网络管理
容器网络模式
Docker支持5种网络模式
- bridge
- 默认网络,Docker启动后默认创建一个docker0网桥,默认创建的容器也是添加到这个网桥中
- host
- 容器不会获得一个独立的network namespace,而是与宿主机共用一个
- none
- 获取独立的network namespace,但不为容器进行任何网络配置
- container
- 与指定的容器使用同一个network namespace,网卡配置也都是相同的
- 自定义
- 自定义网桥,默认与bridge网络一样
bridge网络类型
#安装bridge管理工具
[root@docker ~]# yum -y install bridge-utils #查看网桥状态
[root@docker ~]# brctl show
bridge name bridge id STP enabled interfaces
br-8b5c6f8dda1b .0242c58ed7af no veth2353d8f #网桥br-8b绑定了两个虚拟网卡
vethfcbcc06
docker0 .0242bb7816b0 no vethc56d32e #网桥docker0绑定了一个虚拟网卡
[root@Docker wordpress]#
[root@Docker wordpress]# brctl show
bridge name bridge id STP enabled interfaces
br-8b5c6f8dda1b .0242c58ed7af no veth2353d8f
vethfcbcc06
docker0 .0242bb7816b0 no vethc56d32e
#查看网络类型
[root@Docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
0473d8d3ea39 bridge bridge local #两个网桥类型的网络
35eac1787b93 host host local
8b5c6f8dda1b lnmp bridge local #两个网桥类型的网络
6a55607e6320 none null local
#查看容器进程
[root@Docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c7b5cb26948f centos: "/bin/bash" minutes ago Up minutes elated_boyd
a2a3b9570ac6 richarvey/nginx-php-fpm "docker-php-entrypoi…" hours ago Up hours /tcp, /tcp, 0.0.0.0:->/tcp lnmp_web
5457673cb241 mysql:5.7 "docker-entrypoint.s…" hours ago Up hours 0.0.0.0:->/tcp lnmp_mysql
#查看容器lnmp_mysql的网络信息
[root@Docker ~]# docker inspect lnmp_mysql | grep -A "Networks"
"Networks": {
"lnmp": { #网络类型lnmp
"IPAMConfig": null,
"Links": null,
"Aliases": [
"5457673cb241"
],
"NetworkID": "8b5c6f8dda1b8412f67be21b72d5076defbd50a612f2cd33a282d8f66348d1ec",
"EndpointID": "a8ae67e4aa07f6e7743bc99e76eb0e331c8fb7cb7a3e5acbb6b7280108d29a4f",
"Gateway": "172.18.0.1", #网关172.18.0.1,这就是网桥br
"IPAddress": "172.18.0.2", #容器IP172.18.0.2
"IPPrefixLen": ,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"MacAddress": "02:42:ac:12:00:02",
#查看容器lnmp_web的网络信息
[root@Docker ~]# docker inspect lnmp_web | grep -A "Networks"
"Networks": {
"lnmp": { #网络类型lnmp
"IPAMConfig": null,
"Links": null,
"Aliases": [
"a2a3b9570ac6"
],
"NetworkID": "8b5c6f8dda1b8412f67be21b72d5076defbd50a612f2cd33a282d8f66348d1ec",
"EndpointID": "d6788782be399d2abec275b3441442f7ea403cecd0530ad60bcce958cb963ba0",
"Gateway": "172.18.0.1", #网关172.18.0.1,这就是网桥br
"IPAddress": "172.18.0.3", #容器IP172.18.0.3
"IPPrefixLen": ,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"MacAddress": "02:42:ac:12:00:03",
#查看容器elated_boyd的网络信息
[root@Docker ~]# docker inspect elated_boyd | grep -A "Networks"
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "0473d8d3ea39bd48152b0f2e05a6408da847aff500ba40b28672e883a3e80c55",
"EndpointID": "cc7f088ac960195e606e2263361e3312d3d8bf010515e2b7c9d1bc29eba76c51",
"Gateway": "172.17.0.1", #网关172.17.0.1,这就是网桥docker0
