Docker的四种网络模式介绍
2022/08/06 11:44:55
涓銆丅ridge妯″紡
褰 Docker 杩涚▼鍚姩鏃讹紝浼氬湪涓绘満涓婂垱寤衡紑涓悕涓 docker0 鐨勮櫄鎷熲焦妗ワ紝姝や富鏈轰笂鍚姩鐨 Docker 瀹瑰櫒 浼氳繛鎺ュ埌杩欎釜铏氭嫙饨规ˉ涓娿傝櫄鎷熲焦妗ョ殑饧綔饨呭紡鍜岀墿鐞嗕氦鎹㈡満绫讳技锛岃繖鏍蜂富鏈轰笂鐨勬墍鏈夊鍣ㄥ氨閫氳繃浜 鎹㈡満杩炲湪浜嗏紑涓紗灞傗焦缁滀腑銆備粠 docker0 饧︹焦涓垎閰嶁紑涓 IP 缁欏鍣ㄤ娇饨わ紝骞惰缃 docker0 鐨 IP 鍦板潃 涓哄鍣ㄧ殑榛樿饨瑰叧銆傚湪涓绘満涓婂垱寤衡紑瀵硅櫄鎷熲焦鍗 veth pair 璁惧锛孌ocker 灏 veth pair 璁惧鐨勨紑绔斁 鍦ㄦ柊鍒涘缓鐨勫鍣ㄤ腑锛屽苟鍛藉悕涓 eth0 锛堝鍣ㄧ殑饨瑰崱锛夛紝鍙︹紑绔斁鍦ㄤ富鏈轰腑锛屼互 vethxxx 杩欐牱绫讳技鐨勫悕 瀛楀懡鍚嶏紝骞跺皢杩欎釜饨圭粶璁惧鍔犫紛鍒 docker0 饨规ˉ涓傚彲浠ラ氳繃 brctl show 鍛戒护鏌ョ湅銆
Bridge 妯″紡鏄 docker 鐨勯粯璁も焦缁滄ā寮忥紝涓嶅啓 鈥搉et 鍙傛暟锛屽氨鏄 bridge 妯″紡銆備娇饨 docker run - p 鏃讹紝docker 瀹為檯鏄湪 iptables 鍋氫簡 DNAT 瑙勫垯锛屽疄鐜扮饧濊浆鍙戝姛鑳姐傚彲浠ヤ娇饨 iptables -t nat - vnL 鏌ョ湅銆 bridge 妯″紡濡備笅鍥炬墍绀猴細
濡傛灉浣犱箣鍓嶆湁 Docker 浣库饯缁忛獙锛屼綘鍙兘宸茬粡涔犳儻浜嗕娇饨 --link 鍙傛暟鏉ヤ娇瀹瑰櫒浜掕仈銆
闅忕潃 Docker 饨圭粶鐨勫畬鍠勶紝寮虹儓寤鸿饧ゅ灏嗗鍣ㄥ姞饧娾緝瀹氫箟鐨 Docker 饨圭粶鏉ヨ繛鎺ュ涓鍣紝饨戒笉鏄娇 饨 --link 鍙傛暟銆
涓嬮潰鍏堝垱寤轰竴涓柊鐨凞ocker缃戠粶銆
$ docker network create -d bridge my-net
-d 鍙傛暟鎸囧畾 Docker 饨圭粶绫诲瀷锛屾湁 bridge overlay 銆傚叾涓 overlay 饨圭粶绫诲瀷饨や簬 Swarm mode锛屽湪 鏈缉鑺備腑浣犲彲浠ュ拷鐣ュ畠銆
杩愨緩饧涓鍣ㄥ苟杩炴帴鍒版柊寤虹殑 my-net 饨圭粶
$ docker run -it --rm --name busybox1 --network my-net busybox sh
鎵撳紑鏂扮殑缁堢锛屽啀杩愨緩饧涓鍣ㄥ苟鍔犫紛鍒 my-net 饨圭粶
$ docker run -it --rm --name busybox2 --network my-net busybox sh
鍐嶆墦寮饧涓柊鐨勭粓绔煡鐪嬪鍣ㄤ俊鎭
$ docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b47060aca56b busybox "sh" 11 minutes ago Up 11 minu tes busybox2
8720575823ec busybox "sh" 16 minutes ago Up 16 minu tes busybox1
涓嬧警閫氳繃 ping 鏉ヨ瘉鏄 busybox1 瀹瑰櫒鍜 busybox2 瀹瑰櫒寤衡酱浜嗕簰鑱斿叧绯汇 鍦 busybox1 瀹瑰櫒杈撯紛浠ヤ笅鍛戒护
/ # ping busybox2
PING busybox2 (172.19.0.3): 56 data bytes
