docker1.12中的network功能作了一定改进, 但是关于network应该如何使用,docker中的网络模型是如何设计的,当我们在run起来一个container而全然没有意识到network的时候,docker是怎样处理的,在这篇文章中,我们回去尝试一探究竟.
docker1.12有关network的特性增加
| 特性 |
|---|
| Built-in Virtual-IP based internal and ingress load-balancing using IPVS |
| Routing Mesh using ingress overlay network |
| Secured multi-host overlay networking using encrypted control-plane and Data-plane |
| MacVlan driver is out of experimental |
| Add driver filter to network ls |
| Adding network filter to docker ps –filter |
| Add –link-local-ip flag to create, run and network connect to specify a container’s link-local address |
| Add network label filter support |
| Removed dependency on external KV-Store for Overlay networking in Swarm-Mode |
| Add container’s short-id as default network alias |
| run options –dns and –net=host are no longer mutually exclusive |
| Fix DNS issue when renaming containers with generated names |
| Allow both network inspect -f {{.Id}} and network inspect -f {{.ID}} to address inconsistency with inspect output |
比如关于:Add driver filter to network ls。现在可以使用driver作为过滤条件来确认network的情况
[root@host31 ~]# docker network ls --filter driver=bridge
NETWORK ID NAME DRIVER SCOPE
e2836311817e bridge bridge local
[root@host31 ~]#- 1
- 2
- 3
- 4
docker network的种类
在刚刚安装完docker之后,下面三个network是被自动地创建出来的。
| network种类 |
|---|
| none |
| host |
| bridge |
[root@host31 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
e2836311817e bridge bridge local
58211460fd1f host host local
a157ec9146b7 none null local
[root@host31 ~]#- 1
- 2
- 3
- 4
- 5
- 6
初期状态
使用network inspect命令可以看到以上三种network最初的状态。
docker network inspect none
[root@host31 ~]# docker network inspect none
[
{
"Name": "none",
"Id": "a157ec9146b720cb38981fa1a22390b60c78fcd4396a1d50d979427f480799d6",
"Scope": "local",
"Driver": "null",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": []
},
"Internal": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
[root@host31 ~]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
docker network inspect host
[root@host31 ~]# docker network inspect host
[
{
"Name": "host",
"Id": "58211460fd1f3da1bbc392a43ddd2b79a8bec663620b7783cefcf910940ddcd9",
"Scope": "local",
"Driver": "host",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": []
},
"Internal": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
[root@host31 ~]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
docker network inspect bridge
[root@host31 ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "e2836311817eabd7b2d28e3bbc2ae5e7a545a8652446d52ca77cd55fa7ba50d1",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16"
}
]
},
"Internal": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
[root@host31 ~]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
创建一个container加入none
用一下命令可以创建一个centos的container将其加入none的network中。
docker run -it --name container_none --network=none centos /bin/bash- 1
[root@host31 ~]# docker run -it --name container_none --network=none centos /bin/bash
[root@0dfd0712c5ca /]#- 1
- 2
另外打开一个终端,让我们来看看发生了什么
[root@host31 tmp]# docker network inspect none
[
{
"Name": "none",
"Id": "a157ec9146b720cb38981fa1a22390b60c78fcd4396a1d50d979427f480799d6",
"Scope": "local",
"Driver": "null",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": []
},
"Internal": false,
"Containers": {
"0dfd0712c5cab81f3328a39aa5f57723c957915b67d5bc235fb514120bd03f56": {
"Name": "container_none",
"EndpointID": "a7b8a817f1cf42fa3566eb0327b337d2352f0f8efa5ceec4d10f96b69e13ffc4",
"MacAddress": "",
"IPv4Address": "",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
[root@host31 tmp]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
加入了none的network的container,我们可以从上面通过他的Name等发现就是刚刚穿件的container_none,下面我们来看一下这个container中有哪些特点。
[root@0dfd0712c5ca /]# ping www.baidu.com
ping: unknown host www.baidu.com
[root@0dfd0712c5ca /]#
[root@0dfd0712c5ca /]# ping 192.168.32.31
connect: Network is unreachable
[root@0dfd0712c5ca /]#
