- Hu Josh·Last edited by Hu Josh on Nov 11, 2021Linked with GitHubContributed by
docker network指令總覽
(last update: 2021/11/12)
說明
docker network架構說明
將容器連上網路的方法。可以用虛擬機的想法來實作。有幾種方法
- 讓容器連上docker0這個路由器,容器自己形成一個網路,像虛擬機中的NAT一樣,稱之為bridge。
- 讓容器分享主機的IP,稱之為host,連上公網,但要小心使用,不建議使用。
- 讓容器之間能互相看到,但主機和公網看不到,稱之為local。
- 還有overlay和macvlan,以及完全無法連上網路的none。
- 有了K8S之後,docker network的功能就被大常削弱了,一般我們會使用k8s提供的virutal network服務。
- 最常用的就是bridge。
預設bridge架構
- docker 會新增一個 software bridge 作為 container 網路對外的出口,預設名稱為 docker0
- docker0 會與 host 中的對外網卡(上圖為 eth0)相連,藉此取得對外連線的能力
- 每個 container 會使用一個 veth device 與 docker0 相連,因此具備連外能力
(joshhuAI)joshhu:~/ $ docker run --rm -it centos ip addr [16:31:43]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
338: eth0@if339: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
(joshhuAI)joshhu:~/ $
建立一個容器,然後再建一個容器
(joshhuAI)joshhu:~/ $ docker run -d tutum/apache-php [16:36:46]
08e56b8fe50d3cc3f42c57bc9b86043fe1710157010e0547e0ab98a97f5e54dc
(joshhuAI)joshhu:~/ $ docker inspect 08
(joshhuAI)joshhu:~/ $ docker run --rm -it centos ping 172.17.0.2 [16:37:03]
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.103 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.060 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.048 ms
自建一個bridge network
除了預設的docker0,使用者可以自己建立bridge network,讓所有的容器連上這個自建的NAT網路。
觀查建立前的網路
(joshhuAI)joshhu:~/ $ ifconfig [17:28:32]
docker0 Link encap:Ethernet HWaddr 02:42:32:85:1c:e9
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:32ff:fe85:1ce9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7458 errors:0 dropped:0 overruns:0 frame:0
TX packets:33569 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:825724 (825.7 KB) TX bytes:15716177 (15.7 MB)
enp5s0 Link encap:Ethernet HWaddr 10:7b:44:93:a9:4f
inet addr:192.168.1.113 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::4308:ef87:2429:6fe6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5177943 errors:0 dropped:3 overruns:0 frame:0
TX packets:4074896 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4448391976 (4.4 GB) TX bytes:1494277453 (1.4 GB)
Memory:ba200000-ba21ffff
enp6s0 Link encap:Ethernet HWaddr c4:6e:1f:03:5b:78
inet6 addr: fe80::c66e:1fff:fe03:5b78/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6874731 errors:0 dropped:438298 overruns:0 frame:0
TX packets:6084086 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6061411002 (6.0 GB) TX bytes:4185181732 (4.1 GB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:200034 errors:0 dropped:0 overruns:0 frame:0
TX packets:200034 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:878398927 (878.3 MB) TX bytes:878398927 (878.3 MB)
vboxnet1 Link encap:Ethernet HWaddr 0a:00:27:00:00:01
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::800:27ff:fe00:1/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:166 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:23019 (23.0 KB)
vboxnet2 Link encap:Ethernet HWaddr 0a:00:27:00:00:02
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::800:27ff:fe00:2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:34522 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:7040278 (7.0 MB)
vethabd8a87 Link encap:Ethernet HWaddr b6:c4:de:7f:70:8c
inet6 addr: fe80::b4c4:deff:fe7f:708c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:179 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:462 (462.0 B) TX bytes:33486 (33.4 KB)
vmnet1 Link encap:Ethernet HWaddr 00:50:56:c0:00:01
inet addr:172.16.202.1 Bcast:172.16.202.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:33504 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vmnet8 Link encap:Ethernet HWaddr 00:50:56:c0:00:08
inet addr:172.16.123.1 Bcast:172.16.123.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:33505 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
(joshhuAI)joshhu:~/ $
建立一個虛擬bridge
docker network create mylamp
再觀查新的網路架構
(joshhuAI)joshhu:~/ $ docker network ls [17:29:44]
NETWORK ID NAME DRIVER SCOPE
4647eec39713 bridge bridge local
6d5c484c7754 host host local
c66c444f6768 none null local
(joshhuAI)joshhu:~/ $ docker network create mybridge [17:29:48]
3d2651bee2a2dd4cec26435477e7118a71c1935d304a0d7aa10130663a104526
(joshhuAI)joshhu:~/ $ docker network ls [17:30:04]
NETWORK ID NAME DRIVER SCOPE
4647eec39713 bridge bridge local
6d5c484c7754 host host local
3d2651bee2a2 mybridge bridge local
c66c444f6768 none null local
(joshhuAI)joshhu:~/ $
用這個網路建立容器
(joshhuAI)joshhu:~/ $ docker run -d --network mybridge --name web tutum/apache-php [17:33:47]
f64a3088ea36acd88720dc6bb5e2a07c3159f106ee4b64386e57765af7b2e143
(joshhuAI)joshhu:~/ $ docker ps [17:33:57]
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f64a3088ea36 tutum/apache-php "/run.sh" 4 seconds ago Up 2 seconds 80/tcp web
(joshhuAI)joshhu:~/ $ docker exec -it f bash [17:34:00]
root@f64a3088ea36:/app# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
359: eth0@if360: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:13:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.19.0.2/16 brd 172.19.255.255 scope global eth0
valid_lft forever preferred_lft forever
root@f64a3088ea36:/app#
再建立一個容器,可以用web這個名稱找到
(joshhuAI)joshhu:~/ $ docker run -it --rm --network mybridge centos bash [17:35:11]
[root@9e9abdc3ae4c /]# ping web
PING web (172.19.0.2) 56(84) bytes of data.
