2022.08.09-docker容器网络配置-左冕
生活随笔
收集整理的這篇文章主要介紹了
2022.08.09-docker容器网络配置-左冕
小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
docker容器網(wǎng)絡(luò)配置
Linux內(nèi)核實(shí)訓(xùn)名稱(chēng)空間的創(chuàng)建
ip netns命令
可以使用 ip netns 命令來(lái)完成對(duì) Network Namespace 的各種操作。ipnetns 命令來(lái)自于 iproute,一般系統(tǒng)會(huì)默認(rèn),如果沒(méi)有的話,請(qǐng)自行安裝安裝。
注意:ip netns命令修改網(wǎng)絡(luò)配置時(shí)需要sudo權(quán)限。
可以通過(guò) ip netns 命令完成對(duì) Network Namespace 的相關(guān)操作,可以通過(guò) ip netns help 查看命令幫助信息:
[root@localhost ~]# ip netns help Usage: ip netns listip netns add NAMEip netns attach NAME PIDip netns set NAME NETNSIDip [-all] netns delete [NAME]ip netns identify [PID]ip netns pids NAMEip [-all] netns exec [NAME] cmd ...ip netns monitorip netns list-id [target-nsid POSITIVE-INT] [nsid POSITIVE-INT] NETNSID := auto | POSITIVE-INT在這種情況下,Linux 系統(tǒng)中是沒(méi)有任何網(wǎng)絡(luò)命名空間的,所以 ip netns list 命令不會(huì)默認(rèn)返回任何信息。
創(chuàng)建網(wǎng)絡(luò)命名空間
通過(guò)命令創(chuàng)建一個(gè)名為ns0的命名空間:
[root@localhost ~]# ip netns list [root@localhost ~]# ip netns add nn0 [root@localhost ~]# ip netns list nn0 nn0新創(chuàng)建的網(wǎng)絡(luò)命名空間會(huì)出現(xiàn)在/var/run/netns/下。如果名字相同的命名空間已經(jīng)存在,命令報(bào)Cannot create namespace file “/var/run/netns/ns0”: File exists的錯(cuò)誤。
[root@localhost ~]# ls /var/run/netns nn0 [root@localhost ~]# ip netns add nn0 Cannot create namespace file "/var/run/netns/nn0": File exists對(duì)于每個(gè) Network Namespace 而言,它都有自己獨(dú)立的網(wǎng)卡、路由表、ARP 表、iptables 等和網(wǎng)絡(luò)相關(guān)的資源。
網(wǎng)絡(luò)操作網(wǎng)絡(luò)命名空間
ip命令提供了ip netns exec子命令可以在網(wǎng)絡(luò)命名空間中執(zhí)行命令。
查看新創(chuàng)建 Network Namespace 的網(wǎng)卡信息
[root@localhost ~]# ip netns exec nn0 ip a 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00可以看到,創(chuàng)建命名空間中會(huì)默認(rèn)創(chuàng)建一個(gè)卡,此時(shí)網(wǎng)卡環(huán)回網(wǎng)訪問(wèn)網(wǎng)卡環(huán)網(wǎng)關(guān)閉狀態(tài)。此時(shí),新嘗試會(huì)提示網(wǎng)絡(luò)無(wú)法訪問(wèn)
[root@localhost ~]# ip netns exec nn0 ping 127.0.0.1 connect: Network is unreachable通過(guò)下面的命令啟用lo回環(huán)網(wǎng)卡:
[root@localhost ~]# ip netns exec nn0 ip link set lo up [root@localhost ~]# ip netns exec nn0 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever [root@localhost ~]# ip netns exec nn0 ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.066 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.074 ms 64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.038 ms 64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.042 ms 64 bytes from 127.0.0.1: icmp_seq=5 ttl=64 time=0.037 ms 64 bytes from 127.0.0.1: icmp_seq=6 ttl=64 time=0.044 ms 64 bytes from 127.0.0.1: icmp_seq=7 ttl=64 time=0.036 ms 64 bytes from 127.0.0.1: icmp_seq=8 ttl=64 time=0.035 ms 64 bytes from 127.0.0.1: icmp_seq=9 ttl=64 time=0.039 ms ^C --- 127.0.0.1 ping statistics --- 9 packets transmitted, 9 received, 0% packet loss, time 8184ms rtt min/avg/max/mdev = 0.035/0.045/0.074/0.015 ms轉(zhuǎn)移設(shè)備
我們可以在不同的網(wǎng)絡(luò)命名空間之間轉(zhuǎn)移設(shè)備(如veth)。由于一個(gè)設(shè)備只能屬于一個(gè)網(wǎng)絡(luò)命名空間,所以之后在這個(gè)網(wǎng)絡(luò)命名空間內(nèi)就看不到這個(gè)設(shè)備了。
其中,veth設(shè)備屬于可轉(zhuǎn)移設(shè)備,而很多其他設(shè)備(如lo、vxlan、ppp、bridge等)是不可以轉(zhuǎn)移的。
veth 對(duì)
veth pair是Virtual Ethernet Pair,是一個(gè)成對(duì)的所有端口,所有從這對(duì)一個(gè)端口進(jìn)入的數(shù)據(jù)包都指向另一端,另一端出來(lái)的另一端的數(shù)據(jù)包都直接呼叫另一個(gè)端口
。 ,利用它可以直接將兩個(gè) Network Namespace 連接起來(lái)。
創(chuàng)建第 veth 對(duì)
