溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務(wù)條款》

運維之我的docker-docker的網(wǎng)絡(luò)管理

發(fā)布時間:2020-04-08 09:42:25 來源:網(wǎng)絡(luò) 閱讀:771 作者:qq850900633 欄目:網(wǎng)絡(luò)管理


        docker引擎十分強(qiáng)大,本身包含了對容器的網(wǎng)絡(luò)驅(qū)動的支持。默認(rèn)docker會提供橋接(bridge)和覆蓋網(wǎng)絡(luò)(overlay ).


  • 橋接:物理網(wǎng)卡和虛擬網(wǎng)卡通過虛擬網(wǎng)絡(luò)內(nèi)的虛擬交換進(jìn)行橋接,對外通訊。

運維之我的docker-docker的網(wǎng)絡(luò)管理

  • 覆蓋網(wǎng)絡(luò):暫時只從官方看到是使用vxlan技術(shù)的網(wǎng)絡(luò),swarm使用這種加密網(wǎng)絡(luò)會更安全。

 

1.正常情況下如果你不實用swarm創(chuàng)建覆蓋性網(wǎng)絡(luò)需要安裝kvstore服務(wù)支持選型,例如consuletcdzookeeper

2.一個集群主機(jī)連接到kvstore

3.在每個swarm上配置集群引擎的daemon

注意:使用覆蓋性網(wǎng)絡(luò)時如果子網(wǎng)重復(fù)或覆蓋可能會導(dǎo)致容器無法使用網(wǎng)絡(luò)


每個安裝docker的用戶本地都會生成三個網(wǎng)絡(luò)如下:

[root@salt-node1 nginx-new]# docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

b60c9e065473        bridge              bridge              local              

a603808ad4ba        host                host                local              

48d3687c03f0        none                null                local   

 

 

橋接網(wǎng)卡你docker默認(rèn)網(wǎng)卡,除非你指定使用別的網(wǎng)絡(luò)方式。

[root@salt-node1
nginx-new]# docker run -itd --name=networktest training/webapp
f959f1626b03d965692d0d45f5307c062facac69eff2a33779a50293c35f662e
 
查看橋接網(wǎng)絡(luò)內(nèi)的全部信息
網(wǎng)段,網(wǎng)關(guān),容器IP
[root@salt-node1
nginx-new]#  docker network inspect
bridge
[
    {
        "Name": "bridge",
        "Id":
"b60c9e065473e9d0f8b5eaffc520b681d812e3edd4105cdeba39b5e09bb81ba0",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver":
"default",
            "Options": null,
            "Config": [
                {
                    "Subnet":
"172.17.0.0/16",
                    "Gateway":
"172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Containers":
{
           
"846953219c6d32025f2ec9b95ea57d50c2f6cc04fbf92047b8a0e5789d623026":
{
                "Name":
"zen_varahamihira",
                "EndpointID":
"d2f6b8fdfa73fc369c5c77465f79f9d7ada17d9d612b5397a3da227a5e133c1b",
                "MacAddress":
"02:42:ac:11:00:02",
                "IPv4Address":
"172.17.0.2/16",
                "IPv6Address":
""
            },
           
"f959f1626b03d965692d0d45f5307c062facac69eff2a33779a50293c35f662e":
{
                "Name":
"networktest",
                "EndpointID":
"3017afc38daac830d872606ffafe5254a408e30e2b10a5c65b0977ba60018c38",
                "MacAddress":
"02:42:ac:11:00:03",
                "IPv4Address":
"172.17.0.3/16",
                "IPv6Address":
""
            }
        },
        "Options": {
           
"com.docker.network.bridge.default_bridge": "true",
           
"com.docker.network.bridge.enable_icc": "true",
           
"com.docker.network.bridge.enable_ip_masquerade":
"true",
           
"com.docker.network.bridge.host_binding_ipv4":
"0.0.0.0",
           
"com.docker.network.bridge.name": "docker0",
           
"com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]
[root@salt-node1
nginx-new]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                     NAMES
f959f1626b03        training/webapp     "python app.py"     4 minutes ago       Up 4 minutes        5000/tcp                  networktest
846953219c6d        training/webapp     "python app.py"     25 hours ago        Up 25 hours         0.0.0.0:32768->5000/tcp   zen_varahamihira

 

從橋接網(wǎng)絡(luò)移除指定容器

[root@salt-node1
nginx-new]# docker network disconnect bridge networktest

 

創(chuàng)建一個自己的橋接網(wǎng)絡(luò)