64 bytes from web.mybridge (172.19.0.2): icmp_seq=1 ttl=64 time=0.089 ms
64 bytes from web.mybridge (172.19.0.2): icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from web.mybridge (172.19.0.2): icmp_seq=3 ttl=64 time=0.048 ms
64 bytes from web.mybridge (172.19.0.2): icmp_seq=4 ttl=64 time=0.042 ms
^C
--- web ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3050ms
rtt min/avg/max/mdev = 0.040/0.054/0.089/0.021 ms
[root@9e9abdc3ae4c /]#
將現有容器連上這個路由器
(joshhuAI)joshhu:~/ $ docker run -d tutum/apache-php [17:37:11]
e725a1c50f1a1984831e8b65f90fc1dedd3faca5f32822d51767c5ca69cb5862
(joshhuAI)joshhu:~/ $ docker exec -it e bash [17:37:26]
root@e725a1c50f1a:/app# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
365: eth0@if366: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
root@e725a1c50f1a:/app#
(joshhuAI)joshhu:~/ $ docker network connect mybridge e72 [17:38:38]
(joshhuAI)joshhu:~/ $ docker exec -it e72 bash [17:39:02]
root@e725a1c50f1a:/app# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
365: eth0@if366: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
367: eth1@if368: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:13:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.19.0.3/16 brd 172.19.255.255 scope global eth1
valid_lft forever preferred_lft forever
root@e725a1c50f1a:/app#
(joshhuAI)joshhu:~/ $ docker network disconnect mybridge e72 [17:40:17]
(joshhuAI)joshhu:~/ $ docker exec -it e72 bash [17:40:28]
root@e725a1c50f1a:/app# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
365: eth0@if366: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
root@e725a1c50f1a:/app#
docker network實作
建立一個lamp stack
建立一個linux, apache, mysql, php的堆疊。這邊用phpmyadmin這個程式來示範。
建立新的網路
(joshhuAI)joshhu:~/ $ docker network ls [22:36:28]
NETWORK ID NAME DRIVER SCOPE
4647eec39713 bridge bridge local
6d5c484c7754 host host local
c66c444f6768 none null local
(joshhuAI)joshhu:~/ $ docker network create mybridge [22:36:30]
0268e12fad3ca4595e67a31313434ac74fe4b309724deb7314c70ed977388af3
(joshhuAI)joshhu:~/ $ docker network ls [22:36:35]
NETWORK ID NAME DRIVER SCOPE
4647eec39713 bridge bridge local
6d5c484c7754 host host local
0268e12fad3c mybridge bridge local
c66c444f6768 none null local
(joshhuAI)joshhu:~/ $
建立mysql的服務
(joshhuAI)joshhu:~/ $ docker run -d --name db --network mybridge -e MYSQL_ROOT_PASSWORD=password mysql [22:36:44]
cc312e7bf38aae381ee0d8c89a33d1639d67da0b17a63bd4e2788dde968aade9
(joshhuAI)joshhu:~/ $ docker ps [22:37:14]
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cc312e7bf38a mysql "docker-entrypoint.s…" 3 seconds ago Up 1 second 3306/tcp, 33060/tcp db
(joshhuAI)joshhu:~/ $
建立phpmyadmin的服務
(joshhuAI)joshhu:~/ $ docker run --name myadmin -d --network mybridge -p 8080:80 phpmyadmin [22:37:21]
c3c771e73f140d07de40987631b1dba8633526a17c7137ab9e6c9fbdde3cda4c
(joshhuAI)joshhu:~/ $ docker ps [22:38:12]
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c3c771e73f14 phpmyadmin "/docker-entrypoint.…" 3 seconds ago Up 1 second 0.0.0.0:8080->80/tcp, :::8080->80/tcp myadmin
cc312e7bf38a mysql "docker-entrypoint.s…" About a minute ago Up 59 seconds 3306/tcp, 33060/tcp db
(joshhuAI)joshhu:~/ $
Read more
明新科大2022年ansible-1
作業系統中的重要元件
May 8, 202420240116:什麼是人工智慧
20240116:什麼是人工智慧
Jan 27, 2024如何用反向通道連入沒有固定IP躲在防火牆內的主機
電腦A是一台在防火牆後面內網的Linux主機(甚至連DHCP都會變),而防火牆則是沒有固定IP的。如果我們想要控制電腦A,就需要一台具有固定IP的Linux主機(我用的是GOOGLE雲端主機,電腦B),然後從電腦A建立一條反向通道到電腦B,以後要從任何地方(電腦C)連入電腦A,就透過電腦B,然後從這條反向通道連回電腦A。
Dec 24, 2023Proxmox安裝Windows虛擬機的重點
Proxmox安裝Windows虛擬機的重點
Dec 16, 2023Published on 
HackMD
HackMD