- Hu Josh·Last edited by Hu Josh on Nov 11, 2021Linked with GitHubContributed by
Log in to edit or delete your comments and be notified of replies.
There is no commentSelect some text and then click Comment, or simply add a comment to this page from below to start a discussion.docker network指令總覽
(last update: 2021/11/12)
說明
docker network架構說明
將容器連上網路的方法。可以用虛擬機的想法來實作。有幾種方法
- 讓容器連上docker0這個路由器,容器自己形成一個網路,像虛擬機中的NAT一樣,稱之為bridge。
- 讓容器分享主機的IP,稱之為host,連上公網,但要小心使用,不建議使用。
- 讓容器之間能互相看到,但主機和公網看不到,稱之為local。
- 還有overlay和macvlan,以及完全無法連上網路的none。
- 有了K8S之後,docker network的功能就被大常削弱了,一般我們會使用k8s提供的virutal network服務。
- 最常用的就是bridge。
預設bridge架構
- docker 會新增一個 software bridge 作為 container 網路對外的出口,預設名稱為 docker0
- docker0 會與 host 中的對外網卡(上圖為 eth0)相連,藉此取得對外連線的能力
- 每個 container 會使用一個 veth device 與 docker0 相連,因此具備連外能力
Image Not Showing
Possible Reasons
Learn More →
Image Not Showing
Possible Reasons
Learn More →
(joshhuAI)joshhu:~/ $ docker run --rm -it centos ip addr [16:31:43]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
338: eth0@if339: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
(joshhuAI)joshhu:~/ $
建立一個容器,然後再建一個容器
(joshhuAI)joshhu:~/ $ docker run -d tutum/apache-php [16:36:46]
08e56b8fe50d3cc3f42c57bc9b86043fe1710157010e0547e0ab98a97f5e54dc
(joshhuAI)joshhu:~/ $ docker inspect 08
Image Not Showing
Possible Reasons
Learn More →
(joshhuAI)joshhu:~/ $ docker run --rm -it centos ping 172.17.0.2 [16:37:03]
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.103 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.060 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.048 ms
自建一個bridge network
除了預設的docker0,使用者可以自己建立bridge network,讓所有的容器連上這個自建的NAT網路。
觀查建立前的網路
(joshhuAI)joshhu:~/ $ ifconfig [17:28:32]
docker0 Link encap:Ethernet HWaddr 02:42:32:85:1c:e9
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:32ff:fe85:1ce9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7458 errors:0 dropped:0 overruns:0 frame:0
TX packets:33569 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:825724 (825.7 KB) TX bytes:15716177 (15.7 MB)
enp5s0 Link encap:Ethernet HWaddr 10:7b:44:93:a9:4f
inet addr:192.168.1.113 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::4308:ef87:2429:6fe6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5177943 errors:0 dropped:3 overruns:0 frame:0
TX packets:4074896 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4448391976 (4.4 GB) TX bytes:1494277453 (1.4 GB)
Memory:ba200000-ba21ffff
enp6s0 Link encap:Ethernet HWaddr c4:6e:1f:03:5b:78
inet6 addr: fe80::c66e:1fff:fe03:5b78/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6874731 errors:0 dropped:438298 overruns:0 frame:0
TX packets:6084086 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6061411002 (6.0 GB) TX bytes:4185181732 (4.1 GB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:200034 errors:0 dropped:0 overruns:0 frame:0
TX packets:200034 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:878398927 (878.3 MB) TX bytes:878398927 (878.3 MB)
vboxnet1 Link encap:Ethernet HWaddr 0a:00:27:00:00:01
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::800:27ff:fe00:1/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:166 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:23019 (23.0 KB)
vboxnet2 Link encap:Ethernet HWaddr 0a:00:27:00:00:02
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::800:27ff:fe00:2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:34522 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:7040278 (7.0 MB)
vethabd8a87 Link encap:Ethernet HWaddr b6:c4:de:7f:70:8c
inet6 addr: fe80::b4c4:deff:fe7f:708c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:179 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:462 (462.0 B) TX bytes:33486 (33.4 KB)
vmnet1 Link encap:Ethernet HWaddr 00:50:56:c0:00:01
inet addr:172.16.202.1 Bcast:172.16.202.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:33504 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vmnet8 Link encap:Ethernet HWaddr 00:50:56:c0:00:08
inet addr:172.16.123.1 Bcast:172.16.123.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:33505 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
(joshhuAI)joshhu:~/ $
建立一個虛擬bridge
docker network create mylamp
再觀查新的網路架構
(joshhuAI)joshhu:~/ $ docker network ls [17:29:44]
NETWORK ID NAME DRIVER SCOPE
4647eec39713 bridge bridge local
6d5c484c7754 host host local
c66c444f6768 none null local
(joshhuAI)joshhu:~/ $ docker network create mybridge [17:29:48]
3d2651bee2a2dd4cec26435477e7118a71c1935d304a0d7aa10130663a104526
(joshhuAI)joshhu:~/ $ docker network ls [17:30:04]
NETWORK ID NAME DRIVER SCOPE
4647eec39713 bridge bridge local
6d5c484c7754 host host local
3d2651bee2a2 mybridge bridge local
c66c444f6768 none null local
(joshhuAI)joshhu:~/ $
Image Not Showing
Possible Reasons
Learn More →
用這個網路建立容器
(joshhuAI)joshhu:~/ $ docker run -d --network mybridge --name web tutum/apache-php [17:33:47]
f64a3088ea36acd88720dc6bb5e2a07c3159f106ee4b64386e57765af7b2e143
(joshhuAI)joshhu:~/ $ docker ps [17:33:57]
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f64a3088ea36 tutum/apache-php "/run.sh" 4 seconds ago Up 2 seconds 80/tcp web
(joshhuAI)joshhu:~/ $ docker exec -it f bash [17:34:00]
root@f64a3088ea36:/app# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
359: eth0@if360: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:13:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.19.0.2/16 brd 172.19.255.255 scope global eth0
valid_lft forever preferred_lft forever
root@f64a3088ea36:/app#
再建立一個容器,可以用web這個名稱找到
(joshhuAI)joshhu:~/ $ docker run -it --rm --network mybridge centos bash [17:35:11]
[root@9e9abdc3ae4c /]# ping web
PING web (172.19.0.2) 56(84) bytes of data.