"IPAddress": "172.17.0.2", #容器IP172.17.0.2
"IPPrefixLen": ,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
host网络类型
#启动一个网络类型为host的容器
[root@Docker ~]# docker run -dit --name test2 --network host centos:latest /bin/bash
c38f36ee9c4b7ba78e5344f0b9630b93dedea58b365fb5148bb84edef5d6ba1b
[root@Docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c38f36ee9c4b centos:latest "/bin/bash" seconds ago Up seconds test2
c7b5cb26948f centos: "/bin/bash" minutes ago Up minutes elated_boyd
994054a90325 nginx "nginx -g 'daemon of…" hours ago Exited () About an hour ago nginx-test
a2a3b9570ac6 richarvey/nginx-php-fpm "docker-php-entrypoi…" hours ago Up hours /tcp, /tcp, 0.0.0.0:->/tcp lnmp_web
5457673cb241 mysql:5.7 "docker-entrypoint.s…" hours ago Up hours 0.0.0.0:->/tcp lnmp_mysql
#查看容器的ip
[root@Docker ~]# docker exec test2 hostname -I #这就是网络类型为host的容器,ip地址和docker宿主机完全一样
192.168.94.104 172.17.0.1 172.18.0.1
[root@Docker ~]# docker exec elated_boyd hostname -I #网桥类型容器
172.17.0.2
[root@Docker ~]# docker exec lnmp_mysql hostname -i #网桥类型容器
172.18.0.2
[root@Docker ~]# docker exec lnmp_web hostname -i #网桥类型容器
172.18.0.3
none网络类型(用于建立与宿主机的桥接模式)
#启动一个网络类型为none的容器
[root@Docker ~]# docker run -dit --name test3 --net none centos:latest
5af791a78cc442f707e01fea5fac602f50c639393320ef22f260caa5bbc99df1 #查看容器IP地址
[root@docker ~]# docker exec test3 hostname -I [root@Docker ~]# #没有ip , none类型就是暂时不给容器指定网卡
container网络类型
指定新容器使用指定容器的网卡
#启动一个容器,网络类型container,使用elated_boyd容器的网卡
[root@Docker ~]# docker run -dit --name test4 --net container:elated_boyd centos:latest /bin/bash
71e0b8059f80c352ee4466d73f798fc9162f1c14c6440f98027d1c5ede0c1c56
[root@Docker ~]# docker inspect elated_boyd| grep -A "Networks"
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "0473d8d3ea39bd48152b0f2e05a6408da847aff500ba40b28672e883a3e80c55",
"EndpointID": "cc7f088ac960195e606e2263361e3312d3d8bf010515e2b7c9d1bc29eba76c51",
"Gateway": "172.17.0.1", #elated_boyd容器的网关
"IPAddress": "172.17.0.2", #elated_boyd容器网桥
"IPPrefixLen": ,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
[root@Docker ~]# docker inspect test4 | grep -A "Networks"
"Networks": {} #test4容器并没有自己的网络设置
}
}
]
[root@Docker ~]# docker exec test4 hostname -I #test4没有网络设置却有IP地址和elated_boyd容器完全一样
172.17.0.2
桥接宿主机网络与配置固定IP地址
#构建一个永久生效的网桥br0
[root@Docker network-scripts]# cat ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=dhcp
NAME=ens33
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0
[root@Docker network-scripts]# cat ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.94.104
NETMASK=255.255.255.0
GATEWAY=192.168.94.2
DNS1=192.168.94.2
#查看网卡IP
[root@Docker network-scripts]# ifconfig ens33
ens33: flags=<UP,BROADCAST,RUNNING,MULTICAST> mtu
ether :0c::d4::ba txqueuelen (Ethernet) #ens33网卡已经没有IP地址了
