49-Docker-网络管理及Compose单机多容器编排
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了49-Docker-网络管理及Compose单机多容器编排相关的知识,希望对你有一定的参考价值。
Docker安装后默认的网络设置
- Docker服务安装完成之后,默认在每个宿主机会生成一个名称为docker0的网卡其IP地址都是172.17.0.1/16
[root@ubuntu2204 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:df:99:92 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.200/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fedf:9992/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:23:4c:b7:1e brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
创建容器后的网络配置
- 每次新建容器后宿主机添加一个虚拟网卡,和容器的网卡组合成一个网卡,比如: 7: veth6ef893c@if6,而在容器内的网卡名为6: eth0@if7,可以看出和宿主机的网卡之间的关联
案例:
[root@ubuntu2204 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f6:07:67 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.202/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef6:767/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:3d:00:d5:6c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3dff:fe00:d56c/64 scope link
valid_lft forever preferred_lft forever
7: veth6ef893c@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 3e:71:3c:16:e0:16 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::3c71:3cff:fe16:e016/64 scope link
valid_lft forever preferred_lft forever
[root@ubuntu2204 ~]#docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
90aea87055d3 busybox:latest "tail -f /etc/hosts" 59 seconds ago Up 57 seconds docker-test1
[root@ubuntu2204 ~]#docker exec -it docker-test1 sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
- 每次新建容器容器会自动获取一个172.17.0.0/16网段的随机地址,默认从172.17.0.2开始分配给第1个容器使用,第2个容器为172.17.0.3,以此类推
案例:
[root@ubuntu2204 ~]#docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
90aea87055d3 busybox:latest "tail -f /etc/hosts" 6 minutes ago Up 6 minutes docker-test1
[root@ubuntu2204 ~]#docker run -d --name docker-test2 busybox:latest tail -f /etc/hosts
94d80db6d0191ce228b19ed4fe75aa7f173b9dffe188bb5eb83bd36116f00fd9
[root@ubuntu2204 ~]#docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
94d80db6d019 busybox:latest "tail -f /etc/hosts" 6 seconds ago Up 5 seconds docker-test2
90aea87055d3 busybox:latest "tail -f /etc/hosts" 7 minutes ago Up 7 minutes docker-test1
[root@ubuntu2204 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f6:07:67 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.202/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef6:767/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:3d:00:d5:6c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3dff:fe00:d56c/64 scope link
valid_lft forever preferred_lft forever
7: veth6ef893c@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 3e:71:3c:16:e0:16 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::3c71:3cff:fe16:e016/64 scope link
valid_lft forever preferred_lft forever
9: veth8b35f7a@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 1a:c7:b4:f0:b9:40 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::18c7:b4ff:fef0:b940/64 scope link
valid_lft forever preferred_lft forever
[root@ubuntu2204 ~]#docker exec -it docker-test2 sh
/ #
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
- 每次容器重启,网卡,网卡名称会变化,地址可能会发生地址变化
#重启容器然后建立新的网卡会发现原来的ip被新的容器占用
[root@ubuntu2204 ~]#docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
575cc8edb1a5 busybox:latest "tail -f /etc/hosts" 3 minutes ago Exited (137) 22 seconds ago docker-test4
64eb242aecaa busybox:latest "tail -f /etc/hosts" 3 minutes ago Exited (137) 22 seconds ago docker-test3
94d80db6d019 busybox:latest "tail -f /etc/hosts" 45 minutes ago Exited (137) 22 seconds ago docker-test2
90aea87055d3 busybox:latest "tail -f /etc/hosts" 53 minutes ago Exited (137) 22 seconds ago docker-test1
