Docker网络
[root@ecs-56325218 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
2c63c1a8145c bridge bridge local
70d3439bbb55 host host local
ffc74cf89143 none null local[root@ecs-56325218 ~]# docker network create aa_network[root@ecs-56325218 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
9462f910652a aa_network bridge local
2c63c1a8145c bridge bridge local
70d3439bbb55 host host local
ffc74cf89143 none null local[root@ecs-56325218 ~]# docker network rm aa_network[root@ecs-56325218 ~]# docker network inspect bridge
能干啥:
- 容器间的互联和通信及端口映射
- 容器IP变动时可以通过服务器名直接网络通信而不收到影响
bridge:为每个容器分配、设置IP等,并将容器连接到一个 docker0,虚拟网桥,默认模式
host:使用宿主机的IP和端口
none:有独立的network namespace,但没有任何网络设置
container:新创建的容器不会创建自己的网卡和配置自己ip,而是和指定的容器共享IP
[root@ecs-56325218 ~]# docker run -it --name u1 ubuntu bash
[root@ecs-56325218 ~]# docker run -it --name u2 ubuntu bash
[root@ecs-56325218 ~]# docker inspect u1|tail -n 20"Networks": { "bridge": {"IPAMConfig": null,"Links": null,"Aliases": null,"NetworkID": "2c63c1a8145c68c6c534a34b74000fa666f02992ff0c3c1f92c5e365dbdba150","EndpointID": "4d5e3d950cbb9a5350af354db9b494ab2d974f4f070dfd204f37985b88d8b167","Gateway": "172.17.0.1","IPAddress": "172.17.0.2","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "02:42:ac:11:00:02","DriverOpts": null}}}}
]
[root@ecs-56325218 ~]# docker inspect u2|tail -n 20"Networks": {"bridge": {"IPAMConfig": null,"Links": null,"Aliases": null,"NetworkID": "2c63c1a8145c68c6c534a34b74000fa666f02992ff0c3c1f92c5e365dbdba150","EndpointID": "6b8d78dd245baaa8202e86d2f03721da8b822f23fd3be5c56dd1de82cc66cca0","Gateway": "172.17.0.1","IPAddress": "172.17.0.3","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "02:42:ac:11:00:03","DriverOpts": null}}}}
]
[root@ecs-56325218 ~]# docker rm -f u2
u2
[root@ecs-56325218 ~]# docker run -it --name u3 ubuntu
[root@ecs-56325218 ~]# docker inspect u3|tail -n 20"Networks": {"bridge": {"IPAMConfig": null,"Links": null,"Aliases": null,"NetworkID": "2c63c1a8145c68c6c534a34b74000fa666f02992ff0c3c1f92c5e365dbdba150","EndpointID": "17edefbc9981476ab8c6218deaefeaf75793d4b02aea367dce8c060abe983948","Gateway": "172.17.0.1","IPAddress": "172.17.0.3","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "02:42:ac:11:00:03","DriverOpts": null}}}}
]
# IPAddress 地址重复了(docker容器内的ip是有可能发生改变的)Bridge
Docker服务默认会创建一个docker0网桥(其上有一个docker0内部接口),该桥接网络的名称为docker0,他在内核层连通了其他的物理或虚拟网卡。这就将所有容器和本地主机放到同一个物理网络。Docker默认指定了docker0接口的IP和子网掩码。让主机和容器之间可以通过网桥相互通信
查看bridge网络详细信息,并通过grep获取名称项
[root@ecs-56325218 ~]# docker network inspect bridge | grep name"com.docker.network.bridge.name": "docker0",
[root@ecs-56325218 ~]# ifconfig | grep docker
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
网桥docker0创建一对对等虚拟设备接口一个叫veth,另一个叫eth0成对匹配
- 整个宿主机的网桥模式都是docker0,类似一个交换机有一堆接口,每个接口叫veth,在本地主机和容器内分别创建一个虚拟接口,并让他们彼此连通(这样一对接口叫做veth pair)
- 每个容器实例内部也有一块网卡,每个接口叫做eth0
- docker0上面的每个veth匹配某个容器内部的eth0.两两配对,一一匹配
通过上述,宿主机上的所有容器都连接到这个内部网络上,两个容器在同一个网络下,会从这个网关下各自拿到分配的ip,此时两个容器的ip是互通的
[root@ecs-56325218 ~]# docker run -d -p 8081:8080 --name tomcat81 billygoo/tomcat8-jdk8
[root@ecs-56325218 ~]# docker run -d -p 8082:8080 --name tomcat82 billygoo/tomcat8-jdk8
[root@ecs-56325218 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether fa:16:3e:3b:3a:19 brd ff:ff:ff:ff:ff:ffinet 192.168.0.6/24 brd 192.168.0.255 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::f816:3eff:fe3b:3a19/64 scope link valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:4f:9b:14:d4 brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft foreverinet6 fe80::42:4fff:fe9b:14d4/64 scope link valid_lft forever preferred_lft forever
18: veth73d8667@if17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 7a:7e:42:81:ce:59 brd ff:ff:ff:ff:ff:ff link-netnsid 2inet6 fe80::787e:42ff:fe81:ce59/64 scope link valid_lft forever preferred_lft forever
20: veth5b8262f@if19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether da:5c:73:1f:ba:d4 brd ff:ff:ff:ff:ff:ff link-netnsid 3inet6 fe80::d85c:73ff:fe1f:bad4/64 scope link valid_lft forever preferred_lft forever
# 宿主机上存在veth虚拟接口
[root@ecs-56325218 ~]# docker exec -it tomcat81 bash
root@b187acd19e51:/usr/local/tomcat# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever
# 容器内存在对应eth0
Host 
容器将不会获得一个独立的Network Namespace,而是和宿主机共用一个Netwrok Namespace,容器将不会虚拟出自己的网卡而是使用宿主机的ip和端口
[root@ecs-56325218 ~]# docker run -d -p 8083:8080 --network host --name tomcat83 billygoo/tomcat8-jdk8
WARNING: Published ports are discarded when using host network mode
77208dd7f37acaf699395453c21e158398972de5fd091a54c4adf333cb1110c6
[root@ecs-56325218 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
77208dd7f37a billygoo/tomcat8-jdk8 "catalina.sh run" 14 seconds ago Up 13 seconds tomcat83
e20c064bcaa7 billygoo/tomcat8-jdk8 "catalina.sh run" 9 minutes ago Up 9 minutes 0.0.0.0:8082->8080/tcp, :::8082->8080/tcp tomcat82
b187acd19e51 billygoo/tomcat8-jdk8 "catalina.sh run" 9 minutes ago Up 9 minutes 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp tomcat81有警告,原因:不推荐
忽略警告
[root@ecs-56325218 ~]# docker run -d --network host --name tomcat83 billygoo/tomcat8-jdk8
[root@ecs-56325218 ~]# curl http://localhost:8080
# 共用宿主机端口
Container 
tomcat 共用一套网络有端口冲突不适合演示
使用Alpine Linux ,特点:安全、简单、小巧(6M)
[root@ecs-56325218 ~]# docker run -it --name alpine1 alpine /bin/sh
[root@ecs-56325218 ~]# docker run -it --network container:alpine1 --name alpine2 alpine /bin/sh
[root@ecs-56325218 ~]# docker exec -it alpine1 /bin/sh
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever
/ # [root@ecs-56325218 ~]# docker exec -it alpine2 /bin/sh
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever自定义网络:重点
- 容器间的互联和通信及端口映射
- 容器IP变动时可以通过服务器名直接网络通信而不收到影响
默认桥接的缺点,同一网络内服务名称无法ping通
docker network create aa
docker run -d -p 8081:8080 --network aa --name tomcat81 billygoo/tomcat8-jdk8
docker run -d -p 8082:8080 --network aa --name tomcat82 billygoo/tomcat8-jdk8[root@ecs-56325218 ~]# docker exec -it tomcat81 bash
root@88a936c716c9:/usr/local/tomcat# ping tomcat82
PING tomcat82 (172.20.0.3) 56(84) bytes of data.
64 bytes from tomcat82.aa (172.20.0.3): icmp_seq=1 ttl=64 time=0.089 ms
64 bytes from tomcat82.aa (172.20.0.3): icmp_seq=2 ttl=64 time=0.093 ms
64 bytes from tomcat82.aa (172.20.0.3): icmp_seq=3 ttl=64 time=0.051 ms以后玩docker一定要维护好服务名,注意!!!以后要走服务名,不要直接走ip了(带宽),做好网络隔离
docker-compose容器编排
工程:docker-compose.yml,一个完整的业务单元
服务:docker-compose.yml里面编写的容器
docker-compose-h # 查看帮助up # 启动所有docker-compose服务up -d # 后台启动所有d-c服务down # 停止并删除容器、网络、卷、镜像exec yml里面的服务id # 进入容器实例内部 ps # 查看运行容器top # 查看当前容器进程logs yml里面的服务id # 日志config # 检查配置config -q # 检查配置,有问题输出restart startstop
以 https://gitee.com/gz-yami/mall4j.git 为例
具体参考 我的谷
监控
简单监控
docker stats
重量监控
CIG
