當(dāng)前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

docker网络的配置

發(fā)布時間：2023/12/20 编程问答 19 豆豆

生活随笔收集整理的這篇文章主要介紹了 docker网络的配置小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.

docker網(wǎng)絡(luò)的配置

Linux內(nèi)核實現(xiàn)名稱空間的創(chuàng)建

ip netns命令

可以借助ip netns命令來完成對 Network Namespace 的各種操作。ip netns命令來自于iproute安裝包，一般系統(tǒng)會默認安裝，如果沒有的話，請自行安裝。

注意：ip netns命令修改網(wǎng)絡(luò)配置時需要 sudo 權(quán)限。

可以通過ip netns命令完成對Network Namespace 的相關(guān)操作，可以通過ip netns help查看命令幫助信息：

[root@localhost ~]# ip netns help (屬于Linux內(nèi)核的命令，所以不加 "--"help) Usage: ip netns listip netns add NAMEip netns attach NAME PIDip netns set NAME NETNSIDip [-all] netns delete [NAME]ip netns identify [PID]ip netns pids NAMEip [-all] netns exec [NAME] cmd ...ip netns monitorip netns list-id [target-nsid POSITIVE-INT] [nsid POSITIVE-INT] NETNSID := auto | POSITIVE-INT

默認情況下，Linux系統(tǒng)中是沒有任何 Network Namespace的，所以ip netns list命令不會返回任何信息。

[root@localhost ~]# ip netns list # 列出 [root@localhost ~]#

創(chuàng)建Network Namespace

通過命令創(chuàng)建一個名為ns0的命名空間：

[root@localhost ~]# ip netns add ns0 # 創(chuàng)建ns0的命名空間 [root@localhost ~]# ip netns list # 列出 ns0

新創(chuàng)建的 Network Namespace 會出現(xiàn)在/var/run/netns/目錄下。如果相同名字的 namespace 已經(jīng)存在，命令會報Cannot create namespace file “/var/run/netns/ns0”: File exists的錯誤。

[root@localhost ~]# ls /var/run/netns ns0 [root@localhost ~]# ip netns add ns0 Cannot create namespace file "/var/run/netns/ns0": File exists# 手動創(chuàng)建在/var/run/netns下也是不認可的 [root@localhost ~]# touch /var/run/netns/ns1 [root@localhost ~]# ip netns list Error: Peer netns reference is invalid. # 報錯 Error: Peer netns reference is invalid. ns1 ns0# 刪除 [root@localhost ~]# ip netns del ns1 [root@localhost ~]# ip netns list # 再次查看無報錯 ns0

對于每個 Network Namespace 來說，它會有自己獨立的網(wǎng)卡、路由表、ARP 表、iptables 等和網(wǎng)絡(luò)相關(guān)的資源。

操作Network Namespace

ip命令提供了ip netns exec子命令可以在對應(yīng)的 Network Namespace 中執(zhí)行命令。

查看新創(chuàng)建 Network Namespace 的網(wǎng)卡信息

[root@localhost ~]# ip netns exec ns0 ip addr 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

可以看到，新創(chuàng)建的Network Namespace中會默認創(chuàng)建一個lo回環(huán)網(wǎng)卡，此時網(wǎng)卡處于關(guān)閉狀態(tài)。此時，嘗試去 ping 該lo回環(huán)網(wǎng)卡，會提示Network is unreachable

[root@localhost ~]# ip netns exec ns0 ping 127.0.0.1 connect: Network is unreachable # 連接：網(wǎng)絡(luò)不可達

通過下面的命令啟用lo回環(huán)網(wǎng)卡：

[root@localhost ~]# ip netns exec ns0 ip link set lo up [root@localhost ~]# ip netns exec ns0 ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.042 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.053 ms

轉(zhuǎn)移設(shè)備

我們可以在不同的 Network Namespace 之間轉(zhuǎn)移設(shè)備（如veth）。由于一個設(shè)備只能屬于一個 Network Namespace ，所以轉(zhuǎn)移后在這個 Network Namespace 內(nèi)就看不到這個設(shè)備了。