[root@ubuntu2204 ~]#docker run -d --name docker-test5 busybox:latest tail -f /etc/hosts
ff723d5aa3ad1ffe0cdcaf7ef4e2aab3321ce856e4f7090d8b0c3c9b9ebc366f
[root@ubuntu2204 ~]#docker run -d --name docker-test6 busybox:latest tail -f /etc/hosts
a51b6cf27acc0d4ace8929c72c010da4108bdea223ee8e91515ffd81c2cefb88
[root@ubuntu2204 ~]#docker exec -it docker-test5 sh
/ #
/ # hostname -i
172.17.0.2
/ # exit
[root@ubuntu2204 ~]#docker exec -it docker-test6 sh
/ #
/ # hostname -i
172.17.0.3
- 容器创建后
- 容器在宿主机的ID会作为容器的域名映射到容器内IP上
- 宿主机上的虚拟网卡会桥接到docker0的网卡上
- 容器停止后虚拟网卡会自动删除
#容器在宿主机的ID会作为容器的域名映射到容器内IP上
[root@ubuntu2204 ~]#docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
90aea87055d3 busybox:latest "tail -f /etc/hosts" 19 minutes ago Up 4 minutes docker-test1
[root@ubuntu2204 ~]#docker exec -it docker-test1 sh
/ #
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 90aea87055d3
/ #
#此时宿主机上的虚拟网卡会桥接到docker0的网卡上
[root@ubuntu2204 ~]#brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02423d00d56c no vethea0a56b
[root@ubuntu2204 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f6:07:67 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.202/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef6:767/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:3d:00:d5:6c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3dff:fe00:d56c/64 scope link
valid_lft forever preferred_lft forever
13: vethea0a56b@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether be:30:f6:9d:70:9e brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::bc30:f6ff:fe9d:709e/64 scope link
valid_lft forever preferred_lft forever
#容器停止后虚拟网卡会自动删除
[root@ubuntu2204 ~]#docker stop docker-test1
docker-test1
[root@ubuntu2204 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f6:07:67 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.202/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef6:767/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:3d:00:d5:6c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3dff:fe00:d56c/64 scope link
valid_lft forever preferred_lft forever
同一个宿主机的不同容器可相互通信
默认情况下
- 同一个宿主机的不同容器之间可以相互通信
- 不同宿主机之间的容器IP地址重复,默认不能相互通信
[root@ubuntu2204 ~]#docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
94d80db6d019 busybox:latest "tail -f /etc/hosts" 28 minutes ago Exited (137) 20 minutes ago docker-test2
90aea87055d3 busybox:latest "tail -f /etc/hosts" 35 minutes ago Exited (137) 10 minutes ago docker-test1
[root@ubuntu2204 ~]#docker start docker-test1
docker-test1
[root@ubuntu2204 ~]#docker start docker-test2
docker-test2
[root@ubuntu2204 ~]#docker exec -it docker-test1 sh
/ #
/ # ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.993 ms
64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.087 ms
^C
--- 172.17.0.3 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.087/0.540/0.993 ms
/ # exit
[root@ubuntu2204 ~]#docker exec -it docker-test2 sh
/ #
/ # ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.092 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.167 ms
64 bytes from 172.17.0.2: seq=2 ttl=64 time=0.129 ms
^C
--- 172.17.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.092/0.129/0.167 ms
/ # exit
案例:禁止同一个宿主机的不同容器间通信
#dockerd 的 --icc=false 选项可以禁止同一个宿主机的不同容器间通信
注意:如果设置了 "live-restore": true 重启docker-daemon 不关闭容器选项,需要提前关闭才会生效
[root@ubuntu2204 ~]#vim /lib/systemd/system/docker.service
[root@ubuntu2204 ~]#cat /lib/systemd/system/docker.service|grep ExecStart
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --icc=false
#创建两个容器,测试无法通信
[root@ubuntu2204 ~]#systemctl daemon-reload
[root@ubuntu2204 ~]#systemctl restart docker
[root@ubuntu2204 ~]#docker exec -it docker-test3 sh
