Docker中的网络配置
为什么提供网络功能?
Docker运行通过外部访问容器或容器互联的方式来提供网络服务。
Docker网络配置
当 Docker 启动时,会自动在主机上创建一个 docker0 虚拟网桥,实际上是 Linux 的一个 bridge,可以理解为一个软件交换机。它会在挂载到它的网口之间进行转发。
同时,Docker 随机分配一个本地未占用的私有网段(在 RFC1918 中定义)中的一个地址给 docker0 接口。比如典型的 172.17.42.1,掩码为 255.255.0.0。此后启动的容器内的网口也会自动分配一个同一网段(172.17.0.0/16)的地址。
当创建一个 Docker 容器的时候,同时会创建了一对 veth pair 接口(当数据包发送到一个接口时,另外一个接口也可以收到相同的数据包)。这对接口一端在容器内,即 eth0;另一端在本地并被挂载到 docker0 网桥,名称以 veth 开头(例如 vethAQI2QT)。通过这种方式,主机可以跟容器通信,容器之间也可以相互通信。Docker 就创建了在主机和所有容器之间一个虚拟共享网络。
注意:一般在使用docker网桥(bridge)实现容器与容器通信时,都是站在一个应用角度进行容器通信。
Docker网络相关常用命令
1 | [root@localhost ~]# docker network --help |
1. 查看网络信息
1 | [root@localhost ~]# docker network ls |
2. 创建一个网桥
docker network create -d bridge 网桥名称- 简写:
docker network create 网桥名称
3. 删除一个网桥
docker network rm 网桥名称
4. 容器之前使用网络通信
查询当前网络配置
1
2
3
4
5[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
29056e086d3a bridge bridge local
b4ad324721ff host host local
6b4b72694eca none null local
创建桥接网络
1
2
3
4
5
6
7
8[root@localhost ~]# docker network create -d bridge info
90c876c1ab8e7d842c575946c8255921a6a91ff4e64ff103fc672b039bf2fd3d
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
29056e086d3a bridge bridge local
b4ad324721ff host host local
90c876c1ab8e info bridge local
6b4b72694eca none null local
启动容器指定使用网桥
1
2
3
4[root@localhost ~]# docker run -d -p 8890:80 --name nginx001 --network info nginx
4f5955979915e2c2c48fe8d9343134b1303118d28c078d9f368be677fcaec547
[root@localhost ~]# docker run -d -p 8891:80 --name nginx002 --network info nginx
e4d910ac3d553cea845a8e7c37e1d8555a02ee79fdcc6ad83c80e0623ceb0b69注意:
- 一旦指定网桥后–name指定名字就是主机名,多个容器指定在同一个网桥时,可以在任意一个容器中使用主机名与容器进行互通
1
2
3
4
5
6[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e4d910ac3d55 nginx "/docker-entrypoint.…" 38 seconds ago Up 37 seconds 0.0.0.0:8891->80/tcp nginx002
4f5955979915 nginx "/docker-entrypoint.…" 58 seconds ago Up 57 seconds 0.0.0.0:8890->80/tcp nginx001
# 进入nginx001这个容器使用
docker inspect 容器ID查看详细的网络信息1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51[root@localhost ~]# docker inspect e4d910ac3d55
[
{
……
"NetworkSettings": {
"Bridge": "",
"SandboxID": "99933238d113e0f2daaac850207a7663d3894c43c5b371e085ea8c5576ea0fc4",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8891"
}
]
},
"SandboxKey": "/var/run/docker/netns/99933238d113",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"info": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"e4d910ac3d55"
],
"NetworkID": "90c876c1ab8e7d842c575946c8255921a6a91ff4e64ff103fc672b039bf2fd3d",
"EndpointID": "8dfac04ce31ad171f88bdbe17017c5ac96dcbcab02b90c62b516cf6bc718b90d",
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:03",
"DriverOpts": null
}
}
}
}
]1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51[root@localhost ~]# docker inspect 4f5955979915
[
{
……
"NetworkSettings": {
"Bridge": "",
"SandboxID": "66470cfa6d26aefadd17f92c69a15332ac4484a9276adceb7e8cc82d02053f17",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8890"
}
]
},
"SandboxKey": "/var/run/docker/netns/66470cfa6d26",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"info": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"4f5955979915"
],
"NetworkID": "90c876c1ab8e7d842c575946c8255921a6a91ff4e64ff103fc672b039bf2fd3d",
"EndpointID": "9402be71f181df7c6644ff4d270471fc34f22c54e4c87e1ad653c8801124e233",
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:02",
"DriverOpts": null
}
}
}
}
]这是可以查看两个容器间的网络信息,这时我们可以进入其中一个容器,访问另一个容器,验证网络配置后,容器间互通
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e4d910ac3d55 nginx "/docker-entrypoint.…" 11 minutes ago Up 11 minutes 0.0.0.0:8891->80/tcp nginx002
4f5955979915 nginx "/docker-entrypoint.…" 12 minutes ago Up 12 minutes 0.0.0.0:8890->80/tcp nginx001
[root@localhost ~]# docker exec -it e4d910ac3d55 /bin/bash
root@e4d910ac3d55:/# curl http://172.18.0.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@e4d910ac3d55:/#
5. 查看网桥详情
docker inspect networkID | name
1 | [root@localhost ~]# docker network ls |
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 Jing's Blog!