其中，veth設(shè)備屬于可轉(zhuǎn)移設(shè)備，而很多其它設(shè)備（如lo、vxlan、ppp、bridge等）是不可以轉(zhuǎn)移的。

veth pair

veth pair 全稱是 Virtual Ethernet Pair，是一個成對的端口，所有從這對端口一端進入的數(shù)據(jù)包都將從另一端出來，反之也是一樣。
引入veth pair是為了在不同的 Network Namespace 直接進行通信，利用它可以直接將兩個 Network Namespace 連接起來。

創(chuàng)建veth pair

[root@localhost ~]# ip a # 創(chuàng)建前 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:21:52:e8 brd ff:ff:ff:ff:ff:ffinet 192.168.220.17/24 brd 192.168.220.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::1792:21f6:7f28:5ffa/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:a1:e4:66:9d brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft forever[root@localhost ~]# ip link add type veth # 創(chuàng)建 [root@localhost ~]# ip a # 查看 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:21:52:e8 brd ff:ff:ff:ff:ff:ffinet 192.168.220.17/24 brd 192.168.220.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::1792:21f6:7f28:5ffa/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:a1:e4:66:9d brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft forever 4: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000 # 新創(chuàng)建的link/ether d6:90:9d:4e:95:77 brd ff:ff:ff:ff:ff:ff 5: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000 # 新創(chuàng)建的link/ether 9e:79:1e:8a:72:3d brd ff:ff:ff:ff:ff:ff

可以看到，此時系統(tǒng)中新增了一對veth pair，將veth0和veth1兩個虛擬網(wǎng)卡連接了起來，此時這對 veth pair 處于”未啟用“狀態(tài)。

實現(xiàn)Network Namespace間通信

下面我們利用veth pair實現(xiàn)兩個不同的 Network Namespace 之間的通信。剛才我們已經(jīng)創(chuàng)建了一個名為ns0的 Network Namespace，下面再創(chuàng)建一個信息Network Namespace，命名為ns1

[root@localhost ~]# ip netns list ns0 [root@localhost ~]# ip netns add ns1 [root@localhost ~]# ip netns list ns1 ns0

然后我們將veth0加入到ns0，將veth1加入到ns1

[root@localhost ~]# ip link set veth0 netns ns0 [root@localhost ~]# ip link set veth1 netns ns1

然后我們分別為這對veth pair配置上ip地址，并啟用它們

[root@localhost ~]# ip netns exec ns0 ip link set veth0 up [root@localhost ~]# ip netns exec ns0 ip addr add 192.168.2.1/24 dev veth0[root@localhost ~]# ip netns exec ns1 ip link set veth1 up [root@localhost ~]# ip netns exec ns1 ip addr add 192.168.2.2/24 dev veth1

查看這對veth pair的狀態(tài)

[root@localhost ~]# ip netns exec ns0 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever 4: veth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000link/ether d6:90:9d:4e:95:77 brd ff:ff:ff:ff:ff:ff link-netns ns1inet 192.168.2.1/24 scope global veth0valid_lft forever preferred_lft foreverinet6 fe80::d490:9dff:fe4e:9577/64 scope link valid_lft forever preferred_lft forever[root@localhost ~]# ip netns exec ns1 ip a 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 5: veth1@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000link/ether 9e:79:1e:8a:72:3d brd ff:ff:ff:ff:ff:ff link-netns ns0inet 192.168.2.2/24 scope global veth1valid_lft forever preferred_lft foreverinet6 fe80::9c79:1eff:fe8a:723d/64 scope link valid_lft forever preferred_lft forever

從上面可以看出，我們已經(jīng)成功啟用了這個veth pair，并為每個veth設(shè)備分配了對應(yīng)的ip地址。我們嘗試在ns1中訪問ns0中的ip地址：

[root@localhost ~]# ip netns exec ns1 ping 192.168.2.1 PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data. 64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.223 ms 64 bytes from 192.168.2.1: icmp_seq=2 ttl=64 time=0.106 ms

