docker學習(五)—— docker容器網路
阿新 • • 發佈:2019-01-01
ip netns管理網路名稱空間
檢視幫助:
[[email protected] ~]# ip netns help Usage: ip netns list ip netns add NAME ip netns set NAME NETNSID ip [-all] netns delete [NAME] ip netns identify [PID] ip netns pids NAME ip [-all] netns exec [NAME] cmd ... ip netns monitor ip netns list-id
建立兩個名稱空間:
[[email protected] ~]# ip netns add r1
[[email protected] ~]# ip netns add r2
[[email protected] ~]# ip netns list
r2
r1檢視這兩個ns的資訊(網絡卡未啟用需要加-a引數):
[[email protected] ~]# ip netns exec r1 ifconfig [[email protected] ~]# ip netns exec r1 ifconfig -a lo: flags=8<LOOPBACK> mtu 65536 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [[email protected] ~]# ip netns exec r2 ifconfig -a lo: flags=8<LOOPBACK> mtu 65536 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
建立網絡卡對
檢視幫助資訊:
[[email protected] ~]# ip link help
Usage: ip link add [link DEV] [ name ] NAME
[ txqueuelen PACKETS ]
[ address LLADDR ]
[ broadcast LLADDR ]
[ mtu MTU ] [index IDX ]
[ numtxqueues QUEUE_COUNT ]
[ numrxqueues QUEUE_COUNT ]
type TYPE [ ARGS ]
ip link delete { DEVICE | dev DEVICE | group DEVGROUP } type TYPE [ ARGS ]
ip link set { DEVICE | dev DEVICE | group DEVGROUP }
[ { up | down } ]
[ type TYPE ARGS ]
[ arp { on | off } ]
[ dynamic { on | off } ]
[ multicast { on | off } ]
[ allmulticast { on | off } ]
[ promisc { on | off } ]
[ trailers { on | off } ]
[ carrier { on | off } ]
[ txqueuelen PACKETS ]
[ name NEWNAME ]
[ address LLADDR ]
[ broadcast LLADDR ]
[ mtu MTU ]
[ netns { PID | NAME } ]
[ link-netnsid ID ]
[ alias NAME ]
[ vf NUM [ mac LLADDR ]
[ vlan VLANID [ qos VLAN-QOS ] [ proto VLAN-PROTO ] ]
[ rate TXRATE ]
[ max_tx_rate TXRATE ]
[ min_tx_rate TXRATE ]
[ spoofchk { on | off} ]
[ query_rss { on | off} ]
[ state { auto | enable | disable} ] ]
[ trust { on | off} ] ]
[ node_guid { eui64 } ]
[ port_guid { eui64 } ]
[ xdp { off |
object FILE [ section NAME ] [ verbose ] |
pinned FILE } ]
[ master DEVICE ][ vrf NAME ]
[ nomaster ]
[ addrgenmode { eui64 | none | stable_secret | random } ]
[ protodown { on | off } ]
ip link show [ DEVICE | group GROUP ] [up] [master DEV] [vrf NAME] [type TYPE]
ip link xstats type TYPE [ ARGS ]
ip link afstats [ dev DEVICE ]
ip link help [ TYPE ]
TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |
bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan |
gre | gretap | ip6gre | ip6gretap | vti | nlmon | team_slave |
bond_slave | ipvlan | geneve | bridge_slave | vrf | macsec }建立一對網絡卡,第一段名字為veth1.1,型別為veth,另一段名字為veth1.2:
如下面5和6:
[[email protected] ~]# ip link add name veth1.1 type veth peer name veth1.2
[[email protected] ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:be:8f:21 brd ff:ff:ff:ff:ff:ff
3: ens36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:be:8f:2b brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:3a:b1:0d:27 brd ff:ff:ff:ff:ff:ff
5: [email protected]: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 52:f9:d9:a2:a8:2b brd ff:ff:ff:ff:ff:ff
6: [email protected]: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 8a:9c:39:29:1c:6c brd ff:ff:ff:ff:ff:ff把veth1.2放到r1網路名稱空間中:
[[email protected] ~]# ip link set dev veth1.2 netns r1再次ip link show
[[email protected] ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:be:8f:21 brd ff:ff:ff:ff:ff:ff
3: ens36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:be:8f:2b brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:3a:b1:0d:27 brd ff:ff:ff:ff:ff:ff
6: [email protected]: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 8a:9c:39:29:1c:6c brd ff:ff:ff:ff:ff:ff link-netnsid 0ip netns exec r1 ifconfig
[[email protected] ~]# ip netns exec r1 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth1.2: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 52:f9:d9:a2:a8:2b txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0更改veth1.2網絡卡名字為eth0
[[email protected] ~]# ip netns exec r1 ip link set dev veth1.2 name eth0
[[email protected] ~]# ip netns exec r1 ifconfig -a
