云原生之Docker容器的网络管理
【摘要】 云原生之Docker容器的网络管理
一、登录华为ECS云服务器
二、检查docker环境
[root@ecs-1558 ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2022-10-23 20:47:47 CST; 59s ago
Docs: https://docs.docker.com
Main PID: 1790 (dockerd)
Tasks: 7
Memory: 25.2M
CGroup: /system.slice/docker.service
└─1790 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Oct 23 20:47:47 ecs-1558 dockerd[1790]: time="2022-10-23T20:47:47.409717477+08:00" level=info msg="scheme \"unix\" not re...e=grpc
Oct 23 20:47:47 ecs-1558 dockerd[1790]: time="2022-10-23T20:47:47.409728241+08:00" level=info msg="ccResolverWrapper: sen...e=grpc
Oct 23 20:47:47 ecs-1558 dockerd[1790]: time="2022-10-23T20:47:47.409734336+08:00" level=info msg="ClientConn switching b...e=grpc
Oct 23 20:47:47 ecs-1558 dockerd[1790]: time="2022-10-23T20:47:47.431194886+08:00" level=info msg="Loading containers: start."
Oct 23 20:47:47 ecs-1558 dockerd[1790]: time="2022-10-23T20:47:47.539531805+08:00" level=info msg="Default bridge (docker...dress"
Oct 23 20:47:47 ecs-1558 dockerd[1790]: time="2022-10-23T20:47:47.578799852+08:00" level=info msg="Loading containers: done."
Oct 23 20:47:47 ecs-1558 dockerd[1790]: time="2022-10-23T20:47:47.593295777+08:00" level=info msg="Docker daemon" commit=....10.18
Oct 23 20:47:47 ecs-1558 dockerd[1790]: time="2022-10-23T20:47:47.593380253+08:00" level=info msg="Daemon has completed i...ation"
Oct 23 20:47:47 ecs-1558 dockerd[1790]: time="2022-10-23T20:47:47.618260430+08:00" level=info msg="API listen on /var/run....sock"
Oct 23 20:47:47 ecs-1558 systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.
三、容器的host网络
1.运行host网络类型的容器
[root@ecs-1558 ~]# docker run -itd --network=host centos
Unable to find image 'centos:latest' locally
latest: Pulling from library/centos
a1d0c7532777: Pull complete
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for centos:latest
3773fe30f40d0687262128fb3096e7f9628f734d803ab4c5d7b58f67a2ab0298
2.在容器内查看网络信息
[root@ecs-1558 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3773fe30f40d centos "/bin/bash" 8 minutes ago Up 8 minutes sweet_antonelli
[root@ecs-1558 ~]# docker exec -it 3773f /bin/bash
[root@ecs-1558 /]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:23:7a:13 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.152/24 brd 192.168.0.255 scope global dynamic noprefixroute eth0
valid_lft 85095sec preferred_lft 85095sec
inet6 fe80::f816:3eff:fe23:7a13/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:7b:ff:1e:be brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
[root@ecs-1558 /]#
3.宿主机验证网络信息
[root@ecs-1558 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:23:7a:13 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.152/24 brd 192.168.0.255 scope global noprefixroute dynamic eth0
valid_lft 85054sec preferred_lft 85054sec
inet6 fe80::f816:3eff:fe23:7a13/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:7b:ff:1e:be brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
4.host网络类型总结
当容器使用host网络模型,容器和宿主机共享网络namespace,因此网络信息完全一致。
四、容器的bridge网络
1.运行bridge网络类型的容器
[root@ecs-1558 ~]# docker run -itd --network=bridge centos
5fa70b91496e84ace5f2810c48ee2d02596ad404d53ac329d42120b05934ee23
2.查看容器内网络
[root@ecs-1558 ~]# docker exec -it 5fa7 /bin/bash
[root@5fa70b91496e /]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
3.查看宿主机中默认bridge网络信息
[root@ecs-1558 ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "ab0ec44cdda6793472ab8d1017d5541c07de7644395233f327962326bb2df5c5",
"Created": "2022-10-23T20:47:47.539554084+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"5fa70b91496e84ace5f2810c48ee2d02596ad404d53ac329d42120b05934ee23": {
"Name": "pensive_saha",
"EndpointID": "9c85f5aec61d08fa81c63eb7e01ff80e0bab6d7ef0a13c5a136cb4a409a2e5f8",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
五、自定义bridge类型的网络
1.自定义bridge类型的网络
[root@ecs-1558 ~]# docker network create --driver bridge --subnet 173.18.0.0/16 --gateway 173.18.0.1 servicebridge01
d245c744d34ea7d6c5ecc8aed885076db2d99f93cd2b505df21ecef3ba331f2a
2.查看自定义网络详细信息
[root@ecs-1558 ~]# docker network inspect d245c744d
[
{
"Name": "servicebridge01",
"Id": "d245c744d34ea7d6c5ecc8aed885076db2d99f93cd2b505df21ecef3ba331f2a",
"Created": "2022-10-23T21:08:22.767835724+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "173.18.0.0/16",
"Gateway": "173.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
3.使用自定义网络运行容器test01
[root@ecs-1558 ~]# docker run -itd --name test01--network=servicebridge01 centos
bc66fd869ffbcdf6478e60683616693d2449e3ac80c4821a979804082c6df9d3
六、测试brideg类型的容器互通情况
1.创建一个默认网络的容器test02
[root@ecs-1558 ~]# docker run -itd --name test02 centos
97ed154879a674662d21c99b2ae6c787cacb2fc4696bd05432e1489c60a8ec56
2.进入test02容器查看IP地址
[root@ecs-1558 ~]# docker exec -it 97e /bin/bash
[root@97ed154879a6 /]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
3.查看test01容器的IP
[root@ecs-1558 ~]# docker exec -it bc66 /bin/bash
[root@bc66fd869ffb /]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ad:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 173.18.0.2/16 brd 173.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
4.将自定义servicebridge01网络挂载到test02
[root@ecs-1558 ~]# docker network connect 97ed154879a6 bc66fd869ffb
5.查看test02容器的ip
[root@ecs-1558 ~]# docker exec -it 97e /bin/bash
[root@97ed154879a6 /]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
11: eth1@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ad:12:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 173.18.0.3/16 brd 173.18.255.255 scope global eth1
valid_lft forever preferred_lft forever
[root@97ed154879a6 /]#
6.查看两个容器互通情况
[root@97ed154879a6 /]# ping 173.18.0.2 -c 8
PING 173.18.0.2 (173.18.0.2) 56(84) bytes of data.
64 bytes from 173.18.0.2: icmp_seq=1 ttl=64 time=0.064 ms
64 bytes from 173.18.0.2: icmp_seq=2 ttl=64 time=0.043 ms
64 bytes from 173.18.0.2: icmp_seq=3 ttl=64 time=0.042 ms
64 bytes from 173.18.0.2: icmp_seq=4 ttl=64 time=0.044 ms
64 bytes from 173.18.0.2: icmp_seq=5 ttl=64 time=0.043 ms
64 bytes from 173.18.0.2: icmp_seq=6 ttl=64 time=0.056 ms
64 bytes from 173.18.0.2: icmp_seq=7 ttl=64 time=0.043 ms
64 bytes from 173.18.0.2: icmp_seq=8 ttl=64 time=0.045 ms
--- 173.18.0.2 ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 7000ms
rtt min/avg/max/mdev = 0.042/0.047/0.064/0.010 ms
[root@97ed154879a6 /]#
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)