跟我学Docker:容器编排docker-compose(十三)

115 阅读8分钟
原文链接: www.sudo.ren
  1.  None:不为容器配置任何网络功能,--net=none
    [root@docker01 wordpress]# docker run -it --network none busybox:latest
    Unable to find image 'busybox:latest' locally
    latest: Pulling from library/busybox
    ee153a04d683: Pull complete 
    Digest: sha256:9f1003c480699be56815db0f8146ad2e22efea85129b5b5983d0e0fb52d9ab70
    Status: Downloaded newer image for busybox:latest
    / # ifconfig
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1 
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    / # free -m
                  total        used        free      shared  buff/cache   available
    Mem:           3935        1033         685           0        2216        2721
    Swap:          1023           0        1023
    / # 

    通过--network none设置busybox,此时busybox没有外网ip地址,不能与外界或其他容器通讯,只能在自己内部操作,再来查看busybox详情信息。

    [root@docker01 ~]# docker ps
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
    1273925e7a6f        busybox:latest      "sh"                     4 minutes ago       Up 4 minutes                                infallible_wiles
    [root@docker01 ~]# docker inspect 1273925e7a6f
    [
        {
            "Id": "1273925e7a6fa2779fcc1b91f6cdca8996cc202a07bf59ea6efb8fe0106c27cc",
            "Created": "2019-07-29T08:33:15.470319308Z",
       .
       .
      省略部分
       .
       .
                "Networks": {
                    "none": {
                        "IPAMConfig": null,
                        "Links": null,
                        "Aliases": null,
                        "NetworkID": "3a7f8b6f580d89926046a40d98f2efea19531ce5d6c512615fafc25afc6839e5",
                        "EndpointID": "459579344a74330eab42f809ca722aa807afa7a8ea26861ddaea0400539bc78c",
                        "Gateway": "",
                        "IPAddress": "",
                        "IPPrefixLen": 0,
                        "IPv6Gateway": "",
                        "GlobalIPv6Address": "",
                        "GlobalIPv6PrefixLen": 0,
                        "MacAddress": "",
                        "DriverOpts": null
                    }
                }
            }
        }
    ]
    [root@docker01 ~]# 

    可以看到Networks下,宿主机并没有给它分配IP。

  2. Container:与另一个运行中的容器共享Network Namespace,--net=container:containerID
    #先启动一个httpd,默认为桥接

    [root@docker01 ~]# docker run -d httpd:latest     
    Unable to find image 'httpd:latest' locally
    latest: Pulling from library/httpd
    f5d23c7fed46: Already exists 
    b083c5fd185b: Pull complete 
    bf5100a89e78: Pull complete 
    98f47fcaa52f: Pull complete 
    622a9dd8cfed: Pull complete 
    Digest: sha256:c18b9ace5dd1864674064dea03f7ff4e378e43b9ec57827853d0bd93953772df
    Status: Downloaded newer image for httpd:latest
    c35b4931545fa83f236144d2ecdd572785540bfb34df381b1c2360ebc478672d
    [root@docker01 ~]# docker inspect c35b4931545f   #查看详情信息
    [
        {
            "Id": "c35b4931545fa83f236144d2ecdd572785540bfb34df381b1c2360ebc478672d",
            "Created": "2019-07-29T08:45:27.272877675Z",
         .
         .
      省略部分
         .
         .
                "Networks": {
                    "bridge": {       #桥接
                        "IPAMConfig": null,
                        "Links": null,
                        "Aliases": null,
                        "Gateway": "172.17.0.1",
                        "IPAddress": "172.17.0.2",
                        "IPPrefixLen": 16,
                        "IPv6Gateway": "",
                        "GlobalIPv6Address": "",
                        "GlobalIPv6PrefixLen": 0,
                        "MacAddress": "02:42:ac:11:00:02",
                        "DriverOpts": null
                    }
                }
            }
        }
    ]
    [root@docker01 ~]# 