Error response from daemon: Container 64eb242aecaad240f0acae6c63dff0f90572ef876f0b121038d21ac5c7d83f11 is not running
[root@ubuntu2204 ~]#docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
575cc8edb1a5 busybox:latest "tail -f /etc/hosts" 3 minutes ago Exited (137) 22 seconds ago docker-test4
64eb242aecaa busybox:latest "tail -f /etc/hosts" 3 minutes ago Exited (137) 22 seconds ago docker-test3
94d80db6d019 busybox:latest "tail -f /etc/hosts" 45 minutes ago Exited (137) 22 seconds ago docker-test2
90aea87055d3 busybox:latest "tail -f /etc/hosts" 53 minutes ago Exited (137) 22 seconds ago docker-test1
[root@ubuntu2204 ~]#docker run -d --name docker-test5 busybox:latest tail -f /etc/hosts
ff723d5aa3ad1ffe0cdcaf7ef4e2aab3321ce856e4f7090d8b0c3c9b9ebc366f
[root@ubuntu2204 ~]#docker run -d --name docker-test6 busybox:latest tail -f /etc/hosts
a51b6cf27acc0d4ace8929c72c010da4108bdea223ee8e91515ffd81c2cefb88
[root@ubuntu2204 ~]#docker exec -it docker-test5 sh
/ #
/ # hostname -i
172.17.0.2
/ # exit
[root@ubuntu2204 ~]#docker exec -it docker-test6 sh
/ #
/ # hostname -i
172.17.0.3
/ # ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
exit
^C
--- 172.17.0.2 ping statistics ---
9 packets transmitted, 0 packets received, 100% packet loss
/ # exit
[root@ubuntu2204 ~]#docker exec -it docker-test5 sh
/ #
/ # ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
^C
--- 172.17.0.3 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
/ # exit
修改默认docker0网桥的网络配置
默认docker后会自动生成一个docker0的网桥,使用的IP是172.17.0.1/16,可能和宿主机的网段发生冲突,可以将其修改为其它网段的地址,避免冲突
案例:将docker0的IP修改为指定IP
[root@ubuntu2204 ~]#vim /etc/docker/daemon.json
[root@ubuntu2204 ~]#cat /etc/docker/daemon.json |grep bip
"bip": "192.168.100.1/24",
#变更前
[root@ubuntu2204 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f6:07:67 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.202/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef6:767/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:3d:00:d5:6c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3dff:fe00:d56c/64 scope link
valid_lft forever preferred_lft forever
#变更后
[root@ubuntu2204 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f6:07:67 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.202/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef6:767/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:3d:00:d5:6c brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3dff:fe00:d56c/64 scope link
valid_lft forever preferred_lft forever
#方法2
[root@ubuntu2204 ~]#vim /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
--bip=192.168.100.1/24
[root@ubuntu2204 ~]#systemctl daemon-reload
[root@ubuntu2204 ~]#systemctl restart docker.service
#注意两种方法不可混用,否则将无法启动docker服务
修改默认网络设置使用自定义网桥
案例:用自定义的网桥代替默认的docker0
[root@ubuntu2204 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f6:07:67 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.202/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef6:767/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:3d:00:d5:6c brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3dff:fe00:d56c/64 scope link
valid_lft forever preferred_lft forever
#添加自定义网桥
[root@ubuntu2204 ~]#apt -y install bridge-utils
正在读取软件包列表... 完成
正在分析软件包的依赖关系树... 完成
正在读取状态信息... 完成
bridge-utils 已经是最新版 (1.7-1ubuntu3)。
bridge-utils 已设置为手动安装。
升级了 0 个软件包,新安装了 0 个软件包, 要卸载 0 个软件包,有 45 个软件包未被升级。
[root@ubuntu2204 ~]#brctl addbr br0
[root@ubuntu2204 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f6:07:67 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.202/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef6:767/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:3d:00:d5:6c brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3dff:fe00:d56c/64 scope link