eth0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 52:f9:d9:a2:a8:2b txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0配置veth1.1的IP並激活它
[[email protected] ~]# ifconfig veth1.1 10.1.0.1/24 up
[[email protected] ~]# ifconfig veth1.1
veth1.1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.1.0.1 netmask 255.255.255.0 broadcast 10.1.0.255
ether 8a:9c:39:29:1c:6c txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0給r1的eth0網絡卡配置IP並激活
[[email protected] ~]# ip netns exec r1 ifconfig eth0 10.1.0.2/24 up
[[email protected] ~]# ip netns exec r1 ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.1.0.2 netmask 255.255.255.0 broadcast 10.1.0.255
inet6 fe80::50f9:d9ff:fea2:a82b prefixlen 64 scopeid 0x20<link>
ether 52:f9:d9:a2:a8:2b txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0在外面ping r1的ip
[[email protected] ~]# ping 10.1.0.2 -c3
PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data.
64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.093 ms
64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.043 ms
64 bytes from 10.1.0.2: icmp_seq=3 ttl=64 time=0.049 ms
--- 10.1.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.043/0.061/0.093/0.024 ms把veth1.1移動到r2上
[[email protected] ~]# ip link set dev veth1.1 netns r2
[[email protected] ~]# ip netns exec r2 ifconfig
[[email protected] ~]# ip netns exec r2 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth1.1: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 8a:9c:39:29:1c:6c txqueuelen 1000 (Ethernet)
RX packets 13 bytes 1026 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 1026 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0給veth1.1配置IP
[[email protected] ~]# ip netns exec r2 ifconfig veth1.1 10.1.0.3/24 up
[[email protected] ~]# ip netns exec r2 ifconfig
veth1.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.1.0.3 netmask 255.255.255.0 broadcast 10.1.0.255
inet6 fe80::889c:39ff:fe29:1c6c prefixlen 64 scopeid 0x20<link>
ether 8a:9c:39:29:1c:6c txqueuelen 1000 (Ethernet)
RX packets 13 bytes 1026 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 19 bytes 1534 (1.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0在r2上ping r1
[[email protected] ~]# ip netns exec r2 ping 10.1.0.2 -c2
PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data.
64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.144 ms
64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.040 ms
--- 10.1.0.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.040/0.092/0.144/0.052 ms建立一個封閉式網路,只有lo介面
--network選項 引數為none
t1
[[email protected] ~]# docker container run --name t1 --rm -it --network none busybox
/ # ifconfig -a
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)建立橋接式容器:
--network選項 引數為bridge
-h指定容器的主機名
[[email protected] ~]# docker container run --name t1 --rm -it -h t1.uscwifi.cn --network bridge busybox
/ # hostname
t1.uscwifi.cn
/ # ifconfig -a
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:04
inet addr:172.17.0.4 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)建立容器時指定dns
--name指定容器名字
--rm指定退出容器時即刪除容器
-it互動式方式進入
-h指定容器的hostname
--network指定容器的網路型別
--dns指定容器的dns
--dns-search指定容器dns的搜尋域
[[email protected] ~]# docker container run --name t1 --rm -it -h t1.uscwifi.cn --network bridge --dns 114.114.114.114 --dns-search uscwifi.cn busybox
/ # hostname
t1.uscwifi.cn
/ # cat /etc/resolv.conf
search uscwifi.cn
nameserver 114.114.114.114
/ # 建立容器時加入某條hosts解析:
使用--add-host
[[email protected] ~]# docker container run --name t1 --rm -it -h t1.uscwifi.cn --network bridge --dns 114.114.114.114 --dns-search uscwifi.cn --add-host uscwifi.cn:1.1.1.1 busybox
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
1.1.1.1 uscwifi.cn
172.17.0.4 t1.uscwifi.cn t1建立容器時暴露容器的埠:
- -p <containerPort>
- 將指定容器埠到物理機所有地址的一個動態埠
- -p <hostPort>:<containerPort>
- 將容器埠<containerPort>對映到指定的主機埠<hostPort>
- -p <hostIP>::<containerPort>
- -p <hostIP>:<hostPort>:<containerPort>
隨機暴露
[[email protected] ~]# docker container run --name t1 --rm -p 80 uscwifi/httpd:v0.2
...
