目录
1、docker网络模式
2、容器和容器之间是如何互通
3、容器之间互通 --link
3、自定义网络
4、不通网段的容器进行网络互通
1、docker网络模式
docker 网络模式采用的是桥接模式,当我们创建了一个容器后docker网络就会帮我们创建一个虚拟网卡,这个虚拟网卡和我们的容器网络是一一对应(成对出现)。默认创建的容器都是docker0网卡。
2、容器和容器之间是如何互通
当我们创建一个容器时没有指定容器网络时,docker会默认走docker0网络,docker会默认在虚拟机上创建一个虚拟网卡这个网卡地址会和我们容器地址对应。此时会出现我们可以通过互ping容器的ip 地址可ping通容器,但是通过容器名互ping是无法ping通,因技术要求需要我们自定义网络ip达到互通;默认创建的容器都是docker0网卡。
##查看Tomcat01 的ip地址 docker exec -it tomcat01 ip addr
[root@localhost ~]# docker exec -it tomcat01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
##查看Tomcat02 的ip地址 docker exec -it tomcat02 ip addr
[root@localhost ~]# docker exec -it tomcat02 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
##用Tomcat01 的ip ping Tomcat02 的ip docker exec -it tomcat01 ping 172.17.0.2
[root@localhost ~]# docker exec -it tomcat01 ping -c 3 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.071 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.051 ms
64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.074 ms
--- 172.17.0.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.051/0.065/0.074/0.012 ms
####用Tomcat01 的ip ping Tomcat02名称(不通) docker exec -it tomcat01 ping Tomcat02
[root@localhost ~]# docker exec -it tomcat01 ping tomcat02
ping: unknown host tomcat02
3、容器之间互通 --link
我们可以使用link来达到容器之间的互通
##使用link来实现Tomca01 可以ping通 Tomcat02 docker run -d --name tomcat01 --link tomcat02 tomcat:8.0
[root@localhost ~]# docker run -d --name tomcat02 tomcat:8.0
863a3c34388d560406716f8ff46ffc94dec44fb2e42b129bc5bd505d878fc736
[root@localhost ~]# docker run -d --name tomcat01 --link tomcat02 tomcat:8.0
ea2bebceb939c0c6dac31b475045c4a1dcde9511df9e2948665ac45bd003abd4
##用Tomcat01 ping tomcat02 docker exec -it tomcat01 ping tomcat02
[root@localhost ~]# docker exec -it tomcat01 ping -c 3 tomcat02
PING tomcat02 (172.17.0.2) 56(84) bytes of data.
64 bytes from tomcat02 (172.17.0.2): icmp_seq=1 ttl=64 time=0.093 ms
64 bytes from tomcat02 (172.17.0.2): icmp_seq=2 ttl=64 time=0.054 ms
64 bytes from tomcat02 (172.17.0.2): icmp_seq=3 ttl=64 time=0.054 ms
--- tomcat02 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.054/0.067/0.093/0.018 ms
##使用Tomcat02来ping tomcat01 (ping不通) docker exec -it tomcat02 ping tomcat01
[root@localhost ~]# docker exec -it tomcat02 ping -c 3 tomcat01
ping: unknown host tomcat01
使用link其实是在容器内部 /etc/hosts 中添加了对应的映射关系。如果删除了就不能互通。
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ea2bebceb939 tomcat:8.0 "catalina.sh run" 5 minutes ago Up 5 minutes 8080/tcp tomcat01
863a3c34388d tomcat:8.0 "catalina.sh run" 6 minutes ago Up 6 minutes 8080/tcp tomcat02
[root@localhost ~]# docker exec -it tomcat01 /bin/bash
root@ea2bebceb939:/usr/local/tomcat# cd /etc
root@ea2bebceb939:/etc# cat hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 tomcat02 863a3c34388d
172.17.0.3 ea2bebceb939
3、自定义网络
##查看帮助文档
[root@localhost ~]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run 'docker network COMMAND --help' for more information on a command.
