溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
docker引擎十分強大,本身包含了對容器的網絡驅動的支持。默認docker會提供橋接(bridge)和覆蓋網絡(overlay ).
橋接:物理網卡和虛擬網卡通過虛擬網絡內的虛擬交換進行橋接,對外通訊。
覆蓋網絡:暫時只從官方看到是使用vxlan技術的網絡,swarm使用這種加密網絡會更安全。
1.正常情況下如果你不實用swarm創建覆蓋性網絡需要安裝kvstore服務支持選型,例如consul,etcd和zookeeper
2.一個集群主機連接到kvstore
3.在每個swarm上配置集群引擎的daemon
注意:使用覆蓋性網絡時如果子網重復或覆蓋可能會導致容器無法使用網絡
每個安裝docker的用戶本地都會生成三個網絡如下:
[root@salt-node1 nginx-new]# docker network ls
NETWORK ID NAME DRIVER SCOPE
b60c9e065473 bridge bridge local
a603808ad4ba host host local
48d3687c03f0 none null local
橋接網卡你docker默認網卡,除非你指定使用別的網絡方式。
[root@salt-node1
nginx-new]# docker run -itd --name=networktest training/webapp
f959f1626b03d965692d0d45f5307c062facac69eff2a33779a50293c35f662e
查看橋接網絡內的全部信息
網段,網關,容器IP
[root@salt-node1
nginx-new]# docker network inspect
bridge
[
{
"Name": "bridge",
"Id":
"b60c9e065473e9d0f8b5eaffc520b681d812e3edd4105cdeba39b5e09bb81ba0",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver":
"default",
"Options": null,
"Config": [
{
"Subnet":
"172.17.0.0/16",
"Gateway":
"172.17.0.1"
}
]
},
"Internal": false,
"Containers":
{
"846953219c6d32025f2ec9b95ea57d50c2f6cc04fbf92047b8a0e5789d623026":
{
"Name":
"zen_varahamihira",
"EndpointID":
"d2f6b8fdfa73fc369c5c77465f79f9d7ada17d9d612b5397a3da227a5e133c1b",
"MacAddress":
"02:42:ac:11:00:02",
"IPv4Address":
"172.17.0.2/16",
"IPv6Address":
""
},
"f959f1626b03d965692d0d45f5307c062facac69eff2a33779a50293c35f662e":
{
"Name":
"networktest",
"EndpointID":
"3017afc38daac830d872606ffafe5254a408e30e2b10a5c65b0977ba60018c38",
"MacAddress":
"02:42:ac:11:00:03",
"IPv4Address":
"172.17.0.3/16",
"IPv6Address":
""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade":
"true",
"com.docker.network.bridge.host_binding_ipv4":
"0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
[root@salt-node1
nginx-new]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f959f1626b03 training/webapp "python app.py" 4 minutes ago Up 4 minutes 5000/tcp networktest
846953219c6d training/webapp "python app.py" 25 hours ago Up 25 hours 0.0.0.0:32768->5000/tcp zen_varahamihira
[root@salt-node1 nginx-new]# docker network disconnect bridge networktest
docker引擎天生再帶橋接網絡和覆蓋性網絡,docker橋接網絡僅限于單機運行,如果出現多機集群就有問題了。這時候覆蓋型網絡更能滿足你的需求,它可以包括多個主機,是一種高級的主題。
docker network create -d [network type] [network name]
[root@salt-node1 nginx-new]# docker network create -d bridge nginxs-bridge-network b67220ae9284c802cd48dca1239026b7539c58b97ef19b19ae8b5d7c7ce13d62 [root@salt-node1 nginx-new]# docker network ls NETWORK ID NAME DRIVER SCOPE b60c9e065473 bridge bridge local a603808ad4ba host host local b67220ae9284 nginxs-bridge-network bridge local 48d3687c03f0 none null local
查看新的網絡信息
[root@salt-node1
nginx-new]# docker network inspect nginxs-bridge-network
[
{
"Name":
"nginxs-bridge-network",
"Id":
"b67220ae9284c802cd48dca1239026b7539c58b97ef19b19ae8b5d7c7ce13d62",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver":
"default",
"Options": {},
"Config": [
{
"Subnet":
"172.18.0.0/16",
"Gateway":
"172.18.0.1/16"
}
]
},
"Internal": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
創建一個網絡使得你的web應用在不通的網絡下進行隔離這樣才是安全的。當你第一次運行一個容器的時候你可以把它添加到一個新的網絡。默認情況下兩個橋接網絡的容器是完全不能相互通訊的,要想兩個網絡下的指定容器可以互相通訊會做介紹。
[root@salt-node1 nginx-new]# docker run -d --net=nginxs-bridge-network --name db training/postgres Unable to find p_w_picpath 'training/postgres:latest' locally latest: Pulling from training/postgres a3ed95caeb02: Pull complete 6e71c809542e: Pull complete 2978d9af87ba: Pull complete e1bca35b062f: Pull complete 500b6decf741: Pull complete 74b14ef2151f: Pull complete 7afd5ed3826e: Pull complete 3c69bb244f5e: Pull complete d86f9ec5aedf: Pull complete 010fabf20157: Pull complete Digest: sha256:a945dc6dcfbc8d009c3d972931608344b76c2870ce796da00a827bd50791907e Status: Downloaded newer p_w_picpath for training/postgres:latest 4b0bc86f18596e6c24a505a40c759e09c1fd7520a487bf2f278348c641c5240f
查看指定容器的網絡配置
[root@salt-node1
nginx-new]# docker inspect --format='{{json .NetworkSettings.Networks}}' db
{"nginxs-bridge-network":{"IPAMConfig":null,"Links":null,"Aliases":["4b0bc86f1859"],"NetworkID":"b67220ae9284c802cd48dca1239026b7539c58b97ef19b19ae8b5d7c7ce13d62","EndpointID":"99b9f2f973335447640639e146614ab6f4857b0d1e30f5ed6f9b507f645e137a","Gateway":"172.18.0.1","IPAddress":"172.18.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:12:00:02"}}
[root@salt-node1 ~]#
docker inspect --format='{{range
.NetworkSettings.Networks}}``.`IPAddress``end`' db
172.18.0.2
docker network connect [network name] [CONTAINER NAME]
[root@salt-node1 ~]# docker network connect nginxs-bridge-network db2 [root@salt-node1 nginx-new]# docker exec -it db2 bash root@cf9b593a29bc:/# ping 172.18.0.2 PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data. 64 bytes from 172.18.0.2: icmp_seq=74 ttl=64 time=0.130 ms 64 bytes from 172.18.0.2: icmp_seq=75 ttl=64 time=0.116 ms 64 bytes from 172.18.0.2: icmp_seq=76 ttl=64 time=0.119 ms
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