新開shell
[[email protected] ~]# docker inspect t1 | grep ipaddress
[[email protected] ~]# docker inspect t1 | grep -i ipaddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.4",
"IPAddress": "172.17.0.4",
[[email protected] ~]# curl 172.17.0.4
<h1>Welcome to busybox!<h1>可以使用iptables -t nat -vnL或者docker ps檢視暴露的目標埠
[[email protected] ~]# docker port t1
80/tcp -> 0.0.0.0:32769
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cbb51165051f uscwifi/httpd:v0.2 "/bin/httpd -f -h /d…" 5 minutes ago Up 5 minutes 0.0.0.0:32768->80/tcp t1
[[email protected] ~]# curl localhost:32768
<h1>Welcome to busybox!<h1>將容器指定埠暴露在物理機指定地址的一個動態埠
[[email protected] ~]# docker container run --name t1 --rm -p 192.168.2.167::80 uscwifi/httpd:v0.2新開shell,測試
[[email protected] ~]# curl localhost:32768
curl: (7) Failed connect to localhost:32768; 拒絕連線
[[email protected] ~]# curl 192.168.2.167:32768
<h1>Welcome to busybox!<h1>將容器的80埠暴露在物理機所有地址的80埠
[[email protected] ~]# docker container run --name t1 --rm -p 80:80 uscwifi/httpd:v0.2新開shell,測試
t1
[[email protected] ~]# ss -ltunp | grep :80
tcp LISTEN 0 128 :::80 :::* users:(("docker-proxy",pid=18460,fd=4))
[[email protected] ~]# docker port t1
80/tcp -> 0.0.0.0:80
[[email protected] ~]# curl localhost:80
<h1>Welcome to busybox!<h1>同理,將容器80埠暴露在物理機指定地址的80埠:
[[email protected] ~]# docker container run --name t1 --rm -p 192.168.2.167:80:80 uscwifi/httpd:v0.2聯盟式網路:
建立t1容器:
[[email protected] ~]# docker container run --name t1 --rm uscwifi/httpd:v0.2新開shell,建立t2容器,指定網路為t1網路
[[email protected] ~]# docker container run --name t2 --network container:t1 --rm -it busybox兩個容器網絡卡IP一樣:
[[email protected] ~]# docker container run --name t2 --network container:t1 --rm -it busybox
/ # ifconfig eth0
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:04
inet addr:172.17.0.4 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:0 (0.0 B)
[[email protected] ~]# docker container run --name t1 -h t1 --rm -it busybox
/ # hostname
t1
/ # ifconfig eth0
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:04
inet addr:172.17.0.4 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:0 (0.0 B)建立開放式網路容器,容器與宿主機共享網路
[[email protected] ~]# docker container run --name t2 --network host --rm -it busybox
/ # ifconfig
docker0 Link encap:Ethernet HWaddr 02:42:2B:B1:12:FC
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:2bff:feb1:12fc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:67 errors:0 dropped:0 overruns:0 frame:0
TX packets:80 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7029 (6.8 KiB) TX bytes:6200 (6.0 KiB)
ens33 Link encap:Ethernet HWaddr 00:0C:29:AB:C9:4B
inet addr:192.168.183.167 Bcast:192.168.183.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feab:c94b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:283 errors:0 dropped:0 overruns:0 frame:0
TX packets:236 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:38585 (37.6 KiB) TX bytes:33422 (32.6 KiB)
......此時,直接執行nginx,就可以用物理機IP訪問了
自定義docker0橋的網路屬性資訊
[[email protected] ~]# vim /etc/docker/daemon.json
[[email protected] ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://7f28zkr3.mirror.aliyuncs.com"],
"bip":"10.0.0.1/16"
}
[[email protected] ~]# systemctl restart docker.service
[[email protected] ~]# ifconfig docker0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.0.0 broadcast 10.0.255.255