[root@localhost ~]# docker network create --help
Usage: docker network create [OPTIONS] NETWORK
Create a network
Options:
--attachable Enable manual container attachment
--aux-address map Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[])
--config-from string The network from which to copy the configuration
--config-only Create a configuration only network
-d, --driver string Driver to manage the Network (default "bridge")
--gateway strings IPv4 or IPv6 Gateway for the master subnet
--ingress Create swarm routing-mesh network
--internal Restrict external access to the network
--ip-range strings Allocate container ip from a sub-range
--ipam-driver string IP Address Management Driver (default "default")
--ipam-opt map Set IPAM driver specific options (default map[])
--ipv6 Enable IPv6 networking
--label list Set metadata on a network
-o, --opt map Set driver specific options (default map[])
--scope string Control the network's scope
--subnet strings Subnet in CIDR format that represents a network segment
##自定义网络NTtomcat
[root@localhost ~]# docker network create --driver bridge --subnet 192.168.123.1/16 --gateway 192.168.123.1 NTtomcat
388c65d9e6dc3a685d9dfc07e6cd77b7df753b9790ececd2a4917c486c999fd5
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
388c65d9e6dc NTtomcat bridge local
a468667c9afc bridge bridge local
9ed8bb46f222 host host local
cf4382a12125 none null local
##--driver bridge 桥接模式 如果不指定默认为bridge
##--subnet 192.168.0.1/16 子网范围内的。0~16,也就是 255*255,去掉0个255,我们有65534可以分配的ip
##gateway 192.168.0.1 指定网关
##mynetwork 网络名称(路由名称)
##创建自定义容器tomcat01-01 和tomcat02-02
[root@localhost ~]# docker run -d --name tomcat01-01 --ip 192.168.123.10 --network NTtomcat --hostname tomcat01-01 tomcat:8.0
710087d898e573015590421594d468e6f7b86cee81badcb76d3370f4decd113d
[root@localhost ~]# docker run -d --name tomcat02-02 --ip 192.168.123.11 --network NTtomcat --hostname tomcat02-02 tomcat:8.0
e7804543a17de40136c883c1ae767d185fd033c0503751449f4b04a7bcc2b479
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7804543a17d tomcat:8.0 "catalina.sh run" 7 seconds ago Up 7 seconds 8080/tcp tomcat02-02
710087d898e5 tomcat:8.0 "catalina.sh run" About a minute ago Up About a minute 8080/tcp tomcat01-01
ea2bebceb939 tomcat:8.0 "catalina.sh run" 25 minutes ago Up 25 minutes 8080/tcp tomcat01
863a3c34388d tomcat:8.0 "catalina.sh run" 26 minutes ago Up 26 minutes 8080/tcp tomcat02
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
388c65d9e6dc NTtomcat bridge local
a468667c9afc bridge bridge local
9ed8bb46f222 host host local
cf4382a12125 none null local
##查看NTnetwork 路由下的容器,下面已经多出来Tomcat01-01和Tomcat02-02容器的网络地址
[root@localhost ~]# docker network inspect NTtomcat
[
{
"Name": "NTtomcat",
"Id": "388c65d9e6dc3a685d9dfc07e6cd77b7df753b9790ececd2a4917c486c999fd5",
"Created": "2023-07-20T09:11:11.409974483+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.123.1/16",
"Gateway": "192.168.123.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"710087d898e573015590421594d468e6f7b86cee81badcb76d3370f4decd113d": {
"Name": "tomcat01-01",
"EndpointID": "f068d52745d677dd2b67c4e091f8e7bb4364688a6047cb47bd69d2e95f7f5267",
"MacAddress": "02:42:c0:a8:7b:0a",
"IPv4Address": "192.168.123.10/16",
"IPv6Address": ""
},
"e7804543a17de40136c883c1ae767d185fd033c0503751449f4b04a7bcc2b479": {
"Name": "tomcat02-02",
"EndpointID": "1261a1c9ecf877597564f3c76ce1b73da82533361f8bf0887c46c3b377fe7647",
"MacAddress": "02:42:c0:a8:7b:0b",
"IPv4Address": "192.168.123.11/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
##查看Tomcat01-01 ip地址
[root@localhost ~]# docker exec -it tomcat01-01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:7b:0a brd ff:ff:ff:ff:ff:ff
inet 192.168.123.10/16 brd 192.168.255.255 scope global eth0
valid_lft forever preferred_lft forever
##查看Tomcat01-01 ip地址
[root@localhost ~]# docker exec -it tomcat02-02 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
26: eth0@if27: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:7b:0b brd ff:ff:ff:ff:ff:ff
inet 192.168.123.11/16 brd 192.168.255.255 scope global eth0
valid_lft forever preferred_lft forever
##使用Tomcat01-01 ping Tomcat02-02
[root@localhost ~]# docker exec -it tomcat01-01 ping -c 2 tomcat02-02
PING tomcat02-02 (192.168.123.11) 56(84) bytes of data.
