docker network and private warehouses

 
1.host network
2.bridge
3.none
4.container a. Bridge mode docker network isolation network-based namespaces, namespace will each container docker docker container when creating a distribution network on a physical machine, and the IP is bridged to the physical container the bridge on the virtual machine. Second, none mode to create a container in this mode is not any network configuration parameters for the container, such as: container network cards, IP, communications routing, etc., all to make their own configuration. Three. Host mode container This mode does not create its own independent network namespace, and is physical machines share a Network Namespace, and share all the ports and IP physical machine, and this model is considered unsafe. Four. Container mode in this mode and host mode is very similar, but this mode is to create a shared container to other containers IP and port rather than a physical machine, this mode is not the container itself and configure the network port to create this pattern into the container, you will find inside of IP is that you specify IP and port container is shared, but the other is still isolated from each other, such as process and so on. Network 1.bridge container restart time if not specify a corresponding network mode, the default is the Bridge [zxw99 the root @ ~] = # Bridge Docker RUN Expediting IT --network busybox / IP # A . 1: LO: <the LOOPBACK, the UP , LOWER_UP> 65536 qdisc allows users to noqueue of qlen MTU. 1 Link / Loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00
 








 
 

 

 




Host LO 127.0.0.1/8 scope inet
valid_lft Forever preferred_lft Forever
. 6: @ IF7 eth0: <BROADCAST, the MULTICAST, the UP, LOWER_UP, M-DOWN> 1500 MTU qdisc allows users to noqueue
Link / ether 02: 42 is: AC:. 11: 00: 03 FF brd: FF: FF: FF: FF: FF
inet 172.17.0.3/16 brd 172.17.255.255 scope, Ltd. Free Join eth0
valid_lft Forever Forever preferred_lft
2, none network
when restarting the container need to specify the network mode, using the -network option
[root @ ~ zxw99] RUN # Docker Expediting IT --network = none busybox
/ IP # A
. 1: LO: <the LOOPBACK, the UP, LOWER_UP> 65536 qdisc allows users to noqueue of qlen MTU. 1
Link / Loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00
inet 127.0.0.1/8 scope Host LO
valid_lft Forever Forever preferred_lft

 
3.host网络
[root@zxw99 ~]# docker run -it --network=host busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:7a:74:30 brd ff:ff:ff:ff:ff:ff
inet 192.168.126.99/24 brd 192.168.126.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe7a:7430/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 02:42:57:49:c9:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:57ff:fe49:c903/64 scope link
valid_lft forever preferred_lft forever
5: veth1d7cc65@if4: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master docker0
link/ether 6a:db:d8:95:ea:6a brd ff:ff:ff:ff:ff:ff
inet6 fe80::68db:d8ff:fe95:ea6a/64 scope link
valid_lft forever preferred_lft forever

 
4，container网络
[root@zxw99 ~]# docker run -it --name=zxw busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #

[root@zxw99 ~]# docker run -it --network=container:zxw busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever

 
--network=container:zxw
container为固定的关键词，zxw为启动容器名
 
如何创建自己的网络？
 
第一步：创建网络并查看
 [root@zxw99 ~]# docker network create -d bridge zxw
631faad6b52d0c85f529cb570c45b44990d1dec0a3c9c92317b7dbf240a0fc89
查看
[root@zxw99 ~]# docker network list
NETWORK ID NAME DRIVER SCOPE
a8daefcdb62c bridge bridge local
5f2d40634f63 host host local
7ab7dcf8aa5c none null local
631faad6b52d zxw bridge local
第二步:使用创建的网络
[root@zxw99 ~]# docker run -it --network=zxw busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
13: eth0@if14: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
 
第三步：自定义网段及网关
[root@zxw99 ~]# docker network create --subnet=10.0.0.0/16 --gateway=10.0.0.1 -d bridge zxw1