ether 02:42:3a:b1:0d:27 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0dockerd守護程序的C/S,其預設僅監聽Unix Socket格式的地址,/var/run/docker.sock,如果使用TCP套接字:
node1修改daemon.json檔案:
[[email protected] run]# vim /etc/docker/daemon.json
[[email protected] run]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://7f28zkr3.mirror.aliyuncs.com"],
"bip":"10.0.0.1/16",
"hosts":["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"]
}
[[email protected] run]# systemctl restart docker.service
[[email protected] run]# ss -ltunp | grep :2375
tcp LISTEN 0 128 :::2375 :::* users:(("dockerd",pid=14715,fd=5))node2去連線 :
[[email protected] ~]# docker -H 192.168.2.163:2375 ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[[email protected] ~]# docker -H 192.168.2.163:2375 images
REPOSITORY TAG IMAGE ID CREATED SIZE
uscwifi/httpd v0.2 a83a2c1ac8b3 7 hours ago 1.15MB
uscwifi/httpd v0.1-1 71e8e2f3a3a5 8 hours ago 1.15MBdocker網路的操作
幫助資訊:
[[email protected] ~]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run 'docker network COMMAND --help' for more information on a command.docker info中的網路型別:
[[email protected] ~]# docker info | grep -i network
Network: bridge host macvlan null overlay建立自定義的橋:
[[email protected] ~]# docker network create --help
Usage: docker network create [OPTIONS] NETWORK
Create a network
Options:
--attachable Enable manual container attachment
--aux-address map Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[])
--config-from string The network from which copying the configuration
--config-only Create a configuration only network
-d, --driver string Driver to manage the Network (default "bridge")
--gateway strings IPv4 or IPv6 Gateway for the master subnet
--ingress Create swarm routing-mesh network
--internal Restrict external access to the network
--ip-range strings Allocate container ip from a sub-range
--ipam-driver string IP Address Management Driver (default "default")
--ipam-opt map Set IPAM driver specific options (default map[])
--ipv6 Enable IPv6 networking
--label list Set metadata on a network
-o, --opt map Set driver specific options (default map[])
--scope string Control the network's scope
--subnet strings Subnet in CIDR format that represents a network segment建立一個自定義的docker橋,子網為172.26.0.1/24,閘道器為172.16.0.1,名字為mybr0
[[email protected] ~]# docker network create --subnet 172.26.0.0/24 --gateway 172.26.0.1 mybr0
a11c8e6fbeacc9d3260e84eca3408f6ae43e60c5130a21fe92fbebd0e4b5d587
[[email protected] ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
d0cc6c81036a bridge bridge local
3dcb447c7eaf host host local
a11c8e6fbeac mybr0 bridge local
70355c5e8a7a none null local使用mybr0建立一個容器:
[[email protected] ~]# docker container run -it --rm --network mybr0 busybox
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
b4a6e23922dd: Pull complete
Digest: sha256:8ccbac733d19c0dd4d70b4f0c1e12245b5fa3ad24758a11035ee505c629c0796
Status: Downloaded newer image for busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:1A:00:02
inet addr:172.26.0.2 Bcast:172.26.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1086 (1.0 KiB) TX bytes:0 (0.0 B)使用bridge橋建立第二個容器:
[[email protected] ~]# docker container run -it --rm --name t2 --network bridge busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:02
inet addr:10.0.0.2 Bcast:10.0.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1016 (1016.0 B) TX bytes:0 (0.0 B)容器t1要和t2通訊,開啟核心路由轉發,並:
參考:https://cloud.tencent.com/developer/article/1139755