64 bytes from tomcat02-02.NTtomcat (192.168.123.11): icmp_seq=1 ttl=64 time=0.124 ms
64 bytes from tomcat02-02.NTtomcat (192.168.123.11): icmp_seq=2 ttl=64 time=0.054 ms
--- tomcat02-02 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.054/0.089/0.124/0.035 ms
##使用Tomcat02-02 ping Tomcat01-01
[root@localhost ~]# docker exec -it tomcat02-02 ping -c 2 tomcat01-01
PING tomcat01-01 (192.168.123.10) 56(84) bytes of data.
64 bytes from tomcat01-01.NTtomcat (192.168.123.10): icmp_seq=1 ttl=64 time=0.058 ms
64 bytes from tomcat01-01.NTtomcat (192.168.123.10): icmp_seq=2 ttl=64 time=0.052 ms
--- tomcat01-01 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.052/0.055/0.058/0.003 ms
4、不通网段的容器进行网络互通
tomcat01 网络ip 为172.17.0.2
##用Tomcat01 ping tomcat01-01
[root@localhost ~]# docker exec -it tomcat01 ping tomcat01-01
ping: unknown host tomcat01-01
##使用docker network connect 将容器Tomcat01 加入到NTtomcat
[root@localhost ~]# docker network connect NTtomcat taomcat01
[root@localhost ~]# docker exec -it taomcat01 ping -c 2 tomcat01-01
PING tomcat01-01 (192.168.123.10) 56(84) bytes of data.
64 bytes from tomcat01-01.NTtomcat (192.168.123.10): icmp_seq=1 ttl=64 time=0.080 ms
64 bytes from tomcat01-01.NTtomcat (192.168.123.10): icmp_seq=2 ttl=64 time=0.055 ms
^C
--- tomcat01-01 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.055/0.061/0.080/0.013 ms
##查看NTtomcat 中添加的容器
[root@localhost ~]# docker network inspect NTtomcat
[
{
"Name": "NTtomcat",
"Id": "388c65d9e6dc3a685d9dfc07e6cd77b7df753b9790ececd2a4917c486c999fd5",
"Created": "2023-07-20T09:11:11.409974483+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.123.1/16",
"Gateway": "192.168.123.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"42b2bd9190d5b7de7e2e60b5eab41d6878f91abc517d25380af22ccc4ba05528": {
"Name": "taomcat01",
"EndpointID": "3e728f5b90751d45f0e00e69268d2bc9966b15c9578230fd5ab1c179551f6d23",
"MacAddress": "02:42:c0:a8:00:01",
"IPv4Address": "192.168.0.1/16",
"IPv6Address": ""
},
"710087d898e573015590421594d468e6f7b86cee81badcb76d3370f4decd113d": {
"Name": "tomcat01-01",
"EndpointID": "f068d52745d677dd2b67c4e091f8e7bb4364688a6047cb47bd69d2e95f7f5267",
"MacAddress": "02:42:c0:a8:7b:0a",
"IPv4Address": "192.168.123.10/16",
"IPv6Address": ""
},
"e7804543a17de40136c883c1ae767d185fd033c0503751449f4b04a7bcc2b479": {
"Name": "tomcat02-02",
"EndpointID": "1261a1c9ecf877597564f3c76ce1b73da82533361f8bf0887c46c3b377fe7647",
"MacAddress": "02:42:c0:a8:7b:0b",
"IPv4Address": "192.168.123.11/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]