    #启动另一个centos容器并指定httpd 为共享网络

    [root@docker01 ~]# docker run -it --network container:agitated_shtern centos:latest
    [root@c35b4931545f /]# netstat -lntup
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -         
    [root@c35b4931545f /]# ps -ef        
    UID         PID   PPID  C STIME TTY          TIME CMD
    root          1      0  0 08:55 pts/0    00:00:00 /bin/bash
    root         15      1  0 08:56 pts/0    00:00:00 ps -ef
    [root@c35b4931545f /]# 

    #进入容器后发现,80端口已经被监听,这是httpd容器占用的
    #查看centos详情信息,发现NetWorkSettings中很多为空,详细查看共享网络和不分配网络的区别,可以观察到两者的ip地址相同,都是172.17.0.2

    [root@docker01 ~]# docker inspect c35b4931545f
    [
        {
            "Id": "c35b4931545fa83f236144d2ecdd572785540bfb34df381b1c2360ebc478672d",
            "Created": "2019-07-29T08:45:27.272877675Z",
            "Path": "httpd-foreground",
       .
       .
     省略部分
       .
       .
            "NetworkSettings": {
                "Bridge": "",
                "SandboxID": "20339a3caec43b626169ba83d12ef093b0137f6eac55da2f82b8408f855653e0",
                "HairpinMode": false,
                "LinkLocalIPv6Address": "",
                "LinkLocalIPv6PrefixLen": 0,
                "Ports": {
                    "80/tcp": null
                },
                "SandboxKey": "/var/run/docker/netns/20339a3caec4",
                "SecondaryIPAddresses": null,
                "SecondaryIPv6Addresses": null,
                "EndpointID": "3f7c22526c112653bba464f5d4e7d74ddc971062935434593c4e3de3999e9812",
                "Gateway": "172.17.0.1",
                "GlobalIPv6Address": "",
                "GlobalIPv6PrefixLen": 0,
                "IPAddress": "172.17.0.2",
                "IPPrefixLen": 16,
                "IPv6Gateway": "",
                "MacAddress": "02:42:ac:11:00:02",
                "Networks": {
                    "bridge": {
                        "IPAMConfig": null,
                        "Links": null,
                        "Aliases": null,
                        "NetworkID": "ee3200a1482b54a8c3d99e5e31321319cad576b8b0206e565f0ee4b05271747a",
                        "EndpointID": "3f7c22526c112653bba464f5d4e7d74ddc971062935434593c4e3de3999e9812",
                        "Gateway": "172.17.0.1",
                        "IPAddress": "172.17.0.2",
                        "IPPrefixLen": 16,
                        "IPv6Gateway": "",
                        "GlobalIPv6Address": "",
                        "GlobalIPv6PrefixLen": 0,
                        "MacAddress": "02:42:ac:11:00:02",
                        "DriverOpts": null
                    }
                }
            }
        }
    ]
    [root@docker01 ~]# 

    当ping 172.17.0.2,两个容器都会收到包

  3. Host:与主机共享Network Namespace,--net=host

    [root@docker01 ~]# docker run -it --network host centos:latest
    [root@docker01 /]# ifconfig
    bash: ifconfig: command not found
    [root@docker01 /]# yum install net-tools -y
    Loaded plugins: fastestmirror, ovl
    Determining fastest mirrors
     * base: ftp.sjtu.edu.cn
       .
       .
     省略部分
       .
       . 
      Installing : net-tools-2.0-0.24.20131004git.el7.x86_64                                                                                                 1/1 
      Verifying  : net-tools-2.0-0.24.20131004git.el7.x86_64                                                                                                 1/1 
    
