Preface
So the blogger here has some columns full of useful information!
The first is a summary of the blogger’s high-quality blogs. The blogs in this column are all written by the blogger with the most care. They are full of useful information. I hope it will be helpful to everyone.
Then there is the column that the blogger spends the most time on recently, "Docker from Realization to Practice to Underlying Principles". I hope everyone will pay more attention to it!
Chapter 8 - Network
1. Why does Docker need the network?
Reference: Bit Employment Class
The container's network is isolated from the host and other containers by default, but at the same time we must also consider the following issues, such as
- How multiple containers communicate with each other
- How do containers and hosts communicate?
- How do containers communicate with external hosts?
- Some network applications (such as nginx, web applications, databases, etc.) need to be run in the container. How should the network applications running in these containers be accessed from the outside?
- How should a container not want its network to be isolated from the host and other containers?
- How to implement this when the container does not need a network at all
- How should containers require more customized networks (such as customizing special cluster networks and customizing LANs between containers)?
The above problems all require reasonable management of the container network to solve, which reflects the importance of container network management.
2. Docker network architecture model
CNM
The design specification adopted by Docker network architecture is CNM (Container Network Model). CNM specifies the basic components of the Docker network: Sandbox, Endpoint, and Network.
3. Common Docker network types
3.1 bridge network
The bridge driver will create a Linux bridge on the host managed by Docker. By default, containers on the bridge can communicate with each other. Access to external containers can also be achieved through bridge driver configuration. The default network driver for Docker containers. Bridged networking is the best choice when we need multiple containers to communicate on the same Docker host.
3.2 host network
For standalone containers, remove the network isolation between the container and the Docker host and use the host's network directly. Host networking is the best choice when the network stack should not be isolated from the Docker host, but you want the other resources of the container to be isolated.
3.3 container network
This mode specifies that the newly created container shares a network with an existing container, rather than with the host. The newly created container will not create its own network card and configure its own IP, but will share the IP, port, etc. with a specified container. In addition to the network, the two containers are still isolated from other aspects such as the file system and process list. The processes of the two containers can communicate through the lo network card device.
3.4 none network
The Docker container has its own Network Namespace, but no network configuration is performed for the Docker container. In other words, this Docker container does not have network card, IP, routing and other information. Containers are fully network isolated.
3.5 overlay network
A cross-Docker Daemon network built with the help of the Docker cluster module Docker Swarm. Connect multiple Docker daemons together to enable cluster services to communicate with each other. Overlay networks are the best choice when we need containers running on different Docker hosts to communicate, or when multiple applications work together using cluster services.
4. Detailed explanation of commands
4.1 Command list
| Order | Function |
|---|---|
docker network create |
Create network |
docker network connect |
Connect Network |
docker network disconnect |
Disconnect from the network |
docker network ls |
list networks |
docker network prune |
Delete unused networks |
docker network inspect |
View network details |
docker network rm |
Delete 1 or more networks |
4.2 docker network create
It comes with three networks as soon as it is created.
docker network create [OPTIONS] NETWORK
key parameter.
-d, --driver : 网络驱动
--gateway : 网关地址
--subnet : 表示网段的 CIDR 格式的子网
--ipv6 : 启用 ipv6
The default is bridgethe driver.
4.3 docker network inspect
docker network inspect [OPTIONS] NETWORK [NETWORK...]
parameter
-f, --format : 指定格式
[
{
"Name": "bridge",
"Id": "c628e2b0d777ee8674106b75d24bc0ba856047abced6d2ad84e101611461092a",
"Created": "2023-09-01T20:57:06.849887313+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {
}
}
]
4.4 docker network connect
for connecting the container to the network. Containers can be connected by name or ID. Once connected, containers can communicate with other containers on the same network.
docker network connect [OPTIONS] NETWORK CONTAINER
key parameter.
--ip : 指定 IP 地址
--ip6 : 指定 IPv6 地址
Practice.
Start a container and check its IP.
Connect to the Internet ifconfigand you can see it.
4.5 docker network disconnect
docker network disconnect [OPTIONS] NETWORK CONTAINER
parameter.
-f : 强制退出
4.6 docker network prune
Delete unused networks.
docker network prune [OPTIONS]
parameter.
-f , --force : 不提示
4.7 docker network rm
Delete one or more networks.
docker network rm NETWORK [NETWORK...]
parameter.
-f : 强制退出
4.8 docker network ls
Traverse all networks.
-f, --filter : 指定过滤条件
--format : 指定格式
--no-trunc : 不截断
-q, --quiet : 仅仅显示 id
5. Docker Bridge Network
5.1 Detailed explanation of bridge network
5.1.1 What is bridge network
The Docker Bridge network uses a built-in bridge driver. The underlying bridge driver uses the Linux bridge technology in the Linux kernel. As far as the network is concerned, the bridge network is a link layer device that forwards traffic between network segments, and the bridge can be a hardware device or a software device running in the host kernel; as far as Docker is concerned, the bridge network uses the software bridge docker0 , which allows containers connected to the same bridge network to communicate while providing isolation from containers not connected to that bridge network.
5.1.2 Operation case one
Start both images.
Second in the first container , first pingin the second container .ping
These two are the IP addresses of the two containers.
The first one pinged the second one, and the ping was successful.
The second one pinged the first one, and it also pinged.
5.1.3 Operation case 2
By default, as shown in operation case one. The containers we create by default will be connected to docker0this bridge. bridgeBut we can also communicate using our own custom ones .
First create a network.
Take a look at the information about this bridge.
Start two containers.
Can ping.
5.2 DNS resolution
Docker's custom bridge network supports domain name resolution through the Docker DNS service, which means we can directly use the container name to communicate, because the DNS service can resolve the mapping of container names to IP addresses, but the default bridge network does not support DNS. of.
The experiment is very simple, just use the container name ping. The other steps are the same as #5.1.
in conclusion:
- The default bridge does not support this DNS
- Custom bridges support DNS
5.3 Port exposure and forwarding
First start an nginx container.
6. Docker Host Network
6.1 What is a host network?
This means that there is no need for a virtual network card at all. It can be directly connected to the host's network card and used directly.
6.2 Operation cases
Create two containers, each with different network types.
docker run -itd --name b1 busybox:1.36.0
This uses the bridge network by default.
docker run -itd --name b2 --network host busybox:1.36.0
This specifies the host network.
View the differences between these two container networks separately.
We view the information of these two networks separately.
Only two were found in the first container.
Many can be found in the second container. After all, the second container is directly connected to the host's network card.
7. Docker Container Network
This kind of network also uses someone else's network card, but it uses another container's network card (virtual) instead of the host's network card.
7.2 Operation cases
docker run -itd --name b2 --network container:b1 busybox:1.36.0
b1 is the same as above, and b2 is created this way.
It was found that the private IP addresses of the two are the same.
If b1 is stopped directly at this time, what will happen to b2?
I found that the external IP address was completely gone at this time.
8. Docker None network
8.1 none network introduction
none network means there is no network. The container hanging on this network does not have any other network cards except lo (local loopback).
Anyway, there is no network.
8.2 Operation cases