[root@localhost ~]# ip link add type veth [root@localhost ~]# ip a 5: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000link/ether 9a:4a:a7:db:34:20 brd ff:ff:ff:ff:ff:ff 6: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000link/ether 02:30:3e:4e:30:b4 brd ff:ff:ff:ff:ff:ff看到,此時(shí)系統(tǒng)中新增了兩個(gè) veth pair,將 veth0 和 veth1 兩個(gè)虛擬機(jī)連接起來(lái),此時(shí) veth pair 可以對(duì)“未啟用”狀態(tài)。
Network Namespace間通信實(shí)現(xiàn)
下面利用第 veth 對(duì)的兩個(gè)不同的 Network Namespace 之間的通信。剛才我們已經(jīng)實(shí)現(xiàn)了一個(gè)名為我們 ns0 的 Network Namespace,下面再創(chuàng)建一個(gè)信息 Network Namespace,命名為 ns1
[root@localhost ~]# ip netns add ns1 [root@localhost ~]# ip netns list ns1 nn0然后我們將 veth0 加入到 ns0,將 veth1 加入到 ns1
[root@localhost ~]# ip link set veth0 netns nn0 [root@localhost ~]# ip link set veth1 netns ns1然后我們分別為這對(duì)配置上的ip地址,并啟用了它們
[root@localhost ~]# ip netns exec ns0 ip link set veth0 up [root@localhost ~]# ip netns exec ns0 ip addr add 10.0.0.1/24 dev veth0 [root@localhost ~]# ip netns exec ns1 ip link set lo up [root@localhost ~]# ip netns exec ns1 ip link set veth1 up [root@localhost ~]# ip netns exec ns1 ip addr add 10.0.0.2/24 dev veth1查看這對(duì)veth對(duì)的狀態(tài)
[root@localhost ~]# ip netns exec ns0 ip a 5: veth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000link/ether 72:bf:69:5a:d3:65 brd ff:ff:ff:ff:ff:ff link-netns ns1inet 10.0.0.1/24 scope global veth0valid_lft forever preferred_lft foreverinet6 fe80::70bf:69ff:fe5a:d365/64 scope link valid_lft forever preferred_lft forever [root@localhost ~]# ip netns exec ns1 ip a 6: veth1@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000link/ether ae:b1:b8:29:e2:96 brd ff:ff:ff:ff:ff:ff link-netns ns0inet 10.0.0.2/24 scope global veth1valid_lft forever preferred_lft foreverinet6 fe80::acb1:b8ff:fe29:e296/64 scope link valid_lft forever preferred_lft forever從上面可以,我們已經(jīng)成功啟用了這個(gè) veth 對(duì),并為每個(gè) veth 設(shè)備配置了 IP 地址。我們嘗試在 ns1 中訪問(wèn) ns0 中的 ip 地址:
[root@localhost ~]# ip netns exec ns1 ping 10.0.0.1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=20.8 ms 64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=105 ms 64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.043 ms 64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=0.062 ms 64 bytes from 10.0.0.1: icmp_seq=5 ttl=64 time=0.053 ms ^X64 bytes from 10.0.0.1: icmp_seq=6 ttl=64 time=0.051 ms 64 bytes from 10.0.0.1: icmp_seq=7 ttl=64 time=0.053 ms 64 bytes from 10.0.0.1: icmp_seq=8 ttl=64 time=0.050 ms ^C --- 10.0.0.1 ping statistics --- 8 packets transmitted, 8 received, 0% packet loss, time 7120ms rtt min/avg/max/mdev = 0.043/15.742/104.790/34.337 msveth設(shè)備重命名
[root@localhost ~]# [root@localhost ~]# ip netns exec ns0 ip link set eth0 up [root@localhost ~]# ip netns exec ns0 ip link set veth0 down [root@localhost ~]# ip netns exec ns0 ip link set dev veth0 name eth0 [root@localhost ~]# ip netns exec ns0 ifconfig -a eth0: flags=4098<BROADCAST,MULTICAST> mtu 1500inet 10.0.0.1 netmask 255.255.255.0 broadcast 0.0.0.0ether 72:bf:69:5a:d3:65 txqueuelen 1000 (Ethernet)RX packets 24 bytes 1944 (1.8 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 24 bytes 1944 (1.8 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 22 bytes 1848 (1.8 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 22 bytes 1848 (1.8 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0四種網(wǎng)絡(luò)模式配置
橋接模式配置
