搜索到
1
篇与
的结果
-
Docker网络 1.Docker0# Docker如何处理容器访问? [root@VM-0-14-centos /]# docker run -d -P tomcat01 tomcat # 容器启动时,docker会分配eth0,该分配的地址能ping通 [root@VM-0-14-centos /]# docker exec -it tomcat01 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever # linux可以ping通容器内部 [root@VM-0-14-centos /]# ping 172.17.0.2 PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data. 64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.060 ms 64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.033 ms 64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.059 ms 原理 每启动一个docker容器,docker就会自动给容器分配一个ip,安装docker的时候,会产生一个docker0网卡,使用桥接模式,采用evth-pair技术evth-pair:虚拟设备接口,成对出现,一段连接协议,一段彼此相连,因此容器之间也可以互相ping通网络模型:图片来源:狂神说Java结论:容器之间在没有指定网络的情况下,都是通过docker0来进行路由通信,它会给每一个容器分配一个ip2.--link# 容器之间无法ping通 [root@VM-0-14-centos ~]# docker exec -it tomcat01 ping tomcat02 ping: tomcat02: Name or service not known # 通过--link可以解决容器间网络连通的问题 [root@VM-0-14-centos ~]# docker run -d -P --name tomcat03 --link tomcat02 tomcat bffb39894b46d3a3ace237eac4d5eb0163b4233458c306f8e6172856516a1617 [root@VM-0-14-centos ~]# docker exec -it tomcat03 ping tomcat02 PING tomcat02 (172.17.0.3) 56(84) bytes of data. 64 bytes from tomcat02 (172.17.0.3): icmp_seq=1 ttl=64 time=0.108 ms 64 bytes from tomcat02 (172.17.0.3): icmp_seq=2 ttl=64 time=0.065 ms 64 bytes from tomcat02 (172.17.0.3): icmp_seq=3 ttl=64 time=0.066 ms 64 bytes from tomcat02 (172.17.0.3): icmp_seq=4 ttl=64 time=0.069 ms 原理探究# 查看tomcat03的hosts配置文件 [root@VM-0-14-centos ~]# docker exec -it tomcat03 cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.3 tomcat02 d207c5f1abfe # 通过--link命令直接绑定了tomcat02的地址 172.17.0.4 bffb39894b46 注:现阶段的docker不再推荐使用--link3.自定义网络# 查看docker网络 [root@VM-0-14-centos ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 897e6dc978cd bridge bridge local a7455f4daeeb host host local 3600da2c2a04 none null local 网络模式:bridge:桥接(docker默认)none:不配置网络host:和宿主机共享网络container:容器网络连通(不推荐)# 之前的启动命令默认包含了 --net bridge 命令(也就是docker0) run -d -P --name tomcat01 --net bridge tomcat# 自定义一个mynet # --driver bridge # --subnet 192.168.0.0/16 192.168.0.2~192.168.255.255 # --gateway 192.168.0.1 [root@VM-0-14-centos ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet c0e45563fdc70e8bd9ed21405be5b13e9552f6c08347ea51f1fb16d82d40fb5c [root@VM-0-14-centos ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 897e6dc978cd bridge bridge local a7455f4daeeb host host local c0e45563fdc7 mynet bridge local 3600da2c2a04 none null local 自定义 mynet 测试# 启动两个tomcat容器,并指定好我们自定义的mynet [root@VM-0-14-centos ~]# docker run -d -P --name tomcat-net-01 --net mynet tomcat 3703838b344e6390caa1a519365be204db614bf6049a08ef20c6f2b9a312fabf [root@VM-0-14-centos ~]# docker run -d -P --name tomcat-net-02 --net mynet tomcat 7750aa78a0cba0901e7ab7f0ab424900a397a9e0b1be184bf7859a6cbc2d7938 查看网络信息:Ping测试:# 直接ping容器名或者ip,都可以ping通 [root@VM-0-14-centos ~]# docker exec -it tomcat-net-01 ping tomcat-net-02 PING tomcat-net-02 (192.168.0.3) 56(84) bytes of data. 64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.097 ms 64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.066 ms 64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=3 ttl=64 time=0.067 ms ^C --- tomcat-net-02 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2ms rtt min/avg/max/mdev = 0.066/0.076/0.097/0.017 ms [root@VM-0-14-centos ~]# docker exec -it tomcat-net-01 ping 192.168.0.3 PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data. 64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.076 ms 64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.071 ms 64 bytes from 192.168.0.3: icmp_seq=3 ttl=64 time=0.066 ms 64 bytes from 192.168.0.3: icmp_seq=4 ttl=64 time=0.075 ms ^C --- 192.168.0.3 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 0.066/0.072/0.076/0.004 ms [root@VM-0-14-centos ~]# docker帮用户自动维护好了自定义网络之间的对应关系,而默认的docker0却没有,所以推荐使用自定义网络,使不同的集群使用不同的网络,以保证集群的安全和健康4.网络连通使用 docker network connect [OPTIONS] NETWORK CONTAINER命令测试打通docker0下的 tomcat01 到 mynet# 执行connect命令,并查看mynet的信息 [root@VM-0-14-centos ~]# docker network connect mynet tomcat01 [root@VM-0-14-centos ~]# docker network inspect mynet# tomcat01 ping mynet下的tomcat-net-01 测试 [root@VM-0-14-centos ~]# docker exec -it tomcat01 ping tomcat-net-01 PING tomcat-net-01 (192.168.0.2) 56(84) bytes of data. 64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=1 ttl=64 time=0.065 ms 64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=2 ttl=64 time=0.069 ms 64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=3 ttl=64 time=0.064 ms ^C --- tomcat-net-01 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.064/0.066/0.069/0.002 ms [root@VM-0-14-centos ~]# docker exec -it tomcat01 ping tomcat-net-02 PING tomcat-net-02 (192.168.0.3) 56(84) bytes of data. 64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.066 ms 64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.067 ms 64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=3 ttl=64 time=0.069 ms 64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=4 ttl=64 time=0.068 ms ^C --- tomcat-net-02 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3ms rtt min/avg/max/mdev = 0.066/0.067/0.069/0.008 ms