RX packets bytes (1.1 GiB)
RX errors dropped overruns frame
TX packets bytes (14.8 MiB)
TX errors dropped overruns carrier collisions br0: flags=<UP,BROADCAST,RUNNING,MULTICAST> mtu
inet 192.168.94.104 netmask 255.255.255.0 broadcast 192.168.94.255 #网桥br0代替了ens33
inet6 fe80::20c:29ff:fed4:46ba prefixlen scopeid 0x20<link>
ether :0c::d4::ba txqueuelen (Ethernet)
RX packets bytes (2.9 MiB)
RX errors dropped overruns frame
TX packets bytes (67.8 KiB)
TX errors dropped overruns carrier collisions
[root@Docker network-scripts]# brctl show
bridge name bridge id STP enabled interfaces
br-8b5c6f8dda1b .0242c58ed7af no veth2353d8f
vethfcbcc06
br0 .000c29d446ba no ens33 #网桥br0,桥接在了真实的物理网卡ens33上
docker0 .0242bb7816b0 no veth48e6f95
通过pipework工具配置容器固定IP
pipework工具下载地址:https://github.com/jpetazzo/pipework.git
[root@docker ~]# mv pipework-master /usr/local/
[root@docker ~]# ln -s /usr/local/pipework-master/pipework /usr/local/bin/
#建立网络类型为none的容器,并通过pipework配置固定ip地址
[root@Docker ~]# docker run -dit --name test5 --net none centos:latest /bin/bash
de41157b70f3b3a2f9e4c27e2f37e7e4b6c0070219a973c3f1c9a378fc93a128
[root@Docker ~]# pipework br0 test5 192.168.94.111/@192.168.94.2 #设置容器固定IP为192.168.94.111网关192.168.94.2
[root@Docker ~]# docker exec test hostname -I
192.168.94.111
[root@Docker ~]# ping 192.168.94.111 #宿主机ping能通
PING 192.168.94.111 (192.168.94.111) () bytes of data.
bytes from 192.168.94.111: icmp_seq= ttl= time=0.180 ms
bytes from 192.168.94.111: icmp_seq= ttl= time=0.079 ms
bytes from 192.168.94.111: icmp_seq= ttl= time=0.038 ms
bytes from 192.168.94.111: icmp_seq= ttl= time=0.039 ms
^C
--- 192.168.94.111 ping statistics ---
packets transmitted, received, % packet loss, time 3001ms
rtt min/avg/max/mdev = 0.038/0.084/0.180/0.057 ms
[root@Docker ~]# docker exec -it test5 /bin/bash #进入容器
[root@de41157b70f3 /]# ping www.baidu.com #能连接外网
PING www.a.shifen.com (61.135.169.125) () bytes of data.
bytes from 61.135.169.125 (61.135.169.125): icmp_seq= ttl= time=5.14 ms
bytes from 61.135.169.125 (61.135.169.125): icmp_seq= ttl= time=8.18 ms
^C
--- www.a.shifen.com ping statistics ---
packets transmitted, received, % packet loss, time 1002ms
rtt min/avg/max/mdev = 5.144/6.662/8.180/1.518 ms
通过windows宿主机ping虚拟机中的容器进程IP进行测试
外部机器访问虚拟机中的容器进程也可以联通了
Docker的镜像制作
Dockerfile常用指令介绍
指令 | 描述 |
---|---|
FROM | 构建的新镜像是基于哪个镜像。例如:FROM centos:6 |
MAINTAINER | 镜像维护者姓名或邮箱地址。例如:MAINTAINER damowang |
RUN | 构建镜像时运行的Shell命令。例如:RUN ["yum","install","httpd"] |
或者RUN yum install httpd | |
CMD | 运行容器时执行的Shell命令(可以被运行时传递的参数覆盖)。例如:CMD ["-c","/start.sh"] |
或者CMD ["/usr/sbin/sshd","-D"]或者CMD /usr/sbin/sshd -D | |
EXPOSE | 声明容器运行的服务端口。例如:EXPOSE 80 443 |
ENV | 设置容器内环境变量。例如:ENV MYSQL_ROOT_PASSWORD 123456 |
