1、网络模式
•bridge
–net=bridge
默认网络,Docker启动后创建一个docker0网桥,默认创建的容器也是添加到这个网桥中。
•host
–net=host
容器不会获得一个独立的network namespace,而是与宿主机共用一个。这就意味着容器不会有自己的网卡信息,而是使用宿主机的。容器除了网络,其他都是隔离的。
例子:
[root@linux-node1 ~]# docker pull busybox
[root@linux-node1 ~]# docker container run -itd --net=host --name=test1 busybox
[root@linux-node1 ~]# docker exec -it test1 sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:50:56:b3:58:98 brd ff:ff:ff:ff:ff:ff
inet 192.168.6.240/24 brd 192.168.6.255 scope global ens192
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:feb3:5898/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 02:42:4f:19:b7:3f brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:4fff:fe19:b73f/64 scope link
valid_lft forever preferred_lft forever
37: vethd67792f@if36: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master docker0
link/ether ea:84:89:31:0a:da brd ff:ff:ff:ff:ff:ff
inet6 fe80::e884:89ff:fe31:ada/64 scope link
valid_lft forever preferred_lft forever
39: veth844936e@if38: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master docker0
link/ether ca:6a:cd:00:1e:71 brd ff:ff:ff:ff:ff:ff
inet6 fe80::c86a:cdff:fe00:1e71/64 scope link
valid_lft forever preferred_lft forever
41: vethdda9537@if40: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master docker0
link/ether d2:0a:fc:6c:6c:af brd ff:ff:ff:ff:ff:ff
inet6 fe80::d00a:fcff:fe6c:6caf/64 scope link
valid_lft forever preferred_lft forever
43: veth6869f9e@if42: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master docker0
link/ether 4e:b1:9a:7f:3e:bf brd ff:ff:ff:ff:ff:ff
inet6 fe80::4cb1:9aff:fe7f:3ebf/64 scope link
valid_lft forever preferred_lft forever
49: veth81dbb33@if48: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master docker0
link/ether 6a:ed:dc:71:ec:55 brd ff:ff:ff:ff:ff:ff
inet6 fe80::68ed:dcff:fe71:ec55/64 scope link
valid_lft forever preferred_lft forever•none
–net=none
获取独立的network namespace,但不为容器进行任何网络配置,需要我们手动配置。
例子:
[root@linux-node1 ~]# docker container run -itd --net=none --name=test2 busybox
[root@linux-node1 ~]# docker exec -it test2 sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)•container
–net=container:Name/ID
与指定的容器使用同一个network namespace,具有同样的网络配置信息,两个容器除了网络,其他都还是隔离的。
例子:
[root@linux-node1 ~]# docker container run -itd --name=bs -p 99:80 busybox
[root@linux-node1 ~]# docker exec -it bs sh
/ # netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
[root@linux-node1 ~]# docker run -itd --name=web --net container:bs nginx
[root@linux-node1 ~]# docker exec -it bs sh
/ # netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -•自定义网络与默认的bridge原理一样,但自定义网络具备内部DNS发现,可以通过容器名或者主机名容器之间网络通信。
例子:
[root@linux-node1 ~]# docker network create bs-network
[root@linux-node1 ~]# docker run -it --name bsa --net bs-network busybox
[root@linux-node1 ~]# docker run -it --name bsb --net bs-network busyboxdocker的网络是基于iptables实现的
[root@linux-node1 ~]# iptables -vnL
[root@linux-node1 ~]# iptables-save2、桥接主机网络与配置固定ip地址
临时生效:
# 网桥名称
br_name=br0
# 添加网桥
brctl addbr $br_name
# 给网桥设置IP
ip addr add 192.168.6.240/24 dev $br_name
# 删除已存在的eth0网卡配置
ip addr del 192.168.6.240/24 dev eth0
# 激活网桥
ip link set $br_name up
# 添加eth0到网桥
brctl addif $br_name eth0
# 添加路由
ip route add default via 192.168.6.254 dev br0
[root@linux-node1 ~]# brctl show
bridge name bridge id STP enabled interfaces
br-224ff6667a50 8000.0242997f1769 no veth3d5b99a
br0 8000.005056b35898 no ens192
docker0 8000.02424f19b73f no veth9ca9d65
还需要在docker启动时桥接这个网桥:
#vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -b=br0
---------------------------------------------
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
#ExecStart=/usr/bin/dockerd -H unix://
ExecStart=/usr/bin/dockerd -b=br0
------------------------------------------------
#systemctl restart docker永久生效:
#vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
#vi /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bride
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.6.240
NETMASK=255.255.255.0
GATEWAY=192.168.6.254
DNS1=114.114.114.114
pipework工具配置容器固定IP
git clone https://github.com/jeptazzo/pipework.git
cp pipework/pipework /usr/local/bin
docker run -itd --net=none --name test01 centos
pipework br0 test01 192.168.1.88/24@192.168.1.1文档更新时间: 2019-02-25 13:16 作者:李延召