64 bytes from 172.19.0.3: seq=0 ttl=64 time=0.072 ms
64 bytes from 172.19.0.3: seq=1 ttl=64 time=0.118 ms
饨 ping 鏉ユ祴璇曡繛鎺 busybox2 瀹瑰櫒锛屽畠浼氳В鏋愭垚 172.19.0.3銆 鍚岀悊鍦 busybox2 瀹瑰櫒鎵р緩 ping busybox1锛屼篃浼氭垚鍔熻繛鎺ュ埌銆
/ # ping busybox1
PING busybox1 (172.19.0.2): 56 data bytes
64 bytes from 172.19.0.2: seq=0 ttl=64 time=0.064 ms
64 bytes from 172.19.0.2: seq=1 ttl=64 time=0.143 ms
杩欐牱锛宐usybox1 瀹瑰櫒鍜 busybox2 瀹瑰櫒寤衡酱浜嗕簰鑱斿叧绯汇
濡傛灉浣犳湁澶氫釜瀹瑰櫒涔嬮棿闇瑕佷簰鐩歌繛鎺ワ紝鎺ㄨ崘浣库饯 Docker Compose 銆
浜屻丠ost妯″紡
濡傛灉鍚姩瀹瑰櫒鐨勬椂鍊欎娇饨 host 妯″紡锛岄偅涔堣繖涓鍣ㄥ皢涓嶄細鑾峰緱饧涓嫭饨寸殑 Network Namespace 锛屸浇鏄 鍜屽涓绘満鍏扁饯饧涓 Network Namespace銆傚鍣ㄥ皢涓嶄細铏氭嫙鍑衡緝饧扮殑饨瑰崱锛岄厤缃緝饧扮殑 IP 绛夛紝饨芥槸浣 饨ゅ涓绘満鐨 IP 鍜岀饧濄備絾鏄紝瀹瑰櫒鐨勫叾浠栤絽饩紝濡傗絺浠剁郴缁熴佽繘绋嬪垪琛ㄧ瓑杩樻槸鍜屽涓绘満闅旂鐨勩 Host妯″紡濡備笅鍥炬墍绀猴細
涓夈丆ontainer妯″紡
杩欎釜妯″紡鎸囧畾鏂板垱寤虹殑瀹瑰櫒鍜屽凡缁忓瓨鍦ㄧ殑饧涓鍣ㄥ叡浜紑涓 Network Namespace锛屸浇涓嶆槸鍜屽涓绘満鍏 浜傛柊鍒涘缓鐨勫鍣ㄤ笉浼氬垱寤衡緝饧扮殑饨瑰崱锛岄厤缃緝饧扮殑 IP锛屸浇鏄拰饧涓寚瀹氱殑瀹瑰櫒鍏变韩 IP銆佺饧濊寖鍥 绛夈傚悓鏍凤紝涓や釜瀹瑰櫒闄や簡饨圭粶饨呪警锛屽叾浠栫殑濡傗絺浠剁郴缁熴佽繘绋嬪垪琛ㄧ瓑杩樻槸闅旂鐨勩備袱涓鍣ㄧ殑杩涚▼鍙 浠ラ氳繃 lo 饨瑰崱璁惧閫氫俊銆 Container妯″紡绀烘剰鍥撅細
鍥涖丯one妯″紡
浣库饯 none 妯″紡锛孌ocker 瀹瑰櫒鎷ユ湁饩冣及鐨 Network Namespace锛屼絾鏄紝骞朵笉涓篋ocker 瀹瑰櫒杩涒緩浠讳綍 饨圭粶閰嶇疆銆備篃灏辨槸璇达紝杩欎釜 Docker 瀹瑰櫒娌℃湁饨瑰崱銆両P銆佽矾鐢辩瓑淇℃伅銆傞渶瑕佹垜浠緝饧颁负 Docker 瀹瑰櫒娣 鍔犫焦鍗°侀厤缃 IP 绛夈 None妯″紡绀烘剰
褰 Docker 杩涚▼鍚姩鏃讹紝浼氬湪涓绘満涓婂垱寤衡紑涓悕涓 docker0 鐨勮櫄鎷熲焦妗ワ紝姝や富鏈轰笂鍚姩鐨 Docker 瀹瑰櫒 浼氳繛鎺ュ埌杩欎釜铏氭嫙饨规ˉ涓娿傝櫄鎷熲焦妗ョ殑饧綔饨呭紡鍜岀墿鐞嗕氦鎹㈡満绫讳技锛岃繖鏍蜂富鏈轰笂鐨勬墍鏈夊鍣ㄥ氨閫氳繃浜 鎹㈡満杩炲湪浜嗏紑涓紗灞傗焦缁滀腑銆備粠 docker0 饧︹焦涓垎閰嶁紑涓 IP 缁欏鍣ㄤ娇饨わ紝骞惰缃 docker0 鐨 IP 鍦板潃 涓哄鍣ㄧ殑榛樿饨瑰叧銆傚湪涓绘満涓婂垱寤衡紑瀵硅櫄鎷熲焦鍗 veth pair 璁惧锛孌ocker 灏 veth pair 璁惧鐨勨紑绔斁 鍦ㄦ柊鍒涘缓鐨勫鍣ㄤ腑锛屽苟鍛藉悕涓 eth0 锛堝鍣ㄧ殑饨瑰崱锛夛紝鍙︹紑绔斁鍦ㄤ富鏈轰腑锛屼互 vethxxx 杩欐牱绫讳技鐨勫悕 瀛楀懡鍚嶏紝骞跺皢杩欎釜饨圭粶璁惧鍔犫紛鍒 docker0 饨规ˉ涓傚彲浠ラ氳繃 brctl show 鍛戒护鏌ョ湅銆
