Docker网络操作详解 _网络操作

本文概述

查看网络
检查网络
建立网络
断开网络

让我们学习Docker Networking…。
docker中主要有五个网络-桥, 主机, 覆盖, 无和macvlan。
桥接网络是docker中的默认网络。我在上一篇有关Docker体系结构的文章中已对这些网络进行了介绍。
在本文中, 我将向你展示docker联网的实际部分。你将了解如何检查docker网络详细信息, 如何连接到网络, 如何创建网络等。因此, 让我们开始吧。
每当你运行Docker容器时, 默认的桥接网络调用docker0都会与该容器相关联, 除非指定了任何其他网络。例如, 当我运行ifconfig命令时, 你将获得网桥类型的docker0网络的详细信息以及其他网络详细信息。

[email protected]:~$ ifconfigdocker0: flags=4099< UP, BROADCAST, MULTICAST> mtu 1500inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255ether 02:42:f6:59:4a:5f txqueuelen 0 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0enp0s3: flags=4163< UP, BROADCAST, RUNNING, MULTICAST> mtu 1500inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255inet6 fe80::763e:c0b4:14df:b273 prefixlen 64 scopeid 0x20< link> ether 08:00:27:68:64:9a txqueuelen 1000 (Ethernet)RX packets 2157 bytes 2132896 (2.1 MB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 952 bytes 151610 (151.6 KB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0enp0s8: flags=4163< UP, BROADCAST, RUNNING, MULTICAST> mtu 1500inet 192.168.56.102 netmask 255.255.255.0 broadcast 192.168.56.255inet6 fe80::20a:6c57:839d:2652 prefixlen 64 scopeid 0x20< link> ether 08:00:27:53:45:82 txqueuelen 1000 (Ethernet)RX packets 10597 bytes 1497146 (1.4 MB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 12058 bytes 1730219 (1.7 MB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73< UP, LOOPBACK, RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10< host> loop txqueuelen 1000 (Local Loopback)RX packets 1196 bytes 105396 (105.3 KB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 1196 bytes 105396 (105.3 KB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

查看网络运行ls命令, 检查当前主机上运行的所有网络。你可以看到, 当前存在七个网络, 包括网桥, 主机和安装Docker时不会自动创建的网络。根据我过去运行的容器, 还有其他自定义网络的详细信息。

[email protected]:~$ docker network lsNETWORK ID NAME DRIVER SCOPEfec751a6ae21 bridge bridge local21943b20735d docker_gwbridge bridge localf51d1f3379e0 host host localppp8i7tvrxa0 ingress overlay swarmba68f73abeed mean-app_default bridge locald466e75d86fa mean_default bridge local5e5d9a192c00 none null local

检查网络你可以运行inspect命令以获取有关网络类型的所有详细信息。它提供有关网络的信息, 包括名称, ID, 创建时间, 范围, 驱动程序, 配置详细信息, 例如子网和网关地址。如果有任何容器正在运行, 我还将提供容器详细信息。否则, 它将返回一个空字符串。

[email protected]:~$ docker network inspect bridge[{"Name": "bridge", "Id": "fec751a6ae21f20a06cdc6eb823e773caec063b6bf9a388016594e59fd1db475", "Created": "2019-08-01T10:30:27.595054009-04:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": {"Driver": "default", "Options": null, "Config": [{"Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1"}]}, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": {"Network": ""}, "ConfigOnly": false, "Containers": {}, "Options": {"com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500"}, "Labels": {}}]

建立网络使用create命令, 你可以创建自己的网络。你需要使用– driver标志提及驱动程序类型, 在下面的示例中, 我正在使用网桥类型。

[email protected]:~$ docker network create --driver bridge geekflare_network08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409

运行ls命令以检查是否已创建网络。

[email protected]:~$ docker network lsNETWORK ID NAME DRIVER SCOPEfec751a6ae21 bridge bridge local21943b20735d docker_gwbridge bridge local08e0da91f6de geekflare_network bridge localf51d1f3379e0 host host localppp8i7tvrxa0 ingress overlay swarmba68f73abeed mean-app_default bridge locald466e75d86fa mean_default bridge local5e5d9a192c00 none null local

现在, 我将在创建的网络上运行一个docker容器。我在下面的命令中运行一个简单的Apache服务器容器。

[email protected]:~$ docker run -it -d --network=geekflare_network httpd38a0b0646da1a0045afcf7aa0cd6228b851f74107a6718bb19d599e896df1002

【Docker网络操作详解】运行inspect命令检查geekflare_network的所有信息。你可以在这次检查输出中找到容器的详细信息。容器名称确定为_dubinsky。

[email protected]:~$ docker network inspect geekflare_network[{"Name": "geekflare_network", "Id": "08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409", "Created": "2019-09-03T13:56:36.244295204-04:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": {"Driver": "default", "Options": {}, "Config": [{"Subnet": "172.21.0.0/16", "Gateway": "172.21.0.1"}]}, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": {"Network": ""}, "ConfigOnly": false, "Containers": {"38a0b0646da1a0045afcf7aa0cd6228b851f74107a6718bb19d599e896df1002": {"Name": "determined_dubinsky", "EndpointID": "30d252720e0f381ba01d6f5414525dff8587abcf3c4920100f112898a52c8a23", "MacAddress": "02:42:ac:15:00:02", "IPv4Address": "172.21.0.2/16", "IPv6Address": ""}}, "Options": {}, "Labels": {}}]

断开网络要从容器断开网络连接, 请运行以下命令。你需要在断开连接命令中提及网络名称和容器名称。

[email protected]:~$ docker network disconnect geekflare_network determined_dubinsky

该网络将不再运行named_dubinsky容器；容器字段将为空。

[email protected]:~$ docker network inspect geekflare_network[{"Name": "geekflare_network", "Id": "08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409", "Created": "2019-09-03T13:56:36.244295204-04:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": {"Driver": "default", "Options": {}, "Config": [{"Subnet": "172.21.0.0/16", "Gateway": "172.21.0.1"}]}, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": {"Network": ""}, "ConfigOnly": false, "Containers": {}, "Options": {}, "Labels": {}}]

要创建除网桥以外的网络, 你需要提及网桥以外的驱动程序名称。要创建覆盖网络, 请运行以下命令。

[email protected]:~$ docker network create --driver overlay geekflare_network_2ynd2858eu1cngwhpc40m3h1nx[email protected]:~$ docker network lsNETWORK ID NAME DRIVER SCOPEfec751a6ae21 bridge bridge local21943b20735d docker_gwbridge bridge local08e0da91f6de geekflare_network bridge localf51d1f3379e0 host host localppp8i7tvrxa0 ingress overlay swarmba68f73abeed mean-app_default bridge locald466e75d86fa mean_default bridge local5e5d9a192c00 none null localynd2858eu1cn geekflare_network_2 overlay swarm

要创建主机网络, 请使用–driver标志提及host。下面的示例返回一个错误, 因为仅允许一个主机网络实例, 该实例之前已经运行过。因此, 此命令不会创建另一个主机网络。

[email protected]:~$ docker network create --driver host geekflare_network_3Error response from daemon: only one instance of "host" network is allowed

总结
这就是有关Docker网络以及如何连接, 断开连接, 创建, 检查Docker网络的全部内容。试用这些命令以熟悉Docket网络。如果你对学习Net Devops感到好奇, 请查看此Udemy课程。