文章目录
一.网络类型介绍
1.查看支持网络类型
docker network ls
2.测试使用种类网络类型
bridge 默认类型 NAT模式
host host类型,使用宿主机网络,网络性能最高
container 容器类型。使用其他容器共用网络,k8s中使用
none 没有网络,上不了外网
3.网络类型设置
3.1 bridge
bridge:
[root@docker ~]# docker run -it --name="c-bri1" --network=bridge centos:6.9 /bin/bash
[root@a7a6b9e891cf /]# ifconfig -a
172.17.0.2
[root@a7a6b9e891cf /]# yum install -y iproute*
[root@docker ~]# docker run -it --name="c-bri2" --network=bridge centos:7 /bin/bash
[root@d0e3b71b1f42 /]# ifconfig -a
172.17.0.3
在172.17.0.2的机子:
[root@a7a6b9e891cf /]# ping 172.17.0.3 能通
在10.0.0.11的机子:
[root@docker ~]# ping 172.17.0.2 能通
3.2 host
host:
[root@docker ~]# docker run -it --name="net_host" --network=host centos:6.9 /bin/bash
[root@docker /]#
3.3 none
none:
[root@docker ~]# docker run -it --name="net_none" --network=none centos:6.9 /bin/bash
[root@c199fb50b1ed /]# ifconfig
3.4创建自定义网络
docker network create -d bridge --subnet 172.30.0.0/16 --gateway 172.30.0.1 oldqiang
验证:
[root@docker01 ~]# docker run -it --name web01 --network oldqiang alpine:latest
WARNING: IPv4 forwarding is disabled. Networking will not work.
/ #
/ # ping web01
PING web01 (172.30.0.2): 56 data bytes
64 bytes from 172.30.0.2: seq=0 ttl=64 time=0.041 ms
64 bytes from 172.30.0.2: seq=1 ttl=64 time=0.061 ms
^C
--- web01 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.041/0.051/0.061 ms
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
1577: eth0@if1578: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:1e:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.30.0.2/16 brd 172.30.255.255 scope global eth0
valid_lft forever preferred_lft forever
4.Docker跨主机网络介绍
4.1 Docker跨主机访问-macvlan实现
优点:能够跨docker主机访问
缺点:不能访问外网(容器不能与自己的宿主机进行通讯)
macvlan类似与虚拟机的桥接网络,只适合小规模
docker run -it --network macvlan_1 --ip 10.0.0.105 alpine:latest
如果不指定IP地址会自动分配随机ip地址,可能会造成ip地址冲突
没有ip地址的检测机制
在docker01上:
[root@docker01 ~]# docker network create -d macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 macvlan_1
161619b1812c558a2a9a2b399e3a4e9974002b01c327a34266ca8b92aedb0d9f
[root@docker01 ~]#
[root@docker01 ~]#
[root@docker01 ~]#
[root@docker01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
fb01f1ab30f9 bridge bridge local
38e40b72226d dockercompose_default bridge local
3b61c49c8029 harbor_harbor bridge local
786ac363ee56 host host local
161619b1812c macvlan_1 macvlan local
[root@docker01 ~]# docker run -it --network macvlan_1 --ip 10.0.0.105 alpine:latest
WARNING: IPv4 forwarding is disabled. Networking will not work.