Bridge 妯″紡鏄 docker 鐨勯粯璁も焦缁滄ā寮忥紝涓嶅啓 鈥搉et 鍙傛暟锛屽氨鏄 bridge 妯″紡銆備娇饨 docker run - p 鏃讹紝docker 瀹為檯鏄湪 iptables 鍋氫簡 DNAT 瑙勫垯锛屽疄鐜扮饧濊浆鍙戝姛鑳姐傚彲浠ヤ娇饨 iptables -t nat - vnL 鏌ョ湅銆 bridge 妯″紡濡備笅鍥炬墍绀猴細
- $ docker run -tid --net=bridge --name docker_bri1 \
- ubuntu-base:v3
- docker run -tid --net=bridge --name docker_bri2 \
- ubuntu-base:v3
- $ brctl show
- $ docker exec -ti docker_bri1 /bin/bash
- $ ifconfig 鈥揳
- $ route 鈥搉
闅忕潃 Docker 饨圭粶鐨勫畬鍠勶紝寮虹儓寤鸿饧ゅ灏嗗鍣ㄥ姞饧娾緝瀹氫箟鐨 Docker 饨圭粶鏉ヨ繛鎺ュ涓鍣紝饨戒笉鏄娇 饨 --link 鍙傛暟銆
涓嬮潰鍏堝垱寤轰竴涓柊鐨凞ocker缃戠粶銆
$ docker network create -d bridge my-net
-d 鍙傛暟鎸囧畾 Docker 饨圭粶绫诲瀷锛屾湁 bridge overlay 銆傚叾涓 overlay 饨圭粶绫诲瀷饨や簬 Swarm mode锛屽湪 鏈缉鑺備腑浣犲彲浠ュ拷鐣ュ畠銆
杩愨緩饧涓鍣ㄥ苟杩炴帴鍒版柊寤虹殑 my-net 饨圭粶
$ docker run -it --rm --name busybox1 --network my-net busybox sh
鎵撳紑鏂扮殑缁堢锛屽啀杩愨緩饧涓鍣ㄥ苟鍔犫紛鍒 my-net 饨圭粶
$ docker run -it --rm --name busybox2 --network my-net busybox sh
鍐嶆墦寮饧涓柊鐨勭粓绔煡鐪嬪鍣ㄤ俊鎭
$ docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b47060aca56b busybox "sh" 11 minutes ago Up 11 minu tes busybox2
8720575823ec busybox "sh" 16 minutes ago Up 16 minu tes busybox1
涓嬧警閫氳繃 ping 鏉ヨ瘉鏄 busybox1 瀹瑰櫒鍜 busybox2 瀹瑰櫒寤衡酱浜嗕簰鑱斿叧绯汇 鍦 busybox1 瀹瑰櫒杈撯紛浠ヤ笅鍛戒护
/ # ping busybox2
PING busybox2 (172.19.0.3): 56 data bytes
64 bytes from 172.19.0.3: seq=0 ttl=64 time=0.072 ms
64 bytes from 172.19.0.3: seq=1 ttl=64 time=0.118 ms
饨 ping 鏉ユ祴璇曡繛鎺 busybox2 瀹瑰櫒锛屽畠浼氳В鏋愭垚 172.19.0.3銆 鍚岀悊鍦 busybox2 瀹瑰櫒鎵р緩 ping busybox1锛屼篃浼氭垚鍔熻繛鎺ュ埌銆
