文章目录
- Docker Internet
- Docker Internet Command
- Docker Bridge Internet
- docker Host Internet
- Docker Container Internet
- Docker None Internet
Docker Internet
Docker 网络架构采用的设计规范是CNM(Container Network Model)。CNM中规定了Docker网络的基础组成要素:Sandbox,Endpoint、Network
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-shAajP76-1686150461596)(C:\Users\Lenovo\AppData\Roaming\Typora\typora-user-images\image-20230604163144104.png)]
Docker Internet Command
| 命令 | 别名 | 功能 |
|---|---|---|
| docker network create | 创建网络 | |
| docker network connect | 链接网络 | |
| docker network disconnect | 断开网络 | |
| docker network ls | docker network list | 列出网络 |
| docker network prune | 删除不使用网络 | |
| docker network inspect | 查看网络详情 | |
| docker network rm | docker network remove | 删除网络 |
docker network create 创建网络
docker network create [options] network
-d --drive # 网络驱动
--gateway # 网关地址
--subnet # 表示网段的CIDR格式的子网
--ipv6 # 启用ipv6
docker network inspect 查看网络详情
docker network inspect [options] network [network...]
-f --format # 指定格式
[root@VM-20-6-centos ~]# docker network inspect mynet1
[
{
"Name": "mynet1",
"Id": "aebaa2f893e6477fe7ec594820272f38cb7b325845e5d32444de488879d7e5ed",
"Created": "2023-06-04T16:55:39.854719327+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {}, # 哪些容器在使用
"Options": {},
"Labels": {}
}
]
docker network connect
docker network connect [options] network container
--ip # 指定IP地址
--ip6 # 指定IPv6地址
[root@VM-20-6-centos ~]# docker network connet mynet4 busybox1;
[root@VM-20-6-centos ~]# docker network inspect mynet004
[
{
"Name": "mynet004",
"Id": "bd9ed3d0cf058f215844bc8b067991888702ab68a57c2e27548aa77906fa8cfa",
"Created": "2023-06-04T21:55:26.65155198+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "10.2.0.0/16"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"dd634166f9b0a87c4dc9f7d525fffd530fc4af65d89b54cb88bf75bc792a8546": {
"Name": "busybox1", # busybox1容器已经连入
"EndpointID": "2387673b05b4b50421f7ca6b0ee63f3684e5ce2b0f16ba16f696d5e928889e9c",
"MacAddress": "02:42:0a:02:00:02",
"IPv4Address": "10.2.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
docker network disconnect [options] network container
-f # 强制退出
[root@VM-20-6-centos ~]# docker network disconnect mynet004 busybox1
docker network prune 批量删除不适用的网络
docker network prune [options]
-f --force # 不提示
docker network rm
docker network rm NETWORK [NETWORK...]
-f # 强制退出
docker network list
-f --filter # 指定过滤条件
--format # 指定格式
--no-trunc # 不截断
-q # 仅显示ID
网络命令基本操作
# 两种方式加入网络,两种方式结果不一样
[root@VM-20-6-centos ~]# docker run -itd --network mynet6 --name busybox3 busybox
af5b41153161d5fa6428205977636b2982db54e0fd87f33b3d936ab55f9326c7
[root@VM-20-6-centos ~]# clear
[root@VM-20-6-centos ~]# docker network inspect mynet6
"Networks": {
"mynet6": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"af5b41153161"
],
"NetworkID": "5ed9068427b809af45a98db6bdabc17703856654d087722fe5bebdca0d57044b",
"EndpointID": "28fe48eceb5697b3ec9a5f9f9ea9baa302a0a4033b27fb00216168a57f5057f3",
"Gateway": "172.21.0.1",
"IPAddress": "172.21.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:15:00:02",
"DriverOpts": null
}
}
# 若创建容器时不指定network,那么会默认被假如bridge 网络
[root@VM-20-6-centos ~]# docker run -itd --name busybox4 busybox
5931f3c0ceea60f2f79ddb70ddcb3da94a724f34d11f308d2cdd5d4c0ab9dc1b
[root@VM-20-6-centos ~]# docker inspect busybox4
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "af6c09c844aa46bff72e8ef34357a45a27c8558827f979c0fa78826c33949cac",
"EndpointID": "f3aeba6d862b047cdcd6db9f138ea3e44226788c302bd109f94fbf9b85e465f5",
"Gateway": "172.17.0.1", # 网关
"IPAddress": "172.17.0.30",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:1e",