可以看到，veth pair成功實現(xiàn)了兩個不同Network Namespace之間的網(wǎng)絡(luò)交互。

veth設(shè)備重命名

重命名ns0中的veth0

[root@localhost ~]# ip netns exec ns0 ip link set veth0 down # 關(guān)閉veth0 [root@localhost ~]# ip netns exec ns0 ip link set dev veth0 name eth0 # 重命名veth0為eth0 [root@localhost ~]# ip netns exec ns0 ip link set eth0 up # 啟用eth0 [root@localhost ~]# ip netns exec ns0 ip a # 查看 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever 4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 # 重命名成功link/ether d6:90:9d:4e:95:77 brd ff:ff:ff:ff:ff:ff link-netns ns1inet 192.168.2.1/24 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::d490:9dff:fe4e:9577/64 scope link valid_lft forever preferred_lft forever

重命名ns1中的veth0

[root@localhost ~]# ip netns exec ns1 ip link set veth1 down #關(guān)閉veth1 [root@localhost ~]# ip netns exec ns1 ip link set dev veth1 name eth0 # 重命名veth1為eth0 [root@localhost ~]# ip netns exec ns1 ip link set eth0 up # 啟用eth0 [root@localhost ~]# ip netns exec ns1 ip a # 查看 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 5: eth0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 # 重命名成功link/ether 9e:79:1e:8a:72:3d brd ff:ff:ff:ff:ff:ff link-netns ns0inet 192.168.2.2/24 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::9c79:1eff:fe8a:723d/64 scope link valid_lft forever preferred_lft forever

四種網(wǎng)絡(luò)模式配置

bridge模式配置

[root@localhost ~]# docker pull busybox [root@localhost ~]# docker run -it --name b1 --rm busybox # --rm 刪除或停止容器后自動銷毀容器 / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever 6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever / # exit[root@localhost ~]# docker run -it --name b1 --network bridge --rm busybox / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever 8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever / # exit

在創(chuàng)建容器時添加–network bridge與不加–network選項效果是一致的默認的模式

none模式

[root@localhost ~]# docker run -it --name b2 --rm --network none busybox / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever / # exit

使用none模式，Docker容器擁有自己的Network Namespace，但是，并不為Docker容器進行任何網(wǎng)絡(luò)配置。也就是說，這個Docker容器沒有網(wǎng)卡、IP、路由等信息。需要我們自己為Docker容器添加網(wǎng)卡、配置IP等。

container模式

# 啟動第一個容器 [root@localhost ~]# docker run -it --name b3 --rm busybox / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever 12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever / # # 重新打開一個終端使用container模式與第一個容器相比較 [root@localhost ~]# docker run -it --name b4 --rm --network container:b3 busybox / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever 12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever / ## 在b3容器上創(chuàng)建一個目錄 / # ls bin dev etc home proc root sys tmp usr var / # mkdir QAQ / # ls QAQ bin dev etc home proc root sys tmp usr var# b4上查看 / # ls bin dev etc home proc root sys tmp usr var# 到b4容器上檢查會發(fā)現(xiàn)并沒有這個目錄，因為文件系統(tǒng)是處于隔離狀態(tài)，僅僅是共享了網(wǎng)絡(luò)而已。# 在b3上部署一個網(wǎng)站 / # echo "This is a pig." > QAQ/index.html / # httpd -h QAQ/ / # netstat -antl Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 :::80 :::* LISTE# 在b4上訪問 / # wget -qO - 172.17.0.2 This is a pig. / # # 由此可見，container模式下的容器間關(guān)系就相當(dāng)于一臺主機上的兩個不同進程

這個模式指定新創(chuàng)建的容器和已經(jīng)存在的一個容器共享一個 Network Namespace，而不是和宿主機共享。新創(chuàng)建的容器不會創(chuàng)建自己的網(wǎng)卡，配置自己的 IP，而是和一個指定的容器共享 IP、端口范圍等。同樣，兩個容器除了網(wǎng)絡(luò)方面，其他的如文件系統(tǒng)、進程列表等還是隔離的。兩個容器的進程可以通過 lo 網(wǎng)卡設(shè)備通信。