[root@localhost ~]# docker run -it --name t1 --rm busybox Unable to find image 'busybox:latest' locally latest: Pulling from library/busybox 5cc84ad355aa: Pull complete Digest: sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678 Status: Downloaded newer image for busybox:latest / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02 inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:15 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:1242 (1.2 KiB) TX bytes:0 (0.0 B)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0UP LOOPBACK RUNNING MTU:65536 Metric:1RX packets:0 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)/ # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever 7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever無(wú)模式配置
[root@localhost ~]# docker run -it --name t1 --network none --rm busybox / # ifconfig -a lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0UP LOOPBACK RUNNING MTU:65536 Metric:1RX packets:0 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)啟動(dòng)第一個(gè)容器
[root@localhost ~]# docker run -it --name b1 --rm busybox / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02 inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:10 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:836 (836.0 B) TX bytes:0 (0.0 B)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0UP LOOPBACK RUNNING MTU:65536 Metric:1RX packets:0 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)啟動(dòng)第二個(gè)容器
[root@localhost ~]# docker run -it --name b2 --rm busybox / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02 inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:11 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:906 (906.0 B) TX bytes:0 (0.0 B)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0UP LOOPBACK RUNNING MTU:65536 Metric:1RX packets:0 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)可以看到名為10.0.0的容器的IP地址是10.0.0.b2,第一個(gè)容器的IP地址不是一樣的b2,如果我們沒(méi)有與容器共享網(wǎng)絡(luò),此時(shí)將第二個(gè)容器的啟動(dòng)方式改變,容器就可以使名為b2的IP與B1的IP容器一致,也即共享IP,但不共享文件系統(tǒng)。
[root@localhost ~]# docker run -it --name b2 --rm --network container:b1 busybox / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:02 inet addr:10.0.0.2 Bcast:10.0.255.255 Mask:255.255.0.0UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:8 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:648 (648.0 B) TX bytes:0 (0.0 B)此時(shí)在b1容器上創(chuàng)建一個(gè)我們的目錄
/ # mkdir /tmp/data / # ls /tmp data到b2容納上會(huì)并并,因?yàn)槲募到y(tǒng)是沒(méi)有這個(gè)目錄/保存目錄顯示的,發(fā)現(xiàn)共識(shí)了。
在 b2 容器上部署一個(gè)站點(diǎn)
/ # echo 'hello world' > /tmp/index.html / # ls /tmp index.html / # httpd -h /tmp / # netstat -antl Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 :::80 :::* LISTEN在 b1 容器上用本地地址訪問(wèn)此站點(diǎn)
/ # wget -O - -q 127.0.0.1:80 hello world可見(jiàn),包含相同模式下的包含間關(guān)系就同一主機(jī)上的兩個(gè)不同進(jìn)程
主機(jī)模式配置
啟動(dòng)容器時(shí)直接指定模式為主機(jī)
[root@localhost ~]# docker run -it --name b2 --rm --network host busybox / # ifconfig docker0 Link encap:Ethernet HWaddr 02:42:06:25:98:91 inet addr:10.0.0.1 Bcast:10.0.255.255 Mask:255.255.0.0inet6 addr: fe80::42:6ff:fe25:9891/64 Scope:LinkUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:55 errors:0 dropped:0 overruns:0 frame:0TX packets:82 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:8339 (8.1 KiB) TX bytes:7577 (7.3 KiB)ens33 Link encap:Ethernet HWaddr 00:0C:29:01:78:90 inet addr:192.168.10.144 Bcast:192.168.10.255 Mask:255.255.255.0inet6 addr: fe80::20c:29ff:fe01:7890/64 Scope:LinkUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:55301 errors:0 dropped:0 overruns:0 frame:0TX packets:26269 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000 RX bytes:63769938 (60.8 MiB) TX bytes:2672449 (2.5 MiB)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0inet6 addr: ::1/128 Scope:HostUP LOOPBACK RUNNING MTU:65536 Metric:1RX packets:42 errors:0 dropped:0 overruns:0 frame:0TX packets:42 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000 RX bytes:4249 (4.1 KiB) TX bytes:4249 (4.1 KiB)vethffa4d46 Link encap:Ethernet HWaddr 06:4F:68:16:6E:B0 inet6 addr: fe80::44f:68ff:fe16:6eb0/64 Scope:LinkUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:0 errors:0 dropped:0 overruns:0 frame:0TX packets:8 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:648 (648.0 B)這時(shí)如果我們啟動(dòng)一個(gè)http站點(diǎn),我們就可以直接在這個(gè)容器中的容器中訪問(wèn)我們的IP地址。