/ #
/ # ping 10.0.0.105
PING 10.0.0.105 (10.0.0.105): 56 data bytes
64 bytes from 10.0.0.105: seq=0 ttl=64 time=0.056 ms
64 bytes from 10.0.0.105: seq=1 ttl=64 time=0.061 ms
64 bytes from 10.0.0.105: seq=2 ttl=64 time=0.078 ms
/ # ping 10.0.0.106 (不通)
当在docker02上启用ip为10.0.0.106的容器时,ping 10.0.0.106可以ping通
/ # ping 10.0.0.106
PING 10.0.0.106 (10.0.0.106): 56 data bytes
64 bytes from 10.0.0.106: seq=124 ttl=64 time=2004.238 ms
64 bytes from 10.0.0.106: seq=125 ttl=64 time=1003.551 ms
64 bytes from 10.0.0.106: seq=126 ttl=64 time=2.752 ms
64 bytes from 10.0.0.106: seq=127 ttl=64 time=0.282 ms
64 bytes from 10.0.0.106: seq=128 ttl=64 time=0.252 ms
docker02:
[root@docker02 ~]# docker network create -d macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.254 -o parent=eth0 macvlan_1
f7886005be327e90c128667752860488dadde35e5c9985952a305eea336a8063
[root@docker02 ~]# docker run -it --network macvlan_1 --ip 10.0.0.106 alpine:latest
/ #
4.2.Docker 跨主机访问–overlay实现
(1)启动consul服务(consul存储ip地址的分配),实现网络的统一配置管理
在docker03:
[root@docker03 ~]# rz
[root@docker03 ~]# ls
anaconda-ks.cfg docker_progrium_consul.tar.gz
[root@docker03 ~]# docker load -i docker_progrium_consul.tar.gz
[root@docker ~]# docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap
[root@docker ~]# docker images
progrium/consul latest 09ea64205e55 5 years ago 69.4MB
consul: kv类型的存储数据库 (key:value)
在docker01、02:
vim /etc/docker/daemon.json(添加)
[root@docker01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["10.0.0.12:5000"],
"cluster-store": "consul://10.0.0.13:8500",
"cluster-advertise": "10.0.0.11:2376"
}
[root@docker02 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"cluster-store": "consul://10.0.0.13:8500",
"cluster-advertise": "10.0.0.12:2376"
}
systemctl restart docker
2)创建overlay网络
在docker01:
docker network create -d overlay --subnet 172.16.0.0/24 --gateway 172.16.0.254 ol1 #这个网段不能和宿主机上相同,并且随便在一台上执行这个命令即可
[root@docker ~]# docker network ls #查看容器的网络,出现overlay
2577561b4788 ol1 overlay global
在docker02:
[root@docker2 ~]# docker network ls #查看容器的网络,也出现overlay
2577561b4788 ol1 overlay global
[root@docker01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
fea45b23b1fc ol1 overlay global(全局网络)
在docker02:
[root@docker2 ~]# docker network ls #查看容器的网络,也出现overlay
2577561b4788 ol1 overlay global
3)2边启动容器测试
[root@docker01 ~]# docker run -it --name test01 --network ol1 alpine:latest
/ # ifconfig #得到eth0地址172.16.0.1
/ # ping 172.16.0.2 #验证容器间的通讯
PING 172.16.0.2 (172.16.0.2): 56 data bytes
64 bytes from 172.16.0.2: seq=0 ttl=64 time=1.243 ms
64 bytes from 172.16.0.2: seq=1 ttl=64 time=2.640 ms
/ # ping www.baidu.com #验证能够上外网
PING www.baidu.com (183.232.231.174): 56 data bytes
64 bytes from 183.232.231.174: seq=0 ttl=127 time=20.574 ms
64 bytes from 183.232.231.174: seq=1 ttl=127 time=57.120 ms
[root@docker01 ~]# docker run -it --name test02 --network ol1 alpine:latest
/ # ifconfig #得到eth0地址172.16.0.2
/ # ping 172.16.0.1 #验证容器间的通讯
PING 172.16.0.1 (172.16.0.1): 56 data bytes
64 bytes from 172.16.0.1: seq=0 ttl=64 time=0.892 ms
64 bytes from 172.16.0.1: seq=1 ttl=64 time=1.045 ms
/ # ping www.baidu.com #验证能够上外网
PING www.baidu.com (183.232.231.172): 56 data bytes
64 bytes from 183.232.231.172: seq=0 ttl=127 time=20.923 ms
64 bytes from 183.232.231.172: seq=1 ttl=127 time=27.849 ms
每个容器有两块网卡,eth0实现容器间的通讯,eth1实现容器访问外网