Docker - 网络

理解Docker0

# 我们发现这个容器带来网卡，都是一对对的
# evth-pair 就是一对的虚拟设备接口，他们都是成对出现的，一段连着协议，一段彼此相连
# 正因为有了这个特性，evth-pair 充当一个桥梁，连接各种虚拟网络设备的
# OpenStac，Docker容器之间的连接，OVS的连接，都是使用evth-pair技术

[root@iZ2zeg7mctvft5renx1qvbZ ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:16:3e:39:7c:e6 brd ff:ff:ff:ff:ff:ff
    inet 172.29.161.223/20 brd 172.29.175.255 scope global dynamic eth0
       valid_lft 314947070sec preferred_lft 314947070sec
    inet6 fe80::216:3eff:fe39:7ce6/64 scope link
       valid_lft forever preferred_lft forever
3: bond0: <NO-CARRIER,BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 2a:54:48:d3:d8:27 brd ff:ff:ff:ff:ff:ff
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ff:42:50:72 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:ffff:fe42:5072/64 scope link
       valid_lft forever preferred_lft forever
106: veth366b832@if105: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
    link/ether da:67:68:de:a3:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::d867:68ff:fede:a33e/64 scope link
       valid_lft forever preferred_lft forever

我们每启动一个docker容器，docker就会给docker容器分配一个，我们只要安装了docker，就会有一个网卡docker0桥接模式，使用的技术是evth-pair技术！

容器和容器之间是可以通信的

容器删除，对应的网卡也会被删除

# 通过 inspect 命令可以查看到当前窗口的ip
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker inspect 70f3d34a8c4b
"Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "765ff8aa537de2525f0ef4a726c6e0445f29b650cace9f8288a714b6c3c33526",
                    "EndpointID": "ccaabe374f9fb28133823ae28e51847131be3f761a59a0cf78142a40462622e3",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.4",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:04",
                    "DriverOpts": null
                }
            }

在这里插入图片描述

link

不建议使用

# 通过like进行连接
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker run -d -p 8090:8080 --name tomcat02 --link tomcat -v /home/build/tomcat/test/:/usr/local/apache-tomcat-9.0.82/webapps/test -v /home/build/tomcat/tomcatlogs/:/usr/local/apache-tomcat-9.0.82/logs registry.cn-beijing.aliyuncs.com/am98/tomcat:1.0

# 测试网络是否能连通【单向绑定】
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat ping tomcat02
ping: tomcat02: Name or service not known
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat02 ping tomcat
PING tomcat (172.17.0.2) 56(84) bytes of data.
64 bytes from tomcat (172.17.0.2): icmp_seq=1 ttl=64 time=0.096 ms
64 bytes from tomcat (172.17.0.2): icmp_seq=2 ttl=64 time=0.066 ms

# 查看hosts文件，link命令只是在hosts文件中进行了映射配置
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat02 cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2      tomcat 9f9cdd3c8b02
172.17.0.4      70f3d34a8c4b

自定义网络

[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
765ff8aa537d   bridge    bridge    local
7a933a7d4db8   host      host      local
e2d2897222d8   none      null      local

网络模式
bridge: 连接 docker (默认，自己搭建也使用bridge模式)
host: 不配置网络
none: 和宿主机共享网络
container: 容器网络连通！（用的少！局限很大）


# 查看docker network命令
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker network --help
Usage:  docker network COMMAND
Manage networks
Commands:
  connect     Connect a container to a network
  create      Create a network
  disconnect  Disconnect a container from a network
  inspect     Display detailed information on one or more networks
  ls          List networks
  prune       Remove all unused networks
  rm          Remove one or more networks
Run 'docker network COMMAND --help' for more information on a command.

测试

# 我们直接启动命令 --net bridge,而这个就是我们的docker0
docker run -d -P --name tomcat01 tomcat
docker run -d -P --name tomcat01 --net bridge tomcat

# docker0特点，默认，域名不能访问， --like可以打通连接

# 我们可以自定义一个网络
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
94ab82cab2caaea17be29c3de0f5d96cee2ee2f0342e14869558c6867cfecb97
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
765ff8aa537d   bridge    bridge    local
7a933a7d4db8   host      host      local
94ab82cab2ca   mynet     bridge    local
e2d2897222d8   none      null      local
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker network inspect mynet
[
    {
        "Name": "mynet",
        "Id": "94ab82cab2caaea17be29c3de0f5d96cee2ee2f0342e14869558c6867cfecb97",
        "Created": "2023-11-14T11:17:28.325534784+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.0.0/16",
                    "Gateway": "192.168.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

