`docker network`指令總覽

`docker network`指令總覽 === (last update: 2021/11/12) ## 說明 ### docker network架構說明將容器連上網路的方法。可以用虛擬機的想法來實作。有幾種方法 * 讓容器連上docker0這個路由器，容器自己形成一個網路，像虛擬機中的NAT一樣，稱之為bridge。 * 讓容器分享主機的IP，稱之為host，連上公網，但要小心使用，不建議使用。 * 讓容器之間能互相看到，但主機和公網看不到，稱之為local。 * 還有overlay和macvlan，以及完全無法連上網路的none。 * 有了K8S之後，docker network的功能就被大常削弱了，一般我們會使用k8s提供的virutal network服務。 * 最常用的就是bridge。 ### 預設bridge架構 * docker 會新增一個 software bridge 作為 container 網路對外的出口，預設名稱為 docker0 * docker0 會與 host 中的對外網卡(上圖為 eth0)相連，藉此取得對外連線的能力 * 每個 container 會使用一個 veth device 與 docker0 相連，因此具備連外能力 ![](https://i.imgur.com/s2Fz28T.png) ![](https://i.imgur.com/LaB6PlC.png) ```shell= (joshhuAI)joshhu:~/ $ docker run --rm -it centos ip addr [16:31:43] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 338: eth0@if339: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever (joshhuAI)joshhu:~/ $ ``` **建立一個容器，然後再建一個容器** ``` (joshhuAI)joshhu:~/ $ docker run -d tutum/apache-php [16:36:46] 08e56b8fe50d3cc3f42c57bc9b86043fe1710157010e0547e0ab98a97f5e54dc (joshhuAI)joshhu:~/ $ docker inspect 08 ``` ![](https://i.imgur.com/goZKAzS.png) ```shell= (joshhuAI)joshhu:~/ $ docker run --rm -it centos ping 172.17.0.2 [16:37:03] PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data. 64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.103 ms 64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.060 ms 64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.048 ms ``` ### 自建一個bridge network 除了預設的docker0，使用者可以自己建立bridge network，讓所有的容器連上這個自建的NAT網路。觀查建立前的網路 ``` (joshhuAI)joshhu:~/ $ ifconfig [17:28:32] docker0 Link encap:Ethernet HWaddr 02:42:32:85:1c:e9 inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0 inet6 addr: fe80::42:32ff:fe85:1ce9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7458 errors:0 dropped:0 overruns:0 frame:0 TX packets:33569 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:825724 (825.7 KB) TX bytes:15716177 (15.7 MB) enp5s0 Link encap:Ethernet HWaddr 10:7b:44:93:a9:4f inet addr:192.168.1.113 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::4308:ef87:2429:6fe6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5177943 errors:0 dropped:3 overruns:0 frame:0 TX packets:4074896 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4448391976 (4.4 GB) TX bytes:1494277453 (1.4 GB) Memory:ba200000-ba21ffff enp6s0 Link encap:Ethernet HWaddr c4:6e:1f:03:5b:78 inet6 addr: fe80::c66e:1fff:fe03:5b78/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6874731 errors:0 dropped:438298 overruns:0 frame:0 TX packets:6084086 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6061411002 (6.0 GB) TX bytes:4185181732 (4.1 GB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:200034 errors:0 dropped:0 overruns:0 frame:0 TX packets:200034 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:878398927 (878.3 MB) TX bytes:878398927 (878.3 MB) vboxnet1 Link encap:Ethernet HWaddr 0a:00:27:00:00:01 inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::800:27ff:fe00:1/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:166 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:23019 (23.0 KB) vboxnet2 Link encap:Ethernet HWaddr 0a:00:27:00:00:02 inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::800:27ff:fe00:2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:34522 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:7040278 (7.0 MB) vethabd8a87 Link encap:Ethernet HWaddr b6:c4:de:7f:70:8c inet6 addr: fe80::b4c4:deff:fe7f:708c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7 errors:0 dropped:0 overruns:0 frame:0 TX packets:179 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:462 (462.0 B) TX bytes:33486 (33.4 KB) vmnet1 Link encap:Ethernet HWaddr 00:50:56:c0:00:01 inet addr:172.16.202.1 Bcast:172.16.202.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:33504 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) vmnet8 Link encap:Ethernet HWaddr 00:50:56:c0:00:08 inet addr:172.16.123.1 Bcast:172.16.123.