docker0
-
查看主机的ip
[root@iZwz908j8pbqd86doyrez5Z test]# ip addr #本机回环地址 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever #阿里云内网地址 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:16:3e:10:37:ba brd ff:ff:ff:ff:ff:ff inet 172.18.199.233/20 brd 172.18.207.255 scope global dynamic eth0 valid_lft 309999819sec preferred_lft 309999819sec #docker生成的地址 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:6f:43:1c:ae brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever -
查看容器的ip
[root@iZwz908j8pbqd86doyrez5Z test]# docker exec -it 5046feaea51f ip addr #容器内网地址 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever #docker生成的地址 282: eth0@if283: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever -
尝试从主机直接ping通容器的eth0ip
#尝试ping通主机和容器 [root@iZwz908j8pbqd86doyrez5Z test]# ping 172.17.0.2 #连接成功 -
容器间的通信:docker网络
原理:使用了evth-pair技术,本质上都是通过主机相连.每个主机有一个端口对应一个容器(如上面的容器-282和主机-283),如此构成了一个局域网.实际上各个容器无法直接相连,只能通过enth0进行桥接
#尝试ping通容器和容器 [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat1 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 284: eth0@if285: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat2 ping 172.17.0.3 #测试:可以ping通
docker网络解决的问题:容器之间的ping通
原理
-
我们没启动一个docker容器,docker就会给docker容器分配一个ip,我们只要安装了docker,就会有一个网卡桥接模式,使用的技术是evth-pair技术
#再次查看主机ip:多了一个263(猜测“283: veth30fdc0b@if282”表示:这里的263与容器内的262相对应,即每运行一个容器,都会创建一对网卡) [root@iZwz908j8pbqd86doyrez5Z test]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:16:3e:10:37:ba brd ff:ff:ff:ff:ff:ff inet 172.18.199.233/20 brd 172.18.207.255 scope global dynamic eth0 valid_lft 309996899sec preferred_lft 309996899sec 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:6f:43:1c:ae brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 283: veth30fdc0b@if282: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 4e:d2:72:ba:14:a0 brd ff:ff:ff:ff:ff:ff link-netnsid 0 -
linux桥接:我们每启动一个容器,linux主机就会多一个虚拟网卡,这个网卡连接着各个容器,我们可以尝试使用两个容器进行通信
#evth-pair技术:一对虚拟设备接口,他们都是成对出现的,一端连着协议,一端彼此相连 [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat1 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 284: eth0@if285: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat2 ping 172.17.0.3 -
网络模型图
结论:tomcat1和tomcat2公用一个路由器docker0
-
小结
注:
- Docker中的所有网络接口都是虚拟的.虚拟的转发效率高!
- 只要容器删除,对应网桥一对就没了
-
–link(官方不推荐)
当通过datasource连接mysql时,通常总是对应一个指定的端口,而容器的端口却是在启动难时生成(主机端口-容器端口),是否有办法通过主机端口-服务找到对应的端口?
#尝试直接ping通 docker exec -it tomcat2 ping tomcat1 #无法直接ping通 #尝试使用link启动一个容器 docker run -d -P --name tomcat3 --link tomcat2 tomcat docker exec -it tomcat3 ping tomcat2 #可以ping通 #尝试tomcat1向tomcat2反向Ping通 docker exec -it tomcat1 ping tomcat3 #失败 #查看/etc/hosts文件探究--link原理 [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat3 cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.4 tomcat2 e55b43eede71 #其实本质上是更改了hosts文件,将访问转到本地对应的端口 172.17.0.5 c13e595e3183原理:直接在/etc/hosts中写死了
-
自定义网络
#查看当前的网络 [root@iZwz908j8pbqd86doyrez5Z ~]# docker network ls NETWORK ID NAME DRIVER SCOPE e33b6b9e8a86 bridge bridge local e4a72501819c host host local ee755fa64360 none null local网络模式
bridge:桥接模式,桥接docker(默认)
none:不配置网络
host:和宿主机共享网络
container:容器内网络连通(不建议)测试
# 我们直接启动的命令 --net bridge,也就是我们docker0的桥接 docker run -d -P --name tomcat01 tomcat docker run -d -P --name tomcat01 --net bridge tomcat #与上面等同 # docker0特点:默认,域名不能访问,可以--link打通,但是不推荐 #尝试建立一个自定义网络 #--driver bridge:桥接模式 #--subnet 192.168.0.0/16:子网地址(/16,说明只限制了前面16位,可以有255*255个不同的地址;如果是/24,则只有255个地址) #--getaway 192.168.0.1:网关 [root@iZwz908j8pbqd86doyrez5Z ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet27ebc9223f194268120a12710971c9093c53b9fc3f65e19697ca63e05ee464f9 [root@iZwz908j8pbqd86doyrez5Z ~]# docker network ls NETWORK ID NAME DRIVER SCOPE e33b6b9e8a86 bridge bridge local e4a72501819c host host local 27ebc9223f19 mynet bridge local #* ee755fa64360 none null local #docker network inspect mynet [root@iZwz908j8pbqd86doyrez5Z ~]# docker network inspect mynet [ { "Name": "mynet", "Id": "27ebc9223f194268120a12710971c9093c53b9fc3f65e19697ca63e05ee464f9", "Created": "2020-09-15T15:13:49.178777935+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", #子网 "Gateway": "192.168.0.1" #网关 } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": {}, "Labels": {} } ] #ping测试 [root@iZwz908j8pbqd86doyrez5Z ~]# docker run -d -P --net mynet --name tomcat4 tomcat b763cb6ecf5d4befefcacac1c4fafff8bc3ef28de3ba51d11dfa36e64e0c7cbd [root@iZwz908j8pbqd86doyrez5Z ~]# docker run -d -P --net mynet --name tomcat5 tomcat f292f97cf1d6a0b7d6fc77f207730cf3774a65cf72bf99c3bb392e1acf6b4993 [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat4 ping tomcat5 #再次查看信息 [root@iZwz908j8pbqd86doyrez5Z ~]# docker network inspect mynet [ { "Name": "mynet", "Id": "27ebc9223f194268120a12710971c9093c53b9fc3f65e19697ca63e05ee464f9", "Created": "2020-09-15T15:13:49.178777935+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", "Gateway": "192.168.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { #两个容器 "b763cb6ecf5d4befefcacac1c4fafff8bc3ef28de3ba51d11dfa36e64e0c7cbd": { "Name": "tomcat4", "EndpointID": "5f7cd9c91fdf08ff27ed82d0419aa428c365c1a2d1b5eed476bb1bdb45a86d06", "MacAddress": "02:42:c0:a8:00:02", "IPv4Address": "192.168.0.2/16", "IPv6Address": "" }, "f292f97cf1d6a0b7d6fc77f207730cf3774a65cf72bf99c3bb392e1acf6b4993": { "Name": "tomcat5", "EndpointID": "92660007315adb53a812b564b06090b3039a7771e7c5d9a4fad2b1c9df9753d8", "MacAddress": "02:42:c0:a8:00:03", "IPv4Address": "192.168.0.3/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ]注:
- 不同的集群建立不同的网络
- 我们自定义的网络docker都已经帮我们维护好了对应的关系,推荐我们平时这样使用网络!
-
网络连通
#尝试ping通不同网段(bridge和mynet)的容器 [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat3 ping tomcat4 ping: tomcat4: Name or service not known #在mynet网络中加入tomcat3容器 [root@iZwz908j8pbqd86doyrez5Z ~]# docker network connect mynet tomcat3 [root@iZwz908j8pbqd86doyrez5Z ~]# docker network inspect mynet [ { "Name": "mynet", "Id": "27ebc9223f194268120a12710971c9093c53b9fc3f65e19697ca63e05ee464f9", "Created": "2020-09-15T15:13:49.178777935+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", "Gateway": "192.168.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "b763cb6ecf5d4befefcacac1c4fafff8bc3ef28de3ba51d11dfa36e64e0c7cbd": { "Name": "tomcat4", "EndpointID": "5f7cd9c91fdf08ff27ed82d0419aa428c365c1a2d1b5eed476bb1bdb45a86d06", "MacAddress": "02:42:c0:a8:00:02", "IPv4Address": "192.168.0.2/16", "IPv6Address": "" }, "c13e595e31833afb032661b077f310bebce5d68bc19012caabc67dbaced129b9": { "Name": "tomcat3", "EndpointID": "ad22702408b9cad4cd67d58758506e60b6a48a0274f26a1134403c4153468a1f", "MacAddress": "02:42:c0:a8:00:04", "IPv4Address": "192.168.0.4/16", "IPv6Address": "" }, "f292f97cf1d6a0b7d6fc77f207730cf3774a65cf72bf99c3bb392e1acf6b4993": { "Name": "tomcat5", "EndpointID": "92660007315adb53a812b564b06090b3039a7771e7c5d9a4fad2b1c9df9753d8", "MacAddress": "02:42:c0:a8:00:03", "IPv4Address": "192.168.0.3/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ] #尝试用tomcat3来ping通tomcat4 [root@iZwz908j8pbqd86doyrez5Z ~]# docker exec -it tomcat3 ping tomcat4 #成功注:
- 网段不同,无法ping通
- 为了实现不同网段的容器互通,应该将要连通的容器连通整个网卡(图)
- 连通之后,就是将容器加入到对应的网络中(一个容器,两个ip地址
-
springboot打包docker镜像
- 在IDEA中下载docker插件
- 在IDEA中设置连接远程仓库
- 编写dockerfile文件
- 将jar和dockerfile文件发布上去