Linux 网络命名空间:
NetWork NameSpace:
>> sudo docker run -d --name test1 busybox /bin/sh -c "while true;do sleep 3600;done"
>> sudo docker run -d --name test2 busybox /bin/sh -c "while true;do sleep 3600;done"
>> sudo docker exec -it 1fab23042ea5 /bin/sh
>> ip a # 会显示当前容器所有的网路接口
>> exit
>> ip a # 比较会发现容器的 ip a 和 centos主机的ip a 是不一样的
>> sudo ip netns list # 查询本机的network namespace
>> sudo ip netns delete test1 # 删除network namespace
>> sudo ip netns add test1 # 创建一个test1的network namespace
>> sudo ip netns add test2
>> sudo ip netns exec test1 ip a # 表明要在test1这个network namespace中执行ip a 这个命令
>> ip link
>> sudo ip netns exec test1 ip link
>> sduo ip netns exec test1 ip link set dev lo up
>> sudo ip link add veth-test1 type veth peer name veth-test2 # 添加一对儿ip link veth-test1,veth-test2
>> ip link # 发现veth-test1 ,veth-test2都被添加到本机的ip link中了
>> sudo ip link set veth-test1 netns test1 # 将veth-test1这个接口添加到namespace test1中
>> sudo ip netns exec test1 ip a # veth-test1 中已经添加到namespace test2中
>> ip link # 发现本机中的veth-test1没有了
>> sudo ip link set veth-test2 netns test2
>> sudo ip netns exec test2 ip a # 发现veth-test2已经添加到namespace test2中, 但是他们还都没有ip地址
>> sudo ip netns exec test1 ip addr add 192.168.1.1/24 dev veth-test1
>> sudo ip netns exec test2 ip addr add 192.168.1.2/24 dev veth-test2 # 给这两个端口个分配ip地址
>> sudo ip netns exec test1 ip a
>> sudo ip netns exec test1 ip link set dev veth-test1 up
>> sudo ip netns exec test2 ip link set dev veth-test2 up # 将这两个端口up起来
>> sudo ip netns exec test1 ping 192.168.1.2 # 通了
Docker Brige0:
>> sudo docker exec -it test1 ip a
>> sudo docker exec -it test2 ip a
>> sudo docker exec -it test1 /bin/sh
# ping 172.17.0.3 # ping test2 的ip 是可以ping 通的
# ping www.baidu.com #发现这个也可以ping通,原因是什么呢?
>> sudo docker stop test2
>> sudo docker rm test2
>> sudo docker network ls # 他会列举出当前在这台机器上docker有哪些网络
NETWORK ID NAME DRIVER SCOPE
a7385271731e bridge bridge local
098bdba36fe5 host host local
c310846a3332 none null local
>> sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1fab23042ea5 busybox "/bin/sh -c 'while t…" About an hour ago Up About an hour test1
>> sudo docker network inspect a7385271731e bridge
# 查看其中的containers
"Containers": {
"1fab23042ea50263a3d4a5c194eeed9c55d04c9ca0c48abb0d6acd86ae9fa701": {
"Name": "test1",
"EndpointID": "7f2fb62e8690e1afb3ac4cd37a30983c3b8c53c986be07311e8c25c4bf6a8f4b",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
# 说明test1连接到了bridge这个网络上面
>> sudo yum install -y bridge-utils
>> brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02424b527917 no veth8b1854d
>> ip a
# 发现我们docker0连接到了本机的veth8b1854d这个接口上
>> sudo docker run -d --name test2 busybox /bin/sh -c "while true;do sleep 3600;done"
>> sudo docker network inspect a7385271731e bridge
# 发现containers中多了一个test2
>> ip a # 发现有多了一个veth*
>> brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02424b527917 no veth8b1854d
veth9c1f6fd
如下图:
Internet
|
| 172.7.0.3 172.17.0.2
| container test2----- -------- container test1
| | |
| | |
| NAT ---|---docker0---|----
| | 172.17.0.1 |
| | |
| eth0 eth1
| |
------------------|
说明:
test2,test1各自通过一对儿veth和docker0相互连接,所以他们之间是
可以通信的
docker0 通过一个NAT实现了与外网的连接
容器之间的Link:
>> sudo docker stop test2
>> sudo docker rm test2
>> sudo docker run -d --name test2 --link test1 busybox /bin/sh -c "while true;do sleep 3600;done" # 添加一个--link test1
>> sudo docker exec -it test2 /bin/sh
# ip a
# ping 172.17.0.3
# ping test1 # 发现ping test1这个名字也可以, 这就是--link test1 的作用,此时我们就不需要知道test1的这个具体的ip地址,只通过他的名字就可以联通了
# exit
>>sudo docker stop test2
>>sudo docker rm test2
>>sudo docker run -d --name test2 busybox /bin/sh -c "while true;do sleep 3600;done"
>>sudo docker network ls
>>sudo docker network create -d bridge my-bridge # 创建一个bridge
>>sudo docker network ls
>>brctl show
>>sudo docker run -d --name test3 --network my-bridge busybox /bin/sh -c "while true;do sleep 3600;done" # --network 指定要连接的网络,当不指定是默认连接bridge
>> brctl show
>> sudo docker network inspect my-bridge
