kubernetes(三)之Docker网络详解

容器网络详解

虚拟网络类型

  • 虚拟化常见的网络类型(虚拟桥接式网络)

    • 隔离桥:127.0.0.1
    • 仅主机桥:不能对外通信
    • 路由器桥: 可以被nat发出去,但是不能
    • NAT桥: NAT连接追踪实现主机与外部互相通信
  • docker常见的网络类型
    • 桥网络: bridge,docker0 实现NAT
    • 联盟式网络:共享NET,IPC,UTS
    • host网络: 容器共享宿主机网络
    • none网络:封闭式网络
      kubernetes(三)之Docker网络详解

docker四类网络实践

  • none封闭式网络: 只有lo网卡,其他的都没有
[root@centos7-node1 ~]# docker ru] ] b 7 G { %n --name tinyweb2 -it --rm --network none wanghui122725501/myimg:v0.4 /bl w 6 Nin/sh
/ # ifconfig -a
lo Link encap:Local Loopbai [ ck
inet addr:127.0.0.1 Mask:25z s - % 8 j 4 S5.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overrz w C z L f I T runs:0 carrier:0
collisions:0 txqueuelenH U Q G }:1000
RX bytes:0 (0.0 B) TX byR + y M 1 t ntes:0 (0.0 B)
  • bridge:默认网络也是bridge
[root@centos7-node1 ~]# docker run --name tinywe@ A ` 1 C )b2  -d -3 6 K j ~ 6  +-network bridge wanghui122725501/myimg:v0.4
[root@ce{ # Q P m  j 3ntos7-node1 ~]# docker exec -ix ; m b ; vt tinyweb2    /binR q ^ C v A + Y _/d [ e w % Fsh
/ # ifconfig -a
eth0 Link encap:Er D rthernet HWaddr 02:42:AC:11:00:07
in] t e b , i  wet addr:172.17.0.7 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST M1 d *TU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 fy : :rame:0
TX packets:d V 7 F ] K ) y0 e~ * drrors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX br K mytes:516 (516.0 B) TX bytes:0 (0.0 B)
lo Link encap:Lo  m * b W Q - Pcal Loopback
inet addr:127.0.0.1 Mask:255.0.0.% f ) + w L R 70
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX= o 9 1 a packet& v s:0 errors:0 dropped:0 overruns:0 frame:0
TX packetC I a } V k ^s:0 errors:0 dropped:` # @ ; r 8 l 40 overruns:0 carrC + =ier:0
collisions:0 txqueuelen:g U ~ L ? {  o1W o E  m ^000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
  • 联盟式网络:主机名,IP
[roH B hot@c~ V & T R o O 3 zentosB J T  6 5 h W 17-node1 ~]# docker run --name joinedc1 -it --rm --network container:tQ 0 [ K linyweb2 wa! ( v  @nghui1227259 | h P V501/myimg:v0.4 /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11Q i U ! r = Q T:00:07
inet addr:172.17.0.7 Bcast:172.[ U r v X17.255.255 Mask:255.255.0.0
UP BROADCASTv F # ! U ~ e i  RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 over7 v runs:0 frame:0
TX p6 a u Vackets:0 errors:0 dropped:0 overruns:0 carz r Z M _ irier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)
lo Link e/ & w w N s e j ncap:Local Loopback
inet addr:12m - _ x w : -7.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisR V ) L D l -ions:0 txqueuelen:1000
RX bytes:0 (E R E T0.0 B) TX bytes:0 (0.0 B)
  • host网络:共享宿主机所有网卡
[root@ce_ # ( Vntos7-node1 ~]# docker run --name tintweb3 -it --rm --network host wanghui122725501/myimg:v0.4 /bin/sh
/ # ifconfig
/data/web # /bin/httpd -h /data/web/html/