valid_lft forever preferred_lft forever
30: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether fe:2d:a4:eb:ce:5f brd ff:ff:ff:ff:ff:ff
[root@ubuntu2204 ~]#ip a a 192.168.200.1/24 dev br0
[root@ubuntu2204 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f6:07:67 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.202/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef6:767/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:3d:00:d5:6c brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:3dff:fe00:d56c/64 scope link
valid_lft forever preferred_lft forever
30: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether fe:2d:a4:eb:ce:5f brd ff:ff:ff:ff:ff:ff
inet 192.168.200.1/24 scope global br0
valid_lft forever preferred_lft forever
[root@ubuntu2204 ~]#brctl show
bridge name bridge id STP enabled interfaces
br0 8000.fe2da4ebce5f no
docker0 8000.02423d00d56c no
#将容器网桥指定到自定义网桥上
[root@ubuntu2204 ~]#vim /lib/systemd/system/docker.service
[root@ubuntu2204 ~]#cat /lib/systemd/system/docker.service |grep ExecStart
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -b br0
[root@ubuntu2204systemctl daemon-reload
[root@ubuntu2204 ~]#systemctl restart docker
[root@ubuntu2204 ~]#ps -ef |grep dockerd
root 6024 1 0 12:59 ? 00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -b br0
root 6153 1630 0 13:00 pts/1 00:00:00 grep --color=auto dockerd
#验证
[root@ubuntu2204 ~]#docker start docker-test6
docker-test6
[root@ubuntu2204 ~]#docker exec -it docker-test6 sh
/ #
/ # hostname -i
192.168.200.2
/ #
容器名称互联
新建容器时,docker会自动分配容器名称,容器ID和IP地址,导致容器名称,容器ID和IP都不固定,要实现和确定目标容器的通信就需要给容器起个固定的名称,容器之间通过固定名称实现确定目标的通信
有两种固定名称:
- 容器名称
- 容器名称的别名
*注意: 两种方式都最少需要两个容器才能实现
应用场景:
- 在同一个宿主机上的容器之间可以通过自定义的容器名称相互访问,比如: 一个业务前端静态页面是使用nginx,动态页面使用的是tomcat,另外还需要负载均衡调度器,如: haproxy 对请求调度至nginx和tomcat的容器,由于容器在启动的时候其内部IP地址是DHCP 随机分配的,而给容器起个固定的名称,则是相对比较固定的,因此比较适用于此场景
*注意: 如果被引用的容器地址变化,必须重启当前容器才能生效
案例:使用容器名称进行容器间通信
#语法:
--link list #Add link to another container
格式:
docker run --name <容器名称> #先创建指定名称的容器
docker run --link <目标通信的容器ID或容器名称> #再创建容器时引用上面容器的名称
1. 先创建第一个指定容器名称的容器
[root@ubuntu2204 ~]#docker run -d --name server1 busybox:latest tail -f /etc/hosts
91a59ab63444f51bec0e7c429e6e4ef52ec34f3df72fbde3936fa79cfa74cad3
2. 新建第二个容器时引用第一个容器的名称
会自动将第一个主机的名称加入/etc/hosts文件,从而可以利用第一个容器名称进行访问
[root@ubuntu2204 ~]#docker run -it --name server2 --link server1 busybox:latest tail -f /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 server1 91a59ab63444
172.17.0.3 3b1148c960cf
[root@ubuntu2204 ~]#docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3b1148c960cf busybox:latest "tail -f /etc/hosts" 41 seconds ago Up 40 seconds server2
91a59ab63444 busybox:latest "tail -f /etc/hosts" 2 minutes ago Up 2 minutes server1
3. 容器内部用名称通信测试
server2 ping server1
[root@ubuntu2204 ~]#docker exec -it server2 sh
/ #
/ # hostname -i
172.17.0.3
/ # ping server1
PING server1 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.632 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.095 ms
64 bytes from 172.17.0.2: seq=2 ttl=64 time=0.109 ms
^C
--- server1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.095/0.278/0.632 ms
/ #
server1 ping server2
[root@ubuntu2204 ~]#docker exec -it server1 sh
/ #
/ # hostname -i
172.17.0.2
/ # ping server2
ping: bad address server2 --> 通信失败,server1并没有域名解析并内加入server2
*注意: 如果被引用的容器地址变化,必须重启当前容器才能生效
容器别名
*应用场景
- 自定义的容器名称可能后期会发生变化,那么一旦名称发生变化,容器内程序之间也必须要随之发生变化,比如:程序通过固定的容器名称进行服务调用,但是容器名称发生变化之后再使用之前的名称肯定是无法成功调用,每次都进行更改的话又比较麻烦,因此可以使用自定义别名的方式解决,即容器名称可以随意更改,只要不更改别名即可
案例:创建第三个容器,引用前面创建的容器,并起别名
#语法:
docker run --name <容器名称>
#先创建指定名称的容器
docker run --name <容器名称> --link <目标容器名称>:"<容器别名1> <容器别名2> ..."