64 bytes from web.mybridge (172.19.0.2): icmp_seq=1 ttl=64 time=0.089 ms
64 bytes from web.mybridge (172.19.0.2): icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from web.mybridge (172.19.0.2): icmp_seq=3 ttl=64 time=0.048 ms
64 bytes from web.mybridge (172.19.0.2): icmp_seq=4 ttl=64 time=0.042 ms
^C
--- web ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3050ms
rtt min/avg/max/mdev = 0.040/0.054/0.089/0.021 ms
[root@9e9abdc3ae4c /]#
將現有容器連上這個路由器
(joshhuAI)joshhu:~/ $ docker run -d tutum/apache-php [17:37:11]
e725a1c50f1a1984831e8b65f90fc1dedd3faca5f32822d51767c5ca69cb5862
(joshhuAI)joshhu:~/ $ docker exec -it e bash [17:37:26]
root@e725a1c50f1a:/app# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
365: eth0@if366: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
root@e725a1c50f1a:/app#
(joshhuAI)joshhu:~/ $ docker network connect mybridge e72 [17:38:38]
(joshhuAI)joshhu:~/ $ docker exec -it e72 bash [17:39:02]
root@e725a1c50f1a:/app# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
365: eth0@if366: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
367: eth1@if368: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:13:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.19.0.3/16 brd 172.19.255.255 scope global eth1
valid_lft forever preferred_lft forever
root@e725a1c50f1a:/app#
(joshhuAI)joshhu:~/ $ docker network disconnect mybridge e72 [17:40:17]
(joshhuAI)joshhu:~/ $ docker exec -it e72 bash [17:40:28]
root@e725a1c50f1a:/app# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
365: eth0@if366: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
root@e725a1c50f1a:/app#
docker network實作
建立一個lamp stack
建立一個linux, apache, mysql, php的堆疊。這邊用phpmyadmin這個程式來示範。
建立新的網路
(joshhuAI)joshhu:~/ $ docker network ls [22:36:28]
NETWORK ID NAME DRIVER SCOPE
4647eec39713 bridge bridge local
6d5c484c7754 host host local
c66c444f6768 none null local
(joshhuAI)joshhu:~/ $ docker network create mybridge [22:36:30]
0268e12fad3ca4595e67a31313434ac74fe4b309724deb7314c70ed977388af3
(joshhuAI)joshhu:~/ $ docker network ls [22:36:35]
NETWORK ID NAME DRIVER SCOPE
4647eec39713 bridge bridge local
6d5c484c7754 host host local
0268e12fad3c mybridge bridge local
c66c444f6768 none null local
(joshhuAI)joshhu:~/ $
建立mysql的服務
(joshhuAI)joshhu:~/ $ docker run -d --name db --network mybridge -e MYSQL_ROOT_PASSWORD=password mysql [22:36:44]
cc312e7bf38aae381ee0d8c89a33d1639d67da0b17a63bd4e2788dde968aade9
(joshhuAI)joshhu:~/ $ docker ps [22:37:14]
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cc312e7bf38a mysql "docker-entrypoint.s…" 3 seconds ago Up 1 second 3306/tcp, 33060/tcp db
(joshhuAI)joshhu:~/ $
建立phpmyadmin的服務
(joshhuAI)joshhu:~/ $ docker run --name myadmin -d --network mybridge -p 8080:80 phpmyadmin [22:37:21]
c3c771e73f140d07de40987631b1dba8633526a17c7137ab9e6c9fbdde3cda4c
(joshhuAI)joshhu:~/ $ docker ps [22:38:12]
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c3c771e73f14 phpmyadmin "/docker-entrypoint.…" 3 seconds ago Up 1 second 0.0.0.0:8080->80/tcp, :::8080->80/tcp myadmin
cc312e7bf38a mysql "docker-entrypoint.s…" About a minute ago Up 59 seconds 3306/tcp, 33060/tcp db
(joshhuAI)joshhu:~/ $
Read more
明新科大2022年ansible-1
作業系統中的重要元件
May 8, 202420240116:什麼是人工智慧
20240116:什麼是人工智慧
Jan 27, 2024如何用反向通道連入沒有固定IP躲在防火牆內的主機
電腦A是一台在防火牆後面內網的Linux主機(甚至連DHCP都會變),而防火牆則是沒有固定IP的。如果我們想要控制電腦A,就需要一台具有固定IP的Linux主機(我用的是GOOGLE雲端主機,電腦B),然後從電腦A建立一條反向通道到電腦B,以後要從任何地方(電腦C)連入電腦A,就透過電腦B,然後從這條反向通道連回電腦A。
Dec 24, 2023Proxmox安裝Windows虛擬機的重點
Proxmox安裝Windows虛擬機的重點
Dec 16, 2023Published on 
HackMD
HackMD