使用自定义网络启动容器并测试

[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker run -d -p 8080:8080 --name tomcat01 --net mynet -v /home/build/tomcat/test/:/usr/local/apache-tomcat-9.0.82/webapps/test -v /home/build/tomcat/tomcatlogs/:/usr/local/apache-tomcat-9.0.82/logs registry.cn-beijing.aliyuncs.com/am98/tomcat:1.0
aaead7a414095b60c6db460020213332808e74e91453e848daa31f235ee31548
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker run -d -p 8081:8080 --name tomcat02 --net mynet -v /home/build/tomcat/test/:/usr/local/apache-tomcat-9.0.82/webapps/test -v /home/build/tomcat/tomcatlogs/:/usr/local/apache-tomcat-9.0.82/logs registry.cn-beijing.aliyuncs.com/am98/tomcat:1.0
42e75fb1cd57a66fe8dde474f530b8134d1578fb7846d806831852719af54f73

# 通过 ip 容器名 均可ping通
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat02 ping tomcat01
PING tomcat01 (192.168.0.2) 56(84) bytes of data.
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat01 ping tomcat02
PING tomcat02 (192.168.0.3) 56(84) bytes of data.
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat01 ping 192.168.0.3
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.098 ms

网络连通

网络与网络之间进行打通【mynet与net网络之间的容器进行连接】

# 官方：一个容器两个IP
# 有点类似于 阿里云 内网IP与外网IP

[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker run -d -p 8082:8080 --name tomcat03 -v /home/build/tomcat/test/:/usr/local/apache-tomcat-9.0.82/webapps/test -v /home/build/tomcat/tomcatlogs/:/usr/local/apache-tomcat-9.0.82/logs registry.cn-beijing.aliyuncs.com/am98/tomcat:1.0
fc84c14688ffef862a0fbc2d5ff7d5c4fadffc1be6be2e91a9e858af333e57d1
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat03 ping tomcat02
ping: tomcat02: Name or service not known

# 网络连通后再测试
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker network connect mynet tomcat03
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it tomcat03 ping tomcat02
PING tomcat02 (192.168.0.3) 56(84) bytes of data.

部署 Redis 集群

# 创建 redis 集群的网络
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker network create --driver bridge --subnet 192.169.0.0/16 --gateway 192.169.0.1 redis

# 创建配置文件
for port in $(seq 2 7); \
do \
mkdir -p /mydata/redis/node-${port}/conf
touch /mydata/redis/node-${port}/conf/redis.conf
cat << EOF >/mydata/redis/node-${port}/conf/redis.conf
port 6379
bind 0.0.0.0
cluster-enabled yes
cluster-config-file nodes.conf
cluster-node-timeout 5000
cluster-announce-ip 172.38.0.1${port}
cluster-announce-port 6379
cluster-announce-bus-port 16379
appendonly yes
EOF
done

# 创建 redis 容器
for port in $(seq 2 7); \
do \
docker run -p 637${port}:6379 -p 1637${port}:16379 --name redis-${port} -v /mydata/redis/node-${port}/data:/data -v /mydata/redis/node-${port}/conf/redis.conf:/etc/redis/redis.conf -d --net redis --ip 192.169.0.${port} redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.conf
done

# 进入容器
[root@iZ2zeg7mctvft5renx1qvbZ ~]# docker exec -it redis-2 /bin/sh

# 创建集群
/data # redis-cli --cluster create 192.169.0.2:6379 192.169.0.3:6379 192.169.0.4:6379 192.169.0.5:6379 192.169.0.6:6379 192.169.0.7:6379 --cluster-replicas 1

# 连接集群
/data # redis-cli -c

# 查看集群信息
/data # cluster info

# 查看集群节点
/data # cluster node

SpringBoot 发布镜像

# 1.将项目打包成jar
springbootDocker-0.0.1-SNAPSHOT.jar

# 2.Dockerfile 文件编写
FROM openjdk:8
COPY *.jar /app.jar
CMD ["--server.port=8080"]
EXPOSE 8080
ENTRYPOINT ["java","-jar","/app.jar"]

# 3.上传至服务器发布镜像
[root@iZ2zeg7mctvft5renx1qvbZ boot]# docker build -t boot .
[+] Building 2.5s (7/7) FINISHED

# 4.运行镜像容器并访问
[root@iZ2zeg7mctvft5renx1qvbZ boot]# docker run -d -P boot boot
3342e5bef35c31fd1783956325ae9fe246547278d6e198bf1d43cf1e8944963f
[root@iZ2zeg7mctvft5renx1qvbZ boot]# docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS
3342e5bef35c   boot      "java -jar /app.jar …"   3 seconds ago   Up 3 seconds   0.0.0.0:32771->8080/tcp, :::32771->8080/tcp 
[root@iZ2zeg7mctvft5renx1qvbZ boot]# curl localhost:32771/hello
Hello Docker !