host模式

啟動容器時直接指明模式為host

[root@localhost ~]# docker run -it --name b5 --rm --network host busybox / # ip a # 容器 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel qlen 1000link/ether 00:0c:29:21:52:e8 brd ff:ff:ff:ff:ff:ffinet 192.168.220.17/24 brd 192.168.220.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::1792:21f6:7f28:5ffa/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue link/ether 02:42:a1:e4:66:9d brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft foreverinet6 fe80::42:a1ff:fee4:669d/64 scope link valid_lft forever preferred_lft forever[root@localhost ~]# ip a # 宿主機 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:21:52:e8 brd ff:ff:ff:ff:ff:ffinet 192.168.220.17/24 brd 192.168.220.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::1792:21f6:7f28:5ffa/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:a1:e4:66:9d brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft foreverinet6 fe80::42:a1ff:fee4:669d/64 scope link valid_lft forever preferred_lft forever # 此時我們在這個容器中啟動一個站點，我們就可以直接用宿主機的IP直接在瀏覽器中訪問這個容器中的站點了 # 容器部署一個網(wǎng)站 / # mkdir www / # echo "This is a cat." > www/index.html / # httpd -h www/# 宿主機訪問 [root@localhost ~]# curl 192.168.220.17 This is a cat.

啟動容器的時候使用host模式，那么這個容器將不會獲得一個獨立的Network Namespace，而是和宿主機共用一個Network Namespace。容器將不會虛擬出自己的網(wǎng)卡，配置自己的IP等，而是使用宿主機的IP和端口。但是，容器的其他方面，如文件系統(tǒng)、進程列表等還是和宿主機隔離的。

容器的常用操作

查看容器的主機名

[root@localhost ~]# docker run -it --name b6 --rm busybox / # hostname 322e0365483b

在容器啟動時注入主機名

[root@localhost ~]# docker run -it --name b7 --rm --hostname glfqdp busybox / # hostname glfqdp / # cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 glfqdp # 注入主機名時會自動創(chuàng)建主機名到IP的映射關(guān)系 / # cat /etc/resolv.conf # Generated by NetworkManager nameserver 114.114.114.114 # DNS也會自動配置為宿主機的DNS nameserver 8.8.8.8 / # ping baidu.com PING baidu.com (220.181.38.251): 56 data bytes 64 bytes from 220.181.38.251: seq=0 ttl=127 time=30.270 ms 64 bytes from 220.181.38.251: seq=1 ttl=127 time=30.020 ms / # exit

手動指定容器要使用的DNS

[root@localhost ~]# docker run -it --name b8 --rm --dns 8.8.8.8 --hostname glfqdp busybox / # cat /etc/resolv.conf nameserver 8.8.8.8 / # exit

手動往/etc/hosts文件中注入主機名到IP地址的映射

[root@localhost ~]# docker run -it --name b9 --rm --hostname lplp --add-host baidu.com:8.8.8.8 busybox / # cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 8.8.8.8 baidu.com 172.17.0.2 lplp / # exit

端口映射

執(zhí)行docker run的時候有個-p選項，可以將容器中的應(yīng)用端口映射到宿主機中，從而實現(xiàn)讓外部主機可以通過訪問宿主機的某端口來訪問容器內(nèi)應(yīng)用的目的。

-p選項能夠使用多次，其所能夠暴露的端口必須是容器確實在監(jiān)聽的端口。

-p選項的使用格式：

-p <containerPort>
- 將指定的容器端口映射至主機所有地址的一個動態(tài)端口

動態(tài)端口指的是隨機端口，具體的映射結(jié)果可使用docker port命令查看。

# 將容器內(nèi)nginx的80端口映射到宿主機的隨機端口 [root@localhost ~]# docker run -d --name web --rm -p 80 1225514226/nginx:v2.0 acaea4eab08b9937b06dfe93da3d86795ac859c29a60ee0edc8f120aaf9d29ab[root@localhost ~]# docker port web 80/tcp -> 0.0.0.0:49153 # ipv4 80/tcp -> :::49153 # ipv6

由此可見，容器的80端口被暴露到了宿主機的49153端口上，此時我們在宿主機上訪問一下這個端口看是否能訪問到容器內(nèi)的站點

[root@localhost ~]# curl 192.168.220.17:49153 welcome to nginx!