    Installed:
      net-tools.x86_64 0:2.0-0.24.20131004git.el7                                                                                                                
    
    Complete!
    [root@docker01 /]# ifconfig
    br-1a7c4ed89c32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 172.19.0.1  netmask 255.255.0.0  broadcast 172.19.255.255
            inet6 fe80::42:e0ff:fee8:b095  prefixlen 64  scopeid 0x20<link>
            ether 02:42:e0:e8:b0:95  txqueuelen 0  (Ethernet)
            RX packets 10458  bytes 572069 (558.6 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 15346  bytes 28631560 (27.3 MiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    br-cbcc1a7aa97d: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
            inet 172.18.0.1  netmask 255.255.0.0  broadcast 172.18.255.255
            ether 02:42:26:ac:02:86  txqueuelen 0  (Ethernet)
            RX packets 383  bytes 44573 (43.5 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 427  bytes 49159 (48.0 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
            inet6 fe80::42:c6ff:fee6:7508  prefixlen 64  scopeid 0x20<link>
            ether 02:42:c6:e6:75:08  txqueuelen 0  (Ethernet)
            RX packets 10458  bytes 425657 (415.6 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 15338  bytes 28630912 (27.3 MiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 10.0.0.11  netmask 255.255.255.0  broadcast 10.0.0.255
            inet6 fe80::20c:29ff:fe2b:87e6  prefixlen 64  scopeid 0x20<link>
            ether 00:0c:29:2b:87:e6  txqueuelen 1000  (Ethernet)
            RX packets 842194  bytes 1142467422 (1.0 GiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 459627  bytes 807533012 (770.1 MiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet6 fe80::20c:29ff:fe2b:87f0  prefixlen 64  scopeid 0x20<link>
            ether 00:0c:29:2b:87:f0  txqueuelen 1000  (Ethernet)
            RX packets 1  bytes 60 (60.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 9  bytes 690 (690.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
            device interrupt 16  base 0x2000  
    
    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1  (Local Loopback)
            RX packets 4490  bytes 255192 (249.2 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 4490  bytes 255192 (249.2 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    veth7b087c6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet6 fe80::c4e9:b7ff:fe10:2f44  prefixlen 64  scopeid 0x20<link>
            ether c6:e9:b7:10:2f:44  txqueuelen 0  (Ethernet)
            RX packets 204  bytes 102823 (100.4 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 197  bytes 34480 (33.6 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    [root@docker01 /]# 
    

    当我们运行docker run -it --network host centos:latest,发现好像没什么变化,但其实它已经进入容器docker01中,因为与宿主机公用网络,同事主机名也和宿主机一样。

    [root@docker01 ~]# docker ps
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
    b422cc4a8803        centos:latest       "/bin/bash"              5 minutes ago       Up 5 minutes                                priceless_cerf
    [root@docker01 ~]# docker inspect b422cc4a8803
    [
        {
            "Id": "b422cc4a8803ab84c63c6a0952c6abf32210aca0aa1db71cfc20b4ce54a7ff69",
            "Created": "2019-07-29T09:52:53.240870758Z",
            "Path": "/bin/bash",
        .
        .
      省略部分
        .
        .
                    "host": {
                        "IPAMConfig": null,
                        "Links": null,
                        "Aliases": null,
                        "NetworkID": "1a2a87ff371157572eb4c7dbd7c06c172df292f50aecf9c898868019626ab504",
                        "EndpointID": "3c040bc154da6fd4a5df5637f93b730b32731338dcf1272069f4b1eaabf82b74",
                        "Gateway": "",
                        "IPAddress": "",
                        "IPPrefixLen": 0,
                        "IPv6Gateway": "",
                        "GlobalIPv6Address": "",
                        "GlobalIPv6PrefixLen": 0,
                        "MacAddress": "",
                        "DriverOpts": null
                    }
                }
            }
        }
    ]
    [root@docker01 ~]# 

     

  4. Bridge:Docker设计的NAT网络模型,这是docker默认的网络模式hi,这个网络模型就不用多说了,我们前面用到的都是这种模式。宿主机自动给docker容器分配内网ip,我们可通过端口映射与之通讯。