[root@0dfd0712c5ca /]# ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.338 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.082 ms
^C
--- localhost ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.082/0.210/0.338/0.128 ms
[root@0dfd0712c5ca /]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
除了自己谁都连接不通,是它的特点。
创建一个container加入host
用一下命令可以创建一个centos的container将其加入host的network中。
docker run -it --name container_host --network=host centos /bin/bash- 1
[root@host31 ~]# docker run -it --name container_host --network=host centos /bin/bash
[root@host31 /]#- 1
- 2
怎么回事,不是-i方式启动的麽,另外怎么目录变了呢。另外打开一个终端,让我们来看看发生了什么
[root@host31 tmp]# docker ps |grep container_host
43b4f08151e2 centos "/bin/bash" 7 minutes ago Up 6 minutes container_host
[root@host31 tmp]#
这个就是host的方式的container,上面提示的[root@host31 /]已经不是在宿主机,而是在container_host中了,我们可以简单的确认一下,比如至少用centos官方最新镜像启动的container中是不可能有我们安装的docker1.12的。
[root@host31 /]# hostname
host31
[root@host31 /]# docker info
bash: docker: command not found
[root@host31 /]#
虽然你的hostname跟宿主机一样,但是我们都知道那是你的马甲了。通过下面的inspect也能看到其已经加入host网络中了。
[root@host31 tmp]# docker network inspect host
[
{
"Name": "host",
"Id": "58211460fd1f3da1bbc392a43ddd2b79a8bec663620b7783cefcf910940ddcd9",
"Scope": "local",
"Driver": "host",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": []
},
"Internal": false,
"Containers": {
"43b4f08151e2da050e26aa62b27f68229cd112a963a35e5fcb7b6ed47e0e7f11": {
"Name": "container_host",
"EndpointID": "365f5858203d3d5162edf7350fa1094174df29f60d9978f90aa975068f93db74",
"MacAddress": "",
"IPv4Address": "",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
[root@host31 tmp]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
加入了host的network的container,我们可以从上面通过他的Name等发现就是刚刚穿件的container_host,下面我们来看一下这个container中有哪些特点。
[[email protected] /]# ping -w1 www.baidu.com
PING www.a.shifen.com (14.215.177.38) 56(84) bytes of data.
64 bytes from 14.215.177.38: icmp_seq=1 ttl=128 time=61.2 ms
--- www.a.shifen.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 61.262/61.262/61.262/0.000 ms
[[email protected] /]#
[[email protected] /]# ping container_host
ping: unknown host container_host
[[email protected] /]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
跟none不同,它不再是只能自己跟自己通信. 它和外部是连通的。
创建一个container加入bridge
用一下命令可以创建一个centos的container将其加入bridge的network中。因为缺省不指定就是这种方式, 我们平时没有意识到network的存在,其实是使用的bridge的方式
docker run -it --name container_bridge centos /bin/bash- 1
[[email protected] ~]# docker run -it –name container_bridge centos /bin/bash
[[email protected] /]#
- 1
另外打开一个终端,让我们来看看发生了什么
[root@host31 tmp]# docker ps |grep container_bridge
743d5689399a centos "/bin/bash" 42 seconds ago Up 41 seconds container_bridge
[root@host31 tmp]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "e2836311817eabd7b2d28e3bbc2ae5e7a545a8652446d52ca77cd55fa7ba50d1",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16"
}
]
},
"Internal": false,
"Containers": {
"743d5689399aab527f83a0708763970bc671801ff377ac791f9aee2b58de4b34": {
"Name": "container_bridge",
"EndpointID": "c0ad0de740ed65b7c6e8e63fc34e42e807c9d82822341bef8f474dcca8fc4272",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
[root@host31 tmp]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
加入了bridge的network的container,我们可以从上面通过他的Name等发现就是刚刚穿件的container_bridge,下面我们来看一下这个container中有哪些特点。
[root@743d5689399a /]# ping -w1 www.baidu.com
PING www.a.shifen.com (103.235.46.39) 56(84) bytes of data.
64 bytes from 103.235.46.39: icmp_seq=1 ttl=127 time=255 ms
--- www.a.shifen.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 255.315/255.315/255.315/0.000 ms
[root@743d5689399a /]#
[root@743d5689399a /]# ping container_bridge
ping: unknown host container_bridge
[root@743d5689399a /]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
跟none不同,它不再是只能自己跟自己通信.它和外部是连通的。在接下来的文章中,我们将会通过更多的试验来学习docker不同的network是如何运转以及他们之间可以如何通信等。
再分享一下我老师大神的人工智能教程吧。零基础!通俗易懂!风趣幽默!还带黄段子!希望你也加入到我们人工智能的队伍中来!https://www.cnblogs.com/captainbed
原文地址:https://www.cnblogs.com/firsttry/p/10232309.html
时间: 2024-12-09 19:13:56