 64 bytes from 172.17.0.3: icmp_seq=4 ttl=64 time=0.054 ms 64 bytes from 172.17.0.3: icmp_seq=5 ttl=64 time=0.057 ms ^X^C --- 172.17.0.3 ping statistics --- 7 packets transmitted, 7 received, 0% packet loss, time 6146ms rtt min/avg/max/mdev = 0.054/0.060/0.086/0.014 ms [root@localhost ~]# ``` > 结论:容器之间是可以互相通信的,容器之间共用一个路由器(Docker0)即处于同一子网下,centos把请求通过veth-pair技术转发给Docker0,Docker0在转发给cento2,从而实现容器之间互通。所以容器不指定网络的情况下都是通过Docker0路由,Docker0会给我们容器分配一个默认的可用IP地址。默认子网掩码是/16,该子网下共有256*256=65536个IP地址,减去网络地址和广播地址,共计可用65536-2=65534个IP地址。 > > Docker0与宿主机网卡之间是直连双向NAT关系。 > > Docker中所有的网络接口都是虚拟的,虚拟转发效率高。 > > 只要容器删除对应的veth-pair就没了。 ![](/media/202309/image-20230817105634345.png) ### 1.2.veth-pair技术 顾名思义,veth-pair 就是一对的虚拟设备接口,和 tap/tun 设备不同的是,它都是成对出现的。一端连着协议栈,一端彼此相连着。如下图所示: ![](/media/202309/image-20230817103224214.png) 正因为有这个特性,它常常充当着一个桥梁,连接着各种虚拟网络设备,典型的例子像“两个 namespace 之间的连接”,“Bridge、OVS 之间的连接”,“Docker 容器之间的连接” 等等,以此构建出非常复杂的虚拟网络结构,比如 OpenStack Neutron。 ### 1.3.容器互联--Link > 思考一个场景,我们编写一个微服务,database url=ip,项目不重启,数据库IP换掉了,我们希望可以处理这个问题,可以使用名字进行容器访问? #测试使用容器centos ping centos2,用容器名测试 ```shell [root@localhost ~]# docker exec -it centos ping centos2 ping: centos2: Name or service not known ``` #发现不通,如何解决这个问题呢? 1.3.1.启动一个容器,使用--link,进行容器名互联 ```shell [root@localhost ~]# docker run --name centos3 -d -it --link centos2 centos c807a047feda3d387a81673c99955cd34fb73f22f15ca252260d0546b7b54849 [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c807a047feda centos "/bin/bash" 6 seconds ago Up 5 seconds centos3 6d76a29ec626 centos "/bin/bash" About an hour ago Up About an hour centos2 e22ef8dcca76 centos:latest "/bin/bash" About an hour ago Up About an hour centos ``` #测试联通性,可以ping通。反向可以连通嘛?使用centos2 ping centos3。答案不一定可以。如果要实现centos2 ping centos3,创建容器centos2的时候也需要link一下。 ```shell [root@localhost ~]# docker exec -it centos3 ping centos2 PING centos2 (172.17.0.3) 56(84) bytes of data. 64 bytes from centos2 (172.17.0.3): icmp_seq=1 ttl=64 time=0.085 ms 64 bytes from centos2 (172.17.0.3): icmp_seq=2 ttl=64 time=0.060 ms 64 bytes from centos2 (172.17.0.3): icmp_seq=3 ttl=64 time=0.060 ms 64 bytes from centos2 (172.17.0.3): icmp_seq=4 ttl=64 time=0.059 ms 64 bytes from centos2 (172.17.0.3): icmp_seq=5 ttl=64 time=0.060 ms ^C --- centos2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4076ms rtt min/avg/max/mdev = 0.059/0.064/0.085/0.014 ms [root@localhost ~]# docker exec -it centos2 ping centos3 ping: centos3: Name or service not known ``` #分别查看容器centos2和centos3的本地hosts文件,查看本地域名解析。发现容器3上存在容器centos2的名称解析,而容器centos2上没有容器cnetos3的名称解析,所以容器centos2无法通过名称ping通容器centos3 ```shell [root@localhost ~]# docker exec -it centos3 cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.3 centos2 6d76a29ec626 #存在容器centos2的域名解析 172.17.0.4 c807a047feda [root@localhost ~]# docker exec -it centos2 cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.3 6d76a29ec626 ``` > --link本质上实在容器中hosts文件中添加名称解析,现在已经不使用了。我们需要的是自定义网络,不适用docker0. > > Docker0存在的问题:不支持容器名连接访问。 ## 2.自定义网络 #命令参数 > [root@localhost ~]# docker network --help > > Usage: docker network COMMAND > > Manage networks > > Commands: > connect Connect a container to a network #将容器连接到网络 > create Create a network #创建网络 > disconnect Disconnect a container from a network #断开容器与网络的连接 > inspect Display detailed information on one or more networks #显示一个或多个网络的详细信息 > ls List networks #列出网络 > prune Remove all unused networks #删除所有未使用的网络 > rm Remove one or more networks #删除一个或多个网络 > > Run 'docker network COMMAND --help' for more information on a command. #Docker的网络支持5种网络模式: >none #不配置网络 > >bridge #桥接(自己创建也使用桥接模式) > >host #主机模式,与宿主机共享网络 > >container #容器内网络连通(用的少,局限性很大) > >network-name #自定义网络 #我们之前直接启动的命令,包含了默认命令:--net bridge ```shell [root@localhost ~]# docker run --name centos3 -d -it centos - =等价于 - [root@localhost ~]# docker run --name centos3 -d -it --net bridge centos #docker0特点:默认,域名不能访问,可以使用--link打通连接,现在不适用。 ``` ### 2.1.查看docker所有网络 ```shell [root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 93da780fc672 bridge bridge local #默认Docker0网络 e3f87c1992b3 host host local c6953bc86adb none null local ``` ### 2.2.创建自定义网络 #### 2.2.1.创建一个简单的自定义网络 > --driver #网络模式 > > --subnet #子网 > > --gateway #网关地址 ```shell [root@localhost ~]# ec97dca5039a6695dd14729eaa21ed0e4383c6e734dcd91d799a50792d9ef587 [root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 93da780fc672 bridge bridge local e3f87c1992b3 host host local ec97dca5039a mynet bridge local c6953bc86adb none null local [root@localhost ~]# docker network inspect mynet [ { "Name": "mynet", "Id": "ec97dca5039a6695dd14729eaa21ed0e4383c6e734dcd91d799a50792d9ef587", "Created": "2023-08-17T12:02:26.279341134+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.200.0/24", "Gateway": "192.168.200.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": {}, "Labels": {} } ] ``` #### 2.2.2.启动2个容器使用自定义网络,并查看相关信息,使用容器名测试连通性 ```shell #创建容器1 [root@localhost ~]# docker run -d -it --name centos1 --network mynet centos b3a14527656942f503ce93098a16cebbc1893b2947559cabbe6addb45195efd2 [root@localhost ~]# docker exec -it centos1 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:c0:a8:c8:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.200.2/24 brd 192.168.200.255 scope global eth0 valid_lft forever preferred_lft forever #创建容器2 [root@localhost ~]# docker run -d -it --name centos2 --network mynet centos dc9ed6fb825753ff0fa7dfc74efb04f98af02bdc014c6c01002f580242c19e9d [root@localhost ~]# docker exec -it centos2 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:c0:a8:c8:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.200.3/24 brd 192.168.200.255 scope global eth0 valid_lft forever preferred_lft forever #查看mynet网络信息 [root@localhost ~]# docker network inspect mynet [ { "Name": "mynet", "Id": "ec97dca5039a6695dd14729eaa21ed0e4383c6e734dcd91d799a50792d9ef587", "Created": "2023-08-17T12:02:26.279341134+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.200.0/24", "Gateway": "192.168.200.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "b3a14527656942f503ce93098a16cebbc1893b2947559cabbe6addb45195efd2": { "Name": "centos1", "EndpointID": "d8b8a95eaa5b974bfcf5c343738597da9d15555c5466acc98ad9a5b5e5133aa0", "MacAddress": "02:42:c0:a8:c8:02", "IPv4Address": "192.168.200.2/24", "IPv6Address": "" }, "dc9ed6fb825753ff0fa7dfc74efb04f98af02bdc014c6c01002f580242c19e9d": { "Name": "centos2", "EndpointID": "771aefc14d74a087dc84aad86aa6ad074c2012f156a3ba0e3044168e2d7ac9cc", "MacAddress": "02:42:c0:a8:c8:03", "IPv4Address": "192.168.200.3/24", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ] #使用容器名测试容器间的连通性 [root@localhost ~]# docker exec -it centos1 ping centos2 PING centos2 (192.168.200.3) 56(84) bytes of data. 64 bytes from centos2.mynet (192.168.200.3): icmp_seq=1 ttl=64 time=0.061 ms 64 bytes from centos2.mynet (192.168.200.3): icmp_seq=2 ttl=64 time=0.062 ms 64 bytes from centos2.mynet (192.168.200.3): icmp_seq=3 ttl=64 time=0.084 ms ^C --- centos2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2007ms rtt min/avg/max/mdev = 0.061/0.069/0.084/0.010 ms [root@localhost ~]# docker exec -it centos2 ping centos1 PING centos1 (192.168.200.2) 56(84) bytes of data. 64 bytes from centos1.mynet (192.168.200.2): icmp_seq=1 ttl=64 time=0.109 ms 64 bytes from centos1.mynet (192.168.200.2): icmp_seq=2 ttl=64 time=0.063 ms 64 bytes from centos1.mynet (192.168.200.2): icmp_seq=3 ttl=64 time=0.062 ms ^C --- centos1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2091ms rtt min/avg/max/mdev = 0.062/0.078/0.109/0.021 ms ``` > 我们自定义的网络docker已经帮我们维护好了对应的关系。不需要通过--link指定,通过平时自定义使用网络。 > > 好出:redis- mysql- #不同的集群使用不同的网络,保证了集群的安全和健康。 ## 3.自定义网络之间的互通 > 实现如下功能: > > (1)分别定义两个网络: > > mynet110 --subnet 172.0.110.0/24 --gateway 172.0.110.1 > > mynet120 --subnet 172.0.120.0/24 --gateway 172.0.120.1 > > (2)分别在两个网络下,创建1个容器。