"DriverOpts": null
}
}
[root@VM-20-6-centos ~]# ifconfig
# docker0 桥的网关就是172.0.0.1 如果没有指定则默认加入到docker0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:e5ff:fefb:8bb8 prefixlen 64 scopeid 0x20<link>
ether 02:42:e5:fb:8b:b8 txqueuelen 0 (Ethernet)
RX packets 12480 bytes 1033554 (1009.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14808 bytes 104796010 (99.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 加入网络mynet6
[root@VM-20-6-centos ~]# docker network connect mynet6 busybox4
[root@VM-20-6-centos ~]# docker inspect busybox4
# 可以看到加入了两个网络,如果创建时直接指定可能会遗漏bridge网络
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "af6c09c844aa46bff72e8ef34357a45a27c8558827f979c0fa78826c33949cac",
"EndpointID": "f3aeba6d862b047cdcd6db9f138ea3e44226788c302bd109f94fbf9b85e465f5",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.30",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:1e",
"DriverOpts": null
},
"mynet6": {
"IPAMConfig": {},
"Links": null,
"Aliases": [
"5931f3c0ceea"
],
"NetworkID": "5ed9068427b809af45a98db6bdabc17703856654d087722fe5bebdca0d57044b",
"EndpointID": "cbc866887382d6e4f5565a2f80e4252c257d2297a4d2ba27a381a2078262dd7c",
"Gateway": "172.21.0.1",
"IPAddress": "172.21.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:15:00:03",
"DriverOpts": {}
}
}
Docker Bridge Internet
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ksopjRF7-1686150461600)(C:\Users\Lenovo\AppData\Roaming\Typora\typora-user-images\image-20230604224434363.png)]](https://img-blog.csdnimg.cn/6e5c543fcc9543368071e388e36d7528.png)
Docker 自定义桥接网络是支持通过Docker DNS服务进行域名解析的,也就是说我们可以直接使用容器名进行通信,因为DNS服务可以解析容器名到IP地址的映射,但是默认的bridge网络是不支持DNS的
[root@VM-20-6-centos ~]# docker run -itd --name busybox007 --network mybridge busybox
2c6b7aced7c95ae33e97b5cd20df3827d15dd775fc94ce6ef6ca8e00857a0cca
[root@VM-20-6-centos ~]# docker run -itd --name busybox008 --network mybridge busybox
f5a303aa3f33ad3a65e98d5bbd48b1a3a7590ae4fa05ffc559d776d808c0b896
[root@VM-20-6-centos ~]# docker exec -it busybox007 sh
/ # ping busybox008
PING busybox008 (172.22.0.3): 56 data bytes
64 bytes from 172.22.0.3: seq=0 ttl=64 time=0.138 ms
64 bytes from 172.22.0.3: seq=1 ttl=64 time=0.126 ms
^C
--- busybox008 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.126/0.132/0.138 ms
docker Host Internet
Docker 容器运行默认都会分配独立的 Network Namespace 隔离子系统, 但是如果基于 host 网络模式,容器将不会获得一个独立的 Network Namespace,而是和宿主机共用同一个 Network Namespace,容器将不会虚拟出自己的网卡,IP 等,而是直接使用宿主机的 IP 和端口。
Docker Container Internet
[root@VM-20-6-centos ~]# docker run -itd --name busybox012 busybox
a90e72e93973fb44f1ed0ad6aeae9dfdc2304aee8b314317143674eba4fe0458
[root@VM-20-6-centos ~]# docker rm busybox013
busybox013
[root@VM-20-6-centos ~]# docker run -itd --name busybox013 --network container:busybox012 busybox
ef2ba6512b87981341c052c2ba9ecac1fb96bd85471ace2686f619ef6cda1b2e
# 可以看到busybox013的网络部分是空的
[root@VM-20-6-centos ~]# docker inspect busybox013
"NetworkSettings": {
"Bridge": "",
"SandboxID": "",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {}
}
# 进入两个容器输入ifconfig 可以看到两个容器的IP地址一摸一样
# 将busybox012停了,发现busybox013的网络也没了
[root@VM-20-6-centos ~]# docker stop busybox012
busybox012
[root@VM-20-6-centos ~]# docker exec -it busybox013 sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
# 重启宿主容器发现busybox013网络还没有恢复,需要重启busybox013才可以重新恢复网络
[root@VM-20-6-centos ~]# docker restart busybox012
busybox012
[root@VM-20-6-centos ~]# docker exec -it busybox013 sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Docker None Internet
none网络就是指没有网络。挂在这个网络下的容器除了lo(本地回环),没有任何其它网卡。
使用场景:
1、 针对一些对安全性要求比较高并且不需要联网的应用,可以使用None网络,比如生成随机密码,避免生成的密码被第三方获取
2、一些第三方容器可能需要Docker 帮忙创建一个没有网络的容器,网络由第三方进行配置