iptables防火墻規(guī)則將隨容器的創(chuàng)建自動生成，隨容器的暫停 / 刪除自動刪除規(guī)則。

-p <hostPort>:<containerPort>
- 將容器端口<containerPort>映射至指定的主機端口<hostPort>

將容器端口映射到宿主機的指定端口

[root@localhost ~]# docker run -itd --name web --rm -p 8080:80 1225514226/nginx:v2.0[root@localhost ~]# docker port web 80/tcp -> 0.0.0.0:8080 80/tcp -> :::8080# 宿主機訪問 [root@localhost ~]# curl 192.168.220.17:8080 welcome to nginx!

-p <ip>::<containerPort>
- 將指定的容器端口<containerPort>映射至主機指定<ip>的動態(tài)端口

將指定的容器端口映射到主機指定IP的隨機端口

[root@localhost ~]# docker run -itd --name web --rm -p 192.168.220.17::80 1225514226/nginx:v2.0 68d446f3c450ef707519dc92cc55adba837623eaa63062b49abc8af07c1e5b35[root@localhost ~]# docker port web 80/tcp -> 192.168.220.17:49153# 宿主機訪問 [root@localhost ~]# curl 192.168.220.17:49153 welcome to nginx!

-p <ip>:<hostPort>:<containerPort>
- 將指定的容器端口<containerPort>映射至主機指定<ip>的端口<hostPort>

將指定的容器端口映射到指定主機IP的指定端口

[root@localhost ~]# docker run -itd --name web --rm -p 192.168.220.17:9999:80 1225514226/nginx:v2.0 1deff8a4a3f28a3ed2661907edd9f64c4878373e44260698cb60875e860010df[root@localhost ~]# docker port web 80/tcp -> 192.168.220.17:9999# 宿主機訪問 [root@localhost ~]# curl 192.168.220.17:9999 welcom to nginx!

-P(大寫)將所有容器內(nèi)暴露的端口發(fā)布到宿主機的隨機端口

自定義docker0橋的網(wǎng)絡(luò)屬性信息

官方文檔相關(guān)配置

自定義docker0橋的網(wǎng)絡(luò)屬性信息需要修改/etc/docker/daemon.json配置文件

[root@localhost ~]# cat /etc/docker/daemon.json {"registry-mirrors": ["https://wn5c7d7w.mirror.aliyuncs.com"],"bip": "192.168.2.1/24" # 改變宿主機的docker0網(wǎng)卡IP }[root@localhost ~]# systemctl restart docker[root@localhost ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:21:52:e8 brd ff:ff:ff:ff:ff:ffinet 192.168.220.17/24 brd 192.168.220.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::1792:21f6:7f28:5ffa/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:a1:e4:66:9d brd ff:ff:ff:ff:ff:ffinet 192.168.2.1/24 brd 192.168.2.255 scope global docker0valid_lft forever preferred_lft foreverinet6 fe80::42:a1ff:fee4:669d/64 scope link valid_lft forever preferred_lft forever

docker0 ip未改變之前默認是172.17.0.1/16，核心選項為bip，即bridge ip之意，用于指定docker0橋自身的IP地址；其它選項可通過此地址計算得出。

創(chuàng)建一個容器進去查看IP

[root@localhost ~]# docker run -itd --name web --rm 1225514226/nginx:v2.0 94b02bec9a8e03d8c73f19282f5954ba70c53130fd5a8d4c8af3bf3fe9ff8fdd[root@localhost ~]# docker exec -it web /bin/bash [root@94b02bec9a8e /]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever 46: eth0@if47: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:c0:a8:02:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet 192.168.2.2/24 brd 192.168.2.255 scope global eth0 # 默認IP也變成192...valid_lft forever preferred_lft forever

docker創(chuàng)建自定義橋

創(chuàng)建一個額外的自定義橋，區(qū)別于docker0

[root@localhost ~]# docker network create -d bridge --subnet "172.17.2.0/24" --gateway "172.17.2.1" br0 f96a9671bfa582b925305f8890c7fadf4b54cda6410cd238786dc7b0574700a5[root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE f96a9671bfa5 br0 bridge local 788ac3e94c5a bridge bridge local cd5368439dc0 host host local c49a1db81682 none null local