 

    docker引擎天生再帶橋接網(wǎng)絡(luò)和覆蓋性網(wǎng)絡(luò),docker橋接網(wǎng)絡(luò)僅限于單機(jī)運行,如果出現(xiàn)多機(jī)集群就有問題了。這時候覆蓋型網(wǎng)絡(luò)更能滿足你的需求,它可以包括多個主機(jī),是一種高級的主題。

docker network create -d [network type]  [network name]

 

[root@salt-node1
nginx-new]# docker network create -d bridge nginxs-bridge-network
b67220ae9284c802cd48dca1239026b7539c58b97ef19b19ae8b5d7c7ce13d62
[root@salt-node1
nginx-new]# docker network ls
NETWORK ID          NAME                    DRIVER              SCOPE
b60c9e065473        bridge                  bridge              local              
a603808ad4ba        host                    host                local              
b67220ae9284        nginxs-bridge-network   bridge              local              
48d3687c03f0        none                    null                local

 

查看新的網(wǎng)絡(luò)信息

[root@salt-node1
nginx-new]# docker network inspect nginxs-bridge-network
[
    {
        "Name":
"nginxs-bridge-network",
        "Id":
"b67220ae9284c802cd48dca1239026b7539c58b97ef19b19ae8b5d7c7ce13d62",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver":
"default",
            "Options": {},
            "Config": [
                {
                    "Subnet":
"172.18.0.0/16",
                    "Gateway":
"172.18.0.1/16"
                }
            ]
        },
        "Internal": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

 

添加一個容器到指定網(wǎng)絡(luò)

      創(chuàng)建一個網(wǎng)絡(luò)使得你的web應(yīng)用在不通的網(wǎng)絡(luò)下進(jìn)行隔離這樣才是安全的。當(dāng)你第一次運行一個容器的時候你可以把它添加到一個新的網(wǎng)絡(luò)。默認(rèn)情況下兩個橋接網(wǎng)絡(luò)的容器是完全不能相互通訊的,要想兩個網(wǎng)絡(luò)下的指定容器可以互相通訊會做介紹。

參數(shù):--net=[network name]

 

[root@salt-node1
nginx-new]# docker run -d --net=nginxs-bridge-network --name db
training/postgres
Unable to find p_w_picpath
'training/postgres:latest' locally
latest: Pulling from
training/postgres
a3ed95caeb02: Pull
complete
6e71c809542e: Pull
complete
2978d9af87ba: Pull
complete
e1bca35b062f: Pull
complete
500b6decf741: Pull
complete
74b14ef2151f: Pull
complete
7afd5ed3826e: Pull
complete
3c69bb244f5e: Pull
complete
d86f9ec5aedf: Pull
complete
010fabf20157: Pull
complete
Digest:
sha256:a945dc6dcfbc8d009c3d972931608344b76c2870ce796da00a827bd50791907e
Status: Downloaded
newer p_w_picpath for training/postgres:latest
4b0bc86f18596e6c24a505a40c759e09c1fd7520a487bf2f278348c641c5240f

 

查看指定容器的網(wǎng)絡(luò)配置

[root@salt-node1
nginx-new]# docker inspect --format='{{json .NetworkSettings.Networks}}'  db
{"nginxs-bridge-network":{"IPAMConfig":null,"Links":null,"Aliases":["4b0bc86f1859"],"NetworkID":"b67220ae9284c802cd48dca1239026b7539c58b97ef19b19ae8b5d7c7ce13d62","EndpointID":"99b9f2f973335447640639e146614ab6f4857b0d1e30f5ed6f9b507f645e137a","Gateway":"172.18.0.1","IPAddress":"172.18.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:12:00:02"}}
 
[root@salt-node1 ~]#
docker inspect --format='{{range
.NetworkSettings.Networks}}``.`IPAddress``end`' db
172.18.0.2

 

指定容器可以連接到指定網(wǎng)絡(luò)

docker network connect  [network name]  [CONTAINER NAME]

 

[root@salt-node1 ~]#
docker network connect nginxs-bridge-network db2
 
[root@salt-node1
nginx-new]# docker exec -it db2 bash
root@cf9b593a29bc:/#
ping 172.18.0.2
PING 172.18.0.2
(172.18.0.2) 56(84) bytes of data.
64 bytes from
172.18.0.2: icmp_seq=74 ttl=64 time=0.130 ms
64 bytes from
172.18.0.2: icmp_seq=75 ttl=64 time=0.116 ms
64 bytes from
172.18.0.2: icmp_seq=76 ttl=64 time=0.119 ms

 


向AI問一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報,并提供相關(guān)證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI