Docker 单机网络

Docker Network相关命令

root@ubuntu:~# docker network --help

Usage:    docker network COMMAND

Manage networks

Options:

Commands:
  connect     Connect a container to a network
  create      Create a network
  disconnect  Disconnect a container from a network
  inspect     Display detailed information on one or more networks
  ls          List networks
  prune       Remove all unused networks
  rm          Remove one or more networks

Run 'docker network COMMAND --help' for more information on a command.

查看所有已存在的Docker网络

root@ubuntu:~# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
5f744cf3807c        bridge              bridge              local
c318b9c14c37        host                host                local
835478f79db9        my_network          bridge              local
3d1a9b1b894e        my_network2         bridge              local
bee35f193006        none                null                local

创建Docker网络

root@ubuntu:~# docker network create --driver=bridge --subnet 192.168.0.0/24 --gateway 192.168.0.1 docker_network
00b5d16509dc3a7233b4e425ea3350d16f7a417d135039455d143f97dfc0d0bd

检验Docker网络

root@ubuntu:~# docker network inspect docker_network 
[
    {
        "Name": "docker_network",
        "Id": "00b5d16509dc3a7233b4e425ea3350d16f7a417d135039455d143f97dfc0d0bd",
        "Created": "2018-03-15T22:09:38.385913404+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.0.0/24",
                    "Gateway": "192.168.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

将容器加入Docker网络

root@ubuntu:~# docker run -it --network=docker_network busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:c0:a8:00:02 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0
       valid_lft forever preferred_lft forever
/ # 

指定容器IP地址

root@ubuntu:~# docker run -it --network=docker_network --ip 192.168.0.10 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
26: eth0@if27: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:c0:a8:00:0a brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.10/24 brd 192.168.0.255 scope global eth0
       valid_lft forever preferred_lft forever

注：只有使用 --subnet 创建的网络才能指定静态 IP。

Docker Network与Docker Network之间是不能通信的

root@ubuntu:~# iptables-save
...
-A DOCKER-ISOLATION -i br-3d1a9b1b894e -o br-00b5d16509dc -j DROP
-A DOCKER-ISOLATION -i br-00b5d16509dc -o br-3d1a9b1b894e -j DROP
-A DOCKER-ISOLATION -i docker0 -o br-00b5d16509dc -j DROP
-A DOCKER-ISOLATION -i br-00b5d16509dc -o docker0 -j DROP
-A DOCKER-ISOLATION -i docker0 -o br-3d1a9b1b894e -j DROP
-A DOCKER-ISOLATION -i br-3d1a9b1b894e -o docker0 -j DROP
-A DOCKER-ISOLATION -j RETURN
-A DOCKER-USER -j RETURN