测试不同网络下,容器间连通性情况。 > > 不同网络下容器互通原理:把容器加入到别的网络下,试该容器获得对应网络的地址,这样就可以实现互通。 > > #命令参数 > > docker network connect 【网络名称】 【容器ID/名称】 <img src="images/image-20230817144815898.png" alt="image-20230817144815898" style="zoom:80%;" /> #### 3.1.创建相关网络 ``` [root@localhost ~]# docker network create --driver bridge --subnet 172.0.110.0/24 --gateway 172.0.110.1 mynet110 [root@localhost ~]# docker network create --driver bridge --subnet 172.0.120.0/24 --gateway 172.0.120.1 mynet120 ``` #### 3.2.分别创建容器 ```shell [root@localhost ~]# docker run -d -it --name centos-mynet110-01 --network mynet110 centos:latest [root@localhost ~]# docker run -d -it --name centos-mynet120-01 --network mynet120 centos:latest [root@localhost ~]# docker exec -it centos-mynet110-01 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:00:6e:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.0.110.2/24 brd 172.0.110.255 scope global eth0 valid_lft forever preferred_lft forever [root@localhost ~]# docker exec -it centos-mynet120-01 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 25: eth0@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:00:78:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.0.120.2/24 brd 172.0.120.255 scope global eth0 valid_lft forever preferred_lft forever ``` #### 3.3.测试容器间的连通性 ```shell [root@localhost ~]# docker exec -it centos-mynet110-01 ping centos-mynet120-01 ping: centos-mynet120-01: Name or service not known ``` #容器间无法通信 #### 3.4.配置容器网络 #将容器centos-mynet110-01加入到网络mynet120下,该容器将获得2个IP地址 ```shell [root@localhost ~]# docker network connect mynet120 centos-mynet110-01 [root@localhost ~]# docker exec -it centos-mynet110-01 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:00:6e:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.0.110.2/24 brd 172.0.110.255 scope global eth0 valid_lft forever preferred_lft forever 27: eth1@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:00:78:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.0.120.3/24 brd 172.0.120.255 scope global eth1 valid_lft forever preferred_lft forever ``` #### 3.5.再次测试容器间的连通性 ```shell [root@localhost ~]# docker exec -it centos-mynet110-01 ping centos-mynet120-01 PING centos-mynet120-01 (172.0.120.2) 56(84) bytes of data. 64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=1 ttl=64 time=0.089 ms 64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=2 ttl=64 time=0.062 ms 64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=3 ttl=64 time=0.060 ms 64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=4 ttl=64 time=0.062 ms 64 bytes from centos-mynet120-01.mynet120 (172.0.120.2): icmp_seq=5 ttl=64 time=0.059 ms ^C --- centos-mynet120-01 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4086ms rtt min/avg/max/mdev = 0.059/0.066/0.089/0.013 ms ``` ## 4.Docker容器与宿主机同网段配置 #### 4.1、查看所有容器ip地址 ```shell docker inspect --format='{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -aq) ``` #### 4.2、将docker容器设置为宿主机同一网段 ```shell 一、本文主要讲述,将docker的容器ip设置为宿主机同一网段,并且允许宿主机以及局域网其它机器访问它。 1、创建docker的虚拟网络,本人局域网的网段为192.168.1.0/24,网关为路由器的192.168.1.1 docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o parent=br0 docker-bridge 2、创建docker容器,通过network参数指定前面创建的虚拟网络,ip参数指定容器的ip地址。下面是个例子,具体命令可以自行替换 docker run -itd --name test --network=docker-bridge --ip=192.168.1.18 alpine 二、进行到这里之后,会发现外部机器能ping通容器,但是宿主机无法ping通,这是因为macvlan的原因,还需要进行以下步骤 1、添加一个虚拟网卡并桥接到物理网卡,我这里因为上面还有一层虚拟网桥,所以用的是br0,否则就是用物理网卡名 ip link add macvlan-proxy link br0 type macvlan mode bridge 2、给虚拟网卡配置ip,这里可以是网段内任意ip,但是要避免ip冲突 ip addr add 192.168.1.16 dev macvlan-proxy 3、启用虚拟网卡 ip link set macvlan-proxy up 4、添加路由映射表,这里ip使用容器的ip ip route add 192.168.1.18 dev macvlan-proxy ``` ------
admin
Sept. 19, 2023, 5:04 p.m.
转发文档
Collection documents
Last
Next
手机扫码
Copy link
手机扫一扫转发分享
Copy link
IT集中营导航
IT集中营导航
Markdown文件
share
link
type
password
Update password