/ # ping busybox1
PING busybox1 (172.19.0.2): 56 data bytes
64 bytes from 172.19.0.2: seq=0 ttl=64 time=0.064 ms
64 bytes from 172.19.0.2: seq=1 ttl=64 time=0.143 ms
杩欐牱锛宐usybox1 瀹瑰櫒鍜 busybox2 瀹瑰櫒寤衡酱浜嗕簰鑱斿叧绯汇
濡傛灉浣犳湁澶氫釜瀹瑰櫒涔嬮棿闇瑕佷簰鐩歌繛鎺ワ紝鎺ㄨ崘浣库饯 Docker Compose 銆
浜屻丠ost妯″紡
濡傛灉鍚姩瀹瑰櫒鐨勬椂鍊欎娇饨 host 妯″紡锛岄偅涔堣繖涓鍣ㄥ皢涓嶄細鑾峰緱饧涓嫭饨寸殑 Network Namespace 锛屸浇鏄 鍜屽涓绘満鍏扁饯饧涓 Network Namespace銆傚鍣ㄥ皢涓嶄細铏氭嫙鍑衡緝饧扮殑饨瑰崱锛岄厤缃緝饧扮殑 IP 绛夛紝饨芥槸浣 饨ゅ涓绘満鐨 IP 鍜岀饧濄備絾鏄紝瀹瑰櫒鐨勫叾浠栤絽饩紝濡傗絺浠剁郴缁熴佽繘绋嬪垪琛ㄧ瓑杩樻槸鍜屽涓绘満闅旂鐨勩 Host妯″紡濡備笅鍥炬墍绀猴細
- $ docker run -tid --net=host --name docker_host1 ubuntu-base:v3
- $ docker run -tid --net=host --name docker_host2 ubuntu-base:v3
- $ docker exec -ti docker_host1 /bin/bash
- $ docker exec -ti docker_host1 /bin/bash
- $ ifconfig 鈥揳
- $ route 鈥搉
杩欎釜妯″紡鎸囧畾鏂板垱寤虹殑瀹瑰櫒鍜屽凡缁忓瓨鍦ㄧ殑饧涓鍣ㄥ叡浜紑涓 Network Namespace锛屸浇涓嶆槸鍜屽涓绘満鍏 浜傛柊鍒涘缓鐨勫鍣ㄤ笉浼氬垱寤衡緝饧扮殑饨瑰崱锛岄厤缃緝饧扮殑 IP锛屸浇鏄拰饧涓寚瀹氱殑瀹瑰櫒鍏变韩 IP銆佺饧濊寖鍥 绛夈傚悓鏍凤紝涓や釜瀹瑰櫒闄や簡饨圭粶饨呪警锛屽叾浠栫殑濡傗絺浠剁郴缁熴佽繘绋嬪垪琛ㄧ瓑杩樻槸闅旂鐨勩備袱涓鍣ㄧ殑杩涚▼鍙 浠ラ氳繃 lo 饨瑰崱璁惧閫氫俊銆 Container妯″紡绀烘剰鍥撅細
- $ docker run -tid --net=container:docker_bri1 \
- --name docker_con1 ubuntu-base:v3
- $ docker exec -ti docker_con1 /bin/bash
- $ docker exec -ti docker_bri1 /bin/bash
- $ ifconfig 鈥揳
- $ route -n
浣库饯 none 妯″紡锛孌ocker 瀹瑰櫒鎷ユ湁饩冣及鐨 Network Namespace锛屼絾鏄紝骞朵笉涓篋ocker 瀹瑰櫒杩涒緩浠讳綍 饨圭粶閰嶇疆銆備篃灏辨槸璇达紝杩欎釜 Docker 瀹瑰櫒娌℃湁饨瑰崱銆両P銆佽矾鐢辩瓑淇℃伅銆傞渶瑕佹垜浠緝饧颁负 Docker 瀹瑰櫒娣 鍔犫焦鍗°侀厤缃 IP 绛夈 None妯″紡绀烘剰
- $ docker run -tid --net=none --name \
- docker_non1 ubuntu-base:v3
- $ docker exec -ti docker_non1 /bin/bash
- $ ifconfig 鈥揳
- $ route -n