使用新創(chuàng)建的自定義橋來創(chuàng)建容器：

[root@localhost ~]# docker run -itd --name web01 --rm --network br0 1225514226/nginx:v2.0 a98412139dc85eae51f6994737f24c56b2be3dac7211d7734fc099e8031904a4[root@localhost ~]# docker exec -it web01 /bin/bash [root@a98412139dc8 /]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever 49: eth0@if50: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:02:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet 172.17.2.2/24 brd 172.17.2.255 scope global eth0valid_lft forever preferred_lft forever

再創(chuàng)建一個容器，使用默認的bridge橋：

[root@localhost ~]# docker run -itd --name web02 --rm 1225514226/nginx:v2.0 65d36dd328f7f522c3808917d2289ea84e69e9faa404ae7bc523138b4ff1292e[root@localhost ~]# docker exec -it web02 /bin/bash [root@65d36dd328f7 /]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever 51: eth0@if52: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:c0:a8:02:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet 192.168.2.2/24 brd 192.168.2.255 scope global eth0valid_lft forever preferred_lft forever

試想一下，此時的b2與b1能否互相通信？如果不能該如何實現(xiàn)通信？

# 運行兩個容器在不同網(wǎng)段 [root@localhost ~]# docker run -itd --name c1 --rm --network br0 1225514226/nginx:v2.0 b3b6e6dc9e2b486519acc5fd53ed4e911493715a097ebfddb53a509be12a6c80 [root@localhost ~]# docker run -itd --name c2 --rm 1225514226/nginx:v2.0 0ed765ee0e78132eac679b0da613cccf7196240ba5cde093b47593666fbadad7 [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0ed765ee0e78 1225514226/nginx:v2.0 "/usr/local/nginx/sb…" 4 seconds ago Up 3 seconds c2 b3b6e6dc9e2b 1225514226/nginx:v2.0 "/usr/local/nginx/sb…" 14 seconds ago Up 12 seconds c1[root@localhost ~]# docker exec -it c1 /bin/bash [root@b3b6e6dc9e2b /]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever 57: eth0@if58: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:02:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet 172.17.2.2/24 brd 172.17.2.255 scope global eth0 # 172網(wǎng)段valid_lft forever preferred_lft forever [root@b3b6e6dc9e2b /]#[root@localhost ~]# docker exec -it c2 /bin/bash [root@0ed765ee0e78 /]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever 59: eth0@if60: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:c0:a8:02:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet 192.168.2.2/24 brd 192.168.2.255 scope global eth0 # 192網(wǎng)段valid_lft forever preferred_lft forever

將br0網(wǎng)絡(luò) (C1) 連接到c2(一個容器運行兩個橋)

[root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0ed765ee0e78 1225514226/nginx:v2.0 "/usr/local/nginx/sb…" 6 minutes ago Up 6 minutes c2 b3b6e6dc9e2b 1225514226/nginx:v2.0 "/usr/local/nginx/sb…" 6 minutes ago Up 6 minutes c1[root@localhost ~]# docker network connect br0 0ed765ee0e78(C2容器ID)# 查看c2 [root@0ed765ee0e78 /]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever 59: eth0@if60: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:c0:a8:02:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet 192.168.2.2/24 brd 192.168.2.255 scope global eth0valid_lft forever preferred_lft forever 61: eth1@if62: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:02:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet 172.17.2.3/24 brd 172.17.2.255 scope global eth1valid_lft forever preferred_lft forever # 添加了c1的網(wǎng)段 [root@0ed765ee0e78 /]# ping 172.17.2.2 # ping c1容器的地址 PING 172.17.2.2 (172.17.2.2) 56(84) bytes of data. 64 bytes from 172.17.2.2: icmp_seq=1 ttl=64 time=0.112 ms 64 bytes from 172.17.2.2: icmp_seq=2 ttl=64 time=1.21 ms

總結(jié)

以上是生活随笔為你收集整理的docker网络的配置的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。

上一篇： 7.2版升7.5+php7,帝国CMS7
下一篇：点9图片的用法