Docker网络
Bridge(桥接)
bridge:docker设计的NAT网络模型(默认模型) 根据容器的启动顺序依次分配IP地址
(不锐齿)
[root@docker01 code]# docker network ls
NETWORK ID NAME DRIVER SCOPE
6f016410d286 bridge bridge local
a8393ef99516 host host local
0921fb6d5a88 none null local
##### 查看详细信息
----- 利用 bridge-utils
[root@docker01 code]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.0242a4e7ef5b no
----- 利用 inspect
[root@docker01 code]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "6f016410d2867037354224a3cf02fa5edf277bfac9e0b5770d74582705b70dc3",
"Created": "2024-09-09T08:33:12.58408424+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
####### 修改桥接模式的网段
方法一: 修改启动脚本
[root@docker01 ~]# vim /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --bip=192.168.10.1/24
[root@docker01 ~]# systemctl daemon-reload
[root@docker01 ~]# systemctl restart docker
方法二: 修改配置文件
[root@docker01 ~]# vim /etc/docker/daemon.json
{
"bip": "192.168.30.1/24",
"registry-mirrors": ["https://docker.1panel.live", "https://hub.rat.dev/","https://docker.chenby.cn", "https://docker.m.daocloud.io"]
}
[root@docker01 ~]# systemctl daemon-reload
[root@docker01 ~]# systemctl restart docker
Host模式
共享主机的IP
Host:与宿主机共享Network Namespace,--network=host 性能最高
[root@docker01 ~]# docker run --network=host -d nginx:alpine
[root@docker01 ~]# docker run -it --network=host nginx:alpine /bin/sh
/ # ifconfig
[root@docker01 code]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:a4:e7:ef:5b txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.101 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::20c:29ff:fe4e:6fdf prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4e:6f:df txqueuelen 1000 (Ethernet)
RX packets 92117 bytes 125031398 (119.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15982 bytes 2575786 (2.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.1.101 netmask 255.255.255.0 broadcast 172.16.1.255
inet6 fe80::20c:29ff:fe4e:6fe9 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4e:6f:e9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 1016 (1016.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1110 bytes 378088 (369.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1110 bytes 378088 (369.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Container模式
Container:与另一个运行中的容器共享Network Namespace,--net=container:containerID(K8S)
(康忒呢)
[root@docker01 code]# docker run -it busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:A(C:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1102 (1.0 KiB) TX bytes:0 (0.0 B)
## 再开启一个终端
[root@docker01 ~]# docker run -it --network=container:5b75772b35e9 busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:A(C:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1102 (1.0 KiB) TX bytes:0 (0.0 B)
None模式
None:不为容器配置任何网络功能,--net=none
[root@docker01 code]# docker run -it --network=none busybox /bin/sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
自定义网络模式(briegd)
自定义创建briegd模式网络
## 创建语法
docker network create -d <mode> --subnet <CIDR> --gateway <网关> <自定义网路名称>
docker network create -d bridge --subnet 192.168.100.0/24 --gateway 192.168.100.1 kjt-net
## 引用自定义网络
[root@docker01 ~]# docker run -it --network=kjt-net busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:64:02
inet addr:192.168.100.2 Bcast:192.168.100.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:962 (962.0 B) TX bytes:0 (0.0 B)
## 删除自定义网络
[root@docker01 code]# docker network ls
NETWORK ID NAME DRIVER SCOPE
70233e312797 kjt-net bridge local
docker network rm 70233e312797
docker network rm kjt-net