Docker網(wǎng)絡(luò)之自定義網(wǎng)絡(luò)方式

更新時(shí)間：2025年01月02日 14:52:31 作者：后會(huì)無(wú)期77

文章介紹了Docker的網(wǎng)絡(luò)模式,包括bridge、none、container、host和用戶自定義網(wǎng)絡(luò),并詳細(xì)說(shuō)明了docker0網(wǎng)絡(luò)的特點(diǎn)和自定義網(wǎng)絡(luò)的創(chuàng)建

幫助命令

docker network --help

查看所有的網(wǎng)絡(luò)

docker network ls

網(wǎng)絡(luò)模式

網(wǎng)絡(luò)模式	配置	說(shuō)明
bridge模式	–net=bridge	默認(rèn)值，在Docker網(wǎng)橋docker0上為容器創(chuàng)建新的網(wǎng)絡(luò)棧
none模式	–net=none	不配置網(wǎng)絡(luò)，用戶可以稍后進(jìn)入容器，自行配置
container模式	– net=container:name/id	容器和另外一個(gè)容器共享Network namespace。kubernetes中的pod就是多個(gè)容器共享一個(gè)Network namespace。
host模式	–net=host	容器和宿主機(jī)共享Network namespace
用戶自定義	–net=自定義網(wǎng)絡(luò)	用戶自己使用network相關(guān)命令定義網(wǎng)絡(luò)，創(chuàng)建容器的時(shí)候可以指定為自己定義的網(wǎng)絡(luò)

查看一個(gè)網(wǎng)絡(luò)的相信信息

[root@ls-bPtysZTW ~]# docker network inspect 1944197a1821
[
    {
        "Name": "bridge",
        "Id": "1944197a18211b7cbd5f07b9c25f696c6fc74dfe19324b1a51db33335627c8f3",
        "Created": "2022-03-18T18:34:10.650916029+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "99610ffcbeb1124ac54bbb2cad77043828793028ffb75612ddbde10ce0d8ed77": {
                "Name": "tomcat02",
                "EndpointID": "da9819333b969861729adee15dae290021fddeeab91b0d878e64d4cee7efe43a",
                "MacAddress": "02:42:ac:11:00:03",
                "IPv4Address": "172.17.0.3/16",
                "IPv6Address": ""
            },
            "b4b7bcb5cf4d2c6b984400b21e2009a7936be6dec0c8db0e62f5a470c926b013": {
                "Name": "tomcat01",
                "EndpointID": "8103ffad548da7aa51eb888bae4f6b808447d49fdcb42c8b19655bddaa4b3958",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",
                "IPv6Address": ""
            },
            "ee86fd75423ae1d9631dfba52ea7df05904e358a35319c103e990a61e5c7904a": {
                "Name": "tomcat03",
                "EndpointID": "0f25ea01f8ec30eaa002c4e2c2346a3e249875797cf051f5c9d6de9135607d34",
                "MacAddress": "02:42:ac:11:00:04",
                "IPv4Address": "172.17.0.4/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]
[root@ls-bPtysZTW ~]#

docker0子網(wǎng)段172.17.0.0/16,表示容器劃分是0到16位，也就是意味著docker容器可以劃分出65535個(gè)ip,其中172.17.0.1是網(wǎng)關(guān)，那么docker可以劃分65534個(gè)ip提供給容器使用。

自定義網(wǎng)卡

1.刪除所有的容器，查看網(wǎng)卡恢復(fù)到最開始。

docker rm -f $(docker ps -aq)

2. 接下來(lái)我們創(chuàng)建容器，但是我們知道默認(rèn)創(chuàng)建的容器都是docker0的網(wǎng)卡。

#我們不配置網(wǎng)絡(luò)，也叫相當(dāng)于默認(rèn)值，--net bridge 使用的docker0
docker run -d -P --name tomcat01 --net bridge tomcat #默認(rèn)

docker0網(wǎng)絡(luò)特點(diǎn)

他是默認(rèn)的
域名訪問(wèn)不通
–link 域名通了，但是刪除了又不行

3.我們可以讓容器創(chuàng)建的時(shí)候使用自定義網(wǎng)絡(luò)

#自定義創(chuàng)建的默認(rèn)default bridge
#自定義創(chuàng)建一個(gè)網(wǎng)絡(luò)
docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet

查看到我們剛剛創(chuàng)建的網(wǎng)絡(luò) docker network ls

我們來(lái)啟動(dòng)兩個(gè)容器測(cè)試，使用自己的mynet
[root@ls-bPtysZTW ~]# docker run -d -P --name tomcat-net-01 --net mynet lengcz/tomcat:1.0
855dc33189221c61fbe6bc35ce2b080ff71f34547ce6cf77a5c98e3afcd9daaa
[root@ls-bPtysZTW ~]# docker run -d -P --name tomcat-net-02 --net mynet lengcz/tomcat:1.0
a8dff5c6a82649356385253c96f5ff07771644b8dca85f9a814d1b17041290df
[root@ls-bPtysZTW ~]# docker ps
CONTAINER ID   IMAGE               COMMAND                  CREATED          STATUS          PORTS                                         NAMES
a8dff5c6a826   lengcz/tomcat:1.0   "/bin/sh -c '/usr/lo…"   20 seconds ago   Up 19 seconds   0.0.0.0:49158->8080/tcp, :::49158->8080/tcp   tomcat-net-02
855dc3318922   lengcz/tomcat:1.0   "/bin/sh -c '/usr/lo…"   37 seconds ago   Up 36 seconds   0.0.0.0:49157->8080/tcp, :::49157->8080/tcp   tomcat-net-01
[root@ls-bPtysZTW ~]#

# 再次查看一下我們定義的網(wǎng)絡(luò),會(huì)發(fā)現(xiàn)containers列表里包含了兩個(gè)容器的網(wǎng)絡(luò)信息。
[root@ls-bPtysZTW ~]# docker network inspect mynet
[
    {
        "Name": "mynet",
        "Id": "c81f4fcc9c8b2b916d0dce6400495dd69375032c358e2a24061e8c0dd48ffb89",
        "Created": "2022-03-21T09:54:51.169378153+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.0.0/16",
                    "Gateway": "192.168.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "855dc33189221c61fbe6bc35ce2b080ff71f34547ce6cf77a5c98e3afcd9daaa": {
                "Name": "tomcat-net-01",
                "EndpointID": "3f5751193ffa31fa723c2a999575186e343da653e39d654c9b62a3fdf72ef8bd",
                "MacAddress": "02:42:c0:a8:00:02",
                "IPv4Address": "192.168.0.2/16",
                "IPv6Address": ""
            },
            "a8dff5c6a82649356385253c96f5ff07771644b8dca85f9a814d1b17041290df": {
                "Name": "tomcat-net-02",
                "EndpointID": "68859294c6ce5f5179390e29718982bbfd2848b6e260d0486cd33967239e4990",
                "MacAddress": "02:42:c0:a8:00:03",
                "IPv4Address": "192.168.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

# 測(cè)試一下ping容器名和ip,都可以ping通
[root@ls-bPtysZTW ~]# docker exec -it tomcat-net-01 ping 192.168.0.3 -c4
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.099 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.131 ms
[root@ls-bPtysZTW ~]# docker exec -it tomcat-net-01 ping tomcat-net-02 -c4
PING tomcat-net-02 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.067 ms
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.105 ms
rtt min/avg/max/mdev = 0.067/0.090/0.105/0.014 ms

結(jié)論：我們自定義的網(wǎng)絡(luò)docker已經(jīng)幫我們維護(hù)好了對(duì)應(yīng)的關(guān)系。所以我們平時(shí)都可以使用這樣的網(wǎng)絡(luò)，不使用–link效果一樣，所有東西實(shí)時(shí)維護(hù)好，直接域名ping通。

到這里，我們基本可以理解docker網(wǎng)絡(luò)了。

網(wǎng)絡(luò)連通

docker0和自定義網(wǎng)絡(luò)肯定不通，我們是使用自定義網(wǎng)絡(luò)的好處就是網(wǎng)絡(luò)隔離：

大家公司項(xiàng)目部署的業(yè)務(wù)都非常多，假設(shè)我們有一個(gè)商城，我們會(huì)有訂單業(yè)務(wù)（操作不同數(shù)據(jù)），會(huì)有訂單業(yè)務(wù)購(gòu)物車業(yè)務(wù)（操作不同緩存）。

如果在一個(gè)網(wǎng)絡(luò)下，有的程序猿的惡意代碼就不能防止了，所以我們就在部署的時(shí)候網(wǎng)絡(luò)隔離，創(chuàng)建兩個(gè)橋接網(wǎng)卡，比如訂單業(yè)務(wù)（里面的數(shù)據(jù)庫(kù)，redis，mq，全部業(yè)務(wù) 都在order-net網(wǎng)絡(luò)下）其他業(yè)務(wù)在其他網(wǎng)絡(luò)。

那么關(guān)鍵問(wèn)題來(lái)了，如何讓tomcat-net-01訪問(wèn)tomcat01?

