6 docker网络管理
6.1 查看docker网络
docker network 命令
选项说明
| Commands | instruction |
|---|---|
| connect | Connect a container to a network |
| create | Create a networ |
| disconnect | Disconnect a container from a network |
| inspect | Display detailed information on one or more network |
| ls | List network |
| prune | Remove all unused network |
| rm | Remove one or more networks |
6.1.1 查看docker所有的网络配置清单
命令:docker network list
[root@vms41 ~]# docker network list
NETWORK ID NAME DRIVER SCOPE
931d07b62ed8 bridge bridge local
8a1b5913f0ab host host local
31291cf90202 none null local
scope 范围:
- local: 只会影响本物理机容器网络设置
- golbal:跨多个物理机容器网络设置
driver 类型:
- bridge: 桥接网络,用于与本物理机联通
- overlay: 不同机器上的容器相互通信,同时支持对消息进行加密,注意事项:
- 如果想要连接到overlay网络,请确保连接前下列端口没有服务,并且服务器防火墙要允许下列端口通过:
- TCP端口2377,用于集群管理信息的交流
- TCP、UDP端口7946用于集群中节点的交流
- UDP端口4789用于overlay网络中数据报的发送与接收
- 无论是否需要使用集群服务,都需要使用docker swarm init初始化本地主机为swarm管理节点或是使用docker swarm join加入现有得swarm
- 如果想要连接到overlay网络,请确保连接前下列端口没有服务,并且服务器防火墙要允许下列端口通过:
6.1.2 查看docker某个网络的详细配置
命令:
docker network inspect 网络名称
示例:
docker network inspect bridge
[root@vms41 ~]# docker network inspect bridge ##查看docker的bridge的网络详细属性
[
{
"Name": "bridge", #名称为bridge
"Id": "931d07b62ed809f78fc6edfbc4fe67bdb08e14bb8379b2ae139fb383570879f1",
"Created": "2021-05-03T22:12:49.690831517+08:00",
"Scope": "local", ##范围是本物理机生效
"Driver": "bridge", ##类型为桥接
"EnableIPv6": false, ##是否容许IPV6,否
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16", ##子网网段为172.17.0.0/16
"Gateway": "172.17.0.1" ## 网关为172.17.0.1
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": { ##该网段内的容器信息
"011d27f5bea6fabdeb3a761d0e198b33d9eacb0e9ec780efb8a8c772ed2e4ceb": {
"Name": "db",
"EndpointID": "7339fd35dc490df82e9b05891876361bffc3d701b03602c8765136199bd31d09",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
},
"b0f75d5d639431361206c8024cb1881e3ded2d18e840734f8412e8297563316c": {
"Name": "web",
"EndpointID": "6ee4934f684ecf74cd7ba4511e78d51c236fff083a9e25b7d1f1bd5e62f6b913",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
man -k docker --docker man手册
6.2 创建一个docker网络
命令:
docker network create -d 类型[bridge|overlay|macvlan] --subnet= 网络名称
示例:
docker network create -d bridge --subnet=192.168.0.0/16 br0
docker network create 命令选项说明
| OPTIONS | INSTRUCTION |
|---|---|
| --attachable[=false] | Enable manual container attachment |
| --aux-address=map[] | Auxiliary IPv4 or IPv6 addresses used by Network driver |
| --config-from="" | The network from which to copy the configuration |
| --config-only[=false] | Create a configuration only network |
| -d, --driver="bridge" | Driver to manage the Network |
| --gateway=[] | IPv4 or IPv6 Gateway for the master subnet |
| -h, --help[=false] | help for create |
| --ingress[=false] | Create swarm routing-mesh network |
| --internal[=false] | Restrict external access to the network |
| --ip-range=[] | Allocate container ip from a sub-range |
| --ipam-driver="default" | IP Address Management Driver |
| --ipam-opt=map[] | Set IPAM driver specific options |
| --ipv6[=false] | Enable IPv6 networking |
| --label= | Set metadata on a network |
| -o, --opt=map[] | Set driver specific options |
| --scope="" | Control the network's scope |
| --subnet=[] | Subnet in CIDR format that represents a network segment |
[root@vms41 ~]# docker network create -d bridge --subnet=10.0.0.0/24 mynet #配置一个名为mynet子网为10.0.0.0/24的子网
0796ec7b41853ae30fb85a7caa468193fa64322393a05c8faddfee25429d6c6d
[root@vms41 ~]# docker network ls ##查看容器网络mynet确实已经存在
NETWORK ID NAME DRIVER SCOPE
931d07b62ed8 bridge bridge local
8a1b5913f0ab host host local
0796ec7b4185 mynet bridge local
31291cf90202 none null local
[root@vms41 ~]# docker run -dit --name=db1 --restart=always --network=mynet -p 3307:3306 -e MYSQL_ROOT_PASSWORD=haha001 -e MYSQL_DATABASE=xxx hub.c.163.com/library/mysql:latest