容器的常用操作
查看容器的主機(jī)名
[root@localhost ~]# docker run -it --name t1 --network bridge --rm busybox / # hostname 306cba8fac72在容器啟動(dòng)時(shí)注入主機(jī)名
/ # cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 306cba8fac72 / # cat /etc/resolv.conf # Generated by NetworkManager search localdomain nameserver 192.168.207.2 nameserver 172.16.0.1 / # ping www.baidu.com PING www.baidu.com (36.152.44.95): 56 data bytes 64 bytes from 36.152.44.95: seq=0 ttl=127 time=25.140 ms 64 bytes from 36.152.44.95: seq=1 ttl=127 time=28.121 ms 64 bytes from 36.152.44.95: seq=2 ttl=127 time=25.812 ms 64 bytes from 36.152.44.95: seq=3 ttl=127 time=27.584 ms 64 bytes from 36.152.44.95: seq=4 ttl=127 time=31.692 ms 64 bytes from 36.152.44.95: seq=5 ttl=127 time=39.867 ms 64 bytes from 36.152.44.95: seq=6 ttl=127 time=41.282 ms手動(dòng)指定容器要使用的DNS
/ # docker run -it --name t1 --network bridge --hostname ljl --dns sh: docker: not found / # cat /etc/resolv.conf # Generated by NetworkManager search localdomain nameserver 192.168.207.2 nameserver 172.16.0.1 / # nslookup -type=a www.baidu.com Server: 192.168.207.2 Address: 192.168.207.2:53Non-authoritative answer: Name: www.baidu.com Address: 36.152.44.95手動(dòng)往/etc/hosts文件中注入主機(jī)名到IP地址的映射
[root@localhost ~]# docker run -it --name t1 --network bridge --hostname ljl --add-host www.a.com:1.1.1.1 --rm busybox / # cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 1.1.1.1 www.a.com 172.17.0.3 ljl開(kāi)放容器端口
執(zhí)行docker run的時(shí)候有個(gè)-p選項(xiàng),可以將容器中的應(yīng)用端口映射到宿主機(jī)中,從而實(shí)現(xiàn)讓外部主機(jī)可以通過(guò)訪問(wèn)宿主機(jī)的某端口來(lái)訪問(wèn)容器內(nèi)應(yīng)用的目的。
-p選項(xiàng)能夠使用多次,其所能夠暴露的端口必須是容器確實(shí)在監(jiān)聽(tīng)的端口。
-p選項(xiàng)的使用格式:
- -p containerPort
- 將指定的容器端口映射至主機(jī)所有地址的一個(gè)動(dòng)態(tài)端口
- -p hostPort : containerPort
- 將容器端口 containerPort 映射至指定的主機(jī)端口 hostPort
- -p ip :: containerPort
- 將指定的容器端口 containerPort 映射至主機(jī)指定 ip 的動(dòng)態(tài)端口
- -p ip : hostPort : containerPort
- 將指定的容器端口 containerPort 映射至主機(jī)指定 ip 的端口 hostPort
動(dòng)態(tài)端口指的是隨機(jī)端口,具體的映射結(jié)果可使用docker port命令查看。
[root@localhost ~]# docker run -dit --name web1 -p 192.168.203.138::80 httpd e97bc1774e40132659990090f0e98a308a7f83986610ca89037713e9af8a6b9f [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e97bc1774e40 httpd "httpd-foreground" 6 seconds ago Up 5 seconds 192.168.203.138:49153->80/tcp web1 af5ba32f990e busybox "sh" 48 minutes ago Up 48 minutes b3 [root@localhost ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 192.168.203.138:49153 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 [::]:22 [::]:*以上命令執(zhí)行后會(huì)一直占用著前端,我們新開(kāi)一個(gè)終端連接來(lái)看一下容器的80端口被映射到了宿主機(jī)的什么端口上
[root@localhost ~]# docker port web1 80/tcp -> 192.168.203.138:49153由此可見(jiàn),容器的80端口被暴露到了宿主機(jī)的49153端口上,此時(shí)我們?cè)谒拗鳈C(jī)上訪問(wèn)一下這個(gè)端口看是否能訪問(wèn)到容器內(nèi)的站點(diǎn)
[root@localhost ~]# curl http://192.168.203.138:49153 <html><body><h1>It works!</h1></body></html>iptables防火墻規(guī)則將隨容器的創(chuàng)建自動(dòng)生成,隨容器的刪除自動(dòng)刪除規(guī)則。