#给上面创建的容器起别名,来创建新容器
[root@ubuntu2204 ~]#docker run -d --name server3 --link server1:server1-alias busybox:latest tail -f /etc/hosts
7076a8091b7d13f76c481ed5b6d532ac7dd17feaaa4013a1a469ffccfed77ba2
[root@ubuntu2204 ~]#docker exec -it server3 sh
/ #
/ # ping server1-alias
PING server1-alias (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.194 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.206 ms
^C
--- server1-alias ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.194/0.200/0.206 ms
/ #
*别名处理后即使容器的名称发生变化,通过别名依然可以找到该容器
综合案例:容器名称及别名实现同一宿主机 wordpress 和 MySQL 两个容器互连
[root@ubuntu2204 ~]#tree /data/dockerfile/
/data/dockerfile/
├── system
│ ├── alpine
│ │ ├── build.sh
│ │ └── Dockerfile
│ ├── centos
│ ├── debian
│ └── ubuntu
└── web
├── apache
├── jdk
├── nginx
│ └── 1.16.1-alpine
│ ├── build.sh
│ ├── Dockerfile
│ ├── index.html
│ ├── nginx-1.16.1.tar.gz
│ └── nginx.conf
└── tomcat
11 directories, 7 files
#准备配置文件
[root@ubuntu2204 ~]#cd /data/dockerfile/web/
[root@ubuntu2204 web]#mkdir -pv lamp_docker/mysql/
mkdir: 已创建目录 lamp_docker
mkdir: 已创建目录 lamp_docker/mysql/
[root@ubuntu2204 web]#vim lamp_docker/env_mysql.list
[root@ubuntu2204 web]#cat lamp_docker/env_mysql.list
MYSQL_ROOT_PASSWORD=123456
MYSQL_DATABASE=wordpress
MYSQL_USER=wpuser
MYSQL_PASSWORD=wppass
[root@ubuntu2204 web]#vim lamp_docker/env_wordpress.list
[root@ubuntu2204 web]#cat lamp_docker/env_wordpress.list
WORDPRESS_DB_HOST=mysql:3306
WORDPRESS_DB_NAME=wordpress
WORDPRESS_DB_USER=wpuser
WORDPRESS_DB_PASSWORD=wppass
WORDPRESS_TABLE_PREFIX=wp_
[root@ubuntu2204 web]#vim lamp_docker/mysql/mysql_test.cnf
[root@ubuntu2204 web]#cat lamp_docker/mysql/mysql_test.cnf
[mysqld]
server-id=200
log-bin=mysql-bin
[root@ubuntu2204 web]#tree lamp_docker/
lamp_docker/
├── env_mysql.list
├── env_wordpress.list
└── mysql
└── mysql_test.cnf
1 directory, 3 files
#拉取镜像
[root@ubuntu2204 web]#docker pull mysql
Using default tag: latest
[root@ubuntu2204 web]#docker pull wordpress
Using default tag: latest
[root@ubuntu2204 web]#docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wordpress latest fcd4967b9728 7 hours ago 615MB
mysql latest 7484689f290f 5 weeks ago 538MB
#运行容器
[root@ubuntu2204 ~]#docker run --name mysql -v /data/dockerfile/web/lamp_docker/mysql/:/etc/mysql/conf.d -v /data/mysql:/var/lib/mysql --env-file=/data/dockerfile/web/lamp_docker/env_mysql.list -d -p 3306:3306 mysql:latest
5b44ddd48a69c2f447f950859eba438890b03f15920f9826177bd9844c3461c2
[root@ubuntu2204 ~]#docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5b44ddd48a69 mysql:latest "docker-entrypoint.s…" 4 seconds ago Up 3 seconds 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp mysql
[root@ubuntu2204 ~]#docker run -d --name wordpress --link mysql -v /data/wordpress:/var/www/html/wp-content --env-file=/data/dockerfile/web/lamp_docker/env_wordpress.list -p 80:80 wordpress
2935c076a5ddc9b23164aa1bf7fbfb6c8e96cb4a80c6b57e71621c973f030913
[root@ubuntu2204 ~]#docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2935c076a5dd wordpress "docker-entrypoint.s…" 5 seconds ago Up 2 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp wordpress
5b44ddd48a69 mysql:latest "docker-entrypoint.s…" 49 seconds ago Up 48 seconds 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp mysql
[root@ubuntu2204 ~]#ss -nlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6010 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6011 0.0.0.0:*
LISTEN 0 4096 0.0.0.0:3306 0.0.0.0:*
LISTEN 0 4096 127.0.0.1:33327 11:docker-compose(单机版的容器编排工具)