可以直接访问宿主机ip,得到对应的结果

dock7 7 Jer其他网络参数

  • 指定docker的主机名: 使用Y g F =-h或者--hostname
[root@centos7-node1 ~]# docker run --name bbox2j D 2 d t m 4 w -it --rm --hostnam. : $ * Z N Oe mybbox2.cropy.cn b-  Uusybox
/ # hostname
mybbox2.cropy.cn
  • 增加hosU ~ l gts主机名解析(--add-host可以使用多次)
[root@centos7-node1 ~]# docker run --name bbox3 -it --rm --add-host bbox3.cropy.cn:172.17./ b e Y G0.10 --add-host gw.cropy.cn:172.17.0.1 by ; n & z  [ fusybox
/ # ifconfig
eth0 Link encap:EX  # ^thernet HWaddr 02:42:AC:11:00:06
inet addr:172.17.0.6 BB v S Qcast:172.17.255.255 Maw O ~sk:255.255.0.0
UP BRO8 j _ m RADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame? ) S z $ U:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5 H f 3 686 (586.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNINGI ? q _ w n ! _ MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TXu u r bytes:0 (0.0 B)
/ # cat /etc/hosts
127k t C G  M 6 q L.0.0.1 lr + 7 r Q Nocalhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.10 bbox3.cropy.cn
  • 增加DNS注入(--dns,--dns-search
[root@centos7-node1 ~]# docker run --name bbox3 -it --rm --add-host bb! a n ! { r {ox3.cropy.cn:172.17.0.10 --adj h g J G Rd-h5 n 4 5 z 9ost gw.cropy.cn:172.17.0.1 --dns 172t ; . 2 o o _ ;.17.0.1 --dns 11; ? X 8 ) 4.114.114.114 --dns-search cropy.cn busybox
/ # cat /etc/resolv.conf
search cropy.cn
nameserver 172.17.0.1
nameserver 114.114.114.114

端口映射

  • 非docker环境下的映射
iptables -t nat -A PREROUTING -d GW_IP  -p tcp|udp --dport 10080 -j DNAT G G } t ) J e 2 --to-destI $ .ination BE_server_IP:port
  • EXPQ H _ N rOSE(docker端口发布): -p选项

  • -p选项的使用格式

    • -p <s A R # W 2 8containerPort> : 将指定的容器端口映射至所在宿主机的任意端口
    • -p <hostPort>:<containerPort>:将容器端口映射至所在宿主机的指定端口
    • -p <ip>::&aN _ 0 } : ` w H Amp;lt;containerPort>: 将指定容器的端口映射至所在主机指定IP的动态端口
    • -p <ip>:<hostPort>:&l* W d :t;containeu * . N NrPort>: 将指定容器的端口映射至所在主机指定IP的指定端口

实例

[root@centos7-node1 ~]# docker run --name mytinyweb3 -d --network bridge -p 80 wN m 9 e z A O vanghui122725501/myimg:v0.4    #随机端口映射
[root@cen? ( 9 i ! q 0tos7-node1 ~]# doc+ 5 E h X F = yker port mytinyweb3    #查看映射详情(iptables -t nat -vnL   这个也可以)
80/tcp -> 0.0.0.0:32768
[root@centos7-node1 ~]# docker kill mytinywey @ .b3 && docker rm mytinyN : Xweb3
[root@centos7-node1 ~]# docker run --name mY 5 y S Aytinyweb3 -d --rm --netw` + ` sork bridge -p 80:8/ { , x ~ =0 wanghui122725501/myimg:v0.4   #指定端口映射
[root@centL O ) [ # #os7-node1 ~]# dockerH r q . . % M a d run --name mytinyweb3 -d  --network bridge -p 192.168.56.11::80 wanH c kghui122725501/myimg:v0.4
[root@centos7-node1a g . e A 2 F  ~]# docker kill my^ s ` / T h 0tinyweb3 &&aF l t ; g ( Smp; docker rm mytinyweb3
[root@ce9 @ d 6 b N 3ntos7-node1 ~]# docker run --name mytinyweb3) e , D s -d  --network bridge -p 192.168.56.11:80:80 wanghui1227k v ) ;25501/c } S Imyim3 j = _ b 4g:v0.4
[root@cento2 1 2 : Cs7-node1 ~]# docker kill mytinyweb3 && docker rm mytinyP ] Wweb3
[root@centos7-node1 ~]# dockL H [ 7 s g c ] 5er run --name my+ - # btinyweb3 -d --network bridge -p 80:80 -p 443:443 wanghui122725501/myimg:v0.4   #多端口映射

