文章目錄
- 1、網絡通訊
- 命名空間類型
- 2、網絡模式
- Docker服務預設存在四組網絡模式
- 3、端口映射
- -p : 容器指定端口映射為本地随機端口;
- -p : 容器指定端口映射為本地指定端口;
- -p :: 容器指定端口映射為本地指定IP位址的随機端口;
- -p :: 容器指定端口映射為本地指定IP位址的指定端口;
- -P 容器暴露所有需要的端口
- 4、網絡類型
- 網絡模式指令支援操作
- 建立新的網絡模式
- 示範案例
1、網絡通訊
預設情況下,Docker服務預設使用172.17.0.0/16位址段作為部署IP位址池,使用實體機預設的DNS解析位址作為容器的DNS解析位址;
#檢視docker0(預設橋接網卡)IP位址資訊
[root@localhost ~]# ifconfig docker0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:2eff:fe8b:ca95 prefixlen 64 scopeid 0x20<link>
ether 02:42:2e:8b:ca:95 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 35 bytes 4476 (4.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#建立容器
[root@localhost ~]# docker run --name test-001 -it -d centos
ffb47561cefdced48f188624e7b6ec92667ca74df34de76dc57d1a9e4c20760d
#檢視容器IP位址資訊
[root@localhost ~]# docker exec -it test-001 /bin/bash
[root@ffb47561cefd /]# ip a s eth0 | awk 'NR==3{print($2)}'
172.17.0.2/16
#檢視容器DNS解析位址
[root@ffb47561cefd /]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 114.114.114.114 若是容器需要通路外網或被外網通路,則需要配置iptables/firewalld(CentOS/Redhat 7版本作為分界線,iptables運作在7版本以下系統,firewalld運作在7或7版本以上系統)
#容器通路外部網絡
[root@localhost ~]# iptables -t nat -A POSTROUTING -s 172.17.0.0/16 -o docker0 -j MASQUERADE
#外部網絡通路容器
[root@localhost ~]# docker run -d -p 8080:8080 tomcat
79d61ca43d1da6d70c9e36782fcfb80ff8080d703948b2979a8955d27375da07
[root@localhost ~]# iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
[root@localhost ~]# iptables -t nat -A DOCKER ! -i docker0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 172.17.0.3:8080
#檢視iptables
[root@localhost ~]# iptables -n -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 172.17.0.3 tcp dpt:8080
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
#清除iptables
[root@localhost ~]# iptables -F 命名空間類型
[root@localhost ~]# cat /etc/docker/daemon.json
{
"insecure-registries": ["10.81.20.166"],
"registry-mirrors": ["https://sta7qavr.mirror.aliyuncs.com"],
"bip": "10.1.1.0/16",
"default-gateway": "10.1.1.1",
"dns": ["8.8.8.8"]
}
[root@Redhat8 ~]# ifconfig docker0 | awk 'NR==2{print($2)}'
10.1.1.0
[root@cb4f1de96a62 /]# ip a s eth0 | awk 'NR==3{print($2)}'
10.1.0.1/16
[root@cb4f1de96a62 /]# cat /etc/resolv.conf
nameserver 8.8.8.8
[root@cb4f1de96a62 /]# exit
exit 2、網絡模式
#檢視目前網絡類型
[root@Redhat8 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
12930f8f3234 bridge bridge local
36bc694a9c97 host host local
630f41c63fe4 none null local Docker服務預設存在四組網絡模式
- bridge :網橋模式,預設網絡模式,容器使用docker0網卡進行外部通路;
- host :主機模式,沒有獨立的網絡,容器使用實體機的網卡與端口進行外部通路;
- none :無網絡模式,隻存在一個loopback接口;
- container :容器模式,将新部署的容器橋接到另一個容器上,使用橋接容器的網卡進行外部通路;
#bridge模式,容器預設使用docker0 172.17.0.0/16網段内IP位址;
[root@localhost ~]# docker run -it --name test-001 --network=bridge -d centos
e13d92b7991a7058203c249eb152dacccbb5e96c3efd9ab6ee2757efe84ea78c
[root@localhost ~]# docker exec -it test-001 /bin/bash
[root@e13d92b7991a /]# ip a s eth0
14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@e13d92b7991a /]# exit
exit
#host模式,容器使用實體機IP位址;
[root@localhost ~]# docker run -it --name test-002 --network=host -d centos
6e73789654ed0a17b3af2dfe9418596a57f471a5188357d317e265562cf9205e
[root@localhost ~]# docker exec -it test-002 /bin/bash
