一、内核网络名称空间
1、可通过ip netns进行操作
[root@localhost /]# ip netns help
Usage: ip netns list
ip netns add NAME
ip netns set NAME NETNSID
ip [-all] netns delete [NAME]
ip netns identify [PID]
ip netns pids NAME
ip [-all] netns exec [NAME] cmd ...
ip netns monitor
ip netns list-id
2、启动各种网络类型的容器
a、启动一个网络类型为bridge的容器并且在退出后自动删除(即能够对外通信的容器)。
[root@localhost ~]# docker run --name t1 -it --network bridge --rm busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:04
inet addr:172.17.0.4 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:508 (508.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
b、启动一个网络类型为none的容器并且在退出后自动删除(即封闭式容器)
[root@localhost ~]# docker run --name t1 -it --network none --rm busybox:latest
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # exit
c、容器默认的主机名就是其id,也可以在启动的时候给上主机名
[root@localhost ~]# docker run --name t1 -it --network bridge -h wohaoshuai --rm busybox:latest
/ # hostname
wohaoshuai
d、容器默认的dns是宿主机的dns,可以在启动的时候给上其dns
[root@localhost ~]# docker run --name t1 -it --network bridge -h wohaoshuai --dns 114.114.114.114 --rm busybox:latest
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.4 wohaoshuai
/ # cat /etc/resolv.conf
nameserver 114.114.114.114
e、可以给主机添加主机解析记录
[root@localhost ~]# docker run --name t1 -it --network bridge -h wohaoshuai --dns 114.114.114.114 --add-host www.wohaoshuai.com:192.168.11.11 --rm busybox:latest
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.11.11 www.wohaoshuai.com
172.17.0.4 wohaoshuai
3、端口映射 -p
a、将指定的容器端口映射至主机所有地址的一个动态端口
[root@localhost ~]# docker run -it -p 80 --rm --name webtest1 httpd
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
[Sat Apr 13 10:59:16.001251 2019] [mpm_event:notice] [pid 1:tid 140311487656000] AH00489: Apache/2.4.39 (Unix) configured -- resuming normal operations
[Sat Apr 13 10:59:16.001475 2019] [core:notice] [pid 1:tid 140311487656000] AH00094: Command line: 'httpd -D FOREGROUND'
192.168.10.1 - - [13/Apr/2019:10:59:57 +0000] "GET / HTTP/1.1" 200 45
192.168.10.1 - - [13/Apr/2019:10:59:57 +0000] "GET /favicon.ico HTTP/1.1" 404 209
另开一个shell查看:
[root@localhost ~]# docker port webtest1
80/tcp -> 0.0.0.0:32768
b、将容器端口映射至指定的主机端口
[root@localhost ~]# docker run -it --rm -p 80:80 --name webtest1 httpd
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
[Sat Apr 13 11:05:43.973155 2019] [mpm_event:notice] [pid 1:tid 140421815427136] AH00489: Apache/2.4.39 (Unix) configured -- resuming normal operations
[Sat Apr 13 11:05:43.973377 2019] [core:notice] [pid 1:tid 140421815427136] AH00094: Command line: 'httpd -D FOREGROUND'
另起一个shell查看:
[root@localhost ~]# docker port webtest1
80/tcp -> 0.0.0.0:80
c、将指定的容器端口映射至主机指定ip的动态端口
[root@localhost ~]# docker run -it --rm -p 192.168.10.46::80 --name webtest1 httpd
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
[Sat Apr 13 11:10:08.815379 2019] [mpm_event:notice] [pid 1:tid 140160940060736] AH00489: Apache/2.4.39 (Unix) configured -- resuming normal operations
[Sat Apr 13 11:10:08.815558 2019] [core:notice] [pid 1:tid 140160940060736] AH00094: Command line: 'httpd -D FOREGROUND'
另开一个shell查看:
[root@localhost ~]# docker port webtest1
80/tcp -> 192.168.10.46:32769
d、将指定的容器端口映射至主机指定的ip 的端口
[root@localhost ~]# docker run -it --rm -p 192.168.10.46:80:80 --name webtest1 httpd
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
[Sat Apr 13 11:11:47.699843 2019] [mpm_event:notice] [pid 1:tid 139789685690432] AH00489: Apache/2.4.39 (Unix) configured -- resuming normal operations
[Sat Apr 13 11:11:47.699977 2019] [core:notice] [pid 1:tid 139789685690432] AH00094: Command line: 'httpd -D FOREGROUND'
