docker引擎十分强大,本身包含了对容器的网络驱动的支持。默认docker会提供桥接(bridge)和覆盖网络(overlay ).
桥接:物理网卡和虚拟网卡通过虚拟网络内的虚拟交换进行桥接,对外通讯。
覆盖网络:暂时只从官方看到是使用vxlan技术的网络,swarm使用这种加密网络会更安全。
1.正常情况下如果你不实用swarm创建覆盖性网络需要安装kvstore服务支持选型,例如consul,etcd和zookeeper
2.一个集群主机连接到kvstore
3.在每个swarm上配置集群引擎的daemon
注意:使用覆盖性网络时如果子网重复或覆盖可能会导致容器无法使用网络
每个安装docker的用户本地都会生成三个网络如下:
[root@salt-node1 nginx-new]# docker network ls
NETWORK ID NAME DRIVER SCOPE
b60c9e065473 bridge bridge local
a603808ad4ba host host local
48d3687c03f0 none null local
桥接网卡你docker默认网卡,除非你指定使用别的网络方式。
计算
安全
数据库
网络和加速
企业服务
[root@salt-node1
nginx-new]# docker run -itd --name=networktest training/webapp
f959f1626b03d965692d0d45f5307c062facac69eff2a33779a50293c35f662e
查看桥接网络内的全部信息
网段,网关,容器IP
[root@salt-node1
nginx-new]# docker network inspect
bridge
[
{
"Name": "bridge",
"Id":
"b60c9e065473e9d0f8b5eaffc520b681d812e3edd4105cdeba39b5e09bb81ba0",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver":
"default",
"Options": null,
"Config": [
{
"Subnet":
"172.17.0.0/16",
"Gateway":
"172.17.0.1"
}
]
},
"Internal": false,
"Containers":
{
"846953219c6d32025f2ec9b95ea57d50c2f6cc04fbf92047b8a0e5789d623026":
{
"Name":
"zen_varahamihira",
"EndpointID":
"d2f6b8fdfa73fc369c5c77465f79f9d7ada17d9d612b5397a3da227a5e133c1b",
"MacAddress":
"02:42:ac:11:00:02",
"IPv4Address":
"172.17.0.2/16",
"IPv6Address":
""
},
"f959f1626b03d965692d0d45f5307c062facac69eff2a33779a50293c35f662e":
{
"Name":
"networktest",
"EndpointID":
"3017afc38daac830d872606ffafe5254a408e30e2b10a5c65b0977ba60018c38",
"MacAddress":
"02:42:ac:11:00:03",
"IPv4Address":
"172.17.0.3/16",
"IPv6Address":
""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade":
"true",
"com.docker.network.bridge.host_binding_ipv4":
"0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
[root@salt-node1
nginx-new]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f959f1626b03 training/webapp "python app.py" 4 minutes ago Up 4 minutes 5000/tcp networktest
846953219c6d training/webapp "python app.py" 25 hours ago Up 25 hours 0.0.0.0:32768->5000/tcp zen_varahamihira[root@salt-node1
nginx-new]# docker network disconnect bridge networktestdocker引擎天生再带桥接网络和覆盖性网络,docker桥接网络仅限于单机运行,如果出现多机集群就有问题了。这时候覆盖型网络更能满足你的需求,它可以包括多个主机,是一种高级的主题。
docker network create -d [network type] [network name]
[root@salt-node1
nginx-new]# docker network create -d bridge nginxs-bridge-network
b67220ae9284c802cd48dca1239026b7539c58b97ef19b19ae8b5d7c7ce13d62
[root@salt-node1
nginx-new]# docker network ls
NETWORK ID NAME DRIVER SCOPE
b60c9e065473 bridge bridge local
a603808ad4ba host host local
b67220ae9284 nginxs-bridge-network bridge local
48d3687c03f0 none null local查看新的网络信息
[root@salt-node1
nginx-new]# docker network inspect nginxs-bridge-network
[
{
"Name":
"nginxs-bridge-network",
"Id":
"b67220ae9284c802cd48dca1239026b7539c58b97ef19b19ae8b5d7c7ce13d62",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver":
"default",
"Options": {},
"Config": [
{
"Subnet":
"172.18.0.0/16",
"Gateway":
"172.18.0.1/16"
}
]
},
"Internal": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]创建一个网络使得你的web应用在不通的网络下进行隔离这样才是安全的。当你第一次运行一个容器的时候你可以把它添加到一个新的网络。默认情况下两个桥接网络的容器是完全不能相互通讯的,要想两个网络下的指定容器可以互相通讯会做介绍。
[root@salt-node1
nginx-new]# docker run -d --net=nginxs-bridge-network --name db
training/postgres
Unable to find p_w_picpath
'training/postgres:latest' locally
latest: Pulling from
training/postgres
a3ed95caeb02: Pull
complete
6e71c809542e: Pull
complete
2978d9af87ba: Pull
complete
e1bca35b062f: Pull
complete
500b6decf741: Pull
complete
74b14ef2151f: Pull
complete
7afd5ed3826e: Pull
complete
3c69bb244f5e: Pull
complete
d86f9ec5aedf: Pull
complete
010fabf20157: Pull
complete
Digest:
sha256:a945dc6dcfbc8d009c3d972931608344b76c2870ce796da00a827bd50791907e
Status: Downloaded
newer p_w_picpath for training/postgres:latest
4b0bc86f18596e6c24a505a40c759e09c1fd7520a487bf2f278348c641c5240f查看指定容器的网络配置
[root@salt-node1
nginx-new]# docker inspect --format='{{json .NetworkSettings.Networks}}' db
{"nginxs-bridge-network":{"IPAMConfig":null,"Links":null,"Aliases":["4b0bc86f1859"],"NetworkID":"b67220ae9284c802cd48dca1239026b7539c58b97ef19b19ae8b5d7c7ce13d62","EndpointID":"99b9f2f973335447640639e146614ab6f4857b0d1e30f5ed6f9b507f645e137a","Gateway":"172.18.0.1","IPAddress":"172.18.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:12:00:02"}}
[root@salt-node1 ~]#
docker inspect --format='{{range
.NetworkSettings.Networks}}``.`IPAddress``end`' db
172.18.0.2docker network connect [network name] [CONTAINER NAME]
[root@salt-node1 ~]#
docker network connect nginxs-bridge-network db2
[root@salt-node1
nginx-new]# docker exec -it db2 bash
root@cf9b593a29bc:/#
ping 172.18.0.2
PING 172.18.0.2
(172.18.0.2) 56(84) bytes of data.
64 bytes from
172.18.0.2: icmp_seq=74 ttl=64 time=0.130 ms
64 bytes from
172.18.0.2: icmp_seq=75 ttl=64 time=0.116 ms
64 bytes from
172.18.0.2: icmp_seq=76 ttl=64 time=0.119 ms亿速云「云服务器」,即开即用、新一代英特尔至强铂金CPU、三副本存储NVMe SSD云盘,价格低至29元/月。点击查看>>
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。