[root@localhost /]# ip a s ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:4f:69:f7 brd ff:ff:ff:ff:ff:ff
inet 10.81.20.166/24 brd 10.81.20.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet6 fe80::160a:f93d:9f22:317e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost /]# exit
exit
#none模式,容器不能通路外網,隻存在127.0.0.1/8環回位址;
[root@localhost ~]# docker run -it --name test-003 --network=none -d centos
bdbf5dd51cb5c12ceef5f034c3fb318855f6681d3e5fdc060c8225488f2fd92c
[root@localhost ~]# docker exec -it test-003 /bin/bash
[root@bdbf5dd51cb5 /]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
[root@bdbf5dd51cb5 /]# exit
exit
#檢視運作中的容器
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bdbf5dd51cb5 centos "/bin/bash" 35 seconds ago Up 34 seconds test-003
6e73789654ed centos "/bin/bash" 2 minutes ago Up 2 minutes test-002
e13d92b7991a centos "/bin/bash" 4 minutes ago Up 4 minutes test-001
#停止所有正在運作的docker
[root@Redhat8 ~]# docker stop $(docker ps -q)
#删除所有建立過的docker(需要謹慎操作)
[root@Redhat8 ~]# docker rm -f $(docker ps -a -q) 3、端口映射
-p : 容器指定端口映射為本地随機端口;
[root@localhost ~]# docker run --name tomcat-001 -it -p :8080 -d tomcat
3871b4edc6e10024f0fbaa4f9dc47ff4d7dfb105e6b61525d37d4ba403ae3e5f
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3871b4edc6e1 tomcat "catalina.sh run" 4 seconds ago Up 3 seconds 0.0.0.0:49153->8080/tcp, :::49153->8080/tcp tomcat-001 -p : 容器指定端口映射為本地指定端口;
[root@localhost ~]# docker run --name tomcat-002 -it -p 8081:8080 -d tomcat
935a92d9f629e73120244108513250692e13c6db50a5bcad48b911abc75fbb4a
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
935a92d9f629 tomcat "catalina.sh run" 4 seconds ago Up 3 seconds 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp tomcat-002
3871b4edc6e1 tomcat "catalina.sh run" About a minute ago Up About a minute 0.0.0.0:49153->8080/tcp, :::49153->8080/tcp tomcat-001 -p :: 容器指定端口映射為本地指定IP位址的随機端口;
[root@localhost ~]# docker run --name tomcat-003 -it -p 10.81.20.166::8080 -d tomcat
be8ac8211999d411c741d6e49c5c60ea05d1333f0cbe50e6ef328ff6a123d9ad
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
be8ac8211999 tomcat "catalina.sh run" 5 seconds ago Up 4 seconds 10.81.20.166:49154->8080/tcp tomcat-003
935a92d9f629 tomcat "catalina.sh run" 47 seconds ago Up 46 seconds 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp tomcat-002
3871b4edc6e1 tomcat "catalina.sh run" About a minute ago Up About a minute 0.0.0.0:49153->8080/tcp, :::49153->8080/tcp tomcat-001 -p :: 容器指定端口映射為本地指定IP位址的指定端口;
[root@localhost ~]# docker run --name tomcat-004 -it -p 10.81.20.166:8082:8080 -d tomcat
ba6ce46728865dbbdb007f0e55330173804db2d6f526abe32b65ea8da8b7edaa
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ba6ce4672886 tomcat "catalina.sh run" 3 seconds ago Up 2 seconds 10.81.20.166:8082->8080/tcp tomcat-004
be8ac8211999 tomcat "catalina.sh run" 41 seconds ago Up 40 seconds 10.81.20.166:49154->8080/tcp tomcat-003
935a92d9f629 tomcat "catalina.sh run" About a minute ago Up About a minute 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp tomcat-002
3871b4edc6e1 tomcat "catalina.sh run" 2 minutes ago Up 2 minutes 0.0.0.0:49153->8080/tcp, :::49153->8080/tcp tomcat-001 -P 容器暴露所有需要的端口