192.168.10.1 - - [13/Apr/2019:11:11:55 +0000] "GET / HTTP/1.1" 200 45
192.168.10.1 - - [13/Apr/2019:11:11:56 +0000] "GET /favicon.ico HTTP/1.1" 404 209
[root@localhost ~]# docker port webtest1
80/tcp -> 192.168.10.46:80
4、暴露容器所有端口到宿主机 -P
5、启动联盟式容器
a、启动容器1
[root@localhost ~]# docker run -it --name b1 --rm busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:04
inet addr:172.17.0.4 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:578 (578.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
b、启动容器2共享容器1的网络名称空间(但是文件系统不是共享的)
[root@localhost ~]# docker run -it --name b2 --network container:b1 --rm busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:04
inet addr:172.17.0.4 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
c、在容器1上启动一个httpd服务
/ # mkdir /tmp/httptest
/ # echo "http test" >> /tmp/httptest/index.html
/ # httpd -h /tmp/httptest/
/ # netstat -anpt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::80 :::* LISTEN 9/httpd
tcp 0 0 ::ffff:127.0.0.1:80 ::ffff:127.0.0.1:33282 TIME_WAIT -
d、在容器2上查看
/ # wget -O - -q 127.0.0.1
http test
/ # netstat -anpt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::80 :::* LISTEN -
6、共享主机网络空间
a、启动容器2,共享主机网络空间
[root@localhost ~]# docker run -it --name b2 --network host --rm busybox
/ # ifconfig
docker0 Link encap:Ethernet HWaddr 02:42:07:6B:46:88
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:7ff:fe6b:4688/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31 errors:0 dropped:0 overruns:0 frame:0
TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3044 (2.9 KiB) TX bytes:4258 (4.1 KiB)
ens33 Link encap:Ethernet HWaddr 00:0C:29:A7:CE:04
inet addr:192.168.10.46 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::2b2a:bd85:8d15:14c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:45436 errors:0 dropped:0 overruns:0 frame:0
TX packets:11563 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:54165413 (51.6 MiB) TX bytes:1167461 (1.1 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:48 errors:0 dropped:0 overruns:0 frame:0
TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5280 (5.1 KiB) TX bytes:5280 (5.1 KiB)
veth24abfad Link encap:Ethernet HWaddr 82:21:2D:BA:ED:63
inet6 addr: fe80::8021:2dff:feba:ed63/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:1576 (1.5 KiB)
veth34dd4fe Link encap:Ethernet HWaddr EA:F1:6D:7E:EB:23
inet6 addr: fe80::e8f1:6dff:fe7e:eb23/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:648 (648.0 B)
vetha7c5640 Link encap:Ethernet HWaddr CE:76:19:9D:AE:0E
inet6 addr: fe80::cc76:19ff:fe9d:ae0e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:1744 (1.7 KiB)
b、在容器中启动http服务,在宿主机中也可访问
/ # echo "hello wohaoshuai" > /tmp/index.html
/ # httpd -h /tmp/
/ #
/ #
/ #
/ # netstat -anpt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 192.168.10.46:22 192.168.10.1:50937 ESTABLISHED -
tcp 0 52 192.168.10.46:22 192.168.10.1:51766 ESTABLISHED -
tcp 0 0 :::111 :::* LISTEN -
tcp 0 0 :::80 :::* LISTEN 8/httpd
tcp 0 0 :::22 :::* LISTEN -
tcp 0 0 ::1:25 :::* LISTEN -
二、修改docker 默认项
1、自定义docker网络属性
[root@localhost ~]# more /etc/docker/daemon.json
{
"registry-mirrors": ["https://guxaj7v7.mirror.aliyuncs.com","https://registry.docker-cn.com"],
"bip": "10.0.0.1/16"
}
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a7:ce:04 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.46/24 brd 192.168.10.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::2b2a:bd85:8d15:14c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:07:6b:46:88 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/16 brd 10.0.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:7ff:fe6b:4688/64 scope link