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:33505 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) (joshhuAI)joshhu:~/ $ ``` 建立一個虛擬bridge ``` docker network create mylamp ``` 再觀查新的網路架構 ``` (joshhuAI)joshhu:~/ $ docker network ls [17:29:44] NETWORK ID NAME DRIVER SCOPE 4647eec39713 bridge bridge local 6d5c484c7754 host host local c66c444f6768 none null local (joshhuAI)joshhu:~/ $ docker network create mybridge [17:29:48] 3d2651bee2a2dd4cec26435477e7118a71c1935d304a0d7aa10130663a104526 (joshhuAI)joshhu:~/ $ docker network ls [17:30:04] NETWORK ID NAME DRIVER SCOPE 4647eec39713 bridge bridge local 6d5c484c7754 host host local 3d2651bee2a2 mybridge bridge local c66c444f6768 none null local (joshhuAI)joshhu:~/ $ ``` ![](https://i.imgur.com/YGGMr1q.png) 用這個網路建立容器 ``` (joshhuAI)joshhu:~/ $ docker run -d --network mybridge --name web tutum/apache-php [17:33:47] f64a3088ea36acd88720dc6bb5e2a07c3159f106ee4b64386e57765af7b2e143 (joshhuAI)joshhu:~/ $ docker ps [17:33:57] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f64a3088ea36 tutum/apache-php "/run.sh" 4 seconds ago Up 2 seconds 80/tcp web (joshhuAI)joshhu:~/ $ docker exec -it f bash [17:34:00] root@f64a3088ea36:/app# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 359: eth0@if360: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:13:00:02 brd ff:ff:ff:ff:ff:ff inet 172.19.0.2/16 brd 172.19.255.255 scope global eth0 valid_lft forever preferred_lft forever root@f64a3088ea36:/app# ``` 再建立一個容器，可以用web這個名稱找到 ```shell= (joshhuAI)joshhu:~/ $ docker run -it --rm --network mybridge centos bash [17:35:11] [root@9e9abdc3ae4c /]# ping web PING web (172.19.0.2) 56(84) bytes of data. 64 bytes from web.mybridge (172.19.0.2): icmp_seq=1 ttl=64 time=0.089 ms 64 bytes from web.mybridge (172.19.0.2): icmp_seq=2 ttl=64 time=0.040 ms 64 bytes from web.mybridge (172.19.0.2): icmp_seq=3 ttl=64 time=0.048 ms 64 bytes from web.mybridge (172.19.0.2): icmp_seq=4 ttl=64 time=0.042 ms ^C --- web ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3050ms rtt min/avg/max/mdev = 0.040/0.054/0.089/0.021 ms [root@9e9abdc3ae4c /]# ``` 將現有容器連上這個路由器 ```shell= (joshhuAI)joshhu:~/ $ docker run -d tutum/apache-php [17:37:11] e725a1c50f1a1984831e8b65f90fc1dedd3faca5f32822d51767c5ca69cb5862 (joshhuAI)joshhu:~/ $ docker exec -it e bash [17:37:26] root@e725a1c50f1a:/app# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 365: eth0@if366: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever root@e725a1c50f1a:/app# ``` ```shell= (joshhuAI)joshhu:~/ $ docker network connect mybridge e72 [17:38:38] (joshhuAI)joshhu:~/ $ docker exec -it e72 bash [17:39:02] root@e725a1c50f1a:/app# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 365: eth0@if366: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever 367: eth1@if368: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:13:00:03 brd ff:ff:ff:ff:ff:ff inet 172.19.0.3/16 brd 172.19.255.255 scope global eth1 valid_lft forever preferred_lft forever root@e725a1c50f1a:/app# ``` ```shell= (joshhuAI)joshhu:~/ $ docker network disconnect mybridge e72 [17:40:17] (joshhuAI)joshhu:~/ $ docker exec -it e72 bash [17:40:28] root@e725a1c50f1a:/app# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 365: eth0@if366: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever root@e725a1c50f1a:/app# ``` ## docker network實作 ### 建立一個lamp stack 建立一個linux, apache, mysql, php的堆疊。這邊用`phpmyadmin`這個程式來示範。 **建立新的網路** ```shell= (joshhuAI)joshhu:~/ $ docker network ls [22:36:28] NETWORK ID NAME DRIVER SCOPE 4647eec39713 bridge bridge local 6d5c484c7754 host host local c66c444f6768 none null local (joshhuAI)joshhu:~/ $ docker network create mybridge [22:36:30] 0268e12fad3ca4595e67a31313434ac74fe4b309724deb7314c70ed977388af3 (joshhuAI)joshhu:~/ $ docker network ls [22:36:35] NETWORK ID NAME DRIVER SCOPE 4647eec39713 bridge bridge local 6d5c484c7754 host host local 0268e12fad3c mybridge bridge local c66c444f6768 none null local (joshhuAI)joshhu:~/ $ ``` **建立`mysql`的服務** ```shell= (joshhuAI)joshhu:~/ $ docker run -d --name db --network mybridge -e MYSQL_ROOT_PASSWORD=password mysql [22:36:44] cc312e7bf38aae381ee0d8c89a33d1639d67da0b17a63bd4e2788dde968aade9 (joshhuAI)joshhu:~/ $ docker ps [22:37:14] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES cc312e7bf38a mysql "docker-entrypoint.s…" 3 seconds ago Up 1 second 3306/tcp, 33060/tcp db (joshhuAI)joshhu:~/ $ ``` **建立phpmyadmin的服務** ```shell= (joshhuAI)joshhu:~/ $ docker run --name myadmin -d --network mybridge -p 8080:80 phpmyadmin [22:37:21] c3c771e73f140d07de40987631b1dba8633526a17c7137ab9e6c9fbdde3cda4c (joshhuAI)joshhu:~/ $ docker ps [22:38:12] CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c3c771e73f14 phpmyadmin "/docker-entrypoint.…" 3 seconds ago Up 1 second 0.0.0.0:8080->80/tcp, :::8080->80/tcp myadmin cc312e7bf38a mysql "docker-entrypoint.s…" About a minute ago Up 59 seconds 3306/tcp, 33060/tcp db (joshhuAI)joshhu:~/ $ ``` ![](https://i.imgur.com/DZjTUqA.png) ![](https://i.imgur.com/WV3mb6D.png)