[root@localhost ~]# docker run --name tomcat-005 -it -P -d tomcat
ea10cb8c7a8dead5a826a1e32a8f1e44da3aa5c8d95ba7346702fb994a77ad6d
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ea10cb8c7a8d tomcat "catalina.sh run" 2 seconds ago Up 1 second 0.0.0.0:49155->8080/tcp, :::49154->8080/tcp tomcat-005
ba6ce4672886 tomcat "catalina.sh run" 26 seconds ago Up 24 seconds 10.81.20.166:8082->8080/tcp tomcat-004
be8ac8211999 tomcat "catalina.sh run" About a minute ago Up About a minute 10.81.20.166:49154->8080/tcp tomcat-003
935a92d9f629 tomcat "catalina.sh run" About a minute ago Up About a minute 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp tomcat-002
3871b4edc6e1 tomcat "catalina.sh run" 2 minutes ago Up 2 minutes 0.0.0.0:49153->8080/tcp, :::49153->8080/tcp tomcat-001 #檢視某個容器的端口映射資訊
[root@localhost ~]# docker port tomcat-005
8080/tcp -> 0.0.0.0:49155
8080/tcp -> :::49154 4、網絡類型
#檢視目前網絡模式
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
edad5cd6d9c6 bridge bridge local /橋接網卡;
36bc694a9c97 host host local /本地主機;
630f41c63fe4 none null local /無連接配接; 網絡模式指令支援操作
[root@Redhat8 ~]# docker network
connect /連接配接;
create /建立;
disconnect /斷開連接配接;
inspect /檢查;
ls /清單;
prune /修剪;
rm /删除; 建立新的網絡模式
[root@localhost ~]# docker network create --help
Usage: docker network create [OPTIONS] NETWORK
Create a network
Options:
--attachable Enable manual container attachment
--aux-address map Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[])
--config-from string The network from which to copy the configuration
--config-only Create a configuration only network
-d, --driver string Driver to manage the Network (default "bridge")
--gateway strings IPv4 or IPv6 Gateway for the master subnet
--ingress Create swarm routing-mesh network
--internal Restrict external access to the network
--ip-range strings Allocate container ip from a sub-range
--ipam-driver string IP Address Management Driver (default "default")
--ipam-opt map Set IPAM driver specific options (default map[])
--ipv6 Enable IPv6 networking
--label list Set metadata on a network
-o, --opt map Set driver specific options (default map[])
--scope string Control the network's scope
--subnet strings Subnet in CIDR format that represents a network segment 示範案例
#建立一個新的橋接網絡模式
[root@localhost ~]# docker network create -d bridge bridge-test-001
6a2806ba56a9ea2751677d79093c32aba5478041bc061a4f708ba7da371df2ae
#檢視新建立的橋接網絡模式
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
edad5cd6d9c6 bridge bridge local
6a2806ba56a9 bridge-test-001 bridge local
36bc694a9c97 host host local
630f41c63fe4 none null local
#檢查新建立的橋接網絡模式
[root@localhost ~]# docker network inspect bridge-test-001
[
{
"Name": "bridge-test-001",
"Id": "6a2806ba56a9ea2751677d79093c32aba5478041bc061a4f708ba7da371df2ae",
"Created": "2021-11-16T22:21:41.545116549+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
#新的橋接網絡模式衍生新的網卡與位址範圍
[root@localhost ~]# ifconfig
br-6a2806ba56a9: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:1a:6f:58:b1 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#删除新建立的橋接網絡模式
[root@Redhat8 ~]# docker network rm bridge-test-001
bridge-test-001 ![【MySQL資料庫】資料庫索引事務1.索引2.事務[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)