ADD | 拷贝文件或目录到镜像(可以自动解压缩或者下载) |
例如:ADD ["src","dest"]或者ADD https://xxx.com/html.tar.gz /var/www/html | |
或者:ADD html.tar.gz /var/www/html | |
COPY | 拷贝文件或目录到镜像(不能自动解压缩)。例如:COPY ./start.sh /start.sh |
ENTRYPOINT | 运行容器时执行的Shell命令(不能被运行时传递的参数覆盖)。例如:ENTRYPOINT ["/bin/bash","-c","/start.sh"] |
或者ENTRYPOINT /bin/bash -c "/start.sh" | |
VOLUME | 指定容器挂载点到宿主机自动生成的目录或其他容器 |
例如:VOLUME ["/var/lib/mysql"] | |
USER | 为RUN,CMD和ENTRYPOINT执行命令指定运行用户 |
例如:USER Mr_chen | |
WORKDIR | 为RUN,CMD,ENTRYPOINT,COPY和ADD设置工作目录(指定进入容器中默认被切换的目录)。 |
例如:WORKDIR /data | |
HEALTHCHECK | 健康检查。例如:HEALTHCHECK --interval=5m --timeout=3s --retries=3 |
CMD curl -f http://localhost/ || exit 1 | |
ARG | 在构建镜像时指定一些参数。例如:ARG user |
利用Dockerfile编写简单的apache镜像
[root@Docker ~]# mkdir -p dockerfile/lib/centos/apache/
[root@Docker ~]# cd dockerfile/lib/centos/apache/
[root@Docker ~]# vim Dockerfile
FROM centos
MAINTAINER bigdevilking@qq.com damowang
ENV HOSTNAME
EXPOSE
RUN yum -y install \
gcc \
gcc-c++ \
make \
pcre-devel \
expat-devel \
perl \
httpd
CMD ["/usr/sbin//httpd", "-D", "FOREGROUND"]
使用docker build 命令生成镜像
[root@Docker apache]# docker build -t http_centos .
Sending build context to Docker daemon .84MB
Step / : FROM centos
---> 49f7960eb7e4
Step / : MAINTAINER bigdevilking@qq.com damowang
---> Running in 73b5aa3cba31
Removing intermediate container 73b5aa3cba31
---> 876352ef8381
Step / : ENV HOSTNAME
---> Running in 489f77303562
Removing intermediate container 489f77303562
---> 38b7f73b9d82
Step / : EXPOSE
---> Running in 623923d8bc21
Removing intermediate container 623923d8bc21
---> e13ada6e456c
Step / : RUN yum -y install gcc gcc-c++ make pcre-devel expat-devel perl httpd
---> Running in be9ac15b22d7
Removing intermediate container be9ac15b22d7
---> de7ad88f991b
Step / : CMD ["/usr/sbin//httpd", "-D", "FOREGROUND"]
---> Running in 9888e075c0fd
Removing intermediate container 9888e075c0fd
---> b6469502626f
Successfully built b6469502626f
Successfully tagged http_centos:latest
[root@Docker apache]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
http_centos latest b6469502626f seconds ago 427MB
nginx latest 8b89e48b5f15 days ago 109MB
mysql 5.7 c356247174ed days ago 372MB
richarvey/nginx-php-fpm latest 26c0e6f09c52 days ago 300MB
centos 49f7960eb7e4 weeks ago 200MB
centos latest 49f7960eb7e4 weeks ago 200MB
[root@Docker apache]# docker run -d -it -p : b6469502626f
9f3d292c712ba8447e2463300352d8f8bd636e63607016210a533dbf926d3264
[root@Docker apache]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9f3d292c712b b6469502626f "/usr/sbin//httpd -D…" seconds ago Up seconds 0.0.0.0:->/tcp stupefied_blackwell
[root@Docker apache]# docker run -d -it -p : b6469502626f
9f3d292c712ba8447e2463300352d8f8bd636e63607016210a533dbf926d3264
测试