#啟動(dòng)默認(rèn)的容器，在docker0網(wǎng)絡(luò)下
[root@ls-bPtysZTW ~]# docker run -d -P --name tomcat01 lengcz/tomcat:1.0
a8f874ddc701eff4adf3921b65f91f1fd080bdf5c3ce429c59808249b72ca020
[root@ls-bPtysZTW ~]# docker run -d -P --name tomcat02 lengcz/tomcat:1.0
184e19b40cd39662e7d6d0ccf1cf440d7a455f22505a57d64636b23ea29e6945
#查看當(dāng)前的容器
[root@ls-bPtysZTW ~]# docker ps
CONTAINER ID   IMAGE               COMMAND                  CREATED          STATUS          PORTS                                         NAMES
184e19b40cd3   lengcz/tomcat:1.0   "/bin/sh -c '/usr/lo…"   8 seconds ago    Up 7 seconds    0.0.0.0:49160->8080/tcp, :::49160->8080/tcp   tomcat02
a8f874ddc701   lengcz/tomcat:1.0   "/bin/sh -c '/usr/lo…"   20 seconds ago   Up 19 seconds   0.0.0.0:49159->8080/tcp, :::49159->8080/tcp   tomcat01
a8dff5c6a826   lengcz/tomcat:1.0   "/bin/sh -c '/usr/lo…"   3 hours ago      Up 3 hours      0.0.0.0:49158->8080/tcp, :::49158->8080/tcp   tomcat-net-02
855dc3318922   lengcz/tomcat:1.0   "/bin/sh -c '/usr/lo…"   3 hours ago      Up 3 hours      0.0.0.0:49157->8080/tcp, :::49157->8080/tcp   tomcat-net-01
#查看network幫助
[root@ls-bPtysZTW ~]# docker network --help
Usage:  docker network COMMAND
Manage networks
Commands:
  connect     Connect a container to a network # 連接一個(gè)容器到一個(gè)網(wǎng)絡(luò)
  create      Create a network
  disconnect  Disconnect a container from a network
  inspect     Display detailed information on one or more networks
  ls          List networks
  prune       Remove all unused networks
  rm          Remove one or more networks

#測(cè)試一下！打通一下mynet-docker0
#命令docker network connect [OPTIONS] NETWORK CONTAINER
[root@ls-bPtysZTW ~]# docker network connect mynet tomcat01
[root@ls-bPtysZTW ~]# docker network inspect mynet
[
    {
        .....
        "Containers": {
            "855dc33189221c61fbe6bc35ce2b080ff71f34547ce6cf77a5c98e3afcd9daaa": {
                "Name": "tomcat-net-01",
                "EndpointID": "3f5751193ffa31fa723c2a999575186e343da653e39d654c9b62a3fdf72ef8bd",
                "MacAddress": "02:42:c0:a8:00:02",
                "IPv4Address": "192.168.0.2/16",
                "IPv6Address": ""
            },
            "a8dff5c6a82649356385253c96f5ff07771644b8dca85f9a814d1b17041290df": {
                "Name": "tomcat-net-02",
                "EndpointID": "68859294c6ce5f5179390e29718982bbfd2848b6e260d0486cd33967239e4990",
                "MacAddress": "02:42:c0:a8:00:03",
                "IPv4Address": "192.168.0.3/16",
                "IPv6Address": ""
            },
            "a8f874ddc701eff4adf3921b65f91f1fd080bdf5c3ce429c59808249b72ca020": {
                "Name": "tomcat01",  #發(fā)現(xiàn)tomcat01加入了該網(wǎng)絡(luò)，tomcat01擁有雙ip
                "EndpointID": "39e946d3c4b510712ab3b6dd2c921b0941e2341b914cf5e645e56e82ea725e71",
                "MacAddress": "02:42:c0:a8:00:04",
                "IPv4Address": "192.168.0.4/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

#tomcat01可以ping通了
[root@ls-bPtysZTW ~]# docker exec -it tomcat01 ping tomcat-net-01 -c2
PING tomcat-net-01 (192.168.0.2) 56(84) bytes of data.
64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=1 ttl=64 time=0.074 ms
64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=2 ttl=64 time=0.085 ms
#tomcat02依舊ping不通
[root@ls-bPtysZTW ~]# docker exec -it tomcat02 ping tomcat-net-01 -c2
ping: tomcat-net-01: Name or service not known

結(jié)論：如果要跨網(wǎng)絡(luò)訪問(wèn)，就需要使用

docker network connect [OPTIONS] NETWORK CONTAINER  進(jìn)行連接，否則就無(wú)法互相訪問(wèn)

最后

以上為個(gè)人經(jīng)驗(yàn)，希望能給大家一個(gè)參考，也希望大家多多支持腳本之家。

您可能感興趣的文章:

欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

Docker網(wǎng)絡(luò)之自定義網(wǎng)絡(luò)方式

目錄

幫助命令

查看所有的網(wǎng)絡(luò)

網(wǎng)絡(luò)模式

查看一個(gè)網(wǎng)絡(luò)的相信信息

自定義網(wǎng)卡

網(wǎng)絡(luò)連通

最后

相關(guān)文章

最新評(píng)論

大家感興趣的內(nèi)容

最近更新的內(nèi)容

常用在線小工具