docker network操作

  • 常用命令
[root@centos7-node1 ~]# docker network --help
UsA } C / 8 Page:  docker network COMMAND
Manage networks
Commands:
connect     Connect a container to a network
create      Create a network
disconnect  Disconnect a container from a network
inspect     Display detailed infB J F @ z m [ormation on one or more networks
ls          List networks
prune       Remove all unused networks
rm          Remove one or more networks
  • 实践操作
[root@centos7-node1 ~]# docker info | grep Network    #可以支持创建的网络类型
Network: bridge host ipvlan macvlan null overlay
[root@centos7-nodX X c 2e1 ~]# docker network create --subnet 10.10.0.0/24 mybr0    #创建mybr0 网络
[root@centos7-node1 ~3 ~ M w v ] u]# docker run --name mytiR w Anyweb3 -itX j Y ^ : s --network mybr0 -p 80 -p 443 wanghui122725501/myimg:v0.4 /bin/sh    #创建容器并查看ip
/ # ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:0A:0A:00:02
inet addr:10.10.0.2  Bcast:10.10.0.255  Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX paY 2 C : T / )ckets:0 errors:0 dropped:0 o5 0 W verruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1032 (1.0 KiB)  TX bytes:0 (0.0 B)
[root@centos7-$ 8 anode1 ~]# docker network connect bridge mytinywe- A r & b : fb3    #另开终端,将mytinyweb3连入bridge(docker0: 172.17.0.0)网络
/ # ifconfig    #查看网络, f # z F 5 : o .,发现mytinywebj m D t P f3 有了两块网卡
eth0      L0 ] * 1 . tink encap:Ethernet  HWaddr 02:42:0A: 8 S ( p i k %0A:00:02
inet addr:10.10.0.2  Bcast:10.10.0.255  Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST  MT1 5 h * C b rU:1500  Metric:1
RX packets:8 errors:0 dropped:0 o= p 1 u W X Q S !verruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B)  TX bytes:0 (0.0 B)
eth1      Lint n bk encap:Ethernet  HWaddr 02:42:AC:11:00:06
inet addr:172.17.0.6  Bcast:172.17.255.255  Mask:255.255.0.0
UP BROADf x ~ qCAST RUNNING MUd [  ^ =LTICAST  MTU:1500  Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX paW } 8 E n h bckets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelenO ( o:0
RX bytes:656 (656.0 B)  TX bytes:0 (0.0 B)
[root@centos7-node1 ~]# docker network disconnect bridge mytinyweb3   #- w C c w % I去掉mytinyweb3的bridge网卡
[root@centos7-node1 ~]# docker kill mytinyweb3 &&a8 _ K U 4 O q  ;mp; docker rm mytinyweb3
[rootp . u ( | |@cec ` 6 : * G G antos7-node1 ~]# docker n7 h U p ` c ` ^etwork rmi ) m | B mybr0
[( ~ f M :root@centos7-# + P W ?nodK H re1 ~]# vim /et. . ` o 6 i + qc/docker/daemon.jsoM 5 } I an
{
"bip": "172.31.0.9 @ # @ `1/16",
"registry-mirrors": ["https://0b8hhs68.mirror.aliyuncs.com"],
"storage-driver": "overlay2",
"graph":"/data/docker",
"storage-opts": [
"overlay2.override_kernel_checE u j ; Zk=true"
]
}
[root@centosu T b d l V q W 77-node1 ~]# systemctl resD _ @ = 8 ) Rtart dock- E ~ _  x s 1er
[roo! j (t@centos7-node1 ~]# ifcon? 7 | 0 X + h Vfig
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
inet 172.31.0.1k 2 $ H = L ; X &  netmask 255.255.0.0  bc k = Y G ` q L Troadcast 172.31.255.255