B885e1f614dad2712eaf1d5c276e9d528d8618ef872199015f0493e95260d469

[root@zxw99 ~]# docker network list
NETWORK ID NAME DRIVER SCOPE
a8daefcdb62c bridge bridge local
5f2d40634f63 host host local
7ab7dcf8aa5c none null local
631faad6b52d zxw bridge local
b885e1f614da zxw1 bridge local
第四步：使用新创建的网络

[root@zxw99 ~]# docker run -it --network=zxw1 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
16: eth0@if17: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:0a:00:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.2/16 brd 10.0.255.255 scope global eth0
valid_lft forever preferred_lft forever

 
第五步：给容器分配固定的IP地址
 
root@zxw99 ~]# docker run -it --network=zxw1 --ip=10.0.0.8 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
18: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:0a:00:00:08 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.8/16 brd 10.0.255.255 scope global eth0
valid_lft forever preferred_lft forever

注意：
1.docker自带的网络模式无法分配固定的IP
2.只能使用自己创建的网络去分配固定IP地址
 3.docker可以同外网是由于iptables
 
 
容器之间通信？
 
1.IP
2.通过DNS主机名
3.join模式
 
 
1.通过IP地址通信
[root@zxw99 ~]# docker run -it --network=zxw1 --name zxw1 busybox
docker: Error response from daemon: Conflict. The container name "/zxw1" is already in use by container "6973f709a3d6c364a17e65db838d3bc63b3adb5768f5d5e43103b09747f0104c". You have to remove (or rename) that container to be able to reuse that name.
See 'docker run --help'.
[root@zxw99 ~]# docker run -it --network=zxw1 --name zxw2 --rm busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
28: eth0@if29: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:0a:00:00:03 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.3/16 brd 10.0.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping zxw1
PING zxw1 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: seq=0 ttl=64 time=0.049 ms

[root@zxw99 ~]# docker run -it --network=zxw1 --name zxw1 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
26: eth0@if27: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:0a:00:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.2/16 brd 10.0.255.255 scope global eth0
valid_lft forever preferred_lft forever
 
注意：通过IP地址通信，只能是相同网络模式的才够通信
 
 
那如何实现不同网络模式的容器可以进行通信那?
 [root@zxw99 ~]# docker run -it busybox
[root@zxw99 ~]# docker run -it --network=zxw1 --name zxw1 busybox
答案是给想要通信的容器连接到相同的网络模式下
[root@zxw99 ~]# docker network connect bridge zxw2
本质是给容器分配一块相同网段的网卡
 
验证
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
34: eth0@if35: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:0a:00:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.2/16 brd 10.0.255.255 scope global eth0
valid_lft forever preferred_lft forever
36: eth1@if37: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth1
valid_lft forever preferred_lft forever
 
 
也可以进行分离
[root@zxw99 ~]# docker network disconnect bridge zxw2
 
2.DNS通信
[root@zxw99 ~]# docker run -it --network=zxw1 --name zxw2 --rm busybox
/ #
[root@zxw99 ~]# docker run -it --network=zxw1 --name zxw1 --rm busybox
/ # ping zxw2
PING zxw2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: seq=0 ttl=64 time=0.098 ms
64 bytes from 10.0.0.2: seq=1 ttl=64 time=0.063 ms

 
注意：
1.只能是相同网络模式的才可以DNS通信
2.只能是用户自己创建的网络模式 user defined network
 
3.join模式
[root@zxw99 ~]# docker run -it --network=zxw1 --name zxw2 --rm busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
56: eth0@if57: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:0a:00:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.2/16 brd 10.0.255.255 scope global eth0
valid_lft forever preferred_lft forever

 
[root@zxw99 ~]# docker run -it --network=container:zxw2 --name=zxw1 --rm busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
56: eth0@if57: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:0a:00:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.2/16 brd 10.0.255.255 scope global eth0
valid_lft forever preferred_lft forever
总结:
1.只能是用户创建的网络模式下才可以分配固定的IP地址
2.只能是用户创建的网络模式下才可以使用DNS进行通信
3.容器间的通信必须要有一个相同网络模式
4.外网如何访问容器？端口映射
5.容器本身就可以访问外网
 