[root@localhost ~]# iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination 3 164 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCALChain INPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination 4 261 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0 0 0 MASQUERADE tcp -- * * 172.17.0.3 172.17.0.3 tcp dpt:80Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination 2 120 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCALChain DOCKER (2 references)pkts bytes target prot opt in out source destination 1 60 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 1 60 DNAT tcp -- !docker0 * 0.0.0.0/0 192.168.203.138 tcp dpt:49153 to:172.17.0.3:80將容器端口映射到指定IP的隨機(jī)端口
[root@localhost ~]# docker run -dit --name web1 -p 192.168.203.138::80 httpd在另一個(gè)終端上查看端口映射情況
[root@localhost ~]# docker port web1 80/tcp -> 192.168.203.138:49153自定義docker0橋的網(wǎng)絡(luò)屬性信息
自定義docker0橋的網(wǎng)絡(luò)屬性信息需要修改/etc/docker/daemon.json配置文件
[root@localhost ~]# cd /etc/docker/ [root@localhost docker]# vim daemon.json [root@localhost docker]# systemctl daemon-reload [root@localhost docker]# systemctl restart docker{"registry-mirrors": ["https://4hygggbu.mirror.aliyuncs.com/"],"bip": "192.168.1.5/24" } EOF [root@localhost ~]# vim /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock [root@localhost ~]# systemctl daemon-reload [root@localhost ~]# systemctl restart docker在客戶端上向dockerd直接傳遞“-H|–host”選項(xiàng)指定要控制哪臺(tái)主機(jī)上的docker容器
[root@localhost ~]# docker -H 192.168.203.138:2375 ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e97bc1774e40 httpd "httpd-foreground" 30 minutes ago Up 11 seconds 192.168.203.138:49153->80/tcp web1 af5ba32f990e busybox "sh" About an hour ago Up 14 seconds b3創(chuàng)建新網(wǎng)絡(luò)
[root@localhost ~]# docker network create ljl -d bridge 883eda50812bb214c04986ca110dbbcb7600eba8b033f2084cd4d750b0436e12 [root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 0c5f4f114c27 bridge bridge local 8c2d14f1fb82 host host local 883eda50812b ljl bridge local 85ed12d38815 none null local創(chuàng)建一個(gè)額外的自定義橋,區(qū)別于docker0
[root@localhost ~]# docker network create -d bridge --subnet "192.168.2.0/24" --gateway "192.168.2.1" br0 af9ba80deb619de3167939ec5b6d6136a45dce90907695a5bc5ed4608d188b99 [root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE af9ba80deb61 br0 bridge local 0c5f4f114c27 bridge bridge local 8c2d14f1fb82 host host local 883eda50812b ljl bridge local 85ed12d38815 none null local使用新創(chuàng)建的自定義橋來(lái)創(chuàng)建容器:
[root@localhost ~]# docker run -it --name b1 --network br0 busybox / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:02:02 inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:11 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:962 (962.0 B) TX bytes:0 (0.0 B)再創(chuàng)建一個(gè)容器,使用默認(rèn)的bridge橋:
[root@localhost ~]# docker run --name b2 -it busybox / # ls bin dev etc home proc root sys tmp usr var / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:01:03 inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:6 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:516 (516.0 B) TX bytes:0 (0.0 B) RX bytes:962 (962.0 B) TX bytes:0 (0.0 B) 再創(chuàng)建一個(gè)容器,使用默認(rèn)的bridge橋:```ruby [root@localhost ~]# docker run --name b2 -it busybox / # ls bin dev etc home proc root sys tmp usr var / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:01:03 inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:6 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:516 (516.0 B) TX bytes:0 (0.0 B)總結(jié)
以上是生活随笔為你收集整理的2022.08.09-docker容器网络配置-左冕的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: 51单片机c语言秒表,51单片机秒表C程
- 下一篇: “野火FreeRTOS教程”第7章补充知