# 可以看到test3连接到了我们的my-bridge上面
"Containers": {
"ed6cf23eda3e9a9e21d9ac37612fdc483862e6548be41ee3ea286349d26e1f1c": {
"Name": "test3",
"EndpointID": "5445cacc5d68c61055b05141fe46562dfebdaf5d5a32bc5ea84e048ef694b699",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
},
>> sudo docker network connect my-bridge test2 # 将test2连接到my-bridge上
>> sudo docker network inspect my-bridge
# 可以看到test2,test1都连接到了my-bridge这个网络上面
"Containers": {
"a85d4d20d38addeceb05ec576355c34020037d86d9bdff6f7df6502754c0a1c7": {
"Name": "test2",
"EndpointID": "224981814dc4e38dd659ae7bd4361cc67e3549ffc10fa998b21bae324d3da62f",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
},
"ed6cf23eda3e9a9e21d9ac37612fdc483862e6548be41ee3ea286349d26e1f1c": {
"Name": "test3",
"EndpointID": "5445cacc5d68c61055b05141fe46562dfebdaf5d5a32bc5ea84e048ef694b699",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
},
>> sudo docker network inspect my-bridge
# 发现此时test2既连接到了bridge上面也连接到了my-bridge上面
"Containers": {
"a85d4d20d38addeceb05ec576355c34020037d86d9bdff6f7df6502754c0a1c7": {
"Name": "test2",
"EndpointID": "224981814dc4e38dd659ae7bd4361cc67e3549ffc10fa998b21bae324d3da62f",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
},
"ed6cf23eda3e9a9e21d9ac37612fdc483862e6548be41ee3ea286349d26e1f1c": {
"Name": "test3",
"EndpointID": "5445cacc5d68c61055b05141fe46562dfebdaf5d5a32bc5ea84e048ef694b699",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
},
>> sudo docker exec -it test3 /bin/sh
# ping 172.18.0.3 # 通了
# ping test2 # 也通了,是因为test2,test3都连接到了用户自己创建的my-bridge上面,此时他们两个默认都已经link好了
容器的端口映射:
>> sudo docker run -d --name web nginx # 默认端口为80
>> sudo docker exec -it web /bin/bash
# ps -ef|grep nginx
# curl
# exit
>> sudo docker network inspect bridge
>> telnet
~ telnet 172.17.0.2 80 # PONE
>> curl http://172.17.0.2
>> curl 127.0.0.1 # 被拒绝
# 如何让他对外可以访问,可以使用portmap,端口映射
>> sudo docker stop web
>> sudo docker rm web
>> sudo docker run -d -p 80:80 --name web nginx # 将80端口映射到本地的80
>> sudo docker ps
>> curl 127.0.0.1 # 连接成功
# 端口映射
Container Port Map
如图:
Linux虚拟机
------------------- 笔记本
| |
| Container Nginx |
| |
| 172.17.0.2:80 |
------------------
|
|-----|
|
192.168.205.10:80 docker0
eht1-------------------------|
|
|
本地网卡127.0.0.1:8888
容器网络之host和none:
>> sudo docker network ls
>> sudo docker run -d --name test1 --network none busybox /bin/sh -c "while true;do sleep 3600;done" #将network连接到none
>> sudo docker network inspect none
"Containers": {
"ff80b3fbd26a84e0db8bf18f768969e71d1ad7777218c319d0da125d7116e90f": {
"Name": "test7",
"EndpointID": "ce7d16cf5d70d0332737cab580206e7b0eb44f9b9d2a18d8906eefdec687da8b",
"MacAddress": "",
"IPv4Address": "",
"IPv6Address": ""
}
},
>>sudo docker exec -it test1 /bin/sh
# ip a # 发现他除了lo之外没有其他接口说明他是孤立的network namespace
>>sudo docker stop test1
>>sudo docker rm test1
>> sudo docker run -d --name test1 --network host busybox /bin/sh -c "while true;do sleep 3600;done" # 将network指定到host
>> sudo docker network inpsect host
>> sudo docker exec -it test1 /bin/sh
# ip a # 发现test1中发现的接口和linux主机的接口一致
# 说明通过host network namespace创建的test1没有自己独立的network,他和主机共享一套网络
多容器复杂应用部署:
flask-redis ------> 单独一个容器
redis-server ------> 单独一个容器
>> sudo systemctl start docker
>> sudo docker run -d --name redis redis # 没有指定端口映射是因为他不是给外部的人访问的
>> sudo docker build -t wgw/flask-redis .
>> sudo docker run -d --link redis --name flask-redis -e REDIS_HOST=redis wgw/flask-redis
>> sudo docker exec -it flask-redis /bin/bash
# env
# ping redis
# curl 127.0.0.1:5000
# exit
>> sudo docker ps
>> sudo docker run -d --name test1 -e PENG="wgwtest" busybox /bin/sh -c "while true;do sleep 3600;done" # 设置环境变量 -e PENG="wgwtest"
>> sudo docker exec -it test1 /bin/sh
# env
>> sudo docker run -d --name test2 -e PENG="wgwtest2" busybox /bin/sh -c "while true;do sleep 3600;done"
>> sudo docker exec -it test2 /bin/sh
多机器通信:
dk overlay网络和etcd实现多机容通信:
https://github.com/phantom0925/docker-/blob/master/multi-host-network.md