55304526fb5b381d9f61d76ca3208705a39465a180b20eb5d2dd7c18080dc102
##启用容器db并使用mynet网络
[root@vms41 ~]# docker exec -it db ip a ##查看容器连接的网络,确认分配的网络地址为10.0.0.2
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
219: eth0@if220: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:0a:00:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.2/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
docker容器使用host网络后,网络信息就会和物理机一样
[root@vms41 ~]# docker run -dit --name=db1 --restart=always --network=host -p 3307:3306 -e MYSQL_ROOT_PASSWORD=haha001 -e MYSQL_DATABASE=xxx hub.c.163.com/library/mysql:latest
WARNING: Published ports are discarded when using host network mode
48b1a4d0cca0890dfbb434153727e029fa968bd7781c1da7e428de87f7cd3d3a
##使用network=host
[root@vms41 ~]#
[root@vms41 ~]#
[root@vms41 ~]# docker exec -it db ip a ##发现网络配置与物理机一致
Error: No such container: db
[root@vms41 ~]# docker exec -it db1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:2c:53:32 brd ff:ff:ff:ff:ff:ff
inet 192.168.57.41/24 brd 192.168.57.255 scope global ens32
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2c:5332/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:fd:be:e8:39 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:fdff:febe:e839/64 scope link
valid_lft forever preferred_lft forever
130: br-0796ec7b4185: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:cb:1f:53:e6 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global br-0796ec7b4185
valid_lft forever preferred_lft forever
inet6 fe80::42:cbff:fe1f:53e6/64 scope link
valid_lft forever preferred_lft forever
6.3 设置容器连接、断开连接一个已经创建的网络
[root@vms41 ~]# docker network connect mynet db #将容器db连接至已经创建的mynet网络
[root@vms41 ~]# docker exec -it db ip a ##查看容器db的网络设置,发现已经增10.0.0.2的网址
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
227: eth0@if228: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
231: eth1@if232: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:0a:00:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.2/24 brd 10.0.0.255 scope global eth1
[root@vms41 ~]# docker network disconnect mynet db #将容器db断开连接至已经创建的mynet网络
[root@vms41 ~]# docker exec -it db ip a ##查看容器db的网络设置,发现已经没有到10.0.0.0/24的连接
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
227: eth0@if228: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
6.4 实验,创建一个wordpress博客
wordpress容器 容器磁盘卷 /var/www/html挂载物理机/blog 发布端口
mysql容器 容器磁盘卷 /var/lib/mysql 挂载物理机/db 不需要对外发布端口
##创建mysql容器
[root@vms41 ~]# docker run -dit --name=db --restart=always -v /db:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=haha001 -e MYSQL_DATABASE=wordpress hub.c.163.com/library/mysql:latest
be3f6fead92e247daf8d0a5304a06f383fa1b9eaafd808ecc7851e8b3a834743
[root@vms41 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
be3f6fead92e hub.c.163.com/library/mysql:latest "docker-entrypoint.s…" 6 seconds ago Up 5 seconds 3306/tcp db
[root@vms41 ~]# ls /db/ ##查看物理机挂载目录下文件,发现workpress库已经创建好了
auto.cnf ca.pem client-key.pem ibdata1 ib_logfile1 mysql private_key.pem server-cert.pem sys
ca-key.pem client-cert.pem ib_buffer_pool ib_logfile0 ibtmp1 performance_schema public_key.pem server-key.pem wordpress
[root@vms41 ~]# docker run -dit --name=blog --restart=always -v /blog:/var/www/html #运行wordpress
> -e WORDPRESS_DB_HOST=172.17.0.2 -e WORDPRESS_DB_USER=root -e WORDPRESS_DB_PASSWORD=haha001 #指定连接数据库172.12.0.2,账号,密码,库名称,映射容器80端口到本机80端口
> -e WORDPRESS_DB_NAME=wordpress -p 80:80 hub.c.163.com/library/wordpress:latest
715d84df85fbc598fda253f8f1c0ccd1e8203ae379c6ac5f9f0cbe890b537418
docker run -dit --name=blog --restart=always -v /blog:/var/www/html -e WORDPRESS_DB_HOST=172.17.0.2 -e WORDPRESS_DB_USER=root -e WORDPRESS_DB_PASSWORD=haha001 -e WORDPRESS_DB_NAME=wordpress -p 80:80 hub.c.163.com/library/wordpress:latest
浏览器打开192.168.57.41,wordpress已经正常运行