 
 
docker仓库
 
1.阿里云仓库
2.dockerhub仓库
3.私有仓库registry
 
1.dockerhub需要依赖外网网络，registry无需外网网络
2.dockerhub是公共仓库，任何人都可以进行拉取，registry私有仓库免费而且安全
 
 
搭建docker私有仓库registry
 
 
小心 latest tag
千万别被 latest tag 给误导了。latest 其实并没有什么特殊的含义。当没指明镜像 tag 时，Docker 会使用默认值 latest，仅此而已。
虽然 Docker Hub 上很多 repository 将 latest 作为最新稳定版本的别名，但这只是一种约定，而不是强制规定。
所以我们在使用镜像时最好还是避免使用 latest，明确指定某个 tag，比如 httpd:2.3，ubuntu:xenial。
 
第一步：拉取registry镜像
 [root@zxw99 ~]# docker search registry
[root@zxw99 ~]# docker pull registry
第二步：查看registry镜像信息
 
root@zxw99 ~]# docker history registry
IMAGE CREATED CREATED BY SIZE COMMENT
f32a97de94e1 5 months ago /bin/sh -c #(nop) CMD ["/etc/docker/registr… 0B
<missing> 5 months ago /bin/sh -c #(nop) ENTRYPOINT ["/entrypoint.… 0B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:507caa54f88c1f38… 155B
<missing> 5 months ago /bin/sh -c #(nop) EXPOSE 5000 0B
<missing> 5 months ago /bin/sh -c #(nop) VOLUME [/var/lib/registry] 0B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:4544cc1555469403… 295B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:21256ff7df5369f7… 20.1MB
<missing> 5 months ago /bin/sh -c set -ex && apk add --no-cache… 1.29MB
<missing> 5 months ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
<missing> 5 months ago /bin/sh -c #(nop) ADD file:38bc6b51693b13d84… 4.41MB

搭建私有仓库需要和保存镜像的数据卷绑定
registry监听的是5000端口
 [root@zxw99 ~]# docker run -d -v /registry:/var/lib/registry/ -p 5000:5000 registry
第三步：使用registry
[root@zxw99 ~]# docker tag busybox 192.168.126.99:5000/busybox:v1

[root@zxw99 ~]# docker push 192.168.126.99:5000/busybox:v1
The push refers to repository [192.168.126.99:5000/busybox]
Get https://192.168.126.99:5000/v2/: http: server gave HTTP response to HTTPS client
想要使用registry私有仓库，需要首先把镜像名改为host:port/镜像名：tag
但是现在直接推得话会报上面的错误
 
第四步：解决上述错误
在docker文件添如下一行
[root@zxw99 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://xxxx.mirror.aliyuncs.com"],
"insecure-registries": [ "192.168.126.99:5000"]
}

ip地址指定的是registry所在的宿主机的IP地址
5000端口是registry仓库映射到宿主机的端口，建议就映射为特定的5000端口
 
第五步：重启docker和容器

[root@zxw99 ~]# systemctl restart docker

 [root@zxw99 ~]# docker run -d -v /registry:/var/lib/registry -p 5000:5000 registry
第六步:再次推送
[root@zxw99 ~]# docker push 192.168.126.99:5000/busybox:v1
 
第七步：查看仓库
[root@zxw99 ~]# ls /registry/docker/registry/v2/repositories/busybox/
 
其他人如何使用私有仓库？
 
第一步：也需要添加一行
"insecure-registries":["192.168.64.8:5000"]
 
第二步：重启docker
略
 
第三步：拉取镜像
[root@zxw66 ~]# docker pull 192.168.126.99:5000/busybox:v1
 
总结如何实现共享镜像？
1.把镜像制作成tar包，然后进行镜像共享
2.把镜像传到阿里云或者dockerhub仓库进行镜像共享harbor
3.把镜像传到公司内部私有镜像仓库，实现镜像共享