valid_lft forever preferred_lft forever
2、修改docker 监听方式
a、方式1
b、方式2:不同版本docker修改方式不一样,另一种修改方式如下:
vim /usr/lib/systemd/system/docker.service
在[service]下加如下参数
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
重启docker 服务
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
[root@localhost ~]# netstat -anpt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 686/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1066/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1291/master
tcp 0 0 192.168.10.46:22 192.168.10.1:50937 ESTABLISHED 1237/sshd: root@pts
tcp 0 0 192.168.10.46:22 192.168.10.1:51766 ESTABLISHED 3646/sshd: root@pts
tcp6 0 0 :::2375 :::* LISTEN 10670/dockerd
tcp6 0 0 :::111 :::* LISTEN 686/rpcbind
tcp6 0 0 :::22 :::* LISTEN 1066/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1291/master
[root@localhost ~]# ls /var/run/
abrt cron.reboot docker.sock lock mod_fcgid rpcbind.lock syslogd.pid utmp
atd.pid dbus ebtables.lock log mount rpcbind.sock systemd vmware
auditd.pid dmeventd-client faillock lsm netreport sepermit tmpfiles.d xtables.lock
console dmeventd-server firewalld lvm NetworkManager setrans tuned
containerd docker httpd lvmetad.pid plymouth sshd.pid udev
crond.pid docker.pid initramfs mdadm rpcbind sudo user
c、访问
[root@localhost ~]# docker -H 192.168.10.46 ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker -H 192.168.10.46 images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest d4a07e6ce470 10 days ago 132MB
busybox latest af2f74c517aa 10 days ago 1.2MB
centos latest 9f38484d220f 4 weeks ago 202MB
三、不同网络之间容器互相访问
1、创建网络
[root@localhost ~]# docker network create -d bridge --subnet "172.16.0.0/16" --gateway "172.16.0.1" mybr0
fceba8db97014f8f762b48cced3399ecb539b4510f68181df992997d67ae1307
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
0479ba9d5a7c bridge bridge local
1f98da302a92 host host local
fceba8db9701 mybr0 bridge local
bdb9eff6069c none null local
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a7:ce:04 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.46/24 brd 192.168.10.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::2b2a:bd85:8d15:14c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:07:6b:46:88 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/16 brd 10.0.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:7ff:fe6b:4688/64 scope link
valid_lft forever preferred_lft forever
84: br-fceba8db9701: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:7d:27:e3:a0 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.1/16 brd 172.16.255.255 scope global br-fceba8db9701
valid_lft forever preferred_lft forever
2、创建容器1并加入到刚刚创建的网络中
[root@localhost ~]# docker run --name t1 -it --network mybr0 busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:10:00:02
inet addr:172.16.0.2 Bcast:172.16.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1296 (1.2 KiB) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
3、创建容器2并加入bridge网络
[root@localhost ~]# docker run --name t2 -it --network bridge busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:02
inet addr:10.0.0.2 Bcast:10.0.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:508 (508.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
4、要想容器1能够访问到容器2则需要在宿主机上开启nat转发
a、查看是否开启转发
[root@localhost ~]# cat /proc/sys/net/ipv4/ip_forward
1
b、在iptables上将相应规则打开即可,因为iptables默认是阻止两个不同网络容器之间进行通信的。
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
